last executing test programs:

2m53.133432324s ago: executing program 1 (id=429):
r0 = socket$unix(0x1, 0x1, 0x0)
r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101})
r2 = socket(0x400000000010, 0x3, 0x0)
r3 = socket$unix(0x1, 0x1, 0x0)
ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r4=>0x0})
sendmsg$nl_route_sched(r2, &(0x7f0000000bc0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000001c0)=@newqdisc={0x34, 0x24, 0x4ee4e6a52ff56541, 0x70ad2a, 0xffffffff, {0x0, 0x0, 0x0, r4, {0x0, 0x3}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_cake={{0x9}, {0x4}}]}, 0x34}, 0x1, 0x0, 0x0, 0x8000}, 0x0)
sendmsg$nl_route_sched(r2, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000480)=@newtfilter={0x3c, 0x2c, 0xd27, 0x30bd26, 0x25dfdbfc, {0x0, 0x0, 0x0, r4, {0x10, 0x4}, {}, {0x8, 0x5}}, [@filter_kind_options=@f_flower={{0xb}, {0xc, 0x2, [@TCA_FLOWER_CLASSID={0x8, 0x1, {0x3, 0xfff2}}]}}]}, 0x3c}, 0x1, 0x0, 0x0, 0x20000091}, 0x20000000)
r5 = socket$kcm(0x11, 0x3, 0x0)
r6 = openat$tun(0xffffffffffffff9c, &(0x7f0000000400), 0x6fc84b579dfed949, 0x0)
close(r6)
ioctl$SIOCSIFHWADDR(r6, 0x8914, &(0x7f0000002280)={'syzkaller0\x00', @multicast})
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r7=>0x0})
setsockopt$sock_attach_bpf(r5, 0x107, 0xf, &(0x7f0000000600), 0x56)
sendmsg$kcm(r5, &(0x7f00000000c0)={&(0x7f0000000380)=@xdp={0x2c, 0x0, r7, 0x3e}, 0x80, &(0x7f0000000080)=[{&(0x7f0000000180)="27030200590214000600002fb96dbcf706e10500000086ddffff1144ee163cd4b8bf4a31accb", 0x26}], 0x1}, 0x4)

2m52.756102376s ago: executing program 1 (id=433):
sendmsg$netlink(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000), 0x0, 0x0, 0x0, 0x400c445}, 0x0)
r0 = socket(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, 0x0}, 0x0)
syz_init_net_socket$bt_rfcomm(0x1f, 0x1, 0x3)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x102}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs={0x0, 0x0, 0xfffffffe}, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
r4 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r4, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x40050}, 0x0)
r5 = openat$dsp(0xffffffffffffff9c, &(0x7f0000000000), 0x42, 0x0)
ioctl$SOUND_MIXER_WRITE_RECSRC(r5, 0xc0044dff, &(0x7f0000000200)=0xb)
r6 = socket$igmp(0x2, 0x3, 0x2)
getsockopt$inet_mtu(r6, 0x0, 0xa, &(0x7f0000000040), &(0x7f00000000c0)=0x4)

2m51.899086556s ago: executing program 1 (id=435):
ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0)
syz_usb_connect(0x5, 0x4a, &(0x7f0000000280)={{0x12, 0x1, 0x110, 0xd4, 0xf8, 0x65, 0x40, 0x4d8, 0x83, 0xda47, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x38, 0x1, 0x2, 0x8, 0x40, 0xb3, [{{0x9, 0x4, 0x0, 0xb2, 0x1, 0x2, 0x2, 0x1, 0x94, [@cdc_ncm={{0x5}, {0x5, 0x24, 0x0, 0x2}, {0xd, 0x24, 0xf, 0x1, 0x10, 0xd5, 0xff, 0x3}, {0x6, 0x24, 0x1a, 0x3, 0x6422595bae3614d5}}], [{{0x9, 0x5, 0xa, 0x10, 0x26073d698670e078, 0x4, 0x6, 0xf}}]}}]}}]}}, 0x0)

2m48.345918101s ago: executing program 1 (id=445):
sendmsg$netlink(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000), 0x0, 0x0, 0x0, 0x400c445}, 0x0)
r0 = socket(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, 0x0}, 0x0)
syz_init_net_socket$bt_rfcomm(0x1f, 0x1, 0x3)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x102}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs={0x0, 0x0, 0xfffffffe}, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
r4 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r4, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x40050}, 0x0)
r5 = openat$dsp(0xffffffffffffff9c, &(0x7f0000000000), 0x42, 0x0)
ioctl$SOUND_MIXER_WRITE_RECSRC(r5, 0xc0044dff, &(0x7f0000000200)=0xb)
r6 = socket$igmp(0x2, 0x3, 0x2)
getsockopt$inet_mtu(r6, 0x0, 0xa, &(0x7f0000000040), &(0x7f00000000c0)=0x4)

2m46.517019937s ago: executing program 1 (id=449):
setsockopt$inet_buf(0xffffffffffffffff, 0x0, 0x8008000000010, 0x0, 0x0)
r0 = getpgrp(0x0)
unshare(0x22020600)
sched_setaffinity(r0, 0x8, &(0x7f0000000040)=0x5)
prlimit64(r0, 0xe, &(0x7f0000000140)={0x8, 0x80000100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000300)=0x7)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r1 = socket$inet_udp(0x2, 0x2, 0x0)
setsockopt$inet_MCAST_JOIN_GROUP(r1, 0x0, 0x2a, 0x0, 0x0)
r2 = getpid()
sched_setscheduler(r2, 0x2, &(0x7f0000000000)=0x3)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
r3 = syz_clone(0x8000, 0x0, 0xfffffffffffffe7e, 0x0, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, r3, 0x1, 0x0)
r4 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r4, &(0x7f0000019680)=""/102392, 0x18ff8)
setsockopt$IP6T_SO_SET_REPLACE(0xffffffffffffffff, 0x29, 0x40, &(0x7f00000004c0)=@raw={'raw\x00', 0x3c1, 0x3, 0x438, 0x0, 0x2b8, 0xb0000010, 0x0, 0x5c8f0200, 0x368, 0x3a8, 0x3a8, 0x368, 0x3a8, 0x3, 0x0, {[{{@ipv6={@private1, @local, [], [], 'vlan1\x00', 'veth0_to_team\x00'}, 0x0, 0x228, 0x270, 0x700, {}, [@common=@inet=@hashlimit3={{0x158}, {'geneve1\x00', {0xf1, 0x0, 0x33, 0x0, 0x0, 0x1, 0x7fffffff}}}, @inet=@rpfilter={{0x28}, {0x3}}]}, @common=@unspec=@IDLETIMER={0x48, 'IDLETIMER\x00', 0x0, {0x206, 'syz1\x00'}}}, {{@uncond, 0x0, 0xd0, 0xf8, 0x0, {}, [@inet=@rpfilter={{0x28}}]}, @common=@unspec=@CONNSECMARK={0x28}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x498)
sendmsg$nl_xfrm(0xffffffffffffffff, 0x0, 0x0)
r5 = io_uring_setup(0x5ba8, &(0x7f0000000280)={0x0, 0xfc9f, 0x40, 0x1, 0x2fc})
io_uring_register$IORING_REGISTER_RING_FDS(r5, 0x13, &(0x7f0000001bc0), 0x2)

2m45.001155735s ago: executing program 1 (id=450):
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000), 0x2102, 0x0)
ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf)
ioctl$TCFLSH(r0, 0x400455c8, 0x1)
ioctl$TIOCSETD(0xffffffffffffffff, 0x5412, &(0x7f0000000140)=0xffffffc0)

2m29.446891695s ago: executing program 32 (id=450):
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000), 0x2102, 0x0)
ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf)
ioctl$TCFLSH(r0, 0x400455c8, 0x1)
ioctl$TIOCSETD(0xffffffffffffffff, 0x5412, &(0x7f0000000140)=0xffffffc0)

15.959994657s ago: executing program 5 (id=768):
syz_mount_image$reiserfs(&(0x7f0000000000), &(0x7f00000000c0)='./file1\x00', 0x8488, &(0x7f00000001c0), 0x1, 0x10fd, &(0x7f0000001140)="$eJzs2T9rFEEYBvBnds8/3cqmXwQtLCQknF8ghcK1ttqIpDJVrlL8OH4cTWUf0msRsF9Zb/dO5UTwTm1+PzjmvYd9Z2fKmQ0AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMZsmnkhxUSTtlVZKSdN3F4ipJN+V33tdVSp6eLpaPz+dPlknqb4+XZ0kZuoa2tMf3brfzdt4et48OTu5/WL5+8+rF2dnp+ThNSZfL6/1vpYzrAQAAAH7U76z5z+8HAAAAfmdvFwkAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAf6hvNnU7FVWSknTdxeIqSbel78Y/Wh8AAACwu5Iqz5tt+eoaYONhPjZlnQ/jlzLUR3m3pR8AAAD4pf7WWHz/fb3c3JzHH2S2PpcP2d3Mcni4+j8O+XyS1EmOfpr88vrty+lX+vpv7wUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgK/swLEAAAAAgDB/6zQ6NgAAAAAAAAAAAAAAAAAAAPYKAAD///F61s8=")
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='cpuacct.usage_percpu\x00', 0x275a, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x102}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
syz_open_procfs(0xffffffffffffffff, 0x0)
ioctl$LOOP_GET_STATUS64(0xffffffffffffffff, 0x4c05, &(0x7f00000007c0))
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$ipvs(&(0x7f0000000040), 0xffffffffffffffff)
sendmsg$IPVS_CMD_ZERO(r3, 0x0, 0x0)
ftruncate(r0, 0x2000009)
syz_mount_image$vfat(&(0x7f00000002c0), &(0x7f0000000280)='./bus\x00', 0x810408, 0x0, 0x0, 0x0, &(0x7f00000007c0))
write$P9_ROPEN(r0, &(0x7f0000000100)={0x18, 0x71, 0x2, {{0x80, 0x4, 0x3}, 0x3}}, 0x18)

11.147483785s ago: executing program 2 (id=776):
sendmsg$netlink(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000), 0x0, 0x0, 0x0, 0x400c445}, 0x0)
r0 = socket(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, 0x0}, 0x0)
syz_init_net_socket$bt_rfcomm(0x1f, 0x1, 0x3)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x102}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs={0x0, 0x0, 0xfffffffe}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
r3 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r3, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000340)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0)
sendmsg$NFT_BATCH(r3, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x40050}, 0x0)
r4 = openat$dsp(0xffffffffffffff9c, &(0x7f0000000000), 0x42, 0x0)
ioctl$SOUND_MIXER_WRITE_RECSRC(r4, 0xc0044dff, &(0x7f0000000200)=0xb)
r5 = socket$igmp(0x2, 0x3, 0x2)
getsockopt$inet_mtu(r5, 0x0, 0xa, &(0x7f0000000040), &(0x7f00000000c0)=0x4)

11.05525093s ago: executing program 0 (id=778):
socket$inet6_tcp(0xa, 0x1, 0x0)
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
close(0x3)
ioctl$sock_SIOCETHTOOL(r0, 0x8946, &(0x7f0000000100)={'netdevsim0\x00', &(0x7f0000000180)=@ethtool_regs={0x4, 0xad1, 0x49, "088d447142b9f1cb8fc4dac1060c9f0e687340dc31044944e8fe3853108910f9d536b02b21e50447d1a88e721d900726bbdfa2222cd5e40f1427245b17b58592e6620046603352cfc6"}})
pipe2(&(0x7f0000000340)={0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
r2 = epoll_create1(0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
r3 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r3, &(0x7f0000019680)=""/102392, 0x18ff8)
r4 = syz_open_procfs(0x0, &(0x7f0000000080)='map_files\x00')
mknodat(r4, &(0x7f0000000000)='./file0\x00', 0x21, 0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xa, 0x50, 0xffffffffffffffff, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
syz_open_dev$usbfs(&(0x7f0000000100), 0xfffffffffffffffe, 0xa001)
epoll_ctl$EPOLL_CTL_ADD(r2, 0x1, r1, &(0x7f0000000140))
write$FUSE_ENTRY(r1, &(0x7f00000024c0)={0x90, 0x0, 0x0, {0x80000, 0x0, 0x0, 0x0, 0x2, 0x0, {0x0, 0xffff, 0x0, 0x0, 0x20000000000007f, 0x0, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x2}}}, 0x90)
socket(0x10, 0x3, 0x0)
r5 = epoll_create1(0x0)
dup3(r0, r5, 0x0)

10.835046553s ago: executing program 5 (id=779):
socket$nl_generic(0x10, 0x3, 0x10)
r0 = socket$inet6_sctp(0xa, 0x5, 0x84)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000240)=0x7)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeea, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
r4 = socket$inet6_sctp(0xa, 0x1, 0x84)
getsockopt$inet_sctp6_SCTP_MAX_BURST(r4, 0x84, 0x83, 0x0, &(0x7f0000000300))
setsockopt$inet_sctp6_SCTP_AUTH_DELETE_KEY(r0, 0x84, 0x19, &(0x7f0000000180)={0x0, 0x7}, 0x8)
syz_emit_ethernet(0x3e, &(0x7f0000000f00)=ANY=[@ANYBLOB="aaaaaaaaaaaaffff"], 0x0)
ioctl$TCGETA(0xffffffffffffffff, 0x5405, 0x0)
io_setup(0x81, 0x0)
unshare(0x22020600)
syz_mount_image$vfat(&(0x7f0000000100), &(0x7f0000000640)='./file0\x00', 0x2000414, &(0x7f0000000dc0)=ANY=[@ANYBLOB="6e6f6e756d7461696c2c6e66732c73686f72746e616d653d6c6f7765722c757466383d312c64656275672c696f636861727365743d757466382c73686f72746e616d653d6d697865642c757466383d312c004845160000000000", @ANYRESDEC=0x0, @ANYBLOB="b58208b37a58446284048f26b79953e521b27c3a5dbc8e7fcd644e2caaa1acc91237f4447b548c7caab7ede0f978d175cd8108db49a660493d3511a7f6d67dba109d4f769a1cddfc97c554c8d7c38ecae48c95955fb02bcd2da02935ab9658f576b9d2526dd40f73035883f2f7d388f9cb004bcef6c90d011afc4849d7d7ee3abdf4dfa36378701a61a8f83187960881d90cf42cae6384fa916f5df9e11d2546c01011f28c9be1a2a5aa2139ef29be6d87c8d93fce5239580e58fe24d4304f196fa0d43d7aeb4dc3da644ba32b1e61734c4211811d81d78f283d637a78b107898d59c7048fa04ea6e0ebe491f42f2f32bd531eeb8e2659d2", @ANYRESDEC, @ANYRES64, @ANYRES64, @ANYRESHEX, @ANYRESHEX], 0x1, 0x2c3, &(0x7f0000000ac0)="$eJzs3cFqE1EUxvFjU5s0pU0EERTUg250M7TxATRIC2JAqY2oC2FqJxoyJmUmVCJisxG3Pkdx6U5QX6AbcePeXREEN12II52ZtJM2bdM2TWL7/0GZO3Pux71N0nISSLLy4N3zUsE1CmZVBhIqAyJ1WRVJr41CJ8LjgD8ekqi6XB35/f38vYePbmdzuclp1anszLWMqo5d/PTi1ftLX6oj9z+MfYzLcvrxyq/Mj+Wh5bMrf2eeFV0tulquVNXU2Uqlas7als4V3ZKhete2TNfSYtm1nKZ6wa7Mz9fULM+NJucdy3XVLNe0ZNW0WtGqU1PzqVksq2EYOpqU422wjTn5pelpM7tt2Yt1dEc4dMOtLjpOtt66mF/qwp4AAECf2bn/D3r97fr/je5wL/3/md37f5Fo/58IF6H/74B609ku/T+OBMfJmsnw77cZ/T8AAAAAAAAAAAAAAAAAAAAAAP+DVc9LeZ6XWjuGl/zzuIgkgreA++c93iYOSfT+9yI/6/d/eL4pdr1H20WHRd64lxCx3y7kF/LBMahnC1IUWywZl5T88R8PoWA8dSs3Oa6+tHy2F8P84kI+JvFGviHdKn/h1ESQ1+b8SUlG189ISk63Xj/TMj8kVy5H8oak5OsTqYgtc/7jeiP/ekL15p3cpvywPw8AAAAAgKPA0HVbnr/7dX9CQrbWg3zk9QHP8xZ3en1g0/PrQTnXzkdUAgAAAACAA3NrL0umbVvOPgZxETlAvPMDzxPp/TZi0h+3RvPghoj0wTa6NUiISHBF9xP/uR5vK+W1MWcw/AaO/rh9dh/0+j8TAAAAgE7baPr3EPr25hB3BAAAAAAAAAAAAAAAAAAAAAAAAAAAAADA8dPu54E15m8pNQo7xCPLxbr+CwIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB95F8AAAD//6loFW8=")
fcntl$lock(0xffffffffffffffff, 0x6, 0x0)
rmdir(&(0x7f0000000200)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00')
newfstatat(0xffffffffffffff9c, &(0x7f0000000300)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', &(0x7f0000000140), 0x2000)

10.009173301s ago: executing program 0 (id=780):
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)
pipe2$9p(&(0x7f00000000c0)={0xffffffffffffffff, <r0=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r0, &(0x7f0000000300)=ANY=[@ANYBLOB], 0x15)
dup(r0)
r1 = openat$sndtimer(0xffffffffffffff9c, &(0x7f00000030c0), 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x7, 0x100}, 0x0)
r2 = getpid()
sched_setscheduler(r2, 0x1, &(0x7f0000000200)=0x7)
syz_genetlink_get_family_id$ethtool(0x0, 0xffffffffffffffff)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x300000b, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
ioctl$SNDRV_TIMER_IOCTL_NEXT_DEVICE(r1, 0xc0145401, &(0x7f0000000000)={0x3, 0x0, 0x0, 0x0, 0x7fffffff})

9.003718109s ago: executing program 0 (id=782):
sendmsg$netlink(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000), 0x0, 0x0, 0x0, 0x400c445}, 0x0)
r0 = socket(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, 0x0}, 0x0)
syz_init_net_socket$bt_rfcomm(0x1f, 0x1, 0x3)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x102}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs={0x0, 0x0, 0xfffffffe}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
r3 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r3, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000340)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0)
sendmsg$NFT_BATCH(r3, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x40050}, 0x0)
r4 = openat$dsp(0xffffffffffffff9c, &(0x7f0000000000), 0x42, 0x0)
ioctl$SOUND_MIXER_WRITE_RECSRC(r4, 0xc0044dff, &(0x7f0000000200)=0xb)
r5 = socket$igmp(0x2, 0x3, 0x2)
getsockopt$inet_mtu(r5, 0x0, 0xa, &(0x7f0000000040), &(0x7f00000000c0)=0x4)

8.958920552s ago: executing program 3 (id=783):
r0 = getpgrp(0x0)
sched_setaffinity(r0, 0x8, &(0x7f0000000040)=0x5)
prlimit64(0x0, 0xe, &(0x7f0000000100)={0x8, 0x80000100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000300)=0x7)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000000)=0x3)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
r2 = syz_clone(0x8000, 0x0, 0xfffffffffffffe7e, 0x0, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, r2, 0x1, 0x0)
r3 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r3, &(0x7f0000019680)=""/102392, 0x18ff8)
mount$tmpfs(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000400), 0x10000, &(0x7f0000000180)=ANY=[@ANYBLOB='huge=always,mpol=interleave'])
chdir(&(0x7f0000000240)='./file0\x00')
r4 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='cgroup.controllers\x00', 0x275a, 0x0)
write$binfmt_script(r4, &(0x7f0000000240), 0x3af4701e)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28012, r4, 0x0)

8.736851214s ago: executing program 2 (id=784):
r0 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000000)='/sys/power/pm_debug_messages', 0x42, 0x104)
io_setup(0x20, &(0x7f0000001140)=<r1=>0x0)
io_submit(r1, 0x1, &(0x7f0000000300)=[&(0x7f0000002040)={0xf, 0x400000000000, 0x0, 0x1, 0x0, r0, &(0x7f00000000c0), 0x0, 0x5}])

7.319590216s ago: executing program 3 (id=785):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sendmsg$NFT_BATCH(0xffffffffffffffff, 0x0, 0x60008090)
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000003c0)=ANY=[], 0xc0}}, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$l2tp(&(0x7f0000000300), 0xffffffffffffffff)
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_LIST(r0, &(0x7f0000002300)={0x0, 0x0, &(0x7f00000022c0)={&(0x7f0000002280)={0x28, 0x7, 0x6, 0x5, 0x0, 0x0, {0xa, 0x0, 0x5}, [@IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_FLAGS={0x8, 0x6, 0x1, 0x0, 0x4}]}, 0x28}, 0x1, 0x0, 0x0, 0x20000000}, 0x40000)
openat(0xffffffffffffff9c, 0x0, 0x0, 0x0)
openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000000)=0x7)
r1 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x143102)
writev(r1, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
r2 = socket$inet6(0xa, 0x6, 0x10002)
bind$inet6(r2, &(0x7f00000000c0)={0xa, 0x4e21, 0x0, @empty}, 0x1c)
rseq(&(0x7f0000000400), 0x20, 0x0, 0x0)
syz_emit_vhci(&(0x7f00000000c0)=ANY=[@ANYBLOB="041817aaaaaaaa"], 0x1a)
mkdirat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0)
mount$afs(0x0, &(0x7f00000001c0)='./file0\x00', &(0x7f00000002c0), 0x0, &(0x7f00000011c0)=ANY=[@ANYBLOB='dyn'])
chdir(0x0)
lstat(0x0, 0x0)
chmod(&(0x7f0000000180)='./file0/file0\x00', 0x44)
openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
r3 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r3, 0x0, 0x0)

7.296291058s ago: executing program 4 (id=786):
syz_emit_vhci(&(0x7f00000000c0)=ANY=[@ANYBLOB="040282f4322acb7101aaaaaa1e3f66"], 0x12)
fallocate(0xffffffffffffffff, 0x10, 0x0, 0xbc)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000180)={0x8, 0x100}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0)
r0 = syz_open_dev$sndmidi(&(0x7f00000001c0), 0x2, 0x141102)
writev(r0, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
ioctl$SNDRV_SEQ_IOCTL_SET_PORT_INFO(0xffffffffffffffff, 0xc0a85320, 0x0)
clock_adjtime(0x0, &(0x7f0000000380)={0x3ff, 0x3, 0x4100, 0xd, 0x0, 0x3, 0x400000000, 0x800000000006, 0x0, 0x100, 0x3, 0x0, 0x7, 0x0, 0x9f, 0x2, 0x0, 0x0, 0x300000000000, 0x9, 0x8001, 0x3, 0x0, 0x3, 0x0, 0xe})
openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0)
iopl(0x5)
r1 = syz_open_dev$ttys(0xc, 0x2, 0x0)
ioctl$TIOCSETD(r1, 0x5423, &(0x7f0000000080)=0x14)
ioctl$TIOCSETD(r1, 0x5423, &(0x7f0000000000)=0x19)
symlink(&(0x7f0000000100)='\x13\x13w\xc5\xfc5\xd4\x14T\xd5\xd4\x1d)\xad\x1a`)Y\x81F\xe6\xbe\x16nA\xad\r\xbd@T\x03<\x9f3\xbb\xda\x82$\xa2\xf3\xd7r\xe7cnH\xb3<\xbfp\x83r\xe8\xf1\xb9\x93>\xc5\x12wC\xbe\"\x06 \x9e\xf0-\xf9\xcb\xf2\xf6\xe8\x80\xd38//file0\x00', &(0x7f00000002c0)='.\x02\x00')
ptrace(0x10, 0x0)
capset(&(0x7f0000000000)={0x20080522}, &(0x7f0000000280))

7.156494766s ago: executing program 2 (id=787):
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x40241, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000200)={'syzkaller1\x00', 0xc201})
r1 = socket$kcm(0x2, 0xa, 0x2)
ioctl$SIOCSIFHWADDR(r1, 0x8914, &(0x7f0000000180)={'syzkaller1\x00', @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0xe}})
write$tun(r0, &(0x7f00000002c0)={@val={0x0, 0x86dd}, @val={0x0, 0x3, 0x11, 0x4, 0x0, 0xca6}, @mpls={[], @ipv6=@gre_packet={0xe, 0x6, "ec00be", 0x44, 0x2f, 0xff, @local, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02', {[], {{0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x88be, 0x0, 0x3}, {0x0, 0x0, 0x1, 0x1}, {0x1, 0x0, 0x1}, {0xa888, 0x88be, 0x2, {{0x6, 0x1, 0x9, 0x2, 0x1, 0x0, 0x3, 0x5}, 0x1, {0x88a8}}}, {0x8, 0x22eb, 0x20000, {{0x0, 0x2, 0xc, 0x0, 0x0, 0x2, 0x7, 0x8}, 0x2, {0x2, 0x4, 0x0, 0x5, 0x1, 0x1, 0x1}}}, {0x8, 0x6558, 0x2}}}}}}, 0x7a)

6.302826135s ago: executing program 4 (id=788):
syz_mount_image$reiserfs(&(0x7f0000000000), &(0x7f00000000c0)='./file1\x00', 0x8488, &(0x7f00000001c0), 0x1, 0x10fd, &(0x7f0000001140)="$eJzs2T9rFEEYBvBnds8/3cqmXwQtLCQknF8ghcK1ttqIpDJVrlL8OH4cTWUf0msRsF9Zb/dO5UTwTm1+PzjmvYd9Z2fKmQ0AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMZsmnkhxUSTtlVZKSdN3F4ipJN+V33tdVSp6eLpaPz+dPlknqb4+XZ0kZuoa2tMf3brfzdt4et48OTu5/WL5+8+rF2dnp+ThNSZfL6/1vpYzrAQAAAH7U76z5z+8HAAAAfmdvFwkAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAf6hvNnU7FVWSknTdxeIqSbel78Y/Wh8AAACwu5Iqz5tt+eoaYONhPjZlnQ/jlzLUR3m3pR8AAAD4pf7WWHz/fb3c3JzHH2S2PpcP2d3Mcni4+j8O+XyS1EmOfpr88vrty+lX+vpv7wUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgK/swLEAAAAAgDB/6zQ6NgAAAAAAAAAAAAAAAAAAAPYKAAD///F61s8=")
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='cpuacct.usage_percpu\x00', 0x275a, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x102}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
syz_open_procfs(0xffffffffffffffff, 0x0)
ioctl$LOOP_GET_STATUS64(0xffffffffffffffff, 0x4c05, &(0x7f00000007c0))
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$ipvs(&(0x7f0000000040), 0xffffffffffffffff)
sendmsg$IPVS_CMD_ZERO(r3, 0x0, 0x0)
ftruncate(r0, 0x2000009)
syz_mount_image$vfat(&(0x7f00000002c0), &(0x7f0000000280)='./bus\x00', 0x810408, 0x0, 0x0, 0x0, &(0x7f00000007c0))
write$P9_ROPEN(r0, &(0x7f0000000100)={0x18, 0x71, 0x2, {{0x80, 0x4, 0x3}, 0x3}}, 0x18)

