last executing test programs:

35.846660277s ago: executing program 4 (id=419):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x5)
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$IP6T_SO_SET_REPLACE(r0, 0x29, 0x40, &(0x7f0000000000)=@raw={'raw\x00', 0x3c1, 0x3, 0x3c0, 0x210, 0x9403, 0x3002, 0x210, 0x2c0, 0x2f0, 0x3d8, 0x3d8, 0x2f0, 0x3d8, 0x3, 0x0, {[{{@ipv6={@private2, @remote, [0xffffff00, 0x0, 0xffffffff], [0xffffffff, 0xffffff00, 0xffffffff], 'macvlan1\x00', 'wg2\x00', {}, {0xa4c8dd0ffa9b1578}, 0x73, 0x9, 0x4, 0x48}, 0x3f00, 0x1c8, 0x210, 0x0, {}, [@inet=@rpfilter={{0x28}, {0xc}}, @common=@inet=@recent0={{0xf8}, {0x0, 0x80, 0x1, 0x0, 'syz0\x00'}}]}, @common=@inet=@TEE={0x48, 'TEE\x00', 0x1, {@ipv6=@private1}}}, {{@uncond, 0x0, 0xa8, 0xe0}, @common=@inet=@SET3={0x38, 'SET\x00', 0x3, {{0xffffffffffffffff, 0x0, 0x2}, {0x4, 0x5, 0x5}, {0x3, 0x4}, 0xbf, 0xb}}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x47b)

35.456188931s ago: executing program 4 (id=421):
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$IP6T_SO_SET_REPLACE(r0, 0x29, 0x40, &(0x7f0000000700)=@raw={'raw\x00', 0x3c1, 0x3, 0x4e8, 0x0, 0x940c, 0x3002, 0x2e0, 0x2c0, 0x418, 0x3d8, 0x3d8, 0x418, 0x3d8, 0x3, 0x0, {[{{@uncond, 0x0, 0x298, 0xc8, 0x0, {}, [@common=@inet=@recent0={{0xf8}, {0x0, 0x2, 0x1, 0x0, 'syz0\x00'}}, @common=@inet=@recent0={{0xf8}, {0x0, 0x0, 0x2, 0x0, 'syz0\x00'}}]}, @common=@inet=@TEE={0x48, 'TEE\x00', 0x1, {@ipv4=@loopback, 'virt_wifi0\x00'}}}, {{@uncond, 0x0, 0xd0, 0x138, 0x0, {}, [@inet=@rpfilter={{0x28}}]}, @unspec=@CT1={0x68, 'CT\x00', 0x1, {0x0, 0x0, 0x0, 0x0, '\x00', 'syz0\x00'}}}], {{'\x00', 0x0, 0xa8, 0xd0, 0x0, {0x8000000}}, {0x28}}}}, 0x548)

34.660491795s ago: executing program 4 (id=423):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x9)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
open(&(0x7f00000005c0)='./bus\x00', 0x147842, 0x0)
r0 = openat(0xffffffffffffff9c, &(0x7f0000000380)='./bus\x00', 0x0, 0xc)
r1 = openat(0xffffffffffffff9c, &(0x7f0000004400)='./bus\x00', 0x1c1002, 0x0)
r2 = syz_init_net_socket$ax25(0x3, 0x5, 0xcb)
ioctl$SIOCAX25GETUID(r2, 0x89e0, &(0x7f0000000200)={0x3, @bcast})
r3 = socket$inet_icmp(0x2, 0x2, 0x1)
socket$inet6_tcp(0xa, 0x1, 0x0)
socket$xdp(0x2c, 0x3, 0x0)
socket$inet_tcp(0x2, 0x1, 0x0)
socket$nl_netfilter(0x10, 0x3, 0xc)
r4 = socket$nl_route(0x10, 0x3, 0x0)
bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000100)=ANY=[@ANYRES32=r2, @ANYRES32=r3, @ANYBLOB='@\x00'/20, @ANYRESOCT, @ANYRES8, @ANYRES32=r4], 0x48)
socket$nl_route(0x10, 0x3, 0x0)
socket$inet_smc(0x2b, 0x1, 0x0)
r5 = socket$kcm(0xa, 0x6, 0x0)
r6 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000007c0)='memory.events\x00', 0x26e1, 0x0)
r7 = socket$inet6_sctp(0xa, 0x1, 0x84)
sendmmsg$inet6(r7, &(0x7f0000001c80)=[{{&(0x7f0000000240)={0xa, 0x4e21, 0x4, @private0, 0x3}, 0x1c, &(0x7f00000003c0)=[{&(0x7f0000000440)="14", 0x1}], 0x1}}], 0x1, 0x931766f6319eed40)
shutdown(r7, 0x1)
getsockopt$bt_hci(r7, 0x84, 0x80, &(0x7f0000002100)=""/4127, &(0x7f0000000000)=0x101f)
setsockopt$sock_attach_bpf(r5, 0x10d, 0xa, &(0x7f0000000000)=r6, 0x4)
ioctl$DRM_IOCTL_GET_CLIENT(r1, 0xc0286405, &(0x7f00000000c0)={0x9b9cbe7, 0xffffffff, {<r8=>0xffffffffffffffff}, {<r9=>0x0}, 0x0, 0x2})
ioctl$DRM_IOCTL_GET_CLIENT(r1, 0xc0286405, &(0x7f0000000200)={0x8000, 0x9ef, {r8}, {r9}, 0x0, 0x2})
quotactl_fd$Q_SETQUOTA(0xffffffffffffffff, 0x0, r9, &(0x7f0000004800)={0x3, 0x1, 0x3, 0x2, 0x2, 0x2, 0x6, 0x8001, 0xffff})
write(r1, &(0x7f0000004200)='\x00', 0x1)
sendfile(r1, r0, 0x0, 0x3ffff)
sendfile(r1, r0, 0x0, 0x7ffff000)

32.127476496s ago: executing program 4 (id=430):
syz_mount_image$udf(&(0x7f0000000040), &(0x7f0000000500)='./file0\x00', 0x18008, &(0x7f0000000000)=ANY=[@ANYRES32=0x0, @ANYRESDEC], 0xfe, 0x4b1, &(0x7f0000001d00)="$eJzs201sVNUbx/HfM3c6TIf+/5YXCxgCTTSxgkBfsEBqYnix0YQXLVQj8SWVTrHSdkinKCUgLNWdC5Yu3bpwZdwaEpfGhcEYFibIxs2sxB3m3LlvM5TOjG1nKP1+CJx7zzx3OOc8c+ecM5kRAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACQjrx6uLfPWt0KAADQTCdPj/QOMP8DALCmnGH/DwAAsJaYPP0u054LJTvhn5dlj0/OXLo8emx44cvaTaaUPD/e/c329Q/sf2nwwMGwXPz65bZNp06fOdx9tDB9cTZfLObHu0dnJs8VxvN1P8NSr6+2yx+A7ukLl8YnJord/XsHKh6+3Hlv3fquzqHB945mwtjRY8PDpxMx6bb//L8/5FEr/Iw8vSDTx99/ayclpbT0sajx2llp7X4ndvmdGD027HdkanJsZs49aKkgKlU5JplwjJqQiyVJSa5dllmePVubPP0g05F9JTslyQvHYbf/wXBd7WmFtNu6SurRKsjZY2ydPH0g0619nXojGFc//xnpaqsbhxWXDu7/gpXsTf/9wN1P7m3z+Fvdr89MFBKxlgruqNU+PzTTY/7elJWnU/4dX7IR7Wx1c9Bk7fI0LVPmq0/8dYX8delTQwd27DyUXGFsqfE8LnZvcHPVMye3BUsHS7k/y98v1Cdrnv6U6f5vWf+8J5wDpBsPFrvwj6Y0DyvNPE3J9M+1klnVvtRL7O8jq33uX9n2t2ePFi7Oz06e/2huwcdz2cMfFudmx84t/HB57+ola2rtY6ulGtuS5ay84/v801J0XbAH+F/5LG7NN1fj10JPVRlKvn7qOa57F9vAOsq1yczTXZkm3t9anmeUa3hs1gKX/2GZiqWfLcx0kP90+SyR/5fj8ctaZRnxc/v/8uda4Vpi29nNj6pfify7Nrn8vyPTkb+3Bp9plPPvVcW6uC6Z3r25PYhLZVxcOuxO+RknJqfyvS72gUwbfwpj5cfmgthNcWyfiy3K9MWtytj1QezmOLbfxd6W6c6vC8c+HccOuNh5l6873WFszsXuCGK74ti95wpT47WG1eW/X6a3r79mYZ8fmf/E/X+jqow8lPPFj5cr/52JuhtBXs8G+U/XyP+XMs3/tT3stz/24ctqg/9vnH+3Vv7uZmVsuKHcGMf21dutVnP53yDTvVduR30O+hacxhlK5v+ZdGUZjWuL8r8hUdcZtCvT4FisRcX5KxfGpqbysxxwwAEH0UGr35nQDG7+H3Gz+qBn4TommP87ymfxiun+Z/H8P1RVRlo0/29M1A0Fq5a2tJSdm77YtkXKFuev7JmcHjufP5+fGdg/2Nt/aH/vwMG2TLi4i4/qHrsngcv/bpmu/fhLtI+pXP8tvP7PVZWRFuV/U7JPFeuauodiTXL575Bp8O7taL+52Po/3P/3PFtZRvdfi/K/OVHXGbSro8GxAAAAAAAAAAAAAAAAAIDVJGeenpPp8siLFv6GqJ7v/41XlZHl//5X+YfJNb7/1ZWoG2/S7xoaGmgAAAAAAAAAAIAmScnT1zI9r5JddxUd0olkiSfavwEAAP//G6xIAA==")
mkdir(&(0x7f0000000300)='./bus\x00', 0x0)
chdir(&(0x7f00000003c0)='./bus\x00')
mkdir(&(0x7f0000000000)='./file0\x00', 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000340)='./file1\x00', 0x0)
mkdir(&(0x7f00000004c0)='./bus\x00', 0x0)
mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f0000000200)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@upperdir={'upperdir', 0x3d, './file1'}}]})
chdir(&(0x7f0000000140)='./bus\x00')
r0 = creat(&(0x7f0000000300)='./bus\x00', 0x0)
r1 = open(&(0x7f0000000440)='./bus\x00', 0x0, 0x0)
dup3(r1, r0, 0x0)
io_setup(0x5, &(0x7f0000000240)=<r2=>0x0)
io_submit(r2, 0x3f0a, &(0x7f0000000540)=[&(0x7f00000000c0)={0xf04aef, 0x3d8, 0x4, 0x0, 0x0, r0, &(0x7f0000000000), 0x200a00, 0xfdff}])

30.456834003s ago: executing program 4 (id=433):
syz_mount_image$efs(&(0x7f00000002c0), &(0x7f0000000300)='./file0\x00', 0x40000000000000, &(0x7f0000000340), 0x1, 0x293, &(0x7f0000000380)="$eJzs3LFvW0UcB/CvXQfcqBIWSwEhkVIkOrROcIGJIR34D4C9at0oqguIsLRigJml/wJbB8TAxAYzAyv8E0hlRRUPvfieE0OcEluOafv5KLHvvffL/e4s3UV6d34BAAAAAAAAAJ4avSQvJXk1yUY5V1VV9ecfX9zYTvJaklYT2Nn/yVqJe69+eVhVeVRV55Ksl7A6qJ3kTF3uHkrWGeeYnGqXupPU+Xbe//r2Ronb/y0xTVyrtHG7nK5Dzjd1tfLlMj8nOOz+z4P+hY+S+7+M36f0VtSoo5RB3S6HzbA6f8Jq6vGZMvZS5oVD1S/X9kHe09Qrc1z92VU/bqfVSaoXxteqMwdxzdzU+ODl1qm3FQAAAAAAAGL9H+Zi/X+q+uWy/g8AAAAAAACP9WH77GRdr5WNI9fVLye59B/re5Dk2yTfJfk+yV9JfkjyaOEl0WqyoFZV01fmWml7uFBjAAAAgCfET9fKBt6yMbq5D/LrP94vLJinPeP871+Nr1y6eHz+N8r9l9fnzP/izPzjOyfrOT7/xTnzNmb2/1p7KmBW/ivLyl/6fzPH57+8pPzVN+P8bz4m/+bndz7d3Lt778runes7w53hx4PB1Xe33t7aemeweWt3NNwav564XU3/X+kcn79/4pqndRb8ewAAYHH/+v488Myox/+5dFr9g3K73x8/s6OX7tqt3dFwUOaI5vitTF+/Wp4F0ktnrbkL8VySB63u2fq4f+OT0c1VdxQAmNi7e+/29dFo+NneqlsCAAAAAAAAAACc1MH+n+UVVt1H4GhrM/b/P7+/n399st+/m+S3VndtvqcMAP9Hp/H/X0FB4UkrrHpmAgAAAAAAAAAAAAAAAAAAAICn398BAAD//5sBpuQ=")

29.336771942s ago: executing program 4 (id=436):
syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f0000000040)='./file0\x00', 0x11, &(0x7f0000000140), 0x9, 0x61f, &(0x7f0000000c40)="$eJzs3c9vFFUcAPDvTH+3YgsxKh6kiTGQKC0tYIgxEeKVEPxx81RpIUihhNZokcSS4EVjvHgw8eRB/C+UxKsHrx68eDIkjTEcxKCsme1s2R/dsv2x3bb7+SRD38y0874DfPvevn1vNoC2NZz9kUbsj4irScRg2bnOyE8OL33fvb9unMu2JAqFt/9M4sYnyUL5tZL860D+w/8NRvJLGrGvo7be2fnrlyamp6eu5fujc5evjs7OXz988fLEhakLU1fGXxk/cfzY8RNjRzZ0f3vKyqdvvf/h4Gdn3v3umwfJ2Pe/nUniZDzMY8vuq/pnezZUc/Z3NhyFJffLj6cRcWKD194u/h4s/T95JKk+wLZ1Ps/zroh4Jgajo+xfczA+fbOlwQFNVUii1EYBbSdZV/73bn4gwBYr9QNKr+1Xeh1cK21yrwTYCounlgYAlnK/KyJK+d+5NDYYvcWxgf57SWlkYDn5NzYytySr4+efztzKtqgzDrciv4JgwxZulka5q9v/pJibQ9Fb3Ou/l1aM86ZlW3b8rXXWP1y133D+Axu2cDMins3b/+5Yd/6/V33hvsbqbyj/e9dyRwAAAAAAANC+7pyKiJdXmv+XLs//6a6c/1M0EBEnN6H+x7//l97NC8kmVAeUWTwV8VrN/N9/y2cHD3Xk7/PvKc4H6ErPX5yeOhIRT0bEoejqyfbHKi9bMTvv8Bf7vq5Xf/n8v2zL6i/NBcwvdbezaiHu5MTcxObcPbS3xZsRzxXn/x7Ij1TO/8na/6Sm/f/8jSzBrzZYx74Xb5+td+7x+Q80S+HbiIMrrv951N1OVn8+x2ixPzBa6hXUev7jL3+oV7/8h9bJ2v/+1fO/Jyl/Xs/s2q7fHRFH5zsL9c6vt//fnbzTUbp+5qOJublrYxHdyena4+Nrixl2q1I+lPIly/9DL6w+/rfc/y/Lw76IWGiwzqcfDvxe75z2H1ony//J1dv/ocr2v7KQfV+dU3mhN8ZvD/2YP2KsxtmG2v9jxTb9UH7E+B+Uq10MXzcdqwotCRcAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAdrg0Ip6IJB1ZLqfpyEjEQEQ8Ff3p9Mzs3EvnZz64Mpmdq/z8/8Gl/aT0+f9DZfvjVftHI2JvRHzV0VfcHzk3Mz3Z6psHAAAAAAAAAAAAAAAAAACAbWKguOa/0FO9/j/zR0erowOarjP/Kt+h/XSu+ycLPZsaCLDl1p//wE7XeP53NTUOYOvVz//7DwpFWxoOsIX0/6F9rTP/vV0Au4D2H9pVg2N6vc2OA2iFhtv/xebGAQAAAAAAbIq9B+78mkTEwqt9xS3TnZ8z2R92t7TVAQAtYw4vtK/OmVZHALSK1/hAslz6Z8XF/vVn/yfNCQgAAAAAAAAAAAAAqHFwv/X/0K7SiFU+wtvcftjNVln/v1Lye1wA7CL1P/qjkbY/0UOAHcxrfOBx7bj1/wAAAAAAAAAAAACwDfRevzQxPT11bXZ+5xVe3x5hrK2wMLEtwtjUwsPmXLkrIrbHDW51ofQIjhaG0eLfSwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAwLL/AwAA//+VGi6/")

12.328194799s ago: executing program 1 (id=463):
socket$nl_sock_diag(0x10, 0x3, 0x4)
r0 = socket$packet(0x11, 0x3, 0x300)
ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r0, 0x8933, &(0x7f00000000c0))
r1 = openat$dsp(0xffffffffffffff9c, &(0x7f0000000000), 0x42, 0x0)
write$dsp(r1, &(0x7f00000001c0)='\\', 0x1)
mmap(&(0x7f0000001000/0x4000)=nil, 0x4000, 0x200000d, 0x12, 0xffffffffffffffff, 0xcfe6b000)
r2 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x8, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{0x6, 0x0, 0x0, 0x7fc00100}]})
r3 = socket$kcm(0xa, 0x0, 0x87)
r4 = bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000003c0)={&(0x7f0000000200)='sys_enter\x00', r4}, 0x10)
ioctl$sock_kcm_SIOCKCMUNATTACH(r3, 0x89e1, &(0x7f0000000280))
r5 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r5, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f000000c280)={&(0x7f0000000080)=ANY=[@ANYBLOB="140000001000010000000000000000000000030a38000000000a01010000000000000000050000000900010073797a30000000000c00044000000000000000040c0004400000000000000005bc000000030a01030000000000000000050000000900010073797a300000000008000540000000004c0008800c00014000000000000000010c0002400000000000f6ff000c00024000000000000016cc0c21014000000000000100010c00024000000000000000140c00014000000000000000090900030073797a32000000000b00070066696c746572000030000480080002406b10a61d140003007465616d5f736c6176655f3000000000080002404e73b858080001"], 0x130}}, 0x0)
ioctl$SECCOMP_IOCTL_NOTIF_RECV(r2, 0xc0502100, &(0x7f00000002c0)={<r6=>0x0})
syz_io_uring_submit(0x0, 0x0, 0x0)
r7 = syz_open_dev$loop(&(0x7f00000001c0), 0x75f, 0x80002)
ioctl$LOOP_SET_STATUS(r7, 0x1277, 0x0)
ioctl$SECCOMP_IOCTL_NOTIF_SEND(r2, 0xc0182101, &(0x7f0000000180)={r6})
close(0xffffffffffffffff)
r8 = fspick(0xffffffffffffff9c, &(0x7f0000000140)='./file0\x00', 0x0)
fsconfig$FSCONFIG_SET_STRING(r8, 0x1, &(0x7f00000001c0)='\xff\xff\xff\xff\xff\xff', &(0x7f0000000200)='\x00', 0x0)
ioctl$SECCOMP_IOCTL_NOTIF_ADDFD(r2, 0x40182103, &(0x7f0000000080)={0x0, 0x3, r2, 0x4000000})
ioctl$IOCTL_STATUS_ACCEL_DEV(0xffffffffffffffff, 0x40046103, &(0x7f0000000380)={0x1, 0x6, 0x2, 0x7, 0x2e, 0x5, 0x3f, 0x8, 0x6, 0x67, 0xf8, "1b448cde8a9b553a9c15f9ef30d5f50a357d0453f3d450480b96c23dce521823"})
bind$packet(0xffffffffffffffff, 0x0, 0x0)
r9 = socket(0x15, 0x6, 0x1)
getsockopt(r9, 0x200000000114, 0x5, &(0x7f0000c35fff)=""/1, &(0x7f0000000000)=0x1)
sendmsg$TCPDIAG_GETSOCK(0xffffffffffffffff, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000240)=ANY=[], 0x64}}, 0x4008004)

11.096741404s ago: executing program 0 (id=465):
r0 = openat$vicodec0(0xffffffffffffff9c, &(0x7f00000025c0), 0x2, 0x0)
ioctl$VIDIOC_S_SELECTION(r0, 0xc040565f, &(0x7f0000000000)={0xa, 0x0, 0x5, {0x0, 0x0, 0x0, 0xffffffff}})
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1801000011000000000000000000000018120000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000f6000000850000004300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x24, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$PROG_LOAD(0x5, &(0x7f0000000300)={0x0, 0x4, &(0x7f0000000480)=ANY=[@ANYBLOB="18000000000000000000000000000000850000006d"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000240)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000300)='sys_enter\x00', r1}, 0x10)
mount$tmpfs(0x0, &(0x7f0000000040)='./file0\x00', 0x0, 0x128a877, &(0x7f0000000440)=ANY=[@ANYBLOB="678670696e6f8f475f686172646c6900080000332cb374626b07814e1332f22ad82012a59f03cfb52e5bbf580820b316f647fed34733938ac5c45a898d9425609f13eedfe52e71a0571bd6376cc61624072d46fcc08e772de6d2e00897240c3150092970ad3ed728e74b10b58f863ed90f89f0e90689a5"])
socket(0x2a, 0x2, 0x0)
shmat(0x0, &(0x7f0000000000/0x4000)=nil, 0xffffffffffffdfff)

10.186780248s ago: executing program 2 (id=467):
bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0x10, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sk_msg, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90)
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000100)=@base={0x5, 0x81, 0x2, 0x9, 0x0, 0x1, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000000), &(0x7f0000000000), 0x402, r0}, 0x38)
bpf$MAP_DELETE_BATCH(0x18, &(0x7f0000000080)={0x0, &(0x7f0000001640)=""/233, &(0x7f00000002c0), &(0x7f0000000440), 0x5, r0}, 0x38)
lsetxattr$system_posix_acl(&(0x7f0000000400)='.\x00', &(0x7f0000000440)='system.posix_acl_default\x00', &(0x7f00000000c0)=ANY=[@ANYBLOB="0200000001000000000000000200", @ANYRES32=0xee01, @ANYBLOB="02000000", @ANYRES32=0xee00, @ANYBLOB="02000000", @ANYRES32=0xee00, @ANYBLOB, @ANYBLOB="040000000000800008000000", @ANYRES32=0x0, @ANYBLOB, @ANYRES32=0x0, @ANYBLOB='\b\x00\x00\x00', @ANYRES32=0x0, @ANYBLOB="100000000000000020"], 0x5c, 0x0)
syz_mount_image$vfat(&(0x7f0000000000), &(0x7f00000003c0)='./file0\x00', 0x402, 0x0, 0x1, 0x0, &(0x7f0000000000))
r1 = socket(0x1e, 0x2, 0x0)
setsockopt$sock_int(r1, 0x1, 0x2e, &(0x7f0000000040)=0x5, 0x4)
epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, r1, &(0x7f0000000100))
epoll_ctl$EPOLL_CTL_MOD(0xffffffffffffffff, 0x3, r1, &(0x7f0000000000)={0xc2a10a980d0dcec8})
mkdirat(0xffffffffffffff9c, &(0x7f0000000140)='./bus\x00', 0x0)
syz_emit_ethernet(0x40, &(0x7f00000004c0)={@broadcast, @multicast, @void, {@ipv4={0x800, @icmp={{0x5, 0x4, 0x0, 0x0, 0x32, 0x0, 0x0, 0x0, 0x1, 0x0, @private=0xa010101, @local}, @redirect={0x5, 0x0, 0x0, @multicast2, {0x5, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, 0x0, @private, @empty}, "631d"}}}}}, 0x0)
r2 = socket$inet6_udp(0xa, 0x2, 0x0)
setsockopt$IP6T_SO_SET_REPLACE(r2, 0x29, 0x40, &(0x7f0000000600)=@mangle={'mangle\x00', 0xc061, 0x6, 0x570, 0xe8, 0xe8, 0xe8, 0xe8, 0xe8, 0x4a0, 0x4a0, 0x4a0, 0x4a0, 0x4a0, 0x6, 0x0, {[{{@ipv6={@mcast1, @empty, [], [], 'ip_vti0\x00', 'veth1_vlan\x00'}, 0x0, 0xa8, 0xe8, 0x0, {0x0, 0x3a010000}}, @common=@unspec=@RATEEST={0x40, 'RATEEST\x00', 0x0, {'syz0\x00', 0x0, 0x4}}}, {{@uncond, 0x0, 0xa8, 0xd0}, @unspec=@CHECKSUM={0x28}}, {{@uncond, 0x0, 0xa8, 0xf0}, @DNPT={0x48, 'DNPT\x00', 0x0, {@ipv6=@mcast1, @ipv6=@private0, 0xfd}}}, {{@uncond, 0x0, 0xa8, 0xd0}, @HL={0x28}}, {{@uncond, 0x0, 0x100, 0x128, 0x0, {}, [@inet=@rpfilter={{0x28}}, @common=@ah={{0x30}}]}, @inet=@DSCP={0x28}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x5d0)
syz_mount_image$fuse(0x0, &(0x7f0000000180)='./file2\x00', 0x0, 0x0, 0x0, 0x0, 0x0)
mount$overlay(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000000), 0x0, &(0x7f0000000140)={[{@workdir={'workdir', 0x3d, './file0'}}, {@lowerdir={'lowerdir', 0x3d, '.'}}, {@upperdir={'upperdir', 0x3d, './file2'}}], [], 0x2c})
r3 = openat$dir(0xffffffffffffff9c, &(0x7f00000000c0)='./file0\x00', 0x0, 0x0)
write$P9_RVERSION(0xffffffffffffffff, &(0x7f00000001c0)=ANY=[@ANYBLOB="28ff0f00000f00000004edac767155b8c5e800cee4859af5679257fdd604b038c433efc9c6732733d319c962be14eb00141bffb6bf9dbac9c3f50179fae27195defb3343bdf1237a05f0e68f8c1c8a783cbbd9ce0f8ac66bcb52b96a193aa8f3eb779949044ba02475b122"], 0x13)
fchmodat(r3, &(0x7f00000000c0)='./bus\x00', 0x0)

9.439659993s ago: executing program 1 (id=468):
socket$inet_udp(0x2, 0x2, 0x0)
r0 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000100)={'virt_wifi0\x00', <r1=>0x0})
sendmsg$nl_route(r0, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000580)={&(0x7f00000002c0)=@newlink={0x64, 0x10, 0x403, 0x0, 0x0, {0x0, 0x0, 0x4, 0x0, 0x300}, [@IFLA_LINKINFO={0x3c, 0x12, 0x0, 0x1, @vlan={{0x9}, {0x2c, 0x2, 0x0, 0x1, [@IFLA_VLAN_INGRESS_QOS={0x10, 0x4, 0x0, 0x1, [@IFLA_VLAN_QOS_MAPPING={0xc, 0x1, {0x6, 0x1}}]}, @IFLA_VLAN_EGRESS_QOS={0x10, 0x3, 0x0, 0x1, [@IFLA_VLAN_QOS_MAPPING={0xc, 0x39, {0x6d}}]}, @IFLA_VLAN_ID={0x6, 0x1, 0x2}]}}}, @IFLA_LINK={0x8, 0x5, r1}]}, 0x64}}, 0x0)

8.981655193s ago: executing program 0 (id=469):
r0 = syz_open_dev$sg(&(0x7f00000060c0), 0x0, 0x8002)
r1 = fcntl$dupfd(r0, 0x0, r0)
write$sndseq(r1, &(0x7f0000000180)=[{0x0, 0x0, 0x0, 0x0, @tick, {}, {}, @raw32}, {0x0, 0x0, 0x0, 0x0, @time, {}, {}, @quote}], 0x38)
r2 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_EXP_DELETE(r2, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000004c0)={0x108, 0x2, 0x2, 0x301, 0x0, 0x0, {0xa}, [@CTA_EXPECT_MASTER={0xc0, 0x1, 0x0, 0x1, [@CTA_TUPLE_ZONE={0x6, 0x3, 0x1, 0x0, 0xc}, @CTA_TUPLE_ZONE={0x6, 0x3, 0x1, 0x0, 0x4}, @CTA_TUPLE_IP={0x2c, 0x1, 0x0, 0x1, @ipv6={{0x14, 0x3, @dev={0xfe, 0x80, '\x00', 0x24}}, {0x14, 0x4, @dev={0xfe, 0x80, '\x00', 0x25}}}}, @CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @rand_addr=0x64010101}, {0x8, 0x2, @initdev={0xac, 0x1e, 0x0, 0x0}}}}, @CTA_TUPLE_IP={0x2c, 0x1, 0x0, 0x1, @ipv6={{0x14, 0x3, @empty}, {0x14, 0x4, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02'}}}, @CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @private=0xa010102}, {0x8, 0x2, @private=0xa010100}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5, 0x1, 0x15}}, @CTA_TUPLE_ZONE={0x6, 0x3, 0x1, 0x0, 0x1}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5, 0x1, 0x1}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5, 0x1, 0x11}}]}, @CTA_EXPECT_TIMEOUT={0x8, 0x4, 0x1, 0x0, 0xff}, @CTA_EXPECT_ZONE={0x6, 0x7, 0x1, 0x0, 0x4}, @CTA_EXPECT_FN={0x13, 0xb, 'callforwarding\x00'}, @CTA_EXPECT_TUPLE={0x10, 0x2, 0x0, 0x1, [@CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5, 0x1, 0x1}}]}]}, 0x108}, 0x1, 0x0, 0x0, 0x4048005}, 0x40000)
epoll_create1(0x0)
socket$nl_generic(0x10, 0x3, 0x10)
pselect6(0x76, &(0x7f0000001000)={0x7a}, 0x0, 0x0, 0x0, 0x0)

