last executing test programs:

22.480525204s ago: executing program 3 (id=1719):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, 0x0, 0x0)
sendmmsg$unix(r1, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000000)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002078316e00000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000005000000b7030000000000008500000006000000850000000500000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000600)={&(0x7f00000005c0)='sys_enter\x00', r2}, 0x10)
semtimedop(0x0, 0x0, 0x0, 0x0)

22.41639397s ago: executing program 1 (id=1720):
r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000ac0)=ANY=[@ANYBLOB="1800000000000000000000000000000018010000786c6c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b7030000fdffffff850000002d00000095"], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000080)='sched_switch\x00', r0}, 0x10)
connect$inet(0xffffffffffffffff, 0x0, 0x0)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
r2 = syz_genetlink_get_family_id$SEG6(&(0x7f0000000080), 0xffffffffffffffff)
sendmsg$SEG6_CMD_SETHMAC(r1, &(0x7f00000004c0)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f00000000c0)={0x34, r2, 0x1, 0x0, 0x0, {}, [@SEG6_ATTR_SECRETLEN={0x5, 0x5, 0x1}, @SEG6_ATTR_SECRET={0x8, 0x4, [0x0]}, @SEG6_ATTR_ALGID={0x5}, @SEG6_ATTR_HMACKEYID={0x8, 0x3, 0x1}]}, 0x34}}, 0x0)
syz_genetlink_get_family_id$SEG6(&(0x7f0000000000), r1)
r3 = syz_open_procfs(0x0, &(0x7f0000000140)='ns\x00')
r4 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0)
write$RDMA_USER_CM_CMD_RESOLVE_IP(r4, &(0x7f0000006a40)={0x3, 0x40, 0xfa00, {{0x6000000, 0x0, 0x0, @private0}, {0xa, 0x0, 0x0, @loopback={0xfec0ffff00000000, 0x8e84fffef67c07}}}}, 0x48)
getdents64(r3, 0x0, 0xffb8)
sendmsg$SEG6_CMD_DUMPHMAC(r3, &(0x7f0000000380)={&(0x7f0000000280)={0x10, 0x0, 0x0, 0x2000000}, 0xc, &(0x7f0000000340)={&(0x7f00000002c0)={0x5c, r2, 0x2, 0x70bd25, 0x25dfdbfd, {}, [@SEG6_ATTR_ALGID={0x5, 0x6, 0x9}, @SEG6_ATTR_DSTLEN={0x8, 0x2, 0x6}, @SEG6_ATTR_DST={0x14, 0x1, @ipv4={'\x00', '\xff\xff', @remote}}, @SEG6_ATTR_DST={0x14, 0x1, @mcast1}, @SEG6_ATTR_SECRETLEN={0x5}, @SEG6_ATTR_HMACKEYID={0x8, 0x3, 0x60000000}]}, 0x5c}, 0x1, 0x0, 0x0, 0x40000}, 0x40010)
r5 = socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$SEG6(&(0x7f0000000200), r5)
r6 = socket$nl_generic(0x10, 0x3, 0x10)
r7 = syz_genetlink_get_family_id$SEG6(&(0x7f0000000080), 0xffffffffffffffff)
sendmsg$SEG6_CMD_SETHMAC(r6, &(0x7f00000004c0)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f00000000c0)={0x34, r7, 0x1, 0x0, 0x0, {}, [@SEG6_ATTR_SECRETLEN={0x5, 0x5, 0x1}, @SEG6_ATTR_SECRET={0x8, 0x4, [0x0]}, @SEG6_ATTR_ALGID={0x5}, @SEG6_ATTR_HMACKEYID={0x8, 0x3, 0x1}]}, 0x34}}, 0x0)

21.920003786s ago: executing program 1 (id=1721):
bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
socket$netlink(0x10, 0x3, 0x0)
r0 = socket$netlink(0x10, 0x3, 0x0)
sched_setaffinity(0x0, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000180)='sched_switch\x00'}, 0x10)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={0x0}, 0x18)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000100)={0x4, 0x4, &(0x7f0000000240)=ANY=[@ANYBLOB="1800"/13], &(0x7f00000001c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
sendmsg$nl_route_sched(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000480)={&(0x7f0000000340)=@newtaction={0x64, 0x30, 0xffffffffffffffff, 0x0, 0x0, {}, [{0x50, 0x1, [@m_bpf={0x4c, 0x1, 0x0, 0x0, {{0x8}, {0x24, 0x2, 0x0, 0x1, [@TCA_ACT_BPF_PARMS={0x18, 0x2, {0x1}}, @TCA_ACT_BPF_FD={0x8, 0x5, r1}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0x64}}, 0x0)

21.635788622s ago: executing program 1 (id=1723):
syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r0, &(0x7f0000002700)=""/102392, 0x18ff8)
fcntl$addseals(0xffffffffffffffff, 0x409, 0x7)
ioctl$TIOCSETD(0xffffffffffffffff, 0x5423, 0x0)
setsockopt$ALG_SET_KEY(0xffffffffffffffff, 0x117, 0x1, 0x0, 0x0)
sendmsg$nl_route_sched_retired(0xffffffffffffffff, &(0x7f0000001300)={0x0, 0x0, 0x0}, 0x0)
capset(0x0, &(0x7f0000000040)={0x200000, 0x200000, 0x0, 0x0, 0x4000000})
mkdirat(0xffffffffffffff9c, &(0x7f0000000280)='./file0\x00', 0x0)
r1 = syz_open_procfs(0x0, 0x0)
read$FUSE(r1, &(0x7f0000000140)={0x2020}, 0x2020)
mount(&(0x7f0000000200), &(0x7f0000000140)='./file0\x00', &(0x7f0000000100)='gadgetfs\x00', 0x900, 0x0)
r2 = syz_open_procfs(0x0, &(0x7f0000000100)='mountinfo\x00')
r3 = open(&(0x7f0000000080)='./file1\x00', 0x10b942, 0x0)
sendfile(r3, r2, 0x0, 0x80000000)

20.957846844s ago: executing program 1 (id=1726):
syz_mount_image$hfsplus(&(0x7f0000000600), &(0x7f00000004c0)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x800810, &(0x7f0000000640)=ANY=[], 0x1, 0x669, &(0x7f0000001000)="$eJzs3c1vHGcdB/DvrDd2Ni3BTZM2oEq1GgkQFolf5IK5EBBCPlSoKgfOVuI0VjZpsV3kVog6vF576B9QDr4gTkjcIxUOXODWG/KxEhKXXjCnRTs7a6/XL10njb1pP59o9nmeeWae+T2/2Zl9saIN8IW1MJn6gxRZmHxlvd3e2pxtbm3O3u3Wk4wl2UjqSWpJiv+2Wq0Pk+tJsTNM0Vfu8/7y/GsffbL1cadVr5Zy+9pR+/WpttvoW73RXTeRZKQqH8Ge8W488njFTuTXk1ypSjh1Z5K09vjZ35/e6enROGjvsycSI/B4FZ3XzX3Gk3PVhd5+H9B95a2dbHSDGxtwu/53EAAAAPCkGeQz8Je3s5314vwJhAMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACfCxu7v/9fVEutW59I0f39/9FqXar6cHnxeJs/eFxxAAAAAAAAAMAJenE721nP+W67VZR/83+pbFwsH5/KW1nNUlZyNetZzFrWspLpJOM9A42uL66trUwPsOfMgXvOfEqgY1XZ+GzmDQAAAAAAAACfM7/Kwu7f/wEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAYBgUyUinSHG/Z/V4avUkZ5OMtldsJP/s1p9kD047AAAAADgBY8l21nO+224VuZjkufI7gLN5K/eyluWspZml3Cy/F+h86q9tbc42tzZn77aX/eN+/z/HCqMcMZ3vHg4+8uVyi0ZuZblcczU38kaauZlauWfb5Sqe7qh9cd1vx1R8rzJgZDersj3z96pyn3ePNdnDHPPLlPEyI2d2MjJVxdbOxjPdM3PwGTrm2ek/0nRqO8Fe7DvS6N7JPFTOz1Vlez6/Oyznp6I/EzM9z77njs558vW//OmnU1V9eKY0mJGqbJWPjf2ZmO3JxPODZOJ2896d27dWJ5+0TOwzVWbi0k57IT/KTzKZibyalSzn51nMWpYykR+WtcXq5Bc9l/whmbq+p/Xqp0UyWj1DOyfreDG9VO57Psv5cd7IzSzl5fLfTKbz7cxlLvM9Z/jS0We4vOprh1z1rS8dGPyVb1SVRpLfV+VwaOf1mZ689t5zx8u+3jW7WbowQJaOeW+sf7WqtI/x66ocDv2ZmO7JxLNHZ+IP5W1ltXnvzsrtxTcHO9yF96pK+zr6bTIxPDeS9vPlQvtkla29z45237MH9k2XfRd3+mr7+i7t9HWu1I1Dr9TR6j3c/pFmyr7nD+ybLfsu9/Qd9H4LgKF37pvnRhv/bvyj8UHjN43bjVfO/mDsO2MvjObMX898tz418rXaC8Wf80F+ufv5HwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAeHirb79zZ7HZXFrpq7RarXcP6RqwUq+O8JC7P0IlE/96qn3kA7q6P2d2gvF85enk5OY+rJX/tVqtak1xyDZ//NvQJKpVGYrUnVLl9O5JwMm4tnb3zWurb7/zreW7i68vvb50b35ubn5qfu7l2Wu3lptLU53H044SeBx2X/RPOxIAAAAAAAAAAABgUCfx3wlOe44AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADAk21hMvUHKTI9dXWq3d7anG22l259d8t6klqS4hdJ8WFyPZ0l4z3DFYcd5/3l+dc++mTr492x6t3ta0ftN5iNaslEkpFOef+zGu9GVR6pOGoKxc4M2wm70k0cnLb/BwAA//+o5gZ+")
r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000300), 0x2, 0x0)
mount$fuse(0x0, &(0x7f00000020c0)='./file0\x00', &(0x7f0000002100), 0x0, &(0x7f00000003c0)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r0, @ANYBLOB=',rootmode=00000000000000000040000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0])
mount$bind(&(0x7f0000000100)='./file0\x00', &(0x7f0000000040)='./file0\x00', 0x0, 0x103ba52, 0x0)
pipe2$9p(&(0x7f0000000240)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r2, &(0x7f0000000080)=ANY=[@ANYBLOB="1500000065ffff097b000008003950323030302e4c"], 0x15)
r3 = dup(r2)
write$FUSE_BMAP(r3, &(0x7f0000000100)={0x18}, 0x18)
write$FUSE_DIRENTPLUS(r3, &(0x7f0000000300)=ANY=[@ANYBLOB="b000000000000000"], 0xb0)
getresuid(&(0x7f0000000440), &(0x7f0000000480), &(0x7f00000004c0)=<r4=>0x0)
mount$9p_fd(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f0000000b80), 0x0, &(0x7f0000000580)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r1, @ANYBLOB=',wfdno=', @ANYRESHEX=r3, @ANYBLOB=',privport,access=', @ANYRESDEC=r4])
mount$bind(&(0x7f0000000240)='.\x00', &(0x7f0000000280)='./file0\x00', 0x0, 0x1005848, 0x0)
r5 = syz_open_procfs(0xffffffffffffffff, &(0x7f00000001c0)='mounts\x00')
read$FUSE(r5, &(0x7f0000005080)={0x2020}, 0x204d)

20.671339761s ago: executing program 1 (id=1727):
ioctl$sock_ipv4_tunnel_SIOCCHGTUNNEL(0xffffffffffffffff, 0x89f3, &(0x7f0000000000)={'sit0\x00', &(0x7f00000002c0)={'syztnl1\x00', 0x0, 0x0, 0x0, 0x0, 0x0, {{0x26, 0x4, 0x0, 0x0, 0x98, 0x0, 0x0, 0x0, 0x0, 0x0, @broadcast, @remote, {[@timestamp={0x44, 0x1c, 0x0, 0x0, 0x0, [0x401, 0x1000, 0x5, 0x40000, 0x5, 0x0]}, @timestamp_prespec={0x44, 0x34, 0xc0, 0x3, 0x0, [{@multicast1, 0x5}, {@dev, 0x659}, {@broadcast, 0x8000}, {@empty}, {@multicast1, 0xffd1fc}, {@private=0xfffffffd, 0x7}]}, @timestamp_prespec={0x44, 0x24, 0x0, 0x3, 0x0, [{@multicast2, 0x3}, {@private=0xa010101}, {@empty}, {@broadcast}]}, @noop, @noop, @lsrr={0x83, 0xb, 0x0, [@private, @rand_addr]}]}}}}})
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
write$binfmt_script(0xffffffffffffffff, &(0x7f0000000240), 0x208e24b)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x280000b, 0x28011, 0xffffffffffffffff, 0x0)
r2 = dup(r1)
r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000080)={0x0, 0x2, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
ioctl$UFFDIO_REGISTER(0xffffffffffffffff, 0xc020aa00, &(0x7f0000000080)={{&(0x7f00000e2000/0xc00000)=nil, 0xc00000}, 0x1})
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r3, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000300)=[@text64={0x40, 0x0}], 0xffff, 0x0, 0x0, 0x0)
syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000200)=[@text64={0x40, 0x0}], 0x1, 0x0, 0x0, 0x0)
ioctl$KVM_REGISTER_COALESCED_MMIO(r1, 0x4010ae67, &(0x7f00000001c0)={0x0, 0xd000})
ioctl$KVM_NMI(r3, 0xae9a)
ioctl$KVM_RUN(r3, 0xae80, 0x0)

20.305400655s ago: executing program 1 (id=1730):
r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000ac0)=ANY=[@ANYBLOB="1800000000000000000000000000000018010000786c6c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b7030000fdffffff850000002d00000095"], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000080)='sched_switch\x00', r0}, 0x10)
connect$inet(0xffffffffffffffff, 0x0, 0x0)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
r2 = syz_genetlink_get_family_id$SEG6(&(0x7f0000000080), 0xffffffffffffffff)
sendmsg$SEG6_CMD_SETHMAC(r1, &(0x7f00000004c0)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f00000000c0)={0x34, r2, 0x1, 0x0, 0x0, {}, [@SEG6_ATTR_SECRETLEN={0x5, 0x5, 0x1}, @SEG6_ATTR_SECRET={0x8, 0x4, [0x0]}, @SEG6_ATTR_ALGID={0x5}, @SEG6_ATTR_HMACKEYID={0x8, 0x3, 0x1}]}, 0x34}}, 0x0)
syz_genetlink_get_family_id$SEG6(&(0x7f0000000000), r1)
r3 = syz_open_procfs(0x0, &(0x7f0000000140)='ns\x00')
r4 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0)
write$RDMA_USER_CM_CMD_RESOLVE_IP(r4, &(0x7f0000006a40)={0x3, 0x40, 0xfa00, {{0x6000000, 0x0, 0x0, @private0}, {0xa, 0x0, 0x0, @loopback={0xfec0ffff00000000, 0x8e84fffef67c07}}}}, 0x48)
getdents64(r3, 0x0, 0xffb8)
sendmsg$SEG6_CMD_DUMPHMAC(r3, &(0x7f0000000380)={&(0x7f0000000280)={0x10, 0x0, 0x0, 0x2000000}, 0xc, &(0x7f0000000340)={&(0x7f00000002c0)={0x5c, r2, 0x2, 0x70bd25, 0x25dfdbfd, {}, [@SEG6_ATTR_ALGID={0x5, 0x6, 0x9}, @SEG6_ATTR_DSTLEN={0x8, 0x2, 0x6}, @SEG6_ATTR_DST={0x14, 0x1, @ipv4={'\x00', '\xff\xff', @remote}}, @SEG6_ATTR_DST={0x14, 0x1, @mcast1}, @SEG6_ATTR_SECRETLEN={0x5}, @SEG6_ATTR_HMACKEYID={0x8, 0x3, 0x60000000}]}, 0x5c}, 0x1, 0x0, 0x0, 0x40000}, 0x40010)
r5 = socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$SEG6(&(0x7f0000000200), r5)
r6 = socket$nl_generic(0x10, 0x3, 0x10)
r7 = syz_genetlink_get_family_id$SEG6(&(0x7f0000000080), 0xffffffffffffffff)
sendmsg$SEG6_CMD_SETHMAC(r6, &(0x7f00000004c0)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f00000000c0)={0x34, r7, 0x1, 0x0, 0x0, {}, [@SEG6_ATTR_SECRETLEN={0x5, 0x5, 0x1}, @SEG6_ATTR_SECRET={0x8, 0x4, [0x0]}, @SEG6_ATTR_ALGID={0x5}, @SEG6_ATTR_HMACKEYID={0x8, 0x3, 0x1}]}, 0x34}}, 0x0)

19.894188143s ago: executing program 3 (id=1733):
syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setaffinity(0x0, 0x0, 0x0)
r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r0, &(0x7f0000002700)=""/102392, 0x18ff8)
sendmsg$nl_route_sched_retired(0xffffffffffffffff, &(0x7f0000001300)={0x0, 0x0, 0x0}, 0x0)
capset(0x0, &(0x7f0000000040)={0x200000, 0x200000, 0x0, 0x0, 0x4000000})
mkdirat(0xffffffffffffff9c, &(0x7f0000000280)='./file0\x00', 0x0)
r1 = syz_open_procfs(0x0, &(0x7f00000000c0)='net/dev\x00')
read$FUSE(r1, &(0x7f0000000140)={0x2020}, 0x2020)
mount(&(0x7f0000000200), &(0x7f0000000140)='./file0\x00', &(0x7f0000000100)='gadgetfs\x00', 0x900, 0x0)
r2 = syz_open_procfs(0x0, &(0x7f0000000100)='mountinfo\x00')
r3 = open(&(0x7f0000000080)='./file1\x00', 0x10b942, 0x0)
sendfile(r3, r2, 0x0, 0x80000000)

19.007753355s ago: executing program 3 (id=1736):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$ethtool(&(0x7f00000000c0), r0)
sendmsg$ETHTOOL_MSG_STRSET_GET(r0, &(0x7f00000005c0)={0x0, 0x0, &(0x7f0000000580)={&(0x7f0000000480)=ANY=[@ANYBLOB='4\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="01000000004000000000010000001c0002800c00018008000100070000000c000180080001000600000004"], 0x34}, 0x1, 0x0, 0x0, 0x4001}, 0x0)

18.664123416s ago: executing program 3 (id=1737):
syz_mount_image$hfsplus(&(0x7f0000000600), &(0x7f00000004c0)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x800810, &(0x7f0000000640)=ANY=[], 0x1, 0x669, &(0x7f0000001000)="$eJzs3c1vHGcdB/DvrDd2Ni3BTZM2oEq1GgkQFolf5IK5EBBCPlSoKgfOVuI0VjZpsV3kVog6vF576B9QDr4gTkjcIxUOXODWG/KxEhKXXjCnRTs7a6/XL10njb1pP59o9nmeeWae+T2/2Zl9saIN8IW1MJn6gxRZmHxlvd3e2pxtbm3O3u3Wk4wl2UjqSWpJiv+2Wq0Pk+tJsTNM0Vfu8/7y/GsffbL1cadVr5Zy+9pR+/WpttvoW73RXTeRZKQqH8Ge8W488njFTuTXk1ypSjh1Z5K09vjZ35/e6enROGjvsycSI/B4FZ3XzX3Gk3PVhd5+H9B95a2dbHSDGxtwu/53EAAAAPCkGeQz8Je3s5314vwJhAMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACfCxu7v/9fVEutW59I0f39/9FqXar6cHnxeJs/eFxxAAAAAAAAAMAJenE721nP+W67VZR/83+pbFwsH5/KW1nNUlZyNetZzFrWspLpJOM9A42uL66trUwPsOfMgXvOfEqgY1XZ+GzmDQAAAAAAAACfM7/Kwu7f/wEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAYBgUyUinSHG/Z/V4avUkZ5OMtldsJP/s1p9kD047AAAAADgBY8l21nO+224VuZjkufI7gLN5K/eyluWspZml3Cy/F+h86q9tbc42tzZn77aX/eN+/z/HCqMcMZ3vHg4+8uVyi0ZuZblcczU38kaauZlauWfb5Sqe7qh9cd1vx1R8rzJgZDersj3z96pyn3ePNdnDHPPLlPEyI2d2MjJVxdbOxjPdM3PwGTrm2ek/0nRqO8Fe7DvS6N7JPFTOz1Vlez6/Oyznp6I/EzM9z77njs558vW//OmnU1V9eKY0mJGqbJWPjf2ZmO3JxPODZOJ2896d27dWJ5+0TOwzVWbi0k57IT/KTzKZibyalSzn51nMWpYykR+WtcXq5Bc9l/whmbq+p/Xqp0UyWj1DOyfreDG9VO57Psv5cd7IzSzl5fLfTKbz7cxlLvM9Z/jS0We4vOprh1z1rS8dGPyVb1SVRpLfV+VwaOf1mZ689t5zx8u+3jW7WbowQJaOeW+sf7WqtI/x66ocDv2ZmO7JxLNHZ+IP5W1ltXnvzsrtxTcHO9yF96pK+zr6bTIxPDeS9vPlQvtkla29z45237MH9k2XfRd3+mr7+i7t9HWu1I1Dr9TR6j3c/pFmyr7nD+ybLfsu9/Qd9H4LgKF37pvnRhv/bvyj8UHjN43bjVfO/mDsO2MvjObMX898tz418rXaC8Wf80F+ufv5HwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAeHirb79zZ7HZXFrpq7RarXcP6RqwUq+O8JC7P0IlE/96qn3kA7q6P2d2gvF85enk5OY+rJX/tVqtak1xyDZ//NvQJKpVGYrUnVLl9O5JwMm4tnb3zWurb7/zreW7i68vvb50b35ubn5qfu7l2Wu3lptLU53H044SeBx2X/RPOxIAAAAAAAAAAABgUCfx3wlOe44AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADAk21hMvUHKTI9dXWq3d7anG22l259d8t6klqS4hdJ8WFyPZ0l4z3DFYcd5/3l+dc++mTr492x6t3ta0ftN5iNaslEkpFOef+zGu9GVR6pOGoKxc4M2wm70k0cnLb/BwAA//+o5gZ+")
r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000300), 0x2, 0x0)
mount$fuse(0x0, &(0x7f00000020c0)='./file0\x00', &(0x7f0000002100), 0x0, &(0x7f00000003c0)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r0, @ANYBLOB=',rootmode=00000000000000000040000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0])
mount$bind(&(0x7f0000000100)='./file0\x00', &(0x7f0000000040)='./file0\x00', 0x0, 0x103ba52, 0x0)
pipe2$9p(&(0x7f0000000240)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r2, &(0x7f0000000080)=ANY=[@ANYBLOB="1500000065ffff097b000008003950323030302e4c"], 0x15)
r3 = dup(r2)
write$FUSE_BMAP(r3, &(0x7f0000000100)={0x18}, 0x18)
write$FUSE_DIRENTPLUS(r3, &(0x7f0000000300)=ANY=[@ANYBLOB="b000000000000000"], 0xb0)
getresuid(&(0x7f0000000440), &(0x7f0000000480), &(0x7f00000004c0)=<r4=>0x0)
mount$9p_fd(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f0000000b80), 0x0, &(0x7f0000000580)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r1, @ANYBLOB=',wfdno=', @ANYRESHEX=r3, @ANYBLOB=',privport,access=', @ANYRESDEC=r4])
mount$bind(&(0x7f0000000240)='.\x00', &(0x7f0000000280)='./file0\x00', 0x0, 0x1005848, 0x0)
r5 = syz_open_procfs(0xffffffffffffffff, &(0x7f00000001c0)='mounts\x00')
read$FUSE(r5, &(0x7f0000005080)={0x2020}, 0x204d)