6.035089181s ago: executing program 2 (id=789):
syz_mount_image$reiserfs(&(0x7f0000000000), &(0x7f00000000c0)='./file1\x00', 0x8488, &(0x7f00000001c0), 0x1, 0x10fd, &(0x7f0000001140)="$eJzs2T9rFEEYBvBnds8/3cqmXwQtLCQknF8ghcK1ttqIpDJVrlL8OH4cTWUf0msRsF9Zb/dO5UTwTm1+PzjmvYd9Z2fKmQ0AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMZsmnkhxUSTtlVZKSdN3F4ipJN+V33tdVSp6eLpaPz+dPlknqb4+XZ0kZuoa2tMf3brfzdt4et48OTu5/WL5+8+rF2dnp+ThNSZfL6/1vpYzrAQAAAH7U76z5z+8HAAAAfmdvFwkAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAf6hvNnU7FVWSknTdxeIqSbel78Y/Wh8AAACwu5Iqz5tt+eoaYONhPjZlnQ/jlzLUR3m3pR8AAAD4pf7WWHz/fb3c3JzHH2S2PpcP2d3Mcni4+j8O+XyS1EmOfpr88vrty+lX+vpv7wUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgK/swLEAAAAAgDB/6zQ6NgAAAAAAAAAAAAAAAAAAAPYKAAD///F61s8=")
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='cpuacct.usage_percpu\x00', 0x275a, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x102}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
syz_open_procfs(0xffffffffffffffff, 0x0)
ioctl$LOOP_GET_STATUS64(0xffffffffffffffff, 0x4c05, &(0x7f00000007c0))
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$ipvs(&(0x7f0000000040), 0xffffffffffffffff)
sendmsg$IPVS_CMD_ZERO(r3, 0x0, 0x0)
ftruncate(r0, 0x2000009)
syz_mount_image$vfat(&(0x7f00000002c0), &(0x7f0000000280)='./bus\x00', 0x810408, 0x0, 0x0, 0x0, &(0x7f00000007c0))
write$P9_ROPEN(r0, &(0x7f0000000100)={0x18, 0x71, 0x2, {{0x80, 0x4, 0x3}, 0x3}}, 0x18)

4.442655063s ago: executing program 3 (id=790):
r0 = socket$inet6_sctp(0xa, 0x801, 0x84)
sendto$inet6(r0, &(0x7f00000001c0), 0x0, 0x4000c01, &(0x7f0000000280)={0xa, 0x400, 0xfffffffe, @private2={0xfc, 0x2, '\x00', 0x1}, 0x3}, 0x1c)
shutdown(r0, 0x1)
getsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER(r0, 0x84, 0x7c, &(0x7f00000000c0), &(0x7f0000000180)=0x8)

4.410005355s ago: executing program 5 (id=791):
recvmsg$unix(0xffffffffffffffff, 0x0, 0x0)
syz_genetlink_get_family_id$wireguard(0x0, 0xffffffffffffffff)
bpf$ENABLE_STATS(0x20, 0x0, 0x0)
sendmsg$NLBL_CIPSOV4_C_ADD(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000080)=ANY=[@ANYBLOB='P\x00\x00\x00', @ANYRES16, @ANYBLOB="010000000000000000000100000008000100040000002c00048005000300010000000500030080ffffff05000300016900000500030080ffffff05000300050000000800020003"], 0x50}}, 0x0)
r0 = socket$inet(0x2, 0x4000000000000001, 0x0)
getsockopt$IP_VS_SO_GET_DESTS(r0, 0x0, 0x484, &(0x7f00000000c0)=""/24, &(0x7f0000000340)=0x18)

4.226942415s ago: executing program 3 (id=792):
syz_usb_connect(0x6, 0x2d, &(0x7f0000000000)=ANY=[@ANYBLOB], 0x0)
socketpair$unix(0x1, 0x1, 0x0, 0x0)
openat$sw_sync(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
r0 = openat$sw_sync(0xffffffffffffff9c, &(0x7f0000000ac0), 0x0, 0x0)
ioctl$SW_SYNC_IOC_CREATE_FENCE(r0, 0xc0285700, &(0x7f0000000040)={0x4, "abacd211119ca94c63377526aeb5ab2c7b9ca5fa07558139ede6dc06270ee042"})
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x7, 0x100}, 0x0)
r1 = getpid()
sched_setscheduler(r1, 0x1, &(0x7f0000000200)=0x7)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
r3 = syz_open_procfs(0x0, &(0x7f00000000c0)='net/if_inet6\x00')
read$FUSE(r3, &(0x7f0000003780)={0x2020}, 0x2020)

4.183001338s ago: executing program 5 (id=793):
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)
pipe2$9p(&(0x7f00000000c0)={0xffffffffffffffff, <r0=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r0, &(0x7f0000000300)=ANY=[@ANYBLOB], 0x15)
dup(r0)
r1 = openat$sndtimer(0xffffffffffffff9c, &(0x7f00000030c0), 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x7, 0x100}, 0x0)
r2 = getpid()
sched_setscheduler(r2, 0x1, &(0x7f0000000200)=0x7)
syz_genetlink_get_family_id$ethtool(0x0, 0xffffffffffffffff)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x300000b, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
ioctl$SNDRV_TIMER_IOCTL_NEXT_DEVICE(r1, 0xc0145401, &(0x7f0000000000)={0x3, 0x0, 0x0, 0x0, 0x7fffffff})

3.294570469s ago: executing program 4 (id=794):
userfaultfd(0x80801)
socket(0x10, 0x3, 0x0)
socket$inet6(0xa, 0x800000000000002, 0x0)
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100), 0x42082, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x2})
r1 = openat$tun(0xffffffffffffff9c, &(0x7f00000001c0), 0x102, 0x0)
close(r1)
ioctl$TUNSETTXFILTER(r0, 0x400454d1, &(0x7f0000000200)=ANY=[@ANYRES16=r1, @ANYRES32=r0])
socket$netlink(0x10, 0x3, 0x4)
ioctl$SIOCSIFHWADDR(r1, 0x8914, &(0x7f0000002280)={'syzkaller0\x00', @multicast})
r2 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r3=>0x0})
r4 = socket$packet(0x11, 0x2, 0x300)
sendto$packet(r4, 0x0, 0x0, 0x50040, &(0x7f00000001c0)={0x11, 0x3, r3, 0x1, 0xd8, 0x6, @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x3}}, 0x14)

3.234943273s ago: executing program 0 (id=795):
r0 = socket$unix(0x1, 0x1, 0x0)
r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101})
r2 = socket$unix(0x1, 0x1, 0x0)
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r3=>0x0})
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000bc0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000001c0)=@newqdisc={0x34, 0x24, 0x4ee4e6a52ff56541, 0x70ad2a, 0xffffffff, {0x0, 0x0, 0x0, r3, {0x0, 0x3}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_cake={{0x9}, {0x4}}]}, 0x34}, 0x1, 0x0, 0x0, 0x8000}, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000480)=@newtfilter={0x3c, 0x2c, 0xd27, 0x30bd26, 0x25dfdbfc, {0x0, 0x0, 0x0, r3, {0x10, 0x4}, {}, {0x8, 0x5}}, [@filter_kind_options=@f_flower={{0xb}, {0xc, 0x2, [@TCA_FLOWER_CLASSID={0x8, 0x1, {0x3, 0xfff2}}]}}]}, 0x3c}, 0x1, 0x0, 0x0, 0x20000091}, 0x20000000)
r4 = socket$kcm(0x11, 0x3, 0x0)
r5 = openat$tun(0xffffffffffffff9c, &(0x7f0000000400), 0x6fc84b579dfed949, 0x0)
close(r5)
socket$inet6_sctp(0xa, 0x5, 0x84)
ioctl$SIOCSIFHWADDR(r5, 0x8914, &(0x7f0000002280)={'syzkaller0\x00', @multicast})
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r6=>0x0})
setsockopt$sock_attach_bpf(r4, 0x107, 0xf, &(0x7f0000000600), 0x56)
sendmsg$kcm(r4, &(0x7f00000000c0)={&(0x7f0000000380)=@xdp={0x2c, 0x0, r6, 0x3e}, 0x80, &(0x7f0000000080)=[{&(0x7f0000000180)="27030200590214000600002fb96dbcf706e10500000086ddffff1144ee163cd4b8bf4a31accb", 0x26}], 0x1}, 0x4)

3.012749636s ago: executing program 0 (id=796):
r0 = getpgrp(0x0)
sched_setaffinity(r0, 0x8, &(0x7f0000000040)=0x5)
prlimit64(0x0, 0xe, &(0x7f0000000100)={0x8, 0x80000100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000300)=0x7)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000000)=0x3)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
r2 = syz_clone(0x8000, 0x0, 0xfffffffffffffe7e, 0x0, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, r2, 0x1, 0x0)
r3 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r3, &(0x7f0000019680)=""/102392, 0x18ff8)
mount$tmpfs(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000400), 0x10000, &(0x7f0000000180)=ANY=[@ANYBLOB='huge=always,mpol=interleave'])
chdir(&(0x7f0000000240)='./file0\x00')
r4 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='cgroup.controllers\x00', 0x275a, 0x0)
write$binfmt_script(r4, &(0x7f0000000240), 0x3af4701e)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28012, r4, 0x0)

2.970989648s ago: executing program 5 (id=797):
mount$9p_unix(&(0x7f0000003680)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', &(0x7f00000014c0)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', &(0x7f0000003640), 0x2000000, 0x0)
getpgrp(0x0)
r0 = gettid()
r1 = syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10)
r2 = socket(0x40000000015, 0x5, 0x0)
connect$inet(r2, &(0x7f0000000040)={0x2, 0x4e20, @loopback}, 0x10)
setsockopt$SO_RDS_TRANSPORT(r2, 0x114, 0x8, &(0x7f00000008c0)=0x2, 0x4)
setsockopt$sock_int(r2, 0x1, 0x8, &(0x7f00006dbffc), 0x4)
bind$inet(r2, &(0x7f0000000340)={0x2, 0x4e20, @loopback}, 0x57)
sendmsg$xdp(r2, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000480)=[{&(0x7f00000006c0)="0000000000aa303e97380e90231bdbdaf6a4bd77eabcd3866226b7cdb7c26858c4e4fd703be2f51ed6ddc4a47116ec2db75c7042a22491af0ffea4174a9d00000c0a498396b28c7d1784d04aa38922721cb781608144284d90a72d7d2e3152d35bd216ed78ffb6e711b889cda0346ce9bca2e6e9e46b15980456c43a659f7c7e3e6e9e16e0de93100734d432ca57c27d3bde66b2791ccc02c85c43e8652f13258bd412174ea931ded39a9830e593761d91c56f637f0e1568ea66a15d9f0eba504ab3eb205fda13d1068e7692f8d00a6527788c134204d9c0d3eda07c2d92d2fb48887b6f71c6de43a923bbcaa9e3ac5bd82ac0ec", 0xf4}, {&(0x7f0000000d00)="0f198d5aa5caa1c55b84b414797cbdd4e8c576a921a070fc828060506683fd1106a961ac55b5b8ea3342ca7de5559ca2c14e05e42aed8ba14b2c78cb540f71a817d80fbf1945a046ebda494a8048a106a4d49d7f214735ada53397db3b203885ce39ee48d69465935eade21ce36e61826c52c82f038341d9bab5687c740ed3c18897094e7e1391eb84a4052e03c0c7c39ae86d454938f65e284620b99481c33d9f5e5b7a6c0d7548723f55b213c76be37f40c850c38e265758ebd8238257a146d6eced16fd658a784c928fea7a841db1a7fd6520442dae5fc0d3a3d3a5f16fcf6fe4f062ecdad7d0f3c6cd339339533c0ef28ad1e2729907094c3de93c1b1b00ad6df89507000000fb7565d3a8e9eaea020ed173c2179fb03e0944460989240a689c7fe795d310be4e7a6b778a903280dbf426b39c3603c49049980767e31edb997f59785184cbd7b9070400000073c745f71db0906cb51780f908fa61634af8ac85d9f04f3dff0a948e81cd3229a59aaeb00995358155343e3239588a0383e4df109d5ca24276d0d83a27d0e9bf681c1bbea12a6f3c20ad50f63430333bb327eb6ae32fe8809065bce26d2dc2fbb2b48d404637d61fd86852e0e1b6ccc6f75b1107aaa5f60ef45f94e953b3f213c3cb4ca4c716565078c666f84e1a99bb4cb5c7190648132f6ff1f6cb79b93f20752753c938da6241607a742361d995188b23cb4b8269e98e822585695962620673433748e476f7cc3e37db88639c525ff3a502c82c283b00aecfe7734ab369e1ed7c75e27a5a333641817baa3ea37844e20e6266c5095abf9d47ca5f8ad93f1a4d8795daec222ada00d65cf91425fae7939ceaa8d94ec1ab5082e1d251c27b3132119b350e81771f3733be232ffb90c03a818bf458aac3314007c3e35d5e4bed6b897608b01e7e26a54433e5f5c74a2ee3c2fc50067be05a677f122b7dba7010830b879a41b579d44158fbc84589ea05761d2d369853bea84dfb8081ed7b891dcb3bb3361534fdc5252e4964aed936ad2838e7af14fc65c7c1c6d44c6256f2462ae83cfd6a6b2651da607fe79d345e5080098e9e6e7482cc5c267e00d8d09dcde70b60fe6220fe953054720185010000f1885ecc2f106b66cd99131523c99f6102ddd7403791b3a7ac59b256cc4c938fe01740ae4f19b5204ca305b1666b0c2a7e5015d6d530995843adfbac395430", 0x35d}], 0x2}, 0x0)
setsockopt$RDS_CONG_MONITOR(r2, 0x114, 0x6, &(0x7f0000000680)=0x1, 0x4)
sendmsg$NL80211_CMD_JOIN_MESH(r2, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000240)=ANY=[], 0x30}}, 0x40)
ioctl$TCSETSF2(0xffffffffffffffff, 0x402c542d, 0x0)
r3 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000080), 0x60081, 0x0)
ioctl$TIOCSETD(r3, 0x5423, &(0x7f0000000000)=0x15)
recvmmsg(0xffffffffffffffff, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r4 = syz_io_uring_setup(0x88f, &(0x7f0000000140)={0x0, 0xaee2, 0x0, 0xfffffffd, 0xb6}, 0x0, &(0x7f0000000280)=<r5=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(0x0, 0x4, &(0x7f0000000040)=0xfffffffc, 0x0, 0x4)
syz_io_uring_submit(0x0, r5, 0x0)
io_uring_enter(r4, 0x47f6, 0x0, 0x4, 0x0, 0x0)
r6 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000000), 0xffffffffffffffff)
sendmsg$ETHTOOL_MSG_LINKMODES_GET(r1, &(0x7f0000000440)={0x0, 0x48000000, &(0x7f0000000400)={&(0x7f0000000080)=ANY=[@ANYBLOB="14000000", @ANYRES16=r6, @ANYBLOB="ad43000000f45400000009"], 0x14}}, 0x0)
r7 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x0, 0x0)
openat$binderfs(0xffffffffffffff9c, &(0x7f0000000200)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r7, 0xc0306201, 0x0)
r8 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000180)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0)
read$FUSE(r8, &(0x7f0000007fc0)={0x2020}, 0x2020)
rt_tgsigqueueinfo(r0, r0, 0x10, &(0x7f00000000c0)={0x3e, 0x8000006, 0x1})

1.71957787s ago: executing program 0 (id=798):
syz_emit_vhci(&(0x7f00000000c0)=ANY=[@ANYBLOB="040282f4322acb7101aaaaaa1e3f66"], 0x12)
fallocate(0xffffffffffffffff, 0x10, 0x0, 0xbc)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000180)={0x8, 0x100}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0)
r0 = syz_open_dev$sndmidi(&(0x7f00000001c0), 0x2, 0x141102)
writev(r0, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
ioctl$SNDRV_SEQ_IOCTL_SET_PORT_INFO(0xffffffffffffffff, 0xc0a85320, 0x0)
clock_adjtime(0x0, &(0x7f0000000380)={0x3ff, 0x3, 0x4100, 0xd, 0x0, 0x3, 0x400000000, 0x800000000006, 0x0, 0x100, 0x3, 0x0, 0x7, 0x0, 0x9f, 0x2, 0x0, 0x0, 0x300000000000, 0x9, 0x8001, 0x3, 0x0, 0x3, 0x0, 0xe})
openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0)
iopl(0x5)
r1 = syz_open_dev$ttys(0xc, 0x2, 0x0)
ioctl$TIOCSETD(r1, 0x5423, &(0x7f0000000080)=0x14)
ioctl$TIOCSETD(r1, 0x5423, &(0x7f0000000000)=0x19)
symlink(&(0x7f0000000100)='\x13\x13w\xc5\xfc5\xd4\x14T\xd5\xd4\x1d)\xad\x1a`)Y\x81F\xe6\xbe\x16nA\xad\r\xbd@T\x03<\x9f3\xbb\xda\x82$\xa2\xf3\xd7r\xe7cnH\xb3<\xbfp\x83r\xe8\xf1\xb9\x93>\xc5\x12wC\xbe\"\x06 \x9e\xf0-\xf9\xcb\xf2\xf6\xe8\x80\xd38//file0\x00', &(0x7f00000002c0)='.\x02\x00')
ptrace(0x10, 0x0)
capset(&(0x7f0000000000)={0x20080522}, &(0x7f0000000280))

1.71913843s ago: executing program 4 (id=799):
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={0x0}, 0x1, 0x0, 0x0, 0x20004015}, 0x2404c8c0)
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x2})
r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000500), 0x40, 0x0)
close(r1)
socket$nl_generic(0x10, 0x3, 0x10)
ioctl$SIOCSIFHWADDR(r1, 0x8914, &(0x7f0000002280)={'syzkaller0\x00', @multicast})
r2 = socket$nl_route(0x10, 0x3, 0x0)
r3 = socket$nl_route(0x10, 0x3, 0x0)
r4 = socket$unix(0x1, 0x1, 0x0)
ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r5=>0x0})
sendmsg$nl_route_sched(r3, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000640)=@newqdisc={0x148, 0x28, 0x4ee4e6a52ff56541, 0x4001, 0xffffbddc, {0x0, 0x0, 0x0, r5, {0x10}, {}, {0xa, 0x1}}, [@qdisc_kind_options=@q_gred={{0x9}, {0x118, 0x2, [@TCA_GRED_STAB={0x104, 0x2, "da773aa0c7167eab596592f5fdf828c7b327872371ef6f7d0813ddeb29360cdd9904950b28eaad765aadb1ed9c374d401fba9186b073000e886e1a38956cb8f4f5a7a2c660a1e6460df3144e83d79ab98d2f5b8d88af2ce45a3960436c4bc12cc409e983040e5b3bbed630b035929813e067435b80e7a8eff6002e3c5086890186c9e26c69fd3f778e00354e288ca82dc6b9d5db22d108721ba3a681211ec7208b1ae3384dc4b289eef03f9e5208047cebc74fab36fc74a10ce5a98c11fef20d53f846a92c875bbdf774bba596cd2ec62ffbcb1854f011b00095f848b992e8ff406536e7acaedf6d12f8d8e4365d6d45b3d55352af22602119dba719274ac4c8"}, @TCA_GRED_DPS={0x10, 0x3, {0x4, 0xb, 0x0, 0x3}}]}}]}, 0x148}, 0x1, 0x0, 0x0, 0x4040098}, 0x4040804)
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r6=>0x0})
r7 = socket$packet(0x11, 0x3, 0x300)
sendto$packet(r7, &(0x7f0000000140)="bad330fbc9b5544972e7a5ea0756", 0xe, 0x40, &(0x7f00000001c0)={0x11, 0x1a, r6, 0x1, 0xd8, 0x6, @random="32b40c6fc44c"}, 0x14)

1.580073748s ago: executing program 5 (id=800):
r0 = syz_usb_connect(0x0, 0x2d, &(0x7f00000012c0)=ANY=[@ANYBLOB="120100001ddf8208c007121522300000000109021b0001000000010904000001faf40d000905820349"], 0x0)
syz_usb_control_io(r0, 0x0, 0x0)
r1 = syz_open_dev$char_usb(0xc, 0xb4, 0x0)
read$char_usb(r1, &(0x7f0000000480)=""/74, 0x4a)
write$char_usb(r1, 0x0, 0x0)
r2 = syz_usb_connect(0x0, 0x3f, &(0x7f00000000c0)=ANY=[], 0x0)
syz_usb_control_io(r2, 0x0, 0x0)
syz_usb_control_io$uac1(r2, 0x0, 0x0)
syz_usb_disconnect(r2)
r3 = syz_open_dev$char_usb(0xc, 0xb4, 0x0)
ioctl$HIDIOCGUSAGE(r3, 0xc0105b08, 0x0)
syz_usb_disconnect(r2)
syz_usb_ep_write$ath9k_ep1(r0, 0x82, 0x0, 0x0)
syz_usb_ep_write$ath9k_ep1(r0, 0x82, 0x0, 0x0)

1.572407949s ago: executing program 2 (id=801):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sendmsg$NFT_BATCH(0xffffffffffffffff, 0x0, 0x60008090)
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000003c0)=ANY=[], 0xc0}}, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$l2tp(&(0x7f0000000300), 0xffffffffffffffff)
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_LIST(r0, &(0x7f0000002300)={0x0, 0x0, &(0x7f00000022c0)={&(0x7f0000002280)={0x28, 0x7, 0x6, 0x5, 0x0, 0x0, {0xa, 0x0, 0x5}, [@IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_FLAGS={0x8, 0x6, 0x1, 0x0, 0x4}]}, 0x28}, 0x1, 0x0, 0x0, 0x20000000}, 0x40000)
openat(0xffffffffffffff9c, 0x0, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000000)=0x7)
r1 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x143102)
writev(r1, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
r2 = socket$inet6(0xa, 0x6, 0x10002)
bind$inet6(r2, &(0x7f00000000c0)={0xa, 0x4e21, 0x0, @empty}, 0x1c)
rseq(&(0x7f0000000400), 0x20, 0x0, 0x0)
syz_emit_vhci(&(0x7f00000000c0)=ANY=[@ANYBLOB="041817aaaaaaaa"], 0x1a)
mkdirat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0)
mount$afs(0x0, &(0x7f00000001c0)='./file0\x00', &(0x7f00000002c0), 0x0, &(0x7f00000011c0)=ANY=[@ANYBLOB='dyn'])
chdir(0x0)
lstat(0x0, 0x0)
chmod(&(0x7f0000000180)='./file0/file0\x00', 0x44)
openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
r3 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r3, 0x0, 0x0)

1.473881375s ago: executing program 4 (id=802):
socket$nl_generic(0x10, 0x3, 0x10)
r0 = socket$inet6_sctp(0xa, 0x5, 0x84)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000240)=0x7)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeea, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
r4 = socket$inet6_sctp(0xa, 0x1, 0x84)
getsockopt$inet_sctp6_SCTP_MAX_BURST(r4, 0x84, 0x83, 0x0, &(0x7f0000000300))
setsockopt$inet_sctp6_SCTP_AUTH_DELETE_KEY(r0, 0x84, 0x19, &(0x7f0000000180)={0x0, 0x7}, 0x8)
syz_emit_ethernet(0x3e, &(0x7f0000000f00)=ANY=[@ANYBLOB="aaaaaaaaaaaaffff"], 0x0)
ioctl$TCGETA(0xffffffffffffffff, 0x5405, 0x0)
io_setup(0x81, 0x0)
unshare(0x22020600)
syz_mount_image$vfat(&(0x7f0000000100), &(0x7f0000000640)='./file0\x00', 0x2000414, &(0x7f0000000dc0)=ANY=[@ANYBLOB="6e6f6e756d7461696c2c6e66732c73686f72746e616d653d6c6f7765722c757466383d312c64656275672c696f636861727365743d757466382c73686f72746e616d653d6d697865642c757466383d312c004845160000000000", @ANYRESDEC=0x0, @ANYBLOB="b58208b37a58446284048f26b79953e521b27c3a5dbc8e7fcd644e2caaa1acc91237f4447b548c7caab7ede0f978d175cd8108db49a660493d3511a7f6d67dba109d4f769a1cddfc97c554c8d7c38ecae48c95955fb02bcd2da02935ab9658f576b9d2526dd40f73035883f2f7d388f9cb004bcef6c90d011afc4849d7d7ee3abdf4dfa36378701a61a8f83187960881d90cf42cae6384fa916f5df9e11d2546c01011f28c9be1a2a5aa2139ef29be6d87c8d93fce5239580e58fe24d4304f196fa0d43d7aeb4dc3da644ba32b1e61734c4211811d81d78f283d637a78b107898d59c7048fa04ea6e0ebe491f42f2f32bd531eeb8e2659d2", @ANYRESDEC, @ANYRES64, @ANYRES64, @ANYRESHEX, @ANYRESHEX], 0x1, 0x2c3, &(0x7f0000000ac0)="$eJzs3cFqE1EUxvFjU5s0pU0EERTUg250M7TxATRIC2JAqY2oC2FqJxoyJmUmVCJisxG3Pkdx6U5QX6AbcePeXREEN12II52ZtJM2bdM2TWL7/0GZO3Pux71N0nISSLLy4N3zUsE1CmZVBhIqAyJ1WRVJr41CJ8LjgD8ekqi6XB35/f38vYePbmdzuclp1anszLWMqo5d/PTi1ftLX6oj9z+MfYzLcvrxyq/Mj+Wh5bMrf2eeFV0tulquVNXU2Uqlas7als4V3ZKhete2TNfSYtm1nKZ6wa7Mz9fULM+NJucdy3XVLNe0ZNW0WtGqU1PzqVksq2EYOpqU422wjTn5pelpM7tt2Yt1dEc4dMOtLjpOtt66mF/qwp4AAECf2bn/D3r97fr/je5wL/3/md37f5Fo/58IF6H/74B609ku/T+OBMfJmsnw77cZ/T8AAAAAAAAAAAAAAAAAAAAAAP+DVc9LeZ6XWjuGl/zzuIgkgreA++c93iYOSfT+9yI/6/d/eL4pdr1H20WHRd64lxCx3y7kF/LBMahnC1IUWywZl5T88R8PoWA8dSs3Oa6+tHy2F8P84kI+JvFGviHdKn/h1ESQ1+b8SUlG189ISk63Xj/TMj8kVy5H8oak5OsTqYgtc/7jeiP/ekL15p3cpvywPw8AAAAAgKPA0HVbnr/7dX9CQrbWg3zk9QHP8xZ3en1g0/PrQTnXzkdUAgAAAACAA3NrL0umbVvOPgZxETlAvPMDzxPp/TZi0h+3RvPghoj0wTa6NUiISHBF9xP/uR5vK+W1MWcw/AaO/rh9dh/0+j8TAAAAgE7baPr3EPr25hB3BAAAAAAAAAAAAAAAAAAAAAAAAAAAAADA8dPu54E15m8pNQo7xCPLxbr+CwIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB95F8AAAD//6loFW8=")
fcntl$lock(0xffffffffffffffff, 0x6, 0x0)
rmdir(&(0x7f0000000200)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00')
newfstatat(0xffffffffffffff9c, &(0x7f0000000300)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', &(0x7f0000000140), 0x2000)