8.965933965s ago: executing program 2 (id=470):
r0 = openat$ptp0(0xffffffffffffff9c, &(0x7f0000000940), 0x2bc0f6b10f44bf15, 0x0)
syz_mount_image$ext4(&(0x7f0000000580)='ext4\x00', &(0x7f00000005c0)='./file0\x00', 0x1008002, &(0x7f0000000300)={[{@grpquota}, {@debug_want_extra_isize={'debug_want_extra_isize', 0x3d, 0x84}}, {@resuid}, {@max_batch_time={'max_batch_time', 0x3d, 0x3}}, {@lazytime}, {@jqfmt_vfsold}, {@usrquota}, {@data_err_abort}]}, 0x1, 0x5d8, &(0x7f0000000c00)="$eJzs3c9vFFUcAPDvbH/QUrSFGBUP0sQYSJSWFjDEeICrIQ3+iBcvVloQKdDQGi2aUBK8mBgvxph48iD+F0rkyklPHrx4MiREDUcT18x2pnTb2ZYubacyn0+y9M17O7w33X773r6+NxtAZQ2m/9Qi9kbEdBLRn8wvlnVGVji48Lx7f39yOn0kUa+/8WcSSZaXPz/JvvZlJ/dExM8/JbGnY2W9M3NXzo9PTU1ezo6HZy9MD8/MXTl47sL42cmzkxdHXxo9dvTI0WMjh9q6rqsFeSevv/9h/2djb3/3zT/JyPe/jSVxPF7Nnrj0OjbKYAw2vifJyqK+YxtdWUk6sp+TpS9x0llig1iX/PXrioinoj864v6L1x+fvlZq44BNVU8i6kBFJeIfKiofB+Tv7Ze/D66VMioBtsLdEwsTACvjv3NhbjB6GnMDO+8lsXRaJ4mI9mbmmu2KiNu3xq6fuTV2PTZpHg4oNn8tIp4uiv+kEf8D0RMDjfivNcV/Oi44lX1N819vs/7lU8XiH7bOQvz3rBr/0SL+31kS/++2Wf/g/eR7vU3x39vuJQEAAAAAAEBl3TwRES8W/f2/trj+JwrW//RFxPENqH9w2fHKv//X7mxANUCBuyciXilc/1vLV/8OdGSpxxrrAbqSM+emJg9FxOMRcSC6dqTHI6vUcfDzPV+3KhvM1v/lj7T+29lawKwddzp3NJ8zMT47/rDXDUTcvRbxTOH632Sx/08K+v/098H0A9ax5/kbp1qVrR3/wGapfxuxv7D/v3/XimT1+3MMN8YDw/moYKVnP/7ih1b1txv/bjEBDy/t/3euHv8DydL79cysv47Dc531VmXtjv+7kzcbt5zpzvI+Gp+dvTwS0Z2c7Ehzm/JH199meBTl8ZDHSxr/B55bff6vaPzfGxHzy/7v5K/mPcW5J//t+71Ve4z/oTxp/E+sq/9ff2L0xsCPrep/sP7/SKOvP5DlmP+DBV/lYdrdnF8Qjp1FRVvdXgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4FNQiYlcktaHFdK02NBTRFxFPxM7a1KWZ2RfOXPrg4kRa1vj8/1r+Sb/9C8dJ/vn/A0uOR5cdH46I3RHxZUdv43jo9KWpibIvHgAAAAAAAAAAAAAAAAAAALaJvhb7/1N/dJTdOmDTdZbdAKA0BfH/SxntALae/h+qS/xDdYl/qC7xD9Ul/qG6xD9Ul/iH6hL/AAAAAADwSNm97+avSUTMv9zbeKS6s7KuUlsGbLZa2Q0ASuMWP1Bdlv5AdXmPDyRrlPe0PGmtM1czffohTgYAAAAAAAAAAACAytm/1/5/qCr7/6G67P+H6sr3/+8ruR3A1vMeH4g1dvIX7v9f8ywAAAAAAAAAAAAAYCPNzF05Pz41NXlZ4q3t0YytTNTr9avpT8F2ac//PJEvhd8u7VmWyPf6PdhZ5f1OAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAmv0XAAD//xYSJMU=")
bpf$BPF_BTF_LOAD(0x12, 0x0, 0x0)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000000)='cpuacct.usage_percpu_sys\x00', 0x275a, 0x0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000040)='.\x00', 0x0, 0x0)
r3 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r3, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000900)=ANY=[@ANYBLOB="b800000019000100"/56, @ANYRES16=r2], 0xb8}, 0x1, 0x0, 0x0, 0x10}, 0x4048810)
syz_io_uring_setup(0xd2, &(0x7f0000000480), &(0x7f0000000100), 0x0)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000180)={{r2}, &(0x7f0000000080), &(0x7f0000000140)=r1}, 0x20)
r4 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000540), 0xffffffffffffffff)
sendmsg$NL80211_CMD_TDLS_MGMT(r2, &(0x7f0000000680)={&(0x7f0000000500)={0x10, 0x0, 0x0, 0x200}, 0xc, &(0x7f0000000640)={&(0x7f0000000600)={0x28, r4, 0x8, 0x70bd2d, 0x25dfdbfb, {{}, {@void, @val={0xc, 0x99, {0x49a, 0x7c}}}}, [@NL80211_ATTR_STATUS_CODE={0x6, 0x48, 0xf}]}, 0x28}, 0x1, 0x0, 0x0, 0x400040c0}, 0x4010)
ioctl$AUTOFS_DEV_IOCTL_CATATONIC(r2, 0xc0189379, &(0x7f0000000840)={{0x1, 0x1, 0x18, <r5=>r0}, './file0\x00'})
bpf$BPF_PROG_QUERY(0x10, &(0x7f0000000800)={@map=r5, 0x16, 0x1, 0x7fffffff, 0x0, 0x0, 0x0, &(0x7f0000000740), &(0x7f0000000780)=[0x0, 0x0, 0x0], 0x0}, 0x40)
r6 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r6, 0x0, 0x20000844)
r7 = syz_open_dev$dri(&(0x7f0000000080), 0x1, 0x0)
ioctl$DRM_IOCTL_MODE_GET_LEASE(r7, 0xc01064c8, 0x0)
ioctl$DRM_IOCTL_MODE_CURSOR(r7, 0xc01c64a3, &(0x7f0000000400)={0x1, 0x0, 0xd, 0x10, 0x3})
r8 = socket$nl_generic(0x10, 0x3, 0x10)
r9 = syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r8, 0x8933, &(0x7f0000000100)={'wlan1\x00', <r10=>0x0})
sendmsg$NL80211_CMD_DEL_KEY(r8, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000980)=ANY=[@ANYBLOB="86f3bc3e9a91863c0000", @ANYRES16=r9, @ANYBLOB="010000000000000000", @ANYRES32=r10, @ANYBLOB], 0x3c}}, 0x0)
syz_mount_image$ext4(&(0x7f00000008c0)='ext2\x00', &(0x7f0000000200)='./file0\x00', 0x180c095, &(0x7f0000000880), 0x21, 0x4e0, &(0x7f0000000a40)="$eJzs3c9vG1kdAPCvJz+bzW6ysAdAoC2wUFCpnbi7UdVTuYBQVQlRceLQhsSNothxFDulCT2k/wMSlTiBxB1xQAIJqSfu3OiNSzkgFahAzYGD0YzHrUnsNm3TOBt/PtKo8+bZ/n6frXnv+bX1C2BonY2I3YgYj4ibETGTXy/kR1xpH+njnj65u7T35O5SIVqt6/8sZPXpteh6Tuqd/DUnI+IH3434ceFg3Mb2ztpitVrZzMulZm2j1NjeubBaW1yprFTWy+WF+YW5Sxc/KR9ZWz+s/fbxd1av/vCPv//Soz/vfvOnaVrTeV13O45Su+ljz+KkRiPi6tsINgAjeXvGB50IryWJiM9ExFey+38mRrJPEwA4zVqtmWjNdJcBgNMuydbACkkxXwuYjiQpFttreB/EVFKtN5rnb9W31ifba2WzMZbcWq1W5vK1wtkYK6Tl+ez8ebm8r3wxIt6PiJ9NnMnKxaV6dXmQEx8AGGLv7Bv//zPRHv8BgFNuctAJAADHzvgPAMPH+A8Aw8f4DwDDx/gPAMPH+A8Aw8f4DwBD5fvXrqVHay///evl29tba/XbF5YrjbVibWupuFTf3Ciu1Osr2W/21F72etV6fWP+49i6U2pWGs1SY3vnRq2+td68kf2u943K2LG0CgB4kfc/fPCwEBG7l89kR3Tt5WCshtMtGXQCwMCMDDoBYGB67fbVq0/YPYZcgOPlOz7QY4ve/9P3nwjdP3ips7fIEaQFvEXnPm/9H4aV9X8YXtb/YXiNvuSLv/kBnF6tVsGe/wAwZKzxA0f59/8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAwLKazo5AU870+pyNJisWId9vVhVur1cpcRLwXEX+ZGJtIy/ODThoAeEPJ3wv5/l/nZj6a3l87Pvr8/Ce/uP7zO4vN5uZ8xHjhXxNZfUQ07+fXy8ebOQBwOJ1xujOOdzx9cnepcxxnPo+/3d5cNI27lx/tmtFoTz0mYywipv5diK6pSDZfGTmC+Lv3IuJz+9s/kkVIJ0Oz+c6n++Onj3j3KOP/Yf/7vz9+0h0/nXbFbL5mk74Xnz2CXGDYPEj7nyu9+r8kzmZ/9r7/J7Me6s11+r+9A/1f8qz/G+nT/509bIyP//S9vnX3Ir4w2it+4Vn8Qp/4Hx0y/l+/+Jtv9atr/TLiXPSO3x2r1KxtlBrbOxdWa4srlZXKerm8ML8wd+niJ+VStkZd6qxUH/SPy+ffe1H7p/rEn+zR/qQrp68dsv2/+u/NH335BfG/8dXen/8HPeJ3pGPi1w8Zf3Hqd323707jL/dp/8s+//OHjP/obzvLh3woAHAMGts7a4vVamXTyafm5MzJSKNz8vBkpPHKJ7/Ob4GTks8JOxlwxwS8dc9v+kFnAgAAAAAAAAAAAAAA9PNq/zGo9VrPGnATAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAOMX+FwAA//89v9uR")
llistxattr(0x0, 0x0, 0x0)
r11 = openat$procfs(0xffffffffffffff9c, &(0x7f0000001600)='/proc/slabinfo\x00', 0x0, 0x0)
r12 = socket$inet(0x2, 0x3, 0xda)
setsockopt$EBT_SO_SET_ENTRIES(r12, 0x0, 0x80, &(0x7f00000000c0)=@broute={'broute\x00', 0x9000, 0x0, 0x90, [], 0x0, 0x0, &(0x7f00000001c0)=[{0x0, '\x00', 0x0, 0x0, 0xf9ffff00}, {0xff000000}, {}]}, 0x108)
read$FUSE(r11, &(0x7f0000006140)={0x2020}, 0x2020)

8.34976774s ago: executing program 1 (id=472):
prctl$PR_SET_NO_NEW_PRIVS(0x26, 0x1)
openat(0xffffffffffffff9c, &(0x7f0000000080)='./file0\x00', 0x20040, 0x0)
syz_usb_connect$uac1(0x0, 0x0, 0x0, 0x0)
syz_usb_control_io$uac1(0xffffffffffffffff, 0x0, 0x0)
pipe(0x0)
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=@base={0x16, 0x0, 0x4, 0x3, 0x0, 0x1, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b704000000000000850000005700000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000008000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000058"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000f40)={&(0x7f0000000f00)='kfree\x00', r1}, 0x10)
syz_usb_control_io$hid(0xffffffffffffffff, 0x0, 0x0)
syz_usb_control_io$hid(0xffffffffffffffff, 0x0, 0x0)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r2, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="2c0000003a000b0000000000000000000400000006000000140001800600060088480000080016"], 0x2c}}, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
mmap(&(0x7f0000001000/0xc00000)=nil, 0xc00000, 0x0, 0x3032, 0xffffffffffffffff, 0x0)
r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000280)={0x18, 0x5, &(0x7f0000000040)=ANY=[@ANYBLOB="180100002100000000000000000000008500000075000000a50000002300000095"], &(0x7f00000000c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000100)={&(0x7f00000001c0)='mmap_lock_acquire_returned\x00', r3}, 0x10)
futex(&(0x7f0000000000), 0x8c, 0x1, 0x0, 0x0, 0x0)
bpf$BPF_GET_PROG_INFO(0xf, &(0x7f00000008c0)={r1, 0xe0, &(0x7f00000007c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, &(0x7f0000000400)=[0x0, 0x0, 0x0, 0x0], ""/16, 0x0, 0x0, 0x0, 0x0, 0x5, 0xa, &(0x7f00000005c0)=[0x0, 0x0, 0x0, 0x0, 0x0], &(0x7f0000000600)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0], 0x0, 0xa4, &(0x7f00000006c0)=[{}], 0x8, 0x10, &(0x7f0000000700), &(0x7f0000000740), 0x8, 0x93, 0x8, 0x8, &(0x7f0000000780)}}, 0x10)
r4 = socket$inet6_tcp(0xa, 0x1, 0x0)
r5 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$TIOCSETD(r5, 0x5423, &(0x7f00000000c0)=0xf)
ioctl$TCFLSH(r5, 0x400455c8, 0x0)
ioctl$sock_bt_hci(0xffffffffffffffff, 0x400448ca, 0x0)
syz_clone(0x204180, &(0x7f0000000340)="9b96078ec5ef15040c9b7de98ba0be273548b274e280163898bf66837a6f48a6c90955ec36b26a8de20c7d0ed4adbff2ee1e902b31615b15a9acd9b9ca1c236e22725685496231d35f557ea043b14a70628a468c217252b2d277565aa4f7682d9f6ecd30ef9748c5eb77d328f487bb02bbe7170283f78f65ea8ff195b9f6b518bdb671a897684b9869b651457205ed631828236479a24318a71e3a5376b04c09e0be841050847bf5e4a3d7f7574d1d5070820c5c5dcecebaf113bb179f", 0xbd, &(0x7f0000000180), &(0x7f0000000200), &(0x7f00000004c0)="7628a8d99f676365a0515bb909c273cc32194f2c24f1cc5f188abdb2b62e5d3cd54d8c932a244165071778d8a827baf0c67abb25000025eb69479f7cbe92873070d2a15e61e7f959c6bc7f1f0bb8997575eaf3a47f9d52387c3d40fcba6f77820b763ea4b6f9268426d6fd720eb3ad4c1f97c36dc8fb1e66cd2dce5e5303f2a2cab9402dfc1c93b7e049e981cae76924bf7cb84c900316d3cb35b29d6a2d56b7a1c9d1fe126364bd4586f823093bee998d903f82f508d2369f5410ee7741a8c44faebb42fa89ae9b6c0229741451ec67a450bc8c20031400dd8b113db310fa1717af1f7ee46bc3f292d5a8576b709dd68a")
close_range(r4, 0xffffffffffffffff, 0x0)

8.206648095s ago: executing program 0 (id=473):
r0 = socket$igmp6(0xa, 0x3, 0x2)
setsockopt$IP6T_SO_SET_REPLACE(r0, 0x29, 0x40, &(0x7f0000000b00)=@raw={'raw\x00', 0x8, 0x3, 0x428, 0xd0, 0xffffffff, 0xffffffff, 0x0, 0xffffffff, 0x358, 0xffffffff, 0xffffffff, 0x358, 0xffffffff, 0x3, 0x0, {[{{@ipv6={@private0, @mcast2, [], [], 'veth0_macvtap\x00', 'dvmrp1\x00'}, 0x0, 0xa8, 0xd0}, @common=@unspec=@NFQUEUE0={0x28}}, {{@ipv6={@remote, @ipv4={'\x00', '\xff\xff', @dev}, [], [], 'wg1\x00', 'gre0\x00'}, 0x0, 0x258, 0x288, 0x0, {}, [@common=@inet=@hashlimit1={{0x58}, {'pim6reg\x00', {0x0, 0x0, 0x5, 0x0, 0x0, 0x7, 0x3ff}}}, @common=@inet=@hashlimit3={{0x158}, {'wg1\x00', {0x3, 0x0, 0x41, 0x0, 0x0, 0x1000, 0x6, 0x3}}}]}, @common=@unspec=@CONNMARK={0x30}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28, '\x00', 0x7}}}}, 0x488)
r1 = openat$ipvs(0xffffffffffffff9c, &(0x7f0000000380)='/proc/sys/net/ipv4/vs/sync_threshold\x00', 0x2, 0x0)
io_uring_enter(r1, 0x4269, 0x2ffe, 0x1d, &(0x7f00000000c0)={[0x2]}, 0x8)
read$eventfd(r1, 0x0, 0x0)
ioctl$TIOCSETD(r1, 0x5423, &(0x7f0000000080)=0xf)
r2 = openat$sequencer(0xffffffffffffff9c, &(0x7f0000000200), 0x0, 0x0)
ioctl$SNDCTL_SEQ_OUTOFBAND(r2, 0x40085112, &(0x7f0000000140)=@e={0xff, 0xa, 0x0, 0x0, @SEQ_CONTROLLER=0xfe, 0x4d})
ioctl$TUNSETLINK(0xffffffffffffffff, 0x400454cd, 0x301)
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000040)='./cgroup.net/syz0\x00', 0x1ff)
r3 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000040), 0x200002, 0x0)
r4 = openat$cgroup_devices(r3, &(0x7f0000000000)='devices.allow\x00', 0x2, 0x0)
write$cgroup_devices(r4, &(0x7f0000000140)=ANY=[@ANYBLOB='b *:4\t\nm'], 0xa)
syz_emit_ethernet(0x152, &(0x7f0000000200)={@local, @empty, @void, {@ipv6={0x86dd, @udp={0x0, 0x6, "5a8874", 0x11c, 0x88, 0x0, @private2, @mcast2, {[@srh={0x21, 0x8, 0x4, 0x4, 0x6, 0x4, 0x9, [@ipv4={'\x00', '\xff\xff', @initdev={0xac, 0x1e, 0x1, 0x0}}, @mcast1, @remote, @private2={0xfc, 0x2, '\x00', 0x1}]}, @routing={0xd8, 0x6, 0x2, 0x3, 0x0, [@ipv4={'\x00', '\xff\xff', @rand_addr=0x64010102}, @private1, @empty]}], {0x0, 0x0, 0x9c, 0x0, @wg=@initiation={0x1, 0x0, "1102a8887a2c9305895b8cb59331cdffdf8e04142a112e9e8a24dbc3ec49d3a4", "2db6a193bcc7961b3d7ffdd654edbf06b88768a543517e85683cba3eacfc34c915f14e6909b49f9237345255b67d8e45", "381da35b3b5c874ffc044f7e6bdb47fd7e6379a64c0cc354322238af", {"a263753d250cfb21bd9221640229f7d3", "432c3aac2290feba17bfa3643cdcbbfd"}}}}}}}}, 0x0)
r5 = socket$inet6(0xa, 0x2, 0x0)
setxattr$incfs_metadata(&(0x7f0000000100)='./file0\x00', &(0x7f0000000180), &(0x7f00000001c0)="e26b3701a2f1c79d63f512e38f0c27ab99a891da3f6e9959c2d9054510cfa99f6da1ff175b51d640ee047b6a", 0x2c, 0x5)
setsockopt$sock_int(r5, 0x1, 0x2d, &(0x7f0000000000), 0x4)

7.546862748s ago: executing program 3 (id=474):
r0 = syz_mount_image$ext4(&(0x7f00000000c0)='ext4\x00', &(0x7f0000000480)='./file1\x00', 0x18000, &(0x7f00000004c0)={[{@init_itable_val={'init_itable', 0x3d, 0x4}}, {@errors_remount}]}, 0x1, 0x597, &(0x7f00000005c0)="$eJzs3U9oHNUfAPDvzCbNr21+pgUFlR6KChVKN0n/aPWUXsVCoQfBSwybbQjZZGN2U5vQQ3ovYkFR6aXeFPSoiHgQLx69elE8C6JFpelBVia7m7ZJNm7SJlu7nw/Mdt682f1+X2ffmz+ZYQPoWoezlzTiqYg4l0QM3FXXE43Kw/X1lm9eLtzuiUIStdr535JIIuLWzcuF5vpJ49/9EbEUEU9GxLe9EUfT9XErC4tTY6VSca5RHqxOzw5WFhaPTU6PTRQnijMnXnzp1OmTp4aPD69mcr+u/nTt7avfv3Lj2iefHVoqvDeWxEj0N+rubseDVP8/6Y2RNctP7kSwDko6nQDbkmv0rt6IeCIGIveA+hrw8Kv1RdSALpVsuf/vDWMGPAqaxwHZ+W9zuucAYWlnjz9+PVM/AcniLjemek1P/dpE/G/l3GTfH8k9ZybZ+eaBnU2NLrB0JSKGenrWf/+Txvdv+4YeRILsqG/O1DfU+u2fZtv/zU8b660df/qb107vU3P8W143/qWr41+uxfh3rs0Yf7/+84ct41+JeHrD+Mlq/GSD+GlEvNFm/OuvfXm6VV3to4gjsXH8pmTz68ODFyZLxaH664Yxvj5y6OXN2r+vRfyRTdqfLZtts/1ffPf5M612o1n855/dfPtvFD87Bn+nzfgHb338aqu6LP54i/ZvFj9bdqPN+C+MHP6xzVUBAAAAAAAAAIAtSFfuZUvS/Op8mubz9Wd4H499aalcqR69UJ6fGa/f83YgetPmnVYD9XKSlYcb9+M2y8fXlE9ExMGIeDe3d6WcL5RL451uPAAAAAAAAAAAAAAAAAAAADwk9q95/v/PXP35f6BL+Mlv6F7b7f/GDfjvu7cfJx3LA9h99uPQvfR/6F6t+v/tr3Y5EWDXtdz/9+5uHsDuc/wP3Uv/h+612v9r/vYH3cb+HwAAAAAAAAAAAAAAAAAAAAAAAAAAdsS5s2ezqXb75uVCVh6/uDA/Vb54bLxYmcpPzxfyhfLcbH6iXJ4oFfOF8vS/fV6pXJ4dipn5S4PVYqU6WFlYHJ0uz89URyenxyaKo0W/KAIAAAAAAAAAAAAAAAAAAADr9a9MSZqPiHRlPk3z+Yj/R8SB6E0uTJaKQxHxWET8kOvty8rDnU4aAAAAAAAAAAAAAAAAAAAAHjGVhcWpsVKpOLf5TNrGOo/eTEQsrVmytc8Z/Wv3cs6S3dbbk6X7ip5EpzeTmR368gMAAAAAAAAAAAAAAAAAALvqzkO/W3zjlR1KCAAAAAAAAAAAAAAAAAAAALpS+kv2mkTEkYHn+tfW7kmWcxF9sSci3rp+/v1LY9Xq3HC2/PfcSn1EVD9oLD/eifyBNi3X6qLZjwEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIA7KguLU2OlUnFumzN9bXxOh5sIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAsC3/BAAA//+SBtgH")
sendfile(r0, r0, &(0x7f0000000000)=0x1, 0x7)
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0xc0902, 0x0)
ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='net_prio.prioidx\x00', 0x275a, 0x0)
write$binfmt_script(r2, &(0x7f0000000040), 0xfea7)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1, 0x10012, r2, 0x0)
ioctl$KVM_PRE_FAULT_MEMORY(0xffffffffffffffff, 0xc040aed5, &(0x7f0000000180)={0x8000000, 0x10000})

6.931863275s ago: executing program 2 (id=475):
syz_mount_image$vfat(&(0x7f00000000c0), &(0x7f0000000080)='./file1\x00', 0x200000a, &(0x7f0000001080)=ANY=[], 0xfc, 0x2b5, &(0x7f0000000480)="$eJzs3U9rK1UUAPAz+dc8XSSIG0VwQBeuyqtbN43yBLErJYK6MfhakKQUWghYwdpVP4FL8Wu4defabyC4Fdy1i8rIZGaaxCZttP/A/n6b3t57z52TOUOyyskXr+0On+8lcXz6W7TbSdQ2YzPOkuhGLSrfRSMAgP+PsyyLP7OIaBb/JytHNmp3lxUAcJeKz//CQ+cCANyPjz/97MPe1tazj9K0Ha90Tsb9JCJ2T8b9Yr23E1/FKLbjaXTiPCK7UIzf/2DrWTTSXDfe3D0a98dz5/f+iCeT+I3oRHdx/EZaKOP7EfnfZrwQafR2mtVRnXh5cfzbC+Kj34q33pjJfz068euXsRejeB557DT+2400fS/7/vSbz/PL5PFJLfprk31TWf1+KgIAAAAAAAAAAAAAAAAAAAAAwGOwnqZJ0b5n0r8nnyr779TPJ+vraaU735+niL/oF1z0B8qibNFzlMUPVX+dp2maZuXGaXwjXm34YQEAAAAAAAAAAAAAAAAAAADIHXx9OByMRtv7Nx7Uh4NR1Q2g+lr/fz1wc2bm9TgcDurLD1xb/Vqz3QbyXK/cHI1G3MJtuX4QPz/J81my58cy339/8tq0uJ+U4VVhbvVVvPTuRYZpuVTd5OEgue5a7apwP80utWLlNJJkbmZS29H2fjZ5JM6z+Zq2l9zM1i3cjfwZbb24cOmvLMtWO+ed34salTPJpMXGamk0y8HSp6V9uRa/LD9w6VtG/abvOQAAAAAAAAAAAAAAAAAAwGLzX5z+h+MrQ2t3lhQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA3LPp7/9Xg3ZEzM9cGhyVwVftKQet2D944JcIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADAI/B3AAAA//+VpEaB")
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='memory.events\x00', 0x26e1, 0x0)
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='memory.events\x00', 0x7a05, 0x1700)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='memory.events\x00', 0x275a, 0x0)
write$binfmt_script(r1, &(0x7f0000000100), 0xfecc)
syz_mount_image$exfat(&(0x7f0000000400), &(0x7f0000000240)='./file0\x00', 0x2000084c, &(0x7f0000000080)=ANY=[@ANYBLOB='umask=00000000000000000000011,discard,dmask=00000000000000000000007,uid=', @ANYRESHEX=0x0, @ANYBLOB=',dmask=00000000000000000000152,fmask=00000000000000000000006,gid=', @ANYRESHEX=0x0, @ANYBLOB=',uid=', @ANYRESHEX=0xee00, @ANYBLOB="2c646973636172642c00ce6fb92f3b6892859719d513fb2b724d78e448737550f435f5dc50947a837ac494c7c5eb9c5beb42ea5f0d0f93cd17bbcd11398e4f3de48c458ac42a36d259c1947b981eec266c1568a7b1911a194200b826832913e757be58730ef2d7f818c529bc84bb566eff9e"], 0x81, 0x14f4, &(0x7f0000001580)="$eJzs3AuYzlXXMPC99t5/xjTpbpLDsNdef+402CZJckjIIUmSJMkpIWmSJCEx5JQ0JCHHSXIYQnJqTBrn8yHn0OSRJklyyins79LzvK/neXvet+/9nr7P9b2zfte1r9lr/vda996z5pr/4Zrr/rH7iDrN6tZsQkTiXwJ//ZIihIgRQgwRQtwkhAiEEBXiK8RfPZ5PQcq/9ibsz/V4+vVeAbueuP+5G/c/d+P+527c/9yN+5+7cf9zN+5/7sb9Zyw32zaryM08cu/g5/+5GZ///wfJKTvx2w1lb+3x30jh/udu3P/cjfufu3H/czfuf+7G/f+fr8Z/cYz7n7tx/xnLza7382ce13dc798/xhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGO5w3l/jRZC/Nv8eq+LMcYYY4wxxhhjfx6f93qvgDHGGGOMMcYYY//3gZBCCS0CkUfkFTEin4gVN4g4caPIL24SEXGziBe3iALiVlFQFBKFRRGRIIqKYsIIFFaQCEVxUUJExW2ipLhdJIpSorQoI5woK5LEHaKcuFOUF3eJCuJuUVHcIyqJyqKKqCruFdXEfaK6qCFqivtFLVFb1BF1xQOinnhQ1BcPiQbiYdFQPCIaiUdFY/GYaCIeF03FE6KZeFI0F0+JFqKlaCVaizb/R/mvid7iddFH9BUpop/oL94QA8RAMUgMFkPEm2KoeEsME2+LVDFcjBDviJHiXTFKvCdGizFirHhfjBPjxQQxUUwSk0Wa+EBMER+KqeIjMU1MFzPETJEuZonZ4mMxR8wV88QnYr74VCwQC8UisVgsEZ+JDLFUZIrPxTLxhcgSy8UKsVKsEqvFGrFWrBPrxQaxUWwSm8UWsVVsE1+K7WKH2Cl2id1ij9grvhL7xH5xQHwtssU3/838c/8hvwcIECBBggYNeSAPxEAMxEIsxEEc5If8EIEIxEM8FIACUBAKQmEoDAmQAMWgGCAgEBAUh+IQhSiUhJKQCIlQGkqDAwdJkATl4E4oD+WhAlSAilARKkFlqAxVoSpUg2pQHapDTagJtaAW1IE68AA8AA9CfagPDaABNISG0AgaQWNoDE2gCTSFptAMmkFzaA4toAW0glbQBtpAW2gL7aAddIAO0BE6QifoBMmQDJ2hM3SBLtAVukI36AbdoTv0gJ7QE16D1+B1eB36Qi3ZD/pDfxgAA2AQDIbB8CYMhbfgLXgbUmE4jIB34B14F0bBWRgNY2AsjIVqcjxMgIlAcjKkQRpMgSkwFabCNJgO02EmpMMsmA2zYQ7MhbnwCcyHT+FTWAgLYTEsgSWQAUshEzJhGZyDLFgOK2AlrILVsArWwjpYCxtgI2yAzbAZtsJW+BK+hB2wA3bBLtgDe+Ar+Ar2w35IhWzIhoNwEA7BITgMhyEHcuAIHIGjcBSOwTE4DsfhBJyEU3ASzsAZOAvn4Dych4twES7BKwnfN91Tan2qkFdpqWUemUfGyBgZK2NlnIyT+WV+GZERGS/jZQFZQBaUBWVhWVgmyARZTBaTKFGSDGVxWVxGZVSWlCVlokyUpWVp6aSTSTJJlpPlZHlZXlaQd8uK8h5ZSVaW7V1VWVVWkx1cdVlD1pQ1ZS1ZW9aRdWVdWU/Wk/VlfdlANpANZUPZSD4qG8t+MAgel1c700wOh+ZyBLSQLWUr2Vq+C0/LtnIUtJPtZQf5rBwDo6GTbOuS5Quys5wAXeRLciK8LLvJydBdvip7yJ6yl3xN9pbtXB/ZV06DfrK/nAkD5EA5SA6Wc6C2vNqxOvJtmSqHyxHyHbkY3pWj5HtytBwjx8r35Tg5Xk6QE+UkOVmmyQ/kFPmhnCo/ktPkdDlDzpTpcpacLT+Wc+RcOU9+IufLT+UCuVAukovlEvmZzJBLZab8XC6TX8gsuVyukCvlKrlarpFr5Tq5Xm6QG+UmuVlukVvlNvml3C53yJ1yl9wt98i98iu5T+6XB+TXMlt+Iw/Kv8hD8lt5WH4nc+T38oj8QR6VP8pj8id5XP4sT8iT8pQ8Lc/IX+RZeU6elxfkRfmrvCQvyyvSS6FASaWUVoHKo/KqGJVPxaobVJy6UeVXN6mIulnFq1tUAXWrKqgKqcKqiEpQRVUxZRQqq0iFqrgqoaLqNlVS3a4SVSlVWpVRTpVVSeoOVU7dqcqru1QFdbeqqO5RlVRlVUVVVfeqauo+VV3VUDXV/aqWqq3qqLrqAVVPPajqq4dUA/WwaqgeUY3Uo6qxekw1UY+rpuoJ1Uw9qZqrp1QL1VK1Uq1VG/W0aqueUe1Ue9VBPas6qudUJ/W8SlYvqM7qRdVFvaS6qpdVN/WK6q5eVT1UT9VLXVZXlFd9VF+Vovqp/uoNNUANVIPUYDVEvamGqrfUMPW2SlXD1Qj1jhqp3lWj1HtqtBqjxqr31Tg1Xk1QE9UkNVmlqQ/UFPWhmqo+UtPUdDVDzVTpapYa9LdK8/438j/8J/nDfnv3rWqb+lJtVzvUTrVL7VZ71F61V+1T+9QBdUBlq2x1UB1Uh9QhdVgdVjkqRx1RR9RRdVQdU8fUcXVcnVAn1QV1Wp1Rv6iz6pw6py6oi+qiuvS3n4HQoKVWWutA59F5dYzOp2P1DTpO36jz65t0RN+s4/UtuoC+VRfUhXRhXUQn6KK6mDYatdWkQ11cl9BRfZsuqW/XibqULq3LaKfL6iR9x7+c/0fra6Pb6La6rW6n2+kOuoPuqDvqTrqTTtbJurPurLvoLrqr7qq76W66u+6ue+geupfupXvr3rqP7qNTdIrur9/QA/RAPUgP1kP0m3qoHqqH6WE6VafqEXqEHqlH6lF6lB6tR+uxeqwep8fpCXqCnqQn6TSdpqfoKXqqnqqn6Wl6hp6h03W6nq1n6zl6jp6n5+n5er5eoP2Vv/5n5RKdoTN0ps7Uy/QynaWX6+V6pV6pV+vVeq1eq9fr9Xqj3qg36806S2/T2/R2vV3v1Dv1br1b79V79T69Tx/QB3S2ztYH9UF9SB/Sh/VhnaNz9BF9RB/VR/UxfUwf18f1CX1Cn9Kn9Bl9Rp/VZ/V5fV5f1Bf1JX1JX9FXrl72BTKQgQ50kCfIE8QEMUFsEBvEBXFB/iB/EAkiQXwQHxQIbg0KBoWCwkGRICEoGhQLTICBDSgIg+JBiSAa3BaUDG4PEoNSQemgTOCCskFScEdQLrgzKB/cFVQI7g4qBvcElYLKQZWganBvUC24L6ge1AhqBvcHtYLaQZ2gbvBAUC94MKgfPBQ0CB4OGgaPBI2CR4PGwWNBk+DxoGnwRNAseDJoHjwVtAhaBq2C1kGbP7W+92cLPeP6mL4mxfQz/c0bZoAZaAaZwWaIedMMNW+ZYeZtk2qGmxHmHTPSvGtGmffMaDPGjDXvm3FmvJlgJppJZrJJMx+YKeZDM9V8ZKaZ6WaGmWnSzSwz23xs5pi5Zp75xMw3n5oFZqFZZBabJeYzk2GWmkzzuVlmvjBZZrlZYVaaVWa1WWPWmnVmvdlgNppNZrPZYraabeZLs93sMDvNLrPb7DF7zVdmn9lvDpivTbb5xhw0fzGHzLfmsPnO5JjvzRHzgzlqfjTHzE/muPnZnDAnzSlz2pwxv5iz5pw5by6Yi+ZXc8lcNleMv3pxf/X0jho15sE8GIMxGIuxGIdxmB/zYwQjGI/xWAALYEEsiIWxMCZgAhbDYngVIWFxLI5RjGJJLImJmIilsTQ6dJiESVgOy2F5LI8VsAJWxIpYCSthFayC9+K9eB/ehzWwBt6P92NtrI11sS7Ww3pYH+tjA2yADbEhNsJG2BgbYxNsgk2xKTbDZtgcm2MLbIGtsBW2wTbYFttiO2yHHbADdsSO2Ak7YTImY2fsjF2wC3bFrtgNu2F37I49sAf2wl7YG3tjH+yDKZiC/bE/DsABOAgH4RAcgkNxKA7DYZiKqTgCR+BIHImjcBSOxjE4Ft/HcTgeJ+BEnISTMQ3TcApOwak4FafhNJyBMzAd03E2zsY5OAfn4Tycj/NxAS7ARbgIl+ASzMAMzMRMXIbLMAuzcAWuwFW4CtfgGlyH63ADbsBNuAm34BbchttwO27HnbgTd+Nu3It7cR/uwwN4ALMxGw/iQTyEh/AwHsYczMEjeASP4lE8hsfwOB7HE3gCT+EpPINn8CyexfN4Hi/ir3gJL+MV9BhjpYi1N9g4e6PNb2+yMTaf/fu4sC1iE2xRW8waW9AW+ocYrbWJtpQtbctYZ8vaJHvH7+JKtrKtYqvae201e5+t/ru4nn3Q1rcP2Qb2YVvXPvAPcUP7iG1kn7SN7VO2iW1pm9rWtpl90ja3T9kWtqVtZVvbjvY528k+b5PtC7azffF3cYZdatfZ9XaD3Wj32f32vL1gj9of7UX7q+1j+9oh9k071L5lh9m3baod/rt4rH3fjrPj7QQ70U6yk38Xz7AzbbqdZWfbj+0cO/d38RL7mZ1vM+0Cu9Ausot/i6+uKdN+bpfZL2yWXW5X2JV2lV1t19i1/77WlXaz3WK32r32K7vd7rA77S672+75Lb66jwP2a5ttv7FH7A/2kP3WHrbHbI79/rf46v6O2Z/scfuzPWFP2lP2tD1jf7Fn7bnf9n9176ftZXvFeisISJIiTQHlobwUQ/kolm6gOLqR8tNNFKGbKZ5uoQJ0KxWkQlSYilACFaViZAjJElFIxakERek2Kkm3UyKVotJUhhyVpSS6g8rRnVSe7qIKdDdVpHuoElWmKlSV7qVqdB9VpxpUk+6nWlSb6lBdeoDq0YNUnx6iBvQwNaRHqBE9So3pMWpCj1NTeoKa0ZPUnJ6iFtSSWlFrakNPU1t6htpRe+pAz1JHeo460fOUTC9QZ3qRutBL1JVepm70CnWnV6kH9aRe9Br1ptepD/WlFOpH/ekNGkADaRANpiH0Jg2lt2gYvU2pNJxG0Ds0kt6lUfQejaYxNJbep3E0nibQRJpEkymNPqAp9CFNpY9oGk2nGTST0mkWzaaPaQ7NpXn0Cc2nT2kBLaRFtJiW0GeUQUspkz6nZfQFZdFyWkEraRWtpjW0ltbRetpAG2kTbaYttJW20Ze0nXbQTtpFu2kP7aWvaB/tpwP0NWXTN3SQ/kKH6Fs6TN9RDn1PR+gHOko/0jH6iY7Tz3SCTtIpOk1n6Bc6S+foPF2gi/QrXaLLdIU8iRBCGapQh0GYJ8wbxoT5wtjwhjAuvDHMH94URsKbw/jwlrBAeGtYMCwUFg6LhAlh0bBYaEIMbUhhGBYPS4TR8LawZHh7mBiWCkuHZUIXlg2TwjvCcuGdYfnwrrBCeHdYMbwnrBRWDp98uGp4b1gtvC+sHtYIa4b3h7XC2mGdsG74QFgvfDCsHz4UNggfDsuHj4SNwkfDxuFjYZPw8bBp+ETYLHwybB4+FbYIW4atwtZhm/DpsG34TNgubB92CJ8NO4bPhZ3C58Pk8IWwc/jiHx5PCfuF/cM3wjdC7x9Si6KLo0uin0UzokujmdHPo8uiX0SzosujK6Iro6uiq6Nromuj66LroxuiG6ObopujW6Jbo97XzSscOOmU0y5weVxeF+PyuVh3g4tzN7r87iYXcTe7eHeLK+BudQVdIVfYFXEJrqgr5oxDZx250BV3JVzU3eZKuttdoivlSrsyzrmyLsm1dm1cG9fWPePaufaug3vWPeuec8+5593z7gXX2b3ouriXXFf3suvmXnGvuFddD9fT9XKvud7uddfH9XUpLsX1d/3dADfADXKD3BA3xA11Q90wN8ylulQ3wo1wI91IN8qNcqPdaDfWjXXj3Dg3wU1wk9wkl+bS3BQ3xU11U900N83NcDNcukt3s91sN8fNcfPcPDc/cb5b4Ba4RW6RW+KWuAyX4TJdplvmlrksl+VWuBVulVvl1rg1bp1b5za4DW6T2+S2uC1um9vmtrvtbqfb6Xa73W6v2+v2uX3ugDvgsl22O+gOukPukDvsvnM57nt3xP3gjrof3TH3kzvufnYn3El3yp12Z9wv7qw75867C+6i+9VdcpfdFeddWuSDyJTIh5GpkY8i0yLTIzMiMyPpkVmR2ZGPI3MicyPzIp9E5kc+jSyILIwsiiyOLIl8FsmILI1kRj6PLIt8EcmKLI+siKyMrIqsjnhfdHvoi/sSPupv8yX97T7Rl/KlfRnvfFmf5O/w5fydvry/y1fwd/uK/h5fyVf2VfxTvoVv6Vv51r6Nf9q39c/4dr697+Cf9R39c76Tf94n+xd8Z/+i7+Jf8l39y76bf8V396/6Hr6n7+Vf8739676P7+tTfD/f37/hB/iBfpAf7If4N/1Q/5Yf5t/2qX64H+Hf8SP9u36Uf8+P9mP8WP++H+fH+wl+op/kJ/s0/4Gf4j/0U/1Hfpqf7mf4mT7dz/Kz/cd+jp/r5/lP/Hz/qV/gF/pFfrFf4j/zGX6pz/Sf+2X+C5/ll/sVfqVf5Vf7NX6tX+fX+w1+o9/kN/stfqvf5r/02/0Ov9Pv8rv9Hr/Xf+X3+f3+gP/aZ/tv/EH/F3/If+sP++98jv/eH/E/+KP+R3/M/+SP+5/9CX/Sn/Kn/Rn/iz/rz/nz/oK/6H/1l/zl326urveTdMYYY4yx/x+oPzje7598T/5tXNVfCHHjjiI5/7HmpoJ/nQ+UCR0jQogX+nZ//N9GrVopKSl/e22WEkGJhUKIyLX8POJavFx0EM+JZNFelPun6xsoe16kP6gfvVuI2L/LiRHX4mv17/xP6j/97NiMiuH5+P+i/kIhEktcy8knrsXX6pf/T+oXavsH68/3bZoQ7f4uJ05ci6/VTxLPiBdF8j+8kjHGGGOMMcYY+6uBskrXP7p/vnp/nqCv5eQV1+I/uj9njDHGGGOMMcbY9fdyz17PP52c3L4rT3jCE578++R6/2VijDHGGGOM/dmuXfRf75UwxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGO51/+LjxO73ntkjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGrrf/FQAA///2NUFC")
write$cgroup_int(r0, &(0x7f0000000200)=0x2200000000000000, 0xf000)

