last executing test programs:

23m16.705608125s ago: executing program 1 (id=2):
r0 = openat$comedi(0xffffff9c, &(0x7f0000000100)='/dev/comedi2\x00', 0x0, 0x0)
r1 = gettid()
timer_create(0xb, &(0x7f00000000c0)={0x0, 0x21, 0x800000000004, @tid=r1}, &(0x7f0000bbdffc)=<r2=>0x0)
timer_settime(r2, 0x0, &(0x7f0000000280)={{0x0, 0x3938700}, {0x0, 0x989680}}, 0x0)
mmap$IORING_OFF_SQ_RING(&(0x7f0000400000/0xc00000)=nil, 0xc00000, 0xb, 0x59032, 0xffffffffffffffff, 0x0)
r3 = userfaultfd(0x801)
socket$packet(0x11, 0x3, 0x300)
prlimit64(0x0, 0xe, &(0x7f0000000200)={0x8, 0x8a}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x2)
r4 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0)
r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0)
ioctl$KVM_CREATE_VCPU(r5, 0xae41, 0x0)
socket(0x840000000002, 0x3, 0xff)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0)
r6 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r6, &(0x7f0000019680)=""/102392, 0x18ff8)
socket(0xa, 0x5, 0x0)
socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
r7 = socket$inet6(0xa, 0x2, 0x3a)
connect$inet6(r7, &(0x7f0000000180)={0xa, 0x0, 0x6, @mcast2, 0x6}, 0x1c)
sendto$inet6(r7, &(0x7f0000000080)="800037bbfa9ba1ce", 0xffd8, 0x0, 0x0, 0x0)
setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x8, 0x0, 0x0)
syz_emit_ethernet(0x76, 0x0, 0x0)
ioctl$UFFDIO_API(r3, 0xc018aa3f, &(0x7f00000000c0))
ioctl$UFFDIO_REGISTER(r3, 0xc020aa00, &(0x7f0000000000)={{&(0x7f0000400000/0xc00000)=nil, 0xc00000}, 0x4})
ioctl$UFFDIO_COPY(r3, 0xc028aa03, &(0x7f0000000100)={&(0x7f0000800000/0x800000)=nil, &(0x7f0000339000/0x1000)=nil, 0x800000})
ioctl$COMEDI_DEVCONFIG(r0, 0x40946400, &(0x7f0000000140)={'comedi_bond\x00', [0x3, 0x2f, 0x80000001, 0x84e1, 0x2f, 0x2006, 0x6, 0x1, 0x80ffa, 0x0, 0x0, 0x8500, 0x1003, 0x1000003, 0x2, 0x10000, 0xffffffa8, 0x7ffffffd, 0x1ff, 0x9ed, 0x10, 0x3fffd, 0xc8000, 0x5, 0x746f, 0x8, 0x20005, 0x8, 0x0, 0x4, 0x7ffd]})

23m11.629598728s ago: executing program 1 (id=14):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
r0 = getpid()
sched_setscheduler(r0, 0x1, &(0x7f0000000100)=0x5)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000001480)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
prctl$PR_SET_TSC(0x1a, 0x1)
connect$unix(r1, &(0x7f00000004c0)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
r3 = socket$inet6(0xa, 0x80002, 0x0)
setsockopt$inet6_int(r3, 0x29, 0x19, &(0x7f0000000000)=0x84, 0xfde1)
sendto$inet6(r3, 0x0, 0x0, 0x200cc0c5, &(0x7f0000000080)={0xa, 0x4c20, 0x0, @mcast2}, 0x1c)
connect$inet6(r3, 0x0, 0x0)
sendto$inet6(r3, &(0x7f0000001cc0)="2501d77b330b7e73d6b1d1b8a473ff7420b4b43ce0861f000000714fa228ee1f5b48", 0xfffffffffffffe57, 0x8000, 0x0, 0x0)
recvmmsg(r3, &(0x7f0000002480)=[{{0x0, 0x0, 0x0}}], 0x1, 0x40002003, 0x0)
syz_mount_image$erofs(&(0x7f0000000000), &(0x7f00000001c0)='./file1\x00', 0x0, &(0x7f00000002c0)=ANY=[@ANYBLOB="00ea2eb34e7ea51c9446c55a2d1e0be39af9faf44ad59cb6ad1c94490d970e811439edddc71c9b18946b559ce53bee0a1abe562fc3f3898e5826eda1962cf6e3c4c0ade52151923a70b46eacfc1aaaebcf156e549e884bcabc1333f344f31cd30cd93cb2814e0dbc24a7a107e295e86e09283c825fe177c89c6385f68f2c843cffffffff15539bab6142ceed9265ba989d1a283fc4ffc83f3a7a6c746823e656ad78f3b5a336cdbd83dad59e0debb36b4ea5e658e253f01637cc03f704a08019f95b92fffffffff8dd21552d6967ab1b01e5d52a5793eb179deee4572770a5197127b090287bca2a4eaa1705b42c16968d0201d3ba3cc8000000657ea095f152b1b6a1e6ad8d24ad17f649ccc23d4ecbcdb5620cc48f95f563c2230f859d196e6c4f00b8e3a7b01fcb1d79dcc09b7a854ec8c31dd27ff9b4a2864e1dcaf719d20b56769d51228ecc1915fb8c8b598c11b3c296b05f9c5355fc6f19a7b28f5ae9a0d0804ccc5716cfac0246ddffa2f12077a02a959aa1b74373c38b2bcc90743b80666eae25dea73e127263b8fdbc64fe862b994ca8473d0000000000000000", @ANYRESHEX=0x0], 0x1, 0x194, &(0x7f0000000640)="$eJzsmD9P+kAYx7/X8if88ktw1UUTScDB0hY1MjgwO2ii0bhJpBK0iIEOwGZ8Ec6+AmfiwvvQQZ0cxM3Joebawx4oYuI/jM9neO57dw/Hc0+Tb5OCIIg/y831w9VZMhHj+j8SiIr1WzXIUaT8Vvxx5qK0cn6i31+22svZ/vMYANd9//+HALRzKhwxd93eXyfEuA6lq8Py/iYYNKG3oWBDaAsMW0LvSbrC8zVtt2Rb2k7FLnCh82DwYPKQ6a+vc8RQkOpj0n6t0dzP27ZV/UIxrH+dnIIlqT75eXV7owf9gwEFhtAZMKwJvYhotzd+S6T7T4SC89Vvvv/vFuPxITlhjEqpJD5BMHBxFwNGo56fEoE/uacMScmfQpJ/pJ3yYbrWaM6WyvmiVbQOTDOzoM/p+ryZ9ozIj2/4X8zzp3/S+eEBuREWQT3vOFXDj89zsx6FUzVfc9yI538KUtN+1UysyXjvgzE2xYeUChwPrJYgCIIgCIIgCIIgCIIgCOIjTIJ5X0F7yL5YMle97KcAAAD//5Z1cak=")
r4 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file2\x00', 0x80000, 0x0)
read(r4, &(0x7f0000000200)=""/189, 0xbd)
read$FUSE(r4, &(0x7f0000003f00)={0x2020}, 0x2020)
r5 = syz_open_procfs(0x0, &(0x7f0000000080)='smaps\x00')
preadv(r5, &(0x7f00000000c0)=[{&(0x7f0000000640)=""/4112, 0x1010}], 0x1, 0x4000, 0x0)
setgroups(0x0, 0x0)
setreuid(0xee01, 0x0)
r6 = openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0)
fcntl$lock(r6, 0x26, 0x0)
fcntl$lock(r6, 0x26, 0x0)

23m10.055162512s ago: executing program 1 (id=17):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x7, 0x100}, 0x0)
bpf$BPF_GET_MAP_INFO(0xf, 0x0, 0x0)
r0 = socket(0x10, 0x3, 0x0)
sendmsg$MPTCP_PM_CMD_REMOVE(r0, 0x0, 0x4)
setsockopt$netlink_NETLINK_TX_RING(r0, 0x10e, 0xc, &(0x7f0000000180)={0x7ffffffc, 0xfff}, 0x10)
sendmsg$nl_route(r0, 0x0, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r1 = getpid()
sched_setscheduler(r1, 0x1, &(0x7f00000000c0)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f04ebbeee, 0x8031, 0xffffffffffffffff, 0x2000)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r4 = syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10)
write(r4, &(0x7f0000000240)="14000000140005b7ffccca38b9000000060860eb", 0x14)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
r5 = syz_open_dev$vim2m(&(0x7f0000000280), 0x7fffffffffffffff, 0x2)
ioctl$vim2m_VIDIOC_S_CTRL(r5, 0xc008561c, &(0x7f0000000000)={0x980914, 0x8})
r6 = socket$inet6(0xa, 0x2, 0x0)
ioctl$sock_SIOCGIFINDEX(r6, 0x8933, &(0x7f0000000040)={'sit0\x00', <r7=>0x0})
ioctl$sock_inet6_SIOCSIFDSTADDR(r6, 0x8918, &(0x7f0000000080)={@loopback={0x0, 0x3fc}, 0x0, r7})
setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(0xffffffffffffffff, 0x84, 0x9, &(0x7f0000001d80)={0x0, @in6={{0xa, 0x4e23, 0x6, @empty, 0x6}}, 0x7f, 0x2, 0x0, 0x5, 0xe6eedc45313651a9, 0x94, 0x1}, 0x9c)
getsockopt$inet_sctp_SCTP_STREAM_SCHEDULER(r0, 0x84, 0x7b, &(0x7f0000000040)={<r8=>0x0, 0x6}, 0x0)
setsockopt$inet_sctp6_SCTP_ADD_STREAMS(0xffffffffffffffff, 0x84, 0x79, &(0x7f00000001c0)={r8, 0x4, 0x7}, 0x8)
r9 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_CREATE(r9, &(0x7f0000000000)={0x0, 0x0, 0x0}, 0x0)
clock_nanosleep(0x9, 0x0, &(0x7f0000000080)={0x0, 0x3938700}, 0x0)

23m7.291373624s ago: executing program 1 (id=18):
r0 = socket$inet(0x2, 0x4000000000000001, 0x0)
setsockopt$inet_tcp_int(r0, 0x6, 0x80000000000002, &(0x7f00000000c0)=0x6a, 0x4)
connect$inet(r0, &(0x7f0000000000)={0x2, 0x4e20, @remote}, 0x10)
r1 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0xc, 0x0)
ioctl$SECCOMP_IOCTL_NOTIF_ID_VALID(r1, 0x40082102, &(0x7f0000000040))
r2 = socket$nl_generic(0x10, 0x3, 0x10)
fanotify_init(0x4, 0x800)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r3 = getpid()
sched_setscheduler(r3, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
connect$unix(r4, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r5, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r4, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
bpf$PROG_LOAD(0x5, &(0x7f00000017c0)={0x1, 0xe, &(0x7f0000000780)=ANY=[@ANYBLOB="b70000008100003bbfa30000000000000703000000feffff720af0fff8ffffff71a4f0ff0000000071102c00000000001d400500000000004704000001ed00000f030000000000002c440000000000006b0a00fe000000007203000000000000b5000000000000009500000000000000023bc065b58111c6dfa041b63af4a3912435f1a864a710aad58db6a693002e7f3be361917adef6ee1c8a2a4f8ef1e50becb19bc461e91a7168c50000000190f32050e436fe275daf51efd601b6bf01c8e8b1b526375ec4dd6fcd82e4fee5bef7af9aa0d7d600c095199fe3ff3128e599b0eaebbdbd732c9cc00eec363e4a8f6456e2cc21557c0afc646c0200000000000000020000e35208b0bb0d2cd829e654400e2438ec649dc76128610643a98d9ec21ead2ed51b104d4d91af25b845d8a7925c3109b151b8b9f75dd08d123deda82fc9c4d7ecc7a803bf28bf7076c15b463bebc72f526d8e8afcb913466aaa7f6df70252e79166d858fcd0e06dd31af9612f2460d0b11008e59a5923906f88b53987ad1714f62ba7a54f0c33d39000d0bfed3a6a59ff616236fd8f2477184b6a89adaf17b0a6041bdef728d236619074d6ebdfd1f5089048ddff6da40f9411fe722631cb467600ade70063e5291569b33d21dae356e1c51f03a801be8189679a16da18ec0ae564162a27afea62d84f3a107464ffffff7f00000000617d419c6bc6ea9f2bca4464f56e24e6d2105bd901204a1deeed4155617572652d950ad31928b0b0c3dc2869f478341d02d0f5ad94b081fcd507acb4b9c65fee9d5a17f48a7382f13d000000225d85ae49cee383dc5049076b989b40000000000000da60d2ae20cfb91d6a49964757cdf538f9ce2bdb1ab062cd54e67011d355d84ce963b0c6b4a595e487efbb2d71cde2c140952f9a0f0bc6980fe78683ac5c0c31032599ddd71063be9261b2e1aab1675b34a22048ef8c126aeef5f510a8f1aded94a129e4aec6f8d9ab06fa2e04cfe0649226c697d9e8eaade69d0540059fe6c7fe7cd8697502c7596566d674e425da5e87e59602a9f6590521d31d3804b3e0a1053abdc31282dfb15eb6841bb64a1b304502dda787343ce3c953992e4a982f3c48153baae244e7bf37548c7f1a4cad2422ee965a38f7defbd2160242b104e20dc2d9b0c35608d402ccdd9069bd50b994fda7a9de44028d6112a0c2d21b2dc98816106dec28eaeb883418f562ae00023ea96d10f172c0374d6eed826416050000000bfe9b4a9c5a90ff59d54d1f92ecc4e95dd2d18383117c039862198899b212c55318294270a1ad10c80fef7c24d47afce829ba0f85da6d888f18ea40ab959f6074ab2a40d85d15017ab513cdc6c0e57fb1c1ca571380d7b4ead35a385e0b4a26b702396df7e0c1e02b6e4114f244a9bf93f04bf072f0861f7580e69db384ac7eeedcf2ba1a9508f9d6aba582a896a9f1ffa968eacea75caf822a7a63ba34015ea5aacb1188883ad2a3b1832371fe5bc621426d1ed0a4a99702cc1b6912a1e717d29135753208165b9cdbae2ed9dc7358f0ebadde0b727f27feeb744ddcc536cbae315c7d1fe1399562ba6824840bd2951680f6f2f9a6a8346962a350845ffa0d829e4f79adc287906943408e6df3c391e97ba48db0a5adbfd03aac93df8866fb010aec0e92bed1fe39af169d2a466f0db6f3d9436a7d55fc30511d00000000c95265b2bd83d64a532869d701723fedcbada1ee7baa5b6a686b50f0937f778af083e055f6138a757ebd0ed91124a6b244f9acf41ac5d73a008364e0606a594817031fc2f52c8785fe0721719b3d654026c6ea08b83b123145ab5703dad844ceb201ddeb6dc5f6a903792283c42efc54fa84323afc4c10eff462c8843187f1dd48ef3fa293774d582956ff0f40b10ca94f6feeb2893c17888e1cdba94a6ea80c33ead5722c3293a493f1479531dd88f15efaaeea831555877f9538d6ee6ba65893ff1f908ba7554ba583fef3ec7932f5954f31a878e2fae6691d1aee1da02ba516467df3e7d1daac43738012e4fee18a22da19fcdb4c2890cda1f96b952511e3a69d694d625e0b2f808890205f3a6da2819d2f9e77c7c64affa54fec0136cbafa5f6f096753b639a924599c1f69219927ea5301fff0a6063d427f0688430754c02180d61542c2571f983e9673560000000000000000005a7b57f03ca91a01ba2e30ca99e8ebc15ecb4d91675767999d146aef7799738b292fd640dfef6b04d086f737a159d7e0c6e4d81ad64a8bbca48568325b2969e2b15f36b788bce5ccdbaf75c94cb93499f6947a967a7bce14c6de4e7c0660d80010f5c653d22d49030a8c2a4ab595bf4238f18ca428dafc7ac96d404607a0000000051a2104f22e6db5a62b5089c1b45282d38864daa3ae81d6b0968d1d2867b91b7d120617d12d91db2633d6864da40fc5d2f55ff07c53147de202ce517b54783a17aaeb6737c323f9f98e354cc98dcfe23ad01bd1c61563e69ffe1c2c73e1661061173f359e9052a4cecd89008f70314a0bdd491ec86a4555d89fe0120f64c62e8e3ed8bcb45202c3d4bbec8d722824c0ebca8db1ea4a003d2fbdc1f9be78537756ab5bbe4fe9af5d785d0128171c90d9900ce2532b0f9d01c4b45294fbba468df3e1b393cb4e62e754598e47df6bd06431c94bc5d047899fd219f448bf9189c65c9d91eda6b52a373803a9efe44f86909bc90addb7b9aee813df534aac4b3093c91b8068cd84990453f006694d461b76a58d88cf0f520310a1e9fdc18cde98d662eee077515d0a8811922929e085392ab3d1311b8243266d87047f601fa88a0da36b9f302e8262395174328f2482d14008de83070744f143fdec90ba5a82668d5fac114c13955ad6dca5db2231d8ba14c54c47ed04a4b4ace17e357e1d6432399f87a7a14245bbd796a09313b247b95d37ff40a404bdad74bd20000000000000000000099fef7cd7af3ce64a92f95d89d125b1e641240d7e5e27a3d1f7684448c3e3822d617e205061298b939a191be4b48e169bde2cae3accc5bd40a2968b59c93d35f8e42366fdef9a2abae1cf01ce68abff26b61aac8aaa54ebbcefd23f21ce8153b9926e12e925cb56119df72c7533a48d028ad0c74e2a9478fa3be18a1a2b65079cc1c7bc46dd12305a1ae9dd19e8d525206c0a728cfd42193abe8130bc01a2d69841f3d7799ac04bdc590bb1c89b9c695f163e57343c9bfb59909433c9001c5f8b23e26534a538fc933cac6c2a92d038df638a0f226df9fb857bd414c2cd69985e8053e3dfa41614d7c74d04d8c2471041d17c730fad28395f8d4688898cd58b9d600c851626529bb58aa364b55e73f053450665e7b94ad1012fd7a8139166fd5e59c84f4ab279b1b99c028db4cb9680c8035f967db18de738844da7e260a830c1ffa49f5af3c3f000000315acb82a3e89218cb314e68fda4d94aa1d815babc13b9fd336dfaa6d5d164301190bc2d4c04087729033342045804a28082abc3b47623028271722fb515f31e0dd115a292f1e68481a62cd15ea5460a29c60b1058fb7aa9bf4ee3cbe11b03711a15d730646b72d074dab1e8c429339f3460d324c17a4a8bfc7d7eab45bef00664d6dc823000"], &(0x7f00000001c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8, 0x10, &(0x7f0000000000), 0x10}, 0x94)
r6 = socket$inet6_tcp(0xa, 0x1, 0x0)
bind$inet6(r6, &(0x7f0000000040)={0xa, 0x2, 0x0, @loopback, 0x7}, 0x1c)
r7 = bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f0000000740)={0x3, 0x4, 0x4, 0xa, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x4}, 0x50)
bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x3, 0x8, &(0x7f0000000940)=@framed={{0x18, 0x7}, [@tail_call={{0x18, 0x2, 0x1, 0x0, r7}, {0x7, 0x0, 0xb, 0x3, 0x0, 0x0, 0x100000}}]}, &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sched_cls, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
sendto$inet6(r6, 0x0, 0x0, 0x24008000, &(0x7f00000001c0)={0xa, 0x2, 0x20398, @empty, 0xffffffff}, 0x1c)
setsockopt$inet6_tcp_TCP_CONGESTION(r6, 0x6, 0xd, &(0x7f0000000080)='vegas', 0x5)
shutdown(r6, 0x1)
r8 = syz_genetlink_get_family_id$batadv(&(0x7f0000000400), 0xffffffffffffffff)
ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r2, 0x8933, &(0x7f0000000440)={'batadv0\x00', <r9=>0x0})
sendmsg$BATADV_CMD_SET_MESH(r2, &(0x7f0000000540)={0x0, 0x0, &(0x7f0000000500)={&(0x7f0000000280)=ANY=[@ANYBLOB=',\x00\x00\x00', @ANYRES16=r8, @ANYBLOB="010028bd7040010000000f00000005002e000000000008000300", @ANYRES32=r9, @ANYBLOB="05002f0000001a9b428edacb7e61f2000000"], 0x2c}}, 0x18)

22m53.884898198s ago: executing program 32 (id=18):
r0 = socket$inet(0x2, 0x4000000000000001, 0x0)
setsockopt$inet_tcp_int(r0, 0x6, 0x80000000000002, &(0x7f00000000c0)=0x6a, 0x4)
connect$inet(r0, &(0x7f0000000000)={0x2, 0x4e20, @remote}, 0x10)
r1 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0xc, 0x0)
ioctl$SECCOMP_IOCTL_NOTIF_ID_VALID(r1, 0x40082102, &(0x7f0000000040))
r2 = socket$nl_generic(0x10, 0x3, 0x10)
fanotify_init(0x4, 0x800)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r3 = getpid()
sched_setscheduler(r3, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
connect$unix(r4, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r5, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r4, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
bpf$PROG_LOAD(0x5, &(0x7f00000017c0)={0x1, 0xe, &(0x7f0000000780)=ANY=[@ANYBLOB="b70000008100003bbfa30000000000000703000000feffff720af0fff8ffffff71a4f0ff0000000071102c00000000001d400500000000004704000001ed00000f030000000000002c440000000000006b0a00fe000000007203000000000000b5000000000000009500000000000000023bc065b58111c6dfa041b63af4a3912435f1a864a710aad58db6a693002e7f3be361917adef6ee1c8a2a4f8ef1e50becb19bc461e91a7168c50000000190f32050e436fe275daf51efd601b6bf01c8e8b1b526375ec4dd6fcd82e4fee5bef7af9aa0d7d600c095199fe3ff3128e599b0eaebbdbd732c9cc00eec363e4a8f6456e2cc21557c0afc646c0200000000000000020000e35208b0bb0d2cd829e654400e2438ec649dc76128610643a98d9ec21ead2ed51b104d4d91af25b845d8a7925c3109b151b8b9f75dd08d123deda82fc9c4d7ecc7a803bf28bf7076c15b463bebc72f526d8e8afcb913466aaa7f6df70252e79166d858fcd0e06dd31af9612f2460d0b11008e59a5923906f88b53987ad1714f62ba7a54f0c33d39000d0bfed3a6a59ff616236fd8f2477184b6a89adaf17b0a6041bdef728d236619074d6ebdfd1f5089048ddff6da40f9411fe722631cb467600ade70063e5291569b33d21dae356e1c51f03a801be8189679a16da18ec0ae564162a27afea62d84f3a107464ffffff7f00000000617d419c6bc6ea9f2bca4464f56e24e6d2105bd901204a1deeed4155617572652d950ad31928b0b0c3dc2869f478341d02d0f5ad94b081fcd507acb4b9c65fee9d5a17f48a7382f13d000000225d85ae49cee383dc5049076b989b40000000000000da60d2ae20cfb91d6a49964757cdf538f9ce2bdb1ab062cd54e67011d355d84ce963b0c6b4a595e487efbb2d71cde2c140952f9a0f0bc6980fe78683ac5c0c31032599ddd71063be9261b2e1aab1675b34a22048ef8c126aeef5f510a8f1aded94a129e4aec6f8d9ab06fa2e04cfe0649226c697d9e8eaade69d0540059fe6c7fe7cd8697502c7596566d674e425da5e87e59602a9f6590521d31d3804b3e0a1053abdc31282dfb15eb6841bb64a1b304502dda787343ce3c953992e4a982f3c48153baae244e7bf37548c7f1a4cad2422ee965a38f7defbd2160242b104e20dc2d9b0c35608d402ccdd9069bd50b994fda7a9de44028d6112a0c2d21b2dc98816106dec28eaeb883418f562ae00023ea96d10f172c0374d6eed826416050000000bfe9b4a9c5a90ff59d54d1f92ecc4e95dd2d18383117c039862198899b212c55318294270a1ad10c80fef7c24d47afce829ba0f85da6d888f18ea40ab959f6074ab2a40d85d15017ab513cdc6c0e57fb1c1ca571380d7b4ead35a385e0b4a26b702396df7e0c1e02b6e4114f244a9bf93f04bf072f0861f7580e69db384ac7eeedcf2ba1a9508f9d6aba582a896a9f1ffa968eacea75caf822a7a63ba34015ea5aacb1188883ad2a3b1832371fe5bc621426d1ed0a4a99702cc1b6912a1e717d29135753208165b9cdbae2ed9dc7358f0ebadde0b727f27feeb744ddcc536cbae315c7d1fe1399562ba6824840bd2951680f6f2f9a6a8346962a350845ffa0d829e4f79adc287906943408e6df3c391e97ba48db0a5adbfd03aac93df8866fb010aec0e92bed1fe39af169d2a466f0db6f3d9436a7d55fc30511d00000000c95265b2bd83d64a532869d701723fedcbada1ee7baa5b6a686b50f0937f778af083e055f6138a757ebd0ed91124a6b244f9acf41ac5d73a008364e0606a594817031fc2f52c8785fe0721719b3d654026c6ea08b83b123145ab5703dad844ceb201ddeb6dc5f6a903792283c42efc54fa84323afc4c10eff462c8843187f1dd48ef3fa293774d582956ff0f40b10ca94f6feeb2893c17888e1cdba94a6ea80c33ead5722c3293a493f1479531dd88f15efaaeea831555877f9538d6ee6ba65893ff1f908ba7554ba583fef3ec7932f5954f31a878e2fae6691d1aee1da02ba516467df3e7d1daac43738012e4fee18a22da19fcdb4c2890cda1f96b952511e3a69d694d625e0b2f808890205f3a6da2819d2f9e77c7c64affa54fec0136cbafa5f6f096753b639a924599c1f69219927ea5301fff0a6063d427f0688430754c02180d61542c2571f983e9673560000000000000000005a7b57f03ca91a01ba2e30ca99e8ebc15ecb4d91675767999d146aef7799738b292fd640dfef6b04d086f737a159d7e0c6e4d81ad64a8bbca48568325b2969e2b15f36b788bce5ccdbaf75c94cb93499f6947a967a7bce14c6de4e7c0660d80010f5c653d22d49030a8c2a4ab595bf4238f18ca428dafc7ac96d404607a0000000051a2104f22e6db5a62b5089c1b45282d38864daa3ae81d6b0968d1d2867b91b7d120617d12d91db2633d6864da40fc5d2f55ff07c53147de202ce517b54783a17aaeb6737c323f9f98e354cc98dcfe23ad01bd1c61563e69ffe1c2c73e1661061173f359e9052a4cecd89008f70314a0bdd491ec86a4555d89fe0120f64c62e8e3ed8bcb45202c3d4bbec8d722824c0ebca8db1ea4a003d2fbdc1f9be78537756ab5bbe4fe9af5d785d0128171c90d9900ce2532b0f9d01c4b45294fbba468df3e1b393cb4e62e754598e47df6bd06431c94bc5d047899fd219f448bf9189c65c9d91eda6b52a373803a9efe44f86909bc90addb7b9aee813df534aac4b3093c91b8068cd84990453f006694d461b76a58d88cf0f520310a1e9fdc18cde98d662eee077515d0a8811922929e085392ab3d1311b8243266d87047f601fa88a0da36b9f302e8262395174328f2482d14008de83070744f143fdec90ba5a82668d5fac114c13955ad6dca5db2231d8ba14c54c47ed04a4b4ace17e357e1d6432399f87a7a14245bbd796a09313b247b95d37ff40a404bdad74bd20000000000000000000099fef7cd7af3ce64a92f95d89d125b1e641240d7e5e27a3d1f7684448c3e3822d617e205061298b939a191be4b48e169bde2cae3accc5bd40a2968b59c93d35f8e42366fdef9a2abae1cf01ce68abff26b61aac8aaa54ebbcefd23f21ce8153b9926e12e925cb56119df72c7533a48d028ad0c74e2a9478fa3be18a1a2b65079cc1c7bc46dd12305a1ae9dd19e8d525206c0a728cfd42193abe8130bc01a2d69841f3d7799ac04bdc590bb1c89b9c695f163e57343c9bfb59909433c9001c5f8b23e26534a538fc933cac6c2a92d038df638a0f226df9fb857bd414c2cd69985e8053e3dfa41614d7c74d04d8c2471041d17c730fad28395f8d4688898cd58b9d600c851626529bb58aa364b55e73f053450665e7b94ad1012fd7a8139166fd5e59c84f4ab279b1b99c028db4cb9680c8035f967db18de738844da7e260a830c1ffa49f5af3c3f000000315acb82a3e89218cb314e68fda4d94aa1d815babc13b9fd336dfaa6d5d164301190bc2d4c04087729033342045804a28082abc3b47623028271722fb515f31e0dd115a292f1e68481a62cd15ea5460a29c60b1058fb7aa9bf4ee3cbe11b03711a15d730646b72d074dab1e8c429339f3460d324c17a4a8bfc7d7eab45bef00664d6dc823000"], &(0x7f00000001c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8, 0x10, &(0x7f0000000000), 0x10}, 0x94)
r6 = socket$inet6_tcp(0xa, 0x1, 0x0)
bind$inet6(r6, &(0x7f0000000040)={0xa, 0x2, 0x0, @loopback, 0x7}, 0x1c)
r7 = bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f0000000740)={0x3, 0x4, 0x4, 0xa, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x4}, 0x50)
bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x3, 0x8, &(0x7f0000000940)=@framed={{0x18, 0x7}, [@tail_call={{0x18, 0x2, 0x1, 0x0, r7}, {0x7, 0x0, 0xb, 0x3, 0x0, 0x0, 0x100000}}]}, &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sched_cls, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
sendto$inet6(r6, 0x0, 0x0, 0x24008000, &(0x7f00000001c0)={0xa, 0x2, 0x20398, @empty, 0xffffffff}, 0x1c)
setsockopt$inet6_tcp_TCP_CONGESTION(r6, 0x6, 0xd, &(0x7f0000000080)='vegas', 0x5)
shutdown(r6, 0x1)
r8 = syz_genetlink_get_family_id$batadv(&(0x7f0000000400), 0xffffffffffffffff)
ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r2, 0x8933, &(0x7f0000000440)={'batadv0\x00', <r9=>0x0})
sendmsg$BATADV_CMD_SET_MESH(r2, &(0x7f0000000540)={0x0, 0x0, &(0x7f0000000500)={&(0x7f0000000280)=ANY=[@ANYBLOB=',\x00\x00\x00', @ANYRES16=r8, @ANYBLOB="010028bd7040010000000f00000005002e000000000008000300", @ANYRES32=r9, @ANYBLOB="05002f0000001a9b428edacb7e61f2000000"], 0x2c}}, 0x18)

20m3.00986153s ago: executing program 0 (id=257):
gettid()
r0 = socket$kcm(0xa, 0x1, 0x106)
sendmsg$kcm(r0, &(0x7f0000000780)={&(0x7f0000000000)=@in6={0xa, 0xfffe, 0x0, @ipv4={'\x00', '\xff\xff', @remote}, 0x2}, 0x80, 0x0}, 0xe07e872420dfefca)
r1 = socket$kcm(0x10, 0x2, 0x4)
sendmsg$inet(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000580)=[{0x0}, {&(0x7f0000000680)="ffaf", 0x2}], 0x2, 0x0, 0x0, 0x1f00c00e}, 0x4080)
bind$llc(0xffffffffffffffff, &(0x7f0000000000)={0x1a, 0x0, 0x0, 0x0, 0x81, 0x42}, 0x10)
socket$inet_mptcp(0x2, 0x1, 0x106)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x5)
r2 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r2, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000380)={&(0x7f00000007c0)=ANY=[], 0x14c}}, 0x90)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r3 = syz_open_dev$MSR(&(0x7f0000000240), 0x0, 0x0)
read$msr(r3, &(0x7f0000019680)=""/102392, 0x18ff8)
r4 = getpgrp(0xffffffffffffffff)
kcmp(r4, r4, 0x1, 0xffffffffffffffff, 0xffffffffffffffff)
waitid(0x2, 0x0, &(0x7f0000000600), 0x2, &(0x7f0000000080))
mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x2, 0x4c831, 0xffffffffffffffff, 0x0)
madvise(&(0x7f0000400000/0xc00000)=nil, 0xc00000, 0x18)
r5 = syz_kvm_setup_syzos_vm$x86(0xffffffffffffffff, &(0x7f00004b2000/0x400000)=nil)
ioctl$XFS_IOC_FD_TO_HANDLE(r1, 0xc038586a, &(0x7f0000000500)={<r6=>r0, &(0x7f00000005c0)='\n^}\x00', 0x309002, &(0x7f0000000440)={@align=0x10000, {0x3487, 0xdf7f, 0x10, 0x3}}, 0x40000008, &(0x7f0000000480)={@_ha_fsid}, &(0x7f00000004c0)=0x1})
move_mount(0xffffffffffffff9c, &(0x7f00000001c0)='./file0\x00', r6, &(0x7f0000000540)='./file0\x00', 0x100)
connect$inet(0xffffffffffffffff, 0x0, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f00000003c0)=ANY=[@ANYRESDEC=r5, @ANYBLOB="20f801112e9e885017f56814550bdb6ebee315d7e4e1a1bff3c5a5e8f8208dc2f6f6ccb600", @ANYRES8=r1, @ANYRESDEC], 0x48)
r7 = syz_open_dev$tty1(0xc, 0x4, 0x1)
ioctl$TCSETSW(r7, 0x5403, &(0x7f0000000fc0)={0xc, 0xdb1b, 0xf, 0x5, 0x6, "c02db8159fdcae50281e45d2767f7c7199e33d"})
writev(r7, &(0x7f0000001280)=[{&(0x7f0000000000)="1df889ffb4662f09", 0x8}], 0x1)

19m59.904210626s ago: executing program 0 (id=263):
r0 = socket$inet6_sctp(0xa, 0x1, 0x84)
getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r0, 0x84, 0x6f, &(0x7f00000000c0)={0x0, 0x1c, &(0x7f0000000200)=[@in6={0xa, 0x4e21, 0xc78, @mcast2, 0x5}]}, 0x0)

19m59.682002783s ago: executing program 0 (id=266):
prlimit64(0x0, 0xe, &(0x7f0000000000)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
r0 = getpid()
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_GET(r1, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000280)={0x0, 0x50}, 0x1, 0x0, 0x0, 0x4000000}, 0x0)
sched_setscheduler(r0, 0x1, &(0x7f0000000100)=0x5)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000001480)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f00000004c0)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r3, &(0x7f00000bd000), 0x318, 0x0)
ptrace$ARCH_SHSTK_ENABLE(0x1e, r0, 0x0, 0x5001)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
madvise(&(0x7f00002e5000/0x400000)=nil, 0x400000, 0xf)
r4 = syz_open_dev$sndctrl(0x0, 0x1, 0x0)
socket$inet6(0xa, 0x2, 0x0)
ioctl$SNDRV_CTL_IOCTL_ELEM_READ(r4, 0xc4c85512, &(0x7f0000000780)={{0x8, 0x0, 0x0, 0x0, 'syz0\x00'}, 0x0, [0x4, 0xfffffffffffffffe, 0x40000000000, 0xffffffffffffffff, 0xffffffeffffffffe, 0x0, 0x6, 0x0, 0x0, 0x7, 0x0, 0x0, 0xfffffeffbfffffff, 0x0, 0x0, 0x0, 0x3, 0x80000000, 0x2000000000000003, 0x0, 0x0, 0x4, 0x0, 0x6, 0x1, 0x40, 0x0, 0xfffffffffffffffd, 0x100200000, 0xb, 0x8000000000000000, 0x0, 0x0, 0x0, 0x9, 0x0, 0x10000, 0x1000, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffdfffffffff, 0xfffffffffffffffc, 0x3, 0x0, 0x7, 0x10000, 0x7785, 0x0, 0x4, 0x4, 0x8, 0x0, 0xfffffffffffffffe, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x4, 0x0, 0x5, 0x0, 0x7ff, 0x0, 0xfffffffffffffffe, 0x9, 0x1000000000, 0x0, 0x80000000000000, 0x8, 0xfffffffffffffffe, 0x200000000, 0x0, 0xfffffffffffffffe, 0x0, 0x2000, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x2c5, 0x0, 0x4, 0x81, 0xfffffffffffffff9, 0x0, 0x0, 0x0, 0x9, 0x0, 0x4000000000, 0x3, 0x2, 0x0, 0x7, 0xc0c0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0xffffffffffeffffc, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x20000000, 0x0, 0x80]})
r5 = socket$inet(0x2, 0x4000000000000001, 0x0)
setsockopt$SO_TIMESTAMP(r5, 0x1, 0x3f, 0x0, 0x0)
r6 = syz_open_dev$tty1(0xc, 0x4, 0x1)
ioctl$TIOCGWINSZ(r6, 0x5413, &(0x7f00000001c0))
bpf$PROG_LOAD(0x5, &(0x7f0000000380)={0x11, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x41000, 0xf, '\x00', 0x0, @fallback=0xfb827ab984038ea1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x94)
sendmsg$inet(r5, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000001c0)}, 0x8c0)
recvmmsg(r5, 0x0, 0x0, 0x0, 0x0)
r7 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000040), 0x40000, 0x0)
ioctl$PIO_UNISCRNMAP(r7, 0x5453, 0x0)
syz_mount_image$udf(&(0x7f00000000c0), &(0x7f0000000240)='./file1\x00', 0x0, &(0x7f0000000180)=ANY=[@ANYRES32=0x0], 0x81, 0x4ac, &(0x7f00000011c0)="$eJzs20tsG1UXwPFzPLbruPk+3Adpi6piCSRCS9skLmmrIKE8iEBqG0gaEBUPhdgJJk4cxSkkVUu7BHYsumTJlgUrxBZVYolYoCDUXemGjVeUHeiO52XXSewm8TT1/1e1dx7H7r33zMy914kFAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACIDL022NOrYdcCAAC00qWJ8Z4M4z8AAG3lMut/AACAdqJiyR+icnKurBft/YrEhfzC1ZXJkdH6L+tQUYmIZcebv4nevsyZl/vPnnPLjV+/3Y7I2MTlwfRwcX5xKVcq5bLpyYX8dDGba/gdtvr6WsftDkjPz13NzsyU0n2nMlWnV1L39+ztSg30vz8cd2MnR0ZHJwIx0dgj/+8PWW+GHxdLXhSVT374Ti+JSES23hebXDs7rcNuxHG7EZMjo3ZDCvmphWVzUiNOVKS6T+JuH7UgF1sSETH10vj2rNliYsmPojJ0uqxjImK5/XDC/mC4ofqEIWqWriLSLbsgZ4+xPWLJh6Jy53RK3nT61c5/XOR62JXDjos6939Ry/qW/Tww95N5bF54O/3GwkwxEKsR545qZnyocw+GPj600mP+bEqIJWP2HV/W8bArg5brEEvmRSX+9af2vELseelTA2ePPXs+OMM4tMn7mNhTzs3VyJgcc6YOGjF/HqHa2BYJteRPUXnwe8Le73Zyw08E2oRaUhCVf26UVWvWpVZgfe/Z7WvDna1/R2K4uLi6lJ/9eLnu+WRi8KPS8tLUdP3TlbWrFTyy2Tq2VqS5JVlSKyu+Lz4re69z1gD/q+z5tfn2un8tdNeUruD108h2w8+ZJuZRpk6qltwTlZkPDlfGGUk23TftwOR/VFRK5V/UzbST/2hlL5D/V/z+S2h16bFz+//K51ruXOLIlYPrHd+J/Js6mfy/KypDfx92PtOo5N+qiTVxXaLy3u2jTlwkbuKibnMq7ziTL+R6TOy/orL/ZzdW7NikE3vAj+01sSVR+fJOdexeJ/agH9tnYtdE5e5v9WOf9mMzJnbV5Otu2o1NmthjTmyXH3tquljIbtatJv99ovLOzdfVbfO6+Q/c/7dqSs9DOd94e7vynwocu+Xk9YqT/+gm+f9KVFb/Ouq22+5797LaZ//r59/Mlb+/XR3rTkb3+7G9jTYrbCb/+0Tl/qtrXpudtjm7foaC+X8mWl16/RpS/vcFjqWcesWb7It2VFq9NjdVKOSW2GCDDTa8jbCfTGgFM/6Pm1G931J3HuOM/52VPX/G9OBzf/wfqCk9IY3/+wPHBpxZSywqklieX4wdEkmUVq+dzM9PzeZmcwuZM/09fefP9GTOxeLu5M7farjvngQm/ydE5cZPv3rrmOr5X/35f7Km9ISU/wPBNlXNaxruirZk8t8pKv331rz15kbzf3f93/1cdendfyHl/2DgWMqpV2eTfQEAAAAAAAAAAAAAAAAAu0lSLXleVFbGX1L3O0SN/P5ftqb0hPT7X12BY9nt/16D+9WoqlONVh0AAAAAAAAAAKCVImLJN6LygpT1pjnQKXIxWOKJ9l8AAAD//16uQhc=")
r8 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x1c7401, 0x98)
ioctl$PPPIOCGIDLE64(r8, 0x8010743f, &(0x7f0000000140))

