last executing test programs:

2m59.007420397s ago: executing program 2 (id=8):
r0 = socket$kcm(0x1e, 0x2, 0x0)
setsockopt$sock_attach_bpf(r0, 0x10f, 0x87, 0x0, 0x0)
openat$sndseq(0xffffffffffffff9c, &(0x7f00000018c0), 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000006c0)={0x18, 0xb, &(0x7f0000000640)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020000000000000000000007b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000095"], &(0x7f00000004c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f00000002c0)='contention_begin\x00', r1, 0x0, 0xd}, 0x18)
prlimit64(0x0, 0xe, 0x0, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000540)=0x4)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0)
r2 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r2, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
syz_io_uring_setup(0x1868, &(0x7f00000007c0)={0x0, 0x3561, 0x80, 0x0, 0x271}, 0x0, 0x0)
pselect6(0x40, &(0x7f00000001c0)={0x0, 0x83fd, 0x1fffffffffe, 0xfffffffffffffffd, 0x4, 0x0, 0x1000001000, 0x9}, 0x0, &(0x7f00000002c0)={0x3fb, 0x8000, 0x400000000001, 0x9, 0x40000000000000, 0xf, 0x80000002, 0x2}, 0x0, 0x0)

2m58.073789254s ago: executing program 2 (id=10):
r0 = openat$urandom(0xffffffffffffff9c, &(0x7f0000000000), 0x2400, 0x0)
r1 = syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f0000000000)='./file0\x00', 0x1000040, &(0x7f00000002c0)={[{@barrier}, {@nodioread_nolock}, {@noquota}, {@barrier}, {@noload}, {@orlov}]}, 0x1, 0x599, &(0x7f0000001280)="$eJzs3T9sG2UbAPDnznHTP/m+9JO+T/pAHSpAKlJVJ+kfKEztiqhUqQMSC0SOG1Vx4ipOoIkike4VogMC1KVsMDCCGBgQCyMrC4gZqaIRSE0HMHJ8TtPULk6I4xL/ftLZ73t39vO+d35e+053cgB962j9IY14KiIuJhHDG5YNRLbwaGO91ZWl4v2VpWIStdqlX5JIIuLeylKxuX6SPR+KiOWI+H9EfJOPOJ6uv+W+ZqG6sDg1Xi6XZrP6yNz01ZHqwuKJK9Pjk6XJ0sypF186c/b0mbGTYxube7+2sZbfWl9v/Hjz3RvfvXL75qefHVkuvj+exLkYypZt7MdOamyTfJzbNP90N4L1UNLrBrAtuSzP66n0vxiOXJb1rdQ2Dg6Du9I8oItqgxE1oE8l8h/6VPN3QP34tznt5u+PO+cbByD1uKsrS8V3ohl/oHFuIvavHZsc/DV56Mikfrx5eDcbyp60fD0iRgcGHv38J9nnb/tGd6KBdNXX5xs76tH9n66PP9Fi/Blqnjv9m5rj32o2/q22iJ9rM/5d7DDG76//9FHb+NcH4+mW8ZP1+EmL+GlEvNlh/FuvfXm23bLaxxHHonX8puTx54dHLl8pl0Ybjy1jfHXsyMvt+x9xsE38xjnb/WtfMxv7vy9rU9ph/7/49vNnlh8T//lnH7//W23/AxHxXofx/3Pvk1fbLbtzPblb/xWw1f2fRD5udxj/hXNHf8iKzhoCAAAAAAAAAMAOSteuZUvSwno5TQuFxj28/42DablSnTt+uTI/M9G45u1w5NPmlVbDjXpSr49l1+M26yc31U/lsoC5A2v1QrFSnuhx3wEAAAAAAAAAAAAAAAAAAOBJcWjT/f+/5dbu/9/8d9XAXtX+L7+BvU7+Q/96OP+TnrUD2H2+/6Fv1eQ/9C/5D/1L/kP/kv/Qv+Q/9C/5D/1L/gMAAAAAAAAAAAAAAAAAAAAAAAAAQFdcvHChPtXurywV6/WJgYX5qcpbJyZK1anC9HyxUKzMXi1MViqT5VKhWJn+q/dLKpWrozEzf21krlSdG6kuLL4xXZmfaf6naCnf9R4BAAAAAAAAAAAAAAAAAADAP8/Q2pSkhYh8o56mhULEvyLicBLJ5Svl0mhE/Dsivs/lB+v1sV43GgAAAAAAAAAAAAAAAAAAAPaY6sLi1Hi5XJrtXmEgC9XFEJ0XBrayckQs72wz6u+45Vflsw3Y4023Nwq5J+Nz+OQXejgoAQAAAAAAAAAAAAAAAABAn3pw02+nr/ijuw0CAAAAAAAAAAAAAAAAAACAvpT+nEREfTo2/NzQ5qX7ktXc2nNEvH3r0gfXxufmZsfq8++uz5/7MJt/shftBzrVzNM0Iup5DAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADxQXVicGi+XS7PbLAx2sE6v+wgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACwHX8GAAD//xLkz18=")
r2 = openat(0xffffffffffffff9c, &(0x7f0000000740)='./file1\x00', 0x183042, 0x15)
pwrite64(r2, 0x0, 0x0, 0xe7c)
r3 = openat(0xffffffffffffff9c, &(0x7f0000000180)='./file1\x00', 0x105042, 0x189)
truncate(&(0x7f0000000080)='./file1\x00', 0x789a)
mmap(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x27ffff7, 0x4012011, r3, 0x0)
openat(r1, &(0x7f00000000c0)='./file1\x00', 0x100, 0x15c)
pwrite64(r3, &(0x7f0000000880)='u', 0x1, 0x83)
lseek(r2, 0x5, 0x3)
r4 = openat(0xffffffffffffff9c, &(0x7f0000000240)='.\x00', 0x0, 0x0)
ioctl$FS_IOC_REMOVE_ENCRYPTION_KEY(r4, 0x8004587d, &(0x7f0000000080)={@desc={0x1, 0x0, @desc1}})
fcntl$setstatus(r0, 0x4, 0x0)