17.991429699s ago: executing program 3 (id=1739):
bpf$MAP_CREATE(0x0, &(0x7f0000000640)=@base={0x1e, 0x0, 0x4, 0xff, 0x0, 0x1, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=@base={0x16, 0x0, 0x4, 0xfb, 0x0, 0x1, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b704000000000000850000005700000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000005c0)={0x18, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000140)={&(0x7f0000000040)='mm_page_alloc\x00', r1}, 0x10)
r2 = socket(0x2000000000000021, 0x2, 0x10000000000002)
connect$rxrpc(r2, &(0x7f0000000140)=@in4={0x21, 0x0, 0x2, 0x10}, 0x24)
sendmmsg(r2, &(0x7f0000005c00)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="1800e621000000001001000001004fea0000ec0000000000"], 0x18, 0x7000000}, 0xf401}], 0x1, 0x0)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000f40)={&(0x7f0000000f00)='kfree\x00', r3}, 0x10)
r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000000)=ANY=[@ANYBLOB="18000000000000000000000000000000850000007d000000180100002020732600000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000001000000095"], &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000140)={&(0x7f0000000040)='mm_page_alloc\x00', r4}, 0x10)
r5 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x5, 0x4, 0xfff, 0x7, 0x0, 0x1, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000006c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r5, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000010000b70400000000000085000000c300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
r6 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000280)={&(0x7f0000000100)='kmem_cache_free\x00', r6}, 0x10)
r7 = open_tree(0xffffffffffffff9c, &(0x7f0000000640)='\x00', 0x89901)
move_mount(r7, &(0x7f0000000140)='.\x00', 0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x0)
r8 = bpf$MAP_CREATE(0x100000000000000, &(0x7f0000000140)=ANY=[@ANYBLOB="0a00000016000000080000007f"], 0x48)
bpf$BPF_MAP_LOOKUP_AND_DELETE_BATCH(0x19, &(0x7f0000001580)={0x0, 0x0, 0x0, 0x0, 0x8, r8, 0x4}, 0x38)
syz_emit_ethernet(0xa6, &(0x7f00000000c0)={@local, @broadcast, @void, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, "000210", 0x70, 0x3a, 0xff, @remote, @mcast2, {[], @ndisc_ra={0x86, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, [{0x0, 0xa, "a78ce54006598080a8030037004023493b87aafaffffffffffffff23732472eefa45ad96579269748e254c1e4a8a8b3f0ab0c430d3be27df3e34066d42ca0a5c15b37adac15084dbaf736b41e5af1802"}, {0x0, 0x1, "005ff92900ddab4992020900"}]}}}}}}, 0x0)
syz_emit_ethernet(0x5e, &(0x7f00000002c0)=ANY=[@ANYBLOB="ffffffffffff0180c200000086dd60122d9200283a19d4395632cb116c0000000000000000bbff0200000000000000000000000000018900907800000000fe8000000000000000f38b00000000bbfc010000000000000000000000000000fffb9580e21674e0f9b744a40addda6415d8ddc14c7a4e797c4c74bd2c1455ac9c59ed09a92568d5a4781b40753dd82a4975f447c2055959c9fa2460f47c59a832fb36e59a0d6300e8ef5515bcfdd6b8d5eca433b05c6e41a8740e00ebb0b4e58f715dbe15de6b3cd0942718f778bf440be7ec578b995570f82d56e21ffaf1a9995eb3b51f14d3ef8b52e94664320e5848a513928f1bee6c9f4eab6b5a084030fc1ee9"], 0x0)
r9 = socket$nl_route(0x10, 0x3, 0x0)
r10 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r10, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000480)=ANY=[@ANYBLOB="ec0000002100390d0000000000000000ac141400000000000000000000000000e000000200"/64, @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="00000000000000009c001100ff010000000000000000000000000001ffffffff000000000000000000000000ac1414aa000000000000000000000000ac14140000000000000000000000000000f100000000000000000200ff010000000000000000000000000001ffffffff"], 0xec}}, 0x0)
sendmsg$nl_route(r9, &(0x7f0000000280)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000800)=ANY=[@ANYBLOB="5c0000001000030500"/20, @ANYRES32=0x0, @ANYBLOB="0000000000000000340012800e00010069703665727370616e0000002000028006000200300000001400060000000000000000000000ffff7f00000108000a00", @ANYRES32], 0x5c}}, 0x0)
r11 = syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10)
r12 = syz_genetlink_get_family_id$smc(&(0x7f0000000080), 0xffffffffffffffff)
sendmsg$SMC_PNETID_DEL(r11, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000280)={&(0x7f00000000c0)=ANY=[@ANYBLOB='0\x00\x00\x00', @ANYRES16=r12, @ANYBLOB="010080000000000000000202020005000300000000000900010073"], 0x30}, 0x1, 0x40030000000000}, 0x0)

17.345147898s ago: executing program 3 (id=1741):
r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000ac0)=ANY=[@ANYBLOB="1800000000000000000000000000000018010000786c6c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b7030000fdffffff850000002d00000095"], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000080)='sched_switch\x00', r0}, 0x10)
connect$inet(0xffffffffffffffff, 0x0, 0x0)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
r2 = syz_genetlink_get_family_id$SEG6(&(0x7f0000000080), 0xffffffffffffffff)
sendmsg$SEG6_CMD_SETHMAC(r1, &(0x7f00000004c0)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f00000000c0)={0x34, r2, 0x1, 0x0, 0x0, {}, [@SEG6_ATTR_SECRETLEN={0x5, 0x5, 0x1}, @SEG6_ATTR_SECRET={0x8, 0x4, [0x0]}, @SEG6_ATTR_ALGID={0x5}, @SEG6_ATTR_HMACKEYID={0x8, 0x3, 0x1}]}, 0x34}}, 0x0)
syz_genetlink_get_family_id$SEG6(&(0x7f0000000000), r1)
r3 = syz_open_procfs(0x0, &(0x7f0000000140)='ns\x00')
r4 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0)
write$RDMA_USER_CM_CMD_RESOLVE_IP(r4, &(0x7f0000006a40)={0x3, 0x40, 0xfa00, {{0x6000000, 0x0, 0x0, @private0}, {0xa, 0x0, 0x0, @loopback={0xfec0ffff00000000, 0x8e84fffef67c07}}}}, 0x48)
getdents64(r3, 0x0, 0xffb8)
sendmsg$SEG6_CMD_DUMPHMAC(r3, &(0x7f0000000380)={&(0x7f0000000280)={0x10, 0x0, 0x0, 0x2000000}, 0xc, &(0x7f0000000340)={&(0x7f00000002c0)={0x5c, r2, 0x2, 0x70bd25, 0x25dfdbfd, {}, [@SEG6_ATTR_ALGID={0x5, 0x6, 0x9}, @SEG6_ATTR_DSTLEN={0x8, 0x2, 0x6}, @SEG6_ATTR_DST={0x14, 0x1, @ipv4={'\x00', '\xff\xff', @remote}}, @SEG6_ATTR_DST={0x14, 0x1, @mcast1}, @SEG6_ATTR_SECRETLEN={0x5}, @SEG6_ATTR_HMACKEYID={0x8, 0x3, 0x60000000}]}, 0x5c}, 0x1, 0x0, 0x0, 0x40000}, 0x40010)
r5 = socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$SEG6(&(0x7f0000000200), r5)
r6 = socket$nl_generic(0x10, 0x3, 0x10)
r7 = syz_genetlink_get_family_id$SEG6(&(0x7f0000000080), 0xffffffffffffffff)
sendmsg$SEG6_CMD_SETHMAC(r6, &(0x7f00000004c0)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f00000000c0)={0x34, r7, 0x1, 0x0, 0x0, {}, [@SEG6_ATTR_SECRETLEN={0x5, 0x5, 0x1}, @SEG6_ATTR_SECRET={0x8, 0x4, [0x0]}, @SEG6_ATTR_ALGID={0x5}, @SEG6_ATTR_HMACKEYID={0x8, 0x3, 0x1}]}, 0x34}}, 0x0)

5.139250896s ago: executing program 0 (id=1783):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
getpid()
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r0=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, 0x0, &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000600)={&(0x7f00000005c0)='sys_enter\x00', r1}, 0x10)
getdents64(0xffffffffffffffff, 0x0, 0x0)

4.125156859s ago: executing program 0 (id=1785):
r0 = socket$inet6(0xa, 0x2, 0x0)
setsockopt$inet6_MCAST_JOIN_GROUP(r0, 0x29, 0x2a, &(0x7f0000000140)={0x0, {{0xa, 0x0, 0x0, @mcast2}}}, 0x88)
setsockopt$inet6_MCAST_MSFILTER(r0, 0x29, 0x30, &(0x7f0000000b00)={0xb, {{0xa, 0x0, 0x0, @mcast2}}, 0x0, 0x2, [{{0xa, 0x0, 0x0, @remote}}, {{0xa, 0x0, 0x0, @remote}}]}, 0x190)
syz_emit_ethernet(0x4e, &(0x7f0000003680)={@broadcast, @remote, @void, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, "122d92", 0x18, 0x3a, 0xff, @remote, @mcast2, {[], @mld={0x84, 0x0, 0x0, 0xc, 0x7, @dev={0xfe, 0x80, '\x00', 0x3e}}}}}}}, 0x0)

3.565856811s ago: executing program 0 (id=1787):
r0 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r0, &(0x7f0000000200)={0x26, 'hash\x00', 0x0, 0x0, 'sha224-asm\x00'}, 0x58)
socket$netlink(0x10, 0x3, 0x0)
socket$igmp6(0xa, 0x3, 0x2)
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000005000/0x18000)=nil, &(0x7f0000000380)=[@text32={0x20, &(0x7f00000001c0)="b8050000000f01c10f46a78900000066ba2100b067ee66ba2000b000ee6d2f2f800000c00f3266bac0000f3066b808008ed0660f38806f008ee0", 0x3a}], 0x1, 0x0, 0x0, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60)
ioctl$KVM_CREATE_PIT2(r2, 0x4040ae77, &(0x7f0000000140))
r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0)
ioctl$KVM_SET_PIT(r2, 0x8048ae66, &(0x7f0000000080)={[{0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3}]})
ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f00000003c0)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2004cb], 0x0, 0x200})
ioctl$KVM_CAP_ENFORCE_PV_FEATURE_CPUID(r3, 0x4068aea3, &(0x7f0000000200)={0xbe, 0x0, 0x1})
socketpair$unix(0x1, 0x0, 0x0, &(0x7f0000000000))
ioctl$KVM_RUN(r3, 0xae80, 0x0)

2.735723467s ago: executing program 2 (id=1790):
r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
ioctl$EXT4_IOC_GROUP_EXTEND(r0, 0x40086607, &(0x7f0000000000)=0x101)
bind$bt_hci(r0, &(0x7f0000000080)={0x1f, 0xffff, 0x3}, 0x6)
setsockopt$sock_int(r0, 0x1, 0x29, &(0x7f0000000300)=0x20, 0x4)
r1 = socket$nl_xfrm(0x10, 0x3, 0x6)
setsockopt$netlink_NETLINK_ADD_MEMBERSHIP(r1, 0x10e, 0x1, &(0x7f0000000400)=0x1, 0x2c)
socket$inet6(0xa, 0x3, 0x1)
mkdir(&(0x7f0000000300)='./bus\x00', 0x80)
r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='freezer.self_freezing\x00', 0x275a, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x1000003, 0x10, r2, 0x0)
sendmsg$alg(0xffffffffffffffff, &(0x7f0000000400)={0x0, 0x0, &(0x7f00000004c0)=[{&(0x7f0000000a40)}], 0x1}, 0x0)
ioctl$FS_IOC_SETFLAGS(r2, 0xc0189436, &(0x7f0000000140))
socket$nl_generic(0x10, 0x3, 0x10)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r3, 0x8933, &(0x7f0000000100)={'wlan0\x00'})
sendmsg$NL80211_CMD_DEL_KEY(0xffffffffffffffff, 0x0, 0x0)
syz_open_dev$loop(&(0x7f0000000000), 0x0, 0x0)
r4 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000040), 0x42002)
write$sndseq(r4, &(0x7f0000000000)=[{0x84, 0x77, 0x0, 0x0, @tick, {}, {}, @raw32}], 0xffc8)
r5 = openat$sndseq(0xffffffffffffff9c, &(0x7f00000018c0), 0x0)
r6 = syz_open_procfs$userns(0xffffffffffffffff, &(0x7f0000000000))
ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_CLIENT(r5, 0x404c534a, &(0x7f00000001c0)={0x0, 0x0, 0x9})
dup2(r6, r5)

2.557943504s ago: executing program 0 (id=1791):
syz_mount_image$hfsplus(&(0x7f0000000600), &(0x7f00000004c0)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x800810, &(0x7f0000000640)=ANY=[], 0x1, 0x669, &(0x7f0000001000)="$eJzs3c1vHGcdB/DvrDd2Ni3BTZM2oEq1GgkQFolf5IK5EBBCPlSoKgfOVuI0VjZpsV3kVog6vF576B9QDr4gTkjcIxUOXODWG/KxEhKXXjCnRTs7a6/XL10njb1pP59o9nmeeWae+T2/2Zl9saIN8IW1MJn6gxRZmHxlvd3e2pxtbm3O3u3Wk4wl2UjqSWpJiv+2Wq0Pk+tJsTNM0Vfu8/7y/GsffbL1cadVr5Zy+9pR+/WpttvoW73RXTeRZKQqH8Ge8W488njFTuTXk1ypSjh1Z5K09vjZ35/e6enROGjvsycSI/B4FZ3XzX3Gk3PVhd5+H9B95a2dbHSDGxtwu/53EAAAAPCkGeQz8Je3s5314vwJhAMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACfCxu7v/9fVEutW59I0f39/9FqXar6cHnxeJs/eFxxAAAAAAAAAMAJenE721nP+W67VZR/83+pbFwsH5/KW1nNUlZyNetZzFrWspLpJOM9A42uL66trUwPsOfMgXvOfEqgY1XZ+GzmDQAAAAAAAACfM7/Kwu7f/wEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAYBgUyUinSHG/Z/V4avUkZ5OMtldsJP/s1p9kD047AAAAADgBY8l21nO+224VuZjkufI7gLN5K/eyluWspZml3Cy/F+h86q9tbc42tzZn77aX/eN+/z/HCqMcMZ3vHg4+8uVyi0ZuZblcczU38kaauZlauWfb5Sqe7qh9cd1vx1R8rzJgZDersj3z96pyn3ePNdnDHPPLlPEyI2d2MjJVxdbOxjPdM3PwGTrm2ek/0nRqO8Fe7DvS6N7JPFTOz1Vlez6/Oyznp6I/EzM9z77njs558vW//OmnU1V9eKY0mJGqbJWPjf2ZmO3JxPODZOJ2896d27dWJ5+0TOwzVWbi0k57IT/KTzKZibyalSzn51nMWpYykR+WtcXq5Bc9l/whmbq+p/Xqp0UyWj1DOyfreDG9VO57Psv5cd7IzSzl5fLfTKbz7cxlLvM9Z/jS0We4vOprh1z1rS8dGPyVb1SVRpLfV+VwaOf1mZ689t5zx8u+3jW7WbowQJaOeW+sf7WqtI/x66ocDv2ZmO7JxLNHZ+IP5W1ltXnvzsrtxTcHO9yF96pK+zr6bTIxPDeS9vPlQvtkla29z45237MH9k2XfRd3+mr7+i7t9HWu1I1Dr9TR6j3c/pFmyr7nD+ybLfsu9/Qd9H4LgKF37pvnRhv/bvyj8UHjN43bjVfO/mDsO2MvjObMX898tz418rXaC8Wf80F+ufv5HwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAeHirb79zZ7HZXFrpq7RarXcP6RqwUq+O8JC7P0IlE/96qn3kA7q6P2d2gvF85enk5OY+rJX/tVqtak1xyDZ//NvQJKpVGYrUnVLl9O5JwMm4tnb3zWurb7/zreW7i68vvb50b35ubn5qfu7l2Wu3lptLU53H044SeBx2X/RPOxIAAAAAAAAAAABgUCfx3wlOe44AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADAk21hMvUHKTI9dXWq3d7anG22l259d8t6klqS4hdJ8WFyPZ0l4z3DFYcd5/3l+dc++mTr492x6t3ta0ftN5iNaslEkpFOef+zGu9GVR6pOGoKxc4M2wm70k0cnLb/BwAA//+o5gZ+")
r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000300), 0x2, 0x0)
mount$fuse(0x0, &(0x7f00000020c0)='./file0\x00', &(0x7f0000002100), 0x0, &(0x7f00000003c0)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r0, @ANYBLOB=',rootmode=00000000000000000040000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0])
mount$bind(&(0x7f0000000100)='./file0\x00', &(0x7f0000000040)='./file0\x00', 0x0, 0x103ba52, 0x0)
pipe2$9p(&(0x7f0000000240)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r2, &(0x7f0000000080)=ANY=[@ANYBLOB="1500000065ffff097b000008003950323030302e4c"], 0x15)
r3 = dup(r2)
write$FUSE_BMAP(r3, &(0x7f0000000100)={0x18}, 0x18)
write$FUSE_DIRENTPLUS(r3, &(0x7f0000000300)=ANY=[@ANYBLOB="b000000000000000"], 0xb0)
mount$9p_fd(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f0000000b80), 0x0, &(0x7f0000000580)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r1, @ANYBLOB=',wfdno=', @ANYRESHEX=r3, @ANYBLOB=',privport,access=', @ANYRESDEC])
mount$bind(&(0x7f0000000300)='./file0\x00', &(0x7f00000000c0)='./file0\x00', 0x0, 0x11080, 0x0)
mount$bind(&(0x7f0000000240)='.\x00', &(0x7f0000000280)='./file0\x00', 0x0, 0x1005848, 0x0)
r4 = syz_open_procfs(0xffffffffffffffff, &(0x7f00000001c0)='mounts\x00')
read$FUSE(r4, &(0x7f0000005080)={0x2020}, 0x204d)

2.436836515s ago: executing program 2 (id=1793):
r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000ac0)=ANY=[@ANYBLOB="1800000000000000000000000000000018010000786c6c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b7030000fdffffff850000002d00000095"], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000080)='sched_switch\x00', r0}, 0x10)
connect$inet(0xffffffffffffffff, &(0x7f00000009c0)={0x2, 0x4e24, @dev={0xac, 0x14, 0x14, 0x21}}, 0x10)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
r2 = syz_genetlink_get_family_id$SEG6(&(0x7f0000000080), 0xffffffffffffffff)
sendmsg$SEG6_CMD_SETHMAC(r1, 0x0, 0x0)
syz_genetlink_get_family_id$SEG6(&(0x7f0000000000), r1)
r3 = syz_open_procfs(0x0, &(0x7f0000000140)='ns\x00')
r4 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0)
write$RDMA_USER_CM_CMD_RESOLVE_IP(r4, &(0x7f0000006a40)={0x3, 0x40, 0xfa00, {{0x6000000, 0x0, 0x0, @private0}, {0xa, 0x0, 0x0, @loopback={0xfec0ffff00000000, 0x8e84fffef67c07}}}}, 0x48)
getdents64(r3, 0x0, 0xffb8)
sendmsg$SEG6_CMD_DUMPHMAC(r3, &(0x7f0000000380)={&(0x7f0000000280)={0x10, 0x0, 0x0, 0x2000000}, 0xc, &(0x7f0000000340)={&(0x7f00000002c0)={0x5c, r2, 0x2, 0x70bd25, 0x25dfdbfd, {}, [@SEG6_ATTR_ALGID={0x5, 0x6, 0x9}, @SEG6_ATTR_DSTLEN={0x8, 0x2, 0x6}, @SEG6_ATTR_DST={0x14, 0x1, @ipv4={'\x00', '\xff\xff', @remote}}, @SEG6_ATTR_DST={0x14, 0x1, @mcast1}, @SEG6_ATTR_SECRETLEN={0x5}, @SEG6_ATTR_HMACKEYID={0x8, 0x3, 0x60000000}]}, 0x5c}, 0x1, 0x0, 0x0, 0x40000}, 0x40010)
r5 = socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$SEG6(&(0x7f0000000200), r5)
r6 = socket$nl_generic(0x10, 0x3, 0x10)
r7 = syz_genetlink_get_family_id$SEG6(&(0x7f0000000080), 0xffffffffffffffff)
sendmsg$SEG6_CMD_SETHMAC(r6, &(0x7f00000004c0)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f00000000c0)={0x34, r7, 0x1, 0x0, 0x0, {}, [@SEG6_ATTR_SECRETLEN={0x5, 0x5, 0x1}, @SEG6_ATTR_SECRET={0x8, 0x4, [0x0]}, @SEG6_ATTR_ALGID={0x5}, @SEG6_ATTR_HMACKEYID={0x8, 0x3, 0x1}]}, 0x34}}, 0x0)

2.205915756s ago: executing program 0 (id=1795):
socket$kcm(0x11, 0x200000000000002, 0x300)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
sendmsg$inet(r1, &(0x7f0000001b00)={0x0, 0x0, 0x0, 0x0, &(0x7f0000001d80)=ANY=[@ANYBLOB="28010000000000000100000001"], 0x128}, 0x0)
recvmsg$unix(r0, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000080), 0x100}, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000002c80)={0x0, 0x5, &(0x7f0000000380)=ANY=[@ANYBLOB="18020000010000000000000000000000850000005300000085000000050000009500000000000000a94be0c51261be6a99fe3d0000a232d5e1f59f18f845f82e9a7bde9e8f4b9197701b547edf612a03f1737d95"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90)
r2 = socket$kcm(0x11, 0x200000000000002, 0x300)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000000c0)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
sendmsg$kcm(0xffffffffffffffff, &(0x7f0000003840)={0x0, 0x0, &(0x7f0000000500)=[{&(0x7f0000000380)="fbe6bd8dfcdda5a210b8cfefbd66f459c7261b927d25d3cf74d2f7c97735eba47f606a290d18492592230700000000000000081fdbd921ed4db0e67c9d5ab1452445a1e0da5ac68b13f4afe2712eeaad350d07", 0x53}], 0x1}, 0x0)
close(r4)
recvmsg$unix(r3, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x0, &(0x7f00000003c0)=[@rights={{0x14, 0x1, 0x1, [<r5=>0xffffffffffffffff]}}], 0x18}, 0x0)
setsockopt$sock_attach_bpf(r2, 0x107, 0x12, &(0x7f00000008c0)=r5, 0x4)
r6 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100), 0xc1842, 0x0)
ioctl$TUNSETIFF(r6, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101})
r7 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
socketpair(0x1, 0x1, 0x0, &(0x7f0000000200))
ioctl$SIOCSIFHWADDR(r7, 0x8914, &(0x7f00000000c0)={'syzkaller0\x00', @broadcast})
write$cgroup_devices(r6, &(0x7f0000000140)=ANY=[@ANYBLOB="1e000300008c71ef28ff4b"], 0xffdd)

2.178926999s ago: executing program 2 (id=1796):
r0 = socket$inet6_sctp(0xa, 0x1, 0x84)
setsockopt$inet_sctp6_SCTP_RECONFIG_SUPPORTED(r0, 0x84, 0x75, &(0x7f0000000000)={0x0, 0xca}, 0x8)
setsockopt$inet_sctp_SCTP_SOCKOPT_BINDX_ADD(r0, 0x84, 0x64, &(0x7f0000000280)=[@in6={0xa, 0x4e23, 0x0, @loopback}], 0x1c)
sendmmsg$inet6(r0, &(0x7f0000003c40)=[{{&(0x7f0000000080)={0xa, 0x4e23, 0x0, @loopback}, 0x1c, &(0x7f0000000240)=[{&(0x7f0000000140)="03", 0x1}], 0x1}}], 0x1, 0x0)
setsockopt$inet_sctp6_SCTP_RESET_STREAMS(r0, 0x84, 0x77, &(0x7f0000000500)={0x0, 0x400, 0x1, [0xff]}, 0xa)

2.074486348s ago: executing program 4 (id=1797):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r0, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000340)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0)
sendmsg$NFT_BATCH(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000001400)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a50000000060a0b040000000000000000020000002400048020000180070001006374000014000280080002400000000f08000140000000020900010073797a30000000000900020073797a320000000014000000110001"], 0x78}}, 0x0)
socket$inet_mptcp(0x2, 0x1, 0x106)
setsockopt$SO_BINDTODEVICE(0xffffffffffffffff, 0x1, 0x19, 0x0, 0x0)
sendto$inet(0xffffffffffffffff, 0x0, 0x0, 0x20000800, &(0x7f0000000080)={0x2, 0x0, @remote}, 0x10)
getsockname$packet(0xffffffffffffffff, 0x0, 0x0)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
bind$netlink(r1, &(0x7f0000000140)={0x10, 0x0, 0x0, 0x2ffffffff}, 0xc)
syz_emit_ethernet(0x36, &(0x7f00000000c0)={@local, @dev, @void, {@ipv4={0x800, @tcp={{0x5, 0x4, 0x0, 0x0, 0x28, 0x0, 0x0, 0x0, 0x6, 0x0, @remote, @local}, {{0x0, 0x4e22, 0x41424344, 0x41424344, 0x0, 0x6, 0x5, 0x2}}}}}}, 0x0)
socket$kcm(0x10, 0x3, 0x10)
syz_emit_ethernet(0xce, &(0x7f00000008c0)={@local, @empty, @void, {@ipv4={0x800, @udp={{0x9, 0x4, 0x0, 0x0, 0xc0, 0x0, 0x0, 0x0, 0x11, 0x0, @dev, @local, {[@timestamp={0x44, 0xc, 0x8, 0x0, 0x0, [0x0, 0x0]}, @rr={0x7, 0x3, 0xd7}]}}, {0x0, 0x0, 0x9c, 0x0, @wg=@initiation={0x1, 0x0, "6fdfa0d2001efbb3e29a4ac275ca11b984ff5def6ed2e4ea9bc0eabdd34c732b", "df23520b57e4c98679c7795a27c7bf3e7d776b600ba8d82d6ba417e219edd86fb708441efcf75fe803412dae374281c2", "5df814aa2e34e4f8a759805b993e2d69a8f476de686861a9850edbe3", {"2cfee9b9d5b0b2b171b51f9174963b0c", "e40ca7e0a7b4bbc4bc9720c876a57954"}}}}}}}, 0x0)