19m57.623955663s ago: executing program 0 (id=271):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x80000100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000300)=0x8)
r0 = getpgrp(0x0)
sched_setaffinity(r0, 0x8, &(0x7f0000000040)=0x10000005)
prctl$PR_SCHED_CORE(0x3e, 0x1, r0, 0x2, 0x0)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000000)=0x3)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
r2 = syz_clone(0x8000, 0x0, 0xfffffffffffffe7e, 0x0, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, r2, 0x1, 0x0)
r3 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r3, &(0x7f0000019680)=""/102392, 0x18ff8)
r4 = io_uring_setup(0x299, 0x0)
prctl$PR_SET_MM_MAP(0x23, 0xe, 0x0, 0x0)
io_uring_enter(r4, 0x6cbf, 0xabe7, 0x3, 0x0, 0x0)
symlink(&(0x7f0000001640)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa/../file0\x00', &(0x7f0000000e40)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00')
fsconfig$FSCONFIG_SET_STRING(0xffffffffffffffff, 0x1, 0x0, &(0x7f0000000100)='\\\x00', 0x0)
socket$netlink(0x10, 0x3, 0x0)
openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x20000, 0x0)
close(0xffffffffffffffff)
r5 = userfaultfd(0x801)
ioctl$UFFDIO_API(r5, 0xc018aa3f, &(0x7f00000001c0))
ioctl$UFFDIO_REGISTER(r5, 0xc020aa00, 0x0)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x15)

19m56.331117891s ago: executing program 0 (id=272):
r0 = socket(0x11, 0x1, 0xff)
sendmsg$inet6(r0, &(0x7f0000001c00)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000100)="671723d7c60133", 0x7}, {&(0x7f0000000280)="9e91d91a92dc7c8fff658bb539e2ffb332", 0x11}], 0x2}, 0x20008b88)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0xa, 0x8a}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r1 = syz_open_procfs(0x0, &(0x7f0000000c80)='io\x00')
syz_fuse_handle_req(r1, 0x0, 0x0, &(0x7f0000003ec0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
lseek(r1, 0xffffffffffffffff, 0x1)
setsockopt$inet6_IPV6_FLOWLABEL_MGR(0xffffffffffffffff, 0x29, 0x20, &(0x7f0000000080)={@dev={0xfe, 0x80, '\x00', 0x16}, 0x300, 0x0, 0x2, 0x9, 0x0, 0x7}, 0x20)
setsockopt$inet6_IPV6_FLOWLABEL_MGR(0xffffffffffffffff, 0x29, 0x20, &(0x7f00000003c0)={@mcast1, 0x0, 0x0, 0x2, 0x1, 0x5, 0xb}, 0x20)
setsockopt$inet6_IPV6_FLOWLABEL_MGR(0xffffffffffffffff, 0x29, 0x20, 0x0, 0x0)
r2 = getpgrp(0x0)
sched_setaffinity(r2, 0xfffffffffffffdc3, &(0x7f00000000c0)=0x5)
r3 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
bind$bt_hci(r3, &(0x7f0000000400)={0x1f, 0xffff, 0x3}, 0x2)
ioctl$sock_bt_hci(r3, 0x800448d3, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, r2, 0x2, 0x0)
r4 = getpid()
sched_setscheduler(r4, 0x2, &(0x7f0000000000)=0x3)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
r5 = syz_clone(0x8000, 0x0, 0xfffffffffffffe7e, 0x0, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, r5, 0x1, 0x0)
r6 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r6, &(0x7f0000019680)=""/102392, 0x18ff8)
symlinkat(&(0x7f0000002740)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0xffffffffffffff9c, 0x0)
syz_create_resource$binfmt(0x0)
ftruncate(0xffffffffffffffff, 0x400000)
r7 = syz_open_dev$tty1(0xc, 0x4, 0x1)
ioctl$KDFONTOP_SET(r7, 0x4b72, &(0x7f0000000080)={0x0, 0x3000000, 0x8, 0x1b, 0x100, &(0x7f00000000c0)="387ed7626d850509a2d6c1aa38f15cd00f85c263cb226db671261fff7ce9c555f189afae3530db6dd493f28fd988721b9ae21b3e3b4523ae2594f47d8f62b480c4160b1f90ac9c41fae6ab12ac4c113fef588684ef495689092883b902a41cd75387ef6f7bc7d460d5e665f398ff95596dc94ec97003a3db08e500c2fb07e11aa4031a61c51caf7a65a2b613bda33f3eaeae635d7cd81761e74c38a7695800a15516eb337056e02335f9a7d10aa2eaf7beb7e1f7a1e850ecb3421143c5c4ded0f083a0c524dcf320827266819b6a952db5bc96141b26c54db857edbcbbc81c7af7aadf50bc549974b6401a19cdb130282b955592efa94242065a4c8d695a2cdd9ada350defd58c775b92d348305774d3a256c7520b285d8da0dbf5e20d604413ed2ddf9bcbf881cae811852806175d63892a15234fbcd7a88a0a0aea45d19148f0e7dada7d6d0d77881387fdeaa02863be90b88dfff412bff40c31c6415c54ae3335e54a49d315851feffe30d999c36def4df7df747695ef060000001bbe1b649f42f310859122c0d2c1e558dc6586958a28374f386ecf369274e43003a09b5159ea515eb44521901ef0d00baa91c10a8e44a76aac3468a15bd3d45ad389977467f306f9bcde071b30769795eed2f1580414d168f557cd90040c4bd2a3d6bc509254a12cece59181fcb5bad8c24bd9f8f78d17ab01831325501e80d899e9252f99d3a2666343392fda115048e4f4dd9f45657f8224fc78eb1168fe0527fac33466aadf48f16994d29a47778566e0f3945b18914beb66ac9e519bd3330000000000000009a3237aebbe3bed781e39d5a0fb0cdc60e196f2261305feb596b5b66ab89d2d6333f699b16db68986ab3eee7b199fefb5f79ffb2d1050e46982af1c14a88dd9b647ba812f56a8404755c73e74bb90e64bab9647c70ed5afca1c3d87907d14df8aa9df6f40a80ace2bb8a2aad3b0c66915927db4173181943d88c0c76d5969e2053db5bd77fd60ba0f012139929ccfec965c1f769785a4d23332d71f0875e3146afef5b20cc306d3ecee65944fe9829e0ad0c3f6bb2fdc1bc31152538db50f47dc38ba908a0d808687e478a609fe0daa0000000000000000e7f2e98597e27f3e1dba9c3c16e9fab3bda6ed33cb1c75513e2264b69d4794ded98eff9aa53d22eb77c9d93169c04ab2490bf28106f770e07eb7a9e8fd4e71929f918b98c4cbfcb11a90139264a9ee807c973167f493760278df0cc34be9e8f86f948d9a62e63ad6ca9d174d2465380b1a00ddc42915e4f3a5db640600000095a3d63904c9ecd1c313c08e29b814bd8fed1ab6d2846c73345962895d289ac77152cac2e04c93a5470774975b42091f218dd1e68a15f8226577bf9481ae0555db64a717eb23a811356d00000000ddffffff00"})

19m52.138067966s ago: executing program 0 (id=276):
mkdirat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x20)
openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x0, 0x0)
openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x5)
r0 = socket(0x1a, 0x4, 0xfffffffd)
bind$inet6(r0, &(0x7f00000000c0)={0xa, 0x4e20, 0xfffffffd, @loopback}, 0x1c)
getsockname$netrom(r0, 0x0, &(0x7f0000000280))
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x80202, 0x0)
setrlimit(0x6, 0x0)
r1 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r1, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
bind$tipc(r0, &(0x7f0000000080)=@nameseq={0x1e, 0x1, 0x2, {0x40, 0x1, 0x2}}, 0x10)
setsockopt$TIPC_GROUP_JOIN(0xffffffffffffffff, 0x10f, 0x87, &(0x7f0000000100)={0x43, 0x0, 0x3, 0x3}, 0x10)
r2 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r2, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000008c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a3200000000140000001100"], 0x7c}}, 0x0)
r3 = openat$uinput(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0)
write$uinput_user_dev(r3, &(0x7f0000000a00)={'syz1\x00', {0x9, 0x7, 0x5, 0x5}, 0x3f, [0x9, 0x2, 0x18, 0x2, 0x2, 0x400, 0x80000000, 0x0, 0x8, 0x0, 0x6, 0x1, 0xfffffffb, 0x39, 0x747d5e13, 0x800, 0xfffffb9a, 0xfffffffe, 0x0, 0xfffffffb, 0x2004, 0x3, 0x0, 0xf250, 0x80, 0x4800, 0x300000, 0x7, 0xe, 0x4623f, 0x0, 0x10001, 0x1ff, 0x8000, 0x0, 0x3, 0xc, 0x3, 0xba55, 0x8da8, 0x2, 0x200, 0x2, 0x5, 0xe, 0x4, 0x2, 0x6f, 0x8, 0x9, 0x1, 0x199d, 0x6, 0x2, 0x9, 0xffffffff, 0x4, 0x6, 0x1000, 0x5, 0x3d, 0x8, 0xa, 0x5], [0x7, 0x1e, 0x3, 0x8000, 0xfffffffd, 0x3, 0x0, 0x25, 0x7, 0xfffffffc, 0x8, 0x7fff, 0x72c, 0x1c32, 0x3, 0x5, 0x10000, 0x400, 0x7ffd, 0x3, 0x3, 0x297, 0x5, 0x0, 0x981, 0x4, 0x0, 0x3ff, 0x0, 0xfffffffe, 0x8, 0x1000001, 0x10, 0xfffffff9, 0xfffffffd, 0x7, 0x1, 0xffffffff, 0x6, 0x2000008, 0x800, 0xffff, 0x6, 0x96, 0xfffffff9, 0x2, 0x0, 0x2, 0x401, 0xc, 0x3, 0x379, 0x9, 0xe, 0x5, 0x7, 0x6, 0x2, 0x1, 0x1, 0x8, 0x7, 0x200, 0x3], [0x401, 0x8000c584, 0xffff, 0xcd3, 0x7, 0x1f, 0x404, 0x4, 0x4008, 0xc, 0x7, 0x9, 0x1e88, 0x5, 0x80000001, 0x8, 0x3f92, 0x1000, 0x0, 0x10, 0x1, 0xfffffff9, 0x0, 0x1000, 0x80040101, 0x5, 0x4, 0x5, 0x200003, 0x1, 0x5, 0x80, 0x9, 0x8001, 0x10000, 0x0, 0x3, 0x400004, 0x3, 0x6d7e, 0x3, 0x8, 0x3, 0xbf23, 0x6, 0x9, 0x956, 0x0, 0x3ff, 0xe, 0x6, 0x100fffd, 0x2005, 0x9, 0x4, 0xea, 0x9, 0x20000005, 0x3, 0x80, 0x0, 0x7d, 0x401, 0x5], [0x108e, 0xffff, 0x3, 0x3, 0x88, 0x2, 0x4000000, 0x4, 0x50, 0x2, 0x763, 0xb, 0x402, 0x1, 0x5, 0x1000, 0x7f, 0x5, 0x3fa6, 0x4, 0x0, 0x5, 0x3, 0x4, 0xe47, 0x4, 0x3, 0x4, 0x200, 0x2851, 0x3b, 0x20000001, 0x5, 0x5, 0xa80a, 0x65f413f9, 0x4, 0x20008, 0x8a5, 0x86, 0x44, 0x409, 0x6, 0x4, 0x4, 0xe, 0x4, 0xffffffff, 0x7fff, 0xffff8a33, 0xfffffff8, 0x401, 0x3, 0x200, 0x7, 0x4edf, 0xfffffffd, 0xa, 0xe, 0x101, 0xf, 0xf, 0x136, 0x6]}, 0x45c)
ioctl$UI_DEV_CREATE(r3, 0x5501)
readv(r3, &(0x7f0000001240)=[{&(0x7f00000012c0)=""/41, 0x29}], 0x1)
r4 = socket$netlink(0x10, 0x3, 0xc)
bind$netlink(r4, &(0x7f0000514ff4)={0x10, 0x0, 0x0, 0x2ffffffff}, 0xc)
r5 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_NEW(r5, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000180)={0x14, 0x0, 0x1, 0x401, 0x0, 0x1a14, {0x2}}, 0x14}}, 0x0)
r6 = dup2(r3, 0xffffffffffffffff)
ioctl$sock_inet_SIOCGIFBRDADDR(r6, 0x8919, &(0x7f0000000040)={'vlan0\x00', {0x2, 0x0, @broadcast}})
write$input_event(r3, &(0x7f0000000000)={{0x77359400}, 0x15}, 0xfe4f)

19m36.513542509s ago: executing program 33 (id=276):
mkdirat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x20)
openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x0, 0x0)
openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x5)
r0 = socket(0x1a, 0x4, 0xfffffffd)
bind$inet6(r0, &(0x7f00000000c0)={0xa, 0x4e20, 0xfffffffd, @loopback}, 0x1c)
getsockname$netrom(r0, 0x0, &(0x7f0000000280))
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x80202, 0x0)
setrlimit(0x6, 0x0)
r1 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r1, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
bind$tipc(r0, &(0x7f0000000080)=@nameseq={0x1e, 0x1, 0x2, {0x40, 0x1, 0x2}}, 0x10)
setsockopt$TIPC_GROUP_JOIN(0xffffffffffffffff, 0x10f, 0x87, &(0x7f0000000100)={0x43, 0x0, 0x3, 0x3}, 0x10)
r2 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r2, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000008c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a3200000000140000001100"], 0x7c}}, 0x0)
r3 = openat$uinput(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0)
write$uinput_user_dev(r3, &(0x7f0000000a00)={'syz1\x00', {0x9, 0x7, 0x5, 0x5}, 0x3f, [0x9, 0x2, 0x18, 0x2, 0x2, 0x400, 0x80000000, 0x0, 0x8, 0x0, 0x6, 0x1, 0xfffffffb, 0x39, 0x747d5e13, 0x800, 0xfffffb9a, 0xfffffffe, 0x0, 0xfffffffb, 0x2004, 0x3, 0x0, 0xf250, 0x80, 0x4800, 0x300000, 0x7, 0xe, 0x4623f, 0x0, 0x10001, 0x1ff, 0x8000, 0x0, 0x3, 0xc, 0x3, 0xba55, 0x8da8, 0x2, 0x200, 0x2, 0x5, 0xe, 0x4, 0x2, 0x6f, 0x8, 0x9, 0x1, 0x199d, 0x6, 0x2, 0x9, 0xffffffff, 0x4, 0x6, 0x1000, 0x5, 0x3d, 0x8, 0xa, 0x5], [0x7, 0x1e, 0x3, 0x8000, 0xfffffffd, 0x3, 0x0, 0x25, 0x7, 0xfffffffc, 0x8, 0x7fff, 0x72c, 0x1c32, 0x3, 0x5, 0x10000, 0x400, 0x7ffd, 0x3, 0x3, 0x297, 0x5, 0x0, 0x981, 0x4, 0x0, 0x3ff, 0x0, 0xfffffffe, 0x8, 0x1000001, 0x10, 0xfffffff9, 0xfffffffd, 0x7, 0x1, 0xffffffff, 0x6, 0x2000008, 0x800, 0xffff, 0x6, 0x96, 0xfffffff9, 0x2, 0x0, 0x2, 0x401, 0xc, 0x3, 0x379, 0x9, 0xe, 0x5, 0x7, 0x6, 0x2, 0x1, 0x1, 0x8, 0x7, 0x200, 0x3], [0x401, 0x8000c584, 0xffff, 0xcd3, 0x7, 0x1f, 0x404, 0x4, 0x4008, 0xc, 0x7, 0x9, 0x1e88, 0x5, 0x80000001, 0x8, 0x3f92, 0x1000, 0x0, 0x10, 0x1, 0xfffffff9, 0x0, 0x1000, 0x80040101, 0x5, 0x4, 0x5, 0x200003, 0x1, 0x5, 0x80, 0x9, 0x8001, 0x10000, 0x0, 0x3, 0x400004, 0x3, 0x6d7e, 0x3, 0x8, 0x3, 0xbf23, 0x6, 0x9, 0x956, 0x0, 0x3ff, 0xe, 0x6, 0x100fffd, 0x2005, 0x9, 0x4, 0xea, 0x9, 0x20000005, 0x3, 0x80, 0x0, 0x7d, 0x401, 0x5], [0x108e, 0xffff, 0x3, 0x3, 0x88, 0x2, 0x4000000, 0x4, 0x50, 0x2, 0x763, 0xb, 0x402, 0x1, 0x5, 0x1000, 0x7f, 0x5, 0x3fa6, 0x4, 0x0, 0x5, 0x3, 0x4, 0xe47, 0x4, 0x3, 0x4, 0x200, 0x2851, 0x3b, 0x20000001, 0x5, 0x5, 0xa80a, 0x65f413f9, 0x4, 0x20008, 0x8a5, 0x86, 0x44, 0x409, 0x6, 0x4, 0x4, 0xe, 0x4, 0xffffffff, 0x7fff, 0xffff8a33, 0xfffffff8, 0x401, 0x3, 0x200, 0x7, 0x4edf, 0xfffffffd, 0xa, 0xe, 0x101, 0xf, 0xf, 0x136, 0x6]}, 0x45c)
ioctl$UI_DEV_CREATE(r3, 0x5501)
readv(r3, &(0x7f0000001240)=[{&(0x7f00000012c0)=""/41, 0x29}], 0x1)
r4 = socket$netlink(0x10, 0x3, 0xc)
bind$netlink(r4, &(0x7f0000514ff4)={0x10, 0x0, 0x0, 0x2ffffffff}, 0xc)
r5 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_NEW(r5, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000180)={0x14, 0x0, 0x1, 0x401, 0x0, 0x1a14, {0x2}}, 0x14}}, 0x0)
r6 = dup2(r3, 0xffffffffffffffff)
ioctl$sock_inet_SIOCGIFBRDADDR(r6, 0x8919, &(0x7f0000000040)={'vlan0\x00', {0x2, 0x0, @broadcast}})
write$input_event(r3, &(0x7f0000000000)={{0x77359400}, 0x15}, 0xfe4f)

19m23.241482198s ago: executing program 4 (id=312):
syz_emit_ethernet(0x8a, &(0x7f0000000300)=ANY=[@ANYBLOB="aaaaaaaaaaaa0180c200000386dd60d8ff00000004000600fe8000000000bbfe800000f8ffffffffffffff000000aa00004e22000000000000000000f619669f3e78bc36e9e5ac24e9bae51b033912643d5cfdb2003554417f02a6486f782f006f97a319821675c792", @ANYRES32=0x41424344, @ANYRES32=0x41424344, @ANYBLOB="500200009078ff6f1e1001102ac3d8285ffcdf655bed014efe06e2d4c3d9fe04f989080a00000a02000000031e10150d0200000000000000ff0f0000050a000000010000"], 0x0)
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbee2, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e24}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff)
setgroups(0x0, 0x0)
openat$vim2m(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0)
r3 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_CREATE(r3, &(0x7f00000002c0)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x4000}, 0x4000)
r4 = io_uring_setup(0xf08, 0x0)
io_uring_register$IORING_UNREGISTER_RING_FDS(r4, 0x15, &(0x7f0000001900)=[{0x0, 0x1, 0x0, 0x0, 0x0}], 0x1)
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x7, 0x0)
r5 = syz_open_dev$usbfs(&(0x7f0000000140), 0x77, 0x3501)
r6 = syz_open_dev$dvb_demux(&(0x7f0000000080), 0x0, 0x41)
ioctl$DVB_DEMUX_DMX_SET_PES_FILTER(r6, 0x40146f2c, &(0x7f00000000c0)={0x1, 0x0, 0x3, 0x13, 0x4})
ioctl$DVB_DEMUX_DMX_ADD_PID(r6, 0x40026f33, &(0x7f0000000100)=0x808c)
close(r6)
ioctl$USBDEVFS_SUBMITURB(r5, 0x8038550a, &(0x7f0000000000)=@urb_type_control={0x2, {}, 0x0, 0x61, &(0x7f00000004c0)={0x1, 0x3, 0x14, 0x3}, 0x8, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0})
keyctl$instantiate(0xc, 0x0, &(0x7f0000000100)=ANY=[@ANYBLOB='new default'], 0x2a, 0x0)
add_key(&(0x7f0000000140)='encrypted\x00', &(0x7f0000000180)={'syz', 0x0}, &(0x7f0000000100), 0x0, 0xfffffffffffffffe)

19m22.153748597s ago: executing program 4 (id=314):
prlimit64(0x0, 0xe, &(0x7f0000000600)={0x9, 0x20000008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000140)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e22}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r3 = getpid()
sched_setscheduler(r3, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
connect$unix(r4, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r5, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r4, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
openat$sndseq(0xffffffffffffff9c, 0x0, 0x40800)
r6 = socket$key(0xf, 0x3, 0x2)
sendmsg$key(r6, &(0x7f0000000100)={0x3, 0x0, &(0x7f0000000000)={&(0x7f0000000240)={0x2, 0x2, 0x0, 0x2, 0xc, 0x0, 0x0, 0x0, [@sadb_key={0x2, 0x8, 0x8, 0x0, "fd"}, @sadb_sa={0x2, 0x1, 0x0, 0x0, 0x0, 0x5, 0x0, 0xa0000000}, @sadb_address={0x3, 0x6, 0x0, 0x0, 0x0, @in={0x2, 0x0, @dev={0xac, 0x14, 0x14, 0xff}}}, @sadb_address={0x3, 0x5, 0x0, 0x0, 0x0, @in={0x2, 0x0, @empty}}]}, 0x60}, 0x1, 0x7}, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0x1, 0x4, &(0x7f0000000180)=ANY=[@ANYBLOB="b405000000000000711048422e6c10438831407e43d753000000000006000000000000009500000000000000"], &(0x7f0000003ff6)='GPL\x00', 0x5, 0xfd96, &(0x7f0000000080)=""/201, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0xfffffffffffffd56, 0x10, &(0x7f0000000000), 0x1dd}, 0x48)
syz_mount_image$msdos(&(0x7f0000000200), &(0x7f0000000000)='./file2\x00', 0x2010410, &(0x7f0000000240)=ANY=[@ANYBLOB='nodots,dmask=00000000000000000000003,usefree,nodots,flush,dots,dots,gid=', @ANYRESOCT=r0, @ANYBLOB], 0x1, 0x215, &(0x7f0000000a80)="$eJzs3D1rW1cYB/AjWa6tlhZPhXbpoV3a5bb10qVDS3GhVNDSRiEv0zWWEyFFAl8NkglEc6Z8jhDIEsgW8gX8GbJkMwHjyVNucCRZsbFjJ47kxPn9Fj08/3uuztGBi7h62fz1zo3Gapaspp1Qmi+E4m+hH3YKYSEUw0g//HD/0vbt/y9f+fv3SmXpv9lhP8Yvvnl09ea9bx93Prv4YLdTCCFsLT7d+HLjq83nF67Xs1jPYqvdiWlcbrc76XKzFlfqWSOJ8d9mLc1qsd7Kamv78tVme/zUoZZlMW31YqPWi5127Kz1YnotrbdikiRxPnAq1bs7eR628jzP5/ohz/M3PUFhMvNiWk65/3zgbo0u6nH3avqs3612q4PHQf7nX5Wln+JLC+NR291udWYv/3mQx/35bPh0mC8emn8Svv9ukO9mf/xTOZCXw8rklw8AAAAAAOdSEvccen8/SY7KB9Urnw8cuH9fCl+Xxp2ZyS8FAAAAOELWW2+kzZXZtUHRrJ1ZMRf2d355OJziccN/fHL8MRMqPh8W4S3PUw4hHH1MMZz5pkynGH2PfNgZ/b7gZMNL72oa5ffk1RgV8+GwqBzWG3PT2RQAAOB8Gb/pP/GQ4kQnBAAAAAAAAAAAAAAAAAAAAB+hafyZ2VmvEQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADgdV4EAAD//4WcVw8=")
r7 = openat(0xffffffffffffff9c, &(0x7f0000000440)='./file1\x00', 0x103a42, 0x32)
r8 = socket$inet(0x2, 0x4000000000000001, 0x0)
bind$inet(r8, &(0x7f0000deb000)={0x2, 0x4e23, @multicast2}, 0x10)
close(r8)
ftruncate(r7, 0x6000000)

19m18.397242036s ago: executing program 4 (id=316):
syz_emit_ethernet(0x7c, &(0x7f00000000c0)=ANY=[@ANYBLOB="aaaaaaaaaaaaffffffffffff86dd61bc550dd1dc2f01fe800000000000bbfe8000000000000000000000800000aa0c2088be000000010000010088a8000086dd080088be000000031c08c5020100000000007b40080022eb0080000223022309020000000000000300ebb41b0800655800000004000000800000000072e984acfb7b69ed51b4cab619f80615a3f47d296a4658e8b7957cc58fd13ee422855854ebd28bfbd69bedfeb92cb21c88f8b6b919fbd1d7bfd3336b1f1ed74a03fd35227e316fe3bf2226645e8b9a8f1e31521003d1e837e406a7a0f89074c741326b10b4c2c2c53dcaf4a610c2f2a3ddb89bc98a5b5416beea91304410af40de4fea76afaa15a9a8cf5f45fc43eedbc04a37797a9d65710b72205fe8abbc693ca79634b97dc050ed18816852bda0a410c3a610f96d3fb3dbe670fb33de9475ba07d8d45716508c7d48e06051630eb8dd38b2522ba27b301205fcc2edd58c57fe31af50520d45f75d95774fc3c37d92ce77a7160ecbaa8855877235"], 0x0)
r0 = getpgrp(0x0)
r1 = syz_open_dev$tty1(0xc, 0x4, 0x1)
ioctl$GIO_UNISCRNMAP(r1, 0x4b69, &(0x7f0000000400)=""/210)
sched_setaffinity(r0, 0x8, &(0x7f0000000040)=0x5)
prlimit64(0x0, 0xe, &(0x7f0000000100)={0x1000, 0x80000100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000300)=0x7)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r2 = getpid()
sched_setscheduler(r2, 0x2, &(0x7f0000000000)=0x3)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
r3 = syz_clone(0x8000, 0x0, 0xfffffffffffffe7e, 0x0, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, r3, 0x1, 0x0)
r4 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r4, &(0x7f0000019680)=""/102392, 0x18ff8)
semop(0x0, &(0x7f0000000080)=[{0x1, 0x8001, 0x1000}], 0x1)
r5 = syz_open_dev$video(0x0, 0x3, 0x1)
ioctl$VIDIOC_S_FMT(r5, 0xc0d05605, &(0x7f00000002c0)={0x1, @pix={0xb, 0x1, 0x4f424752, 0x2, 0x11, 0x5, 0x1, 0xa, 0x0, 0x1, 0x0, 0x4}})
semctl$SETALL(0x0, 0x0, 0x11, &(0x7f0000000140)=[0x6])
r6 = socket$rxrpc(0x21, 0x2, 0x2)
r7 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cpu.stat\x00', 0x275a, 0x0)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x5, 0x12, r7, 0x0)
r8 = socket(0x10, 0x803, 0x0)
sendmsg$nl_route(r8, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000240)=ANY=[@ANYBLOB="1c0000001d0001002cbd70dbdf2502", @ANYRES32=0x0, @ANYBLOB="01008000"], 0x1c}, 0x1, 0x0, 0x0, 0x40000}, 0x0)
getsockname(r6, &(0x7f0000000240)=@in6={0xa, 0x0, 0x0, @empty}, &(0x7f0000000300)=0x80)
bind$l2tp6(r7, 0x0, 0x0)
open(&(0x7f0000000040)='./file2\x00', 0x1, 0x104)
r9 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(r9, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000380)=[{&(0x7f00000000c0)={0x28, 0x2e, 0x1, 0x0, 0x0, "", [@typed={0x8, 0x0, 0x0, 0x0, @fd}, @nested={0x10, 0x11, 0x0, 0x1, [@nested={0xc, 0x23, 0x0, 0x1, [@typed={0x8, 0x12b, 0x0, 0x0, @pid}]}]}]}, 0x28}], 0x1}, 0x0)

19m13.99170608s ago: executing program 4 (id=318):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x40001e0, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
getsockopt$inet_pktinfo(0xffffffffffffffff, 0x0, 0x8, 0x0, 0x0)
r3 = socket$inet6_udplite(0xa, 0x2, 0x88)
ioctl$sock_inet6_SIOCSIFADDR(r3, 0x8916, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
r4 = bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0x10, 0x4, &(0x7f0000000040)=ANY=[@ANYBLOB="b4000000000000007910480000000000610400000000000095000000"], &(0x7f0000003ff6)='GPL\x00', 0x2, 0xfd90, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @sk_msg}, 0x48)
close(r4)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000010c0)={<r5=>0xffffffffffffffff, <r6=>0xffffffffffffffff})
r7 = bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0xe, 0x4, &(0x7f0000000540)=ANY=[@ANYBLOB="b4050000fdff7f006110580000000000c60000000000000095000000000000009f33ef60916e6e713f1eeb0b725ad99b817fd98cd824498949714ffaac8a6f770600dcca55f21f3ca9e822d182054d54d53cd2b6db714e4beb5447000001000000008f2b9000f22425e4097ed62cbc891061017cfa6fa26fa7088c60897d4a6148a1c1e43f00001bde60beac671e8e8fdecb03588aa623fa71f31bf0f871ab5c2ff88afc60027f4e5b5271ed58e835cf0d0000000098b51fe6b1b8d9dbe87dcff414ed000000000000000000000000000000000000000000000000000000b347abe6352a080f8140e5fd10747b6ecdb3540546bf636e3d6e700e5b0500000000000000eb9e1403e6c8f7a187eaf60f3a17f0f046a307a403c19d9829c90bd2114252581567acae715cbe1b57d5cda432c5b910400623d24195405f2e76ccb7b37b41215c184e731fb1"], &(0x7f0000003ff6)='GPL\x00', 0x4, 0xfd90, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @sk_skb, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x366, 0x10, &(0x7f0000000000), 0x1dd}, 0x48)
r8 = bpf$MAP_CREATE(0x0, &(0x7f0000000b00)=ANY=[@ANYBLOB="0f000000040000000400000012"], 0x48)
bpf$BPF_PROG_DETACH(0x8, &(0x7f0000000100)=ANY=[@ANYRES32=r7, @ANYBLOB='&'], 0x10)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f00000000c0)={{r8}, &(0x7f0000000000), &(0x7f0000000080)=r4}, 0x20)
sendmsg$inet(r6, &(0x7f0000000500)={0x0, 0x0, &(0x7f0000001740)=[{&(0x7f0000000280)='>', 0x22fe0}], 0x1}, 0x0)
recvfrom(r5, &(0x7f0000004000)=""/4112, 0xfffffffffffffedc, 0x2080, 0x0, 0x0)

19m9.321856652s ago: executing program 4 (id=327):
prlimit64(0x0, 0xe, &(0x7f0000000600)={0x9, 0x20000008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000140)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e22}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r3 = getpid()
sched_setscheduler(r3, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
connect$unix(r4, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r5, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r4, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
openat$sndseq(0xffffffffffffff9c, 0x0, 0x40800)
r6 = socket$key(0xf, 0x3, 0x2)
sendmsg$key(r6, &(0x7f0000000100)={0x3, 0x0, &(0x7f0000000000)={&(0x7f0000000240)={0x2, 0x2, 0x0, 0x2, 0xc, 0x0, 0x0, 0x0, [@sadb_key={0x2, 0x8, 0x8, 0x0, "fd"}, @sadb_sa={0x2, 0x1, 0x0, 0x0, 0x0, 0x5, 0x0, 0xa0000000}, @sadb_address={0x3, 0x6, 0x0, 0x0, 0x0, @in={0x2, 0x0, @dev={0xac, 0x14, 0x14, 0xff}}}, @sadb_address={0x3, 0x5, 0x0, 0x0, 0x0, @in={0x2, 0x0, @empty}}]}, 0x60}, 0x1, 0x7}, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0x1, 0x4, &(0x7f0000000180)=ANY=[@ANYBLOB="b405000000000000711048422e6c10438831407e43d753000000000006000000000000009500000000000000"], &(0x7f0000003ff6)='GPL\x00', 0x5, 0xfd96, &(0x7f0000000080)=""/201, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0xfffffffffffffd56, 0x10, &(0x7f0000000000), 0x1dd}, 0x48)
syz_mount_image$msdos(&(0x7f0000000200), &(0x7f0000000000)='./file2\x00', 0x2010410, &(0x7f0000000240)=ANY=[@ANYBLOB='nodots,dmask=00000000000000000000003,usefree,nodots,flush,dots,dots,gid=', @ANYRESOCT=r0, @ANYBLOB], 0x1, 0x215, &(0x7f0000000a80)="$eJzs3D1rW1cYB/AjWa6tlhZPhXbpoV3a5bb10qVDS3GhVNDSRiEv0zWWEyFFAl8NkglEc6Z8jhDIEsgW8gX8GbJkMwHjyVNucCRZsbFjJ47kxPn9Fj08/3uuztGBi7h62fz1zo3Gapaspp1Qmi+E4m+hH3YKYSEUw0g//HD/0vbt/y9f+fv3SmXpv9lhP8Yvvnl09ea9bx93Prv4YLdTCCFsLT7d+HLjq83nF67Xs1jPYqvdiWlcbrc76XKzFlfqWSOJ8d9mLc1qsd7Kamv78tVme/zUoZZlMW31YqPWi5127Kz1YnotrbdikiRxPnAq1bs7eR628jzP5/ohz/M3PUFhMvNiWk65/3zgbo0u6nH3avqs3612q4PHQf7nX5Wln+JLC+NR291udWYv/3mQx/35bPh0mC8emn8Svv9ukO9mf/xTOZCXw8rklw8AAAAAAOdSEvccen8/SY7KB9Urnw8cuH9fCl+Xxp2ZyS8FAAAAOELWW2+kzZXZtUHRrJ1ZMRf2d355OJziccN/fHL8MRMqPh8W4S3PUw4hHH1MMZz5pkynGH2PfNgZ/b7gZMNL72oa5ffk1RgV8+GwqBzWG3PT2RQAAOB8Gb/pP/GQ4kQnBAAAAAAAAAAAAAAAAAAAAB+hafyZ2VmvEQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADgdV4EAAD//4WcVw8=")
r7 = openat(0xffffffffffffff9c, &(0x7f0000000440)='./file1\x00', 0x103a42, 0x32)
r8 = socket$inet(0x2, 0x4000000000000001, 0x0)
bind$inet(r8, &(0x7f0000deb000)={0x2, 0x4e23, @multicast2}, 0x10)
close(r8)
ftruncate(r7, 0x6000000)