6.287584118s ago: executing program 0 (id=476):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000100)={0x18, 0x4, &(0x7f0000000400)=ANY=[@ANYBLOB="dc010000200000001800000000000000000000000000000095"], &(0x7f00000001c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x6, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000007c0)={&(0x7f0000000500)='netlink_extack\x00', r0}, 0x10)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000300)=@newtaction={0xe94, 0x30, 0x25, 0x0, 0x0, {}, [{0xe80, 0x1, [@m_pedit={0xe7c, 0x1, 0x0, 0x0, {{0xa}, {0xe50, 0x2, 0x0, 0x1, [@TCA_PEDIT_KEYS_EX={0x2c, 0x5, 0x0, 0x1, [{0x14, 0x6, 0x0, 0x1, [@TCA_PEDIT_KEY_EX_CMD={0x6}, @TCA_PEDIT_KEY_EX_HTYPE={0x6, 0x1, 0xffff}]}, {0x14, 0x6, 0x0, 0x1, [@TCA_PEDIT_KEY_EX_HTYPE={0x6}, @TCA_PEDIT_KEY_EX_CMD={0x6, 0x2, 0x1}]}]}, @TCA_PEDIT_PARMS_EX={0xe20, 0x4, {{{}, 0x2}, [{}, {}, {}, {}, {}, {}, {}, {0x0, 0x800}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {0x0, 0x0, 0x0, 0xa9}, {}, {0x10}, {}, {}, {}, {}, {0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffff}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {0x0, 0x0, 0x800000}, {}, {}, {0x0, 0x0, 0x0, 0x0, 0xfffffffe}, {}, {}, {}, {}, {0x0, 0x0, 0x20000000}, {}, {}, {}, {0x0, 0x0, 0x0, 0x0, 0x4}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x7}, {}, {}, {}, {}, {}, {}, {}, {0x0, 0x0, 0x0, 0x0, 0x1}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {0x0, 0x0, 0x0, 0x0, 0xfffffffe}, {}, {0x0, 0x0, 0x7}, {}, {}, {}, {}, {0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffd}, {0x0, 0x0, 0x0, 0x0, 0x2}, {0x0, 0x1}, {}, {0x8}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {0x0, 0x8}], [{}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {0x0, 0x1}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {0x0, 0x1}, {}, {}, {}, {}, {0x5}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {0x2}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {0x4}]}}]}, {0x4}, {0xc}, {0xc, 0x8, {0x0, 0x2}}}}]}]}, 0xe94}}, 0x0)

5.463889263s ago: executing program 3 (id=477):
ioctl$AUTOFS_DEV_IOCTL_FAIL(0xffffffffffffffff, 0xc0189377, &(0x7f0000000040)={{0x1, 0x1, 0x18, <r0=>0xffffffffffffffff, {0x26, 0x2000000}}, './file0\x00'})
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f00000000c0), 0xffffffffffffffff)
sendmsg$NL80211_CMD_START_P2P_DEVICE(r0, &(0x7f0000000880)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x80000}, 0xc, &(0x7f0000000840)={&(0x7f0000000100)=ANY=[@ANYBLOB="00020000", @ANYRES16=r1, @ANYBLOB="00022bbd7000fedbdf25590000000c0099000900000010000000"], 0x20}, 0x1, 0x0, 0x0, 0x10}, 0x8840)
r2 = syz_io_uring_setup(0x95, &(0x7f0000000140), &(0x7f0000000240)=<r3=>0x0, &(0x7f0000000100)=<r4=>0x0)
getsockname$packet(r0, &(0x7f0000000940)={0x11, 0x0, <r5=>0x0}, &(0x7f0000000ac0)=0x14)
bpf$BPF_GET_BTF_INFO(0xf, &(0x7f0000000d00)={r0, 0x20, &(0x7f0000000cc0)={&(0x7f0000000b80)=""/151, 0x97, <r6=>0x0, &(0x7f0000000c40)=""/100, 0x64}}, 0x10)
r7 = bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f0000000d40)={0x0, 0xc33, 0x8}, 0xc)
bpf$PROG_LOAD(0x5, &(0x7f0000000e00)={0xc, 0x3, &(0x7f00000008c0)=@raw=[@generic={0xff, 0x7, 0x8, 0x8, 0x3}, @alu={0x4, 0x0, 0xc, 0x0, 0xa, 0xffffffffffffffff}, @ldst={0x2, 0x2, 0x5, 0x2, 0x2, 0xc, 0xffffffffffffffff}], &(0x7f0000000900)='syzkaller\x00', 0x7, 0x0, 0x0, 0x19e6319409a911d8, 0xa, '\x00', r5, @fallback=0x27, r0, 0x8, &(0x7f0000000b00)={0xa, 0x5}, 0x8, 0x10, &(0x7f0000000b40)={0x1, 0x2, 0x7fffffff, 0xfc8}, 0x10, r6, r0, 0x1, &(0x7f0000000d80)=[r0, r0, r7, r0, 0xffffffffffffffff, r0], &(0x7f0000000dc0)=[{0x1, 0x5, 0x6, 0x6}], 0x10, 0x80000000, @void, @value}, 0x94)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r3, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4)
syz_io_uring_submit(r3, r4, &(0x7f00000002c0)=@IORING_OP_OPENAT2={0x1c, 0x0, 0x0, 0xffffffffffffff9c, &(0x7f00000004c0)={0x222002}, &(0x7f0000000500)='./file0\x00', 0x18})
io_uring_enter(r2, 0x47f6, 0x0, 0x0, 0x0, 0x0)
syz_mount_image$iso9660(&(0x7f0000000000), &(0x7f0000000800)='./file0\x00', 0x0, &(0x7f0000000980)={[{@check_strict}, {@block={'block', 0x3d, 0x200}, 0x0}, {}, {@session={'session', 0x3d, 0x2f}}, {@check_relaxed}, {@dmode={'dmode', 0x3d, 0x4000000000000cf}, 0x41}, {@session={'session', 0x3d, 0x38}}, {@unhide}, {@utf8}, {@gid}, {}, {@iocharset={'iocharset', 0x3d, 'iso8859-15'}}, {}], [{@flag='rw'}, {@hash}, {@pcr={'pcr', 0x3d, 0x21}}, {@fsmagic={'fsmagic', 0x3d, 0x4}}, {@obj_role={'obj_role', 0x3d, '{'}}, {@smackfstransmute={'smackfstransmute', 0x3d, '\\'}}]}, 0x2, 0x699, &(0x7f0000000140)="$eJzs3V9rG9n9x/HPyLIte3+E5dcSQsifk6QLDk2VkbxxMCl01dHInlbSiBm52FBY0o29hMjZNkmh8c3WN/0D2yfQu970og+i0Ot9Fr0pLSztXaE3KnNmJEvRv3ijOLvN+2V2NTrznTnfmaPoy9iaIwEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADle1XVLjupBc2fXTOZVo7AxZX26t0XdTBduzuxXcpL/VCjoQtp04Zsnq88n/7uuS+mzSyokDwUdvXP+3XvfyOd6209J6MvQaXf49PnRo/udzv6Tl4hd0Kl3/yYp11taycZkTNCW3wziMGhUtnwTxKHZ3Nhwb2/XYlML6n68F7f9hvEiP9cOI7Pm3TSlzc114xf3wp3mVrVS93uNd79Tdt0N84PldKAlFWNvO6jXg+aWjUlWJzF3zWc/TgP8SsOYg4ed/fVZR5IElV4mqDwrqOyWy6VSuVzauLN5567r5kca3ITj9mkkYu4vWnzNzOeNG5iDXFL//+pIdRXU1I52Zcb+eKoqUqjGhPWZXv1/77Y/td/B+t+r8hek72WrL8rW/yvpsyuT6v+EXIyM3WDcGmdC++l+Fm1GRk/1XEd6pPvqqKN9PZnDvo3M1bns5Qx+tuSrqUCxQgVqqGJbTNZitKkNbcjVh9pWTbGMagpUl69Ye4rVlm9fUZ4i+aqorVCRjNbk6aaMStrUptZl5KuoPYXaUVNbqqqif3e73QM9tOd9fUqO6gWVJgQsDwaVp+xpUv3/yafp6zSr/y71/22Vvg6W04fPp8UAXwHd7Pp/UG72ZldfX0YAAAAAAGDeHPvbd8f+7f6ypK5qQd1333RaAAAAAABgjhx1l3VJTnL9L+myHK7/AQAAAAD4X+PYe+wcSav2Q/3OyZ1QL/NLgIUzSBEAAAAAALwie+f/lSWpayetuCrnVNf/AAAAAADga+A3A3Ps53tz7HZ7f9bPSYpby86f/7msaNE5bu1+yzmsJGsqh1nMyCcA2rWLzrlsol77sCTJPvP8S07WWzYJZn/ewS8OZs3170QvJLC0MLiDCQk4Sc8b+eyZPtO1dJNr2TzzD45ysmvSXlZrQd0vemH9XkmVyrlc299t//zxw19IUf84Dx529osffdJ5YHM5TpqOD5OdfjqUTm78yTjJ5Zmdb8HeczHuiFdU63X522Zj1bH9ur3jX1DlMDfY0bQBOOnzV7qejtn11TR29ag/435y/IXk+EtFO2RDRx8tOidZlF488nEDMSGLgs3iRhpzY+2Gyn9Ll/ujkHMK316QysXRMRjKojyYxexz4fxr5FwMZGEfemsGzsV6ksVfkh1NyGL9dFmMjAgAvCkHuiz7LnRZdhLzfhUqZHW3Vx56b2pfqu7Mru4fDFf3Z7/vdu0GC1I++9vE1F4KSt7R1xxbh5bSQ8pfHPOO7mZ1paAJ7+juK1S3pK8/nXwHUpb2SBb/6Xa790q239+9UFX/MNTdSL9xvbyQnMLbzw5/aifAT3y8//H+43J5fcN933XvlLVoDyN7WBC1BwAwYvZ37MyMcN7XtTTi2oN/vJcuDVW8/+9/pKCoj/SJOnqgW72vELg6fq+rAx9DuJVetWrgqtWcf/ee/V664diSbk28qrO1dCC23I9dVG+T4Up9Erv+mkcBAICzdX1GHR5f/wtD9f+W1tKItYtjr7uHa3l2ddy/pJ8UW5qd/AfzPhsAALwd/OgLZ7X9ayeKgtaHpc3NUqW97Zso9H5ooqC65Zug2fYjb7vS3PJNKwrboRfWTSvSclD1YxPvtFph1Da1MDKtMA527Te/m+yr32O/UWm2Ay9u1f1K7BsvbLYrXttUg9gzrZ3v14N424/sxnHL94Ja4FXaQdg0cbgTeX7RmNj3BwKDqt9sB7UgWWyaVhQ0KtGe+VFY32n4purHXhS02mG6w15fQbMWRg2722K+O+7zAgAAvHWePj96dL/T2X/y4sJKcmmethxrQszowpKePk+uypOWfLaKOYIAAPiKOSngp9io8BoTAgAAAAAAAAAAAAAAAAAAAAAAI2bf0nfKhcVxNwtK/Zafncta9Eud3GI4sh9H807sNAu5027VuyXi6NHnU4JX+i290z8Yc3xmB/j3/5PesS1KW/Lz72tlyuC+joXvHqRndGJMsnLsquX+WOTn/88hWXj8xwmrut1ud/rmy8PncGnaAQ4v5CU9WXqFITj79yIAZ+u/AQAA//9b5DOa")
add_key(&(0x7f0000000040)='pkcs7_test\x00', 0x0, &(0x7f00000000c0)="100c060863e57fd1b9b242fa6a73", 0xe, 0xfffffffffffffffe)
r8 = openat$dir(0xffffffffffffff9c, &(0x7f0000000000)='.\x00', 0x0, 0x0)
getdents64(r8, &(0x7f0000000f80)=""/4096, 0x1000)
ioctl$AUTOFS_DEV_IOCTL_FAIL(0xffffffffffffffff, 0xc0189377, &(0x7f0000000040)={{0x1, 0x1, 0x18, 0xffffffffffffffff, {0x26, 0x2000000}}, './file0\x00'}) (async)
syz_genetlink_get_family_id$nl80211(&(0x7f00000000c0), 0xffffffffffffffff) (async)
sendmsg$NL80211_CMD_START_P2P_DEVICE(r0, &(0x7f0000000880)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x80000}, 0xc, &(0x7f0000000840)={&(0x7f0000000100)=ANY=[@ANYBLOB="00020000", @ANYRES16=r1, @ANYBLOB="00022bbd7000fedbdf25590000000c0099000900000010000000"], 0x20}, 0x1, 0x0, 0x0, 0x10}, 0x8840) (async)
syz_io_uring_setup(0x95, &(0x7f0000000140), &(0x7f0000000240), &(0x7f0000000100)) (async)
getsockname$packet(r0, &(0x7f0000000940), &(0x7f0000000ac0)=0x14) (async)
bpf$BPF_GET_BTF_INFO(0xf, &(0x7f0000000d00)={r0, 0x20, &(0x7f0000000cc0)={&(0x7f0000000b80)=""/151, 0x97, 0x0, &(0x7f0000000c40)=""/100, 0x64}}, 0x10) (async)
bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f0000000d40)={0x0, 0xc33, 0x8}, 0xc) (async)
bpf$PROG_LOAD(0x5, &(0x7f0000000e00)={0xc, 0x3, &(0x7f00000008c0)=@raw=[@generic={0xff, 0x7, 0x8, 0x8, 0x3}, @alu={0x4, 0x0, 0xc, 0x0, 0xa, 0xffffffffffffffff}, @ldst={0x2, 0x2, 0x5, 0x2, 0x2, 0xc, 0xffffffffffffffff}], &(0x7f0000000900)='syzkaller\x00', 0x7, 0x0, 0x0, 0x19e6319409a911d8, 0xa, '\x00', r5, @fallback=0x27, r0, 0x8, &(0x7f0000000b00)={0xa, 0x5}, 0x8, 0x10, &(0x7f0000000b40)={0x1, 0x2, 0x7fffffff, 0xfc8}, 0x10, r6, r0, 0x1, &(0x7f0000000d80)=[r0, r0, r7, r0, 0xffffffffffffffff, r0], &(0x7f0000000dc0)=[{0x1, 0x5, 0x6, 0x6}], 0x10, 0x80000000, @void, @value}, 0x94) (async)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r3, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4) (async)
syz_io_uring_submit(r3, r4, &(0x7f00000002c0)=@IORING_OP_OPENAT2={0x1c, 0x0, 0x0, 0xffffffffffffff9c, &(0x7f00000004c0)={0x222002}, &(0x7f0000000500)='./file0\x00', 0x18}) (async)
io_uring_enter(r2, 0x47f6, 0x0, 0x0, 0x0, 0x0) (async)
syz_mount_image$iso9660(&(0x7f0000000000), &(0x7f0000000800)='./file0\x00', 0x0, &(0x7f0000000980)={[{@check_strict}, {@block={'block', 0x3d, 0x200}, 0x0}, {}, {@session={'session', 0x3d, 0x2f}}, {@check_relaxed}, {@dmode={'dmode', 0x3d, 0x4000000000000cf}, 0x41}, {@session={'session', 0x3d, 0x38}}, {@unhide}, {@utf8}, {@gid}, {}, {@iocharset={'iocharset', 0x3d, 'iso8859-15'}}, {}], [{@flag='rw'}, {@hash}, {@pcr={'pcr', 0x3d, 0x21}}, {@fsmagic={'fsmagic', 0x3d, 0x4}}, {@obj_role={'obj_role', 0x3d, '{'}}, {@smackfstransmute={'smackfstransmute', 0x3d, '\\'}}]}, 0x2, 0x699, &(0x7f0000000140)="$eJzs3V9rG9n9x/HPyLIte3+E5dcSQsifk6QLDk2VkbxxMCl01dHInlbSiBm52FBY0o29hMjZNkmh8c3WN/0D2yfQu970og+i0Ot9Fr0pLSztXaE3KnNmJEvRv3ijOLvN+2V2NTrznTnfmaPoy9iaIwEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADle1XVLjupBc2fXTOZVo7AxZX26t0XdTBduzuxXcpL/VCjoQtp04Zsnq88n/7uuS+mzSyokDwUdvXP+3XvfyOd6209J6MvQaXf49PnRo/udzv6Tl4hd0Kl3/yYp11taycZkTNCW3wziMGhUtnwTxKHZ3Nhwb2/XYlML6n68F7f9hvEiP9cOI7Pm3TSlzc114xf3wp3mVrVS93uNd79Tdt0N84PldKAlFWNvO6jXg+aWjUlWJzF3zWc/TgP8SsOYg4ed/fVZR5IElV4mqDwrqOyWy6VSuVzauLN5567r5kca3ITj9mkkYu4vWnzNzOeNG5iDXFL//+pIdRXU1I52Zcb+eKoqUqjGhPWZXv1/77Y/td/B+t+r8hek72WrL8rW/yvpsyuT6v+EXIyM3WDcGmdC++l+Fm1GRk/1XEd6pPvqqKN9PZnDvo3M1bns5Qx+tuSrqUCxQgVqqGJbTNZitKkNbcjVh9pWTbGMagpUl69Ye4rVlm9fUZ4i+aqorVCRjNbk6aaMStrUptZl5KuoPYXaUVNbqqqif3e73QM9tOd9fUqO6gWVJgQsDwaVp+xpUv3/yafp6zSr/y71/22Vvg6W04fPp8UAXwHd7Pp/UG72ZldfX0YAAAAAAGDeHPvbd8f+7f6ypK5qQd1333RaAAAAAABgjhx1l3VJTnL9L+myHK7/AQAAAAD4X+PYe+wcSav2Q/3OyZ1QL/NLgIUzSBEAAAAAALwie+f/lSWpayetuCrnVNf/AAAAAADga+A3A3Ps53tz7HZ7f9bPSYpby86f/7msaNE5bu1+yzmsJGsqh1nMyCcA2rWLzrlsol77sCTJPvP8S07WWzYJZn/ewS8OZs3170QvJLC0MLiDCQk4Sc8b+eyZPtO1dJNr2TzzD45ysmvSXlZrQd0vemH9XkmVyrlc299t//zxw19IUf84Dx529osffdJ5YHM5TpqOD5OdfjqUTm78yTjJ5Zmdb8HeczHuiFdU63X522Zj1bH9ur3jX1DlMDfY0bQBOOnzV7qejtn11TR29ag/435y/IXk+EtFO2RDRx8tOidZlF488nEDMSGLgs3iRhpzY+2Gyn9Ll/ujkHMK316QysXRMRjKojyYxexz4fxr5FwMZGEfemsGzsV6ksVfkh1NyGL9dFmMjAgAvCkHuiz7LnRZdhLzfhUqZHW3Vx56b2pfqu7Mru4fDFf3Z7/vdu0GC1I++9vE1F4KSt7R1xxbh5bSQ8pfHPOO7mZ1paAJ7+juK1S3pK8/nXwHUpb2SBb/6Xa790q239+9UFX/MNTdSL9xvbyQnMLbzw5/aifAT3y8//H+43J5fcN933XvlLVoDyN7WBC1BwAwYvZ37MyMcN7XtTTi2oN/vJcuDVW8/+9/pKCoj/SJOnqgW72vELg6fq+rAx9DuJVetWrgqtWcf/ee/V664diSbk28qrO1dCC23I9dVG+T4Up9Erv+mkcBAICzdX1GHR5f/wtD9f+W1tKItYtjr7uHa3l2ddy/pJ8UW5qd/AfzPhsAALwd/OgLZ7X9ayeKgtaHpc3NUqW97Zso9H5ooqC65Zug2fYjb7vS3PJNKwrboRfWTSvSclD1YxPvtFph1Da1MDKtMA527Te/m+yr32O/UWm2Ay9u1f1K7BsvbLYrXttUg9gzrZ3v14N424/sxnHL94Ja4FXaQdg0cbgTeX7RmNj3BwKDqt9sB7UgWWyaVhQ0KtGe+VFY32n4purHXhS02mG6w15fQbMWRg2722K+O+7zAgAAvHWePj96dL/T2X/y4sJKcmmethxrQszowpKePk+uypOWfLaKOYIAAPiKOSngp9io8BoTAgAAAAAAAAAAAAAAAAAAAAAAI2bf0nfKhcVxNwtK/Zafncta9Eud3GI4sh9H807sNAu5027VuyXi6NHnU4JX+i290z8Yc3xmB/j3/5PesS1KW/Lz72tlyuC+joXvHqRndGJMsnLsquX+WOTn/88hWXj8xwmrut1ud/rmy8PncGnaAQ4v5CU9WXqFITj79yIAZ+u/AQAA//9b5DOa") (async)
add_key(&(0x7f0000000040)='pkcs7_test\x00', 0x0, &(0x7f00000000c0)="100c060863e57fd1b9b242fa6a73", 0xe, 0xfffffffffffffffe) (async)
openat$dir(0xffffffffffffff9c, &(0x7f0000000000)='.\x00', 0x0, 0x0) (async)
getdents64(r8, &(0x7f0000000f80)=""/4096, 0x1000) (async)

4.346449396s ago: executing program 2 (id=478):
r0 = openat$vicodec0(0xffffffffffffff9c, &(0x7f00000025c0), 0x2, 0x0)
ioctl$VIDIOC_S_SELECTION(r0, 0xc040565f, &(0x7f0000000000)={0xa, 0x0, 0x5, {0x0, 0x0, 0x0, 0xffffffff}})
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1801000011000000000000000000000018120000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000f6000000850000004300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x24, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$PROG_LOAD(0x5, &(0x7f0000000300)={0x0, 0x4, &(0x7f0000000480)=ANY=[@ANYBLOB="18000000000000000000000000000000850000006d"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000240)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000300)='sys_enter\x00', r1}, 0x10)
mount$tmpfs(0x0, &(0x7f0000000040)='./file0\x00', 0x0, 0x128a877, &(0x7f0000000440)=ANY=[@ANYBLOB="678670696e6f8f475f686172646c6900080000332cb374626b07814e1332f22ad82012a59f03cfb52e5bbf580820b316f647fed34733938ac5c45a898d9425609f13eedfe52e71a0571bd6376cc61624072d46fcc08e772de6d2e00897240c3150092970ad3ed728e74b10b58f863ed90f89f0e90689a5"])
socket(0x2a, 0x2, 0x0)
shmat(0x0, &(0x7f0000000000/0x4000)=nil, 0xffffffffffffdfff)

4.133987901s ago: executing program 1 (id=479):
bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0x10, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sk_msg, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90)
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000100)=@base={0x5, 0x81, 0x2, 0x9, 0x0, 0x1, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000000), &(0x7f0000000000), 0x402, r0}, 0x38)
bpf$MAP_DELETE_BATCH(0x18, &(0x7f0000000080)={0x0, &(0x7f0000001640)=""/233, &(0x7f00000002c0), &(0x7f0000000440), 0x5, r0}, 0x38)
lsetxattr$system_posix_acl(&(0x7f0000000400)='.\x00', &(0x7f0000000440)='system.posix_acl_default\x00', &(0x7f00000000c0)=ANY=[@ANYBLOB="0200000001000000000000000200", @ANYRES32=0xee01, @ANYBLOB="02000000", @ANYRES32=0xee00, @ANYBLOB="02000000", @ANYRES32=0xee00, @ANYBLOB, @ANYBLOB="040000000000800008000000", @ANYRES32=0x0, @ANYBLOB, @ANYRES32=0x0, @ANYBLOB='\b\x00\x00\x00', @ANYRES32=0x0, @ANYBLOB="100000000000000020"], 0x5c, 0x0)
syz_mount_image$vfat(&(0x7f0000000000), &(0x7f00000003c0)='./file0\x00', 0x402, 0x0, 0x1, 0x0, &(0x7f0000000000))
r1 = socket(0x1e, 0x2, 0x0)
setsockopt$sock_int(r1, 0x1, 0x2e, &(0x7f0000000040)=0x5, 0x4)
epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, r1, &(0x7f0000000100))
epoll_ctl$EPOLL_CTL_MOD(0xffffffffffffffff, 0x3, r1, &(0x7f0000000000)={0xc2a10a980d0dcec8})
mkdirat(0xffffffffffffff9c, &(0x7f0000000140)='./bus\x00', 0x0)
syz_emit_ethernet(0x41, &(0x7f00000004c0)={@broadcast, @multicast, @void, {@ipv4={0x800, @icmp={{0x5, 0x4, 0x0, 0x0, 0x33, 0x0, 0x0, 0x0, 0x1, 0x0, @private=0xa010101, @local}, @redirect={0x5, 0x0, 0x0, @multicast2, {0x5, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, 0x0, @private, @empty}, "631d23"}}}}}, 0x0)
r2 = socket$inet6_udp(0xa, 0x2, 0x0)
setsockopt$IP6T_SO_SET_REPLACE(r2, 0x29, 0x40, &(0x7f0000000600)=@mangle={'mangle\x00', 0xc061, 0x6, 0x570, 0xe8, 0xe8, 0xe8, 0xe8, 0xe8, 0x4a0, 0x4a0, 0x4a0, 0x4a0, 0x4a0, 0x6, 0x0, {[{{@ipv6={@mcast1, @empty, [], [], 'ip_vti0\x00', 'veth1_vlan\x00'}, 0x0, 0xa8, 0xe8, 0x0, {0x0, 0x3a010000}}, @common=@unspec=@RATEEST={0x40, 'RATEEST\x00', 0x0, {'syz0\x00', 0x0, 0x4}}}, {{@uncond, 0x0, 0xa8, 0xd0}, @unspec=@CHECKSUM={0x28}}, {{@uncond, 0x0, 0xa8, 0xf0}, @DNPT={0x48, 'DNPT\x00', 0x0, {@ipv6=@mcast1, @ipv6=@private0, 0xfd}}}, {{@uncond, 0x0, 0xa8, 0xd0}, @HL={0x28}}, {{@uncond, 0x0, 0x100, 0x128, 0x0, {}, [@inet=@rpfilter={{0x28}}, @common=@ah={{0x30}}]}, @inet=@DSCP={0x28}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x5d0)
syz_mount_image$fuse(0x0, &(0x7f0000000180)='./file2\x00', 0x0, 0x0, 0x0, 0x0, 0x0)
mount$overlay(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000000), 0x0, &(0x7f0000000140)={[{@workdir={'workdir', 0x3d, './file0'}}, {@lowerdir={'lowerdir', 0x3d, '.'}}, {@upperdir={'upperdir', 0x3d, './file2'}}], [], 0x2c})
r3 = openat$dir(0xffffffffffffff9c, &(0x7f00000000c0)='./file0\x00', 0x0, 0x0)
write$P9_RVERSION(0xffffffffffffffff, &(0x7f00000001c0)=ANY=[@ANYBLOB="28ff0f00000f00000004edac767155b8c5e800cee4859af5679257fdd604b038c433efc9c6732733d319c962be14eb00141bffb6bf9dbac9c3f50179fae27195defb3343bdf1237a05f0e68f8c1c8a783cbbd9ce0f8ac66bcb52b96a193aa8f3eb779949044ba02475b122"], 0x13)
fchmodat(r3, &(0x7f00000000c0)='./bus\x00', 0x0)

3.636626698s ago: executing program 0 (id=480):
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x0, 0x13, &(0x7f0000000140)=@ringbuf={{}, {}, {}, [@jmp={0x5, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff}, @kfunc, @map_idx_val={0x18, 0x0, 0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8}], {{}, {}, {0x85, 0x0, 0x0, 0x1}}}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
socket$nl_route(0x10, 0x3, 0x0)
r1 = socket$inet_smc(0x2b, 0x1, 0x0)
setsockopt$IP_VS_SO_SET_TIMEOUT(r1, 0x0, 0x60, &(0x7f0000000040), 0x50)
syz_mount_image$hfs(&(0x7f0000000180), &(0x7f0000000100)='./file0\x00', 0x3000080, &(0x7f0000000200)=ANY=[], 0x11, 0x2d4, &(0x7f0000000340)="$eJzs3U1rE1scx/HfmaRteht6pw+XC3fZa0E3UutG3KRIXoS4ELWJUAwVbQV1YxVXIrp371vwLQhuFN+Arlz5AiIII+fMZJJJJzMxNDMNfj9gmMycM+d/Mg/n/AfsCMAf60rzy9uL3+w/I1VUkV5cljxJNakq6R/9W3uwf7h32Gm3MvbTDRxbyyisaY4V2t1vp9WtKaoR8e23quqD6zAdQRDsfJV0UHYgKJW7+lN40kJ0dbrttcIjy/Z0wnpHJxzHrDFddfVQy2XHAQAozY76478XjfP1aP7uedJmNOyfyvF/Ut2yA5i6IHPrwPjvsqzA2OP7t9vUz/dcCme3e70scZyW54a+zys8sxITTJOXVbpYvMXbe532+d27nZanZ2pEBoqtu89WeOr25ES7kZKbZhij7yZ9Rrnk+jBn+7A9Iv61CVucmPlgPpnrxtcbteL5XzUw9jC5I+UPHakw/q3Re3S99G0pRbeNRqPhJYqsuEb+i1qI5PSylp6RqHdGrSj5gMDPi9PVWh2qFfbuQk6ttbDWzmKi1nbv24ha64m2bG/is3l0e9NmXpmrZkPf9U7Ngfm/Z+PbVOaV2b9qzGY4FLhfPOzPfHpzVbdP/9jIcaRr9eSa+FdcGBX6j+x7GoY8ydj2Urd0ScsHjx7fqXQ67ft24WbKwr16vGbuuZRapoQFT/01OupvWlD4IPJYrd6gVGSo5050h/b+kVvYXmWFdPDUnAllLDQ/FnsilbFQ0D0Kpeof9Nyi7wsJCEVz864w/xvIV7bcZM9++Bnz9NwJWbTHwM6x4wyolqi/6pb++q0Mbml0BjduzvX/WelMvOpnkNOiH8U5G4KsqZ9lmvqsGzz/BwAAAAAAAAAAAAAAAAAAmDVF/HeCsvsIAAAAAAAAAAAAAAAAAAAAAMCsi9//q977fzXe+3+H//J3JXzDy4m8//f1vnj/LzB9vwIAAP//N0qKjQ==")
r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='cpuacct.usage_sys\x00', 0x275a, 0x0)
setsockopt$IP_VS_SO_SET_EDIT(r2, 0x0, 0x483, &(0x7f0000000640)={0x2, @dev={0xac, 0x14, 0x14, 0xb}, 0x4e22, 0x4, 'nq\x00', 0x3, 0xfffffff8, 0x24}, 0x2c)
r3 = openat$hwrng(0xffffff9c, &(0x7f00000000c0), 0x68800, 0x0)
ioctl$USBDEVFS_CONTROL(r3, 0xc0185500, &(0x7f0000000300)={0x5, 0x12, 0xff, 0x22cc, 0x4c, 0x7ff, &(0x7f0000000280)="cf6c7a28eb0e11696d8a35132321d7be408b1085c09b9b5ff8fa8b2d95f05a105bb3ca7eb7270130089ab07ce301087917e29ca124a563329c2c75996941a21178984e37aab1e399d1b37bab"})
write$binfmt_script(r2, &(0x7f0000010180)={'#! ', './file0'}, 0x10017)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000240)='cgroup.controllers\x00', 0x26e1, 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)
r4 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000000)='cgroup.controllers\x00', 0x7a05, 0x1700)
r5 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r5, &(0x7f0000000180)={0x0, 0x1e000000, &(0x7f0000000780)={&(0x7f0000000f00)=ANY=[@ANYBLOB="300000001800dd8d0000000000000000020000000000000900000000060015000a0000000c00168008000100bc"], 0x30}}, 0x0)
write$cgroup_int(r4, &(0x7f0000000200), 0x43400)
setsockopt$inet_sctp_SCTP_DISABLE_FRAGMENTS(0xffffffffffffffff, 0x84, 0x8, &(0x7f00000001c0)=0x8, 0x4)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000180)=ANY=[@ANYRESDEC=r0, @ANYRES32=0x0, @ANYBLOB="00000000000000002800128009000100626f6e640000000018000280140008800800030001"], 0x48}}, 0x8010)

