last executing test programs:

6m23.630713161s ago: executing program 2 (id=63):
r0 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f00000015c0), 0x2, 0x0)
ioctl$VHOST_SET_VRING_BASE(r0, 0xaf01, 0x0)
r1 = eventfd(0xffffffff)
ioctl$VHOST_SET_LOG_FD(r0, 0x4004af07, &(0x7f0000000240)=r1)
ioctl$VHOST_SET_VRING_KICK(r0, 0x4008af20, &(0x7f0000000040)={0x1, r1})
ioctl$VHOST_SET_VRING_ADDR(r0, 0x4028af11, &(0x7f0000000140)={0x0, 0x0, 0x0, &(0x7f0000000580)=""/67, 0x0})
ioctl$VHOST_SET_VRING_ADDR(r0, 0x4028af11, &(0x7f0000000280)={0x1, 0x1, &(0x7f0000000380)=""/242, &(0x7f00000000c0)=""/87, &(0x7f0000000480)=""/60, 0xeeee0000})
ioctl$VHOST_SET_MEM_TABLE(r0, 0x4008af03, &(0x7f0000000680))
ioctl$VHOST_VSOCK_SET_RUNNING(r0, 0x4004af61, &(0x7f0000000000)=0x11)

6m21.347422549s ago: executing program 2 (id=66):
mmap$IORING_OFF_SQ_RING(&(0x7f0000400000/0xc00000)=nil, 0xc00000, 0x9, 0x15031, 0xffffffffffffffff, 0x0)
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x400, 0x0)
syz_usb_connect(0x0, 0x0, 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r2, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000380)={0x24, 0x40, 0x107, 0x70bd2b, 0x0, {0x2, 0x7c}, [@nested={0x4, 0x1c2}, @nested={0xc, 0x70, 0x0, 0x1, [@typed={0x6, 0x6, 0x0, 0x0, @str='\x84;'}]}]}, 0x24}, 0x1, 0x0, 0x0, 0xc048051}, 0xc000)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
r3 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000200)={0x0, 0x1, 0xf000, 0x2000, &(0x7f0000f9a000/0x2000)=nil})
writev(0xffffffffffffffff, &(0x7f0000000440)=[{&(0x7f0000000100)="d0039e16e5d0207ad4d192c128c552dc5cab6d682c37cec2cbea7b9fa8fd1c6d1bff8f367332dd23080c9b4ff0cf018a62fd", 0x32}], 0x1)
r4 = dup(r3)
syz_io_uring_setup(0x10d, &(0x7f0000000140)={0x0, 0x0, 0x0, 0x80000}, &(0x7f0000000340), 0x0)
r5 = syz_open_dev$dri(&(0x7f0000000080), 0x1, 0x0)
ioctl$DRM_IOCTL_SET_CLIENT_CAP(r5, 0x4010640d, &(0x7f0000000000)={0x3, 0x2})
syz_usb_connect(0x5, 0x36, &(0x7f00000001c0)=ANY=[@ANYBLOB="12010000dae11c105e0484028fa401020301090224"], 0x0)
r6 = openat$vnet(0xffffffffffffff9c, &(0x7f0000000780), 0x2, 0x0)
write$vhost_msg_v2(r6, 0x0, 0x0)
write$vhost_msg_v2(r6, &(0x7f0000000180)={0x2, 0x0, {0x0, 0x0, 0x0, 0x2, 0x3}}, 0x48)
ioctl$DRM_IOCTL_MODE_GETPLANERESOURCES(r5, 0xc01064b5, &(0x7f0000000140)={&(0x7f0000000100)=[<r7=>0x0], 0x1})
ioctl$DRM_IOCTL_MODE_GETPLANE(r5, 0xc02064b6, &(0x7f00000001c0)={r7, <r8=>0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
ioctl$DRM_IOCTL_MODE_OBJ_GETPROPERTIES(r5, 0xc02064b9, &(0x7f00000002c0)={&(0x7f0000000240)=[<r9=>0x0, 0x0, <r10=>0x0], &(0x7f0000000040), 0x3, r8})
ioctl$DRM_IOCTL_MODE_ATOMIC(r5, 0xc03864bc, &(0x7f0000000580)={0x401, 0x1, &(0x7f0000000180)=[r8], &(0x7f00000000c0)=[0x3], &(0x7f0000000640)=[r10, r9, r9], &(0x7f0000000340), 0x0, 0xffffffffffffffff})
r11 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='cgroup.kill\x00', 0x275a, 0x0)
fcntl$lock(r11, 0x6, &(0x7f0000000000)={0x0, 0x0, 0x8})
fcntl$lock(r11, 0x7, &(0x7f0000002200)={0x2, 0x1, 0xe, 0x3})
ioctl$KVM_SET_VCPU_EVENTS(r3, 0x4400ae8f, &(0x7f0000000040)=@arm64={0x6, 0x4, 0x9, '\x00', 0x1})
r12 = socket$inet6_tcp(0xa, 0x1, 0x0)
bind$inet6(r12, &(0x7f0000000200)={0xa, 0x4e21, 0x100, @ipv4={'\x00', '\xff\xff', @loopback}, 0xffff}, 0x1c)
ioctl$KVM_SET_VAPIC_ADDR(r4, 0x4008ae93, &(0x7f00000000c0)=0xffff)

6m19.318476625s ago: executing program 1 (id=73):
r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
r1 = ioctl$LOOP_CTL_GET_FREE(r0, 0x4c82)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r2 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r4, &(0x7f0000000000), 0x400000000000041, 0x0)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
chmod(0x0, 0x104)
ioctl$LOOP_CTL_REMOVE(r0, 0x4c81, r1)

6m18.158316304s ago: executing program 1 (id=74):
r0 = socket(0x40000000015, 0x5, 0x0)
connect$inet(r0, &(0x7f0000000040)={0x2, 0x4e28, @initdev={0xac, 0x1e, 0x0, 0x0}}, 0x10)

6m18.03419302s ago: executing program 1 (id=77):
openat$kvm(0xffffffffffffff9c, &(0x7f0000000200), 0x8000, 0x0)
r0 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000280), 0x2, 0x0)
ioctl$KVM_SET_IRQCHIP(0xffffffffffffffff, 0x8208ae63, 0x0)
write$RDMA_USER_CM_CMD_CREATE_ID(r0, &(0x7f00000000c0)={0x0, 0x18, 0xfa00, {0x3, &(0x7f0000000080)={<r1=>0xffffffffffffffff}, 0x111, 0x6}}, 0x20)
write$RDMA_USER_CM_CMD_RESOLVE_IP(r0, &(0x7f0000000380)={0x3, 0x40, 0xfa00, {{0xa, 0x4e20, 0xb, @empty, 0x1}, {0xa, 0x4e22, 0x2, @remote, 0x80000000}, r1, 0xfffffe4d}}, 0x48)
write$RDMA_USER_CM_CMD_CREATE_ID(0xffffffffffffffff, 0x0, 0x0)
prctl$PR_SET_VMA(0x23, 0x0, &(0x7f0000ffa000/0x3000)=nil, 0x3000, 0x0)
write(0xffffffffffffffff, 0x0, 0x0)
write$RDMA_USER_CM_CMD_RESOLVE_IP(0xffffffffffffffff, &(0x7f0000000180)={0x3, 0x40, 0xfa00, {{0xa, 0x4e23, 0xe, @empty, 0x2}, {0xa, 0x4e23, 0x7, @remote, 0x3}, 0xffffffffffffffff, 0x7}}, 0x48)
syz_emit_ethernet(0x2a, 0x0, 0x0)
ioctl$KVM_SET_VCPU_EVENTS(0xffffffffffffffff, 0x4040aea0, 0x0)
socket(0x10, 0x3, 0x0)
ioctl$VIDIOC_S_OUTPUT(0xffffffffffffffff, 0xc004562f, 0x0)
r2 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r2, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000100)=@newlink={0x34, 0x10, 0x1, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x10104}, [@IFLA_IFNAME={0x14, 0x3, 'ip6_vti0\x00'}]}, 0x34}}, 0x0)

6m17.280562062s ago: executing program 2 (id=78):
syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f0000000200)='./file1\x00', 0x2208810, &(0x7f0000000080), 0xfe, 0x572, &(0x7f0000001700)="$eJzs3V9rm9UfAPDvk6bdn26/dTDGTy+ksAsnc+na+meCF/NSdDjQ+xnarIymy2jSsdaB24W78UaGIOJAfAHeezl8A76KgQ6GjqIX3lSe9EmXNUmbtpnpzOcDac95npOcc/I85+R78iQkgIE1nv7JRbwUEV8lEcea9uUj2zm+Xm71ya2Z9JbE2trHvyeRZNsa5ZPs/2iW+X9E/PxFxJlca73V5ZX5YrlcWszyE7WF6xPV5ZWzVxeKc6W50rWp6enzb05PvfP2Wz3r62uX/vr2owfvn//y1Oo3Pz46fi+JC3Ek29fcjz243ZwZj/HsORmOC5sKTvagsv0k6XcD2JWhbJwPRzoHHIuhbNQD/32fR8QaMKAS4x8GVCMOaKzte7QOfmE8fm99AdTa//z6eyNxsL42OryaPLMySte7Yz2oP63jp9/u30tv0bv3IQC2dftORJzL51vnvySb/3bvXBdlNtexw/lvbYdNApo8SOOf19vFP5WsxMH6383xz2ibsbsb24//3KMeVNNRGv+92zb+3bhoNTaU5Y7WY77h5MrVcimd2/4XEadj+ECa3+p6zvnVhx3nqafx30g9Bkzrb8SCWTse5Q88e5/ZYq24lz43e3wn4uW28W+yEf8mbY5/+nxc6rKOk6X7r3Ta1xz/tu//87X2Q8Sr2fG//cya6OkVrWTr65MT9fNhonFWtPrz7slfOtXfuf9Hn0NvW6XH/3Db83+j/2NJ8/Xa6s7r+P7g36VO+7Y//u3P/5Hkk3p6JNt2s1irLU5GjCQftm6fenrfRr5RPu3/6VPtx/9W5/+hiPi0y/7fPXG3Y9F+n/9p/2d3dPx3nnj4wWffdaq/u+P/Rj11OtvSzfzXbQP38twBAAAAAADAfpOLiCOR5Aob6VyuUFj/fMeJOJwrV6q1M1cqS9dmo/5d2bEYzjWudI82fR5iMvs8bCM/tSk/HRHHI+LroUP1fGGmUp7td+cBAAAAAAAAAAAAAAAAAABgnxjt8P3/1K9D/W4d8Nz5yW8YXNuO/1780hOwL3n9h8Fl/MPgMv5hcBn/MLjySb9bAPSL138YXMY/DC7jHwAAAAAAAAAAAAAAAAAAAAAAAAAAAHrq0sWL6W1t9cmtmTQ/e2N5ab5y4+xsqTpfWFiaKcxUFq8X5ho/ELKw5YMlf0S5Urk+ORVLNydqpWptorq8cnmhsnStdvnqQnGudLk0/G90CgAAAAAAAAAAAAAAAAAAAF4w1eWV+WK5XFqUkNhVIr8/miGxnmgM7D0/YH/nJQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABo9k8AAAD//24dNcY=")
r0 = openat$dir(0xffffffffffffff9c, 0x0, 0x0, 0x0)
ioctl$EXT4_IOC_MOVE_EXT(r0, 0x8004587d, &(0x7f0000000080)={0x0, 0xffffffffffffffff, 0x8000200000000000, 0x0, 0x85c, 0x5})
syz_mount_image$fuse(0x0, &(0x7f00000000c0)='./bus\x00', 0x3000009, 0x0, 0x1, 0x0, 0x0)

6m17.08399504s ago: executing program 1 (id=79):
syz_mount_image$msdos(&(0x7f00000001c0), &(0x7f0000000040)='./file0\x00', 0xcc04, &(0x7f0000000880)=ANY=[@ANYBLOB='dots,gid=', @ANYRESHEX=0xee01, @ANYBLOB="2c6e6f646f74732c646f74732c74696d655f6f66667365743d3078303030303030303030303030303264382c646f74732c646f74732c6e6f646f74732c6e6f646f74732c646f74732c646f74732c6e6f646f74732c6e6f646f74732c636865636b3d72656c617865642c666c7573682c64656275672c646f74732c73686f77657865632c6e6f646f74732c6572726f72733d636f6e74696e75652c646f74732c71756965742c003fa5bfd3e968f92d300444698c6f8d94d8b46ce3ce652bc8f6"], 0x1, 0x207, &(0x7f0000000500)="$eJzs3b9uUmEUAPBDS/ljHLqZmJhc46BToz5BjamJkcSkhkG3JnYqEyzA0j6Gr+B7+QCmE4v5DF5uQUoRiRe0/n5LTznfufc73HBh4ZAi9+Xep2g0KrFzGIcxqsR+7EThIgCA22SUUnxNud+vrpaxJQCgZCu8/3/b8JYAgJK9e//hzYtW6+g4yxoRlxf9dr+d/83zr163jp5mP+xPqy77/fbuVf5ZNv/ZYZzfizuT/PO8PrtK1yKiXYsnj/L8OPfybSv7ub4eH0vuHQAAAAAAAAAAAAAAAAAAAAAAtuVBZIWF830ODubzzUk+/29mPtDc/J5q3C/GA0/HA6XzTTQFAAAAAAAAAAAAAAAAAAAA/5jeYHh20umcdqdBPSJmH6kuWHNzUJkceKXF2w92Yr3y5qTNNU5amTxF5TbYXHxxVwmi+rdcnXWD7E8dsF5c5uupZlSWlKc0Dha/CoqxGDeW1yJi+cYeH6/b1yil1Pn8sNsbRFq6eHqPqG/sbgQAAAAAAAAAAAAAAAAAAP+3mW99X9PY3caOAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGDzeoNh8Sv/w7OTTue02xusHJxHxN345eLiXHvR2F6jAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA3GrfAwAA//8nTRyq")
creat(&(0x7f0000000300)='./bus\x00', 0x1a0)
mount(&(0x7f0000000380)=@loop={'/dev/loop', 0x0}, &(0x7f0000000140)='./bus\x00', 0x0, 0x301400, 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f00000005c0)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x0)
r0 = open(&(0x7f0000000000)='./bus\x00', 0x14113e, 0x0)
write$binfmt_script(r0, &(0x7f0000000080), 0x208e24b)
rename(&(0x7f0000000580)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', &(0x7f0000000200)='./file0\x00')

6m16.821665352s ago: executing program 2 (id=82):
syz_mount_image$vfat(&(0x7f0000000180), &(0x7f0000000040)='./file0\x00', 0x300001a, &(0x7f00000001c0)=ANY=[@ANYBLOB="7379735f696d6d757461626c652c666d61736b3d30313737373737373737373737373737373737373737332c73686f72746e616d653d6c6f7765722c636865636b3d7374726963742c2c756e695f786c6174653d302c726f6469722c726f6469722c73686f72746e616d653d6c6f7765722c73686f72746e616d653d6c6f7765722c6e6f6e756d7461696c3d302c756e695f786c6174653d312c756e695f786c6174653d312c6572726f72733d636f6e74696e75652c74696d655f6f66667365743d3078303030303030303030303030303465302c757466383d302c0077b5b28056fc4549d277ed7fab6b0be29df17f888ccab55cccc917ad315c8ea56f5a89c104f92d058b92f5881e69e06002f5914c03fef3eb09121733eaf5ded73df976fbd4cfcb8b70b0bf44da1b46bc3935431d5e60a641f9e4ebbf71c77fc9a810ce726b8c6d6295a5f2e2b069b95ba8ecce52ded99b82923228c37d5e1ec11cdbcabb8a89cbf2cf2771d69e3cf0e6760094145e542e426bceaab9b2cf261046247bce0565db3ac5888b74efd48bc9f455e60f49496ca8137aba85fe39756814fda1f0624b33a2025792a477ccfff09befb1d0cf1599d27262800fb9786e1fbfb3d637c2561421488c9de8d3739a94bf13ac582f6b67de0cad933631794271b2259fe5d73a74ad7da615c31505c7c0c168052d38e5b64c4bb7d0599e5dcf0000000000000000000000000000002790cf17418aa278cfc0c9d1c81c63e58b877706a4b7eed8a5aff253298db2939adc0efdab4745ab0e09ef8beaaf04e5374c2e7e4672e47fe5a25502919954242f8d779d84091f20646210edf871d3cf4b816323b8abb30738b90500007dcc71e35f364baa1b93fd5ee36c02aa4628511442992ced893ab946472440b53fc08cc41403e167b1f2605e04d5f0c16ed49969b59d650d88642b10c7893fe9b664421a40f4822ffcc284dfe9aea76e4a04293c970f2dae776decf07bac4b299771f1ea09b0f86c7fcd8df00a87f4dbbf8e623667e3b65e4c487055a2e5cd64402a4de537bf113fc7370099e4faebe6ea9d4f155f8f5f4c5f9b205ce1bbc8c0002a19457e05a210d9e9820bc7f318ebfdfcc22f83150503b200000000", @ANYRESOCT=0x0], 0xc, 0x2a5, &(0x7f00000007c0)="$eJzs3U9rM0UcB/Df5l+jggniRRFc0IOn8tSrl0Z5BLEnJYJ60ODzFCQJhRYCVjD21Ffg0ffhS/DixXcgeBW8tYfKymZ3TULTWmNMoX4+p2FmvjPTnZBCIL98/sp4+OQoibOLX6LdTqK2H/txmUQ3alH5NhoBADwcl1kWv2frJBu1zZ8GANiG4v9/4b7PAgBsx4cff/J+7+Dg8Qdp2o6XOueTfhIR4/NJP+af+o/iaTyKTlxFZH8p2u++d/A4GmmuG6+Pp5N+nhx/9lMZ7f1W5veiE93V+b20sJCfTvrNeDbS6B02q1N04sXV+TdX5KPfijdei+gdxpez/XejEz9/EUcxiieRZ+f5b/bS9J3su4uvP823yfNJLfo7s3lzWX17twIAAAAAAAAAAAAAAAAAAAAAwEO3m6ZJUb5nVr8n7yrr79SvZuO7aaW7XJ+nyCfVQkV9oCzKEj3TLL6v6us8StM0KyfO8414ueGHBQAAAAAAAAAAAAAAAAAAACB38tXpcDAaPT1er9Fc7qmqAVRf61935f2FnlfjdDio37zgzt33Wqw2kJ/11snRaMS6j+UfNp7Jz7PxlXfml/tRFI3qYja61wtvF4ueDgdpOVQ95OEg+bu92tXF/bA41Ip/e7Bs9pK4ypbvtP386ldLa0NPo/XcyqE/siy72zpv/VrcUdmTzEps3G33ZtlYiC/PaV+/ix9vXvDGt4z6Jt53AAAAAAAAAAAAAAAAAACA6+Zf+l0xeHZrtPafHQoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAtmz++/9Vox0Ryz3XGtMyfNucstGK45N7/hMBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAD4H/gzAAD//zB3TbY=")
open(&(0x7f0000000040)='./bus\x00', 0x400141042, 0x0)
mount(&(0x7f0000000280)=@loop={'/dev/loop', 0x0}, &(0x7f0000000140)='./bus\x00', 0x0, 0x5000, 0x0)
r0 = open(&(0x7f0000000000)='./bus\x00', 0x8000, 0xa0)
ioctl$LOOP_SET_STATUS64(r0, 0x4c04, &(0x7f0000000540)={0x0, 0x0, 0x0, 0x7fffffffffffffff, 0x8005, 0x0, 0x0, 0x12, 0xd, "ef359f413bb93852f7d6a4ae6dddfbd1ce5d29c2ee5e5ca9000ff8ee09e737ff0edf110ff4117639c2eb4b78c660e677df701905b9aafab4afaaf755a3f6a004", "036c47c6780820d1cbf7966d61fdcf335263bd9bffbcc2542ded71038259ca171ce1a311ef54ec32d71e14ef3dc177e9b48b00", "f28359738e229a4c66810000000000d300e6d602000000000000000000000001", [0x204]})
syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f0000000100))

6m16.414214649s ago: executing program 1 (id=85):
syz_open_dev$dri(&(0x7f0000000000), 0x1f, 0x0)
r0 = socket$inet6_sctp(0xa, 0x5, 0x84)
getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r0, 0x84, 0x6f, &(0x7f0000000200)={0x0, 0x10, &(0x7f0000000280)=[@in={0x2, 0x4e20, @local}]}, &(0x7f0000000140)=0x10)
process_madvise(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000080)="ec", 0x1}], 0x1, 0x66, 0x0)
mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x5)
r1 = socket$inet6_sctp(0xa, 0x5, 0x84)
getsockopt$inet_sctp6_SCTP_RTOINFO(r1, 0x84, 0x0, &(0x7f0000000000)={0x0, 0x867b, 0x5, 0xb4}, &(0x7f0000000080)=0x10)

6m15.320103545s ago: executing program 2 (id=87):
r0 = socket(0x40000000015, 0x5, 0x0)
connect$inet(r0, &(0x7f0000000040)={0x2, 0x4e28, @initdev={0xac, 0x1e, 0x0, 0x0}}, 0x10)

6m15.024374628s ago: executing program 1 (id=89):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = syz_open_dev$MSR(&(0x7f0000000240), 0x0, 0x0)
read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8)
r1 = socket$netlink(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX_802154(0xffffffffffffffff, 0x8933, 0x0)
bind$netlink(r1, &(0x7f0000514ff4)={0x10, 0x0, 0x0, 0x2ffffffff}, 0xc)
r2 = syz_open_dev$usbfs(0x0, 0x75, 0x109103)
ioctl$USBDEVFS_ALLOW_SUSPEND(r2, 0x5522)
r3 = syz_open_procfs(0x0, &(0x7f0000000700)='mounts\x00')
read$FUSE(r3, &(0x7f00000029c0)={0x2020}, 0x2020)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
r5 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r4, 0x8933, &(0x7f00000000c0)={'wlan0\x00', <r6=>0x0})
sendmsg$NL80211_CMD_START_AP(r4, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000240)={0x74, r5, 0x5, 0x4, 0x25dfdbfe, {{}, {@val={0x8, 0x3, r6}, @void}}, [@beacon=[@NL80211_ATTR_BEACON_HEAD={0x47, 0xe, {{{}, {}, @device_b, @broadcast, @random="40b2bc5eb7e8"}, 0x0, @random=0x4, 0x0, @val={0x0, 0x6, @default_ibss_ssid}, @void, @void, @void, @void, @void, @val={0x25, 0x3, {0x1, 0x3, 0x8}}, @val={0x2a, 0x1, {0x1, 0x1, 0x1}}, @val={0x3c, 0x4, {0x1, 0x7, 0x3c, 0x2}}, @void, @void, @val={0x71, 0x7, {0x1, 0x1, 0x0, 0x1, 0x1, 0xf0, 0x8}}, @void}}], @NL80211_ATTR_BEACON_INTERVAL={0x8}, @NL80211_ATTR_DTIM_PERIOD={0x8}]}, 0x74}}, 0x0)
ioctl$USBDEVFS_SUBMITURB(r2, 0x8038550a, &(0x7f0000000880)=@urb_type_iso={0x0, {0x1, 0x1}, 0x49e, 0xc0, 0x0, 0x0, 0x3, 0x60000, 0x0, 0x800, 0x8, 0x0})
ioctl$AUTOFS_DEV_IOCTL_CATATONIC(r3, 0xc0189379, &(0x7f0000000300)={{0x1, 0x1, 0x18, r4}, './file0\x00'})

6m14.589211587s ago: executing program 32 (id=89):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = syz_open_dev$MSR(&(0x7f0000000240), 0x0, 0x0)
read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8)
r1 = socket$netlink(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX_802154(0xffffffffffffffff, 0x8933, 0x0)
bind$netlink(r1, &(0x7f0000514ff4)={0x10, 0x0, 0x0, 0x2ffffffff}, 0xc)
r2 = syz_open_dev$usbfs(0x0, 0x75, 0x109103)
ioctl$USBDEVFS_ALLOW_SUSPEND(r2, 0x5522)
r3 = syz_open_procfs(0x0, &(0x7f0000000700)='mounts\x00')
read$FUSE(r3, &(0x7f00000029c0)={0x2020}, 0x2020)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
r5 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r4, 0x8933, &(0x7f00000000c0)={'wlan0\x00', <r6=>0x0})
sendmsg$NL80211_CMD_START_AP(r4, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000240)={0x74, r5, 0x5, 0x4, 0x25dfdbfe, {{}, {@val={0x8, 0x3, r6}, @void}}, [@beacon=[@NL80211_ATTR_BEACON_HEAD={0x47, 0xe, {{{}, {}, @device_b, @broadcast, @random="40b2bc5eb7e8"}, 0x0, @random=0x4, 0x0, @val={0x0, 0x6, @default_ibss_ssid}, @void, @void, @void, @void, @void, @val={0x25, 0x3, {0x1, 0x3, 0x8}}, @val={0x2a, 0x1, {0x1, 0x1, 0x1}}, @val={0x3c, 0x4, {0x1, 0x7, 0x3c, 0x2}}, @void, @void, @val={0x71, 0x7, {0x1, 0x1, 0x0, 0x1, 0x1, 0xf0, 0x8}}, @void}}], @NL80211_ATTR_BEACON_INTERVAL={0x8}, @NL80211_ATTR_DTIM_PERIOD={0x8}]}, 0x74}}, 0x0)
ioctl$USBDEVFS_SUBMITURB(r2, 0x8038550a, &(0x7f0000000880)=@urb_type_iso={0x0, {0x1, 0x1}, 0x49e, 0xc0, 0x0, 0x0, 0x3, 0x60000, 0x0, 0x800, 0x8, 0x0})
ioctl$AUTOFS_DEV_IOCTL_CATATONIC(r3, 0xc0189379, &(0x7f0000000300)={{0x1, 0x1, 0x18, r4}, './file0\x00'})

6m14.572805878s ago: executing program 2 (id=91):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=@newsa={0xf0, 0x10, 0x713, 0x70bd28, 0x2, {{@in6=@loopback, @in=@initdev={0xac, 0x1e, 0x1, 0x0}, 0x4e22, 0x4, 0x0, 0x4, 0x2, 0x0, 0x80, 0x2e}, {@in6=@remote, 0x0, 0x32}, @in6=@local, {0x0, 0x0, 0x8, 0xe, 0x6, 0x0, 0x0, 0x980}, {0x0, 0x39, 0x2, 0xfffffffffffffff8}, {0xc, 0x0, 0x2}, 0x70bd29, 0x0, 0x2, 0x5, 0x0, 0xac}}, 0xf0}, 0x1, 0x0, 0x0, 0xc0}, 0x0)
mprotect(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_SET_IRQCHIP(r1, 0x4048aec9, &(0x7f0000000080)={0x2, 0x0, @ioapic={0x4, 0x1, 0x5, 0x2, 0x0, [{0xf, 0x0, 0x0, '\x00', 0xe}, {0x5, 0x0, 0x0, '\x00', 0xfc}, {0x6, 0x1, 0x7, '\x00', 0x3}, {0xfa, 0x8, 0x5, '\x00', 0xa0}, {0x3, 0x8, 0x0, '\x00', 0x4}, {0xa, 0x6, 0x5}, {0xb8, 0xda, 0xd, '\x00', 0x59}, {0xb, 0x1, 0xc, '\x00', 0x3}, {0x9, 0x7, 0x81, '\x00', 0x9}, {0x0, 0x6, 0x4, '\x00', 0x9}, {0xfe, 0x5, 0xd, '\x00', 0xa}, {0x2, 0xb, 0x45, '\x00', 0xc2}, {0xd2, 0xab, 0x8, '\x00', 0x3}, {0x1, 0x3, 0xfe, '\x00', 0x81}, {0x5, 0xfb, 0x1, '\x00', 0x2}, {0xfe, 0x0, 0x6, '\x00', 0xfd}, {0x1b, 0x9, 0x7, '\x00', 0x4}, {0x6, 0x7, 0x4, '\x00', 0x9}, {0xab, 0xef, 0x40, '\x00', 0x6}, {0x8, 0x10, 0x80}, {0x3, 0x3, 0x2, '\x00', 0x86}, {0x9, 0x3, 0xa, '\x00', 0x1}, {0x8a, 0x8e, 0x5, '\x00', 0x9}, {0x56, 0x1, 0x4, '\x00', 0x7f}]}})

6m14.572629748s ago: executing program 33 (id=91):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=@newsa={0xf0, 0x10, 0x713, 0x70bd28, 0x2, {{@in6=@loopback, @in=@initdev={0xac, 0x1e, 0x1, 0x0}, 0x4e22, 0x4, 0x0, 0x4, 0x2, 0x0, 0x80, 0x2e}, {@in6=@remote, 0x0, 0x32}, @in6=@local, {0x0, 0x0, 0x8, 0xe, 0x6, 0x0, 0x0, 0x980}, {0x0, 0x39, 0x2, 0xfffffffffffffff8}, {0xc, 0x0, 0x2}, 0x70bd29, 0x0, 0x2, 0x5, 0x0, 0xac}}, 0xf0}, 0x1, 0x0, 0x0, 0xc0}, 0x0)
mprotect(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_SET_IRQCHIP(r1, 0x4048aec9, &(0x7f0000000080)={0x2, 0x0, @ioapic={0x4, 0x1, 0x5, 0x2, 0x0, [{0xf, 0x0, 0x0, '\x00', 0xe}, {0x5, 0x0, 0x0, '\x00', 0xfc}, {0x6, 0x1, 0x7, '\x00', 0x3}, {0xfa, 0x8, 0x5, '\x00', 0xa0}, {0x3, 0x8, 0x0, '\x00', 0x4}, {0xa, 0x6, 0x5}, {0xb8, 0xda, 0xd, '\x00', 0x59}, {0xb, 0x1, 0xc, '\x00', 0x3}, {0x9, 0x7, 0x81, '\x00', 0x9}, {0x0, 0x6, 0x4, '\x00', 0x9}, {0xfe, 0x5, 0xd, '\x00', 0xa}, {0x2, 0xb, 0x45, '\x00', 0xc2}, {0xd2, 0xab, 0x8, '\x00', 0x3}, {0x1, 0x3, 0xfe, '\x00', 0x81}, {0x5, 0xfb, 0x1, '\x00', 0x2}, {0xfe, 0x0, 0x6, '\x00', 0xfd}, {0x1b, 0x9, 0x7, '\x00', 0x4}, {0x6, 0x7, 0x4, '\x00', 0x9}, {0xab, 0xef, 0x40, '\x00', 0x6}, {0x8, 0x10, 0x80}, {0x3, 0x3, 0x2, '\x00', 0x86}, {0x9, 0x3, 0xa, '\x00', 0x1}, {0x8a, 0x8e, 0x5, '\x00', 0x9}, {0x56, 0x1, 0x4, '\x00', 0x7f}]}})

