last executing test programs:

1m29.339433031s ago: executing program 2 (id=3):
syz_mount_image$ext4(&(0x7f00000004c0)='ext4\x00', &(0x7f0000000500)='./file0\x00', 0x1000410, &(0x7f0000000000)={[{@norecovery}, {@sysvgroups}]}, 0x4, 0x4eb, &(0x7f0000000540)="$eJzs3c9vVFsdAPDvnXZoKQMFZaFGBRFFQ5j+ABqCC2GjMYTESFy5gNoOTdMZpum0SCuLsnRvIokr/RPcuTBh5cKdO925wYUJKnkv9CVvMS/3zqUd2g7te7Qd6Hw+ye2955xhvufMcM6Ze2B6AuhZZyNiNSKORMS9iBjO85P8iButI33cq5ePp9ZePp5Kotm8878kK0/zou3PpI7lzzkYET/7ccQvk61xG8src5PVamUhT48s1uZHGssrl2YLec74xNjE6LXLV8f3rK1nan968aPZWz//y5+/8fzvq9//dVqt0m+OZ2Xt7dhLraYXo9SW1x8Rt/YjWJf0539/+PCkve1LEXEu6//D0Ze9mwDAYdZsDkdzuD0NABx26f1/KZJCOV8LKEWhUC631vBOx1ChWm8sXhyuLz2YjmwN62QUC/dnq5XRfK3wZBSTND2WXW+kxzelL0fEqYj47cDRLF2eqlenu/nBBwB62LFN8//HA635HwA45Aa7XQEA4MCZ/wGg95j/AaD3fI7537cDAeCQcP8PAL3H/A8AvWfH+f/JwdQDADgQP719Oz2aa/nvv55+uLz0g9LDS9OVxly5tjRVnqovzJdn6vWZaqU81Wzu9HzVen1+7Mp6srG8crdWX3qweHe2NjlTuVsp7nN7AICdnTrz7J9JRKxeP5od0baXg7kaDrdCtysAdE1ftysAdI3v80Dv2sU9vmUAOOS22aL3DR3/i9BTm7/Ch+rCV63/Q6+y/g+964ut//9wz+sBHDzr/9C7ms3Env8A0GOs8QPv9O//AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA0KNK2ZEUytle4Kvpz0K5HHE8Ik5GMbk/W62MRsSJiPjHQHEgTY91u9IAwDsq/CfJ9/+6MHy+tLn0SPLJQHaOiF/9/s7vHk0uLi6Mpfn/X89ffJrnjx/pRgMAgHY3tma15un83HYj/+rl46nXx0FW8cXN1uaiady1/GiV9Ed/dh6MYkQMfZTk6Zb080rfHsRffRIRX9lo/6O2CKVsDaS18+nm+Gns4/sQf+P13xy/8Eb8QlaWnovZa/HlPagL9JpnN1vjZN730i6W979CnM3O2/f/wWyEenevx7+1LeNfYX3869sSP8n6/Nn19Ntr8uLKX3+yJbM53Cp7EvG1/u3iJ+vxkw7j7/ldtvFfX//muU5lzT9EXIjt47fUsmF2ZLE2P9JYXrk0W5ucqcxUHoyPT4xNjF67fHV8JFujbv3823Yx/nv94olO8dP2D3WIP7hD+7+zy/b/8dN7v/jWW+J/79vbv/+n3xI/nRO/u8v4k0M3Om7fncaf7tD+nd7/i7uM//zfK9O7fCgAcAAayytzk9VqZWGHi/Sz5k6PcfFhXsRqxHtQDRfv1UW3RyZgv210+m7XBAAAAAAAAAAAAAAA6KSxvDI3EPv7daJutxEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIDD67MAAAD//w/PzvM=")
mount(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f0000000000)='debugfs\x00', 0x0, &(0x7f0000000380))

1m28.269183942s ago: executing program 2 (id=9):
r0 = bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000001d40)={&(0x7f0000000000)='hrtimer_start\x00', r0}, 0x10)
openat$random(0xffffffffffffff9c, &(0x7f000000fe80), 0x40800, 0x0)
socket$nl_xfrm(0x10, 0x3, 0x6)
r1 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_tcp_TCP_REPAIR(r1, 0x6, 0x13, &(0x7f0000000100)=0x1, 0x4)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x80000100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000300)=0x7)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r2 = getpid()
sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x3)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
r3 = syz_clone(0x8000, 0x0, 0xfffffffffffffe7e, 0x0, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, r3, 0x1, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x400000bce)
read$msr(0xffffffffffffffff, &(0x7f0000019680)=""/102392, 0x18ff8)
connect$inet6(r1, &(0x7f00000001c0)={0xa, 0x0, 0x0, @loopback, 0x8001}, 0x1c)
r4 = socket$netlink(0x10, 0x3, 0x0)
writev(r4, 0x0, 0x0)
setsockopt$inet6_tcp_TCP_REPAIR(r1, 0x6, 0x13, &(0x7f0000001840), 0x4)

1m22.835786739s ago: executing program 2 (id=27):
sendmmsg$inet(0xffffffffffffffff, &(0x7f00000017c0)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0)
syz_emit_ethernet(0x1de, &(0x7f0000000000)=ANY=[@ANYBLOB="aaaaaaaaaaaaaaaaaaaaaaaa86dd606410a601a800000e030000000000000000000000000000fe8000000000000000000000000000aa223431"], 0x0)
bpf$ENABLE_STATS(0x20, 0x0, 0x0)
r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000340)=ANY=[], 0x48)
ioctl$SNDRV_TIMER_IOCTL_CREATE(0xffffffffffffffff, 0xc02054a5, &(0x7f0000000040)={0x394a, r0, 'id0\x00'})
r1 = socket$inet6_tcp(0xa, 0x1, 0x0)
r2 = socket$inet6_tcp(0xa, 0x1, 0x0)
ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r2, 0x8933, &(0x7f0000000080)={'batadv_slave_1\x00', <r3=>0x0})
ioctl$sock_inet6_SIOCADDRT(r1, 0x890b, &(0x7f0000000800)={@private1={0xfc, 0x1, '\x00', 0x1}, @private2={0xfc, 0x2, '\x00', 0xfe}, @ipv4={'\x00', '\xff\xff', @empty}, 0x1, 0x6, 0x0, 0x100, 0x9, 0xc01cb, r3})
r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x6, 0x10, &(0x7f0000000200)=ANY=[@ANYRESHEX=r0, @ANYBLOB="0000000000b009cfd4f2300b1c0f0afe6599312c4e000000b7"], &(0x7f0000000600)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', r3, @fallback=0x2f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000640)={r4, 0x0, 0xe, 0x0, &(0x7f0000000740)="00800000000000000045a9000000", 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0xf}, 0x3e)
r5 = socket$inet(0x2, 0x2, 0x0)
futex(0x0, 0xb, 0x1, 0x0, 0xfffffffffffffffc, 0x2)
setsockopt$inet_mreqn(r5, 0x0, 0x23, &(0x7f0000000740)={@multicast2, @loopback}, 0xc)
writev(0xffffffffffffffff, &(0x7f00000003c0)=[{&(0x7f0000000180)="390000001300034700bb65e1c3e4ffff01000000010000005600000025000000190004000400000007fd17e5ffff0800040000000000000000", 0x39}], 0x1)
writev(0xffffffffffffffff, &(0x7f0000000300)=[{&(0x7f00000001c0)="390000001300034700bb5be1c3e4feff06000000010000004500000025000000190004000400ad000d00000000000006040000000000", 0x36}], 0x1)
setsockopt$inet_msfilter(r5, 0x0, 0x29, &(0x7f0000000000)=ANY=[@ANYBLOB="e0000002"], 0x57)

1m22.2915099s ago: executing program 32 (id=27):
sendmmsg$inet(0xffffffffffffffff, &(0x7f00000017c0)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0)
syz_emit_ethernet(0x1de, &(0x7f0000000000)=ANY=[@ANYBLOB="aaaaaaaaaaaaaaaaaaaaaaaa86dd606410a601a800000e030000000000000000000000000000fe8000000000000000000000000000aa223431"], 0x0)
bpf$ENABLE_STATS(0x20, 0x0, 0x0)
r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000340)=ANY=[], 0x48)
ioctl$SNDRV_TIMER_IOCTL_CREATE(0xffffffffffffffff, 0xc02054a5, &(0x7f0000000040)={0x394a, r0, 'id0\x00'})
r1 = socket$inet6_tcp(0xa, 0x1, 0x0)
r2 = socket$inet6_tcp(0xa, 0x1, 0x0)
ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r2, 0x8933, &(0x7f0000000080)={'batadv_slave_1\x00', <r3=>0x0})
ioctl$sock_inet6_SIOCADDRT(r1, 0x890b, &(0x7f0000000800)={@private1={0xfc, 0x1, '\x00', 0x1}, @private2={0xfc, 0x2, '\x00', 0xfe}, @ipv4={'\x00', '\xff\xff', @empty}, 0x1, 0x6, 0x0, 0x100, 0x9, 0xc01cb, r3})
r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x6, 0x10, &(0x7f0000000200)=ANY=[@ANYRESHEX=r0, @ANYBLOB="0000000000b009cfd4f2300b1c0f0afe6599312c4e000000b7"], &(0x7f0000000600)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', r3, @fallback=0x2f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000640)={r4, 0x0, 0xe, 0x0, &(0x7f0000000740)="00800000000000000045a9000000", 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0xf}, 0x3e)
r5 = socket$inet(0x2, 0x2, 0x0)
futex(0x0, 0xb, 0x1, 0x0, 0xfffffffffffffffc, 0x2)
setsockopt$inet_mreqn(r5, 0x0, 0x23, &(0x7f0000000740)={@multicast2, @loopback}, 0xc)
writev(0xffffffffffffffff, &(0x7f00000003c0)=[{&(0x7f0000000180)="390000001300034700bb65e1c3e4ffff01000000010000005600000025000000190004000400000007fd17e5ffff0800040000000000000000", 0x39}], 0x1)
writev(0xffffffffffffffff, &(0x7f0000000300)=[{&(0x7f00000001c0)="390000001300034700bb5be1c3e4feff06000000010000004500000025000000190004000400ad000d00000000000006040000000000", 0x36}], 0x1)
setsockopt$inet_msfilter(r5, 0x0, 0x29, &(0x7f0000000000)=ANY=[@ANYBLOB="e0000002"], 0x57)

17.667525432s ago: executing program 0 (id=166):
r0 = gettid()
timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r0}, &(0x7f0000000300)=<r1=>0x0)
r2 = socket$vsock_stream(0x28, 0x1, 0x0)
connect$vsock_stream(r2, &(0x7f0000000140)={0x28, 0x0, 0x1, @hyper}, 0x10)
clock_gettime(0x0, &(0x7f00000000c0)={<r3=>0x0, <r4=>0x0})
timer_settime(r1, 0x0, &(0x7f0000000280)={{r3, r4+60000000}, {0x0, 0x989680}}, 0x0)
futex(&(0x7f0000004000), 0x5, 0x0, 0x0, &(0x7f0000004000), 0x82020000)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000000)='hugetlb.2MB.usage_in_bytes\x00', 0x275a, 0x0)
ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, &(0x7f0000000040)={'wlan1\x00'})
r5 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
ioctl(r5, 0x8b2c, &(0x7f0000000040))
bpf$PROG_LOAD(0x5, &(0x7f0000000500)={0x8, 0x4, &(0x7f0000000180)=ANY=[], &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @cgroup_skb=0x1, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0700000004000000080200000100000000000000", @ANYRES32, @ANYBLOB='\x00'/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB='\x00'/28], 0x50)
keyctl$clear(0x3, 0xfffffffffffffffd)
openat$binderfs(0xffffffffffffff9c, &(0x7f00000001c0)='./binderfs/custom0\x00', 0x2, 0x0)
keyctl$set_reqkey_keyring(0xe, 0x5)
request_key(&(0x7f0000000280)='user\x00', &(0x7f0000000380)={'syz', 0x3}, &(0x7f0000000200)=')\x00', 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000100)={&(0x7f0000000080)='sched_switch\x00'}, 0x18)
r6 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000002c80)={0x3, 0xc, &(0x7f00000007c0)=ANY=[@ANYBLOB="1802000000000000000000000000000085000000870000001801000020786c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000009b000000950000000000000075"], &(0x7f0000000080)='syzkaller\x00'}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000000)={r6, 0x2000000, 0xe, 0x0, &(0x7f00000002c0)="bf4b3e9e3a9e9a758f8ea2a244a7", 0x0, 0x8001, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50)

16.452406356s ago: executing program 0 (id=169):
syz_mount_image$ext4(&(0x7f0000000280)='ext4\x00', &(0x7f0000000500)='./file0\x00', 0x0, &(0x7f0000000800)={[{@nobarrier}, {@jqfmt_vfsv1}, {@orlov}, {@errors_remount}, {@errors_remount}, {@nodiscard}, {@grpjquota}, {@nodelalloc}, {@errors_remount}]}, 0x1, 0x563, &(0x7f0000001080)="$eJzs3c9vI1cdAPDvTH443W6bXegBKmAXKCzVau2Nt11VvbRcQKiqhKg4IA7bkHijsPY6xE5pQiTSvwEkkDjBn8ABiQOiJw7cOII4IEQ5IBWIQBskDkYzniQmcVizcexu/PlIs543b2a+79k7856fHb8AJtbViNiJiNmIeDMi5ovtSbHEq90l2+/B7vbS3u72UhKdzht/S/L8bFv0HJN5sjjnXER85YsR30iOx21tbt1brNdr60W60m6sVVqbWzdWG4srtZXa/Wr19sLtmy/derE6tLpeafz0/S+svvbVX/z84+/9Zuf572TFuljk9dZjmLpVnzmIk5mOiNfOItgYTBWPs2MuB48mjYgPRcSn8ut/Pqby/50AwHnW6cxHZ743DQCcd2k+Bpak5YhI06ITUO6O4T0TF9J6s9W+fre5cX+5O1Z2KWbSu6v12s3Lpd9/K995JsnSC3lenp+nq0fStyLickR8v/REni4vNevL4+nyAMDEe7K3/Y+If5bStFwe6NA+n+oBAI+NuXEXAAAYOe0/AEwe7T8ATJ4B2v/iw/6dMy8LADAa3v8DwOTR/gPA5NH+A8BE+fLrr2dLZ6/4/evltzY37jXfurFca90rNzaWykvN9bXySrO5kv9mT+Nh56s3m2sLL8TG25V2rdWutDa37jSaG/fbd/Lf9b5TmxlJrQCA/+XylXd/m0TEzstP5Ev0zOWgrYbzLR3iXsDjZeo0B+sgwGPNbF8wuQZqwvNOwq/PvCzAePT+mHdpf6Xne0EnfkXoh/9HEN8zgg+Uax8dfPzfHM9wvhjZh8n1aOP/rwy9HMDoGf+HydXpJEfn/J89yAIAzqU+n/+XBu06fHeYHRFgbB42mfdQPv8HAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACAc+ZiRHwzkrSczwWeZv+m5XLEUxFxKWaSu6v12s2IeDquRMRMKUsvHB4+O86yAwCPKv1LUsz/dW3+uYtHc2eTf+XzAWYN/bd/9MYP3l5st9cXsu1/P9he2p8+rHp4XJ95BQGA4fvTIDvl7Xe1eOx5I/9gd3tpfznDMh7z/ucPJh9d2tvdzpduznR0Op1OxFzel7jwjySmi2PmIuLZiJgaQvyddyLiI/3qn+RjI5eKmU9740cR+6mRxk//K36a53Ufs6fvw0MoC0yad7P7z6v9rr80ruaP/a//ufwOdXr5/W8uYv/et9cTf7qINPW74/Gza/7qoDFe+NWXjm3szHfz3ol4drpf/OQgftKn/tm25waM/4ePfeJ7r5yQ1/lxxLXoH783VqXdWKu0NrdurDYWV2ortfvV6u2F2zdfuvVitZKPUVf2R6qP++vL158+qWxZ/S+cEH+ub/0Ph7w/M2D9f/LvN7/+ycNk6Wj8z326/+v/TN/4Xc9HxGcHjL944WcnTt+dxV8+of4Pe/2vDxj/vT9vLQ+4KwAwAq3NrXuL9Xpt/VQr2bvQYZzn2EpWxMF23u8uni7oHyNfOf60ZH2fYdUr64wNsvPMqauT/nKYr/LgK9MHfcXhnvlr2RlHVoviORx6LU618mBUscZ0QwJG5vCiH3dJAAAAAAAAAAAAAACAk4ziT5fGXUcAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADOr/8EAAD//6KSwF0=")
syz_mount_image$ext4(&(0x7f00000007c0)='ext4\x00', &(0x7f00000006c0)='./file1\x00', 0x40, &(0x7f0000000000)={[{@user_xattr}, {@errors_remount}]}, 0x1, 0x576, &(0x7f0000000140)="$eJzs3T1sG2UfAPD/neO3X3nf9JXeVwLUoQKkIlV1kn5AYWpXRKVKHZBYIHLcqIoTV7EDTZQh3StEBwSoS9lgYAQxMCAWRlYWEDNSRSOQmg5g5K80TZzglDouud9POvuee87+P8+d/499pzs5gMw62nhII56OiItJxMi6uqFoVx5trbe6slS8v7JUTKJev/RLEklE3FtZKnbWT9rPhyJiOSKeiohv8hHH081xqwuL0xPlcmmuXR6tzVwdrS4snrgyMzFVmirNnnrp5TNnT58ZPzm+/mX36+tL+Z319caPN9+98d2rt29++tmR5eL7E0mci+F23fp+PE6tbZKPcxuWn+5HsAFKBt0AHkmuneeNVPp/jESunfXd1Ed2tWlAn9X3RdSBjErkP2RU53dA4/i3M+3m748751sHII24q+2pVTPUOjcR+5vHJgd/TR46Mmkcbx7ezYayJy1fj4ixoaHNn/+k/fl7dGOPo4H01dfnWztq8/5P18af6DL+DHfOnf5NnfFvddP49yB+bovx72KPMX5/46ePtox/PeKZrvGTtfhJl/hpRLzVY/xbr395dqu6+scRx6J7/I5k+/PDo5evlEtjrceuMb46duSV7fp/cIv4rXO2+5tfM922f5fT2l198e3nzy5vE/+F57bf/922/4GIeK/H+P+998lrW9XduZ7cbfwK2On+TyIft3uM/+K5oz/0uCoAAAAAAAAAALADafNatiQtrM2naaHQuof3f3EwLVeqteOXK/Ozk61r3g5HPu1caTXSKieN8nj7etxO+eSG8qlcO2DuQLNcKFbKkwPuOwAAAAAAAAAAAAAAAAAAADwpDm24//+3XPP+/41/Vw3sVVv/5Tew18l/yK6H8z8ZWDuA3ef7HzKrLv8hu+Q/ZJf8h+yS/5Bd8h+yS/5Ddsl/AAAAAAAAAAAAAAAAAAAAAAAAAADoi4sXLjSm+v2VpWKjPDm0MD9defvEZKk6XZiZLxaKlbmrhalKZapcKhQrM3/1fkmlcnUsZuevjdZK1dpodWHxzZnK/GznP0VL+b73CAAAAAAAAAAAAAAAAAAAAP55hptTkhYiIm3Op2mhEPHviDicRHL5Srk0FhH/iYjvc/l9jfL4oBsNAAAAAAAAAAAAAAAAAAAAe0x1YXF6olwuzWVkZmgnK0fE8uNtRuMdd/yqfHtfPSnb0EwWZgY8MAEAAAAAAAAAAAAAAAAAQAY9uOm311f80d8GAQAAAAAAAAAAAAAAAAAAQCalPycR0ZiOjTw/vLH2X8lqrvkcEe/cuvTBtYlabW68sfzu2vLah+3lJwfRfqBXnTzt5DEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADwQHVhcXqiXC7N9XFm0H0EAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAeBR/BgAA///eANcP")
quotactl$Q_SETQUOTA(0xffffffff80000800, &(0x7f0000000000)=@loop={'/dev/loop', 0x0}, 0x0, 0x0)
syz_emit_vhci(&(0x7f0000000040)=@HCI_EVENT_PKT={0x4, @hci_ev_mode_change={{0x14, 0x6}, {0x3, 0x1, 0x61, 0x200}}}, 0x9)
mprotect(&(0x7f0000000000/0xf000)=nil, 0xf000, 0x1)
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x2241, 0x0)
openat$dir(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x140, 0x82)
write$tun(r0, &(0x7f0000000080)=ANY=[], 0x1043)
openat$dir(0xffffffffffffff9c, 0x0, 0x143941, 0x18)