2m57.101621713s ago: executing program 2 (id=12):
mkdirat(0xffffffffffffff9c, &(0x7f0000002000)='./file0\x00', 0x118)
openat(0xffffffffffffff9c, &(0x7f0000000280)='./file0\x00', 0x40000, 0x120)
socket$inet6_mptcp(0xa, 0x1, 0x106)
socket$inet6_sctp(0xa, 0x1, 0x84)
socket$nl_netfilter(0x10, 0x3, 0xc)
socket$nl_route(0x10, 0x3, 0x0)
openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000000), 0x141202, 0x0)
fsopen(&(0x7f00000001c0)='ramfs\x00', 0x0)
socketpair(0x1, 0x5, 0x0, &(0x7f0000000200))
r0 = syz_open_dev$dri(&(0x7f0000000440), 0x1, 0x0)
ioctl$DRM_IOCTL_SET_CLIENT_CAP(r0, 0x4010640d, &(0x7f0000000000)={0x3, 0x2})
ioctl$DRM_IOCTL_MODE_GETPLANERESOURCES(r0, 0xc01064b5, &(0x7f0000000040)={&(0x7f0000000100)=[<r1=>0x0], 0x1})
ioctl$DRM_IOCTL_MODE_ATOMIC(r0, 0xc03864bc, &(0x7f0000000180)={0x1, 0x1, &(0x7f00000000c0)=[r1], &(0x7f0000000180), &(0x7f0000000200), &(0x7f00000001c0)=[0x7fffffff], 0x0, 0x1})

2m56.17724291s ago: executing program 2 (id=16):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000240)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a28000000000a030000000000000000000a00000708000240000000020900010073797a31000000002c000000030a010100000000000000000a0000070900010073797a31000000000900030073797a320000000014000000110001"], 0x7c}, 0x1, 0x0, 0x0, 0x4000}, 0x4000000)
sendmsg$NFT_BATCH(r0, &(0x7f0000009b40)={0x0, 0x0, &(0x7f0000009b00)={&(0x7f0000000380)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a80000000060a010400000000000000000a0000010900010073797a310000000054000480500001800b00010074617267657400004000028008000240000000012c0003007339f2f10455afb9fdd672bad09dfb78c7699c74e891a0c70000000000000000000000000000000008000100544545000900020073797a3200"], 0xa8}, 0x1, 0x0, 0x0, 0x4000850}, 0x24000840)
ioctl$AUTOFS_IOC_READY(r0, 0x9360, 0xfffffffffffffffd)
syz_mount_image$vfat(&(0x7f0000000040), &(0x7f0000000080)='./file0\x00', 0x2048c5, &(0x7f0000000340)=ANY=[@ANYBLOB="726f6469722c756e695f786c6174653d312c726f6469722c756e695f786c6174653d302c636865636b3d72656c617865642c73686f72746e616d653d77696e6e742c6e6f636173652c73686f72746e616d653d6c6f7765722c747a3d5554432c756e695f786c6174653d312c73686f77657865632c6e6f6e756d7461696c00002c007d88658bba9f86c7bbf19329c9a2a1c1511e3af2126ad5803a0f4e3d8521dd3f1b515a0673be6fb14db7c6534edf0e5e1d29e4f05d5c82fd3e0372c644e7ba7ccec22efc923b0beac1490e"], 0x0, 0x29f, &(0x7f0000000580)="$eJzs3UFrE1sYxvGnSdukKW2yKBfuhct9uW50M7TxEwRpQQwotRF1IUztREPGpGRiJCK2O7d+juLSlYL6Bbpx517cFEFw04UYaZKxaRswra1Tzf8HYU7OOe/MmZyZ8M5AJlvXn94rFwOn6NYVS5pi0rq2pcxOqWuku4y1y+Pqta5zk5/f/Xv1xs1LuXx+ftFsIbd0Pmtm0/+9evDo2f9v6pPXnk+/TGgzc2vrU/b95l+bf299XQrXXpVcW65W6+6y79lKKSg7Zld8zw08K1UCr1a3nvaiX11dbZpbWZlKrda8IDC30rSy17R61eq1prl33FLFHMexqZSGTfzQEYWNxUU3dyKDQRQm+lXWajk33rexsPErBgUAAE6XqPL/u6XASoFVqnvy+4P5f0yHyP+loc7/D4/8fxjs5P+p7vm7F/k/AAAAAAAAAAAAAAAAAAAAAAC/g+1WK91qtdLhMnwlJCUlhe+jHidOBvM/3Hp+uJeU/CeNQqPQWXbac0WV5MvT7Jj0pX08dHXKCxfz87PWltFrf60bv9YoxJUI40OZ/vFznXjrjV/TmFK9288qrZn+8dk+8Y3CuM6eaSW6W/bkKK23t1WVr5X2cb0b/3jO7MLl/L74iXY/AAAAAAD+BI59d+D6vd3uWPjYkH3tncrd+wNK/+D+wL7r61H9MxrdfgMAAAAAMEyC5sOy6/tebQgK4f8fHMsKo//okoN2HpXUrXlxWuZikEJM0lHD4z83yx8l7amZiXy6j6Pw4X7nDBikc5TfSgAAAABOQpj0j0Q9EAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAhtigDw8L+x/l2WM9m4tHs5cAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADA6fAtAAD//2kbF4o=")
r1 = syz_open_procfs(0x0, &(0x7f0000000540)='mounts\x00')
mount$tmpfs(0x0, &(0x7f0000000000)='./file0\x00', 0x0, 0x100000, 0x0)
mount$bind(&(0x7f0000000480)='./file0/file0\x00', &(0x7f0000000180)='./file0\x00', 0x0, 0x1333404, 0x0)
mount$bind(&(0x7f0000000300)='./file0\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x11080, 0x0)
mount$bind(&(0x7f0000000240)='.\x00', &(0x7f0000000280)='./file0\x00', 0x0, 0x1005848, 0x0)
read$FUSE(r1, &(0x7f0000002c00)={0x2020}, 0x2020)
socket$nl_route(0x10, 0x3, 0x0)

