last executing test programs:

27.377478444s ago: executing program 3 (id=266):
open(&(0x7f0000000140)='./file0\x00', 0x2a4c0, 0x0)
r0 = openat$fuse(0xffffffffffffff9c, &(0x7f00000001c0), 0x42, 0x0)
mount$fuse(0x0, &(0x7f00000020c0)='./file0\x00', &(0x7f0000000000), 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r0, @ANYBLOB=',rootmode=00000000000000000100000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0])
read$FUSE(r0, &(0x7f0000006380)={0x2020, 0x0, <r1=>0x0}, 0x2020)
write$FUSE_INIT(r0, &(0x7f0000000100)={0x50, 0x0, r1, {0x7, 0x1f, 0x0, 0x8000}}, 0x50)
syz_fuse_handle_req(r0, &(0x7f00000041c0)="412e450a2a7b9586d1e6e9de257afc4fd60c8de430c0d6348b2cf1db8d070a539de9c1e91a178f9240dbcfe303566018f6c20c55d643a2ed46aaacf49ca491ee2f06184bdb548778a2c56e56f6b40b994419428bbbb9dfa5f9593511ca8ae1c088fb0ee5da72f505000000000000002c04754204f194ae6ceff4570d44496eeffe619998eafc7167d22e1c6aa73e89ad19224e35130a37cf68d5c41ccafe59b4b753a26e06c4306d31d78de6cede97c06e3ca2cc4af66b7548268efa91621ffca2655d2c8f1a9bb019b88fa729cb3d32f72c098c44898d42c42f39feb4faead93980726c236129acdf31c01f1cabb5ca3ec4e45eb5e6e59912792b4976e3f2b560c861d49b539d8e1870040a8cf190a8a767ec067a8048aac53336b44669d3d425843ae80681a7c02a5d5a3d90f355fd4a6ac277e75230d558f0df20cb323cc65e9b5a258cdd669c8a9534e4aff09a8fe89b124748c9e756c28789c2152a5142bc0bb205e339d43bb980b3f04a3c1a424a2a093966b20600a5410e0528fb35937c998eea19f01eaf2f39e16d85563a6737ddab3213ca1832f0afdf891e34a582f6a4ac81fda70ebc3fedac2fb3a492fdb40b91021e5d371d990064cd1f7c2c1a6472dec7505f9a4940057a3e57fd53aa3cd2eb914e073a19b6e925f8553e6875c093c7d19de25861fd9640f0eca4cda0467f12126daa2e0c6df7d4e4babe5a6e59e8391be7700790315b6b8a8aa74cd6d3f054aceaeda79430676b67fe25c9029e0894b413377fc4d8300d9f9338fadd07e4c80cac08113df8971a868458c47c06fff0c1c4bfd48ea583e9e76ef103d42c233b6de10b30612cdbeb6b60a6a4dbbe2da63cc2dd4fb93cac65af3c1279274f4af0e2c5b96e6068aa5b41f7548fb72b0c142351f64446db7425115b89132b5589ee642ebbde655adb2d7d1117456a6e4f2886879b42baf85e05d53e2aceea9c3830673bdc4d081675fe76b994651af9c3f16b7513834fce4654f84558a8308fa677d05bffcc893d9813bf87c5ec520cd66ad58dc06f0c47d253cd36dfec82980fc8dbdcd4b1c037c2b30bef455984f3e8ed19d69e185fe4fbdda2c2517ec9abfbb4841252e650b6bf56fdeca9a4ee3c311de3c6859ec14cc00e95323c57c02fa894d83ea17944f3112fc19a7e11335d7951ec6dd5b4f06fb9b637313a230341ea5da6a7a959e707d0cd5fca60a6649c8df8d6c17e9a49d230e5775df14e4b43aa3420bd0b8814ec7360ab1910e69fab8932f7646d7998bdc2e8ec354c52da21ed83fb7582cb9d37bb95f144974f72c7b0ae7b42945768fa8ec0dd6daba72d05809670506ef1054282201b00906c8af64e3e13a10f180688c96549b2d3d6b04403fd571e7b132891dd4b7cf37aec25ca1e9190c17aaefbc31e059915c12c232fb7097e9fa6f35fbb265c7102db62e2264590c583ea90f1aee3f166af81430d9084eb0c760ebbb16049c9fd1fee6ce33c8ac205e3ac9c275531feadfa4054e0c027c26beb009f54aa72b864d39bb11753f77931bb960276db33021c65671e57b3708bbf979be222e8439d71f58ca87cec7a054517af398a42735b580717377a54f139e2c46813cbb03d98e49c26f4ed54d75e48573cd06145f913f4e313eeee837496dfff75aa722fd8486c45f9c959da12ae48ba4a10712120a203e2476c7b96031d8f8773f68344e6fa21831287655aabbd594e9f272eb1a7315d2d79b8bcd5e63004cd106f80b1e40a5d9e428a01bc58264f4d63c2ee9db6efa70607a642aeb883bf4b9fe009d7f09c16b05a2c9b73573e9019e161ebbdc1fc9b9cd0c5fe1b57adcba2d0f3a767ad59aafa159b3dd181f0601ff95e8af8b5410e56c81ffb8ab35b1e04af35dabf69f08572e69260b72bfd502c5a0de627fd3fee44bf1d4a261bd356056c5739398e3ff161beec1240a089625daffbc61dc5e660c274565477a0ff1797fefff04a98704802ab0674ab72d400686229608cbfd2ca20f4e62495e8b09de9d180c47375bbad72f4474b67d56104b4b466192be60f7aa668fd0a4338b856f114311842ee806d6488ab09098ed9de0e21bcc8b42a5d5713d15eca108fcc7a65d6b414a112524a6e1418644508dd957147a92d4399d13faaf01cacef40549cd11900f9aa32a8333f55796ef25d33c554a308da9797cd0ac25888311b0ac88eff0be7a36ddedcfc2b095abb4d5a6a4edbbad67b70cdf60c7ed0c5e040ced90edb3322ef684332358942ede9191b431c99b3abf8f9c50206479f0ac118c0a99df61fb9c90d846f41caa6a2448fb7e15640965e051c2af4ee72a5cc7c962bacff7019615c10e6c3054e2e5792df3aa6e2c33425552148466a88568cc79b6edebf0107b7d3d24423a665d20c3a1c0f1a6b34eb475bf875912115914cfabcf394f8a096d64e5dc95705074fe5e985497dcf052b9f748b9d4688859c0200fa43719e4722ed6c064c0efa7e07beb2a26fd724b63537fa0eb506365d5c029cd8dce7dd0a1cb9d9058c061739734af6be9e880fe7e28a211a4c368a7babd1107110ecbb384b274cc092b9511c4abde2ddd863162e2739984a9f3c0a76e3c530a27d5e385f4a3b87607b2a944e09d28239661d27719e22c0a657ea383c30859ca29cdb8fbc79bc83e995dcb361743a7e195650c37e570b768a0a1f0b118fa5be9b3c838326343ec5b376d5ee040ee29dfd868cccf9cfa4591151f519cd6e2ae1453a58aa92f90ee5be11ceb8511ab743f399be0a190eeddfd112336866831c3255ef6520d88b2581ea3767f3df01a38d9b4656f2a89c5df41443291a795da45c8a846015cd041bea0dfbe648348b10ae73ce43d9017182792cd9172eee642c549a530cc1f537f9aa70ca63792ba4a86a713ae09b917136e5bf1506ad7f367d8d2f77f47a2318facd109bba9b1327b5db9e4aeffbdcf414db761eeacc227a15cd72aa52c8ede33bdbab9de9aa1e8f470a388013d07f08777e2131bbd4856ab5c1c38d03ef407197ccf24e8b2a8db69e78f9d6623033c453541bb79f9e0be9a55588e2e54fce65fb785467064a146c4bf218068b5e3efdafaf93a98253becaef226cd79468ff1bbe0c9d43877f5cbb5844fd8957f15d3ef208aac11816585cdccf039c36b429d3d7fb634054fd0f09c8abea3746a6b7379142abde26d998ac7e39b94746c60c09f86ddbd7497849d1ef839730672449f35a3c3253666e9fc053ac1c518e44e0b84555be507f7c00fa9e4864b4bf40ac3d93f12001eb780a779e655d0633803268c094ae161a0efd652003d6ac47f9a6c28d866b56233f371627b01e0fe9361dca611a28841968d4e12cb73d49ce08fe25de4a90b2d34607202b20e71f5e1eed38e17d0a2748f548cf61735f4c9cead1cb93b11929d906d65fc60f88e6919b7b5a1014e6d408bce9c8cc832eecf9147708fe451891717d2ed99dee70773feaa97985102abd3dd05c904c28898afe060621db6564887bc4afe158fbe1d819136a1ac1dc9d8674798a93daf5255460b50c34496205834c668db4c764e76ebb6cdaf5fc44b881cc2ae87b4a7cc045143f96b1620abfd0f116e673b335beefdafa1e58d9194e010cb78956044646da5ba853ce981667f2b8e5001c2df437c9d597ccd2be7d2887f5cb7aad0539abb3f9db1c8f5cd4d7d831946ba1c1aa8737c114fec1ac9a82519f57cb48c49b7f62e9eaa89f448df33fb307cd0036c70b490ac340f7d04e14f32bfeebb08a9d5bc7bbef8f231ea09311d4c82cc55c90eb53c6c003cc98a34dd3c4ec2d8b3a655a78e16e908f368733d0a02b36fe963e2d80b5e6f7b2e3aae3013c900c76e4d56e8348bef221f8a642e692c23b12520fb68c793e789eeeceb4efb2097a4d5952d144094cd7be6edc933d257f6230e962d70ba42e1b07ad9eca0ccd60d3d9a6e06b73ccf96a8aa490ed3bd58bf4d79db65355ae145b54be004e464f4dd23fb8b1bf15e13838116083da67186513652608e37c8f847b2bcafb57bcefc7efc8c8182c7d708cce5d14695b4e618e77f8e7be81f27a05e415fd37ac21507a665b2558daee5c0b0859fedfede8c03f181ef5e0ec0da6caa3edf402dd73bcb4026c489a7cca8ab700d3e9f050006c36768a16e8a48e48ed5750b8cdb7ad1fd12d4cc8333d324d6c83905303fa7013fc02553b587544affe38f1a95e0c4c39740d63b6d387fc89b30bd5fd745cb64844b13897ccf5cca135f7d39e03ce8adcda919d86b25b52764b0a0c4f07f88df68868415de13863df84a7e8d355b09cf90e482eb4174fd01f1b371a4dc52f3c89fc3a70c71657aa5d7573ef9acf4d2b0b321c41ff2640515bb43637ba2288ca0bff2e2a3a998ad8294c52f9edfe0a4ee0a3f8ed5b4b5c43319bb9c58dd07ea3237d7bb62cb086e7ea4a81cba2cdeb28794a09c275a704963110b64720bd089e3737ee1a91e348b5e97b63e1724de1fa9f49961d653bbb47b6fa993b035cf59659bcd0306180645162568abf51127845cbe6e37cc3c19b9d69657db4258fa5e8428a73eff6506bff474c2e302ad5559ac8de44c6f0baba5e2e579e7d7f9d9ebf540674432ac11d92bfc9abdc24126888b533f43bd6f293b0bc315915743114a35308a0ee2e710522137918a2b09ddbbc7a2313a2a6b85a1ad26f14dd70072651c8300ddf6de29704b716ce1bc431c66ccc96731f46359a9f6850976c96dcb5e0ee47446f50b6b3ba90d45224066e123ad3854d877c0cdd9325000ac0d6813c30cd43d3e150335601724ca3666458dc4c04f6562296982353e155d5255c9008c0b46d21a678c8fcb3aa8d6574476e0458eb0a76a6cb50f929ed218cc4654cb4f95fb3afbc2548b74acc312563375a19e55d488599488dfed4dd31b39f29ad61dad343dfca3b45b316a34e7a7bebd2b0f562a9e69848d13fc80a4fa52d0f17bd15d9e1fd39a7dcc86128d14493805d105a745673bddea68ca74ac09d95cc7412d5be2cbd0a247a81dc9e148111e22cdf3375805469226ca3538f960a6ba6aa0eeeb87c784ffb1bfc09180a61be3c7c535fc6d593c3b3f4de21b8c3eccc9021e80fb07dce0aeb3b023bd55f24356f646791ba80e5ca21ac092a069ae0a22cfefc08c23cc7aa69b570bd17cce9de15871d363f167288f99f04761caa67f12c949466493f661d39ee4280c955446ff5a9bb14f2d1ae21cdb91a5868e0c52097cf380f571935b140562922763f1b79c3709b949c57a00b08828ce9e685f6b234b5fe3c62d9feb249ce75e81f5efd556c14d5da24dc0554723fdbe52659969a39f470e82c50c4777c908628436e31177af1125d5f70ff627462247e5bc20c47ef75f369174586d43d42f7eefdd47fefa745badebca2a881ccc018ea411cc8a7a0881422bee8704bb98e6bea9fbec63441fb45d7ccfd436909b57a2b60b788e15bda3ca7663b19bd84d0879deb639f10def9a99d42a4b9a4fd7fecbf6d2e7598678307ba9a5b6f143c27cf1ca41e3c904007bb762cd5df6e63c4cf422c2ba959e53bd8e5664cf5df6a91a4bc8cebc52b22f30060fcbc5ead53d38eabd160c1da4cab8aa95c3640ffd78074aa2cbb05cb8ea90a0c95a4a1b2be1ee94f238000f1faffa069d87039f13f5f84ff368aec5a0b10020232b9fc954a6c22573ef48459e574d48a4845837e1d6ef386738ccedd093d4d5bf3a3f790c875ba7449d03397642feb71100f2c25ab2cadf0b0802544a2095a51b19cdece623b17d420b173a99c081f8e229b6de3c680d6bb39bb98b479517d77cca581b81cf856753a44ebd64cff111fb8ca37ea45d217a3fca44a083e6c35b0fed9f8f7631178d15e88f86c85f1ce68c900afdd1f7e5b8bd4ef3f58c447b77d3befc49180df7a5eb2ae8ae33b4ef573f3a425da8a60cde84d8eeae6d6399b9fbbfa0fa8d448b25c7f79b7554d0b02b0decbc74ae8560f630af596313fb33d442a410061ace0aa7a440d5e31ca8bb2cc495c4f0b672edb011b0c5f16781836df7f4af8329143d5a1a99d7b18ef9f774c4199d635848cedebac82637a03a189c65bf667503737c75b6639ac65ad424ca475285437e6f19830b36549f607ffc387c8b11a34a838159376a6335afaa045bd2bb04e279dd72436331d07dfbd72e2436b27f0df23a266fd15cf56d1a9e93aaac8901cfe49a3219ae36c5c65c75e5c708fb82cac4d6a50726509ec3a7d32d54cf584ae353a5bff75a6de77a0b240cf8a0a72817c9d37699ca89c96e0e0d96a7665ac3a7d1febca1a1d79e2cbde8025c271360e2f90048b2d9fd56f45c013e001dad4b7785be69dc01f8a954ef7a84455986fc5c9d5167d91808efdb4476ed79f99563d887cfd4e99809d9e388501dea228cbb3cf3770082dc566455251fd9c2c742963c33500618c6ec99e0bef007408a0462a081237be4c6e5db0258d4be5fc9cf63fd1ace1f4166c053b0fb84fe24917da1255cf40bbb1b45644f6a7699cf802a35a932c374b1d62013e6afca3787627469994c02f622ab877ed5491fc2a89eea60e4e1628da89e3ad600ff6442e4ebf20e47304176b6a1703c094b3cf6d7fbbddd8d8fa5a00f28b4d8f43d88487e9d4531071512f2027198714a8d1cef126775547fc74f2a35840510f325e50361be76557767560055e084f2ecaefa0dd8ca8215301a7a887d2eaddaeb1f5c3dfdbd2cc1ba5f02d4426b98c0f861c5f724405758f442560ea6cd1d953456cc4aac6642ad61c03dbaffc2364d8ec2ef9f483c70355139d1fbd9617ab3c7eedf0b8963c1cfdab769180db43c416a90d9fdf3fd0eb2f81187642b4e2a09d6462d27527fdfda31f7b262501749dcfc6c184983f9923424131d05cc811cacf5c2c87e8e6f135349e68cde0e8997bf1dde248e5124d5dca2681abdbe58d327a8edd585821f03fdd4515728f1336495ba25c9bba56a3f706d60c35cbd0b40d0ac0583a981f9af08510ed8ed0a726e5472f8995af3837fbf1e89587633d2ef944868a153919165778e963710872af12faf96c0919c638e5affa97104471ba6e178d27602f96b9546ebe52190d91be245be08742b96389080676a566d3229e593e4f56a76ae4c58113c6adc1088703b1b92dafe32a5600e14ac1e71df829dfef425911f16a2b91f693599ecabf93065c6c4f5fefca8d4ed095599113529f65d9120d5252f577af95b404979508c343df54e4d239720e7d3a861f1dcabfa69e12d655c8a026c10a4df279b139fd222e561d205ac9b45c1054f8699eca594fb23886e0de565186597766dd5e40f74a423d5708dac254f4172f1089270988fb18715813f13ee4d131b64dd517c7e77f27f804b229f5339ac2f483b14739ac33a9645044d3010bd77ed18fb117f7b11bb51c4ed683b59e28bf25a58f123dfbeb1f0f21f03d9b57d8e61d59b311037a5b757b03ca5c95e0eb73922c6918530c99de4d6733640f2b8d13bebce31d4f5e27aab201101e48cde23a0d7e87b9511949d812e3187ee5ff11bc5858c022ed7b00790eba32f9ef7e134ce5f73a01269ca971b40e62133eca9d596a768686d6390b2c74602f6dc597faec3ed9d9658102d99c9624c1a97d00d63853578afaccc7e30a77fe054ebc23eec45f608f996fd015cd6bd50a111360f0790eff6ffb1ea59d13c8e29480bd96217188f97e53a1f5d9eae0a2badb4fea52f2bb4f8cb04d0afd99e7371a978a7d7ef473f77ea6738ff84af655313a12db24cff692ec7e282245ae9a42338db814593448f7115df3dc3f4e2faa2c2fdbd68f679d6aba01a15031347bb17d8bf8f1fad0ecf365e9dcd32e69803c5c05f4b47adbf8a21af7e9fb327f267df1c914486389a9820edf0a03bde6ef388c255761e439b2f7e1f9c1c3c95bd30c502197ab37f76b52f0d0675f366e919be19329853767bba34a540fb75bcdcc9596a4cda254a660e11bed5af9d8646ac4b7d6d7aa5d7c0005879b6d08058a56c3d3a4d3d401b883153fa7f2f6a6d34dd010f6b9e7b4e457b9ff5a5802d7723abb35f9dca0afc10f6791824dbe0a7725d534e7753445b7268d90145b6438b93fc475f44d5d678d79da6c5770f3a9106f3cffbabe4b88cbe7eda9b8a495be4f6717b0fbee6fec78c86031b6d878d47e357b2089de3e6dd19a265552553d1f7da53884ef84d0eebe782791c48a9c68a28d8ea3bb70c922b01dc20b2cd05cfb276e326651398f766f5faaea54a41da597cf6b50f3d5ebc634185b99069126b8d935c6bc42c47f2109de42091ef4ade3d87cc44aeb78709255501e64f34ac2d4b2725cf7777315f8ca9424bc9d61a896a93500faa6cf5a5aee1fb888e17b47a38a667be2ffa3bae46afa88bfd8b5b6e1186d6e41b9a4e490591043372c23f36fb48d80caff74cc349adc92bb25f701738c809ccf74c47afa193795ee67bc58ea7fd85542fa7e70218490fff212163401cfde016df2f42496bae403d5391e53fe200f758bbcdead0fe72c77861889b9632a257229c35bdfe8fa78375b4f5c768b9c60cafbde1f00aff6ca1879f6472f28001f5f13d4d9d6c3a90e04d8df09873550daa8262d39efbe96a79c697fbcc9a7f27c9f6d782d5d5f6d024b291376e9cc40d902f809072e1f0f2c2ab88ce3d074e88461f5971853e7be749943ab6e25e25e8afa5042dd73407f49b50841c7782c54eece62ec2beef1f16caf1ca5989427bd2726ca0fee33e303702e9892e4382e92c3f3a03a6188f39762db81819c7e12b424be8fd964dcdbfbac00139e8c5a6200506f13f484ac34ef3d26e7cadd53cf402117419c1618205bfa5382486094bd55448f2b1aa4dbec2289189b601b1bbf5792b2a641c6f5dd19cf24abc72fc5264cf11f6b44a4929267a02cd1de1b602b9de65a6c06640aa0f76109baa90d66eeb17295b1711365b7d6835a2dd55b7fe868c59453613240643c847a5b48d27897a58dda63e579c1bba58350550e147b190f0a2c9a5ce719d627ce3302028b4b6801bbfa8cd74874ffba35817c0eca034d19210950796807125fe6065dcd47d7c870ed2db5c00cff235e4154e2d89ec2a09a87551f9b7ca25d519b5603c0c33d2cf72878199ffab567fc5e093529b89d1163587f3564ba8291d2d96cf9762e7f568e786ea90849f6312c1a10f45d61600cd45c48e6870a7d76c913f9c4497374fc04401cbd11f7710740148234fe8f041f24d0278fcfd48846e6aa49f05016fc332dc5d46b4a26574fed5c0751cebb9f7ab4cdbc1ee011d82d6ef95c52c9df8eedac3ab5cf30805f23d88d4f707601f8e6c606b58f2fe234e948d6756d430a5c4ec76a33874886c8fb484059b47a9bd198a61a1896419288a9e81d0969dec778a53e8233f0f63bd0134e5f29825e7817e7c8ccb7d9acd8f86ac9d3af78c43df3036d7934dd294f2bb12063bee52c547d27a218145befb0ca96cbfaabd39fa245b51c39f4cd4cf8db105f9dc46a7aaa8f7d06fa208120ce1ac49326179618fa2c8596c44e174eb7a141056b1d17689c10dee089c8b0867b8a757ae12251bbd68db5fba2be341275fb6ee379309f5cde9b31242b0b2bac44da74776fac141936bd96e3177161f057c820a8c22cca8cce29b158eb55aed0260253fbee70a6dd281d9fca23e0b0a38d46c76a95e1262f1cafcf0fc37b52e649a1ba1e2c0f97d10bbf4d2b5632cf340bce56736071d5885ec9b4e17910744d3e63e2ca6deb21e43fc21e89c6865d3ad424ef4a14efe8843ff3168c99ee395400dcc8755719d290c567c95a5e7d28ec1190ceee240084d444265cc801cd960f69b368359bbf06b8a4ec23b47c7bf9d4b16c701a1c4fb9e81abb55bf49d450b566ce03de939fc6f5c51291380086f8c995cdd4fa15a325601c4846a69f15c77f55c900270bc9ea5f406480cb0e3e89bc869fe8b7cec4fbef7e76283d50c25ab1b4d34d093a7df062990a925a9c44aa2661abd7d381a4d6cdb64821ef624dd51b72e99af914bca2f80c25b82ac6945df7c7582e6d0ce2cd073e35f1fc120a68ba210410db64592a9aa319b30f2b818c495750e1cea0610e27d52be31e52e501a3bd51b501bc51c2ec8592f679b6e55b9aa58d513fd2bebadc83ba76eb45e5676f130193e9a666b8c8132c9f5141681fbab324b555c5c890d488ac2dd00feead0a20fbd8a46391438e3193edc6fb89161cd864fca98f4f39a2893c933dcd13bc8c5d5a548d24862e8161c0fad7f33aca8c86791d620815fe3f0daddb5defd933d0c10097a7a98e67625420b6c0db7c3e17ab07ea64e6f0f53fdc670799e06a2e3a871d6be363a2639e35339361311e0f528cc433eacea4f79bf217108c7b1d657840253ffdea18bdd1f93cdee63e7a9b8dbcb4ee06162b253e09ea0641f2771bd9823dd210905e9ea495f43194bb471cdeb690e8890b03b50835d53dde1b572dd123ccc8507bb57a45e46c0efb8fb3d5596bddf9782d86dd911636eae2cf64b5829cf8893faf789be3fa22859accf688f5b5da6c29cacc96d477e23b63cc934f685b6e42e1655c9a9b94d6d78402de22b8d9776e3915391aa258e57467d770d65480ba2f6a94b0337965a8c659c42b4e90b14da4697d0c0a6d74774c94c52d8ecb694eee747bdaa6c3a6d60739db18c6446090eebba72e62ab88b0e8b88e728ba8cb133d8524eda89a2bff1c8414da3edfa6f83788331c8a7e5a8af2dd3682d4752190a3c689949abdad8350111373e7fb46151f54a10f79d91940e37efb05f9f157bddcfacf018b65a38ab614807c34a2786af4a1d48c4d1c1abd31815715f9d1b103992207fc664f12c82fd923c57d8e7cfb9f4af55182318d055c704865cf484206d60e34cf7fe9b6ce60b1772c5c7cdacb6695227d80da18ec1f98a434b1aaf9c6b6d082f5663aed2bf267e559dca6b93d3ce34273846fc677f529690482df0a8f782b8ad7269f344f5f2b4d320a7ce2d2fa02284f8db634dc930c3e2b9a629245364acf35d41e9a14c88efde4e742ef1ea4b43d0caf2e70d4a617278823e6403934524debbd933e7676e441a48f630dc8bcccd55d9032d6bf3dea97d1669c39fb865b0e619eeb3f5461e517000f5aee3ef2abdb87d3a76b88e140eb4644a9fbddbdc9e20972cdfacf00bffa3a1ca5f84122c2ebc54067cdaa23967eaeb7bbbfe44e5843382b834fae1f62a066688595e4ee67c7ff9858672355abf7893ebeb4bcf88a62b2237c6e6cec9aebe3f28bfc310ced3a590e88d4bd0f53289206deb9addbf6f3c02115ce4980dadfc112683ae250c2d438fd9c0f2a090dbf122a0072828db798bdb868dcd47384dd3f5eeebc0307a5b268683cd51f312e8f02b5a7746b11a97ac43287d9b9765f03c720503cfe6e0117660a4c00d67895224c4d42b032000a10d7a743054758a8f54941fd5eaf72498b678d1579b3de4e5518f90f1e3d32517d09d7f5da9d180215e66218e9dd64036819cf12638ce82712a6cc79a9ddb36e86814b797d72c2bc58b18ba439e99965f745b4fb7de2878e3186e3e7b835c746b0935f6c67e92e3770bd8d5eb4f66d8175ceb7850e418c55e574db891639aa77fc62bc45dcb734681ede8484d4d4109a9adb8c3d00", 0x2000, &(0x7f0000000e40)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000500)={0x20, 0x0, 0x0, {0x0, 0x1e}}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
r2 = openat(0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x24c01, 0x0)
dup3(r2, r0, 0x0)
r3 = syz_io_uring_setup(0x8d2, &(0x7f00000000c0)={0x0, 0x0, 0x3010}, &(0x7f0000000040)=<r4=>0x0, &(0x7f0000000080)=<r5=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r4, 0x4, &(0x7f0000000180)=0xfffffffc, 0x0, 0x4)
syz_io_uring_submit(r4, r5, &(0x7f0000000200)=@IORING_OP_WRITEV={0x2, 0x0, 0x0, @fd_index=0x4, 0x0, 0x0})
io_uring_enter(r3, 0x47ba, 0x3e80, 0x0, 0x0, 0x0)

24.040192019s ago: executing program 3 (id=275):
prlimit64(0x0, 0xe, &(0x7f0000000040)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8)
r1 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000001840), 0x2982, 0x0)
r2 = openat$procfs(0xffffffffffffff9c, &(0x7f00000001c0)='/proc/timer_list\x00', 0x0, 0x0)
r3 = add_key$keyring(0x0, &(0x7f0000000040)={'syz', 0x2}, 0x0, 0x0, 0xfffffffffffffffe)
keyctl$setperm(0x5, r3, 0x30925)
keyctl$KEYCTL_MOVE(0x1e, 0x0, 0x0, r3, 0x1)
sendfile(r1, r2, 0x0, 0x20000023896)

20.399900751s ago: executing program 3 (id=280):
syz_mount_image$erofs(&(0x7f0000000340), &(0x7f0000000240)='./file0\x00', 0x2000000, &(0x7f0000000300)=ANY=[], 0x1, 0x22f, &(0x7f0000000380)="$eJzsmL9rU1EUx7/35r2XxIro0sHFwYIVbdK8LF0KVhCcRGj9NWmwz1KTNpI+wQakFBcX3RwEFwf/AYeCnRzc/AcEHVQQFMzgIEiXK+fem+QmzzTpazfPZ7h87z3n3nvOyX1nCBiG+W/5+uX35yfnZxbOAjiMCWTt+vcMIITR0vH/9Pz+mWezF168/vjq3eqRh9v959EWpXoXcrvc7wF4O5fBRuemzu4dEhN2sgBJ+gfpK5A4bdevQaBg9S1IXLU6gsANq+86uk7+hcKd5VpUuF2vLZKYpqFEQ0hDuT++1qbAop0rpZRw7GvrzWqlVosajvCs7R+mVKJzWXU8UT8fAVpz0ocTH1Xx+uNHmzRv12ba1E9TgkTJJlGGwLxdn0G2XRtTEif/4173/Ewi/2S2O2+0LxmGJZkzYvbXgRSLRAAjjk2lO2eS0jmXNB1FmnjQu8tH10SVPJiUBz4dLbyhb/GP/bGwtyvG6AFcGjWLp3kA+8orO1KEe82iR4y3tt8nTd923aWU2hjhqYuB78fvX8mNGnP7Q0xf1TyaVbmfig0K7MOW6R/qpcAppz95Tv8oxiv3imvrzanllcpStBSthmE5O2ZsuhEV9Zjoe93+nNf96ZBzvj/AN5ABHlTiuFEyYyAC5BHHjVDPQ+ezmd+q/7xpt8W4COCkmVDbDDonZhJ3iMD4SO1LajLpxDAMwzAMwzAMwzAMwzAMk4oTEPpf0CGEl7X33wAAAP//HVdh7g==")
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
syz_mount_image$exfat(&(0x7f0000000180), &(0x7f0000000380)='./file1\x00', 0x22000848, &(0x7f00000003c0)=ANY=[@ANYBLOB='iocharset=ascii,discard,dmask=00000000000000000000007,uid=', @ANYRESHEX, @ANYBLOB="00646d61736b3d303030303030303030303030303135322c696f636861720300000069736f383835392d312c6769643d00000000000000", @ANYRESHEX, @ANYRESHEX, @ANYRES32, @ANYBLOB="69bf73f92e234554ec87ee5e75fbb975163e06e442e05c723ce6"], 0x81, 0x151a, &(0x7f0000006000)="$eJzs3AuUjlX7MPB97b1vhiY9TXIY9rWvmyeNsQ1JckjIIUmSJMkpIWmSJCEx5JQ0JCHHSXIYQnJqTBrn8yHnpMkrTZKEhCT7W3r7f97+vaf/99Zn/Zvrt9Zes69n33vf136uWfPc973WPF/3GFm3eb1aTYlI/Efgrz9ShBAxQoihQohrhBCBEKJiXMW4S+P5FKT8Zydhv68H0q90BuxK4vrnblz/3I3rn7tx/XM3rn/uxvXP3bj+uRvXn7HcbPvsotdyy72Nn//nZvz5/yeSU3bS5xvLXt/zfzCF65+7cf1zN65/7sb1z924/rkb1//Pr+Y/GeP6525cf8Zysyv9/Pn3b/n+hHv649qV/v1jjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMZY7nPOXaSHEf/WvdF6MMcYYY4wxxhj7/fi8/+6R+f7YRBhjjDHGGGOMMfYHAiGFEloEIo/IK2JEPpFfXCVixdWigLhGRMS1Ik5cJwqK60UhUVgUEUVFvCgmigsjUFhBIhQlREkRFTeIUuJGkSBKi0RRRjhRViSJcqK8uElUEDeLiuIWUUncKiqLKqKqqCZuE9XF7aKGqClqiTtEbVFH1BX1xJ2ivrhLNBB3i4biHtFI3Csai/tEE3G/aCoeEM3Eg6K5eEi0EA+LlqKVaC3aiLb/T/OfF33EC6Kv6CdSRH8xQLwoBopBYrAYIoaKl8Qw8bIYLl4RqWKEGCleFaPEa2K0eF2MEWPFOPGGGC8miIlikpgspog08aaYKt4S08TbYrqYIWaKWSJdzBZzxDtirpgn5ot3xQLxnlgoFonFYolYKt4XGWKZyBQfiOXiQ5ElVoiVYpVYLdaItWKdWC82iI1ik9gstoitYpvYLj4SO8ROsUvsFnvEXrFPfCz2i0/EAfGpyBaf/Q/nn/1v83uCAAESJGjQkAfyQAzEQH7ID7EQCwWgAEQgAnEQBwWhIBSCQlAEikA8xENxKA4ICAQEJaAERCEKpaAUJEACJEIiOHCQBElQHm6CClABKkJFqASVoDJUgSpQDapBdagONaAG1IJaUBtqQ12oC3fCnXAXNIAG0BAaQiNoBI2hMTSBJtAUmkIzaAbNoTm0gBbQElpCa2gNbaEttIN20B7aQ0foCJ2gE3SGzpAMydAFukBX6ArdoBt0h+7QA3pAT+gFveB5eB5egBegH9SW/WEADICBMBAGwxAYAi/BMHgZXoZXIBVGwEh4FV6F12A0nIExMBbGwTioLifARJgEJKdAGqTBVJgK02AaTIcZMANmQTrMhjkwB+bCPJgH78ICeA/eg0WwCJbAUlgKGbAMMiETlsNZyIIVsBJWwWpYA6thHayHdbARNsFG2AJbYBtsg4/gI9gJO2E37Ia9sBc+ho/hE/gEUiEbsuEgHIRDcAgOw2HIgRw4AkfgKByFY3AMjsNxOAEn4RSchNNwGs7AWTgH5+A8nIcL8Gz8l832lt6QKuQlWmqZR+aRMTJG5pf5ZayMlQVkARmRERkn42RBWVAWkoVkEVlExst4WVwWlyhRkgxlCVlCRmVUlpKlZIJMkIkyUTrpZJJMkuVleVlBVpAV5S2ykrxVVpZVZAdXTVaT1WVHV0PWlLVkLVlb1pF1ZT1ZT9aX9WUD2UA2lA1lI9lINpb3ySayPwyGB+SlyjSXI6CFHAktZSvZWraRr8Ejsp0cDe1lB9lRPibHwhjoLNu5ZPmk7CInQlf5tJwEz8jucgr0kM/JnrKX7C2fl31ke9dX9pPTob8cIGfBQDlIDpZD5FyoIy9VrK58RabKEXKkfFUugdfkaPm6HCPHynHyDTleTpAT5SQ5WU6RafJNOVW+JafJt+V0OUPOlLNkupwt58h35Fw5T86X78oF8j25UC6Si+USuVS+LzPkMpkpP5DL5YcyS66QK+UquVqukWvlOrlebpAb5Sa5WW6RW+U2uV1+JHfInXKX3C33yL1yn/xY7pefyAPyU5ktP5MH5V/kIfm5PCy/kDnyS3lEfiWPyq/lMfmNPC6/lSfkSXlKfidPy+/lGXlWnpM/yPPyR3lB/iQvSi+FAiWVUloFKo/Kq2JUPpVfXaVi1dWqgLpGRdS1Kk5dpwqq61UhVVgVUUVVvCqmiiujUFlFKlQlVEkVVTeoUupGlaBKq0RVRjlVViWpcqq8uklVUDeriuoWVUndqiqrKqqqqqZuU9XV7aqGqqlqqTtUbVVH1VX11J2qvrpLNVB3q4bqHtVI3asaq/tUE3W/aqoeUM3Ug6q5eki1UA+rlqqVaq3aqLbqEdVOParaqw6qo3pMdVKPq87qCZWsnlRd1FOqq3padVPPqO7qWdVDPad6ql6qt/pJXVRe9VX9VIrqrwaoF9VANUgNVkPUUPWSGqZeVsPVKypVjVAj1atqlHpNjVavqzFqrBqn3lDj1QQ1UU1Sk9UUlabeVFPVW2qaeltNVzPUTDVLpavZavAvK83/N+a/9XfmD//57NvUdvWR2qF2ql1qt9qj9qp9ap/ar/arA+qAylbZ6qA6qA6pQ+qwOqxyVI46oo6oo+qoOqaOqePquDqhTqof1HfqtPpenVFn1Vn1gzqvzqsLv7wHQoOWWmmtAf56PZBP59dX6Vh9tS6gr9ERfa2O09fpgvp6XUgX1kV0UR2vi+ni2mjUVpMOdQldUkf1DbqUvlEn6NI6UZfRTpfVSbrcfzz/cn6BzqPz6hj96/za6ra6nW6n2+v2uqPuqDvpTrqz7qyTdbLuorvorrqr7qa76e66u+6he+ieuqfurXvrPrqP7qv76hSdogfoF/VAPUgP1kP0UP2SHqaH6eF6uE7VqXqkHqlH6VF6tB6tx+gxepwep8fr8Xqinqgn68k6TafpqXqqnqan6el6up6pZ+p0na7n6Dl6rp6r5+v5eoFeoBfqhXqxXqyX6qU6Q2foTJ2pl+vlOkuv0Cv0Kr1Kr9Fr9Dq9Tm/QG/QmvUlv0Vt0lt6ut+sdeofepXfpPXqP3qf36f16vz6gD+hsna0P6oP6kD6kD+vDOkfn6CP6iD6qj+pj+pg+ro/rE/qEPqVP6dP6tD6jz+hz+pw+r8/rC/qCvqgvXrrsC2QgAx3oIE+QJ4gJYoL8Qf4gNogNCgQFgkgQCeKCuKBgcH1QKCgcFAmKBvFBsaB4YAIMbEBBGJQISgbR4IagVHBjkBCUDhKDMoELygZJQbmgfHBTUCG4OagY3BJUCm4NKgdVgqpBteC2oHpwe1AjqBnUCu4Iagd1grpBveDOoH5wV9AguDtoGNwTNAruDRoH9wVNgvuDpsEDQbPgwaB58FDQIng4aBm0CloHbYK2v+v63p8p/Kjra/qZFNPfDDAvmoFmkBlshpih5iUzzLxshptXTKoZYUaaV80o85oZbV43Y8xYM868YcabCWaimWQmmykmzbxpppq3zDTztpluZpiZZpZJN7PNHPOOmWvmmfnmXbPAvGcWmkVmsVlilpr3TYZZZjLNB2a5+dBkmRVmpVllVps1Zq1ZZ9abDWaj2WQ2my1mq9lmtpuPzA6z0+wyu80es9fsMx+b/eYTc8B8arLNZ+ag+Ys5ZD43h80XJsd8aY6Yr8xR87U5Zr4xx8235oQ5aU6Z78xp8705Y86ac+YHc978aC6Yn8xF4y9d3F/6eEeNGvNgHozBGMyP+TEWY7EAFsAIRjAO47AgFsRCWAiLYBGMx3gsjsXxEkLCElgCoxjFUlgKEzABEzERHTpMwiQsj+WxAlbAilgRK2ElrIyVsSpWxdvwNrwdb8eaWBPvwDuwDtbBelgP62N9bIANsCE2xEbYCBtjY2yCTbApNsVm2AybY3NsgS2wJbbE1tga22JbbIftsD22x47YETthJ+yMnTEZk7ELdsGu2BW7YTfsjt2xB/bAntgTe2Nv7IN9sC/2xRRMwQE4AAfiQByMg3EoDsVhOAyH43BMxVQciSNxFI7C0Tgax+BYHIdv4HicgBNxEk7GKZiGaTgVp+I0nIbTcTrOxJmYjuk4B+fgXJyL83E+LsAFuBAX4mJcjEtxKWZgBmZiJi7H5ZiFWbgSV+JqXI1rcS2ux/W4ETfiZtyMW3ErbsftuAN34C7chXtwD+7Dfbgf9+MBPIDZmI0H8SAewkN4GA9jDubgETyCR/EoHsNjeByP4wk8gafwFJ7G03gGz+A5PIfn8Ue8gD/hRfQYY6XIb6+ysfZqW8BeY2NsPvu3cRFb1MbbYra4NbaQLfyrGK21Cba0TbRlrLNlbZIt95u4sq1iq9pq9jZb3d5ua/wmrm/vsg3s3bahvcfWs3f+Km5k77WN7UO2iX3YNrWtbDPbxja3D9kW9mHb0rayrW0b28k+bjvbJ2yyfdJ2sU/9Js6wy+x6u8FutJvsfvuJPWd/sEft1/a8/dH2tf3sUPuSHWZftsPtKzbVjvhNPM6+YcfbCXainWQn2ym/iWfaWTbdzrZz7Dt2rp33m3ipfd8usJl2oV1kF9slP8eXcsq0H9jl9kObZVfYlXaVXW3X2LV23f/NdZXdYrfabXaf/djusDvtLrvb7rF7f44v7eOA/dRm28/sEfuVPWQ/t4ftMZtjv/w5vrS/Y/Ybe9x+a0/Yk/aU/c6ett/bM/bsz/u/tPfv7E/2ovVWEJAkRZoCykN5KYbyUX66imLpaipA11CErqU4uo4K0vVUiApTESpK8VSMipMhJEtEIZWgkhSlG6gU3UgJVJoSqQw5KktJVI7K001UgW6minQLVaJbqTJVoapUjW6j6nQ71aCaVIvuoNpUh+pSPbqT6tNd1IDupoZ0DzWie6kx3UdN6H5qSg9QM3qQmtND1IIeppbUilpTG2pLj1A7epTaUwfqSI9RJ3qcOtMTlExPUhd6irrS09SNnqHu9Cz1oOeoJ/Wi3vQ89aEXqC/1oxTqTwPoRRpIg2gwDaGh9BINo5dpOL1CqTSCRtKrNIpeo9H0Oo2hsTSO3qDxNIEm0iSaTFMojd6kqfQWTaO3aTrNoJk0i9JpNs2hd2guzaP59C4toPdoIS2ixbSEltL7lEHLKJM+oOX0IWXRClpJq2g1raG1tI7W0wbaSJtoM22hrbSNttNHtIN20i7aTXtoL+2jj2k/fUIH6FPKps/oIP2FDtHndJi+oBz6ko7QV3SUvqZj9A0dp2/pBJ2kU/Qdnabv6QydpXP0A52nH+kC/UQXyZMIIZShCnUYhHnCvGFMmC/MH14VxoZXhwXCa8JIeG0YF14XFgyvDwuFhcMiYdEwPiwWFg9NiKENKQzDEmHJMBreEJYKbwwTwtJhYlgmdGHZMCksF5YPbworhDeHFcNbwkrhrWHlsEr40D3VwtvC6uHtYY2wZlgrvCOsHdYJ64b1wjvD+uFdYYPw7rBheE9YIbw3bBzeFzYJ7w+bhg+EzcIHw+bhQ2GL8OGwZdgqbB22CduGj4TtwkfD9mGHsGP4WNgpfDzsHD4RJodPhl3Cp/7leErYPxwQvhi+GHp/t1ocXRJdGn0/mhFdFs2MfhBdHv0wmhVdEV0ZXRVdHV0TXRtdF10f3RDdGN0U3RzdEt0a3Rb1vl5e4cBJp5x2gcvj8roYl8/ld1e5WHe1K+CucRF3rYtz17mC7npXyBV2RVxRF++KueLOOHTWkQtdCVfSRd0NrpS70SW40i7RlXHOlXVJro1r69q6du5R1951cB3dY+4x97h73D3hnnBPui7uKdfVPe26uWdcd/ese9Y953q6Xq63e971cS+4vq6fS3EpboAb4Aa6gW6wG+yGuqFumBvmhrvhLtWlupFupBvlRrnRbrQb48a4cW6cG+/Gu4luopvsJrs0l+amuqlumpvmprvpbqab6dJdupvj5ri5bq6b7+a7BQkL3EK30C12i91St9RluAyX6TLdcrfcZbkst9KtdKvdarfWrXXr3Xq30W10m91mt9VtddvddrfD7XC73C63x+1x+9w+t9/tdwfcAZftst1Bd9AdcofcYfeFy3FfuiPuK3fUfe2OuW/ccfetO+FOulPuO3fafe/OuLPunPvBnXc/ugvuJ3fReZcWeTMyNfJWZFrk7cj0yIzIzMisSHpkdmRO5J3I3Mi8yPzIu5EFkfciCyOLIosjSyJLI+9HMiLLIpmRDyLLIx9GsiIrIisjqyKrI2si3hfbEfoSvqSP+ht8KX+jT/ClfaIv450v65N8OV/e3+Qr+Jt9RX+Lr+Rv9ZV9FV/VP+xb+la+tW/j2/pHfDv/qG/vO/iO/jHfyT/uO/snfLJ/0nfxT/mu/mnfzT/ju/tnfQ//nO/pe/ne/nnfx7/g+/p+PsX39wP8i36gH+QH+yF+qH/JD/Mv++H+FZ/qR/iR/lU/yr/mR/vX/Rg/1o/zb/jxfoKf6Cf5yX6KT/Nv+qn+LT/Nv+2n+xl+pp/l0/1sP8e/4+f6eX6+f9cv8O/5hT7PL8+O3/cZfpnP9B/45f5Dn+VX+JV+lV/t1/i1fp1f7zf4jX6T3+y3+K1SCOE/8jv8Tr/L7/Z7/F6/z3/s9/tP/AH/qc/2n/mD/i/+kP/cH/Zf+Bz/pT/iv/JH/df+mP/GH/ff+hP+pD/lv/On/ff+jD/rz/kf/Hn/o7/gf/IX/63/WSv3hz5JZ4wxxhj730D9i/H+f+c1+Uu7ZIAQ4uqdRXP++5qbC/21P0jGd4oIIZ7s1+OB/2q1a6ekpPxybJYSQclFQojI5fk/X13+Eq8QHcXjIll0EOX/bn6DZK/z9Kv19a/GL60fvUWI/H/zWoy4HF9e/6Z/sP4jj43LqBSei/vH+UcXCZFQ8vKcfOJyfHn9Cv9g/cLt6J+/P/k+TxOi/d/MiRWX48vrJ4lHxVMi+VdH/ob8Z4OMMcYYY4wxxv68Bsmq3f7F/efP9+fxf3NbnVdcjv/V/TljjDHGGGOMMcauvGd69X7ikeTkDt24wx3u/O/pJGoh/tBTXOm/TIwxxhhjjLHf2+WL/iudCWOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxlnv9//jGsiu9R8YYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY+xK+z8BAAD//+DHLUI=")
sched_setscheduler(0x0, 0x2, &(0x7f0000000040)=0x8)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
llistxattr(&(0x7f00000001c0)='./file0\x00', 0x0, 0xfffffffffffffdfa)

18.573638408s ago: executing program 3 (id=283):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
kexec_load(0x0, 0x1, &(0x7f00000002c0)=[{0x0, 0x0, 0x0, 0x10000}], 0x0)