3m19.346220645s ago: executing program 4 (id=656):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x11, 0x8, &(0x7f0000003900)=ANY=[@ANYBLOB="620af8ff0c200021bfa100000000000007010000f8ffffffb702000003000000bd120000000000008500000006000000b70000000000000095000000000000003faf4f1e7f2aa3d9b18ed81c0c869b51ec6c0af4e0e4a9446c7670568982b4e020f698393aa0f3881f9c24aa56f15199fad0093c59d66b5ece9f36c70d0f13905ea23c22624c9f87f9793f50bb546040677b0c5077da80fb982c1e9400e693146cea484a415b76966118b64f751a0f241b07080008002d75593a286cecc93e64c227c95aa0b784625704f07a72c234664c0af9360a1f7a5e6b607130c89f18c0c1089d8b853289e01aa27ae8b09e00e79ab20b0b8e1148f49faf2ad0000000000000006fa03c6468972089b302d7bf6023cdcedb5e0125ebbc08dee510cb2364149215108333719acd97cfa107d40224edc5465a932b77e74e802a0d42bc6099ad2300000080006ef6c1ff0900000000000010c63a949e8b7955394ffa82b8e942c89112f4ab87b1bfeda7be586602d985430cea0162ab3fcf4591c926abfb0767192302000000b0eea24492a660583eecb42cbcd3de3a83209da17a0faf60fd6ad9b97aa5fa68480366c9c6fd6fa5043aa3926b81e3b59c95c25a573dc2edcaea2b1a52496dfcaf99431412fd134a996382a1a04d5bb924cfe5f3185418d605ffff9c4d2ec7c32f2095e63c80aff9fa740b5b7632f32030916f89c6dad7603f2ba2a790d62d6faec2fed44da4928b30142ba11de6c5d50b83bae613402216b5054d1e7c13b1355d6f4a8245ffa4997da9c77af4c0eb97fca585ec6bf5af51d564beb6d952aab9c70764b0a8a7583c90b3433b809bdb9fbd48bc873495cbff8a326eea31ae4e0f7505ebf6c9d13330ca005ace1a84521f14518c9b476fccbd6c712016219848624b87cec2dbe98223a0eb4fa39f6b5c02e6d6d90756ff57902a8f57000000009700cf0b4b8bc2294133000000000000000000030000000000000000000000000010008bc0d9559711e6e8861c46495ba585a4b2d02edc3e28dd271c896249ed85b980680b00002b435ac15fc0288d9b2a169cdcacc413038dafb7a2c8cb482bac0ac502d9ba96ffffff7f0000100000000000007d5ad897ef3b7cda42013d53046da21b40216e14ba2d6ad5656bfff17addaedab25b30002abbba7fa725f38400be7c1f001b2cd317902f19e385be9e48dccff729433282830689da6b53b263339863297771429d120000003341bf4abacac95900fca0493cf29b33dcc9ffffffffffffffd39fec2271ff01589646efd1cf870cd7bb2366fde41f94290c2a5ff870ce41fd3467decb05cfd9fcb32c8ed1dbd9d10a64c1083d5e71b5565b1768ee58969c41595229df17bcad70fb4021428ce970275d13b78100788f11f76161d46ea3abe0fa4d30dc94ef241875f3b4ce0232fcea69c271d7fa29822aea68a660e717a04becff0f719197724f4fce1093b62d7e8c7123d8ec571be54c72d978cf906df0042e36acd37d7f9e119f2c06f815312e0cfe222a06f56dd022c074eb8a322fb0bf47c0a8d154b405c37feaf3dd95f6ef2ae582786105c7df8be5877050c91301bb997316dbf17866fb84d4173731efe895ff2e1c5560926e90109b598502d3e959efc71f665c4d75cf2458e3546c1c776da64fb5abee0acfd235f2f4632c9062ece84c99a061887a20639b41c8c12ee86c50804042b3fb5aac518a75f9e7d7101d5e186c489b3a06fb99e0aa7f23a054de2f4d92d6bd72ee2c9fdc75aaaf1e3e483b4ad05573af40326993947d9a631bcbf3583784acbda216550d7aec6b79e30cbd128f54c2d3335457acf37331766e472391e358c3b377327ac9ecc34f24c9ae153ec60ac0694dc55bff9f5f45f90400000000000000d6b2c5ea1393fdf24285bf16b99c9cc0ad1857216f1a985f369191ae954febb3df464bfe0f7f3ee9afe7befb89d2777399f5874c553aeb3729cffe86e66964ae09bb6d163118e4cbe024fd4500f8ff0700000000cc9d8046c216c1f895778cb25122a2a9f9b444aeadea2a40da8daccf080842a486721737390cbf3a74cb2003016f1514216bdf57d2a40d40b51ab63e96ec8485b3b8a8c9ae3d14f93100c2e0893862eef552fcde2981f48c482bde8a168c3f5db2fea6f26e4a4304e50c349f4f9ecee27defc93871c5f99b355b72d538ba4958ea8e4aa37094191e10096e7e60fc3541a2c905a1a95e9571bf38ae1981c4238ecaee6f75cd0a6881bd1517a8250ddc8674152f94e3a409e2a3bce109b60000000000000000d6d5210d7503000000a87a27602b81f76386f1535bef1497f92186086e29c6bc5a1fad6ec9a31137abf9a404abde7750898b1bd627e873f8703be8672d70d1ab57075228a9f46ed9bd1f08fb8191bbab2dc51de3a61f0868afc4294859323e6c257a45319f18101288d139bd3da20fed05a8fe64680b0a3fc22dd70400000000946912d6c98cd1a9fbe1e7d58c08acaf30235b918a31d2eca55f74a23641f61f2d5b308cf0d031b0c7f0ced69993e9960ff5f76015e6009556237badf4e7965bbe2777e808fcba821aa8e8c5c39609ff854352cb4900000000000000000000000000c1fee30a3f7a85d1b29e58c77685efc0ceb1c8e5729c66418d169fc03aa188546b3ad2a182068e1e3a0e2505bc7f41019645466a53f1c96e0d4b3bc19faa5449209b083dbd334b47f067bbab40743b2a42010082008df75cf43f8ecc8d3726602111b40e761fd21081920382f14d12ca3c3431ee97471c7868dcda7eaa69eb7f7f80572fdd11bb1d0d1280fbc22bf73468788df51710d7d31c632fc5ed1762eb0b428ee751c47d8e894f745a868404a0bf35f0121008b722b1eaa6aedfa1bf2e7ccb2d61d5d76331945ecefa26b8471d42645288d7226bbd9ccd628ab84875f2c50ba891cea592b0430a537a395dc73bda367bf12cb7d81691a5fe8c47be395656a297e9df0e71f96756ea5cce7daac4be290159f6bcd75f0dda9de5532e71ae9e48b0ed0254a83100000000f6fbb869604d51a36a54c832e45b2569dc0d90b075225fde44c4e0973171ad47d6b0fdf9743af932cd6db49a47613808bad959710300000000000000832d0a45fa4242e24c7e800003c9e8095e02985f28e678f66422436f949e2ab8f162d7e3f855e378f4a1f40b0c6fb2d4b205a800b6d713acebc5b014e61a543a5a194f9ac18d76b5440e3b1a569e7397f6cafa86966d7ba19e720413267a6ccea9c439671d2c680f2753ca184eeeb843450368acb4383a01d25eb3d1e23e0f2645d1cdfa9fa410632f95a5f622f851c66ee7e30393cd7a4d67ff2a49c4f93c0984b5c2d4523497e4d64f95f08493564a1df87111c9bf3194fef97dcecc467ace45feeb685c5870d05f88a0f463db88d377442e1349acaf766218b54a9d624778e1c4e064c98e494198276eb2df7766411bef0ebb5000000000006065d635b0b7a00ee767221d8af9753387e0cd8d718f54a29df6eba3bd4c440e6e2172e3fcc01b8babb757b5c59217b80d0db3ba582814a604e4ef7a803e9ca7c85b35c9b93a9e0885e238b44ae1c2e64cce3b27083b8246829e64056000302bffff15405bd5f2eba20000000000000000000000000000000000009a9823fd8fbc5aa16509945ed032b48ea12d8e0588dc52702e4084913a06d468d0928bad76d697e1f85ab030e788d38788ee5b5428d4a971cc97db9fd231088e570735ce129e7e77fc2777692664a1488fd8d6dff4dad618fd54f529d4555c6507009ee69dd1bc55258789b24052137e9637f3efbab71720f88c3c44b3b7486f979e8a3174b531f573fe0e5239c000be2733c49546f6e8a9175ec6f14dbf72cac91643b2fd99c29eca28a3c2e60d5e5b8795fae16a7c3ea57e728eca35eaf0155a39f97580e079175426c088a0208040982a0000000000000000000000000051ceaaf0159fe61f2eade7603d0a7a56fb09cd119ac06adb6597155ae47846892bb423c024d8cbe9240b71ec6dc2124d3a19e2d714b273d95d1d3aa737cb04a33615ff2a730e51067d5d675d7122361c37c61a43b5afd865b60d4cae891b73220f17d25985a7f76834995e53a93a1c7b9eef267df691ca983a0b15bda7f6c5c1ca7aa50261a3089a1ebf0734c9b07e8951ff023263ad5aed8cfb49b49e128c697724c057d22c5df5aef27ce3db11d5ad5527d149d076e1a87e2df27c0cb8a67ad026bf953e88f10447e125c2c0f1aebee1f3390a9e3ddad4e2a6e0f6e4569fdefa19e870e04acf9493b963f98e23cfc665e4f465fa3f801e1957c399e45f61d3459b1c606204368bb931345af2823c487d2fd99db6ea6e008e7ffa06ca861551189d155bd077a79fe2c7e961352e56824f727d21d41eae78bfec4a2d7a7edbc8ef958c5ea599f7c25bf71c2340558aa12fdd24a88aaad5921aee7dae6a2f3009d9cb43ab4898d0f0aa565431b6abe585d75db04d1c9ba0b9de4ae8b0d3132bc6810cc9a693979f55174a72e1df9fdef35bc470f9e6e591982757f45c52c645d891bf63bb21fb66926ebe1a8525611fc3e8bb8795c36dc2a86b5ab46ff33cc74f61751b2dae92676db85c8d0c721b7ea4544bf51c95c86fcac1f434d09d1ee4928aafe23de66fed972e0dddfb33f64e48701b049239e7f552d816441d11c4c2647c014462344359198d97c4b6e9ed31ca18987b64de079b2bed641e8a92f13ca70844c65cb423d01950b0ebf44bd28e09c05d9ae5dd689fb880fb18d042219f5ac60c3a03b085abf3e8e3efc842a8d328733461f04c99607061c65ed14c61322a5ac2d371a95b8ad867ec92d13a4fa4ae033a09673866cd77f4bcdaaa05207166b19a8758d8855400d8c6a7242dc207251e8797eca24ea4f487663e60f2f5e1f1424958fd148f846830e88a42d93e1fe9c0b4a4a268921738938aa9f3cb3811ac87c54c8ebc8bcfb4613cc3a997ff1579edbd4ade8020e3ad001b072b1a751b588ac4639f35a58e00a50c0270608c7a7f10132b1c25b9ea81232fbef665f6212f875b2a0000000000000000000000000000cf7b6c4ba9bec153d6834bfef080df374703a8ff56a63ec1fe5f2e05a79e3cace7283dd68d41e94420c325fe4dae144fde5ec25a87d625cab20753a77b323fa3783c8b675859b9012647885a242adfee2fe812ecbe5191e0a15142f7349e7627cc39d724e2e34e7a24154f26ae3125b36d0504965295d0453902ac7079b11a3a1e655e482331e3dc35b2e7e4e3ea99064fe5b9c8ae0ca3e5fd653f3286a99d81ce4eba765c38d097391ad4babac38ce5b4344e24a361cd54e5"], &(0x7f0000000380)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8, 0x10, &(0x7f0000000000), 0x10}, 0x2e)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000540)='rcu_utilization\x00', r0}, 0x10)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x6)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x0, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
setsockopt$IPT_SO_SET_REPLACE(0xffffffffffffffff, 0x0, 0x40, 0x0, 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x8)
mkdirat(0xffffffffffffff9c, &(0x7f0000000340)='./file1\x00', 0x88)
mkdir(&(0x7f0000000300)='./bus\x00', 0x0)
mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f0000000400)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@upperdir={'upperdir', 0x3d, './file1'}}]})
r4 = open(0x0, 0x0, 0x718bb647156ec3b7)
mknodat$loop(r4, 0x0, 0x200, 0x0)
chdir(&(0x7f0000000140)='./bus\x00')
open(&(0x7f0000000440)='./file0\x00', 0xe8142, 0x0)

3m17.473743344s ago: executing program 4 (id=661):
openat2(0xffffffffffffff9c, 0x0, &(0x7f0000000040)={0x400000, 0x30, 0x4}, 0x18)
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, 0x0, &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r0}, 0x10)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x7, 0x100}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
keyctl$set_reqkey_keyring(0xf, 0xfffffffb)
close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2)
syz_open_dev$usbmon(0x0, 0x2, 0x101800)
write$uinput_user_dev(0xffffffffffffffff, &(0x7f0000000400)={'syz0\x00', {0x3, 0x2, 0x6, 0xfffa}, 0x3a, [0x8000, 0xc95a, 0x100f, 0x8, 0x80, 0x2, 0x3, 0x7f, 0x20000006, 0x4d, 0x6, 0x5f, 0x9, 0x5, 0xffff2d37, 0xffffff01, 0x6, 0x3, 0x0, 0x5, 0x4, 0x0, 0x9, 0x3c5b, 0x1, 0x24, 0x6, 0x1, 0x5, 0xffffffff, 0xe661, 0x4, 0xb, 0x3, 0x8, 0x4c74, 0x80000000, 0x242, 0x3, 0xe, 0x0, 0x80008071, 0x7, 0x17, 0x1, 0x7, 0x5, 0x3e, 0x8f, 0x4006, 0x6, 0x0, 0x5, 0x4, 0x8, 0x400, 0x80, 0x0, 0x5, 0x6, 0x8, 0x4, 0xfffffffe, 0x40], [0x10000007, 0x9, 0x10000, 0x6, 0x5, 0x6, 0x129432e6, 0xc8, 0xf9, 0xe, 0x2bf, 0x6c7, 0x9, 0xfffffffc, 0x3, 0x0, 0x0, 0x5, 0x2f, 0xe, 0x312, 0x78, 0xea4, 0x0, 0x4, 0x7, 0x7fff, 0x9, 0x420, 0x401, 0x6, 0x1, 0xff, 0x5, 0x1000005, 0x5f31, 0xd, 0x4e0, 0x2, 0x2, 0xb, 0x4, 0x9, 0x8, 0x9, 0xb, 0x47, 0x8000, 0x1, 0xfe000000, 0xffff, 0x2, 0x4, 0x9, 0x3, 0x3, 0x9, 0x1, 0x3, 0x3, 0xbc45, 0x1, 0x42, 0x3], [0x7, 0x408, 0x4, 0x5, 0xfffffffe, 0x100, 0x8d2, 0x9, 0x0, 0x2, 0x0, 0x5, 0xb, 0x4, 0x9, 0x5, 0x0, 0x1ef, 0x5, 0x8, 0x10000, 0x3, 0x5, 0x3e7, 0xb, 0x5, 0x2, 0x2, 0x3, 0x20000008, 0x4, 0x6d01, 0x6, 0x3b, 0x800003, 0x200, 0x80, 0x5, 0x4, 0x2950bfaf, 0xffe, 0xa2, 0x5, 0xa9, 0x5, 0x9, 0xac8, 0xbf, 0xc, 0x3, 0x7ff, 0x12b, 0x4, 0x1, 0x0, 0x0, 0x5, 0x1c, 0x120000, 0x3, 0x2006, 0x80a2ed, 0x4, 0x25], [0x9, 0xbb33, 0x7, 0x80b, 0x5, 0x938, 0x6, 0x6, 0x0, 0xb9, 0xce7, 0x9, 0x2, 0x57, 0x5, 0x3, 0x101, 0xf142, 0x4, 0x7fff, 0xffff, 0x2000a620, 0x2, 0x5, 0x1, 0x2, 0x5, 0xe7, 0x6, 0x16, 0xffffffff, 0x80000003, 0x5, 0x4, 0xc8, 0x9, 0xfffff000, 0x10000, 0x3, 0x7e, 0x100, 0x9602, 0x7, 0xaf, 0x8, 0x6, 0x10000226, 0x5, 0x5, 0x8, 0x30b1d693, 0xa1f, 0xf40, 0x7, 0x1, 0x6c1b, 0x0, 0x4, 0x5, 0xb1e, 0xd7, 0x1fd, 0xffff343e, 0xfff]}, 0x45c)
ppoll(&(0x7f00000000c0)=[{}, {}], 0x20000000000000dc, 0x0, 0x0, 0x0)
openat$sysfs(0xffffffffffffff9c, 0x0, 0x2202, 0x0)
r4 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r4, 0x0, 0x0)
setsockopt$ALG_SET_KEY(r4, 0x117, 0x1, &(0x7f0000000280), 0x0)
accept4(r4, 0x0, 0x0, 0x800)

3m15.676047771s ago: executing program 4 (id=664):
socket$packet(0x11, 0xa, 0x300)
socket$packet(0x11, 0x2, 0x300)
r0 = socket$inet6(0xa, 0x800000000000002, 0x0)
setsockopt$sock_linger(r0, 0x1, 0x3c, &(0x7f0000000180)={0x200000000000001}, 0x8)
sendto$inet6(r0, 0x0, 0x0, 0x4c881, &(0x7f0000000540)={0xa, 0x4e24, 0x10, @mcast2}, 0x1c)
sendmmsg$inet6(r0, &(0x7f0000000a80)=[{{0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000000580)='B', 0x1}], 0x1}}], 0x1, 0x400c404)
sendmmsg$inet6(r0, &(0x7f00000055c0)=[{{0x0, 0x0, 0x0}}], 0x1, 0x84)

3m15.130518294s ago: executing program 4 (id=668):
socketpair$unix(0x1, 0x2, 0x0, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x6, &(0x7f0000000400)={0x1, &(0x7f0000000200)=[{0x6, 0x0, 0x0, 0x7fffffff}]})
openat$dma_heap(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r3 = syz_open_dev$dri(&(0x7f0000000040), 0x1ff, 0x80000)
ioctl$DRM_IOCTL_PRIME_FD_TO_HANDLE(r3, 0xc00c642e, &(0x7f00000000c0))

3m14.115499588s ago: executing program 4 (id=670):
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000180), 0x482, 0x0)
ioctl$TCSETS(r0, 0x5402, 0x0)
write$binfmt_aout(r0, 0x0, 0xff2e)
ioctl$TCSETS(r0, 0x40045431, &(0x7f0000000580)={0x0, 0x0, 0x3, 0x0, 0x1b, "00000000000000000000ffff00"})
ioctl$TCSETS(r0, 0x5402, &(0x7f0000000080)={0x0, 0xfffffffd, 0x0, 0x6, 0x1, "e315bc1cc24ff7b7cdb242e1ff0aa6905446b3"})
syz_open_pts(r0, 0x0)
setsockopt$inet_int(0xffffffffffffffff, 0x0, 0x2, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x800, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x7)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x48c00, 0x0)
r1 = syz_open_dev$sndmidi(&(0x7f0000000100), 0x2, 0x141102)
writev(r1, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
setrlimit(0x6, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000001200)={0x3a49f0d23cba354b, 0x3, &(0x7f0000000080)=ANY=[@ANYBLOB="0200"], &(0x7f0000000000)='syzkaller\x00', 0x400}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
ioctl$SNDRV_CTL_IOCTL_HWDEP_INFO(0xffffffffffffffff, 0x80dc5521, &(0x7f00000001c0)=""/4096)
r2 = add_key$fscrypt_provisioning(&(0x7f0000000300), &(0x7f0000000340)={'syz', 0x2}, &(0x7f0000000380)=ANY=[], 0x48, 0xffffffffffffffff)
keyctl$set_timeout(0xf, r2, 0x0)
keyctl$KEYCTL_WATCH_KEY(0x20, r2, 0xffffffffffffffff, 0xd)
socket(0x400000000010, 0x3, 0x200101)
bpf$MAP_CREATE(0x0, 0x0, 0xffffffffffffff5c)
connect$vsock_stream(0xffffffffffffffff, 0x0, 0x0)
pread64(0xffffffffffffffff, &(0x7f000001a240)=""/102400, 0x19000, 0x100008)

3m11.70210323s ago: executing program 4 (id=677):
bind$bt_hci(0xffffffffffffffff, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000000)={0x8, 0xf3}, 0x0)
sched_setaffinity(0x0, 0x11, &(0x7f0000000180)=0x1400200bce)
sched_setscheduler(0x0, 0x1, &(0x7f0000002200)=0x1)
r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
socket$packet(0x11, 0x3, 0x300)
setsockopt$IP6T_SO_SET_REPLACE(0xffffffffffffffff, 0x29, 0x40, &(0x7f0000000000)=@mangle={'mangle\x00', 0x64, 0x6, 0x670, 0x0, 0x2e0, 0x428, 0x2e0, 0x2e0, 0x5a0, 0x5a0, 0x5a0, 0x5a0, 0x5a0, 0x6, 0x0, {[{{@uncond, 0x0, 0xa8, 0xd0}, @common=@unspec=@NFQUEUE2={0x28, 'NFQUEUE\x00', 0x2, {0x0, 0x5}}}, {{@ipv6={@mcast1, @local, [], [], 'macvtap0\x00', 'ip6tnl0\x00', {}, {}, 0x6}, 0x0, 0xa8, 0xe8}, @inet=@TPROXY1={0x40, 'TPROXY\x00', 0x1, {0x0, 0x0, @ipv4=@broadcast}}}, {{@ipv6={@mcast2, @loopback, [], [], 'veth0_to_team\x00', 'syzkaller0\x00', {}, {0xff}}, 0x0, 0x100, 0x128, 0x0, {}, [@common=@unspec=@connmark={{0x30}}, @common=@inet=@socket1={{0x28, 'socket\x00', 0x3}}]}, @common=@unspec=@CONNSECMARK={0x28, 'CONNSECMARK\x00', 0x0, {0x1}}}, {{@uncond, 0x0, 0x120, 0x148, 0x0, {}, [@common=@frag={{0x30}}, @common=@hbh={{0x48}, {0x0, 0x0, 0x0, [0x4]}}]}, @inet=@DSCP={0x28}}, {{@uncond, 0x0, 0x138, 0x178, 0x0, {}, [@common=@dst={{0x48}}, @common=@dst={{0x48}}]}, @inet=@TPROXY1={0x40, 'TPROXY\x00', 0x1, {0x0, 0x0, @ipv4=@dev}}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x6d0)
read$msr(r0, &(0x7f000001b700)=""/102392, 0x18ff8)
ioprio_set$uid(0x3, 0x0, 0x0)
mmap(&(0x7f0000090000/0x3000)=nil, 0x3000, 0x9, 0x100010, r0, 0x9ab6e000)
r1 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x48)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1f, 0xd, &(0x7f0000000280)=@framed={{0x18, 0x0, 0x0, 0x0, 0x200000}, [@call={0x85, 0x0, 0x0, 0x7b}, @ringbuf_output={{0x18, 0x1, 0x1, 0x0, r1}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x8a}, {}, {}, {}, {}, {0x7, 0x0, 0xb, 0x4, 0x0, 0x0, 0x2}}]}, &(0x7f0000000140)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x38, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$PROG_BIND_MAP(0xa, &(0x7f0000000000)={r2}, 0xc)
r3 = creat(&(0x7f0000000040)='./file7\x00', 0x1a2)
fallocate(r3, 0x40, 0xfffffffffffffe01, 0x2000406)
r4 = getpid()
ioprio_get$pid(0x1, r4)
mmap(&(0x7f0000225000/0x3000)=nil, 0x3000, 0x0, 0x40010, 0xffffffffffffffff, 0xfc8cc000)
accept$alg(0xffffffffffffffff, 0x0, 0x0)
setsockopt$inet_IP_XFRM_POLICY(0xffffffffffffffff, 0x0, 0x11, &(0x7f0000000180)={{{@in=@private=0xa010102, @in=@local, 0x4e22, 0x400, 0x4e21, 0x0, 0xa, 0x80, 0x40, 0x2f}, {0xfff, 0x401, 0x7, 0x2, 0x5, 0x2, 0x9277, 0xa676}, {0x80000000, 0x1006, 0x10003, 0x5}, 0x27, 0x0, 0x2, 0x1, 0x3, 0x1}, {{@in6=@private1={0xfc, 0x1, '\x00', 0x1}, 0x4d2, 0x32}, 0x2, @in6=@remote, 0x3504, 0x10b43197a60a3a06, 0x0, 0x2, 0x81, 0xffffffa0, 0x2}}, 0xe8)
r5 = socket$inet6(0xa, 0x2, 0x0)
setsockopt$inet6_int(r5, 0x29, 0x35, &(0x7f0000000000)=0x8000, 0x4)
bind$inet6(0xffffffffffffffff, 0x0, 0x0)
r6 = socket$inet6(0xa, 0x80002, 0x0)
setsockopt$inet6_int(r6, 0x29, 0x19, &(0x7f0000000000)=0x84, 0xfde1)
sendto$inet6(r6, 0x0, 0x0, 0x200cc045, 0x0, 0x0)
recvmmsg(r6, 0x0, 0x0, 0x40002003, 0x0)

2m56.011052129s ago: executing program 34 (id=677):
bind$bt_hci(0xffffffffffffffff, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000000)={0x8, 0xf3}, 0x0)
sched_setaffinity(0x0, 0x11, &(0x7f0000000180)=0x1400200bce)
sched_setscheduler(0x0, 0x1, &(0x7f0000002200)=0x1)
r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
socket$packet(0x11, 0x3, 0x300)
setsockopt$IP6T_SO_SET_REPLACE(0xffffffffffffffff, 0x29, 0x40, &(0x7f0000000000)=@mangle={'mangle\x00', 0x64, 0x6, 0x670, 0x0, 0x2e0, 0x428, 0x2e0, 0x2e0, 0x5a0, 0x5a0, 0x5a0, 0x5a0, 0x5a0, 0x6, 0x0, {[{{@uncond, 0x0, 0xa8, 0xd0}, @common=@unspec=@NFQUEUE2={0x28, 'NFQUEUE\x00', 0x2, {0x0, 0x5}}}, {{@ipv6={@mcast1, @local, [], [], 'macvtap0\x00', 'ip6tnl0\x00', {}, {}, 0x6}, 0x0, 0xa8, 0xe8}, @inet=@TPROXY1={0x40, 'TPROXY\x00', 0x1, {0x0, 0x0, @ipv4=@broadcast}}}, {{@ipv6={@mcast2, @loopback, [], [], 'veth0_to_team\x00', 'syzkaller0\x00', {}, {0xff}}, 0x0, 0x100, 0x128, 0x0, {}, [@common=@unspec=@connmark={{0x30}}, @common=@inet=@socket1={{0x28, 'socket\x00', 0x3}}]}, @common=@unspec=@CONNSECMARK={0x28, 'CONNSECMARK\x00', 0x0, {0x1}}}, {{@uncond, 0x0, 0x120, 0x148, 0x0, {}, [@common=@frag={{0x30}}, @common=@hbh={{0x48}, {0x0, 0x0, 0x0, [0x4]}}]}, @inet=@DSCP={0x28}}, {{@uncond, 0x0, 0x138, 0x178, 0x0, {}, [@common=@dst={{0x48}}, @common=@dst={{0x48}}]}, @inet=@TPROXY1={0x40, 'TPROXY\x00', 0x1, {0x0, 0x0, @ipv4=@dev}}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x6d0)
read$msr(r0, &(0x7f000001b700)=""/102392, 0x18ff8)
ioprio_set$uid(0x3, 0x0, 0x0)
mmap(&(0x7f0000090000/0x3000)=nil, 0x3000, 0x9, 0x100010, r0, 0x9ab6e000)
r1 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x48)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1f, 0xd, &(0x7f0000000280)=@framed={{0x18, 0x0, 0x0, 0x0, 0x200000}, [@call={0x85, 0x0, 0x0, 0x7b}, @ringbuf_output={{0x18, 0x1, 0x1, 0x0, r1}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x8a}, {}, {}, {}, {}, {0x7, 0x0, 0xb, 0x4, 0x0, 0x0, 0x2}}]}, &(0x7f0000000140)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x38, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$PROG_BIND_MAP(0xa, &(0x7f0000000000)={r2}, 0xc)
r3 = creat(&(0x7f0000000040)='./file7\x00', 0x1a2)
fallocate(r3, 0x40, 0xfffffffffffffe01, 0x2000406)
r4 = getpid()
ioprio_get$pid(0x1, r4)
mmap(&(0x7f0000225000/0x3000)=nil, 0x3000, 0x0, 0x40010, 0xffffffffffffffff, 0xfc8cc000)
accept$alg(0xffffffffffffffff, 0x0, 0x0)
setsockopt$inet_IP_XFRM_POLICY(0xffffffffffffffff, 0x0, 0x11, &(0x7f0000000180)={{{@in=@private=0xa010102, @in=@local, 0x4e22, 0x400, 0x4e21, 0x0, 0xa, 0x80, 0x40, 0x2f}, {0xfff, 0x401, 0x7, 0x2, 0x5, 0x2, 0x9277, 0xa676}, {0x80000000, 0x1006, 0x10003, 0x5}, 0x27, 0x0, 0x2, 0x1, 0x3, 0x1}, {{@in6=@private1={0xfc, 0x1, '\x00', 0x1}, 0x4d2, 0x32}, 0x2, @in6=@remote, 0x3504, 0x10b43197a60a3a06, 0x0, 0x2, 0x81, 0xffffffa0, 0x2}}, 0xe8)
r5 = socket$inet6(0xa, 0x2, 0x0)
setsockopt$inet6_int(r5, 0x29, 0x35, &(0x7f0000000000)=0x8000, 0x4)
bind$inet6(0xffffffffffffffff, 0x0, 0x0)
r6 = socket$inet6(0xa, 0x80002, 0x0)
setsockopt$inet6_int(r6, 0x29, 0x19, &(0x7f0000000000)=0x84, 0xfde1)
sendto$inet6(r6, 0x0, 0x0, 0x200cc045, 0x0, 0x0)
recvmmsg(r6, 0x0, 0x0, 0x40002003, 0x0)

1m39.790277767s ago: executing program 6 (id=885):
pipe2(&(0x7f0000000000)={0x0, <r0=>0x0}, 0x0)
bpf$MAP_CREATE(0x0, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f00000001c0)=0x8)
r1 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x6770c000)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
r4 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$inet_mreqn(r4, 0x0, 0x27, &(0x7f0000000000)={@multicast2, @local}, 0xc)
socket$tipc(0x1e, 0x5, 0x0)
close_range(r0, 0xffffffffffffffff, 0x0)

1m37.428143668s ago: executing program 6 (id=888):
socket$nl_route(0x10, 0x3, 0x0)
socket$netlink(0x10, 0x3, 0x0)
socket(0x10, 0x3, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
socket$inet_tcp(0x2, 0x1, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="04000000040000000400000005"], 0x48)
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000180)={'syz_tun\x00', <r1=>0x0})
r2 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x48)
r3 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0e"], 0x48)
r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x6, 0x10, &(0x7f0000000280)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b702000002000000850000008600000018110000", @ANYRES32=r3, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bca2000000000000a6020000f8ffffffb703000008000000b704000000000000850000003300000095"], &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @xdp, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000180)='memory.events\x00', 0x26e1, 0x0)
socket$inet(0xa, 0x801, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
socket$vsock_stream(0x28, 0x1, 0x0)
syz_init_net_socket$bt_rfcomm(0x1f, 0x1, 0x3)
socket$inet(0xa, 0x801, 0x0)
socket$vsock_stream(0x28, 0x1, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000040))
r5 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000580)='memory.events\x00', 0x100002, 0x0)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000400)={{r3}, &(0x7f0000000240), &(0x7f00000003c0)=r5}, 0x20)
bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f0000000000)={r4, r1, 0x25, 0x2, @void}, 0x10)
syz_emit_ethernet(0x4a, &(0x7f00000003c0)={@local, @empty, @void, {@ipv6={0x86dd, @tcp={0x0, 0x6, "0a8435", 0x14, 0x2f, 0x0, @remote, @local, {[], {{0x0, 0x22eb, 0x41424344, 0x41424344, 0x0, 0x0, 0x5}}}}}}}, 0x0)

1m32.92341439s ago: executing program 6 (id=894):
sendmsg$nl_xfrm(0xffffffffffffffff, 0x0, 0x20000140)
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r0}, 0x10)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x102}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs={0x0, 0x0, 0xfffffffe}, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
r4 = socket$inet6(0xa, 0x2, 0x3a)
connect$inet6(r4, 0x0, 0x0)
setsockopt$inet6_int(r4, 0x29, 0x3e, 0x0, 0x0)
sendto$inet6(r4, &(0x7f0000000080), 0x0, 0x0, 0x0, 0x0)
syz_io_uring_setup(0x6de4, &(0x7f0000000180)={0x0, 0x113a, 0x2, 0x2}, &(0x7f00000000c0), &(0x7f0000000000))
bpf$MAP_CREATE(0x0, &(0x7f0000000840)=ANY=[@ANYBLOB="05000000050000000100000004"], 0x48)
close(0x3)
syz_open_dev$mouse(&(0x7f00000000c0), 0x0, 0x2042)
io_setup(0x9, &(0x7f0000000b80))

1m31.092524518s ago: executing program 6 (id=898):
syz_open_dev$radio(&(0x7f0000000300), 0x2, 0x2)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r0 = getpid()
sched_setaffinity(0x0, 0x0, 0x0)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
connect$unix(0xffffffffffffffff, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(0xffffffffffffffff, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x3, &(0x7f0000000c00)=@framed, &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000080)='sched_switch\x00', r1}, 0x10)
rseq(&(0x7f00000000c0)={0x0, 0x0, 0x0, 0x4}, 0x20, 0x0, 0x0)
syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff)

1m30.401290457s ago: executing program 6 (id=903):
r0 = socket$pppl2tp(0x18, 0x1, 0x1)
connect$pppl2tp(r0, &(0x7f0000000740)=@pppol2tpv3={0x18, 0x1, {0x3, 0xffffffffffffffff, {0x2, 0x4e23, @broadcast}, 0x2, 0x0, 0x4}}, 0x2e)

1m30.062004852s ago: executing program 6 (id=906):
r0 = socket$inet(0x2, 0x4000000000000001, 0x0)
bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e23, @local}, 0x10)
setsockopt$sock_int(r0, 0x1, 0x2f, &(0x7f00000000c0)=0x4, 0x4)
sendto$inet(r0, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000002640)=ANY=[@ANYBLOB="740000001000010027bd7000fcdbdf2500000000", @ANYRES32=0x0, @ANYBLOB="380904000300000008001b"], 0x74}, 0x1, 0x0, 0x0, 0x68010}, 0x0)
sendmmsg$inet(r0, &(0x7f0000002f00)=[{{0x0, 0x0, &(0x7f0000000880)=[{&(0x7f0000000b00)="68ddaa732d69a6f7eb258957fccb89134faf578e9ff0cc38595e4c9c1f2a32ceb6799c682d87e991cd718f04a1487a5d99bef5a95019bdd837d20274d2e98cfbde31b70e45fcc74efe1c42ba121fe280bf8af2c22489537e57dee1cc54c41bd8f9086f9498bc3bcc4f0501f1defec42e4faac1dd0b0b67b797182b6c4ce3ff3da7d4d4a1069cada5b152bbd64335f0254ecbfe43c5d7cd5b8403e53ae4f712b05945b98eb3420bb04c7ecf528693bb9693ada19e3a8f9522ab692a2d78aefa8af8f0e6b3b3af268e535bc4a610f7341e7da01249d929b75acf7c99bd21b2b5e3f210e2798f5636bed013dae7ff0d009ca52fffbd88a3964a60786f8f025e4b8fac68f910cdd4a991a6020fcd5a92bc7747acef6f62d087646d32fc37f6d1cabd609e6f392350ebcc02c341a3ce598522d3963374f5eb522919d029136288fd1c08cadfd7f43a3a6618d6dd5ae6baf5b2f321588e9dfc879e213badc550eb9982777b09d808ca8e5540695200193c820ad6ce1e924cdf342a1ff9feeab68af907798fbc0fa570ef885369090c35b0959baf6e29b86833a14cf3532cd537891f27caa37b10cda2cf6e75ddc11cb13c", 0x1ae}], 0x1}}], 0x1, 0x4)