2m54.307362253s ago: executing program 2 (id=20):
openat$comedi(0xffffff9c, &(0x7f0000000040)='/dev/comedi2\x00', 0xa400, 0x0)
socket(0x1, 0x3, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080))
socket$nl_route(0x10, 0x3, 0x0)
syz_genetlink_get_family_id$ethtool(0x0, 0xffffffffffffffff)
r0 = openat$sw_sync(0xffffffffffffff9c, &(0x7f0000000040), 0x80001, 0x0)
r1 = openat$sw_sync(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
ioctl$SW_SYNC_IOC_CREATE_FENCE(r1, 0xc0285700, &(0x7f0000000100)={0x1, "5660359c3245d1c42317afad7d48ed51000000000000000100", <r2=>0xffffffffffffffff})
ioctl$SW_SYNC_IOC_CREATE_FENCE(r0, 0xc0285700, &(0x7f0000000000)={0x5, "340b7832ceefd131b8e6498c25f58fad9987ffe93bbabd18cf501922de974a27", <r3=>0xffffffffffffffff})
ioctl$SYNC_IOC_MERGE(r2, 0xc0303e03, &(0x7f0000000180)={"2486910284ed923431d4c5d5fbf514fd00", r3})
write$uinput_user_dev(0xffffffffffffffff, &(0x7f0000000400)={'syz0\x00', {0x3, 0xb, 0x6, 0xff}, 0x3a, [0x7ffd, 0xc95a, 0xf, 0x0, 0x80, 0x2, 0x3, 0x10007f, 0x20000006, 0x4d, 0x8, 0x3, 0x9, 0x2, 0xffff2d34, 0xffffff01, 0x46, 0x3, 0xfffffffc, 0x5, 0x4, 0x2, 0x7, 0x3c5b, 0x80000003, 0x24, 0x1d, 0x2, 0xfffffffe, 0xffffffff, 0xe661, 0x4, 0x7, 0x3, 0x8, 0x4c74, 0xe91, 0x0, 0x3, 0xe, 0x8, 0x8000806e, 0x7, 0x17, 0x1, 0x7, 0x200, 0x3e, 0x8c, 0x6, 0x6, 0x0, 0x5, 0x3, 0x8, 0x400, 0x80, 0x1, 0x5, 0x6, 0x8, 0x4, 0x1, 0x40], [0x10000007, 0xd, 0x80000133, 0x8004, 0x5, 0xfffffff3, 0x129432e6, 0xc8, 0xf9, 0xe, 0x8, 0x6c7, 0x9, 0x7ffffffc, 0x3, 0x0, 0x1, 0x5, 0x2f, 0xe, 0x40000310, 0x78, 0xea4, 0xfffffffc, 0x4, 0x7, 0x7fff, 0x6, 0x400, 0x401, 0x6, 0x5, 0xff, 0x5, 0x1000005, 0x5f31, 0x10, 0x7, 0x2, 0x4, 0xb, 0x1, 0x9, 0x8, 0x9, 0x6, 0x47, 0x8020, 0x1, 0xfe000000, 0xffff, 0x2, 0x4, 0x9, 0x3, 0x3, 0x9, 0x1, 0x3, 0x3, 0xbc45, 0x48c93690, 0x43, 0x103], [0x7, 0xa, 0x4, 0x5, 0xfffffffe, 0x100, 0x8d2, 0x9, 0x5, 0x7fff, 0x0, 0x5, 0xf, 0x4, 0x6, 0x5, 0x0, 0x6, 0x5, 0x1, 0x86, 0x3, 0x303c, 0x3e7, 0xb, 0x5, 0x2, 0x10000002, 0x3, 0x20000008, 0x2, 0x6d03, 0x6, 0x38, 0x800003, 0x200, 0x80, 0x3, 0x4, 0x2950bfaf, 0x1000, 0xa2, 0x7, 0xad, 0x5, 0x6, 0xac8, 0xc2, 0x2, 0x3, 0x0, 0x12b, 0x4, 0x1, 0x1000000a, 0x0, 0x5, 0x1c, 0x120000, 0x3, 0x2006, 0x80a2ed, 0x0, 0x25], [0x9, 0xbb33, 0x80000000, 0xb, 0x5, 0x93a, 0x6, 0x1000006, 0x0, 0xb9, 0xce7, 0x1ff, 0x2, 0x57, 0x4, 0x5, 0x101, 0x10000, 0x4, 0x7fff, 0x10000, 0x7f, 0x2, 0x5, 0x1, 0x2, 0x14c, 0x60a7, 0x1, 0x96, 0xffffffff, 0x800000, 0x0, 0x4, 0xc8, 0x1, 0xfffff000, 0x10080, 0x3, 0x7e, 0x100, 0x1000, 0x7, 0xaf, 0x8, 0x6, 0x226, 0x5, 0x4, 0x1, 0x30b1d693, 0xa1f, 0x8, 0x7, 0x1, 0x6c1b, 0x0, 0x4, 0x5, 0xb1e, 0xd7, 0x200, 0xffff3441, 0xfff]}, 0x45c)
ppoll(&(0x7f00000000c0)=[{}, {}], 0x20000000000000dc, 0x0, 0x0, 0x0)
ioctl$SW_SYNC_IOC_INC(r1, 0x40045701, &(0x7f00000002c0)=0x3)