14.245426114s ago: executing program 0 (id=290):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000400)=0x6)
r1 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x400000000000041, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sendmsg$IPSET_CMD_SAVE(r0, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000140)={0x1c, 0x8, 0x6, 0x201, 0x0, 0x0, {}, [@IPSET_ATTR_PROTOCOL={0x5}]}, 0x1c}}, 0x0)

14.15673915s ago: executing program 5 (id=291):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000440)={0x11, 0x13, &(0x7f0000000080)=@framed={{0x18, 0x8, 0x0, 0x0, 0xffd0}, [@func={0x85, 0x0, 0x1, 0x0, 0x6}, @map_fd={0x18, 0x0, 0x0}, @generic={0x66, 0x8}, @initr0, @exit, @alu={0x6, 0x0, 0x3, 0xa, 0x0, 0x2}, @printk={@x, {}, {}, {}, {}, {0x5, 0x0, 0xb, 0xa}}]}, &(0x7f0000000000)='GPL\x00', 0x2, 0x2, &(0x7f0000000340)=""/222, 0x0, 0xc, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)

13.857398232s ago: executing program 3 (id=292):
pipe2(&(0x7f0000000200)={<r0=>0x0, 0x0}, 0x0)
r1 = fanotify_init(0x200, 0x0)
fanotify_mark(r1, 0x1, 0x40001043, r0, 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x0)
mount$fuse(0x0, 0x0, 0x0, 0x2b38094, &(0x7f0000000400)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=0x0])
mount(0x0, &(0x7f0000000380)='./file1\x00', &(0x7f0000000040)='autofs\x00', 0x0, &(0x7f0000000400))
chdir(&(0x7f0000000080)='./file1\x00')
sendmsg$inet_sctp(0xffffffffffffffff, &(0x7f0000001200)={0x0, 0x0, &(0x7f00000004c0)=[{&(0x7f0000000180)="bb", 0x1}], 0x1, 0x0, 0x0, 0x80d0}, 0x8005)
r2 = open(&(0x7f0000000000)='.\x00', 0x0, 0x0)
mkdir(&(0x7f0000000400)='./file0\x00', 0x0)
mount(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000040)='ramfs\x00', 0x0, 0x0)
ioctl$AUTOFS_IOC_PROTOSUBVER(r2, 0x40049366, &(0x7f0000000180))

12.748717079s ago: executing program 5 (id=296):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
r0 = gettid()
timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r0}, &(0x7f0000bbdffc))
timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x989680}, {0x0, 0x3938700}}, 0x0)
r1 = mq_open(&(0x7f0000000380)='eth0\x00#\x13\xaeu\xe0\xfbu0*\xf3\x11i\xdd\xd9\xc6\x87\xde\xbf_\xa0\xf6\xdfk\xbf.\"\xa6\xc0#p\xcd\x1c/\xa6\xf2\xbcyL\x85a\xb5\xbb~+>\xbc\x93\xf8\xab\x9a3\x85l\x1d\x15\x11\x1a{@!2\xb6!\xae\xf79k\x90\x88\v8I$\xfdQ\x1d\x90=r\xd8\xc0\xd8\t/\x8dv\xb8\x93\xc3C\xae\x9dc\xd1T\xdd\x14\xd3A=z\xee\xbd/X\xbemOX)s\x94\xde\xbe_\v\x01\xbe\xeb\bLTrw\x88\x9e0\t\xc6\xe2\x9c\xed\\\xd8[\xc8\x04 \xf3\xac]V\x1d:\xfc\xc3\x9e\x02\ax\xef\xfe\x1c.TT\x01\x00\x00\x00a%\xdcQ\xb3CuT\xcc7\x8avs\xb2\a\xfe\xb3j*\xad\x18I\xcc\xe9\xaa{]\xef\xb7\xf2\xee*\xf95\bJt\xd0s\xc4\xaa\xc8\x13~\xb2\xf20\xbdf\xdb\xaeG\xe3\xfb\xef\x94\xef:Q\x1b\xe3\xa3\xa4}\xef`e\xcdL\xab\xdb\r\xf2y\x9fg1\xf4\t\x18i/!\x13\xf1,\x8cu\xaa\xbf~)\x94\x1b2\x93\x86\xe7\x9a\xf2j\xa8\x96\xa6\xa2\xfcN\x81\xafTh\xb3\x1bo:\xe8\vq7S\xe4H\xf3L\xa0\x9c\x97B\x12\x10\x9d\xaa\x7fq\x06\xb9(\xf6\x1c\x83\xb1J\xec\x926\xb5a0\xa0B\xae|\x00\x17\xc0\xa3\xd5\xf9\xaa\x98/\xa4v\xe4)I\xf3+[e\x95\x89\x99\xca\x8e\xc5\xd3\\T\xf0\x1a|5\xfff\xff\x99\xa4\xbb\x9e#oR\xa4\xf1\xba\x04c\xb3-\xf7R\xb85\xb5\xdb\xe9?\xfa/\xdf\xb4R\xbfx=\v_j\x8e\xb0\'\xf4\xe5\xff!\xe1\xbf\x82e\xb1\x9b\x8d\xf3L\t\xd21\x9cbwV\xc8\xcc\xe4\x96M_w\xbc\xdf9\b\r\xf6\x95\xae\xb5,\x92\x8c\xc0DQm\x80\xd1w\xa2\x1a\x12Z\xe5\xf4H\xf7D\n\x96J\x93\xfb\xf0$\x9f\xf7\xa2\xae$O\xa3\xb6\xf5\x98\xd3\v\x00\x86\xa5\x8b\x81\x04\xaf\x03s\xe5\x86>\x0e\xa6\xe6\x1aV\x17\x8b\xed\xa7\'\xd0\r_\xe8,XVR\x13\xe5%\xb9\x88\xb8W@D\'\x17A\xc8\x80\x02J\xd4V\x00wH(\xc5v\f\xc9\xb6\xdf..$\xe6P(_\xf1\'\xc1:\xa3\xcb\xd9\xd1\xc7\x13\x99Md\x1dc\xf1\'j\x03!\x13\xd1\xb8\xbf\xe6\xb2M\b/\rp\xa5\x00\x00\x00\x00', 0x40, 0x9, 0x0)
fcntl$setlease(r1, 0x400, 0x0)
mq_open(&(0x7f0000000b40)='eth0\x00\xdd\xad4=2k\xf1\x05\x9b\x91y\xe1;F\xa2\x8df\xe9\x04\x00\x00\x00\x00\x0078z=\x8f\xd5F\xa4AR\xc7\x9f.\xdc\xdb\"A\x16\xd8\x19\xf1lZ\xc8\x93\xda\xf2\xc9\xe8h[u8\xc6\xfa\x9ep\xbe\a\xe2\xf5\xa3Y\x9f\xe1\x04gM\x99K$\r\xf1G\xee\xe1\xbd\x1e\xdf\xe1\x9c\x19\xda\xd3\x94EL\xca\x88\x85Q\x02\xd9L\x90\xeb%/\xb1\xeb\x11uP7\x1f\xd9b\xebF\xf8\x88\xf0\xac.\x94\xfc\v\xb1W\xef~+n\xb1\x9b\x02n]xr\xb3\x80\xbc>\xe8XX\xe6\x12\xf3\xc9\xd5\xf8\xd1\x8d\xcb9\xbf\xb0(<\xeb\x92\x8a\x16\xb7\x11^\xb6\xb7n\xd5\xb5\x00[\xdf\x94\x00\r\x95\x17\xa1h\xf8\x00\x00\x00\"\xa0\x05\xcc^\x90c\xc9}\xb8\ny\xf4\xe1\xb4.\xa4\a\x05\xbb}\x91\xf4C\xf5O\xf1a\x12\b\x86\xa16\xbb}C\xc9\x1d\\\xedD\x14\xb1w\x1e\xa0\xc1E\xb5\xf8\xab\xfb\xd9\x93\xb8vJ\x85p\xb5n\x1b\xe4\xd5g\xae\xe4\xeb\xca\xae\x1bs\xd4\xf0\xc0\xdag\x19R4\xd4\xd4\x04\xfc\x04Zb\xf6\xba\xf8B\xf6YU\xcd\xf2\xdb\xb5\xa2\xda\xdf\x8dD\xef`\x13\x15$\xceq\xd7j\xd7\xe3V\xf2\xa2\x95\xcf\x18T\xf1\xb0\xf3\xf8O', 0x1, 0x8, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r2, &(0x7f0000032680)=""/102400, 0x19000)

12.72688946s ago: executing program 2 (id=297):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
bpf$MAP_CREATE_RINGBUF(0x0, 0x0, 0x48)
r3 = syz_open_procfs(0x0, &(0x7f0000000200)='net/ipv6_route\x00')
pread64(r3, &(0x7f000001a240)=""/102400, 0x19000, 0x100008)

12.595355204s ago: executing program 3 (id=298):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f00000001c0)=0x8)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x6770c000)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000080)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
setsockopt$SO_ATTACH_FILTER(r4, 0x1, 0x1a, &(0x7f0000000040)={0x3, &(0x7f0000000340)=[{0x20, 0xc, 0x77, 0xfffff038}, {0x28, 0x6}, {0x6, 0x0, 0x0, 0xffffffff}]}, 0x10)
sendmmsg(r3, &(0x7f0000001c00), 0x400000000000159, 0x40840)

12.539429097s ago: executing program 4 (id=299):
socket$inet6_sctp(0xa, 0x1, 0x84)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x9, 0x100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000100)=0x9)
openat$sequencer(0xffffffffffffff9c, &(0x7f00000000c0), 0x8200, 0x0)
r0 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r0, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040)={<r1=>0xffffffffffffffff})
r2 = syz_io_uring_setup(0x88f, &(0x7f0000000300)={0x0, 0x17da, 0x0, 0x2, 0xbfdffffc}, &(0x7f0000000000)=<r3=>0x0, &(0x7f0000000280)=<r4=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r3, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4)
syz_io_uring_submit(r3, r4, &(0x7f0000000180)=@IORING_OP_RECV=@pass_buffer={0x1b, 0x0, 0x0, r1, 0x0, 0x0, 0x0, 0x10001})
io_uring_enter(r2, 0x75fa, 0xe475, 0x0, 0x0, 0x0)

11.17552537s ago: executing program 2 (id=300):
syz_mount_image$vfat(&(0x7f0000000040), &(0x7f00000000c0)='./file0\x00', 0x800, &(0x7f0000002180)=ANY=[@ANYBLOB="726f6469722c6e6f6e756d7461696c3d302c73686f72746e616d653d77696e6e742c756e695f786c6174653d312c636f6465706167653d3836342c636f6465706167653d3836352c726f6469722c696f636861727365743d6b6f69382d72752c73686f72746e616d653d6d697865642c757466383d302c726f6469722c756e695f786c6174653d312c001533912f7d7b3f05c87b0b"], 0x1, 0x26c, &(0x7f0000000340)="$eJzs3U9rU1kYB+A3bTpJC0OyGCgzDMwdZjOr0HaYfcrQgWECipKFriw2RWlqoYWCLtruit9Bv4Iu3QouxK1fQASpghvrqgshEm//JDWJjZpG7PNs+nLu++Ock17upYueXPl1eWlhZW1xd3cn8vlMZMtRjr1MFGMkRiO1FQDA92Sv0Yg3jdSw1wIAnA7vfwA4e3q9/zNbh2PnT39lAMCgfNHf/yMDWRIAMGAXL13+f7ZSmbuQJPmI5e316no1/Zlen12M61GPWkxFId5FNA6l9b//VeamkqaXxcgvb46k+c316mh7fjoKUeycn05SUW3mDvJjMbGffzYRtZiJQvzUOT/TMf9D/PlHy/ylKMTTq7ES9ViIZjbN5yJiYzpJ/jlXOZbPfegDAAAAAAAAAAAAAAAAAAAAAIBBKCWHiu3n36Tn95RK3a6n+dbzgcZ7nQ/U2Dx2vk42fskOd+8AAAAAAAAAAAAAAAAAAADwrVi7eWtpvl6vrfYqbjy592gnlwY+2dy7yOzP219qu2fP+Ml2caz48fcXdzpdykWu38/n84qxiGgdSfanfPjbACf9WsXjnWs//7U2+Xe3nsi2jtxubrWtp8uNlB3UB/66ENG1J9/3Ddla3D8oym8/6jm4lWqr48P+xU3eLc8/2Hj+6qSpHg+NxuggHkUAAAAAAAAAAAAAAAAAAHDmHf3T77BXAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADDc/T9//0WuWgbyXdt3hr2HgEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA4H0AAAD//7qXlSU=")
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='memory.swap.events\x00', 0x26e1, 0x0)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000440)='blkio.bfq.io_wait_time\x00', 0x26e1, 0x0)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='cpuset.effective_cpus\x00', 0x275a, 0x0)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000000)='memory.events.local\x00', 0x275a, 0x0)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='memory.numa_stat\x00', 0x26e1, 0x0)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.stat\x00', 0x275a, 0x0)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000440)='blkio.bfq.io_merged\x00', 0x275a, 0x0)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='hugetlb.2MB.usage_in_bytes\x00', 0x275a, 0x0)
r0 = open_tree(0xffffffffffffff9c, &(0x7f0000000640)='\x00', 0x81000)
renameat2(r0, &(0x7f0000000140)='./file1\x00', r0, &(0x7f0000000240)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x0)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='blkio.bfq.io_serviced_recursive\x00', 0x275a, 0x0)

9.650480368s ago: executing program 4 (id=302):
r0 = creat(&(0x7f00000001c0)='./file0\x00', 0x0)
close(r0)
r1 = socket$inet6(0xa, 0x2, 0x0)
bind$inet6(r1, &(0x7f0000f5dfe4)={0xa, 0x4e20}, 0x1c)
syz_emit_ethernet(0xbe, &(0x7f0000000000)={@local, @link_local, @void, {@ipv4={0x800, @udp={{0x5, 0x4, 0x0, 0x0, 0xb0, 0x0, 0x0, 0x0, 0x11, 0x0, @empty, @empty}, {0x0, 0x4e20, 0x9c, 0x0, @wg=@initiation={0x1, 0x0, "7b4b143b7461fd777b1c012bd14efb9f49fcdb8f080c26a04883ad5c8c82b8af", "584cbf2649a50f2dbc43efa8698dfa871c51852e4451b57d037ad3c045942824251d7d17b5191584cdd4fbe40a27424d", "bcfd56f1373669caaa2f19935e6996c7096ffe4f3a4745a8f762b964", {"9a3bfbc1f39cb307b3472eb9cdb042d2", "643fcbb2c5a57df67d544af6e8dafe09"}}}}}}}, 0x0)
openat$mice(0xffffffffffffff9c, &(0x7f0000000040), 0x80082)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000140)={0x6, 0x3, &(0x7f0000000680)=ANY=[@ANYBLOB="1800000002000000000000000000000095"], 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
r2 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000480)={0x6, 0x3, &(0x7f0000000680)=ANY=[], &(0x7f00000002c0)='syzkaller\x00', 0x7, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000600)={r2, 0x5, 0xb68, 0x0, &(0x7f0000000000)='%', 0x0, 0xd01, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x48)
recvmmsg(r1, &(0x7f00000057c0)=[{{0x0, 0x0, 0x0}, 0x3}], 0x1, 0x0, 0x0)
read$FUSE(r0, &(0x7f000000c400)={0x2020}, 0x2020)

9.612993185s ago: executing program 5 (id=303):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000240)={0x11, 0x3, &(0x7f0000000340)=ANY=[@ANYBLOB="1800000000000000000000000000000095"], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f00000004c0)='contention_begin\x00', r0, 0x0, 0x2}, 0x18)
r1 = syz_open_dev$dri(&(0x7f0000000000), 0x0, 0x0)
r2 = syz_open_dev$dri(&(0x7f00000008c0), 0xd21, 0x0)
ioctl$DRM_IOCTL_MODE_GETRESOURCES(r2, 0xc04064a0, &(0x7f00000001c0)={0x0, &(0x7f00000000c0)=[<r3=>0x0], 0x0, 0x0, 0x0, 0x1})
ioctl$DRM_IOCTL_MODE_GETCRTC(r2, 0xc06864a1, &(0x7f00000003c0)={0x0, 0x0, r3, <r4=>0x0})
ioctl$DRM_IOCTL_MODE_GETFB2(r2, 0xc06864ce, &(0x7f0000000440)={r4, 0x0, 0x0, 0x0, 0x0, [<r5=>0x0], [], [0x0, 0x0, 0x10]})
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r1, 0xc02064b2, &(0x7f0000000140)={0x3ff, 0x2, 0xb5})
ioctl$DRM_IOCTL_PRIME_HANDLE_TO_FD(r1, 0xc00c642d, &(0x7f0000000080)={r5, 0x0, <r6=>0xffffffffffffffff})
ioctl$DRM_IOCTL_MODE_GETFB2(r2, 0xc06864ce, &(0x7f0000000280)={r4, 0x0, 0x0, 0x0, 0x0, [<r7=>0x0], [], [], [0x0, 0x3, 0x400000006]})
ioctl$DRM_IOCTL_PRIME_HANDLE_TO_FD(r2, 0xc00c642d, &(0x7f0000000100)={r7})
ioctl$DRM_IOCTL_PRIME_FD_TO_HANDLE(r2, 0xc00c642e, &(0x7f0000000300)={0x0, 0x0, r6})

9.478559095s ago: executing program 0 (id=304):
bind$inet(0xffffffffffffffff, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8d}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4)
sched_setaffinity(0x0, 0xffffffffffffff1a, &(0x7f0000000200)=0x400000bce)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8)
bpf$MAP_CREATE(0x0, 0x0, 0x48)
write$cgroup_subtree(0xffffffffffffffff, 0x0, 0xfe33)
open(&(0x7f00009e1000)='./file0\x00', 0x60840, 0x0)
mount$pvfs2(&(0x7f0000000040), &(0x7f0000000080)='./file0\x00', &(0x7f0000000140), 0x40, 0x0)

9.223207594s ago: executing program 1 (id=305):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
r3 = syz_open_procfs(0x0, &(0x7f0000000000)='net/netstat\x00')
read$FUSE(r3, &(0x7f00000021c0)={0x2020}, 0x2020)

9.223040294s ago: executing program 2 (id=306):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x3)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8)
syz_open_dev$ptys(0xc, 0x3, 0x0)
r1 = syz_open_dev$vim2m(&(0x7f0000000040), 0x8, 0x2)
ioctl$vim2m_VIDIOC_G_FMT(r1, 0xc0d05604, &(0x7f00000001c0)={0x1, @vbi={0x0, 0x0, 0x0, 0x0, [], [0x1ff]}})
setsockopt$MRT_ADD_MFC(0xffffffffffffffff, 0x0, 0xcc, 0x0, 0x0)
setsockopt$MRT_FLUSH(0xffffffffffffffff, 0x0, 0xd4, 0x0, 0x0)
name_to_handle_at(0xffffffffffffff9c, 0x0, 0x0, 0x0, 0x0)

9.067672989s ago: executing program 5 (id=307):
creat(&(0x7f0000000240)='./file0\x00', 0x0)
pipe2$9p(&(0x7f0000001900)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r1, &(0x7f0000000340)=ANY=[@ANYBLOB="1500000065ffff048000000800395032303030"], 0x15)
r2 = dup(r1)
write$FUSE_BMAP(r2, &(0x7f0000000100)={0x18}, 0x18)
write$FUSE_NOTIFY_RETRIEVE(r2, &(0x7f00000000c0)={0x14c}, 0x137)
mount$9p_fd(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000040), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r2}, 0x2c, {[], [], 0x6b}})
chmod(&(0x7f0000000140)='./file0\x00', 0x0)
r3 = creat(&(0x7f0000000300)='./file0\x00', 0x0)
r4 = syz_open_dev$loop(&(0x7f0000000080), 0x47ffffa, 0x62800)
mmap(&(0x7f0000001000/0x4000)=nil, 0x4000, 0x5, 0x12, r4, 0x0)
write$UHID_INPUT(r3, &(0x7f0000000540)={0x8, {"1a17924ab218eacb15a3fccf929e2dd2497903c1f853d95b995c65e99449ff953fa11c7723b2149ecdaa7f833f60e13b19a66e963f7e8da4297ebbfdda5b36fb4d01bd02e6c652dc4d99e2cb82c2a1d4a45e4c89ba9994e82f854bbc34a40b3a58aa256c9b4512fbf91b9846446c4909e4ec53982e7d7fd11ee0bdeab0bb4c469c9665dde8cb58f0ca148223b6cc4e2f306cfbeccedec8db5212f2fc4e14f836c68bdace4db1afbde9d463e5ac24567925b5fdf0e3af1a52dbd7669fe9227302c8f635bc2ddbf5bd7dccd7b92a9bd5c7363375a57851c2bc72509f2005f138f5a59cf85e9ddb1c972c89d50806e8941b7059cd3eca77527a7f20af70841b4d6f026614bdbb276a6814cc74d91856b968c5fdb52674d892a90d01ab91841b6811def78bdac9bc6f9df2598569fbdfef75079832b2750801dc83fd1987713c61136ac9e5f2f7e67f302109bb9a7fea75290b506a89a19d7e0e472937a8c9ecfe16ef6eb88c7a88a060756196d55d6a3d3f7cdf9915d22b6b3af69ec55017b821ec0621e8a59414efc2b46977a85846b53ae75a350947afcafbdef7233cc371bc2a6f29c0315b352ac2741c81df534303ddb30a4408db5679d05d245259c245c9d7f861711cc287cfd0462b948512623b921060386c587fd166df29e71ecfc8ed90031e95b2af1406b5ae73f6084e39e88194e3d37dc801982656b5b66342d74100f9f5b8c94c1e91b626bbf426a07b4be91dbdb76a6e40d0b788f89359e462e69bc4499fd4f9aa1e7f0c3f73a996b6ecef606c7651286e1f18a6823eed7191cd542057eaaf09aa32e8ce370c09050278b85fd359b8ca23e66e9d294ec57b3ddd90409d9b1ca28c6993b244f8ca46f6bf478ff22fb1df53e33abdda4b2b1e5cff7de19957bdc8e7ca39e4762204b1f9f33b9375b7282422b91841706751038e42023ba45c1cd0998c1794c1c2a5ff65466189bbb27bcbf01e5a48bfd8b6845f7d5c87d977df4ded5273ebf56b96c50b4eadc44bfaa0994259eeb1031644415fa9d729753d2138b06f9b7b624d9eeb1ef71dfdff0b639078f058c7a070451c4670af0c6eb1202f77be82faba9b6287995066b5f7e59b7967706d8d8c5bde48137e13df537ae54664fe4e8460b1bdf5b92a1dcf39ee1726bc6690d0ac5f799bcfab918c59cb132c45054ba17b8a44d505ad3eaeee95b4275b25b2087da8902552727a1e739014df348cfa3a1102661c35a6a38df6c410f5343577955dd57de5af089e3f1bcdf96d4ef1d5944243470b0ed10616144cccc5cac44e36fefd9441120c5d047867af0ea353da21fc0ae73b78b84d53a62efeb94ea8d441cc698c92fd7b36cf41472d036c5093bbdf943620c29ffa3b21ef4a0bb9274912b046834ee6f855ceadf18fb488040d5829ab6e8bf69a90315f7f84d002ac4e929e9f1010a8486746bd316799ba3a65744980c388202324ba50768c77a8481ba74d135da7507048c82714a8234837b69922126e4084a68f7418bfd26417cade786c7f8185e2492e3b64eb9d2c2c721504c7b4aeb383503f745fd69315c56b5b0158decd1b1606a63366b7e2d2b9124b6efca4480c703c8f37d6ddff55b0ec15f2ce6be6c902d06aec2ccabeba13b442b608076c33d19e690ab66cf6678d679758d22fb5d8d963f25d00c45576f8b2938543080297b9cb6c305e3131d2f412f00370c285251909f8ebefc3d18a23e25a183997b08251450b29fff32781e6a70e6e070ab3921f3f809392deb732d6f30cc034b5f77d41218bca86d515b16da0457dbf7aaefdcef9d5358e7b4f1e5d1a410f55449e765609d122f938fd57b71482244dff0523067cabfd322fc47aca1c331112e3d969f5fe3594c3c7adea7c36e9b9af6754cdea5ccf05b139f783d4b24540c50a6a9f7dff472d47c87c151d8439b5740cd1f423335dae2680050bd44766159cba66666b7dbc9e190130494327a0d8c9dbed5c8b831ce2b2bb236353ff7175a48b61a0f3209fa3db44f07a21a485ef1682a33cdf632ac2d6ca993b6cd90913e31704bb851711e1f2b5ebb19baaba102dd42d550933e9dfc17311665fef4d0206d7debbcbbd97efafffb905bf9a77b8eeb67d5f8bef8526f6f8607672bb3c50b14e16c264265594e05fa481f724290abdc9f60a899f26033236e3b90548c24288a7b627b51c4d7c638c359ec6325b0d79e1d69cf18cd9136a263b6aa84ad062b9831fc7c201b7ccec7d3b7ea2132ee4579632bf614bcde285527c36ef8a8e12651ef34a677a8d2f84360afa2f2245e4e0d61a12e8e446045fae61375082f983363795f11848edad24b3f7ae53f0eeb329fa62b6d7b446e3b2c1257981f9c0c3ea371c71021af834a285203b2e3177ddf5251044ea215c048f78701dec36a94ca3c435278d1fd889996adf5ea7c8db62f2b1331bc22c4b7798d587a5c4e619b7b576e19d92996bc0bdc0c8c15374e11b6eeda0e18b35aac4b96db9cdba025080bf5bea4ffdf4fa3c93ec5feede0a140f7f6727ef255783565935d59d348aaa6d12c060afd5f6d084346309d8cbf54b33050ecccf30ae083c4034165880214a94a5296427e2fcb6d90692a82212b6b8d86c6d163f0643944aaba4af1171aed463994f1374e1ec1654b89b04e9d635074e8d131bc2443daf1caad455671470329a287f4c711cb907403d5c05184cd3a647823b5b9c6dc4451fdde92dc1cb87010197026458b40d4809ab60aca1af6bb3702a3e0506cdd21faa6d9909f4ed74723de75fc48d44314fa3cc0c8e8ea226ec1d5875b9595aeacdff0a9f75b4a60dde781c58179f997ecb6479c91ecacc65bfe293a2d26c21ae7c1d7be1241cc1c4ea86a6cf8d93012bd98508aae8db723ff167026298cab227b7d0062c27ccc8e81df7268423ad063638760b44e77147ee9bd84140166ae2bfd592f845ca68c719f7520ae3c9988cc89db73bf93ad6f2f7d9394b2288f0176723acd167081ade4e066a26832f7b655cd874aa5026a7369bb9912c90599d1407f0488a9c540a31997890f5433bd1df91ba13a9e0721c9a707eac7cff1c3efef6cd716779c7ad631c3560caa2031d9d2591329c1867d0d5f96b5897cac2c6a381f0ce5c27969c2b3e7d188e1e896d815b01a3e177933817325953140272ad718a36ae522d43de109ba92255ee66d2a14897f2b2014dc9a495c108727e0eef54df617e269e43a0c48d28a91aaf14d58719e21ea39c1c534e39a1dfabb61377b55d2f69fe79c7d5111b8b952c388925ea8ab1503ae68bce95a34a10a85aa0e5da52add14b93eaac5861a6504e23dda8034e809253c1071ddda934663faac454cd378c5725f5c6f4d943779994357185e512a4b6993156e624f25d86d24e7254d3e9b231aa80ed5a32e108cb528d402f93e58c25ac937420ff7dcd7d9ec2126c7fe7cefa47c038f23de40523d5e026fe3bb4cfd3040f9bd9631cf5a2cde1e20a6032703cd64c2ad97ea95d05a7aa3ea3b3b9d5a86961116dd1338c0a2caae0ceab3178ac7736dfa8a949cd81d261748e6678cb730b57468fb2b7e22c5eb08ad496e76775dce0c31950a596580ad7d6c3fd9ce90dded340f20b77fe53e81fb6e2a7a6c450b8ac9009c7c077893f704457a90401fb758c0769fbfd38e40ae692e410b889bbf0b09a32dc731b6768c0fa3963a5b6279b6a5db611174339f3218fff567f6cfb7377ddc8e2c730da35cc3ec680a6bc95010dd03834caab7afb2c0023ad9ce3aae3c0fd1ece42ea840bf5fc798a0b5fbe7692f13549cdba4a0b68f722ef6877856a76fc3c39f7cfd760675a9f341d9f09f381972be9171e50455ed13e665e61a03b0c2a79276a871c25fc5c486639a71a8dfdf36174373b8995014752aba3026045be6b43074ac3824d687bbf5f6544228cea52791828f54980ee9f728534ea32edd205aaace717adcf61ce28f92719048d44b09812bcfd2d22cc9d7a45ed6b4634756f6b3189908c71728c373ea94aa5c74ce4a73c20138b8cb21db6e2dfb35329b86b1805a5208dd370b8342ca8aa3cbd3e7a3ec79d7b8ee677b04e19c524ddc6de0b22443ac15de908f61719399d0f9890ca2b0283a7db914944f424af10ba0ec9e3e253c060d7b28552eaae5eed1e906f8f93c2195293deabdad6cb38ddab51603e4a96ef1e086de911fb716ffbca467294d9e66e5d0f8225bc28d6c074c4ffba76706f61b0b386b7e4b6500a15fad291f34f6c84f1596a97512f31196a529a7a5725437c038e17d531da3838c8aef3bade6bc1d4c7624560d4fba72e5f8be2c5dc905e1e4bcb2aa7eddb275408ef4288ac69c7a18ae58fb26c2f5a6964f051b81d2e426fc2a5d8617050341b96d5a746e3419fbe94bd3752403868b655c2dba6f48ef109a2e6ec0041842fae52bfab70481ecfe8d27f3d5e444f1b941d871c8057cbe35df68665bc3aadea02d203b106d1179a428daa7d9fea9dbddd8955bb289a92ec790de74cd6a1edf925ab85471633dedf8ba46abe456963a2381addce2aa16c06dd80bb54d8e53d7c82607916af175061da29122afde8687add6b6f42233b76a1164893dcc1ec3dcf935576d2d0f3ab3b1adbace086da915234b4f9bad0afc2915608fc4f6611dc3b91d7e0e48cb0a0f3fdc70ef70ef82043afbd3325f0f6186390ab28ca9f0009184637530d79f0c5a77c6e912afbe6533988f543fc6c02d3d44fbdb0e2ebfad2680184f1ed451991667df958a71fb41cf4367bdb931389ea8b6340e225b312a09dadd8e2ac2d200db6e75323d48c73c6b819e13f92b01bf405e796a2e10b863e773598abcbcc196987e18b19530337809b56480778207103a12acfff1c0ad62846088251a1a0d0d6b300059a99698c84ccac78d53eb32e3984001978db7679960b4d75d71b49696909826c66320526fe02a060265821d15b8b2337121a201402a118ec03ff0d4f3dfa48f2dadd20b510ecdf4e6440b5b2466b9bf28e32327189f0405245694a6371dbe4eae7a8293cdc15193c284123d64690120634f808096a8f3f7a04a5bac9dd86c09f2e4e87c7d7c98d0b370e84ea5f265730f5480eb1375d4f82c7d4efbb6e58c5a92848331b2becd2531f6c456b5d0e690b102dd8faec55bde56f95727f4abf52c58543faaeb9cefd39bba788bd7e2b02b27ecbc1679a1ac00823c83e1ae29690cd25544d3ae0a8db25e963e9fb5bd94987637ac3546b9b312bf04d5c6211c135e806525d423fde9ccb5ef7962ec1e056e6f29adaeebb331f6c234586d1fe21577f56d620c6942a29d4915772144cc60008d1236db21100d5a3112c29396b9e18cdb5b104bed2df2b6ea72c9aa03bb6082f3eb07f0eae359864967a749492d21005b0d39c9613c20b1e21700ab66a4f5ca03ec08d67b95f759252d758743820ba243032e1708447fbaebc27e1316af4cf547cef3ac4966a1f04dd07012f257a0204107c23a0046b12493d9784b24dc561c1f88e591056bcc3b338ab1de65e5ad578021f26f93e9b12f00b5f8c8ae2db6b7b8f254303c7ff06514735974e65fb9a93dc79b115a12310040490ca11ef315340af104e20a2e22dcd132f7d7a61d9d3a12e832ee048a2170dbe03d747ed7402180eb964fde0ecb77e778b18a4e5a83479bb7e0ea0a7d5145ffed4607bd7e6b8f961625d5e3dcac2d4a05e71dc9c2e52195bd55aed4e6749dc1c329e2cda966d18e9bf882c05db627c1047fc71533bbba2c8a83d04db5bad6da349a9ad1992eb88e0274d32a16137e2396ad973c0ecbbc2d243e68b6959bf9b", 0x1000}}, 0x1006)

8.045243303s ago: executing program 1 (id=308):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8008b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000280)=0x8)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000180)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r3 = syz_clone(0x0, 0x0, 0x9, 0x0, 0x0, 0x0)
ptrace(0x10, r3)
ptrace$ARCH_SET_GS(0x1e, r3, 0x0, 0x1001)

6.715981926s ago: executing program 1 (id=309):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000440)={0x11, 0x13, &(0x7f0000000080)=@framed={{0x18, 0x8, 0x0, 0x0, 0xffd0}, [@func={0x85, 0x0, 0x1, 0x0, 0x6}, @map_fd={0x18, 0x0, 0x0}, @generic={0x66, 0x8}, @initr0, @exit, @alu={0x6, 0x0, 0x3, 0xa, 0x0, 0x2}, @printk={@x, {}, {}, {}, {}, {0x5, 0x0, 0xb, 0xa}}]}, &(0x7f0000000000)='GPL\x00', 0x2, 0x2, &(0x7f0000000340)=""/222, 0x0, 0xc, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)

6.715847158s ago: executing program 5 (id=310):
syz_genetlink_get_family_id$nfc(0x0, 0xffffffffffffffff)
r0 = socket(0x8000000010, 0x2, 0x0)
write(r0, &(0x7f00000002c0)="fc0000001c000704ab5b2509b868030002ab087a0100000001481093210001c0f0030584050060100000000000039815fa2c53c28648000000b9d95662537a00bc000c00f0ff7f0000b400600033d44000040560916a0033f436313012dafd5a32e273fc83ab82d710f74cec184406f90d435ef8b29d3ef3d92c94170e5bba2e177312e081bea05d3a021e8ca062914a46ccfc510bb73c9455cdc8363ae4f5df77bc4cfd6239ec2a0f0d1bcae5fa0f5f9dcdd51af51af8502943283f4bb102b2b8f5566791cf190201ded815b2ccd243f395ed94e0ad91bd6433802e0784f2013cd1890058a10000c880ac801fe4af000049f0d4796f0000090548de", 0xfc)
r1 = socket(0x840000000002, 0x3, 0x100)
r2 = socket$packet(0x11, 0x3, 0x300)
setsockopt$packet_tx_ring(r2, 0x107, 0xd, 0x0, 0x0)
setsockopt$packet_int(r2, 0x107, 0xf, &(0x7f00000002c0)=0x3ced, 0x4)
connect$inet(r1, &(0x7f0000000080)={0x2, 0x0, @local}, 0x10)
sendmmsg$inet(r1, &(0x7f0000005240)=[{{0x0, 0x0, 0x0}, 0xfffffdef}], 0x4000095, 0x0)
r3 = socket$inet_tcp(0x2, 0x1, 0x0)
ioctl$sock_inet_SIOCSARP(r3, 0x8955, &(0x7f0000000180)={{0x2, 0x4e23, @empty}, {0x20000010304, @local}, 0x4, {0x2, 0x4e20, @rand_addr=0x64010102}})

6.697601602s ago: executing program 0 (id=311):
r0 = socket$vsock_stream(0x28, 0x1, 0x0)
bind$vsock_stream(r0, &(0x7f0000000440)={0x28, 0x0, 0x2710, @host}, 0x10)
listen(r0, 0x0)
r1 = socket$vsock_stream(0x28, 0x1, 0x0)
connect$vsock_stream(r1, &(0x7f0000000080)={0x28, 0x0, 0x2710}, 0x10)
sendmmsg(r1, &(0x7f0000000e80)=[{{0x0, 0x0, &(0x7f0000000780)=[{&(0x7f0000000240)="7c220752098d1a03003fb4d50b17b9653538f559e8ca1a63dfa1a8f54135abe90913a7bb3930c14e8d1808268429578d92871b8681b42a7a264d4c578a7c26845616d98fc09729e3d8c0aa68e95af732c067f9dd1d9fdd4ee2008561e5a690de23248e60f4ab6390f520377d0a68cc822a17c773be19ee5b51b2428acd21725b17f5fadc10e18e574983e260010d619f74dd4c30", 0x94}], 0x1, &(0x7f0000000480)=ANY=[], 0x170}}, {{0x0, 0x0, &(0x7f0000000700)=[{&(0x7f0000000f40)="f48f2d", 0x7313485bca3e9141}], 0x1}}], 0x2, 0x0)
r2 = openat$sw_sync(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
ioctl$SW_SYNC_IOC_CREATE_FENCE(r2, 0xc0285700, &(0x7f0000000100)={0x1, "5660359c3245d1c42317afad7d48ed51000000000000000100"})
syz_open_dev$video4linux(&(0x7f0000000000), 0x1, 0x2080)
r3 = syz_open_dev$sndmidi(&(0x7f0000000100), 0x2, 0x141121)
dup(r3)
pselect6(0x40, &(0x7f00000001c0)={0x0, 0x0, 0x3, 0xfffffffffffffffd}, 0x0, &(0x7f00000002c0)={0x3ff, 0x0, 0x0, 0x9, 0x0, 0x0, 0x7fffffff}, 0x0, 0x0)

6.350453678s ago: executing program 4 (id=312):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0xe3}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000640)=0x6)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x2000000)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
setsockopt$inet_sctp_SCTP_STREAM_SCHEDULER(0xffffffffffffffff, 0x84, 0x7b, 0x0, 0x0)
syz_clone(0x10002000, 0x0, 0x0, 0x0, 0x0, 0x0)
openat$6lowpan_control(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0)