354.666109ms ago: executing program 3 (id=803):
r0 = socket$inet6_sctp(0xa, 0x801, 0x84)
sendto$inet6(r0, &(0x7f00000001c0), 0x0, 0x4000c01, &(0x7f0000000280)={0xa, 0x400, 0xfffffffe, @private2={0xfc, 0x2, '\x00', 0x1}, 0x3}, 0x1c)
shutdown(r0, 0x1)
getsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER(r0, 0x84, 0x7c, &(0x7f00000000c0), &(0x7f0000000180)=0x8)

112.900464ms ago: executing program 3 (id=804):
r0 = socket$inet_sctp(0x2, 0x1, 0x84)
setsockopt$sock_int(r0, 0x1, 0xf, &(0x7f0000000140)=0x8, 0x4)
setsockopt$inet_sctp_SCTP_SOCKOPT_BINDX_ADD(r0, 0x84, 0x64, &(0x7f0000000180)=[@in={0x2, 0xce21, @dev={0xac, 0x14, 0x14, 0x1c}}], 0x10)
bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0xa, 0x4, &(0x7f0000000000)=@framed={{}, [@ldst={0x3, 0x0, 0x3, 0x1, 0x0, 0x10}]}, &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r1 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000300)=ANY=[@ANYRES8=r1, @ANYRES32, @ANYRESHEX=r0, @ANYRES32, @ANYBLOB="000000000000000000000000000000000000000000000000000000007d863d69590549faafb6fdf0e8ae5f94f93de358014e8e1f4013dae31198b6e51e540a5853f359e75b223fd54249b16ba5ac4d4b67ebced194175b791395f3704e2bb32a9bfa5aeed1f9d0faba8e9dfa87712e8dcb957b3a0e3f4acebdcc29c79ac41d80fb919c56787e265d8ad036ad419887f3a5471d53bc3e87f7b33973b70911f7f01cd3d154d888500679c1203ffb542e75d192290c9a8b2b7c57d9446311697a0ab61066c1ce6386fa2fb29f4e4910fb3abb49b8a8b0f8e5d3a1726ec49bcea2afd64d45d19299174f83f4f23a43"], 0x48)
r3 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$sock_int(r3, 0x1, 0xf, 0x0, 0x0)
bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000440)={r2, &(0x7f0000000240), &(0x7f0000000080)=@tcp=r3}, 0x20)
setsockopt$MRT6_ADD_MFC(0xffffffffffffffff, 0x29, 0x22, &(0x7f0000000080)={{0xa, 0x0, 0x101, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02', 0x2}, {0xa, 0x4e22, 0x0, @dev={0xfe, 0x80, '\x00', 0x4}}, 0x0, {[0x2cb6, 0x0, 0x0, 0x0, 0x0, 0x8, 0x80000000]}}, 0x5c)
bpf$MAP_DELETE_ELEM(0x3, &(0x7f0000000900)={r2, &(0x7f0000000540)="c279a3fc9c31efb78410a0b7a0c142f1ff66dbfdcd684e1da60c98760ae0c6c1084fba69a1436890bc81ba2eda86b185b2e50ff29117f945a5629c88a4215b92d4b495c49c2d7dccf6b6524991210400000000000000e4380e4df2d937f9ce816dd94d4f5a78e6ec21ca1311906392271f"}, 0x20)
r4 = socket(0xa, 0x3, 0x3a)
r5 = socket$qrtr(0x2a, 0x2, 0x0)
ioctl$sock_inet_SIOCSIFPFLAGS(0xffffffffffffffff, 0x8934, &(0x7f0000000040)={'virt_wifi0\x00'})
ioctl(r5, 0x8b2c, &(0x7f0000000040))
bind$alg(r4, &(0x7f0000000240)={0x26, 'aead\x00', 0x0, 0x0, 'ccm_base(lrw-twofish-3way,sha384-generic)\x00'}, 0x58)
socketpair$unix(0x1, 0x1, 0x0, 0x0)
r6 = syz_init_net_socket$ax25(0x3, 0x5, 0x0)
bind$ax25(r6, &(0x7f0000000100)={{0x3, @default, 0x1}, [@bcast, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x1}, @bcast, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @bcast, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x1}, @null]}, 0x48)
r7 = socket$inet_mptcp(0x2, 0x1, 0x106)
ioctl$sock_SIOCETHTOOL(r7, 0x89f1, &(0x7f00000002c0)={'ip6_vti0\x00', &(0x7f0000000200)=@ethtool_rxfh_indir={0x39, 0x4, [0x34, 0x7, 0x2, 0xff]}})
openat$rfkill(0xffffffffffffff9c, &(0x7f00000000c0), 0x200, 0x0)
setsockopt$ax25_SO_BINDTODEVICE(r6, 0x101, 0x19, &(0x7f0000000240)=@bpq0, 0x10)
ioctl$sock_netrom_SIOCADDRT(0xffffffffffffffff, 0x890b, &(0x7f0000000000)={0x0, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x1}, @bpq0, 0x1, 'syz1\x00', @default, 0x1, 0x0, [@null, @default, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @bcast, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x3}, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x2}, @default]})
setsockopt$ax25_SO_BINDTODEVICE(0xffffffffffffffff, 0x101, 0x19, &(0x7f0000000000)=@bpq0, 0xfffffffffffffe1d)
ioctl$sock_netdev_private(r1, 0x8914, &(0x7f0000000000))

99.127994ms ago: executing program 2 (id=805):
syz_mount_image$reiserfs(&(0x7f0000000000), &(0x7f00000000c0)='./file1\x00', 0x8488, &(0x7f00000001c0), 0x1, 0x10fd, &(0x7f0000001140)="$eJzs2T9rFEEYBvBnds8/3cqmXwQtLCQknF8ghcK1ttqIpDJVrlL8OH4cTWUf0msRsF9Zb/dO5UTwTm1+PzjmvYd9Z2fKmQ0AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMZsmnkhxUSTtlVZKSdN3F4ipJN+V33tdVSp6eLpaPz+dPlknqb4+XZ0kZuoa2tMf3brfzdt4et48OTu5/WL5+8+rF2dnp+ThNSZfL6/1vpYzrAQAAAH7U76z5z+8HAAAAfmdvFwkAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAf6hvNnU7FVWSknTdxeIqSbel78Y/Wh8AAACwu5Iqz5tt+eoaYONhPjZlnQ/jlzLUR3m3pR8AAAD4pf7WWHz/fb3c3JzHH2S2PpcP2d3Mcni4+j8O+XyS1EmOfpr88vrty+lX+vpv7wUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgK/swLEAAAAAgDB/6zQ6NgAAAAAAAAAAAAAAAAAAAPYKAAD///F61s8=")
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='cpuacct.usage_percpu\x00', 0x275a, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x102}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
syz_open_procfs(0xffffffffffffffff, 0x0)
ioctl$LOOP_GET_STATUS64(0xffffffffffffffff, 0x4c05, &(0x7f00000007c0))
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$ipvs(&(0x7f0000000040), 0xffffffffffffffff)
sendmsg$IPVS_CMD_ZERO(r3, 0x0, 0x0)
ftruncate(r0, 0x2000009)
syz_mount_image$vfat(&(0x7f00000002c0), &(0x7f0000000280)='./bus\x00', 0x810408, 0x0, 0x0, 0x0, &(0x7f00000007c0))
write$P9_ROPEN(r0, &(0x7f0000000100)={0x18, 0x71, 0x2, {{0x80, 0x4, 0x3}, 0x3}}, 0x18)

0s ago: executing program 4 (id=806):
bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x1f, 0xc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x12, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200), 0x28100, 0x0)
setsockopt$inet_mreqn(0xffffffffffffffff, 0x0, 0x0, &(0x7f0000000000)={@multicast1, @local}, 0xc)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000040)={0x0, 0x44}}, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
ioctl$KVM_NMI(r2, 0xae9a)
ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000440)={[0x0, 0x100000000, 0x0, 0x7f, 0x100000, 0x0, 0x2004c8, 0x10008000000, 0x4, 0x7649, 0x1, 0x0, 0x5, 0x0, 0x2, 0xffffffffffffffff], 0x0, 0x200})
openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040), 0x102, 0x0)
ioctl$KVM_RUN(r2, 0xae80, 0x0)
ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000002c0)={[0x4, 0x5, 0x6, 0x4004, 0x2, 0x4, 0xefffffffffffffff, 0x0, 0x0, 0x2000000, 0x0, 0x1c, 0x0, 0xffffffffffffffff, 0x6], 0x0, 0x41901})
ioctl$KVM_RUN(r2, 0xae80, 0x0)

kernel console output (not intermixed with test programs):