1.925748862s ago: executing program 2 (id=1798):
r0 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000040)='/proc/schedstat\x00', 0x0, 0x0)
lseek(r0, 0xd759, 0x1)
syz_read_part_table(0x5fd, &(0x7f0000000d00)="$eJzs2z9olGccB/DvxVzOP9B0cHKpcegkFMXRDFWSU7EQTqUQHLS1iJgpQuCkhwc6tBkUM0jHLlK4ReNkzOBQFIXORRxahAwuBV2kdshbrvc2rfaPR8kNxc9n+T338rvn+/zgWZ/wvzaUarkqar+VDz751/5i9I91O8c6E5MHi6IojiaVHE81Y9++s5hkOK/umh1JRv60z/WvNy9/+fxAtfP4yIv3T9ybH1rbs5Z3k2wZeePRa/1PyaDcGL8/evHSbP1y90e9tbL6cXLz2URj6fD8wuKh6v5T3e8Xkgdlf+9ibMq5NHM+Z3Ny+L+kVl7Jb3fzm+NnHtVbK191nuxa3Vbv3D699+X25St3dydz3Yip1/6XN9+vvqzNX+bPjV2dXmjt23lr67U9zTsPG083/Fz0lJHV9ckFAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAwbozfH714abZ+uTl+5lG9tfLF9999dPPZRGPp8PzC4qGR/afKvgdlHS7ruTRzPmdzMjOZyWeZ7T9yuvKP+b9sTp7sWt1W79w+vffl5PKVu7vLvqn1GPZvvD7/3NjV6YXWvp23tl7b07zzsPF0Q69vppZPU+2tawM6CwAAAAAAAAAAAAAAAAAAAG+vicmD26c+bBxNKjm+MclPnw91vxflI/ff3+rvKOsPtWRTkusbk/bzA9XO4yMvRk7cm/+x7G+nlnaSLd8sHUveW8u58JfkyqBHow+/BgAA//8hVpWc")
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000000))
creat(&(0x7f0000000040)='./bus\x00', 0x0)
mount(&(0x7f0000000380)=@loop={'/dev/loop', 0x0}, &(0x7f0000000140)='./bus\x00', 0x0, 0x1000, 0x0)
open(&(0x7f00000005c0)='./bus\x00', 0x147842, 0x0)
r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="1801000000000000000000000000ea04850000007b00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x78)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='kmem_cache_free\x00', r1, 0x0, 0xfffffffffffffffd}, 0x18)
syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f0000000080)='./file0\x00', 0x2200c407, &(0x7f0000000440)={[{@dioread_lock}, {@debug}, {@abort}, {@init_itable_val={'init_itable', 0x3d, 0xebdc}}, {@auto_da_alloc}, {@grpjquota, 0x2e}, {@nouid32}, {@delalloc}, {@jqfmt_vfsv1}, {@acl}], [], 0x2c}, 0x84, 0x4da, &(0x7f0000000f40)="$eJzs3M1vFOUfAPDvbF+gvLXw4/f7yYuyikYi2tKCysEDGk24mJjoAY+1VIIUMLQmQohUY/Bo/AvUo4mJJy+eNDFGPfly1bsxIYYLSKKumdmZdpfult3t0or7+SS7fZ6ZZ+Z5vjPz7Lw83Q2gZ5XTtyRiU0T8FBHD1Wx9gXL1z/WrF6d+v3pxKolK5fnfkqzctasXp4qixXIb88wPFyJKbyexq0G9s+cvnJqcmZk+l+fH5k6/OjZ7/sIjJ09Pnpg+MX1m4vDhQwfHH39s4tGuxJnGdW3nG2d37zj64nvPTlXipW8+Ttu7KZ9fG0fVyIrrLEc5KrnFqYPZ+wMrXvs/y+aadNLfsEiyao2hZX0Rke6ugaz/D0dfLO684XjmrYXMl2vUQOC2Sc9NW5dM7cv/lhbOX8C/UdJRH/+j+w0BVllxxk/vf4tXMe3GKl2DrKUrT6bv01n81/NXxFB2V1RKb1pHqnfsfU2WP9J0za3d7m6KiGPzN95PX9HwOQQAQHd9nl7/PNzo+q8U/6sptyUfQxmJiP0RsS0i/hMR2yPivxFZ2f9HxF1t1l++Kb/0+uf7oY4Ca1F6/fdEPra1eP0XWfxVyUJucxb/QPLyyZnpA/k22RcD69L8+DJ1fPH0j+82m1euuf5LX2n9xbVg3o5f+9fVL3N8cm5yBSHXufJmxM7+RvEnCyMB6RbYERE7O1h/us1OPvTR7jS9ZePS+beOfxmNx5naUvkw4sHq/p+Pm+IvJNWamo1Pjq2PmekDY8VRsdS3311+rjY/UJOui399azGt7zTYBtL9v6Hh8Z/HX3SDYrx2tv06Lv/8TtN7mqX7P4lj87Ul+iM7/ms+BdLjfzB5IUsP5tNen5ybOzceMZhPqJs+sbhskS/Kp/Hv29u4/2+L+PODfLldEZEexHdHxD0RsSdv+70RcV9E7F0m/q+fuv+V5bdQ8+O/2X1nt6TxH19u/0eMJLXj9R0k+k599Vmz+lv7/DuUpfblU1r5/Gu1gSvZdgAAAHCnKGVj0ElptEjXPJzaHhtKM2dn5/aX47Uzx6tj1SMxUCqedA3XPA8dz58NF/mJm/IHI2Jr9p9GQ1l+dOrszOa1DBzIvqtT1/+jVBodrc775XY/fATWXlvjaLX/1/bJp91vDLCqujCODtyh9H/oXfo/9C79H3pXo/5/KeL6GjQFWGXO/9C79H/oXfo/9C79H3rS0q/EFz+00Mk3/RcT245miWJlHa+ncWJoxSusDHezPQuJ+faX6rsNzUgTUfujHU0TSUR0VkWUli8z2ELtq5CIiL8qEVE/q3TLxY90uFnaSOzJE+va6CCX2tyqnUexdp9JAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA3fR3AAAA//8xTNft")
syz_mount_image$vfat(&(0x7f00000001c0), &(0x7f0000000e80)='./file0\x00', 0x10082, &(0x7f0000000b00)=ANY=[@ANYBLOB="756e695f786c6174653d312c726f6469722c756e695f786c6174653d302c73686f72746e616d653d77696e6e742c757466383d302c73686f72746e616d653d6d697865642c726f6469722c696f636861727365743d63703433372c756e695f786c6174653d302c6572726f72733d72656d6f756e742d726f2c757466383d312c757466383d312c73686f72746e616d653d77696e39352c73686f77657865632c756e695f786c6174653d312c73686f72746e616d653d77696e39352c71756965742c004812981d", @ANYRES16=0x0, @ANYRESOCT], 0x2, 0x2ad, &(0x7f0000000280)="$eJzs3T9vI0UUAPC3jmMbKOyCCiGxEhRUUZKWxgElUoQrkAuggIgkEootpESKxB9hUtHSUPIJkJDoaPkANPcNTrr2pOsuRaQ9rb0bOznHOZ/i5P78fk0ms+/NvJmMHKXYyTfv9g9209g/+fl+NBpJVNrRjtMkWlGJ0q9xQfv3AABeZqdZFo+ykXnykohoLK4sAGCB5v79/8/CSwIAFuzzL778dKPT2fwsTRux1f/tuJv/ZZ9/HT3f2I/vohd7sRrNOIvIzo3aW1mWDapprhUf9AfH3Tyz//X/xfgbDyOG+WvRjNaw62L+dmdzLR2ZyB/kdbxZzN/O89ejGW9PmX+7s7k+JT+6tfjw/Yn6V6IZ976N76MXu8Mixvm/rKXpJ9kfj3/6Ki8vz08Gx936MG4sW7rlHw0AAAAAAAAAAAAAAAAAAAAAAK+wleLunHoM7+/Ju4r7d5bO8m+WIy21Lt7PM8pPyoEu3Q80yOLP8n6d1TRNsyJwnF+Nd6pRvZtVAwAAAAAAAAAAAAAAAAAAwIvl6IcfD3Z6vb3DG2mUtwGUr/U/7zjt857q4XsxO7g+nqtSNGeMHEtlTBIxs4x8ETe0Ldc13riq5r/+nnfAxvUxy+O5olVsxg2vqzxdBzvJ9D2sR9nTKA/Jv5MxtXjGuWpXPcrmOn61qY+ac6+99tawMZgRE8mswj56MNq5oie5vIracFenpi8XjYn0S2djrvP89GdFkiziEwgAAAAAAAAAAAAAAAAAACiNX/qd8vBkZmolqy+sLAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAC4VeP//z9HY1Akj3r++3hGcC0Oj+54iQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAALwGngQAAP//4gNebw==")
bpf$BPF_GET_PROG_INFO(0xf, &(0x7f00000008c0)={0xffffffffffffffff, 0xe0, &(0x7f00000007c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, &(0x7f0000000100)=[0x0, 0x0], &(0x7f0000000200), <r2=>0x0, 0x41, &(0x7f0000000240)=[{}, {}, {}, {}], 0x20, 0x0, 0x0, &(0x7f0000000740), 0x8, 0x49, 0x8, 0x0, 0x0}}, 0x10)
r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000540)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b703000000000080850000000400000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0xa, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, r2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000002c0)={&(0x7f0000000000)='kmem_cache_free\x00', r3}, 0x10)
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x1, &(0x7f00000000c0)=[{0x200000000006, 0x0, 0x0, 0x7ffc1ffb}]})
r4 = bpf$TOKEN_CREATE(0x24, &(0x7f0000000080), 0x8)
r5 = bpf$PROG_LOAD(0x5, 0x0, 0x0)
r6 = openat$rtc(0xffffff9c, 0x0, 0x0, 0x0)
ioctl$BTRFS_IOC_TREE_SEARCH(r6, 0x7005, 0x0)
readv(r6, &(0x7f0000000000)=[{&(0x7f00000012c0)=""/191, 0x4}], 0x1)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000180)='rtc_irq_set_state\x00', r5}, 0x18)
open(&(0x7f00000005c0)='./bus\x00', 0x147a42, 0x0)
mount$9p_rdma(&(0x7f00000003c0), &(0x7f0000000400)='./bus\x00', 0x0, 0x0, &(0x7f0000000600)=ANY=[@ANYBLOB="7472616e733d72646d612c706f72743d30783030309b71bfefd4e1adf81e30bb66df1e8a82af030079ac83d07f9a875c42035371e3e2226b0d504178bb62bc7632c4b64cd193189c06212b14f600"/91])
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000100)={&(0x7f0000000480)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x60, 0x60, 0x4, [@enum={0x5, 0x7, 0x0, 0x6, 0x4, [{0xa, 0x6}, {0xc, 0xb}, {0xa, 0x8}, {0x3, 0x4e}, {0x6, 0x1}, {0x4, 0x6}, {0x10000f, 0x9}]}, @var={0x9, 0x0, 0x0, 0xe, 0x1}, @fwd={0x7}]}, {0x0, [0x5f, 0x61]}}, 0x0, 0x7c, 0x0, 0x0, 0x7, 0x10000, @value=r4}, 0x28)
r7 = socket$packet(0x11, 0x3, 0x300)
ioctl$sock_SIOCGIFINDEX(r7, 0x8933, &(0x7f00000001c0)={'bridge0\x00'})
socket$nl_route(0x10, 0x3, 0x0)
r8 = socket$inet6_udp(0xa, 0x2, 0x0)
ioctl$sock_SIOCGIFINDEX(r8, 0x8933, 0x0)

1.924789112s ago: executing program 4 (id=1799):
r0 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r0, &(0x7f0000000200)={0x26, 'hash\x00', 0x0, 0x0, 'sha224-asm\x00'}, 0x58)
socket$netlink(0x10, 0x3, 0x0)
socket$igmp6(0xa, 0x3, 0x2)
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000005000/0x18000)=nil, &(0x7f0000000380)=[@text32={0x20, &(0x7f00000001c0)="b8050000000f01c10f46a78900000066ba2100b067ee66ba2000b000ee6d2f2f800000c00f3266bac0000f3066b808008ed0660f38806f008ee0", 0x3a}], 0x1, 0x0, 0x0, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60)
ioctl$KVM_CREATE_PIT2(r2, 0x4040ae77, &(0x7f0000000140))
r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0)
ioctl$KVM_SET_PIT(r2, 0x8048ae66, &(0x7f0000000080)={[{0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3}]})
ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f00000003c0)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2004cb], 0x0, 0x200})
ioctl$KVM_CAP_ENFORCE_PV_FEATURE_CPUID(r3, 0x4068aea3, &(0x7f0000000200)={0xbe, 0x0, 0x1})
socketpair$unix(0x1, 0x0, 0x0, &(0x7f0000000000))
ioctl$KVM_RUN(r3, 0xae80, 0x0)

1.646085378s ago: executing program 0 (id=1800):
r0 = syz_open_dev$sndctrl(&(0x7f0000001440), 0x0, 0x0)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0xb, 0x10010, r0, 0x308ce000)
pipe2$9p(0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x4)
r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0)
r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0)
syz_mount_image$hfsplus(&(0x7f0000000000), &(0x7f0000000080)='./file0\x00', 0x80000c, &(0x7f00000003c0)=ANY=[@ANYBLOB="706172743d3078300002a27f9edc6b44900000c63d5f852c6769643d", @ANYRESOCT, @ANYRESOCT=0x0, @ANYRES8, @ANYRES32, @ANYRES8, @ANYBLOB="2c6e03d465636f6d706f73652c6769643d29ab72f4a2f73b811c7fd9bae7ecd520839bd791f81b6637f549a77ac6cb621635f9c08b2615964a3c43b727df50d049dc760465dea7349206240e6fb4756f276c72f20bab7d507fe4853b18ebe583cbf9009044b021249834326e80399ca072639251325e38177eef4f05093acfe76553919ecca99460ea4ebdbcef9c4e0ed3f10f86889116979b7aa52b38442546b806d6b8964f99a04195ad43adb611", @ANYRES16, @ANYBLOB="4599"], 0x1, 0x701, &(0x7f00000009c0)="$eJzs3UtoHOcdAPD/rFaPVcGREz/SEsgSQ1oqaksWSqte6pZSdAglpIeeF1uOF6/lIClFNqVR+rj3kFNP6UG30ENJ74b23BAo6VHHQCGXnHRTmdmZ3Vlptbuy9Yrz+4mZ+Wa+x3zzn52ZfSC+AL6xlmej+iSSWJ59czNd39leaI1tL0zm2a2ImIiISkQ1Ikk3JauR5d7Kp/h25Dml5QEfNpfe/vyrnS/aa9V8yspXBtXrY+Lgpq18inpEjOXLg8YPafGT/bvvae/2oe2NKukcYRqwa0Xg4i/P1Co8s70Dtjp5H/8nm3fK9Kl+lOsWOKeS9nMz173UZyKmI2Iqov3Uz+8OldPv4fHaOusOAAAAwFHVjl7lhd3Yjc24cBLdAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgOdVPv5/kk+VIl2PpBj/fyLfFnn6HBo+EOJnk+3lk5PvDAAAAAAAAACcuFd3Yzc240Kxvpdkv/m/VvqN/1vxXqzHSqzF9diMRmzERqzFfETMlBqa2GxsbKzNZzUjLg2oeTM+7VPz5uF9vNW7mhzHcQMAAAAAAADAOTY1JP/++MFtv4/l7u//AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABwHiQRY+1FNl0q0jNRqUbEVFFuK+LTiJg4294eSdJv45PT7wcAAAA8k6ne1WRqhDovvB+7sRkXivW9JPvMfyX7vDwV78VqbEQzNqIVK3En/wydfuqv7GwvtHa2Fx6k08F2f/rlkbqetRjt7x767/nlrEQt7kYz23I9bkcSe5lK3srLO9sL6fJB/359kPYp+UluQG/GSuk76ezqJ1n6z73fIlSPdIgj2t9o5dCSM1nueCcic3nf0hoXiwj0j8TQs1MduKf5qHS++bk0eE/9Y/7B4L1P7yvV95ubM7E/Ejej0jlDVwZHIuK7//j41/daq/fv3V2fPT+H1Nf7Q0vsj8RCKRJXn6NIDDeXReJyZ305fhG/itn4cvKtWItm/CYasREr9SK/kb+e0/nM4Eh9Nl1ee2tYT9Jrst65f/XrUz16+hT1+HmWasRr2Tm9EM1I4mFErMQb2d/NmO/cDbpn+PIIV31lhDttybXvZYtOmKJ2eNm/jdbkcUnjerEU1/I9dybLK2/pRunFvlEqnnWjP49Kqt/JE2kLfxj4fDht+yMxX4rES4e9Xtoh/eteOl9vrd5fu9d4d8T9vZ4v0+voTwOeEifymB4oPcMvxlR+cBezeZJdU3NZ3kudXhXx+m8zYj7Lu9RppfeJm+Zd7tRrX6m/jIdxp+dK/WEsxmIsZaWvZKXHDzyx0ryrnZZ67+FpXvpOq9r5Yaf8futhtNrvhyK2vva3bYDn2fT3pydq/6v9u/ZR7Y+1e7U3p342+aPJVyZi/F/jP67Ojb1eeSX5e3wUv+t+/gcAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAJ7e+qPH9xut1spa/0Slf1YyuFajtVcMJDagTE8iyYfKGaFwsv7o8d7QBgcnJvPuPWX140wUozUOL1w/wW4kW/vP19Twc1GM8jTCLpJ8mMrSSysinrrPxZ67W8bPwancn6gfuVb9wHHlieIFWyp89Fdvrd/5GouIfoWH3DjGjuHmA5ypGxsP3r2x/ujxD5oPGu+svLOyOr64uDS3tPjGwo27zdbKXHteqnD6o+oBJ6T8dqJjIiJeHV53wECtAAAAAAAAAAAAwAk6jf+FOOtjBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAL7elmej+iSSmJ+7Ppeu72wvtNKpSHdLViOiEhHJbyOSf0bcivYUM6XmksP282Fz6e3Pv9r5ottWtShfidg6tN6gNru28inqETGWL59BT3u3h7c30U1O9slOOkeRBuxaETg4a/8PAAD//9qm8z8=")
ioctl$KVM_CREATE_IRQCHIP(r3, 0xae60)
r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r4, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000300)=[@text64={0x40, &(0x7f0000000200)="f7790066baa00066b86b4266ef66ba420066b8e20066ef0f29902cbb0000c4e2b1ba8c88d9000000666666440f38826b410f7842280f07b8010000000f01d9c4033921820f47a753fd", 0x49}], 0x1, 0x0, 0x0, 0x0)
clock_adjtime(0x0, &(0x7f00000004c0)={0xc5, 0x0, 0xfffffffffffffff9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200004, 0x0, 0x0, 0x0, 0x0, 0x7})
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r5 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r5, &(0x7f0000019680)=""/102392, 0x18ff8)
ioctl$KVM_SET_VCPU_EVENTS(r4, 0x4400ae8f, &(0x7f0000000140))
mremap(&(0x7f00007ff000/0x4000)=nil, 0x4000, 0x4000, 0x3, &(0x7f0000580000/0x4000)=nil)
ioctl$KVM_RUN(r4, 0xae80, 0x0)

1.024406675s ago: executing program 2 (id=1802):
ioctl$sock_ipv4_tunnel_SIOCCHGTUNNEL(0xffffffffffffffff, 0x89f3, &(0x7f0000000000)={'sit0\x00', &(0x7f00000002c0)={'syztnl1\x00', 0x0, 0x0, 0x0, 0x0, 0x0, {{0x26, 0x4, 0x0, 0x0, 0x98, 0x0, 0x0, 0x0, 0x0, 0x0, @broadcast, @remote, {[@timestamp={0x44, 0x1c, 0x0, 0x0, 0x0, [0x401, 0x1000, 0x5, 0x40000, 0x5, 0x0]}, @timestamp_prespec={0x44, 0x34, 0xc0, 0x3, 0x0, [{@multicast1, 0x5}, {@dev, 0x659}, {@broadcast, 0x8000}, {@empty}, {@multicast1, 0xffd1fc}, {@private=0xfffffffd, 0x7}]}, @timestamp_prespec={0x44, 0x24, 0x0, 0x3, 0x0, [{@multicast2, 0x3}, {@private=0xa010101}, {@empty}, {@broadcast}]}, @noop, @noop, @lsrr={0x83, 0xb, 0x0, [@private, @rand_addr]}]}}}}})
r0 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='memory.numa_stat\x00', 0x275a, 0x0)
write$binfmt_script(r1, &(0x7f0000000240), 0x208e24b)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x280000b, 0x28011, r1, 0x0)
r2 = dup(r0)
r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r0, 0x4020ae46, &(0x7f0000000080)={0x0, 0x2, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
ioctl$UFFDIO_REGISTER(0xffffffffffffffff, 0xc020aa00, &(0x7f0000000080)={{&(0x7f00000e2000/0xc00000)=nil, 0xc00000}, 0x1})
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r3, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000300)=[@text64={0x40, 0x0}], 0xffff, 0x0, 0x0, 0x0)
syz_kvm_setup_cpu$x86(r0, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000200)=[@text64={0x40, 0x0}], 0x1, 0x0, 0x0, 0x0)
ioctl$KVM_REGISTER_COALESCED_MMIO(r0, 0x4010ae67, &(0x7f00000001c0)={0x0, 0xd000})
ioctl$KVM_NMI(r3, 0xae9a)
ioctl$KVM_RUN(r3, 0xae80, 0x0)

1.022846605s ago: executing program 4 (id=1803):
bpf$MAP_CREATE(0x0, &(0x7f0000000180)=@base={0x16, 0x0, 0x4, 0xff, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
syz_mount_image$ext4(&(0x7f0000000240)='ext4\x00', &(0x7f0000000280)='./mnt\x00', 0x840, &(0x7f0000000540)={[{@test_dummy_encryption}]}, 0x1, 0x236, &(0x7f0000000300)="$eJzs3TFoM2UcBvDnLomf/b4gVRdBUEFEtFDqJrjURaEgpYgIKlREXJRWqC1urZOLg84qnVyKuFkdpUtxUQSnqh3qImhxsDjoELlcK9VGFFNz8t3vB5fcJe97//e4e95kOS5Aa00nmU/SSTKTpJekON/grnqZPt3cntpfTgaDx38shu3q7dpZv2tJtpI8mGSvLPJiN9nYffro54NH731jvXfPe7tPTU30IE8dHx0+dvLu4usfLjyw8fmX3y8WmU//D8d1+YoRn3WL5Jb/otj/RNFtegT8E0uvfvBVlftbk9w9zH8vZeqT9+baDXu93P/OX/V964cvbp/kWIHLNxj0qt/ArQHQOmWSfopyNkm9Xpazs/V/+K87V8uXVtdemXlhdX3l+aZnKuCy9JPDRz6+8tG1P+X/u06df+D6VeX/iaWdb6r1k07TowEmqcr/zLOb90X+oXXkH9pL/qG95B/aS/6hveQf2kv+ob3kH9pL/qG95B/a63z+AYB2GVxp+g5koClNzz8AAAAAAAAAAAAAAAAAAMBF21P7y2fLpGp++nZy/HCS7qj6neHziJMbh69XfyqqZr8r6m5jeebOMXcwpvcbvvv6pm+brf/ZHc3W31xJtl5LMtftXrz+itPr79+7+W++7z03ZoExPfRks/V/3Wm2/sJB8kk1/8yNmn/K3DZ8Hz3/9KvzN2b9l38ZcwcAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABMzG8BAAD//8n0bSk=")
syz_mount_image$tmpfs(0x0, &(0x7f00000000c0)='./file0\x00', 0xd8f3dccb89506ebe, 0x0, 0x0, 0x0, &(0x7f0000000000))
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
connect$unix(0xffffffffffffffff, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(0xffffffffffffffff, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, 0x0, 0x0)
socket$packet(0x11, 0xa, 0x300)
pipe2(&(0x7f0000000080)={0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
r2 = socket$nl_netfilter(0x10, 0x3, 0xc)
r3 = dup3(r2, r1, 0x0)
sendmsg$IPCTNL_MSG_CT_GET_CTRZERO(r3, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000400)={0x1c, 0x3, 0x1, 0x301, 0x0, 0x0, {0x3, 0x0, 0x5}, [@CTA_MARK_MASK={0x8, 0x15, 0x1, 0x0, 0x2}]}, 0x1c}, 0x1, 0x0, 0x0, 0x10}, 0x4048040)

738.289651ms ago: executing program 2 (id=1804):
socket$nl_route(0x10, 0x3, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
add_key(&(0x7f0000000180)='dns_resolver\x00', 0x0, &(0x7f00000002c0)='\x00\x00\x00\x00\x00', 0x5, 0xfffffffffffffffb)
read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
syz_init_net_socket$llc(0x1a, 0x1, 0x0)
gettid()
capset(&(0x7f0000000100)={0x20071026}, &(0x7f0000002140))
r1 = socket$inet(0x2, 0x4000000000000001, 0x0)
setsockopt$SO_TIMESTAMP(r1, 0x1, 0x3f, &(0x7f0000000080)=0x1, 0x4)
bind$inet(r1, &(0x7f0000000480)={0x2, 0x4e23, @multicast1}, 0x10)
sendto$inet(r1, 0x0, 0x0, 0x200007fd, &(0x7f0000000000)={0x2, 0x24e23, @loopback}, 0x10)
sendmsg$inet(r1, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000400)=[{&(0x7f0000000240)='/', 0x1}], 0x1}, 0x41)
setsockopt$SO_TIMESTAMPING(r1, 0x1, 0x25, &(0x7f0000000040)=0x193a, 0x4)
recvmmsg(r1, &(0x7f00000005c0), 0x40000000000026c, 0x0, 0x0)
r2 = openat$ttyprintk(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0)
ioctl$TCSETSF(r2, 0x5404, &(0x7f0000000100)={0x0, 0x1e, 0x3, 0xfffffffc, 0x0, "64f30ea84907e175d5966472c23d26ce8d6f3c"})
r3 = syz_open_dev$ttys(0xc, 0x2, 0x1)
syz_open_dev$ptys(0xc, 0x3, 0x1)
readv(r3, &(0x7f0000000180)=[{&(0x7f0000000280)=""/177, 0xb1}], 0x1)
ioctl$TIOCPKT(r3, 0x5420, 0x0)
socket$nl_netfilter(0x10, 0x3, 0xc)
ioctl$TCXONC(0xffffffffffffffff, 0x540a, 0x3)
sendmsg$can_raw(0xffffffffffffffff, &(0x7f00000004c0)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000000)=@canfd={{}, 0xee, 0x0, 0x0, 0x0, "bc27adc50d03fb36a26d1d33610708eb844846979c3e552e4f42636ec483561f986e3e2a5455252a03b32ffd44fd8a40b0353a4025411e0620ec9757810556d2"}, 0x48}, 0x2}, 0x0)
r4 = syz_open_dev$vim2m(&(0x7f0000000000), 0x1002000000ff, 0x2)
ioctl$vim2m_VIDIOC_REQBUFS(r4, 0xc0145608, &(0x7f0000000040)={0x1, 0x1, 0x4, 0x0, 0x3})