1m14.320899483s ago: executing program 35 (id=906):
r0 = socket$inet(0x2, 0x4000000000000001, 0x0)
bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e23, @local}, 0x10)
setsockopt$sock_int(r0, 0x1, 0x2f, &(0x7f00000000c0)=0x4, 0x4)
sendto$inet(r0, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000002640)=ANY=[@ANYBLOB="740000001000010027bd7000fcdbdf2500000000", @ANYRES32=0x0, @ANYBLOB="380904000300000008001b"], 0x74}, 0x1, 0x0, 0x0, 0x68010}, 0x0)
sendmmsg$inet(r0, &(0x7f0000002f00)=[{{0x0, 0x0, &(0x7f0000000880)=[{&(0x7f0000000b00)="68ddaa732d69a6f7eb258957fccb89134faf578e9ff0cc38595e4c9c1f2a32ceb6799c682d87e991cd718f04a1487a5d99bef5a95019bdd837d20274d2e98cfbde31b70e45fcc74efe1c42ba121fe280bf8af2c22489537e57dee1cc54c41bd8f9086f9498bc3bcc4f0501f1defec42e4faac1dd0b0b67b797182b6c4ce3ff3da7d4d4a1069cada5b152bbd64335f0254ecbfe43c5d7cd5b8403e53ae4f712b05945b98eb3420bb04c7ecf528693bb9693ada19e3a8f9522ab692a2d78aefa8af8f0e6b3b3af268e535bc4a610f7341e7da01249d929b75acf7c99bd21b2b5e3f210e2798f5636bed013dae7ff0d009ca52fffbd88a3964a60786f8f025e4b8fac68f910cdd4a991a6020fcd5a92bc7747acef6f62d087646d32fc37f6d1cabd609e6f392350ebcc02c341a3ce598522d3963374f5eb522919d029136288fd1c08cadfd7f43a3a6618d6dd5ae6baf5b2f321588e9dfc879e213badc550eb9982777b09d808ca8e5540695200193c820ad6ce1e924cdf342a1ff9feeab68af907798fbc0fa570ef885369090c35b0959baf6e29b86833a14cf3532cd537891f27caa37b10cda2cf6e75ddc11cb13c", 0x1ae}], 0x1}}], 0x1, 0x4)

16.567799504s ago: executing program 3 (id=1050):
r0 = socket$igmp(0x2, 0x3, 0x2)
sched_setscheduler(0x0, 0x1, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0xa, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000280)=0x8)
r1 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeea, 0x8031, 0xffffffffffffffff, 0x28f43000)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f0000000180)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
ioctl$EXT4_IOC_GET_ES_CACHE(0xffffffffffffffff, 0xc020660b, 0x0)
r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000001500000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x2, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000080)='sched_switch\x00', r4}, 0x10)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, 0x0, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
openat$zero(0xffffffffffffff9c, 0x0, 0x193c02, 0x0)
io_setup(0x3fe, &(0x7f00000001c0)=<r5=>0x0)
io_submit(r5, 0x0, &(0x7f0000000000))
syz_open_dev$tty1(0xc, 0x4, 0x1)
setsockopt$MRT_ADD_VIF(r0, 0x0, 0xca, &(0x7f00000002c0)={0x1, 0x4, 0x10, 0x0, @vifc_lcl_ifindex, @remote}, 0x10)
setsockopt$MRT_FLUSH(r0, 0x0, 0xd4, &(0x7f0000000040)=0x6, 0x4)

13.589690551s ago: executing program 3 (id=1057):
socketpair$unix(0x1, 0x2, 0x0, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
connect$unix(0xffffffffffffffff, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(0xffffffffffffffff, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
r1 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x6, &(0x7f0000000400)={0x1, &(0x7f0000000200)=[{0x6, 0x0, 0x0, 0x7fffffff}]})
r2 = openat$dma_heap(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$DMA_HEAP_IOCTL_ALLOC(r2, 0xc0184800, &(0x7f0000000100)={0x4, <r3=>r1})
r4 = syz_open_dev$dri(&(0x7f0000000040), 0x1ff, 0x80000)
ioctl$DRM_IOCTL_PRIME_FD_TO_HANDLE(r4, 0xc00c642e, &(0x7f00000000c0)={0x0, 0x0, r3})

11.174120414s ago: executing program 0 (id=1065):
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x2})
r1 = openat$tun(0xffffffffffffff9c, &(0x7f00000001c0), 0x102, 0x0)
close(r1)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$tipc(&(0x7f00000000c0), r2)
sendmsg$TIPC_CMD_ENABLE_BEARER(r2, 0x0, 0x0)
ioctl$SIOCSIFHWADDR(r1, 0x8914, &(0x7f0000002280)={'syzkaller0\x00', @multicast})
r3 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x100, 0x0)
close(r3)
r4 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r5=>0x0})
r6 = socket$unix(0x1, 0x5, 0x0)
r7 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r6, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r8=>0x0})
sendmsg$nl_route_sched(r7, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000740)=@newqdisc={0x68, 0x24, 0x4ee4e6a52ff56541, 0x0, 0x0, {0x0, 0x0, 0x0, r8, {0x0, 0xb}, {0xffff, 0xffff}, {0x0, 0xfff1}}, [@qdisc_kind_options=@q_tbf={{0x8}, {0x3c, 0x2, [@TCA_TBF_PBURST={0x8, 0x7, 0xb86}, @TCA_TBF_PARMS={0x28, 0x1, {{0xa, 0x2, 0xffff, 0x7, 0xcc, 0x3}, {0x0, 0x1, 0x7, 0x8, 0x7f, 0x9}, 0x1, 0x7, 0x1bb6}}, @TCA_TBF_BURST={0x8, 0x6, 0x7f}]}}]}, 0x68}, 0x1, 0x0, 0x0, 0x20000001}, 0x0)
r9 = socket(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r9, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000300)=@newqdisc={0x2c, 0x24, 0x4ee4e6a52ff56541, 0x70b923, 0x80000, {0x0, 0x0, 0x0, r5, {}, {0xb, 0xb}, {0xa, 0xb}}, [@qdisc_kind_options=@q_qfg={0x8}]}, 0x2c}, 0x1, 0x0, 0x0, 0x2001c061}, 0x4008000)
ioctl$SIOCSIFHWADDR(r3, 0x8922, &(0x7f0000002280)={'syzkaller0\x00', @random="2b0100004ec6"})

9.872178099s ago: executing program 3 (id=1067):
r0 = landlock_create_ruleset(&(0x7f0000000080)={0x8601, 0x2}, 0x18, 0x0)
openat$vnet(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0)
syz_open_dev$sndctrl(0x0, 0x1, 0x0)
migrate_pages(0x0, 0x4, 0x0, &(0x7f0000000300)=0xa)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000000)=0x7)
r1 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000040), 0x8002, 0x0)
writev(r1, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
r2 = syz_init_net_socket$802154_raw(0x24, 0x3, 0x0)
setsockopt$SO_BINDTODEVICE(r2, 0x1, 0x19, 0x0, 0x0)
r3 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
move_pages(r3, 0x2, &(0x7f0000000280)=[&(0x7f0000064000/0x1000)=nil, &(0x7f0000064000/0x2000)=nil], 0x0, 0x0, 0x0)
syz_clone(0x1000000, 0x0, 0x0, 0x0, 0x0, 0x0)
r4 = syz_init_net_socket$ax25(0x3, 0x5, 0xcb)
bind$ax25(r4, &(0x7f0000000540)={{0x3, @bcast, 0x1}, [@remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x0}, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @default, @null, @null, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @null, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}]}, 0x48)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r5=>0xffffffffffffffff, <r6=>0xffffffffffffffff})
connect$unix(r5, &(0x7f0000000200)=@abs, 0x6e)
sendmmsg$unix(r6, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r5, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setattr(0x0, &(0x7f0000000280)={0x38, 0x3, 0x8, 0x8004, 0x0, 0x2, 0x8, 0xfffffe0000000008, 0x3, 0xffffffff}, 0x0)
socket$inet6_sctp(0xa, 0x5, 0x84)
futimesat(0xffffffffffffffff, 0x0, 0x0)
connect$ax25(r4, &(0x7f00000001c0)={{0x3, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, 0x5}, [@rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x1}, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @default, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x1}, @bcast]}, 0x48)
landlock_restrict_self(r0, 0x0)

9.84815757s ago: executing program 7 (id=1068):
sendmsg$nl_xfrm(0xffffffffffffffff, 0x0, 0x20000140)
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r0}, 0x10)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x102}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs={0x0, 0x0, 0xfffffffe}, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
r4 = socket$inet6(0xa, 0x2, 0x3a)
connect$inet6(r4, 0x0, 0x0)
setsockopt$inet6_int(r4, 0x29, 0x3e, 0x0, 0x0)
r5 = syz_open_dev$mouse(&(0x7f00000000c0), 0x0, 0x2042)
io_setup(0x9, &(0x7f0000000b80)=<r6=>0x0)
io_submit(r6, 0x1, &(0x7f00000002c0)=[&(0x7f0000000180)={0x0, 0x0, 0x0, 0x5, 0x0, r5, 0x0, 0x0, 0x0, 0x0, 0x0, r5}])

9.780285644s ago: executing program 0 (id=1069):
syz_mount_image$vfat(&(0x7f0000000300), &(0x7f0000000140)='./file0\x00', 0x81c04a, &(0x7f00000003c0)=ANY=[@ANYBLOB="73686f72746e616d653d6d697865642c696f636861727365743d69736f383835392d312c666d61736b3d30303030303030303030303030303030303030303036362c6e6f6e756d7461696c3d302c756e695f786c6174653d302c666d61736b3d30303030303030303030303030303030303030303030332c73686f72746e616d653d6c6f7765722c756e695f786c6174653d302c757466383d312c636865636b3d7374726963742c757466383d302c756e695f786c6174653d312c756e695f786c6174653d302c666c7573682c757466383d302c726f6469722c747a3d5554432c00e696e27e745267d0e7f7d60cf64c4d116172285e0a94b37c3f04b4e454913b1615b6c103a4be033c3f79c81a7a0dc9f3282eb2b984b8df829f11f7b15ceaa2ddb341548691e92d41d923144fa5f6aa8b37c7698e74a04d87cb16f3c338160646d1719f9aa1097cb78032fa4c9c60c14840662537510c0ac9f95a646f5231c0c9eb096b898803099b3050797137354ed2fb2a3dd97ad790f0758b4561eb7180b4b366c9ac840ca3d57727827ab961af0bb24ac6b14796d3bedfa4addb1c2f59217a563ca0a3729d45669905a6f0f3dbf3fd22ab36dfe7cf80913ecb4656ca"], 0x6, 0x2d9, &(0x7f0000000580)="$eJzs3b+LHHUUAPA3e7M//AG7hZUIDmhhFXJpbTZIAuJVhi3UQg+TgNwuQgIHijimEjv/Af8CQfB/sLWxsxT8AywjBEZmdmZ3Nju7uYh7ovl8mrzM9735vtkZ7uaKe/fRK4uz21ncffDFbzEaJdGbxjQeJjGJXjS+ig3TbwMA+C97WBTxR7HUsfzrNzvqkogYHbg3AOAwnvD9v5auwx8vpS0A4IBuvff+O9dPTm68m2WjuLn4+nxW/mRf/rtcv343Pol53ImrMY5HEdWLQj+qt4UyvFkURZ5mpUm8vsjPZ2Xl4sOf6/P/9GIdHMc4JlW0etuo6t8+uXGcLbXq87KP5+v9p+X+12IcL62KN+qvddTHbBBvvNbq/0qM45eP49OYx+2qiXX9l8dZ9lb5ivNB2V5Zn+Tns2GVt1YcNZvnl3h/AAAAAAAAAAAAAAAAAAAAAAD4f7pSz84ZRjW/pzxUz985elT+px9ZY7I5n2dZnzQnas8HKooiL+K7Zr7O1SzLijpxXZ/Gy2l7sCAAAAAAAAAAAAAAAAAAAAA8u+5/9vnZ6Xx+515nUIx3LnUGzTSANCL+vBVxsartYNo68mrsTx7We57O57063MxJ20fiqMlJIva2EelqmMHfvIoLB89t9VwH3//QVTXYvHFptHJGT960373XPxk0T9fZaRKdOcNVz6PlQ1INgljnDKKrqhki0bpxg11tFPE0j9+gc2m8r6rsZfs8L1RBvuOTL4NI9jX25u/LK6yPJI9fxaD6VDvL+3UQXY1Vz0b3vXgsiNGyfPtrRWJaBwAAAAAAAAAAAAAAAAAAHNT6t387Fh/sLe0Vw4O1BQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACXav33/58iyOviCyQP4t79f/kSAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAeAb8FQAA//9LTF1m")
r0 = open(&(0x7f0000000240)='./file1\x00', 0x14d142, 0x0)
ftruncate(r0, 0x2007ffc)

8.634108672s ago: executing program 0 (id=1071):
socket$nl_route(0x10, 0x3, 0x0)
socket$netlink(0x10, 0x3, 0x0)
socket(0x10, 0x3, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
socket$inet_tcp(0x2, 0x1, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="04000000040000000400000005"], 0x48)
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000180)={'syz_tun\x00', <r1=>0x0})
r2 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x48)
r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x6, 0x10, &(0x7f0000000280)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b702000002000000850000008600000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bca2000000000000a6020000f8ffffffb703000008000000b704000000000000850000003300000095"], &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @xdp, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000180)='memory.events\x00', 0x26e1, 0x0)
socket$inet(0xa, 0x801, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
socket$vsock_stream(0x28, 0x1, 0x0)
socket$vsock_stream(0x28, 0x1, 0x0)
syz_init_net_socket$bt_rfcomm(0x1f, 0x1, 0x3)
socket$inet(0xa, 0x801, 0x0)
socket$vsock_stream(0x28, 0x1, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000040))
r4 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000580)='memory.events\x00', 0x100002, 0x0)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000400)={{}, &(0x7f0000000240), &(0x7f00000003c0)=r4}, 0x20)
bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f0000000000)={r3, r1, 0x25, 0x2, @void}, 0x10)
syz_emit_ethernet(0x4a, &(0x7f00000003c0)={@local, @empty, @void, {@ipv6={0x86dd, @tcp={0x0, 0x6, "0a8435", 0x14, 0x2f, 0x0, @remote, @local, {[], {{0x0, 0x22eb, 0x41424344, 0x41424344, 0x0, 0x0, 0x5}}}}}}}, 0x0)

8.363586774s ago: executing program 5 (id=1072):
openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x143042, 0x0)
r0 = openat$fuse(0xffffffffffffff9c, &(0x7f00000001c0), 0x2, 0x0)
mount$fuse(0x0, &(0x7f0000000100)='./file1\x00', &(0x7f0000000140), 0x2, &(0x7f0000002400)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r0, @ANYBLOB=',rootmode=00000000000', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESHEX=0x0])
read$FUSE(r0, &(0x7f0000002480)={0x2020, 0x0, <r1=>0x0}, 0x2020)
open(&(0x7f00000000c0)='./file1\x00', 0x0, 0x0)
write$FUSE_INIT(r0, &(0x7f0000002300)={0x50, 0x0, r1, {0x7, 0x9, 0x0, 0x21831002, 0x0, 0xfffe, 0x0, 0x0, 0x0, 0x0, 0x20}}, 0x50)
read$FUSE(r0, &(0x7f0000004580)={0x2020, 0x0, <r2=>0x0}, 0x2020)
write$FUSE_INTERRUPT(r0, &(0x7f0000002240)={0x10, 0xffffffffffffffda, r2}, 0x10)
r3 = openat$ubi_ctrl(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
dup3(r3, r0, 0x0)
r4 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x18d042, 0x140)
mmap$IORING_OFF_SQ_RING(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x6, 0x11, r4, 0x0)
mmap$IORING_OFF_SQ_RING(&(0x7f0000000000/0x1000)=nil, 0x1000, 0x0, 0x12, r4, 0x0)

8.251312799s ago: executing program 7 (id=1073):
sendmsg$nl_xfrm(0xffffffffffffffff, 0x0, 0x20000140)
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r0}, 0x10)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x102}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs={0x0, 0x0, 0xfffffffe}, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
r4 = socket$inet6(0xa, 0x2, 0x3a)
connect$inet6(r4, 0x0, 0x0)
setsockopt$inet6_int(r4, 0x29, 0x3e, 0x0, 0x0)
sendto$inet6(r4, &(0x7f0000000080), 0x0, 0x0, 0x0, 0x0)
syz_io_uring_setup(0x6de4, &(0x7f0000000180)={0x0, 0x113a, 0x2, 0x2}, &(0x7f00000000c0), &(0x7f0000000000))
bpf$MAP_CREATE(0x0, &(0x7f0000000840)=ANY=[@ANYBLOB="05000000050000000100000004"], 0x48)
r5 = syz_open_dev$mouse(&(0x7f00000000c0), 0x0, 0x2042)
io_setup(0x9, &(0x7f0000000b80)=<r6=>0x0)
io_submit(r6, 0x1, &(0x7f00000002c0)=[&(0x7f0000000180)={0x0, 0x0, 0x0, 0x5, 0x0, r5, 0x0, 0x0, 0x0, 0x0, 0x0, r5}])

8.180113841s ago: executing program 3 (id=1074):
mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x7, 0x100010, 0xffffffffffffffff, 0x0)
mkdir(0x0, 0x0)
r0 = syz_open_procfs(0x0, 0x0)
mknodat(0xffffffffffffff9c, 0x0, 0x1000, 0x103)
r1 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000140), 0x2, 0x0)
ioctl$sock_ipv6_tunnel_SIOCADDTUNNEL(r0, 0x89f1, 0x0)
write$RDMA_USER_CM_CMD_RESOLVE_ROUTE(r1, 0x0, 0x0)
openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x801, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x5)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000480), 0x129540, 0x0)
r2 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r2, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
syz_init_net_socket$nfc_llcp(0x27, 0x3, 0x1)
r3 = openat$userio(0xffffffffffffff9c, &(0x7f0000000080), 0x2a242, 0x0)
write$USERIO_CMD_SET_PORT_TYPE(r3, &(0x7f00000002c0)={0x1, 0x5}, 0x2)
write$USERIO_CMD_REGISTER(r3, &(0x7f00000000c0), 0x2)
write$USERIO_CMD_SEND_INTERRUPT(r3, &(0x7f0000000440)={0x2, 0xfa}, 0x2)
write$USERIO_CMD_SEND_INTERRUPT(r3, &(0x7f0000000100)={0x2, 0xda}, 0x2)

8.064572847s ago: executing program 0 (id=1075):
syz_mount_image$exfat(&(0x7f00000005c0), &(0x7f0000000240)='./file0\x00', 0x3000050, &(0x7f0000000600)=ANY=[], 0x2, 0x14fe, &(0x7f0000008900)="$eJzs3Au0ztXWMPA511p/NklPkvuaa/55kssiSXJJSCRJkiS5JSRJkoTEJrckJCH3JPeQ3GIn9/st9yQ5kiQJCUnWN3Q6n/e8nfftnO+c7/V9Z8/fGGvsNff/mfNZa889nv9ljL2/7Ti4av1qlesyM/xT8M9fUgEgBQD6AcA1ABABQKlspbIBDoNMGlP/uTcR/1oPTbvSKxBXkvQ/fZP+p2/S//RN+p++Sf/TN+l/+ib9T9+k/0KkZ1un575WRvod/3PP/0Ge//8/R87//0YOFxvz5fpi13f6B1Kk/+mb9D99k/6nb9L/9E36n75J///NRQCV/pvD0v/0TfovRHp2pZ8/y7iy40r//gkhhBBCCCGEEEIIIYQQQgghhBBCCCGEEEIIIYQQQgghhBBCCCGEEEIIIYQQQgghhBBCCCGEEEIIIYQQQgghhBBCCCGEEEIIIYQQQgghhBBCCCGEEEIIIYQQQgghhBBCCCGEEEIIIYQQQgghhBBCCCGEEEIIIYQQQgghhBBCCCGESB/OhcsMAPxlfqXXJYQQQgghhBBCiH+dkPFKr0AIIYQQQgghhBD/9yEo0GAgggyQEVIgE2SGqyALXA1Z4RpIwLWQDa6D7HA95ICckAtyQx7IC/nAAoEDhhjyQwFIwg1QEG6EQlAYikBR8FAMisNNUAJuhpJwC5SCW6E03AZloCyUg/JwO1SAO6AiVILKcCdUgbugKlSDu6E63AM14F6oCfdBLbgfasMDUAcehLrwENSDh6E+PAIN4FFoCI2gMTSBpv9H+S9CV3gJukF3SIUe0BNehl7QG/pAX+gHr0B/eBUGwGswEAbBYHgdhsAbMBTehGEwHEbAWzASRsFoGANjYRyMh7dhArwDE+FdmASTYQpMhWkwHWbAezATZsFseB/mwAcwF+bBfFgAC+FDWASLIQ0+giXwMSyFZbAcVsBKWAWrYQ2shXWwHjbARtgEm2ELbIVPYBtshx2wE3bBbtgDn8Je+Az2weewH774B/PP/qf8TggIqFChQYMZMAOmYApmxsyYBbNgVsyKCUxgNsyG2TE75sAcmAtzYR7Mg/kwHxISMjLmx/yYxCQWxIJYCAthESyCHj0Wx+JYAm/GklgSS2EpLI2lsQyWxbJYHstjBayAFbEiVsbKWAWrYFWsinfj3XgP1sAaWBNrYi2shbWxNtbBOlgX62I9rIf1sT42wAbYEBtiY2yMTbEpNsNm2BybY0tsia2wFbbG1tgG22BbbIvtsB22x/bYATtgR+yInbAzdsYX8UV8CV/C7lhF9cCe2BN7YS/sg32xL76C/fFVfBVfw4E4CAfj6/g6voFD8QwOw+E4AkdgBTUKR+MYZDUOx+N4nIATcCJOxEk4GSfjVJyG03EGzsCZOAtn4fs4Bz/AD3AezsMFuBAX4iJcjGmYhkvwLC7FZbgcV+BKXIUrcQ2uxTW4HjfgetyEm3ALbsFP8BPcjttxJ+7E3bgbP8VP8TP8DAfiftyPB/AAHsSDeAgP4WE8jEfwCB7Fo3gMj+FxPI4n8CSewpN4Gk/jGTyL5/AcnsfzeAGfz/N1vd2F1w0EdYlRRmVQGVSKSlGZVWaVRWVRWVVWlVAJlU1lU9lVdpVD5VC5VC6VR+VR+VQ+RYoUq1jlV/lVUiVVQVVQFVKFVBFVRHnlVXFVXJVQJVRJVVKVUreq0uo2VUaVVS18eVVeVVAtfUVVSVVWlVUVdZeqqqqpaqq6qq5qqBqqpqqpaqlaqrZ6QNVRPbAPPqQudaa+GoQN1GBsqBqpxqqJegMfU83UUGyuWqiW6gk1HIdha9XMt1FPq7ZqNLZTz6ox+JzqoMZhR/WC6qQ6qy7qRdVVNffdMvz2EaimYi/VW/VRfdVMvEtd6lhV9ZoaqAapwep1tQDfUEPVm2qYGq5GqLfUSDVKjVZj1Fg1To1Xb6sJ6h01Ub2rJqnJaoqaqqap6WqGek/NVLPUbPW+mqM+UHPVPDVfLVAL1YdqkVqs0tRHaon6WC1Vy9RytUKtVKvUarVGrVXr1Hq1QW1Um9RmtUVtVZ+obWq72qF2ql1qt9qjPlV71Wdqn/pc7VdfqAPqT+qg+lIdUl+pw+prdUR9o46qb9Ux9Z06rr5XJ9RJdUr9oE6rH9UZdVadUz+p8+pndUH9oi6qoECjVlproyOdQWfUKTqTzqyv0ln01TqrvkYn9LU6m75OZ9fX6xw6p86lc+s8Oq/Op60m7TTrWOfXBXRS36AL6ht1IV1YF9FFtdfFdHF9ky6hb9Yl9S26lL5Vl9a36TK6rC6ny+vbdQV9h66oK+nK+k5dRd+lq+pq+m5dXd+ja+h7dU19n66l79e19QO6jn5Q19UP6Xr6YV1fP6Ib6Ed1Q91IN9ZNdFP9mG6mH9fNdQvdUj+hW+kndWv9lG6jn9Zt9TO6nX5Wt9fP6Q76ed1Rv6A76c66i/5FX9RBd9PddaruoXvql3Uv3Vv30X11P/2K7q9f1QP0a3qgHqQH69f1EP2GHqrf1MP0cD1Cv6VH6lF6tB6jx+pxerx+W0/Q7+iJ+l09SU/WU/RUPU1P131+qzT778h/52/kD/j13bforfoTvU1v1zv0Tr1L79Z79B69V+/V+/Q+vV/v1wf0AX1QH9SH9CF9WB/WR/QRfVQf1cf0MX1cH9cn9En9k/5Bn9Y/6jP6rD6rf9Ln9Xl94befARg0ymhjTGQymIwmxWQymc1VJou52mQ115iEudZkM9eZ7OZ6k8PkNLlMbpPH5DX5jDVknGETm/ymgEmaG0xBc6MpZAqbIqao8aaYKW5u+qfz/2h9TU1T08w0M81Nc9PStDStTCvT2rQ2bUwb09a0Ne1MO9PetDcdTAfT0XQ0nUwn08V0MV1NV9PNdDOpJtX0NC+bXqa36WP6mn7mFdPf9DcDzAAz0Aw0g81gM8QMMUPNUDPMDDMjzAgz0ow0o81oM9aMNePNeDPBTDATzUQzyUwyU8wUM81MMzPMDDPTzDSzzWwzx8wxc81cM9/MNwvNQrPILDJpJs0sMUvMUrPMLDMrzAqzyqwya8was86sMxvMBrPJbDJLzVaz1Wwz28wOs8PsMrvMHrPH7DV7zT6zz+w3+80Bc8AcNAfNIXPIHDaHzRFzxBw1R80xc8wcN8fNCXPCnDKnzGlz2pwxZ8w5c86cN+fNBXPBXDQXL132RSpSkYlMlCHKEKVEKVHmKHOUJcoSZY2yRokoEWWLskXZo+ujHFHOKFeUO8oT5Y1SwUYUuYijOMofFYiS0Q1RwejGqFBUOCoSFY18VCwqHt0UlYhujkpGt0Sloluj0tFtUZmobFQuKh/dHlWI7ogqRpWiytGdUZXorqhqVC26O6oe3RPViO6Nakb3RbWi+6Pa0QNRnejBqG70UFQvejiqHz0SNYgejRpGjaLGUZOo6b+0fghncj7uu9nuNtX2sD3ty7aX7W372L62n33F9rev2gH2NTvQDrKD7et2iH3DDrVv2mF2uB1h37Ij7Sg72o6xY+04O96+bSfYd+xE+66dZCfbKXaqnWan2xn2PTvTzrKz7ft2jv3AzrXz7Hy7wC60H9pFdrFNsx/ZJfZju9Qus8vtCrvSrrKr7Rq71q6z6+0Gu9FuspvtFrvVfmK32e12h91pd9nddo/91O61n9l99nO7335hD9g/2YP2S3vIfmUP26/tEfuNPWq/tcfsd/a4/d6esCftKfuDPW1/tGfsWXvO/mTP25/tBfuLvWjDpYv7S6d3MmQoA2WgFEqhzJSZslAWykpZKUEJykbZKDtlpxyUg3JRLspDeSgf5aNLmJjyU35KUpIKUkEqRIWoCBUhT56KU3EqQSWoJJWkUlSKSlNpKkNlqByVo9vpdrqD7qBKVInupDvpLrqLqlE1qk7VqQbVoJpUk2pRLapNtakO1aG6VJfqUT2qT/WpATWghtSQGlNjakpNqRk1o+bUnFpSS2pFrag1taY21IbaUltqR+2oPbWnDtSBOlJH6kSdqAt1oa7UlbpRN0qlVOpJPakX9aI+1If6UT/qT/1pAA2ggTSQBtNgGkJDaCgNpWE0nEbQWzSSRtFoGkNjaRyNp/E0gSbQRJpIk2gSTaEpNI2m0QyaQTNpJs2m2TSH5tBcmkvzaT4tpIW0iBZRGqXRElpCS2kpLafltJJW0mpaTWtpLa2n9bSRNtJm2kxbaStto220g3bQLtpFe2gP7aW9tI/20X7aTwfoAB2kg3SIDtFhOkxH6AgdpaN0jI7RcTpOJ+gEnaJTdJpO0xk6Q+foHJ2nn+kC/UIXKVCKU5DZXeWyuKtdVneNS3GZ3KU4AoBLcS6X2+VxeV0+Z10Ol/OvYnLOFXKFXRFX1HlXzBV3N/0uLuPKunKuvLvdVXB3uIq/i6u7e1wNd6+r6e5z1dzdfxXXcve72u4RV8c96uq6Rq6ea+Lqu0dcA/eoa+gaucauiWvlnnSt3VOujXvatXXP/C5e5Ba7tW6dW+82uL3uM3fO/eSOum/defez6+a6u37uFdffveoGuNfcQDfod/EI95Yb6Ua50W6MG+vG/S6e4qa6aW66m+HeczPdrN/FC92Hbo5Lc3PdPDffLfg1vrSmNPeRW+I+dkvdMrfcrXAr3Sq32q3532td4Ta5zW6L2+M+ddvcdrfD7XS73O5f40v72Oc+d/vdF+6I+8YddF+6Q+6YO+y+/jW+tL9j7jt33H3vTriT7pT7wZ12P7oz7uyv+7+09x/cL+6iCw4YWbFmwxFn4Iycwpk4M1/FWfhqzsrXcIKv5Wx8HWfn6zkH5+RcnJvzcF7Ox5aJHTPHnJ8LcJJv4IJ8IxfiwlyEi7LnYlycb+ISfDOX5Fu4FN/Kpfk2LsNluRyX59u5At/BFbkSV+Y7uUoIXJWr8d1cne/hGnwv1+T7uBbfz7X5Aa7DD3Jdfojr8cNcnx/hBvwoN+RG3JibcFN+jJvx49ycW3BLfoJb8ZPcmp/iNvw0t+VnuB0/y+35Oe7Az3NHfoE7cWfuwi9yV36Ju3F3TuUe3JNf5l7cm/twX+7Hr3B/fpUH8Gs8kAfxYH6dh/AbPJTf5GE8nEfwWzySR/FoHsNjeRyP57d5Ar/DE/ldnsSTeQpP5Wk8nWfwezyTZ/Fsfp/n8Ac8l+fxfF7AC/lDXsSLOY0/4iX8MS/lZbycV/BKXsWreQ2v5XW8njfwRt7Em3kLb+VPeBtv5x28k3fxbt7Dn/Je/oz38ee8n7/gA/wnPshf8iH+ig/z13yEv+Gj/C0f4+/4OH/PJ/gkn+If+DT/yGf4LJ/jn/g8/8wX+Be+yIEhxljFOjZxFGeIM8YpcaY4c3xVnCW+Os4aXxMn4mvjbPF1cfb4+jhHnDPOFeeO88R543yxjSl2McdxnD8uECfjG+KC8Y1xobhwXCQuGvu4WFw8vikuEd8cl4xviUvFt8al49viMnHZ+JH7yse3xxXiO+KKcaW4cnxnXCW+K64aV4vvjqvH98Q14nvjmvF9ccn4/rh2/EBcJ34wrhs/FNeLH47rx4/EDeJH44Zxo7hx3CRuGj8WN4sfj5vHLeKW8RNxq/jJuHX8VNwmfjpuGz/zh8dT4x5xz/jl+OU4hHv1/OSC5MLkh8lFycXJtORHySXJj5NLk8uSy5MrkiuTq5Krk2uSa5PrkuuTG5Ibk5uSm5NbkiFUywgevfLaGx/5DD6jT/GZfGZ/lc/ir/ZZ/TU+4a/12fx1Pru/3ufwOX0un9vn8Xl9Pm89eefZxz6/L+CT/gZf0N/oC/nCvogv6r0v5ov7Jr6pb+qb+cd9c9/Ct/RP+Cf8k/5J/5R/yj/t2/pnfDv/rG/vn/Md/PP+ef+C7+Q7+y7+Rd/Vv+S7+e4+1af6nr6n7+V7+T6+j+/n+/n+vr8f4Af4gX6gH+wH+yF+iB/qh/phfpgf4Uf4kX6kH+1H+7F+rB/vx/sJfoKf6Cf6SX6Sn+Kn+Gl+mp/hZ/iZfqaf7Wf7OYXm+Ll+rp/v5/uFfqFf5Bf5NJ/ml/glfqlf6pf75X6lX+lX+9V+rV/r1/v1fqPf6Df7zX6r3+q3+W1+h9/hd/ldfo/f4/f6vX6f3+f3+/3+gD/gD/qD/pD/yh/2X/sj/ht/1H/rj/nv/HH/vT/hT/pT/gd/2v/oz/iz/pz/yZ/3P/sL/hd/0Qc/PvF2YkLincTExLuJSYnJiSmJqYlpiemJGYn3EjMTsxKzE+8n5iQ+SMxNzEvMTyxILEx8mFiUWJxIS3yUWJL4OLE0sSyxPLEisTKxKhFC3m1xyB8KhGS4IRQMN4ZCoXAoEooGH4qF4uGmUCLcHEqGW0KpcGsoHW4LZULZUC48GhqGRqFxaBKahsdCs/B4aB5ahJbhidAqPBlah6dCm/B0aBueCe3Cs6F9eC50CM+HjuGF0Cl0Dl3Ci6FreCl0C91DaugReoaXQ6/QO/QJfUO/8EroH14NA8JrYWAYFAaH18OQ8EYYGt4Mw8LwMCK8FUaGUWF0GBPGhnFhfHg7TAjvhInh3TApTA5TwtQwLUwPM8J7YWaYFWaH98Oc8EGYG+aF+WFBWBg+DIvC4pAWPgpLwsdhaVgWlocVYWVYFVaHNWFtWBfWhw1hY9gUNoctYWv4JGwL28OOsDPsCrvDnvBp2Bs+C/vC52F/+CIcCH8KB8OX4VD4KhwOX4cj4ZtwNHwbjoXvwvHwfTgRToZT4YdwOvwYzoSz4Vz4KZwPP4cL4ZdwUf5mTQghhBDi76L/4HiPv/G9DACgfpv3BICrt+c+/J9rbszx53lvladVAgCe7t7xob+MKlVSU1N/e+1SDVGBeQCQ+Ov6f4mXQUt4EtpACyjxN9fXW3U+z39QP3krQOb/kJMCl+PL9W/+L+o/9sSIRaXjc9n+m/rzAAoVuJyTCS7Hl+uX/C/q52z2B+vP9OV4gOb/IScLXI4v1y8Oj8Mz0OavXimEEEIIIYQQQvxZb1Wu/R/dP1+6P89jLudkhMvxH92fCyGEEEIIIYQQ4sp7rnOXpx5r06ZF+79vgr89F/jHsmQiE5n8fza50p9MQgghhBBCiH+1yxf9V3olQgghhBBCCCGEEEIIIYQQQgghhBBCCCGEEEIIIYQQQgghhBBCCCFE+vU/8e/ErvQehRBCCCGEEEIIIYQQQgghhBBCCCGEEEIIIYQQQgghhBBCCCGEEEIIIYQQQgghhBBCiCvtfwUAAP//luw5aQ==")
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000300)={0x11, 0x5, &(0x7f00000002c0)=ANY=[@ANYBLOB="18050000000000fe000000004b64ffec850000007d000000040000000700000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000000)='sched_switch\x00', r3}, 0x18)
syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f0000000280)='./mnt\x00', 0x800810, &(0x7f0000000100)={[], [{@seclabel}]}, 0xff, 0x258, &(0x7f00000008c0)="$eJzs3T9oJFUcB/DvzO4ac7fIqY0g/gER0UA4O8HmbBQO5DhEBBVORLRQ7oTzDruLlY2F1iqpbILYGS0lTbBRBAuJmiI2ggZBg4UWK7OzkZhsjHHjjmQ+H5idmd335veGne/bbWY3QGudSnImSSfJXJJekmJngzvr5dRod3F29UIyGDz2UzFsV+/XtvudTLKQ5IEkK2WRF7vJ1eWnNn5de+SeN6707n5v+cnZqZ7kyObG+qNb7557/cOz91/9/MsfzhU5k/5fzuvoFWOe6xbJTf9Fsf+Jotv0CPgnzr/6wddV7m9Octcw/72Uqd+8Ny9ft9LLfe/s1/etH7+4dZpjBY7eYNCrPgMXBkDrlEn6Kcr5JPV2Wc7P19/hv+mcKF+6dPmVuecvXbn4XNMzFfA3fj5M436y/vDHMx+d3JX/7zt1/oHjq8r/4+eXvq22tzpNjwaYitvqVZX/uWeu3Rv5h9aRf2gv+Yf2kn9oL/mH9pJ/aC/5h/aSf2gv+YfjYdw9pgeRf2ivnfkHANplMNP0HchAU5qefwAAAAAAAAAAAAAAAAAAgL0WZ1cvbC+H6deboOanbyebDyXpjqvfGf4fcXL98PHEL0XV7E9F3W0iT98x4QH+ncHMaOP9hu++vuG7Zut/dnuz9a9dTBZeS3K62917/RWj628/X71w0PFvPOD13rOHGu7Edv9O4INPTLf+br8vNVv/7FrySTX/nB43/5S5ZbgeP//0J5z7Ki//NuEBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAmJo/AgAA//89XHCE")
connect$unix(r2, &(0x7f0000000800)=@file={0x1, './file0\x00'}, 0x6e)
bpf$PROG_LOAD(0x5, &(0x7f0000000740)={0x3, 0x14, 0x0, &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x2, '\x00', 0x0, @fallback=0x35, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, 0x0, 0x0)
r4 = socket$inet_udplite(0x2, 0x2, 0x88)
setsockopt$IPT_SO_SET_REPLACE(r4, 0x4000000000000, 0x40, 0x0, 0x0)