4.32731954s ago: executing program 1 (id=313):
socket$nl_route(0x10, 0x3, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8)
socket$inet6_udp(0xa, 0x2, 0x0)
socket$kcm(0x29, 0x5, 0x0)
syz_fuse_handle_req(0xffffffffffffffff, &(0x7f0000000ac0)="6e61341e427b983a822042bd49b7d703dea2b415a5b933f1c18360e7cd31e05705eec5e6580a55cf344fe845f2c2fd8413770ea9f733b0af51dd4ab0259d9fa06cecc2ea7864af22e435762e40cb520587b6fd304de2051b2d4ae1fcfe8753ce80cdb208082bb49ea195f0b801151c23e1f416bb5c521cd01087875650e3018936b62f13a2777461ad48c1befd4f146e406c456f54345985e354d73090ce2b6dc8ff2f520ef8a69e302e9acc8636d4155907b43e3f9e0f2e24dee20d95906fc9e8705575b801855370aad23afd35ceb84e24bb02575a31844fbb02055e207d1f7e7f65ad4af7073dd1a668fca219bfdd346dcb09d5bfed7a716ec3b13ef8ae9b15b5b34601164f3d8e9be17db6e5cbb233462e1c156b8568707b1054cf0e7b2266be7e155099021b0376c2801c5e8aea937f18055e159e6a7d80b914cd14825079abb09f7f11e1ed9e1c48155b80dff2a5eb2844b3fe2f5a0022929ed3f2264043e7f4132610be771601253967d9a1562d08156325ee6406176596ebd3717a7bec3734ebd0ef6f113306d5df2674795170b8a02ed12fb9f2a09c1683e5166f45326a7255876bd426bc17fe3bc60ef17ea50f5273d02a0fc1274938ff257b4d5b7a7cf5996a23a7cf655ae73b252ce887976824a73cc16c80e1467483bcaf72c80fb736e1cd5ec68073ab9eced24f64897ef1dadaa77da7f03313492ee3b0acea7c24da61f37cc93b3255b84caea189ecfb1d127f37c55b2628494ebaaeddc1f56cea4c180a1ecbf4c1fc81f4b6ffca9f60c18cfe1ce8573607be0ce968e586187d44d11c03898e99f6c118d7f04c7399937f7aa074c8f0972fde4f24432a974e54d90a6ac04b38b17b43dfdc55abf604e2f8fd99cd590280fa76e8f36a4730a745f2ef6d6d7abe995600aa89add0f68df2fbe02b1f809fc0ef7eb7fa7cc514e53d33a3189280519e2717cb564f381cf7fb2f9abf388c8701719d13fcc219dc724c58175a9e84c9b05618023a15419f2e4f913751ec86f3b756edb1371f27b51e3dc67cc71eb1221ac9a30471d2d11eb23554278b1527e4aad54adb2f9dfdbc2d88ae43e9d24e1bd71fcee0cf65b8c606f231621aff02abee1915634ddd1d6a725d5193cb80bd18ccd1fa844bf07d960f1a28eda3723ca31bafc401e015341f481fc66fd6f6232629dc6fbaaf0228c3bb86494ea7dbf103ff07b97256d09fe7884e47c57bb6c4057e33115b05090edccb9582f620d545b4a92d8c97afead0cd5dc3600e4e32cf7506f6bdf70551f532c3265ef84d830be53b1a0f14789e30217039a39a603c006e3ddc3893127b5cb8bad165775616c1db52c0b9b59e49757860dff043c1cff6049d0397d67bd564700a7a61bb3d49038be016ec03d5ab8fbc8b66837d08415c9827be2bcdd7ac997826d7ddf44df6d8a3c2b7df27ea884216501ca7aaaef6e94da0c1d385a23d8e7c623cdb221314e210422158cd054ab2134182e7cbcd3da6d2104800518979c5a401db82f8cf8ced3efa12457e40fb6245a5c75009bb0239bd16c64e92d42f79be9e39faa017539d13593d269e9e60af1340df60aa4123a52c3655bf0620f85a8be3a561c6fd4012ea2dc881cc0ae3cb0449b5e19a013ea13975a6ae804eafb4702e1f4f5f2a378a067cc403a65febd80daf08f77afcd712a5dbfd32e704c411c9b4efb3440e282d989e1c2b5cd63c12ab0c93dcd038a24f735695a0950b493f7a5b58dc89101bd176fe14eb8a41c2060bb6fd69cf28b8079ce1e1c176b1a6a21daf8646af9c89e01d88a57525499dc17fb6597bf687cd4876cbd982357622a5391280b766e23b7debbe3ed5cf48bb1a01c8ba5435c098dd92665b2392e346e9e163d2ba39b853305e28fefa3870b02fe4e2c857491681ae07079d17b7501119157afaeedc1fe2e6e39261a27e2fd2eca7464d7ce373666e7533271df5035627b50571427baa44cf93464cb90de33e62cce934392c46ba59debb284ccdbc877adb1e71a3850d3de1bce93aa88f9683cffd90f48e25554d5db4e3ec7eb2a987ae9393f9579f56eddb11ac956f88b8a4ac9918fcb52efad32eacccaf783166e519de408e8afca57d56f9a0e22d4f80db179c3dbb672bbce090d76dbb0bf1dc37f4ca3214f5b752349d42b6f1f53914e1c712565321a6eb9df71ef9c03887a0a6557b501bd1d10d48a99a37858f217eec9b051802c37836d93f1bee561550a5ac2c247b2975917ec423bea8535ef93e73037547e74fc27a14ec571c53cbd1e50a2955bcc0bca43fef2471bee6c4013f9228693122a59dd2092f87a565e644bcbe4e4ee3226f90f75576b1978bf52240b66a6838ec3d0fb85116dfdc479d4287a9e263a76b2c09b834f854f100a68dc91fcd1fa36f7a5e8846faf88338cc7cbe10416d378a95a679f361b7f1098a1d13589aef73f4a398c2fb1a11676c9c908113308f3f79c2b26f0cbd5c744d7b821432e9629422298b3a47b7cc9f4f637cfe344c46bb8c1b916247e60d9c70616adcb444a4d32a8ff28e64d9783fe8d9fafe25ab7c010a9730cf1836953a251d0fc4b351610f2deb09735dbbff30d71b9a6abe66f65ef58bd49308503d2fdae05613abb8e221e5f99e498660059f69c9109fe090b3fc8e96ec4c5b3175fc9179146ea689dfae37b743728766ef4b411c3b24e5cc3aeae98987d850f4eec57b352f00d6bf170938573028d4e8dc0dba1ed9692a97cd3bf226f563e9af3eddd6800ef3b68dc52bffb4438a673b00f208b7f79fe234481a914b99406e2a8d5925b6fc4eaab788bbb46e090ce86894de0fff8d743a0e9f61b56f4edd918f605e207a7fcee3df19c378a5096dc9eb7884c11b38098e0d07d437a736c91c03a00648def9ffce32dc3a4ab270dec0fbc9f91a230bf28a48d89d2ac9e6e06976860eaf71919eaabfc379b7389203fdc50245b25684f4dd9192f099299186c9565ce25e279b76825ba3b2c52047b424e0bdf93accbc8e0776eaf7179c4bd2e7c817f695a3def167f2e7071d35828944792b3635191abbc321dafb7f08c48c1b229e74da629b27bfebe43dad62bf61176be345dacbdadc2cfb3b417ec9d6f44b9291306cb45c4c6ca0dfb48ab5a10a5040cc92a8a765181d0b4a85e8a4f332aed9fae6b70af78ac74c666abf2f1ea270f6d0f3406a72bb9df99aaa2a44655e8399ff20d4313f43dea3468c9ec428a0f4716ba8fb630129b1478784ef815e3e661ddc792b4fe557d7aeb0774f952f7dc41487d9d3c49c09413c6967d0f12b633f77edd2833836638d7abbcc41c38be1fa7bdef3aa40f2a5ce3afe3d3b6aa89fc0593950c1356bb6dd4025b4192564d83e96f6ab46da26d0c2c8172fcd57838f9a317c2e5ba5a871d2ac4915870a2ab0ac5f0800d08fa1039de4f4f19e4d049bc0d9b4515345ddce0d253107e7897b21481b52758f75cd598eb649dac981f6c7b1559abe2531de86940f1d203a1d135c555132fbf97c533ddc1f9c6e4b7601fc3cc53d5d0cbd160ba2fcb9813c2c167b999e243c02f22edc5602364ff347086e975ebb4b286f6a497ab402d2025b6c3a4760a7ba3ead9a6adbacde39b394281250334f41280a57b7b777738738330bc579660fe43123eec78b1fc842c2e8d59ea7516dac8fcf1347c0caf71dd5dafe13ccd456fcd110ac71722cdb703c90a11d715bd9fe6d2a0ed685e7fd77e245d8718a39defb6cf93ff9c3e5145c5c50ee80dcde9d3e893fdaf4029f0361e23e35448a632a9751669733b9ab4974de6dea9427336eb872622e4cc3615dac2a31510260c21f67a7d83aba609f15ca31780f4578a4feb09d2beb4fb431680ffb10351aa86f4fd58ae2bfe6fd7f0635bc86f0fa256d47c79ed86dbb30c426baa3cd00467668fb73772679da2d7df8398a01b9329d3712ff9e9e1aeec83b3fe4b1b3a81fd97ba49616034b9645b6f6819cd94fb8cdd890136f9bf9070abb6068ee549e78531cc5f8e88d2374c201fc5b2b2c65ba9f744dc6ef28adb614f2898871e18b45947744ad16028ab1405b7422613a3981adccf42b2e11548a14b8b979356530958edc03d5626e53c01d0c6cedf841833e8f66b20a4a515116a8745d63f28bcdb29563b7700325491b306b06d4520da274bc7736adcf88ca24ad74788b386a4fe410052618f86507fd86c29e9916d2d0115c9912e09c138e18fb85532fef95514ddc6f50448ac3fbae17cb6135667f9fcf4b249daa7b3253929246948d3fe7369d5a2e6d185740dc0b9f24b5c508a868c01f2bb94fb854f486ff5e85dfc20623024ef0ada2746bf7a8a411160865a87b5a757439c9c8f589e0a562d6309eb035a509ffd38a8fc3d8d626a729abdff050db3d907ad1b6ff99c5717c83398842a7ff58c3b050b91d0504b84b417dcf794f23a450c36d1d814b0565422e777dce7580e1548732d8c87b3036f3f26d0d5d7780c8de1d2bdfb9260b379094a4200407fda59e4be42d3819dd3571b6204cc72a740402104740176d0ae62889dcae51216e49127408be7bf93c5188e4b41bd987c03fea049442073b8ce5843981deee445a4b3a957edadb0d52fd0fe2af7fde162d2c7aaed98365b8fd4e1a2d43739cc32a3375bbee1112650d3ddcbb73fa297c5dd0c8e6e07a858c9f6cfcd1e0f659abc8833f926127f30f54251528b657d24c9ba74ca04acd60bbacda0d2111199bc223c9c54ac3ac87db8660ac9793b68fab5b1251c77262fd7e089a4d61cd79e036c7433904f1f82fd9c64369b60d3b427445366bc34feed30ccd40f82ff3307899289e48e6d970681791bb5cc3cb50cd8643587168f6ced2d086eb975ce0c1acd6ca9c8ed606b9032de80c34ecbfd086bea672f2653a0cdbef2dcfbff92801d70dbfec49b02749cbc8ad665b4aea17e7d2ce3b3d3ea21a12050ef50b011a1a4b6f169c42bf660396c85998517132c2622dd4c1fe44dfcf2cf1b5c65b73d43b4c91ab91e4eab2ffcd81e96955ee805115117fa26a238a77db371381b668f4dd4a0d8c63f7e1df46818313610a95e8b3c76b0762951f2f74b50b0ada7944184ca820280bf7902b0ec90fd2773b428890b96a0e47676fc5f6001a6ecdf539d67bed2c068980691eb23e081d2d50126976e1a156f2fc88bd45edb6d824c84879135e44c235e30e38bbe67cb1df5601959babd20f9dd712aecffa49bdf3928c627b867290422cfcf7b9a6a9f62d15433bd11287145b16608c0552c89f65906e75017885176a23421e5812dfa779113cc8a150fbb20fafb7cda895d02eef94d2c7b98c67b323c370176b95423c01e7780f7792cc38f4ba6e9f2029a1ffe92df69236c960d2720de27218e80927267d7bbf9c66c196ada12c2bc96cd86711f2319dd172845a921672e1057118899b666a83ce640a4c76678c24e6810d68979b8b74d6f721b742f714f90b81080919bd28c3f762d64da2b9d11490c7c65deda57fb62454e49e84025681d85c0d584b896834fff74bfccf7060e3a43fde741afe3009c322aa2495855dafb05442dcee4d7e9f4b5ffaeb0fd62edc98769256be01681b305ece9cd4e79bbf36ab81aa698b2543f127e184e2099e5ef538af43448ee3bc1c08d9ca4d600759bcdf190b081b9da9b776bebc822d7231f265e020a0a9056c403b7999faf6892735c0268c8ab35f23943fcfc0258bb93ee93b1c2ed35dc839bb4d5c68c6cbc027a24d12ae34d6ecc719f56fd2c5d847ef4d0716d9e61fa57c97a925aedf5ec975f691193ec25cdd4884a341c097d0b88cf40b7f0d949d8085cf3d7ba78f36cd8fbaafdba6ba08cd4dd704cbe3b587d7e426fd36ce648d926410880d67318d6bd0e112b030b3dc25d0cc36d38608a78dcd5c0f6f8e0eb37d467f0d84aef4b050a66427523f7fb0e6e3d02f2a0cbab5b5d165bb5e1d553266cb486c8805e39f013da5a8490a92018af9d59b6c160344ad91bf50194fa0a362a1301d2d6b044b28519dfe55dd9457f85a9dbe5ecbc7d61d4d4672b83ed45095b107fb39f3a091652e176f16c077a23ea118134a17700da558227f7e1a1e1616dba906d012ec228373e5923249441699994b4362b87f2758c67a6bed783ea24bee409e0dd9f507f7a0022daf90eb22e847cd925b355e962b710bc7bf09d2952396d5ec57648307e72322364781f40dacf8179b757061fdd5edb95caec5d3b09b041737d63ef097f9efcd2f245d4cdf4c2fcad11ebb085db9353cb979c223e479f7425190659c7b88923e75990af579374baa895afb1580d43728728fe9da0a24bddbf2e66c04cfafc0536dc478da7ef55d2d1eb92abfb4b392046c0636af11b8af4db939f01859c585edcca965d808d862987b1afcdc652fcc907b7370dbc460bb7c47e3f4512486cea1894fa68b53f0e01102e748c9cf6dfea4a9c6d5c1e0bd6fffe6af1fff0bccdb04a32ae8a5445907028a8bb21c8b8078ab94d676d827d2b6a1250daf18868014a59377f594dc4b0264fe5b90076839ea05e24e5039f08f2982462b562ce7be613231534abd32b8b8d6a4ac7df03d46d05e3e651adfbc47684674043c3b2125783bcb0ae39bbf78b4fa86099b17388747f7e4090b7df15ce4d9f07ffe19d2d3afc756f73c1e002dfd9b8311283555077c9dbe822ea876fe07892630e931e30f8fe603184af2a858fbc2a7d69bf4dbb3d5be8a3c29056de205e63b85ebb82b8494a4b59cb913d5e184e520404297a62722955d5bb718564f586f1d2a0ead2c0c94f3e2bbf220c2a831eaa6549ea906f6eb8a00a6a4d8f21e384c9908cae7cb0c12a6edb358d64bd9930a6cfcb363ac9d8b2c1ef2ca8c08e58a2530f690fe44dc1e7601716acdd082707400f1d58536d3c7875dd14b45298d53fe9df1fb216c9650591ca2c5f27791a73ccd5d9c64d140e1e0b04c7260d30e61bfa6b7999f73b02b639088a931795693aba82d846393e89fe428444985e7aeb8530760ffa30ed98975a774f42d653929763425dd954443df778660cad1429602eaf3e8952f1c782ab3e540773b546e16a3fe9692e707d1c8eb95c9ebfa8dad6f3398e6c733eecb8105e3e78908529cadd704f78e487160c14e1e78bf9e8ccc24d67586dcbd203966972e68513050a1fae1c918408e8163340683cc96fd45808424d113586d58c749594f798123ce504c5706c4c77f9a5e117eac24636a8ffb264c445c150d29328b58d683cbd3656a7e063f2cd2f52d116d99e9714d2f2e8cfeb858f442f90b057550d6045d9f360a9e56e5e6bbca8e6b3bfa20f264a5b0e6918eeced5ca830ad44840a98f2b6badb11ec4b59d42420ec5cc03a0760d1032ff7b8b957460ae4a78d335b1ed825d1e912b6ae976767ddf8df6cc3f7ade5bd8fbc70a28b51c554a67610cad01efd89fb6da79670d8d276edd76919ff1f3483bdb48aa73bd1b30d800d94f67864ab7241a7f63c34fdffba35c3650eee647a6536759d570211601c212818465a97c0cb8a67a7e89dbc31c59dd6241a5c10c72f572a2012b349239e1149381fcdbe3e5541422bfa6c0734212e85d396787fee06d43687ddf17df3032f03c71b6638384c14e0478d86f4bb344bc7e8b48d9c2122bdd99b304dd9fe01c2044f54dc9210d85f77a50cf69e49eff78f76f67bdc50bd6f57385eb0cd86d7a11129ae78c8b07e43f1fd8aa0500945bcda6277d425fa9b450041e2db5718013e635d31a4d4315374a4f8aa8edd7ddeab2feb04a76401b225e7b0a7aab8d4fe2d52fb0f88e9257764cb8acd3eef22063586275d3c31f20beabb135f30104c83a15168f1c331988a16695db82c9f649cac6436d840fd4b592b94af573cd80cd944aa6ad9031ccab48eadaac3359856a4fb98ae79102cd957ce745b8f7dcdd9aaf051bc659198653545fa29b6a49a50f567fdde010bc84becc574db12c19ff500a23368ba1f81d28ab3ab3b7f6c3aee54c57d213fdb04c40570ea56ce6a4415f49be3f65005beecc21c9fa3b370dc5b6136c9871cead9d8905c8348b86564f7103851deef779eaba009c65dfc262f68e4e820be4d11e358aba590355aa0ad7a3bd014b0e642a78a64194b3f6eb4d085296ed84dcf7fd402bd522cfcecec88e98254fb05f061469a0b517bcd966374473f392872ee732e9a0c09f2b8772ae620d04bba91c04ff2eccd1cd6066d33553138df618b6f519434c882cf22b5fe36830c2adfbf54b065cf356ce14346bfa4b504b8b06e6187e8d95970fe4f3614fbecfc1b0c627f980eb5d5c4760bcb675043c781596abb84c51c22ead0a2648858a7d103fbf45666b63b8d93bcb10f0fc15a2bc30841571f9ae6080051033e90cd56107cdec47cd69bd04f6d17d3f48a9c09b2cbc0fd5360ccee44ed3cb156fc947a6dab6fe855da292f19d3887db5c0998525960ce7576f66a47fd791a44e79193398e7af3b25854a2f6c8bed1dbb4f5be2c603b8c83e8264ca473eb47b8d48b3d1482ebe2d296290ac6235f738f38b3577e111caf280ccb203096389d97d64e94be85162d6ebb724adddfd077d58c8332cdcaaae3166e5498e31ce5eb9e1c44c56709b3c93304482e8a96c7a79b1927b152e3b15e466b8b217f41c1d89edff93a2e357b4c0f64bac603d25facc8d253701218342699fb18a199f90d8d63cdcb4d3e518ea4a2ded1d4f338b4788ce04ecf4543539d43454b21066214314ede81b9a9ed62de14573ea4e75b5aa1438d6e67252a82b58d4a8b0f29fc4c8a751c26346fa0387258fecc501343f16f356f14d89e16a8971f31d2515f58eae9a3f55b5992858ffc706d841f1572b12101088686ef81609ef172a4a50a056e2bb870064507da9f909cdfc6f26e6e6e168eb69a3150811b6da17023a2109e57eb09e578246b032f0ba691e77520dd0c085ffaccdce340810b0e8ce0fcf536e33611d06426ffcf05a94740e6faea77c0ecc6db24a76c548e90c130547403bd5696666397cfd6a2a410646ac53be696fe9b3ec6147d3dc0bc9a23325e5b96930de72f77446084cdb1402b9929d583676964509910decb247a45a9cc222e5d102aefc870587f91e34f48e849923e77d486489d3919e20534f448f682e4c44bf7404e02933c2e28d5e0babf0e35d85b616d0940fa1062ac8536e43aa5408e8ec04e27b7baf991e8cdd5fe0d7aa58b2a9b13fbea900afe15d309a56e7a1bf4af1a82e50a1dedf78ead7da85c5b2fa9abeb82ad645240a171c3da74c6999eab314239838647fe411c077fa0bb5413254f49163337037dda7dcbc194829d0c2f7299e740fff19df65b6e444353633fe7b5b408cefb179e80872b5b99817d8d8b7ed5cf79b14218492a48475126ea3b1a976330e5df19cb15d0f341cc1d2f8b05c21f2496718d6ad2f243ee2b55958d2c3b670ad363a2ba022b2fb0d7be80220ce26942f780955e87e88efdad49e1fabcb524c7c5f8f021bb63534185b4737b117049ad1518966338177070f3bda158e8a6aba4092066135e466d0c8ab5c7bfcfd158eec0c71c375eb43b29e9c30c7a43b74338db08068a3ed54c6b193348abbbfd4ecc62ca7c59b4eb78a12dfc9d1f035ff9cbd662787503120162faf2e75a59a5e865f7b98a96a041ba46336382f9b1ff32b16ee29b209c57c4ae8ee28db5627e3a32ba38826d106ffdc8320206bc11a223baf85976788d87bbfd35c5f80839fd23dfb14ef15ca66b26cbe869586ffbf9dcfc4e305b8368ca35a5f8d15a9c4ba8ff4e3acb473e2619000ef86e04a4abd2ce1784813e5a5e23834efcb8468282532ead2cb3c7d9a9d130c8f828957b1c84b35609d2a54cbadc671fceedae55fe6a1bbb2e2990cff85e1763b5e089af51a87ee4ebeb3d0390f8d41aa4360c0cef8ba482c38064c6981bf7ad3813df9d43373acd4f69d7eb02832e70c3a5e52ad763d223014b60761c2214854362c58713807397699be45e6ee9efb1a7b0d1516afa9047de69ae96ade902cc120928cfb5cb12e1b6f1c9ed4335889e80d8b40188724d5a7919dc2d195a3db2abf98818e00d92262d5a338072e3799326bc2e0b5b3c3508c506377df73b05545990e5a1a4157fc144138f92de6a45ab82820803a14e236072962e9c9f6039d6514ce47feb94cf22854e4921bbf1eaa481956a242745ca1f07762f34a5bc67d6925fe82e48466bed9834425860d52cca5a75b620f9e2542d075beaee670323c846b918c8fd619b018a47f4a6a0fbafd380d56b8f6160dd055669461005e4e70f7039b33848569687f6763a76e1b7dcdf6bb845ec8fbc8a324de4c86fd38170dbcab590a1e00c2ba82c017d2be97f739a39b6dde7076d2d88bff00f1c65ef6ad36f5909ca08069ea978347cfcdd0ae59d71d9b8f8910eb9d3b8c32918917e6f62519d5307c8cbbb18627f941b0265c546e5f49544062ec9f4f099b3f87beb94a78fc3cb215b55080b6b3d8b3a90089df04730fb4f479c8b677aceba3fe488b0791f158bb9f2d3ff82430dc6caf4540eb8b8eef256fe15c7796b17ab5991a9ca2ca698418bd64af0c2688dfeacbc51b9ad9c9a58222b6c262d3c8990f8b397911533a2e5a21ad6de926d62df53a8aca91c9991456471ecafd5ccd1862acfa0fa9831858a17623f88519684b3a4339923d3b7b6cc459b76f3b33bbe4fd4481280d4f7f133627133028404f321833c3aa14fb9691b9f1bfbc759d1bcc17579f0d3298ac3562f9f76421973fd03a01549fa0f197b55f955ac996229dd0b0518d4b81db14176fc2fdbcbf94d80be2b9bcfef331846c83a6b9afebc63c2f5b04d16eb08a9bb7bb8d489c63380d4e812e25bad3c586115361beb9cd66519d4391392c4a0096000a10a5a8e326944abfd656d273151c327043c302e68ac2f3ae0252206bab240f7d254804bf4d39e982e4d0b4ce0d8c4939cc80b43c5d89ffbe5d7b1b6033e823c0c479b2d6a30bc2c6f53093323a73ba686f03e3751289c0f6eb3e2830a598e1130f9311f35241603422cba458c3daba9a15d3c4e9fc7b5b96950ab7fc6239fe5048bf7548bf78e16b0a974ecdb4aae122d44c56009efffd188866002e7f8c22208f0b6fd51a1c663726129d4540ee642c7906c7b9872ca0d19850c496a48dca3ae4fec348fd85453fccce5a413c5f73e06a8aa1e19de05e081bd1c9ba9e8a8e8a83697431acdd0feef2fc0b124cf77927316021276238ff15df24d3f1c85623b2d4cba95051ad206a14409304689b26891bfc43e36f5826d4d6bc4cf78cea4caefcfe75890e8304a3d45ea78ecaf57950e012e754c8e87970419e1a2dca4a3e5eee1c006bef353ca8bfe75b20d4429d17398d302a828eafc00f81372423922f5996aefb08a5eff5703c2c2ab4be95bd50f56c0ba7a4ccf7f94ebe6e6fc147f378ffc4dfea71db66275cb0a491c508bc20060a21491158886da484a9a108e20502cf42357cd7cbf438a353f7cac894e3693f5a08cca2337e123136bc215d998fdb4f728ce122d366e40a2a8dff12105123f15439f704e28389c1f4dbaac150969af49ab3e230cff892ccc5e6c45130447f4a3fdf114d78f4678d002fa4be825a731f9681b866337201697fc5c4887eb5b80d9d61cbee", 0x2000, 0x0)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x15)
timer_create(0x0, 0x0, 0x0)

4.020663145s ago: executing program 4 (id=314):
syz_mount_image$exfat(&(0x7f0000000080), &(0x7f0000000100)='./bus\x00', 0x800810, &(0x7f0000000140)=ANY=[@ANYRES64], 0x1, 0x1542, &(0x7f0000004b40)="$eJzs3AucjVW7APDnWWu9Y0jaTXIZ1lrPy04uyyRJLklySZIkSXJLSJrkk4TEkFvSkITkMiSXISSXiUnjfr9fEpKkSZKQ3JJ1flMcdeo7X9/Xd47zO/P8f7/9m/Xs9T7rXe9+9rvfy56Zb7oMrdm4VrWGRAR/Cf7yIwkAYgFgIABcAwABAJSLKxeX1Z9TYtJfWwn793oo9UrPgF1JXP/sjeuf7dz564Drn71x/bM3rn/2xvXP3rj+2RvXn7HsbPP0gtfyI/s++P5/dsbH//9HMkuP/WJt6eu7AsT82RSuf/bG9f9/K/gzC3H9szeuf3YVe6UnwP4P4P0/O8jxd3u4/tkb15+x7OxK3ntO+pPLXfWX1iP/236IZO/vQK70+48xxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGWPZwxl+mAOBS+0rPizHGGGOMMcYYY/8+PseVngFjjDHGGGOMMcb+5yEIkKAggBjIAbGQE3KBAICrIQ9cAxG4FuLgOsgL10M+yA8FoCDEQyEoDBoMWCAIoQgUhSjcAMXgRigOJaAklAIHpSEBboIycDOUhVugHNwK5eE2qAAVoRJUhtuhCtwBVeFOqAZ3QXWoATWhFtwNteEeqAP3Ql24D+rB/VAfHoAG8CA0hIegETwMjeERaAKPQlNoBs2hBbT8l/JfgB7wIvSEXpAEvaEPvAR9oR/0hwEwEF6GQfAKDIZXIRmGwFB4DYbB6zAc3oARMBJGwZswGt6CMTAWxsF4SIEJMBHehknwDkyGKTAVpkEqTIcZ8C7MhFkwG96DOfA+zIV5MB8WQBp8AAthEaTDh7AYPoIMWAJLYRkshxWwElbBalgDa2EdrIcNsBE2wWbYAlthG2yHHbATPoZd8Anshj2w9z/r98/kn/5V/qewD7oiIKBAgQoVxmAMxmIs5sJcmBtzYx7MgxGMYBzGYV7Mi/kwHxbAAhiP8VgYC6NBg4SERbAIRjGKxbAYFsfiWBJLokOHCZiAZfBmLItlsRyWw/JYHitgRayIlbEyVsEqWBWrYjWshtWxOtbEmng33o29sQ7WwbpYF+thvUu3p7AhNsRG2AgbY2Nsgk2wKTbF5tgcW2JLbIWtsDW2xrbYFtthO2yP7TERE7EDdsCO2BE7YSfsjJ2xC3bBrtgNu2W+kAPwRXwRe2F10Rv7YB/si8k5+uMAHIAv4yB8BV/BVzEZh+BQfA1fw9dxOJ7CETgSR+EorCLewjE4FkmMxxRMwYk4ESfhJJyMU3AKTsNUnI4zcAbOxFk4C9/DOfg+vo/zcB4uwDRMw4W4CNMxHRfjaczAJbgUl+FyXIHLcRWuxlW4FtfhWtyAG3ATbsItuAW34TbcgTvwY1QA+AnuwT2YjPtwH+7H/XgAD+BBPIiZmImH8BAexsN4BCUexaN4DI/jCTyOJ/EknsLTeAbP4Dk8h+fxufivGn1cYk0yiCxKKBEjYkSsiBW5RC6RW+QWeUQeERERESfiRF6RV+QT+UQBUUDEi3hRWBQWRhhBIowBABEVUVFMFBPFRXFRUpQUTjiRIBJEGVFGlBVlRTlxqygvbhMVREXRxlUWlUUV0dZVFXeKaqKaqC5qiJqilqglaovaoo6oI+qKuqKeqCfqiwdEA9Eb++NDIqsyjcUQbCKGYlPRTMiLe0ArMRxbizairXhCjMQR2F60coniadFBjMGO4m9iLD4rOovx2EU8L7qKbqK7eEH0EK1dT9FLTMbeoo+Yhn1FP9FfDBAzsYZ4D+fkrCleFcliiBgqXhML8HUxXLwhRoiRYpR4U4wWb4kxYqwYJ8aLFDFBTBRvi0niHTFZTBFTxTSRKqaLGeJdMVPMErPFe2KOeF/MFfPEfLFApIkPxEKxSKSLD8Vi8ZHIEEvEUrFMLBcrxEqxSqwWa8RasU6sFxvERrFJbBZbxFaxTWwXO8RO8bHYJT4Ru8UesVd8KvaJz8R+8bk4IL4QB8WXIlN8JQ6Jr8Vh8Y04Ir4VR8V34pg4Lk6I78VJ8YM4JU6LM+KsOCd+FOfFT+KC8AIkSiGlVDKQMTKHjJU5ZS55lcwtg4uv7rUyTl4n88rrZT6ZXxaQBWW8LCQLSy2NtJJkKIvIojIqb5DF5I2yuCwhS8pS0snSMkHeJMvIm2VZeYssJ2+V5eVtsoKsKCvJyvJ2WUXeISHyyzqqyxqypqwl75ZJcI+sI++VdeV9sp68X9aXD8gG8kHZUD4kG8mHZWP5iGwiH5VNZTPZXLaQLeVjspV8XLaWbWRb+YRsJ5+U7eVTMlE+LTtIf/Et8qzsLJ+TXeTzsqvsJrvLn+QF6WVP2UtCb5B95Euyr+wn+8sBcqB8WQ6Sr8jB8lWZLIfIofI1OUy+LofLN+QIOVKOkm/K0fItOUaOlePkeJkiJ8iJ8m05Sb4jJ8spcqqcJlPldNn/4kizpfyH+W//Oj/r0Cuny8E/r32T3Cy3yK1ym9wud8id8mO5S+6Su+VuuVfulfvkPrlf7pcH5AF5UB6UmTJTHpJZn5iH5RF5RB6VR+UxeVyeld/Lk/IHeUqelqflWXlOnpPnL74GoFAJJZVUgYpROVSsyqlyqatUbnW1yqOuURF1rYpT16m86nqVT+VXBVRBFa8KqcJKK6OsIhWqIqqoiqob8OIbRpVUpZRTpVWCuumfyVfF1I2quCrxm/xL80v6O/NrqVqqVqqVaq1aq7aqrWqn2qn2qr1KVImqg+qgOqqOqpPqpDqrzqqL6qK6qq6qu+queqgeqqfqqZJUkuqjXlJ9VT/VXw1QA9XLapAapAarwSpZJauhaqgapoap4Wq4GqFGqFFqlBqtRqsxaowap8apFJWiJqqJapKapCaryWqqmqpSVaqaoWaomWqmmq1mqzlqjpqr5qr5ar5KU2lqoVqo0lW6WqwWqwy1RC1Ry9QytUKtUKvUKrVGrVHr1Dq1QW1QGWqz2qy2qq1qu9qudqqdapfapXar3Wqv2qv2qX1qv9qvDqgD6qA6qDJVpjqkDqnD6rA6oo6oo+qoOqaOqRPqhDqpTqpT6pQ6o86oc+qcOq/OqwvqgoJAgAhEoAIVxAQxQWwQG+SBXEHuIHeQJ8gTRIJIEBfEBXmD64N8Qf6gQFAwiA8KBYUDHZjABuJi0aPBDUGx4MageFAiKBmUClxQOkgIbgrKBDcHZYNbgnLBrUH54LagQlAxqBRUDm4PqgR3BFWDO4NqwV1B9aBGUDOoFdwd1A7uCeoE9wZ1g/uCesH9Qf3ggaBB8GDQMHgoaBQ8HDQOHgmaBI8GTYNmQfOgRdDyL46f6zfje38q/+Oup+6lk3Rv3Ue/pPvqfrq/HqAH6pf1IP2KHqxf1cl6iB6qX9PD9Ot6uH5Dj9Aj9Sj9ph6t39Jj9Fg9To/XKXqCnqjf1pP0O3qynqKn6mk6VU/XM/S7eqaepWfr9/Qc/b6eq+fp+XqBTtMf6IV6kU7XH+rF+iOdoZfopXqZXq5X6JV6lV6t1+i1ep1erzfojXqT3qy36K16m96ud+id+mO9S3+id+s9eq/+VO/Tn+n9+nN9QH+hD+ovdab+Sh/SX+vD+ht9RH+rj+rv9DF9XJ/Q3+uT+gd9Sp/WZ/RZfU7/qM/rn/QF7bNO7rMO70YZZWJMjIk1sSaXyWVym9wmj8ljIiZi4kycyWvymnwmnylgCph4E28Km8ImCxkyRUwREzVRU8wUM8VNcVPSlDTOOJNgEkwZU8aUNWVNOVPOlDflTQVTwVQylczt5nZzh7nD3GnuNHeZu0wNU8PUMrVMbVPb1DF1TF1T19Qz9Ux9U980MA1MQ9PQNDKNTGPT2DQxTUxT09Q0N81NS9PStDKtTGvT2rQ1bU070860N+1Nokk0HUwH09F0NJ1MJ9PZdDZdTBfT1XQ13U1308P0MD1NT5Nkkkwf08f0NX1Nf9PfDDQDzSAzyAw2g02ySTZDzVAzzAwzw81wM8KMNKOyPnbNW2aMGWvGmfEmxaSYiWaimWQmmclmsplqpppUk2pmmBlmpplpZpvZZo6ZY+aauWa+mW/STJpZaBaadJNuFpvFJsNkmKVmqVlulpuVZqVZbVabtWatWQ/rzUaz0Ww2m81Ws9VsN9vNTrPT7DK7zG6z2+w1e80+s8/sN/vNAXPAHDQHTabJNIfMIXPYHDZHzBFz1Bw1x8wxc8KcMCfNSXPKnDJnzBlzzuS/eLz0JtbmtLnsVTa3vdrmsdfY/xoXsAVtvC1kC1tt89n8v4mNtba4LWFL2lLW2dI2wd70u7iCrWgr2cr2dlvF3mGr/i6ube+xdey9tq69z9ayd/8mrmfvt/XtI7YBIoBtZhvZFraxfcQ2sY/apraZbW5b2Hb2SdvePmUT7dO2g33md/FCu8iutmvsWrvO7rZ77Bl71h6239hz9kfb0/ayA+3LdpB9xQ62r9pkO+R38Sj7ph1t37Jj7Fg7zo7/XTzVTrOpdrqdYd+1M+2s38Vp9gM7x6bbuXaenW8X/BxnzSndfmgX249shg1gqV1ml9sVdqVddXGuWVfrG+xGu8nusp/YrXab3W532J2XToTtHrvXfmr32c/sIfu1PWC/sAftEZtpv/o5ztq+I/Zbe9R+Z4/Z4/aE/d6etD+oS9lZ2/69/clesN4CIQFJUhRQDOWgWMpJuegqyk1XUx66hiJ0LcXRdZSXrqd8lJ8KUEGKp0JUmDQZskQUUhEqSlG6gS5NrySVIkelKYFuojJ0M5WlW6gc3Url6TaqQBWpElWm26kK3UFV6U6qRndRdapBNakW3U216R6qQ/dSXbqP6tH9VJ8eoAb0IDWkh6gRPUyN6RFqQo9SU2pGzakFtaTHqBU9Tq2pDbWlJ6gdPUnt6SlKpKepAz1DHelv1Imepc70HHWh56krdaPu9AL1oBepJ/WiJOpNfegl6kv9qD8NoIH0Mg2iV2gwvUrJNISG0ms0jF6n4fQGjaCRNIrepNH0Fo2hsTSOxlMKTaCJ9DZNondoMk2hqTSNUmk6zaB3aSbNotn0Hs2h92kuzaP5tIDS6ANaSIsonT6kxfQRZdASWkrLaDmtoJW0ilbTGlpL62g9baCNtIk20xbaSttoO+2gnfQx7aJPaDftob30Ke2jz2g/fU4H6As6SF9SJn1Fh+hrOkzf0BH61vei7+gYHacT9D2dpB/oFJ2mM3SWztGPdJ5+ogvkCUIMRShDFQZhTJgjjA1zhrnCq8Lc4dVhnvCaMBJeG8aF14V5w+vDfGH+sEBYMIwPC4WFQx2a0IYUhmGRsGgYDW8Ii4U3hsXDEmHJsFTowtJhQnhTWCa8OSwb3hKWC28Ny4e3hRXCiuEj91UObw+rhHeEVcM7w2rhXWH1sEZYM6wV3h3WDu8J64T3hnXD+8Ky4f1h/fCBsEH4YNgwfChsFD4cNg4fCZuEj4ZNw2Zh87BF2DJ8LGwVPh62DtuEbcMnwnbhk2H78KkwMXw67BA+83P//Yv+fn9S2DvsE74UvhR6f6+cH10QTYt+EF0YXRRNj34YXRz9KJoRXRJdGl0WXR5dEV0ZXRVdHV0TXRtdF10f3RDdGN0U9b5WDnDohJNOucDFuBwu1uV0udxVLre72uVx17iIu9bFuetcXne9y+fyuwKuoIt3hVxhp51x1pELXRFX1EXdDa6Yu9EVdyVcSVfKOVfaJbgWrqVr6Vq5x11r18a1dU+4J9yT7kn3lHvKPe06uGdcR/c318k96zq759xz7nnX1XVz3d0LroebkOeXfTLJ9XF9XF/X1/V3/d1AN9ANcoPcYDfYJbtkN9QNdcPcMDfcDXcj3Ag3yo1yo91oN8aNcePcOJfiUtxEN9FNcpPcZDfZTXVTXapLdTPcDDfTzXRVZv2ylrlurpvv5rs0l+YWuqxzxnS32C12GS7DLXVL3XK33K10K91qt9qtdWvderfebXQb3Wa32W11W912t93tdDvdLrfL7fbX/DKo2+f2u/3ugDvgDrovXab7yh1yX7vD7ht3xH3rjrrv3DF33J1w37uT7gd3yp12Z9xZd8796M67n9wF511KZEJkYuTtyKTIO5HJkSmRqZFpkdTI9MiMyLuRmZFZkdmR9yJzIu9H5kbmReZHFkTSIh9EFkYWRdIjH0YWRz6KZESWRJZGlkWWR1ZEvC+0NfRFfFEf9Tf4Yv5GX9yX8CV9Ke98aZ/gb/Jl/M2+rL/Fl/O3+vL+Nl/BV/SV/KO+qW/mm/sWvqV/zLfyj/vWvo1v65/w7fyTvr1/yif6p30H/4zv6P/mO/lnfWf/nO/in/ddfTff3b/ge/gXfU/fyyf53r6Pf8n39f18fz/AD/Qv+0H+FT/Yv+qT/RA/1L/mh/nX/XD/hh/hR/pRMW/60ZcukWG8T/ET/ET/tp/k3/GT/RQ/1U/zqX66n+Hf9TP9LD/bv+fn+Pf9XD/Pz/cLfJr/wC/0i3y6/9Av9h/5DL/k0k1Jv9Kv8qv9Gr/Wr/Pr/Qa/0W/ym/0Wv9Vv89v9Dr/Tf+x3+U/8br/H7/Wf+n3+M7/ff+4P+C/8Qf+lz/Rf+UP+a3/Yf+OP+G/9Uf+dP+aP+xP+e3/S/+BP+dP+jD/rz/kf/Xn/k7/Af7PGGGOMMfanTLjcFL/t+eV2fu8/yBG/WrgPAFy9rWDmr/uzzijX5/ul3U/Et4sAwNO9ujx06VG9elJS0sVlMyQERecBXPomKEsMXI6XQFt4EhKhDZT5w/n3E93O0T8YP3orQK5f5cTC5fjy+J8DYNIfjP/YE6MWlg/PxP03488DKF70ck5OuBwvgbY/319pA2X/zvzzt/oH88/5RQpA61/l5IbL8eX5J8Dj8Awk/mZJxhhjjDHGGGPsF/1EpU6Xrj8v/cbnH12fx6vLOTngcvyPrs8ZY4wxxhhjjDF25T3brftTjyUmtun0zzeq/ktZf7rRBP6nRubGHza8B7j0jAKAvzggQFZD/m9uxZY/6soBAP/WdSVf3HX+a9fysz6A/xul/Ncb4/7zmSv8wcQYY4wxxhj7t7t89v/b59WVmhBjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMZYN/W/8X7ErvY2MMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcbYlfYfAQAA//+gJvcm")
mkdirat(0xffffffffffffff9c, &(0x7f0000000340)='./file1\x00', 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)
mount$bind(&(0x7f00000002c0)='.\x00', &(0x7f0000000200)='./file0/../file0\x00', 0x0, 0x101091, 0x0)
mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f0000000a00)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@upperdir={'upperdir', 0x3d, './file1'}}, {@nfs_export_on}]})
chdir(&(0x7f00000001c0)='./bus\x00')
r0 = creat(&(0x7f0000001200)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0xa)
r1 = fanotify_init(0xf00, 0x0)
fanotify_mark(r1, 0x105, 0x40009975, r0, 0x0)
setxattr$incfs_metadata(&(0x7f0000000080)='./file0\x00', &(0x7f0000000100), 0x0, 0x0, 0x1)
r2 = open(&(0x7f00000000c0)='.\x00', 0x0, 0x0)
getdents(r2, &(0x7f0000001fc0)=""/184, 0xb8)

4.000265364s ago: executing program 2 (id=315):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x1)
sched_setaffinity(0x0, 0x8, &(0x7f0000000200)=0x400000bce)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r0, &(0x7f0000002000)=""/102400, 0x19000)
r1 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r1, &(0x7f00000004c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc-camellia-asm\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r1, 0x117, 0x1, &(0x7f0000000280)="ad56b6c5820fae9d6dcd3292ea54c7beef915d564c90c200", 0x18)
r2 = accept4(r1, 0x0, 0x0, 0x800)
sendmmsg$alg(r2, &(0x7f0000000040)=[{0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000080)="f78d9ca38fff48f3be52163448412ba8", 0xfffffe3f}, {&(0x7f0000000140)="ebe3a0e9796cfd1647e299f4e376fdba128280b372219d205e81f4a7f71c1926aae1efd7e0054a863f3d5cfe6cb55b5bb9fa6935849e6098ed884e7cb51726b360fbb37b4fe035bbb095873048"}, {&(0x7f00000003c0)="e8700e444d50a969ff67347cff6127e6ef12ee3819271482a4975a52c1ab9b8b4db3945d1032005eabe97b4dc33a47d3a158da988456d30026b433186f53cdcdb93a4722bf306a10470d50f5cb1ece9ead3459bab1cf1538cd0b157653c5e892962c80f158c443e9c6ad7d2a8103ef2f4b93766b9a21501f94c1568b13756b66f74f46cf801704d2da8b96c34070b233af0afcc436712e58ed25e721193af05a045ad3fdc928f02f3dbad19d3e66eebda2e63f3f46ef4511cee26d7b48241847bf9e343ef4674c45e2a085060f11"}], 0x1, &(0x7f0000000380)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18}], 0x1, 0x40800)
recvmsg(r2, &(0x7f00000005c0)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f00000000c0)=""/81, 0x7ffff000}, {&(0x7f0000000200)=""/83, 0x20000253}], 0x2}, 0x0)

2.485379199s ago: executing program 1 (id=316):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
r0 = gettid()
timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r0}, &(0x7f0000bbdffc))
timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x989680}, {0x0, 0x3938700}}, 0x0)
r1 = mq_open(&(0x7f0000000380)='eth0\x00#\x13\xaeu\xe0\xfbu0*\xf3\x11i\xdd\xd9\xc6\x87\xde\xbf_\xa0\xf6\xdfk\xbf.\"\xa6\xc0#p\xcd\x1c/\xa6\xf2\xbcyL\x85a\xb5\xbb~+>\xbc\x93\xf8\xab\x9a3\x85l\x1d\x15\x11\x1a{@!2\xb6!\xae\xf79k\x90\x88\v8I$\xfdQ\x1d\x90=r\xd8\xc0\xd8\t/\x8dv\xb8\x93\xc3C\xae\x9dc\xd1T\xdd\x14\xd3A=z\xee\xbd/X\xbemOX)s\x94\xde\xbe_\v\x01\xbe\xeb\bLTrw\x88\x9e0\t\xc6\xe2\x9c\xed\\\xd8[\xc8\x04 \xf3\xac]V\x1d:\xfc\xc3\x9e\x02\ax\xef\xfe\x1c.TT\x01\x00\x00\x00a%\xdcQ\xb3CuT\xcc7\x8avs\xb2\a\xfe\xb3j*\xad\x18I\xcc\xe9\xaa{]\xef\xb7\xf2\xee*\xf95\bJt\xd0s\xc4\xaa\xc8\x13~\xb2\xf20\xbdf\xdb\xaeG\xe3\xfb\xef\x94\xef:Q\x1b\xe3\xa3\xa4}\xef`e\xcdL\xab\xdb\r\xf2y\x9fg1\xf4\t\x18i/!\x13\xf1,\x8cu\xaa\xbf~)\x94\x1b2\x93\x86\xe7\x9a\xf2j\xa8\x96\xa6\xa2\xfcN\x81\xafTh\xb3\x1bo:\xe8\vq7S\xe4H\xf3L\xa0\x9c\x97B\x12\x10\x9d\xaa\x7fq\x06\xb9(\xf6\x1c\x83\xb1J\xec\x926\xb5a0\xa0B\xae|\x00\x17\xc0\xa3\xd5\xf9\xaa\x98/\xa4v\xe4)I\xf3+[e\x95\x89\x99\xca\x8e\xc5\xd3\\T\xf0\x1a|5\xfff\xff\x99\xa4\xbb\x9e#oR\xa4\xf1\xba\x04c\xb3-\xf7R\xb85\xb5\xdb\xe9?\xfa/\xdf\xb4R\xbfx=\v_j\x8e\xb0\'\xf4\xe5\xff!\xe1\xbf\x82e\xb1\x9b\x8d\xf3L\t\xd21\x9cbwV\xc8\xcc\xe4\x96M_w\xbc\xdf9\b\r\xf6\x95\xae\xb5,\x92\x8c\xc0DQm\x80\xd1w\xa2\x1a\x12Z\xe5\xf4H\xf7D\n\x96J\x93\xfb\xf0$\x9f\xf7\xa2\xae$O\xa3\xb6\xf5\x98\xd3\v\x00\x86\xa5\x8b\x81\x04\xaf\x03s\xe5\x86>\x0e\xa6\xe6\x1aV\x17\x8b\xed\xa7\'\xd0\r_\xe8,XVR\x13\xe5%\xb9\x88\xb8W@D\'\x17A\xc8\x80\x02J\xd4V\x00wH(\xc5v\f\xc9\xb6\xdf..$\xe6P(_\xf1\'\xc1:\xa3\xcb\xd9\xd1\xc7\x13\x99Md\x1dc\xf1\'j\x03!\x13\xd1\xb8\xbf\xe6\xb2M\b/\rp\xa5\x00\x00\x00\x00', 0x40, 0x9, 0x0)
fcntl$setlease(r1, 0x400, 0x0)
mq_open(&(0x7f0000000b40)='eth0\x00\xdd\xad4=2k\xf1\x05\x9b\x91y\xe1;F\xa2\x8df\xe9\x04\x00\x00\x00\x00\x0078z=\x8f\xd5F\xa4AR\xc7\x9f.\xdc\xdb\"A\x16\xd8\x19\xf1lZ\xc8\x93\xda\xf2\xc9\xe8h[u8\xc6\xfa\x9ep\xbe\a\xe2\xf5\xa3Y\x9f\xe1\x04gM\x99K$\r\xf1G\xee\xe1\xbd\x1e\xdf\xe1\x9c\x19\xda\xd3\x94EL\xca\x88\x85Q\x02\xd9L\x90\xeb%/\xb1\xeb\x11uP7\x1f\xd9b\xebF\xf8\x88\xf0\xac.\x94\xfc\v\xb1W\xef~+n\xb1\x9b\x02n]xr\xb3\x80\xbc>\xe8XX\xe6\x12\xf3\xc9\xd5\xf8\xd1\x8d\xcb9\xbf\xb0(<\xeb\x92\x8a\x16\xb7\x11^\xb6\xb7n\xd5\xb5\x00[\xdf\x94\x00\r\x95\x17\xa1h\xf8\x00\x00\x00\"\xa0\x05\xcc^\x90c\xc9}\xb8\ny\xf4\xe1\xb4.\xa4\a\x05\xbb}\x91\xf4C\xf5O\xf1a\x12\b\x86\xa16\xbb}C\xc9\x1d\\\xedD\x14\xb1w\x1e\xa0\xc1E\xb5\xf8\xab\xfb\xd9\x93\xb8vJ\x85p\xb5n\x1b\xe4\xd5g\xae\xe4\xeb\xca\xae\x1bs\xd4\xf0\xc0\xdag\x19R4\xd4\xd4\x04\xfc\x04Zb\xf6\xba\xf8B\xf6YU\xcd\xf2\xdb\xb5\xa2\xda\xdf\x8dD\xef`\x13\x15$\xceq\xd7j\xd7\xe3V\xf2\xa2\x95\xcf\x18T\xf1\xb0\xf3\xf8O', 0x1, 0x8, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r2, &(0x7f0000032680)=""/102400, 0x19000)

2.483565895s ago: executing program 0 (id=328):
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='cgroup.stat\x00', 0x275a, 0x0)
creat(&(0x7f0000000300)='./bus\x00', 0x0)
mknodat(0xffffffffffffff9c, &(0x7f0000000000)='./file8\x00', 0x0, 0x0)
mknodat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x0, 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x0)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='hugetlb.2MB.usage_in_bytes\x00', 0x275a, 0x0)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='cpuacct.usage_percpu_user\x00', 0x275a, 0x0)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='blkio.bfq.io_wait_time_recursive\x00', 0x275a, 0x0)
mknodat(0xffffffffffffff9c, &(0x7f0000000140)='./file4\x00', 0x0, 0x0)
symlinkat(&(0x7f0000000380)='./file8/file0\x00', 0xffffffffffffff9c, &(0x7f0000000200)='./file6\x00')
renameat2(0xffffffffffffff9c, &(0x7f00000008c0)='./file4\x00', 0xffffffffffffff9c, &(0x7f0000000900)='./file7\x00', 0x0)
renameat2(0xffffffffffffff9c, &(0x7f0000000b80)='./file6\x00', 0xffffffffffffff9c, &(0x7f0000000bc0)='./file7\x00', 0x2)

2.385153994s ago: executing program 2 (id=317):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x87}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x8000002000000, 0x0)
read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8)
sendmmsg(0xffffffffffffffff, 0x0, 0x0, 0x9200000000000000)
sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x40004)
socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
r1 = syz_open_dev$cec(&(0x7f00000002c0), 0x0, 0x181800)
ioctl$CEC_ADAP_S_LOG_ADDRS(r1, 0xc05c6104, &(0x7f00000001c0)={"f2efe21e", 0x0, 0x5, 0x4a, 0x500, 0x1ff, "2179d46fd08e3c0ced34c7d0c7e6d7", "7ca24a13", "0400", "a2d1d4a2", ["1af0b1ba1cb8fd54c9c9b587", "bed0f3d6ce7a5f7389827f04", "33af343c60abc64f2fdc9ddf", "f6380000000000000000a93c"]})
ioctl$CEC_TRANSMIT(r1, 0xc0386105, &(0x7f0000000d40)={0x10000000000000, 0x1, 0x6, 0xfffffffc, 0x0, 0x4063, "57c1169b6664ea61326ac71ae7213059", 0x0, 0x0, 0x0, 0x0, 0x5, 0x1})

2.274300023s ago: executing program 4 (id=318):
openat$adsp1(0xffffffffffffff9c, 0x0, 0x80, 0x0)
syz_io_uring_setup(0x111, 0x0, &(0x7f00000029c0), &(0x7f0000002a00))
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4)
setsockopt$sock_attach_bpf(0xffffffffffffffff, 0x1, 0x19, 0x0, 0x3)
getrlimit(0x8, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r1, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000680)=ANY=[@ANYBLOB="14000000100001f500000000000000000000000a20000000000a05000000000000000000010000000900010073797a30000000002c000000030a01020000000000000000010000000900010073797a30000000000900030073797a310000000088000000060a010400000000000000000100000008000b400000000060000480280001800e000100636f6e6e6c696d69740000001400028008000140000006e508000240000000003400018008000100636d7000280002800800024000000001140003800400010009000100efbb17b799000000080001400000000e0900010073797a30"], 0xfc}}, 0x0)