447.835178ms ago: executing program 4 (id=1805):
r0 = socket$inet6_sctp(0xa, 0x1, 0x84)
setsockopt$inet_sctp6_SCTP_ENABLE_STREAM_RESET(r0, 0x84, 0x76, &(0x7f0000444ff8)={0x0, 0x7}, 0x8)
setsockopt$inet_sctp6_SCTP_RECONFIG_SUPPORTED(r0, 0x84, 0x75, &(0x7f0000000000)={0x0, 0xcc}, 0x8)
r1 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000240)=ANY=[@ANYBLOB="1800000000000000000000000000000018120000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000fb000000850000004300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000240)=ANY=[], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000340)={&(0x7f0000000300)='kfree\x00', r2}, 0x10)
signalfd4(0xffffffffffffffff, &(0x7f0000000140), 0x8, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
r3 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=ANY=[@ANYBLOB="0b0000000500000008040000cd00000001"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000800000000000000000000018110000", @ANYRES32=r3], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x1, 0x5, &(0x7f0000001240)=ANY=[@ANYBLOB="bf16000000000000b707000001009fa35070000000000000280000000000c00095000000000000002ba728041598d6fbd30cb599e83d24a3aa81d36bb3010100bd2321afb56fa54f26fb0b71d0e6adff07f1d8f7faf75e0f226bd99eea7960707142fa2dc79b9723741c4a0e168c1886d0d4d94f2f4e345c652fbc16ee988ee99fbfbf9b0a4def23d410f6296b32a834388107200759cda9036b4e369a9e152ddcc7b1b85f3c4744aeaccd3641110bec4e9027a0c8055bbfc3a96d2e8910c2c3b35967dec6e802f5ab3eea57b09a2ed4048d3b867ddd58211d6ececb0cd2b6d357b85a0218ce740068725837079e468ee207d2f73902fbcfcf49822775985bf31b715f5888b24efa000000000000ffffffdf0000000000000000000000000000020000000000000000000000000000b27cf3d1848a54d7132be1ffb0adf9deab29ea3323aa9fdfb52faf449c3bfd09000000b9349e31aa3701c38c527d3237c18e521ab219efdebb7b3de8f67581cf796a1d4223b90b80fcad3f6c962b9f292324b7ab7f7da31cf41ab12012fb1e0a494034127de745409e35a30b23bcee46762c2093bcc9eae5ee3e980026c96f80ee1a74e04bde740750fa4d9aaa705989b8e673e3296e52d307db98ca112874ec309baed0499104dcfe7c0f694bd5fc9e66d058b75fa4c81e5c9f42d9383e41d277b10392a96286744f049c3f128f8f92ef992239eafce5b43b4ec1b3f97a297c9e49a0c3300ef7b7fb5f09e0c8a868a353409e34d3e82279637598f37ad380a447483cac394c7bbdcd0e3b1c39b2e00916de48a4e70f03cc415ba77af02c1d4cef5379da860aed8477dfa8ceefb405005c6977c78cdbf37704ec73755539280b064bda144910fe050038ec9e47de89298b7bf4d769ccc18eede00e8ca5457870eb30d211e23ccc8e06cd58b638c234bbb55ff413c86ba9affb12ec757c7234c270246c87a901160e6c07bf6cf8809c3a0d46ff7f000000000000ad1e1f493354b2822b9837421134c0167d78e6c24ed0a2768e825972ea3b774a1467c89fa0f82e8440105051e5510a33dcda5e143fbfff161c12ca389cbe4cc302b52e2101de18a1f1f7c551b3fa00055cc1c46c5fd9c26a54d43fa050645bd6109b113be7664e08bdd7115c61afcb718cf3c4680b2f6c7a84a4e378a9b15bc20f49e298727340e97c870800000047546103f123f661c84726e7c7c55eff231a1b033d8f841ba3442b2c7c503f3d0e7ab0e958adb862822e40009995ae166deb9856291a43a6f7eb2e32cefbf46306f2ef7be184f5e93ba5c8c2a4c04450b652b8d4c2ff030000000000000007c6bbd6cb2b240ce7d47ae636a5dbe9864a117d27326850a7c3b57086a4482c218b10af13d7be94987005088a83880ccab9c99220002af8c5e13d52c87c3a3ee6c08384865b66d2b4dcb5dd9cba16b64ebbbf8702ae12c77e6e34991a225c120a3c950942fe0bc9f2a1a7506d35e5b439edeb7088aeda890cf8a4a6f31ba6d9b8cb098f935bdcbb29fd0f1a342c9eed00000000ab6648a9dea0b6c91996d65da6c24a700a86c814459f3cdaaf99000000000000000000bf2130d1b32c826563c718d0ad23bc83ba3f3757210a057e177615c0683f000000000000006d4e0413ab52f5aaab812201d1aba3d70471fcd9b466569f3ef72f39d87fcccab514fcff030000629c9b73ce7bc4be7f8be71cb7b2d0a4acff8f6abe7dbad64dfa63966945d93c33b038ce0d890f85f8a6ab8487c383e24d4a8051f80e1811e387723a25dda119f64b35e71c5400000000000000000000000000000034c751ebdf3f207ea3df3d6c0002a41783078e56c70afe8016b3dd9dc7785b36e609f173cc747837d600283b3452c57a5d44cacd363589845637071320921d32c1663964eddec97cc33158bc306d8c3bdae8108a23d2dc96a5cdb518f58832ec0906aaec43659c79c8ad37b0f961f3beaa3e02f7762c5dd633d13b5e487e996597b2ab42c81eb7dd8390e13b395aacce4683e55bcfe8c17615257364365fd48bd77da79e52ce9adfe6dcb0c42c4d719347f3d16304fa000008ffffffffffffff003049ca923d059c0ab5d886a491adacb7e4b43b1b57586e5fe2aa611f6232a9b71882ce24fce75cf105fa57f000756755b7230e2c0c1fed5487271c4f2981cf8f4351ef5d08641dacaed000080000000000000000000000fa36bbac00bb77c933d3961556f3fe647b05643b0000000000000000000000967aef9c5706e13d5889e77dab80a2548ec31629b7355a2bb8b93e4b6323061f545b26accc4621b568ab0bfaf30aa4f60705532c4a09c0a4a5487c762167edf362be35b9c90ad7e372a66bbb1471aa21000000000000104061c66a7432f25687618e31dcef8c5d4a2457a93f3fc6d3d7131746c75ccf400fc1a7a51826832ef7f5fbc78827d937768443a1c1ca3aba930826fd21aa1201d9225256df8de405d1f12c17cdaff3ad675aa333aa7e919459babd3cc1000000000000000000000000000000000000000000000000000000000000000059fdc6a54a2a8b28fa7d9b92aeb58e78e3b8594a5ef6bb67e52bf43b6145f544273a8f62852706c0abef368bfc72f92fa99a7bf121019cff8001fd7d2f6c2c295a5cab383235fec4c1decbed258ee9df8963c0fc828ad2119ffefe36c78692fffb6942b9da0922b2aa8f6b66c14ee7f42d5951edcc986356b41c0de3549f851ca340d9e425e355c1decb785a1042a72c1c98a084b04b1d9be473e50a15d76b110eda3b7cc1f2501211773cf510a43888422c1328476dd6f42659c61a18618fd28d5cd342c276aa9c4cc035077fa09d672b8dcfb3ac1751628647047d07338a8619037e3449a173ddd697f541a0795a2de7ef1396d70675341ebf004be122de04b5275fe7e53d28ebdc5051cec00759d73ca97229d93b965926060b6f91d01324bd458b425ea51c5d5b69551d599188fc6040370ac9ca7ae9eea9e5ede79bd66bd3d616dd7d7dd4c3a8fd055a3585af6fe7f5046c61154598cd33c33a48ece1072afd04b1fd85"], &(0x7f0000000140)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
bpf$MAP_CREATE(0x0, &(0x7f0000000300)=@base={0x6, 0x4, 0x5b, 0x8a, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
sendmsg$TEAM_CMD_OPTIONS_SET(0xffffffffffffffff, 0x0, 0x0)
setsockopt$inet_sctp_SCTP_SOCKOPT_BINDX_ADD(r0, 0x84, 0x64, &(0x7f00000000c0)=[@in6={0xa, 0x4e23, 0x0, @loopback}], 0x1c)
sendmmsg$inet6(r0, &(0x7f0000003c40)=[{{&(0x7f0000000100)={0xa, 0x4e23, 0x0, @loopback}, 0x1c, &(0x7f0000000240)=[{&(0x7f0000000140)="01", 0x1}], 0x1}}], 0x1, 0x20000840)
r4 = socket$nl_sock_diag(0x10, 0x3, 0x4)
setsockopt$inet_sctp6_SCTP_RESET_STREAMS(r0, 0x84, 0x77, &(0x7f0000000040)=ANY=[@ANYRES32=0x0, @ANYRES16=r0, @ANYRES32=r4], 0x1000f)

217.0534ms ago: executing program 4 (id=1806):
syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r0, 0x0, 0x0)
sendmsg$nl_route_sched_retired(0xffffffffffffffff, &(0x7f0000001300)={0x0, 0x0, 0x0}, 0x0)
capset(0x0, &(0x7f0000000040)={0x200000, 0x200000, 0x0, 0x0, 0x4000000})
mkdirat(0xffffffffffffff9c, &(0x7f0000000280)='./file0\x00', 0x0)
r1 = syz_open_procfs(0x0, &(0x7f00000000c0)='net/dev\x00')
read$FUSE(r1, &(0x7f0000000140)={0x2020}, 0x2020)
mount(&(0x7f0000000200), &(0x7f0000000140)='./file0\x00', &(0x7f0000000100)='gadgetfs\x00', 0x900, 0x0)
r2 = syz_open_procfs(0x0, &(0x7f0000000100)='mountinfo\x00')
r3 = open(&(0x7f0000000080)='./file1\x00', 0x10b942, 0x0)
sendfile(r3, r2, 0x0, 0x80000000)

0s ago: executing program 4 (id=1807):
r0 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
connect$bt_sco(r0, &(0x7f0000000040), 0x8)
getsockopt$inet6_IPV6_FLOWLABEL_MGR(0xffffffffffffffff, 0x29, 0x20, &(0x7f0000000100)={@dev, 0x0, 0x2}, 0x0)
r1 = syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x3)
ioctl$FS_IOC_GETFSLABEL(r1, 0x400452c8, &(0x7f0000000100))

kernel console output (not intermixed with test programs):