7.811931897s ago: executing program 5 (id=1076):
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
sched_setscheduler(0x0, 0x1, 0x0)
r0 = gettid()
timer_create(0x0, &(0x7f0000000000)={0x0, 0x21, 0x800000000004, @tid=r0}, &(0x7f0000bbdffc))
timer_settime(0x0, 0x0, &(0x7f0000000340)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0)
r1 = socket$tipc(0x1e, 0x5, 0x0)
listen(r1, 0x0)
recvmmsg(r1, &(0x7f0000005480)=[{{0x0, 0x0, &(0x7f0000000740)=[{&(0x7f0000000340)=""/247, 0xf7}], 0x1}, 0x4}], 0x1, 0x2000, 0x0)

6.320039761s ago: executing program 7 (id=1077):
socketpair$unix(0x1, 0x2, 0x0, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
connect$unix(0xffffffffffffffff, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(0xffffffffffffffff, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
r1 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x6, &(0x7f0000000400)={0x1, &(0x7f0000000200)=[{0x6, 0x0, 0x0, 0x7fffffff}]})
r2 = openat$dma_heap(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$DMA_HEAP_IOCTL_ALLOC(r2, 0xc0184800, &(0x7f0000000100)={0x4, <r3=>r1})
r4 = syz_open_dev$dri(&(0x7f0000000040), 0x1ff, 0x80000)
ioctl$DRM_IOCTL_PRIME_FD_TO_HANDLE(r4, 0xc00c642e, &(0x7f00000000c0)={0x0, 0x0, r3})

6.205895105s ago: executing program 0 (id=1078):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000040)=0x8)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, 0x0, 0x0, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000080)='sched_switch\x00'}, 0x10)
creat(&(0x7f0000000040)='./file0\x00', 0x60)
r3 = openat$fuse(0xffffffffffffff9c, &(0x7f0000002040), 0x2, 0x0)
mount$fuse(0x0, &(0x7f0000002080)='./file0\x00', &(0x7f00000020c0), 0x0, &(0x7f0000000340)={{'fd', 0x3d, r3}, 0x2c, {'rootmode', 0x3d, 0x8000}})

6.015683704s ago: executing program 5 (id=1079):
getpid()
clock_gettime(0xfffffff5, 0x0)
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000240)={0x11, 0x4, &(0x7f0000000200)=ANY=[@ANYBLOB="18000000000004000000000000000000850000002300000095"], &(0x7f0000000180)='GPL\x00', 0x4, 0x8f, &(0x7f00000002c0)=""/143}, 0x3c)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000380)='sched_switch\x00', r0}, 0x10)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r1 = getpid()
sched_setattr(r1, &(0x7f0000000000)={0x38, 0x5, 0x8, 0x4, 0x0, 0x40, 0x4, 0x7fff, 0x36, 0x8}, 0x0)
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
madvise(&(0x7f0000000000/0x3000)=nil, 0x7fffffffffffffff, 0x3)
syz_open_dev$usbmon(&(0x7f0000000140), 0x0, 0x2000)

5.698229177s ago: executing program 7 (id=1080):
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x2})
r1 = openat$tun(0xffffffffffffff9c, &(0x7f00000001c0), 0x102, 0x0)
close(r1)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$tipc(&(0x7f00000000c0), r2)
sendmsg$TIPC_CMD_ENABLE_BEARER(r2, 0x0, 0x0)
ioctl$SIOCSIFHWADDR(r1, 0x8914, &(0x7f0000002280)={'syzkaller0\x00', @multicast})
r3 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x100, 0x0)
close(r3)
r4 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r5=>0x0})
r6 = socket$unix(0x1, 0x5, 0x0)
r7 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r6, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r8=>0x0})
sendmsg$nl_route_sched(r7, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000740)=@newqdisc={0x68, 0x24, 0x4ee4e6a52ff56541, 0x0, 0x0, {0x0, 0x0, 0x0, r8, {0x0, 0xb}, {0xffff, 0xffff}, {0x0, 0xfff1}}, [@qdisc_kind_options=@q_tbf={{0x8}, {0x3c, 0x2, [@TCA_TBF_PBURST={0x8, 0x7, 0xb86}, @TCA_TBF_PARMS={0x28, 0x1, {{0xa, 0x2, 0xffff, 0x7, 0xcc, 0x3}, {0x0, 0x1, 0x7, 0x8, 0x7f, 0x9}, 0x1, 0x7, 0x1bb6}}, @TCA_TBF_BURST={0x8, 0x6, 0x7f}]}}]}, 0x68}, 0x1, 0x0, 0x0, 0x20000001}, 0x0)
r9 = socket(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r9, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000300)=@newqdisc={0x2c, 0x24, 0x4ee4e6a52ff56541, 0x70b923, 0x80000, {0x0, 0x0, 0x0, r5, {}, {0xb, 0xb}, {0xa, 0xb}}, [@qdisc_kind_options=@q_qfg={0x8}]}, 0x2c}, 0x1, 0x0, 0x0, 0x2001c061}, 0x4008000)
ioctl$SIOCSIFHWADDR(r3, 0x8922, &(0x7f0000002280)={'syzkaller0\x00', @random="2b0100004ec6"})

4.810251705s ago: executing program 5 (id=1081):
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)
pipe2$9p(&(0x7f0000000000)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r1, &(0x7f0000000040)={0x15, 0x65, 0xffff, 0x1000, 0x8, '9P2000.u'}, 0x15)
r2 = dup(r1)
write$FUSE_BMAP(r2, &(0x7f0000000100)={0x18, 0x0, 0x0, {0x2}}, 0x18)
write$FUSE_INIT(r2, &(0x7f0000000280)={0x50, 0x0, 0x0, {0x7, 0x21, 0x0, 0x0, 0xfff9, 0x1000, 0x0, 0x7, 0x0, 0x0, 0x20, 0x8}}, 0x50)
mount$9p_fd(0x0, &(0x7f0000000180)='./file0\x00', &(0x7f00000000c0), 0xc00, &(0x7f00000001c0)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r2}, 0x2c, {[{@access_any}], [], 0x6b}})
read$FUSE(r0, &(0x7f0000000740)={0x2020}, 0x2020)
chdir(&(0x7f0000000240)='./file0\x00')
r3 = socket$unix(0x1, 0x2, 0x0)
bind$unix(r3, &(0x7f0000000080)=@file={0x1, './file0\x00'}, 0x6e)

4.792410256s ago: executing program 8 (id=1082):
sendmsg$nl_xfrm(0xffffffffffffffff, 0x0, 0x20000140)
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r0}, 0x10)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x102}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200))
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
r2 = socket$inet6(0xa, 0x2, 0x3a)
setsockopt$inet6_int(r2, 0x29, 0x3e, 0x0, 0x0)
sendto$inet6(r2, &(0x7f0000000080), 0x0, 0x0, 0x0, 0x0)

4.789246626s ago: executing program 3 (id=1083):
sendmsg$nl_xfrm(0xffffffffffffffff, 0x0, 0x20000140)
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r0}, 0x10)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x102}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs={0x0, 0x0, 0xfffffffe}, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
r4 = socket$inet6(0xa, 0x2, 0x3a)
connect$inet6(r4, 0x0, 0x0)
setsockopt$inet6_int(r4, 0x29, 0x3e, 0x0, 0x0)
r5 = syz_open_dev$mouse(&(0x7f00000000c0), 0x0, 0x2042)
io_setup(0x9, &(0x7f0000000b80)=<r6=>0x0)
io_submit(r6, 0x1, &(0x7f00000002c0)=[&(0x7f0000000180)={0x0, 0x0, 0x0, 0x5, 0x0, r5, 0x0, 0x0, 0x0, 0x0, 0x0, r5}])

4.585853594s ago: executing program 5 (id=1084):
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x7, 0x100}, 0x0)
r0 = getpid()
sched_setscheduler(r0, 0x1, &(0x7f0000000200)=0x7)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
r3 = syz_io_uring_setup(0x7b, &(0x7f0000000540)={0x0, 0x3bca, 0x10100, 0x0, 0x313}, &(0x7f00000005c0)=<r4=>0x0, &(0x7f0000000100)=<r5=>0x0)
syz_io_uring_submit(r4, r5, &(0x7f0000000600)=@IORING_OP_RECVMSG={0xa, 0x50, 0x0, 0xffffffffffffffff, 0x0, &(0x7f00000001c0)={0x0, 0x0, 0x0}, 0x0, 0x40000103, 0x0, {0x4}})
io_uring_enter(r3, 0x46f3, 0x0, 0x0, 0x0, 0x0)
openat$sysctl(0xffffffffffffff9c, 0x0, 0x1, 0x0)
write(0xffffffffffffffff, &(0x7f0000000200)='~', 0x1)
r6 = syz_open_dev$dri(&(0x7f0000000300), 0x40100001, 0x189002)
ioctl$DRM_IOCTL_SET_CLIENT_CAP(r6, 0x4010640d, &(0x7f0000000000)={0x3, 0x2})
ioctl$DRM_IOCTL_MODE_GETPLANERESOURCES(r6, 0xc01064b5, &(0x7f0000000140)={&(0x7f0000000100)=[<r7=>0x0], 0x1})
ioctl$DRM_IOCTL_MODE_GETPLANE(0xffffffffffffffff, 0xc02064b6, &(0x7f00000002c0)={r7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
ioctl$DRM_IOCTL_MODE_GETRESOURCES(r6, 0xc04064a0, &(0x7f00000006c0)={0x0, 0x0, 0x0, 0x0})
r8 = socket$inet_udp(0x2, 0x2, 0x0)
sendto$inet(r8, &(0x7f0000000000)="170cf31f8e85bcdbb6ad484c26dfa6be3180020cc3ad083eb719a8495180e3411bca5a3904d99c037e2d8e3c1c72fa92fbc31f328a0634a228ba73fca36ab95455c2429a396c437ae822453d5dbfd246cfc6e49f4b77fbb58e3e23beae7970b5bdb6c5d6a4b76a6e910402706986d2c4da7f3cab1ec82c46628456875bad37ebb5c0bef76aeae81b5489235cc4a3533c44fae97f864aa56771761bf7b68f404289dfd955fc20d7c7eb05951df334942d46ba78c78f3c72a7e827134798ba9e611ff2de814c88b7ee20d6163a99b26f4756f5ed20986bfe8de8c2292656a566df0117b53931975aaafdc88161f49d05ffbac6171e83421143f33f", 0xfa, 0x4000810, &(0x7f0000000100)={0x2, 0x4e21, @remote}, 0x10)
setsockopt$IPT_SO_SET_REPLACE(r8, 0x4000000000000, 0x40, &(0x7f00000019c0)=@raw={'raw\x00', 0x4001, 0x3, 0xa38, 0x0, 0xb, 0x148, 0x0, 0x148, 0x9a0, 0x240, 0x240, 0x9a0, 0x215, 0x3, 0x0, {[{{@ip={@local, @local, 0x0, 0x0, 'ip6gretap0\x00', 'veth0\x00', {}, {}, 0x11}, 0x2e8, 0x880, 0x8e8, 0x0, {0xff0f000000000000}, [@common=@inet=@udp={{0x30}}, @common=@unspec=@u32={{0x7e0}, {[], 0x1}}]}, @unspec=@CT2={0x68, 'CT\x00', 0x2, {0x0, 0x0, 0x0, 0x0, 'netbios-ns\x00', 'syz1\x00'}}}, {{@ip={@broadcast, @broadcast, 0x0, 0x0, 'team0\x00', 'netpci0\x00'}, 0xec010000, 0x98, 0xb8, 0x0, {}, [@inet=@rpfilter={{0x28}}]}, @unspec=@NOTRACK={0x20}}], {{'\x00', 0x0, 0x70, 0x98}, {0x28}}}}, 0xa98)
setsockopt$sock_int(r8, 0x1, 0xa, &(0x7f0000000140)=0x3, 0x4)

3.871834425s ago: executing program 8 (id=1085):
socket$nl_route(0x10, 0x3, 0x0)
socket$netlink(0x10, 0x3, 0x0)
socket(0x10, 0x3, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
socket$inet_tcp(0x2, 0x1, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="04000000040000000400000005"], 0x48)
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000180)={'syz_tun\x00', <r1=>0x0})
r2 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x48)
r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x6, 0x10, &(0x7f0000000280)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b702000002000000850000008600000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bca2000000000000a6020000f8ffffffb703000008000000b704000000000000850000003300000095"], &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @xdp, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000180)='memory.events\x00', 0x26e1, 0x0)
socket$inet(0xa, 0x801, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
socket$vsock_stream(0x28, 0x1, 0x0)
socket$vsock_stream(0x28, 0x1, 0x0)
syz_init_net_socket$bt_rfcomm(0x1f, 0x1, 0x3)
socket$inet(0xa, 0x801, 0x0)
socket$vsock_stream(0x28, 0x1, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000040))
r4 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000580)='memory.events\x00', 0x100002, 0x0)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000400)={{}, &(0x7f0000000240), &(0x7f00000003c0)=r4}, 0x20)
bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f0000000000)={r3, r1, 0x25, 0x2, @void}, 0x10)
syz_emit_ethernet(0x4a, &(0x7f00000003c0)={@local, @empty, @void, {@ipv6={0x86dd, @tcp={0x0, 0x6, "0a8435", 0x14, 0x2f, 0x0, @remote, @local, {[], {{0x0, 0x22eb, 0x41424344, 0x41424344, 0x0, 0x0, 0x5}}}}}}}, 0x0)

3.52777145s ago: executing program 8 (id=1086):
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x7, 0x100}, 0x0)
r0 = getpid()
sched_setscheduler(r0, 0x1, &(0x7f0000000200)=0x7)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
r3 = syz_io_uring_setup(0x7b, &(0x7f0000000540)={0x0, 0x3bca, 0x10100, 0x0, 0x313}, &(0x7f00000005c0), &(0x7f0000000100))
socketpair$tipc(0x1e, 0x5, 0x0, &(0x7f0000000040)={<r4=>0xffffffffffffffff})
io_uring_enter(r3, 0x46f3, 0x0, 0x0, 0x0, 0x0)
openat$sysctl(0xffffffffffffff9c, 0x0, 0x1, 0x0)
write(r4, &(0x7f0000000200)='~', 0x1)
r5 = syz_open_dev$dri(&(0x7f0000000300), 0x40100001, 0x189002)
ioctl$DRM_IOCTL_SET_CLIENT_CAP(r5, 0x4010640d, &(0x7f0000000000)={0x3, 0x2})
ioctl$DRM_IOCTL_MODE_GETPLANERESOURCES(r5, 0xc01064b5, &(0x7f0000000140)={&(0x7f0000000100)=[<r6=>0x0], 0x1})
ioctl$DRM_IOCTL_MODE_GETPLANE(0xffffffffffffffff, 0xc02064b6, &(0x7f00000002c0)={r6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
ioctl$DRM_IOCTL_MODE_GETRESOURCES(r5, 0xc04064a0, &(0x7f00000006c0)={0x0, 0x0, 0x0, 0x0})
r7 = socket$inet_udp(0x2, 0x2, 0x0)
sendto$inet(r7, &(0x7f0000000000)="170cf31f8e85bcdbb6ad484c26dfa6be3180020cc3ad083eb719a8495180e3411bca5a3904d99c037e2d8e3c1c72fa92fbc31f328a0634a228ba73fca36ab95455c2429a396c437ae822453d5dbfd246cfc6e49f4b77fbb58e3e23beae7970b5bdb6c5d6a4b76a6e910402706986d2c4da7f3cab1ec82c46628456875bad37ebb5c0bef76aeae81b5489235cc4a3533c44fae97f864aa56771761bf7b68f404289dfd955fc20d7c7eb05951df334942d46ba78c78f3c72a7e827134798ba9e611ff2de814c88b7ee20d6163a99b26f4756f5ed20986bfe8de8c2292656a566df0117b53931975aaafdc88161f49d05ffbac6171e83421143f33f", 0xfa, 0x4000810, &(0x7f0000000100)={0x2, 0x4e21, @remote}, 0x10)
setsockopt$IPT_SO_SET_REPLACE(r7, 0x4000000000000, 0x40, &(0x7f00000019c0)=@raw={'raw\x00', 0x4001, 0x3, 0xa38, 0x0, 0xb, 0x148, 0x0, 0x148, 0x9a0, 0x240, 0x240, 0x9a0, 0x215, 0x3, 0x0, {[{{@ip={@local, @local, 0x0, 0x0, 'ip6gretap0\x00', 'veth0\x00', {}, {}, 0x11}, 0x2e8, 0x880, 0x8e8, 0x0, {0xff0f000000000000}, [@common=@inet=@udp={{0x30}}, @common=@unspec=@u32={{0x7e0}, {[], 0x1}}]}, @unspec=@CT2={0x68, 'CT\x00', 0x2, {0x0, 0x0, 0x0, 0x0, 'netbios-ns\x00', 'syz1\x00'}}}, {{@ip={@broadcast, @broadcast, 0x0, 0x0, 'team0\x00', 'netpci0\x00'}, 0xec010000, 0x98, 0xb8, 0x0, {}, [@inet=@rpfilter={{0x28}}]}, @unspec=@NOTRACK={0x20}}], {{'\x00', 0x0, 0x70, 0x98}, {0x28}}}}, 0xa98)
setsockopt$sock_int(r7, 0x1, 0xa, &(0x7f0000000140)=0x3, 0x4)

3.336984848s ago: executing program 3 (id=1087):
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x218, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
ioctl$VIDIOC_S_PARM(0xffffffffffffffff, 0xc0cc5616, &(0x7f0000000300)={0x3, @output={0x0, 0x1, {0x1, 0x2}, 0x4, 0x7}})
sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffe}, 0x0)
r3 = socket$inet_udp(0x2, 0x2, 0x0)
bind$inet(r3, 0x0, 0x0)
r4 = socket$inet6(0xa, 0x3, 0x5)
setsockopt$inet6_int(r4, 0x29, 0x1000000000021, &(0x7f0000000180)=0xffffffc1, 0x4)
syz_usb_connect(0x0, 0x36, &(0x7f00000000c0)=ANY=[@ANYBLOB="120100008010bd40820514009dbb0000000109022400011b00000009040000022a3e740009058bff7f000010010905"], 0x0)
r5 = socket$igmp(0x2, 0x3, 0x2)
setsockopt$MRT_ADD_VIF(r5, 0x0, 0xca, &(0x7f0000003d80)={0x1, 0x0, 0x0, 0x0, @vifc_lcl_addr=@local, @dev}, 0x10)
ioctl$SIOCGETMIFCNT_IN6(r5, 0x89e0, &(0x7f0000000040))
r6 = socket$inet6_udp(0xa, 0x2, 0x0)
ioctl$sock_SIOCGIFINDEX(r6, 0x8933, &(0x7f0000000c80)={'lo\x00', <r7=>0x0})
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000001200)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000680)=@newqdisc={0x40, 0x24, 0x4ee4e6a52ff56541, 0x0, 0x0, {0x0, 0x0, 0x0, r7, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_fq={{0x7}, {0x14, 0x2, [@TCA_FQ_FLOW_DEFAULT_RATE={0x8, 0x10, 0x3}, @TCA_FQ_FLOW_MAX_RATE={0x8, 0x2, 0x10270000}]}}]}, 0x40}}, 0x0)
r8 = openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000240), 0xc2882, 0x0)
syz_open_dev$midi(&(0x7f0000000000), 0x3, 0x4a243)
close(r8)
ioctl$TUNSETQUEUE(0xffffffffffffffff, 0x400454d9, &(0x7f0000000140)={'veth0_macvtap\x00', 0x200})
sendmmsg$inet(r3, &(0x7f0000004d00)=[{{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x30000}}], 0x300, 0xf00)
sendmsg$nl_xfrm(r0, &(0x7f0000000b80)={0x0, 0x0, &(0x7f0000000b40)={&(0x7f0000000000)=@updsa={0x184, 0x1a, 0x1, 0x10000000, 0x0, {{@in=@initdev={0xac, 0x1e, 0x1, 0x0}, @in6=@remote, 0x0, 0x0, 0x4, 0x0, 0x2}, {@in6=@initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, 0x0, 0x6c}, @in6=@private1={0xfc, 0x1, '\x00', 0x1}, {0x2, 0x0, 0x0, 0x0, 0xfffffffffffffffd}, {}, {}, 0x70bd2b, 0x0, 0x2}, [@algo_comp={0x48, 0x3, {{'deflate\x00'}}}, @algo_auth_trunc={0x4c, 0x14, {{'poly1305-generic\x00'}, 0x0, 0xc0}}]}, 0x184}, 0x1, 0x0, 0x0, 0x48000}, 0x0)

3.29008465s ago: executing program 7 (id=1088):
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x7, 0x100}, 0x0)
r0 = getpid()
sched_setscheduler(r0, 0x1, &(0x7f0000000200)=0x7)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
r3 = syz_io_uring_setup(0x7b, &(0x7f0000000540)={0x0, 0x3bca, 0x10100, 0x0, 0x313}, &(0x7f00000005c0)=<r4=>0x0, &(0x7f0000000100)=<r5=>0x0)
socketpair$tipc(0x1e, 0x5, 0x0, &(0x7f0000000040)={<r6=>0xffffffffffffffff, <r7=>0xffffffffffffffff})
syz_io_uring_submit(r4, r5, &(0x7f0000000600)=@IORING_OP_RECVMSG={0xa, 0x50, 0x0, r7, 0x0, &(0x7f00000001c0)={0x0, 0x0, 0x0}, 0x0, 0x40000103, 0x0, {0x4}})
io_uring_enter(r3, 0x46f3, 0x0, 0x0, 0x0, 0x0)
openat$sysctl(0xffffffffffffff9c, 0x0, 0x1, 0x0)
write(r6, &(0x7f0000000200)='~', 0x1)
r8 = syz_open_dev$dri(&(0x7f0000000300), 0x40100001, 0x189002)
ioctl$DRM_IOCTL_SET_CLIENT_CAP(r8, 0x4010640d, &(0x7f0000000000)={0x3, 0x2})
ioctl$DRM_IOCTL_MODE_GETPLANERESOURCES(r8, 0xc01064b5, &(0x7f0000000140)={&(0x7f0000000100)=[<r9=>0x0], 0x1})
ioctl$DRM_IOCTL_MODE_GETPLANE(0xffffffffffffffff, 0xc02064b6, &(0x7f00000002c0)={r9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
r10 = socket$inet_udp(0x2, 0x2, 0x0)
sendto$inet(r10, &(0x7f0000000000)="170cf31f8e85bcdbb6ad484c26dfa6be3180020cc3ad083eb719a8495180e3411bca5a3904d99c037e2d8e3c1c72fa92fbc31f328a0634a228ba73fca36ab95455c2429a396c437ae822453d5dbfd246cfc6e49f4b77fbb58e3e23beae7970b5bdb6c5d6a4b76a6e910402706986d2c4da7f3cab1ec82c46628456875bad37ebb5c0bef76aeae81b5489235cc4a3533c44fae97f864aa56771761bf7b68f404289dfd955fc20d7c7eb05951df334942d46ba78c78f3c72a7e827134798ba9e611ff2de814c88b7ee20d6163a99b26f4756f5ed20986bfe8de8c2292656a566df0117b53931975aaafdc88161f49d05ffbac6171e83421143f33f", 0xfa, 0x4000810, &(0x7f0000000100)={0x2, 0x4e21, @remote}, 0x10)

2.664914607s ago: executing program 5 (id=1089):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, 0x0)
syz_emit_ethernet(0x0, 0x0, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x1000000000002)
syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
sched_setscheduler(0x0, 0x1, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0)
prlimit64(0x0, 0xe, 0x0, 0x0)
socket(0x9, 0x7, 0x2)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
prlimit64(0x0, 0xe, 0x0, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000100)=0x2)
sendmsg$IPCTNL_MSG_CT_NEW(0xffffffffffffffff, 0x0, 0x0)
r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r0, &(0x7f0000002000)=""/102400, 0x19000)
r1 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
setsockopt$ax25_SO_BINDTODEVICE(0xffffffffffffffff, 0x101, 0x19, &(0x7f0000000000)=@bpq0, 0x10)
ioctl$sock_netdev_private(r1, 0x8914, &(0x7f0000000000))
r2 = syz_init_net_socket$rose(0xb, 0x5, 0x0)
ioctl$sock_rose_SIOCADDRT(r2, 0x890b, &(0x7f0000000380)={@dev={0xbb, 0xbb, 0xbb, 0x1, 0x0}, 0x6, @bcast, @bpq0, 0x4, [@remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x0}, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @null, @default, @default, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x0}, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}]})
r3 = syz_init_net_socket$rose(0xb, 0x5, 0x0)
connect$rose(r3, &(0x7f0000000200)=@short={0xb, @dev={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, 0x1, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x3}}, 0x1c)
connect$rose(r3, &(0x7f0000000180)=@full={0xb, @dev={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, 0x1, [@netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @null, @default, @bcast, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @bcast]}, 0x40)

1.890980459s ago: executing program 8 (id=1090):
mmap(&(0x7f0000001000/0xc00000)=nil, 0xc00000, 0x0, 0x3032, 0xffffffffffffffff, 0x0)
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180), 0x2800, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_MSRS(r2, 0xc008ae88, &(0x7f0000000680)=ANY=[@ANYBLOB="cf"])

1.729863656s ago: executing program 7 (id=1091):
syz_mount_image$ext4(&(0x7f0000000600)='ext4\x00', &(0x7f0000000480)='./file0\x00', 0x0, &(0x7f00000000c0)={[{@nodioread_nolock}, {@init_itable_val={'init_itable', 0x3d, 0x4}}, {@mblk_io_submit}, {@minixdf}, {@jqfmt_vfsv0}, {@usrjquota, 0x2e}], [], 0x2e}, 0x84, 0x450, &(0x7f0000000dc0)="$eJzs289vFFUcAPDvzLYgv2xF/MEPtYrGxh8tLagcvGg04WJiogc81lIIslBDayKESDUGj4a/QD2a+Bd40otRTxqvejcmxHARPZgxszsDS7tbd7tbtrCfTzLtezNv973vzLzdN/N2AhhYY/mfJGJ7RPwaESP17M0Fxur/rl29MPv31QuzSWTZG38mtXJ/Xb0wWxYtX7etyIynEenHSextUu/CufOnZqrVubNFfnLx9LuTC+fOP3vy9MyJuRNzZ6YPHz50cOqF56ef60mcO/K27vlgft/uI29dfm326OW3f/gqb+/2YntjHHWjXdc5FmM378sGT3T97hvLjoZ0MtTHhtCRSkTkh2u41v9HohI3Dt5IvPpRXxsHrKssy7LNK9ZWysRSBtzBkuh3C4D+KL/o8+vfcrmFw4++u/JS/QIoj/tasdS3DEValBledn3bS2MRcXTpn8/yJZrehwAA6K1v8vHPM83Gf2nc31Du7mJuaDQi7omInRFxb0Tsioj7ImplH4iIBzusf2xZfuX45+ctawqsTfn478Vibuvm8V85+ovRSpHbUYt/ODl+sjp3oNgn4zG8Oc9PrVLHt6/88mmrbY3jv3zJ6y/HgkU7/hhadoPu2MziTDcxN7ryYcSeoWbxJ9fnrvL/uyNizxreP99nJ5/6cl+r7f8f/yp6MM+UfRHxZP34L8Wy+EvJ6vOTk3dFde7AZHlWrPTjT5deb1V/V/H3QH78tzY9/6/HP5o0ztcudF7Hpd8+aXlNs9bzf1PyZi29qVj3/szi4tmpiE3J0sr10zdeW+bL8nn84/ub9/+dEf9+Xrxub0TkJ/FDEfFwRDxStP3RiHgsIvavEv/3Lz/+ztrjX195/Mc6Ov6dJyqnvvu6Vf3tHf9DtdR4saadz792G9jNvgMAAIDbRVr7DXySTlxPp+nERP03/Ltia1qdX1h8+vj8e2eO1X8rPxrDaXmna6ThfuhUcW+4zE8vyx+s3TfOsizbUstPzM5X12tOHWjPthb9P/d7pd+tA9ZdR/NorZ5oA25LnteEwaX/w+DS/2Fw6f8wuJr1/4sR1/rQFOAW8/0Pg0v/h8Gl/8Pg0v9hIHXzXP9qiZ1H1uud77REZWM0o+NEpBuiGWtLpBujGfXE5ohot/DFuFUN6/cnEwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAQG/8FwAA//8Hl+jb")
prlimit64(0x0, 0xe, &(0x7f0000000140)={0xa, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f0000000180)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000ac0)=ANY=[@ANYBLOB="1800000000000000000000000000000018010000786c6c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b7030000fdffffff850000002d00000095"], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0xa, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
sched_setaffinity(0x0, 0x0, 0x0)
chdir(&(0x7f0000000040)='./file0\x00')
quotactl$Q_QUOTAON(0xffffffff80000200, &(0x7f0000000080)=@loop={'/dev/loop', 0x0}, 0x0, &(0x7f0000000000)='./file0\x00')

1.353694202s ago: executing program 0 (id=1092):
getpid()
clock_gettime(0xfffffff5, 0x0)
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000240)={0x11, 0x4, &(0x7f0000000200)=ANY=[@ANYBLOB="18000000000004000000000000000000850000002300000095"], &(0x7f0000000180)='GPL\x00', 0x4, 0x8f, &(0x7f00000002c0)=""/143}, 0x3c)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000380)='sched_switch\x00', r0}, 0x10)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r1 = getpid()
sched_setattr(r1, &(0x7f0000000000)={0x38, 0x5, 0x8, 0x4, 0x0, 0x40, 0x4, 0x7fff, 0x36, 0x8}, 0x0)
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
syz_open_dev$usbmon(&(0x7f0000000140), 0x0, 0x2000)

1.001525647s ago: executing program 8 (id=1093):
socket$nl_route(0x10, 0x3, 0x0)
bind$inet(0xffffffffffffffff, 0x0, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, 0x0, &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x100}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x1, &(0x7f0000000200)=0x7)
syz_open_dev$sndmidi(0x0, 0x8001, 0x8000)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e23}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
bind$inet6(0xffffffffffffffff, 0x0, 0x0)
write$cgroup_pid(0xffffffffffffffff, 0x0, 0x0)
r3 = socket$key(0xf, 0x3, 0x2)
sendmsg$key(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={0x0}}, 0x0)
sendmsg$key(0xffffffffffffffff, &(0x7f00000001c0)={0x40000000, 0x0, &(0x7f0000000040)={&(0x7f0000000080)=ANY=[@ANYBLOB="02030609100000000000004c9e000000020013000200000000000000ff0800ed05000600200000000a00060000000000ff0000000000000000001ffeff0001000003f1dc7f7c6e7c0200010000000000004000020000000005000500000000000a"], 0x80}}, 0x0)
sendmmsg(r3, &(0x7f0000000180), 0x400008a, 0x0)