14.428947786s ago: executing program 3 (id=173):
openat$sndseq(0xffffffffffffff9c, &(0x7f00000018c0), 0xe0c81)
syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x11, 0x8, &(0x7f00000009c0)=ANY=[@ANYBLOB="620af8ffa1dc0021bfa100000000000007010000f8ffffffb702000007000000bd120000000000008500000010000000b70000000000000095000000000000003faf4f2aa3d9b18ed812a2e2c49e8020a6f4e0e4a9446c7670568982b4e020f698393aa0f3881f9c24561f1b2607995daa56f151905ea23c22624c9f87f9793f3bbb546040677b0c5077da80fb982c1e9400e693146cea484a415b76966118b64b751a0f241b072e90080008002d75593a286cecc93e64c227c95aa0b784625704f07372c29184ff7f4a7c0000070000006056feb4cc664c0af9360a1f7a5e6b607130c89f18c0c1089d8b8588d72ec29c48b45e0000000000000401d01aa27ae8b09e00e79ab20b0b8ed8fb7a68000000000000000000006fa03c6468978089b302d7ff6023cdcedb5e0125ebbcebdde510cb2364149215108337719acd97cfa107d40224edc5465a932b77a74e802a0dc6bf25d8a242bc6099ad2300000480006ef6c1ff0900ff0000000010c63a949e8b7955394ffaff03000000000000ab87b1bfeda7be586602d985430cea080000000000000026abfb0767192361448279b05d96a703a660581eecdbf5bcd3de227a167ca17a0faf60fd6ad9b97aa5fa68480366c9c6fd6fa5043aa3926b81e3b59c9b081d6a08000000ea2b1a52496dfcaf99431412fd134a996382a1a04d5bb924cfe5f3185418d605ffff9c4d2ec7c32f2095e63c80af740b5b7632d5933a1c1fa5605bd7603f2ba2a790d62d6faec2fed44da4928b30142ba1fde5c5d50b83bae616b5054d1e7c13b1355d6f4a8245ffa4997da9c77af4c0cb97fca585ec6bf58351d578be00d952aab9c71764b0a8a7583c90b3433b809bdb9fbd48bc877505ebf6c9d13330ca006bce1a84521f14518c9b476fccbd6c712016219848624b87cec2dbe98223d8d9e86c5ea06d108d8f80a0eb4fa39f6b5c02e6d6d90756ff578f57000000009700cf0b4b8bc229413300000000000000000003000000000000000000000000001000000000559711e6e8fcffffffffffffffb2d02edc3e01dd271c896249ed85b980680b09000000000f0000169cdcacc413b48dafb7a2c8cb482bac0ac502d9ba96ffffffd897ef3b7cda42f93d53046da21b40216e14ba2d6af8656b01e17addaedab25b30002abbba7fa725f38400be7c1f001b2cd3170400000085be9e48dccf1f9f3282830689da6b53b263339863297771d74732d400003341bf4a00fc9fec2271ff01589646efd1cf870cd7bb2366fde4a594290c405ff870ce5dfd3467decb05cfd9fcb32c8ed1dbd9d30a64c108285e71b5565b1768ee58969c41595229df17bcad70fb4021428ce970275d13b78249788f11f761038b75d4fe32b561d46ea3abe0fa4d30dc94ef241875f3b4b6ab7929a57affe760e717a04becff0f719197724f4fce1093b62d7e8c7123d890cec55bf404e4e1f74b7eed82571be54c72d978cf906df08f11f1c4042e36acd37d7f9e109f2c06f815312e0cfe222a06f56dd022c074eb8a322fb0bf47c0a8d154b405c37feaf3dd95f6ef2acd1fe582786105c70600000000000000b7561301bb997316dbf17866fb84d4173731efe895ff2e1c5560926e90109b598502d3e959efc71f665c542c9062ece84c99a061887a20639b41c8c12ee86c50804042b3eac1f871b136345cf67ca3fb5aac518a75f9e7d7101da841735e186c489b3a06fb99e0347f23a054de2f4d92d6bd72ee2c9f0390a6f01e3e483b4ad05573af403269b4a39ce40293947d9a631bcbf3583784acbda216550d7aec6b79e30cbd128f91e358c3b377327ac9ecc34f24c9ae153ec60ac0694da85bff9f5f4df90400000000000000d6b2c5eaff07000000000000b99c9cc0ad1857216f000000009191ae954febb3df464bfe0f7f3ee9afe7befb89d2777399f5874c553aeb3729cffe86e669261192899d4562db0e22d564ae09bb6d163118e401e024fd452277c3887d6116c6cc9d8046c216c1f895778cb26e22a2a798de44aeadea2a40da8daccf080842a486721737390cbf3a74cb2003016f1514216bdf57d2a40d40b51ab63e96ec8485b3b8a8c9ae3d14f93100c2e0893862eef552fcde2981f48c482bde8a168c3f5db2fea6f26e4a4304e50c349f4f9ecee27defc93871c5f99a3594191e104d417e60fc3541a2c905a1a95e9571bf38ae1981c4238ecaee6f75cd0a6881bd1517a8250df98674152f94e32409e2a3bce109b6000000000000a1fec9000000d694210d7560eb92d6a97a27602b81f76386f1535bef1497f92186086e29c6bc5a1fad6ec9a31137ab79a404abde7750898b59270b939b81367ac91bd627e87306703be8672d70d1ab57075228a9f46ed9bd1f00fb8191bbab2dc591dda61f0868afc4294859323e7a45319f18101288a0268893373750d1a8fe64680b0a3fc22dd704e4214de5946912d6c98cd1a9fbe1e7d58c08acaf30065b928a31d2eca55f74a23641f61f2d5b308cf01cfaed9ef0ce21d69993e9960ff5f76015e6009756237badf4e7965bbe2777e808fcba821a00e8c5c39609ff854356cb490000000000c1fee30a3f7a85d1b29e58c77685efc0ceb1c8e5729c66018d169fc03aa188546bb2e51935ab9067ec3ad2a182068e1e3a0e2505bc7f41019645466ac96e0d0b3bc19faa5449209b085f3c334b47f067bbab40743b2a428f1da1f626602111b40e761fd21081920382f14d12ca3c471c7868e7da7eaa69eb7f7f80572fdd11bb1d070080fbc22bf73468788df51710eb0b428ee751c47d8e894f745a868404a0bf35f0121008b722b1eaa6aedfa1bf2e7ccb2d61d5d76331ff5e20fa26b8471d9e1cc9eb3d541e407cc2dae5e690cd628ab84875f2c50ba830d3f474b079b407000000deff000040430a537a395dc73bda367bf12cb7d81691a5fe8c47be395656a297e9df902aeec50e71b967ce7daac4be290159f6bcd75f0dda9de5532e66ae9e48b0ed1254a81faae79b6af6fbb869604d51de44c4e0973171ad47d6c00ebc7603093f000000fdec743af930cd6db49a47613808bad959719c0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000f15d6533f78a1f4e2df4ca23d867693fd42de9b49a1b36d48a44ba6a4530e59bec53e876dc660dd6d89f80a4377b1b1292a893a516dab183ee65744fb8fc4f9ce2242e0f000000000100000000d77480e0345effff6413258d1f6eb190aa28cbb4bafe3436b176c7ed4b132fb805d5edd9d188daf28d89c014c3ecca10ae55704544673e1fb03b84f63e022fe755f4007a4a899eaf52c4f491f1e97c862e29e4570600000091c691faee1e0c8fe056a07474e6e5490a7d3c3402000000b60600d837c6befc63ddf2f594ad7cbc56a1e44d218c956a5392a995f1fae8e9f206efbb33854dc70104d74dc07748f9745cb796da2dfb714a0500000000000000faed94fc39acfb3fd25dfa8116a154cd1226e1bb72b59fed817072a0da60160761fd3dffda0f7c592eabd8ab68334d2a1693cb187539049e331272bf5135044df8161400211b8012b6eb1ed5656e83f65509bb4b323c5bd61bff949d3bade2f6ffda1360c2786e16937ab61d6dcafed319c7167d0885f9c6d1f442954c167dd9b4acd9468ce3674c82bbb2e31389179b025dbe063b7f906217b2cf8410c7023aa3e5cc3ba1000000000000000000000000000000006ae6301a2da44394275c582a6516bb92ea1980a0a659f2f1811c8b281c209647c4241f292b20508b215dde27bb2487a6e2b5e4a8ccfab90c23827ef06cbe364073005f8a6d1456aaeb85ffb7858f24eced67a67ab825e863928ed64c83f62ffdaa997657335b63c6b4163aff094059e626766845fd779c9e6cdbbd64c2499ce3ffe2fef03f7cdd0d90f3a7579579a142c0f7b318264d5c13c31cf475829528267ead38523cab7e1664e8426cfce471fef821c8a02a7e7d954d05b68a9c28f79429b09e2bb3681ae2b831e27c735123361c193d66ed4d71f19b199d371ec6bfada7cd370e3fdd3cd980fa1e145fd3f3e96b1feb53c865e1ada08f5d16ed652ee0c7f45352222692fbd679212c225d097aa90f7e1fb1f983415f43e75a19ecf7fd21bfa150ef563aa72ba3c43c5f3d9be128ec26b691f31f9cab931631606a81622f120675c962be2d3b5e95f74f0b209e42e6bdd76e6e725295b1d78d928f6f63e4581d5cc41cbde2ba66adc1168070c8c6e18a6a234f5f9311ef0f78924b68dbb4712efdb6974667bdb54f16fd2061b9ba93638dd177227e94e4ebd0ec1d437db948062bf41742000000000000000000305f70dd02fa0c61d5fe6d8ff35389246037e18d34c1375ae04f44f0c2543c772c5ccb137be7dc1874c514b37c668554d77d4ea5ed144a648257f4a0301067bbcd9b91072659d872f26b796e2b81025edb5f45f785e2c2602b248ecdd80f019ca659be7e8ae953325a27564f33c9d458a60be3dab38baab7eb1a66ab1ffd6308f7fd51beb356fe75eb985b7581bb5584c53984ba9c3340f97e8d3825681c53de5f554e595b00000000000000006a8fa9f05d64c4be42f981f00051a39938613067dbd1427e01bfec016e51844cefa8a855bf23ac887b4a88eed6d9443857242f28e31a41d20105fbf3394ff910e734b4d9101265ff729c426e01c1ab13dda8c388b909006f19eecb87e39175e85e17000000000000000000009431807e43886903526074e6b40244c938a4c68a38c25ddd7c143b3f1400010000ec66815cf8d1f56aa1424bc9b5d58790298e5b310969e50c222563b54e60854e1b0100448aca8c5ccbf5546ce4c3cd5a733fec25fb94e1e0f966bcbd28a4d8fe4f556eaa1104a793006619700798354c6ae05025040965e3083562bfa20968c04007d21dc02c9fd1f75e1ff40f439bdde4e784012e52049b483d02f81b88f5f57816b3fecec79cfca8d37203e769759d6b6a56b7605ced8ee18475a77ff0963a565fb6021d216c01b1098e40550a1cfd80e918d685a7b099a4f8ed654cd76ca61fe5ad8a31ec558fdbfa706d5e738bceae81fe777c307d5bc72183a4c2d35732ab916a781b9912160a3fd2a2e74dd690c57bdfdc1f069f949170ef8cb9c13c12138116bca7a8c59363799be7005c51bc25a8bbe2cf5ddf6aa161693782b0e7feb8a768f391b49d4c978c96dbb52f21c122eba9f17c8bed10591958cf06321a248b5f76ceedfe0d080d6aeadc11b237b3326dd04b86ac37c0d131544888db9e128d059761ad9a393e96c3b41c13c5a381bff187a75de560ba6eb3faa5ff8d2bb3c88f8de5efc2fb2200cfda6d07ceae22577064334fbf76a23e62e6059211d995b879f6b7d3f7fcf03652b81e6b7cdeff947ad185d3c6269ca247b429c3b872a8f1ef60407d29a874f4ec31c9effed55543a65a6b4d778cebcd43b7905f3960140bd783540a7353014bda8e9c7a34a5f428fd1f8eb11e837dd9d586487fdebcb1ecd3a003ff0fda4be617fecf1ff0ef2c74664d60a4b9423f3297bc8eb91b4ee1d73272abbef3e7a828a7d7ab055a8eb58fe379de85338304e26e3620941b463e9049fd105c74c91cc4d71b0f76e2c2e4825106aa7ce2a3adbbc7a0443ece58e752b47e6f677eff7c5c568a89d6e36b165c39132a0f27080ece2a94c320b002c77f82662675a7713c7067081cac15994698c41ff4754268ae1676384ff799783f55d7e5a1a0920300000000000000d98440c355927629f2bcf9dc405a18ca0264400abf38e90000000000000000008faf2cddffbfa69bf32eb718e88ec75603ed7c7a8825ce0f27a114bd7a4ab74d0c7b8d90ccc1c3ca6620def782e24d75aed70eb676437f62677a69e0994cd82d72e95493c830fe9515329f40b7025326dec33a527c5d999298eaa3690fd0d38a02fc6e0bc16dbe19f353027edc014411e1138087221492f5d5e5cc9d0a1acd3f581eda9a807aa0e609f935f626d96351e0ff116686cbeb8939feecd5dac8cf45101942cc7cec21b7f337df5431bcf7e504b7c427f70a10e1cb8993a661306a0576b638a0171e6800b5b35589d676eb30ed1a72e8f7b057eb281c4504195635b6b285ebaba019913a2520e43ed790231f047f7d3789c10ae7d724929f77aec1d33d9587580268ee14396f71e7ef588cb2560d6bd0795a9b97281229eb16de086553469fad7214ffc3e416f8b8e442dce1d37f9b1c88a5d8a8d9f2fe45bd8df213ecb4194c8554aea13cadcd502e51f6fec80418e772b5bd8d0228949058038b185909ee542848680f9ad43f4057d676d5e21ae3d7e0e4a28c04f112a94707f032b35915e42993ff148291b8babe026646ee41905992db217561b90811c4702a14f312fe5d2ae7257db6be1034cc1c346b76a853ce274bf0435e18f7e86c660c18c80f30505dd4cf2ae2a1893b83c62d61bfeadc1f913e4cab2b897e096dd3fe3525090410cb23bab36cdf200a36014032cf6e5121803c5a0c4a273a19f340163fc6265425d513a1294b8439276394945d94a589708e32a1cb30f1fa4b2f08e01dc5e8c6732e6dc59b5c8cb400000000000000592c9b68f09c8f5ddb20b4ae08b4d9df548e5ed6cd47b91a4bea8b6aa52edf64576aef1e43f2958437fdc20fbbd0d4e13d8cce1193b2f9b4f107e25af178d056e1b1e40bd75b013f7484fae0bc447b1ffaf34819fe3ad1a634c94345e26e1e68dec08723a37b05d1594a66a4718a51d4d67fc880c9d640f4eacc509873f1a103c87f69"], &(0x7f0000000100)='GPL\x00'}, 0x41)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000340)='kfree\x00', r0}, 0x10)
socket$nl_generic(0x10, 0x3, 0x10)
openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r1 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r1, &(0x7f0000000280)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb(cipher_null)\x00'}, 0x58)
r2 = accept4(r1, 0x0, 0x0, 0x0)
sendmsg$NL80211_CMD_TDLS_OPER(r2, 0x0, 0x4008800)
mount$9p_fd(0x0, &(0x7f0000000000)='.\x00', &(0x7f0000000080), 0x0, &(0x7f0000000140)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESDEC=r2, @ANYBLOB=',wfdno=', @ANYRESOCT=r2])

14.128527212s ago: executing program 0 (id=174):
r0 = syz_open_procfs(0x0, &(0x7f0000000140)='net/dev\x00')
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x80000100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000300)=0x7)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r1 = getpid()
sched_setscheduler(r1, 0x2, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
r2 = syz_clone(0x8000, 0x0, 0xfffffffffffffe7e, 0x0, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, r2, 0x1, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x400000bce)
r3 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r3, &(0x7f0000032680)=""/102392, 0x18ff8)
dup(r3)
read$FUSE(r0, &(0x7f00000062c0)={0x2020}, 0x2020)

13.316917208s ago: executing program 3 (id=176):
ioctl$sock_FIOGETOWN(0xffffffffffffffff, 0x8903, &(0x7f00000001c0))
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x20000008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
socket$unix(0x1, 0x1, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f0000000180)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000300)='rcu_utilization\x00'}, 0x10)
r3 = socket$inet6(0xa, 0x80002, 0x0)
sendmmsg$inet6(r3, &(0x7f0000003cc0)=[{{0x0, 0x0, &(0x7f0000003980), 0x171}}], 0x400000000000172, 0x4000000)
r4 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000040), 0x802, 0x0)
ioctl$UI_SET_ABSBIT(r4, 0x40045567, 0x0)
ioctl$UI_SET_EVBIT(r4, 0x40045564, 0x3)
write$uinput_user_dev(r4, &(0x7f0000001740)={'syz1\x00', {0x0, 0x0, 0xfffe}, 0x0, [0x1002, 0x100000, 0x0, 0x0, 0xfffffff2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x4, 0x0, 0x4000000, 0x0, 0xfffffffd, 0x0, 0x38, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x80000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xa], [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x26f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7ec, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80, 0x1000, 0x0, 0x0, 0x0, 0x7fffffff, 0x8], [0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80000, 0x0, 0x7fff, 0x807, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xd2, 0x0, 0x0, 0x0, 0x0, 0x6, 0x0, 0x0, 0x0, 0x3, 0xffffffff, 0xffffffff, 0x2, 0xffffffff, 0x0, 0x0, 0x0, 0xfffffffe, 0x0, 0x0, 0xfffffffe, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8000000], [0x400, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xeefc, 0x0, 0xfffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x40, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x6, 0x0, 0x0, 0xfffffffa, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0xfffffffc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2]}, 0x45c)
ioctl$UI_DEV_CREATE(r4, 0x5501)
syz_open_dev$sndctrl(&(0x7f0000000040), 0x0, 0x0)
write$uinput_user_dev(r4, &(0x7f0000000300)={'syz1\x00', {0x3dac, 0xa5, 0xfff5, 0x1ff}, 0xf, [0xed2, 0x8, 0x5, 0x5, 0x80, 0x3, 0x5, 0x800, 0x8, 0x6, 0x4, 0x8, 0x8, 0x3, 0x7, 0x2f29, 0xff, 0x401, 0x7, 0x6, 0xe06, 0x4, 0xff, 0x7, 0x2, 0x8, 0x0, 0x4, 0x401, 0xd, 0x2, 0x3, 0x982b, 0x2, 0x1, 0x3, 0x7fff, 0x2, 0x2, 0x7, 0x6, 0x200, 0x3, 0x0, 0x8, 0xa, 0x5, 0x3, 0x9, 0x7, 0x3, 0xd10, 0x7, 0x8000, 0x9, 0x6, 0x130b, 0x5, 0xfffffff7, 0xbf90, 0x3, 0x54, 0x0, 0x1], [0x8, 0x2, 0x80, 0x5, 0x1, 0x4, 0x1, 0x480000, 0x2, 0x0, 0x8, 0x3, 0x7b, 0x1, 0x7ff, 0xa1e000, 0x0, 0x8000, 0x40, 0x3, 0x800, 0x654d, 0x2, 0x40, 0x7, 0x9, 0xfffffff9, 0xffffffc0, 0xaa, 0x3, 0x8, 0x7fffffff, 0x11c, 0x5, 0x3, 0x3, 0x4000, 0x7, 0x8, 0x3, 0xeadb, 0x2e, 0x6, 0x4f69, 0x84, 0x4, 0x11c, 0x10001, 0x4, 0x4, 0xc60a, 0x40, 0x8, 0x40000, 0x6, 0x0, 0x9, 0x2, 0x7, 0x7, 0x7, 0x4, 0x9, 0xc210], [0x52, 0x1ff, 0xfa, 0x7, 0x8c, 0xa, 0x5, 0x6, 0x2, 0x745, 0x1, 0x0, 0x61, 0xffff, 0xa8b1, 0x8, 0x5, 0xfb, 0xffff, 0x3, 0xfffffffe, 0x0, 0x3, 0x10000, 0x6, 0x7fff, 0x6, 0x200007, 0x401, 0x8000, 0x80000000, 0x0, 0xffff, 0x8, 0x1, 0x6, 0x0, 0x2908, 0x2, 0x6, 0x0, 0x1000, 0x5, 0x8b2f, 0xd, 0xffff2cbf, 0x7fff, 0x5, 0x5, 0x8, 0x101, 0x7, 0x1eb, 0x8, 0x28, 0x4, 0x4e, 0x8, 0x2, 0x3, 0x6, 0xf, 0x5, 0x3], [0x3, 0x1, 0x9, 0xf, 0x7, 0x81, 0x7, 0x7, 0x2, 0x8, 0x0, 0xfffffffe, 0x100002, 0x6, 0x2, 0x6, 0x0, 0x7, 0x6, 0xf4dc, 0x8, 0x7ff, 0x0, 0x7fffffff, 0x4, 0x0, 0x2, 0x6, 0x9, 0x6, 0x8, 0x0, 0x10001, 0x7fffffff, 0xfffffffa, 0x401, 0x4cdc1a6e, 0x4, 0x6, 0x3, 0x8, 0x0, 0x4, 0x200, 0x80000001, 0x1, 0x4, 0x8, 0x3, 0x9, 0xffff, 0x8000, 0x5, 0x1, 0xc, 0x1, 0xa, 0xfffffffa, 0xd, 0x8, 0x8, 0x8, 0xc4, 0x10001]}, 0x45c)
bpf$BPF_BTF_LOAD(0x12, &(0x7f00000000c0)={&(0x7f0000000400)=ANY=[@ANYBLOB="9feb0100180000000000000014000000140000"], 0x0, 0x2e, 0x0, 0xa, 0x3}, 0x28)
r5 = syz_open_dev$evdev(&(0x7f00000000c0), 0x2, 0x862b01)
write$char_usb(r5, &(0x7f0000000040)="e2", 0x2250)