ready
[  396.552293][ T4807] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready
[  396.627043][ T4807] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready
[  396.727918][ T4807] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[  396.766856][ T8297] device veth0_macvtap entered promiscuous mode
[  396.824154][ T8297] device veth1_macvtap entered promiscuous mode
[  396.892383][ T8297] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  396.913691][ T8297] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  396.924817][ T8297] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  396.936007][ T8297] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  396.946605][ T8297] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  396.958071][ T8297] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  396.969654][ T8297] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  396.980905][ T8297] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  397.009272][ T8297] batman_adv: batadv0: Interface activated: batadv_slave_0
[  397.029689][ T3699] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready
[  397.046100][ T3699] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready
[  397.071717][ T3699] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready
[  397.096017][ T3699] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[  397.130595][ T8297] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  397.142240][ T8297] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  397.170096][ T8297] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  397.208290][ T8297] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  397.244995][ T8297] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  397.284310][ T8297] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  397.299254][ T8297] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  397.311307][ T8297] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  397.329760][ T8297] batman_adv: batadv0: Interface activated: batadv_slave_1
[  397.386811][ T3699] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
[  397.404338][ T3699] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[  397.419859][ T8297] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  397.431835][ T8297] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  397.441651][ T8297] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  397.451088][ T8297] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  397.459546][ T8573] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1414'.
[  397.474590][ T8573] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1414'.
[  397.705131][ T4807] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  397.708936][ T8577] loop1: detected capacity change from 0 to 256
[  397.725512][ T8576] loop2: detected capacity change from 0 to 16
[  397.732420][ T8576] erofs: Unknown parameter ''
[  397.765626][ T8577] FAT-fs (loop1): Directory bread(block 64) failed
[  397.780870][ T8577] FAT-fs (loop1): Directory bread(block 65) failed
[  397.810406][ T4807] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  397.836055][ T8577] FAT-fs (loop1): Directory bread(block 66) failed
[  397.899167][ T8577] FAT-fs (loop1): Directory bread(block 67) failed
[  397.940032][ T8577] FAT-fs (loop1): Directory bread(block 68) failed
[  397.975221][ T3699] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready
[  398.063052][ T8577] FAT-fs (loop1): Directory bread(block 69) failed
[  398.254191][ T8577] FAT-fs (loop1): Directory bread(block 70) failed
[  398.299487][ T8577] FAT-fs (loop1): Directory bread(block 71) failed
[  398.373853][ T8577] FAT-fs (loop1): Directory bread(block 72) failed
[  398.389181][ T8580] loop3: detected capacity change from 0 to 128
[  398.417501][ T8577] FAT-fs (loop1): Directory bread(block 73) failed
[  398.479675][ T8580] EXT4-fs (loop3): Test dummy encryption mode enabled
[  398.494042][ T3765] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  398.538624][ T8580] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: none.
[  398.557352][ T3765] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  398.624478][ T8580] ext4 filesystem being mounted at /3/mnt supports timestamps until 2038 (0x7fffffff)
[  398.650255][ T3765] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready
[  398.922678][ T8587] loop0: detected capacity change from 0 to 512
[  399.439200][ T8273] EXT4-fs (loop3): unmounting filesystem.
[  399.576616][ T8600] autofs4:pid:8600:autofs_fill_super: called with bogus options
[  399.719594][   T27] audit: type=1804 audit(1727833894.076:743): pid=8600 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.4.1422" name="/newroot/1/bus/bus" dev="overlay" ino=30 res=1 errno=0
[  400.112517][ T8615] loop4: detected capacity change from 0 to 1024
[  400.186828][ T8615] hfsplus: extend alloc file! (8192,65536,366)
[  401.020566][ T3658] Bluetooth: hci4: command 0x0406 tx timeout
[  401.621821][ T8625] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1427'.
[  401.675114][ T8625] netlink: 16 bytes leftover after parsing attributes in process `syz.1.1427'.
[  402.028679][ T8636] loop2: detected capacity change from 0 to 512
[  402.102829][ T8636] EXT4-fs (loop2): Test dummy encryption mode enabled
[  402.175359][ T8636] EXT4-fs error (device loop2): ext4_find_inline_data_nolock:164: inode #12: comm syz.2.1431: inline data xattr refers to an external xattr inode
[  402.214745][ T8646] loop0: detected capacity change from 0 to 128
[  402.261871][ T8636] EXT4-fs error (device loop2): ext4_orphan_get:1401: comm syz.2.1431: couldn't read orphan inode 12 (err -117)
[  402.294462][ T8636] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: none.
[  402.315481][ T8646] EXT4-fs (loop0): Test dummy encryption mode enabled
[  402.522636][ T8646] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: none.
[  402.556017][ T8646] ext4 filesystem being mounted at /309/mnt supports timestamps until 2038 (0x7fffffff)
[  402.655252][ T8653] EXT4-fs error (device loop2): ext4_add_entry:2484: inode #2: comm syz.2.1431: Directory hole found for htree leaf block 0
[  402.751737][ T8654] EXT4-fs error (device loop2): ext4_add_entry:2484: inode #2: comm syz.2.1431: Directory hole found for htree leaf block 0
[  403.597265][ T7015] EXT4-fs (loop2): unmounting filesystem.
[  404.673927][ T3642] EXT4-fs (loop0): unmounting filesystem.
[  404.695192][ T8660] autofs4:pid:8660:autofs_fill_super: called with bogus options
[  404.832436][   T27] audit: type=1804 audit(1727833899.196:744): pid=8660 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.1.1436" name="/newroot/260/bus/bus" dev="overlay" ino=1436 res=1 errno=0
[  404.916085][ T8665] binder: 8662:8665 ioctl 4018620d 0 returned -22
[  405.037556][ T8665] loop0: detected capacity change from 0 to 512
[  405.070467][    T7] usb 3-1: new high-speed USB device number 6 using dummy_hcd
[  405.129369][ T8665] EXT4-fs (loop0): feature flags set on rev 0 fs, running e2fsck is recommended
[  405.210639][ T8665] EXT4-fs (loop0): orphan cleanup on readonly fs
[  405.252136][ T8665] Quota error (device loop0): v2_read_file_info: Free block number 1 out of range (1, 6).
[  405.290404][ T8665] EXT4-fs warning (device loop0): ext4_enable_quotas:7035: Failed to enable quota tracking (type=1, err=-117, ino=4). Please run e2fsck to fix.
[  405.317568][ T8665] EXT4-fs (loop0): Cannot turn on quotas: error -117
[  405.339582][ T8665] EXT4-fs (loop0): 1 truncate cleaned up
[  405.355443][ T8665] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: writeback.
[  405.440611][    T7] usb 3-1: config 17 has an invalid descriptor of length 255, skipping remainder of the config
[  405.464608][    T7] usb 3-1: config 17 has 0 interfaces, different from the descriptor's value: 1
[  405.493988][    T7] usb 3-1: New USB device found, idVendor=0458, idProduct=5003, bcdDevice= 0.00
[  405.527767][    T7] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  406.090158][ T3690] usb 3-1: USB disconnect, device number 6
[  407.182971][    T7] usb 2-1: new high-speed USB device number 5 using dummy_hcd
[  407.197625][ T8688] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1443'.
[  407.346839][ T8693] device veth0_vlan left promiscuous mode
[  407.362113][ T8693] device veth0_vlan entered promiscuous mode
[  407.379842][ T3642] EXT4-fs (loop0): unmounting filesystem.
[  407.385978][   T46] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[  407.398293][   T46] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[  407.406783][   T46] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[  407.493386][ T8700] loop3: detected capacity change from 0 to 128
[  407.510589][ T8700] EXT4-fs (loop3): Test dummy encryption mode enabled
[  407.548813][ T8700] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: none.
[  407.558727][ T8700] ext4 filesystem being mounted at /9/mnt supports timestamps until 2038 (0x7fffffff)
[  407.575722][    T7] usb 2-1: config 0 has an invalid interface number: 185 but max is 0
[  407.586046][ T8706] netlink: 16 bytes leftover after parsing attributes in process `syz.0.1446'.
[  407.615320][    T7] usb 2-1: config 0 has an invalid descriptor of length 88, skipping remainder of the config
[  407.679439][    T7] usb 2-1: config 0 has no interface number 0
[  407.715857][    T7] usb 2-1: config 0 interface 185 has no altsetting 0
[  407.755560][    T7] usb 2-1: New USB device found, idVendor=12d1, idProduct=1c1f, bcdDevice=63.46
[  407.786905][    T7] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  407.808752][    T7] usb 2-1: config 0 descriptor??
[  408.630182][    T7] rndis_wlan 2-1:0.185: skipping garbage
[  408.647767][    T7] rndis_wlan 2-1:0.185: skipping garbage
[  408.689665][    T7] usb 2-1: bad CDC descriptors
[  408.717848][ T8716] autofs4:pid:8716:autofs_fill_super: called with bogus options
[  408.726977][    T7] rndis_host 2-1:0.185: skipping garbage
[  408.756585][    T7] rndis_host 2-1:0.185: skipping garbage
[  408.780558][    T7] usb 2-1: bad CDC descriptors
[  408.786157][    T7] option 2-1:0.185: GSM modem (1-port) converter detected
[  408.829992][   T27] audit: type=1804 audit(1727833903.186:745): pid=8716 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.0.1449" name="/newroot/312/bus/bus" dev="overlay" ino=1770 res=1 errno=0
[  408.878101][    T7] usb 2-1: USB disconnect, device number 5
[  408.888228][    T7] option 2-1:0.185: device disconnected
[  408.946478][ T8273] EXT4-fs (loop3): unmounting filesystem.
[  409.129411][ T8720] pit: kvm: requested 4190 ns i8254 timer period limited to 200000 ns
[  409.157786][ T8732] loop3: detected capacity change from 0 to 16
[  409.167473][ T8732] erofs: (device loop3): mounted with root inode @ nid 36.
[  409.193338][ T8720] kvm: pic: non byte read
[  409.215473][ T8720] kvm: pic: level sensitive irq not supported
[  409.215614][ T8720] kvm: pic: non byte read
[  409.270661][ T8720] kvm: pic: level sensitive irq not supported
[  409.270738][ T8720] kvm: pic: non byte read
[  409.299705][ T8732] erofs: (device loop3): erofs_map_blocks_flatmode: inline data cross block boundary @ nid 36
[  409.312691][ T8732] syz.3.1450: attempt to access beyond end of device
[  409.312691][ T8732] loop3: rw=524288, sector=34359738360, nr_sectors = 1976 limit=16
[  410.333820][ T8747] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1455'.
[  410.466602][ T8750] binder: 8748:8750 ioctl 4018620d 0 returned -22
[  410.642897][ T8750] loop3: detected capacity change from 0 to 512
[  410.776634][ T8750] EXT4-fs (loop3): feature flags set on rev 0 fs, running e2fsck is recommended
[  410.892168][ T8750] EXT4-fs (loop3): orphan cleanup on readonly fs
[  410.931463][ T8750] Quota error (device loop3): v2_read_file_info: Free block number 1 out of range (1, 6).
[  410.959996][ T8750] EXT4-fs warning (device loop3): ext4_enable_quotas:7035: Failed to enable quota tracking (type=1, err=-117, ino=4). Please run e2fsck to fix.
[  411.011381][ T8750] EXT4-fs (loop3): Cannot turn on quotas: error -117
[  411.053671][ T8750] EXT4-fs (loop3): 1 truncate cleaned up
[  411.059390][ T8750] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: writeback.
[  411.337716][ T8760] loop0: detected capacity change from 0 to 128
[  411.356308][ T8762] autofs4:pid:8762:autofs_fill_super: called with bogus options
[  411.426380][ T8760] EXT4-fs (loop0): Test dummy encryption mode enabled
[  411.456662][ T8760] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: none.
[  411.499846][ T8760] ext4 filesystem being mounted at /314/mnt supports timestamps until 2038 (0x7fffffff)
[  411.509904][   T27] audit: type=1804 audit(1727833905.866:746): pid=8762 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.4.1462" name="/newroot/12/bus/bus" dev="overlay" ino=99 res=1 errno=0
[  413.218621][ T8273] EXT4-fs (loop3): unmounting filesystem.
[  413.241577][ T3642] EXT4-fs (loop0): unmounting filesystem.
[  413.310439][ T3687] usb 2-1: new high-speed USB device number 6 using dummy_hcd
[  413.620161][ T8790] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1469'.
[  413.723581][ T3687] usb 2-1: config 0 has an invalid interface number: 185 but max is 0
[  413.745695][ T3687] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  413.817177][ T3687] usb 2-1: config 0 has no interface number 0
[  413.851454][ T3687] usb 2-1: config 0 interface 185 has no altsetting 0
[  413.873005][ T3687] usb 2-1: New USB device found, idVendor=12d1, idProduct=1c1f, bcdDevice=63.46
[  413.907777][ T3687] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  413.985302][ T3687] usb 2-1: config 0 descriptor??
[  414.048992][ T3687] rndis_wlan 2-1:0.185: skipping garbage
[  414.055903][ T3687] rndis_wlan 2-1:0.185: skipping garbage
[  414.095174][ T3687] usb 2-1: bad CDC descriptors
[  414.115638][ T3687] rndis_host 2-1:0.185: skipping garbage
[  414.137510][ T3687] rndis_host 2-1:0.185: skipping garbage
[  414.163786][ T3687] usb 2-1: bad CDC descriptors
[  414.182648][ T3687] option 2-1:0.185: GSM modem (1-port) converter detected
[  414.245048][ T3690] usb 2-1: USB disconnect, device number 6
[  414.296919][ T3690] option 2-1:0.185: device disconnected
[  415.076026][ T8806] autofs4:pid:8806:autofs_fill_super: called with bogus options
[  415.137164][   T27] audit: type=1804 audit(1727833909.496:747): pid=8806 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.2.1475" name="/newroot/94/bus/bus" dev="overlay" ino=541 res=1 errno=0
[  415.193322][ T8808] loop1: detected capacity change from 0 to 128
[  415.343218][ T8808] EXT4-fs (loop1): Test dummy encryption mode enabled
[  415.397764][ T8811] binder: 8809:8811 ioctl 4018620d 0 returned -22
[  415.437458][ T8808] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: none.
[  415.512052][ T8808] ext4 filesystem being mounted at /267/mnt supports timestamps until 2038 (0x7fffffff)
[  415.622847][ T8814] loop2: detected capacity change from 0 to 512
[  415.810569][ T8814] EXT4-fs (loop2): feature flags set on rev 0 fs, running e2fsck is recommended
[  415.928278][ T8814] EXT4-fs (loop2): orphan cleanup on readonly fs
[  415.990401][ T8814] Quota error (device loop2): v2_read_file_info: Free block number 1 out of range (1, 6).
[  416.052827][ T8814] EXT4-fs warning (device loop2): ext4_enable_quotas:7035: Failed to enable quota tracking (type=1, err=-117, ino=4). Please run e2fsck to fix.
[  416.081243][ T8814] EXT4-fs (loop2): Cannot turn on quotas: error -117
[  416.094433][ T8814] EXT4-fs (loop2): 1 truncate cleaned up
[  416.100138][ T8814] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: writeback.
[  416.444693][ T4446] EXT4-fs (loop1): unmounting filesystem.
[  416.842253][ T8827] loop4: detected capacity change from 0 to 1024
[  416.875311][ T8827] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE
[  416.889428][ T8828] binder: 8815:8828 ioctl 40046205 0 returned -22
[  416.918847][ T8827] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: none.
[  416.941954][ T3686] usb 1-1: new full-speed USB device number 8 using dummy_hcd
[  416.953814][   T27] audit: type=1800 audit(1727833911.316:748): pid=8827 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.4.1481" name="bus" dev="loop4" ino=18 res=0 errno=0
[  417.014129][ T8827] netlink: 'syz.4.1481': attribute type 1 has an invalid length.
[  417.047020][ T8827] netlink: 32 bytes leftover after parsing attributes in process `syz.4.1481'.
[  417.050173][   T27] audit: type=1800 audit(1727833911.346:749): pid=8827 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.4.1481" name="bus" dev="loop4" ino=18 res=0 errno=0
[  417.226724][ T8297] EXT4-fs (loop4): unmounting filesystem.
[  417.400612][ T3686] usb 1-1: config 0 has an invalid interface number: 39 but max is 0
[  417.417401][ T3686] usb 1-1: config 0 has no interface number 0
[  417.619039][ T8841] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1484'.
[  417.630600][ T3686] usb 1-1: New USB device found, idVendor=0499, idProduct=4d3f, bcdDevice=d2.2a
[  417.656238][ T3686] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  417.685758][ T3686] usb 1-1: Product: syz
[  417.689989][ T3686] usb 1-1: Manufacturer: syz
[  417.715409][ T3686] usb 1-1: SerialNumber: syz
[  417.725567][ T3686] usb 1-1: config 0 descriptor??
[  417.883004][ T7015] EXT4-fs (loop2): unmounting filesystem.
[  417.944583][ T8847] loop1: detected capacity change from 0 to 2048
[  418.005731][ T8847]  loop1: p1 < > p4
[  418.018707][ T8847] loop1: p4 size 8388608 extends beyond EOD, truncated
[  418.152265][ T8854] autofs4:pid:8854:autofs_fill_super: called with bogus options
[  418.567316][   T27] audit: type=1804 audit(1727833912.926:750): pid=8854 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.2.1487" name="/newroot/96/bus/bus" dev="overlay" ino=561 res=1 errno=0
[  418.649918][   T27] audit: type=1326 audit(1727833912.926:751): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8846 comm="syz.1.1486" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f342477dff9 code=0x7ffc0000
[  418.676860][ T3093]  loop1: p1 < > p4
[  418.704989][ T3093] loop1: p4 size 8388608 extends beyond EOD, truncated
[  418.748241][   T27] audit: type=1326 audit(1727833912.926:752): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8846 comm="syz.1.1486" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f342477dff9 code=0x7ffc0000
[  418.865246][   T27] audit: type=1326 audit(1727833912.926:753): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8846 comm="syz.1.1486" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f342477dff9 code=0x7ffc0000
[  418.926402][   T27] audit: type=1326 audit(1727833912.926:754): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8846 comm="syz.1.1486" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f342477dff9 code=0x7ffc0000
[  418.949821][   T27] audit: type=1326 audit(1727833912.976:755): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8846 comm="syz.1.1486" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f342477dff9 code=0x7ffc0000
[  419.042951][   T27] audit: type=1326 audit(1727833912.976:756): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8846 comm="syz.1.1486" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7f342477dff9 code=0x7ffc0000
[  419.142624][ T3722] udevd[3722]: inotify_add_watch(7, /dev/loop1p4, 10) failed: No such file or directory
[  419.153154][ T3891] udevd[3891]: inotify_add_watch(7, /dev/loop1p1, 10) failed: No such file or directory
[  419.299029][ T8873] loop1: detected capacity change from 0 to 1024
[  419.363582][ T8873] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE
[  419.461108][ T8873] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: none.
[  419.559767][ T8873] netlink: 'syz.1.1492': attribute type 1 has an invalid length.
[  419.631731][ T3722] udevd[3722]: inotify_add_watch(7, /dev/loop1p4, 10) failed: No such file or directory
[  419.668586][ T3891] udevd[3891]: inotify_add_watch(7, /dev/loop1p1, 10) failed: No such file or directory
[  419.712154][ T3686] usb 1-1: USB disconnect, device number 8
[  419.868315][ T8881] netlink: 32 bytes leftover after parsing attributes in process `syz.1.1492'.
[  419.948706][ T3891] udevd[3891]: error opening ATTR{/sys/devices/platform/dummy_hcd.0/usb1/1-1/1-1:0.39/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  420.186937][ T4446] EXT4-fs (loop1): unmounting filesystem.
[  420.357171][ T8887] loop1: detected capacity change from 0 to 1024
[  420.440400][ T3686] usb 4-1: new high-speed USB device number 10 using dummy_hcd
[  420.460609][ T8885] loop0: detected capacity change from 0 to 8192
[  420.469934][ T8887] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: none.
[  420.493440][ T8885] FAT-fs (loop0): Volume was not properly unmounted. Some data may be corrupt. Please run fsck.
[  420.530785][ T8887] ext4 filesystem being mounted at /272/file1 supports timestamps until 2038 (0x7fffffff)
[  420.730397][ T3686] usb 4-1: Using ep0 maxpacket: 16
[  420.850717][ T3686] usb 4-1: config 0 interface 0 altsetting 2 endpoint 0x81 has invalid wMaxPacketSize 0
[  420.897863][ T3686] usb 4-1: config 0 interface 0 has no altsetting 0
[  420.927099][ T3686] usb 4-1: New USB device found, idVendor=060b, idProduct=500a, bcdDevice= 0.00
[  420.954137][ T3686] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  420.985107][ T8897] binder: 8891:8897 ioctl 4018620d 0 returned -22
[  420.997594][ T3686] usb 4-1: config 0 descriptor??
[  421.002705][ T8898] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1498'.
[  421.088398][ T8897] loop4: detected capacity change from 0 to 512
[  421.148980][ T8897] EXT4-fs (loop4): feature flags set on rev 0 fs, running e2fsck is recommended
[  421.207762][ T8897] EXT4-fs (loop4): orphan cleanup on readonly fs
[  421.219201][ T8897] __quota_error: 14 callbacks suppressed
[  421.219240][ T8897] Quota error (device loop4): v2_read_file_info: Free block number 1 out of range (1, 6).
[  421.238915][ T8897] EXT4-fs warning (device loop4): ext4_enable_quotas:7035: Failed to enable quota tracking (type=1, err=-117, ino=4). Please run e2fsck to fix.
[  421.255156][ T8897] EXT4-fs (loop4): Cannot turn on quotas: error -117
[  421.268989][ T8897] EXT4-fs (loop4): 1 truncate cleaned up
[  421.275801][ T8897] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: writeback.
[  421.309260][ T4446] EXT4-fs (loop1): unmounting filesystem.
[  421.479031][ T8883] loop3: detected capacity change from 0 to 128
[  421.492167][ T8905] autofs4:pid:8905:autofs_fill_super: called with bogus options
[  421.515558][ T8883] EXT4-fs warning (device loop3): ext4_init_metadata_csum:4562: metadata_csum and uninit_bg are redundant flags; please run fsck.
[  421.552027][ T8883] EXT4-fs (loop3): Encoding requested by superblock is unknown
[  421.571199][   T27] audit: type=1804 audit(1727833915.936:771): pid=8905 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.1.1501" name="/newroot/273/bus/bus" dev="overlay" ino=1517 res=1 errno=0
[  421.645218][ T3686] hid (null): unknown global tag 0xd
[  421.670865][ T3686] hid (null): unknown global tag 0x35
[  421.681474][ T3686] hid (null): unknown global tag 0xe
[  421.688602][ T3686] hid (null): unknown global tag 0x92
[  421.701412][ T3686] hid (null): global environment stack underflow
[  421.721529][ T3686] cougar 0003:060B:500A.0002: unexpected long global item
[  421.731937][ T3686] cougar 0003:060B:500A.0002: parse failed
[  421.738398][ T3686] cougar: probe of 0003:060B:500A.0002 failed with error -22
[  421.764590][ T8907] loop0: detected capacity change from 0 to 2048
[  421.827496][ T8907]  loop0: p1 < > p4
[  421.836320][ T8909] loop1: detected capacity change from 0 to 128
[  421.849357][ T8907] loop0: p4 size 8388608 extends beyond EOD, truncated
[  421.877802][ T3686] usb 4-1: USB disconnect, device number 10
[  421.931277][ T8909] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: none.
[  421.959655][   T27] audit: type=1326 audit(1727833916.316:772): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8906 comm="syz.0.1502" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f264af7dff9 code=0x7ffc0000
[  422.001732][ T8909] ext4 filesystem being mounted at /274/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa supports timestamps until 2038 (0x7fffffff)
[  422.023141][ T3093]  loop0: p1 < > p4
[  422.038279][   T27] audit: type=1326 audit(1727833916.316:773): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8906 comm="syz.0.1502" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f264af7dff9 code=0x7ffc0000
[  422.062783][   T27] audit: type=1326 audit(1727833916.316:774): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8906 comm="syz.0.1502" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f264af7dff9 code=0x7ffc0000
[  422.079585][ T3093] loop0: p4 size 8388608 extends beyond EOD, truncated
[  422.239431][   T27] audit: type=1326 audit(1727833916.316:775): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8906 comm="syz.0.1502" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f264af7dff9 code=0x7ffc0000
[  422.307617][   T27] audit: type=1326 audit(1727833916.316:776): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8906 comm="syz.0.1502" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f264af7dff9 code=0x7ffc0000
[  422.331172][   T27] audit: type=1326 audit(1727833916.316:777): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8906 comm="syz.0.1502" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7f264af7dff9 code=0x7ffc0000
[  422.354099][   T27] audit: type=1326 audit(1727833916.316:778): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8906 comm="syz.0.1502" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f264af7dff9 code=0x7ffc0000
[  422.376595][   T27] audit: type=1326 audit(1727833916.316:779): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8906 comm="syz.0.1502" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7f264af7dff9 code=0x7ffc0000
[  422.384507][ T7568] udevd[7568]: inotify_add_watch(7, /dev/loop0p4, 10) failed: No such file or directory
[  422.941156][ T8921] loop0: detected capacity change from 0 to 1024
[  422.982294][ T8921] hfsplus: extend alloc file! (8192,65536,366)
[  423.082255][ T7568] I/O error, dev loop0, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2
[  423.107962][ T8925] loop3: detected capacity change from 0 to 1024
[  423.119548][ T3722] udevd[3722]: inotify_add_watch(7, /dev/loop0p4, 10) failed: No such file or directory
[  423.133257][ T8925] EXT4-fs: Ignoring removed i_version option
[  423.154759][ T8925] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: none.
[  423.157327][ T7568] udevd[7568]: inotify_add_watch(7, /dev/loop0p1, 10) failed: No such file or directory
[  423.254055][ T8920] device veth0_vlan left promiscuous mode
[  423.273830][ T8297] EXT4-fs (loop4): unmounting filesystem.
[  423.277538][ T4446] EXT4-fs (loop1): unmounting filesystem.
[  423.338808][ T8920] device veth0_vlan entered promiscuous mode
[  423.439874][ T4595] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[  423.852287][ T4595] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[  423.923308][ T4595] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[  423.990844][ T8934] loop1: detected capacity change from 0 to 164
[  424.277634][ T8942] pit: kvm: requested 4190 ns i8254 timer period limited to 200000 ns
[  424.354538][ T8273] EXT4-fs (loop3): unmounting filesystem.
[  424.570198][ T4088] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  424.640262][ T8957] loop4: detected capacity change from 0 to 2048
[  424.714794][ T8957]  loop4: p1 < > p4
[  424.729349][ T8957] loop4: p4 size 8388608 extends beyond EOD, truncated
[  424.883490][ T4088] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  424.906049][ T8961] loop0: detected capacity change from 0 to 1024
[  424.948565][ T8961] EXT4-fs: Ignoring removed bh option
[  424.987623][ T8961] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE
[  425.122651][ T4088] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  425.126814][ T8961] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: writeback.
[  425.263425][ T4088] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  425.377091][ T3642] EXT4-fs (loop0): unmounting filesystem.
[  425.614686][ T8971] binder: 8967:8971 ioctl 4018620d 0 returned -22
[  425.783257][ T8972] loop4: detected capacity change from 0 to 512
[  425.842705][ T8972] EXT4-fs (loop4): feature flags set on rev 0 fs, running e2fsck is recommended
[  425.924891][ T8972] EXT4-fs (loop4): orphan cleanup on readonly fs
[  425.936232][ T8972] EXT4-fs warning (device loop4): ext4_enable_quotas:7035: Failed to enable quota tracking (type=1, err=-117, ino=4). Please run e2fsck to fix.
[  425.952501][ T8972] EXT4-fs (loop4): Cannot turn on quotas: error -117
[  425.963726][ T8972] EXT4-fs (loop4): 1 truncate cleaned up
[  425.970262][ T8972] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: writeback.
[  426.144734][ T3649] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1
[  426.187704][ T3649] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9
[  426.198121][ T3649] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9
[  426.207580][ T3649] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4
[  426.217478][ T3649] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3
[  426.226098][ T3649] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2
[  427.135685][ T8979] chnl_net:caif_netlink_parms(): no params data found
[  427.331051][ T8297] EXT4-fs (loop4): unmounting filesystem.
[  427.388073][ T8979] bridge0: port 1(bridge_slave_0) entered blocking state
[  427.400425][ T8979] bridge0: port 1(bridge_slave_0) entered disabled state
[  427.409506][ T8979] device bridge_slave_0 entered promiscuous mode
[  427.562155][ T9003] loop4: detected capacity change from 0 to 2048
[  427.582809][ T8979] bridge0: port 2(bridge_slave_1) entered blocking state
[  427.589950][ T8979] bridge0: port 2(bridge_slave_1) entered disabled state
[  427.616193][ T8979] device bridge_slave_1 entered promiscuous mode
[  427.716577][ T9003] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: none.
[  428.065291][ T8297] EXT4-fs error (device loop4): ext4_mb_generate_buddy:1102: group 0, block bitmap and bg descriptor inconsistent: 25 vs 4128793 free clusters
[  428.154133][ T8979] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  428.224763][ T4088] device hsr_slave_0 left promiscuous mode
[  428.234714][ T8297] EXT4-fs (loop4): unmounting filesystem.
[  428.243834][ T4088] device hsr_slave_1 left promiscuous mode
[  428.294784][ T4088] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  428.311670][ T3649] Bluetooth: hci1: command tx timeout
[  428.327315][ T4088] batman_adv: batadv0: Removing interface: batadv_slave_0
[  428.402735][ T4088] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  428.440819][ T4088] batman_adv: batadv0: Removing interface: batadv_slave_1
[  428.497981][ T4088] device bridge_slave_1 left promiscuous mode
[  428.539736][ T4088] bridge0: port 2(bridge_slave_1) entered disabled state
[  428.564316][ T4088] device bridge_slave_0 left promiscuous mode
[  428.580661][ T4088] bridge0: port 1(bridge_slave_0) entered disabled state
[  428.630764][ T4088] device veth1_macvtap left promiscuous mode
[  428.637375][ T4088] device veth0_macvtap left promiscuous mode
[  428.644929][ T4088] device veth1_vlan left promiscuous mode
[  428.650877][ T4088] device veth0_vlan left promiscuous mode
[  429.152763][ T9032] loop1: detected capacity change from 0 to 128
[  429.206126][ T9032] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: none.
[  429.216331][ T9032] ext4 filesystem being mounted at /281/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa supports timestamps until 2038 (0x7fffffff)
[  430.048030][ T4088] team0 (unregistering): Port device team_slave_1 removed
[  430.161138][ T4088] team0 (unregistering): Port device team_slave_0 removed
[  430.243053][ T4088] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  430.244852][ T4446] EXT4-fs (loop1): unmounting filesystem.
[  430.353226][ T9037] loop1: detected capacity change from 0 to 512
[  430.365766][ T4088] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  430.380535][ T3649] Bluetooth: hci1: command tx timeout
[  430.424547][ T9037] __quota_error: 29 callbacks suppressed
[  430.424568][ T9037] Quota error (device loop1): find_tree_dqentry: Cycle in quota tree detected: block 1 index 0
[  430.443611][ T9037] Quota error (device loop1): qtree_read_dquot: Can't read quota structure for id 0
[  430.453516][ T9037] EXT4-fs error (device loop1): ext4_acquire_dquot:6800: comm syz.1.1535: Failed to acquire dquot type 0
[  430.465686][ T9037] Quota error (device loop1): find_tree_dqentry: Cycle in quota tree detected: block 1 index 0
[  430.477689][ T9037] Quota error (device loop1): qtree_read_dquot: Can't read quota structure for id 0