2m50.181248723s ago: executing program 2 (id=28):
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000240)={&(0x7f0000000080)='sched_switch\x00'}, 0x10)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x69703000)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000000c0)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
mkdir(&(0x7f0000000300)='./bus\x00', 0x14)
r3 = syz_init_net_socket$ax25(0x3, 0x2, 0x0)
bind$ax25(r3, &(0x7f0000000100)={{0x3, @default, 0x1000003}, [@null, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x1}, @bcast, @default, @bcast, @default, @null, @null]}, 0x48)

2m48.954003262s ago: executing program 32 (id=28):
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000240)={&(0x7f0000000080)='sched_switch\x00'}, 0x10)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x69703000)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000000c0)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
mkdir(&(0x7f0000000300)='./bus\x00', 0x14)
r3 = syz_init_net_socket$ax25(0x3, 0x2, 0x0)
bind$ax25(r3, &(0x7f0000000100)={{0x3, @default, 0x1000003}, [@null, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x1}, @bcast, @default, @bcast, @default, @null, @null]}, 0x48)

1m43.258301473s ago: executing program 3 (id=160):
bpf$MAP_CREATE(0x0, 0x0, 0x48)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbee2, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e21}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
rseq(&(0x7f0000000480)={0x0, 0x0, &(0x7f0000000440)={0x0, 0x4, 0x6, 0x3, 0x9}, 0x2}, 0x20, 0x0, 0x0)
ptrace(0x10, 0x1)
openat$cgroup_devices(0xffffffffffffffff, 0x0, 0x2, 0x0)
fcntl$dupfd(0xffffffffffffffff, 0x0, 0xffffffffffffffff)

1m42.131600874s ago: executing program 3 (id=161):
openat$vicodec0(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000000)={0x5, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000100)=0x2)
sched_setaffinity(0x0, 0x8, &(0x7f0000000200)=0x400000bce)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r0, &(0x7f0000002000)=""/102400, 0x19000)
r1 = socket$unix(0x1, 0x1, 0x0)
bind$unix(r1, &(0x7f0000000000)=@abs={0x1, 0x0, 0x4e21}, 0x6e)
listen(r1, 0x0)
socket$unix(0x1, 0x1, 0x0)
timer_create(0x0, &(0x7f0000000240)={0x0, 0x21, 0x2, @thr={0x0, 0x0}}, &(0x7f0000000300))
r2 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$SO_BINDTODEVICE(r2, 0x1, 0x19, &(0x7f0000000180)='syz_tun\x00', 0x10)
connect$inet(r2, &(0x7f0000000080)={0x2, 0x0, @remote}, 0x39)

1m40.253550437s ago: executing program 3 (id=164):
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
r3 = socket$packet(0x11, 0x2, 0x300)
socket$packet(0x11, 0x3, 0x300)
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000040)={'lo\x00'})
recvmmsg(r3, &(0x7f0000000480)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f00000003c0)=""/11, 0x17}}], 0x400000000000179, 0x10022, 0x0)
sendmsg$NL80211_CMD_REGISTER_FRAME(0xffffffffffffffff, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000580)={&(0x7f0000000080)={0x1c, 0x0, 0x1, 0x0, 0xfffffffd, {{}, {@val={0x8}, @void}}}, 0x1c}}, 0x40)

1m38.788186739s ago: executing program 3 (id=165):
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000001b40)={&(0x7f0000000100)='kfree\x00'}, 0x10)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r3 = socket(0xa, 0x3, 0x87)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000080)={'gretap0\x00', <r5=>0x0})
ioctl$sock_inet6_SIOCSIFADDR(r3, 0x8916, &(0x7f0000000000)={@private1={0xfc, 0x1, '\x00', 0x1}, 0xb, r5})
ioctl$sock_inet6_tcp_SIOCINQ(r3, 0x8936, &(0x7f0000000000))

1m37.071853506s ago: executing program 3 (id=168):
prlimit64(0x0, 0xe, &(0x7f0000000040)={0x8, 0x8d}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000340)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs={0x0, 0x0, 0xfffffffe}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
bpf$MAP_LOOKUP_ELEM(0x1, &(0x7f0000001e40)={0xffffffffffffffff, 0x0, 0x0}, 0x20)
r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000013c0)={0x18, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41100, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={0x0, r3}, 0x18)
r4 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFNL_MSG_COMPAT_GET(r4, &(0x7f0000000500)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f0000000100)={0x2c, 0x0, 0xb, 0x101, 0x0, 0x0, {0x3, 0x0, 0x8}, [@NFTA_COMPAT_NAME={0x5, 0x1, '\x00'}, @NFTA_COMPAT_REV={0x8, 0x2, 0x1, 0x0, 0x5}, @NFTA_COMPAT_TYPE={0x8}]}, 0x2c}, 0x1, 0x0, 0x0, 0x60004000}, 0x40010)

1m35.985752293s ago: executing program 3 (id=170):
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x1b, 0x0, 0x0, 0x0, 0x2, 0xfffffe81, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback=0x2d, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe8c}, 0x94)
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000140)=ANY=[@ANYBLOB="070000000400000008"], 0x50)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0x8, &(0x7f0000000740)=ANY=[@ANYBLOB="1800000000000000000000000000000018120000", @ANYRES32=r0, @ANYBLOB="0000000000000000b703000000030000850000001b000000b70000000000000095"], &(0x7f0000000780)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x21, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
sendmsg$ETHTOOL_MSG_PAUSE_GET(0xffffffffffffffff, 0x0, 0x20000040)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000000)='kfree\x00', r1}, 0x18)
open(&(0x7f0000000080)='./file0\x00', 0x108242, 0x124)
r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000600)=ANY=[@ANYBLOB="1b00000000000000000000000080"], 0x50)
r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x7, &(0x7f00000002c0)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b702000000"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x13, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000007c0)={&(0x7f0000000080)='sys_enter\x00', r3}, 0x10)
process_mrelease(0xffffffffffffffff, 0x0)
pipe2$9p(&(0x7f0000000000), 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000070000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b703000000000000850000000400000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
r4 = openat$rfkill(0xffffffffffffff9c, &(0x7f0000000040), 0x801, 0x0)
write$rfkill(r4, &(0x7f0000000080)={0x0, 0x0, 0x3, 0x1}, 0x8)