19m5.45283535s ago: executing program 4 (id=331):
r0 = socket$inet(0x2, 0x2, 0x1)
ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r0, 0x8933, &(0x7f00000007c0))
setsockopt$MRT_ADD_MFC(r0, 0x0, 0xcc, &(0x7f0000000000)={@broadcast, @remote, 0x4001, "43045553e8378e722b7c8c306c74eef33a9732c5b10fc016c5803a7e9283cecc", 0x5, 0xfffffe01, 0x8, 0x1}, 0x3c)
socket$packet(0x11, 0x2, 0x300)
r1 = socket$inet6_sctp(0xa, 0x5, 0x84)
ioctl$sock_SIOCETHTOOL(r1, 0x8946, &(0x7f0000001200)={'wlan1\x00', &(0x7f0000001100)=@ethtool_rxnfc={0x2a, 0x8, 0x7e1ab084, {0x3, @usr_ip4_spec={@multicast1, @multicast1, 0x53, 0x7f, 0x1, 0x9}, {0x0, @random="7729ba522e59", 0xa, 0x0, [0x10000, 0x3]}, @hdata="a86b57371eff451fd353517f755532b803741b5b2aade83e68f35d937d79d8993111b4ca75f0612da64df99e636e9cb7eb62b35f", {0x0, @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0xe}, 0x9, 0x6, [0x6]}, 0x3, 0x6}}})
bpf$MAP_CREATE(0x0, 0x0, 0x0)
r2 = socket$packet(0x11, 0x3, 0x300)
r3 = socket$netlink(0x10, 0x3, 0x0)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000000)={'lo\x00', <r5=>0x0})
bind$packet(r2, &(0x7f0000000040)={0x11, 0x9, r5, 0x1, 0x1f, 0x6, @dev={'\xaa\xaa\xaa\xaa\xaa', 0x2c}}, 0x14)
writev(r3, &(0x7f00000003c0)=[{&(0x7f0000000380)="390000001300034700bb65e1c3e4ffff01000000010000005600000025000000190004000400000007fdd411efc40800040000000000000000", 0x39}], 0x1)
writev(r3, &(0x7f00000001c0)=[{&(0x7f0000000400)="390000001300034700bb5be1c3e4feff06000000010000004500000025000000190004000400ad000200000000000006040000000000f93132", 0x39}], 0x1)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f0000000200)=ANY=[@ANYBLOB="340000001a00020001000000000000000a1400000003000000000000080006000400000008000400", @ANYRES32=0x0, @ANYBLOB="0600150000000000cbed4b07c11c98c3733a2b959102835d11f60a8d97fe52e0f13a989e0aa73fa20780029afa134c9bfe515a628d4b9e203111069c58218ec810167bf4e730ea0a4a9f10a5677a7435e13217e65c0ee62ab286a101ec002be0c1d86c7892"], 0x34}, 0x1, 0x0, 0x0, 0x4000}, 0x20048854)
r6 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r6, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000002c0)=ANY=[@ANYBLOB="3400000040000701fcffffff00000100017c0000040042800c0001800600060065580000100002800c000b"], 0x34}, 0x1, 0x0, 0x0, 0x4048011}, 0xc000)
setsockopt$IP6T_SO_SET_REPLACE(0xffffffffffffffff, 0x29, 0x40, &(0x7f0000001300)=@mangle={'mangle\x00', 0x10, 0x6, 0x540, 0x0, 0x410, 0x0, 0x2f8, 0x2f8, 0x640, 0x640, 0x640, 0x640, 0x640, 0x6, 0x0, {[{{@uncond, 0x0, 0xa8, 0xd0, 0x0, {0x7a00000000000000}}, @common=@unspec=@STANDARD={0x28, '\x00', 0x0, 0xfffffffffffffffe}}, {{@uncond, 0x0, 0xa8, 0xd0}, @common=@unspec=@NFQUEUE3={0x28, 'NFQUEUE\x00', 0x3, {0x0, 0xfff7, 0x4}}}, {{@uncond, 0x0, 0xa8, 0xf0}, @DNPT={0x48, 'DNPT\x00', 0x0, {@ipv6=@rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01', @ipv6=@mcast1}}}, {{@ipv6={@private0, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, [], [], 'veth1\x00', 'ip6gretap0\x00', {}, {}, 0x0, 0x2}, 0x0, 0xa8, 0xf0}, @SNPT={0x48, 'SNPT\x00', 0x0, {@ipv4=@local, @ipv4=@multicast1}}}, {{@ipv6={@mcast1, @mcast2, [], [], 'wg1\x00', 'vxcan1\x00', {0xff}, {}, 0x2c}, 0x0, 0xa8, 0xf0}, @SNPT={0x48, 'SNPT\x00', 0x0, {@ipv6=@mcast2, @ipv6=@local}}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x5a0)
r7 = socket(0x2000000000000021, 0x2, 0x10000000000002)
sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000000)=@updpolicy={0xb8, 0x13, 0x200, 0x0, 0x25dfdbfb, {{@in=@loopback, @in6=@local, 0xfffc, 0x4, 0x0, 0x0, 0xa, 0x60, 0x20, 0x32}, {0x0, 0x4, 0x5, 0x0, 0x40, 0xfffffffffffffffd, 0x2}, {0xfffffffffffffffe, 0x0, 0x0, 0xcd17}, 0x9, 0x40000000, 0x0, 0x1, 0x2, 0x3}}, 0xb8}, 0x1, 0x0, 0x0, 0x80}, 0x50)
r8 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r8, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000000)=ANY=[@ANYBLOB="b8000000190001"], 0xb8}}, 0x0)
syz_emit_ethernet(0x2a, &(0x7f0000000100)=ANY=[@ANYBLOB="0380c20000000180c1fff500080045000018000000007800000000"], 0x0)
sendmsg$nl_xfrm(r8, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000440)={&(0x7f0000000000)=ANY=[@ANYBLOB="650100001b"], 0x188}}, 0x0)
connect$rxrpc(r7, &(0x7f0000000140)=@in4={0x21, 0x0, 0x2, 0x10, {0x2, 0x8, @broadcast}}, 0x24)
r9 = syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10)
r10 = syz_genetlink_get_family_id$smc(&(0x7f0000000080), 0xffffffffffffffff)
sendmsg$SMC_PNETID_DEL(r9, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)={0x34, r10, 0x1, 0x0, 0x25dfdbfe, {0x2, 0x2, 0x2}, [@SMC_PNETID_IBNAME={0x9, 0x3, 'syz2\x00'}, @SMC_PNETID_NAME={0x9, 0x1, 'syz1\x00'}, @SMC_PNETID_IBPORT={0x5, 0x4, 0x2}]}, 0x34}, 0x1, 0x40030000000000, 0x0, 0x800}, 0x80)
sendmmsg(r7, &(0x7f0000000180)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="18000000000000001001000001"], 0x18, 0xe000}, 0x5}], 0x1, 0x0)

18m49.028458557s ago: executing program 34 (id=331):
r0 = socket$inet(0x2, 0x2, 0x1)
ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r0, 0x8933, &(0x7f00000007c0))
setsockopt$MRT_ADD_MFC(r0, 0x0, 0xcc, &(0x7f0000000000)={@broadcast, @remote, 0x4001, "43045553e8378e722b7c8c306c74eef33a9732c5b10fc016c5803a7e9283cecc", 0x5, 0xfffffe01, 0x8, 0x1}, 0x3c)
socket$packet(0x11, 0x2, 0x300)
r1 = socket$inet6_sctp(0xa, 0x5, 0x84)
ioctl$sock_SIOCETHTOOL(r1, 0x8946, &(0x7f0000001200)={'wlan1\x00', &(0x7f0000001100)=@ethtool_rxnfc={0x2a, 0x8, 0x7e1ab084, {0x3, @usr_ip4_spec={@multicast1, @multicast1, 0x53, 0x7f, 0x1, 0x9}, {0x0, @random="7729ba522e59", 0xa, 0x0, [0x10000, 0x3]}, @hdata="a86b57371eff451fd353517f755532b803741b5b2aade83e68f35d937d79d8993111b4ca75f0612da64df99e636e9cb7eb62b35f", {0x0, @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0xe}, 0x9, 0x6, [0x6]}, 0x3, 0x6}}})
bpf$MAP_CREATE(0x0, 0x0, 0x0)
r2 = socket$packet(0x11, 0x3, 0x300)
r3 = socket$netlink(0x10, 0x3, 0x0)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000000)={'lo\x00', <r5=>0x0})
bind$packet(r2, &(0x7f0000000040)={0x11, 0x9, r5, 0x1, 0x1f, 0x6, @dev={'\xaa\xaa\xaa\xaa\xaa', 0x2c}}, 0x14)
writev(r3, &(0x7f00000003c0)=[{&(0x7f0000000380)="390000001300034700bb65e1c3e4ffff01000000010000005600000025000000190004000400000007fdd411efc40800040000000000000000", 0x39}], 0x1)
writev(r3, &(0x7f00000001c0)=[{&(0x7f0000000400)="390000001300034700bb5be1c3e4feff06000000010000004500000025000000190004000400ad000200000000000006040000000000f93132", 0x39}], 0x1)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f0000000200)=ANY=[@ANYBLOB="340000001a00020001000000000000000a1400000003000000000000080006000400000008000400", @ANYRES32=0x0, @ANYBLOB="0600150000000000cbed4b07c11c98c3733a2b959102835d11f60a8d97fe52e0f13a989e0aa73fa20780029afa134c9bfe515a628d4b9e203111069c58218ec810167bf4e730ea0a4a9f10a5677a7435e13217e65c0ee62ab286a101ec002be0c1d86c7892"], 0x34}, 0x1, 0x0, 0x0, 0x4000}, 0x20048854)
r6 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r6, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000002c0)=ANY=[@ANYBLOB="3400000040000701fcffffff00000100017c0000040042800c0001800600060065580000100002800c000b"], 0x34}, 0x1, 0x0, 0x0, 0x4048011}, 0xc000)
setsockopt$IP6T_SO_SET_REPLACE(0xffffffffffffffff, 0x29, 0x40, &(0x7f0000001300)=@mangle={'mangle\x00', 0x10, 0x6, 0x540, 0x0, 0x410, 0x0, 0x2f8, 0x2f8, 0x640, 0x640, 0x640, 0x640, 0x640, 0x6, 0x0, {[{{@uncond, 0x0, 0xa8, 0xd0, 0x0, {0x7a00000000000000}}, @common=@unspec=@STANDARD={0x28, '\x00', 0x0, 0xfffffffffffffffe}}, {{@uncond, 0x0, 0xa8, 0xd0}, @common=@unspec=@NFQUEUE3={0x28, 'NFQUEUE\x00', 0x3, {0x0, 0xfff7, 0x4}}}, {{@uncond, 0x0, 0xa8, 0xf0}, @DNPT={0x48, 'DNPT\x00', 0x0, {@ipv6=@rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01', @ipv6=@mcast1}}}, {{@ipv6={@private0, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, [], [], 'veth1\x00', 'ip6gretap0\x00', {}, {}, 0x0, 0x2}, 0x0, 0xa8, 0xf0}, @SNPT={0x48, 'SNPT\x00', 0x0, {@ipv4=@local, @ipv4=@multicast1}}}, {{@ipv6={@mcast1, @mcast2, [], [], 'wg1\x00', 'vxcan1\x00', {0xff}, {}, 0x2c}, 0x0, 0xa8, 0xf0}, @SNPT={0x48, 'SNPT\x00', 0x0, {@ipv6=@mcast2, @ipv6=@local}}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x5a0)
r7 = socket(0x2000000000000021, 0x2, 0x10000000000002)
sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000000)=@updpolicy={0xb8, 0x13, 0x200, 0x0, 0x25dfdbfb, {{@in=@loopback, @in6=@local, 0xfffc, 0x4, 0x0, 0x0, 0xa, 0x60, 0x20, 0x32}, {0x0, 0x4, 0x5, 0x0, 0x40, 0xfffffffffffffffd, 0x2}, {0xfffffffffffffffe, 0x0, 0x0, 0xcd17}, 0x9, 0x40000000, 0x0, 0x1, 0x2, 0x3}}, 0xb8}, 0x1, 0x0, 0x0, 0x80}, 0x50)
r8 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r8, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000000)=ANY=[@ANYBLOB="b8000000190001"], 0xb8}}, 0x0)
syz_emit_ethernet(0x2a, &(0x7f0000000100)=ANY=[@ANYBLOB="0380c20000000180c1fff500080045000018000000007800000000"], 0x0)
sendmsg$nl_xfrm(r8, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000440)={&(0x7f0000000000)=ANY=[@ANYBLOB="650100001b"], 0x188}}, 0x0)
connect$rxrpc(r7, &(0x7f0000000140)=@in4={0x21, 0x0, 0x2, 0x10, {0x2, 0x8, @broadcast}}, 0x24)
r9 = syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10)
r10 = syz_genetlink_get_family_id$smc(&(0x7f0000000080), 0xffffffffffffffff)
sendmsg$SMC_PNETID_DEL(r9, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)={0x34, r10, 0x1, 0x0, 0x25dfdbfe, {0x2, 0x2, 0x2}, [@SMC_PNETID_IBNAME={0x9, 0x3, 'syz2\x00'}, @SMC_PNETID_NAME={0x9, 0x1, 'syz1\x00'}, @SMC_PNETID_IBPORT={0x5, 0x4, 0x2}]}, 0x34}, 0x1, 0x40030000000000, 0x0, 0x800}, 0x80)
sendmmsg(r7, &(0x7f0000000180)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="18000000000000001001000001"], 0x18, 0xe000}, 0x5}], 0x1, 0x0)

17m48.727468694s ago: executing program 3 (id=448):
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000006680))
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x10001, 0xffffffffffffffbb, 0x0)
syz_genetlink_get_family_id$devlink(0x0, 0xffffffffffffffff)
sendmsg$DEVLINK_CMD_RELOAD(0xffffffffffffffff, &(0x7f00000003c0)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x11}, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x7, 0x100}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r0 = getpid()
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000040)={'sit0\x00'})
ioctl$sock_inet6_SIOCSIFDSTADDR(0xffffffffffffffff, 0x8918, 0x0)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000080)={0xffffffffffffffff, <r3=>0xffffffffffffffff})
ioctl$SIOCSIFHWADDR(r3, 0x8932, &(0x7f0000000000)={'netdevsim0\x00'})
bpf$BPF_LINK_CREATE_XDP(0x1c, 0x0, 0x0)
openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000000), 0x8002, 0x0)
r4 = syz_init_net_socket$bt_l2cap(0x1f, 0x2, 0x0)
connect$bt_l2cap(r4, &(0x7f0000000080)={0x1f, 0x0, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x10}, 0x7ff}, 0xe)
r5 = openat$urandom(0xffffffffffffff9c, &(0x7f00000001c0), 0x101000, 0x0)
sendfile(r4, r5, 0x0, 0x10001)
sysfs$1(0x1, &(0x7f0000001840)='mqueue\x00')
syz_emit_vhci(&(0x7f0000000040)=ANY=[@ANYBLOB="04230d00c90001"], 0x10)

17m41.326751585s ago: executing program 3 (id=463):
r0 = syz_open_dev$ndb(&(0x7f0000000000), 0x0, 0x64bd55c157188b30)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f00000000c0)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
ioctl$sock_SIOCADDRT(0xffffffffffffffff, 0x890b, &(0x7f0000000040)={0x0, @l2tp={0x2, 0x0, @local, 0x100003}, @ax25={0x3, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x1}, 0x6}, @sco, 0x100, 0x0, 0x0, 0x0, 0x1, 0x0, 0xfffffffffffffffc, 0x0, 0x3})
prlimit64(0x0, 0xe, 0x0, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4)
pwrite64(0xffffffffffffffff, 0x0, 0x0, 0x6)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
ioctl$USBDEVFS_CLAIM_PORT(0xffffffffffffffff, 0x80045518, 0x0)
r3 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r3, &(0x7f0000019680)=""/102392, 0x18ff8)
openat$nullb(0xffffffffffffff9c, 0x0, 0x4000000004002, 0x0)
openat$nullb(0xffffffffffffff9c, &(0x7f0000000100), 0x1c3902, 0x0)
bind$inet(0xffffffffffffffff, &(0x7f00000001c0)={0x2, 0x0, @local}, 0x16)
connect$inet(0xffffffffffffffff, &(0x7f0000000480)={0x2, 0x4e23, @multicast2}, 0x10)
setsockopt$inet_IP_XFRM_POLICY(0xffffffffffffffff, 0x0, 0x11, &(0x7f00000002c0)={{{@in=@multicast2, @in6=@mcast1, 0x4e20, 0x4, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0xee01}, {0x0, 0x0, 0x0, 0x0, 0x5, 0x0, 0x3, 0xfffffffffffffffe}, {0x0, 0x0, 0xfffffffffffffffc, 0xff}, 0x0, 0x0, 0x1}, {{@in=@dev={0xac, 0x14, 0x14, 0x3c}, 0x0, 0x32}, 0x0, @in=@private=0xa010100, 0x0, 0x2, 0x0, 0xb7, 0xfffffffe, 0xffffff7e}}, 0xe8)
sendmmsg(0xffffffffffffffff, &(0x7f0000007fc0), 0x800001d, 0x1c)
r4 = socket$nl_rdma(0x10, 0x3, 0x14)
sendmsg$RDMA_NLDEV_CMD_RES_CQ_GET(r4, &(0x7f0000000140)={0x0, 0x50, &(0x7f0000000000)={&(0x7f0000000040)={0x18, 0x1409, 0x1, 0x0, 0x0, "", [@RDMA_NLDEV_ATTR_DEV_INDEX={0x4}]}, 0x18}}, 0x0)
ioctl$NBD_SET_SOCK(r0, 0xab00, r1)
syz_open_dev$ndb(&(0x7f0000000040), 0x0, 0x80)
ioctl$F2FS_IOC_GARBAGE_COLLECT(r2, 0x4004f506, &(0x7f0000000080))
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000640)={0x6, 0x0, 0x0, &(0x7f00000007c0)='syzkaller\x00', 0x1, 0x0, 0x0, 0x0, 0x40}, 0x94)
r5 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000200)='blkio.bfq.io_service_bytes\x00', 0x0, 0x0)
ioctl$NBD_CLEAR_SOCK(r5, 0xab04)

17m30.437984359s ago: executing program 3 (id=478):
socket$inet6(0xa, 0x8000e, 0x5)
eventfd2(0x0, 0x0)
socket$inet_tcp(0x2, 0x1, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f0000000340)=ANY=[@ANYBLOB="10000000040000000400000008"], 0x50)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
socket$nl_netfilter(0x10, 0x3, 0xc)
r3 = socket$inet6_sctp(0xa, 0x1, 0x84)
setsockopt(r3, 0x84, 0x81, &(0x7f0000000280)="1a00000002000000", 0x8)
setsockopt$inet_sctp_SCTP_SOCKOPT_BINDX_ADD(r3, 0x84, 0x64, &(0x7f0000000000)=[@in6={0xa, 0x4e23, 0x401, @loopback}], 0x1c)
r4 = socket$nl_route(0x10, 0x3, 0x0)
getsockopt$sock_buf(r4, 0x1, 0x2b, 0x0, &(0x7f0000000000))
sendto$inet6(r3, &(0x7f0000000100)="b8", 0xffe0, 0x2000c851, &(0x7f0000000140)={0xa, 0x4e23, 0x0, @loopback, 0xffffffff}, 0x1c)
futex(&(0x7f00000000c0)=0x1, 0x6, 0x0, &(0x7f0000000300), 0x0, 0x2)
write(r3, &(0x7f0000000180), 0x0)
setsockopt$inet_sctp6_SCTP_AUTH_KEY(r3, 0x84, 0x17, &(0x7f00000002c0)={0x0, 0x0, 0x1, 'M'}, 0x9)
r5 = socket$nl_rdma(0x10, 0x3, 0x14)
sendmsg$RDMA_NLDEV_CMD_RES_GET(r5, &(0x7f0000000180)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x40000}, 0xc, &(0x7f0000000080)={&(0x7f0000000380)={0x48, 0x1409, 0x1, 0x70bd2d, 0x25dfdbfe, "", [@RDMA_NLDEV_ATTR_DEV_INDEX={0x8, 0x1, 0x1}, @RDMA_NLDEV_ATTR_DEV_INDEX={0x8}, @RDMA_NLDEV_ATTR_DEV_INDEX={0x8, 0x1, 0x1}, @RDMA_NLDEV_ATTR_DEV_INDEX={0x8, 0x1, 0x1}, @RDMA_NLDEV_ATTR_DEV_INDEX={0x8}, @RDMA_NLDEV_ATTR_DEV_INDEX={0x8}, @RDMA_NLDEV_ATTR_DEV_INDEX={0x8}]}, 0x48}, 0x1, 0x0, 0x0, 0x4000000}, 0x20000800)

17m29.088954506s ago: executing program 3 (id=479):
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
bind$inet(r0, &(0x7f0000000200)={0x2, 0x4e20, @multicast2}, 0x10)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x7, 0x100}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r1 = getpid()
sched_setscheduler(r1, 0x1, &(0x7f00000000c0)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2)
syz_pidfd_open(0x0, 0x0)
add_key(0x0, 0x0, &(0x7f0000000080)="000006020200", 0x6, 0xfffffffffffffffb)
setsockopt$inet_tcp_TCP_MD5SIG(r0, 0x6, 0xe, &(0x7f0000000280)={@in={{0x2, 0x4e20, @loopback}}, 0x0, 0x0, 0x4, 0x0, "e83ae75240c2d6d8ec87bb53679fd0450078548ceb6c4414fab091000000000000000776aea5922406b64cddaeb9d339ba3c01c2c7d0df8e61740b9af2d4e499d58654a4cf0fa0ce1f830c3279cffcfd"}, 0xd8)
setsockopt$inet_tcp_int(r0, 0x6, 0x2, &(0x7f0000000040)=0xce, 0x4)
openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0)
r4 = openat(0xffffffffffffff9c, &(0x7f0000000400)='./file1\x00', 0x143142, 0x40)
unshare(0x2c020400)
prctl$PR_SET_MM_EXE_FILE(0x23, 0xd, r4)
connect$inet(r0, &(0x7f00000001c0)={0x2, 0x4e20, @loopback}, 0x10)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f00000003c0)={0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50)
r5 = socket$inet_tcp(0x2, 0x1, 0x0)
getsockopt$inet_tcp_buf(r5, 0x6, 0x23, &(0x7f0000000000)=""/30, &(0x7f0000000200)=0x1e)
sendmsg$inet(r0, &(0x7f00000015c0)={0x0, 0x14, &(0x7f0000001600)=[{&(0x7f0000000240)=' ', 0x100120}], 0x1}, 0x0)
recvmsg(r0, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000080)=[{0x0}, {&(0x7f0000000000)=""/62, 0x3e}, {0x0}], 0x3}, 0x700)
syz_mount_image$fuse(0x0, 0x0, 0x3300089, 0x0, 0x1, 0x0, 0x0)
mount$overlay(0x0, 0x0, 0x0, 0x2ae080, &(0x7f0000000540)={[{@lowerdir={'lowerdir', 0x3d, '.'}}, {@workdir={'workdir', 0x3d, './bus'}}, {@upperdir={'upperdir', 0x3d, './file0'}}]})

17m27.97636692s ago: executing program 3 (id=482):
bpf$PROG_LOAD(0x5, 0x0, 0x0)
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000380)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x50)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x18, 0x14, &(0x7f0000002240)=@framed={{0x18, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r0}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0xfffffc01}, {}, {}, {}, {}, {0x7, 0x0, 0xb, 0x4, 0x0, 0x0, 0xb5111132c32e4187}}, @printk={@ld, {}, {}, {}, {}, {0x7, 0x0, 0xb, 0x3, 0x0, 0x0, 0x101}, {0x85, 0x0, 0x0, 0x2d}}]}, &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
socket$inet_udp(0x2, 0x2, 0x0)
syz_usb_connect$hid(0x3, 0x36, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000000)=0x7)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0)
r1 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
r2 = openat$ttyprintk(0xffffffffffffff9c, &(0x7f0000000040), 0x800, 0x0)
ioctl$KDFONTOP_GET(r2, 0x4b72, &(0x7f0000000080)={0x1, 0x0, 0x13, 0x2, 0x125, &(0x7f0000000940)})
writev(r1, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
mprotect(&(0x7f0000ffb000/0x3000)=nil, 0x3000, 0x0)
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, 0x0}, 0x0)
madvise(&(0x7f0000000000/0x3000)=nil, 0x7fffffffffffffff, 0x15)
mbind(&(0x7f00005b4000/0x4000)=nil, 0x100000000004000, 0x0, 0x0, 0x0, 0x2)
kexec_load(0xff0e, 0x1, &(0x7f0000000900)=[{0x0, 0x0, 0x7ffe0000, 0x3e0000}], 0x0)
r3 = openat2$dir(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup\x00', &(0x7f00000000c0)={0x0, 0x0, 0x5}, 0x18)
r4 = syz_open_dev$video(&(0x7f0000000140), 0x8, 0x140)
ioctl$VIDIOC_S_SELECTION(r4, 0xc040565f, &(0x7f0000000080)={0xa, 0x0, 0x1, {0xe7ff, 0x1, 0x406, 0x870}})
ioctl$SIOCX25SCAUSEDIAG(r4, 0x89ec, &(0x7f0000000000)={0x0, 0x8a})
openat$dir(0xffffffffffffff9c, 0x0, 0x8000, 0x1f7)
r5 = fanotify_init(0x200, 0x0)
fanotify_mark(r5, 0x4, 0x4000103e, r3, 0x0)
r6 = syz_open_procfs(0x0, &(0x7f0000000280)='fdinfo/4\x00')
preadv(r6, &(0x7f0000000300)=[{&(0x7f00000001c0)=""/51, 0x33}], 0x1, 0x0, 0x0)
r7 = openat$incfs(0xffffffffffffffff, &(0x7f0000000040)='.log\x00', 0x400, 0x84)
ioctl$DRM_IOCTL_GEM_FLINK(r7, 0xc008640a, &(0x7f00000000c0))

17m22.827095189s ago: executing program 3 (id=490):
r0 = syz_open_dev$ndb(&(0x7f0000000000), 0x0, 0x64bd55c157188b30)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f00000000c0)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
ioctl$sock_SIOCADDRT(0xffffffffffffffff, 0x890b, &(0x7f0000000040)={0x0, @l2tp={0x2, 0x0, @local, 0x100003}, @ax25={0x3, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x1}, 0x6}, @sco, 0x100, 0x0, 0x0, 0x0, 0x1, 0x0, 0xfffffffffffffffc, 0x0, 0x3})
prlimit64(0x0, 0xe, 0x0, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4)
pwrite64(0xffffffffffffffff, 0x0, 0x0, 0x6)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
ioctl$USBDEVFS_CLAIM_PORT(0xffffffffffffffff, 0x80045518, 0x0)
r3 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r3, &(0x7f0000019680)=""/102392, 0x18ff8)
openat$nullb(0xffffffffffffff9c, 0x0, 0x4000000004002, 0x0)
openat$nullb(0xffffffffffffff9c, &(0x7f0000000100), 0x1c3902, 0x0)
bind$inet(0xffffffffffffffff, &(0x7f00000001c0)={0x2, 0x0, @local}, 0x16)
connect$inet(0xffffffffffffffff, &(0x7f0000000480)={0x2, 0x4e23, @multicast2}, 0x10)
setsockopt$inet_IP_XFRM_POLICY(0xffffffffffffffff, 0x0, 0x11, &(0x7f00000002c0)={{{@in=@multicast2, @in6=@mcast1, 0x4e20, 0x4, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0xee01}, {0x0, 0x0, 0x0, 0x0, 0x5, 0x0, 0x3, 0xfffffffffffffffe}, {0x0, 0x0, 0xfffffffffffffffc, 0xff}, 0x0, 0x0, 0x1}, {{@in=@dev={0xac, 0x14, 0x14, 0x3c}, 0x0, 0x32}, 0x0, @in=@private=0xa010100, 0x0, 0x2, 0x0, 0xb7, 0xfffffffe, 0xffffff7e}}, 0xe8)
sendmmsg(0xffffffffffffffff, &(0x7f0000007fc0), 0x800001d, 0x1c)
r4 = socket$nl_rdma(0x10, 0x3, 0x14)
sendmsg$RDMA_NLDEV_CMD_RES_CQ_GET(r4, &(0x7f0000000140)={0x0, 0x50, &(0x7f0000000000)={&(0x7f0000000040)={0x18, 0x1409, 0x1, 0x0, 0x0, "", [@RDMA_NLDEV_ATTR_DEV_INDEX={0x4}]}, 0x18}}, 0x0)
ioctl$NBD_SET_SOCK(r0, 0xab00, r1)
syz_open_dev$ndb(&(0x7f0000000040), 0x0, 0x80)
ioctl$F2FS_IOC_GARBAGE_COLLECT(r2, 0x4004f506, &(0x7f0000000080))
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000640)={0x6, 0x0, 0x0, &(0x7f00000007c0)='syzkaller\x00', 0x1, 0x0, 0x0, 0x0, 0x40}, 0x94)
r5 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000200)='blkio.bfq.io_service_bytes\x00', 0x0, 0x0)
ioctl$NBD_CLEAR_SOCK(r5, 0xab04)

17m7.609791621s ago: executing program 35 (id=490):
r0 = syz_open_dev$ndb(&(0x7f0000000000), 0x0, 0x64bd55c157188b30)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f00000000c0)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
ioctl$sock_SIOCADDRT(0xffffffffffffffff, 0x890b, &(0x7f0000000040)={0x0, @l2tp={0x2, 0x0, @local, 0x100003}, @ax25={0x3, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x1}, 0x6}, @sco, 0x100, 0x0, 0x0, 0x0, 0x1, 0x0, 0xfffffffffffffffc, 0x0, 0x3})
prlimit64(0x0, 0xe, 0x0, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4)
pwrite64(0xffffffffffffffff, 0x0, 0x0, 0x6)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
ioctl$USBDEVFS_CLAIM_PORT(0xffffffffffffffff, 0x80045518, 0x0)
r3 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r3, &(0x7f0000019680)=""/102392, 0x18ff8)
openat$nullb(0xffffffffffffff9c, 0x0, 0x4000000004002, 0x0)
openat$nullb(0xffffffffffffff9c, &(0x7f0000000100), 0x1c3902, 0x0)
bind$inet(0xffffffffffffffff, &(0x7f00000001c0)={0x2, 0x0, @local}, 0x16)
connect$inet(0xffffffffffffffff, &(0x7f0000000480)={0x2, 0x4e23, @multicast2}, 0x10)
setsockopt$inet_IP_XFRM_POLICY(0xffffffffffffffff, 0x0, 0x11, &(0x7f00000002c0)={{{@in=@multicast2, @in6=@mcast1, 0x4e20, 0x4, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0xee01}, {0x0, 0x0, 0x0, 0x0, 0x5, 0x0, 0x3, 0xfffffffffffffffe}, {0x0, 0x0, 0xfffffffffffffffc, 0xff}, 0x0, 0x0, 0x1}, {{@in=@dev={0xac, 0x14, 0x14, 0x3c}, 0x0, 0x32}, 0x0, @in=@private=0xa010100, 0x0, 0x2, 0x0, 0xb7, 0xfffffffe, 0xffffff7e}}, 0xe8)
sendmmsg(0xffffffffffffffff, &(0x7f0000007fc0), 0x800001d, 0x1c)
r4 = socket$nl_rdma(0x10, 0x3, 0x14)
sendmsg$RDMA_NLDEV_CMD_RES_CQ_GET(r4, &(0x7f0000000140)={0x0, 0x50, &(0x7f0000000000)={&(0x7f0000000040)={0x18, 0x1409, 0x1, 0x0, 0x0, "", [@RDMA_NLDEV_ATTR_DEV_INDEX={0x4}]}, 0x18}}, 0x0)
ioctl$NBD_SET_SOCK(r0, 0xab00, r1)
syz_open_dev$ndb(&(0x7f0000000040), 0x0, 0x80)
ioctl$F2FS_IOC_GARBAGE_COLLECT(r2, 0x4004f506, &(0x7f0000000080))
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000640)={0x6, 0x0, 0x0, &(0x7f00000007c0)='syzkaller\x00', 0x1, 0x0, 0x0, 0x0, 0x40}, 0x94)
r5 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000200)='blkio.bfq.io_service_bytes\x00', 0x0, 0x0)
ioctl$NBD_CLEAR_SOCK(r5, 0xab04)

13.805537413s ago: executing program 2 (id=3853):
mkdirat(0xffffffffffffff9c, &(0x7f0000000340)='./file1\x00', 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f00000000c0)='./bus\x00', 0xa5)
mkdirat(0xffffffffffffff9c, &(0x7f0000000240)='./file1/file0\x00', 0x28)
mount$bind(&(0x7f0000000100)='.\x00', &(0x7f0000000080)='./file1/file0\x00', 0x0, 0x1085408, 0x0)
mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f00000003c0), 0x0, &(0x7f00000004c0)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './file1/file0'}}, {@upperdir={'upperdir', 0x3d, './file1'}}]})
chdir(&(0x7f00000001c0)='./bus\x00')
unlinkat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x200)

12.883823247s ago: executing program 2 (id=3856):
r0 = socket$inet(0x2, 0x4000000000000001, 0x0)
r1 = socket$packet(0x11, 0x2, 0x300)
setsockopt$packet_fanout(r1, 0x107, 0x12, &(0x7f0000000400)={0x2000, 0x6}, 0x4)
setsockopt$packet_fanout_data(r1, 0x107, 0x16, &(0x7f0000000100)={0x2, &(0x7f0000000180)=[{0x40, 0x0, 0x7, 0x100}, {0x6, 0x9, 0x9, 0x10001}]}, 0x10)
bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e23, @multicast1}, 0x10)
sendto$inet(r0, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10)
sendmmsg$inet(r0, &(0x7f0000001440)=[{{0x0, 0x0, &(0x7f00000010c0)=[{&(0x7f0000000700)="c87b35043e70167a3e59c95cf2d2470a409aed8df615eda880680920e7ea2e4413084cba0ac21d664201fbe69bf2660ea3918ef0b6727862bbd91dfce9385577a868d3a94cbfd3756c4fc07934e5ae442a225605985c4a8e3de576c99ecd23d425b1f09e6413e8f779e0723e88fc0d8cc981391df5e1f5ba5fa3ca690b472143edac8820850652322d4594f9b4e4e88482356e", 0x93}, {&(0x7f0000000300)="c071c346d7762184984cd6fc3bd9904a7df7f6f0cc0d7bf8e1359a106b1f25eb975e8b38ca101a07", 0x28}, {&(0x7f00000007c0)="e4e86ea4ab9410", 0x7}], 0x3}}], 0x1, 0x24044000)

11.614196234s ago: executing program 2 (id=3863):
r0 = socket$unix(0x1, 0x1, 0x0)
bind$unix(r0, &(0x7f0000000180)=@file={0x1, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0x6e)
listen(r0, 0x2)
r1 = socket$unix(0x1, 0x1, 0x0)
connect$unix(r1, &(0x7f0000000080)=@file={0x1, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0x6e)
sendmmsg$unix(r1, &(0x7f0000000980)=[{{0x0, 0x0, &(0x7f0000000900)=[{&(0x7f0000000840)='D', 0x1}], 0x1, &(0x7f0000000280)=ANY=[@ANYBLOB="14000000000000000100000001000000", @ANYRES32=r1], 0x18, 0x24048001}}], 0x1, 0x44080)
accept4(r0, 0x0, 0x0, 0x80800)

11.398544723s ago: executing program 2 (id=3865):
mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x1c0)
mount$bind(&(0x7f0000000000)='.\x00', &(0x7f0000000200)='./file0/../file0\x00', 0x0, 0x101091, 0x0)
mount$bind(0x0, &(0x7f00000005c0)='./file0\x00', 0x0, 0x100000, 0x0)
mount$bind(&(0x7f0000000080)='./file0/../file0\x00', &(0x7f00000000c0)='./file0/file0\x00', 0x0, 0x8b101a, 0x0)
mount$bind(&(0x7f0000000180)='./file0/file0\x00', &(0x7f0000000100)='./file0/file0\x00', 0x0, 0x18d883, 0x0)
mount$bind(&(0x7f0000000140)='./file0/file0\x00', &(0x7f0000000040)='./file0\x00', 0x0, 0x10a78c0, 0x0)
umount2(&(0x7f00000002c0)='./file0\x00', 0x9)

11.050141516s ago: executing program 2 (id=3868):
socket$inet6(0xa, 0x8000e, 0x5)
eventfd2(0x0, 0x0)
socket$inet_tcp(0x2, 0x1, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000340)=ANY=[@ANYBLOB="10000000040000000400000008"], 0x50)
bpf$MAP_DELETE_BATCH(0x1b, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x0, 0xffffff51, r1}, 0x38)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
socket$nl_netfilter(0x10, 0x3, 0xc)
r4 = socket$inet6_sctp(0xa, 0x1, 0x84)
setsockopt(r4, 0x84, 0x81, &(0x7f0000000280)="1a00000002000000", 0x8)
setsockopt$inet_sctp_SCTP_SOCKOPT_BINDX_ADD(r4, 0x84, 0x64, &(0x7f0000000000)=[@in6={0xa, 0x4e23, 0x401, @loopback}], 0x1c)
r5 = socket$nl_route(0x10, 0x3, 0x0)
getsockopt$sock_buf(r5, 0x1, 0x2b, 0x0, &(0x7f0000000000))
sendto$inet6(r4, &(0x7f0000000100)="b8", 0xffe0, 0x2000c851, &(0x7f0000000140)={0xa, 0x4e23, 0x0, @loopback, 0xffffffff}, 0x1c)
futex(&(0x7f00000000c0)=0x1, 0x6, 0x0, &(0x7f0000000300), 0x0, 0x2)
write(r4, 0x0, 0x0)
setsockopt$inet_sctp6_SCTP_AUTH_KEY(r4, 0x84, 0x17, &(0x7f00000002c0)={0x0, 0x0, 0x1, 'M'}, 0x9)
r6 = socket$nl_rdma(0x10, 0x3, 0x14)
sendmsg$RDMA_NLDEV_CMD_RES_GET(r6, &(0x7f0000000180)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x40000}, 0xc, &(0x7f0000000080)={&(0x7f0000000380)={0x48, 0x1409, 0x1, 0x70bd2d, 0x25dfdbfe, "", [@RDMA_NLDEV_ATTR_DEV_INDEX={0x8, 0x1, 0x1}, @RDMA_NLDEV_ATTR_DEV_INDEX={0x8}, @RDMA_NLDEV_ATTR_DEV_INDEX={0x8, 0x1, 0x1}, @RDMA_NLDEV_ATTR_DEV_INDEX={0x8, 0x1, 0x1}, @RDMA_NLDEV_ATTR_DEV_INDEX={0x8}, @RDMA_NLDEV_ATTR_DEV_INDEX={0x8}, @RDMA_NLDEV_ATTR_DEV_INDEX={0x8}]}, 0x48}, 0x1, 0x0, 0x0, 0x4000000}, 0x20000800)