2.251735398s ago: executing program 0 (id=319):
syz_mount_image$exfat(&(0x7f0000000280), &(0x7f00000000c0)='./file2\x00', 0x0, &(0x7f00000018c0)=ANY=[], 0xfd, 0x1501, &(0x7f00000002c0)="$eJzs3Am4T1X3OPC19t6H62b4JpnP2uvwTYZNkoSSZEiSJCRzQpIkSZK4ZEpCEjLeJHPInG665nnInHTzSpIkJCTZ/+c2/P16h5/3fX/9/vq/d32e5zz2cs7aZ+27nu89w/Pc79ddh1VvVKNKfWaGf4f+bYC//JMEAAkAMBAAcgBAAABlc5bNmb4/i8akf+sk4n9JgxlXugJxJUn/Mzbpf8Ym/c/YpP8Zm/Q/Y5P+Z2zS/4xN+i9EhjYr39WyZdxN3v//f079T5Ll+p8h4D/aIf3/T6P/paOl/xmb9D9jk/5nbNL/jCy40gWIK0w+/xmb9F+IDO0Pf6e84dyVfqct27+wCSGEEEIIIYQQQgghhBBCCCGEEEIIIYQQQgghhBBCCCGEEEIIIYQQQgghhBBCCCGEEEIIIYQQQgghhBBCCCGEEEIIIYQQQgghhBBCCCGEEEIIIYQQQgghhBBCCCGEEEIIIYQQQgghhBBCCCGEEEIIIYQQQgghhBBCCCGEEEIIIYQQ/w+c85cYAPhtfKXrEkIIIYQQQgghxB/Hv3ulKxBCCCGEEEIIIcT/PgQFGgwEkAkyQwJkgUS4CrJCNsgOOSAGV0NOuAZywbWQG/JAXsgH+aEAFIQQCCwwRFAICkMcroMicD0UhWJQHEqAg5JQCm6A0nAjlIGboCzcDOXgFigPFX4+Z7rboTLcAVXgTqgK1aA61IC7oCbcDbXgHqgN90IduA/qwv1QDx6A+tAAGsKD0AgegsbQBJpCM2gOLaDlZfKTc/y9/OehB7wAPaEXJEFv6AMvQl/oB/1hAAyEl2AQvAyD4RUYAkNhGLwKw+E1GAGvw0gYBaPhDRgDY2EcjIcJMBGS4U2YBG/BZHj7oWwwFabBdJgBM2EWvAOzYQ7MhXdhHsyHBZCcZREshiXwHiyF9yEFPoBl8CGkwnJYASthFayGNbAW1sF62AAbYRNshi2wFbbBR7AddsBO2AW7YQ/shY9hH3wC++FTSMPP/sX8s7/Ph24ICKhQoUGDmTATJmACJmIiZsWsmB2zYwxjmBNzYi7MhbkxN+bFvJiE+bEgFkRCQkbGQlgI4xjHIlgEi2JRLI7F0aHDUlgKS+ONWAbLYFksi+WwHJbHClgBb8VbsRJWwspYGatgFayKVbE6Vse78C68G2thLayNtbEO1sG6WBfrYT2sj/WxITbERtgIG2NjbIpNsTk2x5bYElthK2yNrbEttsV22A7bY3vsgB2wI3bETtgJO2Nn7IJdsCt2xW74HD6Hz+Pz+AK+gL2wquqNfbAP9sW+2B8H4AB8CQfhy/gyvoJDcCgOw1fxVXwNR+AZHImjcDSOxkpqLI7D8chqIiZjMmaGSTgZJ+MUnIpTcTrOwJk4C2fhbJyDc/BdnIfzcT4uxIW4GJfgElyK72MKpuAyPIupuBxX4EpchatxFa7FdbgWN+BG3ICbcTNuxa34EX6EO3AH7sJduAf34Mf4MX6Cn+AQTMM0PIAH8CAexEN4CA/jYTyCR/AoHsVjeAyP43E8gSfxFJ7E03gaz+BZPAcA5/E8XsALeBEvpn/4VTqjjMqkMqkElaASVaLKqrKq7Cq7iqmYyqlyqlwql8qtcqu8Kq/Kr/KrgqqgIkWKVaQKqUIqruKqiCqiiqqiqrgqrpxyqpQqpUqr0qqMKqPKqptVOXWLKq8qqDbuVnWrqqTausrqDlVFVVFVVTVVXdVQNVRNVVPVUrVUbVVb1VF1VF11v6qnemN/bKDSO9NIDcXGahg2Vc1Uc9VCvYYPq1ZqBLZWbVRb9agahSOxvWrlOqgnVEc1Djupp9R4fFp1UROxq3pWdVPPqe7qedVDtXY9VS81BXurPmo69lX9VH81QM3Gaiq9Y9XVK+r5zEPVMPWqWoyvqRHqdTVSjVKj1RtqjBqrxqnxaoKaqJLVm2qSektNVm+rKWqqmqamqxlqppql3lGz1Rw1V72r5qn5aoFaqBapxWqJek8tVe+rFPWBWqY+VKlquVqhVqpVarVao9aqdWq92qA2qk1qs9qitqpt6iO1Xe1QO9UutVvtUXvVx2qf+kTtV5+qNPWZOqD+og6qz9Uh9YU6rL5UR9RX6qj6Wh1T36jj6lt1Qp1Up9R36rT6Xp1RZ9U59YM6r35UF9RP6qLyCjRqpbU2OtCZdGadoLPoRH2Vzqqz6ew6h47pq3VOfY3Opa/VuXUendfk0/l1AV1Qh5q01awjXUgX1nF9nS6ir9dFdTFdXJfQTpfUpfQNurS+UZfRN+my+mZdTt+iy+sKuqIHfZuupG/XlfUduoq+U1fV1XR1XUPfpWvqu3UtfY+ure/VdfR9uq6+X9fTD+j6uoFuqB/UjfRDurFuopvqZrq5bqFb6od1K/2Ibq3b6Lb6Ud1OP6bb68d1B/2E7qif1J30U7qzflp30c/orvpZ3U0/p7vrn/RF7XVP3Usn6d66j35R99X9dH89QA/UL+lB+mU9WL+ih+iheph+VQ/Xr+kR+nU9Uo/So/Ubeoweq8fp8XqCnqiT9Zt6kn5LT9Zv6yl6qp6mp+sZeqbu/+tMc/+J/Lf+Tv7gn8++VW/TH+nteofeqXfp3XqP3qv36n16n96v9+s0naYP6AP6oD6oD+lD+rA+rI/oI/qoPqqP6WP6uD6uT+iT+gf9nT6tv9dn9Fl9Vv+gz+vz+sKvPwMwaJTRxpjAZDKZTYLJYhLNVSaryWaymxwmZq42Oc01Jpe51uQ2eUxek8/kNwVMQRMaMtawiUwhU9jEzXWmiLneFDXFTHFTwjhT0pQyN/yP8y9XX0vT0rQyrUxr09q0NW1NO9POtDftTQfTwXQ0HU0n08l0Np1NF9PFdDVdTTfTzXQ33U0P08P0ND1NkkkyfcyLpq/pZ/qbAWageckMMoPMYDPYDDFDzDAzzAw3w80IM8KMNCPNaDPajDFjzDgzzkwwE0yyz2EmmUlmsplsppgpZtrAHGaGmWFmmVlmtplt5pq5Zp6ZZxaYBWaRWWSWmCVmqVlqUkyKWWaWmVSz3Cw3K81Ks9qsNmvNWrPerDcbzUaz2Ww2qWab2Wa2m+1mp9lpdpvdZq/Za/aZfWa/2W/STJo5YA6Yg+agOWQOmcPmsDlijpij5qg5Zo6Z4+a4OWFOmFPmlDltTpsz5ow5Z86Z8+a8uWAumIvmYvptX6ACFZjABJmCTEFCkBAkBolB1iBrkD3IHsSCWJAzyBnkCq4Ncgd5grxBviB/UCAoGIQBBTbgIAoKBYWDeHBdUCS4PigaFAuKByUCF5QMSgU3BKWDG4MywU1B2eDmoFxwS1A+qBBUDG4NbgsqBbcHlYM7girBnUHVoFpQPagR3BXUDO4OagX3BLWDe4M6wX1B3eD+oF7wQFA/aBA0DB4MGgUPBY2DJkHToFnQPGgRtPxD5/f+TJ5HXM+wV5gU9g77hC+GfcN+Yf9wQDgwfCkcFL4cDg5fCYeEQ8Nh4avh8PC1cET4ejgyHBWODt8Ix4Rjw3Hh+HBCODFMDt8MJ4VvhZPDt8Mp4dRwWjA9nBHODGeF74Szwznh3PDdcF44P1wQLgwXhYtD/OWWGFLCD8Jl4Ydharg8XBGuDFeFq8M14dpwXbg+3BBuDDeFm8sO+uXQcHu4I9wZ7gp3h3vCveHH4b7wk3B/+GmYFn4WHgj/Eh4MPw8PhV+Eh8MvwyPhV+HR8OvwWPhNeDz8NjwRngxPhd+Fp8PvwzPh2fBc+EN4PvwxvBD+FF4MffrNffrlnQwZykSZKIESKJESKStlpeyUnWIUo5yUk3JRLspNuSkv5aX8lJ8KUkFKx8RUiApRnOJUhIpQUSpKxak4OXJUikpRaSpNZagMlaWyVI7KUXkqTxWpIt1Gt9HtdDvdQXfQnXQnVaNqVINqUE2qSbWoFtWm2lSH6lBdqkv1qB7Vp/rUkBpSI2pEjakxNaWm1JyaU0tqSa2oFbWm1tSW2lI7akftqT11oA7UkTpSJ+pEnakzdaEu1JW6UjfqRt2pO/WgHtSTelISJVEf6kN9qS/1p/40kAbSIBpEg2kwDaEhNIyG0XAaTiNoBI2kUTSa3qAxNJbG0XiaQBMpmZJpEk2iyTSZptAUmkbTaAbNoFk0i2bTbJpLc2kezaMFtIAW0SJaQktoKS2lFEqhZbSMUimVVtAKWkWraA2toXW0jjbQBtpEm2gLbaFttI2203baSTtpN+2mvbSX9tE+2k/7KY3S6AAdoIN0kA7RITpMh+kIHaGjdJSO0TE6TsfpBJ2gU3SKTtNpOkNn6Bydo/P0I12gn+gieUqwWWyivcpmtdlsdpvD/nWc1+az+W0BW9CGNrfN87uYrLVFbTFb3Jawzpa0pewNfxOXtxVsRXurvc1Wsrfbyra8zQL/Na5p77a17D22tr3X1rB3/S6uY++zde1Dtp5tYuvbZrahbWEb2YdsY9vENrXNbHPbwrazj9n29nHbwT5hO9on/yZeat+36+x6u8FutPvsJ/ac/cEetV/b8/ZH29P2sgPtS3aQfdkOtq/YIXbo72MAO9q+YcfYsXacHW8n2Il/E0+z0+0MO9POsu/Y2XbO38RL7Ht2nk2xC+xCu8gu/jlOrynFfmCX2Q9tql1uV9iVdpVdbdfYtf+31pV2s91it9q99mO73e6wO+0uu9vu+TlOX8d++6lNs5/ZI/Yre9B+bg/ZY/aw/fLnOH19x+w39rj91p6wJ+0p+509bb+3Z+zZn9efvvbv7E/2ovUWGFmxZsMBZ+LMnMBZOJGv4qycjbNzDo7x1ZyTr+FcfC3n5jycl/Nxfi7ABTlkYsvMERfiwhzn67gIX89FuRgX5xLsuCSX4hu4NN/IZfgmLss3czm+hctzBa7It/JtXIlv58p8B1fhO7kqV+PqXIPv4pp8N9fie7g238t1+D6uy/dzPX6A63MDbsgPciN+iBtzE27Kzbg5t+CW/DC34ke4Nbfhtvwot+PHuD0/zh34Ce7IT3Infoo789PchZ/hrvwsd+PnuDs/zz34Be7JvTiJe3MffpH7cj/uzwN4IL/Eg/hlHsyv8BAeysP4VR7Or/EIfp1H8igezW/wGB7L43g8T+CJnMxv8iR+iyfz2zyFp/I0ns4zeCbP4nd4Ns/hufwuz+P5vIAX8iJezEv4PV7K73MKf8DL+ENO5eW8glfyKl7Na3gtr+P1vIE38ibezFt4K2/jj3g77+CdvIt38x7eyx/zPv6E9/OnnMaf8QH+Cx/kz/kQf8GH+Us+wl/xUf6aj/E3fJy/5RN8kk/xd3yav+czfJbP8Q98nn/kC/wTX2TPEGGkIh2ZKIgyRZmjhChLlBhdFWWNskXZoxxRLLo6yhldE+WKro1yR3mivFG+KH9UICoYhRFFNuIoigpFhaN4dF1UJLo+KhoVi4pHJSIXlYxKRTdEpaMbozLRTVHZ6OaoXHRLVD6qEFWMbo1uiypFt0eVozuiKtGdUdWoWlQ9qhHdFdWM7o5qRfdEtaN7ozLRfVHd6P6oXvRAVD9qEDWMHowaRQ9FjaMmUdOoWdQ8ahG1jB6OWkWPRK2jNlHb6NGoXfRY1D56POoQPRF1jJ68tL9Y8MvV9K/2J0W9I/3rG7J79KL44viS+HvxpfH34ynxD+LL4h/GU+PL4yviK+Or4qvja+Jr4+vi6+Mb4hvjm+Kb41viW+Pe18gMDtMfhMG4wGVymV2Cy+IS3VUuq8vmsrscLuaudjndNS6Xu9bldnlcXpfP5XcFXEEXOnLWsYtcIVfYxd11roi73hV1xVxxV8I5V9KVci1cS9fStXKPuNaujWvrHnWPusfcY+7xhF8Ld53cU66ze9p1cc+4Z9yzrpt7znV3z7se7gXX0/VySS7J9XF9XF/X1/V3/d1AN9ANcoPcYDfYDXFD3DA3zA13w90IN8KNdCPdaDfajXFj3Dg3zk1wE1yyS3aT3CQ32U12U9wUN81NczPcDDfLzXKz3Ww3181189w8t8AtcIvcIrfELXFL3VKX4lLcMrfMpbpUt8KtcKvcKrfGrXHr3Dq3wW1wm9wmt8VtcdvcNrfdbXc73U632+12e91et8/tc/vdfpfm0twBd8AddAfdIfeFO+y+dEfcV+6o+9odc9+44+5bd8KddKec16fd9+6MO+vOuR/cefeju+B+chedd8mxN2OTYm/FJsfejk2JTY1Ni02PzYjNjM2KvRObHZsTmxt7NzYvNj+2ILYwtii2OLYk9l5saez9WErsg9iy2Iex1Njy2IrYytiq2OqY9wW2R76QL+zj/jpfxF/vi/pivrgv4Z0v6Uv5G3xpf6Mv42/yZf3Nvpy/xZf3FXxF38Q39c18c9/Ct/QP+1b+Ed/at/Ft/aO+nX/Mt/eP+w7+Cd/RP+k7+ad8Z/+07+Kf8V39s/N/7bLv4V/wPX0vn+R7+z7+Rd/X9/P9/QA/0L/kB/mX/WD/ih/ih/ph/lU/3L/mR/jX/Ug/yo/2b/gxfqwf58f7CX6iT/Zv+kn+LT/Zv+2n+Kl+mp/uZ/iZfpZ/x8/2c/xc/66f5+f7BX6hX+QX+yX+Pb/Uv+9T/Ad+mf/Qp/rlfoVf6Vf51X6NX+vX+fV+g9/oN/nNfovf6rf5j/x2v8Pv9Lv8br/H7/Uf+33+E7/ff+rT/Gf+gP+LP+g/94f8F/6w/9If8V/5o/5rf8x/44/7b/0Jf9Kf8t/50/57f8af9ef8D/68/9Ff8D/5i/I3a0IIIYQQ/xR9mf29/87/qV+3dH0AINuOfIf/es5NuX8Z91P7OsYA4IleXRv8tjVokJSU9OuxqRqCwgsBIHYp/+fvH/g1Xg5t4THoAG2g9N+tr5+q+PN93383f/xmgESALL/lpD8eJcJfz3/jP5i/yXt8ufkXAhQtfCkn/US/xZfmL/MP5t/T7jLzZ/k8GaD1f8nJCpfiS/OXgkfgSejwuyOFEEIIIYQQQohf9FPnu13u+Tb9+Ty/uZSTGS7Fl3s+v4zKf8QahBBCCCGEEEII8d97+rnujz/coUObzv/Jg8x/jjL+BAMEgD9BGTL48w+u9G8mIYQQQgghxB/t0k3/la5ECCGEEEIIIYQQQgghhBBCCCGEEEIIIYQQQgghhBBCCCGEEEIIIYTIuP79bwhT//TBV3qNQgghhBBCCCGEEEIIIYQQQgghhBBCCCGEEEIIIYQQQgghhBBCCCGEEEIIIYQQQgghxJX2fwIAAP//5g1V0w==")
creat(&(0x7f0000000100)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x10)
mknod$loop(&(0x7f0000000000)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x0, 0x1)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='blkio.bfq.time_recursive\x00', 0x275a, 0x0)
creat(&(0x7f0000000e00)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0xec)
creat(&(0x7f0000000e00)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f00000005c0)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x0)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='cgroup.stat\x00', 0x275a, 0x0)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000200)='blkio.throttle.io_service_bytes\x00', 0x275a, 0x0)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000001840)='hugetlb.1GB.rsvd.usage_in_bytes\x00', 0x26e1, 0x0)
open(&(0x7f0000000100)='./bus\x00', 0x143142, 0xa2)
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f00000001c0)='./cgroup.net/syz1\x00', 0x1ff)

322.324773ms ago: executing program 1 (id=320):
r0 = syz_init_net_socket$ax25(0x3, 0x5, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8831, 0xffffffffffffffff, 0x2000)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
getsockopt$ax25_int(r0, 0x101, 0x4, 0xffffffffffffffff, &(0x7f0000000000)=0xff76)

259.416989ms ago: executing program 2 (id=321):
prlimit64(0x0, 0xe, &(0x7f00000007c0)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0)
r0 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r0, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
mmap$IORING_OFF_SQ_RING(&(0x7f0000400000/0xc00000)=nil, 0xc00000, 0x4000003, 0x50032, 0xffffffffffffffff, 0x0)
mlock(&(0x7f00007d8000/0x800000)=nil, 0x800000)
ioctl$TIOCL_PASTESEL(0xffffffffffffffff, 0x541c, 0x0)
syz_clone(0x100, 0x0, 0x0, 0x0, 0x0, 0x0)
mlock(&(0x7f00007d8000/0x800000)=nil, 0x800000)

108.645179ms ago: executing program 4 (id=322):
creat(&(0x7f0000000240)='./file0\x00', 0x0)
pipe2$9p(&(0x7f0000001900)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r1, &(0x7f0000000340)=ANY=[@ANYBLOB="1500000065ffff048000000800395032303030"], 0x15)
r2 = dup(r1)
write$FUSE_BMAP(r2, &(0x7f0000000100)={0x18}, 0x18)
write$FUSE_NOTIFY_RETRIEVE(r2, &(0x7f00000000c0)={0x14c}, 0x137)
mount$9p_fd(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000040), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r2}, 0x2c, {[], [], 0x6b}})
chmod(&(0x7f0000000140)='./file0\x00', 0x0)
r3 = creat(&(0x7f0000000300)='./file0\x00', 0x0)
r4 = syz_open_dev$loop(&(0x7f0000000080), 0x47ffffa, 0x62800)
mmap(&(0x7f0000001000/0x4000)=nil, 0x4000, 0x5, 0x12, r4, 0x0)
write$UHID_INPUT(r3, &(0x7f0000000540)={0x8, {"1a17924ab218eacb15a3fccf929e2dd2497903c1f853d95b995c65e99449ff953fa11c7723b2149ecdaa7f833f60e13b19a66e963f7e8da4297ebbfdda5b36fb4d01bd02e6c652dc4d99e2cb82c2a1d4a45e4c89ba9994e82f854bbc34a40b3a58aa256c9b4512fbf91b9846446c4909e4ec53982e7d7fd11ee0bdeab0bb4c469c9665dde8cb58f0ca148223b6cc4e2f306cfbeccedec8db5212f2fc4e14f836c68bdace4db1afbde9d463e5ac24567925b5fdf0e3af1a52dbd7669fe9227302c8f635bc2ddbf5bd7dccd7b92a9bd5c7363375a57851c2bc72509f2005f138f5a59cf85e9ddb1c972c89d50806e8941b7059cd3eca77527a7f20af70841b4d6f026614bdbb276a6814cc74d91856b968c5fdb52674d892a90d01ab91841b6811def78bdac9bc6f9df2598569fbdfef75079832b2750801dc83fd1987713c61136ac9e5f2f7e67f302109bb9a7fea75290b506a89a19d7e0e472937a8c9ecfe16ef6eb88c7a88a060756196d55d6a3d3f7cdf9915d22b6b3af69ec55017b821ec0621e8a59414efc2b46977a85846b53ae75a350947afcafbdef7233cc371bc2a6f29c0315b352ac2741c81df534303ddb30a4408db5679d05d245259c245c9d7f861711cc287cfd0462b948512623b921060386c587fd166df29e71ecfc8ed90031e95b2af1406b5ae73f6084e39e88194e3d37dc801982656b5b66342d74100f9f5b8c94c1e91b626bbf426a07b4be91dbdb76a6e40d0b788f89359e462e69bc4499fd4f9aa1e7f0c3f73a996b6ecef606c7651286e1f18a6823eed7191cd542057eaaf09aa32e8ce370c09050278b85fd359b8ca23e66e9d294ec57b3ddd90409d9b1ca28c6993b244f8ca46f6bf478ff22fb1df53e33abdda4b2b1e5cff7de19957bdc8e7ca39e4762204b1f9f33b9375b7282422b91841706751038e42023ba45c1cd0998c1794c1c2a5ff65466189bbb27bcbf01e5a48bfd8b6845f7d5c87d977df4ded5273ebf56b96c50b4eadc44bfaa0994259eeb1031644415fa9d729753d2138b06f9b7b624d9eeb1ef71dfdff0b639078f058c7a070451c4670af0c6eb1202f77be82faba9b6287995066b5f7e59b7967706d8d8c5bde48137e13df537ae54664fe4e8460b1bdf5b92a1dcf39ee1726bc6690d0ac5f799bcfab918c59cb132c45054ba17b8a44d505ad3eaeee95b4275b25b2087da8902552727a1e739014df348cfa3a1102661c35a6a38df6c410f5343577955dd57de5af089e3f1bcdf96d4ef1d5944243470b0ed10616144cccc5cac44e36fefd9441120c5d047867af0ea353da21fc0ae73b78b84d53a62efeb94ea8d441cc698c92fd7b36cf41472d036c5093bbdf943620c29ffa3b21ef4a0bb9274912b046834ee6f855ceadf18fb488040d5829ab6e8bf69a90315f7f84d002ac4e929e9f1010a8486746bd316799ba3a65744980c388202324ba50768c77a8481ba74d135da7507048c82714a8234837b69922126e4084a68f7418bfd26417cade786c7f8185e2492e3b64eb9d2c2c721504c7b4aeb383503f745fd69315c56b5b0158decd1b1606a63366b7e2d2b9124b6efca4480c703c8f37d6ddff55b0ec15f2ce6be6c902d06aec2ccabeba13b442b608076c33d19e690ab66cf6678d679758d22fb5d8d963f25d00c45576f8b2938543080297b9cb6c305e3131d2f412f00370c285251909f8ebefc3d18a23e25a183997b08251450b29fff32781e6a70e6e070ab3921f3f809392deb732d6f30cc034b5f77d41218bca86d515b16da0457dbf7aaefdcef9d5358e7b4f1e5d1a410f55449e765609d122f938fd57b71482244dff0523067cabfd322fc47aca1c331112e3d969f5fe3594c3c7adea7c36e9b9af6754cdea5ccf05b139f783d4b24540c50a6a9f7dff472d47c87c151d8439b5740cd1f423335dae2680050bd44766159cba66666b7dbc9e190130494327a0d8c9dbed5c8b831ce2b2bb236353ff7175a48b61a0f3209fa3db44f07a21a485ef1682a33cdf632ac2d6ca993b6cd90913e31704bb851711e1f2b5ebb19baaba102dd42d550933e9dfc17311665fef4d0206d7debbcbbd97efafffb905bf9a77b8eeb67d5f8bef8526f6f8607672bb3c50b14e16c264265594e05fa481f724290abdc9f60a899f26033236e3b90548c24288a7b627b51c4d7c638c359ec6325b0d79e1d69cf18cd9136a263b6aa84ad062b9831fc7c201b7ccec7d3b7ea2132ee4579632bf614bcde285527c36ef8a8e12651ef34a677a8d2f84360afa2f2245e4e0d61a12e8e446045fae61375082f983363795f11848edad24b3f7ae53f0eeb329fa62b6d7b446e3b2c1257981f9c0c3ea371c71021af834a285203b2e3177ddf5251044ea215c048f78701dec36a94ca3c435278d1fd889996adf5ea7c8db62f2b1331bc22c4b7798d587a5c4e619b7b576e19d92996bc0bdc0c8c15374e11b6eeda0e18b35aac4b96db9cdba025080bf5bea4ffdf4fa3c93ec5feede0a140f7f6727ef255783565935d59d348aaa6d12c060afd5f6d084346309d8cbf54b33050ecccf30ae083c4034165880214a94a5296427e2fcb6d90692a82212b6b8d86c6d163f0643944aaba4af1171aed463994f1374e1ec1654b89b04e9d635074e8d131bc2443daf1caad455671470329a287f4c711cb907403d5c05184cd3a647823b5b9c6dc4451fdde92dc1cb87010197026458b40d4809ab60aca1af6bb3702a3e0506cdd21faa6d9909f4ed74723de75fc48d44314fa3cc0c8e8ea226ec1d5875b9595aeacdff0a9f75b4a60dde781c58179f997ecb6479c91ecacc65bfe293a2d26c21ae7c1d7be1241cc1c4ea86a6cf8d93012bd98508aae8db723ff167026298cab227b7d0062c27ccc8e81df7268423ad063638760b44e77147ee9bd84140166ae2bfd592f845ca68c719f7520ae3c9988cc89db73bf93ad6f2f7d9394b2288f0176723acd167081ade4e066a26832f7b655cd874aa5026a7369bb9912c90599d1407f0488a9c540a31997890f5433bd1df91ba13a9e0721c9a707eac7cff1c3efef6cd716779c7ad631c3560caa2031d9d2591329c1867d0d5f96b5897cac2c6a381f0ce5c27969c2b3e7d188e1e896d815b01a3e177933817325953140272ad718a36ae522d43de109ba92255ee66d2a14897f2b2014dc9a495c108727e0eef54df617e269e43a0c48d28a91aaf14d58719e21ea39c1c534e39a1dfabb61377b55d2f69fe79c7d5111b8b952c388925ea8ab1503ae68bce95a34a10a85aa0e5da52add14b93eaac5861a6504e23dda8034e809253c1071ddda934663faac454cd378c5725f5c6f4d943779994357185e512a4b6993156e624f25d86d24e7254d3e9b231aa80ed5a32e108cb528d402f93e58c25ac937420ff7dcd7d9ec2126c7fe7cefa47c038f23de40523d5e026fe3bb4cfd3040f9bd9631cf5a2cde1e20a6032703cd64c2ad97ea95d05a7aa3ea3b3b9d5a86961116dd1338c0a2caae0ceab3178ac7736dfa8a949cd81d261748e6678cb730b57468fb2b7e22c5eb08ad496e76775dce0c31950a596580ad7d6c3fd9ce90dded340f20b77fe53e81fb6e2a7a6c450b8ac9009c7c077893f704457a90401fb758c0769fbfd38e40ae692e410b889bbf0b09a32dc731b6768c0fa3963a5b6279b6a5db611174339f3218fff567f6cfb7377ddc8e2c730da35cc3ec680a6bc95010dd03834caab7afb2c0023ad9ce3aae3c0fd1ece42ea840bf5fc798a0b5fbe7692f13549cdba4a0b68f722ef6877856a76fc3c39f7cfd760675a9f341d9f09f381972be9171e50455ed13e665e61a03b0c2a79276a871c25fc5c486639a71a8dfdf36174373b8995014752aba3026045be6b43074ac3824d687bbf5f6544228cea52791828f54980ee9f728534ea32edd205aaace717adcf61ce28f92719048d44b09812bcfd2d22cc9d7a45ed6b4634756f6b3189908c71728c373ea94aa5c74ce4a73c20138b8cb21db6e2dfb35329b86b1805a5208dd370b8342ca8aa3cbd3e7a3ec79d7b8ee677b04e19c524ddc6de0b22443ac15de908f61719399d0f9890ca2b0283a7db914944f424af10ba0ec9e3e253c060d7b28552eaae5eed1e906f8f93c2195293deabdad6cb38ddab51603e4a96ef1e086de911fb716ffbca467294d9e66e5d0f8225bc28d6c074c4ffba76706f61b0b386b7e4b6500a15fad291f34f6c84f1596a97512f31196a529a7a5725437c038e17d531da3838c8aef3bade6bc1d4c7624560d4fba72e5f8be2c5dc905e1e4bcb2aa7eddb275408ef4288ac69c7a18ae58fb26c2f5a6964f051b81d2e426fc2a5d8617050341b96d5a746e3419fbe94bd3752403868b655c2dba6f48ef109a2e6ec0041842fae52bfab70481ecfe8d27f3d5e444f1b941d871c8057cbe35df68665bc3aadea02d203b106d1179a428daa7d9fea9dbddd8955bb289a92ec790de74cd6a1edf925ab85471633dedf8ba46abe456963a2381addce2aa16c06dd80bb54d8e53d7c82607916af175061da29122afde8687add6b6f42233b76a1164893dcc1ec3dcf935576d2d0f3ab3b1adbace086da915234b4f9bad0afc2915608fc4f6611dc3b91d7e0e48cb0a0f3fdc70ef70ef82043afbd3325f0f6186390ab28ca9f0009184637530d79f0c5a77c6e912afbe6533988f543fc6c02d3d44fbdb0e2ebfad2680184f1ed451991667df958a71fb41cf4367bdb931389ea8b6340e225b312a09dadd8e2ac2d200db6e75323d48c73c6b819e13f92b01bf405e796a2e10b863e773598abcbcc196987e18b19530337809b56480778207103a12acfff1c0ad62846088251a1a0d0d6b300059a99698c84ccac78d53eb32e3984001978db7679960b4d75d71b49696909826c66320526fe02a060265821d15b8b2337121a201402a118ec03ff0d4f3dfa48f2dadd20b510ecdf4e6440b5b2466b9bf28e32327189f0405245694a6371dbe4eae7a8293cdc15193c284123d64690120634f808096a8f3f7a04a5bac9dd86c09f2e4e87c7d7c98d0b370e84ea5f265730f5480eb1375d4f82c7d4efbb6e58c5a92848331b2becd2531f6c456b5d0e690b102dd8faec55bde56f95727f4abf52c58543faaeb9cefd39bba788bd7e2b02b27ecbc1679a1ac00823c83e1ae29690cd25544d3ae0a8db25e963e9fb5bd94987637ac3546b9b312bf04d5c6211c135e806525d423fde9ccb5ef7962ec1e056e6f29adaeebb331f6c234586d1fe21577f56d620c6942a29d4915772144cc60008d1236db21100d5a3112c29396b9e18cdb5b104bed2df2b6ea72c9aa03bb6082f3eb07f0eae359864967a749492d21005b0d39c9613c20b1e21700ab66a4f5ca03ec08d67b95f759252d758743820ba243032e1708447fbaebc27e1316af4cf547cef3ac4966a1f04dd07012f257a0204107c23a0046b12493d9784b24dc561c1f88e591056bcc3b338ab1de65e5ad578021f26f93e9b12f00b5f8c8ae2db6b7b8f254303c7ff06514735974e65fb9a93dc79b115a12310040490ca11ef315340af104e20a2e22dcd132f7d7a61d9d3a12e832ee048a2170dbe03d747ed7402180eb964fde0ecb77e778b18a4e5a83479bb7e0ea0a7d5145ffed4607bd7e6b8f961625d5e3dcac2d4a05e71dc9c2e52195bd55aed4e6749dc1c329e2cda966d18e9bf882c05db627c1047fc71533bbba2c8a83d04db5bad6da349a9ad1992eb88e0274d32a16137e2396ad973c0ecbbc2d243e68b6959bf9b", 0x1000}}, 0x1006)

19.088706ms ago: executing program 5 (id=335):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
r3 = syz_open_procfs(0x0, &(0x7f0000000000)='net/netstat\x00')
read$FUSE(r3, &(0x7f00000021c0)={0x2020}, 0x2020)

0s ago: executing program 0 (id=323):
prlimit64(0x0, 0xe, &(0x7f0000000080)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000480)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
r3 = socket$inet_sctp(0x2, 0x1, 0x84)
setsockopt$inet_sctp_SCTP_ASSOCINFO(r3, 0x84, 0x1, &(0x7f0000000900)={0x0, 0x0, 0x2, 0x7, 0x8, 0x2}, 0x14)

kernel console output (not intermixed with test programs):