[  430.487185][ T9037] EXT4-fs error (device loop1): ext4_acquire_dquot:6800: comm syz.1.1535: Failed to acquire dquot type 0
[  430.517408][ T9037] Quota error (device loop1): find_tree_dqentry: Cycle in quota tree detected: block 1 index 0
[  430.546333][ T9037] Quota error (device loop1): qtree_read_dquot: Can't read quota structure for id 0
[  430.567500][ T9037] EXT4-fs error (device loop1): ext4_acquire_dquot:6800: comm syz.1.1535: Failed to acquire dquot type 0
[  430.592556][ T9037] EXT4-fs (loop1): 1 orphan inode deleted
[  430.598351][ T9037] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: writeback.
[  430.607630][ T9037] ext4 filesystem being mounted at /282/file1 supports timestamps until 2038 (0x7fffffff)
[  430.943907][ T9042] Quota error (device loop1): find_tree_dqentry: Cycle in quota tree detected: block 1 index 0
[  430.954695][ T9042] Quota error (device loop1): qtree_read_dquot: Can't read quota structure for id 0
[  430.964312][ T9042] EXT4-fs error (device loop1): ext4_acquire_dquot:6800: comm syz.1.1535: Failed to acquire dquot type 0
[  431.488023][ T4446] EXT4-fs (loop1): unmounting filesystem.
[  431.666188][ T9045] binder: 9043:9045 ioctl 4018620d 0 returned -22
[  431.674807][ T4088] bond0 (unregistering): Released all slaves
[  431.700139][ T9045] loop1: detected capacity change from 0 to 512
[  431.741552][ T9045] EXT4-fs (loop1): feature flags set on rev 0 fs, running e2fsck is recommended
[  431.776233][ T9045] EXT4-fs (loop1): orphan cleanup on readonly fs
[  431.788614][ T8979] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  431.799814][ T9014] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1529'.
[  431.840692][ T9045] Quota error (device loop1): v2_read_file_info: Free block number 1 out of range (1, 6).
[  431.851068][ T9045] EXT4-fs warning (device loop1): ext4_enable_quotas:7035: Failed to enable quota tracking (type=1, err=-117, ino=4). Please run e2fsck to fix.
[  431.866263][ T9045] EXT4-fs (loop1): Cannot turn on quotas: error -117
[  431.882756][ T9045] EXT4-fs (loop1): 1 truncate cleaned up
[  431.888537][ T9045] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: writeback.
[  431.939968][ T9022] netlink: 72 bytes leftover after parsing attributes in process `syz.4.1530'.
[  431.954397][ T9028] device veth0_vlan left promiscuous mode
[  431.992666][ T9028] device veth0_vlan entered promiscuous mode
[  432.167503][ T8979] team0: Port device team_slave_0 added
[  432.252759][ T8979] team0: Port device team_slave_1 added
[  432.323942][ T9054] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1539'.
[  432.392885][ T8979] batman_adv: batadv0: Adding interface: batadv_slave_0
[  432.427910][ T8979] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  432.460706][ T3658] Bluetooth: hci1: command tx timeout
[  432.580743][ T8979] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  432.694077][ T8979] batman_adv: batadv0: Adding interface: batadv_slave_1
[  432.738234][ T8979] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  432.779442][ T8979] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  433.043137][ T8979] device hsr_slave_0 entered promiscuous mode
[  433.099594][ T8979] device hsr_slave_1 entered promiscuous mode
[  433.112768][ T4446] EXT4-fs (loop1): unmounting filesystem.
[  433.155041][ T8979] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  433.188355][ T8979] Cannot create hsr debugfs directory
[  434.540717][ T3658] Bluetooth: hci1: command tx timeout
[  434.885271][ T9075] loop0: detected capacity change from 0 to 1024
[  435.015741][ T9078] loop1: detected capacity change from 0 to 1024
[  435.041848][ T9078] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE
[  435.122389][ T9078] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: none.
[  435.329156][   T27] audit: type=1800 audit(1727833929.686:808): pid=9084 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.1.1547" name="bus" dev="loop1" ino=18 res=0 errno=0
[  435.419685][ T9078] netlink: 'syz.1.1547': attribute type 1 has an invalid length.
[  435.488809][ T9084] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1547'.
[  435.499856][ T9084] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1547'.
[  435.745680][ T4446] EXT4-fs (loop1): unmounting filesystem.
[  435.929606][ T8979] netdevsim netdevsim3 netdevsim0: renamed from eth0
[  435.962072][ T8979] netdevsim netdevsim3 netdevsim1: renamed from eth1
[  435.994295][ T8979] netdevsim netdevsim3 netdevsim2: renamed from eth2
[  436.013752][ T8979] netdevsim netdevsim3 netdevsim3: renamed from eth3
[  436.133351][ T8979] 8021q: adding VLAN 0 to HW filter on device bond0
[  436.147990][ T4088] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[  436.158083][ T4088] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[  436.198787][ T8979] 8021q: adding VLAN 0 to HW filter on device team0
[  436.216327][ T9091] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1553'.
[  436.238682][ T4088] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[  436.262429][ T4088] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[  436.290259][ T4088] bridge0: port 1(bridge_slave_0) entered blocking state
[  436.297587][ T4088] bridge0: port 1(bridge_slave_0) entered forwarding state
[  436.326433][ T4088] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[  436.356609][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[  436.373722][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[  436.397859][    T9] bridge0: port 2(bridge_slave_1) entered blocking state
[  436.405115][    T9] bridge0: port 2(bridge_slave_1) entered forwarding state
[  436.420684][ T9091] netlink: 28 bytes leftover after parsing attributes in process `syz.1.1553'.
[  436.452189][ T3765] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[  436.473869][ T3765] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[  436.509665][ T3765] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[  436.548888][ T3765] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[  436.558388][ T3765] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[  436.576259][ T3765] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[  436.591202][ T3658] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[  436.603649][ T3658] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[  436.640791][ T3658] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[  436.652925][ T3658] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[  436.661237][ T3658] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3
[  436.676573][ T3658] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[  436.708570][ T3765] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[  436.773233][ T3765] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[  436.799824][ T3765] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[  436.859136][ T3765] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[  436.907018][ T3765] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[  437.049178][ T8979] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[  437.548035][ T9120] device veth0_vlan left promiscuous mode
[  437.572152][ T9120] device veth0_vlan entered promiscuous mode
[  437.679137][ T3765] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready
[  437.699539][ T3765] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready
[  437.747134][ T8979] 8021q: adding VLAN 0 to HW filter on device batadv0
[  437.814444][ T3765] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready
[  437.836560][ T3765] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[  437.890642][ T9098] chnl_net:caif_netlink_parms(): no params data found
[  437.925586][ T4807] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready
[  437.935393][ T9124] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1561'.
[  437.942856][ T4807] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[  438.003009][ T4807] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[  438.013783][ T4807] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[  438.035094][ T8979] device veth0_vlan entered promiscuous mode
[  438.107678][ T8979] device veth1_vlan entered promiscuous mode
[  438.167206][ T9098] bridge0: port 1(bridge_slave_0) entered blocking state
[  438.183495][ T9098] bridge0: port 1(bridge_slave_0) entered disabled state
[  438.196352][ T9098] device bridge_slave_0 entered promiscuous mode
[  438.206784][ T9098] bridge0: port 2(bridge_slave_1) entered blocking state
[  438.214140][ T9098] bridge0: port 2(bridge_slave_1) entered disabled state
[  438.223564][ T9098] device bridge_slave_1 entered promiscuous mode
[  438.285402][   T46] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready
[  438.309362][   T46] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready
[  438.338014][   T46] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready
[  438.372953][   T46] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[  438.420802][ T9098] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  438.432439][ T8979] device veth0_macvtap entered promiscuous mode
[  438.474661][ T9098] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  438.554623][ T8979] device veth1_macvtap entered promiscuous mode
[  438.608688][ T9098] team0: Port device team_slave_0 added
[  438.633717][ T3765] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready
[  438.658071][ T3765] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready
[  438.711443][ T9098] team0: Port device team_slave_1 added
[  438.717599][ T8979] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  438.772941][ T8979] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  438.783600][ T3647] Bluetooth: hci0: command tx timeout
[  438.830398][ T8979] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  438.850515][ T8979] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  438.890902][ T8979] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  438.914203][ T8979] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  438.944024][ T8979] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  438.984759][ T8979] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  439.014317][ T8979] batman_adv: batadv0: Interface activated: batadv_slave_0
[  439.068926][ T9144] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1565'.
[  439.083641][ T9146] netlink: 28 bytes leftover after parsing attributes in process `syz.4.1565'.
[  439.098768][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready
[  439.123902][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[  439.157932][ T8979] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  439.177273][ T8979] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  439.197750][ T8979] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  439.208818][ T8979] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  439.219125][ T8979] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  439.233323][ T8979] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  439.252963][ T8979] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  439.263890][ T8979] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  439.292068][ T8979] batman_adv: batadv0: Interface activated: batadv_slave_1
[  439.299923][ T9098] batman_adv: batadv0: Adding interface: batadv_slave_0
[  439.313196][ T9098] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  439.347692][ T9098] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  439.375219][ T9098] batman_adv: batadv0: Adding interface: batadv_slave_1
[  439.384141][ T9098] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  439.412441][ T9098] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  439.426262][ T4807] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
[  439.435561][ T4807] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[  439.448645][ T8979] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  439.459161][ T8979] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  439.468909][ T8979] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  439.469504][ T9153] loop4: detected capacity change from 0 to 16
[  439.479126][ T8979] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  439.506370][ T9153] erofs: Unknown parameter 'ÿÿÿÿ'
[  439.536242][ T9098] device hsr_slave_0 entered promiscuous mode
[  439.544233][ T9098] device hsr_slave_1 entered promiscuous mode
[  439.551135][ T9098] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  439.558896][ T9098] Cannot create hsr debugfs directory
[  439.565839][ T7568] I/O error, dev loop4, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2
[  440.306836][ T1271] ieee802154 phy0 wpan0: encryption failed: -22
[  440.557526][    T9] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  440.640671][ T9162] binder: 9156:9162 ioctl 4018620d 0 returned -22
[  440.770207][ T9162] loop4: detected capacity change from 0 to 512
[  440.824865][    T9] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  440.856394][ T9162] EXT4-fs (loop4): feature flags set on rev 0 fs, running e2fsck is recommended
[  440.860613][ T3647] Bluetooth: hci0: command tx timeout
[  440.913676][ T9162] EXT4-fs (loop4): orphan cleanup on readonly fs
[  440.950853][ T3707] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  440.959737][ T9162] __quota_error: 1 callbacks suppressed
[  440.959777][ T9162] Quota error (device loop4): v2_read_file_info: Free block number 1 out of range (1, 6).
[  440.977998][ T9162] EXT4-fs warning (device loop4): ext4_enable_quotas:7035: Failed to enable quota tracking (type=1, err=-117, ino=4). Please run e2fsck to fix.
[  440.980503][ T3707] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  440.993340][ T9162] EXT4-fs (loop4): Cannot turn on quotas: error -117
[  441.007764][ T9162] EXT4-fs (loop4): 1 truncate cleaned up
[  441.014505][ T9162] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: writeback.
[  441.129478][   T46] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready
[  441.177766][    T9] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  441.246721][ T3707] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  441.295440][ T3707] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  441.333195][    T9] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  441.391695][   T46] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready
[  441.529668][ T9173] device syzkaller0 entered promiscuous mode
[  442.576031][ T8297] EXT4-fs (loop4): unmounting filesystem.
[  442.874936][ T9187] loop4: detected capacity change from 0 to 16
[  442.894035][ T9187] erofs: Unknown parameter 'ÿÿÿÿ'
[  442.940623][ T3647] Bluetooth: hci0: command tx timeout
[  442.954377][ T7568] I/O error, dev loop4, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2
[  445.021301][ T3647] Bluetooth: hci0: command tx timeout
[  445.489692][ T9178] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1574'.
[  445.501080][ T9180] netlink: 28 bytes leftover after parsing attributes in process `syz.3.1574'.
[  445.670553][ T9197] device veth0_vlan left promiscuous mode
[  445.701374][ T9197] device veth0_vlan entered promiscuous mode
[  445.929475][ T9207] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1581'.
[  446.504981][ T9225] loop1: detected capacity change from 0 to 16
[  446.545240][ T9225] erofs: Unknown parameter 'ÿÿÿÿ'
[  447.545842][ T9239] netlink: 'syz.1.1590': attribute type 10 has an invalid length.
[  447.564404][ T9239] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  447.613213][ T9239] batman_adv: batadv0: Removing interface: batadv_slave_0
[  447.674224][ T9239] bond0: (slave batadv_slave_0): Enslaving as an active interface with an up link
[  447.708424][ T9236] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1589'.
[  447.848899][ T9241] netlink: 28 bytes leftover after parsing attributes in process `syz.2.1589'.
[  447.999610][ T9098] netdevsim netdevsim0 netdevsim0: renamed from eth0
[  448.128033][ T9098] netdevsim netdevsim0 netdevsim1: renamed from eth1
[  448.222893][ T9098] netdevsim netdevsim0 netdevsim2: renamed from eth2
[  448.435527][ T9259] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1593'.
[  448.451563][ T9098] netdevsim netdevsim0 netdevsim3: renamed from eth3
[  448.586806][    T9] device hsr_slave_0 left promiscuous mode
[  448.606074][    T9] device hsr_slave_1 left promiscuous mode
[  448.634317][    T9] batman_adv: batadv0: Removing interface: dummy0
[  448.667543][    T9] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  448.702213][    T9] batman_adv: batadv0: Removing interface: batadv_slave_0
[  448.741537][    T9] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  448.786440][    T9] batman_adv: batadv0: Removing interface: batadv_slave_1
[  448.815767][ T9262] loop1: detected capacity change from 0 to 1024
[  448.834691][ T9262] hfsplus: extend alloc file! (8192,65536,366)
[  448.847764][    T9] device bridge_slave_1 left promiscuous mode
[  448.855592][    T9] bridge0: port 2(bridge_slave_1) entered disabled state
[  448.884800][ T7568] I/O error, dev loop1, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2
[  448.911666][ T9262] kvm: vcpu 0: requested 394 ns lapic timer period limited to 200000 ns
[  448.972429][    T9] device bridge_slave_0 left promiscuous mode
[  448.992321][    T9] bridge0: port 1(bridge_slave_0) entered disabled state
[  449.123515][    T9] device veth1_macvtap left promiscuous mode
[  449.139148][    T9] device veth0_macvtap left promiscuous mode
[  449.180710][    T9] device veth1_vlan left promiscuous mode
[  449.186600][    T9] device veth0_vlan left promiscuous mode
[  449.288724][ T9267] loop3: detected capacity change from 0 to 128
[  449.382500][ T9267] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: none.
[  449.473852][ T9267] ext4 filesystem being mounted at /6/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa supports timestamps until 2038 (0x7fffffff)
[  449.703911][    T9] bond2 (unregistering): Released all slaves
[  449.831234][    T9] bond1 (unregistering): Released all slaves
[  450.423326][ T8979] EXT4-fs (loop3): unmounting filesystem.
[  450.491973][ T9279] loop4: detected capacity change from 0 to 128
[  450.621034][ T9279] EXT4-fs (loop4): Test dummy encryption mode enabled
[  450.668569][ T9279] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: none.
[  450.704901][ T9279] ext4 filesystem being mounted at /40/mnt supports timestamps until 2038 (0x7fffffff)
[  451.632297][ T8297] EXT4-fs (loop4): unmounting filesystem.
[  452.059578][ T9294] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1603'.
[  452.337059][ T9301] loop2: detected capacity change from 0 to 1024
[  453.308815][ T9307] loop1: detected capacity change from 0 to 128
[  453.325521][    T9] team0 (unregistering): Port device team_slave_1 removed
[  453.359077][ T9307] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: none.
[  453.371404][ T9307] ext4 filesystem being mounted at /305/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa supports timestamps until 2038 (0x7fffffff)
[  453.472400][    T9] team0 (unregistering): Port device team_slave_0 removed
[  453.559416][    T9] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  453.636922][    T9] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  454.017216][    T9] team0 (unregistering): Port device batadv0 removed
[  454.247037][ T4446] EXT4-fs (loop1): unmounting filesystem.
[  454.385624][ T9311] loop1: detected capacity change from 0 to 128
[  454.432825][ T9311] EXT4-fs (loop1): Test dummy encryption mode enabled
[  454.487588][ T9311] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: none.
[  454.496599][ T9311] ext4 filesystem being mounted at /306/mnt supports timestamps until 2038 (0x7fffffff)
[  454.819440][    T9] bond0 (unregistering): Released all slaves
[  455.496399][ T9098] 8021q: adding VLAN 0 to HW filter on device bond0
[  455.511713][ T4446] EXT4-fs (loop1): unmounting filesystem.
[  455.607511][ T9317] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1613'.
[  455.640444][ T9318] netlink: 28 bytes leftover after parsing attributes in process `syz.4.1613'.
[  455.682046][ T3868] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[  455.691713][ T3868] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[  455.857304][ T9098] 8021q: adding VLAN 0 to HW filter on device team0
[  455.914719][ T3707] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[  455.944197][ T3707] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[  455.964108][ T3707] bridge0: port 1(bridge_slave_0) entered blocking state
[  455.971398][ T3707] bridge0: port 1(bridge_slave_0) entered forwarding state
[  456.063147][ T3707] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[  456.150600][ T3868] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[  456.173154][ T3868] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[  456.205828][ T3868] bridge0: port 2(bridge_slave_1) entered blocking state
[  456.213197][ T3868] bridge0: port 2(bridge_slave_1) entered forwarding state
[  456.267407][ T4088] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[  456.314885][ T4088] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[  456.343738][   T46] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[  456.367534][   T46] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[  456.389759][   T46] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[  456.404251][   T46] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[  456.486051][   T46] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[  456.538588][ T9098] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network
[  456.628856][ T9098] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[  456.632848][ T9338] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1620'.
[  456.652244][   T46] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[  456.676482][   T46] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[  456.713190][   T46] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[  456.778269][   T46] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[  456.819457][   T46] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[  457.094726][    T9] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  457.289700][    T9] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  457.344446][ T3658] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1
[  457.360981][ T3658] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9
[  457.370685][ T3658] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9
[  457.385105][ T3658] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4
[  457.401228][ T3658] Bluetooth: hci4: unexpected cc 0x0c25 length: 249 > 3
[  457.408723][ T3658] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2
[  457.493200][    T9] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  457.624216][    T9] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  457.677933][ T4090] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready
[  457.698100][ T4090] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready
[  457.726504][ T9098] 8021q: adding VLAN 0 to HW filter on device batadv0
[  457.794788][ T3707] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready
[  457.806003][ T3707] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[  457.894755][ T4088] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready
[  457.904669][ T4088] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[  457.916927][ T9098] device veth0_vlan entered promiscuous mode
[  457.926213][ T4088] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[  457.983604][ T4088] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[  458.019974][ T9360] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1625'.
[  458.076394][ T9098] device veth1_vlan entered promiscuous mode
[  458.137917][ T9360] netlink: 28 bytes leftover after parsing attributes in process `syz.4.1625'.
[  458.244446][ T9351] chnl_net:caif_netlink_parms(): no params data found
[  458.298910][ T9098] device veth0_macvtap entered promiscuous mode
[  458.366584][ T4088] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready
[  458.393292][ T4088] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready
[  458.412988][ T4088] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready
[  458.450631][ T4088] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[  458.606797][ T9098] device veth1_macvtap entered promiscuous mode
[  458.628731][ T4088] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready
[  458.655772][ T4088] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready
[  459.041307][ T9098] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  459.083371][ T9098] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  459.154425][ T9098] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  459.184914][ T9098] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  459.195399][ T9098] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  459.206088][ T9098] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  459.229981][ T9098] batman_adv: batadv0: Interface activated: batadv_slave_0
[  459.295404][ T9351] bridge0: port 1(bridge_slave_0) entered blocking state
[  459.317894][ T9351] bridge0: port 1(bridge_slave_0) entered disabled state
[  459.342339][ T9351] device bridge_slave_0 entered promiscuous mode
[  459.358779][   T46] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready
[  459.369486][   T46] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[  459.442816][ T9351] bridge0: port 2(bridge_slave_1) entered blocking state
[  459.458784][ T9351] bridge0: port 2(bridge_slave_1) entered disabled state
[  459.487662][ T9351] device bridge_slave_1 entered promiscuous mode
[  459.500700][ T3658] Bluetooth: hci4: command tx timeout
[  459.560691][ T9098] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  459.590365][ T9098] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  459.616463][ T9098] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  459.628872][ T9098] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  459.670439][ T9098] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  459.687466][ T9098] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  459.698997][ T9098] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  459.709909][ T9098] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  459.740036][ T9098] batman_adv: batadv0: Interface activated: batadv_slave_1
[  459.786980][ T9351] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  459.814079][   T46] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
[  459.838274][   T46] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[  459.917366][ T9351] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  459.962136][ T9098] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  459.973652][ T9098] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  459.983621][ T9098] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  460.021829][ T9098] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  460.101106][ T9396] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1633'.
[  460.125147][ T9397] binder: 9394:9397 ioctl 4018620d 0 returned -22
[  460.167987][ T9397] loop1: detected capacity change from 0 to 512
[  460.231721][ T9397] EXT4-fs (loop1): feature flags set on rev 0 fs, running e2fsck is recommended
[  460.268675][ T9397] EXT4-fs (loop1): orphan cleanup on readonly fs
[  460.287543][ T9397] Quota error (device loop1): v2_read_file_info: Free block number 1 out of range (1, 6).
[  460.320210][ T9397] EXT4-fs warning (device loop1): ext4_enable_quotas:7035: Failed to enable quota tracking (type=1, err=-117, ino=4). Please run e2fsck to fix.
[  460.335552][ T9351] team0: Port device team_slave_0 added
[  460.335656][ T9397] EXT4-fs (loop1): Cannot turn on quotas: error -117
[  460.351559][ T9397] EXT4-fs (loop1): 1 truncate cleaned up
[  460.357314][ T9397] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: writeback.
[  460.543717][ T9351] team0: Port device team_slave_1 added
[  460.685026][ T9351] batman_adv: batadv0: Adding interface: batadv_slave_0
[  460.701137][ T9351] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  460.749427][ T9351] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  460.803800][ T9351] batman_adv: batadv0: Adding interface: batadv_slave_1
[  460.816744][ T9351] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  460.849395][ T9351] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  461.004282][ T4090] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  461.014942][ T4090] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  461.088139][ T9351] device hsr_slave_0 entered promiscuous mode
[  461.105850][ T9351] device hsr_slave_1 entered promiscuous mode
[  461.123210][ T9351] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  461.132801][ T9351] Cannot create hsr debugfs directory
[  461.143450][ T3707] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready
[  461.183051][    T9] device hsr_slave_0 left promiscuous mode
[  461.198580][    T9] device hsr_slave_1 left promiscuous mode
[  461.213476][    T9] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  461.224730][    T9] batman_adv: batadv0: Removing interface: batadv_slave_0
[  461.242118][    T9] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  461.264299][    T9] batman_adv: batadv0: Removing interface: batadv_slave_1
[  461.299794][    T9] device bridge_slave_1 left promiscuous mode
[  461.318772][    T9] bridge0: port 2(bridge_slave_1) entered disabled state
[  461.366181][    T9] device bridge_slave_0 left promiscuous mode
[  461.375340][    T9] bridge0: port 1(bridge_slave_0) entered disabled state
[  461.489593][ T4446] EXT4-fs (loop1): unmounting filesystem.
[  461.533228][    T9] device veth1_macvtap left promiscuous mode
[  461.547621][    T9] device veth0_macvtap left promiscuous mode
[  461.556511][    T9] device veth1_vlan left promiscuous mode
[  461.563084][    T9] device veth0_vlan left promiscuous mode
[  461.582146][ T3658] Bluetooth: hci4: command tx timeout
[  463.174387][    T9] team0 (unregistering): Port device team_slave_1 removed
[  463.285596][    T9] team0 (unregistering): Port device team_slave_0 removed
[  463.416935][    T9] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  463.547620][    T9] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  463.661190][ T3658] Bluetooth: hci4: command tx timeout
[  464.218241][ T9425] loop3: detected capacity change from 0 to 1024
[  464.288981][ T9425] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE
[  464.333411][ T9425] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: none.
[  464.415402][   T27] audit: type=1800 audit(1727833958.776:810): pid=9425 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.3.1640" name="bus" dev="loop3" ino=18 res=0 errno=0
[  464.450160][   T27] audit: type=1800 audit(1727833958.806:811): pid=9425 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.3.1640" name="bus" dev="loop3" ino=18 res=0 errno=0
[  464.754864][    T9] bond0 (unregistering): Released all slaves
[  464.854520][ T9425] netlink: 'syz.3.1640': attribute type 1 has an invalid length.
[  464.863103][ T9429] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1640'.
[  464.960786][ T4595] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  464.979479][ T4595] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  465.038423][ T3868] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready
[  465.104513][ T8979] EXT4-fs (loop3): unmounting filesystem.
[  465.740726][ T3658] Bluetooth: hci4: command tx timeout
[  466.498090][ T9351] netdevsim netdevsim2 netdevsim0: renamed from eth0
[  466.564331][ T9351] netdevsim netdevsim2 netdevsim1: renamed from eth1
[  466.582093][ T9351] netdevsim netdevsim2 netdevsim2: renamed from eth2
[  466.625944][ T9351] netdevsim netdevsim2 netdevsim3: renamed from eth3
[  466.681966][ T9466] fuse: Bad value for 'fd'
[  467.182570][ T9351] 8021q: adding VLAN 0 to HW filter on device bond0
[  467.218137][ T3707] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[  467.230122][ T3707] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[  467.249315][ T9351] 8021q: adding VLAN 0 to HW filter on device team0
[  467.273171][ T3707] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[  467.289925][ T3707] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[  467.305829][ T3707] bridge0: port 1(bridge_slave_0) entered blocking state
[  467.313056][ T3707] bridge0: port 1(bridge_slave_0) entered forwarding state
[  467.347476][ T3707] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[  467.379002][ T3707] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[  467.396163][ T3707] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[  467.408874][ T3707] bridge0: port 2(bridge_slave_1) entered blocking state