10.490847668s ago: executing program 2 (id=3873):
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
r1 = socket$inet6_mptcp(0xa, 0x1, 0x106)
bind$inet6(r1, &(0x7f00000002c0)={0xa, 0x4e22, 0x0, @local, 0xb}, 0x1c)
setsockopt$inet6_int(r0, 0x29, 0x4b, &(0x7f0000000100)=0x405, 0x4)
setsockopt$sock_int(r0, 0x1, 0xf, &(0x7f0000000180)=0x800001, 0x4)
bind$inet6(r0, &(0x7f0000000140)={0xa, 0x4e22, 0x3, @local, 0x6}, 0x1c)
listen(r0, 0x200b)

9.528432244s ago: executing program 36 (id=3873):
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
r1 = socket$inet6_mptcp(0xa, 0x1, 0x106)
bind$inet6(r1, &(0x7f00000002c0)={0xa, 0x4e22, 0x0, @local, 0xb}, 0x1c)
setsockopt$inet6_int(r0, 0x29, 0x4b, &(0x7f0000000100)=0x405, 0x4)
setsockopt$sock_int(r0, 0x1, 0xf, &(0x7f0000000180)=0x800001, 0x4)
bind$inet6(r0, &(0x7f0000000140)={0xa, 0x4e22, 0x3, @local, 0x6}, 0x1c)
listen(r0, 0x200b)

8.996650312s ago: executing program 5 (id=3882):
r0 = socket$netlink(0x10, 0x3, 0x0)
r1 = socket$netlink(0x10, 0x3, 0x0)
r2 = socket(0x10, 0x803, 0x0)
sendmsg$IPVS_CMD_SET_INFO(r2, &(0x7f0000000b00)={0x0, 0x0, &(0x7f0000000ac0)={0x0, 0x14}}, 0x0)
getsockname$packet(r2, &(0x7f0000000100)={0x11, 0x0, <r3=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000400)=0x14)
sendmsg$nl_route(r1, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000003c0)=ANY=[@ANYBLOB="3c0000001000850600"/20, @ANYRES32=r3, @ANYBLOB="01030003000000001c0012000c000100626f6e64000000000c0002000800010005"], 0x3c}}, 0x0)
sendmsg$nl_route(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000680)=ANY=[@ANYBLOB="4c00000010001ffffcfffffffdffffff00000000", @ANYRES32=0x0, @ANYBLOB="0002010000000000240012800b00010065727370616e000014000280050016000000000008000700ac1414bb08000a00", @ANYRES32=r3], 0x4c}, 0x1, 0x0, 0x0, 0x40}, 0x0)

8.457140869s ago: executing program 5 (id=3884):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r0, 0x0, 0x0)
write$binfmt_elf64(0xffffffffffffffff, 0x0, 0x0)
sendmsg$NFT_MSG_GETRULE(r0, &(0x7f0000000200)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x20040000}, 0x4d0d8)
openat$ttyprintk(0xffffffffffffff9c, 0x0, 0x0, 0x0)
syz_open_procfs$namespace(0xffffffffffffffff, &(0x7f0000000000)='ns/time_for_children\x00')
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000003c0)={0x18, 0x0, 0x0, &(0x7f0000000100)='GPL\x00', 0xa, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x2a, 0xa9}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000240)=0x7)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0xfffff000)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
symlink(&(0x7f0000000000)='.\x00', &(0x7f0000000040)='./file0\x00')
mkdirat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x1c0)
mknodat(0xffffffffffffff9c, &(0x7f0000000140)='./file1/file2\x00', 0x1000, 0x0)
r4 = landlock_create_ruleset(&(0x7f00000002c0)={0x2001}, 0x18, 0x0)
r5 = openat$dir(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x200000, 0x13b)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000380)={&(0x7f0000000200)={0x10, 0x0, 0x0, 0x10}, 0xc, 0x0, 0x1, 0x0, 0x0, 0x40040c4}, 0x4c004)
r6 = syz_open_dev$dri(&(0x7f0000000440), 0x1, 0x0)
ioctl$DRM_IOCTL_SET_CLIENT_CAP(r6, 0x4010640d, &(0x7f0000000000)={0x3, 0x2})
ioctl$DRM_IOCTL_MODE_GETPLANERESOURCES(r6, 0xc01064b5, 0x0)
landlock_add_rule$LANDLOCK_RULE_PATH_BENEATH(r4, 0x1, &(0x7f0000000340)={0x2000, r5}, 0x0)
landlock_restrict_self(r4, 0x0)
renameat2(0xffffffffffffff9c, &(0x7f0000000480)='./file1/file2\x00', 0xffffffffffffff9c, &(0x7f00000004c0)='./file0\x00', 0x2)

7.441327994s ago: executing program 5 (id=3888):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r0, 0x0, 0x0)
write$binfmt_elf64(0xffffffffffffffff, 0x0, 0x0)
sendmsg$NFT_MSG_GETRULE(r0, &(0x7f0000000200)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x20040000}, 0x4d0d8)
openat$ttyprintk(0xffffffffffffff9c, 0x0, 0x0, 0x0)
syz_open_procfs$namespace(0xffffffffffffffff, &(0x7f0000000000)='ns/time_for_children\x00')
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000003c0)={0x18, 0x0, 0x0, &(0x7f0000000100)='GPL\x00', 0xa, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x2a, 0xa9}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000240)=0x7)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0xfffff000)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
symlink(&(0x7f0000000000)='.\x00', &(0x7f0000000040)='./file0\x00')
mkdirat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x1c0)
mknodat(0xffffffffffffff9c, &(0x7f0000000140)='./file1/file2\x00', 0x1000, 0x0)
r4 = landlock_create_ruleset(&(0x7f00000002c0)={0x2001}, 0x18, 0x0)
r5 = openat$dir(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x200000, 0x13b)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000380)={&(0x7f0000000200)={0x10, 0x0, 0x0, 0x10}, 0xc, 0x0, 0x1, 0x0, 0x0, 0x40040c4}, 0x4c004)
r6 = syz_open_dev$dri(&(0x7f0000000440), 0x1, 0x0)
ioctl$DRM_IOCTL_SET_CLIENT_CAP(r6, 0x4010640d, &(0x7f0000000000)={0x3, 0x2})
ioctl$DRM_IOCTL_MODE_GETPLANERESOURCES(r6, 0xc01064b5, &(0x7f0000000080)={&(0x7f0000000040)=[<r7=>0x0], 0x1})
ioctl$DRM_IOCTL_MODE_ATOMIC(r6, 0xc03864bc, &(0x7f0000000180)={0x1, 0x1, &(0x7f00000000c0)=[r7], 0x0, &(0x7f0000000200), &(0x7f00000001c0)})
landlock_add_rule$LANDLOCK_RULE_PATH_BENEATH(r4, 0x1, &(0x7f0000000340)={0x2000, r5}, 0x0)
landlock_restrict_self(r4, 0x0)
renameat2(0xffffffffffffff9c, &(0x7f0000000480)='./file1/file2\x00', 0xffffffffffffff9c, &(0x7f00000004c0)='./file0\x00', 0x2)

6.221874951s ago: executing program 5 (id=3891):
syz_mount_image$reiserfs(&(0x7f0000000140), &(0x7f0000001140)='./file6\x00', 0x98, &(0x7f0000000280), 0x1, 0x10ef, &(0x7f00000022c0)="$eJzs2DGLE0EYBuB3dg/kqshcvx5oYSHHHfEPXKGQxsLaLljZmUrJz/HnyFX2R3pTBOyVTQwJEhDJYuB4Hlh252Vmvp1yvgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEDvLPlekosmqdusSVKSrrubLJJ02/zx17ZJydv3k9mrj+PXs8209FmT0q9aj+vN01rHdVxv6suL22d19unzh3avZEmX+9V8ev5mOehR+trtoDsCAADAw/DzaKMT1wcAAAD+ZrBGAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMAA6vajSVKSrrubLJJ0p/0tAAAA4EglTd6NDuWbNsDOi3wblZRHu+RH6edc58uB9QAAAMC/KXv38ec5z5O9/DJnubrajH+/srxN2iTXf+xzv5pP18/lfFr+5wEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgF/swLEAAAAAgDB/6zQ6NgAAAAAAAAAAAAAAAGCqAAAA//9TGNII")
openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x103042, 0x2)
r0 = openat(0xffffffffffffff9c, &(0x7f0000000440)='./file0\x00', 0x103a42, 0x15c)
fsetxattr$trusted_overlay_opaque(r0, &(0x7f0000000180), 0x0, 0x0, 0x1)
truncate(&(0x7f0000000080)='./file0\x00', 0x3a6800)
write$uinput_user_dev(r0, &(0x7f0000002dc0)={'syz1\x00', {0x0, 0x3, 0x1000, 0x101}, 0x19, [0xf, 0x7, 0x3, 0x0, 0xd, 0x8, 0x9b, 0x3ff, 0x8f, 0xff, 0x6, 0x3, 0x5f0, 0x4, 0x8, 0x7, 0x4, 0x3ff, 0x101, 0x400, 0x8, 0x2, 0xe, 0x800, 0x8, 0xfffffffb, 0x7, 0x2, 0x0, 0x9, 0x6, 0x81, 0x8, 0x0, 0x5, 0x3, 0x9, 0x3, 0x2, 0xc, 0x40, 0x8, 0x1, 0x2f, 0x3ff, 0x0, 0xb, 0x3, 0x6, 0x7, 0x5, 0xb, 0xfffffffe, 0xe4b5, 0x9, 0x9, 0xe5c5, 0xb, 0x2, 0x7, 0x100, 0x24, 0x2, 0xdd], [0x3ff, 0x0, 0xa, 0x5, 0x8, 0x0, 0x6, 0xed92, 0x888, 0x0, 0x7f, 0x118758c6, 0xfff, 0x6, 0x4, 0x4, 0x5, 0x0, 0x9, 0x2f, 0x3, 0x10004, 0xf6, 0x0, 0x7, 0xc, 0x3f, 0x1ff, 0x8, 0x1, 0x0, 0xff, 0x1000, 0x8, 0x4, 0x4, 0x6, 0x40, 0x6, 0x9, 0x3ff, 0xe, 0x8, 0x10000, 0x6, 0x0, 0x1ff, 0x8, 0x0, 0x7fffffff, 0xfff, 0xe81, 0x6, 0x7e22, 0x7fffffff, 0x1, 0x10000, 0x44, 0x52d, 0x5, 0x3, 0xfffff001, 0x53, 0x2], [0x8, 0x1, 0x78da, 0x8000, 0xffffff7f, 0x67c, 0x98f5, 0x0, 0xc, 0xc1c, 0x4, 0x4db83704, 0x8, 0x6, 0xc7a, 0x5, 0xf978, 0x7ffffffc, 0x3, 0x5, 0xfffffffd, 0x9, 0xb6c, 0x8000, 0x1, 0x6, 0x83f00, 0x4, 0x200, 0x5, 0xfffffff8, 0x7, 0x8f98, 0x0, 0x8000, 0x80000000, 0x4, 0x0, 0xa6b0, 0x6, 0xa221, 0x7fffffff, 0x2, 0x4, 0x10001, 0x45b, 0x8, 0x3e85daf5, 0x404, 0xffff8000, 0x423, 0xbf3, 0x94, 0x3, 0x4, 0x102, 0x0, 0x1, 0x5, 0x1, 0x1, 0x1, 0x5, 0x6], [0x9, 0x4, 0xffff8001, 0x4, 0x81, 0x1, 0x1, 0x0, 0xa, 0x6, 0xb, 0x1, 0x4, 0x9b4, 0x9, 0x3, 0x4, 0x9, 0x260d, 0xfffffffb, 0xc, 0xff, 0x7, 0x3, 0x2, 0x1, 0x1, 0x9, 0x3, 0x5, 0xffffffff, 0xa7bd, 0x9, 0x9, 0x1, 0x25562d28, 0x3ff, 0x9, 0x39, 0x8, 0x6, 0xa7d7, 0x6, 0x5, 0x0, 0x40f, 0xff, 0x2, 0x200800, 0xffffffff, 0xa9, 0x20009, 0x3, 0x6, 0xfc9a, 0x3, 0x10001, 0x9, 0x7, 0x800, 0x7, 0x3859, 0x2, 0x1]}, 0x45c)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='memory.stat\x00', 0x275a, 0x0)

5.69122562s ago: executing program 6 (id=3892):
socketpair$unix(0x1, 0x3, 0x0, 0x0)
recvmmsg(0xffffffffffffffff, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
mbind(&(0x7f0000001000/0x800000)=nil, 0x800000, 0x0, 0x0, 0x0, 0x2)
r0 = socket$key(0xf, 0x3, 0x2)
recvmmsg(r0, &(0x7f0000000440), 0x6f5, 0x2000000022, &(0x7f0000000480)={0x77359400})
sendmsg$key(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000002c0)=ANY=[@ANYBLOB="0212000002"], 0x10}}, 0x0)

5.072863931s ago: executing program 6 (id=3896):
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
bind$inet6(r0, &(0x7f00000000c0)={0xa, 0x4e22, 0x1, @ipv4={'\x00', '\xff\xff', @dev={0xac, 0x14, 0x14, 0x26}}, 0x7}, 0x1c)
r1 = gettid()
fcntl$setown(r0, 0x8, r1)
connect$inet6(r0, &(0x7f0000000080)={0xa, 0x4e22, 0x7, @ipv4={'\x00', '\xff\xff', @empty}, 0xfff}, 0x1c)
ioctl$int_in(r0, 0x5452, &(0x7f0000001080)=0xa)
sendmmsg$inet6(r0, &(0x7f0000000c40)=[{{0x0, 0x0, &(0x7f0000000140)=[{&(0x7f0000000280)="02", 0x1}], 0x1}}, {{0x0, 0x0, &(0x7f0000000200)=[{&(0x7f0000000180)='b', 0x1}], 0x1}}], 0x2, 0x404c851)

4.205340505s ago: executing program 5 (id=3899):
prlimit64(0x0, 0xe, &(0x7f0000000200)={0x8, 0x8a}, 0x0)
getsockopt$inet_sctp6_SCTP_PEER_ADDR_THLDS(0xffffffffffffffff, 0x84, 0x1f, 0x0, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x3)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0)
r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8)
ioctl$ifreq_SIOCGIFINDEX_vcan(0xffffffffffffffff, 0x8933, 0x0)
fdatasync(r0)
r1 = socket(0xa, 0x5, 0x0)
setsockopt$inet6_IPV6_DSTOPTS(r1, 0x29, 0x3b, &(0x7f0000000000)=ANY=[], 0xf0)
sendto$inet6(r1, 0x0, 0x0, 0x400c804, &(0x7f0000000100)={0xa, 0x4e23, 0xfffffec1, @local, 0xffff8003}, 0x1c)
r2 = socket$inet_smc(0x2b, 0x1, 0x0)
ioctl$sock_SIOCETHTOOL(r2, 0x8946, 0x0)
setsockopt$IP_VS_SO_SET_STOPDAEMON(r1, 0x0, 0x48c, &(0x7f0000000080)={0x1, 'hsr0\x00', 0x2}, 0x18)
bpf$MAP_CREATE(0x0, 0x0, 0x50)
r3 = socket(0x40000000015, 0x5, 0x0)
setsockopt$SO_RDS_TRANSPORT(r3, 0x114, 0x8, &(0x7f00000008c0), 0x4)
close(r3)
r4 = socket$inet_sctp(0x2, 0x1, 0x84)
setsockopt$IP_VS_SO_SET_ADD(r4, 0x0, 0x482, &(0x7f0000000040)={0x84, @broadcast, 0x4e21, 0x3, 'rr\x00', 0x1, 0x10000004, 0x100008}, 0x2c)
r5 = syz_open_dev$I2C(&(0x7f0000000040), 0x0, 0x80)
ioctl$I2C_PEC(r5, 0x708, 0xb8f7)
ioctl$I2C_SMBUS(r5, 0x720, &(0x7f0000000100)={0x1, 0x4, 0x6, &(0x7f0000000080)={0x0, "14abd83463604d70b41d4008e300000000fcffffff000000000000006d803e8800"}})
r6 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_TIMEOUT_NEW(r6, 0x0, 0x140000a0)
r7 = socket$kcm(0xa, 0x2, 0x0)
setsockopt$IP_VS_SO_SET_ADDDEST(r4, 0x0, 0x487, &(0x7f0000000000)={{0x84, @private=0xa010101, 0x4e21, 0x3, 'wrr\x00', 0x23, 0x81, 0x5}, {@dev={0xac, 0x14, 0x14, 0x3c}, 0x4e23, 0x4, 0x1cb, 0x12d61, 0x12d58}}, 0x44)
setsockopt$IP_VS_SO_SET_ADDDEST(0xffffffffffffffff, 0x0, 0x487, &(0x7f0000000000)={{0x84, @rand_addr=0x64010100, 0x4e24, 0x3, 'lc\x00', 0x8, 0x323b, 0x55}, {@remote, 0x4e23, 0x10000, 0x0, 0x12d5c, 0x12d4c}}, 0x44)
sendmsg$sock(r7, &(0x7f0000000400)={&(0x7f0000000580)=@in6={0x2, 0x4e22, 0x0, @dev, 0xfffffeec}, 0x80, 0x0, 0x0, &(0x7f0000000000)=[@mark={{0x14, 0x1, 0x24, 0x3}}], 0x18}, 0x0)

4.190613612s ago: executing program 6 (id=3900):
mkdirat(0xffffffffffffff9c, &(0x7f0000000000)='./file1\x00', 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f00000001c0)='./file1/file3\x00', 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f00000000c0)='./bus\x00', 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)
mount$overlay(0x0, &(0x7f0000000100)='./bus\x00', &(0x7f0000000440), 0x8, &(0x7f0000000000)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, '.'}}, {@upperdir={'upperdir', 0x3d, './file0'}}]})
chdir(&(0x7f00000003c0)='./bus\x00')
renameat2(0xffffffffffffff9c, &(0x7f0000001100)='./file1/file3\x00', 0xffffffffffffff9c, &(0x7f0000000280)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x0)

3.393120259s ago: executing program 8 (id=3902):
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)
syz_mount_image$fuse(0x0, &(0x7f0000000180)='./file1\x00', 0x300f401, 0x0, 0x2, 0x0, 0x0)
syz_mount_image$vfat(&(0x7f0000000300), &(0x7f0000000280)='./bus\x00', 0x3c9c9b, 0x0, 0x0, 0x0, &(0x7f0000000140))
mount$overlay(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000b80), 0x0, &(0x7f0000000380)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, '.'}}, {@upperdir={'upperdir', 0x3d, './file0'}}, {@nfs_export_on}]})
setxattr$security_capability(&(0x7f0000000240)='./file0/file1\x00', &(0x7f0000000280), 0x0, 0x0, 0x0)
umount2(&(0x7f00000002c0)='./file0\x00', 0x9)
mount$overlay(0x0, &(0x7f0000000580)='./file0\x00', &(0x7f0000000b80), 0x4008, &(0x7f00000001c0)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, '.'}}, {@upperdir={'upperdir', 0x3d, './file0'}}]})

3.331674828s ago: executing program 5 (id=3903):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r0, 0x0, 0x0)
write$binfmt_elf64(0xffffffffffffffff, 0x0, 0x0)
sendmsg$NFT_MSG_GETRULE(r0, &(0x7f0000000200)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x20040000}, 0x4d0d8)
openat$ttyprintk(0xffffffffffffff9c, 0x0, 0x0, 0x0)
syz_open_procfs$namespace(0xffffffffffffffff, &(0x7f0000000000)='ns/time_for_children\x00')
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000003c0)={0x18, 0x0, 0x0, &(0x7f0000000100)='GPL\x00', 0xa, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x2a, 0xa9}, 0x0)
sched_setscheduler(0x0, 0x2, 0x0)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0xfffff000)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
symlink(&(0x7f0000000000)='.\x00', &(0x7f0000000040)='./file0\x00')
mkdirat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x1c0)
mknodat(0xffffffffffffff9c, &(0x7f0000000140)='./file1/file2\x00', 0x1000, 0x0)
openat$dir(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x200000, 0x13b)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000380)={&(0x7f0000000200)={0x10, 0x0, 0x0, 0x10}, 0xc, 0x0, 0x1, 0x0, 0x0, 0x40040c4}, 0x4c004)
r4 = syz_open_dev$dri(&(0x7f0000000440), 0x1, 0x0)
ioctl$DRM_IOCTL_SET_CLIENT_CAP(r4, 0x4010640d, &(0x7f0000000000)={0x3, 0x2})
ioctl$DRM_IOCTL_MODE_GETPLANERESOURCES(r4, 0xc01064b5, &(0x7f0000000080)={&(0x7f0000000040)})
ioctl$DRM_IOCTL_MODE_ATOMIC(r4, 0xc03864bc, &(0x7f0000000180)={0x1, 0x1, &(0x7f00000000c0)=[0x0], &(0x7f0000000180), &(0x7f0000000200), &(0x7f00000001c0)})

3.1858794s ago: executing program 6 (id=3904):
syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000240)='./bus\x00', 0x2008012, &(0x7f0000000300), 0x1, 0x576, &(0x7f0000002380)="$eJzs3c9vHFcdAPDvjH/mR+MEeoAKSIBCQFHW8aaNql5aLiBUVUJUHBCH1Ngby2SdDfG61CYS7t8AEkic4E/ggMQBqScOcOKIxAEQ5YBUIALFSD0Mmtmxs7HXZJP91ex+PtJk5s2bme97u5l9b9+u9wUwsS5ExG5EzEbEmxGxUO5PyiVebS35cffv3V3Zu3d3JYkse+OfSZGf74u2c3KnymvOR8TXvxLx7eRo3M3tnZvL9XrtTplebG7cXtzc3rm8vrG8Vlur3apWry1du/LS1Rerfavr+Y1fvP/l9de+8etfffK93+9+8ft5sU6Xee316KdW1WcO4uSmI+K1QQQbgalyPTvicvBk0oj4SER8prj/F2Kq+N8JAIyzLFuIbKE9DQCMu7QYA0vSSkSkadkJqLTG8J6Nk2m9sdm8dKOxdWu1NVZ2NmbSG+v12pVzc3/8bnHwTJKnl4q8Ir9IVw+lr0bEuYj40dyJIl1ZadRXR9PlAYCJd6q9/Y+I/8ylaaXS1akdPtUDAJ4a86MuAAAwdNp/AJg82n8AmDxdtP/lh/27Ay8LADAc3v8DwOTR/gPA5NH+A8BE+drrr+dLtlf+/vXqW9tbNxtvXV6tbd6sbGytVFYad25X1hqNteI3ezYedb16o3F76YXYenuxWdtsLm5u71zfaGzdal4vftf7em1mKLUCAP6fc+ff/UMSEbsvnyiWaJvLQVsN4y198qP8/hc85aZ6OVkHAZ5qZvuCydVVE150En478LIAo9Hxzfx8x82H/eQxgvieEXyoXPx49+P/5niG8XJoZP+DbFQFAYZuqsPWo70ykLIAw/XE4/9/7m85gOHLsuTwnP+zB1kAwFjq4St82Q/61QkBRupRX+bvy+f/AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMGZOR8R3IkkrxVzgaf5vWqlEPBMRZ2MmubFer12JiDNxPiJm5vL00qgLDQD0KP17Us7/dXHh+dOHc2eT/84V64j43k/f+PHby83mnaV8/78O9s/tTx9WfXBeD/MKAgDd+2s3BxXtd7Vct72Rv3/v7sr+MsAyHvH+lw4mH13Zu3e3WFo505FlWRYxX/QlTv47ienynPmIeC4ipvoQf/ediPhYp/onxdjI2XLm0/b4UcZ+Zqjx04fip0Vea50/fB/tQ1lg0rybv/682un+S+NCse58/88Xr1C9K17/5iP2X/v22uJPl5GmOsTP7/kL3cZ44TdfPbIzW2jlvRPx3HSn+MlB/OSY+M93Gf9Pn/jUD185Ji/7WcTF6By/PdZic+P24ub2zuX1jeW12lrtVrV6benalZeuvlhdLMaoF/dHqo/6x8uXznTav3eiVf+Tx8RvPfOnDtV/9uD8z3VZ/59/8Oa3Pv0gOdeel8f/wmc7P//PFhE7P/55m/j5LuMvn/zlsdN35/FXj6n/o57/S13Gf+9vO6tdHgoADMHm9s7N5Xq9dqenjfxdaD+uc2QjL2J3B+93F3sL+pcoNh48LEkk8TjXmY+2PTPHHRPRzQVnBvWoDnxj+qCv2N8rfzO/4pCrk/a9Fk+yEWfLjfuPcVb+LPR06wHj7MFNHxG/G3VpAAAAAAAAAAAAAACATtr/6OfMgP7OadR1BAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAYHz9LwAA///oMcIc")
quotactl$Q_QUOTAON(0xffffffff80000202, &(0x7f0000000180)=@loop={'/dev/loop', 0x0}, 0x0, 0x0)
mprotect(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x9)
r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000180)='hugetlb.1GB.usage_in_bytes\x00', 0x275a, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xa, 0x28011, r0, 0x0)
syz_mount_image$ext4(&(0x7f0000000440)='ext4\x00', &(0x7f0000000000)='./file0\x00', 0x80c40a, &(0x7f0000000a00)={[], [], 0x2c}, 0x81, 0x463, &(0x7f0000000480)="$eJzs3EtvG0UcAPD/bpK+S0Ipjz6AQEFEPJImLdADFxBIvSAhwaEcQ5pWpWmDmiDRqiIBoXJE/QTAEYlPwAkuCDiBuMIdIVWoF1oOaNHaa9c4dmrHTp3Gv5+02ZndtWf+3h17dsZOAH1rNP+TROyKiN8iYjgiBuoPGC2vbly/PHPz+uWZJLLszb+S/GHx9/XLM5VDk2K9s8iMpRHpJ0kcaFDuwsVLZ6fn5mYvFPmJxXPvTSxcvPTcmXPTp2dPz56fOnbs6JHJF1+Yer4rce7O67r/w/mD+46/ffX1mRNX3/nx67y+u4r9tXGUjXRc5miMVl+Tek92/Owby+5i3SxeNqa8rQ9GxFCp/Q/HQClXNhyvfdzTygHrKsuybOuKrdUewHIGbGJJ9LoGQG9UPujz+9/Kcge7Hz137eXyDVAe941iKe8ZjLQ4Zqjm/rbbRiPixPI/n+dLNByHAADorm/z/s+zjfp/aTxQc9w9xdzQSETcGxF7IuK+iNgbEfdHlI59MCIearP80br8yv7PL9vXFFiL8v7fS8Xc1v/7f5XeX4wMFLndpfiHklNn5mYPF6/JWAxtzfOTq5Tx3au/ftZsX23/L1/y8it9waIefw7WDdCdnF6c7iTmWtc+Ko0BLq2MP6nOBCQRsS8i9q/h+bdFxJmnvzrYbP/t41/F4BoqVCf7MuKp8vlfjrr4K5LV5ycntsXc7OGJylWx0k8/X3mjWfkdxd8F+fnf0fD6r8Y/ktTO1y60X8aV3z9tek+z1ut/S/JWKb2l2PbB9OLihcmILcnyyu1Ttx5byVeOz+MfO9Qg/ptZ/h737xfF4w5ERH4RPxwRj0TEo0XdH4uIxyPiUIPYsqXy+odXnnh37fGvrzz+k22d//YTA2e//6ZZ+a2d/6Ol1FixpZX3v1Yr2MlrBwAAAHeLtPQd+CQdr6bTdHy8/B3+vbEjnZtfWHzm1Pz750+Wvys/EkNpZaRruGY8dLIYG67kp+ryR0rjxlmWZdtL+fGZ+bn1mlMHWrOzSfvP/THQ69oB666teTS/8IJNpQvz6MBdSvuH/qX9Q//S/qF/NWr/SxE3elAV4A67zef/rf8SAGw6+v/Qv7R/6F/aP/SlTn7Xv1piz/H1eubNlhjYGNVoOxHphqhGS4mh4mqvbkk3SMVKia0R0erBS3GnKtbjNyYAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIAu+S8AAP//28vuNQ==")
openat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x42, 0x10)

3.076412659s ago: executing program 8 (id=3905):
mkdirat(0xffffffffffffff9c, &(0x7f0000000a80)='./file0\x00', 0x30)
syz_mount_image$fuse(0x0, &(0x7f0000000000)='./bus\x00', 0x300f401, 0x0, 0x2, 0x0, 0x0)
mount$overlay(0x0, &(0x7f0000000100)='./bus\x00', &(0x7f0000000440), 0x8, &(0x7f0000000200)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, '.'}}, {@upperdir={'upperdir', 0x3d, './file0'}}]})
chdir(&(0x7f00000003c0)='./bus\x00')
munmap(&(0x7f0000002000/0x1000)=nil, 0x1000)
r0 = open(&(0x7f0000000140)='.\x00', 0x8000, 0x112)
getdents(r0, &(0x7f0000001fc0)=""/184, 0xb8)

2.922029639s ago: executing program 6 (id=3906):
syz_mount_image$ocfs2(&(0x7f0000004740), &(0x7f0000004780)='./file0\x00', 0x100000a, &(0x7f00000002c0)={[{@journal_async_commit}, {@heartbeat_none}, {@usrquota}, {@barrier={'barrier', 0x3d, 0x7}}, {@heartbeat_none}, {@inode64}]}, 0x1, 0x4703, &(0x7f0000004800)="$eJzs212IXFcBB/BzJ6vZpMl2P9ImafoxSQQXLcumT9X6ENeqjabNh7bVVFlnN9vN6uzMujujBYPUIIiCoARBxQ+qQulLLYiBvtQiFPxAWoVSUbS+iBSq4INBG+jKzNybnXtntneyk7S0/f2gnb3n3nPumf3vPXfOPZNCrHZqYaW4sFIsVYrV2ftXbil+rlquL86FwqvktT4/vbkSOcn+tXPkfR/4yD23hPCHY1/70Orq6mpoGA5dHWj7+fy/T8+2vyYKmTqNdru31vLH+iMv/fwtr3REnhMhhB0d/WrYFEL42C9C2BxCGInLRuPXLSGEbSGEKITw6G/+9ePBfrrQ5uy9Lzx37MzhfWemHn/smQvzR9c9MArhu+XdN88vvrh/023Pv+MynR4AAF7RB48fufvo5IHwZBSGzg10fl7fGb8mn4/vfNun7np4YG3/Kr3Z9CqGCgAAABlr8//h6OUu63XJylqyJPjEAyfufipa229i+/p26K4jt79/8kC8/ht17L81Lvrnezc111Cz677Z9d+RTP3u679r53n4q8/+svLWjfc/6V9y3uEQFSZS24XCxEQIx6Za27uirYVydaX2zvur9crJjZ/3jSKdf3b1fm1Bv9f8RzPV89b/d3/i8z/bMtDPOxgL2b/axnax80+ZLtL5rz+W/+RLUU/5j2Xq5eV/x9Pbz/9qcz/vIHtGLkU6/9aFuK/9gGJrAGjk/82B/Px3ZNrPy//7U+cePbGB7/80xpnhqNHXwdQI8HJcvs5XmMhI598KIjV0xr/I9a7//2XyvybTfl7+d1b/8bu/9XH/X2/8H5/qp803j3T+rSCKqSPWrv+RQv71f22m/bz8f3vqz89+sq97dWf+jf6Pu//3JJ1/fCNOD57N32Sv4//OTPt5+e8au++hhQ30+8Nb4n4ORWGs7Vun5xq3sKG19ermlKaxe2kDJ3kTSOff+q2lLp2h1kvz+h/OH/93ZdrPy/+hPV9/z+m+vv/bffyfNP73JJ3/lmbZpeT/Uib/3Zn28/L/4em//+W+yzz+N7YPyr8n6fy3duxfe/5T6Gn+d12mft7zn32jTz3y1z7m/0n/kvMmz3+S5xDjUev5D92l879q3eN6vf/vydTLu/6/9Z/nn97fz/gfDXoC0Id0/ttahV0mgL3mf32m/bz8v3DPlz/+pw3M/5qf+AaT/Nvm/5tb5UeN/z1J57+9VZj6x1APNv/fvP9Hnbn/N5P/DZn28/K/cGhi4CuX+f7f6P94l0fZdErnP7TucY38f9/D/f/GTL28/L+496cv3tzX5/8QJs31Nyyd/9XrHte8/gfz878pUy8v/+9849dPPNhH/9/eR12y+bfu9anLKf5s3uv8v5hpPy//H42fP7v/Csz/bnX/70k6/9aq+aXkn53/7820n5f/9478YHngCjz/uUP+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGzIavw6HqDCR2i4UJiZCGIu3d4Wt0Uzp5PRMuTr7mZUQdsTlxTAazZerM6Xy9EKlenJuulQuV2dDuCbevyMMRivlam16sbR07cW2tkSn5krLtZm5Ui2EsDMuvz5sT9qaWagtlpaaxyZ1ropKn61Xa6WJ+srccth9sXxbUj6/XK0vXXexrasL1eWlU6XK9MmF5XdPTk5Ohj0X+zwSzT1Qm6vUWr1t7W3USeoOR21vprn7hrbzfbpaX66Uys3yG9vqlKuzpXJbnZvazldbrldmS7W56XJ1Pjlfsa1u23tr7t4b7xsPI6n3l9TNOhi/3n7o+EePHz7Qsb8YpfOu1BfnJrd3/5sAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA4I3rydve9e0QwkBrqxBCOJj8EMX/pZy994Xnjp05vO/M1OOPPXNh/mi3YwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAD4PztwIAAAAAAA5P/aCFVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVXYuZ+XKro4DsBnxve+FkgpbYRcBoaI6E7Cgn4RSeU1smWb1kGtEjIoCgwjWhYEQVC7qCBoFVT+BVELl62qTS1aGERQMTqTlzvCDS90zHkeGM4Mc++ZLwzcO3M+hwMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAALB+nN2x2JW1l3ZtXtq6+0PozM/9H0IYTZb3P+/tCD0hhK9fZk6HVdpCT1P/bybnxstXTX7v7R9/eH00WXv9xXeL63aHJB1qON6ZpOnQ0Nr736juDD6bHkxCSGMXQhQLY0/O1EIIHbELIYqfH+cvZr/v/8UuhCj6P9ztyu5/LXYhRLF196e+Wv6MR/Wcr18YbPzvb/UI3sYjOuvQ25NX3qVuauW9zN//k3zzPlgNsyeOvH8euwiimZ2bOhq7BgAA4O861yL/D1uW9+9fTkJPdzn3/9aU//c29b96/r/i3vYbYzNthRDbSmOT2fHwvnb63PhODVy9/bpmvKeq5P/VJv+vNvl/tcn/q03+X23yfzKv5P+V9PjmnsUXsYsgGvk/AABUz6HjE1P14ZHs5X/Tj85yXt+Xt/U8T39wa3rgUcO4kfzw33b42MSBg8Mj+X0vDwiurP+QLp39ns/3aG4Lk03zLlqt/9D7dGH+Wmf5E/U/nL9R1Fdc1/oPAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMAvdueehkEwCsPod1sRtdGqaMLCT4IPNDAiACnMaEAHEwZgIAQUMJBzlnuTZ3kBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACA5/tXeV18f2mM9Foj0lR22bV/jqfZz9y3w/I+e9y4FQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADZ24EAGAAAAQJi/dR7tBwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA4KkAAAD//8Oayzs=")
syz_mount_image$ext4(&(0x7f0000000000)='ext2\x00', &(0x7f0000000040)='./file0\x00', 0x43440, 0x0, 0x1, 0x0, &(0x7f0000000040))
mkdir(0x0, 0x0)
r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x42, 0x0)
pwrite64(r0, &(0x7f00000005c0)='\"', 0x1, 0x4fed0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x42, 0x0)
ioctl$EXT4_IOC_MOVE_EXT(r1, 0x40305829, &(0x7f0000000240)={0x17c04, 0xffffffffffffffff, 0x7, 0x100000002, 0x1000000000000000, 0x4})

2.839881473s ago: executing program 8 (id=3907):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r0, 0x0, 0x0)
write$binfmt_elf64(0xffffffffffffffff, 0x0, 0x0)
sendmsg$NFT_MSG_GETRULE(r0, &(0x7f0000000200)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x20040000}, 0x4d0d8)
openat$ttyprintk(0xffffffffffffff9c, 0x0, 0x0, 0x0)
syz_open_procfs$namespace(0xffffffffffffffff, &(0x7f0000000000)='ns/time_for_children\x00')
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x2a, 0xa9}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000240)=0x7)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0xfffff000)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
symlink(&(0x7f0000000000)='.\x00', &(0x7f0000000040)='./file0\x00')
mkdirat(0xffffffffffffff9c, 0x0, 0x1c0)
mknodat(0xffffffffffffff9c, 0x0, 0x1000, 0x0)
r4 = landlock_create_ruleset(&(0x7f00000002c0)={0x2001}, 0x18, 0x0)
openat$dir(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x200000, 0x13b)
sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x4c004)
r5 = syz_open_dev$dri(0x0, 0x1, 0x0)
ioctl$DRM_IOCTL_SET_CLIENT_CAP(r5, 0x4010640d, &(0x7f0000000000)={0x3, 0x2})
ioctl$DRM_IOCTL_MODE_GETPLANERESOURCES(r5, 0xc01064b5, &(0x7f0000000080)={&(0x7f0000000040)=[0x0], 0x1})
ioctl$DRM_IOCTL_MODE_ATOMIC(r5, 0xc03864bc, &(0x7f0000000180)={0x1, 0x0, 0x0, &(0x7f0000000180), &(0x7f0000000200), &(0x7f00000001c0)})
landlock_add_rule$LANDLOCK_RULE_PATH_BENEATH(r4, 0x1, 0x0, 0x0)
landlock_restrict_self(r4, 0x0)
renameat2(0xffffffffffffff9c, &(0x7f0000000480)='./file1/file2\x00', 0xffffffffffffff9c, &(0x7f00000004c0)='./file0\x00', 0x2)