12.436928075s ago: executing program 1 (id=177):
r0 = socket(0x10, 0x3, 0x0)
r1 = bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f00000047c0)=@bpf_tracing={0x1a, 0x1e, &(0x7f0000002440)=@ringbuf={{0x18, 0x0, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x2}, {}, {}, [@map_idx_val={0x18, 0xb, 0x6, 0x0, 0x2, 0x0, 0x0, 0x0, 0x8}, @snprintf={{}, {}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x6}}], {{}, {}, {0x85, 0x0, 0x0, 0x85}}}, &(0x7f0000002540)='syzkaller\x00', 0x0, 0x98, &(0x7f0000002580)=""/152, 0x40f00, 0x0, '\x00', 0x0, 0x17, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x861f, 0xffffffffffffffff, 0x3, &(0x7f00000026c0)=[0xffffffffffffffff, 0xffffffffffffffff, r0], &(0x7f0000000100)=[{0x2, 0x5, 0xe, 0xc}, {0x5, 0x5, 0x1, 0xc}, {0x0, 0x3, 0xc, 0x5}], 0x10, 0x401}, 0x94)
bpf$OBJ_PIN_PROG(0x6, &(0x7f00000001c0)=@o_path={&(0x7f0000000000)='./file0\x00', r1, 0x4000, r0}, 0x18)
ioctl$UI_SET_SWBIT(0xffffffffffffffff, 0x4004556d, 0x1)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x80000100008b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000300)=0x7)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r2 = syz_clone(0x8000, 0x0, 0xfffffffffffffe7e, 0x0, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, r2, 0x1, 0x0)
r3 = syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x0)
shutdown(r3, 0x0)
recvmmsg(r3, &(0x7f0000000080), 0x72a, 0x0, 0x0)
poll(&(0x7f00000003c0)=[{r3, 0x20}], 0x1, 0x1)
ppoll(&(0x7f00000000c0)=[{}, {}], 0x20000000000000dc, 0x0, 0x0, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x400000bce)
r4 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r4, &(0x7f0000019680)=""/102392, 0x18ff8)
syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
pipe2$9p(0x0, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000400)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f0000000140)=ANY=[@ANYBLOB="d800000026000186"], 0xd8}, 0x1, 0x0, 0x0, 0x1}, 0x20004440)

12.293231738s ago: executing program 3 (id=178):
setresgid(0x0, 0x0, 0xee01)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x80000100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000400)=0x7)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x3)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
r1 = syz_clone(0x8000, 0x0, 0xfffffffffffffe7e, 0x0, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, r1, 0x1, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f00000000c0)=0x400000bce)
r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r2, &(0x7f0000019680)=""/102392, 0x18ff8)
sendto$inet(0xffffffffffffffff, 0x0, 0x0, 0x12, 0x0, 0x0)
bind$inet(0xffffffffffffffff, 0x0, 0x0)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000000)=ANY=[@ANYBLOB="1c00080000001c140000fe"], 0x60}, 0x1, 0x0, 0x0, 0x40004}, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f0000000000)=ANY=[@ANYBLOB="1400000007"], 0x50)
pwrite64(0xffffffffffffffff, &(0x7f0000000000)='L', 0x1, 0x7ffffffe)
r3 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
bind$bt_hci(r3, &(0x7f0000000040)={0x1f, 0xffff, 0x3}, 0x6)
write$binfmt_misc(r3, &(0x7f0000000000), 0xd)

10.907084735s ago: executing program 3 (id=179):
bpf$TOKEN_CREATE(0x24, 0x0, 0x0)
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0xa, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{0x6, 0x0, 0x0, 0x7fff7ffc}]})
set_tid_address(0x0)
openat$sysfs(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/address_bits', 0x0, 0x0)
syz_mount_image$ext4(&(0x7f00000000c0)='ext2\x00', &(0x7f0000000140)='./file0\x00', 0x4011, &(0x7f00000003c0)={[{@journal_dev={'journal_dev', 0x3d, 0x2}}, {@dioread_lock}, {@journal_checksum}, {@noblock_validity}, {@init_itable_val}, {@dioread_nolock}]}, 0x0, 0x64a, &(0x7f0000000940)="$eJzs3c9vFG8ZAPBnZrfd/kC3EKPiQRqNgURpaQFDjAn04okQ/HHzVGkhyEIJrdEiiW2CFxPjxYOJJw/if6EkXj158+DFkyEhxnAQQ77sN7M7W7a73Xa77Xbp9vNJls7Muzvvs2SffWfefd+ZAE6s6eyfNOJsRDxOIspNZcXIC6frz3vz32d3skcS1er3/5PEs18kG837SvK/k/mLPynXt5wptNe7uv70wWKlsvwkX59de/h4dnX96cX7DxfvLd9bfjT/zflrV69cvTZ36UDvL4tgJF+++fzHPy3/6tYP//j7d8ncn/55K4kb8T6PLXtfra8tHajm7P9sOqp1b7cVpBHXDrjvj8X/yo3PSU0p+0AkxUFGxH6kEXE9z5EvRDkK8SFZy/HL7w40OKCvqknU2qjpKnDyJNGx6P5Y/iXRbqyvMQFHoXEc0Di33+k8uF3az0MS4Ii8Xqj31dVzfyQiGvlfrPcNxlitb2DiTdLcz1PrVztYz1xdVsff/nrrefaIDv1wQH9sbDZ6uVvb/6SWm1NRPweYeJNuy/+F/CggzX8n+F7rjrvsPJ9uWZf/cHQ2NiPii3n7Pxpd53+a524j/3/UY/095v+pHqsDAAAAAACAofZyISK+sdP4v3Rr/M9ooX38z2RE3DiE+vf+/S99lS8kh1Ad0OT1QsS3dxz/uzXGd6qQr32mNh5gJLl7v7J8KSI+GxEXYqSUrc+17Ld5hPDFX5/5Xaf6m8f/ZY+s/sZYwHxPr4otY4mWFtcWD/q+gYjXmxFfqo3/PZdv2T7+J2v/k63xvx+G3WT5/bjLOs587cXtTmV75z/QL9U/RJzfsf3/cLid7H59jtna8cBs46ig3Zd//ps/d6pf/sPgZO3/xO75X0qar9ezur/9j0bE5fVitVN5r8f/o8kPCo39Z362uLb2ZC5iNLnZvn1+fzHDsGrkQyNfsvy/8NXd+/+2jv+b8nA8Ija6rPPz7yf/1alM+w+Dk+X/0u7tf3l7+7//hfkXU3/pVP/trtr/K7U2/UK+Rf8fNGu/Hke3CTqQcAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADgmEsj4lQk6czWcprOzERMRsTnYiKtrKyuff3uyk8eLUXt7t9TMZI27vRbrq8njfv/TzWtz7esX46I0xHx28J4bX3mzkpladBvHgAAAAAAAAAAAAAAAAAAAD4Sk7U5/9VS6/z/zL8Lg44O6Lti/le+w8lT7PmV1dKhBgIcud7zHzjONveV/yN9jQU4ep3z/+27ak3L5u98pe8xAUej6/b/7073Ydj0eP7v5wIYAvr/4KTqsk9vrN9xAIOg/QcAAAAAgKFy+tzLfyQRsfGt8dojM5qXjQ80MqDf0j3KfQfA8DKGF06u4sqgIwAGxYR+INla+n/rZP+azqP/k/4EBAAAAAAAAAAAAAC0OX+28/x/cwNguO06/3+viwMAx9ou8/93mtjjcgEwRDrf+sO8Phh2zvGBvVp78/8BAAAAAAAAAAAA4CMw9vTBYqWy/GR1/fgtXO/pVYWIGGDwG4sH20+1NKjgx6JT0fv+VDoSEYP+jB3aQpZslcpytRqx95Mbl+AYYMx7f3WU+vzVBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA1H0aAAD///UvHMY=")
r0 = syz_open_procfs(0x0, &(0x7f0000000000)='fdinfo\x00')
r1 = socket$nl_sock_diag(0x10, 0x3, 0x4)
sendmsg$DCCPDIAG_GETSOCK(r1, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x80000100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000300)=0x7)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r2 = getpid()
sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x3)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
syz_clone(0x600, 0x0, 0x33, 0x0, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x400000bce)
r3 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r3, &(0x7f0000019680)=""/102392, 0x18ff8)
setitimer(0x1, &(0x7f0000000380), 0x0)
fstat(0xffffffffffffffff, &(0x7f0000000180))
getdents64(r0, &(0x7f0000003f80)=""/4113, 0x1011)

9.652785379s ago: executing program 1 (id=180):
unshare(0x26020400)
r0 = socket$inet(0x2, 0x2, 0x1)
bind$inet(r0, &(0x7f0000000000)={0x2, 0x6e24, @empty}, 0x10)

7.058841311s ago: executing program 3 (id=184):
syz_mount_image$ext4(&(0x7f0000000880)='ext2\x00', &(0x7f0000000000)='./file1\x00', 0x21000e, &(0x7f0000000180)={[{@nolazytime}, {@abort}, {@lazytime}, {@mblk_io_submit}, {@noauto_da_alloc}]}, 0xde, 0x53b, &(0x7f00000008c0)="$eJzs3c1vI2cZAPBnJnbIdlOSAodSqR+ii3YrWHvT0Dbi0BaBuFUClfsSJd4oWme9ip12E1WQFX8AEkJQiRMnLkjcuCCh/RMQUiX2jgCBEGzhwAEYNOPxNmvG2cD6Y5X8ftJrv/OOPc/zOvb4nY94AjizXoiINyNiLiJeioilsj0tSxz2S/64D++9t5GXvPntvySRlG0RRfW+8+XTFvp3lbr7B9fX2+3Wbjnd7O3cbHb3Dy5v76xvtbZaN1ZXV15de23tlbUrY+ln3q/Xv/KHH3z3J199/Zeff/e3V/906Vt50l8u5w/6NT7Fqxd3i9t6/lrcV4uI3fEGm5m5sj/1WScCAMCJ5KPUT0TEZ4rx/1LMFaO5wvCQbmH62QEAAADjkL2xGP9MIjIAAADg1HojIhYjSRvluQCLkaaNRv8c3k/FE2m70+197lpn78ZmPi9iOerpte1260p5Tu1y1JN8eqWofzT98tD0akQ8FRHfXzpXTDc2Ou3NWe/8AAAAgDPi/ND2/9+X+tv/AAAAwCmzPOsEAAAAgIkbtf2fTDkPAAAAYHIc/wcAAIBT7WtvvZWXbHD968139veud965vNnqXm/s7G00Njq7Nxtbnc5W8Zt9O8ctqx4R7U7n5hci9m41e61ur9ndP7i609m70bu67fqBAAAAMCtPPX/nbhIRh188V5TcfH4zN+IJzhWAUyMd0V75Mf/9ZHMBpmvU1/wJzI8zD2D6arNOAJidw1knAMzaAz/1UTEoOHryzgP7DH41uZwAAIDxuvjpO3e/XXH8v1aezw+cXqOO/wOn3yMc/89l48oDmD7H/+HsqsdctnTiR9+eaC7AbDzsUh8jf7yj6vh/5ZnBWfbQZQEAABO1WJTn00Z5LHAx0rTRiHiy+B/genJtu926EhEfj4jfLNU/lk+vFM9MXB4QAAAAAAAAAAAAAAAAAAAAAAAAAE4oy5LIAAAAgFMtIv1jUl7/6+LShcXh/QPzyT+KywPOR8S7P3r7h7fWe73dlbz9r/fbe++X7S/PYg8GAAAAnEW1Y+cOttMH2/EAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAME4f3ntvY1CmGffPX4qI5ar4tVgo7heiHhFP/C2J2pHnJRExN4b4h7cj4umq+EmeViyXWQzHTyPi3HTiP5tlWWX882OID2fZnXz982bV5y+NF4r76s9/rSyP6oH13/zPj8xJ76//5kas/548YYxnPvhZc2T82xHP1KrXP4P4yYj4L1YtsOJF+eY3Dg7+q7G/8Mh+HHGx8vsneSBWs7dzs9ndP7i8vbO+1dpq3VhdXXl17bW1V9auNK9tt1vlbVWI+N6zv/j3UPR/ZX1F/6MfP6rWv8f1/0JeqR9pzIbDlME+uHXvk/1qfWgRRfxLL1a//54+Jn7+nvhs+T2Qz784qB/260c999NfP1eZWBl/c8Tr/7C//6VRCx3y0te/87sTPhQAmILBKGu3u39wfb3dbk2s8n6WZRMO8X9UIj3pg4vhYkTMPufJVGqTficsPC49nXLlwuORxv9SGceeLQAA4HHz0aB/1pkAAAAAAAAAAAAAAAAAAADA2dXdj3TSPyc2HPNwNl0FAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADjWfwIAAP//nJjX8w==")
r0 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x641, 0x1c3)
prctl$PR_SET_MM(0x23, 0x6, &(0x7f0000001000/0x4000)=nil)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7)
bpf$MAP_CREATE(0x0, 0x0, 0x50)
madvise(&(0x7f0000ffc000/0x4000)=nil, 0xffffffffdf003fff, 0x9)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f0000000380)=@abs={0x0, 0x0, 0x4e23}, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
r4 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000007d40)=ANY=[@ANYBLOB="0200000004000000080000000100000080"], 0x48)
bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f0000000080)={r4}, 0x4)
r5 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000140)={0x3, 0x11, &(0x7f0000000200)=@framed={{0x18, 0x2, 0x0, 0x0, 0x6, 0x0, 0x0, 0x0, 0x40002}, [@call={0x85, 0x0, 0x0, 0x53}, @snprintf={{}, {}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0xffffffff}, {}, {}, {}, {}, {}, {}, {0x18, 0x3, 0x2, 0x0, r4}}]}, &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f00000002c0)={r5, 0x0, 0xe, 0x0, &(0x7f0000000100)="b34715ecd04550d3abc89b6f7bec", 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50)
madvise(&(0x7f0000bdc000/0x4000)=nil, 0x86ac726dff2f4713, 0xa)
r6 = add_key$keyring(0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd)
add_key$fscrypt_v1(&(0x7f0000000280), 0x0, 0x0, 0x0, r6)
prlimit64(r1, 0xb, 0x0, 0x0)
fallocate(r0, 0x10, 0x2, 0x807c27)
mprotect(&(0x7f0000000000/0x4000)=nil, 0x4000, 0x1)

6.905042534s ago: executing program 1 (id=185):
ftruncate(0xffffffffffffffff, 0xc17a)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000080)=ANY=[@ANYBLOB="0c04000010000104000000000000000000480000", @ANYRES32, @ANYBLOB="10100000000000000800200005000000e4031680a40001800c"], 0x40c}}, 0x0)
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r0, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000001f40)={&(0x7f0000000000)=ANY=[@ANYBLOB="fc0000001900e1f6ddedabc4ac5c000000000000000000000000000000000001ac1414aa00000000000000000000000000000000000000000a"], 0xfc}, 0x1, 0x0, 0x0, 0x84}, 0x0)

6.499563892s ago: executing program 4 (id=186):
ioctl$sock_FIOGETOWN(0xffffffffffffffff, 0x8903, &(0x7f00000001c0))
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x20000008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
socket$unix(0x1, 0x1, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f0000000180)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000300)='rcu_utilization\x00'}, 0x10)
r3 = socket$inet6(0xa, 0x80002, 0x0)
sendmmsg$inet6(r3, &(0x7f0000003cc0)=[{{0x0, 0x0, &(0x7f0000003980), 0x171}}], 0x400000000000172, 0x4000000)
r4 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000040), 0x802, 0x0)
ioctl$UI_SET_ABSBIT(r4, 0x40045567, 0x0)
ioctl$UI_SET_EVBIT(r4, 0x40045564, 0x3)
write$uinput_user_dev(r4, &(0x7f0000001740)={'syz1\x00', {0x0, 0x0, 0xfffe}, 0x0, [0x1002, 0x100000, 0x0, 0x0, 0xfffffff2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x4, 0x0, 0x4000000, 0x0, 0xfffffffd, 0x0, 0x38, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x80000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xa], [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x26f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7ec, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80, 0x1000, 0x0, 0x0, 0x0, 0x7fffffff, 0x8], [0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80000, 0x0, 0x7fff, 0x807, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xd2, 0x0, 0x0, 0x0, 0x0, 0x6, 0x0, 0x0, 0x0, 0x3, 0xffffffff, 0xffffffff, 0x2, 0xffffffff, 0x0, 0x0, 0x0, 0xfffffffe, 0x0, 0x0, 0xfffffffe, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8000000], [0x400, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xeefc, 0x0, 0xfffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x40, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x6, 0x0, 0x0, 0xfffffffa, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0xfffffffc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2]}, 0x45c)
ioctl$UI_DEV_CREATE(r4, 0x5501)
ioctl$SNDRV_CTL_IOCTL_PCM_INFO(0xffffffffffffffff, 0xc1205531, &(0x7f0000000080)={0x1000000, 0x83b, 0x0, 0x0, '\x00', '\x00', '\x00', 0x3, 0x4000, 0x0, 0x40000, "f900"})
write$uinput_user_dev(r4, &(0x7f0000000300)={'syz1\x00', {0x3dac, 0xa5, 0xfff5, 0x1ff}, 0xf, [0xed2, 0x8, 0x5, 0x5, 0x80, 0x3, 0x5, 0x800, 0x8, 0x6, 0x4, 0x8, 0x8, 0x3, 0x7, 0x2f29, 0xff, 0x401, 0x7, 0x6, 0xe06, 0x4, 0xff, 0x7, 0x2, 0x8, 0x0, 0x4, 0x401, 0xd, 0x2, 0x3, 0x982b, 0x2, 0x1, 0x3, 0x7fff, 0x2, 0x2, 0x7, 0x6, 0x200, 0x3, 0x0, 0x8, 0xa, 0x5, 0x3, 0x9, 0x7, 0x3, 0xd10, 0x7, 0x8000, 0x9, 0x6, 0x130b, 0x5, 0xfffffff7, 0xbf90, 0x3, 0x54, 0x0, 0x1], [0x8, 0x2, 0x80, 0x5, 0x1, 0x4, 0x1, 0x480000, 0x2, 0x0, 0x8, 0x3, 0x7b, 0x1, 0x7ff, 0xa1e000, 0x0, 0x8000, 0x40, 0x3, 0x800, 0x654d, 0x2, 0x40, 0x7, 0x9, 0xfffffff9, 0xffffffc0, 0xaa, 0x3, 0x8, 0x7fffffff, 0x11c, 0x5, 0x3, 0x3, 0x4000, 0x7, 0x8, 0x3, 0xeadb, 0x2e, 0x6, 0x4f69, 0x84, 0x4, 0x11c, 0x10001, 0x4, 0x4, 0xc60a, 0x40, 0x8, 0x40000, 0x6, 0x0, 0x9, 0x2, 0x7, 0x7, 0x7, 0x4, 0x9, 0xc210], [0x52, 0x1ff, 0xfa, 0x7, 0x8c, 0xa, 0x5, 0x6, 0x2, 0x745, 0x1, 0x0, 0x61, 0xffff, 0xa8b1, 0x8, 0x5, 0xfb, 0xffff, 0x3, 0xfffffffe, 0x0, 0x3, 0x10000, 0x6, 0x7fff, 0x6, 0x200007, 0x401, 0x8000, 0x80000000, 0x0, 0xffff, 0x8, 0x1, 0x6, 0x0, 0x2908, 0x2, 0x6, 0x0, 0x1000, 0x5, 0x8b2f, 0xd, 0xffff2cbf, 0x7fff, 0x5, 0x5, 0x8, 0x101, 0x7, 0x1eb, 0x8, 0x28, 0x4, 0x4e, 0x8, 0x2, 0x3, 0x6, 0xf, 0x5, 0x3], [0x3, 0x1, 0x9, 0xf, 0x7, 0x81, 0x7, 0x7, 0x2, 0x8, 0x0, 0xfffffffe, 0x100002, 0x6, 0x2, 0x6, 0x0, 0x7, 0x6, 0xf4dc, 0x8, 0x7ff, 0x0, 0x7fffffff, 0x4, 0x0, 0x2, 0x6, 0x9, 0x6, 0x8, 0x0, 0x10001, 0x7fffffff, 0xfffffffa, 0x401, 0x4cdc1a6e, 0x4, 0x6, 0x3, 0x8, 0x0, 0x4, 0x200, 0x80000001, 0x1, 0x4, 0x8, 0x3, 0x9, 0xffff, 0x8000, 0x5, 0x1, 0xc, 0x1, 0xa, 0xfffffffa, 0xd, 0x8, 0x8, 0x8, 0xc4, 0x10001]}, 0x45c)
bpf$BPF_BTF_LOAD(0x12, &(0x7f00000000c0)={&(0x7f0000000400)=ANY=[@ANYBLOB="9feb0100180000000000000014000000140000"], 0x0, 0x2e, 0x0, 0xa, 0x3}, 0x28)
r5 = syz_open_dev$evdev(&(0x7f00000000c0), 0x2, 0x862b01)
write$char_usb(r5, &(0x7f0000000040)="e2", 0x2250)

6.316566765s ago: executing program 1 (id=187):
setresgid(0x0, 0x0, 0xee01)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x80000100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000400)=0x7)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x3)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
r1 = syz_clone(0x8000, 0x0, 0xfffffffffffffe7e, 0x0, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, r1, 0x1, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f00000000c0)=0x400000bce)
r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r2, &(0x7f0000019680)=""/102392, 0x18ff8)
sendto$inet(0xffffffffffffffff, 0x0, 0x0, 0x12, 0x0, 0x0)
bind$inet(0xffffffffffffffff, 0x0, 0x0)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000000)=ANY=[@ANYBLOB="1c00080000001c140000fe"], 0x60}, 0x1, 0x0, 0x0, 0x40004}, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f0000000000)=ANY=[@ANYBLOB="1400000007"], 0x50)
pwrite64(0xffffffffffffffff, &(0x7f0000000000)='L', 0x1, 0x7ffffffe)
r3 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
bind$bt_hci(r3, &(0x7f0000000040)={0x1f, 0xffff, 0x3}, 0x6)
write$binfmt_misc(r3, &(0x7f0000000000), 0xd)