[  467.416101][ T3707] bridge0: port 2(bridge_slave_1) entered forwarding state
[  467.435380][ T3707] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[  467.478911][ T3707] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[  467.525520][ T3707] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[  467.562869][ T3707] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[  467.582504][ T3707] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[  467.601065][ T3707] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[  467.666024][ T9351] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network
[  467.685578][ T9351] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[  467.699358][ T3707] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[  467.708835][ T3707] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[  467.718954][ T3707] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[  467.731978][ T3707] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[  467.767679][ T3707] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[  467.805761][ T3707] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[  468.666354][ T9487] loop0: detected capacity change from 0 to 128
[  468.725261][ T9487] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: none.
[  468.750754][ T9487] ext4 filesystem being mounted at /4/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa supports timestamps until 2038 (0x7fffffff)
[  468.872978][ T4088] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready
[  468.882800][ T4088] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready
[  468.918790][ T9351] 8021q: adding VLAN 0 to HW filter on device batadv0
[  468.939135][ T9098] EXT4-fs (loop0): unmounting filesystem.
[  469.019828][ T4090] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready
[  469.030116][ T4090] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[  469.101077][ T4090] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready
[  469.116718][ T4090] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[  469.131112][ T4090] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[  469.153530][ T4090] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[  469.186298][ T9351] device veth0_vlan entered promiscuous mode
[  469.306646][ T9351] device veth1_vlan entered promiscuous mode
[  469.407710][ T4090] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready
[  469.437468][ T4090] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready
[  469.456958][ T4090] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready
[  469.509621][ T4090] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[  469.536971][ T9351] device veth0_macvtap entered promiscuous mode
[  469.577939][ T9351] device veth1_macvtap entered promiscuous mode
[  469.689838][ T9351] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  469.717627][ T9351] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  469.749203][ T9351] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  469.812786][ T9351] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  469.837989][ T9351] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  469.857969][ T9351] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  469.925852][ T9351] batman_adv: batadv0: Interface activated: batadv_slave_0
[  469.946894][ T4595] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready
[  469.969571][ T4595] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready
[  469.993897][ T4595] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready
[  470.017308][ T4595] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[  470.081266][ T9351] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  470.106126][ T9351] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  470.136698][ T9351] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  470.178838][ T9351] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  470.236746][ T9351] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  470.268886][ T9351] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  470.327937][ T9351] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  470.348051][ T9351] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  470.379097][ T9351] batman_adv: batadv0: Interface activated: batadv_slave_1
[  470.398757][ T4595] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
[  470.418665][ T4595] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[  470.446535][ T9351] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  470.463047][ T9351] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  470.478145][ T9351] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  470.490478][ T9351] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  470.770888][   T46] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  470.779094][   T46] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  471.237617][ T4090] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready
[  471.275299][ T4088] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  471.289686][ T4088] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  471.343304][ T4090] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready
[  471.683388][ T9521] loop2: detected capacity change from 0 to 1024
[  472.738401][ T4090] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  472.917333][ T4090] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  473.137103][ T4090] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  473.324213][ T4090] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  473.841633][ T3647] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1
[  473.851870][ T3647] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9
[  473.860596][ T3647] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9
[  473.869671][ T3647] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4
[  473.877338][ T3647] Bluetooth: hci4: unexpected cc 0x0c25 length: 249 > 3
[  473.884604][ T3647] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2
[  474.188029][ T9544] loop3: detected capacity change from 0 to 1024
[  474.419279][ T9548] binder: 9545:9548 ioctl 4018620d 0 returned -22
[  474.499211][ T9548] loop1: detected capacity change from 0 to 512
[  474.555398][ T9548] EXT4-fs (loop1): feature flags set on rev 0 fs, running e2fsck is recommended
[  474.633553][ T9548] EXT4-fs (loop1): orphan cleanup on readonly fs
[  474.771461][ T9548] Quota error (device loop1): v2_read_file_info: Free block number 1 out of range (1, 6).
[  474.835869][ T9548] EXT4-fs warning (device loop1): ext4_enable_quotas:7035: Failed to enable quota tracking (type=1, err=-117, ino=4). Please run e2fsck to fix.
[  474.910407][ T9548] EXT4-fs (loop1): Cannot turn on quotas: error -117
[  474.969951][ T9548] EXT4-fs (loop1): 1 truncate cleaned up
[  474.992738][ T9548] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: writeback.
[  475.176128][ T9540] chnl_net:caif_netlink_parms(): no params data found
[  475.901178][ T3658] Bluetooth: hci4: command tx timeout
[  476.093140][ T4090] device hsr_slave_0 left promiscuous mode
[  476.115484][ T4090] device hsr_slave_1 left promiscuous mode
[  476.186170][ T4090] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  476.205994][ T4090] batman_adv: batadv0: Removing interface: batadv_slave_0
[  476.285423][ T4090] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  476.300832][ T4090] batman_adv: batadv0: Removing interface: batadv_slave_1
[  476.327916][ T4090] device bridge_slave_1 left promiscuous mode
[  476.335032][ T4090] bridge0: port 2(bridge_slave_1) entered disabled state
[  476.361684][ T4090] device bridge_slave_0 left promiscuous mode
[  476.380212][ T4090] bridge0: port 1(bridge_slave_0) entered disabled state
[  476.421030][ T4446] EXT4-fs (loop1): unmounting filesystem.
[  476.515747][ T4090] device veth1_macvtap left promiscuous mode
[  476.548625][ T4090] device veth0_macvtap left promiscuous mode
[  476.556822][ T4090] device veth1_vlan left promiscuous mode
[  476.576228][ T4090] device veth0_vlan left promiscuous mode
[  477.252171][ T4090] team0 (unregistering): Port device team_slave_1 removed
[  477.309661][ T4090] team0 (unregistering): Port device team_slave_0 removed
[  477.372711][ T4090] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  477.432668][ T4090] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  477.954417][ T4090] bond0 (unregistering): Released all slaves
[  477.989577][ T3658] Bluetooth: hci4: command tx timeout
[  478.172904][ T9540] bridge0: port 1(bridge_slave_0) entered blocking state
[  478.182704][ T9540] bridge0: port 1(bridge_slave_0) entered disabled state
[  478.206879][ T9540] device bridge_slave_0 entered promiscuous mode
[  478.281583][ T9540] bridge0: port 2(bridge_slave_1) entered blocking state
[  478.289923][ T9540] bridge0: port 2(bridge_slave_1) entered disabled state
[  478.336783][ T9540] device bridge_slave_1 entered promiscuous mode
[  478.454835][ T9540] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  478.478693][ T9540] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  478.728669][ T9540] team0: Port device team_slave_0 added
[  478.880695][ T9540] team0: Port device team_slave_1 added
[  479.172498][ T9540] batman_adv: batadv0: Adding interface: batadv_slave_0
[  479.239270][ T9540] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  479.287941][ T9540] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  479.367766][ T9540] batman_adv: batadv0: Adding interface: batadv_slave_1
[  479.374811][ T9540] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  479.407477][ T9540] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  479.650020][ T9540] device hsr_slave_0 entered promiscuous mode
[  479.678012][ T9601] loop0: detected capacity change from 0 to 128
[  479.700141][ T9540] device hsr_slave_1 entered promiscuous mode
[  479.820021][ T9601] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: none.
[  479.881209][ T9601] ext4 filesystem being mounted at /13/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa supports timestamps until 2038 (0x7fffffff)
[  480.018145][ T9607] loop4: detected capacity change from 0 to 1024
[  480.028659][ T9607] hfsplus: extend alloc file! (8192,65536,366)
[  480.060546][ T3658] Bluetooth: hci4: command tx timeout
[  480.087099][ T9607] kvm: vcpu 0: requested 394 ns lapic timer period limited to 200000 ns
[  480.311600][ T9098] EXT4-fs (loop0): unmounting filesystem.
[  480.549057][ T9623] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1693'.
[  480.828419][ T9628] loop1: detected capacity change from 0 to 1024
[  480.867585][ T9540] netdevsim netdevsim2 netdevsim0: renamed from eth0
[  480.879529][ T9540] netdevsim netdevsim2 netdevsim1: renamed from eth1
[  480.890021][ T9540] netdevsim netdevsim2 netdevsim2: renamed from eth2
[  481.172191][ T9540] netdevsim netdevsim2 netdevsim3: renamed from eth3
[  481.408699][ T9645] loop1: detected capacity change from 0 to 1024
[  481.428765][ T9645] hfsplus: extend alloc file! (8192,65536,366)
[  481.461081][ T7568] I/O error, dev loop1, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2
[  481.484786][ T9645] kvm: vcpu 0: requested 394 ns lapic timer period limited to 200000 ns
[  481.645666][ T9644] loop4: detected capacity change from 0 to 2048
[  481.753720][ T9650] loop1: detected capacity change from 0 to 128
[  481.782127][ T9644]  loop4: p1 < > p4
[  481.799855][ T9644] loop4: p4 size 8388608 extends beyond EOD, truncated
[  481.806814][ T9650] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: none.
[  481.807173][ T9650] ext4 filesystem being mounted at /329/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa supports timestamps until 2038 (0x7fffffff)
[  481.862829][ T9540] 8021q: adding VLAN 0 to HW filter on device bond0
[  481.878023][ T4595] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[  481.901054][ T4595] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[  481.937587][ T3093]  loop4: p1 < > p4
[  481.961050][ T3093] loop4: p4 size 8388608 extends beyond EOD, truncated
[  481.971425][ T9540] 8021q: adding VLAN 0 to HW filter on device team0
[  482.003050][ T4446] EXT4-fs (loop1): unmounting filesystem.
[  482.022738][ T3868] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[  482.041177][ T3868] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[  482.050006][ T3868] bridge0: port 1(bridge_slave_0) entered blocking state
[  482.057260][ T3868] bridge0: port 1(bridge_slave_0) entered forwarding state
[  482.074910][ T3868] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[  482.094448][ T3868] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[  482.132618][ T3868] bridge0: port 2(bridge_slave_1) entered blocking state
[  482.139921][ T3868] bridge0: port 2(bridge_slave_1) entered forwarding state
[  482.147756][ T3658] Bluetooth: hci4: command tx timeout
[  482.172664][ T3093]  loop4: p1 < > p4
[  482.197935][ T3868] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[  482.212017][ T3093] loop4: p4 size 8388608 extends beyond EOD, truncated
[  482.240031][ T3868] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[  482.323251][ T7568] udevd[7568]: inotify_add_watch(7, /dev/loop4p4, 10) failed: No such file or directory
[  482.339397][ T9665] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1707'.
[  482.440196][ T4088] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[  482.457951][ T4088] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[  482.487155][ T3891] udevd[3891]: inotify_add_watch(7, /dev/loop4p4, 10) failed: No such file or directory
[  482.496764][ T7568] udevd[7568]: inotify_add_watch(7, /dev/loop4p1, 10) failed: No such file or directory
[  482.532548][ T4088] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[  482.575434][ T4088] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[  482.598681][ T3891] udevd[3891]: inotify_add_watch(7, /dev/loop4p4, 10) failed: No such file or directory
[  482.615825][ T7568] udevd[7568]: inotify_add_watch(7, /dev/loop4p1, 10) failed: No such file or directory
[  482.641548][ T4088] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[  482.676312][ T4088] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[  482.750663][   T46] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[  482.775820][   T46] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[  483.095199][ T4090] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[  483.109243][ T4090] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[  483.158732][ T9540] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[  483.443843][ T9684] loop3: detected capacity change from 0 to 1024
[  483.495532][ T9689] loop4: detected capacity change from 0 to 1024
[  483.514760][ T9689] hfsplus: extend alloc file! (8192,65536,366)
[  483.584757][ T3891] I/O error, dev loop4, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2
[  483.605637][ T9689] kvm: vcpu 0: requested 394 ns lapic timer period limited to 200000 ns
[  483.924833][ T9698] loop3: detected capacity change from 0 to 128
[  483.986641][ T9698] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: none.
[  484.002801][ T9698] ext4 filesystem being mounted at /42/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa supports timestamps until 2038 (0x7fffffff)
[  484.254849][ T9702] loop4: detected capacity change from 0 to 2048
[  484.276433][ T8979] EXT4-fs (loop3): unmounting filesystem.
[  484.320861][ T9702]  loop4: p1 < > p4
[  484.337898][ T9702] loop4: p4 size 8388608 extends beyond EOD, truncated
[  484.351957][   T46] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready
[  484.359508][   T46] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready
[  484.416891][ T9540] 8021q: adding VLAN 0 to HW filter on device batadv0
[  484.559136][   T46] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready
[  484.586954][   T46] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[  484.638855][ T4088] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready
[  484.666306][ T4088] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[  484.676320][ T4088] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[  484.692874][ T4088] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[  484.708970][ T9540] device veth0_vlan entered promiscuous mode
[  484.758602][ T9540] device veth1_vlan entered promiscuous mode
[  484.865111][ T3891] udevd[3891]: inotify_add_watch(7, /dev/loop4p4, 10) failed: No such file or directory
[  484.884749][ T7568] udevd[7568]: inotify_add_watch(7, /dev/loop4p1, 10) failed: No such file or directory
[  484.899785][ T3868] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready
[  484.939508][ T3868] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[  484.975227][ T9540] device veth0_macvtap entered promiscuous mode
[  485.005459][ T9540] device veth1_macvtap entered promiscuous mode
[  485.078394][ T9540] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  485.108249][ T9540] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  485.280452][ T9540] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  485.341294][ T9540] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  485.380429][ T9540] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  485.442435][ T9540] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  485.454315][ T9540] batman_adv: batadv0: Interface activated: batadv_slave_0
[  485.465034][ T4090] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready
[  485.480856][ T4090] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready
[  485.515384][ T4090] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready
[  485.535274][ T4090] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[  485.559780][ T9540] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  485.591144][ T9540] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  485.633804][ T9540] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  485.663800][ T9540] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  485.689376][ T9540] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  485.710440][ T9540] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  485.740608][ T9540] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  485.762842][ T9540] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  485.800775][ T9540] batman_adv: batadv0: Interface activated: batadv_slave_1
[  485.832272][ T9729] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1724'.
[  485.892764][ T4090] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
[  485.913584][ T4090] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[  485.929967][ T9734] loop1: detected capacity change from 0 to 1024
[  485.940184][ T9540] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  485.990513][ T9540] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  486.044241][ T9540] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  486.071892][ T9540] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  486.076229][ T9736] loop0: detected capacity change from 0 to 128
[  486.206118][ T9736] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: none.
[  486.241419][ T9736] ext4 filesystem being mounted at /18/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa supports timestamps until 2038 (0x7fffffff)
[  486.484247][ T9098] EXT4-fs (loop0): unmounting filesystem.
[  486.570102][ T4088] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  486.671667][ T4807] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  486.679873][ T4807] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  486.721469][ T9744] loop0: detected capacity change from 0 to 2048
[  486.753395][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready
[  486.779025][ T9744]  loop0: p1 < > p4
[  486.792191][ T9744] loop0: p4 size 8388608 extends beyond EOD, truncated
[  486.864803][ T4088] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  486.884961][ T3093]  loop0: p1 < > p4
[  486.891515][ T3093] loop0: p4 size 8388608 extends beyond EOD, truncated
[  486.915157][ T4807] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  486.941770][ T4807] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  487.027790][ T4088] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  487.111267][   T46] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready
[  487.130160][ T3093]  loop0: p1 < > p4
[  487.147894][ T3093] loop0: p4 size 8388608 extends beyond EOD, truncated
[  487.237863][ T4088] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  487.434877][ T9759] loop2: detected capacity change from 0 to 1024
[  487.490894][ T9759] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE
[  487.537540][ T3891] udevd[3891]: inotify_add_watch(7, /dev/loop0p4, 10) failed: No such file or directory
[  487.588210][ T7568] udevd[7568]: inotify_add_watch(7, /dev/loop0p1, 10) failed: No such file or directory
[  487.638989][ T9759] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: none.
[  487.733246][   T27] audit: type=1800 audit(1727833982.096:812): pid=9759 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.2.1672" name="bus" dev="loop2" ino=18 res=0 errno=0
[  487.811566][ T9759] netlink: 'syz.2.1672': attribute type 1 has an invalid length.
[  487.841955][   T27] audit: type=1800 audit(1727833982.146:813): pid=9759 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.2.1672" name="bus" dev="loop2" ino=18 res=0 errno=0
[  487.878395][ T9759] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1672'.
[  487.990495][ T3658] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1
[  488.013284][ T3658] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9
[  488.023090][ T3658] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9
[  488.067016][ T3658] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4
[  488.091782][ T3658] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3
[  488.100047][ T3658] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2
[  488.181572][ T9540] EXT4-fs (loop2): unmounting filesystem.
[  488.379180][ T9775] loop3: detected capacity change from 0 to 1024
[  488.525103][ T9779] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1738'.
[  489.115563][ T9784] loop2: detected capacity change from 0 to 128
[  489.144545][ T9784] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: none.
[  489.154255][ T9784] ext4 filesystem being mounted at /2/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa supports timestamps until 2038 (0x7fffffff)
[  489.371990][ T9540] EXT4-fs (loop2): unmounting filesystem.
[  489.478875][ T9771] chnl_net:caif_netlink_parms(): no params data found
[  489.784093][ T9771] bridge0: port 1(bridge_slave_0) entered blocking state
[  489.797732][ T9771] bridge0: port 1(bridge_slave_0) entered disabled state
[  489.806228][ T9771] device bridge_slave_0 entered promiscuous mode
[  489.815148][ T9771] bridge0: port 2(bridge_slave_1) entered blocking state
[  489.857965][ T9771] bridge0: port 2(bridge_slave_1) entered disabled state
[  489.903071][ T9771] device bridge_slave_1 entered promiscuous mode
[  490.061404][ T4088] IPVS: stopping master sync thread 5784 ...
[  490.140859][ T3647] Bluetooth: hci2: command tx timeout
[  490.142746][ T9771] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  490.241907][ T9771] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  490.251394][ T9800] binder: 9797:9800 ioctl 4018620d 0 returned -22
[  490.354661][ T9800] loop4: detected capacity change from 0 to 512
[  490.367134][ T4088] device hsr_slave_0 left promiscuous mode
[  490.411418][ T4088] device hsr_slave_1 left promiscuous mode
[  490.438584][ T4088] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  490.462362][ T9800] EXT4-fs (loop4): feature flags set on rev 0 fs, running e2fsck is recommended
[  490.481652][ T4088] batman_adv: batadv0: Removing interface: batadv_slave_1
[  490.494945][ T4088] device bridge_slave_1 left promiscuous mode
[  490.512626][ T9800] EXT4-fs (loop4): orphan cleanup on readonly fs
[  490.519587][ T4088] bridge0: port 2(bridge_slave_1) entered disabled state
[  490.529324][ T9800] Quota error (device loop4): v2_read_file_info: Free block number 1 out of range (1, 6).
[  490.542136][ T9800] EXT4-fs warning (device loop4): ext4_enable_quotas:7035: Failed to enable quota tracking (type=1, err=-117, ino=4). Please run e2fsck to fix.
[  490.558054][ T9800] EXT4-fs (loop4): Cannot turn on quotas: error -117
[  490.567804][ T4088] device bridge_slave_0 left promiscuous mode
[  490.576996][ T9800] EXT4-fs (loop4): 1 truncate cleaned up
[  490.584653][ T4088] bridge0: port 1(bridge_slave_0) entered disabled state
[  490.593391][ T9800] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: writeback.
[  490.680094][ T4088] device veth1_macvtap left promiscuous mode
[  490.686510][ T4088] device veth0_macvtap left promiscuous mode
[  490.695338][ T4088] device veth1_vlan left promiscuous mode
[  490.702804][ T4088] device veth0_vlan left promiscuous mode
[  491.031668][ T3647] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1
[  491.044294][ T3647] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9
[  491.055039][ T3647] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9
[  491.071850][ T3647] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4
[  491.079788][ T3647] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3
[  491.087311][ T3647] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2
[  491.210636][ T4088] bond4 (unregistering): Released all slaves
[  491.240599][ T9809] pit: kvm: requested 4190 ns i8254 timer period limited to 200000 ns
[  491.282669][ T4088] bond3 (unregistering): Released all slaves
[  491.346991][ T4088] bond2 (unregistering): Released all slaves
[  491.448423][ T4088] bond1 (unregistering): Released all slaves
[  491.906359][ T8297] EXT4-fs (loop4): unmounting filesystem.
[  492.220532][ T3647] Bluetooth: hci2: command tx timeout
[  492.451575][ T4088] bond0 (unregistering): (slave batadv_slave_0): Releasing backup interface
[  492.546701][ T4088] team0 (unregistering): Port device team_slave_1 removed
[  492.656549][ T4088] team0 (unregistering): Port device team_slave_0 removed
[  492.727846][ T4088] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  492.838254][ T4088] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  493.032848][ T9829] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1750'.
[  493.181605][ T3647] Bluetooth: hci1: command tx timeout
[  493.786812][ T4088] bond0 (unregistering): Released all slaves
[  493.940232][ T9831] loop2: detected capacity change from 0 to 16
[  493.966157][ T9831] erofs: Unknown parameter 'ÿÿÿÿ'
[  494.015960][ T9826] device veth0_vlan left promiscuous mode
[  494.034670][ T9826] device veth0_vlan entered promiscuous mode
[  494.153795][ T9771] team0: Port device team_slave_0 added
[  494.213094][ T9771] team0: Port device team_slave_1 added
[  494.300938][ T3647] Bluetooth: hci2: command tx timeout
[  494.322553][ T9771] batman_adv: batadv0: Adding interface: batadv_slave_0
[  494.329735][ T9771] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  494.356521][ T9771] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  494.379356][ T9771] batman_adv: batadv0: Adding interface: batadv_slave_1
[  494.387989][ T9771] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  494.429714][ T9771] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  494.584641][ T9842] loop2: detected capacity change from 0 to 128
[  494.592570][ T9842] EXT4-fs (loop2): Test dummy encryption mode enabled
[  494.614376][ T9842] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: none.
[  494.681584][ T9842] ext4 filesystem being mounted at /8/mnt supports timestamps until 2038 (0x7fffffff)
[  494.702662][ T9847] binder: 9845:9847 ioctl 4018620d 0 returned -22
[  494.747611][ T9771] device hsr_slave_0 entered promiscuous mode
[  494.778585][ T9771] device hsr_slave_1 entered promiscuous mode
[  494.806106][ T9771] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  494.817740][ T9771] Cannot create hsr debugfs directory
[  494.945468][ T9847] loop0: detected capacity change from 0 to 512
[  494.958725][ T9847] EXT4-fs (loop0): feature flags set on rev 0 fs, running e2fsck is recommended
[  494.976930][ T9847] EXT4-fs (loop0): orphan cleanup on readonly fs
[  495.326295][ T3647] Bluetooth: hci1: command tx timeout
[  495.368381][ T9847] Quota error (device loop0): v2_read_file_info: Free block number 1 out of range (1, 6).
[  495.379252][ T9804] chnl_net:caif_netlink_parms(): no params data found
[  495.400773][ T9847] EXT4-fs warning (device loop0): ext4_enable_quotas:7035: Failed to enable quota tracking (type=1, err=-117, ino=4). Please run e2fsck to fix.
[  495.512568][ T9847] EXT4-fs (loop0): Cannot turn on quotas: error -117
[  495.522191][ T9847] EXT4-fs (loop0): 1 truncate cleaned up
[  495.523196][ T9540] EXT4-fs (loop2): unmounting filesystem.
[  495.527920][ T9847] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: writeback.
[  495.759681][ T4088] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  495.790034][ T9804] bridge0: port 1(bridge_slave_0) entered blocking state
[  495.798393][ T9804] bridge0: port 1(bridge_slave_0) entered disabled state
[  495.812603][ T9804] device bridge_slave_0 entered promiscuous mode
[  495.832530][ T9804] bridge0: port 2(bridge_slave_1) entered blocking state
[  495.839716][ T9804] bridge0: port 2(bridge_slave_1) entered disabled state
[  495.860049][ T9804] device bridge_slave_1 entered promiscuous mode
[  495.894354][ T4088] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  495.995503][ T4088] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  496.131081][ T4088] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  496.178680][ T9804] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  496.234014][ T9862] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1759'.
[  496.246939][ T9804] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  496.302618][ T9862] netlink: 28 bytes leftover after parsing attributes in process `syz.4.1759'.
[  496.380668][ T3647] Bluetooth: hci2: command tx timeout
[  496.395249][ T9804] team0: Port device team_slave_0 added
[  496.435320][ T9804] team0: Port device team_slave_1 added
[  496.555890][ T9804] batman_adv: batadv0: Adding interface: batadv_slave_0
[  496.604125][ T9804] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  496.641266][ T9804] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  496.702542][ T9868] loop2: detected capacity change from 0 to 16
[  496.719757][ T9868] erofs: Unknown parameter 'ÿÿÿÿ'
[  496.733522][ T9804] batman_adv: batadv0: Adding interface: batadv_slave_1
[  496.771689][ T9098] EXT4-fs (loop0): unmounting filesystem.
[  496.773402][ T9804] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  496.905076][ T9804] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  497.158431][ T9804] device hsr_slave_0 entered promiscuous mode
[  497.220945][ T9804] device hsr_slave_1 entered promiscuous mode
[  497.273340][ T9804] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  497.306591][ T9804] Cannot create hsr debugfs directory
[  497.340551][ T3647] Bluetooth: hci1: command tx timeout
[  497.622499][ T9771] netdevsim netdevsim1 netdevsim0: renamed from eth0
[  497.728090][ T9771] netdevsim netdevsim1 netdevsim1: renamed from eth1
[  497.753028][ T9771] netdevsim netdevsim1 netdevsim2: renamed from eth2
[  497.873564][ T9771] netdevsim netdevsim1 netdevsim3: renamed from eth3
[  497.909695][ T9886] loop2: detected capacity change from 0 to 128
[  497.947082][ T9886] EXT4-fs (loop2): Test dummy encryption mode enabled
[  498.042954][ T9886] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: none.
[  498.136318][ T9886] ext4 filesystem being mounted at /12/mnt supports timestamps until 2038 (0x7fffffff)
[  498.715191][ T9771] 8021q: adding VLAN 0 to HW filter on device bond0
[  498.874045][ T9540] EXT4-fs (loop2): unmounting filesystem.
[  499.097544][ T9771] 8021q: adding VLAN 0 to HW filter on device team0
[  499.139097][ T4807] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[  499.167829][ T4807] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[  499.192691][ T9898] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1768'.
[  499.286026][ T9900] netlink: 28 bytes leftover after parsing attributes in process `syz.2.1768'.
[  499.421279][ T3647] Bluetooth: hci1: command tx timeout
[  499.450746][ T9907] loop2: detected capacity change from 0 to 16
[  499.471327][ T9907] erofs: Unknown parameter 'ÿÿÿÿ'
[  499.547138][ T7568] I/O error, dev loop2, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2
[  499.562151][ T4807] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[  499.581477][ T4807] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[  499.620899][ T4807] bridge0: port 1(bridge_slave_0) entered blocking state
[  499.628129][ T4807] bridge0: port 1(bridge_slave_0) entered forwarding state