2.086195139s ago: executing program 7 (id=3908):
mkdirat(0xffffffffffffff9c, &(0x7f0000000340)='./file1\x00', 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f00000000c0)='./bus\x00', 0xa5)
mkdirat(0xffffffffffffff9c, &(0x7f0000000240)='./file1/file0\x00', 0x28)
mount$bind(&(0x7f0000000100)='.\x00', &(0x7f0000000080)='./file1/file0\x00', 0x0, 0x1085408, 0x0)
mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f00000003c0), 0x0, &(0x7f00000004c0)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './file1/file0'}}, {@upperdir={'upperdir', 0x3d, './file1'}}]})
chdir(&(0x7f00000001c0)='./bus\x00')
unlinkat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x200)

1.821938419s ago: executing program 8 (id=3909):
syz_mount_image$reiserfs(&(0x7f0000000140), &(0x7f0000001140)='./file6\x00', 0x98, &(0x7f0000000280), 0x1, 0x10ef, &(0x7f00000022c0)="$eJzs2DGLE0EYBuB3dg/kqshcvx5oYSHHHfEPXKGQxsLaLljZmUrJz/HnyFX2R3pTBOyVTQwJEhDJYuB4Hlh252Vmvp1yvgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEDvLPlekosmqdusSVKSrrubLJJ02/zx17ZJydv3k9mrj+PXs8209FmT0q9aj+vN01rHdVxv6suL22d19unzh3avZEmX+9V8ev5mOehR+trtoDsCAADAw/DzaKMT1wcAAAD+ZrBGAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMAA6vajSVKSrrubLJJ0p/0tAAAA4EglTd6NDuWbNsDOi3wblZRHu+RH6edc58uB9QAAAMC/KXv38ec5z5O9/DJnubrajH+/srxN2iTXf+xzv5pP18/lfFr+5wEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgF/swLEAAAAAgDB/6zQ6NgAAAAAAAAAAAAAAAGCqAAAA//9TGNII")
openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x103042, 0x2)
r0 = openat(0xffffffffffffff9c, &(0x7f0000000440)='./file0\x00', 0x103a42, 0x15c)
fsetxattr$trusted_overlay_opaque(r0, &(0x7f0000000180), 0x0, 0x0, 0x1)
truncate(&(0x7f0000000080)='./file0\x00', 0x3a6800)
write$uinput_user_dev(r0, &(0x7f0000002dc0)={'syz1\x00', {0x0, 0x3, 0x1000, 0x101}, 0x19, [0xf, 0x7, 0x3, 0x0, 0xd, 0x8, 0x9b, 0x3ff, 0x8f, 0xff, 0x6, 0x3, 0x5f0, 0x4, 0x8, 0x7, 0x4, 0x3ff, 0x101, 0x400, 0x8, 0x2, 0xe, 0x800, 0x8, 0xfffffffb, 0x7, 0x2, 0x0, 0x9, 0x6, 0x81, 0x8, 0x0, 0x5, 0x3, 0x9, 0x3, 0x2, 0xc, 0x40, 0x8, 0x1, 0x2f, 0x3ff, 0x0, 0xb, 0x3, 0x6, 0x7, 0x5, 0xb, 0xfffffffe, 0xe4b5, 0x9, 0x9, 0xe5c5, 0xb, 0x2, 0x7, 0x100, 0x24, 0x2, 0xdd], [0x3ff, 0x0, 0xa, 0x5, 0x8, 0x0, 0x6, 0xed92, 0x888, 0x0, 0x7f, 0x118758c6, 0xfff, 0x6, 0x4, 0x4, 0x5, 0x0, 0x9, 0x2f, 0x3, 0x10004, 0xf6, 0x0, 0x7, 0xc, 0x3f, 0x1ff, 0x8, 0x1, 0x0, 0xff, 0x1000, 0x8, 0x4, 0x4, 0x6, 0x40, 0x6, 0x9, 0x3ff, 0xe, 0x8, 0x10000, 0x6, 0x0, 0x1ff, 0x8, 0x0, 0x7fffffff, 0xfff, 0xe81, 0x6, 0x7e22, 0x7fffffff, 0x1, 0x10000, 0x44, 0x52d, 0x5, 0x3, 0xfffff001, 0x53, 0x2], [0x8, 0x1, 0x78da, 0x8000, 0xffffff7f, 0x67c, 0x98f5, 0x0, 0xc, 0xc1c, 0x4, 0x4db83704, 0x8, 0x6, 0xc7a, 0x5, 0xf978, 0x7ffffffc, 0x3, 0x5, 0xfffffffd, 0x9, 0xb6c, 0x8000, 0x1, 0x6, 0x83f00, 0x4, 0x200, 0x5, 0xfffffff8, 0x7, 0x8f98, 0x0, 0x8000, 0x80000000, 0x4, 0x0, 0xa6b0, 0x6, 0xa221, 0x7fffffff, 0x2, 0x4, 0x10001, 0x45b, 0x8, 0x3e85daf5, 0x404, 0xffff8000, 0x423, 0xbf3, 0x94, 0x3, 0x4, 0x102, 0x0, 0x1, 0x5, 0x1, 0x1, 0x1, 0x5, 0x6], [0x9, 0x4, 0xffff8001, 0x4, 0x81, 0x1, 0x1, 0x0, 0xa, 0x6, 0xb, 0x1, 0x4, 0x9b4, 0x9, 0x3, 0x4, 0x9, 0x260d, 0xfffffffb, 0xc, 0xff, 0x7, 0x3, 0x2, 0x1, 0x1, 0x9, 0x3, 0x5, 0xffffffff, 0xa7bd, 0x9, 0x9, 0x1, 0x25562d28, 0x3ff, 0x9, 0x39, 0x8, 0x6, 0xa7d7, 0x6, 0x5, 0x0, 0x40f, 0xff, 0x2, 0x200800, 0xffffffff, 0xa9, 0x20009, 0x3, 0x6, 0xfc9a, 0x3, 0x10001, 0x9, 0x7, 0x800, 0x7, 0x3859, 0x2, 0x1]}, 0x45c)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='memory.stat\x00', 0x275a, 0x0)

1.771169069s ago: executing program 7 (id=3910):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r0, 0x0, 0x0)
write$binfmt_elf64(0xffffffffffffffff, 0x0, 0x0)
sendmsg$NFT_MSG_GETRULE(r0, &(0x7f0000000200)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x20040000}, 0x4d0d8)
openat$ttyprintk(0xffffffffffffff9c, 0x0, 0x0, 0x0)
syz_open_procfs$namespace(0xffffffffffffffff, &(0x7f0000000000)='ns/time_for_children\x00')
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000003c0)={0x18, 0x0, 0x0, &(0x7f0000000100)='GPL\x00', 0xa, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x2a, 0xa9}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000240)=0x7)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0xfffff000)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
symlink(&(0x7f0000000000)='.\x00', &(0x7f0000000040)='./file0\x00')
mkdirat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x1c0)
mknodat(0xffffffffffffff9c, &(0x7f0000000140)='./file1/file2\x00', 0x1000, 0x0)
r4 = landlock_create_ruleset(&(0x7f00000002c0)={0x2001}, 0x18, 0x0)
r5 = openat$dir(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x200000, 0x13b)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000380)={&(0x7f0000000200)={0x10, 0x0, 0x0, 0x10}, 0xc, 0x0, 0x1, 0x0, 0x0, 0x40040c4}, 0x4c004)
r6 = syz_open_dev$dri(&(0x7f0000000440), 0x1, 0x0)
ioctl$DRM_IOCTL_SET_CLIENT_CAP(r6, 0x4010640d, &(0x7f0000000000)={0x3, 0x2})
ioctl$DRM_IOCTL_MODE_GETPLANERESOURCES(r6, 0xc01064b5, &(0x7f0000000080)={0x0})
landlock_add_rule$LANDLOCK_RULE_PATH_BENEATH(r4, 0x1, &(0x7f0000000340)={0x2000, r5}, 0x0)
landlock_restrict_self(r4, 0x0)
renameat2(0xffffffffffffff9c, &(0x7f0000000480)='./file1/file2\x00', 0xffffffffffffff9c, &(0x7f00000004c0)='./file0\x00', 0x2)

683.71337ms ago: executing program 7 (id=3911):
prlimit64(0x0, 0xe, &(0x7f0000000200)={0x8, 0x8a}, 0x0)
getsockopt$inet_sctp6_SCTP_PEER_ADDR_THLDS(0xffffffffffffffff, 0x84, 0x1f, 0x0, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x3)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0)
r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8)
ioctl$ifreq_SIOCGIFINDEX_vcan(0xffffffffffffffff, 0x8933, 0x0)
fdatasync(r0)
r1 = socket(0xa, 0x5, 0x0)
setsockopt$inet6_IPV6_DSTOPTS(r1, 0x29, 0x3b, &(0x7f0000000000)=ANY=[], 0xf0)
sendto$inet6(r1, 0x0, 0x0, 0x400c804, &(0x7f0000000100)={0xa, 0x4e23, 0xfffffec1, @local, 0xffff8003}, 0x1c)
r2 = socket$inet_smc(0x2b, 0x1, 0x0)
ioctl$sock_SIOCETHTOOL(r2, 0x8946, 0x0)
setsockopt$IP_VS_SO_SET_STOPDAEMON(r1, 0x0, 0x48c, &(0x7f0000000080)={0x1, 'hsr0\x00', 0x2}, 0x18)
bpf$MAP_CREATE(0x0, 0x0, 0x50)
r3 = socket(0x40000000015, 0x5, 0x0)
setsockopt$SO_RDS_TRANSPORT(r3, 0x114, 0x8, &(0x7f00000008c0), 0x4)
close(r3)
r4 = socket$inet_sctp(0x2, 0x1, 0x84)
setsockopt$IP_VS_SO_SET_ADD(r4, 0x0, 0x482, &(0x7f0000000040)={0x84, @broadcast, 0x4e21, 0x3, 'rr\x00', 0x1, 0x10000004, 0x100008}, 0x2c)
r5 = syz_open_dev$I2C(&(0x7f0000000040), 0x0, 0x80)
ioctl$I2C_PEC(r5, 0x708, 0xb8f7)
ioctl$I2C_SMBUS(r5, 0x720, &(0x7f0000000100)={0x1, 0x4, 0x6, &(0x7f0000000080)={0x0, "14abd83463604d70b41d4008e300000000fcffffff000000000000006d803e8800"}})
r6 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_TIMEOUT_NEW(r6, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x24000401}, 0x140000a0)
r7 = socket$kcm(0xa, 0x2, 0x0)
setsockopt$IP_VS_SO_SET_ADDDEST(r4, 0x0, 0x487, &(0x7f0000000000)={{0x84, @private=0xa010101, 0x4e21, 0x3, 'wrr\x00', 0x23, 0x81, 0x5}, {@dev={0xac, 0x14, 0x14, 0x3c}, 0x4e23, 0x4, 0x1cb, 0x12d61, 0x12d58}}, 0x44)
setsockopt$IP_VS_SO_SET_ADDDEST(0xffffffffffffffff, 0x0, 0x487, &(0x7f0000000000)={{0x84, @rand_addr=0x64010100, 0x4e24, 0x3, 'lc\x00', 0x8, 0x323b, 0x55}, {@remote, 0x4e23, 0x10000, 0x0, 0x12d5c, 0x12d4c}}, 0x44)
sendmsg$sock(r7, 0x0, 0x0)

569.688399ms ago: executing program 7 (id=3912):
prlimit64(0x0, 0xe, &(0x7f0000000200)={0x8, 0x8a}, 0x0)
getsockopt$inet_sctp6_SCTP_PEER_ADDR_THLDS(0xffffffffffffffff, 0x84, 0x1f, 0x0, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x3)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0)
r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8)
ioctl$ifreq_SIOCGIFINDEX_vcan(0xffffffffffffffff, 0x8933, 0x0)
fdatasync(r0)
r1 = socket(0xa, 0x5, 0x0)
setsockopt$inet6_IPV6_DSTOPTS(r1, 0x29, 0x3b, &(0x7f0000000000)=ANY=[], 0xf0)
sendto$inet6(r1, 0x0, 0x0, 0x400c804, &(0x7f0000000100)={0xa, 0x4e23, 0xfffffec1, @local, 0xffff8003}, 0x1c)
r2 = socket$inet_smc(0x2b, 0x1, 0x0)
ioctl$sock_SIOCETHTOOL(r2, 0x8946, 0x0)
setsockopt$IP_VS_SO_SET_STOPDAEMON(r1, 0x0, 0x48c, &(0x7f0000000080)={0x1, 'hsr0\x00', 0x2}, 0x18)
bpf$MAP_CREATE(0x0, 0x0, 0x50)
r3 = socket(0x40000000015, 0x5, 0x0)
setsockopt$SO_RDS_TRANSPORT(r3, 0x114, 0x8, &(0x7f00000008c0), 0x4)
close(r3)
r4 = socket$inet_sctp(0x2, 0x1, 0x84)
setsockopt$IP_VS_SO_SET_ADD(r4, 0x0, 0x482, &(0x7f0000000040)={0x84, @broadcast, 0x4e21, 0x3, 'rr\x00', 0x1, 0x10000004, 0x100008}, 0x2c)
r5 = syz_open_dev$I2C(&(0x7f0000000040), 0x0, 0x80)
ioctl$I2C_PEC(r5, 0x708, 0xb8f7)
ioctl$I2C_SMBUS(r5, 0x720, &(0x7f0000000100)={0x1, 0x4, 0x6, &(0x7f0000000080)={0x0, "14abd83463604d70b41d4008e300000000fcffffff000000000000006d803e8800"}})
r6 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_TIMEOUT_NEW(r6, 0x0, 0x140000a0)
r7 = socket$kcm(0xa, 0x2, 0x0)
setsockopt$IP_VS_SO_SET_ADDDEST(r4, 0x0, 0x487, &(0x7f0000000000)={{0x84, @private=0xa010101, 0x4e21, 0x3, 'wrr\x00', 0x23, 0x81, 0x5}, {@dev={0xac, 0x14, 0x14, 0x3c}, 0x4e23, 0x4, 0x1cb, 0x12d61, 0x12d58}}, 0x44)
setsockopt$IP_VS_SO_SET_ADDDEST(0xffffffffffffffff, 0x0, 0x487, &(0x7f0000000000)={{0x84, @rand_addr=0x64010100, 0x4e24, 0x3, 'lc\x00', 0x8, 0x323b, 0x55}, {@remote, 0x4e23, 0x10000, 0x0, 0x12d5c, 0x12d4c}}, 0x44)
sendmsg$sock(r7, &(0x7f0000000400)={&(0x7f0000000580)=@in6={0x2, 0x4e22, 0x0, @dev, 0xfffffeec}, 0x80, 0x0, 0x0, &(0x7f0000000000)=[@mark={{0x14, 0x1, 0x24, 0x3}}], 0x18}, 0x0)

450.056966ms ago: executing program 8 (id=3913):
r0 = socket$inet_sctp(0x2, 0x5, 0x84)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000300)={'veth0_to_batadv\x00', <r1=>0x0})
r2 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r2, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000040)=@ipv6_newaddr={0x34, 0x14, 0x101, 0x70bd26, 0x25dfdbf8, {0xa, 0x20, 0x19, 0xca, r1}, [@IFA_ADDRESS={0x14, 0x1, @mcast2}, @IFA_FLAGS={0x8, 0x8, 0x600}]}, 0x34}, 0x1, 0x0, 0x0, 0x4c051}, 0x20004804)
mprotect(&(0x7f0000000000/0x10000)=nil, 0x10000, 0x1)
r3 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r3, &(0x7f0000000140)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1}, 0x20000000)

440.770694ms ago: executing program 7 (id=3914):
r0 = socket$inet_sctp(0x2, 0x1, 0x84)
setsockopt$inet_sctp_SCTP_SOCKOPT_BINDX_ADD(r0, 0x84, 0x64, &(0x7f0000000280)=[@in={0x2, 0x4e21, @loopback}], 0x10)
sendmsg$inet_sctp(r0, &(0x7f0000000700)={&(0x7f0000000340)=@in={0x2, 0x4e21, @loopback}, 0x10, &(0x7f0000000080)=[{&(0x7f0000000000)="fd", 0x1}], 0x1, 0x0, 0x0, 0x804c044}, 0x881)
r1 = dup(r0)
write$RDMA_USER_CM_CMD_CREATE_ID(r1, &(0x7f00000001c0)={0x0, 0x18, 0xfa00, {0x0, 0x0, 0x106, 0x2}}, 0x20)
setsockopt$inet_sctp_SCTP_DEFAULT_PRINFO(r1, 0x84, 0x72, &(0x7f0000000100)={0x0, 0x0, 0x20}, 0xc)
write$RDMA_USER_CM_CMD_RESOLVE_ROUTE(r1, &(0x7f0000000180)={0x4, 0xffffff95, 0xfa00, {0xffffffffffffffff, 0x4}}, 0x29fdf)

186.128255ms ago: executing program 6 (id=3915):
mkdir(&(0x7f00000020c0)='./file0\x00', 0x0)
r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000040), 0x42, 0x0)
mount$fuse(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000002100), 0x0, &(0x7f0000002140)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r0, @ANYBLOB=',rootmode=0000000000000000040000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0])
umount2(&(0x7f00000002c0)='./file0\x00', 0xb)
unshare(0x22020600)
socket(0x10, 0x803, 0x0)
pselect6(0x40, &(0x7f0000000100)={0x0, 0x3, 0x0, 0x1, 0x800}, 0x0, &(0x7f0000000240)={0x1f, 0x3}, &(0x7f0000000280)={0x0, 0x3938700}, 0x0)

185.863935ms ago: executing program 7 (id=3916):
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu/syz0\x00', 0x1ff)
r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0)
r1 = openat$cgroup_procs(r0, &(0x7f0000000600)='tasks\x00', 0x2, 0x0)
write$cgroup_pid(r1, &(0x7f0000000400), 0x12)
unshare(0x22020600)
r2 = syz_open_procfs(0x0, &(0x7f0000000080)='cgroup\x00')
read$FUSE(r2, &(0x7f0000004000)={0x2020}, 0x2020)

0s ago: executing program 8 (id=3917):
syz_mount_image$fuse(0x0, &(0x7f0000000080)='./bus\x00', 0x30000d0, 0x0, 0x2, 0x0, 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x0)
mount$overlay(0x0, &(0x7f0000000100)='./bus\x00', &(0x7f0000000440), 0x8, &(0x7f0000000200)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, '.'}}, {@upperdir={'upperdir', 0x3d, './file0'}}]})
syz_mount_image$fuse(&(0x7f00000001c0), &(0x7f0000000380)='./bus\x00', 0x322020, &(0x7f0000000140)=ANY=[], 0x1, 0x0, 0x0)
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='cpuset.effective_cpus\x00', 0x275a, 0x0)
write$binfmt_misc(r0, &(0x7f0000000240)='R', 0x1)
write$P9_RREADDIR(r0, &(0x7f0000002700)={0xb, 0x29, 0x2, {0x8}}, 0xb)

kernel console output (not intermixed with test programs):