1m20.053415338s ago: executing program 33 (id=170):
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x1b, 0x0, 0x0, 0x0, 0x2, 0xfffffe81, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback=0x2d, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe8c}, 0x94)
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000140)=ANY=[@ANYBLOB="070000000400000008"], 0x50)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0x8, &(0x7f0000000740)=ANY=[@ANYBLOB="1800000000000000000000000000000018120000", @ANYRES32=r0, @ANYBLOB="0000000000000000b703000000030000850000001b000000b70000000000000095"], &(0x7f0000000780)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x21, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
sendmsg$ETHTOOL_MSG_PAUSE_GET(0xffffffffffffffff, 0x0, 0x20000040)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000000)='kfree\x00', r1}, 0x18)
open(&(0x7f0000000080)='./file0\x00', 0x108242, 0x124)
r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000600)=ANY=[@ANYBLOB="1b00000000000000000000000080"], 0x50)
r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x7, &(0x7f00000002c0)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b702000000"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x13, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000007c0)={&(0x7f0000000080)='sys_enter\x00', r3}, 0x10)
process_mrelease(0xffffffffffffffff, 0x0)
pipe2$9p(&(0x7f0000000000), 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000070000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b703000000000000850000000400000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
r4 = openat$rfkill(0xffffffffffffff9c, &(0x7f0000000040), 0x801, 0x0)
write$rfkill(r4, &(0x7f0000000080)={0x0, 0x0, 0x3, 0x1}, 0x8)

50.171615041s ago: executing program 1 (id=237):
prlimit64(0x0, 0xe, &(0x7f00000007c0)={0xb, 0x88}, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
openat$sequencer(0xffffffffffffff9c, 0x0, 0x0, 0x0)
syz_emit_ethernet(0x6e, 0x0, 0x0)
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x3, '\x00', 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r0}, 0x18)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
fanotify_init(0xf00, 0x0)
clock_gettime(0x9, 0x0)

48.767006208s ago: executing program 1 (id=239):
keyctl$clear(0x5, 0xffffffffffffffff)
syz_pidfd_open(0x0, 0x0)
syz_usb_connect(0x6, 0x63, &(0x7f0000000780)=ANY=[], 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r3 = openat$ubi_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x8400, 0x0)
prlimit64(r0, 0x7, 0x0, 0x0)
sched_setaffinity(0x0, 0x0, 0x0)
ioctl$FS_IOC_SETFLAGS(r3, 0x40186f40, &(0x7f0000000440)=0x1f)

48.413135248s ago: executing program 4 (id=241):
syz_mount_image$hfsplus(&(0x7f00000000c0), &(0x7f0000000900)='\x13\x13w\xc5\xfc5\xd4\x14T\xd5\xd4\x1d)\xad\x1a`)Y\x81F\xe6\xbe\x16nA\xad\r\xbd@T\x03<\x9f3\xbb\xda\x82$\xa2\xf3\xd7r\xe7cnH\xb3<\xbfp\x83r\xe8\xf1\xb9\x93>\xc5\x12wC\xbe\"\x06 \x9e\xf0-\xf9\xcb\xf2\xf6\xe8\x80\xd38/\x00', 0x3200004, &(0x7f0000000a80)={[{@uid}, {}, {@nls={'nls', 0x3d, 'cp936'}}, {@uid}, {@type={'type', 0x3d, "826d7417"}}, {@force}]}, 0x3, 0x6b9, &(0x7f0000000240)="$eJzs3U1sHGcZB/D/bJx1Nkip26ZtQEi1GqmCRiR2ViVBQmpACOUQoQguvVqJ01jZpJXtorRCZAMUJE6cUA8cilA49IQQQionRDkjIXHh5BuHSNw45AAYzezsem1vHDuOvab9/aTJvLPv1zOP52N37GgDfGpdfD2Huyly8dSl2+X2yr12Z+Ve+2a/nGQySSOZ6K1StJLi4+RCeks+W75YD1c8bJ5X739UTLz/Ybu3NVEvVfvGVv02GdmymxwZbBxKMt0r/nvbw24ar1qqca6sjfeYikHcZcJO9hMH47a6SXetsvHI7ts/b4ED607vvrnJVHI0vbtr+T4g9dXh0VeG8dvy2tTdvzgAAABgr4z8LD/sqQd5kNs5tj/hAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAwCdD0fvOwKJeGv3ydIr+9/83h75TvznmcHfpvWvV6ttPjTsQAAAAAAAAANiVFx/kQW7nWH97tah+5/9StXG8+vczeTtLmc9iTud25rKc5SxmNsnU0EDN23PLy4uzwz2rPxJY+nnKnqurq3fqnmdH9jy7Pq7uxkBH/aXBpkYAAAAAAAAA8Kn1g1xc+/0/AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAcBEVyqLeqluP98lQaE0mOJGkW04PmzbEG+wT8cdwBAAAAwN5r1etjxX97hdWi+sz/fPW5/0jezq0sZyHL6WQ+V6tnAb1P/Y2/dtudlXvtm+WyeeCv/XNHcVQjpvfsYfTMM1WL5wY9Luab+U5OZTqXs5iFfDdzWc58pvONqjSXIlP104uplXut9GPdHO+FdVuXN8b24lC5jO9EFUkr17JQxXY6V5r90Bt1uxNDs/2+mWyY8W6ZneK12jZzdLVel3v0s3p9MExVe354kJGZOvdlNp4ezvvm3O/wONk402wag2dQx9dmKTc3zvRYOT9ar8tc/3hvc77DR2nrM9H9abnVP/qe3zrnyRf/9qfL1xu3bly/tnTq4BxGj2njMdEeysQL28pEp8xEdxeZOLKb+J+cZp2N3lV0Z1fLl6q+x7KQb+XNXM18zmUmszmfmXwlZ9PO2aG8Prd1XqtzrbGzc+3kF+pCeU/6ydC9ad9MPqyizOvTQ3kdvtJNVXXDr6xl6ZltZKloZnSW/j4ylInP1YVyjh8O3XHGb5CJxtq1uR/ds1tn4pf/WU2y1Ll1Y/H63FvbnO/lel2etu+tvzb/6ons0M7Vu1seL8+UP6z0bhvDR0dZ92y/bt2RM1vVHR/Urb/PNZupzude3aPO1HKk5++OGqlX98LIWdpV3YmhunXvcvJmOoN3IQAcYEdfOdps3W/9pfVB60et661LR74+eX7y880c/vPEHw79pvHrxleLV/JBvp9j444UAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA+CZbeeffGXKczv3gAC2k84QHvjqzqp6L3SvNg7PtWhcP7O+mhnTSe3OqI+m2SLbo3x5HMVpID8DOd62RiH+aazIiqS4NXWkljEE+SGwfkC+6AvXBm+eZbZ5beefdLCzfn3ph/Y/7W2fPnXjvX/vLsnTPXFjrzM71/xx0lsBfW3gaMOxIAAAAAAAAAAABgu3bz3wn+cWl7jUdMW3THsK8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADA/6eLr+dwN0VmZ07PlNsr99qdcumX11pOJGkkKb6XFB8nF9JbMjU0XPGweV69/9EvXn7/w/baWBP99o0N/X73r9XVHe5Ft14yneRQvX60yW2Nd2VovO4OA+spBntYJuxkP3Ewbv8LAAD///zfBvQ=")
prlimit64(0x0, 0xe, &(0x7f0000000200)={0x8, 0x8a}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x3)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8)
getpid()
r1 = socket$inet6(0xa, 0x2, 0x0)
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000300)={'virt_wifi0\x00', <r2=>0x0})
setsockopt$inet6_mreq(r1, 0x29, 0x1b, &(0x7f0000000000)={@remote, r2}, 0x14)
r3 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r3, 0x0, 0x4840)
close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x0)
openat$dir(0xffffffffffffff9c, &(0x7f0000000000)='.\x00', 0x0, 0x90)