0s ago: executing program 8 (id=1094):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x348cf000)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file1/file0\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f0000000240)=0x6)
socketpair$unix(0x1, 0x5, 0x0, 0x0)
openat$ttyS3(0xffffffffffffff9c, &(0x7f0000001840), 0x2982, 0x0)

kernel console output (not intermixed with test programs):

][ T4590] EXT4-fs (loop2): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none.
[   88.714774][   T23] ums-sddr09 1-1:1.0: USB Mass Storage device detected
[   88.881158][ T4603] netlink: 'syz.3.81': attribute type 12 has an invalid length.
[   88.949286][   T23] scsi host1: usb-storage 1-1:1.0
[   89.006416][ T4608] loop2: detected capacity change from 0 to 256
[   90.083228][ T4608] loop_set_status: loop2 () has still dirty pages (nrpages=1)
[   90.143120][  T155] scsi 1:0:0:0: Direct-Access     Sandisk  ImageMate SDDR09 0177 PQ: 0 ANSI: 0
[   90.258693][  T155] sd 1:0:0:0: Attached scsi generic sg1 type 0
[   90.299121][ T4189] FAT-fs (loop2): error, corrupted directory (invalid entries)
[   90.345369][ T4189] FAT-fs (loop2): error, corrupted directory (invalid entries)
[   90.495194][ T4286] usb 1-1: USB disconnect, device number 2
[   90.513285][ T4606] sddr09: could not read card info
[   90.519184][ T3072] sd 1:0:0:0: [sdb] 0 512-byte logical blocks: (0 B/0 B)
[   90.544576][ T3072] sd 1:0:0:0: [sdb] 0-byte physical blocks
[   90.585174][ T3072] sd 1:0:0:0: [sdb] Write Protect is off
[   90.625040][  T145] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   90.658376][ T3072] sd 1:0:0:0: [sdb] Asking for cache data failed
[   90.688154][ T3072] sd 1:0:0:0: [sdb] Assuming drive cache: write through
[   90.712283][  T145] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   90.733148][   T23] usb 5-1: new high-speed USB device number 3 using dummy_hcd
[   90.787570][ T3072] sd 1:0:0:0: [sdb] Attached SCSI removable disk
[   90.938529][  T145] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   90.983165][   T23] usb 5-1: Using ep0 maxpacket: 16
[   91.143399][   T23] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[   91.183722][   T23] usb 5-1: config 0 has no interfaces?
[   91.195699][  T145] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   91.379494][   T23] usb 5-1: New USB device found, idVendor=045e, idProduct=0284, bcdDevice=a4.8f
[   91.464493][   T23] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[   91.522389][   T23] usb 5-1: Product: syz
[   91.638828][   T23] usb 5-1: Manufacturer: syz
[   91.674541][   T23] usb 5-1: SerialNumber: syz
[   91.788542][   T23] usb 5-1: config 0 descriptor??
[   92.258234][ T4641] netlink: 20 bytes leftover after parsing attributes in process `syz.0.97'.
[   92.347038][ T4503] udevd[4503]: inotify_add_watch(7, /dev/sdb, 10) failed: No such file or directory
[   92.374720][ T4234] usb 5-1: USB disconnect, device number 3
[   93.409467][ T4639] chnl_net:caif_netlink_parms(): no params data found
[   93.591426][   T23] Bluetooth: hci0: command 0x0409 tx timeout
[   93.851444][ T4639] bridge0: port 1(bridge_slave_0) entered blocking state
[   93.861127][ T4639] bridge0: port 1(bridge_slave_0) entered disabled state
[   93.869955][ T4639] device bridge_slave_0 entered promiscuous mode
[   93.888817][ T4637] chnl_net:caif_netlink_parms(): no params data found
[   93.920434][ T4639] bridge0: port 2(bridge_slave_1) entered blocking state
[   93.933151][ T4639] bridge0: port 2(bridge_slave_1) entered disabled state
[   93.941292][ T4639] device bridge_slave_1 entered promiscuous mode
[   94.169116][ T4639] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   94.246651][ T4691] vhci_hcd vhci_hcd.0: pdev(0) rhport(0) sockfd(7)
[   94.253642][ T4691] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed)
[   94.262314][ T4691] vhci_hcd vhci_hcd.0: Device attached
[   94.563363][   T23] usb 33-1: new low-speed USB device number 2 using vhci_hcd
[   94.696696][ T4255] Bluetooth: hci4: command 0x0409 tx timeout
[   95.624825][    C1] vxcan0: j1939_tp_rxtimer: 0xffff88805f6f3000: rx timeout, send abort
[   95.635173][    C1] vxcan0: j1939_xtp_rx_abort_one: 0xffff88805f6f3000: 0x0f001: (3) A timeout occurred and this is the connection abort to close the session.
[   95.711268][ T4286] Bluetooth: hci0: command 0x041b tx timeout
[   95.889047][ T4692] vhci_hcd: connection reset by peer
[   95.911336][  T144] vhci_hcd: stop threads
[   95.916728][  T144] vhci_hcd: release socket
[   95.970869][  T144] vhci_hcd: disconnect device
[   96.464649][ T4639] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   96.690075][ T4703] loop4: detected capacity change from 0 to 32768
[   96.719535][ T4678] loop3: detected capacity change from 0 to 32768
[   96.783341][ T4286] Bluetooth: hci4: command 0x041b tx timeout
[   96.806521][ T4703] XFS (loop4): Mounting V5 Filesystem
[   96.870036][ T4639] team0: Port device team_slave_0 added
[   96.964245][ T4637] bridge0: port 1(bridge_slave_0) entered blocking state
[   96.974815][ T4703] XFS (loop4): Ending clean mount
[   96.992363][ T4637] bridge0: port 1(bridge_slave_0) entered disabled state
[   97.007546][ T4703] XFS (loop4): Quotacheck needed: Please wait.
[   97.021100][ T4637] device bridge_slave_0 entered promiscuous mode
[   97.078084][ T4703] XFS (loop4): Quotacheck: Done.
[   97.153699][ T4639] team0: Port device team_slave_1 added
[   97.160983][ T4637] bridge0: port 2(bridge_slave_1) entered blocking state
[   97.170640][ T4637] bridge0: port 2(bridge_slave_1) entered disabled state
[   97.211577][ T4637] device bridge_slave_1 entered promiscuous mode
[   97.319318][ T4286] usb 1-1: new high-speed USB device number 3 using dummy_hcd
[   97.634698][ T4286] usb 1-1: Using ep0 maxpacket: 16
[   97.744934][ T1108] Bluetooth: hci0: command 0x040f tx timeout
[   97.793427][ T4286] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[   97.808076][ T4184] XFS (loop4): Unmounting Filesystem
[   98.003024][ T4286] usb 1-1: config 0 has no interfaces?
[   98.099401][  T145] device hsr_slave_0 left promiscuous mode
[   98.147504][  T145] device hsr_slave_1 left promiscuous mode
[   98.154498][  T145] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[   98.158110][ T4734] loop3: detected capacity change from 0 to 1024
[   98.162016][  T145] batman_adv: batadv0: Removing interface: batadv_slave_0
[   98.188078][ T4286] usb 1-1: New USB device found, idVendor=045e, idProduct=0284, bcdDevice=a4.8f
[   98.191135][  T145] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[   98.204989][  T145] batman_adv: batadv0: Removing interface: batadv_slave_1
[   98.213599][  T145] device bridge_slave_1 left promiscuous mode
[   98.219213][ T4286] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[   98.221366][  T145] bridge0: port 2(bridge_slave_1) entered disabled state
[   98.230007][ T4286] usb 1-1: Product: syz
[   98.255480][ T4286] usb 1-1: Manufacturer: syz
[   98.260295][ T4286] usb 1-1: SerialNumber: syz
[   98.293969][ T4734] EXT4-fs (loop3): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none.
[   98.319658][ T4286] usb 1-1: config 0 descriptor??
[   98.322244][  T145] device bridge_slave_0 left promiscuous mode
[   98.341278][  T145] bridge0: port 1(bridge_slave_0) entered disabled state
[   98.421359][  T145] device veth1_macvtap left promiscuous mode
[   98.437903][  T145] device veth0_macvtap left promiscuous mode
[   98.464301][  T145] device veth1_vlan left promiscuous mode
[   98.470324][  T145] device veth0_vlan left promiscuous mode
[   98.646328][ T4286] usb 1-1: USB disconnect, device number 3
[   98.863275][ T1108] Bluetooth: hci4: command 0x040f tx timeout
[   98.889895][ T4743] loop4: detected capacity change from 0 to 32768
[   98.911789][  T145] team0 (unregistering): Port device team_slave_1 removed
[   98.930975][  T145] team0 (unregistering): Port device team_slave_0 removed
[   98.969982][  T145] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[   98.987777][ T4743] XFS (loop4): Mounting V5 Filesystem
[   98.992297][  T145] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[   99.107077][  T145] bond0 (unregistering): Released all slaves
[   99.161781][ T4743] XFS (loop4): Ending clean mount
[   99.190370][ T4743] XFS (loop4): Quotacheck needed: Please wait.
[   99.249753][ T4637] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   99.268286][ T4740] netlink: 4 bytes leftover after parsing attributes in process `syz.3.114'.
[   99.299661][ T4743] XFS (loop4): Quotacheck: Done.
[   99.347355][ T4740] device veth1_macvtap left promiscuous mode
[   99.428130][ T4639] batman_adv: batadv0: Adding interface: batadv_slave_0
[   99.435381][ T4639] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   99.462140][ T4639] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   99.477167][ T4637] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   99.516169][ T4759] netlink: 4 bytes leftover after parsing attributes in process `syz.0.115'.
[   99.527883][ T4759] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[   99.601228][ T4759] batman_adv: batadv0: Removing interface: batadv_slave_1
[   99.603761][ T4184] XFS (loop4): Unmounting Filesystem
[   99.649196][ T4639] batman_adv: batadv0: Adding interface: batadv_slave_1
[   99.660906][ T4639] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   99.689199][ T4639] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   99.743189][   T23] vhci_hcd: vhci_device speed not set
[   99.807036][ T4637] team0: Port device team_slave_0 added
[   99.813920][ T1108] Bluetooth: hci0: command 0x0419 tx timeout
[   99.845348][ T4637] team0: Port device team_slave_1 added
[   99.990555][ T4639] device hsr_slave_0 entered promiscuous mode
[  100.004274][ T4639] device hsr_slave_1 entered promiscuous mode
[  100.017771][ T4234] usb 4-1: new high-speed USB device number 4 using dummy_hcd
[  100.073519][ T4637] batman_adv: batadv0: Adding interface: batadv_slave_0
[  100.080516][ T4637] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  100.172561][ T4637] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  100.293185][ T4234] usb 4-1: Using ep0 maxpacket: 8
[  100.413711][ T4234] usb 4-1: config 179 has an invalid interface number: 65 but max is 0
[  100.451821][ T4234] usb 4-1: config 179 has no interface number 0
[  100.465662][ T4637] batman_adv: batadv0: Adding interface: batadv_slave_1
[  100.524138][ T4637] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  100.599905][ T4234] usb 4-1: config 179 interface 65 altsetting 0 endpoint 0xF has an invalid bInterval 0, changing to 7
[  100.777610][ T4234] usb 4-1: config 179 interface 65 altsetting 0 endpoint 0xF has invalid maxpacket 1025, setting to 1024
[  100.960423][ T4234] usb 4-1: config 179 interface 65 altsetting 0 endpoint 0x83 has an invalid bInterval 0, changing to 7
[  100.980016][ T4637] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  100.994102][ T4312] Bluetooth: hci4: command 0x0419 tx timeout
[  101.020108][ T4234] usb 4-1: config 179 interface 65 altsetting 0 endpoint 0x83 has invalid maxpacket 41728, setting to 1024
[  101.039038][ T4234] usb 4-1: config 179 interface 65 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 23
[  101.122553][ T4234] usb 4-1: New USB device found, idVendor=12ab, idProduct=90a3, bcdDevice=1e.eb
[  101.201659][ T4234] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  101.333393][ T4764] raw-gadget.0 gadget: fail, usb_ep_enable returned -22
[  101.606033][ T4637] device hsr_slave_0 entered promiscuous mode
[  101.860625][ T4637] device hsr_slave_1 entered promiscuous mode
[  101.882267][ T4637] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  101.932831][ T4637] Cannot create hsr debugfs directory
[  101.950552][ T4234] input: Generic X-Box pad as /devices/platform/dummy_hcd.3/usb4/4-1/4-1:179.65/input/input5
[  102.156462][ T4234] usb 4-1: USB disconnect, device number 4
[  102.163280][    C0] xpad 4-1:179.65: xpad_irq_in - usb_submit_urb failed with result -19
[  102.172118][    C0] xpad 4-1:179.65: xpad_irq_out - usb_submit_urb failed with result -19
[  102.235103][ T4234] xpad 4-1:179.65: xpad_try_sending_next_out_packet - usb_submit_urb failed with result -19
[  103.735946][ T4802] No such timeout policy "syz1"
[  104.111835][ T4639] netdevsim netdevsim5 netdevsim0: renamed from eth0
[  104.173835][ T4639] netdevsim netdevsim5 netdevsim1: renamed from eth1
[  104.323669][ T4639] netdevsim netdevsim5 netdevsim2: renamed from eth2
[  104.355032][ T4639] netdevsim netdevsim5 netdevsim3: renamed from eth3
[  104.498417][ T4637] netdevsim netdevsim6 netdevsim0: renamed from eth0
[  104.527871][ T4637] netdevsim netdevsim6 netdevsim1: renamed from eth1
[  104.562661][ T4637] netdevsim netdevsim6 netdevsim2: renamed from eth2
[  104.598831][ T4637] netdevsim netdevsim6 netdevsim3: renamed from eth3
[  104.770454][ T4639] 8021q: adding VLAN 0 to HW filter on device bond0
[  104.819243][ T4442] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[  104.831781][ T4442] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[  104.845086][ T4639] 8021q: adding VLAN 0 to HW filter on device team0
[  104.896176][  T155] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[  104.909463][  T155] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[  104.940849][  T155] bridge0: port 1(bridge_slave_0) entered blocking state
[  104.948154][  T155] bridge0: port 1(bridge_slave_0) entered forwarding state
[  105.016392][ T4637] 8021q: adding VLAN 0 to HW filter on device bond0
[  105.041680][  T155] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[  105.070369][  T155] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[  105.094159][  T155] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[  105.111184][ T4840] loop3: detected capacity change from 0 to 1024
[  105.118189][  T155] bridge0: port 2(bridge_slave_1) entered blocking state
[  105.125328][  T155] bridge0: port 2(bridge_slave_1) entered forwarding state
[  105.163625][  T155] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[  105.250938][ T4840] EXT4-fs (loop3): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none.
[  105.292668][ T4840] EXT4-fs (loop3): shut down requested (0)
[  105.344541][  T155] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[  105.379567][  T155] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[  105.438352][  T155] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[  105.461359][  T155] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[  105.511757][  T155] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[  105.542630][  T155] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[  105.593483][  T155] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[  105.652205][ T4637] 8021q: adding VLAN 0 to HW filter on device team0
[  105.692053][ T4842] tipc: Started in network mode
[  105.698828][ T4842] tipc: Node identity 6efbf0e60871, cluster identity 4711
[  105.722546][ T4842] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  105.750188][  T155] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[  105.778980][  T155] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[  105.811054][  T155] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[  105.846446][ T4856] fuse: Bad value for 'user_id'
[  105.853809][  T155] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[  105.883877][  T155] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[  105.927817][ T4639] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[  105.938513][ T4842] tipc: Disabling bearer <eth:syzkaller0>
[  105.959116][ T4700] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[  105.978344][ T4700] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[  105.991788][ T4700] bridge0: port 1(bridge_slave_0) entered blocking state
[  105.998950][ T4700] bridge0: port 1(bridge_slave_0) entered forwarding state
[  106.013156][ T4700] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[  106.022202][ T4700] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[  106.030845][ T4700] bridge0: port 2(bridge_slave_1) entered blocking state
[  106.038069][ T4700] bridge0: port 2(bridge_slave_1) entered forwarding state
[  106.046061][ T4700] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[  106.062485][ T4860] device syzkaller0 entered promiscuous mode
[  106.069196][   T21] usb 4-1: new high-speed USB device number 5 using dummy_hcd
[  106.102025][ T4858] tipc: Started in network mode
[  106.129953][ T4858] tipc: Node identity 4a6dfc2972a1, cluster identity 4711
[  106.153350][ T4858] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  106.162932][ T4700] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[  106.188387][ T4700] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[  106.263731][ T4858] tipc: Resetting bearer <eth:syzkaller0>
[  106.306400][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[  106.323147][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[  106.352362][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[  106.396853][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[  106.422683][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[  106.441914][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[  106.452176][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[  106.488617][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[  106.501772][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[  106.523406][   T21] usb 4-1: Using ep0 maxpacket: 16
[  106.673456][   T21] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  106.702915][   T21] usb 4-1: config 0 has no interfaces?
[  106.904069][   T21] usb 4-1: New USB device found, idVendor=045e, idProduct=0284, bcdDevice=a4.8f
[  106.927848][   T21] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  107.066106][   T21] usb 4-1: Product: syz
[  107.070588][   T21] usb 4-1: Manufacturer: syz
[  107.079241][   T21] usb 4-1: SerialNumber: syz
[  107.093259][   T21] usb 4-1: config 0 descriptor??
[  107.177533][ T4857] tipc: Resetting bearer <eth:syzkaller0>
[  107.191791][ T4857] tipc: Disabling bearer <eth:syzkaller0>
[  107.238200][ T4637] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[  107.374770][ T4233] usb 4-1: USB disconnect, device number 5
[  107.510100][ T4313] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready
[  107.517753][ T4234] usb 5-1: new high-speed USB device number 4 using dummy_hcd
[  107.551680][ T4313] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready
[  107.598591][ T4639] 8021q: adding VLAN 0 to HW filter on device batadv0
[  107.731988][  T145] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  107.833625][ T4315] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready
[  107.872008][ T4315] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready
[  107.900007][ T4637] 8021q: adding VLAN 0 to HW filter on device batadv0
[  107.913291][ T4234] usb 5-1: config 0 interface 0 has no altsetting 0
[  107.922459][ T4234] usb 5-1: New USB device found, idVendor=046d, idProduct=0a0e, bcdDevice=94.75
[  107.993913][ T4234] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  108.084128][ T4234] usb 5-1: config 0 descriptor??
[  108.401586][  T145] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  108.518091][ T4908] vhci_hcd vhci_hcd.0: pdev(0) rhport(0) sockfd(6)
[  108.524645][ T4908] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed)
[  108.534552][ T4908] vhci_hcd vhci_hcd.0: Device attached
[  108.793178][ T4234] video4linux radio48: keene_cmd_set failed (-71)
[  108.800186][ T4234] radio-keene 5-1:0.0: V4L2 device registered as radio48
[  108.812755][  T145] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  108.824657][   T23] usb 33-1: new low-speed USB device number 3 using vhci_hcd
[  109.259659][  T145] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  109.448845][ T4909] vhci_hcd: connection reset by peer
[  109.459045][ T4315] vhci_hcd: stop threads
[  109.465130][ T4315] vhci_hcd: release socket
[  109.543499][ T4315] vhci_hcd: disconnect device
[  109.612229][ T4263] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready
[  109.665252][ T4263] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[  109.968082][ T4234] usb 5-1: USB disconnect, device number 4
[  110.034959][ T4919] fuse: Bad value for 'user_id'
[  110.044296][ T4731] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready
[  110.070691][ T4731] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[  110.152799][ T4639] device veth0_vlan entered promiscuous mode
[  110.175079][ T4922] loop4: detected capacity change from 0 to 1024
[  110.215544][ T4639] device veth1_vlan entered promiscuous mode
[  110.233185][ T4731] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[  110.245507][ T4731] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[  110.254242][ T4731] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready
[  110.263941][ T4924] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  110.300891][ T4294] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready
[  110.313849][ T4294] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[  110.322928][ T4927] device syzkaller0 entered promiscuous mode
[  110.409344][ T4922] EXT4-fs (loop4): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none.
[  110.414468][ T4930] tipc: Resetting bearer <eth:syzkaller0>
[  110.436493][ T4922] EXT4-fs (loop4): shut down requested (0)
[  110.452215][ T4923] tipc: Resetting bearer <eth:syzkaller0>
[  110.471296][ T4923] tipc: Disabling bearer <eth:syzkaller0>
[  110.525254][ T4639] device veth0_macvtap entered promiscuous mode
[  110.553727][ T4442] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready
[  110.572820][ T4442] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready
[  110.593763][ T4442] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[  110.618366][ T4637] device veth0_vlan entered promiscuous mode
[  110.667947][ T4639] device veth1_macvtap entered promiscuous mode
[  110.686881][  T145] tipc: Left network mode
[  110.687007][ T4442] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready
[  110.731196][ T4442] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready
[  110.849024][ T4442] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready
[  110.861720][ T4442] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[  110.879001][ T4637] device veth1_vlan entered promiscuous mode
[  110.904735][ T4442] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[  111.020603][ T4442] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[  111.828591][ T4639] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  111.874235][ T4639] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  111.981689][ T4639] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  111.998164][ T4639] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  112.090629][ T4639] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  112.126962][ T4639] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  112.138656][ T4639] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  112.157399][ T4639] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  112.186887][ T4639] batman_adv: batadv0: Interface activated: batadv_slave_0
[  112.203975][ T4294] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready
[  112.223513][ T4294] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[  112.295257][ T4226] usb 5-1: new high-speed USB device number 5 using dummy_hcd
[  112.573256][ T4226] usb 5-1: Using ep0 maxpacket: 16
[  112.713490][ T4226] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  112.742620][ T4226] usb 5-1: config 0 has no interfaces?
[  113.056551][ T4226] usb 5-1: New USB device found, idVendor=045e, idProduct=0284, bcdDevice=a4.8f
[  113.071383][ T4226] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  113.084487][ T4226] usb 5-1: Product: syz
[  113.088702][ T4226] usb 5-1: Manufacturer: syz
[  113.098306][ T4226] usb 5-1: SerialNumber: syz
[  113.135261][ T4226] usb 5-1: config 0 descriptor??
[  113.154100][ T4639] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  113.173210][ T4639] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  113.193918][ T4639] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  113.212465][ T4639] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  113.235528][ T4639] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  113.250924][ T4639] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  113.281699][ T4639] batman_adv: batadv0: Interface activated: batadv_slave_1
[  113.303556][ T4639] netdevsim netdevsim5 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  113.312340][ T4639] netdevsim netdevsim5 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  113.331768][ T4639] netdevsim netdevsim5 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  113.343461][ T4639] netdevsim netdevsim5 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  113.357618][ T4315] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
[  113.368007][ T4315] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[  113.394371][ T4234] usb 5-1: USB disconnect, device number 5
[  113.408418][ T4637] device veth0_macvtap entered promiscuous mode
[  113.432443][ T4315] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready
[  113.446816][ T4315] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[  113.520133][ T4637] device veth1_macvtap entered promiscuous mode
[  113.983661][   T23] vhci_hcd: vhci_device speed not set
[  114.572618][ T4991] fuse: Bad value for 'user_id'
[  114.925930][ T4315] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready
[  114.957490][ T4315] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready
[  115.315535][ T4637] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  115.352248][ T4637] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  115.387798][ T4637] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  115.426550][ T4637] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  115.527744][ T4637] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  115.586553][ T4637] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  115.652907][ T4637] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  115.716284][ T4637] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  115.771755][ T4637] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  115.832394][ T4637] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  115.910670][ T4637] batman_adv: batadv0: Interface activated: batadv_slave_0
[  116.072156][ T4994] loop4: detected capacity change from 0 to 1024
[  116.078635][ T4263] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready
[  116.079342][ T4263] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[  116.647985][ T4994] EXT4-fs (loop4): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none.
[  116.662172][ T4637] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  116.686010][ T4637] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  116.711678][ T4994] EXT4-fs (loop4): shut down requested (0)
[  116.745210][ T4637] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  116.796866][ T4637] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  116.829048][ T4637] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  116.851668][ T4637] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  116.875384][ T4637] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  116.887157][ T4637] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  116.905022][ T4637] batman_adv: batadv0: Interface activated: batadv_slave_1
[  116.972717][ T4442] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
[  117.002465][ T4442] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[  117.130002][ T4637] netdevsim netdevsim6 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  117.152604][ T4637] netdevsim netdevsim6 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  117.173268][ T4637] netdevsim netdevsim6 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  117.258701][ T4637] netdevsim netdevsim6 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  118.053044][ T4700] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  118.104101][ T5017] loop4: detected capacity change from 0 to 512
[  118.110489][ T4700] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  118.136371][ T4442] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  118.163539][ T5019] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  118.181237][ T4442] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  118.193244][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready
[  118.243994][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready
[  118.334138][ T5019] device syzkaller0 entered promiscuous mode
[  118.405411][ T5017] EXT4-fs (loop4): mounted filesystem without journal. Opts: inode_readahead_blks=0x0000000000400000,mb_optimize_scan=0x0000000000000000,grpquota,,errors=continue. Quota mode: writeback.
[  118.482851][ T5022] tipc: Resetting bearer <eth:syzkaller0>
[  118.512703][ T5017] ext4 filesystem being mounted at /42/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  118.564987][ T5018] tipc: Resetting bearer <eth:syzkaller0>
[  118.731185][ T5018] tipc: Disabling bearer <eth:syzkaller0>
[  118.740968][   T26] audit: type=1800 audit(1763775411.158:3): pid=5017 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.4.153" name="file2" dev="loop4" ino=16 res=0 errno=0
[  118.907874][  T155] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  118.921810][ T5033] device ip6_vti0 entered promiscuous mode
[  118.956528][  T155] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  119.022030][ T4263] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  119.082441][ T4263] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  119.119725][ T4442] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready
[  119.236030][ T4442] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready
[  119.244543][ T5043] fuse: Bad value for 'fd'
[  119.315878][ T5045] loop5: detected capacity change from 0 to 8192
[  119.542641][  T145] device hsr_slave_0 left promiscuous mode
[  119.550002][  T145] device hsr_slave_1 left promiscuous mode
[  119.556819][  T145] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  119.564635][  T145] batman_adv: batadv0: Removing interface: batadv_slave_0
[  119.572335][  T145] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  119.580607][  T145] batman_adv: batadv0: Removing interface: batadv_slave_1
[  119.593184][ T4312] usb 5-1: new high-speed USB device number 6 using dummy_hcd
[  119.603177][  T145] device bridge_slave_1 left promiscuous mode
[  119.610433][  T145] bridge0: port 2(bridge_slave_1) entered disabled state
[  119.621963][  T145] device bridge_slave_0 left promiscuous mode
[  119.636633][  T145] bridge0: port 1(bridge_slave_0) entered disabled state
[  119.670292][  T145] device veth1_macvtap left promiscuous mode
[  119.689189][  T145] device veth0_macvtap left promiscuous mode
[  119.703498][  T145] device veth1_vlan left promiscuous mode
[  119.738851][  T145] device veth0_vlan left promiscuous mode
[  119.843064][ T4312] usb 5-1: Using ep0 maxpacket: 16
[  119.963803][ T4312] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  119.982722][ T4312] usb 5-1: config 0 has no interfaces?
[  120.173827][ T4312] usb 5-1: New USB device found, idVendor=045e, idProduct=0284, bcdDevice=a4.8f
[  120.193756][ T4312] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  120.221704][ T4312] usb 5-1: Product: syz
[  120.234239][ T4312] usb 5-1: Manufacturer: syz
[  120.239102][ T4312] usb 5-1: SerialNumber: syz
[  120.271098][ T4312] usb 5-1: config 0 descriptor??
[  120.389363][  T145] team0 (unregistering): Port device team_slave_1 removed
[  120.429326][  T145] team0 (unregistering): Port device team_slave_0 removed
[  120.451422][  T145] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  120.630800][ T1108] usb 5-1: USB disconnect, device number 6
[  120.726512][  T145] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  121.387392][  T145] bond0 (unregistering): Released all slaves
[  121.587363][ T5082] fuse: Bad value for 'fd'
[  122.451976][ T5086] Zero length message leads to an empty skb
[  123.267978][ T4234] usb 1-1: new high-speed USB device number 4 using dummy_hcd
[  124.418974][ T5101] fuse: Bad value for 'fd'
[  124.521468][ T5099] tipc: Enabling of bearer <eth:syzkaller0> rejected, failed to enable media
[  125.492415][ T5129] netlink: 'syz.5.170': attribute type 10 has an invalid length.
[  126.417410][ T5129] bond0: (slave wlan1): Enslaving as an active interface with an up link
[  126.741473][ T5143] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off.
[  130.133237][ T4234] usb 1-1: device descriptor read/all, error -110
[  130.249342][ T5165] fuse: Bad value for 'fd'
[  130.284305][ T4234] usb 1-1: new high-speed USB device number 5 using dummy_hcd
[  130.485555][ T5171] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  130.544319][ T5177] device syzkaller0 entered promiscuous mode
[  130.610542][ T5171] tipc: Resetting bearer <eth:syzkaller0>
[  130.670353][ T5170] tipc: Resetting bearer <eth:syzkaller0>
[  130.705986][ T5170] tipc: Disabling bearer <eth:syzkaller0>
[  131.261579][ T5193] tipc: Started in network mode