5.289145906s ago: executing program 4 (id=188):
syz_mount_image$vfat(&(0x7f00000002c0), &(0x7f0000000280)='./bus\x00', 0x810408, 0x0, 0xff, 0x0, &(0x7f00000007c0))
mkdirat(0xffffffffffffff9c, 0x0, 0x0)
ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f0000000300)={'\x00', 0x4, 0x2, 0x3, 0x6, 0x9, <r0=>0x0})
prlimit64(r0, 0xe, &(0x7f0000000140)={0x90, 0x20000008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x6)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x0, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e24}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r3 = openat$sw_sync(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$SW_SYNC_IOC_CREATE_FENCE(r3, 0xc0285700, &(0x7f0000000140)={0x6, "421ae3753785259249154c944122ad063ff47d3bd7a8a45d6bb4c78a3ab4c981"})
r4 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
bind$bt_hci(r4, &(0x7f0000000100)={0x1f, 0x3}, 0x6)
ioctl$sock_bt_hci(r4, 0x800448d5, &(0x7f0000000080))
ioctl$SW_SYNC_IOC_INC(r3, 0x40045701, &(0x7f0000000440)=0xffffffff)
socket$nl_xfrm(0x10, 0x3, 0x6)
ioctl$MON_IOCX_MFETCH(0xffffffffffffffff, 0xc0109207, &(0x7f0000000180)={&(0x7f0000000100)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0], 0x6, 0x8})
openat$vcsa(0xffffffffffffff9c, 0x0, 0x0, 0x0)

4.498665661s ago: executing program 4 (id=189):
syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f0000000140)='./file1\x00', 0x200000, &(0x7f00000005c0)={[{@noblock_validity}, {}, {@sysvgroups}, {@norecovery}, {@debug_want_extra_isize={'debug_want_extra_isize', 0x3d, 0x80}}, {@orlov}, {@nogrpid}, {@noauto_da_alloc}, {@nomblk_io_submit}]}, 0x3, 0x56a, &(0x7f00000015c0)="$eJzs3c9rHFUcAPDvbJL+1qZQinqQQA9WajdN4o8KQutRtFjQe12SaSjZdEt2U5pYaHuwFy9SBBEL4h/g3WPxH/CvKGihSAl68BKZzWy7TbL5uXW3zucD0743M5s3b998335nZ5cNoLBGsn9KEa9GxDdJxOG2bYORbxxZ2W/p8Y3JbEliefmzP5NI8nWt/ZP8/4N55ZWI+PWriJOlte3WFxZnKtVqOpfXRxuzV0frC4unLs9WptPp9Mr4xMSZdybG33/v3a719c0Lf3//6f2Pznx9fOm7nx8euZvEuTiUb2vvxy7caq+MxEj+nAzFuVU7jnWhsX6S9PoA2JGBPM6HIpsDDsdAHvXA/9/NiFgGCioR/1BQrTygdW3fpevgF8ajD1cugNb2f3DlvZHY17w2OrCUPHNllF3vDneh/ayNX/64dzdbYpP3IW52oT2Allu3I+L04ODa+S/J57+dO91883hjq9so2usP9NL9LP95a738p/Qk/4l18p+D68TuTmwe/6WHXWimoyz/+2Dd/PfJ1DU8kNdeauZ8Q8mly9X0dES8HBEnYmhvVt/ofs6ZpQfLnba153/ZkrXfygXz43g4uPfZx0xVGpXd9Lndo9sRrz3Nf5NYM//va+a6q8c/ez4ubLGNY+m91ztt27z/7bqfAS//FPHGuuP/9I5WsvH9ydHm+TDaOivW+uvOsd86tb+9/ndfNv4HNu7/cNJ+v7a+/TZ+3PdP2mnbTs//PcnnzfKefN31SqMxNxaxJ/lk7frxp49t1Vv7Z/0/cXzj+W+9839/RHyxxf7fOXqn4679MP5T2xr/7RcefPzlD53a39r4v90sncjXbGX+2+oB7ua5AwAAAAAAgH5TiohDkZTKT8qlUrm88vmOo3GgVK3VGycv1eavTEXzu7LDMVRq3ek+3PZ5iLH887Ct+viq+kREHImIbwf2N+vlyVp1qtedBwAAAAAAAAAAAAAAAAAAgD5xsMP3/zO/D/T66IDnzk9+Q3FtGv/d+KUnoC95/YfiEv9QXOIfikv8Q3GJfygu8Q/FJf6huMQ/AAAAAAAAAAAAAAAAAAAAAAAAAAAAdNWF8+ezZXnp8Y3JrD51bWF+pnbt1FRanynPzk+WJ2tzV8vTtdp0NS1P1mY3+3vVWu3q2HjMXx9tpPXGaH1h8eJsbf5K4+Ll2cp0ejEd+k96BQAAAAAAAAAAAAAAAAAAAC+W+sLiTKVaTecUOhbORl8cxo4LyWajfDY/GXbUxGDvO6jwHAo9npgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAoM2/AQAA///fKTPH")
lsetxattr$trusted_overlay_upper(&(0x7f00000001c0)='./file1\x00', &(0x7f0000000180), &(0x7f00000001c0)=ANY=[], 0x361, 0x0)
utimensat(0xffffffffffffff9c, &(0x7f0000000500)='./file1\x00', 0x0, 0x100)

3.993155471s ago: executing program 1 (id=190):
r0 = bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000001d40)={&(0x7f0000000000)='hrtimer_start\x00', r0}, 0x10)
openat$random(0xffffffffffffff9c, &(0x7f000000fe80), 0x40800, 0x0)
socket$nl_xfrm(0x10, 0x3, 0x6)
r1 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_tcp_TCP_REPAIR(r1, 0x6, 0x13, &(0x7f0000000100)=0x1, 0x4)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x80000100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000300)=0x7)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x3)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
r2 = syz_clone(0x8000, 0x0, 0xfffffffffffffe7e, 0x0, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, r2, 0x1, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x400000bce)
r3 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r3, &(0x7f0000019680)=""/102392, 0x18ff8)
connect$inet6(r1, &(0x7f00000001c0)={0xa, 0x0, 0x0, @loopback, 0x8001}, 0x1c)
r4 = socket$netlink(0x10, 0x3, 0x0)
writev(r4, 0x0, 0x0)
setsockopt$inet6_tcp_TCP_REPAIR(r1, 0x6, 0x13, &(0x7f0000001840), 0x4)

3.920764513s ago: executing program 0 (id=191):
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000200)=@base={0x12, 0x4, 0x4, 0x12}, 0x48)
bpf$MAP_UPDATE_ELEM(0x2, &(0x7f00000000c0)={r0, &(0x7f0000000380), &(0x7f0000000040)=@udp}, 0x20)
shutdown(0xffffffffffffffff, 0x0)
read$msr(0xffffffffffffffff, &(0x7f0000000940)=""/130, 0x82)

3.306240755s ago: executing program 3 (id=192):
bpf$TOKEN_CREATE(0x24, 0x0, 0x0)
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0xa, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{0x6, 0x0, 0x0, 0x7fff7ffc}]})
set_tid_address(0x0)
openat$sysfs(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/address_bits', 0x0, 0x0)
syz_mount_image$ext4(&(0x7f00000000c0)='ext2\x00', &(0x7f0000000140)='./file0\x00', 0x4011, &(0x7f00000003c0)={[{@journal_dev={'journal_dev', 0x3d, 0x2}}, {@dioread_lock}, {@journal_checksum}, {@noblock_validity}, {@init_itable_val}, {@dioread_nolock}]}, 0x0, 0x64a, &(0x7f0000000940)="$eJzs3c9vFG8ZAPBnZrfd/kC3EKPiQRqNgURpaQFDjAn04okQ/HHzVGkhyEIJrdEiiW2CFxPjxYOJJw/if6EkXj158+DFkyEhxnAQQ77sN7M7W7a73Xa77Xbp9vNJls7Muzvvs2SffWfefd+ZAE6s6eyfNOJsRDxOIspNZcXIC6frz3vz32d3skcS1er3/5PEs18kG837SvK/k/mLPynXt5wptNe7uv70wWKlsvwkX59de/h4dnX96cX7DxfvLd9bfjT/zflrV69cvTZ36UDvL4tgJF+++fzHPy3/6tYP//j7d8ncn/55K4kb8T6PLXtfra8tHajm7P9sOqp1b7cVpBHXDrjvj8X/yo3PSU0p+0AkxUFGxH6kEXE9z5EvRDkK8SFZy/HL7w40OKCvqknU2qjpKnDyJNGx6P5Y/iXRbqyvMQFHoXEc0Di33+k8uF3az0MS4Ii8Xqj31dVzfyQiGvlfrPcNxlitb2DiTdLcz1PrVztYz1xdVsff/nrrefaIDv1wQH9sbDZ6uVvb/6SWm1NRPweYeJNuy/+F/CggzX8n+F7rjrvsPJ9uWZf/cHQ2NiPii3n7Pxpd53+a524j/3/UY/095v+pHqsDAAAAAACAofZyISK+sdP4v3Rr/M9ooX38z2RE3DiE+vf+/S99lS8kh1Ad0OT1QsS3dxz/uzXGd6qQr32mNh5gJLl7v7J8KSI+GxEXYqSUrc+17Ld5hPDFX5/5Xaf6m8f/ZY+s/sZYwHxPr4otY4mWFtcWD/q+gYjXmxFfqo3/PZdv2T7+J2v/k63xvx+G3WT5/bjLOs587cXtTmV75z/QL9U/RJzfsf3/cLid7H59jtna8cBs46ig3Zd//ps/d6pf/sPgZO3/xO75X0qar9ezur/9j0bE5fVitVN5r8f/o8kPCo39Z362uLb2ZC5iNLnZvn1+fzHDsGrkQyNfsvy/8NXd+/+2jv+b8nA8Ija6rPPz7yf/1alM+w+Dk+X/0u7tf3l7+7//hfkXU3/pVP/trtr/K7U2/UK+Rf8fNGu/Hke3CTqQcAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADgmEsj4lQk6czWcprOzERMRsTnYiKtrKyuff3uyk8eLUXt7t9TMZI27vRbrq8njfv/TzWtz7esX46I0xHx28J4bX3mzkpladBvHgAAAAAAAAAAAAAAAAAAAD4Sk7U5/9VS6/z/zL8Lg44O6Lti/le+w8lT7PmV1dKhBgIcud7zHzjONveV/yN9jQU4ep3z/+27ak3L5u98pe8xAUej6/b/7073Ydj0eP7v5wIYAvr/4KTqsk9vrN9xAIOg/QcAAAAAgKFy+tzLfyQRsfGt8dojM5qXjQ80MqDf0j3KfQfA8DKGF06u4sqgIwAGxYR+INla+n/rZP+azqP/k/4EBAAAAAAAAAAAAAC0OX+28/x/cwNguO06/3+viwMAx9ou8/93mtjjcgEwRDrf+sO8Phh2zvGBvVp78/8BAAAAAAAAAAAA4CMw9vTBYqWy/GR1/fgtXO/pVYWIGGDwG4sH20+1NKjgx6JT0fv+VDoSEYP+jB3aQpZslcpytRqx95Mbl+AYYMx7f3WU+vzVBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA1H0aAAD///UvHMY=")
r0 = syz_open_procfs(0x0, &(0x7f0000000000)='fdinfo\x00')
r1 = socket$nl_sock_diag(0x10, 0x3, 0x4)
sendmsg$DCCPDIAG_GETSOCK(r1, 0x0, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000300)=0x7)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r2 = getpid()
sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x3)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
syz_clone(0x600, 0x0, 0x33, 0x0, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x400000bce)
r3 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r3, &(0x7f0000019680)=""/102392, 0x18ff8)
setitimer(0x1, &(0x7f0000000380), 0x0)
fstat(0xffffffffffffffff, &(0x7f0000000180))
getdents64(r0, &(0x7f0000003f80)=""/4113, 0x1011)

3.267459565s ago: executing program 0 (id=193):
bpf$MAP_CREATE(0x0, 0x0, 0x50)
bpf$MAP_CREATE(0x0, &(0x7f0000000f80)=ANY=[], 0x48)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
syz_usb_connect$uac1(0x0, 0x0, 0x0, 0x0)
syz_mount_image$ext4(&(0x7f0000000780)='ext4\x00', &(0x7f00000000c0)='./file0\x00', 0xa00008, &(0x7f0000000140)={[{@min_batch_time={'min_batch_time', 0x3d, 0xd}}, {@mb_optimize_scan={'mb_optimize_scan', 0x3d, 0x1}}, {@noblock_validity}]}, 0x1, 0x7ad, &(0x7f00000007c0)="$eJzs3c9rG1ceAPDvyD/jZNdeWNjNngwLu4YQeZ31JruwsFn2sBQaCLTnJEZWTGrZCpYcYmNIQin00kNLD4XmknPTprdc++PaXvo39FAS0tYJTemhuIw0SmRbcpzEklL8+cBY782M9N533sybZ82gCWDfGk//5CIORwykydFsfhLZjOiPOFlf7+H6WiGdktjYeOW7pLbOg/W1QjS9J3Uwy/wxIj57I+JIbnu5lZXV+ZlSqbiU5SerCxcnKyurRy8szMwV54qLx6emp4+d+MeJ43sX6w9frh66+/b///rRyZ9e/8Ottz5P4mQcypY1x7FXxmM82yYD6Sbc5H97XViPJb2uAM8kPTT76kd5HI7R6NuhJf/T1ZoBAJ1yJSI2AIB9JnH+B4B9pvE9wIP1tUJjivr1nKs9/WKiS+79NyKG6/E3rm/Wl/TXr9l9NVy7DjryIKldI2lIImJsD8ofj4jrt8/cTKfo0HVIgFauXouIc2PjW/v/tIfbes/C0/rbLtYZ35LX/0H3fJKOf/65ffwXkcuO/+Ha363jn6EWx+6zePLxn7uzKTuwB4U2Scd//266t+1hU/yZsb4s95vamG8gOX+hVEz7tt9GxEQMDKX5qR3KmLj/8/12y5rHf9+/89oHafnp6+M1cnf6hza/Z3amOvM8MTe7dy3iT/2t4k8etX/SZvx7epdlvPSvN99vtyyNP423MW2Pv7M2bkT8pWX7P74PKtnx/sTJ2u4w2dgpWvj46/dG2pXf3P7Xb6clrRUa/wt0Q9r+IzvHP5Y0369Zefoyvrgx+mm7ZZvjP3MzLX9z/K33/8Hk1Vp6MJt3eaZaXZqKGExe3j7/2OP3NvKN9dP4J/7c+vjfaf9Pu6FzWXrjCTc/9t/99sNnj7+z0vhn0/ZPsiCe2P5Pn7j1cL6vXfm7a//pWmoim7O9/+vf9rm7reBzbTwAAAAAAAAAAAAAAAAAAAAAAAAA2KVcRByKJJd/lM7l8vn6M7x/HyO5UrlSPXK+vLw4G7VnZY/FQK7xU5ejTb+HOpX9Hn4jf2xL/u8R8buIeHfoQC2fL5RLs70OHgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAyB9s8/z/1zVCvawcAdMxwrysAAHSd8z8A7D9tzv+DrWcf6GhdAIDuqJ3/k/5eVwMA6CLf/wPA/uP8DwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAQIedPnUqnTZ+XF8rpPnZSyvL8+VLR2eLlfn8wnIhXygvXczPlctzpWK+UF5o+0FX6y+lcvnidCwuX56sFivVycrK6tmF8vJi9eyFhZm54tniQNciAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIDdq6yszs+USsUliZ0TV16IalzLmq3XW0PihUgMRUSnimjuJQ70pnMCAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA+BX4JQAA//9qsh/Y")
openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x3a01, 0x17e)
quotactl$Q_QUOTAON(0xffffffff80000201, &(0x7f0000000180)=@loop={'/dev/loop', 0x0}, 0xffffffffffffffff, 0x0)
r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x42, 0x0)
pwrite64(r0, &(0x7f0000000200)="1b", 0x1, 0x8000c61)
mprotect(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1)
r1 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000180)='hugetlb.1GB.usage_in_bytes\x00', 0x275a, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xa, 0x28011, r1, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000440)='./file1\x00', 0x242, 0x0)
sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f00000005c0)={0x0, 0x0, &(0x7f0000000580)={&(0x7f0000000500)=@getpolicy={0x5c, 0x15, 0x8, 0x70bd28, 0x25dfdbfe, {{@in=@empty, @in6=@loopback, 0x4e21, 0x4, 0x4e24, 0x101, 0x0, 0xa0, 0xa0, 0x2}, 0x6e6bb1}, [@policy_type={0xa, 0x10, {0x1}}]}, 0x5c}, 0x1, 0x0, 0x0, 0x4000000}, 0x1)

3.064810299s ago: executing program 4 (id=194):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="06000000040000000400000004"], 0x48)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0x14, &(0x7f0000000200)=ANY=[@ANYBLOB="1802000001000000000000000000000018010000786c6c2500000000070000007b1af8ff00000000bfa100000000000007010000f8ffffffb700000000000000b70300000000ffff85000000040000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000040)='kmem_cache_free\x00', r1}, 0x10)
r2 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000007c0)=ANY=[@ANYBLOB="1b0000000000000000000000000004"], 0x50)
bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0xf, &(0x7f0000000900)=@ringbuf={{0x18, 0x0, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xf3e5}, {{0x18, 0x1, 0x1, 0x0, r2}}, {}, [], {{}, {0x7, 0x0, 0xb, 0x2, 0x0, 0x0, 0x5}, {0x85, 0x0, 0x0, 0x85}}}, &(0x7f0000000280)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0x1c, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000000c0))
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000240)=@getqdisc={0x24, 0x26, 0x10, 0x70bd2a, 0x25dfdbfe, {0x0, 0x0, 0x0, 0x0, {0x1, 0x5}, {0x10, 0xd}, {0x3, 0xc}}}, 0x24}, 0x1, 0x0, 0x0, 0x4000001}, 0x20040000)
r3 = socket$netlink(0x10, 0x3, 0x0)
r4 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r4, &(0x7f0000000440)={0x0, 0x0, &(0x7f00000006c0)={&(0x7f0000000200)=@newlink={0x54, 0x10, 0x401, 0x2, 0x80000, {0x0, 0x0, 0x0, 0x0, 0x1000, 0x41042}, [@IFLA_LINKINFO={0x20, 0x12, 0x0, 0x1, @vti={{0x8}, {0x14, 0x2, 0x0, 0x1, [@vti_common_policy=[@IFLA_VTI_OKEY={0x8, 0x3, 0x2}, @IFLA_VTI_IKEY={0x8, 0x2, 0xb99d}]]}}}, @IFLA_IFNAME={0x14, 0x3, 'ip_vti0\x00'}]}, 0x54}, 0x1, 0x0, 0x0, 0x8c5}, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000180)={0xffffffffffffffff, <r5=>0xffffffffffffffff})
ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000080)={'lo\x00', <r6=>0x0})
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x9}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r7 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r7, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r8=>0xffffffffffffffff, <r9=>0xffffffffffffffff})
connect$unix(r8, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r9, &(0x7f0000000000), 0x651, 0x0)
r10 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0a00000004000000fd0f000007"], 0x48)
r11 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r10, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000900)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000180)='sched_switch\x00', r11}, 0x10)
open(0x0, 0x400040042, 0x129)
bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000000300)=@bpf_lsm={0xd, 0x5, &(0x7f0000000040)=@framed={{0x26, 0xa, 0x0, 0x0, 0x0, 0x61, 0x10, 0x94}, [@initr0]}, &(0x7f0000000000)='GPL\x00'}, 0x80)
sendmsg$nl_route_sched(r3, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000580)=@newqdisc={0x5c, 0x24, 0xd0f, 0x70bd28, 0x0, {0x60, 0x0, 0x0, r6, {0x0, 0x8}, {0xffff, 0xffff}}, [@TCA_STAB={0x24, 0x8, 0x0, 0x1, [{{0x1c, 0x1, {0xe, 0x4, 0x7, 0x4, 0x2, 0x2cf, 0x8d2}}, {0x4}}]}, @qdisc_kind_options=@q_pfifo={{0xa}, {0x8, 0x2, 0xffff}}]}, 0x5c}, 0x1, 0x0, 0x0, 0x80d1}, 0x34008098)