Warning: Permanently added '10.128.1.5' (ED25519) to the list of known hosts.
[  101.586034][ T2145] cfg80211: failed to load regulatory.db
[  102.456993][ T5813] cgroup: Unknown subsys name 'net'
[  102.619608][ T5813] cgroup: Unknown subsys name 'cpuset'
[  102.630065][ T5813] cgroup: Unknown subsys name 'rlimit'
Setting up swapspace version 1, size = 127995904 bytes
[  104.371320][ T5813] Adding 124996k swap on ./swap-file.  Priority:0 extents:1 across:124996k 
[  108.915724][ T5835] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1
[  108.924066][ T5835] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[  108.937896][ T5844] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9
[  108.948072][ T5849] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1
[  108.958381][ T5849] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1
[  108.966602][ T5849] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1
[  108.975127][ T5849] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1
[  108.983740][ T5849] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9
[  108.992281][ T5849] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9
[  109.000907][ T5849] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9
[  109.009528][ T5849] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9
[  109.018067][ T5849] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9
[  109.026244][ T5849] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9
[  109.034986][ T5849] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9
[  109.046223][ T5849] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4
[  109.056263][ T5856] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4
[  109.064065][ T5855] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2
[  109.072277][ T5855] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4
[  109.076122][ T5850] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[  109.080912][ T5855] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2
[  109.098144][ T5835] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2
[  109.104282][ T5853] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9
[  109.127616][ T5844] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4
[  109.132554][ T5850] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[  109.137398][ T5844] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2
[  109.150977][ T5850] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[  109.154731][ T5854] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9
[  109.168982][ T5844] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4
[  109.177389][ T5854] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[  109.198630][ T5854] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2
[  110.207855][ T5839] chnl_net:caif_netlink_parms(): no params data found
[  110.303724][ T5838] chnl_net:caif_netlink_parms(): no params data found
[  110.330599][ T5841] chnl_net:caif_netlink_parms(): no params data found
[  110.540747][ T5831] chnl_net:caif_netlink_parms(): no params data found
[  110.573578][ T5832] chnl_net:caif_netlink_parms(): no params data found
[  110.594873][ T5840] chnl_net:caif_netlink_parms(): no params data found
[  110.748083][ T5841] bridge0: port 1(bridge_slave_0) entered blocking state
[  110.756726][ T5841] bridge0: port 1(bridge_slave_0) entered disabled state
[  110.764928][ T5841] bridge_slave_0: entered allmulticast mode
[  110.772821][ T5841] bridge_slave_0: entered promiscuous mode
[  110.855033][ T5841] bridge0: port 2(bridge_slave_1) entered blocking state
[  110.862321][ T5841] bridge0: port 2(bridge_slave_1) entered disabled state
[  110.870360][ T5841] bridge_slave_1: entered allmulticast mode
[  110.879489][ T5841] bridge_slave_1: entered promiscuous mode
[  110.920118][ T5839] bridge0: port 1(bridge_slave_0) entered blocking state
[  110.927547][ T5839] bridge0: port 1(bridge_slave_0) entered disabled state
[  110.935166][ T5839] bridge_slave_0: entered allmulticast mode
[  110.942888][ T5839] bridge_slave_0: entered promiscuous mode
[  111.002915][ T5838] bridge0: port 1(bridge_slave_0) entered blocking state
[  111.010362][ T5838] bridge0: port 1(bridge_slave_0) entered disabled state
[  111.018127][ T5838] bridge_slave_0: entered allmulticast mode
[  111.026766][ T5838] bridge_slave_0: entered promiscuous mode
[  111.035858][ T5838] bridge0: port 2(bridge_slave_1) entered blocking state
[  111.042976][ T5838] bridge0: port 2(bridge_slave_1) entered disabled state
[  111.050615][ T5838] bridge_slave_1: entered allmulticast mode
[  111.059278][ T5838] bridge_slave_1: entered promiscuous mode
[  111.083228][ T5839] bridge0: port 2(bridge_slave_1) entered blocking state
[  111.090494][ T5839] bridge0: port 2(bridge_slave_1) entered disabled state
[  111.102595][ T5839] bridge_slave_1: entered allmulticast mode
[  111.110539][ T5839] bridge_slave_1: entered promiscuous mode
[  111.167901][ T5841] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  111.185394][ T5842] Bluetooth: hci3: command tx timeout
[  111.185783][ T5844] Bluetooth: hci2: command tx timeout
[  111.191623][ T5854] Bluetooth: hci5: command tx timeout
[  111.264204][ T5842] Bluetooth: hci0: command tx timeout
[  111.264211][ T5844] Bluetooth: hci1: command tx timeout
[  111.269013][ T5854] Bluetooth: hci4: command tx timeout
[  111.308595][ T5841] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  111.357052][ T5838] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  111.437481][ T5832] bridge0: port 1(bridge_slave_0) entered blocking state
[  111.445017][ T5832] bridge0: port 1(bridge_slave_0) entered disabled state
[  111.452309][ T5832] bridge_slave_0: entered allmulticast mode
[  111.460974][ T5832] bridge_slave_0: entered promiscuous mode
[  111.487922][ T5838] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  111.497318][ T5840] bridge0: port 1(bridge_slave_0) entered blocking state
[  111.513652][ T5840] bridge0: port 1(bridge_slave_0) entered disabled state
[  111.520920][ T5840] bridge_slave_0: entered allmulticast mode
[  111.529163][ T5840] bridge_slave_0: entered promiscuous mode
[  111.541028][ T5839] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  111.550477][ T5831] bridge0: port 1(bridge_slave_0) entered blocking state
[  111.557868][ T5831] bridge0: port 1(bridge_slave_0) entered disabled state
[  111.565717][ T5831] bridge_slave_0: entered allmulticast mode
[  111.573464][ T5831] bridge_slave_0: entered promiscuous mode
[  111.581574][ T5832] bridge0: port 2(bridge_slave_1) entered blocking state
[  111.589193][ T5832] bridge0: port 2(bridge_slave_1) entered disabled state
[  111.597732][ T5832] bridge_slave_1: entered allmulticast mode
[  111.605683][ T5832] bridge_slave_1: entered promiscuous mode
[  111.617218][ T5841] team0: Port device team_slave_0 added
[  111.640590][ T5840] bridge0: port 2(bridge_slave_1) entered blocking state
[  111.647854][ T5840] bridge0: port 2(bridge_slave_1) entered disabled state
[  111.656164][ T5840] bridge_slave_1: entered allmulticast mode
[  111.664604][ T5840] bridge_slave_1: entered promiscuous mode
[  111.675282][ T5839] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  111.704776][ T5831] bridge0: port 2(bridge_slave_1) entered blocking state
[  111.712036][ T5831] bridge0: port 2(bridge_slave_1) entered disabled state
[  111.719521][ T5831] bridge_slave_1: entered allmulticast mode
[  111.727611][ T5831] bridge_slave_1: entered promiscuous mode
[  111.775011][ T5841] team0: Port device team_slave_1 added
[  111.869948][ T5832] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  111.900844][ T5838] team0: Port device team_slave_0 added
[  111.929382][ T5839] team0: Port device team_slave_0 added
[  111.939340][ T5831] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  111.953172][ T5831] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  111.967341][ T5832] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  111.997226][ T5838] team0: Port device team_slave_1 added
[  112.005390][ T5841] batman_adv: batadv0: Adding interface: batadv_slave_0
[  112.012388][ T5841] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  112.038682][ T5841] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  112.055945][ T5840] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  112.068011][ T5839] team0: Port device team_slave_1 added
[  112.161029][ T5841] batman_adv: batadv0: Adding interface: batadv_slave_1
[  112.168953][ T5841] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  112.195590][ T5841] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  112.210276][ T5840] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  112.290685][ T5832] team0: Port device team_slave_0 added
[  112.323456][ T5838] batman_adv: batadv0: Adding interface: batadv_slave_0
[  112.330459][ T5838] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  112.357569][ T5838] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  112.390357][ T5839] batman_adv: batadv0: Adding interface: batadv_slave_0
[  112.397962][ T5839] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  112.424118][ T5839] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  112.437124][ T5839] batman_adv: batadv0: Adding interface: batadv_slave_1
[  112.444238][ T5839] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  112.471301][ T5839] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  112.485600][ T5831] team0: Port device team_slave_0 added
[  112.494675][ T5832] team0: Port device team_slave_1 added
[  112.504042][ T5838] batman_adv: batadv0: Adding interface: batadv_slave_1
[  112.510993][ T5838] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  112.537380][ T5838] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  112.552399][ T5840] team0: Port device team_slave_0 added
[  112.564272][ T5840] team0: Port device team_slave_1 added
[  112.579738][ T5831] team0: Port device team_slave_1 added
[  112.736813][ T5840] batman_adv: batadv0: Adding interface: batadv_slave_0
[  112.744299][ T5840] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  112.770395][ T5840] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  112.782882][ T5831] batman_adv: batadv0: Adding interface: batadv_slave_0
[  112.791057][ T5831] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  112.817536][ T5831] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  112.830001][ T5832] batman_adv: batadv0: Adding interface: batadv_slave_0
[  112.837213][ T5832] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  112.863264][ T5832] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  112.898198][ T5841] hsr_slave_0: entered promiscuous mode
[  112.905307][ T5841] hsr_slave_1: entered promiscuous mode
[  112.930216][ T5840] batman_adv: batadv0: Adding interface: batadv_slave_1
[  112.937548][ T5840] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  112.964221][ T5840] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  112.976756][ T5831] batman_adv: batadv0: Adding interface: batadv_slave_1
[  112.984558][ T5831] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  113.011420][ T5831] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  113.028222][ T5832] batman_adv: batadv0: Adding interface: batadv_slave_1
[  113.035368][ T5832] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  113.061766][ T5832] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  113.098778][ T5839] hsr_slave_0: entered promiscuous mode
[  113.106614][ T5839] hsr_slave_1: entered promiscuous mode
[  113.114627][ T5839] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  113.122726][ T5839] Cannot create hsr debugfs directory
[  113.179850][ T5838] hsr_slave_0: entered promiscuous mode
[  113.186843][ T5838] hsr_slave_1: entered promiscuous mode
[  113.193100][ T5838] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  113.201430][ T5838] Cannot create hsr debugfs directory
[  113.264098][ T5854] Bluetooth: hci5: command tx timeout
[  113.264296][ T5842] Bluetooth: hci3: command tx timeout
[  113.273570][ T5854] Bluetooth: hci2: command tx timeout
[  113.343541][ T5854] Bluetooth: hci0: command tx timeout
[  113.353979][ T5854] Bluetooth: hci4: command tx timeout
[  113.354002][ T5842] Bluetooth: hci1: command tx timeout
[  113.465210][ T5831] hsr_slave_0: entered promiscuous mode
[  113.471899][ T5831] hsr_slave_1: entered promiscuous mode
[  113.478597][ T5831] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  113.486267][ T5831] Cannot create hsr debugfs directory
[  113.597454][ T5832] hsr_slave_0: entered promiscuous mode
[  113.604262][ T5832] hsr_slave_1: entered promiscuous mode
[  113.610872][ T5832] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  113.618807][ T5832] Cannot create hsr debugfs directory
[  113.631555][ T5840] hsr_slave_0: entered promiscuous mode
[  113.638438][ T5840] hsr_slave_1: entered promiscuous mode
[  113.645067][ T5840] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  113.652663][ T5840] Cannot create hsr debugfs directory
[  114.391012][ T5838] netdevsim netdevsim0 netdevsim0: renamed from eth0
[  114.416702][ T5838] netdevsim netdevsim0 netdevsim1: renamed from eth1
[  114.441947][ T5838] netdevsim netdevsim0 netdevsim2: renamed from eth2
[  114.472971][ T5838] netdevsim netdevsim0 netdevsim3: renamed from eth3
[  114.518153][ T5839] netdevsim netdevsim4 netdevsim0: renamed from eth0
[  114.538058][ T5839] netdevsim netdevsim4 netdevsim1: renamed from eth1
[  114.560218][ T5839] netdevsim netdevsim4 netdevsim2: renamed from eth2
[  114.595381][ T5839] netdevsim netdevsim4 netdevsim3: renamed from eth3
[  114.694311][ T5841] netdevsim netdevsim1 netdevsim0: renamed from eth0
[  114.706028][ T5841] netdevsim netdevsim1 netdevsim1: renamed from eth1
[  114.729093][ T5841] netdevsim netdevsim1 netdevsim2: renamed from eth2
[  114.743208][ T5841] netdevsim netdevsim1 netdevsim3: renamed from eth3
[  114.890994][ T5831] netdevsim netdevsim2 netdevsim0: renamed from eth0
[  114.933800][ T5831] netdevsim netdevsim2 netdevsim1: renamed from eth1
[  114.945594][ T5831] netdevsim netdevsim2 netdevsim2: renamed from eth2
[  114.996913][ T5831] netdevsim netdevsim2 netdevsim3: renamed from eth3
[  115.109458][ T5840] netdevsim netdevsim3 netdevsim0: renamed from eth0
[  115.129196][ T5840] netdevsim netdevsim3 netdevsim1: renamed from eth1
[  115.141684][ T5840] netdevsim netdevsim3 netdevsim2: renamed from eth2
[  115.161906][ T5838] 8021q: adding VLAN 0 to HW filter on device bond0
[  115.207111][ T5840] netdevsim netdevsim3 netdevsim3: renamed from eth3
[  115.258702][ T5839] 8021q: adding VLAN 0 to HW filter on device bond0
[  115.292079][ T5838] 8021q: adding VLAN 0 to HW filter on device team0
[  115.344562][ T5854] Bluetooth: hci2: command tx timeout
[  115.349606][ T5842] Bluetooth: hci5: command tx timeout
[  115.350013][ T5844] Bluetooth: hci3: command tx timeout
[  115.408453][ T1133] bridge0: port 1(bridge_slave_0) entered blocking state
[  115.415897][ T1133] bridge0: port 1(bridge_slave_0) entered forwarding state
[  115.425962][ T5854] Bluetooth: hci1: command tx timeout
[  115.428535][ T5844] Bluetooth: hci4: command tx timeout
[  115.431452][ T5842] Bluetooth: hci0: command tx timeout
[  115.462563][ T5832] netdevsim netdevsim5 netdevsim0: renamed from eth0
[  115.485983][ T5839] 8021q: adding VLAN 0 to HW filter on device team0
[  115.499920][ T5832] netdevsim netdevsim5 netdevsim1: renamed from eth1
[  115.520949][ T1133] bridge0: port 2(bridge_slave_1) entered blocking state
[  115.528210][ T1133] bridge0: port 2(bridge_slave_1) entered forwarding state
[  115.554848][ T5832] netdevsim netdevsim5 netdevsim2: renamed from eth2
[  115.590934][ T5832] netdevsim netdevsim5 netdevsim3: renamed from eth3
[  115.605458][ T1133] bridge0: port 1(bridge_slave_0) entered blocking state
[  115.612695][ T1133] bridge0: port 1(bridge_slave_0) entered forwarding state
[  115.640627][ T5841] 8021q: adding VLAN 0 to HW filter on device bond0
[  115.685209][ T1133] bridge0: port 2(bridge_slave_1) entered blocking state
[  115.692389][ T1133] bridge0: port 2(bridge_slave_1) entered forwarding state
[  115.760310][ T5841] 8021q: adding VLAN 0 to HW filter on device team0
[  115.835238][   T36] bridge0: port 1(bridge_slave_0) entered blocking state
[  115.842406][   T36] bridge0: port 1(bridge_slave_0) entered forwarding state
[  115.925825][ T1133] bridge0: port 2(bridge_slave_1) entered blocking state
[  115.933027][ T1133] bridge0: port 2(bridge_slave_1) entered forwarding state
[  116.016609][ T5840] 8021q: adding VLAN 0 to HW filter on device bond0
[  116.052939][ T5831] 8021q: adding VLAN 0 to HW filter on device bond0
[  116.072080][ T5839] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[  116.235416][ T5831] 8021q: adding VLAN 0 to HW filter on device team0
[  116.280389][ T5840] 8021q: adding VLAN 0 to HW filter on device team0
[  116.300509][   T12] bridge0: port 1(bridge_slave_0) entered blocking state
[  116.307943][   T12] bridge0: port 1(bridge_slave_0) entered forwarding state
[  116.330992][   T12] bridge0: port 2(bridge_slave_1) entered blocking state
[  116.338244][   T12] bridge0: port 2(bridge_slave_1) entered forwarding state
[  116.389823][   T12] bridge0: port 1(bridge_slave_0) entered blocking state
[  116.397089][   T12] bridge0: port 1(bridge_slave_0) entered forwarding state
[  116.454949][   T12] bridge0: port 2(bridge_slave_1) entered blocking state
[  116.462150][   T12] bridge0: port 2(bridge_slave_1) entered forwarding state
[  116.530070][ T5832] 8021q: adding VLAN 0 to HW filter on device bond0
[  116.752192][ T5838] 8021q: adding VLAN 0 to HW filter on device batadv0
[  116.830346][ T5832] 8021q: adding VLAN 0 to HW filter on device team0
[  116.939438][   T13] bridge0: port 1(bridge_slave_0) entered blocking state
[  116.946713][   T13] bridge0: port 1(bridge_slave_0) entered forwarding state
[  117.016922][   T13] bridge0: port 2(bridge_slave_1) entered blocking state
[  117.024282][   T13] bridge0: port 2(bridge_slave_1) entered forwarding state
[  117.086684][ T5839] 8021q: adding VLAN 0 to HW filter on device batadv0
[  117.124887][ T5838] veth0_vlan: entered promiscuous mode
[  117.211288][ T5838] veth1_vlan: entered promiscuous mode
[  117.245244][ T5841] 8021q: adding VLAN 0 to HW filter on device batadv0
[  117.424543][ T5854] Bluetooth: hci2: command tx timeout
[  117.430028][ T5854] Bluetooth: hci3: command tx timeout
[  117.436018][ T5842] Bluetooth: hci5: command tx timeout
[  117.467085][ T5838] veth0_macvtap: entered promiscuous mode
[  117.506427][ T5854] Bluetooth: hci4: command tx timeout
[  117.511918][ T5854] Bluetooth: hci1: command tx timeout
[  117.517448][ T5842] Bluetooth: hci0: command tx timeout
[  117.532172][ T5831] 8021q: adding VLAN 0 to HW filter on device batadv0
[  117.589114][ T5838] veth1_macvtap: entered promiscuous mode
[  117.687187][ T5841] veth0_vlan: entered promiscuous mode
[  117.800554][ T5838] batman_adv: batadv0: Interface activated: batadv_slave_0
[  117.828191][ T5841] veth1_vlan: entered promiscuous mode
[  117.858758][ T5838] batman_adv: batadv0: Interface activated: batadv_slave_1
[  117.932818][ T5838] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  117.945122][ T5838] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  117.954200][ T5838] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  117.962966][ T5838] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  117.981682][ T5840] 8021q: adding VLAN 0 to HW filter on device batadv0
[  118.084990][ T5831] veth0_vlan: entered promiscuous mode
[  118.162683][ T5832] 8021q: adding VLAN 0 to HW filter on device batadv0
[  118.201570][ T5841] veth0_macvtap: entered promiscuous mode
[  118.236156][ T5831] veth1_vlan: entered promiscuous mode
[  118.292091][ T5841] veth1_macvtap: entered promiscuous mode
[  118.306867][ T5840] veth0_vlan: entered promiscuous mode
[  118.380527][ T5841] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  118.397389][ T5841] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  118.409607][ T5841] batman_adv: batadv0: Interface activated: batadv_slave_0
[  118.427604][ T5841] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  118.439726][ T5841] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  118.451222][ T5841] batman_adv: batadv0: Interface activated: batadv_slave_1
[  118.487860][ T3449] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  118.497908][ T5840] veth1_vlan: entered promiscuous mode
[  118.510820][ T3449] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  118.530265][ T5839] veth0_vlan: entered promiscuous mode
[  118.591072][ T5841] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  118.600013][ T5841] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  118.609188][ T5841] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  118.620052][ T5841] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  118.663361][ T5831] veth0_macvtap: entered promiscuous mode
[  118.687691][   T12] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  118.697492][ T5831] veth1_macvtap: entered promiscuous mode
[  118.717460][   T12] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  118.734703][ T5839] veth1_vlan: entered promiscuous mode
[  118.831943][ T5831] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  118.850296][ T5831] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  118.860305][ T5831] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  118.871289][ T5831] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  118.884467][ T5831] batman_adv: batadv0: Interface activated: batadv_slave_0
[  118.930923][ T5838] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality.
[  118.951105][ T5831] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  118.971678][ T5831] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  118.984872][ T5831] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  118.997165][ T5831] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  119.009062][ T5831] batman_adv: batadv0: Interface activated: batadv_slave_1
[  119.063217][ T5831] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  119.078619][ T5831] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  119.087971][ T5831] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  119.102852][ T5831] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  119.163856][    T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!!
[  119.198368][    T0] NOHZ tick-stop error: local softirq work is pending, handler #40!!!
[  119.459862][ T3449] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  119.503406][ T3449] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  119.710434][    T0] NOHZ tick-stop error: local softirq work is pending, handler #40!!!
[  119.812879][    T0] NOHZ tick-stop error: local softirq work is pending, handler #40!!!
[  119.915197][    T0] NOHZ tick-stop error: local softirq work is pending, handler #40!!!
[  120.129730][ T5839] veth0_macvtap: entered promiscuous mode
[  120.140343][ T5839] veth1_macvtap: entered promiscuous mode
[  120.167903][ T5839] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  120.211978][ T5839] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  120.263059][ T5839] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  120.279872][ T5839] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  120.290303][ T5839] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  120.307611][ T5839] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  120.337429][ T5839] batman_adv: batadv0: Interface activated: batadv_slave_0
[  120.411936][ T5840] veth0_macvtap: entered promiscuous mode
[  120.422688][ T3449] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  120.443617][ T3449] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  120.464776][ T5944] netlink: 36 bytes leftover after parsing attributes in process `syz.0.8'.
[  120.476504][ T5944] netlink: 16 bytes leftover after parsing attributes in process `syz.0.8'.
[  120.485802][ T5944] netlink: 36 bytes leftover after parsing attributes in process `syz.0.8'.
[  120.495686][ T5944] netlink: 36 bytes leftover after parsing attributes in process `syz.0.8'.
[  120.506428][ T5839] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  120.522144][ T5839] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  120.535113][ T5839] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  120.549857][ T5839] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  120.565663][ T5839] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  120.579150][ T5839] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  120.595217][ T5839] batman_adv: batadv0: Interface activated: batadv_slave_1
[  120.605682][ T5840] veth1_macvtap: entered promiscuous mode
[  120.698423][ T5839] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  120.708593][ T5839] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  120.718386][ T5839] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  120.727799][ T5839] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  120.961769][ T5840] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  120.995743][ T5948] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2'.
[  121.037377][ T5840] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  121.050494][ T5840] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  121.065555][ T5840] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  121.075926][ T5840] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  121.086983][ T5840] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  121.116386][ T5840] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  121.161357][ T5950] loop0: detected capacity change from 0 to 8
[  121.186084][ T5950] MTD: Attempt to mount non-MTD device "/dev/loop0"
[  121.264495][ T5950] process 'syz.0.9' launched './file2' with NULL argv: empty string added
[  121.275972][ T5950] cramfs: Error -5 while decompressing!
[  121.281733][ T5950] cramfs: ffffffff9ac00b28(26)->ffff88806ca1d000(4096)
[  121.288896][ T5950] cramfs: Error -3 while decompressing!
[  121.294538][ T5950] cramfs: ffffffff9ac00b42(26)->ffff88806ca1e000(4096)
[  121.301562][ T5950] cramfs: Error -3 while decompressing!
[  121.307243][ T5950] cramfs: ffffffff9ac00b5c(16)->ffff88806ca1f000(4096)
[  121.315282][ T5950] cramfs: Error -5 while decompressing!
[  121.320946][ T5950] cramfs: ffffffff9ac00b28(26)->ffff88806ca1d000(4096)
[  121.430336][ T5951] netlink: 12 bytes leftover after parsing attributes in process `syz.1.2'.
[  121.824029][ T5840] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  121.863642][ T5858] udevd[5858]: incorrect cramfs checksum on /dev/loop0
[  121.872738][ T5840] batman_adv: batadv0: Interface activated: batadv_slave_0
[  122.047454][   T62] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  122.071893][   T62] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  122.117330][ T5832] veth0_vlan: entered promiscuous mode
[  122.207724][ T5840] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  122.237602][ T5840] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  122.268210][ T5840] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  122.289590][ T5840] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  122.300258][ T5840] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  122.311333][ T5840] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  122.321680][ T5840] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  122.332612][ T5840] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  122.350557][ T5840] batman_adv: batadv0: Interface activated: batadv_slave_1
[  122.380721][ T5832] veth1_vlan: entered promiscuous mode
[  122.414447][ T5840] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  122.423249][ T5840] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  122.460040][ T5840] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  122.472132][ T5840] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  122.524980][   T12] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  122.532863][   T12] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  123.161349][ T1133] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  123.545362][ T1133] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  123.760193][ T3529] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  123.791112][ T5832] veth0_macvtap: entered promiscuous mode
[  123.797171][ T3529] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  123.888816][   T30] audit: type=1326 audit(1746676836.924:2): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5964 comm="syz.1.13" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f982858e969 code=0x0
[  123.935529][ T5832] veth1_macvtap: entered promiscuous mode
[  124.029505][   T13] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  124.040878][   T13] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  124.298947][ T5832] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  124.338010][ T5832] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  124.358081][ T5832] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  124.387725][ T5832] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  124.404154][ T5972] evm: overlay not supported
[  124.411308][ T5832] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  124.427041][ T5832] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  124.437599][ T5832] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  124.440584][ T5972] overlayfs: failed to get inode (-116)
[  124.453222][ T5832] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  124.454913][ T5972] overlayfs: failed to get inode (-116)
[  124.470688][ T5972] overlayfs: failed to get inode (-116)
[  124.475923][ T5832] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  124.483014][ T5972] overlayfs: failed to get inode (-116)
[  124.513583][ T5832] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  124.527422][ T5832] batman_adv: batadv0: Interface activated: batadv_slave_0
[  124.551745][ T5971] warning: `syz.4.5' uses wireless extensions which will stop working for Wi-Fi 7 hardware; use nl80211
[  124.646260][ T5832] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  124.680641][ T5979] capability: warning: `syz.2.15' uses 32-bit capabilities (legacy support in use)
[  124.700514][ T5832] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  124.716839][ T5832] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  124.749570][ T5832] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  124.760053][ T5832] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  124.770973][ T5832] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  124.781226][ T5832] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  124.793377][ T5832] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  124.832424][ T5832] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  124.865417][ T5832] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  124.892316][ T5832] batman_adv: batadv0: Interface activated: batadv_slave_1
[  124.915264][ T5832] netdevsim netdevsim5 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  124.925619][   T36] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  124.934426][ T5832] netdevsim netdevsim5 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  124.944162][   T36] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  124.978028][ T5832] netdevsim netdevsim5 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  125.063587][ T5832] netdevsim netdevsim5 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  126.303768][    T0] NOHZ tick-stop error: local softirq work is pending, handler #08!!!
[  126.572275][    T0] NOHZ tick-stop error: local softirq work is pending, handler #40!!!
[  127.509912][ T3438] wlan1: Trigger new scan to find an IBSS to join
[  127.833976][ T5996] loop4: detected capacity change from 0 to 16
[  127.850047][ T5996] erofs: Unknown parameter './file0'
[  128.313001][    T0] NOHZ tick-stop error: local softirq work is pending, handler #40!!!
[  128.464313][    T0] NOHZ tick-stop error: local softirq work is pending, handler #08!!!
[  128.517767][    T0] NOHZ tick-stop error: local softirq work is pending, handler #100!!!
[  128.593607][ T3449] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  128.601533][ T3449] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  128.979778][ T6006] xt_CONNSECMARK: only valid in 'mangle' or 'security' table, not 'raw'
[  130.878952][ T1133] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  130.982958][ T1133] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  131.373206][ T6014] loop2: detected capacity change from 0 to 47
[  131.389646][ T6014] =======================================================
[  131.389646][ T6014] WARNING: The mand mount option has been deprecated and
[  131.389646][ T6014]          and is ignored by this kernel. Remove the mand
[  131.389646][ T6014]          option from the mount to silence this warning.
[  131.389646][ T6014] =======================================================
[  132.384500][   T62] wlan1: Trigger new scan to find an IBSS to join
[  133.249902][   T30] audit: type=1326 audit(1746676846.294:3): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6025 comm="syz.3.29" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f15d498e969 code=0x7ffc0000
[  133.855262][ T6027] loop3: detected capacity change from 0 to 65536
[  133.908546][   T30] audit: type=1326 audit(1746676846.344:4): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6025 comm="syz.3.29" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f15d498e969 code=0x7ffc0000
[  133.958535][ T6027] XFS (loop3): Mounting V5 Filesystem d6f69dbd-8c5d-46be-b88e-92c0ae88ceb2
[  133.970310][   T30] audit: type=1326 audit(1746676846.364:5): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6025 comm="syz.3.29" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f15d498e969 code=0x7ffc0000
[  133.999325][ T3466] wlan1: Creating new IBSS network, BSSID 00:00:00:8d:00:00
[  134.023585][   T30] audit: type=1326 audit(1746676846.364:6): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6025 comm="syz.3.29" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f15d498e969 code=0x7ffc0000
[  134.111297][   T30] audit: type=1326 audit(1746676846.364:7): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6025 comm="syz.3.29" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f15d498e969 code=0x7ffc0000
[  134.133746][   T30] audit: type=1326 audit(1746676846.384:8): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6025 comm="syz.3.29" exe="/root/syz-executor" sig=0 arch=c000003e syscall=2 compat=0 ip=0x7f15d498e969 code=0x7ffc0000
[  134.159251][   T30] audit: type=1326 audit(1746676846.384:9): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6025 comm="syz.3.29" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f15d498e969 code=0x7ffc0000
[  134.183121][   T30] audit: type=1326 audit(1746676846.394:10): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6025 comm="syz.3.29" exe="/root/syz-executor" sig=0 arch=c000003e syscall=302 compat=0 ip=0x7f15d498e969 code=0x7ffc0000
[  134.305259][ T6027] XFS (loop3): Ending clean mount
[  134.312845][ T6027] XFS (loop3): Unmounting Filesystem d6f69dbd-8c5d-46be-b88e-92c0ae88ceb2
[  134.314965][   T30] audit: type=1326 audit(1746676846.394:11): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6025 comm="syz.3.29" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f15d498e969 code=0x7ffc0000
[  134.447423][   T30] audit: type=1326 audit(1746676846.394:12): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6025 comm="syz.3.29" exe="/root/syz-executor" sig=0 arch=c000003e syscall=144 compat=0 ip=0x7f15d498e969 code=0x7ffc0000
[  136.892452][ T6066] UDPLite6: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list
[  137.086973][ T6064] IPVS: set_ctl: invalid protocol: 12 172.20.20.13:20004
[  137.280849][ T6079] netlink: 24 bytes leftover after parsing attributes in process `syz.3.41'.
[  138.061409][ T6087] capability: warning: `syz.1.42' uses deprecated v2 capabilities in a way that may be insecure
[  139.654303][   T30] kauditd_printk_skb: 29 callbacks suppressed
[  139.654332][   T30] audit: type=1804 audit(1746676852.694:42): pid=6122 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.2.54" name="file0" dev="ramfs" ino=8674 res=1 errno=0
[  141.223674][ T6135] loop3: detected capacity change from 0 to 512
[  142.144916][ T6135] EXT4-fs: Ignoring removed i_version option
[  142.472753][ T6135] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  142.631455][ T1293] ieee802154 phy0 wpan0: encryption failed: -22
[  142.639106][ T1293] ieee802154 phy1 wpan1: encryption failed: -22
[  142.705404][   T10] libceph: connect (1)[c::]:6789 error -101
[  142.715243][   T10] libceph: mon0 (1)[c::]:6789 connect error
[  142.737773][ T6147] ceph: No mds server is up or the cluster is laggy
[  142.821049][ T6135] overlayfs: missing 'lowerdir'
[  143.230984][ T6166] binder_alloc: 6157: binder_alloc_buf size 16408 failed, no address space
[  143.259628][ T6166] binder_alloc: allocated: 8 (num: 1 largest: 8), free: 12280 (num: 1 largest: 12280)
[  143.482328][ T6154] loop4: detected capacity change from 0 to 4096
[  143.683640][ T5840] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  143.796805][ T6154] NILFS (loop4): invalid segment: Checksum error in segment payload
[  143.869332][ T6154] NILFS (loop4): trying rollback from an earlier position
[  144.126772][ T6154] NILFS (loop4): recovery complete
[  144.202248][ T6174] NILFS (loop4): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
[  145.784729][ T5834] usb 1-1: new high-speed USB device number 2 using dummy_hcd
[  146.033440][ T5834] usb 1-1: Using ep0 maxpacket: 32
[  146.083596][ T5834] usb 1-1: config index 0 descriptor too short (expected 35577, got 27)
[  146.092239][ T5834] usb 1-1: config 1 has too many interfaces: 92, using maximum allowed: 32
[  146.173598][ T5834] usb 1-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  146.219175][ T5834] usb 1-1: config 1 has 1 interface, different from the descriptor's value: 92
[  146.273375][ T5834] usb 1-1: config 1 has no interface number 0
[  146.279568][ T5834] usb 1-1: New USB device found, idVendor=0e41, idProduct=5051, bcdDevice=d5.e8
[  146.370998][ T5834] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  146.468993][ T6193] netlink: 'syz.3.72': attribute type 12 has an invalid length.
[  146.501230][ T5834] snd_usb_pod 1-1:1.1: Line 6 Pocket POD found
[  146.726581][ T6199] netlink: 'syz.2.74': attribute type 27 has an invalid length.
[  146.765832][ T5834] snd_usb_pod 1-1:1.1: set_interface failed
[  146.870386][ T5834] snd_usb_pod 1-1:1.1: Line 6 Pocket POD now disconnected
[  146.906496][ T5834] snd_usb_pod 1-1:1.1: probe with driver snd_usb_pod failed with error -71
[  147.028227][ T5834] usb 1-1: USB disconnect, device number 2
[  148.382593][ T6199] bridge0: port 2(bridge_slave_1) entered disabled state
[  148.391670][ T6199] bridge0: port 1(bridge_slave_0) entered disabled state
[  149.072468][ T6199] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  149.135434][ T6199] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  151.538130][ T6224] loop0: detected capacity change from 0 to 512
[  151.655783][ T6224] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  151.673707][ T6224] ext4 filesystem being mounted at /18/bus supports timestamps until 2038-01-19 (0x7fffffff)
[  151.877486][ T6224] netlink: 12 bytes leftover after parsing attributes in process `syz.0.82'.
[  152.061560][ T6199] netdevsim netdevsim2 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0
[  152.110903][ T6199] netdevsim netdevsim2 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0
[  152.152943][ T6199] netdevsim netdevsim2 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0
[  152.185344][ T6199] netdevsim netdevsim2 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0
[  152.220699][ T5838] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  153.999323][ T6202] 8021q: adding VLAN 0 to HW filter on device bond0
[  154.086029][ T6202] 8021q: adding VLAN 0 to HW filter on device team0
[  154.183097][ T6202] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.
[  154.755016][ T6256] loop5: detected capacity change from 0 to 512
[  155.499218][ T6256] EXT4-fs (loop5): couldn't mount as ext2 due to feature incompatibilities
[  155.916909][ T6261] loop4: detected capacity change from 0 to 8
[  156.023122][ T6261] SQUASHFS error: lzo decompression failed, data probably corrupt
[  156.098086][ T6261] SQUASHFS error: Failed to read block 0x91: -5
[  156.126938][ T6261] SQUASHFS error: Unable to read metadata cache entry [8f]
[  156.182579][ T6261] SQUASHFS error: Unable to read inode 0x11f
[  157.770004][ T6274] netlink: 'syz.4.97': attribute type 4 has an invalid length.
[  157.830934][ T6277] netlink: 'syz.4.97': attribute type 4 has an invalid length.
[  158.055237][ T5809] usb 3-1: new high-speed USB device number 2 using dummy_hcd
[  158.507977][ T5809] usb 3-1: Using ep0 maxpacket: 16
[  158.704957][ T5854] Bluetooth: hci0: Controller not accepting commands anymore: ncmd = 0
[  158.713664][ T5854] Bluetooth: hci0: Injecting HCI hardware error event
[  158.722180][ T5842] Bluetooth: hci0: hardware error 0x00
[  159.630841][ T6284] loop1: detected capacity change from 0 to 40427
[  159.731199][ T5809] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x84 has invalid wMaxPacketSize 0
[  159.886989][ T6284] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e5
[  160.093603][ T5809] usb 3-1: New USB device found, idVendor=2040, idProduct=0264, bcdDevice=4e.d1