ANGE): macsec0: link becomes ready
[  348.362445][ T5962] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  348.373791][ T5962] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  348.384919][ T5962] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  348.407800][ T5962] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  348.421794][ T5962] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  348.439624][ T5962] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  348.450003][ T5962] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  348.460759][ T5962] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  348.473757][ T5962] batman_adv: batadv0: Interface activated: batadv_slave_0
[  348.481168][ T4318] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready
[  348.500232][ T4318] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[  348.523384][ T4501] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[  348.538536][ T4501] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[  348.552822][ T5962] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  348.572089][ T5962] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  348.592677][ T5962] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  348.603723][ T5962] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  348.619873][ T5962] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  348.633721][ T5962] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  348.650018][ T5962] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  348.662157][ T5962] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  348.685096][ T5962] batman_adv: batadv0: Interface activated: batadv_slave_1
[  348.708406][ T1249] device hsr_slave_0 left promiscuous mode
[  348.717913][ T1249] device hsr_slave_1 left promiscuous mode
[  348.728442][ T1249] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  348.737465][ T1249] batman_adv: batadv0: Removing interface: batadv_slave_0
[  348.749638][ T1249] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  348.761949][ T1249] batman_adv: batadv0: Removing interface: batadv_slave_1
[  348.776584][ T1249] device bridge_slave_1 left promiscuous mode
[  348.783767][ T1249] bridge0: port 2(bridge_slave_1) entered disabled state
[  348.793497][ T1249] device bridge_slave_0 left promiscuous mode
[  348.799934][ T1249] bridge0: port 1(bridge_slave_0) entered disabled state
[  348.833288][ T1249] device veth1_macvtap left promiscuous mode
[  348.839585][ T1249] device veth0_macvtap left promiscuous mode
[  348.846447][ T1249] device veth1_vlan left promiscuous mode
[  348.853175][ T1249] device veth0_vlan left promiscuous mode
[  349.421221][ T4276] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1
[  349.441237][ T4276] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9
[  349.456401][ T4276] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9
[  349.472751][ T4276] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4
[  349.481096][ T4283] Bluetooth: hci4: unexpected cc 0x0c25 length: 249 > 3
[  349.492694][ T4276] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2
[  349.740497][ T1249] team0 (unregistering): Port device team_slave_1 removed
[  349.781320][ T1249] team0 (unregistering): Port device team_slave_0 removed
[  349.822858][ T1249] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  349.865389][ T1249] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  350.181258][ T1249] bond0 (unregistering): Released all slaves
[  350.296153][ T4501] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
[  350.305692][ T4501] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[  350.316295][ T6284] 8021q: adding VLAN 0 to HW filter on device team0
[  350.367971][ T4901] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[  350.386736][ T4901] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[  350.399559][ T4901] bridge0: port 1(bridge_slave_0) entered blocking state
[  350.407005][ T4901] bridge0: port 1(bridge_slave_0) entered forwarding state
[  350.425640][ T4901] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[  350.457008][ T4546] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[  350.466015][ T4546] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[  350.493782][ T4546] bridge0: port 2(bridge_slave_1) entered blocking state
[  350.500917][ T4546] bridge0: port 2(bridge_slave_1) entered forwarding state
[  350.509599][ T4546] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[  350.553948][ T4901] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[  350.569188][ T4901] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[  350.579926][ T4901] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[  350.590016][ T4901] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[  350.600709][ T4901] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[  350.611575][ T4901] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[  350.626893][ T4901] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[  350.673754][ T4901] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[  350.686932][ T4901] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[  350.695893][ T4901] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[  350.757868][ T6284] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[  351.038869][ T6426] chnl_net:caif_netlink_parms(): no params data found
[  351.209545][ T4901] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready
[  351.218441][ T4901] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready
[  351.280827][ T6284] 8021q: adding VLAN 0 to HW filter on device batadv0
[  351.290933][ T6426] bridge0: port 1(bridge_slave_0) entered blocking state
[  351.298867][ T6426] bridge0: port 1(bridge_slave_0) entered disabled state
[  351.319453][ T6426] device bridge_slave_0 entered promiscuous mode
[  351.329441][ T6426] bridge0: port 2(bridge_slave_1) entered blocking state
[  351.336897][ T6426] bridge0: port 2(bridge_slave_1) entered disabled state
[  351.345560][ T6426] device bridge_slave_1 entered promiscuous mode
[  351.437046][ T6426] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  351.488220][ T6426] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  351.538687][ T6426] team0: Port device team_slave_0 added
[  351.547822][ T6426] team0: Port device team_slave_1 added
[  351.552340][ T4282] Bluetooth: hci4: command 0x0409 tx timeout
[  351.611712][ T6426] batman_adv: batadv0: Adding interface: batadv_slave_0
[  351.625589][ T6426] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  351.682431][ T6426] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  351.705369][ T6426] batman_adv: batadv0: Adding interface: batadv_slave_1
[  351.722538][ T6426] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  351.750648][ T6426] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  351.815668][ T6426] device hsr_slave_0 entered promiscuous mode
[  351.833227][ T6426] device hsr_slave_1 entered promiscuous mode
[  351.840470][ T6426] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  351.860846][ T6426] Cannot create hsr debugfs directory
[  351.991925][ T4437] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready
[  352.018298][ T4437] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[  352.070465][ T4437] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready
[  352.088547][ T4437] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[  352.102735][ T6284] device veth0_vlan entered promiscuous mode
[  352.119528][ T4437] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[  352.128582][ T4437] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[  352.149040][ T6284] device veth1_vlan entered promiscuous mode
[  352.240869][ T6284] device veth0_macvtap entered promiscuous mode
[  352.254804][ T4437] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready
[  352.264691][ T4437] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready
[  352.275011][ T4437] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready
[  352.284779][ T4437] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[  352.315586][ T6284] device veth1_macvtap entered promiscuous mode
[  352.327378][ T4437] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready
[  352.336675][ T4437] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready
[  352.371197][ T6284] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  352.386665][ T6284] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  352.397968][ T6284] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  352.408693][ T6284] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  352.419224][ T6284] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  352.430050][ T6284] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  352.440181][ T6284] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  352.450956][ T6284] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  352.463237][ T6284] batman_adv: batadv0: Interface activated: batadv_slave_0
[  352.500635][ T4437] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready
[  352.511353][ T4437] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[  352.524549][ T6284] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  352.536476][ T6284] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  352.547123][ T6284] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  352.558295][ T6284] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  352.568587][ T6284] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  352.579974][ T6284] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  352.590167][ T6284] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  352.602479][ T6284] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  352.614322][ T6284] batman_adv: batadv0: Interface activated: batadv_slave_1
[  352.630772][ T4437] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
[  352.640479][ T4437] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[  352.658345][ T6284] netdevsim netdevsim7 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  352.690322][ T6284] netdevsim netdevsim7 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  352.701082][ T6284] netdevsim netdevsim7 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  352.710127][ T6284] netdevsim netdevsim7 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  352.920707][ T5982] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  352.936757][ T5982] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  352.979407][ T5982] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready
[  352.998535][ T4437] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  353.011965][ T4437] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  353.028588][ T5982] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready
[  353.194657][ T6477] loop2: detected capacity change from 0 to 512
[  354.203985][ T4282] Bluetooth: hci4: command 0x041b tx timeout
[  356.114092][ T6477] FAT-fs (loop2): utf8 is not a recommended IO charset for FAT filesystems, filesystem will be case sensitive!
[  356.131484][ T6485] loop5: detected capacity change from 0 to 4096
[  356.139165][ T6485] ntfs3: Unknown parameter 'windows_names'
[  356.144111][ T4282] sysfs: cannot create duplicate filename '/devices/virtual/bluetooth/hci0/hci0:201'
[  356.163399][ T4282] CPU: 0 PID: 4282 Comm: kworker/u5:7 Not tainted syzkaller #0
[  356.171132][ T4282] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
[  356.181220][ T4282] Workqueue: hci0 hci_rx_work
[  356.186142][ T4282] Call Trace:
[  356.189455][ T4282]  <TASK>
[  356.192408][ T4282]  dump_stack_lvl+0x188/0x24e
[  356.197300][ T4282]  ? show_regs_print_info+0x12/0x12
[  356.202968][ T4282]  ? load_image+0x400/0x400
[  356.207615][ T4282]  sysfs_create_dir_ns+0x26a/0x290
[  356.212904][ T4282]  ? sysfs_warn_dup+0xa0/0xa0
[  356.217983][ T4282]  ? do_raw_spin_unlock+0x11d/0x230
[  356.223221][ T4282]  kobject_add_internal+0x61c/0xcc0
[  356.228467][ T4282]  kobject_add+0x160/0x230
[  356.233003][ T4282]  ? kobject_init+0x1d0/0x1d0
[  356.237722][ T4282]  ? klist_children_get+0x50/0x50
[  356.242792][ T4282]  ? get_device_parent+0x121/0x3f0
[  356.247944][ T4282]  device_add+0x483/0xfb0
[  356.252467][ T4282]  ? kmem_cache_free+0xf7/0x290
[  356.257432][ T4282]  hci_conn_add_sysfs+0xd1/0x1e0
[  356.262379][ T4282]  le_conn_complete_evt+0x105f/0x1670
[  356.267846][ T4282]  ? hci_le_big_info_adv_report_evt+0x2f0/0x2f0
[  356.274178][ T4282]  ? __mutex_unlock_slowpath+0x1b0/0x6c0
[  356.279910][ T4282]  ? skb_pull_data+0xf7/0x200
[  356.284598][ T4282]  hci_le_enh_conn_complete_evt+0x185/0x460
[  356.290504][ T4282]  ? hci_le_remote_conn_param_req_evt+0xd10/0xd10
[  356.297013][ T4282]  ? hci_remote_host_features_evt+0x270/0x270
[  356.303082][ T4282]  hci_event_packet+0x7b6/0x1280
[  356.308025][ T4282]  ? bis_list+0x280/0x280
[  356.312488][ T4282]  ? do_raw_read_unlock+0x39/0x70
[  356.317900][ T4282]  ? _raw_read_unlock+0x24/0x40
[  356.323112][ T4282]  ? hci_send_to_sock+0x79c/0x810
[  356.328145][ T4282]  ? kfree_skb_reason+0x17a/0x370
[  356.333176][ T4282]  hci_rx_work+0x3eb/0xd40
[  356.337697][ T4282]  ? _raw_spin_unlock+0x40/0x40
[  356.342761][ T4282]  ? process_one_work+0x7b0/0x1160
[  356.348430][ T4282]  process_one_work+0x8a2/0x1160
[  356.353402][ T4282]  ? worker_detach_from_pool+0x240/0x240
[  356.359065][ T4282]  ? _raw_spin_lock_irq+0xb7/0xf0
[  356.364106][ T4282]  ? _raw_spin_lock_irqsave+0x100/0x100
[  356.369904][ T4282]  ? kthread_data+0x4b/0xc0
[  356.374451][ T4282]  worker_thread+0xaa2/0x1270
[  356.379267][ T4282]  kthread+0x29d/0x330
[  356.383344][ T4282]  ? worker_clr_flags+0x1a0/0x1a0
[  356.388503][ T4282]  ? kthread_blkcg+0xd0/0xd0
[  356.393124][ T4282]  ret_from_fork+0x1f/0x30
[  356.397560][ T4282]  </TASK>
[  356.400729][    C0] vkms_vblank_simulate: vblank timer overrun
[  356.401434][ T4276] Bluetooth: hci4: command 0x040f tx timeout
[  356.416246][ T4282] kobject_add_internal failed for hci0:201 with -EEXIST, don't try to register things with the same name in the same directory.
[  356.431491][ T4282] Bluetooth: hci0: failed to register connection device
[  356.524991][ T4372] I/O error, dev loop5, sector 3968 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2
[  357.090909][ T6500] fuse: Bad value for 'fd'
[  357.162349][ T6501] xt_cgroup: path and classid specified
[  357.637905][ T6503] netlink: 'syz.2.381': attribute type 1 has an invalid length.
[  357.714220][ T6507] netlink: 'syz.5.382': attribute type 1 has an invalid length.
[  358.340544][ T6513] binder: 6512:6513 ioctl c0306201 0 returned -14
[  358.462345][ T4276] Bluetooth: hci4: command 0x0419 tx timeout
[  358.815627][ T6426] netdevsim netdevsim6 netdevsim0: renamed from eth0
[  358.892035][    C0] hrtimer: interrupt took 61372 ns
[  359.463352][ T6426] netdevsim netdevsim6 netdevsim1: renamed from eth1
[  359.693599][ T6530] delete_channel: no stack
[  360.960268][ T6426] netdevsim netdevsim6 netdevsim2: renamed from eth2
[  360.963057][ T6528] netdevsim netdevsim5: loading /lib/firmware/. failed with error -22
[  360.996656][ T6528] netdevsim netdevsim5: Direct firmware load for . failed with error -22
[  361.019135][ T6528] netdevsim netdevsim5: Falling back to sysfs fallback for: .
[  361.024627][ T6426] netdevsim netdevsim6 netdevsim3: renamed from eth3
[  361.223469][ T1249] device hsr_slave_0 left promiscuous mode
[  361.236173][ T1249] device hsr_slave_1 left promiscuous mode
[  362.293386][ T1249] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  362.300853][ T1249] batman_adv: batadv0: Removing interface: batadv_slave_0
[  362.372990][ T1249] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  362.380986][ T1249] batman_adv: batadv0: Removing interface: batadv_slave_1
[  362.405260][ T1249] device bridge_slave_1 left promiscuous mode
[  362.411685][ T1249] bridge0: port 2(bridge_slave_1) entered disabled state
[  362.430557][ T1249] device bridge_slave_0 left promiscuous mode
[  362.440157][ T1249] bridge0: port 1(bridge_slave_0) entered disabled state
[  362.538623][ T6554] loop5: detected capacity change from 0 to 512
[  362.556217][ T6554] =======================================================
[  362.556217][ T6554] WARNING: The mand mount option has been deprecated and
[  362.556217][ T6554]          and is ignored by this kernel. Remove the mand
[  362.556217][ T6554]          option from the mount to silence this warning.
[  362.556217][ T6554] =======================================================
[  363.259477][ T6554] EXT4-fs (loop5): ext4_check_descriptors: Inode table for group 0 overlaps superblock
[  363.382209][ T6554] EXT4-fs (loop5): ext4_check_descriptors: Checksum for group 0 failed (45506!=33349)
[  363.430930][ T6554] EXT4-fs error (device loop5): __ext4_get_inode_loc:4513: comm syz.5.392: Invalid inode table block 1 in block_group 0
[  363.463708][ T6554] EXT4-fs (loop5): get root inode failed
[  363.463960][ T1249] device veth1_macvtap left promiscuous mode
[  363.469397][ T6554] EXT4-fs (loop5): mount failed
[  363.483892][ T1249] device veth0_macvtap left promiscuous mode
[  363.490656][ T1249] device veth1_vlan left promiscuous mode
[  363.497040][ T1249] device veth0_vlan left promiscuous mode
[  364.833353][ T6568] netlink: 'syz.3.396': attribute type 1 has an invalid length.
[  365.946257][ T1249] team0 (unregistering): Port device team_slave_1 removed
[  366.010062][ T1249] team0 (unregistering): Port device team_slave_0 removed
[  366.072255][ T1249] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  366.132718][ T1249] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  367.177418][ T1249] bond0 (unregistering): Released all slaves
[  367.559496][ T6585] wlan0 speed is unknown, defaulting to 1000
[  367.568477][ T6585] wlan0 speed is unknown, defaulting to 1000
[  367.590116][ T6585] wlan0 speed is unknown, defaulting to 1000
[  367.617967][ T6585] iwpm_register_pid: Unable to send a nlmsg (client = 2)
[  367.647231][ T6585] infiniband syz1: RDMA CMA: cma_listen_on_dev, error -98
[  367.708274][ T6585] wlan0 speed is unknown, defaulting to 1000
[  367.715883][ T6585] wlan0 speed is unknown, defaulting to 1000
[  367.723024][ T6585] wlan0 speed is unknown, defaulting to 1000
[  367.730075][ T6585] wlan0 speed is unknown, defaulting to 1000
[  367.736753][ T6585] wlan0 speed is unknown, defaulting to 1000
[  367.960263][ T6592] loop3: detected capacity change from 0 to 128
[  369.773003][ T6592] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: none.
[  369.784562][ T6592] ext4 filesystem being mounted at /88/mnt supports timestamps until 2038-01-19 (0x7fffffff)
[  370.727670][ T4267] EXT4-fs (loop3): unmounting filesystem.
[  370.988882][ T6601] netdevsim netdevsim2: loading /lib/firmware/. failed with error -22
[  370.997667][ T6601] netdevsim netdevsim2: Direct firmware load for . failed with error -22
[  371.006520][ T6601] netdevsim netdevsim2: Falling back to sysfs fallback for: .
[  371.040337][ T6604] delete_channel: no stack
[  371.654033][ T6426] 8021q: adding VLAN 0 to HW filter on device bond0
[  371.680466][ T4318] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[  371.690791][ T4318] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[  371.722457][ T6612] netlink: 'syz.3.406': attribute type 1 has an invalid length.
[  371.870681][ T6426] 8021q: adding VLAN 0 to HW filter on device team0
[  372.087675][ T4437] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[  372.115987][ T4437] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[  372.175938][ T4437] bridge0: port 1(bridge_slave_0) entered blocking state
[  372.183108][ T4437] bridge0: port 1(bridge_slave_0) entered forwarding state
[  372.218304][ T4437] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[  372.252224][ T4437] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[  372.272333][ T4437] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[  372.280937][ T4437] bridge0: port 2(bridge_slave_1) entered blocking state
[  372.288467][ T4437] bridge0: port 2(bridge_slave_1) entered forwarding state
[  372.312396][ T4437] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[  372.331570][ T4437] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[  372.383286][ T4434] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[  372.404732][ T4434] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[  372.434088][ T4434] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[  372.453152][ T4434] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[  372.478923][ T4434] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[  372.493316][ T4434] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[  372.523314][ T4434] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[  372.548229][ T4434] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[  372.573125][ T4434] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[  372.607353][ T6426] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[  372.930927][ T4437] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready
[  372.942364][ T4437] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready
[  372.976435][ T6426] 8021q: adding VLAN 0 to HW filter on device batadv0
[  373.158105][ T6632] wlan0 speed is unknown, defaulting to 1000
[  373.207474][ T6638] loop7: detected capacity change from 0 to 764
[  374.573728][ T6651] loop7: detected capacity change from 0 to 1024
[  374.654151][ T6651] EXT4-fs: Ignoring removed orlov option
[  375.709825][ T6651] EXT4-fs: Ignoring removed bh option
[  375.852877][ T6651] EXT4-fs (loop7): mounted filesystem without journal. Quota mode: writeback.
[  376.460657][ T6284] EXT4-fs (loop7): unmounting filesystem.
[  377.138057][ T6672] loop7: detected capacity change from 0 to 512
[  377.202924][ T6672] FAT-fs (loop7): utf8 is not a recommended IO charset for FAT filesystems, filesystem will be case sensitive!
[  377.295518][ T4500] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready
[  377.480351][ T4500] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[  377.613541][ T6676] FAT-fs (loop7): error, fat_get_cluster: invalid start cluster (i_pos 0, start 22000003)
[  377.787825][ T6676] FAT-fs (loop7): error, fat_free_clusters: deleting FAT entry beyond EOF
[  377.816600][ T6676] FAT-fs (loop7): error, fat_get_cluster: invalid start cluster (i_pos 0, start 22000003)
[  377.839083][ T6676] FAT-fs (loop7): error, fat_get_cluster: invalid start cluster (i_pos 0, start 22000003)
[  378.343226][ T1249] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready
[  378.430234][ T1249] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[  378.468514][ T1249] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[  378.718354][ T6683] binder: binder_mmap: 6678 2000003d3000-2000003d7000 bad vm_flags failed -1
[  378.787254][ T1249] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[  378.834779][ T1274] ieee802154 phy0 wpan0: encryption failed: -22
[  378.841455][ T1274] ieee802154 phy1 wpan1: encryption failed: -22
[  379.224680][ T6426] device veth0_vlan entered promiscuous mode
[  379.309750][ T6426] device veth1_vlan entered promiscuous mode
[  379.475267][ T6426] device veth0_macvtap entered promiscuous mode
[  379.508797][ T1249] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready
[  379.590414][ T6688] loop6: detected capacity change from 0 to 7
[  379.600855][ T6688] Dev loop6: unable to read RDB block 7
[  379.606909][ T6688]  loop6: unable to read partition table
[  379.615153][ T6688] loop6: partition table beyond EOD, truncated
[  379.621436][ T6688] loop_reread_partitions: partition scan of loop6 (úùƒå¡™‰ü�¾SêjÌ–ã¢P=ý?ã}X‹ºÐ	œëÜ%õ«`ÉæÖ€ù…ˆŠ5) failed (rc=-5)
[  380.542756][ T1249] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[  380.672604][ T1249] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready
[  380.769297][ T6426] device veth1_macvtap entered promiscuous mode
[  380.909759][ T6426] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  380.962876][ T6426] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  380.973636][ T6426] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  380.986347][ T6426] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  381.001488][ T6426] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  381.046439][ T6426] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  381.066826][ T6426] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  381.078824][ T6426] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  381.098423][ T6426] batman_adv: batadv0: Interface activated: batadv_slave_0
[  381.110566][ T1249] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready
[  381.128091][ T1249] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[  381.145869][ T6426] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  381.159419][ T6426] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  381.174831][ T6426] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  381.189230][ T6426] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  381.202025][ T6426] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  381.222604][ T6426] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  381.239995][ T6426] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  381.260262][ T6426] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  381.281144][ T6426] batman_adv: batadv0: Interface activated: batadv_slave_1
[  381.300098][ T1249] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
[  381.317232][ T1249] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[  381.351233][ T6426] netdevsim netdevsim6 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  381.376757][ T6426] netdevsim netdevsim6 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  381.410980][ T6426] netdevsim netdevsim6 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  381.420798][ T6426] netdevsim netdevsim6 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  381.741008][ T4500] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  381.760142][ T4500] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  381.776674][ T1249] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready
[  381.807869][   T31] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  381.816599][   T31] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  381.830006][ T1249] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready
[  382.504576][ T6720] siw: device registration error -23
[  382.718590][ T6718] loop3: detected capacity change from 0 to 4096
[  382.730269][ T6718] ntfs3: Unknown parameter 'windows_names'
[  383.755036][ T4311] usb 8-1: new high-speed USB device number 2 using dummy_hcd
[  383.835973][ T4404] I/O error, dev loop3, sector 3968 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2
[  384.027905][ T4311] usb 8-1: config 0 has no interfaces?
[  384.056026][ T4311] usb 8-1: New USB device found, idVendor=045e, idProduct=0283, bcdDevice=99.0b
[  384.092165][ T4311] usb 8-1: New USB device strings: Mfr=1, Product=228, SerialNumber=2
[  384.120911][ T4311] usb 8-1: Product: syz
[  384.131047][ T4311] usb 8-1: Manufacturer: syz
[  384.141175][ T4311] usb 8-1: SerialNumber: syz
[  384.174794][ T4311] usb 8-1: config 0 descriptor??
[  384.368227][ T6734] loop5: detected capacity change from 0 to 764
[  386.669105][ T6743] loop3: detected capacity change from 0 to 1024
[  387.255956][ T6740] device wireguard0 entered promiscuous mode
[  387.890370][   T11] hfsplus: b-tree write err: -5, ino 4
[  389.530120][ T6768] binder: 6767:6768 ioctl c0306201 0 returned -14
[  389.621897][ T6770] binder: 6769:6770 ioctl c0306201 0 returned -14
[  389.827824][ T6773] binder: 6767:6773 ioctl c0306201 2000000004c0 returned -14
[  389.836741][ T6773] binder: 6767:6773 ioctl c0306201 2000000001c0 returned -14
[  390.121632][ T6774] binder: 6769:6774 ioctl c0306201 2000000004c0 returned -14
[  390.131005][ T6774] binder: 6769:6774 ioctl c0306201 2000000001c0 returned -14
[  390.477584][ T6776] loop2: detected capacity change from 0 to 512
[  390.657464][ T6776] EXT4-fs: Warning: mounting with data=journal disables delayed allocation, dioread_nolock, O_DIRECT and fast_commit support!
[  390.682063][ T6776] EXT4-fs (loop2): encrypted files will use data=ordered instead of data journaling mode
[  390.828056][ T6776] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=a002c018, mo2=0082]
[  390.852934][ T6776] System zones: 1-12
[  390.900718][ T6776] EXT4-fs warning (device loop2): ext4_expand_extra_isize_ea:2800: Unable to expand inode 15. Delete some EAs or run e2fsck.
[  390.928032][ T4766] usb 8-1: USB disconnect, device number 2
[  390.933950][ T6776] EXT4-fs (loop2): 1 truncate cleaned up
[  390.942239][ T6776] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: none.
[  392.881219][ T6816] loop7: detected capacity change from 0 to 256
[  392.917986][ T6817] loop5: detected capacity change from 0 to 128
[  393.268017][ T4275] EXT4-fs (loop2): unmounting filesystem.
[  393.278726][ T6817] syz.5.437: attempt to access beyond end of device
[  393.278726][ T6817] loop5: rw=2049, sector=138, nr_sectors = 112 limit=128
[  393.408110][ T6819] loop2: detected capacity change from 0 to 16
[  393.419360][ T6819] erofs: (device loop2): mounted with root inode @ nid 36.
[  393.554411][ T6822] netlink: 4 bytes leftover after parsing attributes in process `syz.3.440'.
[  393.765309][ T4310] usb 8-1: new high-speed USB device number 3 using dummy_hcd
[  394.141028][ T6821] IPVS: sed: FWM 3 0x00000003 - no destination available
[  394.148453][    C1] IPVS: sed: FWM 3 0x00000003 - no destination available
[  394.162097][ T4310] usb 8-1: Using ep0 maxpacket: 8
[  394.177904][ T4310] usb 8-1: unable to get BOS descriptor or descriptor too short
[  394.228594][ T6824] syz.2.439: attempt to access beyond end of device
[  394.228594][ T6824] loop2: rw=0, sector=34359739344, nr_sectors = 8 limit=16
[  394.245367][ T6824] syz.2.439: attempt to access beyond end of device
[  394.245367][ T6824] loop2: rw=0, sector=34359739344, nr_sectors = 8 limit=16
[  394.260730][ T6824] syz.2.439: attempt to access beyond end of device
[  394.260730][ T6824] loop2: rw=0, sector=34359739344, nr_sectors = 8 limit=16
[  394.582967][ T4310] usb 8-1: config 7 has an invalid interface number: 213 but max is 0
[  394.591211][ T4310] usb 8-1: config 7 has no interface number 0
[  394.702746][ T4310] usb 8-1: config 7 interface 213 altsetting 15 bulk endpoint 0x8F has invalid maxpacket 16
[  394.734557][ T4310] usb 8-1: config 7 interface 213 altsetting 15 endpoint 0xD has an invalid bInterval 128, changing to 7
[  394.755806][ T6833] binder: 6832:6833 ioctl c0306201 0 returned -14
[  394.764827][ T4310] usb 8-1: config 7 interface 213 altsetting 15 endpoint 0xD has invalid wMaxPacketSize 0
[  394.775907][ T6831] binder: 6830:6831 ioctl c0306201 0 returned -14
[  394.958462][ T4310] usb 8-1: config 7 interface 213 altsetting 15 endpoint 0xC has invalid maxpacket 1023, setting to 64
[  394.969887][ T4310] usb 8-1: config 7 interface 213 has no altsetting 0
[  395.070692][ T6839] binder: 6832:6839 ioctl c0306201 2000000004c0 returned -14
[  395.149323][ T6838] binder: 6830:6838 ioctl c0306201 2000000004c0 returned -14
[  395.159019][ T6838] binder: 6830:6838 ioctl c0306201 2000000001c0 returned -14
[  395.426230][ T4310] usb 8-1: language id specifier not provided by device, defaulting to English
[  395.447358][ T4310] usb 8-1: New USB device found, idVendor=15e8, idProduct=9100, bcdDevice=61.61
[  395.730962][ T4310] usb 8-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  395.756889][ T4310] usb 8-1: Product: syz
[  395.778526][ T4310] usb 8-1: Manufacturer: syz
[  395.800525][ T4310] usb 8-1: SerialNumber: syz
[  395.916618][ T4310] usb 8-1: can't set config #7, error -71
[  396.043300][ T4310] usb 8-1: USB disconnect, device number 3
[  396.453252][ T6848] netlink: 'syz.6.446': attribute type 1 has an invalid length.
[  396.543161][ T6858] IPv6: ADDRCONF(NETDEV_CHANGE): bpq0: link becomes ready
[  397.375448][ T4276] Bluetooth: hci4: link tx timeout
[  397.383566][ T4276] Bluetooth: hci4: killing stalled connection 11:aa:aa:aa:aa:aa
[  397.522156][ T6847] block nbd6: shutting down sockets
[  397.660581][ T6872] loop7: detected capacity change from 0 to 128
[  397.731658][ T6872] syz.7.451: attempt to access beyond end of device
[  397.731658][ T6872] loop7: rw=2049, sector=138, nr_sectors = 112 limit=128
[  397.794190][ T6876] loop2: detected capacity change from 0 to 16
[  397.908871][ T6876] erofs: (device loop2): mounted with root inode @ nid 36.
[  397.940576][ T6878] loop6: detected capacity change from 0 to 764
[  398.286546][ T6881] syz.2.452: attempt to access beyond end of device
[  398.286546][ T6881] loop2: rw=0, sector=34359739344, nr_sectors = 8 limit=16
[  398.308234][ T6881] syz.2.452: attempt to access beyond end of device
[  398.308234][ T6881] loop2: rw=0, sector=34359739344, nr_sectors = 8 limit=16
[  398.326730][ T6881] syz.2.452: attempt to access beyond end of device
[  398.326730][ T6881] loop2: rw=0, sector=34359739344, nr_sectors = 8 limit=16
[  399.552781][ T4276] Bluetooth: hci4: command 0x0406 tx timeout
[  401.760733][ T6900] binder: 6899:6900 ioctl c0306201 0 returned -14
[  402.057669][ T6907] binder: 6899:6907 ioctl c0306201 2000000004c0 returned -14
[  402.793355][ T6913] binder: 6912:6913 ioctl c0306201 0 returned -14
[  402.997484][ T6918] binder: 6916:6918 ioctl c0306201 0 returned -14
[  403.205257][ T6922] binder: 6912:6922 ioctl c0306201 2000000004c0 returned -14
[  403.389220][ T6924] binder: 6916:6924 ioctl c0306201 2000000004c0 returned -14
[  404.058099][ T6932] netlink: 'syz.3.463': attribute type 1 has an invalid length.
[  404.476702][ T4282] Bluetooth: hci4: link tx timeout
[  404.493799][ T4282] Bluetooth: hci4: killing stalled connection 11:aa:aa:aa:aa:aa
[  405.143182][ T6928] block nbd3: shutting down sockets
[  406.728129][ T4391] Bluetooth: hci2: Frame reassembly failed (-84)
[  406.760852][ T4391] Bluetooth: hci2: Frame reassembly failed (-84)
[  407.767027][ T6963] loop5: detected capacity change from 0 to 128
[  409.264341][ T4276] Bluetooth: hci2: Opcode 0x1003 failed: -110
[  409.271805][ T4282] Bluetooth: hci2: command 0x1003 tx timeout
[  409.443516][ T6963] EXT4-fs (loop5): mounted filesystem without journal. Quota mode: none.
[  409.452672][ T6963] ext4 filesystem being mounted at /73/mnt supports timestamps until 2038-01-19 (0x7fffffff)
[  409.718032][ T4934] EXT4-fs (loop5): unmounting filesystem.
[  409.881887][ T6974] loop2: detected capacity change from 0 to 256
[  409.889922][ T6974] FAT-fs (loop2): utf8 is not a recommended IO charset for FAT filesystems, filesystem will be case sensitive!
[  410.853579][ T6977] loop5: detected capacity change from 0 to 512
[  410.921633][ T6977] FAT-fs (loop5): utf8 is not a recommended IO charset for FAT filesystems, filesystem will be case sensitive!
[  411.282757][ T6981] FAT-fs (loop5): error, fat_get_cluster: invalid start cluster (i_pos 0, start 22000003)
[  411.415783][ T6981] FAT-fs (loop5): error, fat_free_clusters: deleting FAT entry beyond EOF
[  411.440717][ T6981] FAT-fs (loop5): error, fat_get_cluster: invalid start cluster (i_pos 0, start 22000003)
[  411.462748][ T6981] FAT-fs (loop5): error, fat_get_cluster: invalid start cluster (i_pos 0, start 22000003)
[  413.240562][ T6990] loop2: detected capacity change from 0 to 40427
[  413.262551][ T6990] F2FS-fs (loop2): invalid crc value
[  413.278667][ T6990] F2FS-fs (loop2): Found nat_bits in checkpoint
[  413.305216][ T6990] F2FS-fs (loop2): Start checkpoint disabled!
[  413.352308][ T6990] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e6
[  413.636393][ T6998] binder: 6995:6998 ioctl c0306201 0 returned -14
[  413.829767][ T6999] openvswitch: netlink: EtherType 0 is less than min 600
[  414.051990][ T7001] binder: 6995:7001 ioctl c0306201 2000000004c0 returned -14
[  415.144729][ T1249] kworker/u4:4: attempt to access beyond end of device
[  415.144729][ T1249] loop2: rw=2049, sector=40960, nr_sectors = 24 limit=40427
[  417.469096][ T7030] loop7: detected capacity change from 0 to 1024
[  418.327407][ T7027] device wireguard0 entered promiscuous mode
[  420.301004][ T1249] hfsplus: b-tree write err: -5, ino 4
[  421.116552][ T7042] loop5: detected capacity change from 0 to 128
[  421.193747][ T7042] syz.5.485: attempt to access beyond end of device
[  421.193747][ T7042] loop5: rw=2049, sector=138, nr_sectors = 112 limit=128
[  422.834080][ T7054] IPv6: ADDRCONF(NETDEV_CHANGE): bpq0: link becomes ready
[  423.326500][ T7058] binder: 7057:7058 ioctl c0306201 0 returned -14
[  423.958706][ T7065] binder: 7057:7065 ioctl c0306201 2000000004c0 returned -14
[  424.004514][ T7062] loop6: detected capacity change from 0 to 4096
[  425.124693][ T7067] NILFS (loop6): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
[  425.151301][ T7061] NILFS error (device loop6): nilfs_check_page: bad entry in directory #2: rec_len is too small for name_len - offset=0, inode=2, rec_len=16, name_len=11
[  425.163846][ T7070] binder: 7069:7070 ioctl c0306201 0 returned -14
[  425.430654][ T7070] binder: 7069:7070 ioctl c0306201 2000000001c0 returned -14
[  425.606863][ T7076] netlink: 'syz.3.490': attribute type 1 has an invalid length.
[  426.288269][ T7085] binder: 7084:7085 ioctl c0306201 0 returned -14
[  426.578513][ T7089] binder: 7084:7089 ioctl c0306201 2000000004c0 returned -14
[  426.757785][ T7093] siw: device registration error -23
[  427.310314][ T7071] block nbd3: shutting down sockets
[  427.568235][ T7099] loop2: detected capacity change from 0 to 4096
[  427.575656][ T7099] ntfs3: Unknown parameter 'windows_names'
[  427.821551][ T4372] I/O error, dev loop2, sector 3968 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2
[  430.723179][ T7120] loop2: detected capacity change from 0 to 128
[  430.851173][ T7118] syz.2.500: attempt to access beyond end of device
[  430.851173][ T7118] loop2: rw=2049, sector=138, nr_sectors = 112 limit=128
[  431.108143][ T7125] IPv6: ADDRCONF(NETDEV_CHANGE): bpq0: link becomes ready
[  432.004090][ T7136] binder: 7130:7136 ioctl c0306201 0 returned -14
[  432.021301][ T7137] binder: 7134:7137 ioctl c0306201 0 returned -14
[  432.730784][ T7146] binder: 7130:7146 ioctl c0306201 2000000001c0 returned -14
[  434.682176][ T7159] fuse: Bad value for 'fd'
[  435.630717][ T7164] loop6: detected capacity change from 0 to 4096
[  435.638186][ T7164] ntfs3: Unknown parameter 'windows_names'
[  435.716661][ T7167] binder: 7166:7167 ioctl c0306201 0 returned -14
[  435.926283][ T7171] binder: 7166:7171 ioctl c0306201 2000000004c0 returned -14
[  437.262745][ T7176] loop2: detected capacity change from 0 to 128
[  437.488223][ T7176] syz.2.511: attempt to access beyond end of device
[  437.488223][ T7176] loop2: rw=2049, sector=138, nr_sectors = 112 limit=128
[  440.275109][ T1274] ieee802154 phy0 wpan0: encryption failed: -22
[  440.281882][ T1274] ieee802154 phy1 wpan1: encryption failed: -22
[  442.318182][ T7202] fuse: Bad value for 'fd'
[  443.030455][ T7204] loop6: detected capacity change from 0 to 1024
[  444.068760][ T7204] [EXT4 FS bs=1024, gc=1, bpg=131072, ipg=32, mo=a80ec019, mo2=0002]
[  444.134537][ T7204] System zones: 1-12
[  444.192524][ T4283] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1
[  444.204312][ T4283] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9
[  444.216043][ T4283] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9
[  444.224183][ T4283] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4
[  444.231987][ T4283] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3
[  444.243191][ T4283] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2
[  444.263074][ T7204] EXT4-fs (loop6): mounted filesystem without journal. Quota mode: writeback.
[  444.394738][ T4276] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1
[  444.414933][ T4276] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9
[  444.422609][ T4276] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9
[  444.503916][ T7221] loop7: detected capacity change from 0 to 256
[  445.310399][ T4276] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4
[  445.322321][ T4276] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3
[  445.335624][ T4276] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2
[  445.872032][   T41] usb 8-1: new high-speed USB device number 4 using dummy_hcd
[  445.941664][ T7217] wlan0 speed is unknown, defaulting to 1000
[  446.117082][   T41] usb 8-1: Using ep0 maxpacket: 8
[  446.133263][   T41] usb 8-1: unable to get BOS descriptor or descriptor too short
[  446.193326][   T41] usb 8-1: config 7 has an invalid interface number: 213 but max is 0
[  446.220257][   T41] usb 8-1: config 7 has no interface number 0
[  446.242503][   T41] usb 8-1: config 7 interface 213 altsetting 15 bulk endpoint 0x8F has invalid maxpacket 16
[  446.254276][   T41] usb 8-1: config 7 interface 213 altsetting 15 endpoint 0xD has an invalid bInterval 128, changing to 7
[  446.272187][   T41] usb 8-1: config 7 interface 213 altsetting 15 endpoint 0xD has invalid wMaxPacketSize 0
[  446.292165][   T41] usb 8-1: config 7 interface 213 altsetting 15 endpoint 0xC has invalid maxpacket 1023, setting to 64
[  446.322177][   T41] usb 8-1: config 7 interface 213 has no altsetting 0
[  446.371625][ T6426] EXT4-fs (loop6): unmounting filesystem.
[  446.385905][ T7230] binder: 7229:7230 ioctl c0306201 0 returned -14
[  446.386736][   T41] usb 8-1: language id specifier not provided by device, defaulting to English
[  446.445265][   T41] usb 8-1: New USB device found, idVendor=15e8, idProduct=9100, bcdDevice=61.61
[  446.462974][   T41] usb 8-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  446.481677][   T41] usb 8-1: Product: syz
[  446.491819][   T41] usb 8-1: Manufacturer: syz
[  446.511587][   T41] usb 8-1: SerialNumber: syz
[  446.607632][ T7220] raw-gadget.0 gadget.7: fail, usb_ep_enable returned -22
[  446.646370][ T7230] binder: 7229:7230 ioctl c0306201 2000000001c0 returned -14
[  447.113756][ T7236] binder: 7234:7236 ioctl c0306201 0 returned -14
[  447.434313][ T4276] Bluetooth: hci2: command 0x0409 tx timeout
[  447.878809][   T41] pegasus: probe of 8-1:7.213 failed with error -71
[  447.985154][ T7246] loop5: detected capacity change from 0 to 128
[  448.392295][ T7246] syz.5.525: attempt to access beyond end of device
[  448.392295][ T7246] loop5: rw=2049, sector=138, nr_sectors = 112 limit=128
[  448.492745][   T41] usb 8-1: USB disconnect, device number 4
[  448.605858][ T4533] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  448.769720][ T7253] input: syz1 as /devices/virtual/input/input16
[  449.463271][ T7258] loop7: detected capacity change from 0 to 256
[  449.484728][ T7258] FAT-fs (loop7): utf8 is not a recommended IO charset for FAT filesystems, filesystem will be case sensitive!
[  450.103131][ T4276] Bluetooth: hci2: command 0x041b tx timeout
[  450.822364][ T4315] usb 7-1: new high-speed USB device number 2 using dummy_hcd
[  451.621883][ T4315] usb 7-1: Using ep0 maxpacket: 32
[  451.668075][ T4315] usb 7-1: device descriptor read/all, error -71
[  451.857048][ T4533] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  452.342545][ T4276] Bluetooth: hci2: command 0x040f tx timeout