1.638302567s ago: executing program 1 (id=195):
syz_mount_image$ext4(&(0x7f0000000180)='ext4\x00', &(0x7f00000001c0)='./file0\x00', 0x800714, &(0x7f0000000500), 0xff, 0x485, &(0x7f0000001040)="$eJzs3M9rHFUcAPDvTJL+bhNrrba2Gq1i8UfSpFV78KCi4EFB0EM9xiSttdtGmgi2BI0i9SgF7+JR8C/w5kXUgwheFTxKoWgQmnqKzK9mu9mkSZpkbfbzgc2+t/Nm3/vOzNt9My+zAbSt3uxPErEjIn6LiO4ie3OB3uJpZnpy+Pr05HASs7Nv/JXk5a5NTw5XRav1tpeZw2lE+mkSzyfz6x2/cPHMUK02er7M90+cfa9//MLFp06fHTo1emr03ODx48eODjz7zODTqxJnFte1/R+OHdj3yluXXxs+cfntH7/JmrX3YLG8Po5but4koCZ6s63292yucdmjy2j7nWBnXTrpbGFDWJaOiMh2V1fe/7ujI+Z2Xne8/ElLGwesqey7afPCi6dmgQ0siVa3AGiN6os+O/+tHus09PhfuPpCxKYyPTM9OTxzI/7OSMvXu9aw/t6IODH175fZI5Z7HQIAYAXysc2TzcZ/aezNn4u5jl3lHEpPRNwVEbsj4u6I2BMR90TkZe+NiPuKlWe7l1h/b0N+/vgnvdK0zaskG/89Vzf2m6mLv3zq6ShzO/P4u5KTp2ujR8ptcji6Nmf5gUXq+O6lXz9faFn9+C97ZPVXY8GyAVc6Gy7QjQxNDK3WRrj6ccT+zmbxJzdmArIjYF9E7F/eW++qEqcf//rAQoVuHf8iVmGeafariMeK/T8VDfFXksXnJ/u3RG30SH91VMz30y+XXl+o/tuKfxVk+3/bzcd/Q4nuf5JivrYrarXR8+PLr+PS758teE6z0uN/U/JmPmf98zvFax8MTUycH4jYlLya56tzuvz1wbl1q3xVPov/8KHm/X93uU4W//0RkR3EByPigYh4sGz7QxHxcEQcWiT+H1585N1F4k8iiZbu/5Gmn383jv+epH6+fgWJjjPff7vQjPnS9v+xmMo/awv5598tLLWBt7n5AAAA4I6QRsSOSNK+It27I9K0r6/4H/49sS2tjY1PPHFy7P1zI8U9Aj3RlVZXurrrrocOJFPlOxb5wfJacbX8aHnd+IuOrXm+b3isNtLi2KHdbb+5/0fV/zN/drS6dcCac78WtK/G/p+2qB3A+lvK979zAdiYmvT/ra1oB7D+nP9D+2rW/z9qyBv/w8Y0v///0eQn64CNyPgf2pf+D+1L/4e2dDv39a88Ud0ssPL32bLkO/zbJVH94sVa1rU15l6JtOUht1Ei6zHrW+ncb6gAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADcyf4LAAD///ss5ts=")
mremap(&(0x7f00006bd000/0x2000)=nil, 0x2000, 0x4000, 0x3, &(0x7f0000721000/0x4000)=nil)
munmap(&(0x7f0000e29000/0x1000)=nil, 0x1000)
munmap(&(0x7f0000a88000/0x1000)=nil, 0x1000)
munmap(&(0x7f0000694000/0x3000)=nil, 0x3000)
mremap(&(0x7f0000807000/0x3000)=nil, 0x3000, 0x1000, 0x0, &(0x7f0000ffe000/0x1000)=nil)
mremap(&(0x7f00007b2000/0x4000)=nil, 0x4000, 0x3000, 0x3, &(0x7f0000968000/0x3000)=nil)

1.261872695s ago: executing program 4 (id=196):
ioctl$sock_FIOGETOWN(0xffffffffffffffff, 0x8903, &(0x7f00000001c0))
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x20000008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
socket$unix(0x1, 0x1, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f0000000180)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000300)='rcu_utilization\x00'}, 0x10)
r3 = socket$inet6(0xa, 0x80002, 0x0)
sendmmsg$inet6(r3, &(0x7f0000003cc0)=[{{0x0, 0x0, &(0x7f0000003980), 0x171}}], 0x400000000000172, 0x4000000)
r4 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000040), 0x802, 0x0)
ioctl$UI_SET_ABSBIT(r4, 0x40045567, 0x0)
ioctl$UI_SET_EVBIT(r4, 0x40045564, 0x3)
write$uinput_user_dev(r4, &(0x7f0000001740)={'syz1\x00', {0x0, 0x0, 0xfffe}, 0x0, [0x1002, 0x100000, 0x0, 0x0, 0xfffffff2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x4, 0x0, 0x4000000, 0x0, 0xfffffffd, 0x0, 0x38, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x80000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xa], [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x26f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7ec, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80, 0x1000, 0x0, 0x0, 0x0, 0x7fffffff, 0x8], [0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80000, 0x0, 0x7fff, 0x807, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xd2, 0x0, 0x0, 0x0, 0x0, 0x6, 0x0, 0x0, 0x0, 0x3, 0xffffffff, 0xffffffff, 0x2, 0xffffffff, 0x0, 0x0, 0x0, 0xfffffffe, 0x0, 0x0, 0xfffffffe, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8000000], [0x400, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xeefc, 0x0, 0xfffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x40, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x6, 0x0, 0x0, 0xfffffffa, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0xfffffffc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2]}, 0x45c)
ioctl$UI_DEV_CREATE(r4, 0x5501)
ioctl$SNDRV_CTL_IOCTL_PCM_INFO(0xffffffffffffffff, 0xc1205531, &(0x7f0000000080)={0x1000000, 0x83b, 0x0, 0x0, '\x00', '\x00', '\x00', 0x3, 0x4000, 0x0, 0x40000, "f900"})
write$uinput_user_dev(r4, &(0x7f0000000300)={'syz1\x00', {0x3dac, 0xa5, 0xfff5, 0x1ff}, 0xf, [0xed2, 0x8, 0x5, 0x5, 0x80, 0x3, 0x5, 0x800, 0x8, 0x6, 0x4, 0x8, 0x8, 0x3, 0x7, 0x2f29, 0xff, 0x401, 0x7, 0x6, 0xe06, 0x4, 0xff, 0x7, 0x2, 0x8, 0x0, 0x4, 0x401, 0xd, 0x2, 0x3, 0x982b, 0x2, 0x1, 0x3, 0x7fff, 0x2, 0x2, 0x7, 0x6, 0x200, 0x3, 0x0, 0x8, 0xa, 0x5, 0x3, 0x9, 0x7, 0x3, 0xd10, 0x7, 0x8000, 0x9, 0x6, 0x130b, 0x5, 0xfffffff7, 0xbf90, 0x3, 0x54, 0x0, 0x1], [0x8, 0x2, 0x80, 0x5, 0x1, 0x4, 0x1, 0x480000, 0x2, 0x0, 0x8, 0x3, 0x7b, 0x1, 0x7ff, 0xa1e000, 0x0, 0x8000, 0x40, 0x3, 0x800, 0x654d, 0x2, 0x40, 0x7, 0x9, 0xfffffff9, 0xffffffc0, 0xaa, 0x3, 0x8, 0x7fffffff, 0x11c, 0x5, 0x3, 0x3, 0x4000, 0x7, 0x8, 0x3, 0xeadb, 0x2e, 0x6, 0x4f69, 0x84, 0x4, 0x11c, 0x10001, 0x4, 0x4, 0xc60a, 0x40, 0x8, 0x40000, 0x6, 0x0, 0x9, 0x2, 0x7, 0x7, 0x7, 0x4, 0x9, 0xc210], [0x52, 0x1ff, 0xfa, 0x7, 0x8c, 0xa, 0x5, 0x6, 0x2, 0x745, 0x1, 0x0, 0x61, 0xffff, 0xa8b1, 0x8, 0x5, 0xfb, 0xffff, 0x3, 0xfffffffe, 0x0, 0x3, 0x10000, 0x6, 0x7fff, 0x6, 0x200007, 0x401, 0x8000, 0x80000000, 0x0, 0xffff, 0x8, 0x1, 0x6, 0x0, 0x2908, 0x2, 0x6, 0x0, 0x1000, 0x5, 0x8b2f, 0xd, 0xffff2cbf, 0x7fff, 0x5, 0x5, 0x8, 0x101, 0x7, 0x1eb, 0x8, 0x28, 0x4, 0x4e, 0x8, 0x2, 0x3, 0x6, 0xf, 0x5, 0x3], [0x3, 0x1, 0x9, 0xf, 0x7, 0x81, 0x7, 0x7, 0x2, 0x8, 0x0, 0xfffffffe, 0x100002, 0x6, 0x2, 0x6, 0x0, 0x7, 0x6, 0xf4dc, 0x8, 0x7ff, 0x0, 0x7fffffff, 0x4, 0x0, 0x2, 0x6, 0x9, 0x6, 0x8, 0x0, 0x10001, 0x7fffffff, 0xfffffffa, 0x401, 0x4cdc1a6e, 0x4, 0x6, 0x3, 0x8, 0x0, 0x4, 0x200, 0x80000001, 0x1, 0x4, 0x8, 0x3, 0x9, 0xffff, 0x8000, 0x5, 0x1, 0xc, 0x1, 0xa, 0xfffffffa, 0xd, 0x8, 0x8, 0x8, 0xc4, 0x10001]}, 0x45c)
bpf$BPF_BTF_LOAD(0x12, &(0x7f00000000c0)={&(0x7f0000000400)=ANY=[@ANYBLOB="9feb0100180000000000000014000000140000"], 0x0, 0x2e, 0x0, 0xa, 0x3}, 0x28)
r5 = syz_open_dev$evdev(&(0x7f00000000c0), 0x2, 0x862b01)
write$char_usb(r5, &(0x7f0000000040)="e2", 0x2250)

113.127448ms ago: executing program 0 (id=197):
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000006c0)=@newqdisc={0x78, 0x10, 0x1, 0x0, 0x10000000, {0x0, 0x0, 0x0, 0x0, {0x1}, {}, {0xe, 0x4}}, [@TCA_INGRESS_BLOCK={0x8}, @TCA_STAB={0x4c, 0x8, 0x0, 0x1, [{{0x1c, 0x1a, {0x42, 0x0, 0x0, 0x4000, 0x0, 0x0, 0x2, 0x2}}, {0x8, 0x1b, [0x0, 0x0]}}, {{0x1c, 0x1, {0x2, 0x9e, 0x1, 0x8f49, 0x0, 0x4000000, 0x1d3, 0x2}}, {0x8, 0x2, [0xb, 0x4]}}]}]}, 0x78}}, 0x0)

0s ago: executing program 4 (id=198):
setresgid(0x0, 0x0, 0xee01)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x80000100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000400)=0x7)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x3)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
r1 = syz_clone(0x8000, 0x0, 0xfffffffffffffe7e, 0x0, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, r1, 0x1, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f00000000c0)=0x400000bce)
r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r2, &(0x7f0000019680)=""/102392, 0x18ff8)
sendto$inet(0xffffffffffffffff, 0x0, 0x0, 0x12, 0x0, 0x0)
bind$inet(0xffffffffffffffff, 0x0, 0x0)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000000)=ANY=[@ANYBLOB="1c00080000001c140000fe"], 0x60}, 0x1, 0x0, 0x0, 0x40004}, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f0000000000)=ANY=[@ANYBLOB="1400000007"], 0x50)
pwrite64(0xffffffffffffffff, &(0x7f0000000000)='L', 0x1, 0x7ffffffe)
r3 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
write$binfmt_misc(r3, &(0x7f0000000000), 0xd)
ioctl$KVM_RUN(0xffffffffffffffff, 0xae80, 0x0)

kernel console output (not intermixed with test programs):