3.313111045s ago: executing program 3 (id=481):
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
setsockopt$netlink_NETLINK_NO_ENOBUFS(r1, 0x10e, 0xc, &(0x7f0000000040)=0x7f, 0x4)
r2 = socket$inet6_mptcp(0xa, 0x1, 0x106)
setsockopt$SO_TIMESTAMP(r2, 0x1, 0x41, &(0x7f0000000000)=0xff, 0x4)
connect$inet6(r2, &(0x7f0000000180)={0xa, 0x4001, 0x0, @dev={0xfe, 0x80, '\x00', 0x1c}, 0xd}, 0x1c)
r3 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r4 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r5 = syz_genetlink_get_family_id$netlbl_mgmt(0x0, r4)
sendmsg$NLBL_MGMT_C_ADD(r4, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000440)={&(0x7f00000005c0)=ANY=[@ANYRES16=r5, @ANYRES32=r3], 0x114}}, 0x0)
sendmsg$NLBL_MGMT_C_LISTDEF(r3, 0x0, 0x8000)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000005900000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90)
r6 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=@base={0x16, 0x0, 0x4, 0xff, 0x0, 0x1, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r6], 0x0, 0x0, 0x0, 0x0, 0x0, 0x2e, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90)
r7 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000280)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
socket$inet6_sctp(0xa, 0x5, 0x84)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000040)='qdisc_destroy\x00', r7}, 0x10)
socketpair$nbd(0x1, 0x1, 0x0, 0x0)
r8 = socket(0x11, 0x800000003, 0x0)
r9 = socket(0x10, 0x3, 0x0)
ioctl$ifreq_SIOCGIFINDEX_team(r8, 0x8933, &(0x7f0000000600)={'team0\x00', <r10=>0x0})
sendmsg$nl_route_sched(r9, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000300)=@newqdisc={0x88, 0x24, 0xf0b, 0x0, 0x0, {0x0, 0x0, 0x0, r10, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_mqprio={{0xb}, {0x58, 0x2, {{0x2, [], 0x0, [0x4, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3dc], [0x0, 0x4]}}}}]}, 0x88}}, 0x0)
recvmmsg(r2, &(0x7f0000001f40)=[{{0x0, 0x0, &(0x7f0000001a80)=[{&(0x7f0000001880)=""/252, 0xfc}], 0x1, &(0x7f0000001e40)=""/23, 0x17}}], 0x1, 0x0, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="380000001a0001000000000000000a0080202000", @ANYRES32=0x0, @ANYBLOB="000000000800020000000000140001"], 0x38}}, 0x0)
bind$inet6(r0, &(0x7f0000000100)={0xa, 0x4e22}, 0x1c)
listen(r0, 0xfff)
syz_emit_ethernet(0x4a, &(0x7f0000000440)={@local, @broadcast, @void, {@ipv6={0x86dd, @tcp={0x0, 0x6, "0a8435", 0x14, 0x6, 0x0, @remote, @local, {[], {{0x0, 0x4e22, 0x41424344, 0x41424344, 0x0, 0x0, 0x5, 0x2}}}}}}}, 0x0)
syz_emit_ethernet(0x57, &(0x7f0000000000)=ANY=[@ANYBLOB="aaaaaaaaaaaaffffffffffff86dd60df1d0000210600fe8000000000000000000000000000bbfe8000000000000000000000000000aa00004e227f8ee5", @ANYRES32=0x41424344, @ANYRES32=0x41424344, @ANYBLOB="8005000090780000080a0000000000000000000029"], 0x0)

3.172777208s ago: executing program 2 (id=482):
bpf$PROG_LOAD(0x5, &(0x7f0000000040)={0x6, 0x5, &(0x7f0000000000)=ANY=[@ANYBLOB="18020000faffffff0018000000000000850000002c00000085000000a30000009500000000000000"], &(0x7f0000000200)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @xdp, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x80)

2.360179436s ago: executing program 2 (id=483):
syz_usb_connect(0x2, 0x2d, &(0x7f0000000080)=ANY=[], 0x0)
r0 = syz_open_dev$vbi(&(0x7f0000000000), 0x3, 0x2)
ioctl$VIDIOC_G_SLICED_VBI_CAP(r0, 0xc0745645, &(0x7f00000000c0)={0x0, [], 0x5})
r1 = socket$inet6_sctp(0xa, 0x1, 0x84)
setsockopt$inet_sctp6_SCTP_ADAPTATION_LAYER(r1, 0x84, 0x7, &(0x7f0000000040)={0x3}, 0x4)
syz_open_dev$char_usb(0xc, 0xb4, 0x0)

2.249543541s ago: executing program 1 (id=484):
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)
mkdir(&(0x7f0000000300)='./bus\x00', 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000340)='./file1\x00', 0x0)
mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f0000000400)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@upperdir={'upperdir', 0x3d, './file1'}}]})
r0 = open(&(0x7f0000000140)='./file0\x00', 0x0, 0x0)
mknodat$loop(r0, &(0x7f0000001600)='./file1\x00', 0x0, 0x0)
chdir(&(0x7f0000000140)='./bus\x00')
link(&(0x7f0000000200)='./file1\x00', &(0x7f0000000300)='./bus\x00')
openat(0xffffffffffffff9c, 0x0, 0x42, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x8, &(0x7f0000000280)=ANY=[], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000580)={&(0x7f00000004c0)='kfree\x00', r1}, 0x10)
open(&(0x7f0000000000)='./bus\x00', 0x1000000, 0x0)

2.040580814s ago: executing program 3 (id=485):
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x40241, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000200)={'syzkaller1\x00', 0xc201})
r1 = socket$kcm(0x2, 0x3, 0x2)
ioctl$SIOCSIFHWADDR(r1, 0x8914, &(0x7f0000000040)={'syzkaller1\x00', @broadcast})
write$tun(r0, &(0x7f0000000540)={@val={0x8, 0x800}, @val={0x1, 0x0, 0x7ffc}, @ipv4=@tcp={{0x5, 0x4, 0x0, 0x0, 0x8002, 0x0, 0x7fe2, 0x0, 0x2f, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}, @broadcast}, {{0x0, 0x88a8, 0x41424344, 0x41424344, 0x0, 0x0, 0x5}}}}, 0xfdef)

1.556541006s ago: executing program 3 (id=486):
r0 = syz_mount_image$ext4(&(0x7f00000000c0)='ext4\x00', &(0x7f0000000480)='./file1\x00', 0x18000, &(0x7f00000004c0)={[{@init_itable_val={'init_itable', 0x3d, 0x4}}, {@errors_remount}]}, 0x1, 0x597, &(0x7f00000005c0)="$eJzs3U9oHNUfAPDvzCbNr21+pgUFlR6KChVKN0n/aPWUXsVCoQfBSwybbQjZZGN2U5vQQ3ovYkFR6aXeFPSoiHgQLx69elE8C6JFpelBVia7m7ZJNm7SJlu7nw/Mdt682f1+X2ffmz+ZYQPoWoezlzTiqYg4l0QM3FXXE43Kw/X1lm9eLtzuiUIStdr535JIIuLWzcuF5vpJ49/9EbEUEU9GxLe9EUfT9XErC4tTY6VSca5RHqxOzw5WFhaPTU6PTRQnijMnXnzp1OmTp4aPD69mcr+u/nTt7avfv3Lj2iefHVoqvDeWxEj0N+rubseDVP8/6Y2RNctP7kSwDko6nQDbkmv0rt6IeCIGIveA+hrw8Kv1RdSALpVsuf/vDWMGPAqaxwHZ+W9zuucAYWlnjz9+PVM/AcniLjemek1P/dpE/G/l3GTfH8k9ZybZ+eaBnU2NLrB0JSKGenrWf/+Txvdv+4YeRILsqG/O1DfU+u2fZtv/zU8b660df/qb107vU3P8W143/qWr41+uxfh3rs0Yf7/+84ct41+JeHrD+Mlq/GSD+GlEvNFm/OuvfXm6VV3to4gjsXH8pmTz68ODFyZLxaH664Yxvj5y6OXN2r+vRfyRTdqfLZtts/1ffPf5M612o1n855/dfPtvFD87Bn+nzfgHb338aqu6LP54i/ZvFj9bdqPN+C+MHP6xzVUBAAAAAAAAAIAtSFfuZUvS/Op8mubz9Wd4H499aalcqR69UJ6fGa/f83YgetPmnVYD9XKSlYcb9+M2y8fXlE9ExMGIeDe3d6WcL5RL451uPAAAAAAAAAAAAAAAAAAAADwk9q95/v/PXP35f6BL+Mlv6F7b7f/GDfjvu7cfJx3LA9h99uPQvfR/6F6t+v/tr3Y5EWDXtdz/9+5uHsDuc/wP3Uv/h+612v9r/vYH3cb+HwAAAAAAAAAAAAAAAAAAAAAAAAAAdsS5s2ezqXb75uVCVh6/uDA/Vb54bLxYmcpPzxfyhfLcbH6iXJ4oFfOF8vS/fV6pXJ4dipn5S4PVYqU6WFlYHJ0uz89URyenxyaKo0W/KAIAAAAAAAAAAAAAAAAAAADr9a9MSZqPiHRlPk3z+Yj/R8SB6E0uTJaKQxHxWET8kOvty8rDnU4aAAAAAAAAAAAAAAAAAAAAHjGVhcWpsVKpOLf5TNrGOo/eTEQsrVmytc8Z/Wv3cs6S3dbbk6X7ip5EpzeTmR368gMAAAAAAAAAAAAAAAAAALvqzkO/W3zjlR1KCAAAAAAAAAAAAAAAAAAAALpS+kv2mkTEkYHn+tfW7kmWcxF9sSci3rp+/v1LY9Xq3HC2/PfcSn1EVD9oLD/eifyBNi3X6qLZjwEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIA7KguLU2OlUnFumzN9bXxOh5sIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAsC3/BAAA//+SBtgH")
sendfile(r0, r0, &(0x7f0000000000)=0x1, 0x7)
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0xc0902, 0x0)
ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='net_prio.prioidx\x00', 0x275a, 0x0)
write$binfmt_script(r2, &(0x7f0000000040), 0xfea7)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1, 0x10012, r2, 0x0)
ioctl$KVM_PRE_FAULT_MEMORY(0xffffffffffffffff, 0xc040aed5, &(0x7f0000000180)={0x8000000, 0x10000})

1.021510808s ago: executing program 0 (id=487):
r0 = ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x2)
ioctl$KVM_GET_REGS(r0, 0x8090ae81, &(0x7f00000004c0))
r1 = add_key$fscrypt_v1(&(0x7f0000000000), &(0x7f0000000040)={'fscrypt:', @desc1}, &(0x7f0000000080)={0x0, "5d9bc136c963254c661fb620148b6f72ca6ae2a44829bfa79ec13499f8ec9077d85d879711d98bb1687ad36dfe5f14a7b0ce15c1e6be0e7ecabfdfde0dfa00b1"}, 0x48, 0xffffffffffffffff)
pipe2$watch_queue(&(0x7f0000002340)={0xffffffffffffffff, <r2=>0xffffffffffffffff}, 0x80)
pipe2$watch_queue(&(0x7f0000000140)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff}, 0x80)
keyctl$KEYCTL_WATCH_KEY(0x20, r1, r3, 0x200000000000000)
keyctl$KEYCTL_WATCH_KEY(0x20, r1, r2, 0xfffffffdffffffff)
syz_emit_ethernet(0x46, &(0x7f0000000240)=ANY=[@ANYBLOB="aaaaaaaaaaaa00000000000086dd60fca33f00103c00fe800000000000000000000000000000fe80000000efffffff000008000000aa0001000000000000c204000000000100"], 0x0)
r5 = syz_io_uring_setup(0xa01, 0x0, &(0x7f0000000100)=<r6=>0x0, &(0x7f00000003c0)=<r7=>0x0)
mkdir(&(0x7f0000000280)='./file0\x00', 0x0)
mount$tmpfs(0x0, &(0x7f0000000380)='./file0\x00', &(0x7f0000000400), 0x40c000, &(0x7f0000000640)=ANY=[@ANYBLOB="687567653d616c776179052c6d706f6c3d696e7465726c", @ANYBLOB="e6588ec50eff022e8aa4634d5c85fc30e64ecc5bb1907008a416048db9188964a768c1ae68f84daae60cc130ef873185db41e6bc8716710dc5455d8d09eadb703c290a90b3b755ef9801ee49cb2978c313a8f6521a6b5d4d9b", @ANYRESHEX=r2, @ANYRESOCT=r0, @ANYRES64=r2])
chdir(&(0x7f0000000140)='./file0\x00')
r8 = creat(&(0x7f00000002c0)='./file0\x00', 0x0)
write$binfmt_misc(r8, &(0x7f0000000000), 0x4)
r9 = openat$sysctl(0xffffffffffffff9c, &(0x7f0000000040)='/proc/sys/vm/drop_caches\x00', 0x1, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000100)={0x1, 0x3, &(0x7f0000001fd8)=ANY=[@ANYBLOB="e50000002a00000084000000000000009500000000000000"], &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x48)
writev(r9, &(0x7f00000000c0)=[{&(0x7f0000000140)='2', 0x1}], 0x1)
syz_io_uring_setup(0x5e2, &(0x7f0000000300)={0x0, 0x0, 0x0, 0x0, 0x3da}, &(0x7f0000000180), &(0x7f0000000280))
unshare(0x2a020400)
mq_timedreceive(0xffffffffffffffff, 0x0, 0x0, 0x6, 0x0)
syz_io_uring_submit(r6, r7, &(0x7f0000000000)=@IORING_OP_MSG_RING={0x28, 0x0, 0x0, r5, 0x0, 0x0})
r10 = syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0)
setsockopt$WPAN_SECURITY(r10, 0x0, 0x1, &(0x7f0000000240)=0x1, 0x4)
r11 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='memory.events\x00', 0x275a, 0x0)
write$cgroup_int(r11, &(0x7f0000000200), 0x12)
accept(r8, &(0x7f0000000580)=@pptp={0x18, 0x2, {0x0, @initdev}}, &(0x7f0000000600)=0x80)
getsockopt$WPAN_SECURITY(r10, 0x0, 0x1, 0x0, &(0x7f0000000040))
io_uring_enter(r4, 0x413e, 0x303f, 0x0, 0x0, 0x0)
r12 = syz_open_dev$sg(&(0x7f0000000700), 0x0, 0x400001)
ioctl$SG_IO(r12, 0x2285, &(0x7f00000005c0)={0x53, 0x0, 0x6, 0x0, @scatter={0x1, 0x3, &(0x7f0000000540)=[{&(0x7f0000000380)=""/204, 0xcc}]}, &(0x7f0000000240)="008d7acda0b2", 0x0, 0x0, 0x0, 0x0, 0x0})

726.957527ms ago: executing program 1 (id=488):
r0 = socket$xdp(0x2c, 0x3, 0x0)
setsockopt$XDP_UMEM_REG(r0, 0x11b, 0x4, &(0x7f00000000c0)={&(0x7f0000000000)=""/74, 0x328000, 0x1000}, 0x1c)
setsockopt$XDP_UMEM_COMPLETION_RING(r0, 0x11b, 0x6, &(0x7f0000000080)=0x1, 0x4)
syz_mount_image$hfs(&(0x7f0000000140), &(0x7f0000000040)='./file1\x00', 0x2810880, &(0x7f0000000000)=ANY=[], 0x8b, 0x2a7, &(0x7f0000000180)="$eJzs3U9P1EAYx/HftMuyCGIVjInxYFCiJwN4MV5IDPE1eNGo7JoQNxAVE/Ui8Wx8Ad69+AJ8EZ6MiWc9efIFcKuZ2Vl2yrZbWEIr8ftJFsp2/jzTdtt5miwVgP/WnbWfn27+ti8jxYol3ZYiu+qyGpLO60Lr5eb2xna30x7VUCy15F5GcjXNUJn1zU5eVVvP1fAS+1dDM+F7OB5pmqa/6g4CdWr533Heykia9J/OOCx8ku3E0k7dQdTM7GpXrzRbdxwAgHqZ3vU98tf5GT9/jyJp0V/2w+v/j9M1x3s017Rbdwg1C67/LstKjd2/Z9yqQb7nUji7PupniYftx04em+odWZkJpslmlcPJooslmnqy0e3cWN/qtiO906oXFJuXtKq2z1m9kmgXcrrLaurgrY0w7cYwYcewUhD/XF6n4/dYznw138wDk+ij2nvzv0ZqbPcugmRvT92dGMS/VNTc1rP7rlavVMEoz7pOLmY37MhRxkUZifyWSmNlbxAk2TibubWa2lerN7rlop58O3O5tVZKas3bWp+DWoOjubjmcTMfzD2zoD/6orVg/h/Zrb2o4U9mfiOupD8y+uPJzQ0brmQSvrVzKbfNaLzxYCzv9Vi3NPvi9Zunj7rdzvOqF2wMlXfKQm+hfxD8K/GMt2DPsftXNarpvXnkTdfSoQoPjzRc6J86D9Bg/yRd2mktZyVUbLDTi8u8rTIgVM2ePEwv/wvylSWXItkfyYh5elo2bQtaXM7JDSb3Cp4KWjL+/nxxBjRdnMEdNOe6cl26GrxZknMlOidNjRzrSWLW9F0Puf8PAAAAAAAAAAAAAAAAAABw0lTxbY2gO/6jDwAAAAAAAAAAAAAAAAAAAAAAYyh+/m9Lx/j838z3AHj+L1CPvwEAAP//pAVz+Q==")
rename(&(0x7f0000000180)='./file0\x00', &(0x7f00000001c0)='./bus\x00')
r1 = socket$inet6_udplite(0xa, 0x2, 0x88)
setsockopt$XDP_RX_RING(r0, 0x11b, 0x2, &(0x7f00000003c0)=0x40, 0x4)
r2 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f00000003c0)={'veth1_to_batadv\x00', <r3=>0x0})
setsockopt$XDP_TX_RING(r0, 0x11b, 0x3, &(0x7f0000001800)=0x3000, 0x4)
sendmsg$nl_route(r2, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000000)=@newlink={0x3c, 0x10, 0x1, 0x0, 0x0, {0x0, 0x0, 0x0, r3, 0x7400}, [@IFLA_VFINFO_LIST={0x14, 0x16, 0x0, 0x1, [{0x10, 0x1, 0x0, 0x1, [@IFLA_VF_RSS_QUERY_EN={0xc}]}]}, @IFLA_TXQLEN={0x8, 0xd, 0xd}]}, 0x3c}}, 0x0)
ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r1, 0x8933, &(0x7f0000000200)={'batadv_slave_1\x00', <r4=>0x0})
syz_mount_image$exfat(&(0x7f0000000280), &(0x7f00000000c0)='./file2\x00', 0x2000810, &(0x7f00000018c0)=ANY=[], 0xfd, 0x1501, &(0x7f00000002c0)="$eJzs3Am4T1X3OPC19t6H62b4JpnP2uvwTYZNkoSSZEiSJCRzQpIkSZK4ZEpCEjLeJHPInG665nnInHTzSpIkJCTZ/+c2/P16h5/3fX/9/vq/d32e5zz2cs7aZ+27nu89w/Pc79ddh1VvVKNKfWaGf4f+bYC//JMEAAkAMBAAcgBAAABlc5bNmb4/i8akf+sk4n9JgxlXugJxJUn/Mzbpf8Ym/c/YpP8Zm/Q/Y5P+Z2zS/4xN+i9EhjYr39WyZdxN3v//f079T5Ll+p8h4D/aIf3/T6P/paOl/xmb9D9jk/5nbNL/jCy40gWIK0w+/xmb9F+IDO0Pf6e84dyVfqct27+wCSGEEEIIIYQQQgghhBBCCCGEEEIIIYQQQgghhBBCCCGEEEIIIYQQQgghhBBCCCGEEEIIIYQQQgghhBBCCCGEEEIIIYQQQgghhBBCCCGEEEIIIYQQQgghhBBCCCGEEEIIIYQQQgghhBBCCCGEEEIIIYQQQgghhBBCCCGEEEIIIYQQ/w+c85cYAPhtfKXrEkIIIYQQQgghxB/Hv3ulKxBCCCGEEEIIIcT/PgQFGgwEkAkyQwJkgUS4CrJCNsgOOSAGV0NOuAZywbWQG/JAXsgH+aEAFIQQCCwwRFAICkMcroMicD0UhWJQHEqAg5JQCm6A0nAjlIGboCzcDOXgFigPFX4+Z7rboTLcAVXgTqgK1aA61IC7oCbcDbXgHqgN90IduA/qwv1QDx6A+tAAGsKD0AgegsbQBJpCM2gOLaDlZfKTc/y9/OehB7wAPaEXJEFv6AMvQl/oB/1hAAyEl2AQvAyD4RUYAkNhGLwKw+E1GAGvw0gYBaPhDRgDY2EcjIcJMBGS4U2YBG/BZHj7oWwwFabBdJgBM2EWvAOzYQ7MhXdhHsyHBZCcZREshiXwHiyF9yEFPoBl8CGkwnJYASthFayGNbAW1sF62AAbYRNshi2wFbbBR7AddsBO2AW7YQ/shY9hH3wC++FTSMPP/sX8s7/Ph24ICKhQoUGDmTATJmACJmIiZsWsmB2zYwxjmBNzYi7MhbkxN+bFvJiE+bEgFkRCQkbGQlgI4xjHIlgEi2JRLI7F0aHDUlgKS+ONWAbLYFksi+WwHJbHClgBb8VbsRJWwspYGatgFayKVbE6Vse78C68G2thLayNtbEO1sG6WBfrYT2sj/WxITbERtgIG2NjbIpNsTk2x5bYElthK2yNrbEttsV22A7bY3vsgB2wI3bETtgJO2Nn7IJdsCt2xW74HD6Hz+Pz+AK+gL2wquqNfbAP9sW+2B8H4AB8CQfhy/gyvoJDcCgOw1fxVXwNR+AZHImjcDSOxkpqLI7D8chqIiZjMmaGSTgZJ+MUnIpTcTrOwJk4C2fhbJyDc/BdnIfzcT4uxIW4GJfgElyK72MKpuAyPIupuBxX4EpchatxFa7FdbgWN+BG3ICbcTNuxa34EX6EO3AH7sJduAf34Mf4MX6Cn+AQTMM0PIAH8CAexEN4CA/jYTyCR/AoHsVjeAyP43E8gSfxFJ7E03gaz+BZPAcA5/E8XsALeBEvpn/4VTqjjMqkMqkElaASVaLKqrKq7Cq7iqmYyqlyqlwql8qtcqu8Kq/Kr/KrgqqgIkWKVaQKqUIqruKqiCqiiqqiqrgqrpxyqpQqpUqr0qqMKqPKqptVOXWLKq8qqDbuVnWrqqTausrqDlVFVVFVVTVVXdVQNVRNVVPVUrVUbVVb1VF1VF11v6qnemN/bKDSO9NIDcXGahg2Vc1Uc9VCvYYPq1ZqBLZWbVRb9agahSOxvWrlOqgnVEc1Djupp9R4fFp1UROxq3pWdVPPqe7qedVDtXY9VS81BXurPmo69lX9VH81QM3Gaiq9Y9XVK+r5zEPVMPWqWoyvqRHqdTVSjVKj1RtqjBqrxqnxaoKaqJLVm2qSektNVm+rKWqqmqamqxlqppql3lGz1Rw1V72r5qn5aoFaqBapxWqJek8tVe+rFPWBWqY+VKlquVqhVqpVarVao9aqdWq92qA2qk1qs9qitqpt6iO1Xe1QO9UutVvtUXvVx2qf+kTtV5+qNPWZOqD+og6qz9Uh9YU6rL5UR9RX6qj6Wh1T36jj6lt1Qp1Up9R36rT6Xp1RZ9U59YM6r35UF9RP6qLyCjRqpbU2OtCZdGadoLPoRH2Vzqqz6ew6h47pq3VOfY3Opa/VuXUendfk0/l1AV1Qh5q01awjXUgX1nF9nS6ir9dFdTFdXJfQTpfUpfQNurS+UZfRN+my+mZdTt+iy+sKuqIHfZuupG/XlfUduoq+U1fV1XR1XUPfpWvqu3UtfY+ure/VdfR9uq6+X9fTD+j6uoFuqB/UjfRDurFuopvqZrq5bqFb6od1K/2Ibq3b6Lb6Ud1OP6bb68d1B/2E7qif1J30U7qzflp30c/orvpZ3U0/p7vrn/RF7XVP3Usn6d66j35R99X9dH89QA/UL+lB+mU9WL+ih+iheph+VQ/Xr+kR+nU9Uo/So/Ubeoweq8fp8XqCnqiT9Zt6kn5LT9Zv6yl6qp6mp+sZeqbu/+tMc/+J/Lf+Tv7gn8++VW/TH+nteofeqXfp3XqP3qv36n16n96v9+s0naYP6AP6oD6oD+lD+rA+rI/oI/qoPqqP6WP6uD6uT+iT+gf9nT6tv9dn9Fl9Vv+gz+vz+sKvPwMwaJTRxpjAZDKZTYLJYhLNVSaryWaymxwmZq42Oc01Jpe51uQ2eUxek8/kNwVMQRMaMtawiUwhU9jEzXWmiLneFDXFTHFTwjhT0pQyN/yP8y9XX0vT0rQyrUxr09q0NW1NO9POtDftTQfTwXQ0HU0n08l0Np1NF9PFdDVdTTfTzXQ33U0P08P0ND1NkkkyfcyLpq/pZ/qbAWageckMMoPMYDPYDDFDzDAzzAw3w80IM8KMNCPNaDPajDFjzDgzzkwwE0yyz2EmmUlmsplsppgpZtrAHGaGmWFmmVlmtplt5pq5Zp6ZZxaYBWaRWWSWmCVmqVlqUkyKWWaWmVSz3Cw3K81Ks9qsNmvNWrPerDcbzUaz2Ww2qWab2Wa2m+1mp9lpdpvdZq/Za/aZfWa/2W/STJo5YA6Yg+agOWQOmcPmsDlijpij5qg5Zo6Z4+a4OWFOmFPmlDltTpsz5ow5Z86Z8+a8uWAumIvmYvptX6ACFZjABJmCTEFCkBAkBolB1iBrkD3IHsSCWJAzyBnkCq4Ncgd5grxBviB/UCAoGIQBBTbgIAoKBYWDeHBdUCS4PigaFAuKByUCF5QMSgU3BKWDG4MywU1B2eDmoFxwS1A+qBBUDG4NbgsqBbcHlYM7girBnUHVoFpQPagR3BXUDO4OagX3BLWDe4M6wX1B3eD+oF7wQFA/aBA0DB4MGgUPBY2DJkHToFnQPGgRtPxD5/f+TJ5HXM+wV5gU9g77hC+GfcN+Yf9wQDgwfCkcFL4cDg5fCYeEQ8Nh4avh8PC1cET4ejgyHBWODt8Ix4Rjw3Hh+HBCODFMDt8MJ4VvhZPDt8Mp4dRwWjA9nBHODGeF74Szwznh3PDdcF44P1wQLgwXhYtD/OWWGFLCD8Jl4Ydharg8XBGuDFeFq8M14dpwXbg+3BBuDDeFm8sO+uXQcHu4I9wZ7gp3h3vCveHH4b7wk3B/+GmYFn4WHgj/Eh4MPw8PhV+Eh8MvwyPhV+HR8OvwWPhNeDz8NjwRngxPhd+Fp8PvwzPh2fBc+EN4PvwxvBD+FF4MffrNffrlnQwZykSZKIESKJESKStlpeyUnWIUo5yUk3JRLspNuSkv5aX8lJ8KUkFKx8RUiApRnOJUhIpQUSpKxak4OXJUikpRaSpNZagMlaWyVI7KUXkqTxWpIt1Gt9HtdDvdQXfQnXQnVaNqVINqUE2qSbWoFtWm2lSH6lBdqkv1qB7Vp/rUkBpSI2pEjakxNaWm1JyaU0tqSa2oFbWm1tSW2lI7akftqT11oA7UkTpSJ+pEnakzdaEu1JW6UjfqRt2pO/WgHtSTelISJVEf6kN9qS/1p/40kAbSIBpEg2kwDaEhNIyG0XAaTiNoBI2kUTSa3qAxNJbG0XiaQBMpmZJpEk2iyTSZptAUmkbTaAbNoFk0i2bTbJpLc2kezaMFtIAW0SJaQktoKS2lFEqhZbSMUimVVtAKWkWraA2toXW0jjbQBtpEm2gLbaFttI2203baSTtpN+2mvbSX9tE+2k/7KY3S6AAdoIN0kA7RITpMh+kIHaGjdJSO0TE6TsfpBJ2gU3SKTtNpOkNn6Bydo/P0I12gn+gieUqwWWyivcpmtdlsdpvD/nWc1+az+W0BW9CGNrfN87uYrLVFbTFb3Jawzpa0pewNfxOXtxVsRXurvc1Wsrfbyra8zQL/Na5p77a17D22tr3X1rB3/S6uY++zde1Dtp5tYuvbZrahbWEb2YdsY9vENrXNbHPbwrazj9n29nHbwT5hO9on/yZeat+36+x6u8FutPvsJ/ac/cEetV/b8/ZH29P2sgPtS3aQfdkOtq/YIXbo72MAO9q+YcfYsXacHW8n2Il/E0+z0+0MO9POsu/Y2XbO38RL7Ht2nk2xC+xCu8gu/jlOrynFfmCX2Q9tql1uV9iVdpVdbdfYtf+31pV2s91it9q99mO73e6wO+0uu9vu+TlOX8d++6lNs5/ZI/Yre9B+bg/ZY/aw/fLnOH19x+w39rj91p6wJ+0p+509bb+3Z+zZn9efvvbv7E/2ovUWGFmxZsMBZ+LMnMBZOJGv4qycjbNzDo7x1ZyTr+FcfC3n5jycl/Nxfi7ABTlkYsvMERfiwhzn67gIX89FuRgX5xLsuCSX4hu4NN/IZfgmLss3czm+hctzBa7It/JtXIlv58p8B1fhO7kqV+PqXIPv4pp8N9fie7g238t1+D6uy/dzPX6A63MDbsgPciN+iBtzE27Kzbg5t+CW/DC34ke4Nbfhtvwot+PHuD0/zh34Ce7IT3Infoo789PchZ/hrvwsd+PnuDs/zz34Be7JvTiJe3MffpH7cj/uzwN4IL/Eg/hlHsyv8BAeysP4VR7Or/EIfp1H8igezW/wGB7L43g8T+CJnMxv8iR+iyfz2zyFp/I0ns4zeCbP4nd4Ns/hufwuz+P5vIAX8iJezEv4PV7K73MKf8DL+ENO5eW8glfyKl7Na3gtr+P1vIE38ibezFt4K2/jj3g77+CdvIt38x7eyx/zPv6E9/OnnMaf8QH+Cx/kz/kQf8GH+Us+wl/xUf6aj/E3fJy/5RN8kk/xd3yav+czfJbP8Q98nn/kC/wTX2TPEGGkIh2ZKIgyRZmjhChLlBhdFWWNskXZoxxRLLo6yhldE+WKro1yR3mivFG+KH9UICoYhRFFNuIoigpFhaN4dF1UJLo+KhoVi4pHJSIXlYxKRTdEpaMbozLRTVHZ6OaoXHRLVD6qEFWMbo1uiypFt0eVozuiKtGdUdWoWlQ9qhHdFdWM7o5qRfdEtaN7ozLRfVHd6P6oXvRAVD9qEDWMHowaRQ9FjaMmUdOoWdQ8ahG1jB6OWkWPRK2jNlHb6NGoXfRY1D56POoQPRF1jJ68tL9Y8MvV9K/2J0W9I/3rG7J79KL44viS+HvxpfH34ynxD+LL4h/GU+PL4yviK+Or4qvja+Jr4+vi6+Mb4hvjm+Kb41viW+Pe18gMDtMfhMG4wGVymV2Cy+IS3VUuq8vmsrscLuaudjndNS6Xu9bldnlcXpfP5XcFXEEXOnLWsYtcIVfYxd11roi73hV1xVxxV8I5V9KVci1cS9fStXKPuNaujWvrHnWPusfcY+7xhF8Ld53cU66ze9p1cc+4Z9yzrpt7znV3z7se7gXX0/VySS7J9XF9XF/X1/V3/d1AN9ANcoPcYDfYDXFD3DA3zA13w90IN8KNdCPdaDfajXFj3Dg3zk1wE1yyS3aT3CQ32U12U9wUN81NczPcDDfLzXKz3Ww3181189w8t8AtcIvcIrfELXFL3VKX4lLcMrfMpbpUt8KtcKvcKrfGrXHr3Dq3wW1wm9wmt8VtcdvcNrfdbXc73U632+12e91et8/tc/vdfpfm0twBd8AddAfdIfeFO+y+dEfcV+6o+9odc9+44+5bd8KddKec16fd9+6MO+vOuR/cefeju+B+chedd8mxN2OTYm/FJsfejk2JTY1Ni02PzYjNjM2KvRObHZsTmxt7NzYvNj+2ILYwtii2OLYk9l5saez9WErsg9iy2Iex1Njy2IrYytiq2OqY9wW2R76QL+zj/jpfxF/vi/pivrgv4Z0v6Uv5G3xpf6Mv42/yZf3Nvpy/xZf3FXxF38Q39c18c9/Ct/QP+1b+Ed/at/Ft/aO+nX/Mt/eP+w7+Cd/RP+k7+ad8Z/+07+Kf8V39s/N/7bLv4V/wPX0vn+R7+z7+Rd/X9/P9/QA/0L/kB/mX/WD/ih/ih/ph/lU/3L/mR/jX/Ug/yo/2b/gxfqwf58f7CX6iT/Zv+kn+LT/Zv+2n+Kl+mp/uZ/iZfpZ/x8/2c/xc/66f5+f7BX6hX+QX+yX+Pb/Uv+9T/Ad+mf/Qp/rlfoVf6Vf51X6NX+vX+fV+g9/oN/nNfovf6rf5j/x2v8Pv9Lv8br/H7/Uf+33+E7/ff+rT/Gf+gP+LP+g/94f8F/6w/9If8V/5o/5rf8x/44/7b/0Jf9Kf8t/50/57f8af9ef8D/68/9Ff8D/5i/I3a0IIIYQQ/xR9mf29/87/qV+3dH0AINuOfIf/es5NuX8Z91P7OsYA4IleXRv8tjVokJSU9OuxqRqCwgsBIHYp/+fvH/g1Xg5t4THoAG2g9N+tr5+q+PN93383f/xmgESALL/lpD8eJcJfz3/jP5i/yXt8ufkXAhQtfCkn/US/xZfmL/MP5t/T7jLzZ/k8GaD1f8nJCpfiS/OXgkfgSejwuyOFEEIIIYQQQohf9FPnu13u+Tb9+Ty/uZSTGS7Fl3s+v4zKf8QahBBCCCGEEEII8d97+rnujz/coUObzv/Jg8x/jjL+BAMEgD9BGTL48w+u9G8mIYQQQgghxB/t0k3/la5ECCGEEEIIIYQQQgghhBBCCCGEEEIIIYQQQgghhBBCCCGEEEIIIYTIuP79bwhT//TBV3qNQgghhBBCCCGEEEIIIYQQQgghhBBCCCGEEEIIIYQQQgghhBBCCCGEEEIIIYQQQgghxJX2fwIAAP//5g1V0w==")
setresgid(0xee00, 0xee01, 0x0)
r5 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='hugetlb.2MB.usage_in_bytes\x00', 0x275a, 0x0)
r6 = socket(0x10, 0x2, 0x0)
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000140)={&(0x7f0000000240)=ANY=[@ANYBLOB="9feb01001800000000000000340000003400000006000000040000000000000e0400000000080000000000000000000d00000000000000000000000d00000000000000000000000a030000000000003061"], 0x0, 0x52, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x28)
getsockopt$sock_cred(r6, 0x1, 0x11, &(0x7f0000caaffb)={0x0, <r7=>0x0}, &(0x7f0000cab000)=0xc)
setgroups(0x0, 0x0)
setfsuid(r7)
utimensat(r5, 0x0, &(0x7f0000000080)={{}, {0x77359400}}, 0x0)
socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$XDP_UMEM_COMPLETION_RING(r0, 0x11b, 0x6, &(0x7f0000000140)=0x4a, 0x4)
setsockopt$XDP_UMEM_FILL_RING(r0, 0x11b, 0x5, &(0x7f0000000300)=0x1, 0x4)
bind$xdp(r0, &(0x7f0000000100)={0x2c, 0x0, r4}, 0x10)
getsockopt$XDP_STATISTICS(r0, 0x11b, 0x7, &(0x7f0000000180), &(0x7f00000001c0)=0x30)