 76.258945][    T0] NOHZ tick-stop error: Non-RCU local softirq work is pending, handler #0a!!!
[   76.268037][    T0] NOHZ tick-stop error: Non-RCU local softirq work is pending, handler #0a!!!
[   76.277361][    T0] NOHZ tick-stop error: Non-RCU local softirq work is pending, handler #0a!!!
[   76.331730][  T154] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   76.434306][  T154] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   76.552894][ T1240] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready
[   76.824255][ T4325] genirq: Flags mismatch irq 4. 00000000 (pcl812) vs. 00000000 (ttyS0)
[   79.159871][ T4329] loop2: detected capacity change from 0 to 128
[   79.297836][ T4329] EXT4-fs (loop2): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none.
[   79.340086][ T4335] loop4: detected capacity change from 0 to 128
[   79.361371][ T4329] ext4 filesystem being mounted at /2/mnt supports timestamps until 2038-01-19 (0x7fffffff)
[   80.065292][ T4337] loop0: detected capacity change from 0 to 4096
[   80.517385][ T4335] attempt to access beyond end of device
[   80.517385][ T4335] loop4: rw=2049, want=140, limit=128
[   80.712456][ T4329] bridge0: the hash_elasticity option has been deprecated and is always 16
[   80.717021][ T4335] attempt to access beyond end of device
[   80.717021][ T4335] loop4: rw=0, want=140, limit=128
[   80.734823][ T4329] bridge0: port 2(bridge_slave_1) entered disabled state
[   80.743018][ T4329] bridge0: port 1(bridge_slave_0) entered disabled state
[   81.467897][ T4333] attempt to access beyond end of device
[   81.467897][ T4333] loop4: rw=0, want=140, limit=128
[   81.481687][ T4337] UDF-fs: warning (device loop0): udf_load_vrs: No anchor found
[   81.511399][ T4337] UDF-fs: Scanning with blocksize 512 failed
[   81.521389][ T4333] Buffer I/O error on dev loop4, logical block 69, async page read
[   81.532850][ T4333] attempt to access beyond end of device
[   81.532850][ T4333] loop4: rw=0, want=140, limit=128
[   81.547696][ T4337] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000)
[   81.675519][ T4344] netlink: 24 bytes leftover after parsing attributes in process `syz.3.10'.
[   81.687372][ T4337] UDF-fs: error (device loop0): udf_fiiter_advance_blk: extent after position 0 not allocated in directory (ino 1328)
[   81.728961][ T4333] Buffer I/O error on dev loop4, logical block 69, async page read
[   81.755366][ T4337] UDF-fs: error (device loop0): udf_verify_fi: directory (ino 1328) has too big (2088) entry at pos 0
[   81.853627][ T4333] attempt to access beyond end of device
[   81.853627][ T4333] loop4: rw=0, want=140, limit=128
[   81.865856][ T4333] Buffer I/O error on dev loop4, logical block 69, async page read
[   81.874053][ T4333] attempt to access beyond end of device
[   81.874053][ T4333] loop4: rw=0, want=140, limit=128
[   81.965362][ T4333] Buffer I/O error on dev loop4, logical block 69, async page read
[   81.979017][ T4335] attempt to access beyond end of device
[   81.979017][ T4335] loop4: rw=0, want=140, limit=128
[   82.105539][ T4335] Buffer I/O error on dev loop4, logical block 69, async page read
[   82.163369][ T4363] netlink: 'syz.0.14': attribute type 1 has an invalid length.
[   82.176156][ T4335] attempt to access beyond end of device
[   82.176156][ T4335] loop4: rw=0, want=140, limit=128
[   82.248334][ T4335] Buffer I/O error on dev loop4, logical block 69, async page read
[   82.303991][ T4335] attempt to access beyond end of device
[   82.303991][ T4335] loop4: rw=0, want=140, limit=128
[   82.356876][ T4335] Buffer I/O error on dev loop4, logical block 69, async page read
[   82.411836][ T4364] attempt to access beyond end of device
[   82.411836][ T4364] loop4: rw=0, want=140, limit=128
[   82.479952][ T1110] usb 4-1: new low-speed USB device number 2 using dummy_hcd
[   82.537034][ T4364] Buffer I/O error on dev loop4, logical block 69, async page read
[   82.622687][ T4371] device macvlan2 entered promiscuous mode
[   82.840185][ T4381] hub 8-0:1.0: USB hub found
[   82.845749][ T4381] hub 8-0:1.0: 1 port detected
[   83.835929][ T1110] usb 4-1: device descriptor read/all, error -71
[   83.879258][ T4391] loop0: detected capacity change from 0 to 512
[   84.334121][ T4391] EXT4-fs (loop0): Ignoring removed orlov option
[   84.871240][ T4389] bridge0: port 1(bridge_slave_0) entered disabled state
[   84.927526][ T4391] EXT4-fs error (device loop0): ext4_validate_block_bitmap:438: comm syz.0.16: bg 0: block 417: padding at end of block bitmap is not set
[   85.019127][ T4391] EXT4-fs (loop0): Remounting filesystem read-only
[   85.079416][ T4391] EXT4-fs (loop0): 1 truncate cleaned up
[   85.106506][ T4391] EXT4-fs (loop0): mounted filesystem without journal. Opts: bsdgroups,noinit_itable,debug_want_extra_isize=0x000000000000005c,noauto_da_alloc,orlov,init_itable=0x0000000000000007,max_batch_time=0x000000000000006e,errors=remount-ro,auto_da_alloc,. Quota mode: none.
[   85.178697][ T4396] netlink: 8 bytes leftover after parsing attributes in process `syz.3.21'.
[   85.353512][ T4391] EXT4-fs error (device loop0): ext4_lookup:1862: inode #2: comm syz.0.16: deleted inode referenced: 15
[   85.555458][ T1108] usb 5-1: new high-speed USB device number 2 using dummy_hcd
[   85.681820][ T4391] EXT4-fs (loop0): Remounting filesystem read-only
[   85.835313][ T1108] usb 5-1: Using ep0 maxpacket: 16
[   85.877792][ T1108] usb 5-1: too many configurations: 199, using maximum allowed: 8
[   86.178184][ T1108] usb 5-1: unable to read config index 0 descriptor/start: -61
[   86.187931][ T1108] usb 5-1: can't read configurations, error -61
[   87.003622][ T1348] cfg80211: failed to load regulatory.db
[   88.319104][ T1108] usb 5-1: new high-speed USB device number 3 using dummy_hcd
[   88.488556][ T4393] IPv6: ADDRCONF(NETDEV_CHANGE): bpq0: link becomes ready
[   89.527230][ T4419] nf_conntrack: default automatic helper assignment has been turned off for security reasons and CT-based firewall rule not found. Use the iptables CT target to attach helpers instead.
[   89.795443][ T1108] usb 3-1: new high-speed USB device number 2 using dummy_hcd
[   90.185466][ T1108] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x3 has an invalid bInterval 0, changing to 7
[   90.215859][ T1108] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x3 has invalid wMaxPacketSize 0
[   90.260676][ T1108] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x8A has an invalid bInterval 0, changing to 7
[   90.278041][ T1108] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x8A has invalid wMaxPacketSize 0
[   94.649333][ T4268] Bluetooth: hci5: command 0x1003 tx timeout
[   94.736023][ T1108] usb 3-1: New USB device found, idVendor=0a07, idProduct=00d0, bcdDevice=10.13
[   94.767541][ T1108] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[   94.807913][ T1108] usb 3-1: config 0 descriptor??
[   94.814662][ T4447] netlink: 28 bytes leftover after parsing attributes in process `syz.1.37'.
[   94.828908][ T4447] netlink: 28 bytes leftover after parsing attributes in process `syz.1.37'.
[   94.838247][ T1108] usb 3-1: can't set config #0, error -71
[   94.897871][ T1108] usb 3-1: USB disconnect, device number 2
[   95.151981][ T4453] L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/l1tf.html for details.
[   95.180961][ T4447] device team0 entered promiscuous mode
[   95.193779][ T4447] device team_slave_0 entered promiscuous mode
[   95.216022][ T4447] device team_slave_1 entered promiscuous mode
[   95.238761][ T4447] device bond0 entered promiscuous mode
[   95.245013][ T4447] device bond_slave_0 entered promiscuous mode
[   95.279064][ T4447] device bond_slave_1 entered promiscuous mode
[   95.319301][ T4447] 8021q: adding VLAN 0 to HW filter on device hsr1
[   95.336761][ T1274] IPv6: ADDRCONF(NETDEV_CHANGE): hsr1: link becomes ready
[   97.408634][ T4238] Bluetooth: hci5: command 0x1001 tx timeout
[   97.414775][ T4198] Bluetooth: hci5: sending frame failed (-49)
[   97.475253][ T4307] usb 2-1: new high-speed USB device number 2 using dummy_hcd
[  100.101945][ T4307] usb 2-1: device not accepting address 2, error -71
[  100.102601][ T4238] Bluetooth: hci4: command 0x0405 tx timeout
[  100.115335][ T4238] Bluetooth: hci5: command 0x1009 tx timeout
[  100.278335][ T4475] KVM: KVM_SET_CPUID{,2} after KVM_RUN may cause guest instability
[  100.321297][ T4475] KVM: KVM_SET_CPUID{,2} will fail after KVM_RUN starting with Linux 5.16
[  100.358479][ T4473] KVM: KVM_SET_CPUID{,2} after KVM_RUN may cause guest instability
[  100.397309][ T4473] KVM: KVM_SET_CPUID{,2} will fail after KVM_RUN starting with Linux 5.16
[  101.673093][ T4485] netlink: 104 bytes leftover after parsing attributes in process `syz.0.47'.
[  101.787091][ T4489] device syzkaller0 entered promiscuous mode
[  103.622155][ T4493] loop4: detected capacity change from 0 to 8192
[  103.719593][ T4493] =======================================================
[  103.719593][ T4493] WARNING: The mand mount option has been deprecated and
[  103.719593][ T4493]          and is ignored by this kernel. Remove the mand
[  103.719593][ T4493]          option from the mount to silence this warning.
[  103.719593][ T4493] =======================================================
[  104.093418][ T4508] loop3: detected capacity change from 0 to 8
[  108.343466][   T26] audit: type=1326 audit(1771039413.824:3): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4528 comm="syz.3.58" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f2d8f5f5f79 code=0x0
[  108.526041][ T4536] netlink: 12 bytes leftover after parsing attributes in process `syz.2.69'.
[  110.979608][ T4544] netlink: 12 bytes leftover after parsing attributes in process `syz.0.73'.
[  116.242889][ T4585] genirq: Flags mismatch irq 4. 00000000 (pcl812) vs. 00000000 (ttyS0)
[  116.556761][ T4588] loop1: detected capacity change from 0 to 16
[  116.702298][ T4588] erofs: (device loop1): mounted with root inode @ nid 36.
[  116.774613][ T4588] attempt to access beyond end of device
[  116.774613][ T4588] loop1: rw=524288, want=32, limit=16
[  116.842979][ T4588] erofs: (device loop1): z_erofs_readahead: readahead error at page 7 @ nid 89
[  116.855896][ T4592] tipc: Started in network mode
[  116.892866][ T4588] erofs: (device loop1): z_erofs_readahead: readahead error at page 5 @ nid 89
[  116.894312][ T4592] tipc: Node identity b2891b039d05, cluster identity 4711
[  116.925248][ T4588] erofs: (device loop1): z_erofs_readahead: readahead error at page 4 @ nid 89
[  116.937399][ T4592] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  116.965440][ T4593] device syzkaller0 entered promiscuous mode
[  116.971878][ T4588] attempt to access beyond end of device
[  116.971878][ T4588] loop1: rw=524288, want=56, limit=16
[  117.044449][ T4592] tipc: Resetting bearer <eth:syzkaller0>
[  117.063896][ T4588] erofs: (device loop1): z_erofs_lz4_decompress: failed to decompress -26 in[46, 4050] out[8192]
[  117.124853][ T4579] loop0: detected capacity change from 0 to 32768
[  117.132885][ T4590] tipc: Resetting bearer <eth:syzkaller0>
[  117.157286][   T26] audit: type=1800 audit(1771039422.644:4): pid=4588 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.1.76" name="file2" dev="loop1" ino=89 res=0 errno=0
[  117.201837][ T4590] tipc: Disabling bearer <eth:syzkaller0>
[  117.240486][ T4579] BTRFS: device fsid ed167579-eb65-4e76-9a50-61ac97e9b59d devid 1 transid 8 /dev/loop0 scanned by syz.0.68 (4579)
[  117.351971][ T4579] BTRFS info (device loop0): using sha256 (sha256-avx2) checksum algorithm
[  117.402516][ T4579] BTRFS info (device loop0): enabling auto defrag
[  117.453255][ T4579] BTRFS info (device loop0): use no compression
[  117.483959][ T4579] BTRFS info (device loop0): max_inline at 4096
[  117.512281][ T4579] BTRFS info (device loop0): using free space tree
[  117.519250][ T4579] BTRFS info (device loop0): has skinny extents
[  117.836427][ T4591] erofs: (device loop1): z_erofs_lz4_decompress: failed to decompress -26 in[46, 4050] out[8192]
[  117.925214][   T26] audit: type=1800 audit(1771039423.404:5): pid=4591 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.1.76" name="file2" dev="loop1" ino=89 res=0 errno=0
[  117.979283][ T4611] syz.1.76 (4611): /proc/4586/oom_adj is deprecated, please use /proc/4586/oom_score_adj instead.
[  118.002067][ T4579] BTRFS info (device loop0): enabling ssd optimizations
[  120.185133][    C0] sched: RT throttling activated
[  120.241117][ T4638] loop3: detected capacity change from 0 to 4096
[  120.348163][ T4638] UDF-fs: warning (device loop3): udf_load_vrs: No anchor found
[  120.524509][ T4638] UDF-fs: Scanning with blocksize 512 failed
[  120.915038][ T4638] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000)
[  121.263509][ T4638] UDF-fs: error (device loop3): udf_fiiter_advance_blk: extent after position 0 not allocated in directory (ino 1328)
[  121.417855][ T4638] UDF-fs: error (device loop3): udf_verify_fi: directory (ino 1328) has too big (2088) entry at pos 0
[  121.580647][   T26] audit: type=1326 audit(1771039427.064:6): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4648 comm="syz.4.86" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fee791e5f79 code=0x0
[  122.558994][ T4660] tipc: Started in network mode
[  122.563934][ T4660] tipc: Node identity 369535f411d6, cluster identity 4711
[  122.650244][ T4660] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  122.677472][ T4660] device syzkaller0 entered promiscuous mode
[  123.773180][ T4659] tipc: Resetting bearer <eth:syzkaller0>
[  123.837849][ T4659] tipc: Disabling bearer <eth:syzkaller0>
[  123.933939][ T4658] tipc: Node number set to 658716148
[  123.972592][ T4686] loop3: detected capacity change from 0 to 16
[  124.170942][ T4686] erofs: (device loop3): mounted with root inode @ nid 36.
[  124.513624][ T4686] attempt to access beyond end of device
[  124.513624][ T4686] loop3: rw=524288, want=32, limit=16
[  124.780460][ T4686] erofs: (device loop3): z_erofs_readahead: readahead error at page 7 @ nid 89
[  124.850508][ T4686] erofs: (device loop3): z_erofs_readahead: readahead error at page 5 @ nid 89
[  124.935533][ T4686] erofs: (device loop3): z_erofs_readahead: readahead error at page 4 @ nid 89
[  124.945453][ T4686] attempt to access beyond end of device
[  124.945453][ T4686] loop3: rw=524288, want=56, limit=16
[  125.187822][ T4704] hub 8-0:1.0: USB hub found
[  125.192702][ T4704] hub 8-0:1.0: 1 port detected
[  125.206870][ T4686] erofs: (device loop3): z_erofs_lz4_decompress: failed to decompress -26 in[46, 4050] out[8192]
[  126.035238][   T26] audit: type=1800 audit(1771039430.714:7): pid=4686 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.3.91" name="file2" dev="loop3" ino=89 res=0 errno=0
[  126.150599][ T4707] loop1: detected capacity change from 0 to 512
[  126.437170][ T4707] EXT4-fs (loop1): Ignoring removed orlov option
[  126.574785][ T4707] EXT4-fs error (device loop1): ext4_validate_block_bitmap:438: comm syz.1.96: bg 0: block 417: padding at end of block bitmap is not set
[  126.975930][ T4707] EXT4-fs (loop1): Remounting filesystem read-only
[  127.291881][ T4707] EXT4-fs (loop1): 1 truncate cleaned up
[  127.325354][ T4707] EXT4-fs (loop1): mounted filesystem without journal. Opts: bsdgroups,noinit_itable,debug_want_extra_isize=0x000000000000005c,noauto_da_alloc,orlov,init_itable=0x0000000000000007,max_batch_time=0x000000000000006e,errors=remount-ro,auto_da_alloc,. Quota mode: none.
[  127.613504][ T4707] EXT4-fs error (device loop1): ext4_lookup:1862: inode #2: comm syz.1.96: deleted inode referenced: 15
[  127.641133][ T4707] EXT4-fs (loop1): Remounting filesystem read-only
[  127.863123][ T4725] loop3: detected capacity change from 0 to 8192
[  127.912286][ T4725] REISERFS (device loop3): found reiserfs format "3.5" with non-standard journal
[  127.930002][ T4725] REISERFS (device loop3): using ordered data mode
[  127.938408][ T4725] reiserfs: using flush barriers
[  127.949224][ T4725] REISERFS (device loop3): journal params: device loop3, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30
[  127.966401][ T4725] REISERFS (device loop3): checking transaction log (loop3)
[  127.988126][ T4725] REISERFS (device loop3): Using r5 hash to sort names
[  127.999948][ T4725] REISERFS (device loop3): Created .reiserfs_priv - reserved for xattr storage.
[  128.056608][ T4733] loop1: detected capacity change from 0 to 4096
[  130.412233][ T4744] REISERFS warning: reiserfs-5093 is_leaf: item entry count seems wrong *3.5*[2 3 0(1) DIR], item_len 35, item_location 3257, free_space(entry_count) 2
[  130.427971][ T4744] REISERFS error (device loop3): vs-5150 search_by_key: invalid format found in block 540. Fsck?
[  130.438712][ T4744] REISERFS (device loop3): Remounting filesystem read-only
[  130.446095][ T4744] REISERFS error (device loop3): vs-13050 reiserfs_update_sd_size: i/o failure occurred trying to update [2 3 0x0 SD] stat data
[  130.836251][ T4733] UDF-fs: warning (device loop1): udf_load_vrs: No anchor found
[  130.843916][ T4733] UDF-fs: Scanning with blocksize 512 failed
[  130.916100][ T4733] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000)
[  130.981073][ T4733] UDF-fs: error (device loop1): udf_fiiter_advance_blk: extent after position 0 not allocated in directory (ino 1328)
[  131.007187][ T4733] UDF-fs: error (device loop1): udf_verify_fi: directory (ino 1328) has too big (2088) entry at pos 0
[  131.155347][ T4193] usb 5-1: new high-speed USB device number 4 using dummy_hcd
[  131.169571][ T4753] loop0: detected capacity change from 0 to 128
[  131.249578][ T4753] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none.
[  131.249796][ T4755] tipc: Started in network mode
[  131.269103][ T4753] ext4 filesystem being mounted at /20/mnt supports timestamps until 2038-01-19 (0x7fffffff)
[  131.304216][ T4755] tipc: Node identity 3a521962fc97, cluster identity 4711
[  131.312873][ T4755] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  131.405331][ T4193] usb 5-1: Using ep0 maxpacket: 32
[  131.462494][ T4755] device syzkaller0 entered promiscuous mode
[  131.525787][ T4193] usb 5-1: config 0 has an invalid interface number: 188 but max is 0
[  131.548111][ T4193] usb 5-1: config 0 has no interface number 0
[  131.554884][ T4193] usb 5-1: config 0 interface 188 altsetting 0 bulk endpoint 0x82 has invalid maxpacket 32
[  131.724805][ T4755] tipc: Resetting bearer <eth:syzkaller0>
[  131.795462][ T4193] usb 5-1: New USB device found, idVendor=17ef, idProduct=7203, bcdDevice=2e.36
[  131.814906][ T4193] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  131.816827][ T4754] tipc: Resetting bearer <eth:syzkaller0>
[  131.846439][ T4193] usb 5-1: Product: syz
[  131.850661][ T4193] usb 5-1: Manufacturer: syz
[  131.874719][ T4193] usb 5-1: SerialNumber: syz
[  131.882599][ T4193] usb 5-1: config 0 descriptor??
[  132.067884][ T4747] raw-gadget.0 gadget: fail, usb_ep_enable returned -22
[  132.098516][ T4754] tipc: Disabling bearer <eth:syzkaller0>
[  132.108278][ T4753] bridge0: the hash_elasticity option has been deprecated and is always 16
[  132.118796][ T4753] bridge0: port 2(bridge_slave_1) entered disabled state
[  132.126351][ T4753] bridge0: port 1(bridge_slave_0) entered disabled state
[  132.395681][ T4747] raw-gadget.0 gadget: fail, usb_ep_enable returned -22
[  132.715771][ T1424] ieee802154 phy0 wpan0: encryption failed: -22
[  132.722232][ T1424] ieee802154 phy1 wpan1: encryption failed: -22
[  133.441789][ T4787] netlink: 'syz.2.121': attribute type 1 has an invalid length.
[  133.609604][ T4787] device bond1 entered promiscuous mode
[  133.647757][ T4787] 8021q: adding VLAN 0 to HW filter on device bond1
[  133.720596][ T4789] bond1: (slave bridge1): making interface the new active one
[  133.796600][ T4789] device bridge1 entered promiscuous mode
[  133.861358][ T4789] bond1: (slave bridge1): Enslaving as an active interface with an up link
[  134.354743][ T4794] bond1: (slave gretap1): Enslaving as a backup interface with an up link
[  134.515873][ T4798] loop0: detected capacity change from 0 to 8192
[  134.553749][ T4287] IPv6: ADDRCONF(NETDEV_CHANGE): bond1: link becomes ready
[  134.739167][ T4798] REISERFS (device loop0): found reiserfs format "3.5" with non-standard journal
[  134.841254][ T4798] REISERFS (device loop0): using ordered data mode
[  134.852359][ T4787] device macvlan2 entered promiscuous mode
[  134.866872][ T4787] 8021q: adding VLAN 0 to HW filter on device macvlan2
[  134.906580][ T4798] reiserfs: using flush barriers
[  134.972284][ T4798] REISERFS (device loop0): journal params: device loop0, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30
[  135.015379][ T4193] asix 5-1:0.188 (unnamed net_device) (uninitialized): Failed to write reg index 0x0000: -71
[  135.231372][ T4798] REISERFS (device loop0): checking transaction log (loop0)
[  135.372707][ T4798] REISERFS (device loop0): Using r5 hash to sort names
[  135.492392][ T4798] REISERFS (device loop0): Created .reiserfs_priv - reserved for xattr storage.
[  135.676971][ T4193] asix 5-1:0.188 (unnamed net_device) (uninitialized): Failed to send software reset: ffffffb9
[  135.688373][ T4193] asix: probe of 5-1:0.188 failed with error -71
[  135.706486][ T4193] usb 5-1: USB disconnect, device number 4
[  135.978483][ T4818] loop3: detected capacity change from 0 to 128
[  136.341686][ T4821] bridge0: port 1(bridge_slave_0) entered disabled state
[  137.336897][ T4818] EXT4-fs (loop3): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none.
[  137.362155][ T4818] ext4 filesystem being mounted at /27/mnt supports timestamps until 2038-01-19 (0x7fffffff)
[  139.255258][ T4818] bridge0: the hash_elasticity option has been deprecated and is always 16
[  139.265903][ T4818] bridge0: port 2(bridge_slave_1) entered disabled state
[  139.273311][ T4818] bridge0: port 1(bridge_slave_0) entered disabled state
[  139.326527][ T4848] netlink: 'syz.4.143': attribute type 1 has an invalid length.
[  139.470845][ T4848] device bond1 entered promiscuous mode
[  139.505468][ T4848] 8021q: adding VLAN 0 to HW filter on device bond1
[  140.282437][ T4854] bond1: (slave bridge1): making interface the new active one
[  140.290209][ T4854] device bridge1 entered promiscuous mode
[  140.297225][ T4854] bond1: (slave bridge1): Enslaving as an active interface with an up link
[  140.306087][ T4802] IPv6: ADDRCONF(NETDEV_CHANGE): bond1: link becomes ready
[  140.397283][ T4848] bond1: (slave gretap1): Enslaving as a backup interface with an up link
[  140.463457][ T4848] device macvlan2 entered promiscuous mode
[  140.528765][ T4848] 8021q: adding VLAN 0 to HW filter on device macvlan2
[  140.568157][ T4861] loop0: detected capacity change from 0 to 8192
[  140.626772][ T4861] REISERFS (device loop0): found reiserfs format "3.5" with non-standard journal
[  140.670447][ T4861] REISERFS (device loop0): using ordered data mode
[  140.700388][ T4861] reiserfs: using flush barriers
[  140.730981][ T4865] netlink: 8 bytes leftover after parsing attributes in process `syz.2.149'.
[  140.743729][ T4861] REISERFS (device loop0): journal params: device loop0, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30
[  140.760564][ T4861] REISERFS (device loop0): checking transaction log (loop0)
[  140.785174][ T4861] REISERFS (device loop0): Using r5 hash to sort names
[  141.019307][ T4861] REISERFS (device loop0): Created .reiserfs_priv - reserved for xattr storage.
[  141.046037][ T4865] IPv6: ADDRCONF(NETDEV_CHANGE): gre1: link becomes ready
[  142.336445][ T4890] nf_conntrack: default automatic helper assignment has been turned off for security reasons and CT-based firewall rule not found. Use the iptables CT target to attach helpers instead.
[  142.502964][ T4885] loop3: detected capacity change from 0 to 8192
[  142.671640][ T4885] REISERFS (device loop3): found reiserfs format "3.5" with non-standard journal
[  142.800624][ T4885] REISERFS (device loop3): using ordered data mode
[  142.911011][ T4885] reiserfs: using flush barriers
[  143.050455][ T4885] REISERFS (device loop3): journal params: device loop3, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30
[  146.176972][ T4885] REISERFS (device loop3): checking transaction log (loop3)
[  146.314775][ T4885] REISERFS (device loop3): Using r5 hash to sort names
[  146.375550][ T4885] REISERFS (device loop3): Created .reiserfs_priv - reserved for xattr storage.
[  146.679747][ T4908] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  146.719365][ T4908] device syzkaller0 entered promiscuous mode
[  146.939921][ T4911] tipc: Resetting bearer <eth:syzkaller0>
[  147.753791][ T4904] loop4: detected capacity change from 0 to 8192
[  147.824305][ T4907] tipc: Resetting bearer <eth:syzkaller0>
[  147.892796][ T4904] REISERFS (device loop4): found reiserfs format "3.5" with non-standard journal
[  147.903593][ T4904] REISERFS (device loop4): using ordered data mode
[  147.910558][ T4904] reiserfs: using flush barriers
[  147.933049][ T4904] REISERFS (device loop4): journal params: device loop4, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30
[  147.959278][ T4904] REISERFS (device loop4): checking transaction log (loop4)
[  147.973566][ T4904] REISERFS (device loop4): Using r5 hash to sort names
[  147.983182][ T4904] REISERFS (device loop4): Created .reiserfs_priv - reserved for xattr storage.
[  148.789712][ T4907] tipc: Disabling bearer <eth:syzkaller0>
[  148.838318][ T4924] netlink: 8 bytes leftover after parsing attributes in process `syz.0.167'.
[  148.857039][ T4924] IPv6: ADDRCONF(NETDEV_CHANGE): gre1: link becomes ready
[  149.787329][ T4947] nf_conntrack: default automatic helper assignment has been turned off for security reasons and CT-based firewall rule not found. Use the iptables CT target to attach helpers instead.
[  149.970614][ T4937] loop3: detected capacity change from 0 to 8192
[  150.773478][ T4937] REISERFS (device loop3): found reiserfs format "3.5" with non-standard journal
[  150.804022][ T4937] REISERFS (device loop3): using ordered data mode
[  150.857071][ T4937] reiserfs: using flush barriers
[  150.937477][ T4937] REISERFS (device loop3): journal params: device loop3, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30
[  150.976305][ T4937] REISERFS (device loop3): checking transaction log (loop3)
[  151.172126][ T4963] loop1: detected capacity change from 0 to 8192
[  151.195524][ T4937] REISERFS (device loop3): Using r5 hash to sort names
[  151.203888][ T4937] REISERFS (device loop3): Created .reiserfs_priv - reserved for xattr storage.
[  151.979741][ T4963] REISERFS (device loop1): found reiserfs format "3.5" with non-standard journal
[  152.030575][ T4963] REISERFS (device loop1): using ordered data mode
[  152.045334][ T4963] reiserfs: using flush barriers
[  152.058364][ T4967] loop0: detected capacity change from 0 to 8192
[  152.157561][ T4963] REISERFS (device loop1): journal params: device loop1, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30
[  152.244727][ T4963] REISERFS (device loop1): checking transaction log (loop1)
[  152.263586][ T4963] REISERFS (device loop1): Using r5 hash to sort names
[  152.280761][ T4967] REISERFS (device loop0): found reiserfs format "3.5" with non-standard journal