[  453.208997][ T4533] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  453.409276][ T7283] loop6: detected capacity change from 0 to 128
[  453.438103][ T7283] UDF-fs: error (device loop6): udf_read_tagged: read failed, block=256, location=256
[  453.674654][ T7288] binder: 7287:7288 ioctl c0306201 0 returned -14
[  453.691321][ T4533] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  454.362324][ T4276] Bluetooth: hci2: command 0x0419 tx timeout
[  454.574838][ T4813] usb 6-1: new high-speed USB device number 2 using dummy_hcd
[  454.815442][   T26] audit: type=1800 audit(1772124472.640:7): pid=7302 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.6.533" name="file1" dev="loop6" ino=94 res=0 errno=0
[  454.852419][ T7217] chnl_net:caif_netlink_parms(): no params data found
[  454.914117][ T4813] usb 6-1: config 0 has no interfaces?
[  454.922744][ T4813] usb 6-1: New USB device found, idVendor=045e, idProduct=0283, bcdDevice=99.0b
[  454.946594][ T4813] usb 6-1: New USB device strings: Mfr=1, Product=228, SerialNumber=2
[  454.988175][ T4813] usb 6-1: Product: syz
[  455.087071][ T4813] usb 6-1: Manufacturer: syz
[  455.092789][ T4813] usb 6-1: SerialNumber: syz
[  455.168958][ T4813] usb 6-1: config 0 descriptor??
[  455.175911][ T7312] fuse: Bad value for 'fd'
[  456.366319][ T7290] 8021q: adding VLAN 0 to HW filter on device batadv1
[  456.387412][ T7290] team0: Port device batadv1 added
[  458.416765][ T7318] binder: 7317:7318 ioctl c0306201 0 returned -14
[  458.631865][ T7321] binder: 7317:7321 ioctl c0306201 2000000001c0 returned -14
[  459.236346][ T4315] usb 6-1: USB disconnect, device number 2
[  459.477515][ T7217] bridge0: port 1(bridge_slave_0) entered blocking state
[  459.596410][ T7217] bridge0: port 1(bridge_slave_0) entered disabled state
[  459.605838][ T7217] device bridge_slave_0 entered promiscuous mode
[  459.653117][ T7217] bridge0: port 2(bridge_slave_1) entered blocking state
[  459.665384][ T7217] bridge0: port 2(bridge_slave_1) entered disabled state
[  459.758178][ T7332] netlink: 12 bytes leftover after parsing attributes in process `syz.5.541'.
[  460.692724][ T7337] delete_channel: no stack
[  460.970325][ T7217] device bridge_slave_1 entered promiscuous mode
[  462.107865][ T7336] netdevsim netdevsim7: loading /lib/firmware/. failed with error -22
[  462.210336][ T7336] netdevsim netdevsim7: Direct firmware load for . failed with error -22
[  462.239611][ T7217] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  462.445139][ T7217] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  462.489169][ T7350] loop5: detected capacity change from 0 to 128
[  463.662375][ T7336] netdevsim netdevsim7: Falling back to sysfs fallback for: .
[  463.750472][ T7350] syz.5.544: attempt to access beyond end of device
[  463.750472][ T7350] loop5: rw=2049, sector=138, nr_sectors = 112 limit=128
[  464.925578][ T7362] binder: 7361:7362 ioctl c0306201 0 returned -14
[  465.381490][ T7217] team0: Port device team_slave_0 added
[  465.413927][ T7366] binder: 7364:7366 ioctl c0306201 0 returned -14
[  465.848804][ T7372] binder: 7364:7372 ioctl c0306201 2000000004c0 returned -14
[  465.857902][ T7372] binder: 7364:7372 ioctl c0306201 2000000001c0 returned -14
[  466.309074][ T7217] team0: Port device team_slave_1 added
[  466.337969][ T7217] batman_adv: batadv0: Adding interface: batadv_slave_0
[  466.345063][ T7217] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  466.381462][ T7217] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  466.415498][ T7217] batman_adv: batadv0: Adding interface: batadv_slave_1
[  466.429796][ T7217] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  466.458400][ T7217] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  466.496426][ T7217] device hsr_slave_0 entered promiscuous mode
[  466.503633][ T7217] device hsr_slave_1 entered promiscuous mode
[  466.520402][ T7217] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  466.535702][ T7217] Cannot create hsr debugfs directory
[  466.752741][ T7380] binder: 7378:7380 ioctl c0306201 0 returned -14
[  467.297142][ T7389] loop7: detected capacity change from 0 to 4096
[  467.304929][ T7389] ntfs3: Unknown parameter 'windows_names'
[  467.313985][ T7382] binder: 7378:7382 ioctl c0306201 2000000004c0 returned -14
[  467.322833][ T7382] binder: 7378:7382 ioctl c0306201 2000000001c0 returned -14
[  467.485843][ T4404] I/O error, dev loop7, sector 3968 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2
[  469.260278][ T7413] loop5: detected capacity change from 0 to 128
[  470.664028][ T7416] loop7: detected capacity change from 0 to 764
[  471.817252][ T7217] netdevsim netdevsim8 netdevsim0: renamed from eth0
[  471.828249][ T7217] netdevsim netdevsim8 netdevsim1: renamed from eth1
[  471.847668][ T7217] netdevsim netdevsim8 netdevsim2: renamed from eth2
[  471.858809][ T7217] netdevsim netdevsim8 netdevsim3: renamed from eth3
[  472.041614][ T7217] 8021q: adding VLAN 0 to HW filter on device bond0
[  472.187157][ T7217] 8021q: adding VLAN 0 to HW filter on device team0
[  472.210303][ T4502] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[  472.221302][ T4502] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[  472.234747][   T11] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[  472.245328][   T11] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[  472.254355][   T11] bridge0: port 1(bridge_slave_0) entered blocking state
[  472.261615][   T11] bridge0: port 1(bridge_slave_0) entered forwarding state
[  472.296351][   T11] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[  472.307332][   T11] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[  472.319639][   T11] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[  472.328563][   T11] bridge0: port 2(bridge_slave_1) entered blocking state
[  472.336054][   T11] bridge0: port 2(bridge_slave_1) entered forwarding state
[  472.353741][   T11] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[  472.432159][ T4500] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[  472.444661][ T6722] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[  472.457950][ T6722] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[  472.506244][ T4533] device hsr_slave_0 left promiscuous mode
[  472.515237][ T4533] device hsr_slave_1 left promiscuous mode
[  472.523158][ T4533] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  472.530898][ T4533] batman_adv: batadv0: Removing interface: batadv_slave_0
[  472.540293][ T4533] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  472.549040][ T4533] batman_adv: batadv0: Removing interface: batadv_slave_1
[  472.557196][ T4533] device bridge_slave_1 left promiscuous mode
[  472.563717][ T4533] bridge0: port 2(bridge_slave_1) entered disabled state
[  472.572598][ T4533] device bridge_slave_0 left promiscuous mode
[  472.579395][ T4533] bridge0: port 1(bridge_slave_0) entered disabled state
[  472.609855][ T4533] device veth1_macvtap left promiscuous mode
[  472.616536][ T4533] device veth0_macvtap left promiscuous mode
[  472.624714][ T4533] device veth1_vlan left promiscuous mode
[  472.630566][ T4533] device veth0_vlan left promiscuous mode
[  472.816602][ T4533] bond1 (unregistering): Released all slaves
[  473.463801][ T4533] team0 (unregistering): Port device team_slave_1 removed
[  473.514411][ T4533] team0 (unregistering): Port device team_slave_0 removed
[  473.570169][ T4533] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  473.619349][ T4533] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  473.974573][ T4533] bond0 (unregistering): Released all slaves
[  474.075492][ T6722] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[  474.087410][ T6722] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[  474.097402][ T6722] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[  474.106931][ T6722] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[  474.115467][ T6722] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[  474.145464][ T7217] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[  474.166369][ T7217] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[  474.180956][ T6722] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[  474.190137][ T6722] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[  474.599974][ T6722] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready
[  474.612529][ T6722] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready
[  474.625837][ T7217] 8021q: adding VLAN 0 to HW filter on device batadv0
[  475.107452][ T4533] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready
[  475.121589][ T4533] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[  475.146845][ T4533] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready
[  475.163399][ T4533] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[  475.173491][ T4533] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[  475.181620][ T4533] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[  475.197767][ T7217] device veth0_vlan entered promiscuous mode
[  475.219080][ T7217] device veth1_vlan entered promiscuous mode
[  475.246493][ T4533] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready
[  475.257270][ T4533] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready
[  475.266363][ T4533] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready
[  475.276337][ T4533] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[  475.293668][ T7217] device veth0_macvtap entered promiscuous mode
[  475.306378][ T7217] device veth1_macvtap entered promiscuous mode
[  475.325623][ T7217] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  475.340569][ T7217] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  475.351521][ T7217] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  475.363005][ T7217] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  475.373618][ T7217] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  475.390269][ T7217] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  475.400744][ T7217] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  475.413700][ T7217] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  475.426539][ T7217] batman_adv: batadv0: Interface activated: batadv_slave_0
[  475.435513][ T4533] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready
[  475.446568][ T4533] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready
[  475.460291][ T4533] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready
[  475.469894][ T4533] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[  475.482312][ T7217] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  475.495967][ T7217] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  475.506892][ T7217] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  475.552285][ T7217] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  475.574226][ T7217] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  475.586246][ T7217] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  475.596797][ T7217] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  475.607718][ T7217] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  475.619983][ T7217] batman_adv: batadv0: Interface activated: batadv_slave_1
[  475.629753][ T6722] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
[  475.640995][ T6722] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[  475.660567][ T7217] netdevsim netdevsim8 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  475.669795][ T7217] netdevsim netdevsim8 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  475.681805][ T7217] netdevsim netdevsim8 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  475.698545][ T7217] netdevsim netdevsim8 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  475.823860][ T4533] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  475.831901][ T4533] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  475.849445][ T4500] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready
[  475.881189][ T6722] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  475.891148][ T6722] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  475.900764][ T6722] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready
[  476.089346][ T7497] loop5: detected capacity change from 0 to 64
[  476.106632][ T7497] hfs: get root inode failed
[  476.320724][ T7492] sctp: [Deprecated]: syz.6.569 (pid 7492) Use of int in max_burst socket option.
[  476.320724][ T7492] Use struct sctp_assoc_value instead
[  477.795901][ T7498] xt_time: unknown flags 0xc
[  477.816051][ T7498] loop7: detected capacity change from 0 to 2048
[  481.706292][ T7538] device wireguard0 entered promiscuous mode
[  481.784886][ T7538] loop2: detected capacity change from 0 to 1024
[  482.738498][ T4322] hfsplus: b-tree write err: -5, ino 4
[  483.055029][ T7548] binder: 7546:7548 ioctl c0306201 0 returned -14
[  483.298064][ T7547] binder: 7546:7547 ioctl c0306201 2000000004c0 returned -14
[  483.332561][ T7553] loop6: detected capacity change from 0 to 16
[  483.501872][ T7553] erofs: (device loop6): EXPERIMENTAL compressed fragments feature in use. Use at your own risk!
[  483.512996][ T7553] erofs: (device loop6): EXPERIMENTAL global deduplication feature in use. Use at your own risk!
[  483.684624][ T7557] netlink: 12 bytes leftover after parsing attributes in process `syz.5.573'.
[  484.141474][ T7566] netlink: 36 bytes leftover after parsing attributes in process `syz.6.574'.
[  484.896126][ T7567] xt_recent: Unsupported userspace flags (000000de)
[  484.901368][ T7574] binder: 7572:7574 ioctl c0306201 0 returned -14
[  485.208222][ T7579] binder: 7572:7579 ioctl c0306201 2000000004c0 returned -14
[  485.217281][ T7579] binder: 7572:7579 ioctl c0306201 2000000001c0 returned -14
[  486.402146][ T7587] input: Bluetooth HID Boot Protocol Device as /devices/virtual/bluetooth/hci2/hci2:200/input17
[  486.508210][ T7589] loop8: detected capacity change from 0 to 512
[  487.531878][ T7589] EXT4-fs (loop8): mounted filesystem without journal. Quota mode: writeback.
[  487.541022][ T7589] ext4 filesystem being mounted at /3/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  488.329659][ T7604] loop7: detected capacity change from 0 to 40427
[  489.191636][ T7604] F2FS-fs (loop7): invalid crc value
[  489.367209][ T7217] EXT4-fs (loop8): unmounting filesystem.
[  489.414892][ T7604] F2FS-fs (loop7): Found nat_bits in checkpoint
[  489.483732][ T7604] F2FS-fs (loop7): Mounted with checkpoint version = 48b305e5
[  490.130088][ T7619] loop8: detected capacity change from 0 to 256
[  491.594060][ T7629] netlink: 20 bytes leftover after parsing attributes in process `syz.8.585'.
[  491.879510][ T7628] kAFS: unable to lookup cell '/,'
[  493.988788][ T7655] binder: 7654:7655 ioctl c0306201 0 returned -14
[  494.396876][ T7660] binder: 7654:7660 ioctl c0306201 2000000004c0 returned -14
[  494.406269][ T7660] binder: 7654:7660 ioctl c0306201 2000000001c0 returned -14
[  495.665335][ T7674] loop6: detected capacity change from 0 to 1024
[  495.675797][ T7674] EXT4-fs: Ignoring removed nomblk_io_submit option
[  496.223937][ T7674] EXT4-fs (loop6): mounted filesystem without journal. Quota mode: none.
[  496.270385][   T26] audit: type=1800 audit(1772124514.090:8): pid=7673 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.6.592" name="file1" dev="loop6" ino=15 res=0 errno=0
[  496.515751][ T7683] loop8: detected capacity change from 0 to 2048
[  496.559680][ T6426] EXT4-fs (loop6): unmounting filesystem.
[  496.912630][ T7683] EXT4-fs (loop8): mounted filesystem without journal. Quota mode: none.
[  498.029933][ T7217] EXT4-fs (loop8): unmounting filesystem.
[  498.076539][ T7700] loop6: detected capacity change from 0 to 1024
[  498.164788][ T7689] device wireguard0 entered promiscuous mode
[  498.476710][ T1249] hfsplus: b-tree write err: -5, ino 4
[  498.639964][ T7711] binder: 7709:7711 ioctl c0306201 0 returned -14
[  499.436123][ T7710] binder: 7709:7710 ioctl c0306201 2000000004c0 returned -14
[  499.530866][ T7723] binder: 7722:7723 ioctl c0306201 0 returned -14
[  499.829403][ T7728] binder: 7722:7728 ioctl c0306201 2000000004c0 returned -14
[  499.838421][ T7728] binder: 7722:7728 ioctl c0306201 2000000001c0 returned -14
[  501.019434][ T7739] loop7: detected capacity change from 0 to 16
[  501.027282][ T7739] erofs: (device loop7): mounted with root inode @ nid 36.
[  501.534635][ T7746] syz.7.607: attempt to access beyond end of device
[  501.534635][ T7746] loop7: rw=0, sector=34359739344, nr_sectors = 8 limit=16
[  501.550541][ T7746] syz.7.607: attempt to access beyond end of device
[  501.550541][ T7746] loop7: rw=0, sector=34359739344, nr_sectors = 8 limit=16
[  501.624998][ T7743] loop8: detected capacity change from 0 to 4096
[  501.672664][ T7747] loop2: detected capacity change from 0 to 512
[  501.686262][ T7749] NILFS (loop8): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
[  501.714252][ T1274] ieee802154 phy0 wpan0: encryption failed: -22
[  501.721571][ T1274] ieee802154 phy1 wpan1: encryption failed: -22
[  501.730439][ T7742] NILFS error (device loop8): nilfs_check_page: bad entry in directory #2: rec_len is too small for name_len - offset=0, inode=2, rec_len=16, name_len=11
[  502.429947][ T7754] loop7: detected capacity change from 0 to 256
[  502.547613][ T7527] I/O error, dev loop7, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2
[  505.025869][ T7781] tty tty4: ldisc open failed (-12), clearing slot 3
[  505.676764][ T7776] loop8: detected capacity change from 0 to 4096
[  505.776184][ T7789] binder: 7787:7789 ioctl c0306201 0 returned -14
[  505.799710][ T7776] EXT4-fs (loop8): mounted filesystem without journal. Quota mode: writeback.
[  506.174557][ T7793] binder: 7787:7793 ioctl c0306201 2000000004c0 returned -14
[  506.183858][ T7793] binder: 7787:7793 ioctl c0306201 2000000001c0 returned -14
[  508.984598][ T7217] EXT4-fs (loop8): unmounting filesystem.
[  511.389729][ T7828] netlink: 168 bytes leftover after parsing attributes in process `syz.5.623'.
[  512.036438][ T7839] netlink: 24 bytes leftover after parsing attributes in process `syz.7.624'.
[  513.820809][ T7853] binder: 7851:7853 ioctl c0306201 0 returned -14
[  514.022103][ T4276] Bluetooth: hci2: link tx timeout
[  514.031800][ T4276] Bluetooth: hci2: killing stalled connection 11:aa:aa:aa:aa:aa
[  514.293909][ T7860] binder: 7851:7860 ioctl c0306201 2000000004c0 returned -14
[  514.302970][ T7860] binder: 7851:7860 ioctl c0306201 2000000001c0 returned -14
[  516.232948][ T4283] Bluetooth: hci2: command 0x0406 tx timeout
[  518.065948][ T7883] input: syz0 as /devices/virtual/input/input18
[  518.447135][ T7891] netlink: 4 bytes leftover after parsing attributes in process `syz.8.638'.
[  519.014026][ T7889] binder: 7887:7889 ioctl c0306201 0 returned -14
[  519.270039][ T7889] binder: 7887:7889 ioctl c0306201 2000000004c0 returned -14
[  519.278471][ T7889] binder: 7887:7889 ioctl c0306201 2000000001c0 returned -14
[  520.722333][ T7918] fuse: Bad value for 'fd'
[  521.517357][ T7933] netlink: 24 bytes leftover after parsing attributes in process `syz.5.646'.
[  523.090850][ T7931] netlink: 'syz.2.647': attribute type 10 has an invalid length.
[  523.098691][ T7931] netlink: 2 bytes leftover after parsing attributes in process `syz.2.647'.
[  523.107626][ T7931] device bond0 entered promiscuous mode
[  523.113284][ T7931] device bond_slave_0 entered promiscuous mode
[  523.119615][ T7931] device bond_slave_1 entered promiscuous mode
[  523.126079][ T7931] bridge0: port 3(bond0) entered blocking state
[  523.132400][ T7931] bridge0: port 3(bond0) entered disabled state
[  523.140231][ T7931] bridge0: port 3(bond0) entered blocking state
[  523.147185][ T7931] bridge0: port 3(bond0) entered forwarding state
[  523.577215][ T4283] Bluetooth: hci2: link tx timeout
[  523.582620][ T4283] Bluetooth: hci2: killing stalled connection 11:aa:aa:aa:aa:aa
[  523.590423][ T4283] Bluetooth: hci2: link tx timeout
[  523.595633][ T4283] Bluetooth: hci2: killing stalled connection 11:aa:aa:aa:aa:aa
[  523.614921][ T4283] Bluetooth: hci2: link tx timeout
[  523.620220][ T4283] Bluetooth: hci2: killing stalled connection 11:aa:aa:aa:aa:aa
[  523.631863][ T4283] Bluetooth: hci2: link tx timeout
[  523.637103][ T4283] Bluetooth: hci2: killing stalled connection 11:aa:aa:aa:aa:aa
[  523.679443][ T4283] Bluetooth: hci2: link tx timeout
[  523.684696][ T4283] Bluetooth: hci2: killing stalled connection 11:aa:aa:aa:aa:aa
[  523.692719][ T4283] Bluetooth: hci2: link tx timeout
[  523.697853][ T4283] Bluetooth: hci2: killing stalled connection 11:aa:aa:aa:aa:aa
[  523.903185][ T7949] binder: 7948:7949 ioctl c0306201 0 returned -14
[  524.133599][ T7949] binder: 7948:7949 ioctl c0306201 2000000004c0 returned -14
[  524.142687][ T7949] binder: 7948:7949 ioctl c0306201 2000000001c0 returned -14
[  526.626420][ T7978] binder: 7976:7978 ioctl c0306201 0 returned -14
[  526.665870][ T7979] loop7: detected capacity change from 0 to 16
[  526.739671][ T7979] erofs: (device loop7): mounted with root inode @ nid 36.
[  527.025005][ T7988] binder: 7976:7988 ioctl c0306201 2000000004c0 returned -14
[  527.033995][ T7988] binder: 7976:7988 ioctl c0306201 2000000001c0 returned -14
[  528.312050][ T8003] loop7: detected capacity change from 0 to 128
[  528.540682][ T8000] syz.7.660: attempt to access beyond end of device
[  528.540682][ T8000] loop7: rw=2049, sector=138, nr_sectors = 112 limit=128
[  528.558498][ T8002] loop8: detected capacity change from 0 to 128
[  528.651573][ T8002] syz.8.661: attempt to access beyond end of device
[  528.651573][ T8002] loop8: rw=2049, sector=138, nr_sectors = 112 limit=128
[  528.949873][ T8012] netlink: 'syz.5.663': attribute type 3 has an invalid length.
[  528.960732][ T8012] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  530.373091][ T8029] loop7: detected capacity change from 0 to 128
[  530.455459][ T8030] loop6: detected capacity change from 0 to 2048
[  530.634808][ T8029] syz.7.668: attempt to access beyond end of device
[  530.634808][ T8029] loop7: rw=2049, sector=138, nr_sectors = 112 limit=128
[  530.708608][ T8030] EXT4-fs (loop6): mounted filesystem without journal. Quota mode: none.
[  530.717916][ T8030] ext4 filesystem being mounted at /48/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  531.204230][ T6426] EXT4-fs (loop6): unmounting filesystem.
[  531.973918][ T8052] loop7: detected capacity change from 0 to 2048
[  532.469242][ T8052] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000)
[  532.562825][ T8054] binder: 8053:8054 ioctl c0306201 0 returned -14
[  533.181137][ T8055] binder: 8053:8055 ioctl c0306201 2000000004c0 returned -14
[  533.189570][ T8055] binder: 8053:8055 ioctl c0306201 2000000001c0 returned -14
[  534.381396][ T8070] loop7: detected capacity change from 0 to 128
[  534.471595][ T8070] syz.7.676: attempt to access beyond end of device
[  534.471595][ T8070] loop7: rw=2049, sector=138, nr_sectors = 112 limit=128
[  540.432424][ T8146] loop7: detected capacity change from 0 to 512
[  540.566857][ T8146] EXT4-fs error (device loop7): ext4_init_orphan_info:584: comm syz.7.693: inode #0: comm syz.7.693: iget: illegal inode #
[  541.404628][ T8146] EXT4-fs (loop7): get orphan inode failed
[  541.432199][ T8146] EXT4-fs (loop7): mount failed
[  542.652766][    T7] usb 7-1: new full-speed USB device number 4 using dummy_hcd
[  542.893966][    T7] usb 7-1: config 0 has an invalid interface number: 207 but max is 0
[  543.242173][    T7] usb 7-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  543.420177][ T8165] Illegal XDP return value 2204616313 on prog  (id 78) dev N/A, expect packet loss!
[  544.142774][    T7] usb 7-1: config 0 has no interface number 0
[  544.194056][    T7] usb 7-1: New USB device found, idVendor=12d1, idProduct=ed56, bcdDevice=46.dd
[  544.254243][    T7] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  544.287269][    T7] usb 7-1: Product: syz
[  544.345705][    T7] usb 7-1: Manufacturer: syz
[  544.350361][    T7] usb 7-1: SerialNumber: syz
[  544.422363][    T7] usb 7-1: config 0 descriptor??
[  544.504141][    T7] usb 7-1: can't set config #0, error -71
[  544.541427][    T7] usb 7-1: USB disconnect, device number 4
[  545.973827][ T8192] fuse: Bad value for 'fd'
[  546.726090][ T8196] loop6: detected capacity change from 0 to 128
[  548.632183][ T8216] xt_socket: unknown flags 0xc
[  549.405447][ T8220] loop8: detected capacity change from 0 to 1024
[  549.502010][ T4813] usb 7-1: new high-speed USB device number 5 using dummy_hcd
[  549.516412][ T8220] hfsplus: invalid gid specified
[  549.532552][ T8220] hfsplus: unable to parse mount options
[  549.815888][ T4813] usb 7-1: config 27 has an invalid descriptor of length 0, skipping remainder of the config
[  550.275018][ T8230] input: syz0 as /devices/virtual/input/input19
[  550.394031][ T4813] usb 7-1: New USB device found, idVendor=0582, idProduct=0025, bcdDevice=bb.9d
[  550.403635][ T4813] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  551.147438][ T8248] fuse: Bad value for 'fd'
[  551.872287][ T4347] usb 7-1: USB disconnect, device number 5
[  551.887562][ T8254] loop8: detected capacity change from 0 to 128
[  552.018845][ T8254] qnx6: wrong signature (magic) at position (0x2000) - will try alternative position (0x0000).
[  552.285715][ T8262] loop7: detected capacity change from 0 to 128
[  552.309130][ T8254] qnx6: wrong signature (magic) in superblock #1.
[  552.455844][ T8259] binder: 8258:8259 ioctl c0306201 0 returned -14
[  552.461125][ T8262] syz.7.718: attempt to access beyond end of device
[  552.461125][ T8262] loop7: rw=2049, sector=138, nr_sectors = 112 limit=128
[  552.487519][ T8254] qnx6: unable to read the first superblock
[  552.781468][ T8265] binder: 8258:8265 ioctl c0306201 2000000004c0 returned -14
[  552.791397][ T8265] binder: 8258:8265 ioctl c0306201 2000000001c0 returned -14
[  553.422240][ T8271] loop8: detected capacity change from 0 to 512
[  553.512937][ T8271] EXT4-fs: Ignoring removed i_version option
[  553.618057][ T8271] EXT4-fs (loop8): 1 truncate cleaned up
[  553.646786][ T8271] EXT4-fs (loop8): mounted filesystem without journal. Quota mode: writeback.
[  554.399146][ T7217] EXT4-fs (loop8): unmounting filesystem.
[  556.064125][ T8309] fuse: Bad value for 'fd'
[  557.030709][ T8318] loop6: detected capacity change from 0 to 128
[  557.326726][ T8318] syz.6.731: attempt to access beyond end of device
[  557.326726][ T8318] loop6: rw=2049, sector=138, nr_sectors = 112 limit=128
[  558.948760][ T8339] loop7: detected capacity change from 0 to 2048
[  559.063932][ T8344] loop6: detected capacity change from 0 to 128
[  559.087266][ T8344] syz.6.735: attempt to access beyond end of device
[  559.087266][ T8344] loop6: rw=2049, sector=138, nr_sectors = 112 limit=128
[  559.137959][ T7618] I/O error, dev loop7, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2
[  559.730197][ T8363] fuse: Bad value for 'fd'
[  561.403962][ T8389] binder: 8388:8389 ioctl c0306201 0 returned -14
[  561.711149][ T8395] binder: 8388:8395 ioctl c0306201 2000000004c0 returned -14
[  561.720425][ T8395] binder: 8388:8395 ioctl c0306201 2000000001c0 returned -14
[  562.371906][ T4283] Bluetooth: hci2: Invalid connection link type handle 0x00c9
[  562.527468][ T8404] loop7: detected capacity change from 0 to 128
[  562.587757][ T8410] loop8: detected capacity change from 0 to 128
[  562.638605][ T8404] omfs: Invalid superblock (7b3184f9)
[  562.650470][ T8410] qnx6: superblock #1 checksum error
[  563.253668][ T1274] ieee802154 phy0 wpan0: encryption failed: -22
[  563.260082][ T1274] ieee802154 phy1 wpan1: encryption failed: -22
[  563.497355][ T8424] fuse: Bad value for 'fd'
[  564.615020][ T4310] usb 9-1: new high-speed USB device number 2 using dummy_hcd
[  564.873326][ T4310] usb 9-1: Using ep0 maxpacket: 16
[  564.900632][ T4310] usb 9-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  565.088038][ T4310] usb 9-1: config 1 has 1 interface, different from the descriptor's value: 3
[  565.215072][ T4310] usb 9-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[  565.281739][ T4310] usb 9-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  565.341101][ T4310] usb 9-1: Product: syz
[  565.366606][ T4310] usb 9-1: Manufacturer: syz
[  565.397639][ T4310] usb 9-1: SerialNumber: syz
[  565.831923][ T4310] usb 9-1: 0:2 : does not exist
[  566.017285][ T4310] usb 9-1: 5:0: failed to get current value for ch 0 (-22)
[  566.218954][ T4310] usb 9-1: USB disconnect, device number 2
[  567.069368][ T8475] binder: 8473:8475 ioctl c0306201 0 returned -14
[  567.679476][ T8479] binder: 8473:8479 ioctl c0306201 2000000004c0 returned -14
[  567.688532][ T8479] binder: 8473:8479 ioctl c0306201 2000000001c0 returned -14
[  568.544562][ T8500] binder: 8498:8500 ioctl c0306201 0 returned -14
[  568.873823][ T8507] binder: 8498:8507 ioctl c0306201 2000000004c0 returned -14
[  568.882731][ T8507] binder: 8498:8507 ioctl c0306201 2000000001c0 returned -14
[  571.022628][ T4766] usb 7-1: new high-speed USB device number 6 using dummy_hcd
[  571.221981][ T4766] usb 7-1: Using ep0 maxpacket: 32
[  571.229124][ T4766] usb 7-1: too many configurations: 24, using maximum allowed: 8
[  571.273303][ T4766] usb 7-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  571.398527][ T4766] usb 7-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  571.423866][ T4766] usb 7-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  571.443053][ T4766] usb 7-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  571.463100][ T4766] usb 7-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  571.513819][ T4766] usb 7-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  571.577545][ T4766] usb 7-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  571.615148][ T4766] usb 7-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  571.680638][ T4766] usb 7-1: New USB device found, idVendor=1630, idProduct=0042, bcdDevice=5b.13
[  571.711319][ T4766] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  571.762015][ T4766] usb 7-1: Product: syz
[  571.787357][ T4766] usb 7-1: Manufacturer: syz
[  571.814405][ T4766] usb 7-1: SerialNumber: syz
[  571.863384][ T4766] usb 7-1: config 0 descriptor??
[  571.901052][ T4766] cdc_acm 7-1:0.0: Zero length descriptor references
[  572.123104][ T4766] cdc_acm: probe of 7-1:0.0 failed with error -22
[  572.830043][ T4766] usb 7-1: USB disconnect, device number 6
[  574.945381][ T8555] input: syz0 as /devices/virtual/input/input20
[  575.081375][ T8566] loop7: detected capacity change from 0 to 64
[  575.137373][ T8566] BFS-fs: bfs_fill_super(): loop7 is unclean, continuing
[  575.178722][ T8566] BFS-fs: bfs_fill_super(): Impossible last inode number 2097656 > 513 on loop7
[  575.476045][ T8572] loop8: detected capacity change from 0 to 128
[  575.557012][ T8572] syz.8.792: attempt to access beyond end of device
[  575.557012][ T8572] loop8: rw=2049, sector=138, nr_sectors = 112 limit=128
[  575.882301][ T5328] usb 8-1: new high-speed USB device number 5 using dummy_hcd
[  576.382101][ T5328] usb 8-1: Using ep0 maxpacket: 8
[  576.391367][ T5328] usb 8-1: config 9 has an invalid interface number: 72 but max is 0
[  576.486860][ T5328] usb 8-1: config 9 has no interface number 0
[  576.508320][ T5328] usb 8-1: config 9 interface 72 altsetting 5 endpoint 0x5 has invalid wMaxPacketSize 0
[  576.551291][ T5328] usb 8-1: config 9 interface 72 has no altsetting 0
[  576.961347][ T5328] usb 8-1: New USB device found, idVendor=0c72, idProduct=0013, bcdDevice=fb.7d
[  577.169639][ T5328] usb 8-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  577.340047][ T5328] usb 8-1: Product: syz
[  577.371710][ T5328] usb 8-1: Manufacturer: syz
[  577.402436][ T5328] usb 8-1: SerialNumber: syz
[  577.657612][ T5328] usb 8-1: USB disconnect, device number 5
[  577.933925][ T8620] loop6: detected capacity change from 0 to 16
[  577.985153][ T8620] erofs: (device loop6): erofs_fc_fill_super: rootino(nid 36) is not a directory(i_mode 25000)
[  578.709371][ T8636] fuse: Bad value for 'fd'
[  578.732561][ T8637] loop8: detected capacity change from 0 to 128
[  578.850396][ T8634] syz.8.808: attempt to access beyond end of device
[  578.850396][ T8634] loop8: rw=2049, sector=138, nr_sectors = 112 limit=128
[  579.460795][ T8647] loop8: detected capacity change from 0 to 16
[  580.410862][ T4283] Bluetooth: hci2: Malformed Event: 0x2f
[  580.963075][ T8686] loop7: detected capacity change from 0 to 64
[  581.071349][ T8691] fuse: Bad value for 'fd'
[  581.481490][ T8694] loop8: detected capacity change from 0 to 256
[  581.914543][ T8704] loop6: detected capacity change from 0 to 4096
[  582.595751][ T8704] ntfs: volume version 3.1.
[  583.103640][ T8719] loop8: detected capacity change from 0 to 8
[  583.388179][ T8719] SQUASHFS error: lzo decompression failed, data probably corrupt
[  583.452124][ T8719] SQUASHFS error: Failed to read block 0x144: -5
[  583.500035][ T8719] SQUASHFS error: Unable to read metadata cache entry [142]
[  583.556801][ T8729] loop6: detected capacity change from 0 to 128
[  583.584188][ T8719] SQUASHFS error: Unable to read inode 0x11f
[  583.624887][ T8729] qnx6: unable to set blocksize
[  584.614886][ T8742] loop8: detected capacity change from 0 to 256
[  586.344441][ T8785] loop7: detected capacity change from 0 to 64
[  586.511791][ T8785] hfs: get root inode failed
[  587.379304][ T8789] loop6: detected capacity change from 0 to 1024
[  587.450590][ T8789] EXT4-fs (loop6): ext4_check_descriptors: Inode bitmap for group 0 overlaps block group descriptors
[  587.484297][ T8789] EXT4-fs (loop6): ext4_check_descriptors: Checksum for group 0 failed (51554!=20869)
[  587.525500][ T8789] EXT4-fs (loop6): invalid journal inode
[  587.791735][ T8805] loop7: detected capacity change from 0 to 128
[  587.815692][ T8805] syz.7.855: attempt to access beyond end of device
[  587.815692][ T8805] loop7: rw=2049, sector=138, nr_sectors = 112 limit=128
[  590.038011][ T8840] loop7: detected capacity change from 0 to 164
[  590.194760][ T8840] ISOFS: primary root directory is empty. Disabling Rock Ridge and switching to Joliet.
[  590.696960][ T8855] loop6: detected capacity change from 0 to 128
[  590.751046][ T8855] sysv_free_inode: inode 0,1,2 or nonexistent inode
[  590.825470][ T4766] usb 8-1: new high-speed USB device number 6 using dummy_hcd
[  591.022029][ T4766] usb 8-1: Using ep0 maxpacket: 32
[  591.031383][ T4766] usb 8-1: config 0 has an invalid interface number: 17 but max is 0
[  591.117210][ T4766] usb 8-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  591.208345][ T4766] usb 8-1: config 0 has no interface number 0
[  591.257206][ T4766] usb 8-1: config 0 interface 17 altsetting 0 endpoint 0x5 has an invalid bInterval 0, changing to 7
[  591.500905][ T4766] usb 8-1: config 0 interface 17 altsetting 0 endpoint 0x5 has invalid maxpacket 1431, setting to 1024
[  591.687014][ T4766] usb 8-1: config 0 interface 17 altsetting 0 endpoint 0x88 has invalid wMaxPacketSize 0
[  591.751216][ T4766] usb 8-1: New USB device found, idVendor=05ac, idProduct=024a, bcdDevice=ab.c3
[  591.847457][ T4766] usb 8-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  592.038289][ T4766] usb 8-1: Product: syz
[  592.051101][ T4766] usb 8-1: Manufacturer: syz
[  592.056030][ T4766] usb 8-1: SerialNumber: syz
[  592.062771][ T4766] usb 8-1: config 0 descriptor??
[  592.074527][ T8851] raw-gadget.0 gadget.7: fail, usb_ep_enable returned -22
[  592.246512][ T4766] input: bcm5974 as /devices/platform/dummy_hcd.7/usb8/8-1/8-1:0.17/input/input21
[  592.769626][ T3622] bcm5974 8-1:0.17: could not read from device
[  592.795802][ T8882] loop8: detected capacity change from 0 to 256
[  592.834518][ T3622] bcm5974 8-1:0.17: could not read from device
[  592.898849][ T4766] usb 8-1: USB disconnect, device number 6
[  592.913572][ T8882] FAT-fs (loop8): Directory bread(block 64) failed
[  592.967320][ T8882] FAT-fs (loop8): Directory bread(block 65) failed
[  592.975645][ T3622] bcm5974 8-1:0.17: could not read from device
[  593.022748][ T8882] FAT-fs (loop8): Directory bread(block 66) failed
[  593.040061][ T8882] FAT-fs (loop8): Directory bread(block 67) failed
[  593.043976][ T3622] bcm5974 8-1:0.17: could not read from device
[  593.072948][ T8882] FAT-fs (loop8): Directory bread(block 68) failed
[  593.080205][ T8883] 8021q: adding VLAN 0 to HW filter on device batadv1
[  593.093505][ T8883] team0: Port device batadv1 added
[  593.107658][ T8882] FAT-fs (loop8): Directory bread(block 69) failed
[  593.125291][ T8882] FAT-fs (loop8): Directory bread(block 70) failed
[  593.142125][ T8882] FAT-fs (loop8): Directory bread(block 71) failed
[  593.159263][ T8882] FAT-fs (loop8): Directory bread(block 72) failed
[  593.169373][ T8882] FAT-fs (loop8): Directory bread(block 73) failed
[  594.107240][ T8902] fuse: Bad value for 'fd'
[  598.112410][ T8923] loop7: detected capacity change from 0 to 32768
[  598.596140][ T8923] JBD2: Ignoring recovery information on journal
[  598.818904][ T8923] ocfs2: Mounting device (7,7) on (node local, slot 0) with ordered data mode.
[  599.851668][ T6284] ocfs2: Unmounting device (7,7) on (node local)
[  601.207771][ T8952] loop6: detected capacity change from 0 to 32768
[  601.665113][ T8952] read_mapping_page failed!
[  603.484004][ T8996] 8021q: adding VLAN 0 to HW filter on device batadv1
[  603.675597][ T8996] team0: Port device batadv1 added
[  606.092626][ T9026] netlink: 8 bytes leftover after parsing attributes in process `syz.5.903'.
[  606.112488][ T9026] netlink: 'syz.5.903': attribute type 2 has an invalid length.
[  612.263243][ T9068] loop6: detected capacity change from 0 to 64
[  612.524029][ T9074] netlink: 'syz.7.915': attribute type 4 has an invalid length.
[  613.344258][ T9090] loop6: detected capacity change from 0 to 128
[  613.459118][ T9083] syz.6.918: attempt to access beyond end of device
[  613.459118][ T9083] loop6: rw=2049, sector=138, nr_sectors = 112 limit=128
[  613.890297][ T9095] binder: 9094:9095 ioctl c0306201 2000000004c0 returned -14
[  613.981512][ T9097] loop6: detected capacity change from 0 to 512
[  613.988828][ T9097] EXT4-fs: Ignoring removed nobh option
[  614.036931][ T9097] EXT4-fs (loop6): couldn't mount as ext3 due to feature incompatibilities
[  615.621569][ T9120] kAFS: unable to lookup cell '/,'
[  619.222307][ T9165] loop6: detected capacity change from 0 to 256
[  619.265728][ T9165] exFAT-fs (loop6): failed to load upcase table (idx : 0x00011a39, chksum : 0xd7c18d7b, utbl_chksum : 0xe619d30d)
[  620.548132][ T9165] exFAT-fs (loop6): error, invalid size(size(2) > aligned(9223372036854777344)
[  620.548132][ T9165] 
[  620.572028][ T9165] exFAT-fs (loop6): Filesystem has been set read-only
[  624.639228][ T1274] ieee802154 phy0 wpan0: encryption failed: -22
[  624.662014][ T1274] ieee802154 phy1 wpan1: encryption failed: -22
[  624.968123][ T9226] binder: 9225:9226 ioctl c0306201 0 returned -14
[  625.600127][ T9234] binder: 9225:9234 ioctl c0306201 2000000004c0 returned -14
[  625.609391][ T9234] binder: 9225:9234 ioctl c0306201 2000000001c0 returned -14
[  628.148437][ T9250] binder: 9249:9250 ioctl c00c6211 ffffffffffffffff returned -14
[  631.479331][ T9293] input: Bluetooth HID Boot Protocol Device as /devices/virtual/bluetooth/hci2/hci2:200/input22
[  635.198149][ T9341] loop7: detected capacity change from 0 to 128
[  635.540368][ T9341] syz.7.978: attempt to access beyond end of device
[  635.540368][ T9341] loop7: rw=2049, sector=138, nr_sectors = 112 limit=128
[  635.907418][ T9347] binder: 9346:9347 ioctl c0306201 0 returned -14
[  636.275444][ T9361] binder: 9346:9361 ioctl c0306201 2000000004c0 returned -14
[  636.284460][ T9361] binder: 9346:9361 ioctl c0306201 2000000001c0 returned -14
[  645.971350][ T9475] binder: 9472:9475 ioctl c0306201 0 returned -14
[  646.348693][ T9475] binder: 9472:9475 ioctl c0306201 2000000004c0 returned -14
[  646.357310][ T9475] binder: 9472:9475 ioctl c0306201 2000000001c0 returned -14
[  649.738078][ T9532] loop6: detected capacity change from 0 to 128
[  650.157637][ T9526] syz.6.1023: attempt to access beyond end of device
[  650.157637][ T9526] loop6: rw=2049, sector=138, nr_sectors = 112 limit=128
[  666.428345][ T9715] IPVS: rr: FWM 3 0x00000003 - no destination available
[  672.172667][ T9792] loop6: detected capacity change from 0 to 128
[  672.229076][ T9792] syz.6.1089: attempt to access beyond end of device
[  672.229076][ T9792] loop6: rw=2049, sector=138, nr_sectors = 112 limit=128
[  679.421503][ T9875] loop6: detected capacity change from 0 to 128
[  679.461493][ T9875] syz.6.1109: attempt to access beyond end of device
[  679.461493][ T9875] loop6: rw=2049, sector=138, nr_sectors = 112 limit=128
[  686.040032][ T1274] ieee802154 phy0 wpan0: encryption failed: -22
[  686.046440][ T1274] ieee802154 phy1 wpan1: encryption failed: -22
[  691.778779][T10012] loop6: detected capacity change from 0 to 8192
[  691.874868][T10012] REISERFS warning:  read_super_block: reiserfs filesystem is deprecated and scheduled to be removed from the kernel in 2025
[  692.092225][T10012] REISERFS (device loop6): found reiserfs format "3.5" with non-standard journal
[  692.212703][T10012] REISERFS (device loop6): using ordered data mode
[  692.345992][T10012] reiserfs: using flush barriers
[  692.412159][T10012] REISERFS (device loop6): journal params: device loop6, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30
[  692.573065][T10012] REISERFS (device loop6): checking transaction log (loop6)
[  693.003862][T10012] REISERFS (device loop6): Using rupasov hash to sort names
[  693.195569][T10012] REISERFS (device loop6): using 3.5.x disk format
[  694.125900][T10012] REISERFS warning: green-16003 errcatch_is_left_mergeable: Invalid item type observed, run fsck ASAP
[  694.172610][T10012] REISERFS warning: green-16003 errcatch_is_left_mergeable: Invalid item type observed, run fsck ASAP
[  694.232705][T10012] REISERFS warning: green-16003 errcatch_is_left_mergeable: Invalid item type observed, run fsck ASAP
[  694.292274][T10012] REISERFS warning (device loop6): vs-13060 reiserfs_update_sd_size: stat data of object [1 2 0x0 UNKNOWN] (nlink == 1) not found (pos 2)
[  694.352424][T10012] REISERFS (device loop6): Created .reiserfs_priv - reserved for xattr storage.
[  697.862549][T10076] binder: 10075:10076 ioctl c0306201 0 returned -14
[  698.247409][T10078] binder: 10075:10078 ioctl c0306201 2000000004c0 returned -14
[  698.256254][T10078] binder: 10075:10078 ioctl c0306201 2000000001c0 returned -14
[  698.624365][T10085] loop6: detected capacity change from 0 to 2048
[  699.560880][T10085] UDF-fs: error (device loop6): udf_process_sequence: Primary Volume Descriptor not found!
[  699.594218][T10085] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000)
[  699.960164][T10094] loop6: detected capacity change from 0 to 256
[  700.183128][T10094] FAT-fs (loop6): Directory bread(block 64) failed
[  700.362172][T10094] FAT-fs (loop6): Directory bread(block 65) failed
[  700.399435][T10094] FAT-fs (loop6): Directory bread(block 66) failed
[  700.538351][T10094] FAT-fs (loop6): Directory bread(block 67) failed
[  700.758206][T10094] FAT-fs (loop6): Directory bread(block 68) failed