45.501231912s ago: executing program 1 (id=244):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
clock_adjtime(0x41, 0x0)
sched_setaffinity(0x0, 0x0, 0x0)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
timer_create(0x0, 0x0, 0x0)
timer_settime(0x0, 0x0, 0x0, 0x0)
connect$inet(0xffffffffffffffff, 0x0, 0x0)
r3 = socket$inet6_mptcp(0xa, 0x1, 0x106)
setsockopt$inet6_tcp_int(r3, 0x6, 0x17, &(0x7f0000000080)=0xffffffff, 0x4)
bpf$PROG_LOAD(0x5, 0x0, 0x0)

42.866233632s ago: executing program 1 (id=247):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0xa8f94000)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
bpf$MAP_CREATE(0x0, 0x0, 0x48)
r3 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r3, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000003c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a01030000000000000000010000000900010073797a300000000040000000030a01020000000000000000010000000900030073797a32000000001400048008000240326565a708000140000000000900010073797a300000000048000000060a010400000000000000000100000008000b40000000000900010073797a3000000000200004801c0001800b00010072656a65637400000c000280080001400000000114000000110001"], 0xd0}}, 0x0)
r4 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r4, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f000000c280)={&(0x7f0000000000)={{0x14}, [@NFT_MSG_DELTABLE={0x14, 0x2, 0xa, 0x109}], {0x14}}, 0x3c}}, 0x0)
socket$inet6(0xa, 0x800000000000002, 0x0)