Warning: Permanently added '10.128.0.10' (ED25519) to the list of known hosts.
[   69.770548][ T5778] cgroup: Unknown subsys name 'net'
[   69.935858][ T5778] cgroup: Unknown subsys name 'rlimit'
Setting up swapspace version 1, size = 127995904 bytes
[   71.341113][ T5778] Adding 124996k swap on ./swap-file.  Priority:0 extents:1 across:124996k 
[   72.323256][ T1279] ieee802154 phy0 wpan0: encryption failed: -22
[   72.331298][ T1279] ieee802154 phy1 wpan1: encryption failed: -22
[   72.865600][ T5789] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[   72.874938][ T5789] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[   72.889199][ T5789] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[   72.899115][ T5789] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[   72.919333][ T5789] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3
[   72.928071][ T5789] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[   73.012473][ T5792] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1
[   73.022804][ T5792] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9
[   73.031033][ T5792] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1
[   73.040568][ T5792] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9
[   73.049117][ T5792] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4
[   73.057306][ T5792] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3
[   73.065271][ T5792] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2
[   73.080431][ T5796] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9
[   73.100673][ T5792] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1
[   73.102104][ T5796] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9
[   73.110579][ T5792] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9
[   73.124398][ T5796] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4
[   73.124596][ T5792] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9
[   73.140671][ T5792] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3
[   73.149242][ T5792] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2
[   73.160446][ T5792] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4
[   73.168979][ T5792] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3
[   73.182389][ T5792] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2
[   73.309503][ T5787] chnl_net:caif_netlink_parms(): no params data found
[   73.454157][ T5787] bridge0: port 1(bridge_slave_0) entered blocking state
[   73.461951][ T5787] bridge0: port 1(bridge_slave_0) entered disabled state
[   73.469976][ T5787] bridge_slave_0: entered allmulticast mode
[   73.476921][ T5787] bridge_slave_0: entered promiscuous mode
[   73.490021][ T5787] bridge0: port 2(bridge_slave_1) entered blocking state
[   73.497280][ T5787] bridge0: port 2(bridge_slave_1) entered disabled state
[   73.505003][ T5787] bridge_slave_1: entered allmulticast mode
[   73.512068][ T5787] bridge_slave_1: entered promiscuous mode
[   73.608400][ T5787] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   73.634127][ T5787] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   73.699296][ T5787] team0: Port device team_slave_0 added
[   73.731248][ T5787] team0: Port device team_slave_1 added
[   73.828167][ T5787] batman_adv: batadv0: Adding interface: batadv_slave_0
[   73.836063][ T5787] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   73.864871][ T5787] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   73.882724][ T5787] batman_adv: batadv0: Adding interface: batadv_slave_1
[   73.889979][ T5787] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   73.918210][ T5787] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   73.940727][ T5791] chnl_net:caif_netlink_parms(): no params data found
[   74.043582][ T5787] hsr_slave_0: entered promiscuous mode
[   74.051104][ T5787] hsr_slave_1: entered promiscuous mode
[   74.062929][ T5794] chnl_net:caif_netlink_parms(): no params data found
[   74.073677][ T5790] chnl_net:caif_netlink_parms(): no params data found
[   74.184141][ T5791] bridge0: port 1(bridge_slave_0) entered blocking state
[   74.192095][ T5791] bridge0: port 1(bridge_slave_0) entered disabled state
[   74.200401][ T5791] bridge_slave_0: entered allmulticast mode
[   74.207359][ T5791] bridge_slave_0: entered promiscuous mode
[   74.233487][ T5791] bridge0: port 2(bridge_slave_1) entered blocking state
[   74.241067][ T5791] bridge0: port 2(bridge_slave_1) entered disabled state
[   74.248770][ T5791] bridge_slave_1: entered allmulticast mode
[   74.256964][ T5791] bridge_slave_1: entered promiscuous mode
[   74.335275][ T5791] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   74.348811][ T5791] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   74.398568][ T5790] bridge0: port 1(bridge_slave_0) entered blocking state
[   74.406109][ T5790] bridge0: port 1(bridge_slave_0) entered disabled state
[   74.414448][ T5790] bridge_slave_0: entered allmulticast mode
[   74.423148][ T5790] bridge_slave_0: entered promiscuous mode
[   74.467306][ T5790] bridge0: port 2(bridge_slave_1) entered blocking state
[   74.476003][ T5790] bridge0: port 2(bridge_slave_1) entered disabled state
[   74.483605][ T5790] bridge_slave_1: entered allmulticast mode
[   74.493216][ T5790] bridge_slave_1: entered promiscuous mode
[   74.510384][ T5791] team0: Port device team_slave_0 added
[   74.516792][ T5794] bridge0: port 1(bridge_slave_0) entered blocking state
[   74.524335][ T5794] bridge0: port 1(bridge_slave_0) entered disabled state
[   74.531956][ T5794] bridge_slave_0: entered allmulticast mode
[   74.540186][ T5794] bridge_slave_0: entered promiscuous mode
[   74.575862][ T5791] team0: Port device team_slave_1 added
[   74.582469][ T5794] bridge0: port 2(bridge_slave_1) entered blocking state
[   74.589957][ T5794] bridge0: port 2(bridge_slave_1) entered disabled state
[   74.597290][ T5794] bridge_slave_1: entered allmulticast mode
[   74.604602][ T5794] bridge_slave_1: entered promiscuous mode
[   74.631117][ T5790] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   74.643819][ T5790] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   74.705479][ T5791] batman_adv: batadv0: Adding interface: batadv_slave_0
[   74.713114][ T5791] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   74.740359][ T5791] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   74.754561][ T5791] batman_adv: batadv0: Adding interface: batadv_slave_1
[   74.761883][ T5791] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   74.790023][ T5791] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   74.811631][ T5794] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   74.837038][ T5790] team0: Port device team_slave_0 added
[   74.848310][ T5790] team0: Port device team_slave_1 added
[   74.856250][ T5794] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   74.928235][ T5794] team0: Port device team_slave_0 added
[   74.938725][ T5791] hsr_slave_0: entered promiscuous mode
[   74.945406][ T5791] hsr_slave_1: entered promiscuous mode
[   74.953645][ T5791] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[   74.960939][ T5101] Bluetooth: hci0: command tx timeout
[   74.962690][ T5791] Cannot create hsr debugfs directory
[   74.991658][ T5790] batman_adv: batadv0: Adding interface: batadv_slave_0
[   74.999061][ T5790] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   75.026290][ T5790] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   75.040913][ T5794] team0: Port device team_slave_1 added
[   75.065595][ T5790] batman_adv: batadv0: Adding interface: batadv_slave_1
[   75.072839][ T5790] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   75.100163][ T5790] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   75.129350][ T5101] Bluetooth: hci2: command tx timeout
[   75.157747][ T5794] batman_adv: batadv0: Adding interface: batadv_slave_0
[   75.165190][ T5794] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   75.192859][ T5794] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   75.204262][ T5792] Bluetooth: hci1: command tx timeout
[   75.204501][ T5101] Bluetooth: hci3: command tx timeout
[   75.212207][ T5794] batman_adv: batadv0: Adding interface: batadv_slave_1
[   75.222987][ T5794] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   75.249752][ T5794] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   75.262364][ T5787] netdevsim netdevsim0 netdevsim0: renamed from eth0
[   75.274585][ T5787] netdevsim netdevsim0 netdevsim1: renamed from eth1
[   75.312234][ T5787] netdevsim netdevsim0 netdevsim2: renamed from eth2
[   75.322656][ T5787] netdevsim netdevsim0 netdevsim3: renamed from eth3
[   75.372842][ T5790] hsr_slave_0: entered promiscuous mode
[   75.380145][ T5790] hsr_slave_1: entered promiscuous mode
[   75.386490][ T5790] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[   75.394663][ T5790] Cannot create hsr debugfs directory
[   75.468241][ T5794] hsr_slave_0: entered promiscuous mode
[   75.474899][ T5794] hsr_slave_1: entered promiscuous mode
[   75.481686][ T5794] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[   75.489654][ T5794] Cannot create hsr debugfs directory
[   75.730683][ T5791] netdevsim netdevsim1 netdevsim0: renamed from eth0
[   75.744909][ T5791] netdevsim netdevsim1 netdevsim1: renamed from eth1
[   75.758298][ T5791] netdevsim netdevsim1 netdevsim2: renamed from eth2
[   75.774191][ T5791] netdevsim netdevsim1 netdevsim3: renamed from eth3
[   75.907301][ T5794] netdevsim netdevsim2 netdevsim0: renamed from eth0
[   75.917995][ T5794] netdevsim netdevsim2 netdevsim1: renamed from eth1
[   75.931489][ T5794] netdevsim netdevsim2 netdevsim2: renamed from eth2
[   75.942620][ T5794] netdevsim netdevsim2 netdevsim3: renamed from eth3
[   76.025288][ T5787] 8021q: adding VLAN 0 to HW filter on device bond0
[   76.076001][ T5790] netdevsim netdevsim3 netdevsim0: renamed from eth0
[   76.107817][ T5790] netdevsim netdevsim3 netdevsim1: renamed from eth1
[   76.117747][ T5790] netdevsim netdevsim3 netdevsim2: renamed from eth2
[   76.130225][ T5790] netdevsim netdevsim3 netdevsim3: renamed from eth3
[   76.150509][ T5787] 8021q: adding VLAN 0 to HW filter on device team0
[   76.193170][ T3427] bridge0: port 1(bridge_slave_0) entered blocking state
[   76.200642][ T3427] bridge0: port 1(bridge_slave_0) entered forwarding state
[   76.213399][ T3427] bridge0: port 2(bridge_slave_1) entered blocking state
[   76.220928][ T3427] bridge0: port 2(bridge_slave_1) entered forwarding state
[   76.257644][ T5794] 8021q: adding VLAN 0 to HW filter on device bond0
[   76.292375][ T5791] 8021q: adding VLAN 0 to HW filter on device bond0
[   76.338297][ T5794] 8021q: adding VLAN 0 to HW filter on device team0
[   76.364934][ T3416] bridge0: port 1(bridge_slave_0) entered blocking state
[   76.372105][ T3416] bridge0: port 1(bridge_slave_0) entered forwarding state
[   76.385425][ T5791] 8021q: adding VLAN 0 to HW filter on device team0
[   76.428689][ T3427] bridge0: port 1(bridge_slave_0) entered blocking state
[   76.436018][ T3427] bridge0: port 1(bridge_slave_0) entered forwarding state
[   76.447467][ T3427] bridge0: port 2(bridge_slave_1) entered blocking state
[   76.455047][ T3427] bridge0: port 2(bridge_slave_1) entered forwarding state
[   76.506148][   T58] bridge0: port 2(bridge_slave_1) entered blocking state
[   76.513798][   T58] bridge0: port 2(bridge_slave_1) entered forwarding state
[   76.556439][ T5794] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[   76.704669][ T5790] 8021q: adding VLAN 0 to HW filter on device bond0
[   76.764957][ T5790] 8021q: adding VLAN 0 to HW filter on device team0
[   76.786478][ T1083] bridge0: port 1(bridge_slave_0) entered blocking state
[   76.793973][ T1083] bridge0: port 1(bridge_slave_0) entered forwarding state
[   76.835306][ T1083] bridge0: port 2(bridge_slave_1) entered blocking state
[   76.842570][ T1083] bridge0: port 2(bridge_slave_1) entered forwarding state
[   77.039556][ T5101] Bluetooth: hci0: command tx timeout
[   77.070148][ T5794] 8021q: adding VLAN 0 to HW filter on device batadv0
[   77.112977][ T5787] 8021q: adding VLAN 0 to HW filter on device batadv0
[   77.176449][ T5791] 8021q: adding VLAN 0 to HW filter on device batadv0
[   77.201178][ T5101] Bluetooth: hci2: command tx timeout
[   77.279487][ T5101] Bluetooth: hci3: command tx timeout
[   77.279690][ T5792] Bluetooth: hci1: command tx timeout
[   77.297949][ T5790] 8021q: adding VLAN 0 to HW filter on device batadv0
[   77.306834][ T5794] veth0_vlan: entered promiscuous mode
[   77.332713][ T5787] veth0_vlan: entered promiscuous mode
[   77.348676][ T5787] veth1_vlan: entered promiscuous mode
[   77.360607][ T5794] veth1_vlan: entered promiscuous mode
[   77.420545][ T5791] veth0_vlan: entered promiscuous mode
[   77.465773][ T5787] veth0_macvtap: entered promiscuous mode
[   77.476102][ T5794] veth0_macvtap: entered promiscuous mode
[   77.486263][ T5791] veth1_vlan: entered promiscuous mode
[   77.510805][ T5787] veth1_macvtap: entered promiscuous mode
[   77.541323][ T5794] veth1_macvtap: entered promiscuous mode
[   77.556895][ T5790] veth0_vlan: entered promiscuous mode
[   77.573653][ T5790] veth1_vlan: entered promiscuous mode
[   77.596118][ T5787] batman_adv: batadv0: Interface activated: batadv_slave_0
[   77.613137][ T5787] batman_adv: batadv0: Interface activated: batadv_slave_1
[   77.625495][ T5787] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   77.635243][ T5787] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   77.645264][ T5787] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   77.654825][ T5787] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   77.684026][ T5791] veth0_macvtap: entered promiscuous mode
[   77.696086][ T5791] veth1_macvtap: entered promiscuous mode
[   77.707387][ T5794] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[   77.720722][ T5794] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   77.733677][ T5794] batman_adv: batadv0: Interface activated: batadv_slave_0
[   77.778705][ T5794] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[   77.789808][ T5794] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   77.802133][ T5794] batman_adv: batadv0: Interface activated: batadv_slave_1
[   77.826335][ T5791] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[   77.837744][ T5791] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   77.851464][ T5791] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[   77.863209][ T5791] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   77.875722][ T5791] batman_adv: batadv0: Interface activated: batadv_slave_0
[   77.886293][ T5794] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   77.896200][ T5794] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   77.905193][ T5794] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   77.914358][ T5794] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   77.933043][ T5790] veth0_macvtap: entered promiscuous mode
[   77.944860][ T5790] veth1_macvtap: entered promiscuous mode
[   77.956053][ T5791] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[   77.968781][ T5791] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   77.979773][ T5791] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[   77.991891][ T5791] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   78.004621][ T5791] batman_adv: batadv0: Interface activated: batadv_slave_1
[   78.076503][ T5791] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   78.087517][ T5791] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   78.096782][ T5791] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   78.106166][ T5791] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   78.145549][ T5790] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[   78.157193][ T5790] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   78.168305][ T5790] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[   78.179693][ T5790] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   78.192291][ T5790] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[   78.203852][ T5790] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   78.216282][ T5790] batman_adv: batadv0: Interface activated: batadv_slave_0
[   78.230201][ T5790] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[   78.241276][ T5790] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   78.251930][ T5790] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[   78.263835][ T5790] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   78.274204][ T5790] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[   78.285017][ T5790] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   78.297439][ T5790] batman_adv: batadv0: Interface activated: batadv_slave_1
[   78.334937][ T3416] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   78.337693][ T5790] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   78.353045][ T3416] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   78.364807][ T5790] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   78.374178][ T5790] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   78.383504][ T5790] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   78.513513][   T11] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   78.524732][   T11] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   78.538326][   T58] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   78.548030][   T58] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   78.608589][ T3427] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   78.618271][ T3427] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   78.656152][   T58] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   78.674543][   T58] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   78.768634][   T58] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   78.789237][   T58] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   78.834420][ T3427] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   78.865171][ T3427] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   78.938945][   T58] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   79.009673][ T5872] input: syz1 as /devices/virtual/input/input5
[   79.104247][   T58] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   79.180275][ T5792] Bluetooth: hci0: command tx timeout
[   79.279954][ T5792] Bluetooth: hci2: command tx timeout
[   79.360514][ T5101] Bluetooth: hci1: command tx timeout
[   79.367877][ T5792] Bluetooth: hci3: command tx timeout
[   79.868980][ T5878] syz.2.3[5878]: memfd_create() called without MFD_EXEC or MFD_NOEXEC_SEAL set
[   79.929997][ T5881] netlink: 12 bytes leftover after parsing attributes in process `syz.3.4'.
[   79.940954][ T5878] loop2: detected capacity change from 0 to 512
[   80.174697][ T5878] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   80.245833][ T5878] ext4 filesystem being mounted at /0/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[   80.368229][ T5894] tc_dump_action: action bad kind
[   80.833367][ T5794] EXT4-fs error (device loop2): ext4_empty_dir:3139: inode #12: comm syz-executor: Directory hole found for htree leaf block 0
[   80.883417][ T5794] EXT4-fs error (device loop2): ext4_empty_dir:3139: inode #12: comm syz-executor: Directory hole found for htree leaf block 0
[   80.928109][ T5794] EXT4-fs error (device loop2): ext4_empty_dir:3139: inode #12: comm syz-executor: Directory hole found for htree leaf block 0
[   80.937558][ T5900] loop3: detected capacity change from 0 to 512
[   80.949120][ T5794] EXT4-fs error (device loop2): ext4_empty_dir:3139: inode #12: comm syz-executor: Directory hole found for htree leaf block 0
[   80.967022][ T5794] EXT4-fs error (device loop2): ext4_empty_dir:3139: inode #12: comm syz-executor: Directory hole found for htree leaf block 0
[   80.984270][ T5794] EXT4-fs error (device loop2): ext4_empty_dir:3139: inode #12: comm syz-executor: Directory hole found for htree leaf block 0
[   81.011288][ T5900] =======================================================
[   81.011288][ T5900] WARNING: The mand mount option has been deprecated and
[   81.011288][ T5900]          and is ignored by this kernel. Remove the mand
[   81.011288][ T5900]          option from the mount to silence this warning.
[   81.011288][ T5900] =======================================================
[   81.071639][ T5794] EXT4-fs error (device loop2): ext4_empty_dir:3139: inode #12: comm syz-executor: Directory hole found for htree leaf block 0
[   81.115697][ T5794] EXT4-fs error (device loop2): ext4_empty_dir:3139: inode #12: comm syz-executor: Directory hole found for htree leaf block 0
[   81.137587][ T5903] loop1: detected capacity change from 0 to 1764
[   81.157442][ T5900] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   81.161517][ T5794] EXT4-fs error (device loop2): ext4_empty_dir:3139: inode #12: comm syz-executor: Directory hole found for htree leaf block 0
[   81.189689][ T5900] ext4 filesystem being mounted at /2/bus supports timestamps until 2038-01-19 (0x7fffffff)
[   81.213189][ T5792] Bluetooth: hci0: command tx timeout
[   81.216697][ T5900] Quota error (device loop3): do_check_range: Getting dqdh_next_free 2741 out of range 0-6
[   81.231203][ T5794] EXT4-fs error (device loop2): ext4_empty_dir:3139: inode #12: comm syz-executor: Directory hole found for htree leaf block 0
[   81.231386][ T5900] Quota error (device loop3): qtree_write_dquot: Error -117 occurred while creating quota
[   81.292452][ T5900] EXT4-fs error (device loop3): ext4_acquire_dquot:6940: comm syz.3.10: Failed to acquire dquot type 0
[   81.359394][ T5792] Bluetooth: hci2: command tx timeout
[   81.452739][ T5911] input: syz1 as /devices/virtual/input/input6
[   81.467485][ T5101] Bluetooth: hci1: command tx timeout
[   81.473546][ T5792] Bluetooth: hci3: command tx timeout
[   82.095927][ T5790] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   82.462463][ T5924] kvm_intel: L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/l1tf.html for details.
[   82.560163][    T0] NOHZ tick-stop error: local softirq work is pending, handler #08!!!
[   82.570661][    T0] NOHZ tick-stop error: local softirq work is pending, handler #40!!!
[   82.719731][    T0] NOHZ tick-stop error: local softirq work is pending, handler #08!!!
[   82.772356][    T0] NOHZ tick-stop error: local softirq work is pending, handler #140!!!
[   82.781567][    T0] NOHZ tick-stop error: local softirq work is pending, handler #40!!!
[   82.800163][    T0] NOHZ tick-stop error: local softirq work is pending, handler #08!!!
[   82.875036][    T0] NOHZ tick-stop error: local softirq work is pending, handler #140!!!
[   82.885150][    T0] NOHZ tick-stop error: local softirq work is pending, handler #48!!!
[   82.960851][    T0] NOHZ tick-stop error: local softirq work is pending, handler #08!!!
[   82.961961][ T5931] UDPLite6: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list
[   83.080065][    T0] NOHZ tick-stop error: local softirq work is pending, handler #142!!!
[   84.084406][ T5837] usb 1-1: new high-speed USB device number 2 using dummy_hcd
[   84.389165][ T5837] usb 1-1: Using ep0 maxpacket: 32
[   84.422941][ T5837] usb 1-1: config 0 has an invalid interface number: 184 but max is 0
[   84.449174][ T5837] usb 1-1: config 0 has no interface number 0
[   84.455654][ T5837] usb 1-1: config 0 interface 184 has no altsetting 0
[   84.519320][ T5837] usb 1-1: New USB device found, idVendor=0424, idProduct=7500, bcdDevice=69.ee
[   84.539128][ T5837] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[   84.547383][ T5837] usb 1-1: Product: syz
[   84.569626][ T5837] usb 1-1: Manufacturer: syz
[   84.574564][ T5837] usb 1-1: SerialNumber: syz
[   84.602806][ T5837] usb 1-1: config 0 descriptor??
[   84.625412][ T5837] smsc75xx v1.0.0
[   84.717426][ T5935] loop3: detected capacity change from 0 to 512
[   84.761491][ T5935] EXT4-fs (loop3): Cannot turn on journaled quota: type 0: error -2