0s ago: executing program 3 (id=489):
socket$nl_generic(0x10, 0x3, 0x10)
r0 = openat$sw_sync(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$SW_SYNC_IOC_CREATE_FENCE(r0, 0xc0285700, &(0x7f0000000100)={0x4, "ff0f00000000000001a82d866bf4ff0713e4b89c3c00"})
r1 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000400)={0x1, &(0x7f0000000380)=[{0x6, 0x0, 0x0, 0x7fffffff}]})
r2 = openat$dma_heap(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
r4 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000180), 0xffffffffffffffff)
sendmsg$ETHTOOL_MSG_RINGS_SET(r3, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000300)={0x34, r4, 0x1, 0x0, 0x1, {}, [@ETHTOOL_A_RINGS_HEADER={0x18, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'wlan0\x00'}]}, @ETHTOOL_A_RINGS_TX={0x8}]}, 0x34}}, 0x0)
ioctl$DMA_HEAP_IOCTL_ALLOC(r2, 0xc0184800, &(0x7f0000000100)={0x4, <r5=>r1})
ioctl$DMA_BUF_SET_NAME_A(r5, 0x40086203, &(0x7f00000001c0)='\x02\x00\x00\x00\x05\x00\x00\x00-control\x00')
pselect6(0x40, &(0x7f0000000040), &(0x7f0000000080)={0xea}, 0x0, 0x0, 0x0)
setrlimit(0x2, &(0x7f0000000000)={0x2, 0x535c})
mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x3, 0x200000005c832, 0xffffffffffffffff, 0x0)

kernel console output (not intermixed with test programs):