[  160.102784][ T5809] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  160.111276][ T5809] usb 3-1: Product: syz
[  160.117222][ T5809] usb 3-1: Manufacturer: syz
[  160.121868][ T5809] usb 3-1: SerialNumber: syz
[  160.222352][ T5841] syz-executor: attempt to access beyond end of device
[  160.222352][ T5841] loop1: rw=2049, sector=45096, nr_sectors = 8 limit=40427
[  160.244827][ T5841] CPU: 1 UID: 0 PID: 5841 Comm: syz-executor Not tainted 6.15.0-rc5-syzkaller-00043-gd76bb1ebb558 #0 PREEMPT(full) 
[  160.244881][ T5841] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/29/2025
[  160.244903][ T5841] Call Trace:
[  160.244915][ T5841]  <TASK>
[  160.244928][ T5841]  dump_stack_lvl+0x16c/0x1f0
[  160.244989][ T5841]  f2fs_handle_critical_error+0x621/0x9f0
[  160.245039][ T5841]  ? srso_alias_return_thunk+0x5/0xfbef5
[  160.245084][ T5841]  ? __asan_memset+0x23/0x50
[  160.245131][ T5841]  ? srso_alias_return_thunk+0x5/0xfbef5
[  160.245189][ T5841]  f2fs_write_end_io+0x73d/0xac0
[  160.245246][ T5841]  ? __pfx_f2fs_write_end_io+0x10/0x10
[  160.245306][ T5841]  ? srso_alias_return_thunk+0x5/0xfbef5
[  160.245362][ T5841]  ? __pfx_f2fs_write_end_io+0x10/0x10
[  160.245414][ T5841]  bio_endio+0x6d2/0x810
[  160.245455][ T5841]  submit_bio_noacct+0x56d/0x1ec0
[  160.245516][ T5841]  __submit_merged_bio+0x33c/0x770
[  160.245576][ T5841]  __submit_merged_write_cond+0x319/0x3f0
[  160.245643][ T5841]  f2fs_write_cache_pages+0x2139/0x2680
[  160.245735][ T5841]  ? __pfx_f2fs_write_cache_pages+0x10/0x10
[  160.245805][ T5841]  ? srso_alias_return_thunk+0x5/0xfbef5
[  160.245851][ T5841]  ? __lock_acquire+0x5ca/0x1ba0
[  160.245912][ T5841]  ? srso_alias_return_thunk+0x5/0xfbef5
[  160.245957][ T5841]  ? __kasan_check_byte+0x13/0x50
[  160.246015][ T5841]  ? srso_alias_return_thunk+0x5/0xfbef5
[  160.246063][ T5841]  ? srso_alias_return_thunk+0x5/0xfbef5
[  160.246108][ T5841]  ? rcu_is_watching+0x12/0xc0
[  160.246152][ T5841]  ? srso_alias_return_thunk+0x5/0xfbef5
[  160.246199][ T5841]  ? srso_alias_return_thunk+0x5/0xfbef5
[  160.246265][ T5841]  ? __pfx_stack_trace_consume_entry+0x10/0x10
[  160.246383][ T5841]  ? srso_alias_return_thunk+0x5/0xfbef5
[  160.246429][ T5841]  ? add_lock_to_list+0x9d/0x130
[  160.246485][ T5841]  ? srso_alias_return_thunk+0x5/0xfbef5
[  160.246539][ T5841]  f2fs_write_data_pages+0x4ad/0xd90
[  160.246610][ T5841]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[  160.246684][ T5841]  ? srso_alias_return_thunk+0x5/0xfbef5
[  160.246734][ T5841]  ? srso_alias_return_thunk+0x5/0xfbef5
[  160.246786][ T5841]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[  160.246850][ T5841]  do_writepages+0x1b5/0x820
[  160.246911][ T5841]  ? __pfx_do_writepages+0x10/0x10
[  160.246963][ T5841]  ? srso_alias_return_thunk+0x5/0xfbef5
[  160.247011][ T5841]  ? srso_alias_return_thunk+0x5/0xfbef5
[  160.247056][ T5841]  ? do_raw_spin_lock+0x12c/0x2b0
[  160.247093][ T5841]  ? srso_alias_return_thunk+0x5/0xfbef5
[  160.247138][ T5841]  ? find_held_lock+0x2b/0x80
[  160.247185][ T5841]  ? srso_alias_return_thunk+0x5/0xfbef5
[  160.247235][ T5841]  ? srso_alias_return_thunk+0x5/0xfbef5
[  160.247280][ T5841]  ? do_raw_spin_unlock+0x172/0x230
[  160.247320][ T5841]  ? srso_alias_return_thunk+0x5/0xfbef5
[  160.247374][ T5841]  filemap_fdatawrite_wbc+0x104/0x160
[  160.247426][ T5841]  ? stack_trace_save+0x8e/0xc0
[  160.247474][ T5841]  __filemap_fdatawrite_range+0xb2/0xf0
[  160.247539][ T5841]  ? __pfx___filemap_fdatawrite_range+0x10/0x10
[  160.247603][ T5841]  ? check_path.constprop.0+0x24/0x50
[  160.247714][ T5841]  ? find_held_lock+0x2b/0x80
[  160.247766][ T5841]  ? srso_alias_return_thunk+0x5/0xfbef5
[  160.247813][ T5841]  ? do_raw_spin_unlock+0x172/0x230
[  160.247853][ T5841]  ? srso_alias_return_thunk+0x5/0xfbef5
[  160.247906][ T5841]  f2fs_sync_dirty_inodes+0x2a9/0x990
[  160.247993][ T5841]  block_operations+0x2a3/0xfd0
[  160.248070][ T5841]  ? __pfx_block_operations+0x10/0x10
[  160.248130][ T5841]  ? add_lock_to_list+0x9d/0x130
[  160.248238][ T5841]  ? srso_alias_return_thunk+0x5/0xfbef5
[  160.248281][ T5841]  ? down_write+0x14d/0x200
[  160.248339][ T5841]  ? __pfx_down_write+0x10/0x10
[  160.248397][ T5841]  ? srso_alias_return_thunk+0x5/0xfbef5
[  160.248440][ T5841]  ? rcu_is_watching+0x12/0xc0
[  160.248490][ T5841]  f2fs_write_checkpoint+0x2b8/0x45b0
[  160.248533][ T5841]  ? srso_alias_return_thunk+0x5/0xfbef5
[  160.248577][ T5841]  ? kfree+0x2b6/0x4d0
[  160.248618][ T5841]  ? srso_alias_return_thunk+0x5/0xfbef5
[  160.248667][ T5841]  ? srso_alias_return_thunk+0x5/0xfbef5
[  160.248711][ T5841]  ? rcu_is_watching+0x12/0xc0
[  160.248753][ T5841]  ? srso_alias_return_thunk+0x5/0xfbef5
[  160.248806][ T5841]  ? kthread_stop+0x273/0x650
[  160.248872][ T5841]  kill_f2fs_super+0x3c2/0x470
[  160.248910][ T5841]  ? __pfx_kill_f2fs_super+0x10/0x10
[  160.248944][ T5841]  ? lockdep_hardirqs_on+0x7c/0x110
[  160.249016][ T5841]  deactivate_locked_super+0xc1/0x1a0
[  160.249064][ T5841]  deactivate_super+0xde/0x100
[  160.249112][ T5841]  cleanup_mnt+0x225/0x450
[  160.249164][ T5841]  task_work_run+0x150/0x240
[  160.249205][ T5841]  ? __pfx_task_work_run+0x10/0x10
[  160.249241][ T5841]  ? srso_alias_return_thunk+0x5/0xfbef5
[  160.249289][ T5841]  ? __pfx___x64_sys_umount+0x10/0x10
[  160.249353][ T5841]  syscall_exit_to_user_mode+0x27b/0x2a0
[  160.249410][ T5841]  do_syscall_64+0xda/0x260
[  160.249469][ T5841]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  160.249507][ T5841] RIP: 0033:0x7f982858fc97
[  160.249533][ T5841] Code: a8 ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 0f 1f 44 00 00 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 a8 ff ff ff f7 d8 64 89 02 b8
[  160.249569][ T5841] RSP: 002b:00007ffd24a2b788 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6
[  160.249603][ T5841] RAX: 0000000000000000 RBX: 00007f982861089d RCX: 00007f982858fc97
[  160.249627][ T5841] RDX: 0000000000000000 RSI: 0000000000000009 RDI: 00007ffd24a2b840
[  160.249649][ T5841] RBP: 00007ffd24a2b840 R08: 0000000000000000 R09: 0000000000000000
[  160.249671][ T5841] R10: 00000000ffffffff R11: 0000000000000246 R12: 00007ffd24a2c8d0
[  160.249694][ T5841] R13: 00007f982861089d R14: 000000000002709a R15: 00007ffd24a2c910
[  160.249744][ T5841]  </TASK>
[  160.249761][ T5841] F2FS-fs (loop1): Stopped filesystem due to reason: 3
[  160.853404][ T5809] usb 3-1: config 0 descriptor??
[  161.174313][ T5809] usb 3-1: can't set config #0, error -71
[  161.243050][ T5809] usb 3-1: USB disconnect, device number 2
[  161.273059][ T6295] netlink: 'syz.0.102': attribute type 39 has an invalid length.
[  161.511132][ T6299] loop2: detected capacity change from 0 to 2048
[  161.632851][ T6299] EXT4-fs error (device loop2): __ext4_iget:5025: inode #2: block 127754: comm syz.2.103: invalid block
[  161.838793][ T6299] EXT4-fs (loop2): get root inode failed
[  161.906677][ T6299] EXT4-fs (loop2): mount failed
[  162.233886][ T5842] Bluetooth: hci0: Opcode 0x0c03 failed: -110
[  162.721839][   T30] audit: type=1326 audit(1746676875.724:43): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6308 comm="syz.5.106" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fe2d718e969 code=0x0
[  164.056340][   T12] wlan1: No active IBSS STAs - trying to scan for other IBSS networks with same SSID (merge)
[  164.148070][ T6321] loop0: detected capacity change from 0 to 8192
[  164.503907][ T6342] loop2: detected capacity change from 0 to 512
[  167.737543][ T6342] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  168.302700][ T6342] ext4 filesystem being mounted at /20/bus supports timestamps until 2038-01-19 (0x7fffffff)
[  168.666628][ T5831] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  168.873471][ T6377] loop2: detected capacity change from 0 to 16
[  168.890021][ T6377] erofs (device loop2): cannot find valid erofs superblock
[  173.136467][ T6419] loop2: detected capacity change from 0 to 1024
[  173.200976][ T6419] Quota error (device loop2): do_check_range: Getting block 64 out of range 1-5
[  173.230902][ T6419] Quota error (device loop2): qtree_read_dquot: Can't read quota structure for id 0
[  173.262761][ T6419] EXT4-fs error (device loop2): ext4_acquire_dquot:6933: comm syz.2.136: Failed to acquire dquot type 0
[  173.551494][ T6419] EXT4-fs error (device loop2): mb_free_blocks:1945: group 0, inode 13: block 144:freeing already freed block (bit 9); block bitmap corrupt.
[  173.642485][ T6419] EXT4-fs error (device loop2): ext4_do_update_inode:5211: inode #13: comm syz.2.136: corrupted inode contents
[  173.714819][ T6419] EXT4-fs error (device loop2): ext4_dirty_inode:6103: inode #13: comm syz.2.136: mark_inode_dirty error
[  173.785185][ T6419] EXT4-fs error (device loop2): ext4_do_update_inode:5211: inode #13: comm syz.2.136: corrupted inode contents
[  173.848180][ T6419] EXT4-fs error (device loop2): __ext4_ext_dirty:207: inode #13: comm syz.2.136: mark_inode_dirty error
[  173.914871][ T6419] EXT4-fs error (device loop2): ext4_do_update_inode:5211: inode #13: comm syz.2.136: corrupted inode contents
[  173.953659][ T6429] syz.4.140(6429): Attempt to set a LOCK_MAND lock via flock(2). This support has been removed and the request ignored.
[  173.962643][ T6419] EXT4-fs error (device loop2) in ext4_orphan_del:305: Corrupt filesystem
[  174.040918][ T6419] EXT4-fs error (device loop2): ext4_do_update_inode:5211: inode #13: comm syz.2.136: corrupted inode contents
[  174.193775][ T6419] EXT4-fs error (device loop2): ext4_truncate:4255: inode #13: comm syz.2.136: mark_inode_dirty error
[  174.237173][ T6419] EXT4-fs error (device loop2) in ext4_process_orphan:347: Corrupt filesystem
[  174.258671][ T6419] EXT4-fs (loop2): 1 truncate cleaned up
[  174.389244][ T6419] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  175.280765][ T6419] Quota error (device loop2): do_check_range: Getting block 64 out of range 1-5
[  175.306187][ T6419] Quota error (device loop2): qtree_read_dquot: Can't read quota structure for id 0
[  175.423607][ T6419] EXT4-fs error (device loop2): ext4_acquire_dquot:6933: comm syz.2.136: Failed to acquire dquot type 0
[  175.865711][   T30] audit: type=1326 audit(1746676888.904:44): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6444 comm="syz.0.143" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f228ab8e969 code=0x0
[  178.629546][ T5831] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  178.663021][ T6453] bridge0: port 3(macsec0) entered blocking state
[  178.673508][ T6456] orangefs_mount: mount request failed with -4
[  178.683985][ T6453] bridge0: port 3(macsec0) entered disabled state
[  178.731703][ T6453] macsec0: entered allmulticast mode
[  178.745763][ T6453] veth1_macvtap: entered allmulticast mode
[  178.799815][ T6453] macsec0: entered promiscuous mode
[  178.822014][ T6453] bridge0: port 3(macsec0) entered blocking state
[  178.828708][ T6453] bridge0: port 3(macsec0) entered forwarding state
[  179.683538][ T6467] loop4: detected capacity change from 0 to 128
[  179.762058][ T6467] EXT4-fs (loop4): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none.
[  179.813957][ T6467] ext4 filesystem being mounted at /29/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  180.001381][ T6478] netlink: 240 bytes leftover after parsing attributes in process `syz.2.148'.
[  181.391374][ T6487] netlink: 4 bytes leftover after parsing attributes in process `syz.1.153'.
[  183.376123][ T6503] loop5: detected capacity change from 0 to 512
[  183.679314][ T6504] loop0: detected capacity change from 0 to 32768
[  183.735954][ T6503] EXT4-fs (loop5): feature flags set on rev 0 fs, running e2fsck is recommended
[  183.796306][ T6503] EXT4-fs (loop5): mounting ext2 file system using the ext4 subsystem
[  183.844613][ T6504] bcachefs (da441363-bb6a-4ab9-999b-c1f40db4fee2): Using encoding defined by superblock: utf8-12.1.0
[  183.878155][ T6504] bcachefs (loop0): starting version 1.7: mi_btree_bitmap opts=errors=continue,metadata_checksum=none,data_checksum=none,compression=lz4,nocow
[  183.878155][ T6504]   allowing incompatible features above 0.0: (unknown version)
[  183.900682][ T6504] bcachefs (loop0): initializing new filesystem
[  183.909120][ T6504] bcachefs (loop0): going read-write
[  183.983744][ T6504] bcachefs (loop0): marking superblocks
[  184.008183][ T6504] bcachefs (loop0): initializing freespace
[  184.016091][ T6504] bcachefs (loop0): done initializing freespace
[  184.027296][ T6504] bcachefs (loop0): reading snapshots table
[  184.033279][ T6504] bcachefs (loop0): reading snapshots done
[  184.083498][ T6504] bcachefs (loop0): done starting filesystem
[  184.109346][ T6503] EXT4-fs (loop5): warning: checktime reached, running e2fsck is recommended
[  184.165736][ T6503] [EXT4 FS bs=4096, gc=1, bpg=32768, ipg=32, mo=a042c01c, mo2=0002]
[  184.216939][ T6503] System zones: 0-2, 18-18, 34-34
[  184.333418][ T6503] EXT4-fs warning (device loop5): ext4_update_dynamic_rev:1129: updating to rev 1 because of new feature flag, running e2fsck is recommended
[  184.464233][ T6503] EXT4-fs (loop5): 1 truncate cleaned up
[  184.475893][ T6503] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  184.675822][ T5839] EXT4-fs (loop4): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09.
[  184.741880][ T6504] syz.0.159 (6504) used greatest stack depth: 17352 bytes left
[  184.934877][ T5838] bcachefs (loop0): shutting down
[  184.942427][ T5838] bcachefs (loop0): going read-only
[  184.967850][ T5838] bcachefs (loop0): finished waiting for writes to stop
[  185.123641][ T5838] bcachefs (loop0): flushing journal and stopping allocators, journal seq 3
[  185.203648][ T5898] usb 6-1: new full-speed USB device number 2 using dummy_hcd
[  185.351542][ T5838] bcachefs (loop0): flushing journal and stopping allocators complete, journal seq 3
[  185.404240][ T5898] usb 6-1: config 1 has 2 interfaces, different from the descriptor's value: 3
[  185.424603][ T5838] bcachefs (loop0): clean shutdown complete, journal seq 4
[  185.440592][ T5898] usb 6-1: config 1 has no interface number 1
[  185.447376][ T5898] usb 6-1: config 1 interface 2 altsetting 1 endpoint 0x82 has an invalid bInterval 0, changing to 4
[  185.473927][ T6531] loop3: detected capacity change from 0 to 2048
[  185.528341][ T5838] bcachefs (loop0): marking filesystem clean
[  185.534613][ T5898] usb 6-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[  185.563777][ T6531] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000)
[  185.593210][ T5898] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  185.614292][ T6534] loop4: detected capacity change from 0 to 512
[  185.621609][ T5898] usb 6-1: Product: syz
[  185.637192][ T5898] usb 6-1: Manufacturer: syz
[  185.641844][ T5898] usb 6-1: SerialNumber: syz
[  185.698598][ T6534] EXT4-fs (loop4): orphan cleanup on readonly fs
[  185.796886][ T5838] bcachefs (loop0): shutdown complete
[  185.813767][ T6534] EXT4-fs error (device loop4): ext4_orphan_get:1417: comm syz.4.166: bad orphan inode 13
[  185.886309][ T6534] ext4_test_bit(bit=12, block=18) = 1
[  185.891750][ T6534] is_bad_inode(inode)=0
[  185.922470][ T5898] usb 6-1: 2:1 : no UAC_FORMAT_TYPE desc
[  185.930735][ T6534] NEXT_ORPHAN(inode)=2130706432
[  185.946713][ T6534] max_ino=32
[  185.949966][ T6534] i_nlink=1
[  185.956067][ T6534] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback.
[  186.031282][ T6534] EXT4-fs (loop4): warning: mounting fs with errors, running e2fsck is recommended
[  186.054943][ T5898] usb 6-1: USB disconnect, device number 2
[  186.194736][ T6534] EXT4-fs (loop4): re-mounted 00000000-0000-0000-0000-000000000000 r/w.
[  186.217465][ T5858] udevd[5858]: setting mode of /dev/snd/controlC3 to 020660 failed: No such file or directory
[  186.253960][ T5858] udevd[5858]: setting owner of /dev/snd/controlC3 to uid=0, gid=29 failed: No such file or directory
[  186.298347][ T6531] UDF-fs: warning (device loop3): udf_truncate_tail_extent: Too long extent after EOF in inode 1436: i_size: 68800 lbcount: 69632 extent 259+2560
[  186.413463][ T5840] UDF-fs: warning (device loop3): udf_evict_inode: Inode 1436 (mode 100000) has inode size 68800 different from extent length 69632. Filesystem need not be standards compliant.
[  186.835903][ T5832] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  186.843473][ T5898] IPVS: starting estimator thread 0...
[  187.003487][ T6547] IPVS: using max 22 ests per chain, 52800 per kthread
[  187.037530][ T6550] syzkaller0: entered promiscuous mode
[  187.043068][ T6550] syzkaller0: entered allmulticast mode
[  189.167869][ T6567] loop5: detected capacity change from 0 to 512
[  189.279058][ T6567] EXT4-fs: Quota format mount options ignored when QUOTA feature is enabled
[  189.382691][ T6567] [EXT4 FS bs=4096, gc=1, bpg=32768, ipg=32, mo=a842c11c, mo2=0002]
[  189.395695][ T6567] System zones: 0-2, 18-18, 34-34
[  189.423544][ T6047] usb 2-1: new high-speed USB device number 2 using dummy_hcd
[  189.544556][ T6567] EXT4-fs error (device loop5): ext4_validate_block_bitmap:440: comm syz.5.175: bg 0: block 248: padding at end of block bitmap is not set
[  189.879082][ T6047] usb 2-1: Using ep0 maxpacket: 8
[  189.996158][ T6519] EXT4-fs error (device loop4): ext4_validate_block_bitmap:440: comm ext4lazyinit: bg 0: block 248: padding at end of block bitmap is not set
[  190.024014][ T6567] Quota error (device loop5): write_blk: dquota write failed
[  190.052444][ T6567] Quota error (device loop5): qtree_write_dquot: Error -117 occurred while creating quota
[  190.066606][ T6047] usb 2-1: config 0 has no interfaces?
[  190.083477][ T6047] usb 2-1: New USB device found, idVendor=07c0, idProduct=1505, bcdDevice=b8.c5
[  190.097239][ T6047] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  190.113365][ T6047] usb 2-1: Product: syz
[  190.117639][ T6567] EXT4-fs error (device loop5): ext4_acquire_dquot:6933: comm syz.5.175: Failed to acquire dquot type 1
[  190.133784][ T6047] usb 2-1: Manufacturer: syz
[  190.138421][ T6047] usb 2-1: SerialNumber: syz
[  190.208606][ T6047] usb 2-1: config 0 descriptor??
[  190.225058][ T6567] EXT4-fs (loop5): 1 truncate cleaned up
[  190.232896][ T6567] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  190.293511][ T6567] ext4 filesystem being mounted at /20/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  190.331165][ T5839] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  190.607788][ T6566] delete_channel: no stack
[  190.891216][ T5834] usb 2-1: USB disconnect, device number 2
[  191.723133][ T5832] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  191.743617][   T36] Quota error (device loop5): do_check_range: Getting block 0 out of range 1-5
[  191.753023][   T36] EXT4-fs error (device loop5): ext4_release_dquot:6969: comm kworker/u8:2: Failed to release dquot type 1
[  192.158373][ T6587] program syz.5.180 is using a deprecated SCSI ioctl, please convert it to SG_IO
[  196.884074][ T6618] loop2: detected capacity change from 0 to 512
[  198.182529][ T3449] wlan1: No active IBSS STAs - trying to scan for other IBSS networks with same SSID (merge)
[  198.373932][ T6618] EXT4-fs (loop2): orphan cleanup on readonly fs
[  198.408733][ T6618] EXT4-fs error (device loop2): ext4_orphan_get:1417: comm syz.2.191: bad orphan inode 13
[  198.529810][ T6618] ext4_test_bit(bit=12, block=18) = 1
[  198.577877][ T6618] is_bad_inode(inode)=0
[  198.642328][ T6618] NEXT_ORPHAN(inode)=2130706432
[  198.753566][ T6618] max_ino=32
[  198.779061][ T6618] i_nlink=1
[  199.019090][ T6618] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback.
[  199.153830][ T6047] usb 6-1: new high-speed USB device number 3 using dummy_hcd
[  199.633592][    C0] vcan0: j1939_tp_rxtimer: 0xffff8880332b3000: rx timeout, send abort
[  199.644161][    C0] vcan0: j1939_tp_rxtimer: 0xffff88807dbc6400: rx timeout, send abort
[  199.655284][ T6618] EXT4-fs (loop2): warning: mounting fs with errors, running e2fsck is recommended
[  199.726012][ T6047] usb 6-1: Using ep0 maxpacket: 8
[  199.781078][ T6047] usb 6-1: config 0 has no interfaces?
[  199.922910][ T6642] program syz.3.197 is using a deprecated SCSI ioctl, please convert it to SG_IO
[  200.144897][    C0] vcan0: j1939_tp_rxtimer: 0xffff8880332b3000: abort rx timeout. Force session deactivation
[  200.161508][    C0] vcan0: j1939_tp_rxtimer: 0xffff88807dbc6400: abort rx timeout. Force session deactivation
[  200.323660][ T6047] usb 6-1: New USB device found, idVendor=07c0, idProduct=1505, bcdDevice=b8.c5
[  200.349568][ T6047] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  200.393835][ T6618] EXT4-fs (loop2): re-mounted 00000000-0000-0000-0000-000000000000 r/w.
[  200.417048][ T6047] usb 6-1: Product: syz
[  200.421247][ T6047] usb 6-1: Manufacturer: syz
[  200.431246][ T6047] usb 6-1: SerialNumber: syz
[  200.462842][ T6047] usb 6-1: config 0 descriptor??
[  201.717633][ T6632] delete_channel: no stack
[  201.755553][ T5845] usb 6-1: USB disconnect, device number 3
[  202.055715][ T5831] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  202.448354][   T30] audit: type=1800 audit(1746676915.494:45): pid=6663 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.0.200" name="bus" dev="fuse" ino=0 res=0 errno=0
[  202.553734][ T6670] xt_CT: You must specify a L4 protocol and not use inversions on it
[  203.997834][ T1293] ieee802154 phy0 wpan0: encryption failed: -22
[  204.068631][ T1293] ieee802154 phy1 wpan1: encryption failed: -22
[  205.048130][ T6685] loop2: detected capacity change from 0 to 256
[  208.285255][ T6715] netfs: Couldn't get user pages (rc=-14)
[  210.091212][ T6726] netlink: 4 bytes leftover after parsing attributes in process `syz.2.220'.
[  210.203940][ T6726] netlink: 12 bytes leftover after parsing attributes in process `syz.2.220'.
[  211.633520][ T6047] usb 4-1: new high-speed USB device number 2 using dummy_hcd
[  211.833568][ T6047] usb 4-1: Using ep0 maxpacket: 8
[  211.852706][ T6047] usb 4-1: config 0 has no interfaces?
[  211.892122][ T6047] usb 4-1: New USB device found, idVendor=07c0, idProduct=1505, bcdDevice=b8.c5
[  211.962583][ T6047] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  212.059047][ T6047] usb 4-1: Product: syz
[  212.129522][ T6047] usb 4-1: Manufacturer: syz
[  212.207610][ T6047] usb 4-1: SerialNumber: syz
[  213.034961][ T6747] netlink: 'syz.5.225': attribute type 27 has an invalid length.
[  213.053171][ T6047] usb 4-1: config 0 descriptor??
[  213.424021][ T6735] delete_channel: no stack
[  213.460161][ T6747] bridge0: port 2(bridge_slave_1) entered disabled state
[  213.468549][ T6747] bridge0: port 1(bridge_slave_0) entered disabled state
[  213.497952][ T5809] usb 4-1: USB disconnect, device number 2
[  213.598388][   T30] audit: type=1800 audit(1746676926.644:46): pid=6754 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.1.229" name="/" dev="9p" ino=2 res=0 errno=0
[  215.776821][ T6770] loop3: detected capacity change from 0 to 8
[  215.829056][ T6770] MTD: Attempt to mount non-MTD device "/dev/loop3"
[  215.912029][ T5858] udevd[5858]: incorrect cramfs checksum on /dev/loop3
[  216.447988][ T6777] cramfs: Error -3 while decompressing!
[  216.453750][ T6777] cramfs: ffffffff9ac04b28(26)->ffff88804f797000(4096)
[  216.460935][ T6777] cramfs: bad data blocksize 3489655184
[  216.467311][ T6777] cramfs: Error -3 while decompressing!
[  216.472962][ T6777] cramfs: ffffffff9ac04b28(26)->ffff88804f797000(4096)
[  218.312708][ T6747] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  219.258548][ T6747] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  221.272525][ T6795] loop1: detected capacity change from 0 to 1024
[  221.316909][ T6795] EXT4-fs (loop1): ext4_check_descriptors: Inode bitmap for group 0 overlaps superblock
[  221.337429][ T6795] EXT4-fs (loop1): ext4_check_descriptors: Checksum for group 0 failed (42840!=20869)
[  221.953534][ T6795] EXT4-fs (loop1): stripe (65535) is not aligned with cluster size (16), stripe is disabled
[  222.260006][ T6747] netdevsim netdevsim5 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0
[  222.273764][ T6795] EXT4-fs error (device loop1): ext4_get_journal_inode:5798: inode #5: comm syz.1.238: casefold flag without casefold feature
[  222.297907][ T6747] netdevsim netdevsim5 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0
[  223.254815][ T6795] EXT4-fs (loop1): no journal found
[  223.261872][ T6747] netdevsim netdevsim5 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0
[  223.392792][ T6747] netdevsim netdevsim5 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0
[  224.656507][ T6808] syz.4.244 (6808): attempted to duplicate a private mapping with mremap.  This is not supported.
[  224.747298][ T6812] loop3: detected capacity change from 0 to 256
[  225.646735][ T6748] 8021q: adding VLAN 0 to HW filter on device bond0
[  225.686713][ T6748] 8021q: adding VLAN 0 to HW filter on device team0
[  225.770507][ T6748] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.
[  226.053603][ T5898] usb 5-1: new high-speed USB device number 2 using dummy_hcd
[  226.354500][ T6824] loop2: detected capacity change from 0 to 64
[  227.293441][ T5898] usb 5-1: Using ep0 maxpacket: 8
[  227.325215][ T5898] usb 5-1: config 0 has no interfaces?
[  227.395153][ T5898] usb 5-1: New USB device found, idVendor=07c0, idProduct=1505, bcdDevice=b8.c5
[  227.436883][ T5898] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  227.473614][ T5898] usb 5-1: Product: syz
[  227.477856][ T5898] usb 5-1: Manufacturer: syz
[  227.552601][ T5898] usb 5-1: SerialNumber: syz
[  227.648538][ T5898] usb 5-1: config 0 descriptor??
[  228.882316][ T6840] loop2: detected capacity change from 0 to 1024
[  228.944125][ T6840] EXT4-fs (loop2): couldn't mount as ext3 due to feature incompatibilities
[  229.522573][ T5845] usb 5-1: USB disconnect, device number 2
[  230.840361][   T36] wlan1: No active IBSS STAs - trying to scan for other IBSS networks with same SSID (merge)
[  231.673730][ T5853] Bluetooth: hci2: command 0x0406 tx timeout
[  231.679980][ T5853] Bluetooth: hci5: command 0x0406 tx timeout
[  231.708953][ T5853] Bluetooth: hci1: command 0x0406 tx timeout
[  231.715284][ T5850] Bluetooth: hci4: command 0x0406 tx timeout
[  231.715344][ T5850] Bluetooth: hci3: command 0x0406 tx timeout
[  235.821148][ T6870] loop1: detected capacity change from 0 to 8
[  236.110644][ T6870] SQUASHFS error: lzo decompression failed, data probably corrupt
[  236.196897][ T6870] SQUASHFS error: Failed to read block 0x91: -5
[  236.273472][ T6870] SQUASHFS error: Unable to read metadata cache entry [8f]
[  236.305986][ T6870] SQUASHFS error: Unable to read inode 0x11f
[  236.450765][ T6880] loop0: detected capacity change from 0 to 16
[  236.576098][ T6880] erofs (device loop0): mounted with root inode @ nid 36.
[  236.666826][ T6880] erofs (device loop0): readahead error at folio 2 @ nid 89
[  236.884160][ T5854] erofs (device loop0): failed to decompress -5 in[4096, 0] out[8192]
[  236.895462][ T6880] erofs (device loop0): failed to decompress -5 in[4096, 0] out[8192]
[  236.950731][ T6880] erofs (device loop0): read error -117 @ 0 of nid 89
[  237.005576][   T30] audit: type=1800 audit(1746676950.034:47): pid=6880 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.0.268" name="file2" dev="loop0" ino=89 res=0 errno=0
[  237.023823][ T6886] erofs (device loop0): failed to decompress -5 in[4096, 0] out[8192]
[  237.043660][ T6886] erofs (device loop0): read error -117 @ 0 of nid 89
[  237.296691][   T30] audit: type=1800 audit(1746676950.224:48): pid=6886 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.0.268" name="file3" dev="loop0" ino=89 res=0 errno=0
[  239.766153][ T6901] loop2: detected capacity change from 0 to 2048
[  239.953915][ T6901] NILFS (loop2): broken superblock, retrying with spare superblock (blocksize = 1024)
[  240.539846][ T6908] NILFS (loop2): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
[  241.951783][ T6922] loop3: detected capacity change from 0 to 16
[  241.971260][ T6922] erofs (device loop3): mounted with root inode @ nid 36.
[  242.098057][ T6925] netlink: 4 bytes leftover after parsing attributes in process `syz.4.281'.
[  246.345884][ T6945] loop0: detected capacity change from 0 to 64
[  247.752716][ T6950] netlink: 1276 bytes leftover after parsing attributes in process `syz.2.285'.
[  252.096427][ T6988] loop2: detected capacity change from 0 to 256
[  253.346235][ T7007] netfs: Couldn't get user pages (rc=-14)
[  253.726274][ T7002] orangefs_mount: mount request failed with -4
[  258.157068][ T7031] netlink: 'syz.5.310': attribute type 12 has an invalid length.
[  258.641259][ T7037] loop4: detected capacity change from 0 to 256
[  258.750928][ T7037] exfat: Unknown parameter 'ÿÿÿÿÿÿÿÿ'
[  260.784471][ T7050] loop0: detected capacity change from 0 to 256
[  261.540583][ T7050] exFAT-fs (loop0): failed to load upcase table (idx : 0x0000fd4f, chksum : 0x3963664b, utbl_chksum : 0xe619d30d)
[  262.069637][ T7060] netfs: Couldn't get user pages (rc=-14)
[  264.684554][ T6734] wlan1: No active IBSS STAs - trying to scan for other IBSS networks with same SSID (merge)
[  264.971851][ T3466] ==================================================================
[  264.980003][ T3466] BUG: KASAN: slab-out-of-bounds in iov_iter_revert+0x443/0x5a0
[  264.987822][ T3466] Read of size 4 at addr ffff8880307a4678 by task kworker/u8:9/3466
[  264.995845][ T3466] 
[  264.998193][ T3466] CPU: 0 UID: 0 PID: 3466 Comm: kworker/u8:9 Not tainted 6.15.0-rc5-syzkaller-00043-gd76bb1ebb558 #0 PREEMPT(full) 
[  264.998242][ T3466] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/29/2025
[  264.998267][ T3466] Workqueue: events_unbound netfs_write_collection_worker
[  264.998338][ T3466] Call Trace:
[  264.998349][ T3466]  <TASK>
[  264.998363][ T3466]  dump_stack_lvl+0x116/0x1f0
[  264.998419][ T3466]  print_report+0xc3/0x670
[  264.998475][ T3466]  ? srso_alias_return_thunk+0x5/0xfbef5
[  264.998522][ T3466]  ? srso_alias_return_thunk+0x5/0xfbef5
[  264.998567][ T3466]  ? __phys_addr+0xc6/0x150
[  264.998621][ T3466]  ? iov_iter_revert+0x443/0x5a0
[  264.998675][ T3466]  kasan_report+0xe0/0x110
[  264.998733][ T3466]  ? iov_iter_revert+0x443/0x5a0
[  264.998808][ T3466]  iov_iter_revert+0x443/0x5a0
[  264.998866][ T3466]  netfs_retry_writes+0x166d/0x1a50
[  264.998908][ T3466]  ? srso_alias_return_thunk+0x5/0xfbef5
[  264.998953][ T3466]  ? ieee80211_ibss_work+0xdb/0x1480
[  264.999000][ T3466]  ? srso_alias_return_thunk+0x5/0xfbef5
[  264.999045][ T3466]  ? __lock_acquire+0xaa4/0x1ba0
[  264.999106][ T3466]  ? __pfx_netfs_retry_writes+0x10/0x10
[  264.999149][ T3466]  ? srso_alias_return_thunk+0x5/0xfbef5
[  264.999194][ T3466]  ? register_lock_class+0x41/0x4c0
[  264.999253][ T3466]  ? srso_alias_return_thunk+0x5/0xfbef5
[  264.999299][ T3466]  ? do_raw_spin_lock+0x12c/0x2b0
[  264.999338][ T3466]  ? srso_alias_return_thunk+0x5/0xfbef5
[  264.999387][ T3466]  netfs_write_collection_worker+0x23fd/0x3830
[  264.999478][ T3466]  process_one_work+0x9cf/0x1b70
[  264.999526][ T3466]  ? __pfx_netfs_write_collection_worker+0x10/0x10
[  264.999593][ T3466]  ? __pfx_process_one_work+0x10/0x10
[  264.999632][ T3466]  ? srso_alias_return_thunk+0x5/0xfbef5
[  264.999684][ T3466]  ? srso_alias_return_thunk+0x5/0xfbef5
[  264.999729][ T3466]  ? assign_work+0x1a0/0x250
[  264.999765][ T3466]  worker_thread+0x6c8/0xf10
[  264.999820][ T3466]  ? __pfx_worker_thread+0x10/0x10
[  264.999859][ T3466]  kthread+0x3c5/0x780
[  264.999893][ T3466]  ? __pfx_kthread+0x10/0x10
[  264.999925][ T3466]  ? __pfx_kthread+0x10/0x10
[  264.999958][ T3466]  ? __pfx_kthread+0x10/0x10
[  264.999990][ T3466]  ? __pfx_kthread+0x10/0x10
[  265.000022][ T3466]  ? srso_alias_return_thunk+0x5/0xfbef5
[  265.000067][ T3466]  ? rcu_is_watching+0x12/0xc0
[  265.000112][ T3466]  ? __pfx_kthread+0x10/0x10
[  265.000146][ T3466]  ret_from_fork+0x48/0x80
[  265.000182][ T3466]  ? __pfx_kthread+0x10/0x10
[  265.000216][ T3466]  ret_from_fork_asm+0x1a/0x30
[  265.000285][ T3466]  </TASK>
[  265.000297][ T3466] 
[  265.243515][ T3466] Allocated by task 970:
[  265.247771][ T3466]  kasan_save_stack+0x33/0x60
[  265.252497][ T3466]  kasan_save_track+0x14/0x30
[  265.257221][ T3466]  __kasan_kmalloc+0xaa/0xb0
[  265.261875][ T3466]  nsim_fib6_rt_nh_add+0x4a/0x290
[  265.266942][ T3466]  nsim_fib_event_work+0x196a/0x2e80
[  265.272267][ T3466]  process_one_work+0x9cf/0x1b70
[  265.277226][ T3466]  worker_thread+0x6c8/0xf10
[  265.281837][ T3466]  kthread+0x3c5/0x780
[  265.285918][ T3466]  ret_from_fork+0x48/0x80
[  265.290346][ T3466]  ret_from_fork_asm+0x1a/0x30
[  265.295171][ T3466] 
[  265.297497][ T3466] The buggy address belongs to the object at ffff8880307a4640
[  265.297497][ T3466]  which belongs to the cache kmalloc-32 of size 32
[  265.311410][ T3466] The buggy address is located 32 bytes to the right of
[  265.311410][ T3466]  allocated 24-byte region [ffff8880307a4640, ffff8880307a4658)
[  265.326027][ T3466] 
[  265.328358][ T3466] The buggy address belongs to the physical page:
[  265.334804][ T3466] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0xffff8880307a4fc0 pfn:0x307a4
[  265.344890][ T3466] flags: 0xfff00000000200(workingset|node=0|zone=1|lastcpupid=0x7ff)
[  265.352975][ T3466] page_type: f5(slab)
[  265.356975][ T3466] raw: 00fff00000000200 ffff88801b441780 ffffea0000c9f9d0 ffffea0001f01990
[  265.365589][ T3466] raw: ffff8880307a4fc0 0000000000400038 00000000f5000000 0000000000000000
[  265.374189][ T3466] page dumped because: kasan: bad access detected
[  265.380608][ T3466] page_owner tracks the page as allocated
[  265.386416][ T3466] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x52800(GFP_NOWAIT|__GFP_NORETRY|__GFP_COMP), pid 5741, tgid 5741 (dhcpcd-run-hook), ts 89207943594, free_ts 89206634714
[  265.404866][ T3466]  post_alloc_hook+0x181/0x1b0
[  265.409665][ T3466]  get_page_from_freelist+0x135c/0x3920
[  265.415326][ T3466]  __alloc_frozen_pages_noprof+0x263/0x23a0
[  265.421364][ T3466]  alloc_pages_mpol+0x1fb/0x550
[  265.426260][ T3466]  new_slab+0x244/0x340
[  265.430463][ T3466]  ___slab_alloc+0xd9c/0x1940
[  265.435198][ T3466]  __slab_alloc.constprop.0+0x56/0xb0
[  265.440606][ T3466]  __kmalloc_cache_noprof+0xfb/0x3e0
[  265.445925][ T3466]  kmem_cache_free+0x148/0x4d0
[  265.450720][ T3466]  exit_mmap+0x511/0xb90
[  265.454990][ T3466]  __mmput+0x12a/0x410
[  265.459091][ T3466]  mmput+0x62/0x70
[  265.462832][ T3466]  do_exit+0x9d1/0x2c30
[  265.467019][ T3466]  do_group_exit+0xd3/0x2a0
[  265.471555][ T3466]  __x64_sys_exit_group+0x3e/0x50
[  265.476620][ T3466]  x64_sys_call+0x1530/0x1730
[  265.481335][ T3466] page last free pid 5741 tgid 5741 stack trace:
[  265.487670][ T3466]  __free_frozen_pages+0x69d/0xff0
[  265.492817][ T3466]  tlb_finish_mmu+0x237/0x7b0
[  265.497529][ T3466]  exit_mmap+0x403/0xb90
[  265.501800][ T3466]  __mmput+0x12a/0x410
[  265.505898][ T3466]  mmput+0x62/0x70
[  265.509644][ T3466]  do_exit+0x9d1/0x2c30
[  265.513832][ T3466]  do_group_exit+0xd3/0x2a0
[  265.518371][ T3466]  __x64_sys_exit_group+0x3e/0x50
[  265.523432][ T3466]  x64_sys_call+0x1530/0x1730
[  265.528147][ T3466]  do_syscall_64+0xcd/0x260
[  265.532699][ T3466]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  265.538627][ T3466] 
[  265.540965][ T3466] Memory state around the buggy address:
[  265.546602][ T3466]  ffff8880307a4500: 00 00 00 00 fc fc fc fc fa fb fb fb fc fc fc fc
[  265.554681][ T3466]  ffff8880307a4580: fa fb fb fb fc fc fc fc fa fb fb fb fc fc fc fc
[  265.562755][ T3466] >ffff8880307a4600: 00 00 00 00 fc fc fc fc 00 00 00 fc fc fc fc fc
[  265.570829][ T3466]                                                                 ^
[  265.578825][ T3466]  ffff8880307a4680: 00 00 00 00 fc fc fc fc 00 00 00 00 fc fc fc fc
[  265.586901][ T3466]  ffff8880307a4700: 00 00 00 00 fc fc fc fc 00 00 00 00 fc fc fc fc
[  265.594968][ T3466] ==================================================================
[  265.635252][ T1293] ieee802154 phy0 wpan0: encryption failed: -22
[  265.641582][ T3466] Disabling lock debugging due to kernel taint
[  265.641634][ T1293] ieee802154 phy1 wpan1: encryption failed: -22
[  265.648045][ T3466] ==================================================================
[  265.662100][ T3466] BUG: KASAN: slab-out-of-bounds in iov_iter_revert+0x521/0x5a0
[  265.669807][ T3466] Read of size 4 at addr ffff8880307a4668 by task kworker/u8:9/3466
[  265.677826][ T3466] 
[  265.680181][ T3466] CPU: 0 UID: 0 PID: 3466 Comm: kworker/u8:9 Tainted: G    B               6.15.0-rc5-syzkaller-00043-gd76bb1ebb558 #0 PREEMPT(full) 
[  265.680243][ T3466] Tainted: [B]=BAD_PAGE
[  265.680256][ T3466] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/29/2025
[  265.680281][ T3466] Workqueue: events_unbound netfs_write_collection_worker
[  265.680351][ T3466] Call Trace:
[  265.680363][ T3466]  <TASK>
[  265.680376][ T3466]  dump_stack_lvl+0x116/0x1f0
[  265.680431][ T3466]  print_report+0xc3/0x670
[  265.680487][ T3466]  ? srso_alias_return_thunk+0x5/0xfbef5
[  265.680534][ T3466]  ? srso_alias_return_thunk+0x5/0xfbef5
[  265.680579][ T3466]  ? __phys_addr+0xc6/0x150
[  265.680634][ T3466]  ? iov_iter_revert+0x521/0x5a0
[  265.680689][ T3466]  kasan_report+0xe0/0x110
[  265.680748][ T3466]  ? iov_iter_revert+0x521/0x5a0
[  265.680814][ T3466]  iov_iter_revert+0x521/0x5a0
[  265.680872][ T3466]  netfs_retry_writes+0x166d/0x1a50
[  265.680914][ T3466]  ? srso_alias_return_thunk+0x5/0xfbef5
[  265.680961][ T3466]  ? ieee80211_ibss_work+0xdb/0x1480
[  265.681008][ T3466]  ? srso_alias_return_thunk+0x5/0xfbef5
[  265.681053][ T3466]  ? __lock_acquire+0xaa4/0x1ba0
[  265.681114][ T3466]  ? __pfx_netfs_retry_writes+0x10/0x10
[  265.681158][ T3466]  ? srso_alias_return_thunk+0x5/0xfbef5
[  265.681204][ T3466]  ? register_lock_class+0x41/0x4c0
[  265.681262][ T3466]  ? srso_alias_return_thunk+0x5/0xfbef5
[  265.681307][ T3466]  ? do_raw_spin_lock+0x12c/0x2b0
[  265.681345][ T3466]  ? srso_alias_return_thunk+0x5/0xfbef5
[  265.681394][ T3466]  netfs_write_collection_worker+0x23fd/0x3830
[  265.681481][ T3466]  process_one_work+0x9cf/0x1b70
[  265.681529][ T3466]  ? __pfx_netfs_write_collection_worker+0x10/0x10
[  265.681596][ T3466]  ? __pfx_process_one_work+0x10/0x10
[  265.681637][ T3466]  ? srso_alias_return_thunk+0x5/0xfbef5
[  265.681689][ T3466]  ? srso_alias_return_thunk+0x5/0xfbef5
[  265.681734][ T3466]  ? assign_work+0x1a0/0x250
[  265.681771][ T3466]  worker_thread+0x6c8/0xf10
[  265.681827][ T3466]  ? __pfx_worker_thread+0x10/0x10
[  265.681866][ T3466]  kthread+0x3c5/0x780
[  265.681901][ T3466]  ? __pfx_kthread+0x10/0x10
[  265.681934][ T3466]  ? __pfx_kthread+0x10/0x10
[  265.681966][ T3466]  ? __pfx_kthread+0x10/0x10
[  265.682000][ T3466]  ? __pfx_kthread+0x10/0x10
[  265.682032][ T3466]  ? srso_alias_return_thunk+0x5/0xfbef5
[  265.682078][ T3466]  ? rcu_is_watching+0x12/0xc0
[  265.682123][ T3466]  ? __pfx_kthread+0x10/0x10
[  265.682158][ T3466]  ret_from_fork+0x48/0x80
[  265.682194][ T3466]  ? __pfx_kthread+0x10/0x10
[  265.682227][ T3466]  ret_from_fork_asm+0x1a/0x30
[  265.682294][ T3466]  </TASK>
[  265.682307][ T3466] 
[  265.931078][ T3466] Allocated by task 970:
[  265.935325][ T3466]  kasan_save_stack+0x33/0x60
[  265.940060][ T3466]  kasan_save_track+0x14/0x30
[  265.944778][ T3466]  __kasan_kmalloc+0xaa/0xb0
[  265.949406][ T3466]  nsim_fib6_rt_nh_add+0x4a/0x290
[  265.954468][ T3466]  nsim_fib_event_work+0x196a/0x2e80
[  265.959795][ T3466]  process_one_work+0x9cf/0x1b70
[  265.964758][ T3466]  worker_thread+0x6c8/0xf10
[  265.969378][ T3466]  kthread+0x3c5/0x780
[  265.973459][ T3466]  ret_from_fork+0x48/0x80
[  265.977913][ T3466]  ret_from_fork_asm+0x1a/0x30
[  265.982717][ T3466] 
[  265.985051][ T3466] The buggy address belongs to the object at ffff8880307a4640
[  265.985051][ T3466]  which belongs to the cache kmalloc-32 of size 32
[  265.998948][ T3466] The buggy address is located 16 bytes to the right of
[  265.998948][ T3466]  allocated 24-byte region [ffff8880307a4640, ffff8880307a4658)
[  266.013470][ T3466] 
[  266.015803][ T3466] The buggy address belongs to the physical page:
[  266.022209][ T3466] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0xffff8880307a4fc0 pfn:0x307a4
[  266.032293][ T3466] flags: 0xfff00000000200(workingset|node=0|zone=1|lastcpupid=0x7ff)
[  266.040414][ T3466] page_type: f5(slab)
[  266.044596][ T3466] raw: 00fff00000000200 ffff88801b441780 ffffea0000c9f9d0 ffffea0001f01990
[  266.053208][ T3466] raw: ffff8880307a4fc0 0000000000400038 00000000f5000000 0000000000000000
[  266.061815][ T3466] page dumped because: kasan: bad access detected
[  266.068240][ T3466] page_owner tracks the page as allocated
[  266.073960][ T3466] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x52800(GFP_NOWAIT|__GFP_NORETRY|__GFP_COMP), pid 5741, tgid 5741 (dhcpcd-run-hook), ts 89207943594, free_ts 89206634714
[  266.092405][ T3466]  post_alloc_hook+0x181/0x1b0
[  266.097211][ T3466]  get_page_from_freelist+0x135c/0x3920
[  266.102804][ T3466]  __alloc_frozen_pages_noprof+0x263/0x23a0
[  266.108745][ T3466]  alloc_pages_mpol+0x1fb/0x550
[  266.113647][ T3466]  new_slab+0x244/0x340
[  266.117845][ T3466]  ___slab_alloc+0xd9c/0x1940
[  266.122542][ T3466]  __slab_alloc.constprop.0+0x56/0xb0
[  266.127943][ T3466]  __kmalloc_cache_noprof+0xfb/0x3e0
[  266.133382][ T3466]  kmem_cache_free+0x148/0x4d0
[  266.138187][ T3466]  exit_mmap+0x511/0xb90
[  266.142458][ T3466]  __mmput+0x12a/0x410
[  266.146564][ T3466]  mmput+0x62/0x70
[  266.150308][ T3466]  do_exit+0x9d1/0x2c30
[  266.154496][ T3466]  do_group_exit+0xd3/0x2a0
[  266.159032][ T3466]  __x64_sys_exit_group+0x3e/0x50
[  266.164090][ T3466]  x64_sys_call+0x1530/0x1730
[  266.168804][ T3466] page last free pid 5741 tgid 5741 stack trace:
[  266.175132][ T3466]  __free_frozen_pages+0x69d/0xff0
[  266.180264][ T3466]  tlb_finish_mmu+0x237/0x7b0
[  266.184969][ T3466]  exit_mmap+0x403/0xb90
[  266.189231][ T3466]  __mmput+0x12a/0x410
[  266.193334][ T3466]  mmput+0x62/0x70
[  266.197089][ T3466]  do_exit+0x9d1/0x2c30
[  266.201288][ T3466]  do_group_exit+0xd3/0x2a0
[  266.205835][ T3466]  __x64_sys_exit_group+0x3e/0x50
[  266.210898][ T3466]  x64_sys_call+0x1530/0x1730
[  266.215610][ T3466]  do_syscall_64+0xcd/0x260
[  266.220144][ T3466]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  266.226055][ T3466] 
[  266.228379][ T3466] Memory state around the buggy address:
[  266.234011][ T3466]  ffff8880307a4500: 00 00 00 00 fc fc fc fc fa fb fb fb fc fc fc fc
[  266.242079][ T3466]  ffff8880307a4580: fa fb fb fb fc fc fc fc fa fb fb fb fc fc fc fc
[  266.250150][ T3466] >ffff8880307a4600: 00 00 00 00 fc fc fc fc 00 00 00 fc fc fc fc fc
[  266.258240][ T3466]                                                           ^
[  266.265734][ T3466]  ffff8880307a4680: 00 00 00 00 fc fc fc fc 00 00 00 00 fc fc fc fc
[  266.273808][ T3466]  ffff8880307a4700: 00 00 00 00 fc fc fc fc 00 00 00 00 fc fc fc fc
SYZFAIL: failed to recv rpc
fd=3 want=4 recv=0 n=0 (errno 9: Bad file descriptor)
[  266.281875][ T3466] ==================================================================
[  266.350987][ T3466] ==================================================================
[  266.359101][ T3466] BUG: KASAN: slab-out-of-bounds in iov_iter_revert+0x521/0x5a0
[  266.366774][ T3466] Read of size 4 at addr ffff8880307a4658 by task kworker/u8:9/3466
[  266.374763][ T3466] 
[  266.377100][ T3466] CPU: 1 UID: 0 PID: 3466 Comm: kworker/u8:9 Tainted: G    B               6.15.0-rc5-syzkaller-00043-gd76bb1ebb558 #0 PREEMPT(full) 
[  266.377153][ T3466] Tainted: [B]=BAD_PAGE
[  266.377164][ T3466] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/29/2025
[  266.377187][ T3466] Workqueue: events_unbound netfs_write_collection_worker
[  266.377249][ T3466] Call Trace:
[  266.377261][ T3466]  <TASK>
[  266.377273][ T3466]  dump_stack_lvl+0x116/0x1f0
[  266.377323][ T3466]  print_report+0xc3/0x670
[  266.377374][ T3466]  ? srso_alias_return_thunk+0x5/0xfbef5
[  266.377416][ T3466]  ? srso_alias_return_thunk+0x5/0xfbef5
[  266.377457][ T3466]  ? __phys_addr+0xc6/0x150
[  266.377505][ T3466]  ? iov_iter_revert+0x521/0x5a0
[  266.377558][ T3466]  kasan_report+0xe0/0x110
[  266.377610][ T3466]  ? iov_iter_revert+0x521/0x5a0
[  266.377664][ T3466]  iov_iter_revert+0x521/0x5a0
[  266.377717][ T3466]  netfs_retry_writes+0x166d/0x1a50
[  266.377754][ T3466]  ? srso_alias_return_thunk+0x5/0xfbef5
[  266.377795][ T3466]  ? ieee80211_ibss_work+0xdb/0x1480
[  266.377838][ T3466]  ? srso_alias_return_thunk+0x5/0xfbef5
[  266.377878][ T3466]  ? __lock_acquire+0xaa4/0x1ba0
[  266.377934][ T3466]  ? __pfx_netfs_retry_writes+0x10/0x10
[  266.377973][ T3466]  ? srso_alias_return_thunk+0x5/0xfbef5
[  266.378013][ T3466]  ? register_lock_class+0x41/0x4c0
[  266.378066][ T3466]  ? srso_alias_return_thunk+0x5/0xfbef5
[  266.378107][ T3466]  ? do_raw_spin_lock+0x12c/0x2b0
[  266.378142][ T3466]  ? srso_alias_return_thunk+0x5/0xfbef5
[  266.378186][ T3466]  netfs_write_collection_worker+0x23fd/0x3830
[  266.378266][ T3466]  process_one_work+0x9cf/0x1b70
[  266.378309][ T3466]  ? __pfx_netfs_write_collection_worker+0x10/0x10
[  266.378369][ T3466]  ? __pfx_process_one_work+0x10/0x10
[  266.378405][ T3466]  ? srso_alias_return_thunk+0x5/0xfbef5
[  266.378456][ T3466]  ? srso_alias_return_thunk+0x5/0xfbef5
[  266.378497][ T3466]  ? assign_work+0x1a0/0x250
[  266.378529][ T3466]  worker_thread+0x6c8/0xf10
[  266.378594][ T3466]  ? __pfx_worker_thread+0x10/0x10
[  266.378633][ T3466]  kthread+0x3c5/0x780
[  266.378664][ T3466]  ? __pfx_kthread+0x10/0x10
[  266.378692][ T3466]  ? __pfx_kthread+0x10/0x10
[  266.378722][ T3466]  ? __pfx_kthread+0x10/0x10
[  266.378751][ T3466]  ? __pfx_kthread+0x10/0x10
[  266.378779][ T3466]  ? srso_alias_return_thunk+0x5/0xfbef5
[  266.378820][ T3466]  ? rcu_is_watching+0x12/0xc0
[  266.378861][ T3466]  ? __pfx_kthread+0x10/0x10
[  266.378892][ T3466]  ret_from_fork+0x48/0x80
[  266.378924][ T3466]  ? __pfx_kthread+0x10/0x10
[  266.378954][ T3466]  ret_from_fork_asm+0x1a/0x30
[  266.379015][ T3466]  </TASK>
[  266.379026][ T3466] 
[  266.627710][ T3466] Allocated by task 970:
[  266.631951][ T3466]  kasan_save_stack+0x33/0x60
[  266.636658][ T3466]  kasan_save_track+0x14/0x30
[  266.641360][ T3466]  __kasan_kmalloc+0xaa/0xb0
[  266.645973][ T3466]  nsim_fib6_rt_nh_add+0x4a/0x290
[  266.651028][ T3466]  nsim_fib_event_work+0x196a/0x2e80
[  266.656357][ T3466]  process_one_work+0x9cf/0x1b70
[  266.661353][ T3466]  worker_thread+0x6c8/0xf10
[  266.665957][ T3466]  kthread+0x3c5/0x780
[  266.670035][ T3466]  ret_from_fork+0x48/0x80
[  266.674463][ T3466]  ret_from_fork_asm+0x1a/0x30
[  266.679261][ T3466] 
[  266.681579][ T3466] The buggy address belongs to the object at ffff8880307a4640
[  266.681579][ T3466]  which belongs to the cache kmalloc-32 of size 32
[  266.695464][ T3466] The buggy address is located 0 bytes to the right of
[  266.695464][ T3466]  allocated 24-byte region [ffff8880307a4640, ffff8880307a4658)
[  266.709898][ T3466] 
[  266.712220][ T3466] The buggy address belongs to the physical page:
[  266.718626][ T3466] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0xffff8880307a4fc0 pfn:0x307a4
[  266.728697][ T3466] flags: 0xfff00000000200(workingset|node=0|zone=1|lastcpupid=0x7ff)
[  266.736769][ T3466] page_type: f5(slab)
[  266.740760][ T3466] raw: 00fff00000000200 ffff88801b441780 ffffea0000c9f9d0 ffffea0001f01990
[  266.749374][ T3466] raw: ffff8880307a4fc0 0000000000400038 00000000f5000000 0000000000000000
[  266.757962][ T3466] page dumped because: kasan: bad access detected
[  266.764372][ T3466] page_owner tracks the page as allocated
[  266.770081][ T3466] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x52800(GFP_NOWAIT|__GFP_NORETRY|__GFP_COMP), pid 5741, tgid 5741 (dhcpcd-run-hook), ts 89207943594, free_ts 89206634714
[  266.788546][ T3466]  post_alloc_hook+0x181/0x1b0
[  266.793348][ T3466]  get_page_from_freelist+0x135c/0x3920
[  266.798928][ T3466]  __alloc_frozen_pages_noprof+0x263/0x23a0
[  266.804856][ T3466]  alloc_pages_mpol+0x1fb/0x550
[  266.809740][ T3466]  new_slab+0x244/0x340
[  266.813914][ T3466]  ___slab_alloc+0xd9c/0x1940
[  266.818642][ T3466]  __slab_alloc.constprop.0+0x56/0xb0
[  266.824035][ T3466]  __kmalloc_cache_noprof+0xfb/0x3e0
[  266.829345][ T3466]  kmem_cache_free+0x148/0x4d0
[  266.834223][ T3466]  exit_mmap+0x511/0xb90
[  266.838491][ T3466]  __mmput+0x12a/0x410
[  266.842589][ T3466]  mmput+0x62/0x70
[  266.846344][ T3466]  do_exit+0x9d1/0x2c30
[  266.850531][ T3466]  do_group_exit+0xd3/0x2a0
[  266.855066][ T3466]  __x64_sys_exit_group+0x3e/0x50
[  266.860125][ T3466]  x64_sys_call+0x1530/0x1730
[  266.864837][ T3466] page last free pid 5741 tgid 5741 stack trace:
[  266.871191][ T3466]  __free_frozen_pages+0x69d/0xff0
[  266.876357][ T3466]  tlb_finish_mmu+0x237/0x7b0
[  266.881058][ T3466]  exit_mmap+0x403/0xb90
[  266.885319][ T3466]  __mmput+0x12a/0x410
[  266.889423][ T3466]  mmput+0x62/0x70
[  266.893165][ T3466]  do_exit+0x9d1/0x2c30
[  266.897351][ T3466]  do_group_exit+0xd3/0x2a0
[  266.901886][ T3466]  __x64_sys_exit_group+0x3e/0x50
[  266.906943][ T3466]  x64_sys_call+0x1530/0x1730
[  266.911652][ T3466]  do_syscall_64+0xcd/0x260
[  266.916187][ T3466]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  266.922096][ T3466] 
[  266.924419][ T3466] Memory state around the buggy address:
[  266.930054][ T3466]  ffff8880307a4500: 00 00 00 00 fc fc fc fc fa fb fb fb fc fc fc fc
[  266.938124][ T3466]  ffff8880307a4580: fa fb fb fb fc fc fc fc fa fb fb fb fc fc fc fc
[  266.946193][ T3466] >ffff8880307a4600: 00 00 00 00 fc fc fc fc 00 00 00 fc fc fc fc fc
[  266.954288][ T3466]                                                     ^
[  266.961225][ T3466]  ffff8880307a4680: 00 00 00 00 fc fc fc fc 00 00 00 00 fc fc fc fc
[  266.969299][ T3466]  ffff8880307a4700: 00 00 00 00 fc fc fc fc 00 00 00 00 fc fc fc fc
[  266.977369][ T3466] ==================================================================
[  267.180972][ T3466] ==================================================================
[  267.189083][ T3466] BUG: KASAN: slab-out-of-bounds in iov_iter_advance+0x652/0x6c0
[  267.196853][ T3466] Read of size 4 at addr ffff8880307a4658 by task kworker/u8:9/3466
[  267.204855][ T3466] 
[  267.207198][ T3466] CPU: 0 UID: 0 PID: 3466 Comm: kworker/u8:9 Tainted: G    B               6.15.0-rc5-syzkaller-00043-gd76bb1ebb558 #0 PREEMPT(full) 
[  267.207250][ T3466] Tainted: [B]=BAD_PAGE
[  267.207263][ T3466] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/29/2025
[  267.207288][ T3466] Workqueue: events_unbound netfs_write_collection_worker
[  267.207351][ T3466] Call Trace:
[  267.207361][ T3466]  <TASK>
[  267.207373][ T3466]  dump_stack_lvl+0x116/0x1f0
[  267.207424][ T3466]  print_report+0xc3/0x670
[  267.207474][ T3466]  ? srso_alias_return_thunk+0x5/0xfbef5
[  267.207516][ T3466]  ? srso_alias_return_thunk+0x5/0xfbef5
[  267.207557][ T3466]  ? __phys_addr+0xc6/0x150
[  267.207607][ T3466]  ? iov_iter_advance+0x652/0x6c0
[  267.207656][ T3466]  kasan_report+0xe0/0x110
[  267.207709][ T3466]  ? iov_iter_advance+0x652/0x6c0
[  267.207764][ T3466]  iov_iter_advance+0x652/0x6c0
[  267.207821][ T3466]  netfs_reissue_write+0x13d/0x240
[  267.207856][ T3466]  netfs_retry_writes+0x168a/0x1a50
[  267.207894][ T3466]  ? srso_alias_return_thunk+0x5/0xfbef5
[  267.207935][ T3466]  ? ieee80211_ibss_work+0xdb/0x1480
[  267.207979][ T3466]  ? srso_alias_return_thunk+0x5/0xfbef5
[  267.208020][ T3466]  ? __lock_acquire+0xaa4/0x1ba0
[  267.208075][ T3466]  ? __pfx_netfs_retry_writes+0x10/0x10
[  267.208115][ T3466]  ? srso_alias_return_thunk+0x5/0xfbef5
[  267.208156][ T3466]  ? register_lock_class+0x41/0x4c0
[  267.208209][ T3466]  ? srso_alias_return_thunk+0x5/0xfbef5
[  267.208250][ T3466]  ? do_raw_spin_lock+0x12c/0x2b0
[  267.208287][ T3466]  ? srso_alias_return_thunk+0x5/0xfbef5
[  267.208332][ T3466]  netfs_write_collection_worker+0x23fd/0x3830
[  267.208414][ T3466]  process_one_work+0x9cf/0x1b70
[  267.208457][ T3466]  ? __pfx_netfs_write_collection_worker+0x10/0x10
[  267.208518][ T3466]  ? __pfx_process_one_work+0x10/0x10
[  267.208554][ T3466]  ? srso_alias_return_thunk+0x5/0xfbef5
[  267.208601][ T3466]  ? srso_alias_return_thunk+0x5/0xfbef5
[  267.208642][ T3466]  ? assign_work+0x1a0/0x250
[  267.208675][ T3466]  worker_thread+0x6c8/0xf10
[  267.208721][ T3466]  ? __pfx_worker_thread+0x10/0x10
[  267.208757][ T3466]  kthread+0x3c5/0x780
[  267.208788][ T3466]  ? __pfx_kthread+0x10/0x10
[  267.208822][ T3466]  ? __pfx_kthread+0x10/0x10
[  267.208851][ T3466]  ? __pfx_kthread+0x10/0x10
[  267.208881][ T3466]  ? __pfx_kthread+0x10/0x10
[  267.208910][ T3466]  ? srso_alias_return_thunk+0x5/0xfbef5
[  267.208951][ T3466]  ? rcu_is_watching+0x12/0xc0
[  267.208991][ T3466]  ? __pfx_kthread+0x10/0x10
[  267.209022][ T3466]  ret_from_fork+0x48/0x80
[  267.209054][ T3466]  ? __pfx_kthread+0x10/0x10
[  267.209084][ T3466]  ret_from_fork_asm+0x1a/0x30
[  267.209146][ T3466]  </TASK>
[  267.209157][ T3466] 
[  267.463035][ T3466] Allocated by task 970:
[  267.467284][ T3466]  kasan_save_stack+0x33/0x60
[  267.471997][ T3466]  kasan_save_track+0x14/0x30
[  267.476711][ T3466]  __kasan_kmalloc+0xaa/0xb0
[  267.481329][ T3466]  nsim_fib6_rt_nh_add+0x4a/0x290
[  267.486388][ T3466]  nsim_fib_event_work+0x196a/0x2e80
[  267.491708][ T3466]  process_one_work+0x9cf/0x1b70
[  267.496663][ T3466]  worker_thread+0x6c8/0xf10
[  267.501268][ T3466]  kthread+0x3c5/0x780
[  267.505349][ T3466]  ret_from_fork+0x48/0x80
[  267.509782][ T3466]  ret_from_fork_asm+0x1a/0x30
[  267.514586][ T3466] 
[  267.516909][ T3466] The buggy address belongs to the object at ffff8880307a4640
[  267.516909][ T3466]  which belongs to the cache kmalloc-32 of size 32
[  267.530796][ T3466] The buggy address is located 0 bytes to the right of
[  267.530796][ T3466]  allocated 24-byte region [ffff8880307a4640, ffff8880307a4658)
[  267.545224][ T3466] 
[  267.547551][ T3466] The buggy address belongs to the physical page:
[  267.553961][ T3466] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x307a4
[  267.562735][ T3466] anon flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff)
[  267.570290][ T3466] page_type: f5(slab)
[  267.574289][ T3466] raw: 00fff00000000000 ffff88801b441780 0000000000000000 dead000000000001
[  267.582893][ T3466] raw: 0000000000000000 0000000000400040 00000000f5000000 0000000000000000
[  267.591482][ T3466] page dumped because: kasan: bad access detected
[  267.597898][ T3466] page_owner tracks the page as allocated
[  267.603618][ T3466] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x52800(GFP_NOWAIT|__GFP_NORETRY|__GFP_COMP), pid 5741, tgid 5741 (dhcpcd-run-hook), ts 89207943594, free_ts 89206634714
[  267.622075][ T3466]  post_alloc_hook+0x181/0x1b0
[  267.626876][ T3466]  get_page_from_freelist+0x135c/0x3920
[  267.632457][ T3466]  __alloc_frozen_pages_noprof+0x263/0x23a0
[  267.638382][ T3466]  alloc_pages_mpol+0x1fb/0x550
[  267.643270][ T3466]  new_slab+0x244/0x340
[  267.647453][ T3466]  ___slab_alloc+0xd9c/0x1940
[  267.652152][ T3466]  __slab_alloc.constprop.0+0x56/0xb0
[  267.657545][ T3466]  __kmalloc_cache_noprof+0xfb/0x3e0
[  267.662854][ T3466]  kmem_cache_free+0x148/0x4d0
[  267.667653][ T3466]  exit_mmap+0x511/0xb90
[  267.671919][ T3466]  __mmput+0x12a/0x410
[  267.676013][ T3466]  mmput+0x62/0x70
[  267.679764][ T3466]  do_exit+0x9d1/0x2c30
[  267.683964][ T3466]  do_group_exit+0xd3/0x2a0
[  267.688501][ T3466]  __x64_sys_exit_group+0x3e/0x50
[  267.693560][ T3466]  x64_sys_call+0x1530/0x1730
[  267.698270][ T3466] page last free pid 5741 tgid 5741 stack trace:
[  267.704600][ T3466]  __free_frozen_pages+0x69d/0xff0
[  267.709738][ T3466]  tlb_finish_mmu+0x237/0x7b0
[  267.714454][ T3466]  exit_mmap+0x403/0xb90
[  267.718741][ T3466]  __mmput+0x12a/0x410
[  267.722838][ T3466]  mmput+0x62/0x70
[  267.726586][ T3466]  do_exit+0x9d1/0x2c30
[  267.730780][ T3466]  do_group_exit+0xd3/0x2a0
[  267.735367][ T3466]  __x64_sys_exit_group+0x3e/0x50
[  267.740472][ T3466]  x64_sys_call+0x1530/0x1730
[  267.745195][ T3466]  do_syscall_64+0xcd/0x260
[  267.749737][ T3466]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  267.755662][ T3466] 
[  267.757988][ T3466] Memory state around the buggy address:
[  267.763624][ T3466]  ffff8880307a4500: 00 00 00 00 fc fc fc fc fa fb fb fb fc fc fc fc
[  267.771698][ T3466]  ffff8880307a4580: 00 00 00 fc fc fc fc fc 00 00 00 fc fc fc fc fc
[  267.779779][ T3466] >ffff8880307a4600: 00 00 00 00 fc fc fc fc 00 00 00 fc fc fc fc fc
[  267.787862][ T3466]                                                     ^
[  267.794815][ T3466]  ffff8880307a4680: 00 00 00 00 fc fc fc fc 00 00 00 00 fc fc fc fc
[  267.802896][ T3466]  ffff8880307a4700: 00 00 00 00 fc fc fc fc 00 00 00 00 fc fc fc fc
[  267.810976][ T3466] ==================================================================
[  267.819129][    C0] vkms_vblank_simulate: vblank timer overrun
[  267.917191][ T3466] ==================================================================
[  267.925331][ T3466] BUG: KASAN: slab-out-of-bounds in iov_iter_advance+0x652/0x6c0
[  267.933111][ T3466] Read of size 4 at addr ffff8880307a4668 by task kworker/u8:9/3466
[  267.941122][ T3466] 
[  267.943470][ T3466] CPU: 0 UID: 0 PID: 3466 Comm: kworker/u8:9 Tainted: G    B               6.15.0-rc5-syzkaller-00043-gd76bb1ebb558 #0 PREEMPT(full) 
[  267.943526][ T3466] Tainted: [B]=BAD_PAGE
[  267.943544][ T3466] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/29/2025
[  267.943568][ T3466] Workqueue: events_unbound netfs_write_collection_worker
[  267.943637][ T3466] Call Trace:
[  267.943649][ T3466]  <TASK>
[  267.943661][ T3466]  dump_stack_lvl+0x116/0x1f0
[  267.943713][ T3466]  print_report+0xc3/0x670
[  267.943766][ T3466]  ? srso_alias_return_thunk+0x5/0xfbef5
[  267.943810][ T3466]  ? srso_alias_return_thunk+0x5/0xfbef5
[  267.943854][ T3466]  ? __phys_addr+0xc6/0x150
[  267.943907][ T3466]  ? iov_iter_advance+0x652/0x6c0
[  267.943960][ T3466]  kasan_report+0xe0/0x110
[  267.944015][ T3466]  ? iov_iter_advance+0x652/0x6c0
[  267.944073][ T3466]  iov_iter_advance+0x652/0x6c0
[  267.944128][ T3466]  netfs_reissue_write+0x13d/0x240
[  267.944165][ T3466]  netfs_retry_writes+0x168a/0x1a50
[  267.944205][ T3466]  ? srso_alias_return_thunk+0x5/0xfbef5
[  267.944249][ T3466]  ? ieee80211_ibss_work+0xdb/0x1480
[  267.944296][ T3466]  ? srso_alias_return_thunk+0x5/0xfbef5
[  267.944340][ T3466]  ? __lock_acquire+0xaa4/0x1ba0
[  267.944399][ T3466]  ? __pfx_netfs_retry_writes+0x10/0x10
[  267.944442][ T3466]  ? srso_alias_return_thunk+0x5/0xfbef5
[  267.944486][ T3466]  ? register_lock_class+0x41/0x4c0
[  267.944552][ T3466]  ? srso_alias_return_thunk+0x5/0xfbef5
[  267.944597][ T3466]  ? do_raw_spin_lock+0x12c/0x2b0
[  267.944635][ T3466]  ? srso_alias_return_thunk+0x5/0xfbef5
[  267.944680][ T3466]  netfs_write_collection_worker+0x23fd/0x3830
[  267.944768][ T3466]  process_one_work+0x9cf/0x1b70
[  267.944815][ T3466]  ? __pfx_netfs_write_collection_worker+0x10/0x10
[  267.944880][ T3466]  ? __pfx_process_one_work+0x10/0x10
[  267.944919][ T3466]  ? srso_alias_return_thunk+0x5/0xfbef5
[  267.944970][ T3466]  ? srso_alias_return_thunk+0x5/0xfbef5
[  267.945015][ T3466]  ? assign_work+0x1a0/0x250
[  267.945051][ T3466]  worker_thread+0x6c8/0xf10
[  267.945101][ T3466]  ? __pfx_worker_thread+0x10/0x10
[  267.945140][ T3466]  kthread+0x3c5/0x780
[  267.945174][ T3466]  ? __pfx_kthread+0x10/0x10
[  267.945206][ T3466]  ? __pfx_kthread+0x10/0x10
[  267.945239][ T3466]  ? __pfx_kthread+0x10/0x10
[  267.945271][ T3466]  ? __pfx_kthread+0x10/0x10
[  267.945303][ T3466]  ? srso_alias_return_thunk+0x5/0xfbef5
[  267.945348][ T3466]  ? rcu_is_watching+0x12/0xc0
[  267.945393][ T3466]  ? __pfx_kthread+0x10/0x10
[  267.945427][ T3466]  ret_from_fork+0x48/0x80
[  267.945462][ T3466]  ? __pfx_kthread+0x10/0x10
[  267.945495][ T3466]  ret_from_fork_asm+0x1a/0x30
[  267.945568][ T3466]  </TASK>
[  267.945581][ T3466] 
[  268.200178][ T3466] Allocated by task 970:
[  268.204428][ T3466]  kasan_save_stack+0x33/0x60
[  268.209141][ T3466]  kasan_save_track+0x14/0x30
[  268.213850][ T3466]  __kasan_kmalloc+0xaa/0xb0
[  268.218470][ T3466]  nsim_fib6_rt_nh_add+0x4a/0x290
[  268.223537][ T3466]  nsim_fib_event_work+0x196a/0x2e80
[  268.228865][ T3466]  process_one_work+0x9cf/0x1b70
[  268.233828][ T3466]  worker_thread+0x6c8/0xf10
[  268.238439][ T3466]  kthread+0x3c5/0x780
[  268.242633][ T3466]  ret_from_fork+0x48/0x80
[  268.247076][ T3466]  ret_from_fork_asm+0x1a/0x30
[  268.251877][ T3466] 
[  268.254202][ T3466] The buggy address belongs to the object at ffff8880307a4640
[  268.254202][ T3466]  which belongs to the cache kmalloc-32 of size 32
[  268.268113][ T3466] The buggy address is located 16 bytes to the right of
[  268.268113][ T3466]  allocated 24-byte region [ffff8880307a4640, ffff8880307a4658)
[  268.282635][ T3466] 
[  268.284966][ T3466] The buggy address belongs to the physical page:
[  268.291380][ T3466] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x307a4
[  268.300158][ T3466] anon flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff)
[  268.307754][ T3466] page_type: f5(slab)
[  268.311750][ T3466] raw: 00fff00000000000 ffff88801b441780 0000000000000000 dead000000000001
[  268.320438][ T3466] raw: 0000000000000000 0000000000400040 00000000f5000000 0000000000000000
[  268.329030][ T3466] page dumped because: kasan: bad access detected
[  268.335447][ T3466] page_owner tracks the page as allocated
[  268.341159][ T3466] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x52800(GFP_NOWAIT|__GFP_NORETRY|__GFP_COMP), pid 5741, tgid 5741 (dhcpcd-run-hook), ts 89207943594, free_ts 89206634714
[  268.359608][ T3466]  post_alloc_hook+0x181/0x1b0
[  268.364412][ T3466]  get_page_from_freelist+0x135c/0x3920
[  268.369991][ T3466]  __alloc_frozen_pages_noprof+0x263/0x23a0
[  268.375938][ T3466]  alloc_pages_mpol+0x1fb/0x550
[  268.380840][ T3466]  new_slab+0x244/0x340
[  268.385019][ T3466]  ___slab_alloc+0xd9c/0x1940
[  268.389716][ T3466]  __slab_alloc.constprop.0+0x56/0xb0
[  268.395118][ T3466]  __kmalloc_cache_noprof+0xfb/0x3e0
[  268.400438][ T3466]  kmem_cache_free+0x148/0x4d0
[  268.405233][ T3466]  exit_mmap+0x511/0xb90
[  268.409500][ T3466]  __mmput+0x12a/0x410
[  268.413594][ T3466]  mmput+0x62/0x70
[  268.417347][ T3466]  do_exit+0x9d1/0x2c30
[  268.421537][ T3466]  do_group_exit+0xd3/0x2a0
[  268.426072][ T3466]  __x64_sys_exit_group+0x3e/0x50
[  268.431132][ T3466]  x64_sys_call+0x1530/0x1730
[  268.435845][ T3466] page last free pid 5741 tgid 5741 stack trace:
[  268.442170][ T3466]  __free_frozen_pages+0x69d/0xff0
[  268.447304][ T3466]  tlb_finish_mmu+0x237/0x7b0
[  268.452005][ T3466]  exit_mmap+0x403/0xb90
[  268.456265][ T3466]  __mmput+0x12a/0x410
[  268.460355][ T3466]  mmput+0x62/0x70
[  268.464099][ T3466]  do_exit+0x9d1/0x2c30
[  268.468301][ T3466]  do_group_exit+0xd3/0x2a0
[  268.472843][ T3466]  __x64_sys_exit_group+0x3e/0x50
[  268.477904][ T3466]  x64_sys_call+0x1530/0x1730
[  268.482618][ T3466]  do_syscall_64+0xcd/0x260
[  268.487152][ T3466]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  268.493065][ T3466] 
[  268.495390][ T3466] Memory state around the buggy address:
[  268.501054][ T3466]  ffff8880307a4500: 00 00 00 00 fc fc fc fc fa fb fb fb fc fc fc fc
[  268.509124][ T3466]  ffff8880307a4580: fa fb fb fb fc fc fc fc fa fb fb fb fc fc fc fc
[  268.517193][ T3466] >ffff8880307a4600: 00 00 00 00 fc fc fc fc 00 00 00 fc fc fc fc fc
[  268.525257][ T3466]                                                           ^
[  268.532722][ T3466]  ffff8880307a4680: 00 00 00 00 fc fc fc fc 00 00 00 00 fc fc fc fc
[  268.540796][ T3466]  ffff8880307a4700: 00 00 00 00 fc fc fc fc 00 00 00 00 fc fc fc fc
[  268.548871][ T3466] ==================================================================
[  268.557021][    C0] vkms_vblank_simulate: vblank timer overrun
[  268.593788][ T3466] ==================================================================
[  268.601904][ T3466] BUG: KASAN: slab-out-of-bounds in iov_iter_advance+0x652/0x6c0
[  268.609668][ T3466] Read of size 4 at addr ffff8880307a4678 by task kworker/u8:9/3466
[  268.617690][ T3466] 
[  268.620026][ T3466] CPU: 1 UID: 0 PID: 3466 Comm: kworker/u8:9 Tainted: G    B               6.15.0-rc5-syzkaller-00043-gd76bb1ebb558 #0 PREEMPT(full) 
[  268.620079][ T3466] Tainted: [B]=BAD_PAGE
[  268.620091][ T3466] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/29/2025
[  268.620113][ T3466] Workqueue: events_unbound netfs_write_collection_worker
[  268.620177][ T3466] Call Trace:
[  268.620188][ T3466]  <TASK>
[  268.620200][ T3466]  dump_stack_lvl+0x116/0x1f0
[  268.620249][ T3466]  print_report+0xc3/0x670
[  268.620299][ T3466]  ? srso_alias_return_thunk+0x5/0xfbef5
[  268.620342][ T3466]  ? srso_alias_return_thunk+0x5/0xfbef5
[  268.620383][ T3466]  ? __phys_addr+0xc6/0x150
[  268.620432][ T3466]  ? iov_iter_advance+0x652/0x6c0
[  268.620481][ T3466]  kasan_report+0xe0/0x110
[  268.620533][ T3466]  ? iov_iter_advance+0x652/0x6c0
[  268.620595][ T3466]  iov_iter_advance+0x652/0x6c0
[  268.620648][ T3466]  netfs_reissue_write+0x13d/0x240
[  268.620682][ T3466]  netfs_retry_writes+0x168a/0x1a50
[  268.620720][ T3466]  ? srso_alias_return_thunk+0x5/0xfbef5
[  268.620761][ T3466]  ? ieee80211_ibss_work+0xdb/0x1480
[  268.620803][ T3466]  ? srso_alias_return_thunk+0x5/0xfbef5
[  268.620844][ T3466]  ? __lock_acquire+0xaa4/0x1ba0
[  268.620900][ T3466]  ? __pfx_netfs_retry_writes+0x10/0x10
[  268.620939][ T3466]  ? srso_alias_return_thunk+0x5/0xfbef5
[  268.620980][ T3466]  ? register_lock_class+0x41/0x4c0
[  268.621033][ T3466]  ? srso_alias_return_thunk+0x5/0xfbef5
[  268.621082][ T3466]  ? do_raw_spin_lock+0x12c/0x2b0
[  268.621117][ T3466]  ? srso_alias_return_thunk+0x5/0xfbef5
[  268.621162][ T3466]  netfs_write_collection_worker+0x23fd/0x3830
[  268.621243][ T3466]  process_one_work+0x9cf/0x1b70
[  268.621286][ T3466]  ? __pfx_netfs_write_collection_worker+0x10/0x10
[  268.621347][ T3466]  ? __pfx_process_one_work+0x10/0x10
[  268.621383][ T3466]  ? srso_alias_return_thunk+0x5/0xfbef5
[  268.621430][ T3466]  ? srso_alias_return_thunk+0x5/0xfbef5
[  268.621470][ T3466]  ? assign_work+0x1a0/0x250
[  268.621503][ T3466]  worker_thread+0x6c8/0xf10
[  268.621549][ T3466]  ? __pfx_worker_thread+0x10/0x10
[  268.621592][ T3466]  kthread+0x3c5/0x780
[  268.621623][ T3466]  ? __pfx_kthread+0x10/0x10
[  268.621652][ T3466]  ? __pfx_kthread+0x10/0x10
[  268.621681][ T3466]  ? __pfx_kthread+0x10/0x10
[  268.621711][ T3466]  ? __pfx_kthread+0x10/0x10
[  268.621739][ T3466]  ? srso_alias_return_thunk+0x5/0xfbef5
[  268.621780][ T3466]  ? rcu_is_watching+0x12/0xc0
[  268.621820][ T3466]  ? __pfx_kthread+0x10/0x10
[  268.621851][ T3466]  ret_from_fork+0x48/0x80
[  268.621883][ T3466]  ? __pfx_kthread+0x10/0x10
[  268.621914][ T3466]  ret_from_fork_asm+0x1a/0x30
[  268.621976][ T3466]  </TASK>
[  268.621987][ T3466] 
[  268.876222][ T3466] Allocated by task 970:
[  268.880480][ T3466]  kasan_save_stack+0x33/0x60
[  268.885206][ T3466]  kasan_save_track+0x14/0x30
[  268.889922][ T3466]  __kasan_kmalloc+0xaa/0xb0
[  268.894554][ T3466]  nsim_fib6_rt_nh_add+0x4a/0x290
[  268.899622][ T3466]  nsim_fib_event_work+0x196a/0x2e80
[  268.904953][ T3466]  process_one_work+0x9cf/0x1b70
[  268.909930][ T3466]  worker_thread+0x6c8/0xf10
[  268.914563][ T3466]  kthread+0x3c5/0x780
[  268.918654][ T3466]  ret_from_fork+0x48/0x80
[  268.923088][ T3466]  ret_from_fork_asm+0x1a/0x30
[  268.927892][ T3466] 
[  268.930220][ T3466] The buggy address belongs to the object at ffff8880307a4640
[  268.930220][ T3466]  which belongs to the cache kmalloc-32 of size 32
[  268.944119][ T3466] The buggy address is located 32 bytes to the right of
[  268.944119][ T3466]  allocated 24-byte region [ffff8880307a4640, ffff8880307a4658)
[  268.958673][ T3466] 
[  268.961004][ T3466] The buggy address belongs to the physical page:
[  268.967417][ T3466] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x307a4
[  268.976191][ T3466] anon flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff)
[  268.983748][ T3466] page_type: f5(slab)
[  268.987743][ T3466] raw: 00fff00000000000 ffff88801b441780 0000000000000000 dead000000000001
[  268.996345][ T3466] raw: 0000000000000000 0000000000400040 00000000f5000000 0000000000000000
[  269.004935][ T3466] page dumped because: kasan: bad access detected
[  269.011361][ T3466] page_owner tracks the page as allocated
[  269.017083][ T3466] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x52800(GFP_NOWAIT|__GFP_NORETRY|__GFP_COMP), pid 5741, tgid 5741 (dhcpcd-run-hook), ts 89207943594, free_ts 89206634714
[  269.035536][ T3466]  post_alloc_hook+0x181/0x1b0
[  269.040335][ T3466]  get_page_from_freelist+0x135c/0x3920
[  269.045923][ T3466]  __alloc_frozen_pages_noprof+0x263/0x23a0
[  269.051866][ T3466]  alloc_pages_mpol+0x1fb/0x550
[  269.056770][ T3466]  new_slab+0x244/0x340
[  269.060956][ T3466]  ___slab_alloc+0xd9c/0x1940
[  269.065662][ T3466]  __slab_alloc.constprop.0+0x56/0xb0
[  269.071061][ T3466]  __kmalloc_cache_noprof+0xfb/0x3e0
[  269.076473][ T3466]  kmem_cache_free+0x148/0x4d0
[  269.081276][ T3466]  exit_mmap+0x511/0xb90
[  269.085546][ T3466]  __mmput+0x12a/0x410
[  269.089642][ T3466]  mmput+0x62/0x70
[  269.093385][ T3466]  do_exit+0x9d1/0x2c30
[  269.097585][ T3466]  do_group_exit+0xd3/0x2a0
[  269.102121][ T3466]  __x64_sys_exit_group+0x3e/0x50
[  269.107187][ T3466]  x64_sys_call+0x1530/0x1730
[  269.111906][ T3466] page last free pid 5741 tgid 5741 stack trace:
[  269.118247][ T3466]  __free_frozen_pages+0x69d/0xff0
[  269.123475][ T3466]  tlb_finish_mmu+0x237/0x7b0
[  269.128181][ T3466]  exit_mmap+0x403/0xb90
[  269.132440][ T3466]  __mmput+0x12a/0x410
[  269.136539][ T3466]  mmput+0x62/0x70
[  269.140300][ T3466]  do_exit+0x9d1/0x2c30
[  269.144501][ T3466]  do_group_exit+0xd3/0x2a0
[  269.149042][ T3466]  __x64_sys_exit_group+0x3e/0x50
[  269.154100][ T3466]  x64_sys_call+0x1530/0x1730
[  269.158817][ T3466]  do_syscall_64+0xcd/0x260
[  269.163363][ T3466]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  269.169278][ T3466] 
[  269.171604][ T3466] Memory state around the buggy address:
[  269.177243][ T3466]  ffff8880307a4500: 00 00 00 00 fc fc fc fc fa fb fb fb fc fc fc fc
[  269.185325][ T3466]  ffff8880307a4580: fa fb fb fb fc fc fc fc fa fb fb fb fc fc fc fc
[  269.193410][ T3466] >ffff8880307a4600: 00 00 00 00 fc fc fc fc 00 00 00 fc fc fc fc fc
[  269.201492][ T3466]                                                                 ^
[  269.209494][ T3466]  ffff8880307a4680: 00 00 00 00 fc fc fc fc 00 00 00 00 fc fc fc fc
[  269.217583][ T3466]  ffff8880307a4700: 00 00 00 00 fc fc fc fc 00 00 00 00 fc fc fc fc
[  269.225657][ T3466] ==================================================================
[  269.349098][ T3466] ==================================================================
[  269.357224][ T3466] BUG: KASAN: wild-memory-access in _copy_from_iter+0x8c9/0x15b0
[  269.365003][ T3466] Read of size 50 at addr ffe728a1399fbe06 by task kworker/u8:9/3466
[  269.373088][ T3466] 
[  269.375442][ T3466] CPU: 0 UID: 0 PID: 3466 Comm: kworker/u8:9 Tainted: G    B               6.15.0-rc5-syzkaller-00043-gd76bb1ebb558 #0 PREEMPT(full) 
[  269.375496][ T3466] Tainted: [B]=BAD_PAGE
[  269.375508][ T3466] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/29/2025
[  269.375531][ T3466] Workqueue: events_unbound netfs_write_collection_worker
[  269.375595][ T3466] Call Trace:
[  269.375607][ T3466]  <TASK>
[  269.375620][ T3466]  dump_stack_lvl+0x116/0x1f0
[  269.375671][ T3466]  kasan_report+0xe0/0x110
[  269.375725][ T3466]  ? _copy_from_iter+0x8c9/0x15b0
[  269.375788][ T3466]  kasan_check_range+0xef/0x1a0
[  269.375823][ T3466]  __asan_memcpy+0x23/0x60
[  269.375865][ T3466]  _copy_from_iter+0x8c9/0x15b0
[  269.375917][ T3466]  ? srso_alias_return_thunk+0x5/0xfbef5
[  269.375960][ T3466]  ? p9pdu_writef+0xc3/0x100
[  269.375993][ T3466]  ? __pfx__copy_from_iter+0x10/0x10
[  269.376046][ T3466]  ? srso_alias_return_thunk+0x5/0xfbef5
[  269.376087][ T3466]  ? lock_acquire+0x2cd/0x350
[  269.376139][ T3466]  ? srso_alias_return_thunk+0x5/0xfbef5
[  269.376181][ T3466]  ? srso_alias_return_thunk+0x5/0xfbef5
[  269.376222][ T3466]  ? __asan_memcpy+0x3c/0x60
[  269.376267][ T3466]  p9pdu_vwritef+0x2da/0x1d30
[  269.376306][ T3466]  ? srso_alias_return_thunk+0x5/0xfbef5
[  269.376348][ T3466]  ? p9pdu_writef+0xc3/0x100
[  269.376379][ T3466]  ? __pfx_p9pdu_vwritef+0x10/0x10
[  269.376412][ T3466]  ? __pfx_p9_tag_alloc+0x10/0x10
[  269.376463][ T3466]  ? rcu_is_watching+0x12/0xc0
[  269.376503][ T3466]  ? rcu_is_watching+0x12/0xc0
[  269.376542][ T3466]  ? srso_alias_return_thunk+0x5/0xfbef5
[  269.376588][ T3466]  p9_client_prepare_req+0x247/0x4d0
[  269.376640][ T3466]  ? __pfx_p9_client_prepare_req+0x10/0x10
[  269.376690][ T3466]  ? srso_alias_return_thunk+0x5/0xfbef5
[  269.376733][ T3466]  ? trace_sched_exit_tp+0xde/0x130
[  269.376787][ T3466]  ? srso_alias_return_thunk+0x5/0xfbef5
[  269.376828][ T3466]  ? __schedule+0x1186/0x5de0
[  269.376870][ T3466]  ? srso_alias_return_thunk+0x5/0xfbef5
[  269.376915][ T3466]  p9_client_rpc+0x1c4/0xc50
[  269.376967][ T3466]  ? __pfx_p9_client_rpc+0x10/0x10
[  269.377020][ T3466]  ? __pfx___schedule+0x10/0x10
[  269.377063][ T3466]  ? __pfx_vprintk_emit+0x10/0x10
[  269.377107][ T3466]  ? srso_alias_return_thunk+0x5/0xfbef5
[  269.377148][ T3466]  ? rcu_is_watching+0x12/0xc0
[  269.377186][ T3466]  ? srso_alias_return_thunk+0x5/0xfbef5
[  269.377229][ T3466]  ? srso_alias_return_thunk+0x5/0xfbef5
[  269.377277][ T3466]  p9_client_write+0x245/0x6f0
[  269.377340][ T3466]  ? __pfx_p9_client_write+0x10/0x10
[  269.377404][ T3466]  v9fs_issue_write+0xe3/0x1b0
[  269.377453][ T3466]  ? __pfx_v9fs_issue_write+0x10/0x10
[  269.377501][ T3466]  ? iov_iter_advance+0x380/0x6c0
[  269.377549][ T3466]  ? srso_alias_return_thunk+0x5/0xfbef5
[  269.377591][ T3466]  ? rcu_is_watching+0x12/0xc0
[  269.377632][ T3466]  netfs_do_issue_write+0x95/0x110
[  269.377665][ T3466]  netfs_retry_writes+0x168a/0x1a50
[  269.377703][ T3466]  ? srso_alias_return_thunk+0x5/0xfbef5
[  269.377744][ T3466]  ? ieee80211_ibss_work+0xdb/0x1480
[  269.377792][ T3466]  ? srso_alias_return_thunk+0x5/0xfbef5
[  269.377833][ T3466]  ? __lock_acquire+0xaa4/0x1ba0
[  269.377888][ T3466]  ? __pfx_netfs_retry_writes+0x10/0x10
[  269.377928][ T3466]  ? srso_alias_return_thunk+0x5/0xfbef5
[  269.377969][ T3466]  ? register_lock_class+0x41/0x4c0
[  269.378022][ T3466]  ? srso_alias_return_thunk+0x5/0xfbef5
[  269.378064][ T3466]  ? do_raw_spin_lock+0x12c/0x2b0
[  269.378099][ T3466]  ? srso_alias_return_thunk+0x5/0xfbef5
[  269.378144][ T3466]  netfs_write_collection_worker+0x23fd/0x3830
[  269.378225][ T3466]  process_one_work+0x9cf/0x1b70
[  269.378270][ T3466]  ? __pfx_netfs_write_collection_worker+0x10/0x10
[  269.378331][ T3466]  ? __pfx_process_one_work+0x10/0x10
[  269.378368][ T3466]  ? srso_alias_return_thunk+0x5/0xfbef5
[  269.378418][ T3466]  ? srso_alias_return_thunk+0x5/0xfbef5
[  269.378459][ T3466]  ? assign_work+0x1a0/0x250
[  269.378493][ T3466]  worker_thread+0x6c8/0xf10
[  269.378538][ T3466]  ? __pfx_worker_thread+0x10/0x10
[  269.378577][ T3466]  kthread+0x3c5/0x780
[  269.378608][ T3466]  ? __pfx_kthread+0x10/0x10
[  269.378637][ T3466]  ? __pfx_kthread+0x10/0x10
[  269.378666][ T3466]  ? __pfx_kthread+0x10/0x10
[  269.378696][ T3466]  ? __pfx_kthread+0x10/0x10
[  269.378725][ T3466]  ? srso_alias_return_thunk+0x5/0xfbef5
[  269.378766][ T3466]  ? rcu_is_watching+0x12/0xc0
[  269.378812][ T3466]  ? __pfx_kthread+0x10/0x10
[  269.378843][ T3466]  ret_from_fork+0x48/0x80
[  269.378875][ T3466]  ? __pfx_kthread+0x10/0x10
[  269.378906][ T3466]  ret_from_fork_asm+0x1a/0x30
[  269.378968][ T3466]  </TASK>
[  269.378979][ T3466] ==================================================================
[  269.819070][    C0] vkms_vblank_simulate: vblank timer overrun
[  269.850341][ T3466] ==================================================================
[  269.858480][ T3466] BUG: KASAN: slab-out-of-bounds in _copy_from_iter+0x132f/0x15b0
[  269.866357][ T3466] Read of size 4 at addr ffff8880307a465c by task kworker/u8:9/3466
[  269.874373][ T3466] 
[  269.876725][ T3466] CPU: 1 UID: 0 PID: 3466 Comm: kworker/u8:9 Tainted: G    B               6.15.0-rc5-syzkaller-00043-gd76bb1ebb558 #0 PREEMPT(full) 
[  269.876782][ T3466] Tainted: [B]=BAD_PAGE
[  269.876795][ T3466] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/29/2025
[  269.876820][ T3466] Workqueue: events_unbound netfs_write_collection_worker
[  269.876889][ T3466] Call Trace:
[  269.876900][ T3466]  <TASK>
[  269.876913][ T3466]  dump_stack_lvl+0x116/0x1f0
[  269.876967][ T3466]  print_report+0xc3/0x670
[  269.877022][ T3466]  ? srso_alias_return_thunk+0x5/0xfbef5
[  269.877067][ T3466]  ? srso_alias_return_thunk+0x5/0xfbef5
[  269.877112][ T3466]  ? __phys_addr+0xc6/0x150
[  269.877165][ T3466]  ? _copy_from_iter+0x132f/0x15b0
[  269.877219][ T3466]  kasan_report+0xe0/0x110
[  269.877275][ T3466]  ? _copy_from_iter+0x132f/0x15b0
[  269.877334][ T3466]  _copy_from_iter+0x132f/0x15b0
[  269.877390][ T3466]  ? srso_alias_return_thunk+0x5/0xfbef5
[  269.877435][ T3466]  ? p9pdu_writef+0xc3/0x100
[  269.877470][ T3466]  ? __pfx__copy_from_iter+0x10/0x10
[  269.877526][ T3466]  ? srso_alias_return_thunk+0x5/0xfbef5
[  269.877576][ T3466]  ? lock_acquire+0x2cd/0x350
[  269.877633][ T3466]  ? srso_alias_return_thunk+0x5/0xfbef5
[  269.877678][ T3466]  ? srso_alias_return_thunk+0x5/0xfbef5
[  269.877722][ T3466]  ? __asan_memcpy+0x3c/0x60
[  269.877770][ T3466]  p9pdu_vwritef+0x2da/0x1d30
[  269.877809][ T3466]  ? srso_alias_return_thunk+0x5/0xfbef5
[  269.877854][ T3466]  ? p9pdu_writef+0xc3/0x100
[  269.877888][ T3466]  ? __pfx_p9pdu_vwritef+0x10/0x10
[  269.877924][ T3466]  ? __pfx_p9_tag_alloc+0x10/0x10
[  269.877978][ T3466]  ? rcu_is_watching+0x12/0xc0
[  269.878021][ T3466]  ? rcu_is_watching+0x12/0xc0
[  269.878062][ T3466]  ? srso_alias_return_thunk+0x5/0xfbef5
[  269.878111][ T3466]  p9_client_prepare_req+0x247/0x4d0
[  269.878167][ T3466]  ? __pfx_p9_client_prepare_req+0x10/0x10
[  269.878221][ T3466]  ? srso_alias_return_thunk+0x5/0xfbef5
[  269.878267][ T3466]  ? trace_sched_exit_tp+0xde/0x130
[  269.878321][ T3466]  ? srso_alias_return_thunk+0x5/0xfbef5
[  269.878365][ T3466]  ? __schedule+0x1186/0x5de0
[  269.878410][ T3466]  ? srso_alias_return_thunk+0x5/0xfbef5
[  269.878459][ T3466]  p9_client_rpc+0x1c4/0xc50
[  269.878514][ T3466]  ? __pfx_p9_client_rpc+0x10/0x10
[  269.878576][ T3466]  ? __pfx___schedule+0x10/0x10
[  269.878622][ T3466]  ? __pfx_vprintk_emit+0x10/0x10
[  269.878668][ T3466]  ? srso_alias_return_thunk+0x5/0xfbef5
[  269.878713][ T3466]  ? rcu_is_watching+0x12/0xc0
[  269.878754][ T3466]  ? srso_alias_return_thunk+0x5/0xfbef5
[  269.878799][ T3466]  ? srso_alias_return_thunk+0x5/0xfbef5
[  269.878849][ T3466]  p9_client_write+0x245/0x6f0
[  269.878916][ T3466]  ? __pfx_p9_client_write+0x10/0x10
[  269.878983][ T3466]  v9fs_issue_write+0xe3/0x1b0
[  269.879036][ T3466]  ? __pfx_v9fs_issue_write+0x10/0x10
[  269.879087][ T3466]  ? iov_iter_advance+0x380/0x6c0
[  269.879139][ T3466]  ? srso_alias_return_thunk+0x5/0xfbef5
[  269.879183][ T3466]  ? rcu_is_watching+0x12/0xc0
[  269.879227][ T3466]  netfs_do_issue_write+0x95/0x110
[  269.879264][ T3466]  netfs_retry_writes+0x168a/0x1a50
[  269.879304][ T3466]  ? srso_alias_return_thunk+0x5/0xfbef5
[  269.879348][ T3466]  ? ieee80211_ibss_work+0xdb/0x1480
[  269.879394][ T3466]  ? srso_alias_return_thunk+0x5/0xfbef5
[  269.879439][ T3466]  ? __lock_acquire+0xaa4/0x1ba0
[  269.879499][ T3466]  ? __pfx_netfs_retry_writes+0x10/0x10
[  269.879546][ T3466]  ? srso_alias_return_thunk+0x5/0xfbef5
[  269.879591][ T3466]  ? register_lock_class+0x41/0x4c0
[  269.879649][ T3466]  ? srso_alias_return_thunk+0x5/0xfbef5
[  269.879693][ T3466]  ? do_raw_spin_lock+0x12c/0x2b0
[  269.879732][ T3466]  ? srso_alias_return_thunk+0x5/0xfbef5
[  269.879781][ T3466]  netfs_write_collection_worker+0x23fd/0x3830
[  269.879868][ T3466]  process_one_work+0x9cf/0x1b70
[  269.879915][ T3466]  ? __pfx_netfs_write_collection_worker+0x10/0x10
[  269.879981][ T3466]  ? __pfx_process_one_work+0x10/0x10
[  269.880022][ T3466]  ? srso_alias_return_thunk+0x5/0xfbef5
[  269.880073][ T3466]  ? srso_alias_return_thunk+0x5/0xfbef5
[  269.880118][ T3466]  ? assign_work+0x1a0/0x250
[  269.880155][ T3466]  worker_thread+0x6c8/0xf10
[  269.880204][ T3466]  ? __pfx_worker_thread+0x10/0x10
[  269.880243][ T3466]  kthread+0x3c5/0x780
[  269.880277][ T3466]  ? __pfx_kthread+0x10/0x10
[  269.880309][ T3466]  ? __pfx_kthread+0x10/0x10
[  269.880342][ T3466]  ? __pfx_kthread+0x10/0x10
[  269.880374][ T3466]  ? __pfx_kthread+0x10/0x10
[  269.880406][ T3466]  ? srso_alias_return_thunk+0x5/0xfbef5
[  269.880451][ T3466]  ? rcu_is_watching+0x12/0xc0
[  269.880495][ T3466]  ? __pfx_kthread+0x10/0x10
[  269.880532][ T3466]  ret_from_fork+0x48/0x80
[  269.880568][ T3466]  ? __pfx_kthread+0x10/0x10
[  269.880601][ T3466]  ret_from_fork_asm+0x1a/0x30
[  269.880667][ T3466]  </TASK>
[  269.880679][ T3466] 
[  270.330645][ T3466] Allocated by task 970:
[  270.334884][ T3466]  kasan_save_stack+0x33/0x60
[  270.339575][ T3466]  kasan_save_track+0x14/0x30
[  270.344286][ T3466]  __kasan_kmalloc+0xaa/0xb0
[  270.348893][ T3466]  nsim_fib6_rt_nh_add+0x4a/0x290
[  270.353942][ T3466]  nsim_fib_event_work+0x196a/0x2e80
[  270.359250][ T3466]  process_one_work+0x9cf/0x1b70
[  270.364195][ T3466]  worker_thread+0x6c8/0xf10
[  270.368789][ T3466]  kthread+0x3c5/0x780
[  270.372857][ T3466]  ret_from_fork+0x48/0x80
[  270.377292][ T3466]  ret_from_fork_asm+0x1a/0x30
[  270.382091][ T3466] 
[  270.384410][ T3466] The buggy address belongs to the object at ffff8880307a4640
[  270.384410][ T3466]  which belongs to the cache kmalloc-32 of size 32
[  270.398297][ T3466] The buggy address is located 4 bytes to the right of
[  270.398297][ T3466]  allocated 24-byte region [ffff8880307a4640, ffff8880307a4658)
[  270.412733][ T3466] 
[  270.415053][ T3466] The buggy address belongs to the physical page:
[  270.421458][ T3466] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x307a4
[  270.430224][ T3466] anon flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff)
[  270.437770][ T3466] page_type: f5(slab)
[  270.441749][ T3466] raw: 00fff00000000000 ffff88801b441780 0000000000000000 dead000000000001
[  270.450347][ T3466] raw: 0000000000000000 0000000000400040 00000000f5000000 0000000000000000
[  270.458937][ T3466] page dumped because: kasan: bad access detected
[  270.465346][ T3466] page_owner tracks the page as allocated
[  270.471048][ T3466] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x52800(GFP_NOWAIT|__GFP_NORETRY|__GFP_COMP), pid 5741, tgid 5741 (dhcpcd-run-hook), ts 89207943594, free_ts 89206634714
[  270.489478][ T3466]  post_alloc_hook+0x181/0x1b0
[  270.494262][ T3466]  get_page_from_freelist+0x135c/0x3920
[  270.499821][ T3466]  __alloc_frozen_pages_noprof+0x263/0x23a0
[  270.505729][ T3466]  alloc_pages_mpol+0x1fb/0x550
[  270.510595][ T3466]  new_slab+0x244/0x340
[  270.514756][ T3466]  ___slab_alloc+0xd9c/0x1940
[  270.519438][ T3466]  __slab_alloc.constprop.0+0x56/0xb0
[  270.524826][ T3466]  __kmalloc_cache_noprof+0xfb/0x3e0
[  270.530118][ T3466]  kmem_cache_free+0x148/0x4d0
[  270.534895][ T3466]  exit_mmap+0x511/0xb90
[  270.539143][ T3466]  __mmput+0x12a/0x410