[   84.778349][ T5935] EXT4-fs (loop3): Cannot turn on journaled quota: type 1: error -2
[   84.793870][ T5935] EXT4-fs error (device loop3): ext4_free_branches:1030: inode #13: comm syz.3.22: invalid indirect mapped block 512 (level 0)
[   84.823547][ T5935] EXT4-fs (loop3): 1 truncate cleaned up
[   84.842088][ T5935] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   85.002707][ T5790] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   85.245301][ T5837] smsc75xx 1-1:0.184 (unnamed net_device) (uninitialized): Failed to read reg index 0x00000040: -32
[   85.276502][ T5837] smsc75xx 1-1:0.184 (unnamed net_device) (uninitialized): Error reading E2P_CMD
[   85.530336][ T5947] input: syz1 as /devices/virtual/input/input7
[   85.795684][ T5794] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   85.958905][ T5837] smsc75xx 1-1:0.184 (unnamed net_device) (uninitialized): Failed to read reg index 0x00000010: -71
[   86.082825][ T5837] smsc75xx 1-1:0.184 (unnamed net_device) (uninitialized): Failed to read HW_CFG: -71
[   86.089821][ T4457] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   86.121407][ T5794] syz-executor (5794) used greatest stack depth: 20616 bytes left
[   86.134028][ T5837] smsc75xx 1-1:0.184 (unnamed net_device) (uninitialized): smsc75xx_reset error -71
[   86.167723][ T5837] smsc75xx: probe of 1-1:0.184 failed with error -71
[   86.198874][ T5950] loop1: detected capacity change from 0 to 4096
[   86.207077][ T5837] usb 1-1: USB disconnect, device number 2
[   86.425876][ T5950] EXT4-fs (loop1): Test dummy encryption mode enabled
[   86.446119][ T5950] EXT4-fs (loop1): can't mount with data_err=abort, fs mounted w/o journal
[   86.447190][ T4457] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   86.666877][ T4457] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   86.816347][ T5961] capability: warning: `syz.0.29' uses deprecated v2 capabilities in a way that may be insecure
[   86.912246][ T4457] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   88.111260][    T8] cfg80211: failed to load regulatory.db
[   88.466203][ T5981] input: syz1 as /devices/virtual/input/input8
[   89.174879][ T5985] loop0: detected capacity change from 0 to 1024
[   89.202442][ T5985] EXT4-fs: Ignoring removed nobh option
[   89.239415][ T5985] EXT4-fs: Ignoring removed bh option
[   89.239615][ T5101] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1
[   89.259810][ T5101] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9
[   89.274757][ T5101] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9
[   89.285320][ T5985] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE
[   89.318219][ T5101] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4
[   89.332541][ T5101] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3
[   89.363177][ T5985] EXT4-fs (loop0): stripe (8) is not aligned with cluster size (16), stripe is disabled
[   89.394737][ T5101] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2
[   89.483111][ T5985] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[   89.635713][ T5985] EXT4-fs error (device loop0): ext4_mb_mark_diskspace_used:4031: comm syz.0.39: Allocating blocks 497-513 which overlap fs metadata
[   89.787154][   T28] audit: type=1804 audit(1756808631.433:2): pid=5985 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.0.39" name="/newroot/8/file1/file1" dev="loop0" ino=15 res=1 errno=0
[   89.800476][ T5999] EXT4-fs (loop0): pa ffff888076272d98: logic 16, phys. 145, len 23
[   89.818090][ T5999] EXT4-fs error (device loop0): ext4_mb_release_inode_pa:5372: group 0, free 0, pa_free 1
[   90.214294][ T5787] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   90.238808][ T6013] loop3: detected capacity change from 0 to 512
[   90.266914][ T6013] EXT4-fs: Ignoring removed oldalloc option
[   90.338865][ T6013] EXT4-fs (loop3): 1 truncate cleaned up
[   90.450407][ T6013] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   90.673498][ T5790] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   91.650414][ T5101] Bluetooth: hci3: command tx timeout
[   91.724834][ T5986] chnl_net:caif_netlink_parms(): no params data found
[   92.615805][ T6039] loop3: detected capacity change from 0 to 512
[   92.630841][ T5986] bridge0: port 1(bridge_slave_0) entered blocking state
[   92.659224][ T6039] EXT4-fs: Warning: mounting with data=journal disables delayed allocation, dioread_nolock, O_DIRECT and fast_commit support!
[   92.675668][ T5986] bridge0: port 1(bridge_slave_0) entered disabled state
[   92.700250][ T6039] EXT4-fs (loop3): encrypted files will use data=ordered instead of data journaling mode
[   92.700847][ T5986] bridge_slave_0: entered allmulticast mode
[   92.750950][ T5986] bridge_slave_0: entered promiscuous mode
[   92.787159][ T6039] EXT4-fs (loop3): 1 truncate cleaned up
[   92.812416][ T6039] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[   92.844802][ T6039] EXT4-fs error (device loop3): ext4_find_extent:900: inode #15: comm syz.3.48: inode has invalid extent depth: 25964
[   92.873063][ T6039] fs-verity (loop3, inode 15): Error -117 getting verity descriptor size
[   92.901372][ T5986] bridge0: port 2(bridge_slave_1) entered blocking state
[   92.940295][ T5790] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   92.950596][ T5986] bridge0: port 2(bridge_slave_1) entered disabled state
[   92.958294][ T5986] bridge_slave_1: entered allmulticast mode
[   93.016296][ T5986] bridge_slave_1: entered promiscuous mode
[   93.217701][ T5986] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   93.254125][ T5986] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   93.404811][ T4457] hsr_slave_0: left promiscuous mode
[   93.417031][ T4457] hsr_slave_1: left promiscuous mode
[   93.425307][ T4457] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[   93.459386][ T4457] batman_adv: batadv0: Removing interface: batadv_slave_0
[   93.500987][ T4457] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[   93.539442][ T4457] batman_adv: batadv0: Removing interface: batadv_slave_1
[   93.566034][ T4457] bridge_slave_1: left allmulticast mode
[   93.578027][ T4457] bridge_slave_1: left promiscuous mode
[   93.594611][ T4457] bridge0: port 2(bridge_slave_1) entered disabled state
[   93.719378][ T5101] Bluetooth: hci3: command tx timeout
[   93.850177][ T4457] bridge_slave_0: left allmulticast mode
[   93.856547][ T4457] bridge_slave_0: left promiscuous mode
[   95.379396][ T4457] bridge0: port 1(bridge_slave_0) entered disabled state
[   95.565863][ T4457] veth1_macvtap: left promiscuous mode
[   95.583454][ T4457] veth0_macvtap: left promiscuous mode
[   95.602857][ T4457] veth1_vlan: left promiscuous mode
[   95.621472][ T4457] veth0_vlan: left promiscuous mode
[   95.745127][ T6080] loop0: detected capacity change from 0 to 2048
[   95.760096][ T5101] Bluetooth: hci3: command tx timeout
[   95.790068][ T6080] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[   95.928286][ T6084] EXT4-fs error (device loop0): __ext4_get_inode_loc:4483: comm syz.0.57: Invalid inode table block 163208811354 in block_group 0
[   96.004917][ T6084] EXT4-fs error (device loop0) in ext4_reserve_inode_write:5902: Corrupt filesystem
[   96.042850][ T6084] EXT4-fs error (device loop0): ext4_setattr:5584: inode #15: comm syz.0.57: mark_inode_dirty error
[   96.057173][ T6084] EXT4-fs error (device loop0) in ext4_setattr:5645: Corrupt filesystem
[   96.102166][ T6084] EXT4-fs error (device loop0) in ext4_reserve_inode_write:5902: Out of memory
[   96.130244][ T6084] EXT4-fs error (device loop0): mpage_map_and_submit_extent:2315: inode #15: comm syz.0.57: mark_inode_dirty error
[   96.165682][ T6084] EXT4-fs error (device loop0): mpage_map_and_submit_extent:2319: comm syz.0.57: Failed to mark inode 15 dirty
[   96.196848][ T6084] syz.0.57: attempt to access beyond end of device
[   96.196848][ T6084] loop0: rw=1, sector=7212754380, nr_sectors = 4 limit=2048
[   96.239205][ T6084] EXT4-fs warning (device loop0): ext4_end_bio:357: I/O error 10 writing to inode 15 starting block 1803188595)
[   96.286384][ T6084] Buffer I/O error on device loop0, logical block 1803188595
[   96.816350][ T4457] team0 (unregistering): Port device team_slave_1 removed
[   96.879679][ T3427] EXT4-fs error (device loop0): ext4_ind_map_blocks:604: inode #15: comm kworker/u4:7: Can't allocate blocks for non-extent mapped inodes with bigalloc
[   96.917245][ T3427] EXT4-fs (loop0): Delayed block allocation failed for inode 15 at logical offset 65537 with max blocks 1 with error 117
[   96.942832][ T3427] EXT4-fs (loop0): This should not happen!! Data will be lost
[   96.942832][ T3427] 
[   96.954852][ T4457] team0 (unregistering): Port device team_slave_0 removed
[   96.964689][ T5787] EXT4-fs (loop0): Inode 15 (ffff88805ed33200): i_reserved_data_blocks (1) not cleared!
[   96.990456][ T5787] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   97.056386][ T4457] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[   97.180242][ T4457] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[   97.207216][ T6091] loop0: detected capacity change from 0 to 2048
[   97.315719][ T6091] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[   97.540755][ T5787] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   97.907891][ T5101] Bluetooth: hci3: command tx timeout
[   98.141195][ T6103] UDPLite: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list
[  100.222270][ T4457] bond0 (unregistering): Released all slaves
[  100.446680][ T5986] team0: Port device team_slave_0 added
[  100.476020][ T5986] team0: Port device team_slave_1 added
[  100.714772][ T5986] batman_adv: batadv0: Adding interface: batadv_slave_0
[  100.745051][ T5986] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  100.773308][ T5986] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  100.813420][ T5986] batman_adv: batadv0: Adding interface: batadv_slave_1
[  100.821043][ T5986] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  101.257555][ T5986] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  101.600230][ T6122] loop0: detected capacity change from 0 to 16
[  101.689564][ T6122] erofs: (device loop0): mounted with root inode @ nid 36.
[  101.850444][ T5986] hsr_slave_0: entered promiscuous mode
[  101.883963][ T5986] hsr_slave_1: entered promiscuous mode
[  101.901301][ T5986] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  101.922683][ T5986] Cannot create hsr debugfs directory
[  102.217361][ T6127] loop3: detected capacity change from 0 to 164
[  102.308121][ T5973] I/O error, dev loop3, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2
[  103.739376][ T5986] netdevsim netdevsim4 netdevsim0: renamed from eth0
[  103.769388][ T5986] netdevsim netdevsim4 netdevsim1: renamed from eth1
[  103.818669][ T5986] netdevsim netdevsim4 netdevsim2: renamed from eth2
[  103.860429][ T5986] netdevsim netdevsim4 netdevsim3: renamed from eth3
[  104.167714][ T5986] 8021q: adding VLAN 0 to HW filter on device bond0
[  104.680647][ T5986] 8021q: adding VLAN 0 to HW filter on device team0
[  104.706966][ T3435] bridge0: port 1(bridge_slave_0) entered blocking state
[  104.714478][ T3435] bridge0: port 1(bridge_slave_0) entered forwarding state
[  104.782666][ T3435] bridge0: port 2(bridge_slave_1) entered blocking state
[  104.790233][ T3435] bridge0: port 2(bridge_slave_1) entered forwarding state
[  104.906861][   T28] audit: type=1326 audit(1756808646.553:3): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6166 comm="syz.1.74" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f89c918ebe9 code=0x7ffc0000
[  105.029525][   T28] audit: type=1326 audit(1756808646.583:4): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6166 comm="syz.1.74" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f89c918ebe9 code=0x7ffc0000
[  105.080196][   T28] audit: type=1326 audit(1756808646.613:5): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6166 comm="syz.1.74" exe="/root/syz-executor" sig=0 arch=c000003e syscall=6 compat=0 ip=0x7f89c918ebe9 code=0x7ffc0000
[  105.166347][   T28] audit: type=1326 audit(1756808646.613:6): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6166 comm="syz.1.74" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f89c918ebe9 code=0x7ffc0000
[  107.040357][ T6188] loop3: detected capacity change from 0 to 2048
[  107.211995][ T6188] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  107.346089][ T5986] 8021q: adding VLAN 0 to HW filter on device batadv0
[  107.658884][ T6188] EXT4-fs error (device loop3): __ext4_get_inode_loc:4483: comm syz.3.77: Invalid inode table block 163208811354 in block_group 0
[  107.757421][ T6204] loop1: detected capacity change from 0 to 8
[  108.280374][ T6188] EXT4-fs error (device loop3) in ext4_reserve_inode_write:5902: Corrupt filesystem
[  108.359548][ T6188] EXT4-fs error (device loop3): ext4_setattr:5584: inode #15: comm syz.3.77: mark_inode_dirty error
[  108.437929][ T6188] EXT4-fs error (device loop3) in ext4_setattr:5645: Corrupt filesystem
[  108.487279][ T6188] EXT4-fs error (device loop3) in ext4_reserve_inode_write:5902: Out of memory
[  108.526439][ T6188] EXT4-fs error (device loop3): mpage_map_and_submit_extent:2315: inode #15: comm syz.3.77: mark_inode_dirty error
[  108.597811][ T6188] EXT4-fs error (device loop3): mpage_map_and_submit_extent:2319: comm syz.3.77: Failed to mark inode 15 dirty
[  108.642200][ T6188] syz.3.77: attempt to access beyond end of device
[  108.642200][ T6188] loop3: rw=1, sector=7212754380, nr_sectors = 4 limit=2048
[  108.700332][ T6188] EXT4-fs warning (device loop3): ext4_end_bio:357: I/O error 10 writing to inode 15 starting block 1803188595)
[  108.764337][ T6188] Buffer I/O error on device loop3, logical block 1803188595
[  109.021651][ T5986] veth0_vlan: entered promiscuous mode
[  109.071515][ T5986] veth1_vlan: entered promiscuous mode
[  109.147320][ T5986] veth0_macvtap: entered promiscuous mode
[  109.197010][ T5986] veth1_macvtap: entered promiscuous mode
[  109.262495][ T5986] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  109.300013][ T5986] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  109.328161][ T5986] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  109.338182][ T6232] loop1: detected capacity change from 0 to 512
[  109.367886][ T5986] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  109.399383][ T6232] EXT4-fs (loop1): encrypted files will use data=ordered instead of data journaling mode
[  109.422579][ T5986] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  109.455965][ T6232] EXT4-fs (loop1): 1 truncate cleaned up
[  109.459220][ T5986] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  109.480544][ T6232] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  109.504454][ T6236] Zero length message leads to an empty skb
[  109.538817][ T1083] EXT4-fs error (device loop3): ext4_ind_map_blocks:604: inode #15: comm kworker/u4:5: Can't allocate blocks for non-extent mapped inodes with bigalloc
[  109.580815][ T5986] batman_adv: batadv0: Interface activated: batadv_slave_0
[  109.623153][ T5986] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  109.645400][ T1083] EXT4-fs (loop3): Delayed block allocation failed for inode 15 at logical offset 65537 with max blocks 1 with error 117
[  109.664444][ T5986] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  109.675663][ T1083] EXT4-fs (loop3): This should not happen!! Data will be lost
[  109.675663][ T1083] 
[  109.686804][ T5986] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  109.698507][ T5986] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  109.715066][ T5986] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  109.723492][ T5790] EXT4-fs (loop3): Inode 15 (ffff88807838a800): i_reserved_data_blocks (1) not cleared!
[  109.728374][ T5986] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  109.743580][ T5790] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  109.752090][ T5986] batman_adv: batadv0: Interface activated: batadv_slave_1
[  109.786231][ T5986] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  109.796757][ T5986] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  109.828106][ T5986] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  109.847661][ T5986] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  109.938148][ T5791] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  110.338100][ T3416] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  110.389387][ T3416] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  110.912699][ T5913] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  110.986878][ T5913] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  111.722029][ T6268] input: syz1 as /devices/virtual/input/input10
[  112.507718][ T6271] Bluetooth: MGMT ver 1.22
[  112.514004][ T6271] Bluetooth: hci0: unsupported parameter 5148
[  112.521271][ T6271] Bluetooth: hci0: unsupported parameter 65024
[  112.528814][ T6271] Bluetooth: hci0: unsupported parameter 5148
[  112.535598][ T6271] Bluetooth: hci0: unsupported parameter 65024
[  114.723064][ T6281] loop0: detected capacity change from 0 to 2048
[  114.822382][ T6281] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  115.141013][ T6290] EXT4-fs error (device loop0): __ext4_get_inode_loc:4483: comm syz.0.94: Invalid inode table block 163208811354 in block_group 0
[  115.865389][ T6290] EXT4-fs error (device loop0) in ext4_reserve_inode_write:5902: Corrupt filesystem
[  115.918514][ T6290] EXT4-fs error (device loop0): ext4_setattr:5584: inode #15: comm syz.0.94: mark_inode_dirty error
[  115.983812][ T6290] EXT4-fs error (device loop0) in ext4_setattr:5645: Corrupt filesystem
[  116.033970][ T6290] EXT4-fs error (device loop0): __ext4_get_inode_loc:4483: comm syz.0.94: Invalid inode table block 163208811354 in block_group 0
[  116.123358][ T6290] EXT4-fs error (device loop0): ext4_map_blocks:718: inode #15: block 1803188595: comm syz.0.94: lblock 0 mapped to illegal pblock 1803188595 (length 1)
[  116.189230][ T6290] EXT4-fs (loop0): Delayed block allocation failed for inode 15 at logical offset 0 with max blocks 1 with error 117
[  116.213054][ T6290] EXT4-fs (loop0): This should not happen!! Data will be lost
[  116.213054][ T6290] 
[  117.349655][ T3427] EXT4-fs error (device loop0): __ext4_get_inode_loc:4483: comm kworker/u4:7: Invalid inode table block 163208811354 in block_group 0
[  117.502436][ T3427] EXT4-fs error (device loop0): ext4_ind_map_blocks:604: inode #15: comm kworker/u4:7: Can't allocate blocks for non-extent mapped inodes with bigalloc
[  117.679004][    C0] sched: RT throttling activated
[  118.063660][ T3427] EXT4-fs (loop0): Delayed block allocation failed for inode 15 at logical offset 65537 with max blocks 1 with error 117
[  118.076641][ T3427] EXT4-fs (loop0): This should not happen!! Data will be lost
[  118.076641][ T3427] 
[  118.231972][ T3427] EXT4-fs error (device loop0): __ext4_get_inode_loc:4483: comm kworker/u4:7: Invalid inode table block 163208811354 in block_group 0
[  118.502788][ T3427] EXT4-fs error (device loop0): __ext4_get_inode_loc:4483: comm kworker/u4:7: Invalid inode table block 163208811354 in block_group 0
[  118.550478][ T5787] EXT4-fs (loop0): Inode 15 (ffff88807838da00): i_reserved_data_blocks (1) not cleared!
[  118.580319][ T5787] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  118.857913][ T6331] loop3: detected capacity change from 0 to 136
[  118.860742][ T6327] loop0: detected capacity change from 0 to 1024
[  118.939855][ T6334] input: syz1 as /devices/virtual/input/input11
[  119.222986][ T6327] EXT4-fs: Mount option(s) incompatible with ext2
[  119.987873][ T6343] loop3: detected capacity change from 0 to 1024
[  121.290667][ T6343] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  121.319646][ T6343] ext4 filesystem being mounted at /36/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  121.413853][ T6343] EXT4-fs error (device loop3): ext4_map_blocks:718: inode #15: block 1: comm syz.3.104: lblock 1 mapped to illegal pblock 1 (length 1)
[  121.487355][ T6343] EXT4-fs error (device loop3): ext4_ext_remove_space:2929: inode #15: comm syz.3.104: pblk 0 bad header/extent: invalid extent entries - magic f30a, entries 2, max 4(4), depth 0(0)
[  121.562454][ T6356] loop1: detected capacity change from 0 to 2048
[  121.591434][ T6356] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  121.631459][ T5790] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  121.748403][ T6360] EXT4-fs error (device loop1): __ext4_get_inode_loc:4483: comm syz.1.108: Invalid inode table block 163208811354 in block_group 0
[  121.835784][ T6360] EXT4-fs error (device loop1) in ext4_reserve_inode_write:5902: Corrupt filesystem
[  122.209430][ T6360] EXT4-fs error (device loop1): ext4_setattr:5584: inode #15: comm syz.1.108: mark_inode_dirty error
[  122.551319][ T6360] EXT4-fs error (device loop1) in ext4_setattr:5645: Corrupt filesystem
[  122.609373][ T6360] EXT4-fs error (device loop1): __ext4_get_inode_loc:4483: comm syz.1.108: Invalid inode table block 163208811354 in block_group 0
[  122.653083][ T6360] EXT4-fs error (device loop1): ext4_map_blocks:718: inode #15: block 1803188595: comm syz.1.108: lblock 0 mapped to illegal pblock 1803188595 (length 1)
[  122.725208][ T6360] EXT4-fs (loop1): Delayed block allocation failed for inode 15 at logical offset 0 with max blocks 1 with error 117
[  122.754600][ T6360] EXT4-fs (loop1): This should not happen!! Data will be lost
[  122.754600][ T6360] 
[  123.733513][ T3435] EXT4-fs error (device loop1): __ext4_get_inode_loc:4483: comm kworker/u4:8: Invalid inode table block 163208811354 in block_group 0
[  123.827379][ T3435] EXT4-fs error (device loop1): ext4_ind_map_blocks:604: inode #15: comm kworker/u4:8: Can't allocate blocks for non-extent mapped inodes with bigalloc
[  124.076681][ T6392] input: syz1 as /devices/virtual/input/input12
[  124.552659][ T3435] EXT4-fs (loop1): Delayed block allocation failed for inode 15 at logical offset 65537 with max blocks 1 with error 117
[  124.598128][ T3435] EXT4-fs (loop1): This should not happen!! Data will be lost
[  124.598128][ T3435] 
[  124.624735][ T3435] EXT4-fs error (device loop1): __ext4_get_inode_loc:4483: comm kworker/u4:8: Invalid inode table block 163208811354 in block_group 0
[  124.710749][   T12] EXT4-fs error (device loop1): __ext4_get_inode_loc:4483: comm kworker/u4:1: Invalid inode table block 163208811354 in block_group 0
[  124.737407][ T6398] loop4: detected capacity change from 0 to 1024
[  124.799515][ T6398] EXT4-fs: Mount option(s) incompatible with ext2
[  124.802757][ T5791] EXT4-fs (loop1): Inode 15 (ffff8880780e0a00): i_reserved_data_blocks (1) not cleared!
[  124.853265][ T5791] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  125.067287][ T6405] loop3: detected capacity change from 0 to 128
[  128.407748][ T6424] loop1: detected capacity change from 0 to 2048
[  128.512071][ T6424] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  128.679991][ T6436] EXT4-fs error (device loop1): __ext4_get_inode_loc:4483: comm syz.1.122: Invalid inode table block 163208811354 in block_group 0
[  128.730848][ T6436] EXT4-fs error (device loop1) in ext4_reserve_inode_write:5902: Corrupt filesystem
[  128.769230][ T6436] EXT4-fs error (device loop1): ext4_setattr:5584: inode #15: comm syz.1.122: mark_inode_dirty error
[  128.808112][ T6436] EXT4-fs error (device loop1) in ext4_setattr:5645: Corrupt filesystem
[  128.838942][ T6436] EXT4-fs error (device loop1): __ext4_get_inode_loc:4483: comm syz.1.122: Invalid inode table block 163208811354 in block_group 0
[  128.884065][ T6436] EXT4-fs error (device loop1): ext4_map_blocks:718: inode #15: block 1803188595: comm syz.1.122: lblock 0 mapped to illegal pblock 1803188595 (length 1)
[  128.959080][ T6436] EXT4-fs (loop1): Delayed block allocation failed for inode 15 at logical offset 0 with max blocks 1 with error 117
[  129.022647][ T6436] EXT4-fs (loop1): This should not happen!! Data will be lost
[  129.022647][ T6436] 
[  129.464358][ T6446] loop3: detected capacity change from 0 to 8