303.431371][ T5630] ntfs3: loop4: Failed to load $Extend (-22).
[  303.439153][ T5630] ntfs3: loop4: Failed to initialize $Extend.
[  303.502822][ T5240] usb 1-1: config 0 descriptor??
[  303.903876][ T5654] IPv6: addrconf: prefix option has invalid lifetime
[  304.040705][   T29] audit: type=1800 audit(1727624788.008:9): pid=5630 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.4.88" name="file1" dev="loop4" ino=30 res=0 errno=0
[  304.137831][ T5654] xt_CT: You must specify a L4 protocol and not use inversions on it
[  304.151610][ T5649] loop2: detected capacity change from 0 to 2048
[  304.271377][ T5654] UDPLite6: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list
[  304.318493][ T5649] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  304.416875][ T5654] netlink: 56 bytes leftover after parsing attributes in process `syz.0.87'.
[  304.426773][ T5654] netlink: 56 bytes leftover after parsing attributes in process `syz.0.87'.
[  304.960106][ T1922] usb 2-1: new high-speed USB device number 4 using dummy_hcd
[  304.981327][ T5666] loop4: detected capacity change from 0 to 512
[  305.023080][ T5666] EXT4-fs: Ignoring removed orlov option
[  305.029568][ T5666] EXT4-fs: Ignoring removed i_version option
[  305.036520][ T5666] EXT4-fs: Ignoring removed nomblk_io_submit option
[  305.146312][ T5666] EXT4-fs (loop4): revision level too high, forcing read-only mode
[  305.155111][ T5666] [EXT4 FS bs=4096, gc=1, bpg=32768, ipg=32, mo=c040e118, mo2=0002]
[  305.193466][ T1922] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  305.205417][ T1922] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  305.222187][ T1922] usb 2-1: New USB device found, idVendor=17ef, idProduct=6067, bcdDevice= 0.00
[  305.233924][ T1922] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  305.266882][ T5666] EXT4-fs (loop4): orphan cleanup on readonly fs
[  305.272133][ T1922] usb 2-1: config 0 descriptor??
[  305.274138][ T5666] Quota error (device loop4): v2_read_header: Failed header read: expected=8 got=0
[  305.288701][ T5666] EXT4-fs warning (device loop4): ext4_enable_quotas:7097: Failed to enable quota tracking (type=1, err=-22, ino=4). Please run e2fsck to fix.
[  305.304223][ T5666] EXT4-fs (loop4): Cannot turn on quotas: error -22
[  305.483423][ T5193] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  305.512278][ T5666] EXT4-fs error (device loop4): ext4_validate_block_bitmap:441: comm syz.4.98: bg 0: block 40: padding at end of block bitmap is not set
[  305.661243][ T5666] EXT4-fs error (device loop4) in ext4_mb_clear_bb:6550: Corrupt filesystem
[  305.675821][ T5666] EXT4-fs (loop4): 1 truncate cleaned up
[  305.685096][ T5666] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback.
[  305.721464][    T0] NOHZ tick-stop error: local softirq work is pending, handler #342!!!
[  305.754289][ T1922] lenovo 0003:17EF:6067.0002: hidraw0: USB HID v0.00 Device [HID 17ef:6067] on usb-dummy_hcd.1-1/input0
[  305.949692][    T0] NOHZ tick-stop error: local softirq work is pending, handler #82!!!
[  306.162300][ T1922] usb 2-1: USB disconnect, device number 4
[  306.212297][ T5240] usbhid 1-1:0.0: can't add hid device: -71
[  306.219342][ T5240] usbhid 1-1:0.0: probe with driver usbhid failed with error -71
[  306.350477][ T5666] EXT4-fs error (device loop4): ext4_encrypted_get_link:46: inode #16: comm syz.4.98: bad symlink.
[  306.441074][    T0] NOHZ tick-stop error: local softirq work is pending, handler #42!!!
[  306.543323][    T0] NOHZ tick-stop error: local softirq work is pending, handler #40!!!
[  306.850450][    T0] NOHZ tick-stop error: local softirq work is pending, handler #42!!!
[  306.902456][ T5240] usb 1-1: USB disconnect, device number 2
[  306.954943][ T5666] overlayfs: failed to resolve './file2': -117
[  306.972725][    T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!!
[  306.982340][    T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!!
[  307.129348][   T29] audit: type=1326 audit(1727624791.088:10): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5672 comm="syz.2.100" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7ffabe77dff9 code=0x0
[  307.733267][    T0] NOHZ tick-stop error: local softirq work is pending, handler #08!!!
[  307.769881][    T0] NOHZ tick-stop error: local softirq work is pending, handler #02!!!
[  307.871726][    T0] NOHZ tick-stop error: local softirq work is pending, handler #40!!!
[  309.195027][ T5684] loop2: detected capacity change from 0 to 32768
[  309.243956][ T5684] 
[  309.243956][ T5684]  ... Log Wrap ... Log Wrap ... Log Wrap ...
[  309.243956][ T5684] 
[  309.280276][ T5684] 
[  309.280276][ T5684]  ... Log Wrap ... Log Wrap ... Log Wrap ...
[  309.280276][ T5684] 
[  309.291440][ T5684] 
[  309.291440][ T5684]  ... Log Wrap ... Log Wrap ... Log Wrap ...
[  309.291440][ T5684] 
[  309.311027][ T5684] 
[  309.311027][ T5684]  ... Log Wrap ... Log Wrap ... Log Wrap ...
[  309.311027][ T5684] 
[  309.322182][ T5684] 
[  309.322182][ T5684]  ... Log Wrap ... Log Wrap ... Log Wrap ...
[  309.322182][ T5684] 
[  309.473101][ T5193] 
[  309.473101][ T5193]  ... Log Wrap ... Log Wrap ... Log Wrap ...
[  309.473101][ T5193] 
[  309.516353][  T113] 
[  309.516353][  T113]  ... Log Wrap ... Log Wrap ... Log Wrap ...
[  309.516353][  T113] 
[  309.550106][ T5193] 
[  309.550106][ T5193]  ... Log Wrap ... Log Wrap ... Log Wrap ...
[  309.550106][ T5193] 
[  310.091165][ T5185] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  310.294928][ T5689] sctp: [Deprecated]: syz.1.104 (pid 5689) Use of int in max_burst socket option deprecated.
[  310.294928][ T5689] Use struct sctp_assoc_value instead
[  310.846735][   T44] usb 1-1: new high-speed USB device number 3 using dummy_hcd
[  310.987677][   T44] usb 1-1: device descriptor read/64, error -71
[  311.390054][   T44] usb 1-1: new high-speed USB device number 4 using dummy_hcd
[  311.585132][   T44] usb 1-1: device descriptor read/64, error -71
[  311.676020][ T5696] binder: BINDER_SET_CONTEXT_MGR already set
[  311.683655][ T5696] binder: 5693:5696 ioctl 4018620d 20000040 returned -16
[  311.739527][   T44] usb usb1-port1: attempt power cycle
[  312.122585][   T44] usb 1-1: new high-speed USB device number 5 using dummy_hcd
[  312.142158][    C1] Illegal XDP return value 16128 on prog  (id 21) dev bond_slave_0, expect packet loss!
[  312.192104][   T44] usb 1-1: device descriptor read/8, error -71
[  312.415551][ T5702] Zero length message leads to an empty skb
[  312.509966][   T44] usb 1-1: new high-speed USB device number 6 using dummy_hcd
[  312.537334][   T44] usb 1-1: device descriptor read/8, error -71
[  312.712319][   T44] usb usb1-port1: unable to enumerate USB device
[  315.227231][ T5726] loop4: detected capacity change from 0 to 32768
[  315.314510][ T5730] netlink: 'syz.0.118': attribute type 161 has an invalid length.
[  315.477699][   T29] audit: type=1800 audit(1727625055.344:11): pid=5726 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.4.116" name="bus" dev="loop4" ino=7 res=0 errno=0
[  315.825551][ T5734] loop0: detected capacity change from 0 to 128
[  315.867771][ T5734] VFS: Found a Xenix FS (block size = 512) on device loop0
[  315.875371][ T5734] Bad inode number on dev loop0: 2 is out of range
[  315.882276][ T5734] SysV FS: get root inode failed
[  316.527933][ T5734] oldfs: cannot read superblock
[  316.867018][ T5745] FAULT_INJECTION: forcing a failure.
[  316.867018][ T5745] name failslab, interval 1, probability 0, space 0, times 0
[  316.886069][ T5745] CPU: 1 UID: 0 PID: 5745 Comm: syz.3.123 Not tainted 6.11.0-syzkaller-11993-g3efc57369a0c #0
[  316.896588][ T5745] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
[  316.906868][ T5745] Call Trace:
[  316.910478][ T5745]  <TASK>
[  316.913570][ T5745]  dump_stack_lvl+0x216/0x2d0
[  316.918960][ T5745]  dump_stack+0x1e/0x30
[  316.923385][ T5745]  should_fail_ex+0x748/0x7f0
[  316.928360][ T5745]  should_failslab+0x17f/0x210
[  316.933453][ T5745]  __kmalloc_noprof+0x175/0xf30
[  316.938555][ T5745]  ? tomoyo_realpath_from_path+0x104/0xaa0
[  316.944674][ T5745]  ? kmsan_get_metadata+0x13e/0x1c0
[  316.950211][ T5745]  tomoyo_realpath_from_path+0x104/0xaa0
[  316.956144][ T5745]  ? __srcu_read_lock+0x76/0xd0
[  316.961263][ T5745]  tomoyo_path_number_perm+0x1d9/0x8f0
[  316.967032][ T5745]  ? kmsan_get_metadata+0x13e/0x1c0
[  316.972478][ T5745]  ? kmsan_get_metadata+0x13e/0x1c0
[  316.977911][ T5745]  ? kmsan_get_shadow_origin_ptr+0x4d/0xb0
[  316.984014][ T5745]  tomoyo_file_ioctl+0x3f/0x50
[  316.989095][ T5745]  security_file_ioctl+0x145/0x590
[  316.994457][ T5745]  __se_sys_ioctl+0xd3/0x450
[  316.999318][ T5745]  ? kmsan_get_shadow_origin_ptr+0x4d/0xb0
[  317.005404][ T5745]  __x64_sys_ioctl+0x96/0xe0
[  317.010389][ T5745]  x64_sys_call+0x18bf/0x3ba0
[  317.015503][ T5745]  do_syscall_64+0xcd/0x1e0
[  317.020250][ T5745]  ? clear_bhb_loop+0x25/0x80
[  317.025180][ T5745]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  317.031493][ T5745] RIP: 0033:0x7fea7cd7dff9
[  317.036118][ T5745] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  317.055996][ T5745] RSP: 002b:00007fea7dbeb038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  317.064691][ T5745] RAX: ffffffffffffffda RBX: 00007fea7cf35f80 RCX: 00007fea7cd7dff9
[  317.072998][ T5745] RDX: 0000000020000200 RSI: 00000000c058560f RDI: 0000000000000003
[  317.081180][ T5745] RBP: 00007fea7dbeb090 R08: 0000000000000000 R09: 0000000000000000
[  317.089349][ T5745] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  317.097633][ T5745] R13: 0000000000000000 R14: 00007fea7cf35f80 R15: 00007ffc9bcfe448
[  317.105906][ T5745]  </TASK>
[  317.117620][ T5745] ERROR: Out of memory at tomoyo_realpath_from_path.
[  318.746887][ T5757] loop2: detected capacity change from 0 to 128
[  318.772960][ T5758] loop4: detected capacity change from 0 to 256
[  318.808914][ T5757] ufs: Invalid option: "ÿÿ" or missing value
[  318.815484][ T5757] ufs: wrong mount options
[  318.990064][ T5752] loop1: detected capacity change from 0 to 1024
[  319.052066][ T5761] netlink: 32 bytes leftover after parsing attributes in process `syz.3.129'.
[  319.061691][ T5761] netlink: 72 bytes leftover after parsing attributes in process `syz.3.129'.
[  319.073760][ T5752] EXT4-fs: Ignoring removed nomblk_io_submit option
[  319.110413][ T5752] EXT4-fs: Quota format mount options ignored when QUOTA feature is enabled
[  319.166100][ T5752] [EXT4 FS bs=1024, gc=1, bpg=131072, ipg=32, mo=e041c01c, mo2=0002]
[  319.190290][ T5752] System zones: 0-1, 3-36
[  319.281626][ T5758] FAT-fs (loop4): Directory bread(block 64) failed
[  319.288754][ T5758] FAT-fs (loop4): Directory bread(block 65) failed
[  319.296398][ T5758] FAT-fs (loop4): Directory bread(block 66) failed
[  319.303389][ T5758] FAT-fs (loop4): Directory bread(block 67) failed
[  319.310620][ T5758] FAT-fs (loop4): Directory bread(block 68) failed
[  319.317462][ T5758] FAT-fs (loop4): Directory bread(block 69) failed
[  319.324683][ T5758] FAT-fs (loop4): Directory bread(block 70) failed
[  319.331720][ T5758] FAT-fs (loop4): Directory bread(block 71) failed
[  319.342166][ T5758] FAT-fs (loop4): Directory bread(block 72) failed
[  319.349019][ T5758] FAT-fs (loop4): Directory bread(block 73) failed
[  319.471511][ T5752] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  319.927198][ T5758] syz.4.128: attempt to access beyond end of device
[  319.927198][ T5758] loop4: rw=524288, sector=1160, nr_sectors = 4 limit=256
[  319.942274][ T5758] syz.4.128: attempt to access beyond end of device
[  319.942274][ T5758] loop4: rw=0, sector=1160, nr_sectors = 4 limit=256
[  319.965945][   T29] audit: type=1800 audit(1727625059.944:12): pid=5758 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.4.128" name="file0" dev="loop4" ino=1048605 res=0 errno=0
[  320.764056][ T5782] loop3: detected capacity change from 0 to 1024
[  320.810041][ T5778] loop2: detected capacity change from 0 to 2048
[  320.843429][ T5778] ext2: Bad value for 'mb_optimize_scan'
[  321.302502][ T5782] hfsplus: invalid extent max_key_len 0
[  321.309163][ T5782] hfsplus: failed to load extents file
[  321.687593][ T5787] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  321.728627][ T5789] netlink: 20 bytes leftover after parsing attributes in process `syz.4.138'.
[  321.859288][ T5789] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  322.403123][ T5789] netlink: 36 bytes leftover after parsing attributes in process `syz.4.138'.
[  323.006832][ T5800] sch_tbf: burst 4 is lower than device lo mtu (65550) !
[  323.056371][ T5801] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  323.192565][ T5183] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  323.340018][ T1922] usb 1-1: new high-speed USB device number 7 using dummy_hcd
[  323.564546][ T1922] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  323.575522][ T1922] usb 1-1: config 0 has no interfaces?
[  323.581812][ T1922] usb 1-1: New USB device found, idVendor=0bed, idProduct=1100, bcdDevice=ec.c3
[  323.591369][ T1922] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  323.688717][ T1922] usb 1-1: config 0 descriptor??
[  323.984303][ T1711] usb 1-1: USB disconnect, device number 7
[  325.237916][ T5810] loop1: detected capacity change from 0 to 128
[  325.297828][ T5817] loop0: detected capacity change from 0 to 1024
[  325.338165][ T5810] FAT-fs (loop1): FAT read failed (blocknr 255)
[  326.033641][ T5830] overlay: filesystem on ./bus not supported
[  326.066687][ T5822] loop4: detected capacity change from 0 to 1764
[  326.092207][ T5822] iso9660: Unknown parameter '01777777777777777777777'
[  326.441927][   T29] audit: type=1326 audit(1727625066.404:13): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5832 comm="syz.1.152" exe="/root/syz-executor" sig=0 arch=c000003e syscall=157 compat=0 ip=0x7fd2f017dff9 code=0x7ffc0000
[  326.465091][   T29] audit: type=1326 audit(1727625066.404:14): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5832 comm="syz.1.152" exe="/root/syz-executor" sig=0 arch=c000003e syscall=157 compat=0 ip=0x7fd2f017dff9 code=0x7ffc0000
[  326.488092][   T29] audit: type=1326 audit(1727625066.404:15): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5832 comm="syz.1.152" exe="/root/syz-executor" sig=0 arch=c000003e syscall=157 compat=0 ip=0x7fd2f017dff9 code=0x7ffc0000
[  326.596490][   T29] audit: type=1326 audit(1727625066.514:16): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5832 comm="syz.1.152" exe="/root/syz-executor" sig=0 arch=c000003e syscall=157 compat=0 ip=0x7fd2f017dff9 code=0x7ffc0000
[  327.650150][ T5198] Bluetooth: hci3: unexpected event for opcode 0x0000
[  328.923741][ T5841] loop1: detected capacity change from 0 to 32768
[  329.262381][ T5841] ocfs2: Mounting device (7,1) on (node local, slot 0) with ordered data mode.
[  329.285097][ T5849] loop2: detected capacity change from 0 to 256
[  329.287866][ T5852] netlink: 'syz.3.159': attribute type 2 has an invalid length.
[  331.198551][ T5859] fuse: Bad value for 'user_id'
[  331.203912][ T5859] fuse: Bad value for 'user_id'
[  331.363770][ T5183] ocfs2: Unmounting device (7,1) on (node local)
[  331.741070][ T5198] Bluetooth: hci3: Controller not accepting commands anymore: ncmd = 0
[  331.751079][ T5198] Bluetooth: hci3: Injecting HCI hardware error event
[  331.759492][ T5198] Bluetooth: hci3: hardware error 0x00
[  333.711956][ T5869] loop3: detected capacity change from 0 to 32768
[  333.738890][ T5869] (syz.3.162,5869,0):ocfs2_init_global_system_inodes:461 ERROR: status = -22
[  333.748190][ T5869] (syz.3.162,5869,0):ocfs2_init_global_system_inodes:463 ERROR: Unable to load system inode 1, possibly corrupt fs?
[  333.748338][ T5869] (syz.3.162,5869,0):ocfs2_init_global_system_inodes:472 ERROR: status = -22
[  333.770115][ T5869] (syz.3.162,5869,0):ocfs2_initialize_super:2250 ERROR: status = -22
[  333.782388][ T5869] (syz.3.162,5869,0):ocfs2_fill_super:1178 ERROR: status = -22
[  334.144254][ T5198] Bluetooth: hci3: Opcode 0x0c03 failed: -110
[  334.911050][ T5878] capability: warning: `syz.2.164' uses deprecated v2 capabilities in a way that may be insecure
[  335.240632][ T1711] usb 4-1: new high-speed USB device number 3 using dummy_hcd
[  336.149504][ T1711] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  336.161860][ T1711] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  336.172379][ T1711] usb 4-1: New USB device found, idVendor=041e, idProduct=2801, bcdDevice= 0.00
[  336.181988][ T1711] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  336.383584][ T1711] usb 4-1: config 0 descriptor??
[  337.180930][ T5881] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  337.332129][ T5881] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  337.658514][ T1711] usbhid 4-1:0.0: can't add hid device: -71
[  337.665919][ T1711] usbhid 4-1:0.0: probe with driver usbhid failed with error -71
[  337.840204][ T1711] usb 4-1: USB disconnect, device number 3
[  337.850187][ T5889] loop1: detected capacity change from 0 to 32768
[  337.953947][ T5889] BTRFS: device fsid ed167579-eb65-4e76-9a50-61ac97e9b59d devid 1 transid 8 /dev/loop1 (7:1) scanned by syz.1.169 (5889)
[  337.997763][ T5889] BTRFS info (device loop1): first mount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d
[  338.009119][ T5889] BTRFS info (device loop1): using sha256 (sha256-generic) checksum algorithm
[  338.021047][ T5889] BTRFS error (device loop1): superblock checksum mismatch
[  338.038505][ T5889] BTRFS error (device loop1): open_ctree failed
[  339.713140][ T5912] netlink: 'syz.0.177': attribute type 29 has an invalid length.
[  339.777527][ T5917] netlink: 'syz.0.177': attribute type 29 has an invalid length.
[  340.277749][ T5922] loop2: detected capacity change from 0 to 8
[  341.060992][ T5933] FAULT_INJECTION: forcing a failure.
[  341.060992][ T5933] name fail_page_alloc, interval 1, probability 0, space 0, times 1
[  341.074996][ T5933] CPU: 1 UID: 0 PID: 5933 Comm: syz.3.185 Not tainted 6.11.0-syzkaller-11993-g3efc57369a0c #0
[  341.085617][ T5933] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
[  341.095977][ T5933] Call Trace:
[  341.099664][ T5933]  <TASK>
[  341.102831][ T5933]  dump_stack_lvl+0x216/0x2d0
[  341.108150][ T5933]  dump_stack+0x1e/0x30
[  341.112679][ T5933]  should_fail_ex+0x748/0x7f0
[  341.117754][ T5933]  should_fail_alloc_page+0x235/0x2b0
[  341.123505][ T5933]  __alloc_pages_noprof+0x33b/0xe70
[  341.129111][ T5933]  alloc_pages_mpol_noprof+0x299/0x990
[  341.134931][ T5933]  ? kmsan_get_metadata+0x13e/0x1c0
[  341.140512][ T5933]  vma_alloc_folio_noprof+0x454/0x7f0
[  341.146267][ T5933]  handle_mm_fault+0xa385/0xdc30
[  341.151617][ T5933]  ? kmsan_get_metadata+0x13e/0x1c0
[  341.157391][ T5933]  __get_user_pages+0x3403/0x8250
[  341.162858][ T5933]  ? kmsan_get_shadow_origin_ptr+0x4d/0xb0
[  341.169034][ T5933]  ? __kmalloc_node_noprof+0xe9/0xf50
[  341.174834][ T5933]  __gup_longterm_locked+0x594/0x2d60
[  341.180726][ T5933]  ? kmsan_get_metadata+0x13e/0x1c0
[  341.186357][ T5933]  ? kmsan_get_shadow_origin_ptr+0x4d/0xb0
[  341.192541][ T5933]  ? kmsan_get_shadow_origin_ptr+0x4d/0xb0
[  341.198809][ T5933]  pin_user_pages+0x12e/0x1b0
[  341.203905][ T5933]  xdp_umem_create+0x12a8/0x1de0
[  341.209263][ T5933]  xsk_setsockopt+0xbd8/0xcc0
[  341.214346][ T5933]  do_sock_setsockopt+0x4bb/0x7d0
[  341.219738][ T5933]  ? __pfx_xsk_setsockopt+0x10/0x10
[  341.225319][ T5933]  __sys_setsockopt+0x327/0x4c0
[  341.230645][ T5933]  __x64_sys_setsockopt+0xe8/0x170
[  341.236140][ T5933]  x64_sys_call+0x2fc2/0x3ba0
[  341.241216][ T5933]  do_syscall_64+0xcd/0x1e0
[  341.246197][ T5933]  ? clear_bhb_loop+0x25/0x80
[  341.251217][ T5933]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  341.257545][ T5933] RIP: 0033:0x7fea7cd7dff9
[  341.262270][ T5933] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  341.282366][ T5933] RSP: 002b:00007fea7dbeb038 EFLAGS: 00000246 ORIG_RAX: 0000000000000036
[  341.291159][ T5933] RAX: ffffffffffffffda RBX: 00007fea7cf35f80 RCX: 00007fea7cd7dff9
[  341.299451][ T5933] RDX: 0000000000000004 RSI: 000000000000011b RDI: 0000000000000005
[  341.307815][ T5933] RBP: 00007fea7dbeb090 R08: 000000000000001c R09: 0000000000000000
[  341.316099][ T5933] R10: 00000000200000c0 R11: 0000000000000246 R12: 0000000000000002
[  341.324395][ T5933] R13: 0000000000000000 R14: 00007fea7cf35f80 R15: 00007ffc9bcfe448
[  341.332704][ T5933]  </TASK>
[  341.418162][ T5939] FAULT_INJECTION: forcing a failure.
[  341.418162][ T5939] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[  341.432219][ T5939] CPU: 1 UID: 0 PID: 5939 Comm: syz.0.187 Not tainted 6.11.0-syzkaller-11993-g3efc57369a0c #0
[  341.442833][ T5939] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
[  341.453170][ T5939] Call Trace:
[  341.456668][ T5939]  <TASK>
[  341.459817][ T5939]  dump_stack_lvl+0x216/0x2d0
[  341.464851][ T5939]  dump_stack+0x1e/0x30
[  341.469316][ T5939]  should_fail_ex+0x748/0x7f0
[  341.474339][ T5939]  should_fail_alloc_page+0x235/0x2b0
[  341.480018][ T5939]  __alloc_pages_noprof+0x33b/0xe70
[  341.485556][ T5939]  alloc_pages_mpol_noprof+0x299/0x990
[  341.491325][ T5939]  ? kmsan_get_metadata+0x13e/0x1c0
[  341.496824][ T5939]  vma_alloc_folio_noprof+0x454/0x7f0
[  341.502610][ T5939]  handle_mm_fault+0xa385/0xdc30
[  341.507884][ T5939]  ? kmsan_get_metadata+0x13e/0x1c0
[  341.513449][ T5939]  exc_page_fault+0x41b/0x700
[  341.518441][ T5939]  asm_exc_page_fault+0x2b/0x30
[  341.523634][ T5939] RIP: 0033:0x7f53de0418c0
[  341.528308][ T5939] Code: 39 4f 08 72 4c 8d 4d ff 85 ed 74 33 66 0f 1f 44 00 00 48 39 f0 72 1b 4d 8b 07 49 89 c1 49 29 f1 47 0f b6 0c 08 45 84 c9 74 08 <45> 88 0c 00 49 8b 47 10 48 83 c0 01 49 89 47 10 83 e9 01 73 d3 41
[  341.548363][ T5939] RSP: 002b:00007f53defb74a0 EFLAGS: 00010206
[  341.554738][ T5939] RAX: 0000000000008000 RBX: 00007f53defb7540 RCX: 0000000000000009
[  341.563001][ T5939] RDX: 0000000000025fff RSI: 0000000000004000 RDI: 00007f53defb75e0
[  341.571243][ T5939] RBP: 000000000000000a R08: 00007f53d3800000 R09: 0000000000000047
[  341.579496][ T5939] R10: 0000000020004dc2 R11: 0000000000004447 R12: 0000000000003001
[  341.587731][ T5939] R13: 00007f53de204a40 R14: 000000000000001b R15: 00007f53defb75e0
[  341.595985][ T5939]  </TASK>
[  341.607813][ T5939] Huh VM_FAULT_OOM leaked out to the #PF handler. Retrying PF
[  342.094215][ T5943] netlink: 'syz.4.189': attribute type 4 has an invalid length.
[  342.263878][ T1711] usb 3-1: new high-speed USB device number 3 using dummy_hcd
[  342.585350][ T1711] usb 3-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  342.596391][ T1711] usb 3-1: config 1 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 18
[  342.815370][ T1711] usb 3-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[  342.825369][ T1711] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=1
[  342.833985][ T1711] usb 3-1: SerialNumber: syz
[  343.180689][ T1711] cdc_ether 3-1:1.0: probe with driver cdc_ether failed with error -22
[  343.927886][ T5939] loop0: detected capacity change from 0 to 32768
[  343.974374][ T5939] (syz.0.187,5939,1):ocfs2_verify_volume:2369 ERROR: Superblock slots found greater than file system maximum: found 65535, max 255
[  343.989044][ T5939] (syz.0.187,5939,1):ocfs2_verify_volume:2378 ERROR: status = -22
[  343.997526][ T5939] (syz.0.187,5939,1):ocfs2_fill_super:990 ERROR: superblock probe failed!
[  344.006541][ T5939] (syz.0.187,5939,1):ocfs2_fill_super:1178 ERROR: status = -22
[  345.234488][ T5959] loop3: detected capacity change from 0 to 2048
[  345.305345][ T5959] udf: Unknown parameter 'umas(Õ°k'
[  345.421402][ T5966] netlink: 4 bytes leftover after parsing attributes in process `syz.4.197'.
[  345.997726][   T10] usb 3-1: USB disconnect, device number 3
[  346.005573][ T5963] loop1: detected capacity change from 0 to 4096
[  346.112015][ T5963] ntfs3: loop1: Different NTFS sector size (2048) and media sector size (512).
[  346.507468][ T5972] loop4: detected capacity change from 0 to 512
[  346.545663][ T5975] loop0: detected capacity change from 0 to 64
[  347.234899][ T5963] ntfs3: loop1: Mark volume as dirty due to NTFS errors
[  347.243023][ T5972] EXT4-fs error (device loop4): ext4_orphan_get:1388: inode #15: comm syz.4.201: casefold flag without casefold feature
[  347.258277][ T5963] ntfs3: loop1: Failed to load $Extend (-22).
[  347.265202][ T5963] ntfs3: loop1: Failed to initialize $Extend.
[  347.281065][ T5972] EXT4-fs error (device loop4): ext4_orphan_get:1393: comm syz.4.201: couldn't read orphan inode 15 (err -117)
[  347.323126][ T5972] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  347.340549][ T5992] loop3: detected capacity change from 0 to 256
[  347.353113][ T5992] exfat: Deprecated parameter 'codepage'
[  347.359088][ T5992] exfat: Bad value for 'codepage'
[  347.762588][ T5185] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  350.484769][ T5998] loop4: detected capacity change from 0 to 32768
[  351.895246][ T6020] input: syz0 as /devices/virtual/input/input6
[  352.226444][ T1240] ieee802154 phy0 wpan0: encryption failed: -22
[  352.233680][ T1240] ieee802154 phy1 wpan1: encryption failed: -22
[  352.318181][ T1711] usb 5-1: new high-speed USB device number 4 using dummy_hcd
[  352.624291][ T1711] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x8D has invalid wMaxPacketSize 0
[  352.634555][ T1711] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x4 has invalid wMaxPacketSize 0
[  352.735594][ T1711] usb 5-1: New USB device found, idVendor=eb1a, idProduct=2883, bcdDevice=61.5b
[  352.745344][ T1711] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  352.753941][ T1711] usb 5-1: Product: syz
[  352.758513][ T1711] usb 5-1: Manufacturer: syz
[  352.763529][ T1711] usb 5-1: SerialNumber: syz
[  352.834184][ T6024] loop0: detected capacity change from 0 to 512
[  352.848148][ T1711] usb 5-1: config 0 descriptor??
[  352.871013][ T6024] EXT4-fs: Ignoring removed oldalloc option
[  353.671109][ T6024] EXT4-fs error (device loop0): ext4_xattr_inode_iget:436: comm syz.0.219: Parent and EA inode have the same ino 15
[  353.780872][   T10] usb 5-1: USB disconnect, device number 4
[  353.980887][ T6024] EXT4-fs error (device loop0): ext4_xattr_inode_iget:436: comm syz.0.219: Parent and EA inode have the same ino 15
[  354.287996][ T6024] EXT4-fs (loop0): 1 orphan inode deleted
[  354.296352][ T6024] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  354.720702][ T6024] EXT4-fs error (device loop0): htree_dirblock_to_tree:1112: inode #2: block 13: comm syz.0.219: bad entry in directory: rec_len is smaller than minimal - offset=76, inode=0, rec_len=0, size=1024 fake=0
[  355.061865][ T6039] netlink: 'syz.0.219': attribute type 10 has an invalid length.
[  355.071039][ T6039] netlink: 40 bytes leftover after parsing attributes in process `syz.0.219'.
[  355.091020][ T6039] A link change request failed with some changes committed already. Interface bridge0 may have been left with an inconsistent configuration, please check.
[  355.504627][ T6028] loop3: detected capacity change from 0 to 32768
[  355.815178][ T6028] ocfs2: Mounting device (7,3) on (node local, slot 0) with ordered data mode.
[  355.967204][ T5187] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  356.470095][ T5190] ocfs2: Unmounting device (7,3) on (node local)
[  356.882192][ T6059] netlink: 4 bytes leftover after parsing attributes in process `syz.4.230'.
[  357.336430][ T6068] netlink: 4 bytes leftover after parsing attributes in process `syz.1.231'.
[  357.345792][ T6068] netlink: 'syz.1.231': attribute type 13 has an invalid length.
[  357.354229][ T6068] netlink: 'syz.1.231': attribute type 14 has an invalid length.
[  357.377975][ T6068] netdevsim netdevsim1 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0
[  357.387368][ T6068] netdevsim netdevsim1 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0
[  357.396703][ T6068] netdevsim netdevsim1 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0
[  357.405917][ T6068] netdevsim netdevsim1 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0
[  357.415559][ T6068] vxlan0: entered promiscuous mode
[  357.576082][ T6069] mmap: syz.1.231 (6069): VmData 37818368 exceed data ulimit 8. Update limits or use boot option ignore_rlimit_data.
[  358.042180][   T44] usb 4-1: new high-speed USB device number 4 using dummy_hcd
[  358.212453][   T44] usb 4-1: device descriptor read/64, error -71
[  358.435693][ T6071] loop2: detected capacity change from 0 to 4096
[  358.443503][ T6076] loop4: detected capacity change from 0 to 128
[  358.502203][ T6071] ntfs3: loop2: Different NTFS sector size (2048) and media sector size (512).
[  358.540343][   T44] usb 4-1: new high-speed USB device number 5 using dummy_hcd
[  358.631211][ T6076] EXT4-fs (loop4): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none.
[  358.700952][   T44] usb 4-1: device descriptor read/64, error -71
[  358.760146][ T6076] ext4 filesystem being mounted at /proc/118/cgroup supports timestamps until 2038-01-19 (0x7fffffff)
[  358.822276][   T44] usb usb4-port1: attempt power cycle
[  358.843396][ T6076] EXT4-fs (loop4): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09.
[  359.006225][ T6071] ntfs3: loop2: Mark volume as dirty due to NTFS errors
[  359.061422][ T6071] ntfs3: loop2: Failed to load $Extend (-22).
[  359.067850][ T6071] ntfs3: loop2: Failed to initialize $Extend.
[  359.183941][   T29] audit: type=1800 audit(1727625611.166:17): pid=6071 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.2.232" name="bus" dev="loop2" ino=33 res=0 errno=0
[  359.205503][   T44] usb 4-1: new high-speed USB device number 6 using dummy_hcd
[  359.272692][   T44] usb 4-1: device descriptor read/8, error -71
[  359.304947][ T6081] ptrace attach of "./syz-executor exec"[5187] was attempted by "\x0b"[6081]
[  359.315702][   T29] audit: type=1800 audit(1727625611.276:18): pid=6071 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.2.232" name="bus" dev="loop2" ino=33 res=0 errno=0
[  360.430428][   T44] usb 4-1: new high-speed USB device number 7 using dummy_hcd
[  361.569882][ T6083] loop0: detected capacity change from 0 to 32768
[  362.044482][   T44] usb 4-1: device descriptor read/8, error -71
[  362.166528][   T44] usb usb4-port1: unable to enumerate USB device
[  362.323510][ T6098] netlink: 28 bytes leftover after parsing attributes in process `syz.1.241'.
[  362.611524][ T6106] FAULT_INJECTION: forcing a failure.
[  362.611524][ T6106] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[  362.625623][ T6106] CPU: 0 UID: 0 PID: 6106 Comm: syz.3.244 Not tainted 6.11.0-syzkaller-11993-g3efc57369a0c #0
[  362.636350][ T6106] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
[  362.646830][ T6106] Call Trace:
[  362.650442][ T6106]  <TASK>
[  362.653676][ T6106]  dump_stack_lvl+0x216/0x2d0
[  362.658956][ T6106]  dump_stack+0x1e/0x30
[  362.663498][ T6106]  should_fail_ex+0x748/0x7f0
[  362.668672][ T6106]  should_fail_alloc_page+0x235/0x2b0
[  362.674488][ T6106]  __alloc_pages_noprof+0x33b/0xe70
[  362.680156][ T6106]  alloc_pages_mpol_noprof+0x299/0x990
[  362.686087][ T6106]  ? kmsan_get_metadata+0x13e/0x1c0
[  362.691672][ T6106]  vma_alloc_folio_noprof+0x454/0x7f0
[  362.697435][ T6106]  handle_mm_fault+0xa385/0xdc30
[  362.702872][ T6106]  ? kmsan_get_metadata+0x13e/0x1c0
[  362.708741][ T6106]  exc_page_fault+0x41b/0x700
[  362.713801][ T6106]  asm_exc_page_fault+0x2b/0x30
[  362.719057][ T6106] RIP: 0033:0x7fea7cc41813
[  362.723806][ T6106] Code: 1f 84 00 00 00 00 00 3d 00 01 00 00 75 29 45 31 f6 48 83 c4 18 44 89 f0 5b 5d 41 5c 41 5d 41 5e 41 5f c3 0f 1f 40 00 49 8b 0f <44> 88 34 01 49 83 47 10 01 eb 92 66 90 8d 90 ff fe ff ff 83 fa 1c
[  362.743802][ T6106] RSP: 002b:00007fea7dbea4a0 EFLAGS: 00010206
[  362.750243][ T6106] RAX: 0000000000021000 RBX: 00007fea7dbea540 RCX: 00007fea72400000
[  362.758610][ T6106] RDX: 00007fea7dbea6e0 RSI: 0000000000000005 RDI: 00007fea7dbea5e0
[  362.766908][ T6106] RBP: 000000000000000a R08: 0000000000000007 R09: 0000000000000049
[  362.775188][ T6106] R10: 0000000000000052 R11: 00007fea7dbea540 R12: 0000000000000301
[  362.783574][ T6106] R13: 00007fea7ce04a40 R14: 00000000000000ff R15: 00007fea7dbea5e0
[  362.792095][ T6106]  </TASK>
[  362.798507][ T6106] Huh VM_FAULT_OOM leaked out to the #PF handler. Retrying PF
[  363.285866][ T6106] loop3: detected capacity change from 0 to 1024
[  363.296059][ T6106] hfsplus: uid requires an argument
[  363.302184][ T6106] hfsplus: unable to parse mount options
[  364.330198][ T1711] usb 5-1: new high-speed USB device number 5 using dummy_hcd
[  364.515609][ T6127] loop0: detected capacity change from 0 to 1024
[  364.590555][ T1711] usb 5-1: config 0 interface 0 altsetting 3 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  364.604718][ T1711] usb 5-1: config 0 interface 0 altsetting 3 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[  364.618845][ T1711] usb 5-1: config 0 interface 0 has no altsetting 0
[  364.624076][ T6125] loop3: detected capacity change from 0 to 1764
[  364.625951][ T1711] usb 5-1: New USB device found, idVendor=28bd, idProduct=0055, bcdDevice= 0.00
[  364.641885][ T1711] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  364.663817][ T6125] iso9660: Unknown parameter 'ÿ'
[  364.832891][ T1711] usb 5-1: config 0 descriptor??
[  364.931968][ T6115] loop2: detected capacity change from 0 to 4096
[  364.986305][ T6115] ntfs3: loop2: Different NTFS sector size (1024) and media sector size (512).
[  365.120408][   T44] usb 2-1: new high-speed USB device number 5 using dummy_hcd
[  365.268572][ T6127] EXT4-fs (loop0): Test dummy encryption mode enabled
[  365.333675][   T44] usb 2-1: Using ep0 maxpacket: 8
[  365.344579][ T1711] usbhid 5-1:0.0: can't add hid device: -71
[  365.352065][ T1711] usbhid 5-1:0.0: probe with driver usbhid failed with error -71
[  365.394585][   T44] usb 2-1: New USB device found, idVendor=13d3, idProduct=3306, bcdDevice=88.be
[  365.404591][   T44] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  365.411039][ T6127] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  365.413221][   T44] usb 2-1: Product: syz
[  365.434314][   T44] usb 2-1: Manufacturer: syz
[  365.439224][   T44] usb 2-1: SerialNumber: syz
[  365.455934][   T44] usb 2-1: config 0 descriptor??
[  365.477845][   T44] r8712u: register rtl8712_netdev_ops to netdev_ops
[  365.482962][ T1711] usb 5-1: USB disconnect, device number 5
[  365.484883][   T44] usb 2-1: r8712u: USB_SPEED_HIGH with 0 endpoints
[  366.062339][   T44] usb 2-1: r8712u: Boot from EFUSE: Autoload Failed
[  366.069466][   T44] usb 2-1: r8712u: MAC Address from efuse = 00:e0:4c:87:00:00
[  366.078363][   T44] usb 2-1: r8712u: Loading firmware from "rtlwifi/rtl8712u.bin"
[  366.318266][ T5187] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  368.160326][   T10] usb 5-1: new high-speed USB device number 6 using dummy_hcd
[  368.340877][   T10] usb 5-1: device descriptor read/64, error -71
[  368.497590][ T6161] loop3: detected capacity change from 0 to 2048
[  368.509178][ T1711] usb 2-1: USB disconnect, device number 5
[  368.601980][   T10] usb 5-1: new high-speed USB device number 7 using dummy_hcd
[  368.613283][ T6161] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000)
[  368.822472][   T10] usb 5-1: device descriptor read/64, error -71
[  369.276234][   T10] usb usb5-port1: attempt power cycle
[  369.941683][ T6179] ip6gretap0: entered promiscuous mode
[  369.975034][ T6184] netlink: 'syz.2.266': attribute type 12 has an invalid length.
[  370.020396][ T6179] ip6gretap0: left promiscuous mode
[  370.033443][   T10] usb 5-1: new high-speed USB device number 8 using dummy_hcd
[  370.112551][ T6183] netlink: 'syz.1.267': attribute type 3 has an invalid length.
[  370.152264][   T10] usb 5-1: device descriptor read/8, error -71
[  370.456111][   T10] usb 5-1: new high-speed USB device number 9 using dummy_hcd
[  370.560773][   T10] usb 5-1: device descriptor read/8, error -71
[  370.702221][   T10] usb usb5-port1: unable to enumerate USB device
[  372.468005][ T6186] loop0: detected capacity change from 0 to 32768
[  372.548860][ T6186] (syz.0.268,6186,1):ocfs2_verify_volume:2369 ERROR: Superblock slots found greater than file system maximum: found 65535, max 255
[  372.563089][ T6186] (syz.0.268,6186,1):ocfs2_verify_volume:2378 ERROR: status = -22
[  372.571648][ T6186] (syz.0.268,6186,1):ocfs2_fill_super:990 ERROR: superblock probe failed!
[  372.580697][ T6186] (syz.0.268,6186,1):ocfs2_fill_super:1178 ERROR: status = -22
[  373.581649][ T6211] loop2: detected capacity change from 0 to 2048
[  373.665764][ T6211] NILFS (loop2): invalid segment: Checksum error in segment payload
[  373.674729][ T6211] NILFS (loop2): trying rollback from an earlier position
[  373.699885][ T6211] NILFS (loop2): invalid segment: Checksum error in segment payload
[  373.708213][ T6211] NILFS (loop2): error -22 while searching super root
[  374.309910][ T6213] loop0: detected capacity change from 0 to 2048
[  374.452794][ T6217] FAULT_INJECTION: forcing a failure.
[  374.452794][ T6217] name fail_usercopy, interval 1, probability 0, space 0, times 1
[  374.467161][ T6217] CPU: 1 UID: 0 PID: 6217 Comm: syz.1.278 Not tainted 6.11.0-syzkaller-11993-g3efc57369a0c #0
[  374.477874][ T6217] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
[  374.488234][ T6217] Call Trace:
[  374.491769][ T6217]  <TASK>
[  374.494936][ T6217]  dump_stack_lvl+0x216/0x2d0
[  374.499997][ T6217]  dump_stack+0x1e/0x30
[  374.504517][ T6217]  should_fail_ex+0x748/0x7f0
[  374.509577][ T6217]  should_fail+0x2a/0x40
[  374.514260][ T6217]  should_fail_usercopy+0x2e/0x40
[  374.519692][ T6217]  _copy_from_user+0x33/0x160
[  374.524779][ T6217]  snd_seq_oss_write+0x927/0xcb0
[  374.530160][ T6217]  odev_write+0x7c/0xe0
[  374.534729][ T6217]  ? __pfx_odev_write+0x10/0x10
[  374.536295][ T6213] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000)
[  374.540040][ T6217]  vfs_write+0x487/0x1540
[  374.540237][ T6217]  ? kmsan_get_metadata+0x13e/0x1c0
[  374.559103][ T6217]  ? kmsan_internal_set_shadow_origin+0x69/0x100
[  374.565856][ T6217]  ? kmsan_get_metadata+0x13e/0x1c0
[  374.571409][ T6217]  ksys_write+0x24f/0x4c0
[  374.576208][ T6217]  __x64_sys_write+0x93/0xe0
[  374.581170][ T6217]  x64_sys_call+0x306a/0x3ba0
[  374.586230][ T6217]  do_syscall_64+0xcd/0x1e0
[  374.591095][ T6217]  ? clear_bhb_loop+0x25/0x80
[  374.596133][ T6217]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  374.602440][ T6217] RIP: 0033:0x7fd2f017dff9
[  374.607242][ T6217] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  374.627484][ T6217] RSP: 002b:00007fd2f0f7e038 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[  374.636303][ T6217] RAX: ffffffffffffffda RBX: 00007fd2f0335f80 RCX: 00007fd2f017dff9
[  374.644612][ T6217] RDX: 000000000000023b RSI: 00000000200012c0 RDI: 0000000000000003
[  374.652981][ T6217] RBP: 00007fd2f0f7e090 R08: 0000000000000000 R09: 0000000000000000
[  374.661264][ T6217] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  374.669627][ T6217] R13: 0000000000000000 R14: 00007fd2f0335f80 R15: 00007fffe9e16f68
[  374.677946][ T6217]  </TASK>
[  375.621391][ T6227] netlink: 216 bytes leftover after parsing attributes in process `syz.2.281'.
[  375.631327][ T6227] netlink: 8 bytes leftover after parsing attributes in process `syz.2.281'.
[  376.698819][ T6233] loop3: detected capacity change from 0 to 1024
[  376.710790][ T6233] EXT4-fs: Ignoring removed nobh option
[  376.716823][ T6233] EXT4-fs: Ignoring removed orlov option
[  376.723737][ T6233] EXT4-fs: Ignoring removed nomblk_io_submit option
[  376.864759][ T6239] loop0: detected capacity change from 0 to 1024
[  377.127324][ T6233] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  377.141143][ T6246] loop1: detected capacity change from 0 to 8
[  377.150235][ T6246] squashfs: Unknown parameter 'ÿ0xffffffffffffffff0xffffffffffffffff'
[  377.355439][ T6239] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  377.370244][ T6239] ext4 filesystem being mounted at /56/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  377.426271][ T6233] EXT4-fs error (device loop3): __ext4_remount:6522: comm syz.3.285: Abort forced by user
[  377.518163][ T6233] EXT4-fs (loop3): Remounting filesystem read-only
[  377.602226][ T6233] EXT4-fs (loop3): re-mounted 00000000-0000-0000-0000-000000000000 r/w. Quota mode: none.
[  378.658940][ T6268] loop5: detected capacity change from 0 to 16384
[  378.788393][ T6268] loop5: detected capacity change from 16384 to 16320
[  378.813184][ T6246] loop1: detected capacity change from 0 to 4096
[  378.848198][ T6246] ntfs3: loop1: try to read out of volume at offset 0x5c00
[  378.856633][ T6246] ntfs3: loop1: Failed to load $Volume (-5).
[  378.870764][ T1711] usb 4-1: new high-speed USB device number 8 using dummy_hcd
[  379.065598][ T1711] usb 4-1: no configurations
[  379.071066][ T1711] usb 4-1: can't read configurations, error -22
[  379.221441][ T5187] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  379.271067][ T1711] usb 4-1: new high-speed USB device number 9 using dummy_hcd
[  379.725029][ T6275] loop2: detected capacity change from 0 to 256