42.790845362s ago: executing program 4 (id=249):
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0xb, &(0x7f00000005c0)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000730000007b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b70300000000000085000000"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, 0x2}, 0x94)
r0 = socket(0x1e, 0x4, 0x0)
setsockopt$packet_tx_ring(r0, 0x10f, 0x87, &(0x7f0000000040)=@req={0x3fc}, 0x10)
r1 = socket(0x1e, 0x4, 0x0)
r2 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_NEW(r2, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000100)=ANY=[@ANYBLOB="640000000001010400000000141a000002000000240001801400018008000100e000000108000200e00000010c00028005000100000000002400028014000180080001000000000008000200ac1e00010c00028005000100000000000800074000000001"], 0x64}}, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x5, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000100)=0x2)
sched_setaffinity(0x0, 0x8, &(0x7f0000000200)=0x400000bce)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000180)={0xffffffffffffffff, 0x18000000000002a0, 0xe, 0x0, &(0x7f0000000240)="b9ff03316844268cb89e14f00800", 0x0, 0x9, 0x60000000, 0x0, 0x0, 0x0, 0x0}, 0x50)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r3 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r3, &(0x7f0000002000)=""/102400, 0x19000)
setsockopt$packet_tx_ring(r1, 0x10f, 0x87, &(0x7f0000000440)=@req={0x3fc}, 0x10)
sendmmsg(r0, &(0x7f0000003240), 0x4000000000000e4, 0x0)
syz_open_dev$usbfs(&(0x7f0000003f00), 0x1ff, 0xa401)
syz_mount_image$ext4(&(0x7f00000000c0)='ext2\x00', &(0x7f0000000040)='./file0\x00', 0x2008803, &(0x7f0000000080), 0x1, 0x638, &(0x7f0000000240)="$eJzs3U1vVFUfAPD/nU5faJ/naSFPVFxIE2MgUVpawBBjIuwJwZedbiotBCmU0BotIaEkuDFx54LElQvxY0jCli/gwsS4MibEKAsxRMbc27nT2+lM6dt0yvT3Sy495972nnNL/3POPXPOnQB2reGIGImI/RFxNYkYLBwrZ/+Wsm9Kv+/RHzfOpVsSlcr7vydx42ayUDxXUv06UP3hfwYXd+3rWlnu7Pz1SxPT01PXqvnRuctXR2fnrx++eHniwtSFqSvjb46fOH7s+ImxI5u6vr2F9Onbn3w2+OWZD7/75kky9v1PZ5I4mV5dJr2uarKSX0fvpkpOf2fDUVn0uLg//b2e2OS5d4q/BvO/kyVJ/Q52tDQGuiPixRiMrsL/5mB88W5bKwa0VNrYVYBdKtlQ/PdtfUWAbZb3A/J7+8J98Goa3NEDz5uHpxYHpBZjvzsi8vgvZ2N+EX3Z2ED/o2TZOE8SEZsbmVuUlvHg/pnb6RbLx+GAFlu4lY9y17f/SRabQ9GX5foflZbFf6mwpfvfW0+hPUvJ4bpD4h+2z8KtiHip2v73xHrivxyF+P94g+WLfwAAAAAAANg6905FxBuN5v+VavN/ehrM/xmIiJNbUP6z3/8r5Uv0ki0oDih4eCri7Ybzf/Owi6Guau6/2XyA7uT8xempIxHxv4g4FN29aX6s7rylQvrwV/vuNCu/OP8v3dLyH9wvTi8u/VauW4g7OTE34dUANu/hrYiXs/m/B6p7ls//Sdv/pEH7n8b31TWWse+1u2eL+UqlcjNPN47/xbnAQGtVvo042LD9X2pgk9WfzzGa9QdG817BSq88KSw0qiP+oX3S9r+/efzXet615/XMru/8PRFxdL7cLPzXEP+N+/89yQddUVhK8PnE3Ny1sYie5PTK/ePrqzN0qjwe8nhJ4//Qq6uP/9X6/4U43BMRC2ss84WnA780O6b9h/ZJ439y9f7/UFJt/yNr/2sdgTUnxu8O/ZCdqcFz4c6uqf0/lrXph6p7svE/oKq0Ys9aA7Qt1QUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACA51wpIv4TSWmkli6VRkYiBiLi/9Ffmp6ZnXv9/MynVybTY9nn/5fyT/odXMwn+ef/DxXy43X5oxGxNyK+7tqT5UfOzUxPtvviAQAAAAAAAAAAAAAAAAAAYIcYyNb8V3rr1/+nfu1qd+2AlitXvz4j3vu2oy7A9ipv+CcrvVtaEWDbbTz+gefd2uO/u6X1ALZf8/h//KSSyfNJUjz6Z4vrBbSe/j/sXhuMf28PQgdoEP/D7agHsN1WHdO7U0t59x86kvt/AAAAAADoKHsP3PsxiYiFt/ZkW6qnesxkf+hspXZXAGgbc3hh9yrPtLsGQLu4xweW1vX/XWl0vPns/6Q1FQIAAAAAAAAAAAAAVji43/p/2K1WX/9vbj90slXW/zcKfo8LgA7S/KM/tP3Q6dzjA89q7a3/BwAAAAAAAAAAAIAdoO/6pYnp6alrs/ObTETEz5UkYrPnaZL4qMGhd1pUVksTCxM7ohpbmnjamjN3R8TOuMCWJ7oiorAnfwRHGyvW5tclAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACg5t8AAAD//wB1KIo=")

41.766995005s ago: executing program 1 (id=250):
prctl$PR_CAP_AMBIENT(0x2f, 0x0, 0x0)
syz_emit_ethernet(0x4a, &(0x7f0000000380)={@multicast, @dev={'\xaa\xaa\xaa\xaa\xaa', 0x28}, @val={@val={0x88a8, 0x6, 0x0, 0x2}, {0x8100, 0x4, 0x0, 0x2}}, {@arp={0x806, @ether_ipv6={0x1, 0x86dd, 0x6, 0x10, 0x0, @local, @local, @local, @private1}}}}, 0x0)
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000900)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000200)=ANY=[@ANYBLOB="4c0000002000010000000000800000000a801400070000031700010014000200fc020000000000000000000000000001050016003200e8ff130001"], 0x4c}}, 0x40000)
syz_open_dev$sndpcmc(&(0x7f0000000480), 0x0, 0x0)
r1 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000500), 0x28002)
r2 = dup(r1)
syz_open_procfs(0x0, &(0x7f0000000440)='fd/3\x00')
write$P9_ROPEN(r2, 0x0, 0x0)
mount$9p_fd(0x0, &(0x7f00000001c0)='.\x00', &(0x7f0000000180), 0x0, 0x0)
prlimit64(0x0, 0xe, 0x0, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
r3 = socket$inet(0x2, 0x4000000000000001, 0x0)
sendto$inet(r3, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10)
setsockopt$inet_tcp_TCP_CONGESTION(r3, 0x6, 0xd, &(0x7f0000000000)='westwood', 0x8)
r4 = socket$inet6(0x10, 0x2, 0x4)
sendto$inet6(r4, &(0x7f0000000080)="4c00000012001f15b9409b8400feffffffffffff000000000017030038c88cc055c5ac27a6c5b068d0bf46d323452536005ad94acc000000000000000000000051d1ec0cffc8792cd8000080", 0x4c, 0x0, 0x0, 0x0)