[  131.326200][ T5193] tipc: Node identity ee59244bddc9, cluster identity 4711
[  131.371381][   T26] audit: type=1804 audit(1763775423.788:4): pid=5201 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz.6.184" name="/newroot/1/file1" dev="fuse" ino=1 res=1 errno=0
[  131.514823][ T5193] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  131.575454][ T5200] device syzkaller0 entered promiscuous mode
[  132.401596][   T26] audit: type=1800 audit(1763775424.818:5): pid=5201 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.6.184" name="/" dev="fuse" ino=1 res=0 errno=0
[  132.533217][ T5192] tipc: Resetting bearer <eth:syzkaller0>
[  132.831808][ T5219] loop4: detected capacity change from 0 to 1024
[  132.895212][ T1421] ieee802154 phy0 wpan0: encryption failed: -22
[  132.901608][ T1421] ieee802154 phy1 wpan1: encryption failed: -22
[  133.152700][ T5192] tipc: Disabling bearer <eth:syzkaller0>
[  133.168106][ T4306] tipc: Node number set to 865084491
[  134.372973][    C1] sched: RT throttling activated
[  134.384589][ T5219] EXT4-fs (loop4): ext4_check_descriptors: Inode bitmap for group 0 overlaps superblock
[  134.384642][ T5219] EXT4-fs (loop4): ext4_check_descriptors: Checksum for group 0 failed (42152!=20869)
[  134.388087][ T5219] EXT4-fs error (device loop4): ext4_get_journal_inode:5160: inode #5: comm syz.4.189: unexpected bad inode w/o EXT4_IGET_BAD
[  134.389746][ T5219] EXT4-fs (loop4): no journal found
[  134.389765][ T5219] EXT4-fs (loop4): can't get journal size
[  135.398614][ T5219] EXT4-fs (loop4): mounted filesystem without journal. Opts: noblock_validity,noinit_itable,norecovery,min_batch_time=0x000000000000071d,abort,,errors=continue. Quota mode: writeback.
[  135.765729][ T4987] usb 1-1: new high-speed USB device number 6 using dummy_hcd
[  137.718275][ T5227] loop4: detected capacity change from 0 to 4096
[  141.498383][ T5283] tipc: Enabling of bearer <eth:syzkaller0> rejected, failed to enable media
[  142.443071][   T21] usb 5-1: new high-speed USB device number 7 using dummy_hcd
[  143.613068][   T21] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  143.684284][   T21] usb 5-1: New USB device found, idVendor=0926, idProduct=3333, bcdDevice= 0.40
[  143.745831][   T21] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  143.811932][   T21] usb 5-1: config 0 descriptor??
[  144.183162][   T21] usbhid 5-1:0.0: can't add hid device: -71
[  144.189198][   T21] usbhid: probe of 5-1:0.0 failed with error -71
[  144.258830][   T21] usb 5-1: USB disconnect, device number 7
[  145.213047][ T4309] usb 4-1: new high-speed USB device number 6 using dummy_hcd
[  145.231417][   T21] usb 5-1: new high-speed USB device number 8 using dummy_hcd
[  145.448767][ T5341] tipc: Started in network mode
[  145.472165][ T5341] tipc: Node identity 22cfca1aee29, cluster identity 4711
[  145.483032][ T4309] usb 4-1: Using ep0 maxpacket: 8
[  146.303163][ T5341] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  146.373310][ T5341] device syzkaller0 entered promiscuous mode
[  146.410902][ T5341] tipc: Resetting bearer <eth:syzkaller0>
[  146.430487][ T5339] tipc: Resetting bearer <eth:syzkaller0>
[  146.443211][ T4309] usb 4-1: unable to get BOS descriptor or descriptor too short
[  146.461404][ T5339] tipc: Disabling bearer <eth:syzkaller0>
[  146.533307][ T4309] usb 4-1: config 4 has an invalid interface number: 30 but max is 0
[  146.548321][ T4309] usb 4-1: config 4 has no interface number 0
[  146.578655][ T4309] usb 4-1: config 4 interface 30 has no altsetting 0
[  146.893097][   T21] usb 5-1: Using ep0 maxpacket: 32
[  147.533109][ T4309] usb 4-1: string descriptor 0 read error: -71
[  147.539381][ T4309] usb 4-1: New USB device found, idVendor=9022, idProduct=d484, bcdDevice=ff.88
[  147.661656][ T4309] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  147.673380][   T21] usb 5-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7
[  147.687071][   T21] usb 5-1: config 27 interface 0 altsetting 0 has an invalid endpoint with address 0x0, skipping
[  147.730909][ T4309] usb 4-1: can't set config #4, error -71
[  147.739377][   T21] usb 5-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d
[  147.772200][ T4309] usb 4-1: USB disconnect, device number 6
[  147.785088][   T21] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  147.811313][ T5378] loop5: detected capacity change from 0 to 1024
[  147.885277][   T21] usb 5-1: invalid MIDI out EP 0
[  148.008462][   T21] snd-usb-audio: probe of 5-1:27.0 failed with error -22
[  148.804853][  T145] hfsplus: b-tree write err: -5, ino 4
[  148.865442][ T4328] udevd[4328]: error opening ATTR{/sys/devices/platform/dummy_hcd.4/usb5/5-1/5-1:27.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  150.336417][ T5417] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  150.368352][ T5417] device syzkaller0 entered promiscuous mode
[  150.398327][ T5416] tipc: Resetting bearer <eth:syzkaller0>
[  150.430140][ T5416] tipc: Disabling bearer <eth:syzkaller0>
[  152.017968][   T23] usb 5-1: USB disconnect, device number 8
[  152.312682][ T5439] loop6: detected capacity change from 0 to 2048
[  152.537848][ T5439] EXT4-fs (loop6): inline encryption not supported
[  153.298766][ T5439] EXT4-fs (loop6): mounted filesystem without journal. Opts: jqfmt=vfsv0,nobarrier,inlinecrypt,sysvgroups,nodioread_nolock,,errors=continue. Quota mode: none.
[  153.362542][ T5456] loop4: detected capacity change from 0 to 512
[  154.323234][ T5456] EXT4-fs (loop4): Ignoring removed nobh option
[  154.450299][ T5456] EXT4-fs error (device loop4): ext4_orphan_get:1401: inode #15: comm syz.4.242: iget: bad i_size value: 38620345925642
[  154.550056][ T5479] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  154.577950][ T5479] device syzkaller0 entered promiscuous mode
[  154.613926][ T5456] EXT4-fs error (device loop4): ext4_orphan_get:1406: comm syz.4.242: couldn't read orphan inode 15 (err -117)
[  154.638744][ T5477] tipc: Resetting bearer <eth:syzkaller0>
[  154.652611][ T5456] EXT4-fs (loop4): mounted filesystem without journal. Opts: nobh,grpquota,data_err=ignore,,errors=continue. Quota mode: writeback.
[  154.705150][ T5477] tipc: Disabling bearer <eth:syzkaller0>
[  154.971522][ T5491] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  155.006146][ T5491] device syzkaller0 entered promiscuous mode
[  155.027879][ T5494] tipc: Started in network mode
[  155.033203][ T5494] tipc: Node identity f661ce12aefe, cluster identity 4711
[  155.068153][  T155] EXT4-fs error (device loop4): ext4_validate_block_bitmap:429: comm kworker/u4:3: bg 0: block 5: invalid block bitmap
[  155.153237][ T5494] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  155.188181][ T5491] tipc: Resetting bearer <eth:syzkaller0>
[  155.198096][  T155] EXT4-fs (loop4): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 1032 with error 28
[  155.215895][ T5499] device syzkaller0 entered promiscuous mode
[  155.238314][ T5490] tipc: Resetting bearer <eth:syzkaller0>
[  155.248689][  T155] EXT4-fs (loop4): This should not happen!! Data will be lost
[  155.248689][  T155] 
[  155.263339][  T155] EXT4-fs (loop4): Total free blocks count 0
[  155.276684][ T5490] tipc: Disabling bearer <eth:syzkaller0>
[  155.282632][  T155] EXT4-fs (loop4): Free/Dirty block details
[  155.289972][  T155] EXT4-fs (loop4): free_blocks=0
[  155.301624][  T155] EXT4-fs (loop4): dirty_blocks=1032
[  155.304010][ T5499] tipc: Resetting bearer <eth:syzkaller0>
[  155.309459][  T155] EXT4-fs (loop4): Block reservation details
[  155.319163][  T155] EXT4-fs (loop4): i_reserved_data_blocks=1032
[  155.349115][ T5493] tipc: Resetting bearer <eth:syzkaller0>
[  155.417183][ T5493] tipc: Disabling bearer <eth:syzkaller0>
[  156.755884][ T5527] netlink: 16 bytes leftover after parsing attributes in process `syz.4.259'.
[  156.801676][ T5526] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  156.833088][   T21] usb 4-1: new high-speed USB device number 7 using dummy_hcd
[  156.854196][ T5529] netlink: 'syz.6.258': attribute type 10 has an invalid length.
[  156.879442][ T5529] bond0: (slave wlan1): Enslaving as an active interface with an up link
[  156.914840][ T5526] device syzkaller0 entered promiscuous mode
[  156.986883][ T5525] tipc: Resetting bearer <eth:syzkaller0>
[  157.050767][ T5525] tipc: Disabling bearer <eth:syzkaller0>
[  157.073071][   T21] usb 4-1: Using ep0 maxpacket: 16
[  157.193206][   T21] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  157.214364][   T21] usb 4-1: config 0 has no interfaces?
[  157.429749][ T5546] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  157.523312][   T21] usb 4-1: New USB device found, idVendor=045e, idProduct=0284, bcdDevice=a4.8f
[  157.843920][ T5546] device syzkaller0 entered promiscuous mode
[  158.073154][   T21] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  158.189390][   T21] usb 4-1: Product: syz
[  158.213109][   T21] usb 4-1: Manufacturer: syz
[  158.217926][   T21] usb 4-1: SerialNumber: syz
[  158.292549][   T21] usb 4-1: config 0 descriptor??
[  158.451819][ T5555] tipc: Resetting bearer <eth:syzkaller0>
[  158.558407][   T23] usb 4-1: USB disconnect, device number 7
[  158.640625][ T5555] tipc: Resetting bearer <eth:syzkaller0>
[  158.664459][ T5555] tipc: Disabling bearer <eth:syzkaller0>
[  158.787592][ T5569] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  158.811799][ T5569] device syzkaller0 entered promiscuous mode
[  158.837984][ T5569] tipc: Resetting bearer <eth:syzkaller0>
[  158.855807][ T5568] tipc: Resetting bearer <eth:syzkaller0>
[  158.878190][ T5568] tipc: Disabling bearer <eth:syzkaller0>
[  159.914591][ T5585] loop3: detected capacity change from 0 to 64
[  160.240303][ T5600] netlink: 'syz.5.275': attribute type 12 has an invalid length.
[  160.290635][ T5597] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  160.348222][ T5597] device syzkaller0 entered promiscuous mode
[  160.443408][ T5596] tipc: Resetting bearer <eth:syzkaller0>
[  160.502488][ T5604] loop3: detected capacity change from 0 to 512
[  160.504201][ T5596] tipc: Disabling bearer <eth:syzkaller0>
[  160.727967][ T5606] device syzkaller0 entered promiscuous mode
[  161.377662][ T5604] EXT4-fs: Warning: mounting with data=journal disables delayed allocation, dioread_nolock, O_DIRECT and fast_commit support!
[  161.423142][ T5604] EXT4-fs (loop3): encrypted files will use data=ordered instead of data journaling mode
[  161.500757][ T5604] EXT4-fs (loop3): 1 truncate cleaned up
[  161.513043][ T5604] EXT4-fs (loop3): mounted filesystem without journal. Opts: journal_ioprio=0x0000000000000001,auto_da_alloc=0x0000000000000eb0,mb_optimize_scan=0x0000000000000000,lazytime,nombcache,noload,noquota,,errors=continue. Quota mode: none.
[  161.550122][   T26] audit: type=1800 audit(1763775453.968:6): pid=5604 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.3.276" name="file1" dev="loop3" ino=15 res=0 errno=0
[  161.853349][ T4286] usb 1-1: new high-speed USB device number 7 using dummy_hcd
[  163.413013][ T4286] usb 1-1: Using ep0 maxpacket: 16
[  163.710152][ T5615] loop6: detected capacity change from 0 to 32768
[  164.195317][ T5615] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop6 scanned by syz.6.279 (5615)
[  164.779126][ T5615] BTRFS info (device loop6): using crc32c (crc32c-intel) checksum algorithm
[  164.800364][ T5615] BTRFS info (device loop6): setting nodatasum
[  164.883099][ T4286] usb 1-1: unable to read config index 0 descriptor/all
[  164.890510][ T4286] usb 1-1: can't read configurations, error -71
[  165.006602][ T5615] BTRFS info (device loop6): force zlib compression, level 3
[  165.065528][ T5615] BTRFS info (device loop6): metadata ratio 4
[  165.175929][ T5666] loop3: detected capacity change from 0 to 512
[  165.302401][ T5615] BTRFS info (device loop6): enabling ssd optimizations
[  165.861617][ T5666] EXT4-fs (loop3): encrypted files will use data=ordered instead of data journaling mode
[  166.387105][ T5615] BTRFS info (device loop6): allowing degraded mounts
[  166.404388][ T5615] BTRFS info (device loop6): using free space tree
[  166.421060][ T5615] BTRFS info (device loop6): has skinny extents
[  166.479319][ T5666] EXT4-fs warning (device loop3): ext4_expand_extra_isize_ea:2826: Unable to expand inode 15. Delete some EAs or run e2fsck.
[  166.707161][ T5666] EXT4-fs (loop3): 1 truncate cleaned up
[  166.712917][ T5666] EXT4-fs (loop3): mounted filesystem without journal. Opts: nogrpid,min_batch_time=0x0000000000000004,debug_want_extra_isize=0x0000000000000068,errors=remount-ro,nodiscard,quota,. Quota mode: writeback.
[  166.732919][    C1] vkms_vblank_simulate: vblank timer overrun
[  167.408926][ T5670] device ip6_vti0 entered promiscuous mode
[  168.245237][ T5615] BTRFS error (device loop6): open_ctree failed: -12
[  168.335631][ T5705] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  168.349147][ T5705] device syzkaller0 entered promiscuous mode
[  168.386350][ T5705] tipc: Resetting bearer <eth:syzkaller0>
[  168.591769][ T5702] tipc: Resetting bearer <eth:syzkaller0>
[  168.727548][ T5702] tipc: Disabling bearer <eth:syzkaller0>
[  168.780496][ T5724] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  168.788438][ T5724] device syzkaller0 entered promiscuous mode
[  168.803648][ T5724] tipc: Resetting bearer <eth:syzkaller0>
[  168.813118][ T5723] tipc: Resetting bearer <eth:syzkaller0>
[  168.845916][ T5723] tipc: Disabling bearer <eth:syzkaller0>
[  169.194210][ T5741] loop6: detected capacity change from 0 to 512
[  169.280754][ T4255] usb 4-1: new high-speed USB device number 8 using dummy_hcd
[  169.293729][ T5741] EXT4-fs (loop6): corrupt root inode, run e2fsck
[  169.311139][ T5741] EXT4-fs (loop6): mount failed
[  169.613083][ T4255] usb 4-1: Using ep0 maxpacket: 16
[  169.807579][ T5753] sctp: failed to load transform for md5: -2
[  170.143113][ T4255] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  170.188101][ T5767] loop6: detected capacity change from 0 to 128
[  170.197830][ T4255] usb 4-1: config 0 has no interfaces?
[  170.413792][ T4255] usb 4-1: New USB device found, idVendor=045e, idProduct=0284, bcdDevice=a4.8f
[  170.419543][ T5774] loop5: detected capacity change from 0 to 8
[  170.422887][ T4255] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  170.452640][ T4255] usb 4-1: Product: syz
[  170.461158][ T4255] usb 4-1: Manufacturer: syz
[  170.468642][ T4255] usb 4-1: SerialNumber: syz
[  170.858156][ T4255] usb 4-1: config 0 descriptor??
[  170.876315][ T5779] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  170.885820][ T5779] device syzkaller0 entered promiscuous mode
[  170.918560][ T5779] tipc: Resetting bearer <eth:syzkaller0>
[  170.964345][ T5776] tipc: Resetting bearer <eth:syzkaller0>
[  171.070211][ T5776] tipc: Disabling bearer <eth:syzkaller0>
[  171.082514][ T5774] SQUASHFS error: zlib decompression failed, data probably corrupt
[  171.090210][ T5782] fuse: Bad value for 'rootmode'
[  171.134150][ T5774] SQUASHFS error: Failed to read block 0x4e8: -5
[  171.169186][ T4255] usb 4-1: USB disconnect, device number 8
[  171.179712][ T5774] SQUASHFS error: zlib decompression failed, data probably corrupt
[  171.227690][ T5774] SQUASHFS error: Failed to read block 0x4ee: -5
[  171.256999][   T26] audit: type=1800 audit(1763775463.678:7): pid=5774 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.5.306" name="file1" dev="loop5" ino=5 res=0 errno=0
[  171.513721][ T5792] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  171.572712][ T5796] device syzkaller0 entered promiscuous mode
[  171.638666][ T5792] tipc: Resetting bearer <eth:syzkaller0>
[  171.655141][ T5791] tipc: Resetting bearer <eth:syzkaller0>
[  171.674858][ T5791] tipc: Disabling bearer <eth:syzkaller0>
[  171.967625][ T5814] device ip6_vti0 entered promiscuous mode
[  172.249797][ T5823] fuse: Unknown parameter 'use00000000000000000000'
[  172.277005][ T5826] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  172.319483][ T5826] device syzkaller0 entered promiscuous mode
[  172.354863][ T5826] tipc: Resetting bearer <eth:syzkaller0>
[  172.382361][ T5825] tipc: Resetting bearer <eth:syzkaller0>
[  172.401179][ T5825] tipc: Disabling bearer <eth:syzkaller0>
[  172.426792][ T5829] netlink: 76 bytes leftover after parsing attributes in process `syz.3.321'.
[  172.962475][ T5842] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  173.030424][ T5842] device syzkaller0 entered promiscuous mode
[  173.091875][ T5842] tipc: Resetting bearer <eth:syzkaller0>
[  173.119839][ T5841] tipc: Resetting bearer <eth:syzkaller0>
[  173.281377][ T5841] tipc: Disabling bearer <eth:syzkaller0>
[  173.535702][ T4226] usb 1-1: new high-speed USB device number 9 using dummy_hcd
[  173.560063][ T5873] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  173.574682][ T5873] device syzkaller0 entered promiscuous mode
[  173.588629][ T5871] loop3: detected capacity change from 0 to 764
[  173.613475][ T5873] tipc: Resetting bearer <eth:syzkaller0>
[  173.655896][ T5872] tipc: Resetting bearer <eth:syzkaller0>
[  173.716784][ T5872] tipc: Disabling bearer <eth:syzkaller0>
[  173.759902][ T5878] loop4: detected capacity change from 0 to 764
[  173.783116][ T4226] usb 1-1: Using ep0 maxpacket: 16
[  173.847100][ T5878] rock: corrupted directory entry. extent=32, offset=2044, size=237
[  173.994428][ T4226] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  174.043054][ T4226] usb 1-1: config 0 has no interfaces?
[  174.213625][ T4226] usb 1-1: New USB device found, idVendor=045e, idProduct=0284, bcdDevice=a4.8f
[  174.222852][ T4226] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  174.331928][ T4226] usb 1-1: Product: syz
[  174.343034][ T4226] usb 1-1: Manufacturer: syz
[  174.353062][ T4226] usb 1-1: SerialNumber: syz
[  174.373136][ T4226] usb 1-1: config 0 descriptor??
[  174.632230][ T4309] usb 1-1: USB disconnect, device number 9
[  176.251728][ T5927] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  176.271644][ T5927] device syzkaller0 entered promiscuous mode
[  176.296596][ T5934] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  176.308383][ T5927] sch_tbf: burst 127 is lower than device syzkaller0 mtu (1514) !
[  176.318481][ T5934] device syzkaller0 entered promiscuous mode
[  176.337748][ T5927] tipc: Resetting bearer <eth:syzkaller0>
[  176.359565][ T5934] tipc: Resetting bearer <eth:syzkaller0>
[  176.366915][ T5925] tipc: Resetting bearer <eth:syzkaller0>
[  176.389387][ T5925] tipc: Disabling bearer <eth:syzkaller0>
[  176.411893][ T5933] tipc: Resetting bearer <eth:syzkaller0>
[  176.429939][ T5933] tipc: Disabling bearer <eth:syzkaller0>
[  176.973238][   T21] usb 4-1: new high-speed USB device number 9 using dummy_hcd
[  177.213606][   T21] usb 4-1: Using ep0 maxpacket: 16
[  177.390863][   T21] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  177.401356][   T21] usb 4-1: config 0 has no interfaces?
[  177.563315][   T21] usb 4-1: New USB device found, idVendor=045e, idProduct=0284, bcdDevice=a4.8f
[  177.583223][   T21] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  177.613740][   T21] usb 4-1: Product: syz
[  177.623865][   T21] usb 4-1: Manufacturer: syz
[  177.643426][   T21] usb 4-1: SerialNumber: syz
[  177.662043][   T21] usb 4-1: config 0 descriptor??
[  177.938905][ T4306] usb 4-1: USB disconnect, device number 9
[  177.993651][ T6015] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  178.047616][ T6020] device syzkaller0 entered promiscuous mode
[  178.079437][ T6015] sch_tbf: burst 127 is lower than device syzkaller0 mtu (1514) !
[  178.533765][ T6015] tipc: Resetting bearer <eth:syzkaller0>
[  178.583248][ T6014] tipc: Resetting bearer <eth:syzkaller0>
[  178.802249][ T6014] tipc: Disabling bearer <eth:syzkaller0>
[  179.004823][ T4987] tipc: Node number set to 1720381670
[  179.772722][ T6029] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  180.275288][ T6029] tipc: Disabling bearer <eth:syzkaller0>
[  180.499293][ T6056] A link change request failed with some changes committed already. Interface vlan2 may have been left with an inconsistent configuration, please check.
[  181.023176][   T21] Bluetooth: hci2: command 0x0406 tx timeout
[  181.029805][   T21] Bluetooth: hci3: command 0x0406 tx timeout
[  181.239852][   T21] Bluetooth: hci1: command 0x0406 tx timeout
[  181.499851][ T6073] loop5: detected capacity change from 0 to 256
[  181.596118][ T6077] loop3: detected capacity change from 0 to 1024
[  181.881360][   T26] audit: type=1800 audit(1763775474.298:8): pid=6077 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.3.372" name="file1" dev="loop3" ino=20 res=0 errno=0
[  182.724680][ T6111] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  182.786432][ T6119] device syzkaller0 entered promiscuous mode
[  182.813132][ T6118] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  182.843414][ T6111] tipc: Resetting bearer <eth:syzkaller0>
[  182.849567][ T6118] device syzkaller0 entered promiscuous mode
[  182.862823][ T6112] KVM: KVM_SET_CPUID{,2} after KVM_RUN may cause guest instability
[  182.873825][ T6112] KVM: KVM_SET_CPUID{,2} will fail after KVM_RUN starting with Linux 5.16
[  182.876550][ T6109] tipc: Resetting bearer <eth:syzkaller0>
[  182.942294][ T6109] tipc: Disabling bearer <eth:syzkaller0>
[  182.969252][ T6117] tipc: Resetting bearer <eth:syzkaller0>
[  183.014471][ T6117] tipc: Disabling bearer <eth:syzkaller0>
[  183.593156][   T21] usb 4-1: new high-speed USB device number 10 using dummy_hcd
[  183.893281][   T21] usb 4-1: Using ep0 maxpacket: 16
[  184.177521][   T21] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  184.201302][   T21] usb 4-1: config 0 has no interfaces?
[  185.333314][   T21] usb 4-1: New USB device found, idVendor=045e, idProduct=0284, bcdDevice=a4.8f
[  185.345884][ T6157] batman_adv: batadv0: Adding interface: gretap1
[  185.352330][ T6157] batman_adv: batadv0: The MTU of interface gretap1 is too small (1462) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  185.378018][ T6157] batman_adv: batadv0: Interface activated: gretap1
[  185.463912][   T21] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  185.580792][   T21] usb 4-1: Product: syz
[  185.681759][   T21] usb 4-1: Manufacturer: syz
[  185.759096][   T21] usb 4-1: SerialNumber: syz
[  185.890760][   T21] usb 4-1: config 0 descriptor??
[  186.141703][ T4233] usb 4-1: USB disconnect, device number 10
[  186.252095][ T6172] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  186.303986][ T6172] device syzkaller0 entered promiscuous mode
[  186.318358][ T6177] device ip6_vti0 entered promiscuous mode
[  186.348670][ T6172] tipc: Resetting bearer <eth:syzkaller0>
[  187.197212][ T6169] tipc: Resetting bearer <eth:syzkaller0>
[  187.254103][ T6169] tipc: Disabling bearer <eth:syzkaller0>
[  187.302322][ T6182] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  187.497034][ T6188] device syzkaller0 entered promiscuous mode
[  187.545019][ T6202] loop6: detected capacity change from 0 to 512
[  187.749668][ T6203] loop3: detected capacity change from 0 to 8
[  188.368677][ T6202] EXT4-fs (loop6): mounting ext3 file system using the ext4 subsystem
[  188.398126][ T6171] tipc: Resetting bearer <eth:syzkaller0>
[  188.404140][ T6202] EXT4-fs (loop6): invalid journal inode
[  188.410584][ T6202] EXT4-fs (loop6): can't get journal size
[  188.539437][ T6171] tipc: Disabling bearer <eth:syzkaller0>
[  188.546939][ T6202] EXT4-fs (loop6): 1 truncate cleaned up
[  188.558423][ T6202] EXT4-fs (loop6): mounted filesystem without journal. Opts: norecovery,grpquota,sysvgroups,lazytime,,errors=continue. Quota mode: writeback.
[  189.640947][ T6227] loop5: detected capacity change from 0 to 512
[  191.100891][ T6227] EXT4-fs (loop5): Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE
[  191.113285][ T6227] EXT4-fs (loop5): encrypted files will use data=ordered instead of data journaling mode
[  191.205767][ T6227] EXT4-fs (loop5): 1 truncate cleaned up
[  191.211518][ T6227] EXT4-fs (loop5): mounted filesystem without journal. Opts: dioread_nolock,journal_ioprio=0x0000000000000004,noauto_da_alloc,lazytime,noquota,quota,,errors=continue. Quota mode: writeback.
[  191.266852][   T26] audit: type=1800 audit(1763775483.688:9): pid=6227 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.5.406" name="file1" dev="loop5" ino=15 res=0 errno=0
[  191.850420][ T6244] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  191.867957][ T6247] fuse: Unknown parameter 'user_id00000000000000000000'
[  191.869386][ T6244] device syzkaller0 entered promiscuous mode
[  191.898928][ T4233] usb 7-1: new high-speed USB device number 2 using dummy_hcd
[  192.013385][ T6244] tipc: Resetting bearer <eth:syzkaller0>
[  192.050833][ T6243] tipc: Resetting bearer <eth:syzkaller0>
[  192.099968][ T6243] tipc: Disabling bearer <eth:syzkaller0>
[  192.153614][ T4233] usb 7-1: Using ep0 maxpacket: 16
[  192.289136][ T4233] usb 7-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  192.316525][ T6262] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  192.331956][ T4233] usb 7-1: config 0 has no interfaces?
[  192.339043][ T6262] device syzkaller0 entered promiscuous mode
[  192.391159][ T6261] tipc: Resetting bearer <eth:syzkaller0>
[  192.449194][ T6261] tipc: Disabling bearer <eth:syzkaller0>
[  192.493969][ T4233] usb 7-1: New USB device found, idVendor=045e, idProduct=0284, bcdDevice=a4.8f
[  193.297506][ T4233] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  193.306554][ T4233] usb 7-1: Product: syz
[  193.310765][ T4233] usb 7-1: Manufacturer: syz
[  193.317082][ T4233] usb 7-1: SerialNumber: syz
[  193.328829][ T4233] usb 7-1: config 0 descriptor??
[  193.503497][ T6273] loop3: detected capacity change from 0 to 40427
[  193.609100][ T6273] F2FS-fs (loop3): invalid crc value
[  193.620115][ T6273] F2FS-fs (loop3): Found nat_bits in checkpoint
[  193.657455][ T6273] F2FS-fs (loop3): Start checkpoint disabled!
[  193.706207][ T6273] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e6
[  194.233371][ T4286] usb 7-1: USB disconnect, device number 2
[  194.297748][ T1421] ieee802154 phy0 wpan0: encryption failed: -22
[  194.305112][ T1421] ieee802154 phy1 wpan1: encryption failed: -22
[  194.736333][ T4700] handle_bad_sector: 471 callbacks suppressed
[  194.736356][ T4700] attempt to access beyond end of device
[  194.736356][ T4700] loop3: rw=2049, want=45104, limit=40427
[  195.035105][ T6288] loop4: detected capacity change from 0 to 32768
[  195.041801][ T6299] fuse: Bad value for 'fd'
[  195.255707][ T6288] XFS (loop4): Mounting V5 Filesystem
[  195.397026][ T6288] XFS (loop4): Ending clean mount
[  195.419288][ T6314] fuse: Unknown parameter 'user_id00000000000000000000'
[  195.421322][ T6288] XFS (loop4): Quotacheck needed: Please wait.
[  195.539484][ T6288] XFS (loop4): Quotacheck: Done.
[  195.626187][ T6317] loop3: detected capacity change from 0 to 256
[  195.733106][ T4286] usb 7-1: new high-speed USB device number 3 using dummy_hcd
[  195.755638][   T26] audit: type=1804 audit(1763775488.178:10): pid=6317 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz.3.419" name="/newroot/78/file0/bus" dev="loop3" ino=1048622 res=1 errno=0
[  195.776893][    C1] vkms_vblank_simulate: vblank timer overrun
[  195.786933][ T4184] XFS (loop4): Unmounting Filesystem
[  195.818750][ T6319] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  195.912361][ T6319] device syzkaller0 entered promiscuous mode
[  195.998701][ T6319] tipc: Resetting bearer <eth:syzkaller0>
[  196.040115][ T6318] tipc: Resetting bearer <eth:syzkaller0>
[  196.057238][ T6323] loop3: detected capacity change from 0 to 136
[  196.072542][ T6318] tipc: Disabling bearer <eth:syzkaller0>
[  198.083323][ T4286] usb 7-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7
[  198.124679][ T4286] usb 7-1: config 27 interface 0 altsetting 0 has an invalid endpoint with address 0x0, skipping
[  198.163018][ T4286] usb 7-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d
[  198.172146][ T4286] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  198.363091][ T4233] usb 1-1: new high-speed USB device number 10 using dummy_hcd
[  198.603033][ T4233] usb 1-1: Using ep0 maxpacket: 16
[  198.735471][ T4233] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  198.914563][ T4233] usb 1-1: config 0 has no interfaces?
[  199.058577][ T6329] loop5: detected capacity change from 0 to 32768
[  199.073320][ T4233] usb 1-1: New USB device found, idVendor=045e, idProduct=0284, bcdDevice=a4.8f
[  199.115715][ T4233] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  199.145136][ T4233] usb 1-1: Product: syz
[  199.149365][ T4233] usb 1-1: Manufacturer: syz
[  199.185737][ T4233] usb 1-1: SerialNumber: syz
[  199.217176][ T4233] usb 1-1: config 0 descriptor??
[  199.241751][ T6363] fuse: Bad value for 'fd'
[  199.376419][ T6367] fuse: Unknown parameter 'user_id00000000000000000000'
[  199.424475][ T6369] loop4: detected capacity change from 0 to 128
[  199.503534][ T4803] usb 1-1: USB disconnect, device number 10
[  199.609472][ T6369] EXT4-fs (loop4): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none.
[  199.631042][ T6369] ext4 filesystem being mounted at /98/mnt supports timestamps until 2038-01-19 (0x7fffffff)
[  201.513168][ T4286] usb 7-1: can't set config #27, error -71
[  201.520031][ T4286] usb 7-1: USB disconnect, device number 3
[  201.622585][ T6391] netlink: 4 bytes leftover after parsing attributes in process `syz.3.438'.
[  202.857394][ T6395] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  202.914357][ T6397] device syzkaller0 entered promiscuous mode
[  203.229594][ T6401] tipc: Resetting bearer <eth:syzkaller0>
[  203.338159][ T6412] fuse: Bad value for 'fd'
[  203.343212][ T6401] tipc: Resetting bearer <eth:syzkaller0>
[  203.705326][ T6417] fuse: Bad value for 'fd'
[  203.720576][ T6401] tipc: Disabling bearer <eth:syzkaller0>
[  204.723101][ T5695] usb 5-1: new high-speed USB device number 9 using dummy_hcd
[  205.219134][ T6463] loop3: detected capacity change from 0 to 128
[  205.313206][ T5695] usb 5-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7
[  205.617052][ T5695] usb 5-1: config 27 interface 0 altsetting 0 has an invalid endpoint with address 0x0, skipping
[  205.737855][ T5695] usb 5-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d
[  205.751188][ T6463] EXT4-fs (loop3): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none.
[  205.793314][ T6463] ext4 filesystem being mounted at /89/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa supports timestamps until 2038-01-19 (0x7fffffff)
[  205.844181][ T5695] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  205.894373][ T6476] fuse: Bad value for 'fd'
[  205.937588][ T5695] usb 5-1: invalid MIDI out EP 0
[  205.949843][ T6479] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  205.998725][ T6479] device syzkaller0 entered promiscuous mode
[  206.056117][ T5695] snd-usb-audio: probe of 5-1:27.0 failed with error -22
[  206.101021][ T4503] udevd[4503]: error opening ATTR{/sys/devices/platform/dummy_hcd.4/usb5/5-1/5-1:27.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  206.138857][ T6479] tipc: Resetting bearer <eth:syzkaller0>
[  206.258395][ T6443] loop6: detected capacity change from 0 to 32768
[  206.267144][ T6478] tipc: Resetting bearer <eth:syzkaller0>
[  206.297408][ T6478] tipc: Disabling bearer <eth:syzkaller0>
[  206.456479][ T6443] BTRFS: device fsid e0cb6322-611b-4325-acdf-015f79de3787 devid 1 transid 8 /dev/loop6 scanned by syz.6.451 (6443)
[  207.260329][ T6443] BTRFS info (device loop6): using sha256 (sha256-avx2) checksum algorithm
[  207.303178][ T6443] BTRFS info (device loop6): enabling ssd optimizations
[  207.312629][ T6443] BTRFS info (device loop6): turning off barriers
[  207.403307][ T6443] BTRFS info (device loop6): using free space tree
[  207.436427][ T6443] BTRFS info (device loop6): has skinny extents
[  208.543623][ T6538] fuse: Bad value for 'fd'
[  208.728853][ T6443] BTRFS error (device loop6): open_ctree failed: -12
[  209.109697][ T4176] BTRFS: device fsid e0cb6322-611b-4325-acdf-015f79de3787 devid 1 transid 8 /dev/loop6 scanned by udevd (4176)
[  209.342680][ T4286] usb 5-1: USB disconnect, device number 9
[  209.475641][ T6566] device ip6_vti0 entered promiscuous mode
[  210.570957][ T6579] device syzkaller0 entered promiscuous mode
[  212.058569][ T6582] vhci_hcd vhci_hcd.0: pdev(3) rhport(0) sockfd(8)
[  212.065151][ T6582] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed)
[  212.074009][ T6582] vhci_hcd vhci_hcd.0: Device attached
[  212.079742][ T6583] vhci_hcd: connection closed
[  212.092806][ T4700] vhci_hcd: stop threads
[  212.165519][ T4700] vhci_hcd: release socket
[  212.203533][ T4700] vhci_hcd: disconnect device
[  215.603086][ T4234] usb 4-1: new high-speed USB device number 11 using dummy_hcd
[  215.703746][ T6636] device syzkaller0 entered promiscuous mode
[  215.863094][ T4234] usb 4-1: Using ep0 maxpacket: 32
[  215.983955][ T4234] usb 4-1: config 4 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  216.008763][ T4234] usb 4-1: config 4 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  216.163870][ T4234] usb 4-1: New USB device found, idVendor=046d, idProduct=c314, bcdDevice= 0.40
[  216.183539][ T4234] usb 4-1: New USB device strings: Mfr=255, Product=255, SerialNumber=0