[  152.284111][ T4963] REISERFS (device loop1): Created .reiserfs_priv - reserved for xattr storage.
[  152.314143][ T4967] REISERFS (device loop0): using ordered data mode
[  152.322833][ T4967] reiserfs: using flush barriers
[  152.412967][ T4967] REISERFS (device loop0): journal params: device loop0, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30
[  153.053057][ T4967] REISERFS (device loop0): checking transaction log (loop0)
[  153.088172][ T4967] REISERFS (device loop0): Using r5 hash to sort names
[  153.382081][ T4967] REISERFS (device loop0): Created .reiserfs_priv - reserved for xattr storage.
[  154.168574][ T4991] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  154.363105][ T4991] device syzkaller0 entered promiscuous mode
[  154.890730][ T4991] tipc: Resetting bearer <eth:syzkaller0>
[  154.972119][ T5007] device syzkaller0 entered promiscuous mode
[  155.312520][ T5013] loop2: detected capacity change from 0 to 8
[  155.754321][ T4990] tipc: Resetting bearer <eth:syzkaller0>
[  156.065941][ T4990] tipc: Disabling bearer <eth:syzkaller0>
[  156.167704][ T1110] tipc: Node number set to 797711107
[  158.777424][ T5027] loop4: detected capacity change from 0 to 8192
[  158.824232][ T5036] loop0: detected capacity change from 0 to 8192
[  158.978135][ T5027] REISERFS (device loop4): found reiserfs format "3.5" with non-standard journal
[  158.998191][ T5036] REISERFS (device loop0): found reiserfs format "3.5" with non-standard journal
[  159.008362][ T5027] REISERFS (device loop4): using ordered data mode
[  159.014918][ T5027] reiserfs: using flush barriers
[  159.029302][ T5036] REISERFS (device loop0): using ordered data mode
[  159.054867][ T5036] reiserfs: using flush barriers
[  159.070394][ T5027] REISERFS (device loop4): journal params: device loop4, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30
[  159.133189][ T5036] REISERFS (device loop0): journal params: device loop0, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30
[  159.178438][ T5027] REISERFS (device loop4): checking transaction log (loop4)
[  159.199747][ T5036] REISERFS (device loop0): checking transaction log (loop0)
[  159.214874][ T5027] REISERFS (device loop4): Using r5 hash to sort names
[  159.241152][ T5027] REISERFS (device loop4): Created .reiserfs_priv - reserved for xattr storage.
[  159.287435][ T5036] REISERFS (device loop0): Using r5 hash to sort names
[  159.324950][ T5036] REISERFS (device loop0): Created .reiserfs_priv - reserved for xattr storage.
[  160.172371][ T5058] netlink: 104 bytes leftover after parsing attributes in process `syz.2.208'.
[  160.398014][ T5066] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  160.431611][ T5066] device syzkaller0 entered promiscuous mode
[  160.856194][ T5075] tipc: Resetting bearer <eth:syzkaller0>
[  161.086978][ T5065] tipc: Resetting bearer <eth:syzkaller0>
[  161.446180][ T5065] tipc: Disabling bearer <eth:syzkaller0>
[  163.173132][ T5096] loop0: detected capacity change from 0 to 8192
[  163.177212][ T5094] loop4: detected capacity change from 0 to 8192
[  163.310140][ T5096] REISERFS (device loop0): found reiserfs format "3.5" with non-standard journal
[  163.319745][ T5094] REISERFS (device loop4): found reiserfs format "3.5" with non-standard journal
[  163.424231][ T5094] REISERFS (device loop4): using ordered data mode
[  163.438427][ T5096] REISERFS (device loop0): using ordered data mode
[  163.485910][ T5112] device syzkaller0 entered promiscuous mode
[  163.559685][ T5094] reiserfs: using flush barriers
[  163.587013][ T5096] reiserfs: using flush barriers
[  163.738627][ T5094] REISERFS (device loop4): journal params: device loop4, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30
[  163.757344][ T5096] REISERFS (device loop0): journal params: device loop0, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30
[  164.001553][ T5094] REISERFS (device loop4): checking transaction log (loop4)
[  164.023745][ T5096] REISERFS (device loop0): checking transaction log (loop0)
[  164.067298][ T5094] REISERFS (device loop4): Using r5 hash to sort names
[  164.074428][ T5094] REISERFS (device loop4): Created .reiserfs_priv - reserved for xattr storage.
[  164.246161][ T5096] REISERFS (device loop0): Using r5 hash to sort names
[  164.267106][ T5096] REISERFS (device loop0): Created .reiserfs_priv - reserved for xattr storage.
[  166.737899][ T5146] loop3: detected capacity change from 0 to 8192
[  166.864053][ T5146] REISERFS (device loop3): found reiserfs format "3.5" with non-standard journal
[  168.416906][ T5146] REISERFS (device loop3): using ordered data mode
[  168.423465][ T5146] reiserfs: using flush barriers
[  168.456841][ T5146] REISERFS (device loop3): journal params: device loop3, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30
[  168.586113][ T5146] REISERFS (device loop3): checking transaction log (loop3)
[  168.661783][ T5146] REISERFS (device loop3): Using r5 hash to sort names
[  168.720089][ T5146] REISERFS (device loop3): Created .reiserfs_priv - reserved for xattr storage.
[  168.928539][ T5177] tipc: Started in network mode
[  168.933485][ T5177] tipc: Node identity 2a545c4de6f, cluster identity 4711
[  168.964436][ T5177] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  168.985965][ T5178] device syzkaller0 entered promiscuous mode
[  169.076496][ T5174] loop2: detected capacity change from 0 to 8192
[  169.104728][ T5177] tipc: Resetting bearer <eth:syzkaller0>
[  169.144762][ T5176] tipc: Resetting bearer <eth:syzkaller0>
[  169.157819][ T5174] REISERFS (device loop2): found reiserfs format "3.5" with non-standard journal
[  169.195343][ T5174] REISERFS (device loop2): using ordered data mode
[  169.237603][ T5174] reiserfs: using flush barriers
[  169.280926][ T5174] REISERFS (device loop2): journal params: device loop2, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30
[  169.297838][ T5174] REISERFS (device loop2): checking transaction log (loop2)
[  169.299287][ T5176] tipc: Disabling bearer <eth:syzkaller0>
[  169.313480][ T5174] REISERFS (device loop2): Using r5 hash to sort names
[  169.320909][ T5174] REISERFS (device loop2): Created .reiserfs_priv - reserved for xattr storage.
[  170.418194][ T5190] loop0: detected capacity change from 0 to 8192
[  170.498355][ T5190] REISERFS (device loop0): found reiserfs format "3.5" with non-standard journal
[  170.508248][ T5190] REISERFS (device loop0): using ordered data mode
[  170.514904][ T5190] reiserfs: using flush barriers
[  170.521468][ T5190] REISERFS (device loop0): journal params: device loop0, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30
[  170.542339][ T5190] REISERFS (device loop0): checking transaction log (loop0)
[  170.553529][ T5190] REISERFS (device loop0): Using r5 hash to sort names
[  170.561193][ T5190] REISERFS (device loop0): Created .reiserfs_priv - reserved for xattr storage.
[  171.171649][ T5203] netlink: 28 bytes leftover after parsing attributes in process `syz.4.240'.
[  171.272318][ T5203] netlink: 28 bytes leftover after parsing attributes in process `syz.4.240'.
[  171.356121][ T5203] device team0 entered promiscuous mode
[  171.380186][ T5203] device team_slave_0 entered promiscuous mode
[  171.386750][ T5203] device team_slave_1 entered promiscuous mode
[  171.599816][ T5203] device bond0 entered promiscuous mode
[  171.610470][ T5203] device bond_slave_0 entered promiscuous mode
[  171.635488][ T5203] device bond_slave_1 entered promiscuous mode
[  171.694930][ T5203] debugfs: Directory 'hsr1' with parent 'hsr' already present!
[  171.920509][ T5203] Cannot create hsr debugfs directory
[  172.161851][ T5203] 8021q: adding VLAN 0 to HW filter on device hsr1
[  172.243530][ T5209] loop1: detected capacity change from 0 to 8
[  172.333071][ T4319] IPv6: ADDRCONF(NETDEV_CHANGE): hsr1: link becomes ready
[  172.659844][ T5219] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  172.686003][ T5219] device syzkaller0 entered promiscuous mode
[  172.721594][ T5219] tipc: Resetting bearer <eth:syzkaller0>
[  172.728822][ T5214] loop3: detected capacity change from 0 to 8192
[  172.738152][ T5218] tipc: Resetting bearer <eth:syzkaller0>
[  172.786018][ T5206] loop2: detected capacity change from 0 to 32768
[  172.805251][ T5218] tipc: Disabling bearer <eth:syzkaller0>
[  172.862908][ T5214] REISERFS (device loop3): found reiserfs format "3.5" with non-standard journal
[  172.899914][ T5206] BTRFS: device fsid ed167579-eb65-4e76-9a50-61ac97e9b59d devid 1 transid 8 /dev/loop2 scanned by syz.2.250 (5206)
[  172.962139][ T5214] REISERFS (device loop3): using ordered data mode
[  173.073161][ T5214] reiserfs: using flush barriers
[  173.248200][ T5214] REISERFS (device loop3): journal params: device loop3, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30
[  173.508948][ T5214] REISERFS (device loop3): checking transaction log (loop3)
[  173.678728][ T5214] REISERFS (device loop3): Using r5 hash to sort names
[  173.777471][ T5214] REISERFS (device loop3): Created .reiserfs_priv - reserved for xattr storage.
[  175.121023][ T5206] BTRFS info (device loop2): using sha256 (sha256-avx2) checksum algorithm
[  175.341511][ T4193] Bluetooth: hci5: command 0x1003 tx timeout
[  176.772266][ T5206] BTRFS info (device loop2): enabling auto defrag
[  176.810850][ T5206] BTRFS info (device loop2): use no compression
[  176.847328][ T5206] BTRFS info (device loop2): max_inline at 4096
[  176.884203][ T5206] BTRFS info (device loop2): using free space tree
[  176.924330][ T5206] BTRFS info (device loop2): has skinny extents
[  177.222335][ T4657] tipc: Node number set to 3433323597
[  177.230686][ T5206] BTRFS error (device loop2): open_ctree failed: -12
[  178.474033][ T5257] netlink: 12 bytes leftover after parsing attributes in process `syz.3.259'.
[  178.695365][ T4231] Bluetooth: hci5: command 0x1001 tx timeout
[  178.703884][ T4201] Bluetooth: hci5: sending frame failed (-49)
[  180.326628][ T5273] loop0: detected capacity change from 0 to 8192
[  180.377936][ T5279] loop2: detected capacity change from 0 to 512
[  180.415221][ T5273] REISERFS (device loop0): found reiserfs format "3.5" with non-standard journal
[  180.455548][ T5273] REISERFS (device loop0): using ordered data mode
[  180.476206][ T5273] reiserfs: using flush barriers
[  180.491629][ T5273] REISERFS (device loop0): journal params: device loop0, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30
[  180.516476][ T5273] REISERFS (device loop0): checking transaction log (loop0)
[  180.775538][ T4193] Bluetooth: hci5: command 0x1009 tx timeout
[  180.793297][ T5273] REISERFS (device loop0): Using r5 hash to sort names
[  180.850754][ T5273] REISERFS (device loop0): Created .reiserfs_priv - reserved for xattr storage.
[  181.048708][ T5279] EXT4-fs (loop2): 1 truncate cleaned up
[  181.055065][ T5279] EXT4-fs (loop2): mounted filesystem without journal. Opts: noinit_itable,bsdgroups,lazytime,errors=remount-ro,jqfmt=vfsv1,max_dir_size_kb=0x00000000000004cc,usrquota,. Quota mode: writeback.
[  181.487175][ T5286] REISERFS warning: reiserfs-5093 is_leaf: item entry count seems wrong *3.5*[2 3 0(1) DIR], item_len 35, item_location 3257, free_space(entry_count) 2
[  181.502983][ T5286] REISERFS error (device loop0): vs-5150 search_by_key: invalid format found in block 540. Fsck?
[  181.513838][ T5286] REISERFS (device loop0): Remounting filesystem read-only
[  181.521353][ T5286] REISERFS error (device loop0): vs-13050 reiserfs_update_sd_size: i/o failure occurred trying to update [2 3 0x0 SD] stat data
[  182.730181][ T5301] netlink: 12 bytes leftover after parsing attributes in process `syz.3.275'.
[  183.192889][ T5307] netlink: 12 bytes leftover after parsing attributes in process `syz.3.287'.
[  183.512094][ T5309] loop3: detected capacity change from 0 to 8192
[  183.714797][ T5309] REISERFS (device loop3): found reiserfs format "3.5" with non-standard journal
[  184.375023][ T5309] REISERFS (device loop3): using ordered data mode
[  184.465559][ T5309] reiserfs: using flush barriers
[  184.493009][ T5309] REISERFS (device loop3): journal params: device loop3, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30
[  184.666932][ T5309] REISERFS (device loop3): checking transaction log (loop3)
[  185.273940][ T5333] loop1: detected capacity change from 0 to 512
[  185.611113][ T5309] REISERFS (device loop3): Using r5 hash to sort names
[  185.734061][ T5309] REISERFS (device loop3): Created .reiserfs_priv - reserved for xattr storage.
[  185.846348][ T5341] 9pnet: p9_fd_create_tcp (5341): problem connecting socket to 127.0.0.1
[  186.991978][ T5333] EXT4-fs (loop1): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback.
[  187.003983][ T5333] ext4 filesystem being mounted at /62/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  187.042329][ T5347] netlink: 12 bytes leftover after parsing attributes in process `syz.0.290'.
[  189.933891][ T5376] loop4: detected capacity change from 0 to 8192
[  190.937519][ T5392] netlink: 12 bytes leftover after parsing attributes in process `syz.1.303'.
[  190.969383][ T5389] loop2: detected capacity change from 0 to 40427
[  190.980751][ T5376] REISERFS (device loop4): found reiserfs format "3.5" with non-standard journal
[  191.030900][ T5389] F2FS-fs (loop2): invalid crc value
[  191.046021][ T5376] REISERFS (device loop4): using ordered data mode
[  191.117568][ T5389] F2FS-fs (loop2): Found nat_bits in checkpoint
[  191.124248][ T5376] reiserfs: using flush barriers
[  191.163849][ T5376] REISERFS (device loop4): journal params: device loop4, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30
[  191.185509][ T5389] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e5
[  191.248715][ T5376] REISERFS (device loop4): checking transaction log (loop4)
[  191.262302][ T5379] loop0: detected capacity change from 0 to 8192
[  191.280641][ T5376] REISERFS (device loop4): Using r5 hash to sort names
[  191.322727][ T5376] REISERFS (device loop4): Created .reiserfs_priv - reserved for xattr storage.
[  191.587325][ T4267] Bluetooth: hci0: command 0x0406 tx timeout
[  191.593752][ T4267] Bluetooth: hci4: command 0x0406 tx timeout
[  191.600248][ T4267] Bluetooth: hci3: command 0x0406 tx timeout
[  191.607230][ T4267] Bluetooth: hci2: command 0x0406 tx timeout
[  191.613345][ T4267] Bluetooth: hci1: command 0x0406 tx timeout
[  191.641949][ T5379] REISERFS (device loop0): found reiserfs format "3.5" with non-standard journal
[  191.655408][ T5379] REISERFS (device loop0): using ordered data mode
[  191.795332][ T5379] reiserfs: using flush barriers
[  192.206092][ T5379] REISERFS (device loop0): journal params: device loop0, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30
[  192.399417][ T5379] REISERFS (device loop0): checking transaction log (loop0)
[  192.595412][ T5379] REISERFS (device loop0): Using r5 hash to sort names
[  192.602657][ T5379] REISERFS (device loop0): Created .reiserfs_priv - reserved for xattr storage.
[  194.255886][ T1424] ieee802154 phy0 wpan0: encryption failed: -22
[  194.262265][ T1424] ieee802154 phy1 wpan1: encryption failed: -22
[  194.327750][ T5435] loop0: detected capacity change from 0 to 8192
[  195.166290][ T5435] REISERFS (device loop0): found reiserfs format "3.5" with non-standard journal
[  195.195285][ T5435] REISERFS (device loop0): using ordered data mode
[  195.201946][ T5435] reiserfs: using flush barriers
[  195.336761][ T5435] REISERFS (device loop0): journal params: device loop0, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30
[  195.405673][ T5435] REISERFS (device loop0): checking transaction log (loop0)
[  196.185377][ T5435] REISERFS (device loop0): Using r5 hash to sort names
[  196.195485][ T5435] REISERFS (device loop0): Created .reiserfs_priv - reserved for xattr storage.
[  197.123892][ T5460] loop4: detected capacity change from 0 to 256
[  197.323730][ T5460] FAT-fs (loop4): Directory bread(block 64) failed
[  197.355452][ T5460] FAT-fs (loop4): Directory bread(block 65) failed
[  197.378561][ T5460] FAT-fs (loop4): Directory bread(block 66) failed
[  197.440088][ T5460] FAT-fs (loop4): Directory bread(block 67) failed
[  197.450279][ T5460] FAT-fs (loop4): Directory bread(block 68) failed
[  197.482426][ T5470] netlink: 12 bytes leftover after parsing attributes in process `syz.0.315'.
[  197.488158][ T5460] FAT-fs (loop4): Directory bread(block 69) failed
[  197.539023][ T5460] FAT-fs (loop4): Directory bread(block 70) failed
[  197.569373][ T5460] FAT-fs (loop4): Directory bread(block 71) failed
[  197.587244][ T5460] FAT-fs (loop4): Directory bread(block 72) failed
[  197.620049][ T5465] loop3: detected capacity change from 0 to 8192
[  197.630167][ T5460] FAT-fs (loop4): Directory bread(block 73) failed
[  197.744916][ T5478] loop1: detected capacity change from 0 to 8192
[  198.678157][ T5465] REISERFS (device loop3): found reiserfs format "3.5" with non-standard journal
[  198.719352][ T5465] REISERFS (device loop3): using ordered data mode
[  198.732871][ T5481] loop0: detected capacity change from 0 to 40427
[  198.764802][ T5465] reiserfs: using flush barriers
[  198.787445][ T5481] F2FS-fs (loop0): invalid crc value
[  198.794834][ T5478] REISERFS (device loop1): found reiserfs format "3.5" with non-standard journal
[  198.805613][ T5465] REISERFS (device loop3): journal params: device loop3, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30
[  198.838597][ T5478] REISERFS (device loop1): using ordered data mode
[  198.846275][ T5478] reiserfs: using flush barriers
[  198.852605][ T5481] F2FS-fs (loop0): Found nat_bits in checkpoint
[  198.866689][ T5478] REISERFS (device loop1): journal params: device loop1, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30
[  198.906823][ T5465] REISERFS (device loop3): checking transaction log (loop3)
[  198.915738][ T5478] REISERFS (device loop1): checking transaction log (loop1)
[  198.954849][ T5481] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e5
[  199.197156][ T5494] device syzkaller0 entered promiscuous mode
[  199.291670][ T5465] REISERFS (device loop3): Using r5 hash to sort names
[  199.389174][ T5478] REISERFS (device loop1): Using r5 hash to sort names
[  199.484027][ T5465] REISERFS (device loop3): Created .reiserfs_priv - reserved for xattr storage.
[  199.616272][ T5478] REISERFS (device loop1): Created .reiserfs_priv - reserved for xattr storage.
[  200.530202][ T5500] REISERFS warning: reiserfs-5093 is_leaf: item entry count seems wrong *3.5*[2 3 0(1) DIR], item_len 35, item_location 3257, free_space(entry_count) 2
[  200.546359][ T5500] REISERFS error (device loop1): vs-5150 search_by_key: invalid format found in block 540. Fsck?
[  200.557199][ T5500] REISERFS (device loop1): Remounting filesystem read-only
[  200.564629][ T5500] REISERFS error (device loop1): vs-13050 reiserfs_update_sd_size: i/o failure occurred trying to update [2 3 0x0 SD] stat data
[  202.249176][ T5515] loop3: detected capacity change from 0 to 8192
[  202.993576][ T5515] REISERFS (device loop3): found reiserfs format "3.5" with non-standard journal
[  203.305348][ T5515] REISERFS (device loop3): using ordered data mode
[  203.791929][ T5515] reiserfs: using flush barriers
[  204.060505][ T5524] loop0: detected capacity change from 0 to 512
[  204.091504][ T5515] REISERFS (device loop3): journal params: device loop3, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30
[  204.135610][ T5515] REISERFS (device loop3): checking transaction log (loop3)
[  204.150945][ T5524] EXT4-fs: Warning: mounting with data=journal disables delayed allocation, dioread_nolock, O_DIRECT and fast_commit support!
[  204.212082][ T5515] REISERFS (device loop3): Using r5 hash to sort names
[  204.269691][ T5515] REISERFS (device loop3): Created .reiserfs_priv - reserved for xattr storage.
[  204.293264][ T5524] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode
[  204.425904][ T5536] loop2: detected capacity change from 0 to 256
[  204.633208][ T5524] EXT4-fs warning (device loop0): ext4_expand_extra_isize_ea:2807: Unable to expand inode 15. Delete some EAs or run e2fsck.
[  204.826891][ T5536] FAT-fs (loop2): Directory bread(block 64) failed
[  204.874813][ T5536] FAT-fs (loop2): Directory bread(block 65) failed
[  204.895932][ T5524] EXT4-fs (loop0): 1 truncate cleaned up
[  204.901658][ T5524] EXT4-fs (loop0): mounted filesystem without journal. Opts: max_batch_time=0x0000000000000004,max_batch_time=0x0000000000000002,debug_want_extra_isize=0x000000000000006a,block_validity,errors=remount-ro,nombcache,. Quota mode: none.
[  204.930704][ T5536] FAT-fs (loop2): Directory bread(block 66) failed
[  204.995309][ T5536] FAT-fs (loop2): Directory bread(block 67) failed
[  205.030800][ T5536] FAT-fs (loop2): Directory bread(block 68) failed
[  205.057986][ T5536] FAT-fs (loop2): Directory bread(block 69) failed
[  205.064650][ T5536] FAT-fs (loop2): Directory bread(block 70) failed
[  205.134291][ T5536] FAT-fs (loop2): Directory bread(block 71) failed
[  205.310046][ T5536] FAT-fs (loop2): Directory bread(block 72) failed
[  205.353358][ T5536] FAT-fs (loop2): Directory bread(block 73) failed
[  205.650618][ T5543] device syzkaller0 entered promiscuous mode
[  205.936580][ T5549] uffd: Set unprivileged_userfaultfd sysctl knob to 1 if kernel faults must be handled without obtaining CAP_SYS_PTRACE capability
[  207.702656][   T26] audit: type=1800 audit(1771039769.184:8): pid=5554 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.2.336" name="regulatory.db" dev="sda1" ino=448 res=0 errno=0
[  207.703621][ T5554] platform regulatory.0: loading /lib/firmware/regulatory.db failed with error -4
[  207.732752][ T5554] platform regulatory.0: Direct firmware load for regulatory.db failed with error -4
[  207.742600][ T5554] platform regulatory.0: Falling back to sysfs fallback for: regulatory.db
[  207.823342][ T5554] syz.2.336 (5554) used greatest stack depth: 20048 bytes left
[  207.972624][ T5556] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  208.327877][ T5562] device syzkaller0 entered promiscuous mode
[  208.473822][ T5556] tipc: Resetting bearer <eth:syzkaller0>
[  208.506971][ T5555] tipc: Resetting bearer <eth:syzkaller0>
[  208.571257][ T5555] tipc: Disabling bearer <eth:syzkaller0>
[  210.456844][ T5574] netlink: 8 bytes leftover after parsing attributes in process `syz.0.343'.
[  210.662326][ T5578] loop3: detected capacity change from 0 to 8192
[  210.720338][ T5586] loop1: detected capacity change from 0 to 2048
[  210.728690][ T5583] loop2: detected capacity change from 0 to 8192
[  210.805320][ T5578] REISERFS (device loop3): found reiserfs format "3.5" with non-standard journal
[  210.820751][ T5583] REISERFS (device loop2): found reiserfs format "3.5" with non-standard journal
[  210.842672][ T5578] REISERFS (device loop3): using ordered data mode
[  210.849798][ T5578] reiserfs: using flush barriers
[  210.859590][ T5578] REISERFS (device loop3): journal params: device loop3, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30
[  210.896016][ T5583] REISERFS (device loop2): using ordered data mode
[  210.902782][ T5583] reiserfs: using flush barriers
[  210.915345][ T5583] REISERFS (device loop2): journal params: device loop2, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30
[  210.933699][ T5583] REISERFS (device loop2): checking transaction log (loop2)
[  210.944257][ T5578] REISERFS (device loop3): checking transaction log (loop3)
[  211.077228][ T5578] REISERFS (device loop3): Using r5 hash to sort names
[  211.218873][ T5578] REISERFS (device loop3): Created .reiserfs_priv - reserved for xattr storage.
[  211.984634][ T5596] NILFS (loop1): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
[  211.986108][ T5583] REISERFS (device loop2): Using r5 hash to sort names
[  212.007502][ T5583] REISERFS (device loop2): Created .reiserfs_priv - reserved for xattr storage.
[  212.708892][ T5606] REISERFS warning: reiserfs-5093 is_leaf: item entry count seems wrong *3.5*[2 3 0(1) DIR], item_len 35, item_location 3257, free_space(entry_count) 2
[  212.725310][ T5606] REISERFS error (device loop2): vs-5150 search_by_key: invalid format found in block 540. Fsck?
[  212.735937][ T5606] REISERFS (device loop2): Remounting filesystem read-only
[  212.743255][ T5606] REISERFS error (device loop2): vs-13050 reiserfs_update_sd_size: i/o failure occurred trying to update [2 3 0x0 SD] stat data
[  212.905940][ T5600] loop4: detected capacity change from 0 to 512
[  213.178990][ T5600] EXT4-fs (loop4): encrypted files will use data=ordered instead of data journaling mode
[  214.522290][ T5600] EXT4-fs (loop4): 1 truncate cleaned up
[  214.561984][ T5600] EXT4-fs (loop4): mounted filesystem without journal. Opts: max_batch_time=0x0000000000000004,max_batch_time=0x0000000000000002,debug_want_extra_isize=0x000000000000006a,block_validity,errors=remount-ro,nombcache,. Quota mode: none.
[  214.772177][ T5618] device syzkaller0 entered promiscuous mode
[  216.966875][ T1348] usb 4-1: new full-speed USB device number 4 using dummy_hcd
[  217.515963][ T5641] netdevsim netdevsim2 netdevsim0: set [1, 1] type 2 family 0 port 20000 - 0
[  217.614841][ T5641] netdevsim netdevsim2 netdevsim1: set [1, 1] type 2 family 0 port 20000 - 0
[  217.623740][ T5641] netdevsim netdevsim2 netdevsim2: set [1, 1] type 2 family 0 port 20000 - 0
[  217.632809][ T5641] netdevsim netdevsim2 netdevsim3: set [1, 1] type 2 family 0 port 20000 - 0
[  217.641720][ T5641] device geneve2 entered promiscuous mode
[  218.065415][ T4656] nf_conntrack: default automatic helper assignment has been turned off for security reasons and CT-based firewall rule not found. Use the iptables CT target to attach helpers instead.
[  220.334070][ T1348] usb 4-1: device descriptor read/all, error -71
[  220.356655][ T5644] loop4: detected capacity change from 0 to 8192
[  220.432003][ T5644] REISERFS (device loop4): found reiserfs format "3.5" with non-standard journal
[  220.484429][ T5644] REISERFS (device loop4): using ordered data mode
[  220.521291][ T5644] reiserfs: using flush barriers
[  220.559063][ T5644] REISERFS (device loop4): journal params: device loop4, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30
[  220.685941][ T5644] REISERFS (device loop4): checking transaction log (loop4)
[  220.715331][ T5644] REISERFS (device loop4): Using r5 hash to sort names
[  220.722546][ T5644] REISERFS (device loop4): Created .reiserfs_priv - reserved for xattr storage.
[  221.815616][ T5672] tipc: Enabling of bearer <eth:syzkaller0> rejected, failed to enable media
[  222.195940][ T5684] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  222.238395][ T5684] device syzkaller0 entered promiscuous mode
[  222.490970][ T5684] tipc: Resetting bearer <eth:syzkaller0>
[  222.499470][ T5683] tipc: Resetting bearer <eth:syzkaller0>
[  222.517403][ T5683] tipc: Disabling bearer <eth:syzkaller0>
[  225.505331][ T4267] usb 3-1: new full-speed USB device number 3 using dummy_hcd
[  225.976124][ T4267] usb 3-1: config 0 interface 0 altsetting 251 endpoint 0x9 has an invalid bInterval 0, changing to 4
[  226.052153][ T4267] usb 3-1: config 0 interface 0 altsetting 251 endpoint 0x9 has invalid maxpacket 15380, setting to 1023
[  226.199231][ T4267] usb 3-1: config 0 interface 0 has no altsetting 0
[  226.484352][ T5711] loop0: detected capacity change from 0 to 8192