[  270.543220][ T3466]  mmput+0x62/0x70
[  270.546959][ T3466]  do_exit+0x9d1/0x2c30
[  270.551155][ T3466]  do_group_exit+0xd3/0x2a0
[  270.555683][ T3466]  __x64_sys_exit_group+0x3e/0x50
[  270.560726][ T3466]  x64_sys_call+0x1530/0x1730
[  270.565422][ T3466] page last free pid 5741 tgid 5741 stack trace:
[  270.571741][ T3466]  __free_frozen_pages+0x69d/0xff0
[  270.576873][ T3466]  tlb_finish_mmu+0x237/0x7b0
[  270.581564][ T3466]  exit_mmap+0x403/0xb90
[  270.585815][ T3466]  __mmput+0x12a/0x410
[  270.589890][ T3466]  mmput+0x62/0x70
[  270.593618][ T3466]  do_exit+0x9d1/0x2c30
[  270.597793][ T3466]  do_group_exit+0xd3/0x2a0
[  270.602309][ T3466]  __x64_sys_exit_group+0x3e/0x50
[  270.607351][ T3466]  x64_sys_call+0x1530/0x1730
[  270.612047][ T3466]  do_syscall_64+0xcd/0x260
[  270.616568][ T3466]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  270.622483][ T3466] 
[  270.624801][ T3466] Memory state around the buggy address:
[  270.630430][ T3466]  ffff8880307a4500: 00 00 00 00 fc fc fc fc fa fb fb fb fc fc fc fc
[  270.638498][ T3466]  ffff8880307a4580: fa fb fb fb fc fc fc fc fa fb fb fb fc fc fc fc
[  270.646568][ T3466] >ffff8880307a4600: 00 00 00 00 fc fc fc fc 00 00 00 fc fc fc fc fc
[  270.654631][ T3466]                                                     ^
[  270.661564][ T3466]  ffff8880307a4680: 00 00 00 00 fc fc fc fc 00 00 00 00 fc fc fc fc
[  270.669635][ T3466]  ffff8880307a4700: 00 00 00 00 fc fc fc fc 00 00 00 00 fc fc fc fc
[  270.677727][ T3466] ==================================================================
[  270.783464][ T3466] ==================================================================
[  270.791639][ T3466] BUG: KASAN: slab-out-of-bounds in _copy_from_iter+0x1459/0x15b0
[  270.799503][ T3466] Read of size 4 at addr ffff8880307a4658 by task kworker/u8:9/3466
[  270.807506][ T3466] 
[  270.809846][ T3466] CPU: 1 UID: 0 PID: 3466 Comm: kworker/u8:9 Tainted: G    B               6.15.0-rc5-syzkaller-00043-gd76bb1ebb558 #0 PREEMPT(full) 
[  270.809899][ T3466] Tainted: [B]=BAD_PAGE
[  270.809912][ T3466] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/29/2025
[  270.809935][ T3466] Workqueue: events_unbound netfs_write_collection_worker
[  270.810000][ T3466] Call Trace:
[  270.810011][ T3466]  <TASK>
[  270.810024][ T3466]  dump_stack_lvl+0x116/0x1f0
[  270.810076][ T3466]  print_report+0xc3/0x670
[  270.810127][ T3466]  ? srso_alias_return_thunk+0x5/0xfbef5
[  270.810169][ T3466]  ? srso_alias_return_thunk+0x5/0xfbef5
[  270.810211][ T3466]  ? __phys_addr+0xc6/0x150
[  270.810260][ T3466]  ? _copy_from_iter+0x1459/0x15b0
[  270.810309][ T3466]  kasan_report+0xe0/0x110
[  270.810362][ T3466]  ? _copy_from_iter+0x1459/0x15b0
[  270.810417][ T3466]  _copy_from_iter+0x1459/0x15b0
[  270.810470][ T3466]  ? p9pdu_writef+0xc3/0x100
[  270.810503][ T3466]  ? __pfx__copy_from_iter+0x10/0x10
[  270.810560][ T3466]  ? srso_alias_return_thunk+0x5/0xfbef5
[  270.810602][ T3466]  ? lock_acquire+0x2cd/0x350
[  270.810654][ T3466]  ? srso_alias_return_thunk+0x5/0xfbef5
[  270.810697][ T3466]  ? srso_alias_return_thunk+0x5/0xfbef5
[  270.810737][ T3466]  ? __asan_memcpy+0x3c/0x60
[  270.810782][ T3466]  p9pdu_vwritef+0x2da/0x1d30
[  270.810820][ T3466]  ? srso_alias_return_thunk+0x5/0xfbef5
[  270.810865][ T3466]  ? p9pdu_writef+0xc3/0x100
[  270.810897][ T3466]  ? __pfx_p9pdu_vwritef+0x10/0x10
[  270.810930][ T3466]  ? __pfx_p9_tag_alloc+0x10/0x10
[  270.810981][ T3466]  ? rcu_is_watching+0x12/0xc0
[  270.811021][ T3466]  ? rcu_is_watching+0x12/0xc0
[  270.811060][ T3466]  ? srso_alias_return_thunk+0x5/0xfbef5
[  270.811106][ T3466]  p9_client_prepare_req+0x247/0x4d0
[  270.811158][ T3466]  ? __pfx_p9_client_prepare_req+0x10/0x10
[  270.811209][ T3466]  ? srso_alias_return_thunk+0x5/0xfbef5
[  270.811251][ T3466]  ? trace_sched_exit_tp+0xde/0x130
[  270.811302][ T3466]  ? srso_alias_return_thunk+0x5/0xfbef5
[  270.811343][ T3466]  ? __schedule+0x1186/0x5de0
[  270.811384][ T3466]  ? srso_alias_return_thunk+0x5/0xfbef5
[  270.811430][ T3466]  p9_client_rpc+0x1c4/0xc50
[  270.811482][ T3466]  ? __pfx_p9_client_rpc+0x10/0x10
[  270.811537][ T3466]  ? __pfx___schedule+0x10/0x10
[  270.811580][ T3466]  ? __pfx_vprintk_emit+0x10/0x10
[  270.811623][ T3466]  ? srso_alias_return_thunk+0x5/0xfbef5
[  270.811665][ T3466]  ? rcu_is_watching+0x12/0xc0
[  270.811703][ T3466]  ? srso_alias_return_thunk+0x5/0xfbef5
[  270.811746][ T3466]  ? srso_alias_return_thunk+0x5/0xfbef5
[  270.811793][ T3466]  p9_client_write+0x245/0x6f0
[  270.811855][ T3466]  ? __pfx_p9_client_write+0x10/0x10
[  270.811918][ T3466]  v9fs_issue_write+0xe3/0x1b0
[  270.811967][ T3466]  ? __pfx_v9fs_issue_write+0x10/0x10
[  270.812015][ T3466]  ? iov_iter_advance+0x380/0x6c0
[  270.812064][ T3466]  ? srso_alias_return_thunk+0x5/0xfbef5
[  270.812105][ T3466]  ? rcu_is_watching+0x12/0xc0
[  270.812147][ T3466]  netfs_do_issue_write+0x95/0x110
[  270.812180][ T3466]  netfs_retry_writes+0x168a/0x1a50
[  270.812218][ T3466]  ? srso_alias_return_thunk+0x5/0xfbef5
[  270.812259][ T3466]  ? ieee80211_ibss_work+0xdb/0x1480
[  270.812301][ T3466]  ? srso_alias_return_thunk+0x5/0xfbef5
[  270.812343][ T3466]  ? __lock_acquire+0xaa4/0x1ba0
[  270.812397][ T3466]  ? __pfx_netfs_retry_writes+0x10/0x10
[  270.812437][ T3466]  ? srso_alias_return_thunk+0x5/0xfbef5
[  270.812478][ T3466]  ? register_lock_class+0x41/0x4c0
[  270.812539][ T3466]  ? srso_alias_return_thunk+0x5/0xfbef5
[  270.812580][ T3466]  ? do_raw_spin_lock+0x12c/0x2b0
[  270.812616][ T3466]  ? srso_alias_return_thunk+0x5/0xfbef5
[  270.812661][ T3466]  netfs_write_collection_worker+0x23fd/0x3830
[  270.812741][ T3466]  process_one_work+0x9cf/0x1b70
[  270.812784][ T3466]  ? __pfx_netfs_write_collection_worker+0x10/0x10
[  270.812845][ T3466]  ? __pfx_process_one_work+0x10/0x10
[  270.812881][ T3466]  ? srso_alias_return_thunk+0x5/0xfbef5
[  270.812928][ T3466]  ? srso_alias_return_thunk+0x5/0xfbef5
[  270.812969][ T3466]  ? assign_work+0x1a0/0x250
[  270.813003][ T3466]  worker_thread+0x6c8/0xf10
[  270.813048][ T3466]  ? __pfx_worker_thread+0x10/0x10
[  270.813084][ T3466]  kthread+0x3c5/0x780
[  270.813115][ T3466]  ? __pfx_kthread+0x10/0x10
[  270.813144][ T3466]  ? __pfx_kthread+0x10/0x10
[  270.813174][ T3466]  ? __pfx_kthread+0x10/0x10
[  270.813203][ T3466]  ? __pfx_kthread+0x10/0x10
[  270.813233][ T3466]  ? srso_alias_return_thunk+0x5/0xfbef5
[  270.813273][ T3466]  ? rcu_is_watching+0x12/0xc0
[  270.813314][ T3466]  ? __pfx_kthread+0x10/0x10
[  270.813347][ T3466]  ret_from_fork+0x48/0x80
[  270.813382][ T3466]  ? __pfx_kthread+0x10/0x10
[  270.813414][ T3466]  ret_from_fork_asm+0x1a/0x30
[  270.813476][ T3466]  </TASK>
[  270.813487][ T3466] 
[  271.258310][ T3466] Allocated by task 970:
[  271.262560][ T3466]  kasan_save_stack+0x33/0x60
[  271.267275][ T3466]  kasan_save_track+0x14/0x30
[  271.271980][ T3466]  __kasan_kmalloc+0xaa/0xb0
[  271.276594][ T3466]  nsim_fib6_rt_nh_add+0x4a/0x290
[  271.281653][ T3466]  nsim_fib_event_work+0x196a/0x2e80
[  271.286972][ T3466]  process_one_work+0x9cf/0x1b70
[  271.291924][ T3466]  worker_thread+0x6c8/0xf10
[  271.296530][ T3466]  kthread+0x3c5/0x780
[  271.300613][ T3466]  ret_from_fork+0x48/0x80
[  271.305050][ T3466]  ret_from_fork_asm+0x1a/0x30
[  271.309868][ T3466] 
[  271.312191][ T3466] The buggy address belongs to the object at ffff8880307a4640
[  271.312191][ T3466]  which belongs to the cache kmalloc-32 of size 32
[  271.326105][ T3466] The buggy address is located 0 bytes to the right of
[  271.326105][ T3466]  allocated 24-byte region [ffff8880307a4640, ffff8880307a4658)
[  271.340524][ T3466] 
[  271.342851][ T3466] The buggy address belongs to the physical page:
[  271.349260][ T3466] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x307a4
[  271.358029][ T3466] anon flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff)
[  271.365587][ T3466] page_type: f5(slab)
[  271.369585][ T3466] raw: 00fff00000000000 ffff88801b441780 0000000000000000 dead000000000001
[  271.378184][ T3466] raw: 0000000000000000 0000000000400040 00000000f5000000 0000000000000000
[  271.386776][ T3466] page dumped because: kasan: bad access detected
[  271.393186][ T3466] page_owner tracks the page as allocated
[  271.398897][ T3466] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x52800(GFP_NOWAIT|__GFP_NORETRY|__GFP_COMP), pid 5741, tgid 5741 (dhcpcd-run-hook), ts 89207943594, free_ts 89206634714
[  271.417335][ T3466]  post_alloc_hook+0x181/0x1b0
[  271.422126][ T3466]  get_page_from_freelist+0x135c/0x3920
[  271.427701][ T3466]  __alloc_frozen_pages_noprof+0x263/0x23a0
[  271.433628][ T3466]  alloc_pages_mpol+0x1fb/0x550
[  271.438509][ T3466]  new_slab+0x244/0x340
[  271.442692][ T3466]  ___slab_alloc+0xd9c/0x1940
[  271.447394][ T3466]  __slab_alloc.constprop.0+0x56/0xb0
[  271.452790][ T3466]  __kmalloc_cache_noprof+0xfb/0x3e0
[  271.458099][ T3466]  kmem_cache_free+0x148/0x4d0
[  271.462889][ T3466]  exit_mmap+0x511/0xb90
[  271.467151][ T3466]  __mmput+0x12a/0x410
[  271.471247][ T3466]  mmput+0x62/0x70
[  271.474994][ T3466]  do_exit+0x9d1/0x2c30
[  271.479183][ T3466]  do_group_exit+0xd3/0x2a0
[  271.483718][ T3466]  __x64_sys_exit_group+0x3e/0x50
[  271.488776][ T3466]  x64_sys_call+0x1530/0x1730
[  271.493485][ T3466] page last free pid 5741 tgid 5741 stack trace:
[  271.499812][ T3466]  __free_frozen_pages+0x69d/0xff0
[  271.504958][ T3466]  tlb_finish_mmu+0x237/0x7b0
[  271.509658][ T3466]  exit_mmap+0x403/0xb90
[  271.513917][ T3466]  __mmput+0x12a/0x410
[  271.518006][ T3466]  mmput+0x62/0x70
[  271.521746][ T3466]  do_exit+0x9d1/0x2c30
[  271.525932][ T3466]  do_group_exit+0xd3/0x2a0
[  271.530464][ T3466]  __x64_sys_exit_group+0x3e/0x50
[  271.535520][ T3466]  x64_sys_call+0x1530/0x1730
[  271.540231][ T3466]  do_syscall_64+0xcd/0x260
[  271.544765][ T3466]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  271.550673][ T3466] 
[  271.552995][ T3466] Memory state around the buggy address:
[  271.558649][ T3466]  ffff8880307a4500: 00 00 00 00 fc fc fc fc fa fb fb fb fc fc fc fc
[  271.566719][ T3466]  ffff8880307a4580: fa fb fb fb fc fc fc fc fa fb fb fb fc fc fc fc
[  271.574794][ T3466] >ffff8880307a4600: 00 00 00 00 fc fc fc fc 00 00 00 fc fc fc fc fc
[  271.582862][ T3466]                                                     ^
[  271.589800][ T3466]  ffff8880307a4680: 00 00 00 00 fc fc fc fc 00 00 00 00 fc fc fc fc
[  271.597872][ T3466]  ffff8880307a4700: 00 00 00 00 fc fc fc fc 00 00 00 00 fc fc fc fc
[  271.605934][ T3466] ==================================================================
[  271.996614][ T3466] ==================================================================
[  272.004743][ T3466] BUG: KASAN: slab-out-of-bounds in _copy_from_iter+0x1416/0x15b0
[  272.012599][ T3466] Read of size 4 at addr ffff8880307a4658 by task kworker/u8:9/3466
[  272.020599][ T3466] 
[  272.022938][ T3466] CPU: 1 UID: 0 PID: 3466 Comm: kworker/u8:9 Tainted: G    B               6.15.0-rc5-syzkaller-00043-gd76bb1ebb558 #0 PREEMPT(full) 
[  272.022992][ T3466] Tainted: [B]=BAD_PAGE
[  272.023005][ T3466] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/29/2025
[  272.023029][ T3466] Workqueue: events_unbound netfs_write_collection_worker
[  272.023094][ T3466] Call Trace:
[  272.023105][ T3466]  <TASK>
[  272.023119][ T3466]  dump_stack_lvl+0x116/0x1f0
[  272.023169][ T3466]  print_report+0xc3/0x670
[  272.023221][ T3466]  ? srso_alias_return_thunk+0x5/0xfbef5
[  272.023263][ T3466]  ? srso_alias_return_thunk+0x5/0xfbef5
[  272.023306][ T3466]  ? __phys_addr+0xc6/0x150
[  272.023359][ T3466]  ? _copy_from_iter+0x1416/0x15b0
[  272.023413][ T3466]  kasan_report+0xe0/0x110
[  272.023471][ T3466]  ? _copy_from_iter+0x1416/0x15b0
[  272.023530][ T3466]  _copy_from_iter+0x1416/0x15b0
[  272.023584][ T3466]  ? p9pdu_writef+0xc3/0x100
[  272.023617][ T3466]  ? __pfx__copy_from_iter+0x10/0x10
[  272.023671][ T3466]  ? srso_alias_return_thunk+0x5/0xfbef5
[  272.023713][ T3466]  ? lock_acquire+0x2cd/0x350
[  272.023765][ T3466]  ? srso_alias_return_thunk+0x5/0xfbef5
[  272.023812][ T3466]  ? srso_alias_return_thunk+0x5/0xfbef5
[  272.023854][ T3466]  ? __asan_memcpy+0x3c/0x60
[  272.023899][ T3466]  p9pdu_vwritef+0x2da/0x1d30
[  272.023936][ T3466]  ? srso_alias_return_thunk+0x5/0xfbef5
[  272.023977][ T3466]  ? p9pdu_writef+0xc3/0x100
[  272.024009][ T3466]  ? __pfx_p9pdu_vwritef+0x10/0x10
[  272.024043][ T3466]  ? __pfx_p9_tag_alloc+0x10/0x10
[  272.024094][ T3466]  ? rcu_is_watching+0x12/0xc0
[  272.024134][ T3466]  ? rcu_is_watching+0x12/0xc0
[  272.024173][ T3466]  ? srso_alias_return_thunk+0x5/0xfbef5
[  272.024219][ T3466]  p9_client_prepare_req+0x247/0x4d0
[  272.024271][ T3466]  ? __pfx_p9_client_prepare_req+0x10/0x10
[  272.024322][ T3466]  ? srso_alias_return_thunk+0x5/0xfbef5
[  272.024365][ T3466]  ? trace_sched_exit_tp+0xde/0x130
[  272.024416][ T3466]  ? srso_alias_return_thunk+0x5/0xfbef5
[  272.024458][ T3466]  ? __schedule+0x1186/0x5de0
[  272.024499][ T3466]  ? srso_alias_return_thunk+0x5/0xfbef5
[  272.024545][ T3466]  p9_client_rpc+0x1c4/0xc50
[  272.024597][ T3466]  ? __pfx_p9_client_rpc+0x10/0x10
[  272.024649][ T3466]  ? __pfx___schedule+0x10/0x10
[  272.024692][ T3466]  ? __pfx_vprintk_emit+0x10/0x10
[  272.024735][ T3466]  ? srso_alias_return_thunk+0x5/0xfbef5
[  272.024777][ T3466]  ? rcu_is_watching+0x12/0xc0
[  272.024823][ T3466]  ? srso_alias_return_thunk+0x5/0xfbef5
[  272.024866][ T3466]  ? srso_alias_return_thunk+0x5/0xfbef5
[  272.024912][ T3466]  p9_client_write+0x245/0x6f0
[  272.024975][ T3466]  ? __pfx_p9_client_write+0x10/0x10
[  272.025038][ T3466]  v9fs_issue_write+0xe3/0x1b0
[  272.025086][ T3466]  ? __pfx_v9fs_issue_write+0x10/0x10
[  272.025135][ T3466]  ? iov_iter_advance+0x380/0x6c0
[  272.025184][ T3466]  ? srso_alias_return_thunk+0x5/0xfbef5
[  272.025225][ T3466]  ? rcu_is_watching+0x12/0xc0
[  272.025267][ T3466]  netfs_do_issue_write+0x95/0x110
[  272.025300][ T3466]  netfs_retry_writes+0x168a/0x1a50
[  272.025339][ T3466]  ? srso_alias_return_thunk+0x5/0xfbef5
[  272.025380][ T3466]  ? ieee80211_ibss_work+0xdb/0x1480
[  272.025423][ T3466]  ? srso_alias_return_thunk+0x5/0xfbef5
[  272.025464][ T3466]  ? __lock_acquire+0xaa4/0x1ba0
[  272.025519][ T3466]  ? __pfx_netfs_retry_writes+0x10/0x10
[  272.025559][ T3466]  ? srso_alias_return_thunk+0x5/0xfbef5
[  272.025601][ T3466]  ? register_lock_class+0x41/0x4c0
[  272.025654][ T3466]  ? srso_alias_return_thunk+0x5/0xfbef5
[  272.025696][ T3466]  ? do_raw_spin_lock+0x12c/0x2b0
[  272.025731][ T3466]  ? srso_alias_return_thunk+0x5/0xfbef5
[  272.025776][ T3466]  netfs_write_collection_worker+0x23fd/0x3830
[  272.025860][ T3466]  process_one_work+0x9cf/0x1b70
[  272.025904][ T3466]  ? __pfx_netfs_write_collection_worker+0x10/0x10
[  272.025965][ T3466]  ? __pfx_process_one_work+0x10/0x10
[  272.026001][ T3466]  ? srso_alias_return_thunk+0x5/0xfbef5
[  272.026048][ T3466]  ? srso_alias_return_thunk+0x5/0xfbef5
[  272.026090][ T3466]  ? assign_work+0x1a0/0x250
[  272.026123][ T3466]  worker_thread+0x6c8/0xf10
[  272.026168][ T3466]  ? __pfx_worker_thread+0x10/0x10
[  272.026204][ T3466]  kthread+0x3c5/0x780
[  272.026235][ T3466]  ? __pfx_kthread+0x10/0x10
[  272.026264][ T3466]  ? __pfx_kthread+0x10/0x10
[  272.026294][ T3466]  ? __pfx_kthread+0x10/0x10
[  272.026324][ T3466]  ? __pfx_kthread+0x10/0x10
[  272.026353][ T3466]  ? srso_alias_return_thunk+0x5/0xfbef5
[  272.026395][ T3466]  ? rcu_is_watching+0x12/0xc0
[  272.026434][ T3466]  ? __pfx_kthread+0x10/0x10
[  272.026465][ T3466]  ret_from_fork+0x48/0x80
[  272.026497][ T3466]  ? __pfx_kthread+0x10/0x10
[  272.026529][ T3466]  ret_from_fork_asm+0x1a/0x30
[  272.026590][ T3466]  </TASK>
[  272.026602][ T3466] 
[  272.471230][ T3466] Allocated by task 970:
[  272.475476][ T3466]  kasan_save_stack+0x33/0x60
[  272.480186][ T3466]  kasan_save_track+0x14/0x30
[  272.484889][ T3466]  __kasan_kmalloc+0xaa/0xb0
[  272.489502][ T3466]  nsim_fib6_rt_nh_add+0x4a/0x290
[  272.494565][ T3466]  nsim_fib_event_work+0x196a/0x2e80
[  272.499888][ T3466]  process_one_work+0x9cf/0x1b70
[  272.504842][ T3466]  worker_thread+0x6c8/0xf10
[  272.509447][ T3466]  kthread+0x3c5/0x780
[  272.513532][ T3466]  ret_from_fork+0x48/0x80
[  272.517959][ T3466]  ret_from_fork_asm+0x1a/0x30
[  272.522750][ T3466] 
[  272.525071][ T3466] The buggy address belongs to the object at ffff8880307a4640
[  272.525071][ T3466]  which belongs to the cache kmalloc-32 of size 32
[  272.538962][ T3466] The buggy address is located 0 bytes to the right of
[  272.538962][ T3466]  allocated 24-byte region [ffff8880307a4640, ffff8880307a4658)
[  272.553380][ T3466] 
[  272.555701][ T3466] The buggy address belongs to the physical page:
[  272.562111][ T3466] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x307a4
[  272.571229][ T3466] anon flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff)
[  272.578779][ T3466] page_type: f5(slab)
[  272.582774][ T3466] raw: 00fff00000000000 ffff88801b441780 0000000000000000 dead000000000001
[  272.591375][ T3466] raw: 0000000000000000 0000000000400040 00000000f5000000 0000000000000000
[  272.599960][ T3466] page dumped because: kasan: bad access detected
[  272.606393][ T3466] page_owner tracks the page as allocated
[  272.612103][ T3466] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x52800(GFP_NOWAIT|__GFP_NORETRY|__GFP_COMP), pid 5741, tgid 5741 (dhcpcd-run-hook), ts 89207943594, free_ts 89206634714
[  272.630535][ T3466]  post_alloc_hook+0x181/0x1b0
[  272.635325][ T3466]  get_page_from_freelist+0x135c/0x3920
[  272.640900][ T3466]  __alloc_frozen_pages_noprof+0x263/0x23a0
[  272.646828][ T3466]  alloc_pages_mpol+0x1fb/0x550
[  272.651711][ T3466]  new_slab+0x244/0x340
[  272.655884][ T3466]  ___slab_alloc+0xd9c/0x1940
[  272.660586][ T3466]  __slab_alloc.constprop.0+0x56/0xb0
[  272.665981][ T3466]  __kmalloc_cache_noprof+0xfb/0x3e0
[  272.671310][ T3466]  kmem_cache_free+0x148/0x4d0
[  272.676100][ T3466]  exit_mmap+0x511/0xb90
[  272.680360][ T3466]  __mmput+0x12a/0x410
[  272.684454][ T3466]  mmput+0x62/0x70
[  272.688194][ T3466]  do_exit+0x9d1/0x2c30
[  272.692376][ T3466]  do_group_exit+0xd3/0x2a0
[  272.696920][ T3466]  __x64_sys_exit_group+0x3e/0x50
[  272.701979][ T3466]  x64_sys_call+0x1530/0x1730
[  272.706693][ T3466] page last free pid 5741 tgid 5741 stack trace:
[  272.713020][ T3466]  __free_frozen_pages+0x69d/0xff0
[  272.718155][ T3466]  tlb_finish_mmu+0x237/0x7b0
[  272.722984][ T3466]  exit_mmap+0x403/0xb90
[  272.727269][ T3466]  __mmput+0x12a/0x410
[  272.731369][ T3466]  mmput+0x62/0x70
[  272.735116][ T3466]  do_exit+0x9d1/0x2c30
[  272.739310][ T3466]  do_group_exit+0xd3/0x2a0
[  272.743854][ T3466]  __x64_sys_exit_group+0x3e/0x50
[  272.748921][ T3466]  x64_sys_call+0x1530/0x1730
[  272.753635][ T3466]  do_syscall_64+0xcd/0x260
[  272.758175][ T3466]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  272.764095][ T3466] 
[  272.766420][ T3466] Memory state around the buggy address:
[  272.772054][ T3466]  ffff8880307a4500: 00 00 00 00 fc fc fc fc fa fb fb fb fc fc fc fc
[  272.780136][ T3466]  ffff8880307a4580: fa fb fb fb fc fc fc fc fa fb fb fb fc fc fc fc
[  272.788228][ T3466] >ffff8880307a4600: 00 00 00 00 fc fc fc fc 00 00 00 fc fc fc fc fc
[  272.796304][ T3466]                                                     ^
[  272.803258][ T3466]  ffff8880307a4680: 00 00 00 00 fc fc fc fc 00 00 00 00 fc fc fc fc
[  272.811350][ T3466]  ffff8880307a4700: 00 00 00 00 fc fc fc fc 00 00 00 00 fc fc fc fc
[  272.819433][ T3466] ==================================================================
[  272.919690][ T3466] ==================================================================
[  272.927821][ T3466] BUG: KASAN: slab-out-of-bounds in _copy_from_iter+0x132f/0x15b0
[  272.935699][ T3466] Read of size 4 at addr ffff8880307a466c by task kworker/u8:9/3466
[  272.943710][ T3466] 
[  272.946058][ T3466] CPU: 0 UID: 0 PID: 3466 Comm: kworker/u8:9 Tainted: G    B               6.15.0-rc5-syzkaller-00043-gd76bb1ebb558 #0 PREEMPT(full) 
[  272.946120][ T3466] Tainted: [B]=BAD_PAGE
[  272.946134][ T3466] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/29/2025
[  272.946160][ T3466] Workqueue: events_unbound netfs_write_collection_worker
[  272.946232][ T3466] Call Trace:
[  272.946243][ T3466]  <TASK>
[  272.946257][ T3466]  dump_stack_lvl+0x116/0x1f0
[  272.946313][ T3466]  print_report+0xc3/0x670
[  272.946370][ T3466]  ? srso_alias_return_thunk+0x5/0xfbef5
[  272.946429][ T3466]  ? srso_alias_return_thunk+0x5/0xfbef5
[  272.946476][ T3466]  ? __phys_addr+0xc6/0x150
[  272.946538][ T3466]  ? _copy_from_iter+0x132f/0x15b0
[  272.946595][ T3466]  kasan_report+0xe0/0x110
[  272.946653][ T3466]  ? _copy_from_iter+0x132f/0x15b0
[  272.946715][ T3466]  _copy_from_iter+0x132f/0x15b0
[  272.946774][ T3466]  ? p9pdu_writef+0xc3/0x100
[  272.946809][ T3466]  ? __pfx__copy_from_iter+0x10/0x10
[  272.946866][ T3466]  ? srso_alias_return_thunk+0x5/0xfbef5
[  272.946910][ T3466]  ? lock_acquire+0x2cd/0x350
[  272.946967][ T3466]  ? srso_alias_return_thunk+0x5/0xfbef5
[  272.947015][ T3466]  ? srso_alias_return_thunk+0x5/0xfbef5
[  272.947061][ T3466]  ? __asan_memcpy+0x3c/0x60
[  272.947111][ T3466]  p9pdu_vwritef+0x2da/0x1d30
[  272.947152][ T3466]  ? srso_alias_return_thunk+0x5/0xfbef5
[  272.947199][ T3466]  ? p9pdu_writef+0xc3/0x100
[  272.947235][ T3466]  ? __pfx_p9pdu_vwritef+0x10/0x10
[  272.947272][ T3466]  ? __pfx_p9_tag_alloc+0x10/0x10
[  272.947328][ T3466]  ? rcu_is_watching+0x12/0xc0
[  272.947374][ T3466]  ? rcu_is_watching+0x12/0xc0
[  272.947428][ T3466]  ? srso_alias_return_thunk+0x5/0xfbef5
[  272.947478][ T3466]  p9_client_prepare_req+0x247/0x4d0
[  272.947545][ T3466]  ? __pfx_p9_client_prepare_req+0x10/0x10
[  272.947602][ T3466]  ? srso_alias_return_thunk+0x5/0xfbef5
[  272.947650][ T3466]  ? trace_sched_exit_tp+0xde/0x130
[  272.947707][ T3466]  ? srso_alias_return_thunk+0x5/0xfbef5
[  272.947752][ T3466]  ? __schedule+0x1186/0x5de0
[  272.947797][ T3466]  ? srso_alias_return_thunk+0x5/0xfbef5
[  272.947846][ T3466]  p9_client_rpc+0x1c4/0xc50
[  272.947903][ T3466]  ? __pfx_p9_client_rpc+0x10/0x10
[  272.947960][ T3466]  ? __pfx___schedule+0x10/0x10
[  272.948005][ T3466]  ? __pfx_vprintk_emit+0x10/0x10
[  272.948053][ T3466]  ? srso_alias_return_thunk+0x5/0xfbef5
[  272.948099][ T3466]  ? rcu_is_watching+0x12/0xc0
[  272.948142][ T3466]  ? srso_alias_return_thunk+0x5/0xfbef5
[  272.948190][ T3466]  ? srso_alias_return_thunk+0x5/0xfbef5
[  272.948241][ T3466]  p9_client_write+0x245/0x6f0
[  272.948310][ T3466]  ? __pfx_p9_client_write+0x10/0x10
[  272.948378][ T3466]  v9fs_issue_write+0xe3/0x1b0
[  272.948443][ T3466]  ? __pfx_v9fs_issue_write+0x10/0x10
[  272.948495][ T3466]  ? iov_iter_advance+0x380/0x6c0
[  272.948559][ T3466]  ? srso_alias_return_thunk+0x5/0xfbef5
[  272.948605][ T3466]  ? rcu_is_watching+0x12/0xc0
[  272.948651][ T3466]  netfs_do_issue_write+0x95/0x110
[  272.948688][ T3466]  netfs_retry_writes+0x168a/0x1a50
[  272.948731][ T3466]  ? srso_alias_return_thunk+0x5/0xfbef5
[  272.948777][ T3466]  ? ieee80211_ibss_work+0xdb/0x1480
[  272.948824][ T3466]  ? srso_alias_return_thunk+0x5/0xfbef5
[  272.948871][ T3466]  ? __lock_acquire+0xaa4/0x1ba0
[  272.948932][ T3466]  ? __pfx_netfs_retry_writes+0x10/0x10
[  272.948976][ T3466]  ? srso_alias_return_thunk+0x5/0xfbef5
[  272.949023][ T3466]  ? register_lock_class+0x41/0x4c0
[  272.949082][ T3466]  ? srso_alias_return_thunk+0x5/0xfbef5
[  272.949127][ T3466]  ? do_raw_spin_lock+0x12c/0x2b0
[  272.949165][ T3466]  ? srso_alias_return_thunk+0x5/0xfbef5
[  272.949213][ T3466]  netfs_write_collection_worker+0x23fd/0x3830
[  272.949300][ T3466]  process_one_work+0x9cf/0x1b70
[  272.949346][ T3466]  ? __pfx_netfs_write_collection_worker+0x10/0x10
[  272.949428][ T3466]  ? __pfx_process_one_work+0x10/0x10
[  272.949469][ T3466]  ? srso_alias_return_thunk+0x5/0xfbef5
[  272.949521][ T3466]  ? srso_alias_return_thunk+0x5/0xfbef5
[  272.949575][ T3466]  ? assign_work+0x1a0/0x250
[  272.949613][ T3466]  worker_thread+0x6c8/0xf10
[  272.949663][ T3466]  ? __pfx_worker_thread+0x10/0x10
[  272.949703][ T3466]  kthread+0x3c5/0x780
[  272.949738][ T3466]  ? __pfx_kthread+0x10/0x10
[  272.949771][ T3466]  ? __pfx_kthread+0x10/0x10
[  272.949804][ T3466]  ? __pfx_kthread+0x10/0x10
[  272.949836][ T3466]  ? __pfx_kthread+0x10/0x10
[  272.949869][ T3466]  ? srso_alias_return_thunk+0x5/0xfbef5
[  272.949915][ T3466]  ? rcu_is_watching+0x12/0xc0
[  272.949960][ T3466]  ? __pfx_kthread+0x10/0x10
[  272.949994][ T3466]  ret_from_fork+0x48/0x80
[  272.950029][ T3466]  ? __pfx_kthread+0x10/0x10
[  272.950063][ T3466]  ret_from_fork_asm+0x1a/0x30
[  272.950131][ T3466]  </TASK>
[  272.950145][ T3466] 
[  273.394450][ T3466] Allocated by task 970:
[  273.398712][ T3466]  kasan_save_stack+0x33/0x60
[  273.403406][ T3466]  kasan_save_track+0x14/0x30
[  273.408094][ T3466]  __kasan_kmalloc+0xaa/0xb0
[  273.412702][ T3466]  nsim_fib6_rt_nh_add+0x4a/0x290
[  273.417772][ T3466]  nsim_fib_event_work+0x196a/0x2e80
[  273.423079][ T3466]  process_one_work+0x9cf/0x1b70
[  273.428025][ T3466]  worker_thread+0x6c8/0xf10
[  273.432618][ T3466]  kthread+0x3c5/0x780
[  273.436689][ T3466]  ret_from_fork+0x48/0x80
[  273.441105][ T3466]  ret_from_fork_asm+0x1a/0x30
[  273.445884][ T3466] 
[  273.448197][ T3466] The buggy address belongs to the object at ffff8880307a4640
[  273.448197][ T3466]  which belongs to the cache kmalloc-32 of size 32
[  273.462088][ T3466] The buggy address is located 20 bytes to the right of
[  273.462088][ T3466]  allocated 24-byte region [ffff8880307a4640, ffff8880307a4658)
[  273.476597][ T3466] 
[  273.478914][ T3466] The buggy address belongs to the physical page:
[  273.485315][ T3466] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x307a4
[  273.494074][ T3466] anon flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff)
[  273.501613][ T3466] page_type: f5(slab)
[  273.505593][ T3466] raw: 00fff00000000000 ffff88801b441780 0000000000000000 dead000000000001
[  273.514176][ T3466] raw: 0000000000000000 0000000000400040 00000000f5000000 0000000000000000
[  273.522840][ T3466] page dumped because: kasan: bad access detected
[  273.529244][ T3466] page_owner tracks the page as allocated
[  273.534946][ T3466] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x52800(GFP_NOWAIT|__GFP_NORETRY|__GFP_COMP), pid 5741, tgid 5741 (dhcpcd-run-hook), ts 89207943594, free_ts 89206634714
[  273.553362][ T3466]  post_alloc_hook+0x181/0x1b0
[  273.558142][ T3466]  get_page_from_freelist+0x135c/0x3920
[  273.563724][ T3466]  __alloc_frozen_pages_noprof+0x263/0x23a0
[  273.569633][ T3466]  alloc_pages_mpol+0x1fb/0x550
[  273.574500][ T3466]  new_slab+0x244/0x340
[  273.578662][ T3466]  ___slab_alloc+0xd9c/0x1940
[  273.583352][ T3466]  __slab_alloc.constprop.0+0x56/0xb0
[  273.588732][ T3466]  __kmalloc_cache_noprof+0xfb/0x3e0
[  273.594024][ T3466]  kmem_cache_free+0x148/0x4d0
[  273.598797][ T3466]  exit_mmap+0x511/0xb90
[  273.603063][ T3466]  __mmput+0x12a/0x410
[  273.607139][ T3466]  mmput+0x62/0x70
[  273.610869][ T3466]  do_exit+0x9d1/0x2c30
[  273.615067][ T3466]  do_group_exit+0xd3/0x2a0
[  273.619592][ T3466]  __x64_sys_exit_group+0x3e/0x50
[  273.624671][ T3466]  x64_sys_call+0x1530/0x1730
[  273.629361][ T3466] page last free pid 5741 tgid 5741 stack trace:
[  273.635679][ T3466]  __free_frozen_pages+0x69d/0xff0
[  273.640799][ T3466]  tlb_finish_mmu+0x237/0x7b0
[  273.645492][ T3466]  exit_mmap+0x403/0xb90
[  273.649757][ T3466]  __mmput+0x12a/0x410
[  273.653841][ T3466]  mmput+0x62/0x70
[  273.657567][ T3466]  do_exit+0x9d1/0x2c30
[  273.661733][ T3466]  do_group_exit+0xd3/0x2a0
[  273.666252][ T3466]  __x64_sys_exit_group+0x3e/0x50
[  273.671294][ T3466]  x64_sys_call+0x1530/0x1730
[  273.675988][ T3466]  do_syscall_64+0xcd/0x260
[  273.680523][ T3466]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  273.686426][ T3466] 
[  273.688741][ T3466] Memory state around the buggy address:
[  273.694362][ T3466]  ffff8880307a4500: 00 00 00 00 fc fc fc fc fa fb fb fb fc fc fc fc
[  273.702418][ T3466]  ffff8880307a4580: fa fb fb fb fc fc fc fc fa fb fb fb fc fc fc fc
[  273.710489][ T3466] >ffff8880307a4600: 00 00 00 00 fc fc fc fc 00 00 00 fc fc fc fc fc
[  273.718546][ T3466]                                                           ^
[  273.726014][ T3466]  ffff8880307a4680: 00 00 00 00 fc fc fc fc 00 00 00 00 fc fc fc fc
[  273.734075][ T3466]  ffff8880307a4700: 00 00 00 00 fc fc fc fc 00 00 00 00 fc fc fc fc
[  273.742130][ T3466] ==================================================================
[  273.750292][    C0] vkms_vblank_simulate: vblank timer overrun
[  273.757720][ T3466] ==================================================================
[  273.765819][ T3466] BUG: KASAN: slab-out-of-bounds in _copy_from_iter+0x1447/0x15b0
[  273.773678][ T3466] Read of size 8 at addr ffff8880307a4660 by task kworker/u8:9/3466
[  273.781673][ T3466] 
[  273.784016][ T3466] CPU: 0 UID: 0 PID: 3466 Comm: kworker/u8:9 Tainted: G    B               6.15.0-rc5-syzkaller-00043-gd76bb1ebb558 #0 PREEMPT(full) 
[  273.784070][ T3466] Tainted: [B]=BAD_PAGE
[  273.784082][ T3466] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/29/2025
[  273.784106][ T3466] Workqueue: events_unbound netfs_write_collection_worker
[  273.784171][ T3466] Call Trace:
[  273.784184][ T3466]  <TASK>
[  273.784197][ T3466]  dump_stack_lvl+0x116/0x1f0
[  273.784248][ T3466]  print_report+0xc3/0x670
[  273.784299][ T3466]  ? srso_alias_return_thunk+0x5/0xfbef5
[  273.784342][ T3466]  ? srso_alias_return_thunk+0x5/0xfbef5
[  273.784383][ T3466]  ? __phys_addr+0xc6/0x150
[  273.784432][ T3466]  ? _copy_from_iter+0x1447/0x15b0
[  273.784482][ T3466]  kasan_report+0xe0/0x110
[  273.784540][ T3466]  ? _copy_from_iter+0x1447/0x15b0
[  273.784595][ T3466]  _copy_from_iter+0x1447/0x15b0
[  273.784648][ T3466]  ? p9pdu_writef+0xc3/0x100
[  273.784682][ T3466]  ? __pfx__copy_from_iter+0x10/0x10
[  273.784735][ T3466]  ? srso_alias_return_thunk+0x5/0xfbef5
[  273.784776][ T3466]  ? lock_acquire+0x2cd/0x350
[  273.784828][ T3466]  ? srso_alias_return_thunk+0x5/0xfbef5
[  273.784871][ T3466]  ? srso_alias_return_thunk+0x5/0xfbef5
[  273.784913][ T3466]  ? __asan_memcpy+0x3c/0x60
[  273.784958][ T3466]  p9pdu_vwritef+0x2da/0x1d30
[  273.784995][ T3466]  ? srso_alias_return_thunk+0x5/0xfbef5
[  273.785036][ T3466]  ? p9pdu_writef+0xc3/0x100
[  273.785068][ T3466]  ? __pfx_p9pdu_vwritef+0x10/0x10
[  273.785102][ T3466]  ? __pfx_p9_tag_alloc+0x10/0x10
[  273.785152][ T3466]  ? rcu_is_watching+0x12/0xc0
[  273.785192][ T3466]  ? rcu_is_watching+0x12/0xc0
[  273.785231][ T3466]  ? srso_alias_return_thunk+0x5/0xfbef5
[  273.785276][ T3466]  p9_client_prepare_req+0x247/0x4d0
[  273.785328][ T3466]  ? __pfx_p9_client_prepare_req+0x10/0x10
[  273.785379][ T3466]  ? srso_alias_return_thunk+0x5/0xfbef5
[  273.785422][ T3466]  ? trace_sched_exit_tp+0xde/0x130
[  273.785473][ T3466]  ? srso_alias_return_thunk+0x5/0xfbef5
[  273.785514][ T3466]  ? __schedule+0x1186/0x5de0
[  273.785559][ T3466]  ? srso_alias_return_thunk+0x5/0xfbef5
[  273.785605][ T3466]  p9_client_rpc+0x1c4/0xc50
[  273.785656][ T3466]  ? __pfx_p9_client_rpc+0x10/0x10
[  273.785709][ T3466]  ? __pfx___schedule+0x10/0x10
[  273.785752][ T3466]  ? __pfx_vprintk_emit+0x10/0x10
[  273.785795][ T3466]  ? srso_alias_return_thunk+0x5/0xfbef5
[  273.785836][ T3466]  ? rcu_is_watching+0x12/0xc0
[  273.785875][ T3466]  ? srso_alias_return_thunk+0x5/0xfbef5
[  273.785918][ T3466]  ? srso_alias_return_thunk+0x5/0xfbef5
[  273.785964][ T3466]  p9_client_write+0x245/0x6f0
[  273.786027][ T3466]  ? __pfx_p9_client_write+0x10/0x10
[  273.786089][ T3466]  v9fs_issue_write+0xe3/0x1b0
[  273.786138][ T3466]  ? __pfx_v9fs_issue_write+0x10/0x10
[  273.786186][ T3466]  ? iov_iter_advance+0x380/0x6c0
[  273.786235][ T3466]  ? srso_alias_return_thunk+0x5/0xfbef5
[  273.786276][ T3466]  ? rcu_is_watching+0x12/0xc0
[  273.786318][ T3466]  netfs_do_issue_write+0x95/0x110
[  273.786352][ T3466]  netfs_retry_writes+0x168a/0x1a50
[  273.786389][ T3466]  ? srso_alias_return_thunk+0x5/0xfbef5
[  273.786431][ T3466]  ? ieee80211_ibss_work+0xdb/0x1480
[  273.786473][ T3466]  ? srso_alias_return_thunk+0x5/0xfbef5
[  273.786514][ T3466]  ? __lock_acquire+0xaa4/0x1ba0
[  273.786574][ T3466]  ? __pfx_netfs_retry_writes+0x10/0x10
[  273.786614][ T3466]  ? srso_alias_return_thunk+0x5/0xfbef5
[  273.786654][ T3466]  ? register_lock_class+0x41/0x4c0
[  273.786708][ T3466]  ? srso_alias_return_thunk+0x5/0xfbef5
[  273.786750][ T3466]  ? do_raw_spin_lock+0x12c/0x2b0
[  273.786785][ T3466]  ? srso_alias_return_thunk+0x5/0xfbef5
[  273.786830][ T3466]  netfs_write_collection_worker+0x23fd/0x3830
[  273.786911][ T3466]  process_one_work+0x9cf/0x1b70
[  273.786954][ T3466]  ? __pfx_netfs_write_collection_worker+0x10/0x10
[  273.787015][ T3466]  ? __pfx_process_one_work+0x10/0x10
[  273.787051][ T3466]  ? srso_alias_return_thunk+0x5/0xfbef5
[  273.787098][ T3466]  ? srso_alias_return_thunk+0x5/0xfbef5
[  273.787140][ T3466]  ? assign_work+0x1a0/0x250
[  273.787173][ T3466]  worker_thread+0x6c8/0xf10
[  273.787218][ T3466]  ? __pfx_worker_thread+0x10/0x10
[  273.787254][ T3466]  kthread+0x3c5/0x780
[  273.787285][ T3466]  ? __pfx_kthread+0x10/0x10
[  273.787314][ T3466]  ? __pfx_kthread+0x10/0x10
[  273.787344][ T3466]  ? __pfx_kthread+0x10/0x10
[  273.787374][ T3466]  ? __pfx_kthread+0x10/0x10
[  273.787403][ T3466]  ? srso_alias_return_thunk+0x5/0xfbef5
[  273.787444][ T3466]  ? rcu_is_watching+0x12/0xc0
[  273.787484][ T3466]  ? __pfx_kthread+0x10/0x10
[  273.787515][ T3466]  ret_from_fork+0x48/0x80
[  273.787550][ T3466]  ? __pfx_kthread+0x10/0x10
[  273.787581][ T3466]  ret_from_fork_asm+0x1a/0x30
[  273.787643][ T3466]  </TASK>
[  273.787654][ T3466] 
[  274.232271][ T3466] Allocated by task 970:
[  274.236521][ T3466]  kasan_save_stack+0x33/0x60
[  274.241238][ T3466]  kasan_save_track+0x14/0x30
[  274.245946][ T3466]  __kasan_kmalloc+0xaa/0xb0
[  274.250565][ T3466]  nsim_fib6_rt_nh_add+0x4a/0x290
[  274.255630][ T3466]  nsim_fib_event_work+0x196a/0x2e80
[  274.261077][ T3466]  process_one_work+0x9cf/0x1b70
[  274.266041][ T3466]  worker_thread+0x6c8/0xf10
[  274.270648][ T3466]  kthread+0x3c5/0x780
[  274.274728][ T3466]  ret_from_fork+0x48/0x80
[  274.279163][ T3466]  ret_from_fork_asm+0x1a/0x30
[  274.283960][ T3466] 
[  274.286283][ T3466] The buggy address belongs to the object at ffff8880307a4640
[  274.286283][ T3466]  which belongs to the cache kmalloc-32 of size 32
[  274.300240][ T3466] The buggy address is located 8 bytes to the right of
[  274.300240][ T3466]  allocated 24-byte region [ffff8880307a4640, ffff8880307a4658)
[  274.314677][ T3466] 
[  274.317007][ T3466] The buggy address belongs to the physical page:
[  274.323423][ T3466] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x307a4
[  274.332199][ T3466] anon flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff)
[  274.339766][ T3466] page_type: f5(slab)
[  274.343775][ T3466] raw: 00fff00000000000 ffff88801b441780 0000000000000000 dead000000000001
[  274.352390][ T3466] raw: 0000000000000000 0000000000400040 00000000f5000000 0000000000000000
[  274.360990][ T3466] page dumped because: kasan: bad access detected
[  274.367411][ T3466] page_owner tracks the page as allocated
[  274.373129][ T3466] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x52800(GFP_NOWAIT|__GFP_NORETRY|__GFP_COMP), pid 5741, tgid 5741 (dhcpcd-run-hook), ts 89207943594, free_ts 89206634714
[  274.391674][ T3466]  post_alloc_hook+0x181/0x1b0
[  274.396481][ T3466]  get_page_from_freelist+0x135c/0x3920
[  274.402065][ T3466]  __alloc_frozen_pages_noprof+0x263/0x23a0
[  274.408000][ T3466]  alloc_pages_mpol+0x1fb/0x550
[  274.412889][ T3466]  new_slab+0x244/0x340
[  274.417074][ T3466]  ___slab_alloc+0xd9c/0x1940
[  274.421776][ T3466]  __slab_alloc.constprop.0+0x56/0xb0
[  274.427184][ T3466]  __kmalloc_cache_noprof+0xfb/0x3e0
[  274.432497][ T3466]  kmem_cache_free+0x148/0x4d0
[  274.437293][ T3466]  exit_mmap+0x511/0xb90
[  274.441569][ T3466]  __mmput+0x12a/0x410
[  274.445674][ T3466]  mmput+0x62/0x70
[  274.449442][ T3466]  do_exit+0x9d1/0x2c30
[  274.453640][ T3466]  do_group_exit+0xd3/0x2a0
[  274.458179][ T3466]  __x64_sys_exit_group+0x3e/0x50
[  274.463238][ T3466]  x64_sys_call+0x1530/0x1730
[  274.467953][ T3466] page last free pid 5741 tgid 5741 stack trace:
[  274.474284][ T3466]  __free_frozen_pages+0x69d/0xff0
[  274.479423][ T3466]  tlb_finish_mmu+0x237/0x7b0
[  274.484129][ T3466]  exit_mmap+0x403/0xb90
[  274.488393][ T3466]  __mmput+0x12a/0x410
[  274.492487][ T3466]  mmput+0x62/0x70
[  274.496233][ T3466]  do_exit+0x9d1/0x2c30
[  274.500422][ T3466]  do_group_exit+0xd3/0x2a0
[  274.504958][ T3466]  __x64_sys_exit_group+0x3e/0x50
[  274.510017][ T3466]  x64_sys_call+0x1530/0x1730
[  274.514748][ T3466]  do_syscall_64+0xcd/0x260
[  274.519291][ T3466]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  274.525212][ T3466] 
[  274.527537][ T3466] Memory state around the buggy address:
[  274.533194][ T3466]  ffff8880307a4500: 00 00 00 00 fc fc fc fc fa fb fb fb fc fc fc fc
[  274.541282][ T3466]  ffff8880307a4580: fa fb fb fb fc fc fc fc fa fb fb fb fc fc fc fc
[  274.549363][ T3466] >ffff8880307a4600: 00 00 00 00 fc fc fc fc 00 00 00 fc fc fc fc fc
[  274.557435][ T3466]                                                        ^
[  274.564639][ T3466]  ffff8880307a4680: 00 00 00 00 fc fc fc fc 00 00 00 00 fc fc fc fc
[  274.572711][ T3466]  ffff8880307a4700: 00 00 00 00 fc fc fc fc 00 00 00 00 fc fc fc fc
[  274.580778][ T3466] ==================================================================
[  274.597984][ T3466] ==================================================================
[  274.606074][ T3466] BUG: KASAN: slab-out-of-bounds in _copy_from_iter+0x1459/0x15b0
[  274.613930][ T3466] Read of size 4 at addr ffff8880307a4668 by task kworker/u8:9/3466
[  274.621927][ T3466] 
[  274.624270][ T3466] CPU: 1 UID: 0 PID: 3466 Comm: kworker/u8:9 Tainted: G    B               6.15.0-rc5-syzkaller-00043-gd76bb1ebb558 #0 PREEMPT(full) 
[  274.624330][ T3466] Tainted: [B]=BAD_PAGE
[  274.624344][ T3466] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/29/2025
[  274.624370][ T3466] Workqueue: events_unbound netfs_write_collection_worker
[  274.624440][ T3466] Call Trace:
[  274.624453][ T3466]  <TASK>
[  274.624466][ T3466]  dump_stack_lvl+0x116/0x1f0
[  274.624519][ T3466]  print_report+0xc3/0x670
[  274.624592][ T3466]  ? srso_alias_return_thunk+0x5/0xfbef5
[  274.624638][ T3466]  ? srso_alias_return_thunk+0x5/0xfbef5
[  274.624682][ T3466]  ? __phys_addr+0xc6/0x150
[  274.624735][ T3466]  ? _copy_from_iter+0x1459/0x15b0
[  274.624789][ T3466]  kasan_report+0xe0/0x110
[  274.624847][ T3466]  ? _copy_from_iter+0x1459/0x15b0
[  274.624908][ T3466]  _copy_from_iter+0x1459/0x15b0
[  274.624966][ T3466]  ? p9pdu_writef+0xc3/0x100
[  274.625004][ T3466]  ? __pfx__copy_from_iter+0x10/0x10
[  274.625062][ T3466]  ? srso_alias_return_thunk+0x5/0xfbef5
[  274.625108][ T3466]  ? lock_acquire+0x2cd/0x350
[  274.625165][ T3466]  ? srso_alias_return_thunk+0x5/0xfbef5
[  274.625211][ T3466]  ? srso_alias_return_thunk+0x5/0xfbef5
[  274.625256][ T3466]  ? __asan_memcpy+0x3c/0x60
[  274.625304][ T3466]  p9pdu_vwritef+0x2da/0x1d30
[  274.625344][ T3466]  ? srso_alias_return_thunk+0x5/0xfbef5
[  274.625389][ T3466]  ? p9pdu_writef+0xc3/0x100
[  274.625423][ T3466]  ? __pfx_p9pdu_vwritef+0x10/0x10
[  274.625460][ T3466]  ? __pfx_p9_tag_alloc+0x10/0x10
[  274.625516][ T3466]  ? rcu_is_watching+0x12/0xc0
[  274.625567][ T3466]  ? rcu_is_watching+0x12/0xc0
[  274.625609][ T3466]  ? srso_alias_return_thunk+0x5/0xfbef5
[  274.625660][ T3466]  p9_client_prepare_req+0x247/0x4d0
[  274.625718][ T3466]  ? __pfx_p9_client_prepare_req+0x10/0x10
[  274.625774][ T3466]  ? srso_alias_return_thunk+0x5/0xfbef5
[  274.625822][ T3466]  ? trace_sched_exit_tp+0xde/0x130
[  274.625877][ T3466]  ? srso_alias_return_thunk+0x5/0xfbef5
[  274.625923][ T3466]  ? __schedule+0x1186/0x5de0
[  274.625969][ T3466]  ? srso_alias_return_thunk+0x5/0xfbef5
[  274.626020][ T3466]  p9_client_rpc+0x1c4/0xc50
[  274.626077][ T3466]  ? __pfx_p9_client_rpc+0x10/0x10
[  274.626136][ T3466]  ? __pfx___schedule+0x10/0x10
[  274.626183][ T3466]  ? __pfx_vprintk_emit+0x10/0x10
[  274.626232][ T3466]  ? srso_alias_return_thunk+0x5/0xfbef5
[  274.626277][ T3466]  ? rcu_is_watching+0x12/0xc0
[  274.626320][ T3466]  ? srso_alias_return_thunk+0x5/0xfbef5
[  274.626367][ T3466]  ? srso_alias_return_thunk+0x5/0xfbef5
[  274.626419][ T3466]  p9_client_write+0x245/0x6f0
[  274.626488][ T3466]  ? __pfx_p9_client_write+0x10/0x10
[  274.626563][ T3466]  v9fs_issue_write+0xe3/0x1b0
[  274.626617][ T3466]  ? __pfx_v9fs_issue_write+0x10/0x10
[  274.626668][ T3466]  ? iov_iter_advance+0x380/0x6c0
[  274.626723][ T3466]  ? srso_alias_return_thunk+0x5/0xfbef5
[  274.626769][ T3466]  ? rcu_is_watching+0x12/0xc0
[  274.626815][ T3466]  netfs_do_issue_write+0x95/0x110
[  274.626853][ T3466]  netfs_retry_writes+0x168a/0x1a50
[  274.626895][ T3466]  ? srso_alias_return_thunk+0x5/0xfbef5
[  274.626941][ T3466]  ? ieee80211_ibss_work+0xdb/0x1480
[  274.626988][ T3466]  ? srso_alias_return_thunk+0x5/0xfbef5
[  274.627034][ T3466]  ? __lock_acquire+0xaa4/0x1ba0
[  274.627095][ T3466]  ? __pfx_netfs_retry_writes+0x10/0x10
[  274.627138][ T3466]  ? srso_alias_return_thunk+0x5/0xfbef5
[  274.627184][ T3466]  ? register_lock_class+0x41/0x4c0
[  274.627243][ T3466]  ? srso_alias_return_thunk+0x5/0xfbef5
[  274.627288][ T3466]  ? do_raw_spin_lock+0x12c/0x2b0
[  274.627326][ T3466]  ? srso_alias_return_thunk+0x5/0xfbef5
[  274.627375][ T3466]  netfs_write_collection_worker+0x23fd/0x3830
[  274.627462][ T3466]  process_one_work+0x9cf/0x1b70