[  216.221473][ T4234] usb 4-1: Product: syz
[  216.268934][ T4234] usb 4-1: Manufacturer: syz
[  216.446557][ T4234] hub 4-1:4.0: USB hub found
[  217.163130][ T4234] hub 4-1:4.0: 2 ports detected
[  217.351003][   T21] Bluetooth: hci4: command 0x0406 tx timeout
[  217.587069][ T6545] Bluetooth: hci0: command 0x0406 tx timeout
[  217.609658][ T6665] loop6: detected capacity change from 0 to 128
[  217.652466][ T6669] device syzkaller0 entered promiscuous mode
[  217.720071][ T6665] EXT4-fs (loop6): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none.
[  217.743108][ T4234] hub 4-1:4.0: set hub depth failed
[  217.763942][ T6665] ext4 filesystem being mounted at /61/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  217.790706][ T4234] usb 4-1: USB disconnect, device number 11
[  219.093250][   T26] audit: type=1326 audit(1763775511.508:11): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6695 comm="syz.6.510" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f26829b2749 code=0x7ffc0000
[  219.189425][   T26] audit: type=1326 audit(1763775511.558:12): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6695 comm="syz.6.510" exe="/root/syz-executor" sig=0 arch=c000003e syscall=140 compat=0 ip=0x7f26829b2749 code=0x7ffc0000
[  219.270823][ T6700] loop4: detected capacity change from 0 to 164
[  219.313183][   T26] audit: type=1326 audit(1763775511.558:13): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6695 comm="syz.6.510" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f26829b2749 code=0x7ffc0000
[  220.439473][ T6718] bridge0: port 2(bridge_slave_1) entered disabled state
[  220.446762][ T6718] bridge0: port 1(bridge_slave_0) entered disabled state
[  220.564110][ T6724] batman_adv: batadv0: Adding interface: gretap1
[  220.570741][ T6724] batman_adv: batadv0: The MTU of interface gretap1 is too small (1462) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  220.596658][ T6724] batman_adv: batadv0: Interface activated: gretap1
[  220.775795][ T6728] loop5: detected capacity change from 0 to 512
[  221.607647][ T6728] EXT4-fs error (device loop5): ext4_xattr_inode_iget:404: comm syz.5.522: inode #1: comm syz.5.522: iget: illegal inode #
[  221.627825][ T6728] EXT4-fs error (device loop5): ext4_xattr_inode_iget:409: comm syz.5.522: error while reading EA inode 1 err=-117
[  221.712450][ T6737] loop3: detected capacity change from 0 to 8192
[  221.739693][ T6728] EXT4-fs error (device loop5): ext4_xattr_inode_iget:404: comm syz.5.522: inode #1: comm syz.5.522: iget: illegal inode #
[  221.820752][ T6728] EXT4-fs error (device loop5): ext4_xattr_inode_iget:409: comm syz.5.522: error while reading EA inode 1 err=-117
[  221.837805][ T6737] REISERFS (device loop3): found reiserfs format "3.6" with non-standard journal
[  221.844024][ T6728] EXT4-fs (loop5): 1 orphan inode deleted
[  221.864482][ T6728] EXT4-fs (loop5): mounted filesystem without journal. Opts: grpjquota=,stripe=0x0000000000000003,norecovery,noinit_itable,init_itable=0x0000000000000001,minixdf,usrjquota=,debug_want_extra_isize=0x000000000000005c,errors=continue,dioread_lock,noblock_validity,noquota,,errors=continue. Quota mode: none.
[  221.882412][ T6737] REISERFS (device loop3): using ordered data mode
[  221.903562][ T6737] reiserfs: using flush barriers
[  221.934828][ T6737] REISERFS (device loop3): journal params: device loop3, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30
[  222.067092][ T6737] REISERFS (device loop3): checking transaction log (loop3)
[  223.915054][ T6757] loop5: detected capacity change from 0 to 512
[  223.940592][ T6737] REISERFS (device loop3): Using r5 hash to sort names
[  223.950936][ T6737] REISERFS (device loop3): Created .reiserfs_priv - reserved for xattr storage.
[  224.042667][ T6757] EXT4-fs (loop5): mounting ext3 file system using the ext4 subsystem
[  224.088307][ T6757] EXT4-fs (loop5): invalid journal inode
[  224.130210][ T6757] EXT4-fs (loop5): can't get journal size
[  224.146638][ T6757] EXT4-fs (loop5): 1 truncate cleaned up
[  224.152581][ T6757] EXT4-fs (loop5): mounted filesystem without journal. Opts: norecovery,grpquota,sysvgroups,lazytime,,errors=continue. Quota mode: writeback.
[  224.203330][ T6549] usb 1-1: new high-speed USB device number 11 using dummy_hcd
[  225.044864][ T6549] usb 1-1: Using ep0 maxpacket: 8
[  225.513323][ T6549] usb 1-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid maxpacket 56832, setting to 1024
[  225.520193][ T6777] device syzkaller0 entered promiscuous mode
[  225.538158][ T6549] usb 1-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 1024
[  225.582961][ T6549] usb 1-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32
[  225.628476][ T6549] usb 1-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  225.682770][ T6549] usb 1-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23
[  225.723006][ T6549] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  226.019386][ T6549] usb 1-1: GET_CAPABILITIES returned 0
[  226.453280][ T6549] usbtmc 1-1:16.0: can't read capabilities
[  226.539777][ T6549] usb 1-1: USB disconnect, device number 11
[  227.758925][ T6814] loop5: detected capacity change from 0 to 2048
[  227.826937][ T6814] UDF-fs: error (device loop5): udf_process_sequence: Primary Volume Descriptor not found!
[  227.888860][ T6814] UDF-fs: error (device loop5): udf_process_sequence: Primary Volume Descriptor not found!
[  228.805219][ T6822] device syzkaller0 entered promiscuous mode
[  230.438378][ T6841] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  230.455045][ T6841] device syzkaller0 entered promiscuous mode
[  230.515086][ T6841] tipc: Resetting bearer <eth:syzkaller0>
[  230.576469][ T6840] tipc: Resetting bearer <eth:syzkaller0>
[  230.616104][ T6840] tipc: Disabling bearer <eth:syzkaller0>
[  235.142249][ T6878] loop6: detected capacity change from 0 to 128
[  237.072506][ T6902] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  237.166350][ T6902] device syzkaller0 entered promiscuous mode
[  237.327462][ T6902] tipc: Resetting bearer <eth:syzkaller0>
[  237.589296][ T6901] tipc: Resetting bearer <eth:syzkaller0>
[  237.738094][ T6901] tipc: Disabling bearer <eth:syzkaller0>
[  238.713441][ T6921] loop6: detected capacity change from 0 to 1024
[  238.929256][ T6921] EXT4-fs (loop6): mounted filesystem without journal. Opts: barrier,nodioread_nolock,noquota,barrier,auto_da_alloc,nodioread_nolock,,errors=continue. Quota mode: none.
[  239.100125][ T6924] loop3: detected capacity change from 0 to 1024
[  239.208405][ T6921] ext4 filesystem being mounted at /79/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  239.273090][ T6924] EXT4-fs (loop3): Ignoring removed nobh option
[  239.324499][ T6924] EXT4-fs (loop3): Ignoring removed bh option
[  240.269750][ T6924] EXT4-fs (loop3): Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE
[  240.504788][ T6921] EXT4-fs error (device loop6): ext4_map_blocks:739: inode #15: block 8: comm syz.6.576: lblock 8 mapped to illegal pblock 8 (length 8)
[  240.577018][ T6924] EXT4-fs (loop3): mounted filesystem without journal. Opts: noload,data_err=abort,barrier=0x0000000000000002,dioread_lock,errors=remount-ro,max_dir_size_kb=0x00000000004007b1,data_err=ignore,grpquota,nobh,user_xattr,bh,dioread_nolock,. Quota mode: writeback.
[  240.639990][ T6921] EXT4-fs error (device loop6): ext4_ext_remove_space:2929: inode #15: comm syz.6.576: pblk 0 bad header/extent: invalid extent entries - magic f30a, entries 2, max 4(4), depth 0(0)
[  240.799033][   T26] audit: type=1800 audit(1763775533.218:14): pid=6924 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.3.579" name="file1" dev="loop3" ino=15 res=0 errno=0
[  241.174307][ T4317] EXT4-fs error (device loop6): ext4_map_blocks:739: inode #15: comm kworker/u4:9: lblock 0 mapped to illegal pblock 0 (length 1)
[  241.913785][ T4317] EXT4-fs (loop6): Delayed block allocation failed for inode 15 at logical offset 0 with max blocks 1 with error 117
[  241.964917][ T4317] EXT4-fs (loop6): This should not happen!! Data will be lost
[  241.964917][ T4317] 
[  242.379081][ T6955] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  243.279185][ T6962] netlink: 56 bytes leftover after parsing attributes in process `syz.5.584'.
[  243.360100][ T6963] device syzkaller0 entered promiscuous mode
[  243.383399][ T6955] tipc: Resetting bearer <eth:syzkaller0>
[  243.408710][ T6954] tipc: Resetting bearer <eth:syzkaller0>
[  243.468203][ T6954] tipc: Disabling bearer <eth:syzkaller0>
[  247.518256][ T6994] pci 0000:00:05.0: vgaarb: changed VGA decodes: olddecodes=io+mem,decodes=none:owns=io+mem
[  250.677200][ T7033] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  252.059168][ T7030] tipc: Disabling bearer <eth:syzkaller0>
[  253.125537][ T7054] loop6: detected capacity change from 0 to 128
[  253.176304][ T7061] loop3: detected capacity change from 0 to 1024
[  253.433300][ T7061] EXT4-fs (loop3): mounted filesystem without journal. Opts: auto_da_alloc,minixdf,,errors=continue. Quota mode: none.
[  255.195482][ T7075] device syzkaller0 entered promiscuous mode
[  255.325114][ T7075] sch_tbf: burst 127 is lower than device syzkaller0 mtu (1514) !
[  255.741777][ T1421] ieee802154 phy0 wpan0: encryption failed: -22
[  255.751172][ T1421] ieee802154 phy1 wpan1: encryption failed: -22
[  256.561757][ T7097] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  256.761152][ T7097] tipc: Resetting bearer <eth:syzkaller0>
[  257.626413][ T5699] tipc: Node number set to 1486867986
[  258.090632][ T7096] tipc: Disabling bearer <eth:syzkaller0>
[  259.344155][ T7134] device syzkaller0 entered promiscuous mode
[  259.355361][ T7133] loop5: detected capacity change from 0 to 128
[  259.362491][ T7134] sch_tbf: burst 127 is lower than device syzkaller0 mtu (1514) !
[  259.417804][ T7133] FAT-fs (loop5): Unrecognized mount option "dos1xfloppy=win95" or missing value
[  263.299950][ T7185] loop4: detected capacity change from 0 to 8
[  263.409204][ T7145] loop5: detected capacity change from 0 to 32768
[  264.273314][ T7185] SQUASHFS error: zlib decompression failed, data probably corrupt
[  265.989079][ T7185] SQUASHFS error: Failed to read block 0x4e8: -5
[  266.109069][ T7185] SQUASHFS error: zlib decompression failed, data probably corrupt
[  266.171712][ T7185] SQUASHFS error: Failed to read block 0x4ee: -5
[  266.180616][   T26] audit: type=1800 audit(1763776070.597:15): pid=7185 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.4.649" name="file1" dev="loop4" ino=5 res=0 errno=0
[  268.825580][ T7230] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  269.301219][ T7230] tipc: Resetting bearer <eth:syzkaller0>
[  269.359738][ T7227] tipc: Disabling bearer <eth:syzkaller0>
[  277.495914][ T7310] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  277.538764][ T7310] tipc: Resetting bearer <eth:syzkaller0>
[  277.579630][ T7304] tipc: Disabling bearer <eth:syzkaller0>
[  280.483034][ T4234] usb 1-1: new full-speed USB device number 12 using dummy_hcd
[  281.653297][ T4234] usb 1-1: not running at top speed; connect to a high speed hub
[  281.863094][ T4234] usb 1-1: config 2 has an invalid interface number: 237 but max is 0
[  282.651807][ T4234] usb 1-1: config 2 has no interface number 0
[  282.669528][ T4234] usb 1-1: config 2 interface 237 has no altsetting 0
[  282.726736][ T7370] loop5: detected capacity change from 0 to 512
[  282.834341][ T4234] usb 1-1: New USB device found, idVendor=07fd, idProduct=0004, bcdDevice=95.59
[  282.881847][ T4234] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  282.930687][ T7370] EXT4-fs (loop5): Ignoring removed mblk_io_submit option
[  282.963139][ T4234] usb 1-1: Product: syz
[  283.008125][ T4234] usb 1-1: Manufacturer: syz
[  283.071138][ T4234] usb 1-1: SerialNumber: syz
[  283.104792][ T7370] EXT4-fs (loop5): Cannot turn on journaled quota: type 0: error -13
[  283.314152][ T7372] loop3: detected capacity change from 0 to 8192
[  283.458743][ T7370] EXT4-fs error (device loop5): ext4_clear_blocks:883: inode #13: comm syz.5.696: attempt to clear invalid blocks 2 len 1
[  283.582755][ T7372] REISERFS (device loop3): found reiserfs format "3.6" with non-standard journal
[  283.593071][ T7372] REISERFS (device loop3): using ordered data mode
[  283.600040][ T7372] reiserfs: using flush barriers
[  283.616943][ T7372] REISERFS (device loop3): journal params: device loop3, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30
[  283.643745][ T7372] REISERFS (device loop3): checking transaction log (loop3)
[  283.924378][ T7370] EXT4-fs error (device loop5): ext4_mb_generate_buddy:1147: group 0, block bitmap and bg descriptor inconsistent: 218 vs 220 free clusters
[  284.193265][ T4234] usb 1-1: can't set config #2, error -71
[  284.281487][ T4234] usb 1-1: USB disconnect, device number 12
[  284.303826][ T7370] EXT4-fs error (device loop5): ext4_free_branches:1030: inode #13: comm syz.5.696: invalid indirect mapped block 1819239214 (level 0)
[  284.455895][ T7372] REISERFS (device loop3): Using tea hash to sort names
[  284.470135][ T7372] REISERFS (device loop3): Created .reiserfs_priv - reserved for xattr storage.
[  284.576357][ T7370] EXT4-fs error (device loop5): ext4_free_branches:1030: inode #13: comm syz.5.696: invalid indirect mapped block 1819239214 (level 1)
[  284.921146][ T7370] EXT4-fs (loop5): 1 truncate cleaned up
[  284.934837][ T7370] EXT4-fs (loop5): mounted filesystem without journal. Opts: nodioread_nolock,init_itable=0x0000000000000004,mblk_io_submit,minixdf,jqfmt=vfsv0,usrjquota=..,errors=continue. Quota mode: writeback.
[  292.038117][ T7435] loop3: detected capacity change from 0 to 512
[  292.939379][ T7435] EXT4-fs (loop3): mounted filesystem without journal. Opts: max_dir_size_kb=0x0000000000000007,inode_readahead_blks=0x0000000000080000,quota,,errors=continue. Quota mode: writeback.
[  292.993150][ T7435] ext4 filesystem being mounted at /140/bus supports timestamps until 2038-01-19 (0x7fffffff)
[  294.131793][ T4226] Bluetooth: hci5: command 0x0409 tx timeout
[  295.980006][ T7436] chnl_net:caif_netlink_parms(): no params data found
[  296.213137][ T5699] Bluetooth: hci5: command 0x041b tx timeout
[  296.289859][ T4442] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  296.509862][ T7436] bridge0: port 1(bridge_slave_0) entered blocking state
[  296.518622][ T7436] bridge0: port 1(bridge_slave_0) entered disabled state
[  296.526961][ T7436] device bridge_slave_0 entered promiscuous mode
[  296.535627][ T7436] bridge0: port 2(bridge_slave_1) entered blocking state
[  296.543172][ T7436] bridge0: port 2(bridge_slave_1) entered disabled state
[  296.560229][ T7436] device bridge_slave_1 entered promiscuous mode
[  296.684214][ T7485] loop5: detected capacity change from 0 to 764
[  297.849909][ T4442] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  297.985750][ T7436] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  298.169198][ T7436] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  298.546520][ T7436] team0: Port device team_slave_0 added
[  298.568194][ T7436] team0: Port device team_slave_1 added
[  298.653524][ T4987] Bluetooth: hci5: command 0x040f tx timeout
[  299.234066][ T4442] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  299.507045][ T7436] batman_adv: batadv0: Adding interface: batadv_slave_0
[  299.544051][ T7436] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  299.779952][ T7436] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  299.887078][ T7513] 9pnet_virtio: no channels available for device 
[  300.118985][ T7436] batman_adv: batadv0: Adding interface: batadv_slave_1
[  300.133982][ T7436] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  300.161378][ T7436] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  300.290453][ T7513] input: Bluetooth HID Boot Protocol Device as /devices/virtual/bluetooth/hci5/hci5:200/input8
[  300.485890][ T4442] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  300.733515][   T21] Bluetooth: hci5: command 0x0419 tx timeout
[  300.743042][ T4286] usb 6-1: new high-speed USB device number 2 using dummy_hcd
[  301.349884][ T7436] device hsr_slave_0 entered promiscuous mode
[  301.426956][ T7436] device hsr_slave_1 entered promiscuous mode
[  301.597330][ T7436] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  301.638758][ T7436] Cannot create hsr debugfs directory
[  301.673232][ T4286] usb 6-1: no configurations
[  301.677990][ T4286] usb 6-1: can't read configurations, error -22
[  301.872928][ T4286] usb 6-1: new high-speed USB device number 3 using dummy_hcd
[  302.193801][ T4286] usb 6-1: no configurations
[  302.199127][ T4286] usb 6-1: can't read configurations, error -22
[  302.246380][ T4286] usb usb6-port1: attempt power cycle
[  302.722934][ T4286] usb 6-1: new high-speed USB device number 4 using dummy_hcd
[  302.853156][ T4286] usb 6-1: device descriptor read/8, error -71
[  302.912107][ T4442] tipc: Left network mode
[  305.549031][ T7557] loop3: detected capacity change from 0 to 4096
[  305.615787][ T7436] netdevsim netdevsim7 netdevsim0: renamed from eth0
[  305.627216][ T7436] netdevsim netdevsim7 netdevsim1: renamed from eth1
[  305.675025][ T7436] netdevsim netdevsim7 netdevsim2: renamed from eth2
[  306.329532][ T7436] netdevsim netdevsim7 netdevsim3: renamed from eth3
[  307.099763][ T7580] No such timeout policy "syz1"
[  307.627695][ T7581] NILFS (loop3): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
[  307.790667][   T26] audit: type=1800 audit(1763777392.206:16): pid=7557 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.3.741" name="file1" dev="loop3" ino=15 res=0 errno=0
[  307.933734][ T7436] 8021q: adding VLAN 0 to HW filter on device bond0
[  309.259699][ T4315] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[  309.514099][ T4315] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[  309.550068][ T7436] 8021q: adding VLAN 0 to HW filter on device team0
[  310.286358][ T4315] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[  310.352043][ T4315] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[  310.440911][ T4315] bridge0: port 1(bridge_slave_0) entered blocking state
[  310.448129][ T4315] bridge0: port 1(bridge_slave_0) entered forwarding state
[  310.860501][ T7619] loop3: detected capacity change from 0 to 512
[  310.924239][ T4315] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[  310.941759][   T26] audit: type=1804 audit(1763777395.356:17): pid=7618 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.6.753" name="bus" dev="ramfs" ino=46619 res=1 errno=0
[  310.943881][ T4315] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[  310.961880][    C1] vkms_vblank_simulate: vblank timer overrun
[  311.101598][ T7619] EXT4-fs (loop3): mounting ext3 file system using the ext4 subsystem
[  311.126845][ T7619] EXT4-fs (loop3): invalid journal inode
[  311.135271][ T7619] EXT4-fs (loop3): can't get journal size
[  311.147849][ T7619] EXT4-fs (loop3): 1 truncate cleaned up
[  311.174766][ T4315] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[  311.182269][ T7619] EXT4-fs (loop3): mounted filesystem without journal. Opts: norecovery,grpquota,sysvgroups,lazytime,,errors=continue. Quota mode: writeback.
[  311.186599][   T26] audit: type=1804 audit(1763777395.516:18): pid=7623 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz.6.753" name="bus" dev="ramfs" ino=46619 res=1 errno=0
[  311.226641][ T4315] bridge0: port 2(bridge_slave_1) entered blocking state
[  311.233848][ T4315] bridge0: port 2(bridge_slave_1) entered forwarding state
[  311.241793][ T4315] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[  311.260090][ T4315] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[  311.419477][ T4731] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[  311.445315][ T4731] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[  311.487831][ T4731] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[  311.519650][  T145] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[  311.549819][  T145] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[  311.824957][ T7632] No such timeout policy "syz1"
[  312.490098][ T7436] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network
[  312.542248][ T7436] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[  312.585793][  T155] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[  313.683695][  T155] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[  313.730575][  T155] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[  313.739475][  T155] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[  313.886417][ T4442] device hsr_slave_0 left promiscuous mode
[  313.908344][ T4442] device hsr_slave_1 left promiscuous mode
[  313.920909][ T4442] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  314.021183][ T4442] batman_adv: batadv0: Removing interface: batadv_slave_0
[  314.237409][ T4442] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  314.471322][ T4442] batman_adv: batadv0: Removing interface: batadv_slave_1
[  315.033109][ T4442] device bridge_slave_1 left promiscuous mode
[  315.056339][ T4442] bridge0: port 2(bridge_slave_1) entered disabled state
[  315.265234][ T4442] device bridge_slave_0 left promiscuous mode
[  315.331596][ T4442] bridge0: port 1(bridge_slave_0) entered disabled state
[  315.483980][ T4442] device veth1_macvtap left promiscuous mode
[  315.525331][ T4442] device veth0_macvtap left promiscuous mode
[  315.531591][ T4442] device veth1_vlan left promiscuous mode
[  315.762158][ T4442] device veth0_vlan left promiscuous mode
[  315.920731][ T7667] loop3: detected capacity change from 0 to 512
[  316.005354][ T7667] EXT4-fs (loop3): mounting ext3 file system using the ext4 subsystem
[  316.023215][ T7667] EXT4-fs (loop3): invalid journal inode
[  316.053266][ T7667] EXT4-fs (loop3): can't get journal size
[  316.061812][ T7669] netlink: 56 bytes leftover after parsing attributes in process `syz.6.766'.
[  316.200606][ T7667] EXT4-fs (loop3): 1 truncate cleaned up
[  316.235453][ T7667] EXT4-fs (loop3): mounted filesystem without journal. Opts: norecovery,grpquota,sysvgroups,lazytime,,errors=continue. Quota mode: writeback.
[  316.236243][ T4442] team0 (unregistering): Port device team_slave_1 removed
[  316.275346][ T4442] team0 (unregistering): Port device team_slave_0 removed
[  316.402678][ T4442] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  316.739227][ T4442] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  317.020778][ T4442] bond0 (unregistering): Released all slaves
[  317.175651][ T1421] ieee802154 phy0 wpan0: encryption failed: -22
[  317.182239][ T1421] ieee802154 phy1 wpan1: encryption failed: -22
[  317.835114][  T155] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[  319.695487][  T155] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready
[  319.735608][  T155] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready
[  319.870656][ T7436] 8021q: adding VLAN 0 to HW filter on device batadv0
[  320.481869][ T7728] loop3: detected capacity change from 0 to 512
[  320.599766][ T7728] EXT4-fs (loop3): mounting ext3 file system using the ext4 subsystem
[  320.673469][ T7728] EXT4-fs (loop3): invalid journal inode
[  320.679368][ T7728] EXT4-fs (loop3): can't get journal size
[  320.783529][ T7728] EXT4-fs (loop3): 1 truncate cleaned up
[  320.789503][ T7728] EXT4-fs (loop3): mounted filesystem without journal. Opts: norecovery,grpquota,sysvgroups,lazytime,,errors=continue. Quota mode: writeback.
[  320.830425][ T4700] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready
[  320.893661][ T4700] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[  321.105702][ T7436] device veth0_vlan entered promiscuous mode
[  321.124369][  T145] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready
[  321.157070][  T145] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[  321.210738][ T7436] device veth1_vlan entered promiscuous mode
[  321.256295][  T145] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[  321.281733][  T145] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[  321.387238][  T145] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready
[  321.498627][ T4700] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready
[  321.533812][ T4700] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready
[  321.596617][ T4700] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[  321.682365][ T7436] device veth0_macvtap entered promiscuous mode
[  321.726996][ T7436] device veth1_macvtap entered promiscuous mode
[  321.817383][ T7742] loop3: detected capacity change from 0 to 128
[  321.838618][  T145] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready
[  321.878970][  T145] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready
[  321.923940][ T7742] FAT-fs (loop3): Unrecognized mount option "dos1xfloppy=win95" or missing value
[  321.946274][ T7436] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  321.986297][ T7436] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  322.026933][ T7436] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  322.068714][ T7436] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  322.119836][ T7436] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  322.171623][ T7436] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  322.202335][ T7436] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  322.235663][ T7436] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  322.264345][ T7436] batman_adv: batadv0: Interface activated: batadv_slave_0
[  322.304285][ T7436] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  322.345887][ T7436] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  322.387025][ T7436] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  323.000770][ T7436] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  323.269636][ T7436] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  323.396198][ T7436] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  323.456639][ T7436] batman_adv: batadv0: Interface activated: batadv_slave_1
[  323.518636][ T4700] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready
[  323.528322][ T4700] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[  324.055529][ T4700] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
[  324.086002][ T4700] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[  324.213378][ T7436] netdevsim netdevsim7 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  324.312899][ T7436] netdevsim netdevsim7 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  324.352250][ T7436] netdevsim netdevsim7 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  324.361453][ T7436] netdevsim netdevsim7 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  324.996974][ T7786] No such timeout policy "syz1"
[  326.495223][ T4315] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  326.592996][ T4315] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  326.965644][ T4700] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready
[  326.997847][ T7801] batman_adv: batadv0: Adding interface: gretap1
[  327.004342][ T7801] batman_adv: batadv0: The MTU of interface gretap1 is too small (1462) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  327.030190][ T7801] batman_adv: batadv0: Interface activated: gretap1
[  327.058420][ T4700] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  327.157687][ T4700] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  327.241106][  T145] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready
[  327.476529][ T7810] loop3: detected capacity change from 0 to 128
[  327.601299][ T7810] FAT-fs (loop3): Unrecognized mount option "dos1xfloppy=win95" or missing value
[  328.501773][ T7827] loop6: detected capacity change from 0 to 1024
[  328.812643][ T7827] EXT4-fs (loop6): mounted filesystem without journal. Opts: barrier,nodioread_nolock,noquota,barrier,auto_da_alloc,nodioread_nolock,,errors=continue. Quota mode: none.
[  330.212968][ T7837] EXT4-fs error (device loop6): ext4_validate_block_bitmap:438: comm ext4lazyinit: bg 0: block 112: padding at end of block bitmap is not set
[  330.233020][ T7827] ext4 filesystem being mounted at /128/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  330.425422][ T7827] EXT4-fs error (device loop6): ext4_map_blocks:739: inode #15: comm syz.6.797: lblock 0 mapped to illegal pblock 0 (length 1)
[  330.514398][ T7853] EXT4-fs error (device loop6): ext4_map_blocks:629: inode #15: comm syz.6.797: lblock 0 mapped to illegal pblock 0 (length 1)
[  331.321140][ T7853] EXT4-fs error (device loop6): ext4_ext_remove_space:2929: inode #15: comm syz.6.797: pblk 0 bad header/extent: invalid extent entries - magic f30a, entries 2, max 4(4), depth 0(0)
[  331.419487][ T7853] EXT4-fs error (device loop6) in ext4_setattr:5622: Corrupt filesystem
[  336.963113][ T7936] device ip6_vti0 entered promiscuous mode
[  340.129153][ T7969] loop7: detected capacity change from 0 to 512
[  340.643148][ T7969] EXT4-fs (loop7): Ignoring removed mblk_io_submit option
[  340.916343][ T7969] EXT4-fs (loop7): Cannot turn on journaled quota: type 0: error -13
[  340.933946][ T7969] EXT4-fs error (device loop7): ext4_clear_blocks:883: inode #13: comm syz.7.829: attempt to clear invalid blocks 2 len 1
[  341.663874][ T7969] EXT4-fs error (device loop7): ext4_mb_generate_buddy:1147: group 0, block bitmap and bg descriptor inconsistent: 218 vs 220 free clusters
[  341.743246][ T7969] EXT4-fs error (device loop7): ext4_free_branches:1030: inode #13: comm syz.7.829: invalid indirect mapped block 1819239214 (level 0)
[  342.761338][ T7969] EXT4-fs error (device loop7): ext4_free_branches:1030: inode #13: comm syz.7.829: invalid indirect mapped block 1819239214 (level 1)
[  342.799237][ T7969] EXT4-fs (loop7): 1 truncate cleaned up
[  342.817975][ T7969] EXT4-fs (loop7): mounted filesystem without journal. Opts: nodioread_nolock,init_itable=0x0000000000000004,mblk_io_submit,minixdf,jqfmt=vfsv0,usrjquota=..,errors=continue. Quota mode: writeback.
[  343.541617][ T8004] EXT4-fs (loop7): Quota file not on filesystem root. Journaled quota will not work
[  351.038267][ T8086] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  351.078805][ T8086] device syzkaller0 entered promiscuous mode
[  351.253875][ T8084] tipc: Resetting bearer <eth:syzkaller0>
[  351.312254][ T8084] tipc: Disabling bearer <eth:syzkaller0>
[  351.646629][ T8095] loop6: detected capacity change from 0 to 128
[  353.124745][ T8095] FAT-fs (loop6): Unrecognized mount option "dos1xfloppy=win95" or missing value
[  353.207271][ T8119] loop5: detected capacity change from 0 to 1024
[  356.219796][ T8119] EXT4-fs (loop5): ext4_check_descriptors: Inode bitmap for group 0 overlaps superblock
[  356.230320][ T8119] EXT4-fs (loop5): ext4_check_descriptors: Checksum for group 0 failed (42152!=20869)
[  356.244717][ T8119] EXT4-fs error (device loop5): ext4_get_journal_inode:5160: inode #5: comm syz.5.864: unexpected bad inode w/o EXT4_IGET_BAD
[  356.259078][ T8119] EXT4-fs (loop5): no journal found
[  356.264540][ T8119] EXT4-fs (loop5): can't get journal size
[  356.270937][ T8119] EXT4-fs: failed to create workqueue
[  356.276483][ T8119] EXT4-fs (loop5): mount failed
[  359.571595][ T8157] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  359.600057][ T8157] device syzkaller0 entered promiscuous mode
[  359.873087][ T8170] misc userio: The device must be registered before sending interrupts
[  359.884367][ T8170] misc userio: The device must be registered before sending interrupts
[  360.111696][ T8175] loop3: detected capacity change from 0 to 1024
[  360.363611][ T8171] loop5: detected capacity change from 0 to 128
[  360.607381][ T4987] tipc: Node number set to 3437677082
[  362.284565][ T8171] FAT-fs (loop5): Unrecognized mount option "dos1xfloppy=win95" or missing value
[  363.613181][ T8173] tipc: Resetting bearer <eth:syzkaller0>
[  364.421292][ T8173] tipc: Disabling bearer <eth:syzkaller0>
[  366.175942][ T8218] ax25_connect(): syz.0.883 uses autobind, please contact jreuter@yaina.de
[  369.267792][ T8244] loop3: detected capacity change from 0 to 1024
[  372.662472][ T8247] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  372.992187][ T8246] tipc: Disabling bearer <eth:syzkaller0>
[  375.538462][ T8304] loop3: detected capacity change from 0 to 1024
[  376.051612][ T8310] netlink: 76 bytes leftover after parsing attributes in process `syz.6.906'.
[  378.663323][ T1421] ieee802154 phy0 wpan0: encryption failed: -22
[  378.670166][ T1421] ieee802154 phy1 wpan1: encryption failed: -22
[  381.565343][ T8310] bridge0: port 2(bridge_slave_1) entered disabled state
[  381.572858][ T8310] bridge0: port 1(bridge_slave_0) entered disabled state
[  382.498226][ T8366] loop3: detected capacity change from 0 to 1024
[  382.899072][ T8366] EXT4-fs (loop3): ext4_check_descriptors: Inode bitmap for group 0 overlaps superblock
[  382.909206][ T8366] EXT4-fs (loop3): ext4_check_descriptors: Checksum for group 0 failed (42152!=20869)
[  382.931696][ T8366] EXT4-fs error (device loop3): ext4_get_journal_inode:5160: inode #5: comm syz.3.919: unexpected bad inode w/o EXT4_IGET_BAD
[  382.952741][ T8366] EXT4-fs (loop3): no journal found
[  382.958190][ T8366] EXT4-fs (loop3): can't get journal size