[  226.491169][ T4267] usb 3-1: New USB device found, idVendor=045e, idProduct=0283, bcdDevice=99.0b
[  226.505117][ T4267] usb 3-1: New USB device strings: Mfr=1, Product=228, SerialNumber=2
[  226.559811][ T4267] usb 3-1: Product: syz
[  226.564047][ T4267] usb 3-1: Manufacturer: syz
[  226.633523][ T4267] usb 3-1: SerialNumber: syz
[  226.647509][ T5711] REISERFS (device loop0): found reiserfs format "3.5" with non-standard journal
[  226.667114][ T5711] REISERFS (device loop0): using ordered data mode
[  226.673684][ T5711] reiserfs: using flush barriers
[  226.691624][ T4267] usb 3-1: config 0 descriptor??
[  226.724832][ T5711] REISERFS (device loop0): journal params: device loop0, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30
[  226.752248][ T5711] REISERFS (device loop0): checking transaction log (loop0)
[  226.763875][ T4267] usb 3-1: selecting invalid altsetting 0
[  226.780728][ T5711] REISERFS (device loop0): Using r5 hash to sort names
[  226.797617][ T5711] REISERFS (device loop0): Created .reiserfs_priv - reserved for xattr storage.
[  226.895165][ T4267] usb 3-1: USB disconnect, device number 3
[  227.103091][ T5719] loop4: detected capacity change from 0 to 8192
[  227.918962][ T5734] netlink: 4 bytes leftover after parsing attributes in process `syz.3.388'.
[  227.963110][ T5719] REISERFS (device loop4): found reiserfs format "3.5" with non-standard journal
[  227.980237][ T5719] REISERFS (device loop4): using ordered data mode
[  227.999944][ T5719] reiserfs: using flush barriers
[  228.006337][ T5719] REISERFS (device loop4): journal params: device loop4, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30
[  228.023257][ T5719] REISERFS (device loop4): checking transaction log (loop4)
[  228.033527][ T5719] REISERFS (device loop4): Using r5 hash to sort names
[  228.040860][ T5719] REISERFS (device loop4): Created .reiserfs_priv - reserved for xattr storage.
[  228.988989][ T4313] udevd[4313]: error opening ATTR{/sys/devices/platform/dummy_hcd.2/usb3/3-1/3-1:0.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  230.029702][ T5764] netlink: 12 bytes leftover after parsing attributes in process `syz.1.394'.
[  230.533939][ T5770] loop0: detected capacity change from 0 to 8192
[  230.669499][ T4303] usb 5-1: new high-speed USB device number 5 using dummy_hcd
[  231.555715][ T5770] REISERFS (device loop0): found reiserfs format "3.5" with non-standard journal
[  231.617640][ T5770] REISERFS (device loop0): using ordered data mode
[  231.624958][ T5770] reiserfs: using flush barriers
[  231.715419][ T4303] usb 5-1: config 2 interface 0 altsetting 178 endpoint 0xA has invalid maxpacket 57464, setting to 64
[  231.735221][ T4303] usb 5-1: config 2 interface 0 has no altsetting 0
[  231.771470][ T5770] REISERFS (device loop0): journal params: device loop0, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30
[  231.827472][ T5770] REISERFS (device loop0): checking transaction log (loop0)
[  231.837359][ T5770] REISERFS (device loop0): Using r5 hash to sort names
[  231.844597][ T5770] REISERFS (device loop0): Created .reiserfs_priv - reserved for xattr storage.
[  231.905604][ T4303] usb 5-1: New USB device found, idVendor=04d8, idProduct=0083, bcdDevice=da.47
[  232.125305][ T4303] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  232.133605][ T4303] usb 5-1: Product: syz
[  232.138441][ T4303] usb 5-1: Manufacturer: syz
[  232.143186][ T4303] usb 5-1: SerialNumber: syz
[  232.171732][ T5786] loop2: detected capacity change from 0 to 8192
[  232.229091][ T5786] REISERFS (device loop2): found reiserfs format "3.5" with non-standard journal
[  232.342853][ T5786] REISERFS (device loop2): using ordered data mode
[  232.362707][ T5786] reiserfs: using flush barriers
[  232.376510][ T5786] REISERFS (device loop2): journal params: device loop2, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30
[  232.416142][ T5786] REISERFS (device loop2): checking transaction log (loop2)
[  232.496927][ T5786] REISERFS (device loop2): Using r5 hash to sort names
[  232.504165][ T5786] REISERFS (device loop2): Created .reiserfs_priv - reserved for xattr storage.
[  232.548404][ T4303] ims_pcu: probe of 5-1:2.0 failed with error -22
[  232.573789][ T4303] usb 5-1: USB disconnect, device number 5
[  232.981984][ T5794] REISERFS warning: reiserfs-5093 is_leaf: item entry count seems wrong *3.5*[2 3 0(1) DIR], item_len 35, item_location 3257, free_space(entry_count) 2
[  232.998206][ T5794] REISERFS error (device loop2): vs-5150 search_by_key: invalid format found in block 540. Fsck?
[  233.009080][ T5794] REISERFS (device loop2): Remounting filesystem read-only
[  233.016442][ T5794] REISERFS error (device loop2): vs-13050 reiserfs_update_sd_size: i/o failure occurred trying to update [2 3 0x0 SD] stat data
[  234.744387][ T5798] loop4: detected capacity change from 0 to 8192
[  234.804889][ T5806] loop2: detected capacity change from 0 to 128
[  234.906349][ T5798] REISERFS (device loop4): found reiserfs format "3.5" with non-standard journal
[  234.958129][ T5798] REISERFS (device loop4): using ordered data mode
[  234.964838][ T5798] reiserfs: using flush barriers
[  236.476040][ T5798] REISERFS (device loop4): journal params: device loop4, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30
[  236.570613][ T5798] REISERFS (device loop4): checking transaction log (loop4)
[  236.614007][ T5798] REISERFS (device loop4): Using r5 hash to sort names
[  236.634953][ T5798] REISERFS (device loop4): Created .reiserfs_priv - reserved for xattr storage.
[  237.438819][ T5828] loop4: detected capacity change from 0 to 8192
[  237.473509][ T5828] REISERFS (device loop4): found reiserfs format "3.5" with non-standard journal
[  237.614637][ T5828] REISERFS (device loop4): using ordered data mode
[  237.792163][ T5828] reiserfs: using flush barriers
[  237.985591][ T5828] REISERFS (device loop4): journal params: device loop4, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30
[  238.286911][ T5828] REISERFS (device loop4): checking transaction log (loop4)
[  238.388543][ T5828] REISERFS (device loop4): Using r5 hash to sort names
[  238.429295][ T5828] REISERFS (device loop4): Created .reiserfs_priv - reserved for xattr storage.
[  238.756602][ T5834] REISERFS warning: reiserfs-5093 is_leaf: item entry count seems wrong *3.5*[2 3 0(1) DIR], item_len 35, item_location 3257, free_space(entry_count) 2
[  238.772211][ T5834] REISERFS error (device loop4): vs-5150 search_by_key: invalid format found in block 540. Fsck?
[  238.782891][ T5834] REISERFS (device loop4): Remounting filesystem read-only
[  238.790231][ T5834] REISERFS error (device loop4): vs-13050 reiserfs_update_sd_size: i/o failure occurred trying to update [2 3 0x0 SD] stat data
[  239.415361][ T1348] Bluetooth: hci5: command 0x1003 tx timeout
[  239.422570][ T4198] Bluetooth: hci5: sending frame failed (-49)
[  239.541876][ T5844] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  239.556589][ T5844] device syzkaller0 entered promiscuous mode
[  239.584276][ T5844] tipc: Resetting bearer <eth:syzkaller0>
[  239.612622][ T5843] tipc: Resetting bearer <eth:syzkaller0>
[  239.638553][ T5843] tipc: Disabling bearer <eth:syzkaller0>
[  239.755432][ T4657] usb 4-1: new high-speed USB device number 6 using dummy_hcd
[  240.505680][ T4657] usb 4-1: config 2 interface 0 altsetting 178 endpoint 0xA has invalid maxpacket 57464, setting to 64
[  240.641580][ T4657] usb 4-1: config 2 interface 0 has no altsetting 0
[  240.995565][ T4657] usb 4-1: New USB device found, idVendor=04d8, idProduct=0083, bcdDevice=da.47
[  241.425764][ T4657] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  241.477945][ T4657] usb 4-1: Product: syz
[  241.738455][   T23] Bluetooth: hci5: command 0x1001 tx timeout
[  241.744635][ T4198] Bluetooth: hci5: sending frame failed (-49)
[  241.767509][ T4657] usb 4-1: Manufacturer: syz
[  241.772168][ T4657] usb 4-1: SerialNumber: syz
[  241.828085][ T5854] loop4: detected capacity change from 0 to 8192
[  242.415526][ T5854] REISERFS (device loop4): found reiserfs format "3.5" with non-standard journal
[  242.475267][ T5854] REISERFS (device loop4): using ordered data mode
[  242.492060][ T5854] reiserfs: using flush barriers
[  242.605261][ T4657] usb 4-1: can't set config #2, error -71
[  242.635309][ T4657] usb 4-1: USB disconnect, device number 6
[  242.641241][ T5854] REISERFS (device loop4): journal params: device loop4, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30
[  242.683119][ T5862] device syzkaller0 entered promiscuous mode
[  242.709261][ T5854] REISERFS (device loop4): checking transaction log (loop4)
[  242.749691][ T5854] REISERFS (device loop4): Using r5 hash to sort names
[  242.765409][ T5854] REISERFS (device loop4): Created .reiserfs_priv - reserved for xattr storage.
[  243.092444][ T5870] REISERFS warning: reiserfs-5093 is_leaf: item entry count seems wrong *3.5*[2 3 0(1) DIR], item_len 35, item_location 3257, free_space(entry_count) 2
[  243.107986][ T5870] REISERFS error (device loop4): vs-5150 search_by_key: invalid format found in block 540. Fsck?
[  243.118729][ T5870] REISERFS (device loop4): Remounting filesystem read-only
[  243.125998][ T5870] REISERFS error (device loop4): vs-13050 reiserfs_update_sd_size: i/o failure occurred trying to update [2 3 0x0 SD] stat data
[  243.490223][ T5865] loop3: detected capacity change from 0 to 8192
[  244.414013][   T23] Bluetooth: hci5: command 0x1009 tx timeout
[  244.425296][ T5865] REISERFS (device loop3): found reiserfs format "3.5" with non-standard journal
[  244.434557][ T5865] REISERFS (device loop3): using ordered data mode
[  244.515415][ T5865] reiserfs: using flush barriers
[  244.575862][ T5865] REISERFS (device loop3): journal params: device loop3, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30
[  244.597431][ T5867] netlink: 4 bytes leftover after parsing attributes in process `syz.2.424'.
[  244.635569][ T5865] REISERFS (device loop3): checking transaction log (loop3)
[  244.698114][ T5865] REISERFS (device loop3): Using r5 hash to sort names
[  244.713470][ T5865] REISERFS (device loop3): Created .reiserfs_priv - reserved for xattr storage.
[  247.885336][ T1348] usb 2-1: new high-speed USB device number 4 using dummy_hcd
[  248.453535][ T5908] device syzkaller0 entered promiscuous mode
[  248.505576][ T1348] usb 2-1: config 2 interface 0 altsetting 178 endpoint 0xA has invalid maxpacket 57464, setting to 64
[  248.551425][ T1348] usb 2-1: config 2 interface 0 has no altsetting 0
[  248.866346][ T1348] usb 2-1: New USB device found, idVendor=04d8, idProduct=0083, bcdDevice=da.47
[  248.960191][ T1348] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  249.125194][ T1348] usb 2-1: Product: syz
[  249.221961][ T1348] usb 2-1: Manufacturer: syz
[  249.284995][ T1348] usb 2-1: SerialNumber: syz
[  250.386958][ T1348] ims_pcu: probe of 2-1:2.0 failed with error -22
[  250.421270][ T1348] usb 2-1: USB disconnect, device number 4
[  250.660414][ T5927] loop3: detected capacity change from 0 to 8192
[  250.781169][ T5927] REISERFS (device loop3): found reiserfs format "3.5" with non-standard journal
[  250.925492][ T5927] REISERFS (device loop3): using ordered data mode
[  250.932066][ T5927] reiserfs: using flush barriers
[  251.085272][ T5927] REISERFS (device loop3): journal params: device loop3, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30
[  251.886951][ T5927] REISERFS (device loop3): checking transaction log (loop3)
[  251.902579][ T5927] REISERFS (device loop3): Using r5 hash to sort names
[  251.915482][ T5927] REISERFS (device loop3): Created .reiserfs_priv - reserved for xattr storage.
[  254.439365][ T5952] device syzkaller0 entered promiscuous mode
[  255.577625][ T1424] ieee802154 phy0 wpan0: encryption failed: -22
[  255.583986][ T1424] ieee802154 phy1 wpan1: encryption failed: -22
[  259.007133][ T5989] loop3: detected capacity change from 0 to 8192
[  260.510637][ T5989] REISERFS (device loop3): found reiserfs format "3.5" with non-standard journal
[  260.555327][ T5989] REISERFS (device loop3): using ordered data mode
[  260.592504][ T5989] reiserfs: using flush barriers
[  260.673206][ T5989] REISERFS (device loop3): journal params: device loop3, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30
[  260.756914][ T5989] REISERFS (device loop3): checking transaction log (loop3)
[  260.822001][ T5989] REISERFS (device loop3): Using r5 hash to sort names
[  260.851215][ T5989] REISERFS (device loop3): Created .reiserfs_priv - reserved for xattr storage.
[  260.904399][ T6011] device syzkaller0 entered promiscuous mode
[  261.168817][ T6013] REISERFS warning: reiserfs-5093 is_leaf: item entry count seems wrong *3.5*[2 3 0(1) DIR], item_len 35, item_location 3257, free_space(entry_count) 2
[  261.184256][ T6013] REISERFS error (device loop3): vs-5150 search_by_key: invalid format found in block 540. Fsck?
[  261.194923][ T6013] REISERFS (device loop3): Remounting filesystem read-only
[  261.202192][ T6013] REISERFS error (device loop3): vs-13050 reiserfs_update_sd_size: i/o failure occurred trying to update [2 3 0x0 SD] stat data
[  262.710002][   T23] Bluetooth: hci5: command 0x1003 tx timeout
[  262.717547][ T4198] Bluetooth: hci5: sending frame failed (-49)
[  262.771133][ T6020] loop2: detected capacity change from 0 to 8192
[  262.879331][ T6020] REISERFS (device loop2): found reiserfs format "3.5" with non-standard journal
[  263.015268][ T6020] REISERFS (device loop2): using ordered data mode
[  263.104199][ T6020] reiserfs: using flush barriers
[  263.123146][ T6020] REISERFS (device loop2): journal params: device loop2, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30
[  263.959783][ T6020] REISERFS (device loop2): checking transaction log (loop2)
[  263.976194][ T6020] REISERFS (device loop2): Using r5 hash to sort names
[  263.985448][ T6020] REISERFS (device loop2): Created .reiserfs_priv - reserved for xattr storage.
[  264.708741][ T6049] REISERFS warning: reiserfs-5093 is_leaf: item entry count seems wrong *3.5*[2 3 0(1) DIR], item_len 35, item_location 3617, free_space(entry_count) 2
[  264.724481][ T6049] REISERFS error (device loop2): vs-5150 search_by_key: invalid format found in block 532. Fsck?
[  264.735606][ T6049] REISERFS (device loop2): Remounting filesystem read-only
[  264.775844][ T4267] Bluetooth: hci5: command 0x1001 tx timeout
[  264.969522][ T4198] Bluetooth: hci5: sending frame failed (-49)
[  267.640135][   T21] Bluetooth: hci5: command 0x1009 tx timeout
[  267.812342][ T6069] device syzkaller0 entered promiscuous mode
[  268.016487][ T6075] loop0: detected capacity change from 0 to 1024
[  268.121231][ T6071] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  268.144515][ T6075] EXT4-fs (loop0): mounted filesystem without journal. Opts: barrier,nodioread_nolock,noquota,barrier,auto_da_alloc,nodioread_nolock,,errors=continue. Quota mode: none.
[  268.168730][ T6071] device batadv_slave_0 entered promiscuous mode
[  268.258691][ T6075] ext4 filesystem being mounted at /90/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  268.449530][ T6081] EXT4-fs error (device loop0): ext4_map_blocks:739: inode #15: comm syz.0.479: lblock 0 mapped to illegal pblock 0 (length 1)
[  268.625531][ T6081] EXT4-fs (loop0): Delayed block allocation failed for inode 15 at logical offset 0 with max blocks 1 with error 117
[  268.641908][ T6081] EXT4-fs (loop0): This should not happen!! Data will be lost
[  268.641908][ T6081] 
[  270.460517][ T6091] loop3: detected capacity change from 0 to 8192
[  271.258713][ T6091] REISERFS (device loop3): found reiserfs format "3.5" with non-standard journal
[  271.315765][ T6091] REISERFS (device loop3): using ordered data mode
[  271.336036][ T6091] reiserfs: using flush barriers
[  271.358506][ T6091] REISERFS (device loop3): journal params: device loop3, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30
[  271.375535][ T6091] REISERFS (device loop3): checking transaction log (loop3)
[  271.557516][ T6091] REISERFS (device loop3): Using r5 hash to sort names
[  271.564750][ T6091] REISERFS (device loop3): Created .reiserfs_priv - reserved for xattr storage.
[  271.875269][ T6108] REISERFS warning: reiserfs-5093 is_leaf: item entry count seems wrong *3.5*[2 3 0(1) DIR], item_len 35, item_location 3257, free_space(entry_count) 2
[  271.891637][ T6108] REISERFS error (device loop3): vs-5150 search_by_key: invalid format found in block 540. Fsck?
[  271.902878][ T6108] REISERFS (device loop3): Remounting filesystem read-only
[  271.910897][ T6108] REISERFS error (device loop3): vs-13050 reiserfs_update_sd_size: i/o failure occurred trying to update [2 3 0x0 SD] stat data
[  272.503298][ T6114] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  272.524632][ T6112] loop2: detected capacity change from 0 to 8192
[  272.567935][ T6110] device syzkaller0 entered promiscuous mode
[  272.670958][ T6112] REISERFS (device loop2): found reiserfs format "3.5" with non-standard journal
[  272.710668][ T6112] REISERFS (device loop2): using ordered data mode
[  272.730842][ T6112] reiserfs: using flush barriers
[  272.764409][ T6112] REISERFS (device loop2): journal params: device loop2, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30
[  272.833043][ T6114] tipc: Resetting bearer <eth:syzkaller0>
[  272.883568][ T6112] REISERFS (device loop2): checking transaction log (loop2)
[  273.142835][ T6112] REISERFS (device loop2): Using r5 hash to sort names
[  273.243875][ T4318] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  273.294645][ T6112] REISERFS (device loop2): Created .reiserfs_priv - reserved for xattr storage.
[  273.475407][ T6109] tipc: Resetting bearer <eth:syzkaller0>
[  273.493657][ T6109] tipc: Disabling bearer <eth:syzkaller0>
[  273.500209][   T21] Bluetooth: hci5: command 0x0409 tx timeout
[  273.546842][ T6124] device syzkaller0 entered promiscuous mode
[  273.753520][ T6104] chnl_net:caif_netlink_parms(): no params data found
[  273.957398][ T6131] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  273.971795][ T6131] device batadv_slave_0 entered promiscuous mode
[  274.153359][ T4318] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  275.384080][ T4318] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  275.575644][ T1110] Bluetooth: hci5: command 0x041b tx timeout
[  276.163180][ T6104] bridge0: port 1(bridge_slave_0) entered blocking state
[  276.330302][ T6149] loop3: detected capacity change from 0 to 8192
[  276.360871][ T6104] bridge0: port 1(bridge_slave_0) entered disabled state
[  276.369228][ T6104] device bridge_slave_0 entered promiscuous mode
[  276.378569][ T6104] bridge0: port 2(bridge_slave_1) entered blocking state
[  276.385737][ T6104] bridge0: port 2(bridge_slave_1) entered disabled state
[  276.394796][ T6104] device bridge_slave_1 entered promiscuous mode
[  276.973638][ T6149] REISERFS (device loop3): found reiserfs format "3.5" with non-standard journal
[  277.251686][ T6149] REISERFS (device loop3): using ordered data mode
[  277.264646][ T4318] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  277.281344][ T6160] netlink: 36 bytes leftover after parsing attributes in process `syz.0.498'.
[  277.285371][ T6149] reiserfs: using flush barriers
[  277.306234][ T6149] REISERFS (device loop3): journal params: device loop3, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30
[  277.308475][ T6104] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  277.338690][ T6149] REISERFS (device loop3): checking transaction log (loop3)
[  277.357322][ T6104] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  277.389861][ T6149] REISERFS (device loop3): Using r5 hash to sort names
[  277.439938][ T6149] REISERFS (device loop3): Created .reiserfs_priv - reserved for xattr storage.
[  277.459313][ T6104] team0: Port device team_slave_0 added
[  277.517006][ T6104] team0: Port device team_slave_1 added
[  277.774154][ T4307] Bluetooth: hci5: command 0x040f tx timeout
[  277.806449][ T6149] REISERFS warning: reiserfs-5093 is_leaf: item entry count seems wrong *3.5*[2 3 0(1) DIR], item_len 35, item_location 3257, free_space(entry_count) 2
[  277.822212][ T6149] REISERFS error (device loop3): vs-5150 search_by_key: invalid format found in block 540. Fsck?
[  277.832861][ T6149] REISERFS (device loop3): Remounting filesystem read-only
[  277.840351][ T6149] REISERFS error (device loop3): vs-13050 reiserfs_update_sd_size: i/o failure occurred trying to update [2 3 0x0 SD] stat data
[  278.107597][ T6104] batman_adv: batadv0: Adding interface: batadv_slave_0
[  278.114680][ T6104] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  278.473076][ T6104] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  278.501476][ T6104] batman_adv: batadv0: Adding interface: batadv_slave_1
[  280.027815][   T21] Bluetooth: hci5: command 0x0419 tx timeout
[  280.072688][ T6104] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  280.151089][ T6104] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  280.194125][ T6181] loop3: detected capacity change from 0 to 512
[  280.223383][ T4318] tipc: Left network mode
[  280.324457][ T6181] FAT-fs (loop3): utf8 is not a recommended IO charset for FAT filesystems, filesystem will be case sensitive!
[  280.349969][ T6104] device hsr_slave_0 entered promiscuous mode
[  280.418209][ T6104] device hsr_slave_1 entered promiscuous mode
[  280.473859][ T6186] FAT-fs (loop3): error, fat_get_cluster: invalid start cluster (i_pos 0, start 22000003)
[  280.558054][ T6104] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  280.581272][ T6104] Cannot create hsr debugfs directory
[  280.611796][ T6186] FAT-fs (loop3): error, fat_get_cluster: invalid start cluster (i_pos 0, start 22000003)
[  280.669544][ T6188] FAT-fs (loop3): error, fat_get_cluster: invalid start cluster (i_pos 0, start 22000003)
[  280.832468][ T6189] device syzkaller0 entered promiscuous mode
[  280.923895][ T6198] binder: 6194:6198 ioctl c0306201 0 returned -14
[  282.074005][ T6104] netdevsim netdevsim5 netdevsim0: renamed from eth0
[  282.129389][ T6104] netdevsim netdevsim5 netdevsim1: renamed from eth1
[  282.199881][ T6104] netdevsim netdevsim5 netdevsim2: renamed from eth2
[  282.246522][ T6104] netdevsim netdevsim5 netdevsim3: renamed from eth3
[  283.017194][ T6209] input: syz1 as /devices/virtual/input/input5
[  283.137285][ T6216] loop2: detected capacity change from 0 to 8192
[  283.158508][ T6216] REISERFS (device loop2): found reiserfs format "3.5" with non-standard journal
[  283.176199][ T6216] REISERFS (device loop2): using ordered data mode
[  283.193108][ T6216] reiserfs: using flush barriers
[  283.205123][ T6216] REISERFS (device loop2): journal params: device loop2, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30
[  283.225576][ T6216] REISERFS (device loop2): checking transaction log (loop2)
[  283.245234][ T6216] REISERFS (device loop2): Using r5 hash to sort names
[  283.295626][ T6216] REISERFS (device loop2): Created .reiserfs_priv - reserved for xattr storage.
[  283.534015][ T6226] loop3: detected capacity change from 0 to 8192
[  283.603677][ T6231] REISERFS warning: reiserfs-5093 is_leaf: item entry count seems wrong *3.5*[2 3 0(1) DIR], item_len 35, item_location 3257, free_space(entry_count) 2
[  283.619712][ T6231] REISERFS error (device loop2): vs-5150 search_by_key: invalid format found in block 540. Fsck?
[  283.630310][ T6231] REISERFS (device loop2): Remounting filesystem read-only
[  283.637598][ T6231] REISERFS error (device loop2): vs-13050 reiserfs_update_sd_size: i/o failure occurred trying to update [2 3 0x0 SD] stat data
[  284.082387][ T6226] REISERFS (device loop3): found reiserfs format "3.5" with non-standard journal
[  284.117282][ T6226] REISERFS (device loop3): using ordered data mode
[  284.124108][ T6226] reiserfs: using flush barriers
[  284.189494][ T6226] REISERFS (device loop3): journal params: device loop3, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30
[  284.273629][ T6226] REISERFS (device loop3): checking transaction log (loop3)
[  284.288111][ T6104] 8021q: adding VLAN 0 to HW filter on device bond0
[  284.320288][ T6226] REISERFS (device loop3): Using r5 hash to sort names
[  284.336917][ T4275] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[  284.356427][ T6226] REISERFS (device loop3): Created .reiserfs_priv - reserved for xattr storage.
[  284.369725][ T4275] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[  284.402356][ T6104] 8021q: adding VLAN 0 to HW filter on device team0
[  284.630590][ T4275] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[  285.461221][ T6249] REISERFS warning: reiserfs-5093 is_leaf: item entry count seems wrong *3.5*[2 3 0(1) DIR], item_len 35, item_location 3641, free_space(entry_count) 2
[  285.477487][ T6249] REISERFS error (device loop3): vs-5150 search_by_key: invalid format found in block 539. Fsck?
[  285.488064][ T6249] REISERFS (device loop3): Remounting filesystem read-only
[  285.495343][ T6249] REISERFS error (device loop3): vs-13050 reiserfs_update_sd_size: i/o failure occurred trying to update [2 3 0x0 SD] stat data
[  285.562517][ T4275] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[  285.707874][ T4275] bridge0: port 1(bridge_slave_0) entered blocking state
[  285.715001][ T4275] bridge0: port 1(bridge_slave_0) entered forwarding state
[  285.786948][ T4275] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[  285.813308][ T4275] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[  285.826072][ T4275] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[  285.844127][ T4275] bridge0: port 2(bridge_slave_1) entered blocking state
[  285.851297][ T4275] bridge0: port 2(bridge_slave_1) entered forwarding state
[  286.638003][ T4319] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[  286.687865][ T4319] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[  286.743125][ T4318] device team0 left promiscuous mode
[  286.750585][ T4318] device team_slave_0 left promiscuous mode
[  286.853510][ T4318] device team_slave_1 left promiscuous mode
[  286.894300][ T4318] device bond0 left promiscuous mode
[  286.914483][ T4318] device bond_slave_0 left promiscuous mode
[  286.933172][ T4318] device bond_slave_1 left promiscuous mode
[  286.962226][ T4318] device hsr_slave_0 left promiscuous mode
[  286.975966][ T4318] device hsr_slave_1 left promiscuous mode
[  286.990696][ T4318] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  287.019126][ T4318] batman_adv: batadv0: Removing interface: batadv_slave_0
[  287.082357][ T4318] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  287.119906][ T4318] batman_adv: batadv0: Removing interface: batadv_slave_1
[  287.189469][ T4318] device bridge_slave_1 left promiscuous mode
[  287.225141][ T4318] bridge0: port 2(bridge_slave_1) entered disabled state
[  287.347080][ T4318] device bridge_slave_0 left promiscuous mode
[  287.388944][ T4318] bridge0: port 1(bridge_slave_0) entered disabled state
[  287.603432][ T4318] device veth1_macvtap left promiscuous mode
[  287.616616][ T4318] device veth0_macvtap left promiscuous mode
[  287.634622][ T4318] device veth1_vlan left promiscuous mode
[  287.648575][ T4318] device veth0_vlan left promiscuous mode