[  129.600056][ T5792] Bluetooth: hci3: command tx timeout
[  131.263029][   T12] EXT4-fs error (device loop1): __ext4_get_inode_loc:4483: comm kworker/u4:1: Invalid inode table block 163208811354 in block_group 0
[  131.302090][   T12] EXT4-fs error (device loop1): ext4_ind_map_blocks:604: inode #15: comm kworker/u4:1: Can't allocate blocks for non-extent mapped inodes with bigalloc
[  131.334003][ T6444] loop0: detected capacity change from 0 to 2048
[  131.401008][   T12] EXT4-fs (loop1): Delayed block allocation failed for inode 15 at logical offset 65537 with max blocks 1 with error 117
[  131.438061][   T12] EXT4-fs (loop1): This should not happen!! Data will be lost
[  131.438061][   T12] 
[  131.488140][   T12] EXT4-fs error (device loop1): __ext4_get_inode_loc:4483: comm kworker/u4:1: Invalid inode table block 163208811354 in block_group 0
[  131.516824][   T12] EXT4-fs error (device loop1): __ext4_get_inode_loc:4483: comm kworker/u4:1: Invalid inode table block 163208811354 in block_group 0
[  131.541093][ T6444] UDF-fs: error (device loop0): udf_read_tagged: tag checksum failed, block 99: 0x27 != 0x4d
[  131.552323][    T8] usb 5-1: new high-speed USB device number 2 using dummy_hcd
[  131.582245][ T6444] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000)
[  131.591979][ T5791] EXT4-fs (loop1): Inode 15 (ffff8880780e2800): i_reserved_data_blocks (1) not cleared!
[  131.593181][ T5791] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  131.755273][    T8] usb 5-1: New USB device found, idVendor=054c, idProduct=002e, bcdDevice= 5.00
[  131.778278][    T8] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  131.852266][ T6459] input: syz1 as /devices/virtual/input/input13
[  132.607547][ T6462] loop0: detected capacity change from 0 to 1024
[  132.630335][    T8] usb 5-1: config 0 descriptor??
[  132.751959][    T8] usb 5-1: can't set config #0, error -71
[  132.995218][    T8] usb 5-1: USB disconnect, device number 2
[  134.347262][ T1279] ieee802154 phy0 wpan0: encryption failed: -22
[  134.594305][ T1279] ieee802154 phy1 wpan1: encryption failed: -22
[  135.103477][ T6484] warning: `syz.1.133' uses wireless extensions which will stop working for Wi-Fi 7 hardware; use nl80211
[  135.156242][ T6489] loop4: detected capacity change from 0 to 1024
[  135.167854][ T6489] EXT4-fs: Mount option(s) incompatible with ext2
[  136.576740][ T6503] loop4: detected capacity change from 0 to 8
[  137.375205][ T6498] loop1: detected capacity change from 0 to 1024
[  137.570128][ T6498] EXT4-fs: Mount option(s) incompatible with ext2
[  138.319702][ T6515] input: syz1 as /devices/virtual/input/input14
[  141.027895][ T6536] loop3: detected capacity change from 0 to 1024
[  141.120221][ T6536] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  142.228751][ T5790] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  144.052385][ T6567] netlink: 'syz.0.144': attribute type 4 has an invalid length.
[  144.166777][ T6569] loop3: detected capacity change from 0 to 2048
[  144.303817][ T6569] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  144.389235][ T6569] ext4 filesystem being mounted at /52/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  144.494890][ T6569] fs-verity: sha512 using implementation "sha512-avx2"
[  144.548830][ T6579] loop0: detected capacity change from 0 to 1024
[  144.599381][ T6579] EXT4-fs: Mount option(s) incompatible with ext2
[  145.831136][ T5790] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  147.188199][ T6603] loop3: detected capacity change from 0 to 512
[  147.294585][ T6606] input: syz1 as /devices/virtual/input/input15
[  148.052544][ T6603] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  148.159368][ T6603] ext4 filesystem being mounted at /54/bus supports timestamps until 2038-01-19 (0x7fffffff)
[  148.678024][ T6603] EXT4-fs error (device loop3): ext4_lookup:1858: inode #12: comm syz.3.155: iget: bad i_size value: 2533274857506816
[  148.830055][ T5790] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  149.035977][ T6627] netlink: 48 bytes leftover after parsing attributes in process `syz.3.158'.
[  151.262106][ T6656] loop4: detected capacity change from 0 to 1024
[  151.332939][ T6656] EXT4-fs: Mount option(s) incompatible with ext2
[  151.355819][ T6663] futex_wake_op: syz.0.166 tries to shift op by 32; fix this program
[  151.421598][ T6665] input: syz1 as /devices/virtual/input/input16
[  152.478838][ T6673] cgroup: subsys name conflicts with all
[  153.905449][ T6681] loop0: detected capacity change from 0 to 512
[  154.003814][ T6681] EXT4-fs: Ignoring removed orlov option
[  154.005880][    T9] hid-generic 0002:0004:0009.0001: unknown main item tag 0x0
[  154.055858][    C1] Unknown status report in ack skb
[  154.058601][    T9] hid-generic 0002:0004:0009.0001: unknown main item tag 0x0
[  154.111101][    T9] hid-generic 0002:0004:0009.0001: unknown main item tag 0x0
[  154.118730][    T9] hid-generic 0002:0004:0009.0001: unknown main item tag 0x0
[  154.131024][ T6681] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled
[  154.169579][    T9] hid-generic 0002:0004:0009.0001: unknown main item tag 0x0
[  154.177424][    T9] hid-generic 0002:0004:0009.0001: unknown main item tag 0x0
[  154.217896][    T9] hid-generic 0002:0004:0009.0001: unknown main item tag 0x0
[  154.235470][    T9] hid-generic 0002:0004:0009.0001: unknown main item tag 0x0
[  154.264645][    T9] hid-generic 0002:0004:0009.0001: unknown main item tag 0x0
[  154.285058][    T9] hid-generic 0002:0004:0009.0001: unknown main item tag 0x0
[  154.288393][ T6681] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  154.319121][    T9] hid-generic 0002:0004:0009.0001: unknown main item tag 0x0
[  154.332682][    T9] hid-generic 0002:0004:0009.0001: unknown main item tag 0x0
[  154.348738][ T6681] ext4 filesystem being mounted at /39/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  154.364998][    T9] hid-generic 0002:0004:0009.0001: hidraw0: <UNKNOWN> HID v0.04 Device [syz0] on syz0
[  154.644592][ T6681] EXT4-fs error (device loop0): ext4_do_update_inode:5230: inode #2: comm syz.0.169: corrupted inode contents
[  154.743484][ T6681] EXT4-fs (loop0): Remounting filesystem read-only
[  154.887043][ T5787] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  154.904045][   T42] Quota error (device loop0): dquot_write_dquot: Can't write quota structure (error -5). Quota may get out of sync!
[  155.831147][ T6722] input: syz1 as /devices/virtual/input/input17
[  157.075953][ T6731] Bluetooth: hci0: unsupported parameter 5148
[  157.082950][ T6731] Bluetooth: hci0: unsupported parameter 65024
[  157.089930][ T6731] Bluetooth: hci0: unsupported parameter 5148
[  157.096570][ T6731] Bluetooth: hci0: unsupported parameter 65024
[  158.876727][ T6736] netlink: 180 bytes leftover after parsing attributes in process `syz.1.177'.
[  160.520233][ T6751] loop3: detected capacity change from 0 to 1024
[  160.559593][ T6751] EXT4-fs: Mount option(s) incompatible with ext2
[  161.942264][ T6755] loop4: detected capacity change from 0 to 2048
[  162.157160][ T6755] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  162.269901][ T6755] ext4 filesystem being mounted at /20/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  162.423323][ T6765] netlink: 68 bytes leftover after parsing attributes in process `syz.1.185'.
[  162.514346][ T5986] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  162.788131][ T6772] input: syz1 as /devices/virtual/input/input18
[  164.403461][ T6784] loop3: detected capacity change from 0 to 512
[  164.431795][ T6784] EXT4-fs: Ignoring removed mblk_io_submit option
[  164.481654][ T6769] Bluetooth: hci0: unsupported parameter 5148
[  164.511840][ T6784] EXT4-fs (loop3): feature flags set on rev 0 fs, running e2fsck is recommended
[  164.535504][ T6784] EXT4-fs (loop3): mounting ext2 file system using the ext4 subsystem
[  164.564048][ T6769] Bluetooth: hci0: unsupported parameter 65024
[  164.617783][ T6769] Bluetooth: hci0: unsupported parameter 5148
[  164.636274][ T6769] Bluetooth: hci0: unsupported parameter 65024
[  164.688827][ T6784] EXT4-fs (loop3): warning: checktime reached, running e2fsck is recommended
[  164.719929][ T6788] loop4: detected capacity change from 0 to 1024
[  164.763637][ T6784] [EXT4 FS bs=4096, gc=1, bpg=32768, ipg=32, mo=a043c01c, mo2=0102]
[  164.777037][ T6788] EXT4-fs: Ignoring removed orlov option
[  164.853610][ T6788] EXT4-fs: Ignoring removed nomblk_io_submit option
[  164.860803][ T6784] System zones: 0-2, 18-18, 34-34
[  164.935724][ T6784] EXT4-fs error (device loop3): ext4_orphan_get:1399: inode #15: comm syz.3.184: iget: bad i_size value: 360287970189639680
[  164.992907][ T6784] EXT4-fs error (device loop3): ext4_orphan_get:1404: comm syz.3.184: couldn't read orphan inode 15 (err -117)
[  165.008061][ T6788] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  165.052302][ T6784] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  165.080497][ T6784] EXT4-fs error (device loop3): ext4_lookup:1858: inode #15: comm syz.3.184: iget: bad i_size value: 360287970189639680
[  165.872143][ T5790] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  166.017834][ T6807] loop0: detected capacity change from 0 to 2048
[  166.034491][ T5986] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  166.745477][ T6815] loop3: detected capacity change from 0 to 1024
[  166.879468][ T6815] EXT4-fs: Mount option(s) incompatible with ext2
[  166.893411][ T6807] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  168.018803][ T6835] input: syz1 as /devices/virtual/input/input19
[  168.716378][ T6831] loop1: detected capacity change from 0 to 512
[  168.786938][ T5973] udevd[5973]: setting owner of /dev/input/js0 to uid=0, gid=104 failed: No such file or directory
[  169.039308][ T6831] EXT4-fs error (device loop1): ext4_orphan_get:1399: inode #15: comm syz.1.195: casefold flag without casefold feature
[  169.154615][ T5787] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  169.607743][    C1] ------------[ cut here ]------------
[  169.613322][    C1] WARNING: CPU: 1 PID: 6840 at net/mac80211/tx.c:5031 __ieee80211_beacon_get+0x1233/0x1600
[  169.623609][    C1] Modules linked in:
[  169.627552][    C1] CPU: 1 PID: 6840 Comm: syz.4.198 Not tainted syzkaller #0
[  169.635100][    C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  169.645293][    C1] RIP: 0010:__ieee80211_beacon_get+0x1233/0x1600
[  169.651881][    C1] Code: 24 4c 89 e7 e8 0e 88 d4 f7 45 31 f6 4c 8b bc 24 a0 00 00 00 e9 7a fe ff ff e8 19 65 97 f7 0f 0b e9 f6 f7 ff ff e8 0d 65 97 f7 <0f> 0b e9 48 fb ff ff e8 01 65 97 f7 48 c7 c7 a0 09 24 8e 4c 89 e6
[  169.672948][    C1] RSP: 0018:ffffc900001f0a18 EFLAGS: 00010246
[  169.679331][    C1] RAX: ffffffff89ee2a93 RBX: ffffffff89ee1896 RCX: ffff88807ab49e00
[  169.687828][    C1] RDX: 0000000000000100 RSI: 0000000000000000 RDI: 0000000000000000
[  169.696877][    C1] RBP: 0000000000000000 R08: ffff88807ab49e00 R09: 0000000000000003
[  169.705353][    C1] R10: 0000000000000007 R11: 0000000000000100 R12: ffff88805cd823c0
[  169.713489][    C1] R13: dffffc0000000000 R14: ffff88805cd828b0 R15: ffff88805e4e1424
[  169.721693][    C1] FS:  00007f1923b8f6c0(0000) GS:ffff8880b8f00000(0000) knlGS:0000000000000000
[  169.731041][    C1] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  169.737810][    C1] CR2: 00007f1922d72020 CR3: 000000002f61f000 CR4: 00000000003506e0
[  169.746288][    C1] Call Trace:
[  169.749722][    C1]  <IRQ>
[  169.752961][    C1]  ? __ieee80211_beacon_get+0x36/0x1600
[  169.759076][    C1]  ieee80211_beacon_get_tim+0xb8/0x560
[  169.764851][    C1]  ? ieee80211_beacon_get_template_ema_list+0x90/0x90
[  169.772170][    C1]  mac80211_hwsim_beacon_tx+0x3c7/0x780
[  169.777865][    C1]  __iterate_interfaces+0x243/0x500
[  169.783430][    C1]  ? mac80211_hwsim_vendor_cmd_test+0x2b0/0x2b0
[  169.790290][    C1]  ? ieee80211_iterate_active_interfaces_atomic+0x2a/0x180
[  169.797707][    C1]  ? mac80211_hwsim_vendor_cmd_test+0x2b0/0x2b0
[  169.804090][    C1]  ieee80211_iterate_active_interfaces_atomic+0xdb/0x180
[  169.811702][    C1]  mac80211_hwsim_beacon+0xbb/0x1b0
[  169.817051][    C1]  __hrtimer_run_queues+0x51e/0xc40
[  169.822428][    C1]  ? hw_scan_work+0xf40/0xf40
[  169.827328][    C1]  ? hrtimer_interrupt+0x9c0/0x9c0
[  169.832943][    C1]  ? ktime_get_update_offsets_now+0x3d2/0x3f0
[  169.839618][    C1]  hrtimer_run_softirq+0x187/0x2b0
[  169.844770][    C1]  handle_softirqs+0x280/0x820
[  169.849902][    C1]  ? __irq_exit_rcu+0xc7/0x190
[  169.854780][    C1]  ? do_softirq+0x180/0x180
[  169.859608][    C1]  ? irqtime_account_irq+0xb6/0x1c0
[  169.865119][    C1]  __irq_exit_rcu+0xc7/0x190
[  169.870247][    C1]  ? irq_exit_rcu+0x20/0x20
[  169.874876][    C1]  irq_exit_rcu+0x9/0x20
[  169.879337][    C1]  sysvec_apic_timer_interrupt+0xa4/0xc0
[  169.885093][    C1]  </IRQ>
[  169.888046][    C1]  <TASK>
[  169.891118][    C1]  asm_sysvec_apic_timer_interrupt+0x1a/0x20
[  169.897200][    C1] RIP: 0010:finish_task_switch+0x26a/0x920
[  169.903227][    C1] Code: 0f 84 37 01 00 00 48 85 db 0f 85 56 01 00 00 e9 f6 04 00 00 4c 8b 75 d0 4c 89 e7 e8 20 54 1b 09 e8 ab a6 2f 00 fb 4c 8b 65 c0 <49> 8d bc 24 f8 15 00 00 48 89 f8 48 c1 e8 03 42 0f b6 04 28 84 c0
[  169.924426][    C1] RSP: 0018:ffffc900055575d8 EFLAGS: 00000286
[  169.931060][    C1] RAX: 447648fb718b0000 RBX: 0000000000000000 RCX: 447648fb718b0000
[  169.939655][    C1] RDX: dffffc0000000000 RSI: ffffffff8aaaba20 RDI: ffffffff8afc7040
[  169.948026][    C1] RBP: ffffc90005557630 R08: ffffffff8e4a8f2f R09: 1ffffffff1c951e5
[  169.956649][    C1] R10: dffffc0000000000 R11: fffffbfff1c951e6 R12: ffff88807ab49e00
[  169.966287][    C1] R13: dffffc0000000000 R14: ffff88801b273c00 R15: ffff8880b8f3cf08
[  169.975016][    C1]  ? finish_task_switch+0x265/0x920
[  169.980715][    C1]  __schedule+0x14da/0x44d0
[  169.985354][    C1]  ? asan.module_dtor+0x20/0x20
[  169.990924][    C1]  schedule+0xbd/0x170
[  169.995079][    C1]  schedule_timeout+0x9b/0x280
[  170.000200][    C1]  ? console_conditional_schedule+0x40/0x40
[  170.006200][    C1]  ? lockdep_hardirqs_on_prepare+0x400/0x760
[  170.012529][    C1]  ? lock_chain_count+0x20/0x20
[  170.017484][    C1]  ? _raw_spin_lock_irq+0xaf/0xe0
[  170.022563][    C1]  ? _raw_spin_lock_irqsave+0xf0/0xf0
[  170.028140][    C1]  ? wait_for_completion+0x26c/0x590
[  170.033571][    C1]  ? _raw_spin_unlock_irq+0x23/0x50
[  170.038792][    C1]  ? lockdep_hardirqs_on+0x98/0x150
[  170.044060][    C1]  ? wait_for_completion+0x26c/0x590
[  170.049470][    C1]  wait_for_completion+0x2bd/0x590
[  170.054647][    C1]  ? io_schedule+0xd0/0xd0
[  170.059317][    C1]  ? smp_call_function_single_async+0xa6/0x100
[  170.065852][    C1]  rdmsr_safe_on_cpu+0x151/0x220
[  170.071155][    C1]  ? wrmsr_on_cpus+0x30/0x30
[  170.075774][    C1]  ? rdmsr_safe_on_cpu+0x220/0x220
[  170.081245][    C1]  ? __might_fault+0xaa/0x120
[  170.086231][    C1]  ? __might_fault+0xc6/0x120
[  170.091081][    C1]  ? __might_fault+0xaa/0x120
[  170.095967][    C1]  msr_read+0x151/0x250
[  170.100193][    C1]  ? fsnotify_set_children_dentry_flags+0x220/0x220
[  170.107259][    C1]  ? msr_device_destroy+0x30/0x30
[  170.112441][    C1]  ? fsnotify_perm+0x3ed/0x5e0
[  170.117442][    C1]  ? msr_device_destroy+0x30/0x30
[  170.122872][    C1]  vfs_read+0x27e/0x920
[  170.127508][    C1]  ? kernel_read+0x1e0/0x1e0
[  170.132352][    C1]  ? __fget_files+0x28/0x4d0
[  170.137060][    C1]  ? __fget_files+0x44a/0x4d0
[  170.142085][    C1]  ? __fdget_pos+0x1d8/0x330
[  170.146690][    C1]  ? ksys_read+0x75/0x250
[  170.151247][    C1]  ksys_read+0x147/0x250
[  170.155992][    C1]  ? vfs_write+0x940/0x940
[  170.161010][    C1]  ? lockdep_hardirqs_on+0x98/0x150
[  170.167561][    C1]  do_syscall_64+0x55/0xb0
[  170.172696][    C1]  ? clear_bhb_loop+0x40/0x90
[  170.179094][    C1]  ? clear_bhb_loop+0x40/0x90
[  170.184111][    C1]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[  170.191617][    C1] RIP: 0033:0x7f1922d8ebe9
[  170.196486][    C1] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  170.217377][    C1] RSP: 002b:00007f1923b8f038 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[  170.226292][    C1] RAX: ffffffffffffffda RBX: 00007f1922fc5fa0 RCX: 00007f1922d8ebe9
[  170.234833][    C1] RDX: 0000000000018ff8 RSI: 0000200000019680 RDI: 0000000000000003
[  170.243315][    C1] RBP: 00007f1922e11e19 R08: 0000000000000000 R09: 0000000000000000
[  170.251802][    C1] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  170.260914][    C1] R13: 00007f1922fc6038 R14: 00007f1922fc5fa0 R15: 00007ffc53708928
[  170.270301][    C1]  </TASK>
[  170.273425][    C1] Kernel panic - not syncing: kernel: panic_on_warn set ...
[  170.281705][    C1] CPU: 1 PID: 6840 Comm: syz.4.198 Not tainted syzkaller #0
[  170.289712][    C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  170.300480][    C1] Call Trace:
[  170.303864][    C1]  <IRQ>
[  170.306773][    C1]  dump_stack_lvl+0x16c/0x230
[  170.312103][    C1]  ? show_regs_print_info+0x20/0x20
[  170.317685][    C1]  ? load_image+0x3b0/0x3b0
[  170.322243][    C1]  panic+0x2c0/0x710
[  170.326428][    C1]  ? bpf_jit_dump+0xd0/0xd0
[  170.331135][    C1]  __warn+0x2e0/0x470
[  170.336503][    C1]  ? __ieee80211_beacon_get+0x1233/0x1600
[  170.342938][    C1]  ? __ieee80211_beacon_get+0x1233/0x1600
[  170.349229][    C1]  report_bug+0x2be/0x4f0
[  170.353921][    C1]  ? __ieee80211_beacon_get+0x1233/0x1600
[  170.359837][    C1]  ? __ieee80211_beacon_get+0x1233/0x1600
[  170.372985][    C1]  ? __ieee80211_beacon_get+0x1235/0x1600
[  170.379000][    C1]  handle_bug+0xcf/0x120
[  170.383275][    C1]  exc_invalid_op+0x1a/0x50
[  170.388176][    C1]  asm_exc_invalid_op+0x1a/0x20
[  170.393303][    C1] RIP: 0010:__ieee80211_beacon_get+0x1233/0x1600
[  170.400196][    C1] Code: 24 4c 89 e7 e8 0e 88 d4 f7 45 31 f6 4c 8b bc 24 a0 00 00 00 e9 7a fe ff ff e8 19 65 97 f7 0f 0b e9 f6 f7 ff ff e8 0d 65 97 f7 <0f> 0b e9 48 fb ff ff e8 01 65 97 f7 48 c7 c7 a0 09 24 8e 4c 89 e6
[  170.420503][    C1] RSP: 0018:ffffc900001f0a18 EFLAGS: 00010246
[  170.426802][    C1] RAX: ffffffff89ee2a93 RBX: ffffffff89ee1896 RCX: ffff88807ab49e00
[  170.435264][    C1] RDX: 0000000000000100 RSI: 0000000000000000 RDI: 0000000000000000
[  170.444018][    C1] RBP: 0000000000000000 R08: ffff88807ab49e00 R09: 0000000000000003
[  170.452364][    C1] R10: 0000000000000007 R11: 0000000000000100 R12: ffff88805cd823c0
[  170.460611][    C1] R13: dffffc0000000000 R14: ffff88805cd828b0 R15: ffff88805e4e1424
[  170.468802][    C1]  ? __ieee80211_beacon_get+0x36/0x1600
[  170.474824][    C1]  ? __ieee80211_beacon_get+0x1233/0x1600
[  170.481030][    C1]  ? __ieee80211_beacon_get+0x1233/0x1600
[  170.486960][    C1]  ? __ieee80211_beacon_get+0x36/0x1600
[  170.492616][    C1]  ieee80211_beacon_get_tim+0xb8/0x560
[  170.498359][    C1]  ? ieee80211_beacon_get_template_ema_list+0x90/0x90
[  170.505511][    C1]  mac80211_hwsim_beacon_tx+0x3c7/0x780
[  170.511076][    C1]  __iterate_interfaces+0x243/0x500
[  170.516300][    C1]  ? mac80211_hwsim_vendor_cmd_test+0x2b0/0x2b0
[  170.522712][    C1]  ? ieee80211_iterate_active_interfaces_atomic+0x2a/0x180
[  170.530102][    C1]  ? mac80211_hwsim_vendor_cmd_test+0x2b0/0x2b0
[  170.536498][    C1]  ieee80211_iterate_active_interfaces_atomic+0xdb/0x180
[  170.543623][    C1]  mac80211_hwsim_beacon+0xbb/0x1b0
[  170.549182][    C1]  __hrtimer_run_queues+0x51e/0xc40
[  170.555103][    C1]  ? hw_scan_work+0xf40/0xf40
[  170.559886][    C1]  ? hrtimer_interrupt+0x9c0/0x9c0
[  170.565203][    C1]  ? ktime_get_update_offsets_now+0x3d2/0x3f0
[  170.571353][    C1]  hrtimer_run_softirq+0x187/0x2b0
[  170.576472][    C1]  handle_softirqs+0x280/0x820
[  170.581272][    C1]  ? __irq_exit_rcu+0xc7/0x190
[  170.586157][    C1]  ? do_softirq+0x180/0x180
[  170.591117][    C1]  ? irqtime_account_irq+0xb6/0x1c0
[  170.596648][    C1]  __irq_exit_rcu+0xc7/0x190
[  170.601403][    C1]  ? irq_exit_rcu+0x20/0x20
[  170.606365][    C1]  irq_exit_rcu+0x9/0x20
[  170.610889][    C1]  sysvec_apic_timer_interrupt+0xa4/0xc0
[  170.616735][    C1]  </IRQ>
[  170.619704][    C1]  <TASK>
[  170.623184][    C1]  asm_sysvec_apic_timer_interrupt+0x1a/0x20
[  170.629325][    C1] RIP: 0010:finish_task_switch+0x26a/0x920
[  170.635411][    C1] Code: 0f 84 37 01 00 00 48 85 db 0f 85 56 01 00 00 e9 f6 04 00 00 4c 8b 75 d0 4c 89 e7 e8 20 54 1b 09 e8 ab a6 2f 00 fb 4c 8b 65 c0 <49> 8d bc 24 f8 15 00 00 48 89 f8 48 c1 e8 03 42 0f b6 04 28 84 c0
[  170.655564][    C1] RSP: 0018:ffffc900055575d8 EFLAGS: 00000286
[  170.661788][    C1] RAX: 447648fb718b0000 RBX: 0000000000000000 RCX: 447648fb718b0000
[  170.669954][    C1] RDX: dffffc0000000000 RSI: ffffffff8aaaba20 RDI: ffffffff8afc7040
[  170.678220][    C1] RBP: ffffc90005557630 R08: ffffffff8e4a8f2f R09: 1ffffffff1c951e5
[  170.686219][    C1] R10: dffffc0000000000 R11: fffffbfff1c951e6 R12: ffff88807ab49e00
[  170.694331][    C1] R13: dffffc0000000000 R14: ffff88801b273c00 R15: ffff8880b8f3cf08
[  170.702516][    C1]  ? finish_task_switch+0x265/0x920
[  170.707993][    C1]  __schedule+0x14da/0x44d0
[  170.712621][    C1]  ? asan.module_dtor+0x20/0x20
[  170.717720][    C1]  schedule+0xbd/0x170
[  170.721970][    C1]  schedule_timeout+0x9b/0x280
[  170.726886][    C1]  ? console_conditional_schedule+0x40/0x40
[  170.732919][    C1]  ? lockdep_hardirqs_on_prepare+0x400/0x760
[  170.739097][    C1]  ? lock_chain_count+0x20/0x20
[  170.744030][    C1]  ? _raw_spin_lock_irq+0xaf/0xe0
[  170.749263][    C1]  ? _raw_spin_lock_irqsave+0xf0/0xf0
[  170.754731][    C1]  ? wait_for_completion+0x26c/0x590
[  170.760390][    C1]  ? _raw_spin_unlock_irq+0x23/0x50
[  170.766123][    C1]  ? lockdep_hardirqs_on+0x98/0x150
[  170.771431][    C1]  ? wait_for_completion+0x26c/0x590
[  170.776902][    C1]  wait_for_completion+0x2bd/0x590
[  170.782036][    C1]  ? io_schedule+0xd0/0xd0
[  170.786547][    C1]  ? smp_call_function_single_async+0xa6/0x100
[  170.792805][    C1]  rdmsr_safe_on_cpu+0x151/0x220
[  170.797950][    C1]  ? wrmsr_on_cpus+0x30/0x30
[  170.802646][    C1]  ? rdmsr_safe_on_cpu+0x220/0x220
[  170.807869][    C1]  ? __might_fault+0xaa/0x120
[  170.812553][    C1]  ? __might_fault+0xc6/0x120
[  170.817610][    C1]  ? __might_fault+0xaa/0x120
[  170.822607][    C1]  msr_read+0x151/0x250
[  170.826970][    C1]  ? fsnotify_set_children_dentry_flags+0x220/0x220
[  170.833712][    C1]  ? msr_device_destroy+0x30/0x30
[  170.839497][    C1]  ? fsnotify_perm+0x3ed/0x5e0
[  170.844738][    C1]  ? msr_device_destroy+0x30/0x30
[  170.850134][    C1]  vfs_read+0x27e/0x920
[  170.854305][    C1]  ? kernel_read+0x1e0/0x1e0
[  170.859251][    C1]  ? __fget_files+0x28/0x4d0
[  170.864421][    C1]  ? __fget_files+0x44a/0x4d0
[  170.869470][    C1]  ? __fdget_pos+0x1d8/0x330
[  170.874184][    C1]  ? ksys_read+0x75/0x250
[  170.879257][    C1]  ksys_read+0x147/0x250
[  170.883828][    C1]  ? vfs_write+0x940/0x940
[  170.888654][    C1]  ? lockdep_hardirqs_on+0x98/0x150
[  170.894086][    C1]  do_syscall_64+0x55/0xb0
[  170.898848][    C1]  ? clear_bhb_loop+0x40/0x90
[  170.903721][    C1]  ? clear_bhb_loop+0x40/0x90
[  170.908509][    C1]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[  170.915571][    C1] RIP: 0033:0x7f1922d8ebe9
[  170.920636][    C1] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  170.941832][    C1] RSP: 002b:00007f1923b8f038 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[  170.950619][    C1] RAX: ffffffffffffffda RBX: 00007f1922fc5fa0 RCX: 00007f1922d8ebe9
[  170.959163][    C1] RDX: 0000000000018ff8 RSI: 0000200000019680 RDI: 0000000000000003
[  170.967754][    C1] RBP: 00007f1922e11e19 R08: 0000000000000000 R09: 0000000000000000
[  170.976498][    C1] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  170.985523][    C1] R13: 00007f1922fc6038 R14: 00007f1922fc5fa0 R15: 00007ffc53708928
[  170.994302][    C1]  </TASK>
[  170.997990][    C1] Kernel Offset: disabled
[  171.002952][    C1] Rebooting in 86400 seconds..