[  499.659432][ T4807] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[  499.686812][ T4807] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[  499.710024][ T4807] bridge0: port 2(bridge_slave_1) entered blocking state
[  499.717246][ T4807] bridge0: port 2(bridge_slave_1) entered forwarding state
[  499.735233][ T4807] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[  499.749669][ T4807] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[  499.769799][ T9912] loop0: detected capacity change from 0 to 2048
[  499.798595][ T4807] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[  499.822238][ T4088] device hsr_slave_0 left promiscuous mode
[  499.846323][ T4088] device hsr_slave_1 left promiscuous mode
[  499.862135][ T9912]  loop0: p1 < > p4
[  499.867351][ T4088] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  499.867502][ T9912] loop0: p4 size 8388608 extends beyond EOD, 
[  499.885908][ T4088] batman_adv: batadv0: Removing interface: batadv_slave_0
[  499.910501][ T4088] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  499.919953][ T4088] batman_adv: batadv0: Removing interface: batadv_slave_1
[  499.928999][ T9912] truncated
[  499.941306][ T4088] device bridge_slave_1 left promiscuous mode
[  499.948295][ T4088] bridge0: port 2(bridge_slave_1) entered disabled state
[  500.001414][ T4088] device bridge_slave_0 left promiscuous mode
[  500.017936][ T4088] bridge0: port 1(bridge_slave_0) entered disabled state
[  500.060226][   T27] audit: type=1326 audit(1727833994.416:814): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9911 comm="syz.0.1773" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9d6d97dff9 code=0x7ffc0000
[  500.091052][   T27] audit: type=1326 audit(1727833994.446:815): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9911 comm="syz.0.1773" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f9d6d97dff9 code=0x7ffc0000
[  500.130469][ T3093]  loop0: p1 < > p4
[  500.135824][ T3093] loop0: p4 size 8388608 extends beyond EOD, truncated
[  500.189250][ T4088] device veth1_macvtap left promiscuous mode
[  500.210183][ T4088] device veth0_macvtap left promiscuous mode
[  500.216085][   T27] audit: type=1326 audit(1727833994.446:816): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9911 comm="syz.0.1773" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9d6d97dff9 code=0x7ffc0000
[  500.244127][ T4088] device veth1_vlan left promiscuous mode
[  500.261277][ T4088] device veth0_vlan left promiscuous mode
[  500.330431][   T27] audit: type=1326 audit(1727833994.446:817): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9911 comm="syz.0.1773" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f9d6d97dff9 code=0x7ffc0000
[  500.391993][   T27] audit: type=1326 audit(1727833994.446:818): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9911 comm="syz.0.1773" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9d6d97dff9 code=0x7ffc0000
[  500.419364][ T7568] udevd[7568]: inotify_add_watch(7, /dev/loop0p1, 10) failed: No such file or directory
[  500.433199][ T3891] udevd[3891]: inotify_add_watch(7, /dev/loop0p4, 10) failed: No such file or directory
[  500.508435][   T27] audit: type=1326 audit(1727833994.446:819): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9911 comm="syz.0.1773" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7f9d6d97dff9 code=0x7ffc0000
[  500.594534][   T27] audit: type=1326 audit(1727833994.446:820): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9911 comm="syz.0.1773" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9d6d97dff9 code=0x7ffc0000
[  500.654610][   T27] audit: type=1326 audit(1727833994.446:821): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9911 comm="syz.0.1773" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7f9d6d97dff9 code=0x7ffc0000
[  500.708924][   T27] audit: type=1326 audit(1727833994.446:822): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9911 comm="syz.0.1773" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9d6d97dff9 code=0x7ffc0000
[  500.793679][   T27] audit: type=1326 audit(1727833994.446:823): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9911 comm="syz.0.1773" exe="/root/syz-executor" sig=0 arch=c000003e syscall=19 compat=0 ip=0x7f9d6d97dff9 code=0x7ffc0000
[  500.840235][   T27] audit: type=1326 audit(1727833994.446:824): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9911 comm="syz.0.1773" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9d6d97dff9 code=0x7ffc0000
[  500.864298][   T27] audit: type=1326 audit(1727833994.446:825): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9911 comm="syz.0.1773" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f9d6d97dff9 code=0x7ffc0000
[  500.932268][   T27] audit: type=1326 audit(1727833994.446:826): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9911 comm="syz.0.1773" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9d6d97dff9 code=0x7ffc0000
[  500.955941][   T27] audit: type=1326 audit(1727833994.446:827): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9911 comm="syz.0.1773" exe="/root/syz-executor" sig=0 arch=c000003e syscall=2 compat=0 ip=0x7f9d6d97dff9 code=0x7ffc0000
[  501.342171][ T1271] ieee802154 phy0 wpan0: encryption failed: -22
[  502.072297][ T4088] team0 (unregistering): Port device team_slave_1 removed
[  502.122904][ T4088] team0 (unregistering): Port device team_slave_0 removed
[  502.173420][ T4088] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  502.224696][ T4088] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  502.837165][ T4088] bond0 (unregistering): Released all slaves
[  502.936025][ T3868] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[  502.949831][ T3868] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[  502.960249][ T3868] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[  502.968702][ T9935] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1779'.
[  502.980887][ T9937] netlink: 28 bytes leftover after parsing attributes in process `syz.2.1779'.
[  503.003629][ T9804] netdevsim netdevsim3 netdevsim0: renamed from eth0
[  503.038889][ T9804] netdevsim netdevsim3 netdevsim1: renamed from eth1
[  503.099924][ T4090] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[  503.114670][ T4090] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[  503.145223][ T9804] netdevsim netdevsim3 netdevsim2: renamed from eth2
[  503.193860][ T9804] netdevsim netdevsim3 netdevsim3: renamed from eth3
[  503.221160][ T4090] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[  503.258474][ T9968] loop2: detected capacity change from 0 to 2048
[  503.271143][ T4090] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[  503.301254][ T9968]  loop2: p1 < > p4
[  503.307625][ T9968] loop2: p4 size 8388608 extends beyond EOD, truncated
[  503.321914][ T4090] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[  503.431033][ T4090] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[  503.448037][ T9771] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[  503.926332][ T9804] 8021q: adding VLAN 0 to HW filter on device bond0
[  504.041262][ T4090] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[  504.072432][ T4090] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[  504.098663][ T9804] 8021q: adding VLAN 0 to HW filter on device team0
[  504.163221][ T3707] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[  504.183476][ T3707] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[  504.207708][ T3707] bridge0: port 1(bridge_slave_0) entered blocking state
[  504.214943][ T3707] bridge0: port 1(bridge_slave_0) entered forwarding state
[  504.227448][ T9989] loop0: detected capacity change from 0 to 1024
[  504.240784][ T3707] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[  504.259875][ T3707] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[  504.272354][ T3707] bridge0: port 2(bridge_slave_1) entered blocking state
[  504.279626][ T3707] bridge0: port 2(bridge_slave_1) entered forwarding state
[  504.305134][ T3707] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[  504.327980][ T3707] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[  504.368116][ T9989] 9p: Unknown access argument 18446744073709551615: -34
[  504.375854][ T3707] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[  504.394691][ T3707] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[  504.418400][ T3707] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[  504.438289][ T3707] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[  504.466313][ T3707] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[  504.495537][ T3707] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready
[  504.519828][ T3707] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready
[  504.555048][ T9771] 8021q: adding VLAN 0 to HW filter on device batadv0
[  504.574098][ T9804] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network
[  504.598785][ T9804] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[  504.622105][ T3707] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[  504.640887][ T3707] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[  504.649525][ T3707] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[  504.676125][ T3707] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[  504.704701][ T3707] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[  504.886580][ T3707] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[  504.916630][ T3707] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready
[  504.923306][T10006] loop2: detected capacity change from 0 to 2048
[  504.935562][ T3707] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[  504.949980][T10005] pit: kvm: requested 4190 ns i8254 timer period limited to 200000 ns
[  505.022683][T10006]  loop2: p1 < > p4
[  505.032856][T10006] loop2: p4 size 8388608 extends beyond EOD, truncated
[  505.035125][T10005] kvm: pic: level sensitive irq not supported
[  505.050070][T10005] kvm: pic: non byte read
[  505.079733][ T9771] device veth0_vlan entered promiscuous mode
[  505.104664][ T3093]  loop2: p1 < > p4
[  505.111235][T10005] kvm: pic: level sensitive irq not supported
[  505.111306][T10005] kvm: pic: non byte read
[  505.134309][ T3093] loop2: p4 size 8388608 extends beyond EOD, truncated
[  505.226054][ T4807] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  505.253137][ T3093]  loop2: p1 < > p4
[  505.259652][ T3093] loop2: p4 size 8388608 extends beyond EOD, truncated
[  505.285425][ T3707] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready
[  505.298161][ T3707] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[  505.337207][ T9771] device veth1_vlan entered promiscuous mode
[  505.368434][ T3707] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[  505.385853][ T3707] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[  505.446474][ T3707] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready
[  505.456963][   T27] kauditd_printk_skb: 39 callbacks suppressed
[  505.456978][   T27] audit: type=1326 audit(1727833999.816:867): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10004 comm="syz.2.1798" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc6c757dff9 code=0x7ffc0000
[  505.563580][   T27] audit: type=1326 audit(1727833999.816:868): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10004 comm="syz.2.1798" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc6c757dff9 code=0x7ffc0000
[  505.574669][ T3891] udevd[3891]: inotify_add_watch(7, /dev/loop2p4, 10) failed: No such file or directory
[  505.612232][ T7568] udevd[7568]: inotify_add_watch(7, /dev/loop2p1, 10) failed: No such file or directory
[  505.632532][ T4807] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  505.750804][ T4807] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  505.760111][T10020] loop4: detected capacity change from 0 to 128
[  505.792074][ T3765] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready
[  505.801027][ T3765] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready
[  505.814995][T10020] EXT4-fs (loop4): Test dummy encryption mode enabled
[  505.820861][ T3765] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[  505.843662][ T9771] device veth0_macvtap entered promiscuous mode
[  505.880999][T10020] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: none.
[  505.893992][ T4807] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  505.917444][T10020] ext4 filesystem being mounted at /94/mnt supports timestamps until 2038 (0x7fffffff)
[  505.930192][ T3765] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready
[  506.102487][ T3765] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready
[  506.135067][ T3765] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready
[  506.155670][ T9804] 8021q: adding VLAN 0 to HW filter on device batadv0
[  506.247481][ T8297] EXT4-fs (loop4): unmounting filesystem.
[  506.275679][ T9771] device veth1_macvtap entered promiscuous mode
[  506.302648][ T3765] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready
[  506.335495][ T3765] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[  506.416618][ T9771] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  506.435487][ T9771] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  506.449361][ T9771] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  506.470510][ T9771] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  506.497507][ T3658] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[  506.514915][ T3658] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[  506.523614][ T3658] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[  506.532813][ T3658] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[  506.541132][ T3658] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3
[  506.548402][ T3658] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[  506.580369][ T9771] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  506.596612][ T9771] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  506.614961][ T9771] batman_adv: batadv0: Interface activated: batadv_slave_0
[  506.638072][ T9804] device veth0_vlan entered promiscuous mode
[  506.653503][   T46] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready
[  506.664442][   T46] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[  506.674761][   T46] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready
[  506.686372][   T46] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[  506.699501][ T9771] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  506.711518][ T9771] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  506.722454][ T9771] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  506.733647][ T9771] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  506.750160][ T9771] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  506.765814][ T9771] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  506.777744][ T9771] batman_adv: batadv0: Interface activated: batadv_slave_1
[  506.813963][   T46] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[  506.824807][   T46] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[  506.834707][   T46] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
[  506.841203][T10038] 
[  506.845073][T10038] ======================================================
[  506.852081][T10038] WARNING: possible circular locking dependency detected
[  506.859089][T10038] 6.1.112-syzkaller #0 Not tainted
[  506.864191][T10038] ------------------------------------------------------
[  506.871237][T10038] syz.4.1807/10038 is trying to acquire lock:
[  506.877294][T10038] ffffffff8e6762e8 (rfcomm_mutex){+.+.}-{3:3}, at: rfcomm_dlc_exists+0xa2/0x370
[  506.886359][T10038] 
[  506.886359][T10038] but task is already holding lock:
[  506.893709][T10038] ffffffff8e679ce8 (rfcomm_ioctl_mutex){+.+.}-{3:3}, at: rfcomm_dev_ioctl+0x233/0x2180
[  506.903360][T10038] 
[  506.903360][T10038] which lock already depends on the new lock.
[  506.903360][T10038] 
[  506.913755][T10038] 
[  506.913755][T10038] the existing dependency chain (in reverse order) is:
[  506.922785][T10038] 
[  506.922785][T10038] -> #3 (rfcomm_ioctl_mutex){+.+.}-{3:3}:
[  506.930688][T10038]        lock_acquire+0x1f8/0x5a0
[  506.935718][T10038]        __mutex_lock+0x132/0xd80
[  506.940745][T10038]        rfcomm_dev_ioctl+0x233/0x2180
[  506.946217][T10038]        rfcomm_sock_ioctl+0x82/0xc0
[  506.951557][T10038]        sock_do_ioctl+0x152/0x450
[  506.956666][T10038]        sock_ioctl+0x47f/0x770
[  506.961523][T10038]        __se_sys_ioctl+0xf1/0x160
[  506.966651][T10038]        do_syscall_64+0x3b/0xb0
[  506.971676][T10038]        entry_SYSCALL_64_after_hwframe+0x68/0xd2
[  506.978209][T10038] 
[  506.978209][T10038] -> #2 (sk_lock-AF_BLUETOOTH-BTPROTO_RFCOMM){+.+.}-{0:0}:
[  506.987632][T10038]        lock_acquire+0x1f8/0x5a0
[  506.992925][T10038]        lock_sock_nested+0x44/0x100
[  506.998228][T10038]        rfcomm_sk_state_change+0x57/0x300
[  507.004049][T10038]        __rfcomm_dlc_close+0x2b2/0x6d0
[  507.009630][T10038]        rfcomm_dlc_close+0xed/0x180
[  507.014949][T10038]        __rfcomm_sock_close+0x104/0x220
[  507.020613][T10038]        rfcomm_sock_shutdown+0xb4/0x230
[  507.026279][T10038]        rfcomm_sock_release+0x55/0x110
[  507.031859][T10038]        sock_close+0xcd/0x230
[  507.036650][T10038]        __fput+0x3f6/0x8d0
[  507.041151][T10038]        task_work_run+0x246/0x300
[  507.046263][T10038]        get_signal+0x15fc/0x17d0
[  507.051292][T10038]        arch_do_signal_or_restart+0xb0/0x1a10
[  507.057449][T10038]        exit_to_user_mode_loop+0x6a/0x100
[  507.063248][T10038]        exit_to_user_mode_prepare+0xb1/0x140
[  507.069307][T10038]        syscall_exit_to_user_mode+0x60/0x270
[  507.075372][T10038]        do_syscall_64+0x47/0xb0
[  507.080308][T10038]        entry_SYSCALL_64_after_hwframe+0x68/0xd2
[  507.086749][T10038] 
[  507.086749][T10038] -> #1 (&d->lock#2){+.+.}-{3:3}:
[  507.093972][T10038]        lock_acquire+0x1f8/0x5a0
[  507.099027][T10038]        __mutex_lock+0x132/0xd80
[  507.104115][T10038]        __rfcomm_dlc_close+0x259/0x6d0
[  507.109709][T10038]        rfcomm_dlc_close+0xed/0x180
[  507.115002][T10038]        __rfcomm_sock_close+0x104/0x220
[  507.120643][T10038]        rfcomm_sock_shutdown+0xb4/0x230
[  507.126279][T10038]        rfcomm_sock_release+0x55/0x110
[  507.131854][T10038]        sock_close+0xcd/0x230
[  507.136616][T10038]        __fput+0x3f6/0x8d0
[  507.141122][T10038]        task_work_run+0x246/0x300
[  507.146237][T10038]        get_signal+0x15fc/0x17d0
[  507.151261][T10038]        arch_do_signal_or_restart+0xb0/0x1a10
[  507.157436][T10038]        exit_to_user_mode_loop+0x6a/0x100
[  507.163322][T10038]        exit_to_user_mode_prepare+0xb1/0x140
[  507.169383][T10038]        syscall_exit_to_user_mode+0x60/0x270
[  507.175455][T10038]        do_syscall_64+0x47/0xb0
[  507.180401][T10038]        entry_SYSCALL_64_after_hwframe+0x68/0xd2
[  507.186847][T10038] 
[  507.186847][T10038] -> #0 (rfcomm_mutex){+.+.}-{3:3}:
[  507.194224][T10038]        validate_chain+0x1661/0x5950
[  507.199588][T10038]        __lock_acquire+0x125b/0x1f80
[  507.204957][T10038]        lock_acquire+0x1f8/0x5a0
[  507.209978][T10038]        __mutex_lock+0x132/0xd80
[  507.215016][T10038]        rfcomm_dlc_exists+0xa2/0x370
[  507.220387][T10038]        rfcomm_dev_ioctl+0xb2d/0x2180
[  507.225853][T10038]        rfcomm_sock_ioctl+0x82/0xc0
[  507.231131][T10038]        sock_do_ioctl+0x152/0x450
[  507.236322][T10038]        sock_ioctl+0x47f/0x770
[  507.241168][T10038]        __se_sys_ioctl+0xf1/0x160
[  507.246375][T10038]        do_syscall_64+0x3b/0xb0
[  507.251306][T10038]        entry_SYSCALL_64_after_hwframe+0x68/0xd2
[  507.257722][T10038] 
[  507.257722][T10038] other info that might help us debug this:
[  507.257722][T10038] 
[  507.267961][T10038] Chain exists of:
[  507.267961][T10038]   rfcomm_mutex --> sk_lock-AF_BLUETOOTH-BTPROTO_RFCOMM --> rfcomm_ioctl_mutex
[  507.267961][T10038] 
[  507.282727][T10038]  Possible unsafe locking scenario:
[  507.282727][T10038] 
[  507.290165][T10038]        CPU0                    CPU1
[  507.295518][T10038]        ----                    ----
[  507.300871][T10038]   lock(rfcomm_ioctl_mutex);
[  507.305539][T10038]                                lock(sk_lock-AF_BLUETOOTH-BTPROTO_RFCOMM);
[  507.314203][T10038]                                lock(rfcomm_ioctl_mutex);
[  507.321390][T10038]   lock(rfcomm_mutex);
[  507.325537][T10038] 
[  507.325537][T10038]  *** DEADLOCK ***
[  507.325537][T10038] 
[  507.333841][T10038] 2 locks held by syz.4.1807/10038:
[  507.339111][T10038]  #0: ffff8881432bd130 (sk_lock-AF_BLUETOOTH-BTPROTO_RFCOMM){+.+.}-{0:0}, at: rfcomm_sock_ioctl+0x74/0xc0
[  507.350635][T10038]  #1: ffffffff8e679ce8 (rfcomm_ioctl_mutex){+.+.}-{3:3}, at: rfcomm_dev_ioctl+0x233/0x2180
[  507.360734][T10038] 
[  507.360734][T10038] stack backtrace:
[  507.366605][T10038] CPU: 1 PID: 10038 Comm: syz.4.1807 Not tainted 6.1.112-syzkaller #0
[  507.374771][T10038] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
[  507.384825][T10038] Call Trace:
[  507.388095][T10038]  <TASK>
[  507.391019][T10038]  dump_stack_lvl+0x1e3/0x2cb
[  507.395701][T10038]  ? nf_tcp_handle_invalid+0x642/0x642
[  507.401169][T10038]  ? print_circular_bug+0x12b/0x1a0
[  507.406360][T10038]  check_noncircular+0x2fa/0x3b0
[  507.411288][T10038]  ? 0xffffffffa000098c
[  507.415446][T10038]  ? add_chain_block+0x850/0x850
[  507.420391][T10038]  ? lockdep_lock+0x11f/0x2a0
[  507.425087][T10038]  ? unwind_get_return_address+0x49/0x80
[  507.430715][T10038]  ? arch_stack_walk+0xf3/0x140
[  507.435563][T10038]  ? _find_first_zero_bit+0xd0/0x100
[  507.440852][T10038]  validate_chain+0x1661/0x5950
[  507.445715][T10038]  ? reacquire_held_locks+0x660/0x660
[  507.451094][T10038]  ? lockdep_unlock+0x165/0x300
[  507.455940][T10038]  ? lockdep_lock+0x2a0/0x2a0
[  507.460611][T10038]  ? add_lock_to_list+0x1de/0x2e0
[  507.465630][T10038]  ? validate_chain+0x13ce/0x5950
[  507.470749][T10038]  ? mark_lock+0x9a/0x340
[  507.475105][T10038]  __lock_acquire+0x125b/0x1f80
[  507.479960][T10038]  lock_acquire+0x1f8/0x5a0
[  507.484466][T10038]  ? rfcomm_dlc_exists+0xa2/0x370
[  507.489626][T10038]  ? read_lock_is_recursive+0x10/0x10
[  507.494998][T10038]  ? __might_sleep+0xb0/0xb0
[  507.499581][T10038]  ? __lock_acquire+0x125b/0x1f80
[  507.504613][T10038]  __mutex_lock+0x132/0xd80
[  507.509111][T10038]  ? rfcomm_dlc_exists+0xa2/0x370
[  507.514134][T10038]  ? rfcomm_dlc_exists+0xa2/0x370
[  507.519165][T10038]  ? mutex_lock_nested+0x10/0x10
[  507.524093][T10038]  ? aa_get_newest_label+0xfb/0x6e0
[  507.529284][T10038]  ? end_current_label_crit_section+0x170/0x170
[  507.535519][T10038]  ? __might_fault+0xa1/0x110
[  507.540191][T10038]  rfcomm_dlc_exists+0xa2/0x370
[  507.545057][T10038]  ? __rfcomm_dlc_close+0x6d0/0x6d0
[  507.550284][T10038]  ? bpf_lsm_capable+0x5/0x10
[  507.554967][T10038]  ? security_capable+0x86/0xb0
[  507.559817][T10038]  rfcomm_dev_ioctl+0xb2d/0x2180
[  507.564753][T10038]  ? rfcomm_sock_debugfs_show+0x120/0x120
[  507.570558][T10038]  ? __local_bh_enable_ip+0x164/0x1f0
[  507.575930][T10038]  ? lockdep_hardirqs_on+0x94/0x130
[  507.581136][T10038]  ? __local_bh_enable_ip+0x164/0x1f0
[  507.586527][T10038]  ? _local_bh_enable+0xa0/0xa0
[  507.591379][T10038]  ? do_raw_spin_unlock+0x137/0x8a0
[  507.596576][T10038]  rfcomm_sock_ioctl+0x82/0xc0
[  507.601339][T10038]  sock_do_ioctl+0x152/0x450
[  507.605926][T10038]  ? sock_show_fdinfo+0xb0/0xb0
[  507.610770][T10038]  ? __fget_files+0x28/0x4a0
[  507.615357][T10038]  sock_ioctl+0x47f/0x770
[  507.619678][T10038]  ? sock_poll+0x410/0x410
[  507.624085][T10038]  ? __fget_files+0x28/0x4a0
[  507.628666][T10038]  ? __fget_files+0x435/0x4a0
[  507.633334][T10038]  ? __fget_files+0x28/0x4a0
[  507.638091][T10038]  ? bpf_lsm_file_ioctl+0x5/0x10
[  507.643033][T10038]  ? security_file_ioctl+0x7d/0xa0
[  507.648136][T10038]  ? sock_poll+0x410/0x410
[  507.652549][T10038]  __se_sys_ioctl+0xf1/0x160
[  507.657135][T10038]  do_syscall_64+0x3b/0xb0
[  507.661549][T10038]  ? clear_bhb_loop+0x45/0xa0
SYZFAIL: failed to recv rpc
fd=3 want=4 recv=0 n=0 (errno 9: Bad file descriptor)
[  507.666242][T10038]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[  507.672249][T10038] RIP: 0033:0x7f461277dff9
[  507.676677][T10038] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  507.696310][T10038] RSP: 002b:00007f46125de038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  507.704722][T10038] RAX: ffffffffffffffda RBX: 00007f4612936058 RCX: 00007f461277dff9
[  507.712691][T10038] RDX: 0000000020000100 RSI: 00000000400452c8 RDI: 0000000000000005
[  507.720656][T10038] RBP: 00007f46127f0296 R08: 0000000000000000 R09: 0000000000000000
[  507.728623][T10038] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  507.736587][T10038] R13: 0000000000000000 R14: 00007f4612936058 R15: 00007ffdb7e7a578
[  507.744564][T10038]  </TASK>
[  507.768130][   T46] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[  507.778974][ T9804] device veth1_vlan entered promiscuous mode
[  507.825397][ T9771] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  507.842560][ T9771] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  507.853901][ T9771] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  507.864633][ T9771] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  507.900353][   T46] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready
[  508.620642][ T3647] Bluetooth: hci0: command tx timeout
[  508.937460][ T4807] device hsr_slave_0 left promiscuous mode
[  508.944183][ T4807] device hsr_slave_1 left promiscuous mode
[  508.950546][ T4807] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  508.957963][ T4807] batman_adv: batadv0: Removing interface: batadv_slave_0
[  508.965548][ T4807] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  508.973223][ T4807] batman_adv: batadv0: Removing interface: batadv_slave_1
[  508.981276][ T4807] device bridge_slave_1 left promiscuous mode
[  508.987603][ T4807] bridge0: port 2(bridge_slave_1) entered disabled state
[  508.995953][ T4807] device bridge_slave_0 left promiscuous mode
[  509.002411][ T4807] bridge0: port 1(bridge_slave_0) entered disabled state
[  509.012510][ T4807] device veth1_macvtap left promiscuous mode
[  509.018570][ T4807] device veth0_macvtap left promiscuous mode
[  509.026158][ T4807] device veth1_vlan left promiscuous mode
[  509.033675][ T4807] device veth0_vlan left promiscuous mode
[  509.187832][ T4807] team0 (unregistering): Port device team_slave_1 removed
[  509.216621][ T4807] team0 (unregistering): Port device team_slave_0 removed
[  509.245236][ T4807] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  509.275119][ T4807] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  509.350454][ T4807] bond0 (unregistering): Released all slaves
[  510.152281][ T4807] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  510.204559][ T4807] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  510.254405][ T4807] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  510.313832][ T4807] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  510.382978][ T4807] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  510.423564][ T4807] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  510.483465][ T4807] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  510.554494][ T4807] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  510.619059][ T4807] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  510.654887][ T4807] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  510.704427][ T4807] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  510.754426][ T4807] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  511.726487][ T4807] device hsr_slave_0 left promiscuous mode
[  511.732715][ T4807] device hsr_slave_1 left promiscuous mode
[  511.738875][ T4807] batman_adv: batadv0: Removing interface: batadv_slave_0
[  511.747886][ T4807] batman_adv: batadv0: Removing interface: batadv_slave_1
[  511.755592][ T4807] device bridge_slave_1 left promiscuous mode
[  511.762831][ T4807] bridge0: port 2(bridge_slave_1) entered disabled state
[  511.770917][ T4807] device bridge_slave_0 left promiscuous mode
[  511.777069][ T4807] bridge0: port 1(bridge_slave_0) entered disabled state
[  511.790042][ T4807] device hsr_slave_0 left promiscuous mode
[  511.796348][ T4807] device hsr_slave_1 left promiscuous mode
[  511.802623][ T4807] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  511.810063][ T4807] batman_adv: batadv0: Removing interface: batadv_slave_0
[  511.817835][ T4807] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  511.825631][ T4807] batman_adv: batadv0: Removing interface: batadv_slave_1
[  511.833340][ T4807] device bridge_slave_1 left promiscuous mode
[  511.839493][ T4807] bridge0: port 2(bridge_slave_1) entered disabled state
[  511.847706][ T4807] device bridge_slave_0 left promiscuous mode
[  511.854171][ T4807] bridge0: port 1(bridge_slave_0) entered disabled state
[  511.864769][ T4807] device hsr_slave_0 left promiscuous mode
[  511.870993][ T4807] device hsr_slave_1 left promiscuous mode
[  511.877166][ T4807] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  511.884649][ T4807] batman_adv: batadv0: Removing interface: batadv_slave_0
[  511.892699][ T4807] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  511.900135][ T4807] batman_adv: batadv0: Removing interface: batadv_slave_1
[  511.909900][ T4807] device bridge_slave_1 left promiscuous mode
[  511.916303][ T4807] bridge0: port 2(bridge_slave_1) entered disabled state
[  511.924362][ T4807] device bridge_slave_0 left promiscuous mode
[  511.930785][ T4807] bridge0: port 1(bridge_slave_0) entered disabled state
[  511.944037][ T4807] device hsr_slave_0 left promiscuous mode
[  511.950223][ T4807] device hsr_slave_1 left promiscuous mode
[  511.956609][ T4807] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  511.964251][ T4807] batman_adv: batadv0: Removing interface: batadv_slave_0
[  511.972039][ T4807] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  511.979443][ T4807] batman_adv: batadv0: Removing interface: batadv_slave_1
[  511.987274][ T4807] device bridge_slave_1 left promiscuous mode
[  511.993704][ T4807] bridge0: port 2(bridge_slave_1) entered disabled state
[  512.002035][ T4807] device bridge_slave_0 left promiscuous mode
[  512.008322][ T4807] bridge0: port 1(bridge_slave_0) entered disabled state
[  512.021227][ T4807] device veth1_vlan left promiscuous mode
[  512.027051][ T4807] device veth0_vlan left promiscuous mode
[  512.033578][ T4807] device veth1_macvtap left promiscuous mode
[  512.039697][ T4807] device veth0_macvtap left promiscuous mode
[  512.045895][ T4807] device veth1_vlan left promiscuous mode
[  512.051728][ T4807] device veth0_vlan left promiscuous mode
[  512.058006][ T4807] device veth1_macvtap left promiscuous mode
[  512.064547][ T4807] device veth0_macvtap left promiscuous mode
[  512.070724][ T4807] device veth1_vlan left promiscuous mode
[  512.076473][ T4807] device veth0_vlan left promiscuous mode
[  512.083657][ T4807] device veth1_macvtap left promiscuous mode
[  512.089682][ T4807] device veth0_macvtap left promiscuous mode
[  512.095791][ T4807] device veth1_vlan left promiscuous mode
[  512.101777][ T4807] device veth0_vlan left promiscuous mode
[  512.359738][ T4807] team0 (unregistering): Port device team_slave_1 removed
[  512.393376][ T4807] team0 (unregistering): Port device team_slave_0 removed
[  512.404300][ T4807] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  512.432842][ T4807] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  512.482352][ T4807] bond0 (unregistering): Released all slaves
[  512.595814][ T4807] team0 (unregistering): Port device team_slave_1 removed
[  512.607098][ T4807] team0 (unregistering): Port device team_slave_0 removed
[  512.637757][ T4807] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  512.665784][ T4807] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  512.715101][ T4807] bond0 (unregistering): Released all slaves
[  512.907998][ T4807] team0 (unregistering): Port device team_slave_1 removed
[  512.937249][ T4807] team0 (unregistering): Port device team_slave_0 removed
[  512.966390][ T4807] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  512.995079][ T4807] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  513.045202][ T4807] bond0 (unregistering): Released all slaves
[  513.184101][ T4807] team0 (unregistering): Port device team_slave_1 removed
[  513.211426][ T4807] team0 (unregistering): Port device team_slave_0 removed
[  513.239722][ T4807] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  513.267662][ T4807] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  513.317829][ T4807] bond0 (unregistering): Released all slaves