[  700.846595][T10094] FAT-fs (loop6): Directory bread(block 69) failed
[  700.913436][T10094] FAT-fs (loop6): Directory bread(block 70) failed
[  700.920353][T10094] FAT-fs (loop6): Directory bread(block 71) failed
[  700.949650][T10094] FAT-fs (loop6): Directory bread(block 72) failed
[  701.007327][T10094] FAT-fs (loop6): Directory bread(block 73) failed
[  702.320406][T10115] binder: 10113:10115 ioctl c0306201 0 returned -14
[  703.675324][T10128] netlink: 'syz.5.1169': attribute type 21 has an invalid length.
[  703.734927][T10123] binder: 10113:10123 ioctl c0306201 2000000004c0 returned -14
[  703.744789][T10123] binder: 10113:10123 ioctl c0306201 2000000001c0 returned -14
[  703.754028][T10128] netlink: 128 bytes leftover after parsing attributes in process `syz.5.1169'.
[  703.845578][T10128] netlink: 'syz.5.1169': attribute type 4 has an invalid length.
[  703.874153][T10128] netlink: 'syz.5.1169': attribute type 5 has an invalid length.
[  703.903270][T10128] netlink: 3 bytes leftover after parsing attributes in process `syz.5.1169'.
[  710.445021][T10198] netlink: 16 bytes leftover after parsing attributes in process `syz.6.1186'.
[  710.532873][T10198] netlink: 16 bytes leftover after parsing attributes in process `syz.6.1186'.
[  718.439097][T10261] loop6: detected capacity change from 0 to 512
[  719.433574][T10261] EXT4-fs (loop6): mounted filesystem without journal. Quota mode: writeback.
[  719.532061][T10261] ext4 filesystem being mounted at /160/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  719.943987][T10261] EXT4-fs error (device loop6): ext4_xattr_block_get:543: inode #15: comm syz.6.1202: corrupted xattr block 33
[  719.992403][T10261] fscrypt (loop6, inode 15): Error -117 getting encryption context
[  721.102824][ T6426] EXT4-fs (loop6): unmounting filesystem.
[  734.294716][T10389] block nbd6: shutting down sockets
[  735.422236][T10411] netlink: 'syz.8.1240': attribute type 7 has an invalid length.
[  735.560878][T10411] netlink: 140 bytes leftover after parsing attributes in process `syz.8.1240'.
[  736.439244][T10420] netlink: 16 bytes leftover after parsing attributes in process `syz.6.1242'.
[  736.489681][T10420] netlink: 4 bytes leftover after parsing attributes in process `syz.6.1242'.
[  747.476378][ T1274] ieee802154 phy0 wpan0: encryption failed: -22
[  747.482869][ T1274] ieee802154 phy1 wpan1: encryption failed: -22
[  752.790636][T10589] loop6: detected capacity change from 0 to 128
[  753.573349][T10586] syz.6.1283: attempt to access beyond end of device
[  753.573349][T10586] loop6: rw=2049, sector=138, nr_sectors = 112 limit=128
[  760.291996][ T4283] Bluetooth: hci2: command 0x0406 tx timeout
[  773.559915][T10754] loop6: detected capacity change from 0 to 16
[  773.616517][T10754] erofs: (device loop6): mounted with root inode @ nid 36.
[  773.828480][T10759] netlink: 112 bytes leftover after parsing attributes in process `syz.8.1336'.
[  779.870078][T10807] netlink: 'syz.6.1343': attribute type 6 has an invalid length.
[  798.177674][T11000] netlink: 8 bytes leftover after parsing attributes in process `syz.8.1414'.
[  808.921208][ T1274] ieee802154 phy0 wpan0: encryption failed: -22
[  808.928073][ T1274] ieee802154 phy1 wpan1: encryption failed: -22
[  834.712641][T11397] Cannot find del_set index 0 as target
[  870.355396][ T1274] ieee802154 phy0 wpan0: encryption failed: -22
[  870.362087][ T1274] ieee802154 phy1 wpan1: encryption failed: -22
[  875.821637][T11888] batman_adv: batadv0: adding TT local entry aa:aa:aa:aa:aa:2a to non-existent VLAN 32
[  877.573180][T11910] kernel profiling enabled (shift: 0)
[  880.656207][T11945] netlink: 20 bytes leftover after parsing attributes in process `syz.7.1731'.
[  885.613394][T12021] netlink: 40 bytes leftover after parsing attributes in process `syz.6.1754'.
[  907.403110][T12279] A link change request failed with some changes committed already. Interface ip6gretap0 may have been left with an inconsistent configuration, please check.
[  907.432699][ T4347] ip6_tunnel: ip6gretap0 xmit: Local address not yet configured!
[  908.272008][ T4347] ip6_tunnel: ip6gretap0 xmit: Local address not yet configured!
[  918.957768][T12394] tipc: Started in network mode
[  918.981872][T12394] tipc: Node identity fc, cluster identity 4711
[  919.003866][T12394] tipc: Enabling of bearer <udp:syz2> rejected, failed to enable media
[  923.170021][T12431] netlink: 32 bytes leftover after parsing attributes in process `syz.2.1883'.
[  923.185410][T12431] netlink: 'syz.2.1883': attribute type 3 has an invalid length.
[  924.534005][   T26] audit: type=1326 audit(1772124942.360:9): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12439 comm="syz.2.1889" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f656599c799 code=0x7ffc0000
[  924.639669][   T26] audit: type=1326 audit(1772124942.360:10): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12439 comm="syz.2.1889" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f656599c799 code=0x7ffc0000
[  925.027690][   T26] audit: type=1326 audit(1772124942.360:11): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12439 comm="syz.2.1889" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f656599c799 code=0x7ffc0000
[  925.649344][   T26] audit: type=1326 audit(1772124942.360:12): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12439 comm="syz.2.1889" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f656599c799 code=0x7ffc0000
[  925.677239][   T26] audit: type=1326 audit(1772124942.360:13): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12439 comm="syz.2.1889" exe="/root/syz-executor" sig=0 arch=c000003e syscall=94 compat=0 ip=0x7f656599c799 code=0x7ffc0000
[  925.700983][   T26] audit: type=1326 audit(1772124942.360:14): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12439 comm="syz.2.1889" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f656599c799 code=0x7ffc0000
[  925.724758][   T26] audit: type=1326 audit(1772124942.360:15): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12439 comm="syz.2.1889" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f656599c799 code=0x7ffc0000
[  925.821434][   T26] audit: type=1326 audit(1772124942.360:16): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12439 comm="syz.2.1889" exe="/root/syz-executor" sig=0 arch=c000003e syscall=436 compat=0 ip=0x7f656599c799 code=0x7ffc0000
[  926.646878][   T26] audit: type=1326 audit(1772124942.360:17): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12439 comm="syz.2.1889" exe="/root/syz-executor" sig=0 arch=c000003e syscall=231 compat=0 ip=0x7f656599c799 code=0x7ffc0000
[  931.794262][ T1274] ieee802154 phy0 wpan0: encryption failed: -22
[  931.801261][ T1274] ieee802154 phy1 wpan1: encryption failed: -22
[  931.834036][T12496] netlink: 60 bytes leftover after parsing attributes in process `syz.7.1907'.
[  935.619449][T12535] CIFS: iocharset name too long
[  939.993096][T12584] device ip6_vti0 entered promiscuous mode
[  942.991649][T12617] netlink: 32 bytes leftover after parsing attributes in process `syz.6.1950'.
[  943.057316][T12619] netlink: 32 bytes leftover after parsing attributes in process `syz.6.1950'.
[  944.143483][T12639] device ipvlan2 entered promiscuous mode
[  944.957982][T12639] 8021q: adding VLAN 0 to HW filter on device ipvlan2
[  958.713586][T12788] syz.2.2001[12788] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  958.713697][T12788] syz.2.2001[12788] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  958.899418][T12794] netlink: 60 bytes leftover after parsing attributes in process `syz.2.2004'.
[  958.968026][T12794] netlink: 60 bytes leftover after parsing attributes in process `syz.2.2004'.
[  959.042166][T12795] netlink: 60 bytes leftover after parsing attributes in process `syz.2.2004'.
[  964.398731][T12868] tipc: Started in network mode
[  964.474237][T12868] tipc: Node identity , cluster identity 4711
[  965.385384][T12879] netlink: 48 bytes leftover after parsing attributes in process `syz.7.2033'.
[  971.086190][T12972] netlink: 'syz.8.2067': attribute type 6 has an invalid length.
[  971.177960][T12977] tipc: Started in network mode
[  971.191894][T12977] tipc: Node identity , cluster identity 4711
[  974.148025][T13040] device bridge0 entered promiscuous mode
[  974.169001][T13040] device macvtap1 entered promiscuous mode
[  974.186726][T13040] bridge0: port 3(macvtap1) entered blocking state
[  974.196745][T13040] bridge0: port 3(macvtap1) entered disabled state
[  974.207140][T13040] device bridge0 left promiscuous mode
[  975.967026][T13076] netlink: 32 bytes leftover after parsing attributes in process `syz.7.2108'.
[  976.577417][T13088] device vlan2 entered promiscuous mode
[  976.583495][T13088] device macvtap0 entered promiscuous mode
[  979.781466][T13122] netlink: 32 bytes leftover after parsing attributes in process `syz.2.2124'.
[  979.792553][T13122] tipc: Invalid UDP bearer configuration
[  979.792597][T13122] tipc: Enabling of bearer <udp:syz2> rejected, failed to enable media
[  981.176132][T13141] netlink: 24 bytes leftover after parsing attributes in process `syz.2.2132'.
[  992.806482][T13246] fuse: Bad value for 'fd'
[  993.472698][ T1274] ieee802154 phy0 wpan0: encryption failed: -22
[  993.483055][ T1274] ieee802154 phy1 wpan1: encryption failed: -22
[ 1002.843851][T13341] tipc: Enabling of bearer <udp:syz0> rejected, failed to enable media
[ 1013.971390][T13474] device ip6tnl2 entered promiscuous mode
[ 1054.473900][ T1274] ieee802154 phy0 wpan0: encryption failed: -22
[ 1054.481918][ T1274] ieee802154 phy1 wpan1: encryption failed: -22
[ 1062.925006][T13947] netlink: 12 bytes leftover after parsing attributes in process `syz.5.2375'.
[ 1071.664611][T14047] overlayfs: NFS export requires "redirect_dir=nofollow" on non-upper mount, falling back to nfs_export=off.
[ 1071.716444][T14047] overlayfs: failed to clone lowerpath
[ 1090.327146][T14249] netlink: 20 bytes leftover after parsing attributes in process `syz.7.2471'.
[ 1115.628472][ T1274] ieee802154 phy0 wpan0: encryption failed: -22
[ 1115.635261][ T1274] ieee802154 phy1 wpan1: encryption failed: -22
[ 1128.202441][T14643] netlink: 12 bytes leftover after parsing attributes in process `syz.7.2588'.
[ 1128.997750][T14643] netlink: 152 bytes leftover after parsing attributes in process `syz.7.2588'.
[ 1133.281163][T14698] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[ 1133.393688][T14698] device batadv_slave_0 entered promiscuous mode
[ 1133.535380][T14698] A link change request failed with some changes committed already. Interface batadv_slave_0 may have been left with an inconsistent configuration, please check.
[ 1140.607690][T14805] netlink: 76 bytes leftover after parsing attributes in process `syz.2.2644'.
[ 1140.844298][T14807] netlink: 120 bytes leftover after parsing attributes in process `syz.6.2643'.
[ 1165.656934][T15041] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready
[ 1165.724689][T15041] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.
[ 1165.838786][T15044] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready
[ 1165.887060][T15044] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.
[ 1172.241349][T15100] netdevsim netdevsim7 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1173.146444][T15100] netdevsim netdevsim7 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1174.348066][T15100] netdevsim netdevsim7 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1175.654872][T15100] netdevsim netdevsim7 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1177.112572][ T1274] ieee802154 phy0 wpan0: encryption failed: -22
[ 1177.119044][ T1274] ieee802154 phy1 wpan1: encryption failed: -22
[ 1178.716829][T15100] netdevsim netdevsim7 eth0: set [1, 0] type 2 family 0 port 6081 - 0
[ 1178.808721][T15100] netdevsim netdevsim7 eth1: set [1, 0] type 2 family 0 port 6081 - 0
[ 1179.061905][T15100] netdevsim netdevsim7 eth2: set [1, 0] type 2 family 0 port 6081 - 0
[ 1179.104564][T15100] netdevsim netdevsim7 eth3: set [1, 0] type 2 family 0 port 6081 - 0
[ 1183.452076][T15202] tipc: Started in network mode
[ 1183.463566][T15202] tipc: Node identity read_nol, cluster identity 4711
[ 1183.479719][T15202] tipc: Enabling of bearer <udp:syz0> rejected, failed to enable media
[ 1184.950003][T15225] netlink: 36 bytes leftover after parsing attributes in process `syz.6.2778'.
[ 1185.169822][T15221] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready
[ 1185.200407][ T4766] ip6_tunnel: ip6gretap0 xmit: Local address not yet configured!
[ 1185.910578][T15221] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready
[ 1186.659156][ T4766] ip6_tunnel: ip6gretap0 xmit: Local address not yet configured!
[ 1186.817031][T15221] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready
[ 1186.919996][T15221] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready
[ 1186.927624][T15221] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready
[ 1187.090284][T15221] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready
[ 1189.667709][T15223] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready
[ 1189.678697][T15223] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready
[ 1189.687926][T15223] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready
[ 1189.700753][T15255] ip6_tunnel: ip6gretap0 xmit: Local address not yet configured!
[ 1189.849605][T15243] netlink: 'syz.5.2784': attribute type 4 has an invalid length.
[ 1189.857475][T15243] netlink: 3657 bytes leftover after parsing attributes in process `syz.5.2784'.
[ 1189.894110][ T4813] ip6_tunnel: ip6tnl1 xmit: Local address not yet configured!
[ 1189.940131][ T4605] IPv6: ADDRCONF(NETDEV_CHANGE): veth3: link becomes ready
[ 1189.950772][ T4605] IPv6: ADDRCONF(NETDEV_CHANGE): veth2: link becomes ready
[ 1189.970686][ T4813] ip6_tunnel: ip6tnl2 xmit: Local address not yet configured!
[ 1190.181427][T15269] netlink: 12 bytes leftover after parsing attributes in process `syz.7.2795'.
[ 1190.201992][ T4813] ip6_tunnel: ip6gretap0 xmit: Local address not yet configured!
[ 1192.833179][T15293] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready
[ 1192.875305][T15293] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready
[ 1192.932407][T15293] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.
[ 1193.114619][T15294] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready
[ 1193.539715][    C1] ip6_tunnel: ip6tnl1 xmit: Local address not yet configured!
[ 1193.762447][T15294] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.
[ 1193.949821][T15304] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2805'.
[ 1194.019700][    C1] ip6_tunnel: ip6tnl2 xmit: Local address not yet configured!
[ 1200.739740][    C1] ip6_tunnel: ip6tnl1 xmit: Local address not yet configured!
[ 1202.662023][    C1] ip6_tunnel: ip6tnl2 xmit: Local address not yet configured!
[ 1210.580529][T15497] netlink: 'syz.8.2870': attribute type 1 has an invalid length.
[ 1210.588346][T15497] netlink: 4 bytes leftover after parsing attributes in process `syz.8.2870'.
[ 1214.179753][    C1] ip6_tunnel: ip6tnl1 xmit: Local address not yet configured!
[ 1215.491183][T15579] netlink: 8 bytes leftover after parsing attributes in process `syz.5.2891'.
[ 1218.659833][    C1] ip6_tunnel: ip6tnl2 xmit: Local address not yet configured!
[ 1221.305676][T15632] lo: Caught tx_queue_len zero misconfig
[ 1226.089946][T15702] dummy0: Caught tx_queue_len zero misconfig
[ 1227.453440][T15718] fuse: Bad value for 'fd'
[ 1230.318250][T15749] lo: Caught tx_queue_len zero misconfig
[ 1235.809403][T15807] bridge0: trying to set multicast startup query interval below minimum, setting to 100 (1000ms)
[ 1236.658274][T15807] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1236.665583][T15807] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1238.630092][ T1274] ieee802154 phy0 wpan0: encryption failed: -22
[ 1238.636573][ T1274] ieee802154 phy1 wpan1: encryption failed: -22
[ 1242.339792][    C1] ip6_tunnel: ip6tnl1 xmit: Local address not yet configured!
[ 1247.637986][T15907] netlink: 20 bytes leftover after parsing attributes in process `syz.8.3008'.
[ 1251.168964][T15942] netlink: 'syz.2.3018': attribute type 29 has an invalid length.
[ 1251.236188][T15942] netlink: 'syz.2.3018': attribute type 29 has an invalid length.
[ 1251.250207][T15943] netlink: 'syz.2.3018': attribute type 29 has an invalid length.
[ 1251.288617][T15944] netlink: 'syz.2.3018': attribute type 29 has an invalid length.
[ 1251.299633][    C1] ip6_tunnel: ip6tnl2 xmit: Local address not yet configured!
[ 1251.329188][T15942] netlink: 'syz.2.3018': attribute type 29 has an invalid length.
[ 1251.626705][T15948] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready
[ 1251.698930][T15948] A link change request failed with some changes committed already. Interface bond0 may have been left with an inconsistent configuration, please check.
[ 1252.036232][T15951] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready
[ 1252.193663][T15951] A link change request failed with some changes committed already. Interface bond0 may have been left with an inconsistent configuration, please check.
[ 1255.493468][T16005] team_slave_1: Caught tx_queue_len zero misconfig
[ 1258.223368][T16022] process '/newroot/526/file0' started with executable stack
[ 1258.614313][T16041] netlink: 16 bytes leftover after parsing attributes in process `syz.5.3051'.
[ 1258.896329][T16045] x_tables: ip_tables: socket match: used from hooks FORWARD, but only valid from PREROUTING/INPUT
[ 1268.077244][T16154] netlink: 84 bytes leftover after parsing attributes in process `syz.6.3085'.
[ 1269.573230][T16171] device macsec0 entered promiscuous mode
[ 1269.607453][T16171] netlink: 4 bytes leftover after parsing attributes in process `syz.6.3090'.
[ 1269.693579][T16171] device veth1_macvtap left promiscuous mode
[ 1277.025588][T16249] netlink: 8 bytes leftover after parsing attributes in process `syz.8.3111'.
[ 1277.088125][T16249] netlink: 'syz.8.3111': attribute type 30 has an invalid length.
[ 1277.199055][T16249] netdevsim netdevsim8 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0
[ 1277.209289][T16249] netdevsim netdevsim8 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0
[ 1277.218272][T16249] netdevsim netdevsim8 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0
[ 1277.227618][T16249] netdevsim netdevsim8 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0
[ 1277.345327][T16250] netlink: 8 bytes leftover after parsing attributes in process `syz.8.3111'.
[ 1277.407338][T16250] netlink: 'syz.8.3111': attribute type 30 has an invalid length.
[ 1278.594947][T16278] netlink: 104 bytes leftover after parsing attributes in process `syz.8.3123'.
[ 1281.382751][T16303] fuse: Bad value for 'fd'
[ 1281.562953][T16307] netlink: 'syz.2.3135': attribute type 1 has an invalid length.
[ 1281.850333][T16313] device macsec0 entered promiscuous mode
[ 1281.860352][T16313] netlink: 4 bytes leftover after parsing attributes in process `syz.8.3138'.
[ 1281.936445][T16313] device veth1_macvtap left promiscuous mode
[ 1282.111468][T16313] device macsec0 left promiscuous mode
[ 1283.343038][T16332] netlink: 'syz.2.3147': attribute type 9 has an invalid length.
[ 1284.859337][T16363] IPVS: wlc: UDP 224.0.0.2:0 - no destination available
[ 1287.027713][T16388] Bluetooth: MGMT ver 1.22
[ 1287.937802][T16408] wlan0 speed is unknown, defaulting to 1000
[ 1290.148006][T16439] netlink: 16 bytes leftover after parsing attributes in process `syz.6.3183'.
[ 1295.022443][T16498] IPVS: rr: UDP 224.0.0.2:0 - no destination available
[ 1298.990186][T16539] IPVS: persistence engine module ip_vs_pe_ not found
[ 1299.939893][    C1] ip6_tunnel: ip6tnl1 xmit: Local address not yet configured!
[ 1299.951984][ T1274] ieee802154 phy0 wpan0: encryption failed: -22
[ 1299.958388][ T1274] ieee802154 phy1 wpan1: encryption failed: -22
[ 1303.889602][T16590] IPVS: persistence engine module ip_vs_pe_ not found
[ 1304.843872][T16607] overlayfs: failed to clone lowerpath
[ 1308.311210][T16634] macsec0: Caught tx_queue_len zero misconfig
[ 1309.766299][T16649] overlayfs: "xino" feature enabled using 3 upper inode bits.
[ 1310.567207][T16649] overlayfs: failed to look up (tracing) for ino (-66)
[ 1311.956573][T16672] netlink: 8 bytes leftover after parsing attributes in process `syz.8.3254'.
[ 1312.129813][T16679] netlink: 40 bytes leftover after parsing attributes in process `syz.5.3256'.
[ 1312.181404][T16679] netlink: 40 bytes leftover after parsing attributes in process `syz.5.3256'.
[ 1312.484754][T16690] overlayfs: failed to clone lowerpath
[ 1318.685441][T16745] netlink: 8 bytes leftover after parsing attributes in process `syz.7.3284'.
[ 1318.733676][T16745] bond0: Unable to set down delay as MII monitoring is disabled
[ 1318.956465][T16759] netlink: 8 bytes leftover after parsing attributes in process `syz.6.3288'.
[ 1318.987370][T16759] netlink: 'syz.6.3288': attribute type 30 has an invalid length.
[ 1319.034094][T16759] netdevsim netdevsim6 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0
[ 1319.043421][T16759] netdevsim netdevsim6 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0
[ 1319.052306][T16759] netdevsim netdevsim6 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0
[ 1319.061076][T16759] netdevsim netdevsim6 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0
[ 1319.199874][T16759] netlink: 8 bytes leftover after parsing attributes in process `syz.6.3288'.
[ 1319.220245][T16759] netlink: 'syz.6.3288': attribute type 30 has an invalid length.
[ 1319.580572][T16768] netlink: 56 bytes leftover after parsing attributes in process `syz.7.3292'.
[ 1319.816221][T16774] bond0: Caught tx_queue_len zero misconfig
[ 1319.908271][T16777] device geneve2 entered promiscuous mode
[ 1320.419698][    C1] ip6_tunnel: ip6tnl2 xmit: Local address not yet configured!
[ 1325.757887][T16816] netlink: 16 bytes leftover after parsing attributes in process `syz.8.3301'.
[ 1337.908150][T16953] netlink: 8 bytes leftover after parsing attributes in process `syz.8.3349'.
[ 1344.079986][T17018] device syz_tun entered promiscuous mode
[ 1344.100859][T17018] device batadv_slave_0 entered promiscuous mode
[ 1344.913216][ T4395] IPv6: ADDRCONF(NETDEV_CHANGE): hsr1: link becomes ready
[ 1350.475831][T17074] wlan0 speed is unknown, defaulting to 1000
[ 1353.896983][T17095] netlink: 20 bytes leftover after parsing attributes in process `syz.6.3387'.
[ 1355.175777][T17120] overlayfs: failed to clone upperpath
[ 1357.067052][T17133] wlan0 speed is unknown, defaulting to 1000
[ 1359.628937][T17179] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready
[ 1359.701223][T17179] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready
[ 1359.723300][T17179] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready
[ 1359.846721][T17179] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[ 1359.935614][T17179] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 1359.975545][T17179] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[ 1360.184270][T17179] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 1360.755937][T17179] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[ 1360.784034][T17179] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 1360.796381][T17179] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[ 1360.821710][T17179] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 1360.851854][T17179] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[ 1360.884351][T17179] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 1360.894306][T17179] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[ 1360.913472][T17179] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 1360.938606][T17179] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[ 1360.971720][T17179] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 1361.588421][ T1274] ieee802154 phy0 wpan0: encryption failed: -22
[ 1361.606014][ T1274] ieee802154 phy1 wpan1: encryption failed: -22
[ 1361.819176][ T5385] wlan0 speed is unknown, defaulting to 1000
[ 1362.093803][T17221] wlan0 speed is unknown, defaulting to 1000
[ 1366.499754][    C1] ip6_tunnel: ip6gretap0 xmit: Local address not yet configured!
[ 1376.755874][T17391] netlink: 'syz.7.3486': attribute type 1 has an invalid length.
[ 1376.819989][T17391] 8021q: adding VLAN 0 to HW filter on device bond1
[ 1376.886392][T17393] bond1: (slave geneve2): making interface the new active one
[ 1376.931347][T17393] bond1: (slave geneve2): Enslaving as an active interface with an up link
[ 1376.943763][ T5047] IPv6: ADDRCONF(NETDEV_CHANGE): bond1: link becomes ready
[ 1378.863700][T17405] lo: Caught tx_queue_len zero misconfig
[ 1381.987582][T17441] netlink: 'syz.8.3502': attribute type 1 has an invalid length.
[ 1382.208541][T17441] 8021q: adding VLAN 0 to HW filter on device bond1
[ 1384.436170][T17479] overlayfs: "xino=on" is useless with all layers on same fs, ignore.
[ 1385.511500][T17493] netlink: 'syz.5.3518': attribute type 1 has an invalid length.
[ 1385.610736][T17498] overlayfs: failed to resolve './file0': -2
[ 1385.635352][T17493] 8021q: adding VLAN 0 to HW filter on device bond1
[ 1385.826441][T17502] bond1: (slave ip6erspan0): making interface the new active one
[ 1385.862394][T17502] bond1: (slave ip6erspan0): Enslaving as an active interface with an up link
[ 1385.910199][ T7748] IPv6: ADDRCONF(NETDEV_CHANGE): bond1: link becomes ready
[ 1388.771056][T17561] overlayfs: metacopy with no lower data found - abort lookup (/file1)
[ 1391.284935][T17595] netlink: 28 bytes leftover after parsing attributes in process `syz.2.3550'.
[ 1391.309904][T17595] netlink: 28 bytes leftover after parsing attributes in process `syz.2.3550'.
[ 1391.345341][T17595] device erspan0 entered promiscuous mode
[ 1391.370361][T17595] device gretap0 entered promiscuous mode
[ 1391.393671][   T11] IPv6: ADDRCONF(NETDEV_CHANGE): hsr2: link becomes ready
[ 1392.610684][T17613] overlayfs: failed to clone upperpath
[ 1399.272348][T17737] fuse: Bad value for 'fd'
[ 1399.971558][T17744] fuse: Bad value for 'fd'
[ 1409.643109][T17892] netlink: 'syz.7.3643': attribute type 7 has an invalid length.
[ 1409.679862][T17892] netlink: 'syz.7.3643': attribute type 8 has an invalid length.
[ 1411.716624][T17937] overlayfs: failed to clone upperpath
[ 1412.579618][    C1] ip6_tunnel: ip6tnl1 xmit: Local address not yet configured!
[ 1413.819258][    C1] vcan0: j1939_tp_rxtimer: 0xffff888028994c00: rx timeout, send abort
[ 1413.991722][T17971] fuse: Bad value for 'fd'
[ 1414.331458][    C1] vcan0: j1939_tp_rxtimer: 0xffff888028994c00: abort rx timeout. Force session deactivation
[ 1416.353409][T18019] "syz.5.3685" (18019) uses obsolete ecb(arc4) skcipher
[ 1419.809127][T18089] fuse: Bad value for 'fd'
[ 1421.691217][T18119] netlink: 4 bytes leftover after parsing attributes in process `syz.7.3720'.
[ 1422.701904][T18127] overlayfs: failed to decode file handle (len=6, type=251, flags=0, err=-22)
[ 1422.875209][ T1274] ieee802154 phy0 wpan0: encryption failed: -22
[ 1422.881596][ T1274] ieee802154 phy1 wpan1: encryption failed: -22
[ 1426.195847][T18166] ipt_CLUSTERIP: Please specify destination IP
[ 1428.274188][T18195] 9pnet_fd: Insufficient options for proto=fd
[ 1431.409944][T18241] netlink: 'syz.6.3760': attribute type 4 has an invalid length.
[ 1434.458639][T18280] fuse: Bad value for 'fd'
[ 1434.866263][T18294] netlink: 'syz.8.3776': attribute type 10 has an invalid length.
[ 1435.450065][T18294] device veth0_vlan left promiscuous mode
[ 1435.512230][T18294] device veth0_vlan entered promiscuous mode
[ 1435.674964][T18294] team0: Device veth0_vlan failed to register rx_handler
[ 1437.560683][T18320] bridge0: port 3(gretap0) entered blocking state
[ 1437.568121][T18320] bridge0: port 3(gretap0) entered disabled state
[ 1437.655246][T18320] device gretap0 entered promiscuous mode
[ 1437.693375][T18320] bridge0: port 3(gretap0) entered blocking state
[ 1437.701164][T18320] bridge0: port 3(gretap0) entered forwarding state
[ 1437.767449][T18323] device gretap0 left promiscuous mode
[ 1437.822017][T18323] bridge0: port 3(gretap0) entered disabled state
[ 1438.689138][T18346] netlink: 4 bytes leftover after parsing attributes in process `syz.7.3791'.
[ 1438.736962][T18346] device bridge_slave_1 left promiscuous mode
[ 1438.750014][T18346] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1438.765716][T18346] device bridge_slave_0 left promiscuous mode
[ 1438.772471][T18346] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1439.532681][T18352] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready
[ 1439.653566][T18352] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready
[ 1439.696832][T18352] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready
[ 1439.749734][T18360] netlink: 12 bytes leftover after parsing attributes in process `syz.6.3796'.
[ 1439.780075][T18360] netlink: 'syz.6.3796': attribute type 18 has an invalid length.
[ 1440.010595][T18360] netlink: 12 bytes leftover after parsing attributes in process `syz.6.3796'.
[ 1440.021366][   T26] audit: type=1326 audit(1772125458.346:18): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18363 comm="syz.8.3798" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f8b36f9c799 code=0x0
[ 1440.092114][T18360] netlink: 'syz.6.3796': attribute type 18 has an invalid length.
[ 1441.260574][T18376] netlink: 'syz.5.3800': attribute type 10 has an invalid length.
[ 1441.303688][T18376] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1441.317838][T18380] overlayfs: failed to clone upperpath
[ 1441.336979][T18376] device bridge_slave_1 left promiscuous mode
[ 1441.358903][T18376] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1441.388770][T18376] bond0: (slave bridge_slave_1): Enslaving as an active interface with an up link
[ 1441.512022][T18392] netlink: 7 bytes leftover after parsing attributes in process `syz.7.3806'.
[ 1441.548610][T18384] netlink: 8 bytes leftover after parsing attributes in process `syz.2.3801'.
[ 1443.391630][   T26] audit: type=1326 audit(1772125461.716:19): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18416 comm="syz.7.3813" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f8120b9c799 code=0x0
[ 1443.510549][T18423] netlink: 4 bytes leftover after parsing attributes in process `syz.5.3815'.
[ 1444.442141][T18436] netlink: 'syz.7.3818': attribute type 3 has an invalid length.
[ 1448.424465][    C1] ip6_tunnel: ip6tnl2 xmit: Local address not yet configured!
[ 1449.198727][T18507] netlink: 'syz.6.3840': attribute type 10 has an invalid length.
[ 1450.793475][T18507] device veth0_vlan left promiscuous mode
[ 1450.871853][T18507] device veth0_vlan entered promiscuous mode
[ 1450.930291][T18507] team0: Device veth0_vlan failed to register rx_handler
[ 1450.997140][T18506] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready
[ 1451.030719][T18506] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready
[ 1451.048647][T18506] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready
[ 1451.140940][T15176] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[ 1452.230094][   T14] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[ 1453.405168][T18564] device hsr0 entered promiscuous mode
[ 1453.436421][T18564] netlink: 4 bytes leftover after parsing attributes in process `syz.8.3861'.
[ 1453.507816][T18564] device hsr_slave_0 left promiscuous mode
[ 1453.557496][T18564] device hsr_slave_1 left promiscuous mode
[ 1453.787268][T18575] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready
[ 1453.837509][T18575] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready
[ 1453.901685][T18575] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready
[ 1454.103854][T18583] overlayfs: failed to clone upperpath
[ 1454.232199][ T7108] device syz_tun left promiscuous mode
[ 1455.404322][ T4434] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1455.575008][ T4434] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1455.779946][ T4434] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1455.964405][ T4434] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1456.211924][T18617] netlink: 'syz.5.3882': attribute type 1 has an invalid length.
[ 1456.304022][T18617] device bond2 entered promiscuous mode
[ 1456.327698][T18625] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[ 1456.347700][T18625] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[ 1456.351910][T18617] 8021q: adding VLAN 0 to HW filter on device bond2
[ 1456.358502][T18625] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[ 1456.379002][T18625] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[ 1456.394031][T18625] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3
[ 1456.401621][T18625] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[ 1456.476555][T18622] bond2: (slave erspan1): making interface the new active one
[ 1456.514084][T18622] device erspan1 entered promiscuous mode
[ 1456.550581][T18622] bond2: (slave erspan1): Enslaving as an active interface with an up link
[ 1456.569686][ T4502] IPv6: ADDRCONF(NETDEV_CHANGE): bond2: link becomes ready
[ 1456.685146][T18624] wlan0 speed is unknown, defaulting to 1000
[ 1456.920634][ T4434] tipc: Left network mode
[ 1457.972140][   T26] audit: type=1326 audit(1772125476.296:20): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18648 comm="syz.6.3889" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f80b579c799 code=0x0
[ 1458.424108][T18625] Bluetooth: hci0: command 0x0409 tx timeout
[ 1459.586645][T18624] chnl_net:caif_netlink_parms(): no params data found
[ 1460.608611][T18625] Bluetooth: hci0: command 0x041b tx timeout
[ 1461.779144][T18714] overlayfs: failed to clone upperpath
[ 1461.788079][T18624] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1461.801925][T18624] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1461.813926][T18624] device bridge_slave_0 entered promiscuous mode
[ 1461.840545][T18714] overlayfs: failed to clone upperpath
[ 1461.907379][T18624] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1461.928538][T18624] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1461.965815][T18624] device bridge_slave_1 entered promiscuous mode
[ 1462.040044][ T4434] device erspan0 left promiscuous mode
[ 1462.104612][T18624] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 1462.115354][T18723] overlayfs: failed to clone upperpath
[ 1462.213777][ T4434] device gretap0 left promiscuous mode
[ 1462.339782][T18624] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 1462.496727][T18624] team0: Port device team_slave_0 added
[ 1462.660208][T18625] Bluetooth: hci0: command 0x040f tx timeout
[ 1462.997687][T18624] team0: Port device team_slave_1 added
[ 1463.297440][T18624] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 1463.304695][T18624] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 1463.359627][T18624] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 1464.440396][T18624] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 1464.457771][T18624] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 1464.556560][T18624] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 1464.739828][T18625] Bluetooth: hci0: command 0x0419 tx timeout
[ 1464.898921][T18624] device hsr_slave_0 entered promiscuous mode
[ 1464.927474][T18624] device hsr_slave_1 entered promiscuous mode
[ 1464.957002][T18624] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[ 1464.969934][T18624] Cannot create hsr debugfs directory
[ 1464.979250][T18763] fuse: Bad value for 'fd'
[ 1465.005127][   T14] wlan0 speed is unknown, defaulting to 1000
[ 1465.045843][   T14] ==================================================================
[ 1465.054221][   T14] BUG: KASAN: use-after-free in siw_query_port+0x358/0x450
[ 1465.061449][   T14] Read of size 4 at addr ffff8880289980e0 by task kworker/0:1/14
[ 1465.069178][   T14] 
[ 1465.071513][   T14] CPU: 0 PID: 14 Comm: kworker/0:1 Not tainted syzkaller #0
[ 1465.078833][   T14] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
[ 1465.089184][   T14] Workqueue: infiniband ib_cache_event_task
[ 1465.095187][   T14] Call Trace:
[ 1465.098489][   T14]  <TASK>
[ 1465.101435][   T14]  dump_stack_lvl+0x188/0x24e
[ 1465.106164][   T14]  ? __lock_acquire+0x7d10/0x7d10
[ 1465.111230][   T14]  ? show_regs_print_info+0x12/0x12
[ 1465.116451][   T14]  ? load_image+0x400/0x400
[ 1465.121132][   T14]  ? __virt_addr_valid+0x465/0x540
[ 1465.126264][   T14]  ? siw_query_port+0x358/0x450
[ 1465.131124][   T14]  print_report+0xa8/0x210
[ 1465.135650][   T14]  kasan_report+0x10b/0x140
[ 1465.140565][   T14]  ? siw_query_port+0x358/0x450
[ 1465.145667][   T14]  siw_query_port+0x358/0x450
[ 1465.150457][   T14]  ib_cache_update+0x1bf/0x9c0
[ 1465.155252][   T14]  ? ib_cache_setup_one+0x5d0/0x5d0
[ 1465.160725][   T14]  ? lockdep_hardirqs_on_prepare+0x409/0x770
[ 1465.166716][   T14]  ? read_lock_is_recursive+0x10/0x10
[ 1465.172255][   T14]  ? _raw_spin_unlock_irqrestore+0xc1/0x120
[ 1465.178230][   T14]  ? _raw_spin_unlock+0x40/0x40
[ 1465.183072][   T14]  ib_cache_event_task+0xd4/0x1c0
[ 1465.188177][   T14]  ? process_one_work+0x7b0/0x1160
[ 1465.193283][   T14]  process_one_work+0x8a2/0x1160
[ 1465.198237][   T14]  ? worker_detach_from_pool+0x240/0x240
[ 1465.203989][   T14]  ? _raw_spin_lock_irq+0xb7/0xf0
[ 1465.209025][   T14]  ? _raw_spin_lock_irqsave+0x100/0x100
[ 1465.214665][   T14]  ? kthread_data+0x4b/0xc0
[ 1465.219172][   T14]  worker_thread+0xaa2/0x1270
[ 1465.223855][   T14]  ? __kthread_parkme+0x162/0x1c0
[ 1465.228897][   T14]  kthread+0x29d/0x330
[ 1465.233144][   T14]  ? worker_clr_flags+0x1a0/0x1a0
[ 1465.238260][   T14]  ? kthread_blkcg+0xd0/0xd0
[ 1465.243126][   T14]  ret_from_fork+0x1f/0x30
[ 1465.247912][   T14]  </TASK>
[ 1465.251010][   T14] 
[ 1465.253427][   T14] The buggy address belongs to the physical page:
[ 1465.259941][   T14] page:ffffea0000a26600 refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x28998
[ 1465.270106][   T14] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff)
[ 1465.277220][   T14] raw: 00fff00000000000 ffffea0001c81c08 ffff8880b8f413f0 0000000000000000
[ 1465.285788][   T14] raw: 0000000000000000 0000000000000000 00000000ffffffff 0000000000000000
[ 1465.294458][   T14] page dumped because: kasan: bad access detected
[ 1465.300864][   T14] page_owner tracks the page as freed
[ 1465.306228][   T14] page last allocated via order 2, migratetype Unmovable, gfp_mask 0x446dc0(GFP_KERNEL_ACCOUNT|__GFP_NOWARN|__GFP_RETRY_MAYFAIL|__GFP_COMP|__GFP_ZERO), pid 4275, tgid 4275 (syz-executor), ts 66148017867, free_ts 1465040321961
[ 1465.328846][   T14]  post_alloc_hook+0x173/0x1a0
[ 1465.333721][   T14]  get_page_from_freelist+0x1a1e/0x1ab0
[ 1465.339319][   T14]  __alloc_pages+0x1ec/0x4f0
[ 1465.343925][   T14]  __kmalloc_large_node+0x8c/0x1e0
[ 1465.349067][   T14]  __kmalloc_node+0x10e/0x240
[ 1465.353747][   T14]  kvmalloc_node+0x6c/0x180
[ 1465.358246][   T14]  alloc_netdev_mqs+0x84/0xf00
[ 1465.363986][   T14]  ieee80211_if_add+0xc07/0x1590
[ 1465.368935][   T14]  ieee80211_register_hw+0x2e34/0x39f0
[ 1465.374385][   T14]  mac80211_hwsim_new_radio+0x28c2/0x4c40
[ 1465.380100][   T14]  hwsim_new_radio_nl+0xafa/0xce0
[ 1465.385200][   T14]  genl_family_rcv_msg_doit+0x22a/0x330
[ 1465.390842][   T14]  genl_rcv_msg+0x604/0x790
[ 1465.395862][   T14]  netlink_rcv_skb+0x1fb/0x450
[ 1465.400707][   T14]  genl_rcv+0x24/0x40
[ 1465.404853][   T14]  netlink_unicast+0x74d/0x8d0
[ 1465.409622][   T14] page last free stack trace:
[ 1465.414473][   T14]  free_unref_page_prepare+0x8b4/0x9a0
[ 1465.420055][   T14]  free_unref_page+0x2e/0x3f0
[ 1465.424742][   T14]  free_large_kmalloc+0xfd/0x190
[ 1465.429683][   T14]  device_release+0x92/0x1c0
[ 1465.434345][   T14]  kobject_put+0x21d/0x460
[ 1465.438746][   T14]  netdev_run_todo+0xcb3/0xdb0
[ 1465.443585][   T14]  ieee80211_unregister_hw+0xfc/0x290
[ 1465.448950][   T14]  mac80211_hwsim_del_radio+0x285/0x480
[ 1465.454488][   T14]  hwsim_exit_net+0x589/0x650
[ 1465.459154][   T14]  cleanup_net+0x706/0xba0
[ 1465.463737][   T14]  process_one_work+0x8a2/0x1160
[ 1465.468757][   T14]  worker_thread+0xaa2/0x1270
[ 1465.473597][   T14]  kthread+0x29d/0x330
[ 1465.477648][   T14]  ret_from_fork+0x1f/0x30
[ 1465.482063][   T14] 
[ 1465.484384][   T14] Memory state around the buggy address:
[ 1465.490118][   T14]  ffff888028997f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 1465.498168][   T14]  ffff888028998000: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[ 1465.506232][   T14] >ffff888028998080: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[ 1465.514303][   T14]                                                        ^
[ 1465.521660][   T14]  ffff888028998100: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[ 1465.529995][   T14]  ffff888028998180: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[ 1465.538066][   T14] ==================================================================
[ 1465.568658][T18766] overlayfs: failed to clone upperpath
[ 1465.610980][   T14] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[ 1465.618301][   T14] CPU: 0 PID: 14 Comm: kworker/0:1 Not tainted syzkaller #0
[ 1465.625608][   T14] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
[ 1465.635942][   T14] Workqueue: infiniband ib_cache_event_task
[ 1465.642477][   T14] Call Trace:
[ 1465.645815][   T14]  <TASK>
[ 1465.648970][   T14]  dump_stack_lvl+0x188/0x24e
[ 1465.653668][   T14]  ? memcpy+0x3c/0x60
[ 1465.657663][   T14]  ? show_regs_print_info+0x12/0x12
[ 1465.663055][   T14]  ? load_image+0x400/0x400
[ 1465.667600][   T14]  panic+0x2e5/0x730
[ 1465.671606][   T14]  ? bpf_jit_dump+0xd0/0xd0
[ 1465.676143][   T14]  ? _raw_spin_unlock_irqrestore+0x10d/0x120
[ 1465.682175][   T14]  ? _raw_spin_unlock+0x40/0x40
[ 1465.687158][   T14]  ? print_memory_metadata+0x314/0x400
[ 1465.692641][   T14]  check_panic_on_warn+0x80/0xa0
[ 1465.697905][   T14]  ? siw_query_port+0x358/0x450
[ 1465.702781][   T14]  end_report+0x66/0x110
[ 1465.707052][   T14]  kasan_report+0x118/0x140
[ 1465.711683][   T14]  ? siw_query_port+0x358/0x450
[ 1465.716560][   T14]  siw_query_port+0x358/0x450
[ 1465.721255][   T14]  ib_cache_update+0x1bf/0x9c0
[ 1465.726034][   T14]  ? ib_cache_setup_one+0x5d0/0x5d0
[ 1465.731267][   T14]  ? lockdep_hardirqs_on_prepare+0x409/0x770
[ 1465.737464][   T14]  ? read_lock_is_recursive+0x10/0x10
[ 1465.742955][   T14]  ? _raw_spin_unlock_irqrestore+0xc1/0x120
[ 1465.748884][   T14]  ? _raw_spin_unlock+0x40/0x40
[ 1465.753759][   T14]  ib_cache_event_task+0xd4/0x1c0
[ 1465.758815][   T14]  ? process_one_work+0x7b0/0x1160
[ 1465.763947][   T14]  process_one_work+0x8a2/0x1160
[ 1465.768938][   T14]  ? worker_detach_from_pool+0x240/0x240
[ 1465.774740][   T14]  ? _raw_spin_lock_irq+0xb7/0xf0
[ 1465.780004][   T14]  ? _raw_spin_lock_irqsave+0x100/0x100
[ 1465.785566][   T14]  ? kthread_data+0x4b/0xc0
[ 1465.790187][   T14]  worker_thread+0xaa2/0x1270
[ 1465.794892][   T14]  ? __kthread_parkme+0x162/0x1c0
[ 1465.799942][   T14]  kthread+0x29d/0x330
[ 1465.804113][   T14]  ? worker_clr_flags+0x1a0/0x1a0
[ 1465.809292][   T14]  ? kthread_blkcg+0xd0/0xd0
[ 1465.813984][   T14]  ret_from_fork+0x1f/0x30
[ 1465.818437][   T14]  </TASK>
[ 1465.822750][   T14] Kernel Offset: disabled
[ 1465.827261][   T14] Rebooting in 86400 seconds..