[  287.913131][ T6269] binder: 6265:6269 ioctl c0306201 0 returned -14
[  288.008455][ T6271] loop0: detected capacity change from 0 to 256
[  288.060113][ T6271] exfat: Deprecated parameter 'utf8'
[  288.065857][ T6271] exfat: Unknown parameter 'keep_last_dots'
[  288.144040][ T4318] team0 (unregistering): Port device team_slave_1 removed
[  288.180258][ T4318] team0 (unregistering): Port device team_slave_0 removed
[  288.212399][ T4318] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  288.269440][ T4318] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  288.927608][ T4318] bond0 (unregistering): Released all slaves
[  289.036989][ T4326] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[  289.058075][ T4326] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[  289.106831][ T4326] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[  289.133313][ T4326] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[  289.142934][ T4326] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[  289.152328][ T4326] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[  289.192100][ T4326] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[  289.206651][ T6276] netlink: 12 bytes leftover after parsing attributes in process `syz.0.520'.
[  289.239582][ T6104] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[  289.270478][ T6104] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[  289.287033][ T4319] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[  289.322748][ T4319] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[  289.338665][ T6278] loop4: detected capacity change from 0 to 8192
[  289.805206][ T6278] REISERFS (device loop4): found reiserfs format "3.5" with non-standard journal
[  289.862933][ T6278] REISERFS (device loop4): using ordered data mode
[  289.870215][ T6278] reiserfs: using flush barriers
[  290.075505][ T6278] REISERFS (device loop4): journal params: device loop4, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30
[  290.174424][ T6278] REISERFS (device loop4): checking transaction log (loop4)
[  290.201105][ T6278] REISERFS (device loop4): Using r5 hash to sort names
[  291.040578][ T6278] REISERFS (device loop4): Created .reiserfs_priv - reserved for xattr storage.
[  291.426034][ T6301] REISERFS warning: reiserfs-5093 is_leaf: item entry count seems wrong *3.5*[2 3 0(1) DIR], item_len 35, item_location 3257, free_space(entry_count) 2
[  291.441662][ T6301] REISERFS error (device loop4): vs-5150 search_by_key: invalid format found in block 540. Fsck?
[  291.452317][ T6301] REISERFS (device loop4): Remounting filesystem read-only
[  291.459668][ T6301] REISERFS error (device loop4): vs-13050 reiserfs_update_sd_size: i/o failure occurred trying to update [2 3 0x0 SD] stat data
[  291.947057][ T6294] loop3: detected capacity change from 0 to 8192
[  292.273140][ T6294] REISERFS (device loop3): found reiserfs format "3.5" with non-standard journal
[  292.581370][ T6294] REISERFS (device loop3): using ordered data mode
[  292.780038][ T6294] reiserfs: using flush barriers
[  292.808175][ T6294] REISERFS (device loop3): journal params: device loop3, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30
[  292.957330][ T4319] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready
[  292.964898][ T4319] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready
[  292.973280][ T6294] REISERFS (device loop3): checking transaction log (loop3)
[  292.982571][ T6104] 8021q: adding VLAN 0 to HW filter on device batadv0
[  293.142897][ T6294] REISERFS (device loop3): Using r5 hash to sort names
[  293.292523][ T6322] loop0: detected capacity change from 0 to 512
[  293.353951][ T6322] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode
[  293.517363][ T6322] EXT4-fs (loop0): 1 truncate cleaned up
[  293.523160][ T6322] EXT4-fs (loop0): mounted filesystem without journal. Opts: resuid=0x0000000000000000,max_dir_size_kb=0x00000000000001ff,stripe=0x0000000000000000,noblock_validity,,errors=continue. Quota mode: none.
[  293.632200][ T6294] REISERFS (device loop3): Created .reiserfs_priv - reserved for xattr storage.
[  294.491951][ T6338] netlink: 12 bytes leftover after parsing attributes in process `syz.0.531'.
[  294.553357][ T4422] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready
[  294.582914][ T4422] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[  294.644507][ T6344] device syzkaller0 entered promiscuous mode
[  294.974473][ T4326] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready
[  295.181294][ T4326] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[  295.671412][ T4326] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[  295.716741][ T4326] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[  295.744266][ T6104] device veth0_vlan entered promiscuous mode
[  296.003241][ T6104] device veth1_vlan entered promiscuous mode
[  297.669890][ T4287] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready
[  297.701680][ T4287] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[  297.788208][ T6104] device veth0_macvtap entered promiscuous mode
[  299.456241][ T6104] device veth1_macvtap entered promiscuous mode
[  299.508776][ T4326] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready
[  299.517843][ T4326] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready
[  299.590776][ T6104] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  299.655061][ T6104] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  299.685164][ T6104] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  299.849809][ T6104] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  299.912889][ T6386] loop3: detected capacity change from 0 to 512
[  300.082865][ T6386] EXT4-fs (loop3): encrypted files will use data=ordered instead of data journaling mode
[  300.167084][ T6104] batman_adv: batadv0: Interface activated: batadv_slave_0
[  300.192193][ T6386] EXT4-fs (loop3): 1 truncate cleaned up
[  300.198122][ T6386] EXT4-fs (loop3): mounted filesystem without journal. Opts: resuid=0x0000000000000000,max_dir_size_kb=0x00000000000001ff,stripe=0x0000000000000000,noblock_validity,,errors=continue. Quota mode: none.
[  300.342635][ T4326] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready
[  300.432488][ T4326] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[  300.673257][ T6104] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  300.708677][ T6104] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  300.720586][ T6104] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  300.731633][ T6104] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  300.741923][ T6104] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  300.752826][ T6104] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  300.763858][ T6104] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  300.775119][ T6104] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  300.788881][ T6104] batman_adv: batadv0: Interface activated: batadv_slave_1
[  300.798624][ T4287] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
[  300.854410][ T4287] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[  300.880141][ T6380] loop4: detected capacity change from 0 to 8192
[  300.928774][ T6104] netdevsim netdevsim5 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  300.945503][ T6104] netdevsim netdevsim5 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  300.954267][ T6104] netdevsim netdevsim5 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  301.005080][ T6104] netdevsim netdevsim5 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  301.118843][ T6380] REISERFS (device loop4): found reiserfs format "3.5" with non-standard journal
[  301.188381][ T6380] REISERFS (device loop4): using ordered data mode
[  301.283215][ T6380] reiserfs: using flush barriers
[  301.336049][ T6380] REISERFS (device loop4): journal params: device loop4, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30
[  301.424602][ T4319] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  301.457473][ T6380] REISERFS (device loop4): checking transaction log (loop4)
[  301.469176][ T4319] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  301.477702][ T6380] REISERFS (device loop4): Using r5 hash to sort names
[  301.484921][ T6380] REISERFS (device loop4): Created .reiserfs_priv - reserved for xattr storage.
[  301.520132][ T4319] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready
[  301.582667][ T4287] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  301.599332][ T4287] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  301.649583][ T4326] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready
[  301.918961][ T6406] REISERFS warning: reiserfs-5093 is_leaf: item entry count seems wrong *3.5*[2 3 0(1) DIR], item_len 35, item_location 3257, free_space(entry_count) 2
[  301.934650][ T6406] REISERFS error (device loop4): vs-5150 search_by_key: invalid format found in block 540. Fsck?
[  301.945756][ T6406] REISERFS (device loop4): Remounting filesystem read-only
[  301.953005][ T6406] REISERFS error (device loop4): vs-13050 reiserfs_update_sd_size: i/o failure occurred trying to update [2 3 0x0 SD] stat data
[  303.381504][ T6414] loop3: detected capacity change from 0 to 8192
[  305.581815][ T6414] REISERFS (device loop3): found reiserfs format "3.5" with non-standard journal
[  305.652119][ T6414] REISERFS (device loop3): using ordered data mode
[  305.659132][ T6414] reiserfs: using flush barriers
[  305.680351][ T6414] REISERFS (device loop3): journal params: device loop3, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30
[  305.703064][ T6414] REISERFS (device loop3): checking transaction log (loop3)
[  305.716104][ T6414] REISERFS (device loop3): Using r5 hash to sort names
[  305.789592][ T6414] REISERFS (device loop3): Created .reiserfs_priv - reserved for xattr storage.
[  307.652705][ T6450] device syzkaller0 entered promiscuous mode
[  308.100537][ T4268] usb 4-1: new high-speed USB device number 7 using dummy_hcd
[  308.345200][ T4268] usb 4-1: Using ep0 maxpacket: 8
[  308.421646][ T6466] loop2: detected capacity change from 0 to 1024
[  308.625777][ T4268] usb 4-1: New USB device found, idVendor=0c45, idProduct=613a, bcdDevice=c4.6d
[  308.650208][ T4268] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  308.675119][ T4268] usb 4-1: Product: syz
[  308.680689][ T4268] usb 4-1: Manufacturer: syz
[  308.689187][ T4268] usb 4-1: SerialNumber: syz
[  308.706816][ T4268] usb 4-1: config 0 descriptor??
[  308.758455][ T4268] gspca_main: sonixj-2.14.0 probing 0c45:613a
[  310.036841][ T4268] gspca_sonixj: reg_w1 err -110
[  310.041999][ T4268] sonixj: probe of 4-1:0.0 failed with error -110
[  310.217881][ T4320] hfsplus: b-tree write err: -5, ino 4
[  310.337042][ T6481] tipc: Started in network mode
[  310.342243][ T6481] tipc: Node identity 228c22e4d7cd, cluster identity 4711
[  310.379643][ T6481] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  310.411590][ T6485] device syzkaller0 entered promiscuous mode
[  310.499041][ T6481] tipc: Resetting bearer <eth:syzkaller0>
[  310.599206][ T6479] tipc: Resetting bearer <eth:syzkaller0>
[  310.878279][ T6494] loop2: detected capacity change from 0 to 128
[  311.330565][ T6479] tipc: Disabling bearer <eth:syzkaller0>
[  311.346433][ T6494] FAT-fs (loop2): utf8 is not a recommended IO charset for FAT filesystems, filesystem will be case sensitive!
[  311.362983][ T6494] FAT-fs (loop2): Invalid FSINFO signature: 0x41615252, 0x80417272 (sector = 1)
[  311.380483][ T1348] usb 4-1: USB disconnect, device number 7
[  312.459256][ T6507] loop5: detected capacity change from 0 to 512
[  312.966267][ T6507] EXT4-fs (loop5): can't mount with data=, fs mounted w/o journal
[  313.515247][ T6502] loop3: detected capacity change from 0 to 8192
[  313.614794][ T6520] device syzkaller0 entered promiscuous mode
[  313.639831][ T6502] REISERFS (device loop3): found reiserfs format "3.5" with non-standard journal
[  313.664424][ T6502] REISERFS (device loop3): using ordered data mode
[  313.684183][ T6502] reiserfs: using flush barriers
[  313.697528][ T6502] REISERFS (device loop3): journal params: device loop3, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30
[  313.751620][ T6502] REISERFS (device loop3): checking transaction log (loop3)
[  313.771635][ T6502] REISERFS (device loop3): Using r5 hash to sort names
[  314.009914][ T6502] REISERFS (device loop3): Created .reiserfs_priv - reserved for xattr storage.
[  314.587746][ T6536] REISERFS warning: reiserfs-5093 is_leaf: item entry count seems wrong *3.5*[2 3 0(1) DIR], item_len 35, item_location 3257, free_space(entry_count) 2
[  314.603307][ T6536] REISERFS error (device loop3): vs-5150 search_by_key: invalid format found in block 540. Fsck?
[  314.614647][ T6536] REISERFS (device loop3): Remounting filesystem read-only
[  314.622003][ T6536] REISERFS error (device loop3): vs-13050 reiserfs_update_sd_size: i/o failure occurred trying to update [2 3 0x0 SD] stat data
[  315.589731][ T6546] loop0: detected capacity change from 0 to 1024
[  315.828205][ T4268] usb 6-1: new high-speed USB device number 2 using dummy_hcd
[  316.155170][ T4268] usb 6-1: Using ep0 maxpacket: 8
[  316.248677][ T4275] hfsplus: b-tree write err: -5, ino 4
[  316.475205][ T4268] usb 6-1: New USB device found, idVendor=0c45, idProduct=613a, bcdDevice=c4.6d
[  316.487732][ T4268] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  316.500336][ T4268] usb 6-1: Product: syz
[  316.507846][ T4268] usb 6-1: Manufacturer: syz
[  316.515802][ T4268] usb 6-1: SerialNumber: syz
[  316.534827][ T4268] usb 6-1: config 0 descriptor??
[  317.728976][ T1424] ieee802154 phy0 wpan0: encryption failed: -22
[  317.736044][ T1424] ieee802154 phy1 wpan1: encryption failed: -22
[  317.768722][ T4268] gspca_main: sonixj-2.14.0 probing 0c45:613a
[  317.902129][ T6564] netlink: 60 bytes leftover after parsing attributes in process `syz.3.579'.
[  318.004803][ T6564] unsupported nlmsg_type 40
[  319.175293][ T4268] gspca_sonixj: reg_r err -110
[  319.180298][ T4268] sonixj: probe of 6-1:0.0 failed with error -110
[  319.265105][ T4268] usb 6-1: USB disconnect, device number 2
[  319.483099][ T6575] loop0: detected capacity change from 0 to 8192
[  319.651985][ T6575] REISERFS (device loop0): found reiserfs format "3.5" with non-standard journal
[  319.704327][ T6575] REISERFS (device loop0): using ordered data mode
[  319.725169][ T6575] reiserfs: using flush barriers
[  319.738180][ T6575] REISERFS (device loop0): journal params: device loop0, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30
[  319.878862][ T6575] REISERFS (device loop0): checking transaction log (loop0)
[  319.902882][ T6575] REISERFS (device loop0): Using r5 hash to sort names
[  319.914872][ T6575] REISERFS (device loop0): Created .reiserfs_priv - reserved for xattr storage.
[  320.613309][ T6591] REISERFS warning: reiserfs-5093 is_leaf: item entry count seems wrong *3.5*[2 3 0(1) DIR], item_len 35, item_location 3257, free_space(entry_count) 2
[  320.630343][ T6591] REISERFS error (device loop0): vs-5150 search_by_key: invalid format found in block 540. Fsck?
[  320.641076][ T6591] REISERFS (device loop0): Remounting filesystem read-only
[  320.649192][ T6591] REISERFS error (device loop0): vs-13050 reiserfs_update_sd_size: i/o failure occurred trying to update [2 3 0x0 SD] stat data
[  320.918463][ T6595] device syzkaller0 entered promiscuous mode
[  323.712981][ T6639] loop0: detected capacity change from 0 to 128
[  323.766234][ T6639] FAT-fs (loop0): utf8 is not a recommended IO charset for FAT filesystems, filesystem will be case sensitive!
[  323.786882][ T6639] FAT-fs (loop0): Invalid FSINFO signature: 0x41615252, 0x80417272 (sector = 1)
[  328.175063][ T6679] device syzkaller0 entered promiscuous mode
[  328.183685][ T6676] device syzkaller0 entered promiscuous mode
[  331.010904][ T6698] device syzkaller0 entered promiscuous mode
[  331.028130][ T6701] device syzkaller0 entered promiscuous mode
[  332.388911][ T6714] loop0: detected capacity change from 0 to 8192
[  332.741036][ T6726] loop4: detected capacity change from 0 to 8192
[  332.751528][ T6714] REISERFS (device loop0): found reiserfs format "3.5" with non-standard journal
[  332.788802][ T6714] REISERFS (device loop0): using ordered data mode
[  332.804206][ T6714] reiserfs: using flush barriers
[  332.817208][ T6714] REISERFS (device loop0): journal params: device loop0, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30
[  333.120962][ T6714] REISERFS (device loop0): checking transaction log (loop0)
[  333.247158][ T6714] REISERFS (device loop0): Using r5 hash to sort names
[  333.548848][ T6714] REISERFS (device loop0): Created .reiserfs_priv - reserved for xattr storage.
[  333.584352][ T6726] REISERFS (device loop4): found reiserfs format "3.5" with non-standard journal
[  333.595427][ T6726] REISERFS (device loop4): using ordered data mode
[  333.768858][ T6726] reiserfs: using flush barriers
[  333.775982][ T6714] REISERFS warning: reiserfs-5093 is_leaf: item entry count seems wrong *3.5*[2 3 0(1) DIR], item_len 35, item_location 3257, free_space(entry_count) 2
[  333.791749][ T6714] REISERFS error (device loop0): vs-5150 search_by_key: invalid format found in block 540. Fsck?
[  333.802425][ T6714] REISERFS (device loop0): Remounting filesystem read-only
[  333.809758][ T6714] REISERFS error (device loop0): vs-13050 reiserfs_update_sd_size: i/o failure occurred trying to update [2 3 0x0 SD] stat data
[  334.054166][ T6726] REISERFS (device loop4): journal params: device loop4, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30
[  334.535484][ T6726] REISERFS (device loop4): checking transaction log (loop4)
[  334.555100][ T6726] REISERFS (device loop4): Using r5 hash to sort names
[  334.562700][ T6726] REISERFS (device loop4): Created .reiserfs_priv - reserved for xattr storage.
[  334.612405][ T6756] device syzkaller0 entered promiscuous mode
[  334.835765][ T6726] REISERFS warning: reiserfs-5093 is_leaf: item entry count seems wrong *3.5*[2 3 0(1) DIR], item_len 35, item_location 3257, free_space(entry_count) 2
[  334.851559][ T6726] REISERFS error (device loop4): vs-5150 search_by_key: invalid format found in block 540. Fsck?
[  334.862354][ T6726] REISERFS (device loop4): Remounting filesystem read-only
[  334.869659][ T6726] REISERFS error (device loop4): vs-13050 reiserfs_update_sd_size: i/o failure occurred trying to update [2 3 0x0 SD] stat data
[  337.231833][ T6780] device syzkaller0 entered promiscuous mode
[  339.847061][ T6822] loop2: detected capacity change from 0 to 8192
[  339.911299][ T6822] REISERFS (device loop2): found reiserfs format "3.5" with non-standard journal
[  341.105781][ T6822] REISERFS (device loop2): using ordered data mode
[  341.275104][ T6822] reiserfs: using flush barriers
[  341.716593][ T6841] loop0: detected capacity change from 0 to 164
[  341.725363][ T6822] REISERFS (device loop2): journal params: device loop2, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30
[  341.758008][ T6822] REISERFS (device loop2): checking transaction log (loop2)
[  341.849817][ T6822] REISERFS (device loop2): Using r5 hash to sort names
[  341.873999][ T6822] REISERFS (device loop2): Created .reiserfs_priv - reserved for xattr storage.
[  343.015230][ T4268] usb 1-1: new high-speed USB device number 2 using dummy_hcd
[  343.345167][ T4268] usb 1-1: Using ep0 maxpacket: 16
[  343.374302][ T6850] loop4: detected capacity change from 0 to 8192
[  343.465390][ T4268] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 112, changing to 10
[  343.485662][ T4268] usb 1-1: New USB device found, idVendor=05ac, idProduct=0224, bcdDevice= 0.00
[  343.494889][ T4268] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  343.508305][ T6850] REISERFS (device loop4): found reiserfs format "3.5" with non-standard journal
[  343.521157][ T4268] usb 1-1: config 0 descriptor??
[  343.525711][ T6850] REISERFS (device loop4): using ordered data mode
[  343.534151][ T6850] reiserfs: using flush barriers
[  343.592106][ T6850] REISERFS (device loop4): journal params: device loop4, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30
[  343.615547][ T6850] REISERFS (device loop4): checking transaction log (loop4)
[  343.685389][ T6850] REISERFS (device loop4): Using r5 hash to sort names
[  343.693360][ T6850] REISERFS (device loop4): Created .reiserfs_priv - reserved for xattr storage.
[  343.805271][ T4268] usb 1-1: string descriptor 0 read error: -71
[  343.859001][ T6850] REISERFS warning: reiserfs-5093 is_leaf: item entry count seems wrong *3.5*[2 3 0(1) DIR], item_len 35, item_location 3257, free_space(entry_count) 2
[  343.874962][ T6850] REISERFS error (device loop4): vs-5150 search_by_key: invalid format found in block 540. Fsck?
[  343.885740][ T6850] REISERFS (device loop4): Remounting filesystem read-only
[  343.893497][ T6850] REISERFS error (device loop4): vs-13050 reiserfs_update_sd_size: i/o failure occurred trying to update [2 3 0x0 SD] stat data
[  343.927437][ T4268] input: bcm5974 as /devices/platform/dummy_hcd.0/usb1/1-1/1-1:0.0/input/input6
[  343.985306][ T3547] bcm5974 1-1:0.0: could not read from device
[  344.057604][ T3547] bcm5974 1-1:0.0: could not read from device
[  344.083318][ T4268] usb 1-1: USB disconnect, device number 2
[  344.091564][ T3547] bcm5974 1-1:0.0: could not read from device
[  344.156608][ T3547] bcm5974 1-1:0.0: could not read from device
[  344.748230][ T6862] device syzkaller0 entered promiscuous mode
[  348.222485][ T6895] loop4: detected capacity change from 0 to 8192
[  348.439524][ T6895] REISERFS (device loop4): found reiserfs format "3.5" with non-standard journal
[  348.486611][ T6906] loop2: detected capacity change from 0 to 8192
[  348.497169][ T6895] REISERFS (device loop4): using ordered data mode
[  348.615035][ T6895] reiserfs: using flush barriers
[  348.665050][ T6895] REISERFS (device loop4): journal params: device loop4, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30
[  348.771457][ T6895] REISERFS (device loop4): checking transaction log (loop4)
[  348.785695][ T6906] REISERFS (device loop2): found reiserfs format "3.5" with non-standard journal
[  348.788319][ T6895] REISERFS (device loop4): Using r5 hash to sort names
[  348.794960][ T6906] REISERFS (device loop2): using ordered data mode
[  348.810668][ T6906] reiserfs: using flush barriers
[  348.822961][ T6906] REISERFS (device loop2): journal params: device loop2, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30
[  348.855649][ T6906] REISERFS (device loop2): checking transaction log (loop2)
[  348.864584][ T6906] REISERFS (device loop2): Using r5 hash to sort names
[  348.875550][ T6906] REISERFS (device loop2): Created .reiserfs_priv - reserved for xattr storage.
[  348.921533][ T6895] REISERFS (device loop4): Created .reiserfs_priv - reserved for xattr storage.
[  348.959511][ T6906] REISERFS warning: reiserfs-5093 is_leaf: item entry count seems wrong *3.5*[2 3 0(1) DIR], item_len 35, item_location 3257, free_space(entry_count) 2
[  348.975205][ T6906] REISERFS error (device loop2): vs-5150 search_by_key: invalid format found in block 540. Fsck?
[  348.986087][ T6906] REISERFS (device loop2): Remounting filesystem read-only
[  348.993429][ T6906] REISERFS error (device loop2): vs-13050 reiserfs_update_sd_size: i/o failure occurred trying to update [2 3 0x0 SD] stat data
[  349.193352][ T6895] REISERFS warning: reiserfs-5093 is_leaf: item entry count seems wrong *3.5*[2 3 0(1) DIR], item_len 35, item_location 3257, free_space(entry_count) 2
[  349.208932][ T6895] REISERFS error (device loop4): vs-5150 search_by_key: invalid format found in block 540. Fsck?
[  349.220057][ T6895] REISERFS (device loop4): Remounting filesystem read-only
[  349.227389][ T6895] REISERFS error (device loop4): vs-13050 reiserfs_update_sd_size: i/o failure occurred trying to update [2 3 0x0 SD] stat data
[  355.778264][ T6969] loop3: detected capacity change from 0 to 8192
[  355.908037][ T6969] REISERFS (device loop3): found reiserfs format "3.5" with non-standard journal
[  356.075266][ T6969] REISERFS (device loop3): using ordered data mode
[  356.155106][ T6969] reiserfs: using flush barriers
[  356.231863][ T6969] REISERFS (device loop3): journal params: device loop3, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30
[  356.375551][ T6969] REISERFS (device loop3): checking transaction log (loop3)
[  356.414815][ T6969] REISERFS (device loop3): Using r5 hash to sort names
[  356.526365][ T6969] REISERFS (device loop3): Created .reiserfs_priv - reserved for xattr storage.
[  357.012855][ T6969] REISERFS warning: reiserfs-5093 is_leaf: item entry count seems wrong *3.5*[2 3 0(1) DIR], item_len 35, item_location 3257, free_space(entry_count) 2
[  357.028794][ T6969] REISERFS error (device loop3): vs-5150 search_by_key: invalid format found in block 540. Fsck?
[  357.039679][ T6969] REISERFS (device loop3): Remounting filesystem read-only
[  357.047167][ T6969] REISERFS error (device loop3): vs-13050 reiserfs_update_sd_size: i/o failure occurred trying to update [2 3 0x0 SD] stat data
[  357.119237][ T6990] loop0: detected capacity change from 0 to 8192
[  357.127897][ T6980] loop5: detected capacity change from 0 to 8192
[  357.741238][ T6990] REISERFS (device loop0): found reiserfs format "3.5" with non-standard journal
[  357.887465][ T6990] REISERFS (device loop0): using ordered data mode
[  357.894134][ T6990] reiserfs: using flush barriers
[  357.899728][ T6980] REISERFS (device loop5): found reiserfs format "3.5" with non-standard journal
[  357.909828][ T6990] REISERFS (device loop0): journal params: device loop0, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30
[  357.929190][ T6990] REISERFS (device loop0): checking transaction log (loop0)
[  357.956147][ T6990] REISERFS (device loop0): Using r5 hash to sort names
[  357.963257][ T6990] REISERFS (device loop0): Created .reiserfs_priv - reserved for xattr storage.
[  358.031372][ T6980] REISERFS (device loop5): using ordered data mode
[  358.060094][ T7000] device syzkaller0 entered promiscuous mode
[  358.068714][ T6980] reiserfs: using flush barriers
[  358.086365][ T6980] REISERFS (device loop5): journal params: device loop5, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30
[  358.115116][ T6990] REISERFS warning: reiserfs-5093 is_leaf: item entry count seems wrong *3.5*[2 3 0(1) DIR], item_len 35, item_location 3257, free_space(entry_count) 2
[  358.131360][ T6990] REISERFS error (device loop0): vs-5150 search_by_key: invalid format found in block 540. Fsck?
[  358.141978][ T6990] REISERFS (device loop0): Remounting filesystem read-only
[  358.149272][ T6990] REISERFS error (device loop0): vs-13050 reiserfs_update_sd_size: i/o failure occurred trying to update [2 3 0x0 SD] stat data
[  358.165429][ T6980] REISERFS (device loop5): checking transaction log (loop5)
[  358.185084][ T6980] REISERFS (device loop5): Using r5 hash to sort names
[  358.195823][ T6980] REISERFS (device loop5): Created .reiserfs_priv - reserved for xattr storage.
[  358.479631][ T6980] REISERFS warning: reiserfs-5093 is_leaf: item entry count seems wrong *3.5*[2 3 0(1) DIR], item_len 35, item_location 3257, free_space(entry_count) 2