[  383.042385][ T8366] EXT4-fs (loop3): mounted filesystem without journal. Opts: noblock_validity,noinit_itable,norecovery,min_batch_time=0x000000000000071d,abort,,errors=continue. Quota mode: writeback.
[  384.234710][ T8377] misc userio: No port type given on /dev/userio
[  384.242352][ T8377] misc userio: The device must be registered before sending interrupts
[  384.251704][ T8377] misc userio: The device must be registered before sending interrupts
[  386.811142][ T8402] loop7: detected capacity change from 0 to 1024
[  386.969072][ T8402] EXT4-fs (loop7): ext4_check_descriptors: Inode bitmap for group 0 overlaps superblock
[  386.979036][ T8402] EXT4-fs (loop7): ext4_check_descriptors: Checksum for group 0 failed (42152!=20869)
[  386.992539][ T8402] EXT4-fs error (device loop7): ext4_get_journal_inode:5160: inode #5: comm syz.7.929: unexpected bad inode w/o EXT4_IGET_BAD
[  387.007208][ T8402] EXT4-fs (loop7): no journal found
[  387.012584][ T8402] EXT4-fs (loop7): can't get journal size
[  387.155083][ T8402] EXT4-fs (loop7): mounted filesystem without journal. Opts: noblock_validity,noinit_itable,norecovery,min_batch_time=0x000000000000071d,abort,,errors=continue. Quota mode: writeback.
[  388.889453][ T8416] No such timeout policy "syz1"
[  390.306103][ T8418] netlink: 56 bytes leftover after parsing attributes in process `syz.0.933'.
[  390.361249][ T8310] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  391.339013][ T8310] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  393.510289][ T4309] usb 6-1: new high-speed USB device number 6 using dummy_hcd
[  393.821704][ T4309] usb 6-1: Using ep0 maxpacket: 16
[  394.058099][ T4309] usb 6-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  394.068704][ T4309] usb 6-1: config 0 has no interfaces?
[  394.313358][ T4309] usb 6-1: New USB device found, idVendor=045e, idProduct=0284, bcdDevice=a4.8f
[  394.322710][ T4309] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  394.385974][ T4309] usb 6-1: Product: syz
[  394.442249][ T4309] usb 6-1: Manufacturer: syz
[  394.612519][ T4309] usb 6-1: SerialNumber: syz
[  394.657566][ T4309] usb 6-1: config 0 descriptor??
[  394.753019][ T4309] usb 6-1: can't set config #0, error -71
[  394.785161][ T4309] usb 6-1: USB disconnect, device number 6
[  395.153285][   T21] Bluetooth: hci2: command 0x0409 tx timeout
[  396.669926][ T8310] netdevsim netdevsim6 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0
[  396.691108][ T8310] netdevsim netdevsim6 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0
[  396.815874][ T8310] netdevsim netdevsim6 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0
[  396.824884][ T8310] netdevsim netdevsim6 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0
[  397.374581][   T21] Bluetooth: hci2: command 0x041b tx timeout
[  397.619552][ T8310] batman_adv: batadv0: Interface deactivated: gretap1
[  399.749848][ T5701] Bluetooth: hci2: command 0x040f tx timeout
[  399.789719][ T8415] IPv6: ADDRCONF(NETDEV_CHANGE): bpq0: link becomes ready
[  400.166144][ T8484] ax25_connect(): syz.3.953 uses autobind, please contact jreuter@yaina.de
[  401.338329][ T8437] chnl_net:caif_netlink_parms(): no params data found
[  401.651714][ T8437] bridge0: port 1(bridge_slave_0) entered blocking state
[  402.756027][ T8515] loop3: detected capacity change from 0 to 1024
[  403.682957][ T8516] loop5: detected capacity change from 0 to 1024
[  404.134749][   T21] Bluetooth: hci2: command 0x0419 tx timeout
[  404.151211][ T8437] bridge0: port 1(bridge_slave_0) entered disabled state
[  405.093828][ T8516] EXT4-fs (loop5): ext4_check_descriptors: Inode bitmap for group 0 overlaps superblock
[  405.104011][ T8516] EXT4-fs (loop5): ext4_check_descriptors: Checksum for group 0 failed (42152!=20869)
[  405.132848][ T4987] usb 1-1: new high-speed USB device number 13 using dummy_hcd
[  405.150228][ T8515] EXT4-fs (loop3): ext4_check_descriptors: Inode bitmap for group 0 overlaps superblock
[  405.160423][ T8515] EXT4-fs (loop3): ext4_check_descriptors: Checksum for group 0 failed (42152!=20869)
[  405.171788][ T8516] EXT4-fs error (device loop5): ext4_get_journal_inode:5160: inode #5: comm syz.5.960: unexpected bad inode w/o EXT4_IGET_BAD
[  405.186176][ T8515] EXT4-fs error (device loop3): ext4_get_journal_inode:5160: inode #5: comm syz.3.959: unexpected bad inode w/o EXT4_IGET_BAD
[  405.221343][ T8516] EXT4-fs (loop5): no journal found
[  405.226872][ T8516] EXT4-fs (loop5): can't get journal size
[  405.233424][ T8516] EXT4-fs: failed to create workqueue
[  405.239021][ T8516] EXT4-fs (loop5): mount failed
[  405.262426][ T8515] EXT4-fs (loop3): no journal found
[  405.267900][ T8515] EXT4-fs (loop3): can't get journal size
[  405.274590][ T8515] EXT4-fs: failed to create workqueue
[  405.280079][ T8515] EXT4-fs (loop3): mount failed
[  405.295547][ T8437] device bridge_slave_0 entered promiscuous mode
[  405.373686][ T8437] bridge0: port 2(bridge_slave_1) entered blocking state
[  405.483992][ T8437] bridge0: port 2(bridge_slave_1) entered disabled state
[  405.492409][ T8437] device bridge_slave_1 entered promiscuous mode
[  406.162282][ T8310] syz.6.906 (8310) used greatest stack depth: 20256 bytes left
[  407.169471][ T8437] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  407.182266][ T8437] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  407.511628][ T8437] team0: Port device team_slave_0 added
[  407.540826][ T8437] team0: Port device team_slave_1 added
[  407.719762][ T8437] batman_adv: batadv0: Adding interface: batadv_slave_0
[  407.739011][ T8437] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  407.765449][    C0] vkms_vblank_simulate: vblank timer overrun
[  408.895724][ T8437] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  408.908618][ T8437] batman_adv: batadv0: Adding interface: batadv_slave_1
[  408.915918][ T8437] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  408.942172][ T8437] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  409.415698][ T8437] device hsr_slave_0 entered promiscuous mode
[  409.433746][ T8437] device hsr_slave_1 entered promiscuous mode
[  409.452652][ T8437] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  409.615922][ T8437] Cannot create hsr debugfs directory
[  409.623039][ T6553] usb 6-1: new high-speed USB device number 7 using dummy_hcd
[  409.924171][ T6553] usb 6-1: Using ep0 maxpacket: 16
[  410.055306][ T6553] usb 6-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  410.114030][ T6553] usb 6-1: config 0 has no interfaces?
[  410.296272][ T4263] tipc: Left network mode
[  410.305115][ T6553] usb 6-1: New USB device found, idVendor=045e, idProduct=0284, bcdDevice=a4.8f
[  410.404775][ T8582] loop3: detected capacity change from 0 to 1024
[  410.560724][ T8582] EXT4-fs (loop3): ext4_check_descriptors: Inode bitmap for group 0 overlaps superblock
[  410.570837][ T8582] EXT4-fs (loop3): ext4_check_descriptors: Checksum for group 0 failed (42152!=20869)
[  410.604419][ T6553] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  410.620188][ T8582] EXT4-fs error (device loop3): ext4_get_journal_inode:5160: inode #5: comm syz.3.974: unexpected bad inode w/o EXT4_IGET_BAD
[  410.639880][ T8582] EXT4-fs (loop3): no journal found
[  410.645347][ T8582] EXT4-fs (loop3): can't get journal size
[  410.681159][ T8582] EXT4-fs (loop3): mounted filesystem without journal. Opts: noblock_validity,noinit_itable,norecovery,min_batch_time=0x000000000000071d,abort,,errors=continue. Quota mode: writeback.
[  410.802341][ T6553] usb 6-1: Product: syz
[  410.858693][ T6553] usb 6-1: Manufacturer: syz
[  411.037207][ T6553] usb 6-1: SerialNumber: syz
[  411.243158][ T6553] usb 6-1: config 0 descriptor??
[  411.612308][ T8437] netdevsim netdevsim8 netdevsim0: renamed from eth0
[  411.662888][ T8437] netdevsim netdevsim8 netdevsim1: renamed from eth1
[  411.706379][ T8437] netdevsim netdevsim8 netdevsim2: renamed from eth2
[  411.748373][ T8437] netdevsim netdevsim8 netdevsim3: renamed from eth3
[  412.112743][ T8437] 8021q: adding VLAN 0 to HW filter on device bond0
[  412.153297][ T4731] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[  412.183717][ T4803] usb 6-1: USB disconnect, device number 7
[  412.218359][ T4731] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[  412.289884][ T8437] 8021q: adding VLAN 0 to HW filter on device team0
[  412.344424][ T4731] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[  412.374744][ T4731] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[  412.427015][ T4731] bridge0: port 1(bridge_slave_0) entered blocking state
[  412.434259][ T4731] bridge0: port 1(bridge_slave_0) entered forwarding state
[  412.565335][ T8609] loop7: detected capacity change from 0 to 128
[  412.712133][ T8609] FAT-fs (loop7): Unrecognized mount option "dos1xfloppy=win95" or missing value
[  412.732968][ T4731] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[  412.741128][ T4731] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[  412.778336][ T4731] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[  413.388616][ T4731] bridge0: port 2(bridge_slave_1) entered blocking state
[  413.395784][ T4731] bridge0: port 2(bridge_slave_1) entered forwarding state
[  413.522594][ T8437] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network
[  413.570034][ T8437] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[  413.814620][ T8622] ax25_connect(): syz.3.980 uses autobind, please contact jreuter@yaina.de
[  415.990003][ T4731] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[  416.477688][ T4731] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[  416.824542][ T4731] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[  417.096680][ T4731] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[  417.191756][ T4731] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[  417.275410][ T4731] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[  417.448715][ T4731] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[  417.469397][ T4731] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[  417.486066][ T4731] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[  417.949831][ T4731] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[  417.981320][ T4731] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[  418.336283][ T4731] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[  419.177034][ T8659] TCP: request_sock_TCPv6: Possible SYN flooding on port 20002. Sending cookies.  Check SNMP counters.
[  422.031481][ T4263] batman_adv: batadv0: Removing interface: gretap1
[  422.243515][ T4700] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready
[  422.251173][ T4700] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready
[  422.317562][ T8683] No such timeout policy "syz1"
[  422.421237][ T8437] 8021q: adding VLAN 0 to HW filter on device batadv0
[  422.517134][ T4263] bond0: (slave wlan1): Releasing backup interface
[  422.568962][ T8681] loop3: detected capacity change from 0 to 128
[  422.789331][ T8681] FAT-fs (loop3): Unrecognized mount option "dos1xfloppy=win95" or missing value
[  426.866158][ T5701] Bluetooth: hci5: command 0x0406 tx timeout
[  427.465158][ T4263] device hsr_slave_0 left promiscuous mode
[  427.502611][ T4263] device hsr_slave_1 left promiscuous mode
[  427.643869][ T4263] batman_adv: batadv0: Removing interface: batadv_slave_0
[  427.666162][ T4263] batman_adv: batadv0: Removing interface: batadv_slave_1
[  427.677684][ T4263] device bridge_slave_1 left promiscuous mode
[  427.686748][ T4263] bridge0: port 2(bridge_slave_1) entered disabled state
[  427.704803][ T4263] device bridge_slave_0 left promiscuous mode
[  427.712668][ T4263] bridge0: port 1(bridge_slave_0) entered disabled state
[  428.177124][ T4263] team0 (unregistering): Port device team_slave_1 removed
[  428.194997][ T4263] team0 (unregistering): Port device team_slave_0 removed
[  428.216456][ T4263] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  428.257497][ T4263] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  428.463891][ T4263] bond0 (unregistering): Released all slaves
[  430.033200][ T4313] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready
[  430.086581][ T4313] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[  430.783775][ T8437] device veth0_vlan entered promiscuous mode
[  431.133521][ T8631] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready
[  431.166503][ T8631] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[  431.213390][ T8631] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[  432.540711][ T8631] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[  432.556714][ T8437] device veth1_vlan entered promiscuous mode
[  432.823538][ T8793] ax25_connect(): syz.7.1015 uses autobind, please contact jreuter@yaina.de
[  434.642452][ T4700] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready
[  434.664033][ T4700] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[  434.699153][ T8796] loop5: detected capacity change from 0 to 512
[  434.709949][ T8437] device veth0_macvtap entered promiscuous mode
[  434.766230][ T8437] device veth1_macvtap entered promiscuous mode
[  434.851401][ T8796] EXT4-fs (loop5): Ignoring removed mblk_io_submit option
[  434.910258][ T8437] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  434.974055][ T8796] EXT4-fs (loop5): Cannot turn on journaled quota: type 0: error -13
[  435.043036][ T8437] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  435.063163][ T8796] EXT4-fs error (device loop5): ext4_clear_blocks:883: inode #13: comm syz.5.1017: attempt to clear invalid blocks 2 len 1
[  435.152877][ T8437] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  435.174863][ T8796] EXT4-fs error (device loop5): ext4_mb_generate_buddy:1147: group 0, block bitmap and bg descriptor inconsistent: 218 vs 220 free clusters
[  435.210638][ T8796] EXT4-fs error (device loop5): ext4_free_branches:1030: inode #13: comm syz.5.1017: invalid indirect mapped block 1819239214 (level 0)
[  435.229080][ T8437] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  435.252822][ T8796] EXT4-fs error (device loop5): ext4_free_branches:1030: inode #13: comm syz.5.1017: invalid indirect mapped block 1819239214 (level 1)
[  435.268337][ T8437] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  435.315158][ T8796] EXT4-fs (loop5): 1 truncate cleaned up
[  435.333171][ T8796] EXT4-fs (loop5): mounted filesystem without journal. Opts: nodioread_nolock,init_itable=0x0000000000000004,mblk_io_submit,minixdf,jqfmt=vfsv0,usrjquota=..,errors=continue. Quota mode: writeback.
[  435.342946][ T8437] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  435.352506][    C1] vkms_vblank_simulate: vblank timer overrun
[  435.462923][ T8437] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  435.482863][ T8437] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  435.567220][ T8437] batman_adv: batadv0: Interface activated: batadv_slave_0
[  435.717449][ T8817] EXT4-fs (loop5): Quota file not on filesystem root. Journaled quota will not work
[  435.824107][ T4313] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready
[  435.934206][ T4313] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready
[  436.027524][ T4313] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[  436.251764][ T8437] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  436.329417][ T8437] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  436.350446][ T8437] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  436.368949][ T8437] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  436.380063][ T8437] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  436.397745][ T8437] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  436.464097][ T8437] batman_adv: batadv0: Interface activated: batadv_slave_1
[  436.499086][ T4313] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
[  436.538497][ T4313] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[  436.753304][ T8437] netdevsim netdevsim8 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  436.753344][ T8437] netdevsim netdevsim8 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  436.753373][ T8437] netdevsim netdevsim8 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  436.753403][ T8437] netdevsim netdevsim8 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  437.060416][ T4700] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  437.249204][ T4700] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  437.555630][ T8631] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready
[  437.968995][ T8631] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  437.990701][ T8631] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  438.078724][ T4731] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready
[  438.100269][ T8842] sch_fq: defrate 0 ignored.
[  438.225424][ T8848] batman_adv: batadv0: Adding interface: gretap1
[  438.232358][ T8848] batman_adv: batadv0: The MTU of interface gretap1 is too small (1462) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  438.258515][ T8848] batman_adv: batadv0: Interface activated: gretap1
[  441.167478][ T1421] ieee802154 phy0 wpan0: encryption failed: -22
[  441.173968][ T1421] ieee802154 phy1 wpan1: encryption failed: -22
[  441.251286][ T8872] mmap: syz.3.1027 (8872) uses deprecated remap_file_pages() syscall. See Documentation/vm/remap_file_pages.rst.
[  442.419471][ T8876] loop8: detected capacity change from 0 to 512
[  443.473843][ T8876] EXT4-fs (loop8): Ignoring removed mblk_io_submit option
[  443.771996][ T8876] EXT4-fs (loop8): Cannot turn on journaled quota: type 0: error -13
[  443.829957][ T8876] EXT4-fs error (device loop8): ext4_clear_blocks:883: inode #13: comm syz.8.1031: attempt to clear invalid blocks 2 len 1
[  443.863380][ T8876] EXT4-fs error (device loop8): ext4_mb_generate_buddy:1147: group 0, block bitmap and bg descriptor inconsistent: 218 vs 220 free clusters
[  443.908895][ T8876] EXT4-fs error (device loop8): ext4_free_branches:1030: inode #13: comm syz.8.1031: invalid indirect mapped block 1819239214 (level 0)
[  443.910796][ T8876] EXT4-fs error (device loop8): ext4_free_branches:1030: inode #13: comm syz.8.1031: invalid indirect mapped block 1819239214 (level 1)
[  443.911954][ T8876] EXT4-fs (loop8): 1 truncate cleaned up
[  443.911979][ T8876] EXT4-fs (loop8): mounted filesystem without journal. Opts: nodioread_nolock,init_itable=0x0000000000000004,mblk_io_submit,minixdf,jqfmt=vfsv0,usrjquota=..,errors=continue. Quota mode: writeback.
[  449.064219][ T8953] device syzkaller0 entered promiscuous mode
[  452.999843][ T9003] fuse: Invalid rootmode
[  455.129836][ T9021] device syzkaller0 entered promiscuous mode
[  455.150037][ T9021] sch_tbf: burst 127 is lower than device syzkaller0 mtu (1514) !
[  455.258856][ T9017] batman_adv: batadv0: Adding interface: gretap1
[  455.266331][ T9017] batman_adv: batadv0: The MTU of interface gretap1 is too small (1462) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  455.292399][ T9017] batman_adv: batadv0: Interface activated: gretap1
[  455.760048][ T9025] device syzkaller0 entered promiscuous mode
[  456.071369][ T9038] ax25_connect(): syz.3.1067 uses autobind, please contact jreuter@yaina.de
[  457.384686][ T9047] fuse: Invalid rootmode
[  460.824485][ T9078] device syzkaller0 entered promiscuous mode
[  460.938824][ T9078] sch_tbf: burst 127 is lower than device syzkaller0 mtu (1514) !
[  462.159635][ T9103] No such timeout policy "syz1"
[  463.154942][ T9115] No such timeout policy "syz1"
[  464.464538][ T9127] loop7: detected capacity change from 0 to 512
[  464.567682][ T9127] EXT4-fs (loop7): Ignoring removed mblk_io_submit option
[  465.533967][ T9127] EXT4-fs (loop7): Cannot turn on journaled quota: type 0: error -13
[  465.617571][ T9127] EXT4-fs error (device loop7): ext4_clear_blocks:883: inode #13: comm syz.7.1091: attempt to clear invalid blocks 2 len 1
[  465.663084][ T9127] EXT4-fs error (device loop7): ext4_mb_generate_buddy:1147: group 0, block bitmap and bg descriptor inconsistent: 218 vs 220 free clusters
[  465.697519][ T9127] EXT4-fs error (device loop7): ext4_free_branches:1030: inode #13: comm syz.7.1091: invalid indirect mapped block 1819239214 (level 0)
[  465.715560][ T9124] ==================================================================
[  465.724060][ T9124] BUG: KASAN: use-after-free in rose_transmit_link+0x5b0/0x730
[  465.731765][ T9124] Read of size 1 at addr ffff888061a2c832 by task syz.5.1089/9124
[  465.739604][ T9124] 
[  465.741945][ T9124] CPU: 1 PID: 9124 Comm: syz.5.1089 Not tainted syzkaller #0
[  465.749356][ T9124] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[  465.759616][ T9124] Call Trace:
[  465.762904][ T9124]  <TASK>
[  465.765831][ T9124]  dump_stack_lvl+0x168/0x230
[  465.770517][ T9124]  ? show_regs_print_info+0x20/0x20
[  465.775814][ T9124]  ? _printk+0xcc/0x110
[  465.779991][ T9124]  ? rose_transmit_link+0x5b0/0x730
[  465.785190][ T9124]  ? load_image+0x3b0/0x3b0
[  465.789691][ T9124]  ? _raw_spin_lock_irqsave+0xb0/0xf0
[  465.795073][ T9124]  print_address_description+0x60/0x2d0
[  465.800640][ T9124]  ? rose_transmit_link+0x5b0/0x730
[  465.805835][ T9124]  kasan_report+0xdf/0x130
[  465.810254][ T9124]  ? rose_transmit_link+0x5b0/0x730
[  465.815652][ T9124]  ? __phys_addr+0xb6/0x170
[  465.820265][ T9124]  rose_transmit_link+0x5b0/0x730
[  465.825394][ T9124]  ? skb_put+0x117/0x210
[  465.829718][ T9124]  rose_write_internal+0x673/0x1e80
[  465.834924][ T9124]  ? _raw_spin_unlock_irqrestore+0x82/0x100
[  465.840839][ T9124]  ? rose_validate_nr+0x120/0x120
[  465.845861][ T9124]  ? del_timer+0x11a/0x1b0
[  465.850361][ T9124]  ? skb_queue_purge+0x62/0x290
[  465.855209][ T9124]  rose_release+0x22a/0x4e0
[  465.859720][ T9124]  sock_close+0xd5/0x240
[  465.863964][ T9124]  ? sock_mmap+0x90/0x90
[  465.868198][ T9124]  __fput+0x234/0x930
[  465.872196][ T9124]  task_work_run+0x125/0x1a0
[  465.876809][ T9124]  get_signal+0x1222/0x12c0
[  465.881330][ T9124]  arch_do_signal_or_restart+0xc1/0x1300
[  465.886961][ T9124]  ? kick_process+0xd4/0x140
[  465.891552][ T9124]  ? task_work_add+0x1a7/0x1d0
[  465.896322][ T9124]  ? get_sigframe_size+0x10/0x10
[  465.901271][ T9124]  ? __sys_connect+0x239/0x410
[  465.906052][ T9124]  ? exit_to_user_mode_loop+0x3b/0x130
[  465.911533][ T9124]  exit_to_user_mode_loop+0x9e/0x130
[  465.916982][ T9124]  exit_to_user_mode_prepare+0xee/0x180
[  465.922533][ T9124]  syscall_exit_to_user_mode+0x16/0x40
[  465.927984][ T9124]  do_syscall_64+0x58/0xa0
[  465.932403][ T9124]  ? clear_bhb_loop+0x30/0x80
[  465.937509][ T9124]  ? clear_bhb_loop+0x30/0x80
[  465.942180][ T9124]  entry_SYSCALL_64_after_hwframe+0x66/0xd0
[  465.948066][ T9124] RIP: 0033:0x7f6710bc4749
[  465.952483][ T9124] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  465.972086][ T9124] RSP: 002b:00007f670ede9038 EFLAGS: 00000246 ORIG_RAX: 000000000000002a
[  465.980531][ T9124] RAX: fffffffffffffe00 RBX: 00007f6710e1b180 RCX: 00007f6710bc4749
[  465.988531][ T9124] RDX: 0000000000000040 RSI: 0000200000000180 RDI: 0000000000000008
[  465.996498][ T9124] RBP: 00007f6710c48f91 R08: 0000000000000000 R09: 0000000000000000
[  466.004465][ T9124] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  466.012437][ T9124] R13: 00007f6710e1b218 R14: 00007f6710e1b180 R15: 00007ffe7f4d7698
[  466.020462][ T9124]  </TASK>
[  466.023492][ T9124] 
[  466.025986][ T9124] Allocated by task 9124:
[  466.030398][ T9124]  __kasan_kmalloc+0xb5/0xf0
[  466.035425][ T9124]  rose_add_node+0x227/0xdb0
[  466.040106][ T9124]  rose_rt_ioctl+0x9db/0xe20
[  466.044779][ T9124]  rose_ioctl+0x27a/0x790
[  466.049099][ T9124]  sock_do_ioctl+0xd3/0x2f0
[  466.053596][ T9124]  sock_ioctl+0x4ed/0x6e0
[  466.057921][ T9124]  __se_sys_ioctl+0xfa/0x170
[  466.062504][ T9124]  do_syscall_64+0x4c/0xa0
[  466.066959][ T9124]  entry_SYSCALL_64_after_hwframe+0x66/0xd0
[  466.072843][ T9124] 
[  466.075158][ T9124] Freed by task 9121:
[  466.079124][ T9124]  kasan_set_track+0x4b/0x70
[  466.083790][ T9124]  kasan_set_free_info+0x1f/0x40
[  466.088719][ T9124]  ____kasan_slab_free+0xd5/0x110
[  466.093753][ T9124]  slab_free_freelist_hook+0xea/0x170
[  466.099198][ T9124]  kfree+0xef/0x2a0
[  466.102998][ T9124]  rose_rt_device_down+0x4e2/0x530
[  466.108100][ T9124]  rose_device_event+0x5ec/0x680
[  466.113026][ T9124]  raw_notifier_call_chain+0xcb/0x160
[  466.118408][ T9124]  __dev_notify_flags+0x178/0x2d0
[  466.123437][ T9124]  dev_change_flags+0xe3/0x1a0
[  466.128211][ T9124]  dev_ifsioc+0x147/0xe70
[  466.132544][ T9124]  dev_ioctl+0x55f/0xe50
[  466.136802][ T9124]  sock_do_ioctl+0x222/0x2f0
[  466.141474][ T9124]  sock_ioctl+0x4ed/0x6e0
[  466.145800][ T9124]  __se_sys_ioctl+0xfa/0x170
[  466.150396][ T9124]  do_syscall_64+0x4c/0xa0
[  466.154800][ T9124]  entry_SYSCALL_64_after_hwframe+0x66/0xd0
[  466.160682][ T9124] 
[  466.162999][ T9124] Last potentially related work creation:
[  466.168723][ T9124]  kasan_save_stack+0x35/0x60
[  466.173389][ T9124]  kasan_record_aux_stack+0xb8/0x100
[  466.178679][ T9124]  insert_work+0x54/0x3d0
[  466.183180][ T9124]  __queue_work+0x9c5/0xd50
[  466.187848][ T9124]  call_timer_fn+0x16c/0x530
[  466.192820][ T9124]  __run_timers+0x550/0x7c0
[  466.197356][ T9124]  run_timer_softirq+0x63/0xf0
[  466.202207][ T9124]  handle_softirqs+0x328/0x820
[  466.206979][ T9124]  __irq_exit_rcu+0x12f/0x220
[  466.211646][ T9124]  irq_exit_rcu+0x5/0x20
[  466.215888][ T9124]  sysvec_apic_timer_interrupt+0xa0/0xc0
[  466.221646][ T9124]  asm_sysvec_apic_timer_interrupt+0x16/0x20
[  466.227642][ T9124] 
[  466.229982][ T9124] Second to last potentially related work creation:
[  466.236553][ T9124]  kasan_save_stack+0x35/0x60
[  466.241222][ T9124]  kasan_record_aux_stack+0xb8/0x100
[  466.246507][ T9124]  call_rcu+0x182/0x930
[  466.250704][ T9124]  ip6_route_info_create+0x9c5/0x1210
[  466.256068][ T9124]  ip6_route_add+0x24/0x130
[  466.260650][ T9124]  addrconf_add_dev+0x250/0x350
[  466.265502][ T9124]  inet6_addr_add+0x18d/0x9c0
[  466.270170][ T9124]  inet6_rtm_newaddr+0x5d7/0x840
[  466.275100][ T9124]  rtnetlink_rcv_msg+0x7ff/0xe90
[  466.280048][ T9124]  netlink_rcv_skb+0x1e0/0x430
[  466.284889][ T9124]  netlink_unicast+0x774/0x920
[  466.289741][ T9124]  netlink_sendmsg+0x8ab/0xbc0
[  466.294501][ T9124]  __sys_sendto+0x423/0x580
[  466.298996][ T9124]  __x64_sys_sendto+0xda/0xf0
[  466.303668][ T9124]  do_syscall_64+0x4c/0xa0
[  466.308089][ T9124]  entry_SYSCALL_64_after_hwframe+0x66/0xd0
[  466.314058][ T9124] 
[  466.316369][ T9124] The buggy address belongs to the object at ffff888061a2c800
[  466.316369][ T9124]  which belongs to the cache kmalloc-512 of size 512
[  466.330412][ T9124] The buggy address is located 50 bytes inside of
[  466.330412][ T9124]  512-byte region [ffff888061a2c800, ffff888061a2ca00)
[  466.343601][ T9124] The buggy address belongs to the page:
[  466.349395][ T9124] page:ffffea0001868b00 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x61a2c
[  466.359557][ T9124] head:ffffea0001868b00 order:2 compound_mapcount:0 compound_pincount:0
[  466.367878][ T9124] flags: 0xfff00000010200(slab|head|node=0|zone=1|lastcpupid=0x7ff)
[  466.375861][ T9124] raw: 00fff00000010200 dead000000000100 dead000000000122 ffff888016841c80
[  466.384436][ T9124] raw: 0000000000000000 0000000000100010 00000001ffffffff 0000000000000000
[  466.393042][ T9124] page dumped because: kasan: bad access detected
[  466.399542][ T9124] page_owner tracks the page as allocated
[  466.405256][ T9124] page last allocated via order 2, migratetype Unmovable, gfp_mask 0xd20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 4183, ts 54310084134, free_ts 16484044588
[  466.424527][ T9124]  get_page_from_freelist+0x1b77/0x1c60
[  466.430172][ T9124]  __alloc_pages+0x1e1/0x470
[  466.434809][ T9124]  new_slab+0xc0/0x4b0
[  466.438988][ T9124]  ___slab_alloc+0x81e/0xdf0
[  466.443568][ T9124]  __kmalloc_node_track_caller+0x1fc/0x3a0
[  466.449362][ T9124]  __alloc_skb+0x22c/0x750
[  466.453768][ T9124]  mpls_netconf_notify_devconf+0x46/0xf0
[  466.459564][ T9124]  mpls_dev_sysctl_register+0x22d/0x2d0
[  466.465213][ T9124]  mpls_dev_notify+0x2fa/0x780
[  466.469969][ T9124]  raw_notifier_call_chain+0xcb/0x160
[  466.475329][ T9124]  register_netdevice+0x1275/0x16b0
[  466.480518][ T9124]  bond_newlink+0x33/0x80
[  466.484948][ T9124]  rtnl_newlink+0x114c/0x17d0
[  466.489624][ T9124]  rtnetlink_rcv_msg+0x7ff/0xe90
[  466.494641][ T9124]  netlink_rcv_skb+0x1e0/0x430
[  466.499406][ T9124]  netlink_unicast+0x774/0x920
[  466.504191][ T9124] page last free stack trace:
[  466.508860][ T9124]  free_unref_page_prepare+0x637/0x6c0
[  466.514396][ T9124]  free_unref_page+0x94/0x280
[  466.519078][ T9124]  free_contig_range+0x96/0xf0
[  466.523838][ T9124]  destroy_args+0x100/0xa20
[  466.528334][ T9124]  debug_vm_pgtable+0x318/0x370
[  466.533193][ T9124]  do_one_initcall+0x1ee/0x680
[  466.537976][ T9124]  do_initcall_level+0x137/0x1f0
[  466.543086][ T9124]  do_initcalls+0x4b/0x90
[  466.547404][ T9124]  kernel_init_freeable+0x3ce/0x560
[  466.552610][ T9124]  kernel_init+0x19/0x1b0
[  466.556927][ T9124]  ret_from_fork+0x1f/0x30
[  466.561335][ T9124] 
[  466.563649][ T9124] Memory state around the buggy address:
[  466.569276][ T9124]  ffff888061a2c700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[  466.577414][ T9124]  ffff888061a2c780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[  466.585739][ T9124] >ffff888061a2c800: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  466.593877][ T9124]                                      ^
[  466.599599][ T9124]  ffff888061a2c880: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  466.607657][ T9124]  ffff888061a2c900: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  466.615704][ T9124] ==================================================================
[  466.623750][ T9124] Disabling lock debugging due to kernel taint
[  466.728637][ T9127] EXT4-fs error (device loop7): ext4_free_branches:1030: inode #13: comm syz.7.1091: invalid indirect mapped block 1819239214 (level 1)
[  466.892131][ T9124] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[  466.899391][ T9124] CPU: 0 PID: 9124 Comm: syz.5.1089 Tainted: G    B             syzkaller #0
[  466.908149][ T9124] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[  466.918194][ T9124] Call Trace:
[  466.921460][ T9124]  <TASK>
[  466.924399][ T9124]  dump_stack_lvl+0x168/0x230
[  466.929123][ T9124]  ? show_regs_print_info+0x20/0x20
[  466.934546][ T9124]  ? load_image+0x3b0/0x3b0
[  466.939089][ T9124]  panic+0x2c9/0x7f0
[  466.943006][ T9124]  ? asm_sysvec_apic_timer_interrupt+0x16/0x20
[  466.949198][ T9124]  ? bpf_jit_dump+0xd0/0xd0
[  466.949242][ T9127] EXT4-fs (loop7): 1 truncate cleaned up
[  466.953731][ T9124]  ? _raw_spin_unlock_irqrestore+0xf6/0x100
[  466.953758][ T9124]  ? _raw_spin_unlock+0x40/0x40
[  466.953776][ T9124]  ? rose_transmit_link+0x5b0/0x730
[  466.953795][ T9124]  check_panic_on_warn+0x80/0xa0
[  466.953816][ T9124]  ? rose_transmit_link+0x5b0/0x730
[  466.985699][ T9124]  end_report+0x6d/0xf0
[  466.989860][ T9124]  kasan_report+0x102/0x130
[  466.994370][ T9124]  ? rose_transmit_link+0x5b0/0x730
[  466.999678][ T9124]  ? __phys_addr+0xb6/0x170
[  467.004185][ T9124]  rose_transmit_link+0x5b0/0x730
[  467.009377][ T9124]  ? skb_put+0x117/0x210
[  467.013702][ T9124]  rose_write_internal+0x673/0x1e80
[  467.018890][ T9124]  ? _raw_spin_unlock_irqrestore+0x82/0x100
[  467.024778][ T9124]  ? rose_validate_nr+0x120/0x120
[  467.029794][ T9124]  ? del_timer+0x11a/0x1b0
[  467.034199][ T9124]  ? skb_queue_purge+0x62/0x290
[  467.039128][ T9124]  rose_release+0x22a/0x4e0
[  467.043632][ T9124]  sock_close+0xd5/0x240
[  467.047902][ T9124]  ? sock_mmap+0x90/0x90
[  467.052158][ T9124]  __fput+0x234/0x930
[  467.056134][ T9124]  task_work_run+0x125/0x1a0
[  467.060721][ T9124]  get_signal+0x1222/0x12c0
[  467.065232][ T9124]  arch_do_signal_or_restart+0xc1/0x1300
[  467.070867][ T9124]  ? kick_process+0xd4/0x140
[  467.075450][ T9124]  ? task_work_add+0x1a7/0x1d0
[  467.080203][ T9124]  ? get_sigframe_size+0x10/0x10
[  467.085133][ T9124]  ? __sys_connect+0x239/0x410
[  467.089902][ T9124]  ? exit_to_user_mode_loop+0x3b/0x130
[  467.095380][ T9124]  exit_to_user_mode_loop+0x9e/0x130
[  467.100697][ T9124]  exit_to_user_mode_prepare+0xee/0x180
[  467.106402][ T9124]  syscall_exit_to_user_mode+0x16/0x40
[  467.112053][ T9124]  do_syscall_64+0x58/0xa0
[  467.116564][ T9124]  ? clear_bhb_loop+0x30/0x80
[  467.121239][ T9124]  ? clear_bhb_loop+0x30/0x80
[  467.125912][ T9124]  entry_SYSCALL_64_after_hwframe+0x66/0xd0
[  467.131905][ T9124] RIP: 0033:0x7f6710bc4749
[  467.136314][ T9124] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  467.156015][ T9124] RSP: 002b:00007f670ede9038 EFLAGS: 00000246 ORIG_RAX: 000000000000002a
[  467.164519][ T9124] RAX: fffffffffffffe00 RBX: 00007f6710e1b180 RCX: 00007f6710bc4749
[  467.172485][ T9124] RDX: 0000000000000040 RSI: 0000200000000180 RDI: 0000000000000008
[  467.180448][ T9124] RBP: 00007f6710c48f91 R08: 0000000000000000 R09: 0000000000000000
[  467.188687][ T9124] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  467.196753][ T9124] R13: 00007f6710e1b218 R14: 00007f6710e1b180 R15: 00007ffe7f4d7698
[  467.204730][ T9124]  </TASK>
[  467.207987][ T9124] Kernel Offset: disabled
[  467.212316][ T9124] Rebooting in 86400 seconds..