[  380.167702][ T5190] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  380.443835][   T29] audit: type=1326 audit(1727625888.369:19): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6281 comm="syz.3.297" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7fea7cd7dff9 code=0x0
[  380.695787][ T6290] netlink: 20 bytes leftover after parsing attributes in process `syz.4.301'.
[  380.705352][ T6290] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE
[  380.712999][ T6290] IPv6: NLM_F_CREATE should be set when creating new route
[  380.720627][ T6290] IPv6: NLM_F_CREATE should be set when creating new route
[  380.963444][ T6291] netlink: 12 bytes leftover after parsing attributes in process `syz.1.300'.
[  381.080284][ T1922] usb 1-1: new high-speed USB device number 8 using dummy_hcd
[  381.181079][ T6298] loop4: detected capacity change from 0 to 128
[  381.270934][ T1922] usb 1-1: Using ep0 maxpacket: 16
[  381.279473][ T1922] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x89 has an invalid bInterval 0, changing to 7
[  381.280033][ T1922] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x89 has invalid wMaxPacketSize 0
[  381.280263][ T1922] usb 1-1: New USB device found, idVendor=0158, idProduct=0100, bcdDevice= 0.00
[  381.280442][ T1922] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  381.294890][ T1922] usb 1-1: config 0 descriptor??
[  381.421983][ T6299] loop2: detected capacity change from 0 to 512
[  381.488724][ T6298] netlink: 16 bytes leftover after parsing attributes in process `syz.4.303'.
[  381.536352][ T6299] EXT4-fs warning (device loop2): dx_probe:878: Directory (ino: 2) htree depth 0x0002 exceedsupported value
[  381.536530][ T6299] EXT4-fs warning (device loop2): dx_probe:881: Enable large directory feature to access it
[  381.536663][ T6299] EXT4-fs warning (device loop2): dx_probe:966: inode #2: comm syz.2.304: Corrupt directory, running e2fsck is recommended
[  381.541646][ T6299] EXT4-fs (loop2): Cannot turn on journaled quota: type 1: error -117
[  381.544025][ T6299] EXT4-fs error (device loop2): ext4_xattr_ibody_find:2240: inode #15: comm syz.2.304: corrupted in-inode xattr: invalid ea_ino
[  381.581519][ T6299] EXT4-fs (loop2): Remounting filesystem read-only
[  381.583597][ T6299] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  383.766436][ T6302] loop1: detected capacity change from 0 to 32768
[  383.795975][ T6302] BTRFS: device fsid ed167579-eb65-4e76-9a50-61ac97e9b59d devid 1 transid 8 /dev/loop1 (7:1) scanned by syz.1.305 (6302)
[  383.955311][ T6302] BTRFS info (device loop1): first mount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d
[  383.966221][ T6302] BTRFS info (device loop1): using sha256 (sha256-generic) checksum algorithm
[  383.981175][ T6302] BTRFS info (device loop1): using free-space-tree
[  384.356145][ T1922] usbhid 1-1:0.0: can't add hid device: -71
[  384.369500][ T1922] usbhid 1-1:0.0: probe with driver usbhid failed with error -71
[  384.401270][ T1922] usb 1-1: USB disconnect, device number 8
[  384.583170][ T6302] workqueue: Failed to create a rescuer kthread for wq "btrfs-rmw": -EINTR
[  384.585751][ T6302] workqueue: Failed to create a rescuer kthread for wq "btrfs-endio-write": -EINTR
[  384.596148][ T6302] workqueue: Failed to create a rescuer kthread for wq "btrfs-compressed-write": -EINTR
[  384.606857][ T6302] workqueue: Failed to create a rescuer kthread for wq "btrfs-freespace-write": -EINTR
[  384.618205][ T6302] workqueue: Failed to create a rescuer kthread for wq "btrfs-delayed-meta": -EINTR
[  384.629173][ T6302] workqueue: Failed to create a rescuer kthread for wq "btrfs-qgroup-rescan": -EINTR
[  384.691347][ T6299] EXT4-fs warning (device loop2): dx_probe:878: Directory (ino: 2) htree depth 0x0002 exceedsupported value
[  384.714172][ T6299] EXT4-fs warning (device loop2): dx_probe:881: Enable large directory feature to access it
[  384.725210][ T6299] EXT4-fs warning (device loop2): dx_probe:966: inode #2: comm syz.2.304: Corrupt directory, running e2fsck is recommended
[  384.767310][ T6322] EXT4-fs warning (device loop2): dx_probe:878: Directory (ino: 2) htree depth 0x0002 exceedsupported value
[  384.785398][ T6322] EXT4-fs warning (device loop2): dx_probe:881: Enable large directory feature to access it
[  384.797917][ T6322] EXT4-fs warning (device loop2): dx_probe:966: inode #2: comm syz.2.304: Corrupt directory, running e2fsck is recommended
[  384.927041][ T6302] BTRFS error (device loop1): open_ctree failed
[  385.054561][ T6299] EXT4-fs warning (device loop2): dx_probe:878: Directory (ino: 2) htree depth 0x0002 exceedsupported value
[  385.066837][ T6299] EXT4-fs warning (device loop2): dx_probe:881: Enable large directory feature to access it
[  385.078520][ T6299] EXT4-fs warning (device loop2): dx_probe:966: inode #2: comm syz.2.304: Corrupt directory, running e2fsck is recommended
[  385.168173][ T6322] EXT4-fs warning (device loop2): dx_probe:878: Directory (ino: 2) htree depth 0x0002 exceedsupported value
[  385.330494][ T6322] kernel profiling enabled (shift: 0)
[  386.613757][ T6348] xt_CT: You must specify a L4 protocol and not use inversions on it
[  386.899919][ T1922] usb 4-1: new high-speed USB device number 10 using dummy_hcd
[  387.188724][ T1922] usb 4-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  387.199754][ T1922] usb 4-1: config 1 has 1 interface, different from the descriptor's value: 3
[  387.869228][ T1922] usb 4-1: New USB device found, idVendor=08b7, idProduct=0000, bcdDevice= 0.00
[  387.878934][ T1922] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3
[  387.887669][ T1922] usb 4-1: SerialNumber: syz
[  388.275777][ T1922] usb 4-1: 0:2 : does not exist
[  388.313045][ T1922] usb 4-1: unit 4 not found!
[  388.452744][ T1922] usb 4-1: USB disconnect, device number 10
[  388.672182][ T5528] udevd[5528]: error opening ATTR{/sys/devices/platform/dummy_hcd.3/usb4/4-1/4-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  389.166811][ T6361] loop1: detected capacity change from 0 to 256
[  389.457548][ T6361] FAT-fs (loop1): Directory bread(block 64) failed
[  389.464749][ T6361] FAT-fs (loop1): Directory bread(block 65) failed
[  389.472375][ T6361] FAT-fs (loop1): Directory bread(block 66) failed
[  389.479294][ T6361] FAT-fs (loop1): Directory bread(block 67) failed
[  389.491266][ T6361] FAT-fs (loop1): Directory bread(block 68) failed
[  389.498137][ T6361] FAT-fs (loop1): Directory bread(block 69) failed
[  389.506610][ T6361] FAT-fs (loop1): Directory bread(block 70) failed
[  389.513650][ T6361] FAT-fs (loop1): Directory bread(block 71) failed
[  389.521409][ T6361] FAT-fs (loop1): Directory bread(block 72) failed
[  389.528269][ T6361] FAT-fs (loop1): Directory bread(block 73) failed
[  389.556326][ T6363] veth1: entered promiscuous mode
[  389.561920][ T6363] macsec1: entered promiscuous mode
[  389.568337][ T6363] macsec1: entered allmulticast mode
[  389.574057][ T6363] veth1: entered allmulticast mode
[  389.664541][ T6361] syz.1.320: attempt to access beyond end of device
[  389.664541][ T6361] loop1: rw=524288, sector=1160, nr_sectors = 4 limit=256
[  389.679948][ T6361] syz.1.320: attempt to access beyond end of device
[  389.679948][ T6361] loop1: rw=0, sector=1160, nr_sectors = 4 limit=256
[  389.704251][   T29] audit: type=1800 audit(1727625897.689:20): pid=6361 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.1.320" name="file0" dev="loop1" ino=1048611 res=0 errno=0
[  389.730354][ T6363] veth1: left allmulticast mode
[  389.736691][ T6363] veth1: left promiscuous mode
[  389.962431][ T6361] xt_ecn: cannot match TCP bits for non-tcp packets
[  391.671386][ T6381] netlink: 80 bytes leftover after parsing attributes in process `syz.0.328'.
[  392.366994][ T5191] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1
[  392.621128][ T5191] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9
[  392.632040][ T5191] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9
[  392.646632][ T5191] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4
[  392.662363][ T5191] Bluetooth: hci5: unexpected cc 0x0c25 length: 249 > 3
[  392.672179][ T5191] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2
[  394.776214][ T5198] Bluetooth: hci5: command tx timeout
[  395.527790][ T6386] chnl_net:caif_netlink_parms(): no params data found
[  396.850987][ T5198] Bluetooth: hci5: command tx timeout
[  398.487044][ T6386] bridge0: port 1(bridge_slave_0) entered blocking state
[  398.498997][ T6386] bridge0: port 1(bridge_slave_0) entered disabled state
[  398.507278][ T6386] bridge_slave_0: entered allmulticast mode
[  398.516869][ T6386] bridge_slave_0: entered promiscuous mode
[  398.661331][ T6386] bridge0: port 2(bridge_slave_1) entered blocking state
[  398.669200][ T6386] bridge0: port 2(bridge_slave_1) entered disabled state
[  398.677869][ T6386] bridge_slave_1: entered allmulticast mode
[  398.687783][ T6386] bridge_slave_1: entered promiscuous mode
[  398.941068][ T5198] Bluetooth: hci5: command tx timeout
[  399.303869][ T6386] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  399.438450][ T6386] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  400.037747][ T6386] team0: Port device team_slave_0 added
[  400.160288][ T6386] team0: Port device team_slave_1 added
[  400.751962][ T6386] batman_adv: batadv0: Adding interface: batadv_slave_0
[  400.759199][ T6386] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  400.785977][ T6386] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  401.070854][ T5198] Bluetooth: hci5: command tx timeout
[  401.271031][ T6386] batman_adv: batadv0: Adding interface: batadv_slave_1
[  401.278401][ T6386] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  401.305339][ T6386] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  402.298056][ T6432] loop1: detected capacity change from 0 to 1024
[  402.346093][ T6438] loop0: detected capacity change from 0 to 512
[  402.474273][ T6438] EXT4-fs: Ignoring removed orlov option
[  402.715771][ T6438] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  402.730094][ T6438] ext4 filesystem being mounted at /65/bus supports timestamps until 2038-01-19 (0x7fffffff)
[  402.827879][ T6386] hsr_slave_0: entered promiscuous mode
[  403.038983][ T6386] hsr_slave_1: entered promiscuous mode
[  403.097527][ T6386] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  403.110069][ T6386] Cannot create hsr debugfs directory
[  403.129047][ T6441] warning: `syz.4.347' uses wireless extensions which will stop working for Wi-Fi 7 hardware; use nl80211
[  404.543667][ T5187] EXT4-fs error (device loop0): ext4_readdir:261: inode #12: block 32: comm syz-executor: path /65/bus/file0: bad entry in directory: rec_len is smaller than minimal - offset=0, inode=3, rec_len=0, size=2048 fake=0
[  404.723633][ T6322] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  404.987838][ T6452] loop4: detected capacity change from 0 to 1024
[  405.092719][ T6452] EXT4-fs: Ignoring removed nomblk_io_submit option
[  405.140329][ T6452] EXT4-fs: Quota format mount options ignored when QUOTA feature is enabled
[  405.146137][ T3508] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  405.256922][ T5198] Bluetooth: hci5: command tx timeout
[  405.264666][ T6452] [EXT4 FS bs=1024, gc=1, bpg=131072, ipg=32, mo=e854e01c, mo2=0003]
[  405.360011][ T6452] System zones: 0-1, 3-36
[  405.416465][ T6452] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  405.469210][ T3508] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  406.079186][ T6454] loop1: detected capacity change from 0 to 4096
[  406.088169][ T3508] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  406.100397][ T6454] ntfs3: Unknown parameter '0000000000000000000000300000000000000000000003'
[  406.122001][ T5185] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  406.469325][ T3508] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  406.677493][ T6470] loop3: detected capacity change from 0 to 64
[  407.051520][ T3508] bridge_slave_1: left allmulticast mode
[  407.057587][ T3508] bridge_slave_1: left promiscuous mode
[  407.065320][ T3508] bridge0: port 2(bridge_slave_1) entered disabled state
[  407.176761][ T6476] loop4: detected capacity change from 0 to 64
[  407.210739][ T3508] bridge_slave_0: left allmulticast mode
[  407.216930][ T3508] bridge_slave_0: left promiscuous mode
[  407.224737][ T3508] bridge0: port 1(bridge_slave_0) entered disabled state
[  407.703242][ T1711] usb 5-1: new full-speed USB device number 10 using dummy_hcd
[  408.025381][ T1711] usb 5-1: unable to get BOS descriptor or descriptor too short
[  408.073702][ T1711] usb 5-1: not running at top speed; connect to a high speed hub
[  408.138958][ T1711] usb 5-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  408.150446][ T1711] usb 5-1: config 1 interface 0 altsetting 4 endpoint 0x81 has an invalid bInterval 0, changing to 10
[  408.162186][ T1711] usb 5-1: config 1 interface 0 altsetting 4 has 1 endpoint descriptor, different from the interface descriptor's value: 3
[  408.175586][ T1711] usb 5-1: config 1 interface 0 has no altsetting 0
[  408.408186][ T3508] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  408.717901][ T1711] usb 5-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[  408.728614][ T1711] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  408.739812][ T1711] usb 5-1: Product: syz
[  408.744271][ T1711] usb 5-1: Manufacturer: syz
[  408.750261][ T1711] usb 5-1: SerialNumber: syz
[  408.885701][ T3508] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  408.943402][ T3508] bond0 (unregistering): Released all slaves
[  409.105315][ T1711] cdc_ether 5-1:1.0: probe with driver cdc_ether failed with error -22
[  409.228736][ T1711] usb 5-1: USB disconnect, device number 10
[  410.646671][ T6485] netlink: 'syz.4.361': attribute type 9 has an invalid length.
[  413.505549][ T3508] hsr_slave_0: left promiscuous mode
[  413.570705][ T3508] hsr_slave_1: left promiscuous mode
[  413.653716][ T3508] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  413.661848][ T3508] batman_adv: batadv0: Removing interface: batadv_slave_0
[  413.671787][ T1240] ieee802154 phy0 wpan0: encryption failed: -22
[  413.678717][ T1240] ieee802154 phy1 wpan1: encryption failed: -22
[  413.803578][ T3508] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  413.811619][ T3508] batman_adv: batadv0: Removing interface: batadv_slave_1
[  413.820085][ T6487] loop4: detected capacity change from 0 to 32768
[  413.868221][ T3508] veth1_macvtap: left promiscuous mode
[  413.874398][ T3508] veth0_macvtap: left promiscuous mode
[  413.881236][ T3508] veth1_vlan: left promiscuous mode
[  413.886882][ T3508] veth0_vlan: left promiscuous mode
[  414.320278][ T6487] ocfs2: Mounting device (7,4) on (node local, slot 0) with ordered data mode.
[  414.963219][ T5185] ocfs2: Unmounting device (7,4) on (node local)
[  415.046173][ T3508] team0 (unregistering): Port device team_slave_1 removed
[  415.123251][ T3508] team0 (unregistering): Port device team_slave_0 removed
[  415.995961][ T6504] loop3: detected capacity change from 0 to 1024
[  416.048008][ T6507] loop4: detected capacity change from 0 to 64
[  416.250442][ T5191] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1
[  416.396084][ T6386] netdevsim netdevsim2 netdevsim0: renamed from eth0
[  416.655676][ T5191] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9
[  416.692082][ T5191] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9
[  416.706584][ T5191] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4
[  416.719035][ T5191] Bluetooth: hci4: unexpected cc 0x0c25 length: 249 > 3
[  416.732145][ T5191] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2
[  416.769175][ T6504] hfsplus: xattr searching failed
[  416.948425][ T6517] loop1: detected capacity change from 0 to 64
[  417.304321][ T6386] netdevsim netdevsim2 netdevsim1: renamed from eth1
[  417.380720][ T6386] netdevsim netdevsim2 netdevsim2: renamed from eth2
[  417.617477][ T6386] netdevsim netdevsim2 netdevsim3: renamed from eth3
[  417.777935][ T5187] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  418.321718][ T3508] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  418.656363][ T3508] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  418.850291][ T5191] Bluetooth: hci4: command tx timeout
[  418.986390][ T3508] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  419.192424][ T3508] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  419.780342][ T3508] bridge_slave_1: left allmulticast mode
[  419.786330][ T3508] bridge_slave_1: left promiscuous mode
[  419.796503][ T3508] bridge0: port 2(bridge_slave_1) entered disabled state
[  419.824190][ T6538] loop4: detected capacity change from 0 to 64
[  419.969096][ T3508] bridge_slave_0: left allmulticast mode
[  419.975835][ T3508] bridge_slave_0: left promiscuous mode
[  419.982850][ T3508] bridge0: port 1(bridge_slave_0) entered disabled state
[  420.616744][   T29] audit: type=1326 audit(1727625928.549:21): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6542 comm="syz.3.377" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7fea7cd7dff9 code=0x0
[  420.880172][ T3508] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  420.911489][ T6541] loop1: detected capacity change from 0 to 512
[  420.930201][ T5191] Bluetooth: hci4: command tx timeout
[  420.991916][ T6541] EXT4-fs: Warning: mounting with data=journal disables delayed allocation, dioread_nolock, O_DIRECT and fast_commit support!
[  421.002029][ T3508] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  421.005721][ T6541] EXT4-fs (loop1): encrypted files will use data=ordered instead of data journaling mode
[  421.046095][ T3508] bond0 (unregistering): Released all slaves
[  421.194573][ T6508] chnl_net:caif_netlink_parms(): no params data found
[  421.233001][ T6541] EXT4-fs (loop1): 1 truncate cleaned up
[  421.241334][ T6541] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  421.422003][   T44] usb 5-1: new high-speed USB device number 11 using dummy_hcd
[  421.650461][   T44] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  421.661336][   T44] usb 5-1: New USB device found, idVendor=1bc7, idProduct=9010, bcdDevice=36.53
[  421.671092][   T44] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  421.822796][   T44] usb 5-1: config 0 descriptor??
[  421.852443][ T3508] hsr_slave_0: left promiscuous mode
[  421.936879][ T6554] loop3: detected capacity change from 0 to 1024
[  421.973653][   T44] option 5-1:0.0: GSM modem (1-port) converter detected
[  422.095848][ T3508] hsr_slave_1: left promiscuous mode
[  422.105860][ T3508] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  422.113930][ T3508] batman_adv: batadv0: Removing interface: batadv_slave_0
[  422.144898][ T6548] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  422.192850][ T3508] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  422.200903][ T3508] batman_adv: batadv0: Removing interface: batadv_slave_1
[  422.218855][ T6548] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  422.350559][ T3508] veth1_macvtap: left promiscuous mode
[  422.358990][ T3508] veth0_macvtap: left promiscuous mode
[  422.366164][ T3508] veth1_vlan: left promiscuous mode
[  422.372030][ T3508] veth0_vlan: left promiscuous mode
[  422.408351][ T6554] hfsplus: request for non-existent node 3 in B*Tree
[  422.416013][ T6554] hfsplus: request for non-existent node 3 in B*Tree
[  422.607106][ T5183] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  422.640078][   T29] audit: type=1800 audit(1727625930.619:22): pid=6554 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.3.380" name="file0" dev="loop3" ino=2 res=0 errno=0
[  423.011572][ T5191] Bluetooth: hci4: command tx timeout
[  423.233552][   T29] audit: type=1804 audit(1727625931.189:23): pid=6554 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.3.380" name="/newroot/84/bus/file0" dev="loop3" ino=2 res=1 errno=0
[  423.696135][ T3508] team0 (unregistering): Port device team_slave_1 removed
[  423.784797][ T3508] team0 (unregistering): Port device team_slave_0 removed
[  423.968595][ T6574] loop1: detected capacity change from 0 to 1024
[  424.058861][ T6574] hfsplus: failed to load attributes file
[  424.222620][ T6386] 8021q: adding VLAN 0 to HW filter on device bond0
[  424.538141][ T5240] usb 5-1: USB disconnect, device number 11
[  424.594329][ T5240] option 5-1:0.0: device disconnected
[  424.706645][ T6386] 8021q: adding VLAN 0 to HW filter on device team0
[  424.854854][ T3324] bridge0: port 1(bridge_slave_0) entered blocking state
[  424.862867][ T3324] bridge0: port 1(bridge_slave_0) entered forwarding state
[  425.108788][ T3324] bridge0: port 2(bridge_slave_1) entered blocking state
[  425.116816][ T3324] bridge0: port 2(bridge_slave_1) entered forwarding state
[  425.129914][ T5191] Bluetooth: hci4: command tx timeout
[  425.585886][ T6582] loop1: detected capacity change from 0 to 128
[  425.757123][ T6582] EXT4-fs (loop1): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none.
[  425.773072][ T6582] ext4 filesystem being mounted at /86/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa supports timestamps until 2038-01-19 (0x7fffffff)
[  426.859838][ T5240] usb 4-1: new high-speed USB device number 12 using dummy_hcd
[  427.020831][ T5240] usb 4-1: device descriptor read/64, error -71
[  427.034313][ T1711] usb 5-1: new high-speed USB device number 12 using dummy_hcd
[  427.045456][ T6508] bridge0: port 1(bridge_slave_0) entered blocking state
[  427.053575][ T6508] bridge0: port 1(bridge_slave_0) entered disabled state
[  427.061746][ T6508] bridge_slave_0: entered allmulticast mode
[  427.074793][ T6508] bridge_slave_0: entered promiscuous mode
[  427.231387][ T6508] bridge0: port 2(bridge_slave_1) entered blocking state
[  427.234157][ T1711] usb 5-1: device descriptor read/64, error -71
[  427.239319][ T6508] bridge0: port 2(bridge_slave_1) entered disabled state
[  427.253574][ T6508] bridge_slave_1: entered allmulticast mode
[  427.263268][ T6508] bridge_slave_1: entered promiscuous mode
[  427.283045][ T5240] usb 4-1: new high-speed USB device number 13 using dummy_hcd
[  427.460343][ T5240] usb 4-1: device descriptor read/64, error -71
[  427.494126][ T6508] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  427.513346][ T1711] usb 5-1: new high-speed USB device number 13 using dummy_hcd
[  427.572465][ T6508] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  427.573892][ T5240] usb usb4-port1: attempt power cycle
[  427.714759][ T1711] usb 5-1: device descriptor read/64, error -71
[  427.816561][ T6508] team0: Port device team_slave_0 added
[  427.848728][ T1711] usb usb5-port1: attempt power cycle
[  427.890252][ T6508] team0: Port device team_slave_1 added
[  428.013557][ T5240] usb 4-1: new high-speed USB device number 14 using dummy_hcd
[  428.101755][ T5240] usb 4-1: device descriptor read/8, error -71
[  428.174764][ T6508] batman_adv: batadv0: Adding interface: batadv_slave_0
[  428.182508][ T6508] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  428.211847][ T6508] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  428.241538][ T1711] usb 5-1: new high-speed USB device number 14 using dummy_hcd
[  428.277576][ T6386] 8021q: adding VLAN 0 to HW filter on device batadv0
[  428.296914][ T1711] usb 5-1: device descriptor read/8, error -71
[  428.327818][ T6508] batman_adv: batadv0: Adding interface: batadv_slave_1
[  428.335358][ T6508] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  428.363385][ T6508] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  428.396147][ T5240] usb 4-1: new high-speed USB device number 15 using dummy_hcd
[  428.444615][ T5240] usb 4-1: device descriptor read/8, error -71
[  428.589993][ T1711] usb 5-1: new high-speed USB device number 15 using dummy_hcd
[  428.604202][ T5240] usb usb4-port1: unable to enumerate USB device
[  428.621215][ T5183] EXT4-fs (loop1): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09.
[  428.649870][ T1711] usb 5-1: device descriptor read/8, error -71
[  428.781542][ T1711] usb usb5-port1: unable to enumerate USB device
[  428.874989][ T6508] hsr_slave_0: entered promiscuous mode
[  428.920981][ T6602] loop1: detected capacity change from 0 to 128
[  428.944460][ T6508] hsr_slave_1: entered promiscuous mode
[  428.975290][ T6602] EXT4-fs (loop1): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none.
[  428.999415][ T6508] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  429.011040][ T6508] Cannot create hsr debugfs directory
[  429.120333][ T6602] ext4 filesystem being mounted at /87/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  429.318869][ T6386] veth0_vlan: entered promiscuous mode
[  429.588166][ T6386] veth1_vlan: entered promiscuous mode
[  429.849236][ T5183] EXT4-fs (loop1): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09.
[  430.217505][ T6614] loop4: detected capacity change from 0 to 1024
[  430.231480][ T6614] hfsplus: unable to parse mount options
[  430.375369][ T6386] veth0_macvtap: entered promiscuous mode
[  430.390147][ T1711] usb 4-1: new high-speed USB device number 16 using dummy_hcd
[  430.508602][ T6386] veth1_macvtap: entered promiscuous mode
[  430.627843][ T1711] usb 4-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  430.634408][ T6386] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  430.638689][ T1711] usb 4-1: config 1 has 1 interface, different from the descriptor's value: 3
[  430.652388][ T6386] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  430.671216][ T6386] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  430.683025][ T6386] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  430.694003][ T6386] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  430.707792][ T6386] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  430.723794][ T6386] batman_adv: batadv0: Interface activated: batadv_slave_0
[  430.896070][ T1711] usb 4-1: New USB device found, idVendor=08b7, idProduct=0000, bcdDevice= 0.00
[  430.906357][ T1711] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3
[  430.914922][ T1711] usb 4-1: SerialNumber: syz
[  431.129870][ T6386] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  431.140953][ T6386] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  431.151446][ T6386] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  431.164546][ T6386] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  431.175657][ T6386] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  431.186543][ T6386] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  431.202171][ T6386] batman_adv: batadv0: Interface activated: batadv_slave_1
[  431.352302][ T1711] usb 4-1: 0:2 : does not exist
[  431.357555][ T1711] usb 4-1: unit 5 not found!
[  431.462353][ T1711] usb 4-1: USB disconnect, device number 16
[  431.601738][ T6386] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  431.611050][ T6386] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  431.620470][ T6386] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  431.629802][ T6386] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  432.178814][ T5528] udevd[5528]: error opening ATTR{/sys/devices/platform/dummy_hcd.3/usb4/4-1/4-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  432.425086][ T6508] netdevsim netdevsim0 netdevsim0: renamed from eth0
[  432.478901][ T6631] loop1: detected capacity change from 0 to 16
[  432.536895][ T6508] netdevsim netdevsim0 netdevsim1: renamed from eth1
[  432.586377][ T6631] erofs: (device loop1): mounted with root inode @ nid 36.
[  432.662853][ T6508] netdevsim netdevsim0 netdevsim2: renamed from eth2
[  432.742913][ T6631] syz.1.393: attempt to access beyond end of device
[  432.742913][ T6631] loop1: rw=0, sector=14546590680, nr_sectors = 16 limit=16
[  432.757734][ T6631] erofs: (device loop1): z_erofs_read_folio: read error -5 @ 43 of nid 36
[  432.759793][ T6508] netdevsim netdevsim0 netdevsim3: renamed from eth3
[  432.857810][ T6631] erofs: (device loop1): z_erofs_readahead: readahead error at folio 40 @ nid 36
[  432.867698][ T6631] erofs: (device loop1): z_erofs_readahead: readahead error at folio 39 @ nid 36
[  432.877611][ T6631] erofs: (device loop1): z_erofs_readahead: readahead error at folio 38 @ nid 36
[  432.888055][ T6631] erofs: (device loop1): z_erofs_readahead: readahead error at folio 34 @ nid 36
[  432.898272][ T6631] erofs: (device loop1): z_erofs_readahead: readahead error at folio 32 @ nid 36
[  432.910970][ T6631] erofs: (device loop1): z_erofs_readahead: readahead error at folio 30 @ nid 36
[  432.921740][ T6631] erofs: (device loop1): z_erofs_readahead: readahead error at folio 27 @ nid 36
[  432.932800][ T6631] erofs: (device loop1): z_erofs_readahead: readahead error at folio 26 @ nid 36
[  432.932939][ T6631] erofs: (device loop1): z_erofs_readahead: readahead error at folio 25 @ nid 36
[  432.933266][ T6631] erofs: (device loop1): z_erofs_readahead: readahead error at folio 24 @ nid 36
[  432.933413][ T6631] erofs: (device loop1): z_erofs_readahead: readahead error at folio 23 @ nid 36
[  432.933554][ T6631] erofs: (device loop1): z_erofs_readahead: readahead error at folio 22 @ nid 36
[  432.933842][ T6631] erofs: (device loop1): z_erofs_readahead: readahead error at folio 21 @ nid 36
[  432.933971][ T6631] erofs: (device loop1): z_erofs_readahead: readahead error at folio 20 @ nid 36
[  432.934251][ T6631] erofs: (device loop1): z_erofs_readahead: readahead error at folio 18 @ nid 36
[  432.934895][ T6631] erofs: (device loop1): z_erofs_readahead: readahead error at folio 12 @ nid 36
[  432.935105][ T6631] erofs: (device loop1): z_erofs_readahead: readahead error at folio 10 @ nid 36
[  432.935701][ T6631] erofs: (device loop1): z_erofs_readahead: readahead error at folio 6 @ nid 36
[  432.935910][ T6631] erofs: (device loop1): z_erofs_readahead: readahead error at folio 4 @ nid 36
[  432.936486][ T6631] erofs: (device loop1): z_erofs_do_map_blocks: invalid logical cluster 0 at nid 36
[  432.936604][ T6631] erofs: (device loop1): z_erofs_readahead: readahead error at folio 0 @ nid 36
[  432.937028][ T6631] syz.1.393: attempt to access beyond end of device
[  432.937028][ T6631] loop1: rw=524288, sector=296, nr_sectors = 16 limit=16
[  432.937476][ T6631] syz.1.393: attempt to access beyond end of device
[  432.937476][ T6631] loop1: rw=524288, sector=1049264, nr_sectors = 16 limit=16
[  432.937859][ T6631] syz.1.393: attempt to access beyond end of device
[  432.937859][ T6631] loop1: rw=524288, sector=6520, nr_sectors = 16 limit=16
[  432.938372][ T6631] syz.1.393: attempt to access beyond end of device
[  432.938372][ T6631] loop1: rw=524288, sector=34359736328, nr_sectors = 16 limit=16
[  432.938766][ T6631] syz.1.393: attempt to access beyond end of device
[  432.938766][ T6631] loop1: rw=524288, sector=720, nr_sectors = 16 limit=16
[  432.939224][ T6631] syz.1.393: attempt to access beyond end of device
[  432.939224][ T6631] loop1: rw=524288, sector=536576856, nr_sectors = 16 limit=16
[  432.939898][ T6631] syz.1.393: attempt to access beyond end of device
[  432.939898][ T6631] loop1: rw=524288, sector=13478624032, nr_sectors = 8 limit=16
[  432.940390][ T6631] syz.1.393: attempt to access beyond end of device
[  432.940390][ T6631] loop1: rw=524288, sector=13716630376, nr_sectors = 8 limit=16
[  432.940803][ T6631] syz.1.393: attempt to access beyond end of device
[  432.940803][ T6631] loop1: rw=524288, sector=133693448, nr_sectors = 8 limit=16
[  432.950867][ T6631] erofs: (device loop1): z_erofs_readahead: readahead error at folio 86 @ nid 36
[  432.951090][ T6631] erofs: (device loop1): z_erofs_readahead: readahead error at folio 84 @ nid 36
[  432.951662][ T6631] erofs: (device loop1): z_erofs_readahead: readahead error at folio 80 @ nid 36
[  432.952405][ T6631] erofs: (device loop1): z_erofs_readahead: readahead error at folio 74 @ nid 36
[  432.952614][ T6631] erofs: (device loop1): z_erofs_readahead: readahead error at folio 72 @ nid 36
[  432.953016][ T6631] erofs: (device loop1): z_erofs_readahead: readahead error at folio 70 @ nid 36
[  432.953381][ T6631] erofs: (device loop1): z_erofs_extent_lookback: bogus lookback distance 1388 @ lcn 62 of nid 36
[  432.953530][ T6631] erofs: (device loop1): z_erofs_readahead: readahead error at folio 63 @ nid 36
[  432.953668][ T6631] erofs: (device loop1): z_erofs_extent_lookback: bogus lookback distance 1388 @ lcn 62 of nid 36
[  432.953817][ T6631] erofs: (device loop1): z_erofs_readahead: readahead error at folio 62 @ nid 36
[  432.954125][ T6631] erofs: (device loop1): z_erofs_readahead: readahead error at folio 58 @ nid 36
[  432.954270][ T6631] erofs: (device loop1): z_erofs_readahead: readahead error at folio 57 @ nid 36
[  432.954671][ T6631] erofs: (device loop1): z_erofs_readahead: readahead error at folio 54 @ nid 36
[  432.954810][ T6631] erofs: (device loop1): z_erofs_readahead: readahead error at folio 53 @ nid 36
[  432.954948][ T6631] erofs: (device loop1): z_erofs_readahead: readahead error at folio 52 @ nid 36
[  432.955086][ T6631] erofs: (device loop1): z_erofs_readahead: readahead error at folio 51 @ nid 36
[  432.955223][ T6631] erofs: (device loop1): z_erofs_extent_lookback: bogus lookback distance 363 @ lcn 50 of nid 36
[  432.955379][ T6631] erofs: (device loop1): z_erofs_readahead: readahead error at folio 50 @ nid 36
[  432.955828][ T6631] erofs: (device loop1): z_erofs_readahead: readahead error at folio 47 @ nid 36
[  432.955968][ T6631] erofs: (device loop1): z_erofs_readahead: readahead error at folio 46 @ nid 36
[  433.136518][ T6631] erofs: (device loop1): z_erofs_read_folio: read error -5 @ 43 of nid 36
[  433.752750][ T6628] loop4: detected capacity change from 0 to 4096
[  434.014140][ T6508] 8021q: adding VLAN 0 to HW filter on device bond0
[  434.220118][ T6508] 8021q: adding VLAN 0 to HW filter on device team0
[  434.299850][ T3508] bridge0: port 1(bridge_slave_0) entered blocking state
[  434.300427][ T3508] bridge0: port 1(bridge_slave_0) entered forwarding state
[  434.310291][ T3508] bridge0: port 2(bridge_slave_1) entered blocking state
[  434.310822][ T3508] bridge0: port 2(bridge_slave_1) entered forwarding state
[  434.574000][ T6652] netlink: 4 bytes leftover after parsing attributes in process `syz.3.396'.
[  434.624181][ T6647] NILFS (loop4): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
[  435.091665][   T29] audit: type=1800 audit(1727625943.049:24): pid=6628 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.4.392" name="file1" dev="loop4" ino=15 res=0 errno=0
[  435.607128][ T6653] syz.4.392 (6653) used greatest stack depth: 4424 bytes left
[  438.407608][ T6669] loop3: detected capacity change from 0 to 32768
[  438.624469][ T6681] loop1: detected capacity change from 0 to 512
[  438.627716][ T6508] 8021q: adding VLAN 0 to HW filter on device batadv0
[  439.024001][ T6687] loop4: detected capacity change from 0 to 1024
[  439.096237][ T6508] veth0_vlan: entered promiscuous mode
[  439.321667][ T6508] veth1_vlan: entered promiscuous mode
[  439.461919][ T6681] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  439.475475][ T6681] ext4 filesystem being mounted at /91/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  439.526167][ T6508] veth0_macvtap: entered promiscuous mode
[  439.599129][ T6508] veth1_macvtap: entered promiscuous mode
[  439.717304][ T6508] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  439.729141][ T6508] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  439.739695][ T6508] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  439.751142][ T6508] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  439.764405][ T6508] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  439.776629][ T6508] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  439.787115][ T6508] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  439.798015][ T6508] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  439.813864][ T6508] batman_adv: batadv0: Interface activated: batadv_slave_0
[  439.887457][ T6508] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  439.900196][ T6508] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  439.910999][ T6508] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  439.921984][ T6508] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  439.932175][ T6508] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  439.943981][ T6508] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  439.954296][ T6508] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  439.967630][ T6508] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  439.984202][ T6508] batman_adv: batadv0: Interface activated: batadv_slave_1
[  440.022774][ T6687] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  440.036109][ T6687] ext4 filesystem being mounted at /84/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  440.280127][ T6508] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  440.289487][ T6508] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  440.306019][ T6508] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  440.315307][ T6508] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  440.394843][ T5183] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  440.583498][ T5240] usb 4-1: new high-speed USB device number 17 using dummy_hcd
[  440.788723][ T5240] usb 4-1: Using ep0 maxpacket: 8
[  440.841806][ T5240] usb 4-1: New USB device found, idVendor=13d3, idProduct=3306, bcdDevice=88.be
[  440.851888][ T5240] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  440.860396][ T5240] usb 4-1: Product: syz
[  440.864862][ T5240] usb 4-1: Manufacturer: syz
[  440.869861][ T5240] usb 4-1: SerialNumber: syz
[  440.997864][ T5240] usb 4-1: config 0 descriptor??
[  441.034257][   T29] audit: type=1326 audit(1727625949.019:25): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6704 comm="syz.1.402" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd2f017dff9 code=0x7ffc0000
[  441.095163][ T5240] r8712u: register rtl8712_netdev_ops to netdev_ops
[  441.103014][ T5240] usb 4-1: r8712u: USB_SPEED_HIGH with 0 endpoints
[  441.166058][   T29] audit: type=1326 audit(1727625949.109:26): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6704 comm="syz.1.402" exe="/root/syz-executor" sig=0 arch=c000003e syscall=319 compat=0 ip=0x7fd2f017dff9 code=0x7ffc0000
[  441.190121][   T29] audit: type=1326 audit(1727625949.109:27): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6704 comm="syz.1.402" exe="/root/syz-executor" sig=0 arch=c000003e syscall=9 compat=0 ip=0x7fd2f017e033 code=0x7ffc0000
[  441.370460][ T5185] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  441.488120][ T6705] loop1: detected capacity change from 0 to 1024
[  441.530986][   T29] audit: type=1326 audit(1727625949.249:28): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6704 comm="syz.1.402" exe="/root/syz-executor" sig=0 arch=c000003e syscall=1 compat=0 ip=0x7fd2f017cadf code=0x7ffc0000
[  441.553917][   T29] audit: type=1326 audit(1727625949.469:29): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6704 comm="syz.1.402" exe="/root/syz-executor" sig=0 arch=c000003e syscall=11 compat=0 ip=0x7fd2f017e087 code=0x7ffc0000
[  441.576891][   T29] audit: type=1326 audit(1727625949.469:30): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6704 comm="syz.1.402" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7fd2f017c990 code=0x7ffc0000
[  441.600024][   T29] audit: type=1326 audit(1727625949.469:31): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6704 comm="syz.1.402" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7fd2f017dbfb code=0x7ffc0000
[  441.652182][ T6705] EXT4-fs: Ignoring removed oldalloc option
[  441.763230][   T29] audit: type=1326 audit(1727625949.629:32): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6704 comm="syz.1.402" exe="/root/syz-executor" sig=0 arch=c000003e syscall=3 compat=0 ip=0x7fd2f017cc8a code=0x7ffc0000
[  441.787169][   T29] audit: type=1326 audit(1727625949.629:33): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6704 comm="syz.1.402" exe="/root/syz-executor" sig=0 arch=c000003e syscall=3 compat=0 ip=0x7fd2f017cc8a code=0x7ffc0000
[  441.790595][ T6705] EXT4-fs (loop1): stripe (3) is not aligned with cluster size (16), stripe is disabled
[  441.815723][   T29] audit: type=1326 audit(1727625949.629:34): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6704 comm="syz.1.402" exe="/root/syz-executor" sig=0 arch=c000003e syscall=258 compat=0 ip=0x7fd2f017c897 code=0x7ffc0000
[  441.870625][ T5240] usb 4-1: r8712u: Boot from EFUSE: Autoload Failed
[  441.877760][ T5240] usb 4-1: r8712u: MAC Address from efuse = 00:e0:4c:87:00:00
[  441.887324][ T5240] usb 4-1: r8712u: Loading firmware from "rtlwifi/rtl8712u.bin"
[  442.495356][ T3508] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  442.504452][ T3508] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  442.674473][ T6705] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  442.849175][ T4286] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  442.858708][ T4286] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  443.247046][ T5244] usb 5-1: new full-speed USB device number 16 using dummy_hcd
[  443.490284][ T5244] usb 5-1: New USB device found, idVendor=05ac, idProduct=0290, bcdDevice=dc.1b
[  443.501018][ T5244] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  443.890892][ T5244] usb 5-1: config 0 descriptor??