[  358.495471][ T6980] REISERFS error (device loop5): vs-5150 search_by_key: invalid format found in block 540. Fsck?
[  358.506208][ T6980] REISERFS (device loop5): Remounting filesystem read-only
[  358.513456][ T6980] REISERFS error (device loop5): vs-13050 reiserfs_update_sd_size: i/o failure occurred trying to update [2 3 0x0 SD] stat data
[  363.584752][ T7059] loop0: detected capacity change from 0 to 128
[  364.296399][ T7059] FAT-fs (loop0): utf8 is not a recommended IO charset for FAT filesystems, filesystem will be case sensitive!
[  364.397508][ T7059] FAT-fs (loop0): Invalid FSINFO signature: 0x41615252, 0x80417272 (sector = 1)
[  364.923068][ T7062] device syzkaller0 entered promiscuous mode
[  365.733989][ T7086] binder: 7083:7086 ioctl c0306201 0 returned -14
[  366.141504][ T7089] loop5: detected capacity change from 0 to 1024
[  366.194063][ T7091] loop3: detected capacity change from 0 to 8192
[  366.252044][ T7091] REISERFS (device loop3): found reiserfs format "3.5" with non-standard journal
[  366.398842][ T7091] REISERFS (device loop3): using ordered data mode
[  366.454428][ T7091] reiserfs: using flush barriers
[  366.979902][ T7091] REISERFS (device loop3): journal params: device loop3, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30
[  367.124891][ T7094] loop2: detected capacity change from 0 to 8192
[  367.133365][ T7091] REISERFS (device loop3): checking transaction log (loop3)
[  368.777188][ T7091] REISERFS (device loop3): Using r5 hash to sort names
[  368.941819][ T7091] REISERFS (device loop3): Created .reiserfs_priv - reserved for xattr storage.
[  369.831149][ T7122] loop5: detected capacity change from 0 to 128
[  369.894623][ T7122] FAT-fs (loop5): utf8 is not a recommended IO charset for FAT filesystems, filesystem will be case sensitive!
[  370.546328][ T7122] FAT-fs (loop5): Invalid FSINFO signature: 0x41615252, 0x80417272 (sector = 1)
[  371.395130][ T7135] loop2: detected capacity change from 0 to 4096
[  371.561822][ T7135] EXT4-fs (loop2): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback.
[  371.661680][ T7148] EXT4-fs (loop2): shut down requested (1)
[  373.720257][ T7164] loop2: detected capacity change from 0 to 128
[  373.736962][ T7164] FAT-fs (loop2): utf8 is not a recommended IO charset for FAT filesystems, filesystem will be case sensitive!
[  374.403525][ T7156] loop5: detected capacity change from 0 to 8192
[  374.426794][ T7164] FAT-fs (loop2): Invalid FSINFO signature: 0x41615252, 0x80417272 (sector = 1)
[  374.540411][ T7156] REISERFS (device loop5): found reiserfs format "3.5" with non-standard journal
[  374.562202][ T7156] REISERFS (device loop5): using ordered data mode
[  374.592507][ T7156] reiserfs: using flush barriers
[  374.668355][ T7156] REISERFS (device loop5): journal params: device loop5, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30
[  374.798619][ T7156] REISERFS (device loop5): checking transaction log (loop5)
[  374.903881][ T7156] REISERFS (device loop5): Using r5 hash to sort names
[  374.929553][ T7156] REISERFS (device loop5): Created .reiserfs_priv - reserved for xattr storage.
[  375.390151][ T7183] REISERFS warning: reiserfs-5093 is_leaf: item entry count seems wrong *3.5*[2 3 0(1) DIR], item_len 35, item_location 3257, free_space(entry_count) 2
[  375.391283][ T7176] loop2: detected capacity change from 0 to 8192
[  375.405750][ T7183] REISERFS error (device loop5): vs-5150 search_by_key: invalid format found in block 540. Fsck?
[  375.422631][ T7183] REISERFS (device loop5): Remounting filesystem read-only
[  375.429938][ T7183] REISERFS error (device loop5): vs-13050 reiserfs_update_sd_size: i/o failure occurred trying to update [2 3 0x0 SD] stat data
[  375.598068][ T7176] REISERFS (device loop2): found reiserfs format "3.5" with non-standard journal
[  375.620787][ T7176] REISERFS (device loop2): using ordered data mode
[  375.642097][ T7176] reiserfs: using flush barriers
[  375.665881][ T7176] REISERFS (device loop2): journal params: device loop2, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30
[  375.727675][ T7176] REISERFS (device loop2): checking transaction log (loop2)
[  376.667579][ T7176] REISERFS (device loop2): Using r5 hash to sort names
[  376.674790][ T7176] REISERFS (device loop2): Created .reiserfs_priv - reserved for xattr storage.
[  377.076732][ T7189] REISERFS warning: reiserfs-5093 is_leaf: item entry count seems wrong *3.5*[2 3 0(1) DIR], item_len 35, item_location 3257, free_space(entry_count) 2
[  377.092149][ T7189] REISERFS error (device loop2): vs-5150 search_by_key: invalid format found in block 540. Fsck?
[  377.102827][ T7189] REISERFS (device loop2): Remounting filesystem read-only
[  377.110147][ T7189] REISERFS error (device loop2): vs-13050 reiserfs_update_sd_size: i/o failure occurred trying to update [2 3 0x0 SD] stat data
[  377.730388][ T7195] loop0: detected capacity change from 0 to 128
[  377.793180][ T7195] FAT-fs (loop0): utf8 is not a recommended IO charset for FAT filesystems, filesystem will be case sensitive!
[  377.819321][ T7195] FAT-fs (loop0): Invalid FSINFO signature: 0x41615252, 0x80417272 (sector = 1)
[  378.272456][ T5115] FAT-fs (loop0): Invalid FSINFO signature: 0x41615252, 0x80417272 (sector = 1)
[  378.467846][ T1424] ieee802154 phy0 wpan0: encryption failed: -22
[  378.474289][ T1424] ieee802154 phy1 wpan1: encryption failed: -22
[  382.720700][ T7233] netlink: 12 bytes leftover after parsing attributes in process `syz.0.720'.
[  382.791864][ T4198] block nbd0: Receive control failed (result -1)
[  383.418117][ T7242] loop2: detected capacity change from 0 to 128
[  383.521040][ T7242] FAT-fs (loop2): utf8 is not a recommended IO charset for FAT filesystems, filesystem will be case sensitive!
[  383.554233][ T7242] FAT-fs (loop2): Invalid FSINFO signature: 0x41615252, 0x80417272 (sector = 1)
[  383.946403][ T4320] FAT-fs (loop2): Invalid FSINFO signature: 0x41615252, 0x80417272 (sector = 1)
[  384.546842][ T7251] binder: 7245:7251 ioctl c0306201 0 returned -14
[  384.752229][ T7256] loop5: detected capacity change from 0 to 128
[  384.792620][ T7256] FAT-fs (loop5): utf8 is not a recommended IO charset for FAT filesystems, filesystem will be case sensitive!
[  384.889818][ T7256] FAT-fs (loop5): Invalid FSINFO signature: 0x41615252, 0x80417272 (sector = 1)
[  385.336418][  T144] FAT-fs (loop5): Invalid FSINFO signature: 0x41615252, 0x80417272 (sector = 1)
[  385.602951][ T7261] device syzkaller0 entered promiscuous mode
[  389.750635][ T7297] loop4: detected capacity change from 0 to 128
[  390.516447][ T7297] FAT-fs (loop4): utf8 is not a recommended IO charset for FAT filesystems, filesystem will be case sensitive!
[  390.536275][ T7297] FAT-fs (loop4): Invalid FSINFO signature: 0x41615252, 0x80417272 (sector = 1)
[  393.841541][ T7308] loop0: detected capacity change from 0 to 8192
[  393.975555][ T7308] REISERFS (device loop0): found reiserfs format "3.5" with non-standard journal
[  394.026524][ T7308] REISERFS (device loop0): using ordered data mode
[  394.033104][ T7308] reiserfs: using flush barriers
[  394.105268][ T7308] REISERFS (device loop0): journal params: device loop0, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30
[  394.185351][ T7308] REISERFS (device loop0): checking transaction log (loop0)
[  394.205048][ T7308] REISERFS (device loop0): Using r5 hash to sort names
[  394.212280][ T7308] REISERFS (device loop0): Created .reiserfs_priv - reserved for xattr storage.
[  394.661243][ T7319] REISERFS warning: reiserfs-5093 is_leaf: item entry count seems wrong *3.5*[2 3 0(1) DIR], item_len 35, item_location 3257, free_space(entry_count) 2
[  394.676651][ T7319] REISERFS error (device loop0): vs-5150 search_by_key: invalid format found in block 540. Fsck?
[  394.687972][ T7319] REISERFS (device loop0): Remounting filesystem read-only
[  394.695579][ T7319] REISERFS error (device loop0): vs-13050 reiserfs_update_sd_size: i/o failure occurred trying to update [2 3 0x0 SD] stat data
[  395.998580][ T4656] Bluetooth: hci5: command 0x0406 tx timeout
[  396.450306][ T4656] usb 5-1: new high-speed USB device number 6 using dummy_hcd
[  396.745121][ T4656] usb 5-1: Using ep0 maxpacket: 8
[  396.905240][ T4656] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7
[  396.945453][ T4656] usb 5-1: New USB device found, idVendor=07c0, idProduct=1512, bcdDevice=30.22
[  396.982895][ T4656] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  397.070626][ T4656] usb 5-1: config 0 descriptor??
[  397.550496][ T7342] loop5: detected capacity change from 0 to 128
[  397.704921][ T7342] FAT-fs (loop5): utf8 is not a recommended IO charset for FAT filesystems, filesystem will be case sensitive!
[  397.729713][ T7342] FAT-fs (loop5): Invalid FSINFO signature: 0x41615252, 0x80417272 (sector = 1)
[  398.004261][ T4656] iowarrior 5-1:0.0: IOWarrior product=0x1512, serial= interface=0 now attached to iowarrior0
[  398.037394][  T144] FAT-fs (loop5): Invalid FSINFO signature: 0x41615252, 0x80417272 (sector = 1)
[  398.076038][ T7328] udc-core: couldn't find an available UDC or it's busy
[  398.112160][ T7328] misc raw-gadget: fail, usb_gadget_probe_driver returned -16
[  400.243710][ T4658] usb 5-1: USB disconnect, device number 6
[  402.526550][ T7380] loop3: detected capacity change from 0 to 128
[  402.577466][ T7380] FAT-fs (loop3): utf8 is not a recommended IO charset for FAT filesystems, filesystem will be case sensitive!
[  402.608241][ T7380] FAT-fs (loop3): Invalid FSINFO signature: 0x41615252, 0x80417272 (sector = 1)
[  403.322238][ T7382] netlink: 'syz.3.767': attribute type 12 has an invalid length.
[  403.375103][ T7382] netlink: 'syz.3.767': attribute type 29 has an invalid length.
[  403.406710][ T7382] netlink: 148 bytes leftover after parsing attributes in process `syz.3.767'.
[  403.454189][ T7382] netlink: 'syz.3.767': attribute type 2 has an invalid length.
[  403.472481][ T7382] netlink: 23 bytes leftover after parsing attributes in process `syz.3.767'.
[  403.937117][ T7384] loop5: detected capacity change from 0 to 8192
[  404.956880][ T7384] REISERFS (device loop5): found reiserfs format "3.5" with non-standard journal
[  404.975221][ T7384] REISERFS (device loop5): using ordered data mode
[  404.981847][ T7384] reiserfs: using flush barriers
[  405.022698][ T7392] loop3: detected capacity change from 0 to 8192
[  405.042744][ T7384] REISERFS (device loop5): journal params: device loop5, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30
[  405.119824][ T7392] REISERFS (device loop3): found reiserfs format "3.5" with non-standard journal
[  405.135509][ T7384] REISERFS (device loop5): checking transaction log (loop5)
[  405.184239][ T7384] REISERFS (device loop5): Using r5 hash to sort names
[  405.222779][ T7392] REISERFS (device loop3): using ordered data mode
[  405.249789][ T7384] REISERFS (device loop5): Created .reiserfs_priv - reserved for xattr storage.
[  405.306350][ T7392] reiserfs: using flush barriers
[  405.415409][ T7392] REISERFS (device loop3): journal params: device loop3, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30
[  405.493601][ T7392] REISERFS (device loop3): checking transaction log (loop3)
[  405.534531][ T7392] REISERFS (device loop3): Using r5 hash to sort names
[  405.591653][ T7392] REISERFS (device loop3): Created .reiserfs_priv - reserved for xattr storage.
[  406.010845][ T7408] REISERFS warning: reiserfs-5093 is_leaf: item entry count seems wrong *3.5*[2 3 0(1) DIR], item_len 35, item_location 3257, free_space(entry_count) 2
[  406.027204][ T7408] REISERFS error (device loop3): vs-5150 search_by_key: invalid format found in block 540. Fsck?
[  406.038754][ T7408] REISERFS (device loop3): Remounting filesystem read-only
[  406.046642][ T7408] REISERFS error (device loop3): vs-13050 reiserfs_update_sd_size: i/o failure occurred trying to update [2 3 0x0 SD] stat data
[  409.255319][ T7430] device syzkaller0 entered promiscuous mode
[  409.891947][ T7440] loop5: detected capacity change from 0 to 128
[  409.934432][ T7440] FAT-fs (loop5): utf8 is not a recommended IO charset for FAT filesystems, filesystem will be case sensitive!
[  410.274663][ T7440] FAT-fs (loop5): Invalid FSINFO signature: 0x41615252, 0x80417272 (sector = 1)
[  410.457424][ T7444] binder: 7442:7444 ioctl c0306201 0 returned -14
[  413.025482][ T7459] syz.2.787 uses obsolete (PF_INET,SOCK_PACKET)
[  413.211657][ T7461] loop4: detected capacity change from 0 to 8192
[  413.289344][ T7461] REISERFS (device loop4): found reiserfs format "3.5" with non-standard journal
[  413.305168][ T7461] REISERFS (device loop4): using ordered data mode
[  413.311757][ T7461] reiserfs: using flush barriers
[  413.379679][ T7461] REISERFS (device loop4): journal params: device loop4, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30
[  413.475500][ T7461] REISERFS (device loop4): checking transaction log (loop4)
[  413.496506][ T7461] REISERFS (device loop4): Using r5 hash to sort names
[  413.503803][ T7461] REISERFS (device loop4): Created .reiserfs_priv - reserved for xattr storage.
[  413.565231][ T7465] loop2: detected capacity change from 0 to 8192
[  413.600698][ T7465] REISERFS (device loop2): found reiserfs format "3.5" with non-standard journal
[  413.646603][ T7465] REISERFS (device loop2): using ordered data mode
[  413.757045][ T7465] reiserfs: using flush barriers
[  413.769327][ T7465] REISERFS (device loop2): journal params: device loop2, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30
[  413.855540][ T7465] REISERFS (device loop2): checking transaction log (loop2)
[  413.874991][ T7465] REISERFS (device loop2): Using r5 hash to sort names
[  413.896596][ T7465] REISERFS (device loop2): Created .reiserfs_priv - reserved for xattr storage.
[  414.189621][ T7472] REISERFS warning: reiserfs-5093 is_leaf: item entry count seems wrong *3.5*[2 3 0(1) DIR], item_len 35, item_location 3257, free_space(entry_count) 2
[  414.205416][ T7472] REISERFS error (device loop4): vs-5150 search_by_key: invalid format found in block 540. Fsck?
[  414.216020][ T7472] REISERFS (device loop4): Remounting filesystem read-only
[  414.223273][ T7472] REISERFS error (device loop4): vs-13050 reiserfs_update_sd_size: i/o failure occurred trying to update [2 3 0x0 SD] stat data
[  414.384698][ T7476] REISERFS warning: reiserfs-5093 is_leaf: item entry count seems wrong *3.5*[2 3 0(1) DIR], item_len 35, item_location 3257, free_space(entry_count) 2
[  414.400290][ T7476] REISERFS error (device loop2): vs-5150 search_by_key: invalid format found in block 540. Fsck?
[  414.411075][ T7476] REISERFS (device loop2): Remounting filesystem read-only
[  414.418435][ T7476] REISERFS error (device loop2): vs-13050 reiserfs_update_sd_size: i/o failure occurred trying to update [2 3 0x0 SD] stat data
[  416.108958][ T7492] device syzkaller0 entered promiscuous mode
[  416.251205][ T7494] device syzkaller0 entered promiscuous mode
[  417.638598][ T7502] device syzkaller0 entered promiscuous mode
[  417.660172][ T7500] binder: 7497:7500 ioctl c0306201 0 returned -14
[  418.045148][   T23] usb 6-1: new high-speed USB device number 3 using dummy_hcd
[  418.180664][ T7508] loop4: detected capacity change from 0 to 128
[  418.956142][ T7508] FAT-fs (loop4): utf8 is not a recommended IO charset for FAT filesystems, filesystem will be case sensitive!
[  418.991314][ T7508] FAT-fs (loop4): Invalid FSINFO signature: 0x41615252, 0x80417272 (sector = 1)
[  419.095107][   T23] usb 6-1: Using ep0 maxpacket: 8
[  419.947696][ T7515] ==================================================================
[  419.956236][ T7515] BUG: KASAN: use-after-free in ax25_release+0x5ca/0x870
[  419.963415][ T7515] Read of size 8 at addr ffff888020f77f08 by task syz.3.804/7515
[  419.971268][ T7515] 
[  419.973641][ T7515] CPU: 0 PID: 7515 Comm: syz.3.804 Not tainted syzkaller #0
[  419.980961][ T7515] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/24/2026
[  419.991059][ T7515] Call Trace:
[  419.994370][ T7515]  <TASK>
[  419.997326][ T7515]  dump_stack_lvl+0x188/0x250
[  420.002051][ T7515]  ? show_regs_print_info+0x20/0x20
[  420.007280][ T7515]  ? _printk+0xda/0x130
[  420.011468][ T7515]  ? ax25_release+0x5ca/0x870
[  420.016179][ T7515]  ? load_image+0x400/0x400
[  420.020722][ T7515]  ? __timer_delete_sync+0x1f5/0x290
[  420.026053][ T7515]  print_address_description+0x60/0x2d0
[  420.031640][ T7515]  ? ax25_release+0x5ca/0x870
[  420.036351][ T7515]  kasan_report+0xdf/0x130
[  420.040805][ T7515]  ? ax25_release+0x5ca/0x870
[  420.045521][ T7515]  ax25_release+0x5ca/0x870
[  420.050069][ T7515]  sock_close+0xd5/0x240
[  420.054436][ T7515]  ? sock_mmap+0x90/0x90
[  420.059149][ T7515]  __fput+0x234/0x930
[  420.063177][ T7515]  task_work_run+0x125/0x1a0
[  420.067806][ T7515]  exit_to_user_mode_loop+0x10f/0x130
[  420.073391][ T7515]  exit_to_user_mode_prepare+0xee/0x180
[  420.079403][ T7515]  syscall_exit_to_user_mode+0x16/0x40
[  420.084901][ T7515]  do_syscall_64+0x58/0xa0
[  420.089887][ T7515]  ? clear_bhb_loop+0x30/0x80
[  420.094610][ T7515]  ? clear_bhb_loop+0x30/0x80
[  420.099334][ T7515]  entry_SYSCALL_64_after_hwframe+0x66/0xd0
[  420.105277][ T7515] RIP: 0033:0x7f2d8f5f5f79
[  420.109936][ T7515] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  420.129619][ T7515] RSP: 002b:00007ffd1636cdd8 EFLAGS: 00000246 ORIG_RAX: 00000000000001b4
[  420.138078][ T7515] RAX: 0000000000000000 RBX: 00007f2d8f871da0 RCX: 00007f2d8f5f5f79
[  420.146117][ T7515] RDX: 0000000000000000 RSI: 000000000000001e RDI: 0000000000000003
[  420.154206][ T7515] RBP: 00007f2d8f871da0 R08: 00007f2d8f870038 R09: 0000000000000000
[  420.162206][ T7515] R10: 00000000003ffb80 R11: 0000000000000246 R12: 0000000000066917
[  420.170215][ T7515] R13: 00007f2d8f86ffac R14: 00000000000667c9 R15: 00007ffd1636cee0
[  420.178244][ T7515]  </TASK>
[  420.181294][ T7515] 
[  420.183639][ T7515] Allocated by task 4393:
[  420.187991][ T7515]  __kasan_kmalloc+0xb5/0xf0
[  420.192611][ T7515]  ax25_dev_device_up+0x50/0x580
[  420.198413][ T7515]  ax25_device_event+0x483/0x4f0
[  420.203373][ T7515]  raw_notifier_call_chain+0xcb/0x160
[  420.208778][ T7515]  __dev_notify_flags+0x194/0x300
[  420.213834][ T7515]  dev_change_flags+0xe3/0x1a0
[  420.218637][ T7515]  dev_ifsioc+0x130/0xd50
[  420.222991][ T7515]  dev_ioctl+0x545/0xe30
[  420.227253][ T7515]  sock_do_ioctl+0x245/0x320
[  420.231881][ T7515]  sock_ioctl+0x4d2/0x710
[  420.236240][ T7515]  __se_sys_ioctl+0xfa/0x170
[  420.240852][ T7515]  do_syscall_64+0x4c/0xa0
[  420.245298][ T7515]  entry_SYSCALL_64_after_hwframe+0x66/0xd0
[  420.251349][ T7515] 
[  420.253693][ T7515] Freed by task 7517:
[  420.257695][ T7515]  kasan_set_track+0x4b/0x70
[  420.262323][ T7515]  kasan_set_free_info+0x1f/0x40
[  420.267288][ T7515]  ____kasan_slab_free+0xd5/0x110
[  420.272348][ T7515]  slab_free_freelist_hook+0xea/0x170
[  420.277744][ T7515]  kfree+0xef/0x2a0
[  420.281584][ T7515]  ax25_device_event+0x4b4/0x4f0
[  420.286545][ T7515]  raw_notifier_call_chain+0xcb/0x160
[  420.291951][ T7515]  __dev_notify_flags+0x158/0x300
[  420.297007][ T7515]  dev_change_flags+0xe3/0x1a0
[  420.301806][ T7515]  dev_ifsioc+0x130/0xd50
[  420.306278][ T7515]  dev_ioctl+0x545/0xe30
[  420.310559][ T7515]  sock_do_ioctl+0x245/0x320
[  420.315172][ T7515]  sock_ioctl+0x4d2/0x710
[  420.319622][ T7515]  __se_sys_ioctl+0xfa/0x170
[  420.324242][ T7515]  do_syscall_64+0x4c/0xa0
[  420.328694][ T7515]  entry_SYSCALL_64_after_hwframe+0x66/0xd0
[  420.334624][ T7515] 
[  420.337157][ T7515] Last potentially related work creation:
[  420.342984][ T7515]  kasan_save_stack+0x35/0x60
[  420.347705][ T7515]  kasan_record_aux_stack+0xb8/0x100
[  420.353118][ T7515]  insert_work+0x54/0x3d0
[  420.357569][ T7515]  __queue_work+0x9c5/0xd50
[  420.362199][ T7515]  queue_work_on+0x124/0x1f0
[  420.366840][ T7515]  netdevice_event+0x803/0x900
[  420.371747][ T7515]  raw_notifier_call_chain+0xcb/0x160
[  420.377162][ T7515]  __netdev_upper_dev_link+0x41e/0x590
[  420.382653][ T7515]  netdev_master_upper_dev_link+0xb9/0x100
[  420.388489][ T7515]  team_add_slave+0xa3f/0x2780
[  420.393287][ T7515]  do_setlink+0xe90/0x3d60
[  420.397737][ T7515]  rtnl_newlink+0x1658/0x1a50
[  420.402453][ T7515]  rtnetlink_rcv_msg+0x844/0xf30
[  420.407420][ T7515]  netlink_rcv_skb+0x1f5/0x440
[  420.412207][ T7515]  netlink_unicast+0x774/0x920
[  420.417001][ T7515]  netlink_sendmsg+0x8ba/0xbe0
[  420.421787][ T7515]  __sys_sendto+0x46d/0x620
[  420.426317][ T7515]  __x64_sys_sendto+0xda/0xf0
[  420.431107][ T7515]  do_syscall_64+0x4c/0xa0
[  420.435547][ T7515]  entry_SYSCALL_64_after_hwframe+0x66/0xd0
[  420.441470][ T7515] 
[  420.443819][ T7515] Second to last potentially related work creation:
[  420.450420][ T7515]  kasan_save_stack+0x35/0x60
[  420.455221][ T7515]  kasan_record_aux_stack+0xb8/0x100
[  420.460537][ T7515]  insert_work+0x54/0x3d0
[  420.464920][ T7515]  __queue_work+0x9c5/0xd50
[  420.469475][ T7515]  queue_work_on+0x124/0x1f0
[  420.474178][ T7515]  call_usermodehelper_exec+0x2e3/0x520
[  420.479758][ T7515]  kobject_uevent_env+0x681/0x890
[  420.484828][ T7515]  net_rx_queue_update_kobjects+0x221/0x490
[  420.490767][ T7515]  netdev_register_kobject+0x231/0x320
[  420.496251][ T7515]  register_netdevice+0x1042/0x1710
[  420.501481][ T7515]  bond_create+0xca/0x160
[  420.505837][ T7515]  bonding_init+0xf64/0x1680
[  420.510976][ T7515]  do_one_initcall+0x272/0x730
[  420.515862][ T7515]  do_initcall_level+0x137/0x1f0
[  420.520829][ T7515]  do_initcalls+0x4b/0x90
[  420.525190][ T7515]  kernel_init_freeable+0x3e9/0x570
[  420.530418][ T7515]  kernel_init+0x19/0x1b0
[  420.534777][ T7515]  ret_from_fork+0x1f/0x30
[  420.539318][ T7515] 
[  420.541673][ T7515] The buggy address belongs to the object at ffff888020f77f00
[  420.541673][ T7515]  which belongs to the cache kmalloc-192 of size 192
[  420.555755][ T7515] The buggy address is located 8 bytes inside of
[  420.555755][ T7515]  192-byte region [ffff888020f77f00, ffff888020f77fc0)
[  420.568890][ T7515] The buggy address belongs to the page:
[  420.574561][ T7515] page:ffffea000083ddc0 refcount:1 mapcount:0 mapping:0000000000000000 index:0xffff888020f77900 pfn:0x20f77
[  420.586066][ T7515] flags: 0xfff00000000200(slab|node=0|zone=1|lastcpupid=0x7ff)
[  420.593664][ T7515] raw: 00fff00000000200 ffffea0000a7cc48 ffffea00008f04c8 ffff888016c41a00
[  420.602282][ T7515] raw: ffff888020f77900 000000000010000e 00000001ffffffff 0000000000000000
[  420.610899][ T7515] page dumped because: kasan: bad access detected
[  420.617349][ T7515] page_owner tracks the page as allocated
[  420.623092][ T7515] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x12cc0(GFP_KERNEL|__GFP_NOWARN|__GFP_NORETRY), pid 1, ts 9042213154, free_ts 9038171945
[  420.638751][ T7515]  get_page_from_freelist+0x1bbd/0x1ca0
[  420.644336][ T7515]  __alloc_pages+0x1ee/0x480
[  420.648960][ T7515]  new_slab+0xb6/0x4b0
[  420.653156][ T7515]  ___slab_alloc+0x80a/0xdd0
[  420.657788][ T7515]  __kmalloc_node+0x200/0x3b0
[  420.662488][ T7515]  sbitmap_init_node+0x2bc/0x6c0
[  420.667458][ T7515]  sbitmap_queue_init_node+0x3b/0xa60
[  420.672868][ T7515]  blk_mq_init_tags+0x16b/0x380
[  420.677763][ T7515]  blk_mq_alloc_rq_map+0x7f/0x1a0
[  420.682829][ T7515]  __blk_mq_alloc_map_and_request+0x92/0x330
[  420.688853][ T7515]  blk_mq_alloc_map_and_requests+0xe0/0x510
[  420.694785][ T7515]  blk_mq_alloc_tag_set+0x7ef/0x1020
[  420.700103][ T7515]  add_mtd_blktrans_dev+0x6c2/0x1280
[  420.705413][ T7515]  mtdblock_add_mtd+0x186/0x240
[  420.710295][ T7515]  blktrans_notify_add+0x95/0xe0
[  420.715302][ T7515]  add_mtd_device+0xd62/0x1280
[  420.720103][ T7515] page last free stack trace:
[  420.724794][ T7515]  free_unref_page_prepare+0x637/0x6c0
[  420.730374][ T7515]  free_unref_page+0x8f/0x2a0
[  420.735084][ T7515]  __vunmap+0x8b9/0xa50
[  420.739268][ T7515]  free_work+0x56/0x80
[  420.743366][ T7515]  process_one_work+0x85f/0x1010
[  420.748349][ T7515]  worker_thread+0xaa6/0x1290
[  420.753063][ T7515]  kthread+0x436/0x520
[  420.757173][ T7515]  ret_from_fork+0x1f/0x30
[  420.761625][ T7515] 
[  420.763976][ T7515] Memory state around the buggy address:
[  420.769680][ T7515]  ffff888020f77e00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[  420.777862][ T7515]  ffff888020f77e80: 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc fc
[  420.785947][ T7515] >ffff888020f77f00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  420.794027][ T7515]                       ^
[  420.798421][ T7515]  ffff888020f77f80: fb fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc
[  420.806557][ T7515]  ffff888020f78000: 00 00 fc fc 00 00 fc fc 00 00 fc fc 00 00 fc fc
[  420.814640][ T7515] ==================================================================
[  420.822820][ T7515] Disabling lock debugging due to kernel taint
[  420.916525][ T7515] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[  420.923771][ T7515] CPU: 1 PID: 7515 Comm: syz.3.804 Tainted: G    B             syzkaller #0
[  420.932477][ T7515] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/24/2026
[  420.942582][ T7515] Call Trace:
[  420.945895][ T7515]  <TASK>
[  420.948864][ T7515]  dump_stack_lvl+0x188/0x250
[  420.953586][ T7515]  ? show_regs_print_info+0x20/0x20
[  420.958822][ T7515]  ? load_image+0x400/0x400
[  420.963378][ T7515]  panic+0x2e5/0x810
[  420.967303][ T7515]  ? bpf_jit_dump+0xd0/0xd0
[  420.971815][ T7515]  ? _raw_spin_unlock_irqrestore+0x10d/0x120
[  420.977806][ T7515]  ? _raw_spin_unlock+0x40/0x40
[  420.982682][ T7515]  ? print_memory_metadata+0x314/0x400
[  420.988146][ T7515]  ? ax25_release+0x5ca/0x870
[  420.992863][ T7515]  check_panic_on_warn+0x80/0xa0
[  420.997811][ T7515]  ? ax25_release+0x5ca/0x870
[  421.002548][ T7515]  end_report+0x6d/0xf0
[  421.006852][ T7515]  kasan_report+0x102/0x130
[  421.011357][ T7515]  ? ax25_release+0x5ca/0x870
[  421.016046][ T7515]  ax25_release+0x5ca/0x870
[  421.020579][ T7515]  sock_close+0xd5/0x240
[  421.024839][ T7515]  ? sock_mmap+0x90/0x90
[  421.029089][ T7515]  __fput+0x234/0x930
[  421.033110][ T7515]  task_work_run+0x125/0x1a0
[  421.037718][ T7515]  exit_to_user_mode_loop+0x10f/0x130
[  421.043105][ T7515]  exit_to_user_mode_prepare+0xee/0x180
[  421.048682][ T7515]  syscall_exit_to_user_mode+0x16/0x40
[  421.054170][ T7515]  do_syscall_64+0x58/0xa0
[  421.058592][ T7515]  ? clear_bhb_loop+0x30/0x80
[  421.063270][ T7515]  ? clear_bhb_loop+0x30/0x80
[  421.067946][ T7515]  entry_SYSCALL_64_after_hwframe+0x66/0xd0
[  421.073839][ T7515] RIP: 0033:0x7f2d8f5f5f79
[  421.078257][ T7515] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  421.097866][ T7515] RSP: 002b:00007ffd1636cdd8 EFLAGS: 00000246 ORIG_RAX: 00000000000001b4
[  421.106298][ T7515] RAX: 0000000000000000 RBX: 00007f2d8f871da0 RCX: 00007f2d8f5f5f79
[  421.114293][ T7515] RDX: 0000000000000000 RSI: 000000000000001e RDI: 0000000000000003
[  421.122272][ T7515] RBP: 00007f2d8f871da0 R08: 00007f2d8f870038 R09: 0000000000000000
[  421.130293][ T7515] R10: 00000000003ffb80 R11: 0000000000000246 R12: 0000000000066917
[  421.138272][ T7515] R13: 00007f2d8f86ffac R14: 00000000000667c9 R15: 00007ffd1636cee0
[  421.146344][ T7515]  </TASK>
[  421.149691][ T7515] Kernel Offset: disabled
[  421.154026][ T7515] Rebooting in 86400 seconds..