[  443.975237][ T5183] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  444.005722][ T5244] input: bcm5974 as /devices/platform/dummy_hcd.4/usb5/5-1/5-1:0.0/input/input7
[  444.305905][ T1922] usb 4-1: USB disconnect, device number 17
[  444.686969][ T6741] loop1: detected capacity change from 0 to 128
[  445.500450][ T6741] TCP: request_sock_subflow_v6: Possible SYN flooding on port [fe80::aa]:20002. Sending cookies.
[  445.894388][ T6752] loop3: detected capacity change from 0 to 512
[  445.970362][ T6752] EXT4-fs (loop3): #blocks per group too big: 16384
[  446.043715][ T1711] usb 5-1: USB disconnect, device number 16
[  446.395083][ T6752] loop3: detected capacity change from 0 to 512
[  446.498897][ T6757] loop4: detected capacity change from 0 to 128
[  446.721964][ T6757] EXT4-fs (loop4): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none.
[  446.779206][ T6752] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  446.792824][ T6752] ext4 filesystem being mounted at /94/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  446.941320][ T6757] ext4 filesystem being mounted at /86/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa supports timestamps until 2038-01-19 (0x7fffffff)
[  447.047539][ T6752] EXT4-fs error (device loop3): ext4_mb_generate_buddy:1220: group 0, block bitmap and bg descriptor inconsistent: 96 vs 65376 free clusters
[  447.180732][ T6752] EXT4-fs (loop3): Delayed block allocation failed for inode 15 at logical offset 1 with max blocks 33 with error 28
[  447.194125][ T6752] EXT4-fs (loop3): This should not happen!! Data will be lost
[  447.194125][ T6752] 
[  447.204406][ T6752] EXT4-fs (loop3): Total free blocks count 0
[  447.211178][ T6752] EXT4-fs (loop3): Free/Dirty block details
[  447.217531][ T6752] EXT4-fs (loop3): free_blocks=65280
[  447.223340][ T6752] EXT4-fs (loop3): dirty_blocks=33
[  447.229004][ T6752] EXT4-fs (loop3): Block reservation details
[  447.240581][ T6752] EXT4-fs (loop3): i_reserved_data_blocks=33
[  447.442935][   T29] kauditd_printk_skb: 8 callbacks suppressed
[  447.443024][   T29] audit: type=1800 audit(1727625955.419:43): pid=6757 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.4.408" name="file1" dev="loop4" ino=12 res=0 errno=0
[  447.470251][   T29] audit: type=1800 audit(1727625955.439:44): pid=6757 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.4.408" name="file2" dev="loop4" ino=13 res=0 errno=0
[  448.237052][ T5185] EXT4-fs (loop4): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09.
[  448.561772][ T6780] loop1: detected capacity change from 0 to 1024
[  448.582306][ T6782] FAULT_INJECTION: forcing a failure.
[  448.582306][ T6782] name failslab, interval 1, probability 0, space 0, times 0
[  448.595813][ T6782] CPU: 1 UID: 0 PID: 6782 Comm: syz.2.410 Not tainted 6.11.0-syzkaller-11993-g3efc57369a0c #0
[  448.606506][ T6782] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
[  448.617106][ T6782] Call Trace:
[  448.620619][ T6782]  <TASK>
[  448.623863][ T6782]  dump_stack_lvl+0x216/0x2d0
[  448.628924][ T6782]  dump_stack+0x1e/0x30
[  448.633417][ T6782]  should_fail_ex+0x748/0x7f0
[  448.638461][ T6782]  should_failslab+0x17f/0x210
[  448.643560][ T6782]  kmem_cache_alloc_lru_noprof+0xec/0xb30
[  448.649663][ T6782]  ? kmsan_internal_poison_memory+0x49/0x90
[  448.655944][ T6782]  ? shmem_alloc_inode+0x5a/0xd0
[  448.661265][ T6782]  ? kmsan_get_shadow_origin_ptr+0x4d/0xb0
[  448.667420][ T6782]  shmem_alloc_inode+0x5a/0xd0
[  448.672560][ T6782]  ? __pfx_shmem_alloc_inode+0x10/0x10
[  448.678435][ T6782]  alloc_inode+0x86/0x460
[  448.683212][ T6782]  new_inode+0x38/0x480
[  448.687741][ T6782]  ? kmsan_get_metadata+0x13e/0x1c0
[  448.693361][ T6782]  ? kmsan_get_shadow_origin_ptr+0x4d/0xb0
[  448.699512][ T6782]  shmem_get_inode+0x6f2/0x1940
[  448.704745][ T6782]  __shmem_file_setup+0x249/0x4d0
[  448.710139][ T6782]  shmem_file_setup+0x61/0x80
[  448.715169][ T6782]  __se_sys_memfd_create+0x8a3/0x1260
[  448.720892][ T6782]  ? ksys_write+0x416/0x4c0
[  448.725749][ T6782]  ? kmsan_get_metadata+0x13e/0x1c0
[  448.731347][ T6782]  __x64_sys_memfd_create+0x6c/0xa0
[  448.736922][ T6782]  x64_sys_call+0x31cf/0x3ba0
[  448.741976][ T6782]  do_syscall_64+0xcd/0x1e0
[  448.746866][ T6782]  ? clear_bhb_loop+0x25/0x80
[  448.751918][ T6782]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  448.758215][ T6782] RIP: 0033:0x7f7bced7dff9
[  448.762926][ T6782] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  448.782908][ T6782] RSP: 002b:00007f7bcfbafe18 EFLAGS: 00000202 ORIG_RAX: 000000000000013f
[  448.791724][ T6782] RAX: ffffffffffffffda RBX: 0000000000000b00 RCX: 00007f7bced7dff9
[  448.800091][ T6782] RDX: 00007f7bcfbafef0 RSI: 0000000000000000 RDI: 00007f7bcedf0b02
[  448.808362][ T6782] RBP: 0000000020000440 R08: 00007f7bcfbafbb7 R09: 00007f7bcfbafe40
[  448.816635][ T6782] R10: 000000000000000a R11: 0000000000000202 R12: 00000000200000c0
[  448.825071][ T6782] R13: 00007f7bcfbafef0 R14: 00007f7bcfbafeb0 R15: 0000000020002180
[  448.833451][ T6782]  </TASK>
[  449.511889][ T6789] mac80211_hwsim hwsim11 wlan1: entered allmulticast mode
[  449.681542][ T6780] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  449.699478][ T6780] ext4 filesystem being mounted at /95/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  449.701314][ T4286] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  449.712224][ T4286] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  449.865899][ T6785] loop2: detected capacity change from 0 to 2048
[  450.069375][ T6785] bio_check_eod: 19 callbacks suppressed
[  450.069466][ T6785] syz.2.413: attempt to access beyond end of device
[  450.069466][ T6785] loop2: rw=0, sector=562949953421392, nr_sectors = 2 limit=2048
[  450.090299][ T6785] NILFS (loop2): I/O error reading meta-data file (ino=4, block-offset=0)
[  450.167738][ T6785] NILFS (loop2): error -5 while loading last checkpoint (checkpoint number=2)
[  450.353492][ T6785] loop2: detected capacity change from 0 to 16
[  450.439950][ T5190] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  450.450652][ T6785] erofs: (device loop2): erofs_read_inode: negative i_size @ nid 36
[  450.541583][ T5183] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  450.662952][   T29] audit: type=1326 audit(1727625958.639:45): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6799 comm="syz.4.414" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fda4b17dff9 code=0x0
[  450.881987][ T6786] loop2: detected capacity change from 0 to 1024
[  450.891157][ T6786] hfsplus: unable to parse mount options
[  450.966764][ T6805] loop3: detected capacity change from 0 to 256
[  451.081456][ T6805] vfat: Unknown parameter 'ioch'
[  451.177405][ T2973] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  451.185737][ T2973] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  451.342591][ T6811] netlink: 'syz.4.414': attribute type 4 has an invalid length.
[  451.350867][ T6811] netlink: 2024 bytes leftover after parsing attributes in process `syz.4.414'.
[  451.361038][ T6811] netlink: 24 bytes leftover after parsing attributes in process `syz.4.414'.
[  451.482217][   T50] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  451.491136][   T50] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  451.735232][ T6814] syz.2.417: attempt to access beyond end of device
[  451.735232][ T6814] loop4: rw=0, sector=2, nr_sectors = 2 limit=0
[  451.753485][ T6814] MINIX-fs: unable to read superblock
[  451.862186][ T6816] loop3: detected capacity change from 0 to 512
[  451.868142][ T6814] loop2: detected capacity change from 0 to 2048
[  451.871685][ T6816] EXT4-fs: Ignoring removed oldalloc option
[  451.882359][ T6816] EXT4-fs: Ignoring removed orlov option
[  451.973176][ T6814]  loop2: p1 < > p3 < > p4 < >
[  451.978496][ T6814] loop2: partition table partially beyond EOD, truncated
[  452.036328][ T6814] loop2: p3 start 4284289 is beyond EOD, truncated
[  452.124833][ T6816] EXT4-fs (loop3): revision level too high, forcing read-only mode
[  452.133588][ T6816] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=8842c09c, mo2=0002]
[  452.251545][ T6816] EXT4-fs (loop3): couldn't mount RDWR because of unsupported optional features (80)
[  452.267790][ T6816] EXT4-fs (loop3): Skipping orphan cleanup due to unknown ROCOMPAT features
[  452.283947][ T6816] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: none.
[  452.326604][ T6820] usb usb8: usbfs: process 6820 (syz.0.367) did not claim interface 0 before use
[  452.528251][ T6823] Cannot find del_set index 4 as target
[  452.719916][ T5244] usb 3-1: new high-speed USB device number 4 using dummy_hcd
[  453.007444][ T6826] loop1: detected capacity change from 0 to 2048
[  453.110654][ T6831] EXT4-fs warning (device loop3): dx_probe:878: Directory (ino: 2) htree depth 0x0002 exceedsupported value
[  453.122815][ T6831] EXT4-fs warning (device loop3): dx_probe:881: Enable large directory feature to access it
[  453.133432][ T6831] EXT4-fs warning (device loop3): dx_probe:966: inode #2: comm syz.3.418: Corrupt directory, running e2fsck is recommended
[  453.365855][ T5244] usb 3-1: config index 0 descriptor too short (expected 48979, got 36)
[  453.375380][ T5244] usb 3-1: config 222 has too many interfaces: 175, using maximum allowed: 32
[  453.390116][ T5244] usb 3-1: config 222 has an invalid descriptor of length 126, skipping remainder of the config
[  453.402901][ T5244] usb 3-1: config 222 has 0 interfaces, different from the descriptor's value: 175
[  453.412838][ T5244] usb 3-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[  453.422493][ T5244] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  453.527453][ T6831] EXT4-fs warning (device loop3): dx_probe:878: Directory (ino: 2) htree depth 0x0002 exceedsupported value
[  453.539804][ T6831] EXT4-fs warning (device loop3): dx_probe:881: Enable large directory feature to access it
[  453.550575][ T6831] EXT4-fs warning (device loop3): dx_probe:966: inode #2: comm syz.3.418: Corrupt directory, running e2fsck is recommended
[  453.976125][ T5244] usb 3-1: string descriptor 0 read error: -71
[  454.031312][ T5244] usb 3-1: USB disconnect, device number 4
[  454.321118][ T5397] udevd[5397]: inotify_add_watch(7, /dev/loop2p4, 10) failed: No such file or directory
[  454.356711][ T5528] udevd[5528]: inotify_add_watch(7, /dev/loop2p1, 10) failed: No such file or directory
[  454.625209][ T5190] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  455.242218][ T6845] loop1: detected capacity change from 0 to 1024
[  455.421268][ T6845] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  455.440541][ T6845] ext4 filesystem being mounted at /99/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  456.271696][ T6860] loop4: detected capacity change from 0 to 128
[  456.383543][ T6860] UDF-fs: error (device loop4): udf_read_tagged: read failed, block=256, location=256
[  456.692690][ T5183] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  456.784342][ T6860] overlayfs: upper fs needs to support d_type.
[  456.887693][ T6860] overlayfs: upper fs does not support RENAME_WHITEOUT.
[  456.895443][ T6860] overlayfs: failed to set xattr on upper
[  456.902378][ T6860] overlayfs: ...falling back to redirect_dir=nofollow.
[  456.909789][ T6860] overlayfs: ...falling back to index=off.
[  456.915859][ T6860] overlayfs: ...falling back to uuid=null.
[  457.135229][   T29] audit: type=1804 audit(1727625965.099:46): pid=6862 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.4.430" name="/newroot/92/file0/bus/bus/bus" dev="overlay" ino=122 res=1 errno=0
[  457.550059][ T6864] xt_CHECKSUM: CHECKSUM should be avoided.  If really needed, restrict with "-p udp" and only use in OUTPUT
[  457.901329][ T6864] evm: overlay not supported
[  458.023531][ T5185] UDF-fs: error (device loop4): udf_read_inode: (ino 114) failed !bh
[  458.080595][ T5185] UDF-fs: error (device loop4): udf_read_inode: (ino 114) failed !bh
[  458.467601][ T6858] loop2: detected capacity change from 0 to 32768
[  458.686190][ T6303] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  458.858680][ T6858] ocfs2: Mounting device (7,2) on (node local, slot 0) with ordered data mode.
[  459.084972][ T6303] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  459.156059][ T6386] ocfs2: Unmounting device (7,2) on (node local)
[  459.196974][ T6303] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  459.395785][ T6303] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  459.905989][ T6878] loop2: detected capacity change from 0 to 1024
[  459.985027][ T6877] loop0: detected capacity change from 0 to 1024
[  460.545524][ T6877] EXT4-fs: Mount option(s) incompatible with ext2
[  460.661176][ T6878] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  460.750934][ T6303] bridge_slave_1: left allmulticast mode
[  460.762039][ T6303] bridge_slave_1: left promiscuous mode
[  460.768829][ T6303] bridge0: port 2(bridge_slave_1) entered disabled state
[  460.865254][ T6303] bridge_slave_0: left allmulticast mode
[  460.872285][ T6303] bridge_slave_0: left promiscuous mode
[  460.879382][ T6303] bridge0: port 1(bridge_slave_0) entered disabled state
[  461.690364][   T44] usb 1-1: new full-speed USB device number 9 using dummy_hcd
[  462.782419][ T6386] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  463.177060][   T44] usb 1-1: unable to get BOS descriptor or descriptor too short
[  463.263969][   T44] usb 1-1: unable to read config index 0 descriptor/start: -71
[  463.272551][   T44] usb 1-1: can't read configurations, error -71
[  463.297920][ T6885] loop1: detected capacity change from 0 to 32768
[  463.297966][ T6303] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  463.322019][ T6885] (syz.1.440,6885,0):ocfs2_parse_options:1448 ERROR: Unrecognized mount option "atime_quantum=05188146770730811392" or missing value
[  463.336670][ T6885] (syz.1.440,6885,0):ocfs2_fill_super:1178 ERROR: status = -22
[  463.397083][ T6303] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  463.451801][ T5198] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1
[  463.462955][ T5198] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9
[  463.482685][ T5198] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9
[  463.511880][ T5198] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4
[  463.531878][ T5198] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3
[  463.548420][ T5198] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2
[  463.647714][ T6303] bond0 (unregistering): Released all slaves
[  464.449778][ T6899] bridge_slave_1: left allmulticast mode
[  464.455754][ T6899] bridge_slave_1: left promiscuous mode
[  464.463086][ T6899] bridge0: port 2(bridge_slave_1) entered disabled state
[  464.531029][ T6899] bridge_slave_0: left allmulticast mode
[  464.537019][ T6899] bridge_slave_0: left promiscuous mode
[  464.550103][ T6899] bridge0: port 1(bridge_slave_0) entered disabled state
[  464.675767][ T6902] loop1: detected capacity change from 0 to 64
[  464.915736][ T6902] hfs: get root inode failed
[  465.171374][ T6903] loop0: detected capacity change from 0 to 1024
[  465.516430][ T6903] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  465.530395][ T6903] ext4 filesystem being mounted at /5/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  465.717524][ T5198] Bluetooth: hci1: command tx timeout
[  466.058345][ T6916] FAULT_INJECTION: forcing a failure.
[  466.058345][ T6916] name failslab, interval 1, probability 0, space 0, times 0
[  466.071925][ T6916] CPU: 1 UID: 0 PID: 6916 Comm: syz.3.447 Not tainted 6.11.0-syzkaller-11993-g3efc57369a0c #0
[  466.082532][ T6916] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
[  466.092983][ T6916] Call Trace:
[  466.096506][ T6916]  <TASK>
[  466.099664][ T6916]  dump_stack_lvl+0x216/0x2d0
[  466.104714][ T6916]  dump_stack+0x1e/0x30
[  466.109243][ T6916]  should_fail_ex+0x748/0x7f0
[  466.114309][ T6916]  should_failslab+0x17f/0x210
[  466.119428][ T6916]  __kmalloc_cache_noprof+0xbf/0xb00
[  466.125191][ T6916]  ? tcf_pedit_init+0x8f3/0x1740
[  466.130511][ T6916]  ? kmsan_get_shadow_origin_ptr+0x4d/0xb0
[  466.137024][ T6916]  tcf_pedit_init+0x8f3/0x1740
[  466.142369][ T6916]  ? __msan_memcpy+0x108/0x1c0
[  466.147543][ T6916]  tcf_action_init_1+0x6cc/0xb30
[  466.152890][ T6916]  ? __pfx_tcf_pedit_init+0x10/0x10
[  466.158579][ T6916]  ? kmsan_get_shadow_origin_ptr+0x4d/0xb0
[  466.164752][ T6916]  tcf_action_init+0x458/0xf00
[  466.169933][ T6916]  ? kmsan_get_metadata+0x13e/0x1c0
[  466.175493][ T6916]  ? psi_group_change+0x1073/0x1510
[  466.181171][ T6916]  tc_ctl_action+0x4be/0x19d0
[  466.186288][ T6916]  ? __pfx_tc_ctl_action+0x10/0x10
[  466.191938][ T6916]  ? __pfx_tc_ctl_action+0x10/0x10
[  466.197373][ T6916]  rtnetlink_rcv_msg+0x12fc/0x1410
[  466.202884][ T6916]  ? kmsan_get_metadata+0x13e/0x1c0
[  466.208444][ T6916]  netlink_rcv_skb+0x375/0x650
[  466.213691][ T6916]  ? __pfx_rtnetlink_rcv_msg+0x10/0x10
[  466.219561][ T6916]  ? __pfx_rtnetlink_rcv+0x10/0x10
[  466.225103][ T6916]  rtnetlink_rcv+0x34/0x40
[  466.229906][ T6916]  netlink_unicast+0xf52/0x1260
[  466.235340][ T6916]  netlink_sendmsg+0x10da/0x11e0
[  466.240729][ T6916]  ? __pfx_netlink_sendmsg+0x10/0x10
[  466.246428][ T6916]  ? __pfx_netlink_sendmsg+0x10/0x10
[  466.252093][ T6916]  __sock_sendmsg+0x30f/0x380
[  466.257174][ T6916]  ____sys_sendmsg+0x877/0xb60
[  466.262475][ T6916]  ___sys_sendmsg+0x28d/0x3c0
[  466.267507][ T6916]  ? kmsan_get_metadata+0x13e/0x1c0
[  466.273072][ T6916]  ? __rcu_read_unlock+0x7b/0xe0
[  466.278486][ T6916]  ? __fget_files+0x4f5/0x5c0
[  466.283553][ T6916]  ? kmsan_get_metadata+0x13e/0x1c0
[  466.289107][ T6916]  ? kmsan_get_shadow_origin_ptr+0x4d/0xb0
[  466.295273][ T6916]  __x64_sys_sendmsg+0x300/0x4a0
[  466.300577][ T6916]  ? perf_mmap+0x960/0x28d0
[  466.305481][ T6916]  x64_sys_call+0x2da0/0x3ba0
[  466.310556][ T6916]  do_syscall_64+0xcd/0x1e0
[  466.315480][ T6916]  ? clear_bhb_loop+0x25/0x80
[  466.320494][ T6916]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  466.327676][ T6916] RIP: 0033:0x7fea7cd7dff9
[  466.332473][ T6916] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  466.352470][ T6916] RSP: 002b:00007fea7dbeb038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  466.361268][ T6916] RAX: ffffffffffffffda RBX: 00007fea7cf35f80 RCX: 00007fea7cd7dff9
[  466.369546][ T6916] RDX: 0000000000000000 RSI: 0000000020000000 RDI: 0000000000000005
[  466.377815][ T6916] RBP: 00007fea7dbeb090 R08: 0000000000000000 R09: 0000000000000000
[  466.386086][ T6916] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  466.394376][ T6916] R13: 0000000000000000 R14: 00007fea7cf35f80 R15: 00007ffc9bcfe448
[  466.402682][ T6916]  </TASK>
[  466.519978][ T6303] hsr_slave_0: left promiscuous mode
[  466.629854][ T6303] hsr_slave_1: left promiscuous mode
[  466.660584][ T6303] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  466.668621][ T6303] batman_adv: batadv0: Removing interface: batadv_slave_0
[  466.714661][ T6303] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  466.722654][ T6303] batman_adv: batadv0: Removing interface: batadv_slave_1
[  466.772239][ T6303] veth1_macvtap: left promiscuous mode
[  466.778079][ T6303] veth0_macvtap: left promiscuous mode
[  466.787052][ T6303] veth1_vlan: left promiscuous mode
[  466.792912][ T6303] veth0_vlan: left promiscuous mode
[  467.174073][ T6921] loop2: detected capacity change from 0 to 1024
[  467.202789][ T6508] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  467.781042][ T5198] Bluetooth: hci1: command tx timeout
[  469.809840][ T5198] Bluetooth: hci1: command tx timeout
[  469.893015][ T6303] team0 (unregistering): Port device team_slave_1 removed
[  470.012894][ T6932] loop1: detected capacity change from 0 to 32768
[  470.042778][ T6303] team0 (unregistering): Port device team_slave_0 removed
[  470.085950][ T6932] ocfs2: Mounting device (7,1) on (node local, slot 0) with ordered data mode.
[  470.111698][   T29] audit: type=1326 audit(1727625978.089:47): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6930 comm="syz.1.452" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd2f017dff9 code=0x7ffc0000
[  470.135597][   T29] audit: type=1326 audit(1727625978.089:48): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6930 comm="syz.1.452" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd2f017dff9 code=0x7ffc0000
[  470.158613][   T29] audit: type=1326 audit(1727625978.099:49): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6930 comm="syz.1.452" exe="/root/syz-executor" sig=0 arch=c000003e syscall=88 compat=0 ip=0x7fd2f017dff9 code=0x7ffc0000
[  470.185813][   T29] audit: type=1326 audit(1727625978.099:50): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6930 comm="syz.1.452" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd2f017dff9 code=0x7ffc0000
[  470.210172][   T29] audit: type=1326 audit(1727625978.099:51): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6930 comm="syz.1.452" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd2f017dff9 code=0x7ffc0000
[  470.700015][ T5183] ocfs2: Unmounting device (7,1) on (node local)
[  471.691389][ T3324] hfsplus: b-tree write err: -5, ino 4
[  471.781876][   T29] audit: type=1326 audit(1727625979.719:52): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6948 comm="syz.1.453" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7fd2f017dff9 code=0x0
[  471.920895][ T5198] Bluetooth: hci1: command tx timeout
[  472.320733][ T6888] chnl_net:caif_netlink_parms(): no params data found
[  472.388703][ T6955] loop3: detected capacity change from 0 to 512
[  472.553369][ T6955] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled
[  473.197257][ T6955] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  473.210642][ T6955] ext4 filesystem being mounted at /102/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  473.406752][ T6969] EXT4-fs error (device loop3): ext4_mb_generate_buddy:1220: group 0, block bitmap and bg descriptor inconsistent: 41 vs 39667 free clusters
[  473.719462][ T6976] loop1: detected capacity change from 0 to 1764
[  474.264689][ T6888] bridge0: port 1(bridge_slave_0) entered blocking state
[  474.279837][ T6888] bridge0: port 1(bridge_slave_0) entered disabled state
[  474.287865][ T6888] bridge_slave_0: entered allmulticast mode
[  474.298091][ T6888] bridge_slave_0: entered promiscuous mode
[  474.367210][ T6979] loop0: detected capacity change from 0 to 1024
[  474.481544][ T6888] bridge0: port 2(bridge_slave_1) entered blocking state
[  474.494208][ T6888] bridge0: port 2(bridge_slave_1) entered disabled state
[  474.502820][ T6888] bridge_slave_1: entered allmulticast mode
[  474.512713][ T6888] bridge_slave_1: entered promiscuous mode
[  474.530107][ T6982] FAULT_INJECTION: forcing a failure.
[  474.530107][ T6982] name failslab, interval 1, probability 0, space 0, times 0
[  474.543816][ T6982] CPU: 1 UID: 0 PID: 6982 Comm: syz.2.458 Not tainted 6.11.0-syzkaller-11993-g3efc57369a0c #0
[  474.554531][ T6982] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
[  474.565157][ T6982] Call Trace:
[  474.568673][ T6982]  <TASK>
[  474.571851][ T6982]  dump_stack_lvl+0x216/0x2d0
[  474.576994][ T6982]  dump_stack+0x1e/0x30
[  474.581586][ T6982]  should_fail_ex+0x748/0x7f0
[  474.586848][ T6982]  should_failslab+0x17f/0x210
[  474.591961][ T6982]  kmem_cache_alloc_noprof+0xe2/0xb20
[  474.597724][ T6982]  ? ima_inode_get+0x18b/0x4f0
[  474.602876][ T6982]  ? kmsan_get_shadow_origin_ptr+0x4d/0xb0
[  474.608075][ T5190] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  474.608930][ T6982]  ima_inode_get+0x18b/0x4f0
[  474.622883][ T6982]  process_measurement+0x5c4/0x3f30
[  474.628493][ T6982]  ? kmsan_internal_task_create+0x10/0x40
[  474.634670][ T6982]  ? kmsan_get_metadata+0x13e/0x1c0
[  474.640224][ T6982]  ? ima_file_check+0x41/0x100
[  474.645510][ T6982]  ? filter_irq_stacks+0x60/0x1a0
[  474.650942][ T6982]  ? kmsan_get_metadata+0x13e/0x1c0
[  474.656487][ T6982]  ? kmsan_get_shadow_origin_ptr+0x4d/0xb0
[  474.662647][ T6982]  ? end_current_label_crit_section+0x124/0x2a0
[  474.669400][ T6982]  ? kmsan_get_metadata+0x13e/0x1c0
[  474.674946][ T6982]  ? kmsan_get_shadow_origin_ptr+0x4d/0xb0
[  474.681113][ T6982]  ima_file_check+0xb4/0x100
[  474.686101][ T6982]  security_file_post_open+0xc6/0x540
[  474.691885][ T6982]  path_openat+0x58cc/0x6200
[  474.696909][ T6982]  ? kmsan_get_metadata+0x13e/0x1c0
[  474.702557][ T6982]  do_filp_open+0x20e/0x590
[  474.707550][ T6982]  do_sys_openat2+0x1bf/0x2f0
[  474.712599][ T6982]  __x64_sys_openat+0x2a1/0x310
[  474.717821][ T6982]  x64_sys_call+0x120e/0x3ba0
[  474.722888][ T6982]  do_syscall_64+0xcd/0x1e0
[  474.727726][ T6982]  ? clear_bhb_loop+0x25/0x80
[  474.732699][ T6982]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  474.738946][ T6982] RIP: 0033:0x7f7bced7dff9
[  474.743623][ T6982] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  474.763647][ T6982] RSP: 002b:00007f7bcfbb0038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101
[  474.772392][ T6982] RAX: ffffffffffffffda RBX: 00007f7bcef35f80 RCX: 00007f7bced7dff9
[  474.780651][ T6982] RDX: 0000000000000042 RSI: 0000000020000100 RDI: ffffffffffffff9c
[  474.788901][ T6982] RBP: 00007f7bcfbb0090 R08: 0000000000000000 R09: 0000000000000000
[  474.797142][ T6982] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[  474.805395][ T6982] R13: 0000000000000000 R14: 00007f7bcef35f80 R15: 00007ffed49ec528
[  474.813657][ T6982]  </TASK>
[  474.965708][ T6985] loop1: detected capacity change from 0 to 64
[  475.173776][ T1240] ieee802154 phy0 wpan0: encryption failed: -22
[  475.181719][ T1240] ieee802154 phy1 wpan1: encryption failed: -22
[  475.483673][ T6979] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  475.498614][ T6979] ext4 filesystem being mounted at /7/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  475.666643][ T6985] syz.1.460: attempt to access beyond end of device
[  475.666643][ T6985] loop1: rw=34817, sector=39, nr_sectors = 125 limit=64
[  475.681221][ T6985] syz.1.460: attempt to access beyond end of device
[  475.681221][ T6985] loop1: rw=34817, sector=167, nr_sectors = 1 limit=64
[  475.695847][ T6985] syz.1.460: attempt to access beyond end of device
[  475.695847][ T6985] loop1: rw=34817, sector=169, nr_sectors = 1 limit=64
[  475.713436][ T6985] syz.1.460: attempt to access beyond end of device
[  475.713436][ T6985] loop1: rw=34817, sector=171, nr_sectors = 7 limit=64
[  475.737329][ T6985] syz.1.460: attempt to access beyond end of device
[  475.737329][ T6985] loop1: rw=34817, sector=179, nr_sectors = 140 limit=64
[  475.963489][ T6888] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  475.996801][ T6888] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  476.083907][ T6995] xt_CT: You must specify a L4 protocol and not use inversions on it
[  476.123559][ T6998] loop2: detected capacity change from 0 to 8
[  476.373763][ T6998] unable to read xattr id index table
[  476.547369][ T6888] team0: Port device team_slave_0 added
[  476.568295][ T6888] team0: Port device team_slave_1 added
[  476.715927][ T6999] loop2: detected capacity change from 0 to 1024
[  476.858205][ T6999] EXT4-fs (loop2): ext4_check_descriptors: Checksum for group 0 failed (62631!=20869)
[  476.868803][ T6999] EXT4-fs (loop2): stripe (65535) is not aligned with cluster size (16), stripe is disabled
[  476.938180][ T6999] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback.
[  477.296163][ T6508] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  477.315579][ T6888] batman_adv: batadv0: Adding interface: batadv_slave_0
[  477.324620][ T6888] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  477.355293][ T6888] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  477.374264][ T6888] batman_adv: batadv0: Adding interface: batadv_slave_1
[  477.382817][ T6888] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  477.410435][ T6888] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  478.277790][ T6386] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  478.359952][ T6888] hsr_slave_0: entered promiscuous mode
[  478.411491][ T6888] hsr_slave_1: entered promiscuous mode
[  479.419166][ T7024] loop3: detected capacity change from 0 to 512
[  479.641839][ T7024] EXT4-fs (loop3): encrypted files will use data=ordered instead of data journaling mode
[  479.715950][ T7029] loop2: detected capacity change from 0 to 1024
[  479.851093][ T7029] EXT4-fs: Quota format mount options ignored when QUOTA feature is enabled
[  479.896721][ T7024] EXT4-fs (loop3): 1 orphan inode deleted
[  479.906390][ T7024] EXT4-fs (loop3): 1 truncate cleaned up
[  479.915416][ T7024] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  480.001442][ T7029] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  480.581783][ T7042] openvswitch: netlink: Missing key (keys=400040, expected=200000)
[  480.672109][ T5190] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  480.860927][ T6303] Bluetooth: hci2: Frame reassembly failed (-84)
[  481.343024][ T6386] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  481.398768][ T6888] netdevsim netdevsim4 netdevsim0: renamed from eth0
[  481.497950][ T6888] netdevsim netdevsim4 netdevsim1: renamed from eth1
[  481.590687][ T7047] loop3: detected capacity change from 0 to 1024
[  481.607029][ T6888] netdevsim netdevsim4 netdevsim2: renamed from eth2
[  481.674196][ T6888] netdevsim netdevsim4 netdevsim3: renamed from eth3
[  481.763739][ T7047] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  481.776666][ T7047] ext4 filesystem being mounted at /107/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  481.863741][ T7051] loop2: detected capacity change from 0 to 256
[  482.183549][ T5528] udevd[5528]: failed to send result of seq 12528 to main daemon: Connection refused
[  482.648540][ T5448] udevd[5448]: failed to send result of seq 12531 to main daemon: Transport endpoint is not connected
[  482.690444][ T6888] 8021q: adding VLAN 0 to HW filter on device bond0
[  482.744080][ T6888] 8021q: adding VLAN 0 to HW filter on device team0
[  482.881484][ T5198] Bluetooth: hci2: command 0x1003 tx timeout
[  482.892674][ T5191] Bluetooth: hci2: Opcode 0x1003 failed: -110
[  482.908375][ T6888] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network
[  482.919292][ T6888] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[  482.951643][ T1104] bridge0: port 1(bridge_slave_0) entered blocking state
[  482.959452][ T1104] bridge0: port 1(bridge_slave_0) entered forwarding state
[  482.982928][ T1104] bridge0: port 2(bridge_slave_1) entered blocking state
[  482.990917][ T1104] bridge0: port 2(bridge_slave_1) entered forwarding state
[  483.089379][ T5190] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  483.996381][ T6888] 8021q: adding VLAN 0 to HW filter on device batadv0
[  484.243338][ T7063] loop3: detected capacity change from 0 to 164
[  484.534952][ T7062] PKCS7: Unknown OID: [4] 2.19.13055.170809666(bad)
[  484.542193][ T7062] PKCS7: Only support pkcs7_signedData type
[  485.214507][ T7079] loop0: detected capacity change from 0 to 64
[  485.594957][ T7083] netlink: 'syz.3.481': attribute type 1 has an invalid length.
[  486.041834][ T7079] syz.0.480: attempt to access beyond end of device
[  486.041834][ T7079] loop0: rw=34817, sector=4172, nr_sectors = 22 limit=64
[  486.064465][ T7079] syz.0.480: attempt to access beyond end of device
[  486.064465][ T7079] loop0: rw=34817, sector=4196, nr_sectors = 166 limit=64
[  486.081598][ T7079] syz.0.480: attempt to access beyond end of device
[  486.081598][ T7079] loop0: rw=34817, sector=4363, nr_sectors = 22 limit=64
[  486.098328][ T7079] syz.0.480: attempt to access beyond end of device
[  486.098328][ T7079] loop0: rw=34817, sector=4388, nr_sectors = 29 limit=64
[  486.114853][ T7079] syz.0.480: attempt to access beyond end of device
[  486.114853][ T7079] loop0: rw=34817, sector=4418, nr_sectors = 32 limit=64
[  486.131333][ T7079] syz.0.480: attempt to access beyond end of device
[  486.131333][ T7079] loop0: rw=34817, sector=4452, nr_sectors = 36 limit=64
[  486.291278][ T7089] syzkaller1: entered promiscuous mode
[  486.297188][ T7089] syzkaller1: entered allmulticast mode
[  486.313719][ T6888] veth0_vlan: entered promiscuous mode
[  486.372986][ T7079] syz.0.480: attempt to access beyond end of device
[  486.372986][ T7079] loop0: rw=34817, sector=4489, nr_sectors = 231 limit=64
[  486.483976][ T6888] veth1_vlan: entered promiscuous mode
[  486.621745][ T6888] veth0_macvtap: entered promiscuous mode
[  486.706589][ T6888] veth1_macvtap: entered promiscuous mode
[  486.777171][ T6888] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  486.788270][ T6888] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  486.798617][ T6888] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  486.811022][ T6888] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  486.821441][ T6888] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  486.832654][ T6888] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  486.842971][ T6888] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  486.854747][ T6888] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  486.875269][ T6888] batman_adv: batadv0: Interface activated: batadv_slave_0
[  486.914953][ T6888] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  486.926003][ T6888] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  486.936290][ T6888] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  486.947536][ T6888] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  486.957726][ T6888] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  486.971940][ T6888] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  486.983216][ T6888] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  486.994130][ T6888] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  487.010091][ T6888] batman_adv: batadv0: Interface activated: batadv_slave_1
[  487.062760][ T6888] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  487.075840][ T6888] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  487.086150][ T6888] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  487.095534][ T6888] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  487.115171][ T1711] usb 3-1: new full-speed USB device number 5 using dummy_hcd
[  487.278916][ T1711] usb 3-1: device descriptor read/64, error -71
[  487.292876][ T3508] kworker/u8:20: attempt to access beyond end of device
[  487.292876][ T3508] loop0: rw=1, sector=65, nr_sectors = 1 limit=64
[  487.308589][ T3508] Buffer I/O error on dev loop0, logical block 65, lost async page write
[  487.318554][ T3508] kworker/u8:20: attempt to access beyond end of device
[  487.318554][ T3508] loop0: rw=1, sector=66, nr_sectors = 1 limit=64
[  487.333445][ T3508] Buffer I/O error on dev loop0, logical block 66, lost async page write
[  487.342306][ T3508] kworker/u8:20: attempt to access beyond end of device
[  487.342306][ T3508] loop0: rw=1, sector=67, nr_sectors = 1 limit=64
[  487.356093][ T3508] Buffer I/O error on dev loop0, logical block 67, lost async page write
[  487.365095][ T3508] Buffer I/O error on dev loop0, logical block 68, lost async page write
[  487.371504][ T7095] loop3: detected capacity change from 0 to 1024
[  487.374011][ T3508] Buffer I/O error on dev loop0, logical block 72, lost async page write
[  487.393516][ T3508] Buffer I/O error on dev loop0, logical block 73, lost async page write
[  487.402601][ T3508] Buffer I/O error on dev loop0, logical block 76, lost async page write
[  487.411590][ T3508] Buffer I/O error on dev loop0, logical block 77, lost async page write
[  487.580383][ T7095] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  487.597707][ T7095] ext4 filesystem being mounted at /111/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  487.620023][ T1711] usb 3-1: new full-speed USB device number 6 using dummy_hcd
[  488.223219][ T1711] usb 3-1: device descriptor read/64, error -71
[  488.241746][ T7107] loop1: detected capacity change from 0 to 64
[  488.278024][ T5190] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  488.294022][ T7106] tmpfs: Bad value for 'huge'
[  488.349392][ T7103] hfs: keylen 94 too large
[  488.354373][ T7103] hfs: inconsistency in B*Tree (1,0,1,0,3)
[  488.359636][ T1711] usb usb3-port1: attempt power cycle
[  488.460502][ T7107] A link change request failed with some changes committed already. Interface veth1_to_batadv may have been left with an inconsistent configuration, please check.
[  488.687456][ T7103] hfs: keylen 94 too large
[  488.693663][ T7103] =====================================================
[  488.701168][ T7103] BUG: KMSAN: uninit-value in hfs_brec_find+0x65e/0x980
[  488.711367][ T7103]  hfs_brec_find+0x65e/0x980
[  488.716210][ T7103]  hfs_brec_read+0x3f/0x1a0
[  488.722262][ T7103]  hfs_lookup+0x1ce/0x3d0
[  488.727016][ T7103]  path_openat+0x292f/0x6200
[  488.732029][ T7103]  do_filp_open+0x20e/0x590
[  488.736920][ T7103]  do_sys_openat2+0x1bf/0x2f0
[  488.742130][ T7103]  __x64_sys_openat+0x2a1/0x310
[  488.747387][ T7103]  x64_sys_call+0x120e/0x3ba0
[  488.752637][ T7103]  do_syscall_64+0xcd/0x1e0
[  488.757443][ T7103]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  488.764374][ T7103] 
[  488.766839][ T7103] Local variable fd created at:
[  488.775693][ T7103]  hfs_lookup+0x5b/0x3d0
[  488.782041][ T7103]  path_openat+0x292f/0x6200
[  488.786982][ T7103] 
[  488.789462][ T7103] CPU: 0 UID: 0 PID: 7103 Comm: syz.1.488 Not tainted 6.11.0-syzkaller-11993-g3efc57369a0c #0
[  488.800283][ T7103] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
[  488.813681][ T7103] =====================================================
[  488.821974][ T7103] Disabling lock debugging due to kernel taint
[  488.828319][ T7103] Kernel panic - not syncing: kmsan.panic set ...
[  488.834953][ T7103] CPU: 0 UID: 0 PID: 7103 Comm: syz.1.488 Tainted: G    B              6.11.0-syzkaller-11993-g3efc57369a0c #0
[  488.846987][ T7103] Tainted: [B]=BAD_PAGE
[  488.851310][ T7103] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
[  488.861976][ T7103] Call Trace:
[  488.865421][ T7103]  <TASK>
[  488.868510][ T7103]  dump_stack_lvl+0x216/0x2d0
[  488.873461][ T7103]  ? kmsan_get_shadow_origin_ptr+0x4d/0xb0
[  488.879530][ T7103]  dump_stack+0x1e/0x30
[  488.883948][ T7103]  panic+0x4e2/0xcf0
[  488.888101][ T7103]  ? kmsan_get_metadata+0xf1/0x1c0
[  488.893476][ T7103]  kmsan_report+0x2c7/0x2d0
[  488.898288][ T7103]  ? vprintk_default+0x3e/0x50
[  488.903311][ T7103]  ? __msan_warning+0x95/0x120
[  488.908375][ T7103]  ? hfs_brec_find+0x65e/0x980
[  488.913383][ T7103]  ? hfs_brec_read+0x3f/0x1a0
[  488.918374][ T7103]  ? hfs_lookup+0x1ce/0x3d0
[  488.923141][ T7103]  ? path_openat+0x292f/0x6200
[  488.928172][ T7103]  ? do_filp_open+0x20e/0x590
[  488.933103][ T7103]  ? do_sys_openat2+0x1bf/0x2f0
[  488.938197][ T7103]  ? __x64_sys_openat+0x2a1/0x310
[  488.943461][ T7103]  ? x64_sys_call+0x120e/0x3ba0
[  488.948587][ T7103]  ? do_syscall_64+0xcd/0x1e0
[  488.953551][ T7103]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  488.959917][ T7103]  ? kmsan_get_metadata+0x13e/0x1c0
[  488.965314][ T7103]  ? hfs_brec_keylen+0x398/0x610
[  488.970464][ T7103]  ? hfs_brec_keylen+0x58f/0x610
[  488.975618][ T7103]  ? __hfs_brec_find+0x426/0x830
[  488.980758][ T7103]  ? __pfx_hfs_cat_keycmp+0x10/0x10
[  488.986187][ T7103]  ? kmsan_get_metadata+0x13e/0x1c0
[  488.991579][ T7103]  ? kmsan_get_shadow_origin_ptr+0x4d/0xb0
[  488.997595][ T7103]  __msan_warning+0x95/0x120
[  489.002420][ T7103]  hfs_brec_find+0x65e/0x980
[  489.007222][ T7103]  hfs_brec_read+0x3f/0x1a0
[  489.011912][ T7103]  ? hfs_cat_build_key+0xa5/0xd0
[  489.017251][ T7103]  hfs_lookup+0x1ce/0x3d0
[  489.021817][ T7103]  ? kmsan_get_shadow_origin_ptr+0x4d/0xb0
[  489.027839][ T7103]  ? kmsan_get_metadata+0x13e/0x1c0
[  489.033241][ T7103]  ? kmsan_get_metadata+0x13e/0x1c0
[  489.038638][ T7103]  ? __pfx_hfs_lookup+0x10/0x10
[  489.043697][ T7103]  path_openat+0x292f/0x6200
[  489.048649][ T7103]  do_filp_open+0x20e/0x590
[  489.053488][ T7103]  do_sys_openat2+0x1bf/0x2f0
[  489.058460][ T7103]  __x64_sys_openat+0x2a1/0x310
[  489.063609][ T7103]  x64_sys_call+0x120e/0x3ba0
[  489.068521][ T7103]  do_syscall_64+0xcd/0x1e0
[  489.073254][ T7103]  ? clear_bhb_loop+0x25/0x80
[  489.078134][ T7103]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  489.084376][ T7103] RIP: 0033:0x7fd2f017dff9
[  489.088951][ T7103] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  489.108987][ T7103] RSP: 002b:00007fd2f0f7e038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101
[  489.117640][ T7103] RAX: ffffffffffffffda RBX: 00007fd2f0335f80 RCX: 00007fd2f017dff9
[  489.125913][ T7103] RDX: 000000000000275a RSI: 0000000020000280 RDI: ffffffffffffff9c
[  489.134083][ T7103] RBP: 00007fd2f01f0296 R08: 0000000000000000 R09: 0000000000000000
[  489.142324][ T7103] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  489.150467][ T7103] R13: 0000000000000000 R14: 00007fd2f0335f80 R15: 00007fffe9e16f68
[  489.158728][ T7103]  </TASK>
[  489.162227][ T7103] Kernel Offset: disabled
[  489.166651][ T7103] Rebooting in 86400 seconds..