39.371662785s ago: executing program 1 (id=254):
socket$inet6(0xa, 0x1, 0x0)
socket$inet6_sctp(0xa, 0x5, 0x84)
socket$inet6_sctp(0xa, 0x1, 0x84)
socket$nl_route(0x10, 0x3, 0x0)
openat$nci(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0)
syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
bpf$PROG_LOAD(0x5, &(0x7f0000000580)={0x6, 0x5, &(0x7f0000000b40)=ANY=[@ANYBLOB="1800000000000000000000000000000085000000bc000000850000002300000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x1, '\x00', 0x0, @fallback=0x1, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
socket(0x10, 0x803, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0e000000040000000800000005"], 0x48)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x6, 0xc, &(0x7f00000001c0)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bc82000000000000a6020000f8ffffffb703000008000000b703000000000000850000003300000095"], &(0x7f0000000780)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x26, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f00000008c0)={{r0}, &(0x7f0000000840), &(0x7f0000000880)=r1}, 0x20)
r2 = socket$inet_tcp(0x2, 0x1, 0x0)
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000180)={'syz_tun\x00', <r3=>0x0})
bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f00000005c0)={r1, r3, 0x25, 0x2, @void}, 0x10)
syz_emit_ethernet(0x2a, &(0x7f0000000140)={@link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x2}, @local, @void, {@ipv4={0x800, @icmp={{0x5, 0x4, 0x0, 0x0, 0x1c, 0x67, 0x0, 0x0, 0x1, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}, @broadcast}, @address_reply={0x12, 0x0, 0x0, 0x400}}}}}, 0x0)

38.40413076s ago: executing program 4 (id=255):
r0 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
openat$iommufd(0xffffffffffffff9c, 0x0, 0x0, 0x0)
syz_mount_image$udf(&(0x7f00000004c0), &(0x7f00000002c0)='./file0\x00', 0xe01, &(0x7f0000000600)={[{@gid_ignore}, {@partition={'partition', 0x3d, 0x5}}, {@noadinicb}, {@gid_ignore}, {@dmode={'dmode', 0x3d, 0x1}}, {@volume={'volume', 0x3d, 0x6}}, {@gid_forget}]}, 0x1, 0x49c, &(0x7f0000000a40)="$eJzs291rHNUfx/HPd7K72aT9/bpt07RKwVVBpWLNQx+NF32IoUIf0rQRKSrEZhOX5olsKm0RLd546403IqKgIFW0IOKNV9o7/wAFQdALL0RwL3wAQZCZPbMz2WybtPvUbd8vaHdy5jtzzpyzZ87Z3TMCAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADSoacO9vVbq0sBAACa6fipsb4Bxn8AAO4qp/n8DwAAcDcxefpepuGxoh0L/i5JH83Pnb8wPjxS/bAuC47sCOL9f+n+gcFdu/fs3Re+3vj4ertHJ06dPpg9PD+7sJgrFHKT2fG5/Nn5ydyaz1Dr8ZV2BBWQnT13fnJqqpAd2Dm4bPeFzC+d63ozQ3t7D3hh7PjwyMipWEwiecu5r3C9GX5KnrbJ9NtDn9pxSZ5qr4tV3juN1hVcxI7gIsaHR4ILmclPzC35O0fDivDctTqpsI6a0BY16ZH8clmqPp/ZkvJ0QKben4t2QlJHWA+PBl8MX//ARF2yv2V+OZ+X9IDaoM1uY53y9KNMsxvSGm19s6LJEvJ0QaY/hop2Mrgf+P3Jv20efSb79NzUfCx21FyPio8PiTYcH5rpNr83peXpeHDHL9pYqwuD5uvy9JZMWz5+OZhXKJiXbhja+8TJwfgMY+sqp/Fjd7r541rG5KSLHbVRM6/+lwUAAAAAAABA6jRP38lU/CobJWZMXuwn47RKPwxlW1NEAI1int6W6eRYMfgaPr4upSO2vqes3deGNLb8XenD8wsXF/PTLy1V3d+dPvhiYWlx4mz13ery77Md8ZTV1rHUKGmeUjI99+dHVs63dP93SwGi0nz4ZLRmJl2Zf/C++X9pPVP4G9L+M1vj21WLfBO/j/p5mnlakunQpm1urUq3VtSZSnGfy/T7e9tdnJfyCx+eNlM641R+Jtfnx34t0/v/hrHBsiitc7Gbo9h+P9ZkevPY8tj1LrYnih3wY0dkuvZC9dgtUeygH/u6TAu/ZsPYbj/2PhfbG8XuPDs/M1mtKoGb5ff/n2R6tydrYd9IlN5/K/v/K9FYcLnyRNfp87X2/0ws7bLr12f8/v/XtqAvB/3fq97/35Dpky+2u7hS30u5/RuD/6P+/6xM098uj+12sZui2P41V2yb8Nt/u0xHtlwt141rf9cCUavF2//eyndHg9p/Yywt4/LtrM+lQ1Lh4qVzEzMzuUU2Sht+p296pl4rMmWDjRtstPrOhGbwx//P/FnUlz+U5ztu/HcfU6KZ1d+vRuP/UOWJGjT+b4qlDbnZSDIhpZdmF5JbpXTh4qXH8rMT07np3Nyuvj19u3ft79+/L5kKJ3fRVs11dSfy2/8bmf5Zd6X8eXf5/K/6/L+78kQNav/NsbTuZfOVmi8drv2vyHT/tavl7yVuNP8Pv/955MHSa7l/Nqj9e2JpGZfv/+pz6QAAAAAAAAAAAAAAAADQ1pLm6QOZjjyesPBZs7Ws/1vxAJpb5xU+Q1Kv9V+9sbTJJj2vUFOFAkCb8OTpHZkeVtFe8xPWS8fir7ij/RcAAP//hSYeCw==")
munmap(&(0x7f0000001000/0x3000)=nil, 0x3000)
openat$dir(0xffffffffffffff9c, &(0x7f0000000000)='.\x00', 0x0, 0x90)
setsockopt$inet6_int(0xffffffffffffffff, 0x29, 0x35, &(0x7f0000000000)=0x8000, 0x4)
bind$inet6(0xffffffffffffffff, &(0x7f0000000100)={0xa, 0x4e20, 0x0, @remote}, 0x1c)
setsockopt$inet6_int(0xffffffffffffffff, 0x29, 0xb, 0x0, 0x0)
recvmmsg(0xffffffffffffffff, &(0x7f000000bf40)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000009c40)=""/19, 0x13}, 0x3ff}], 0x1, 0x2, 0x0)
sendto$inet6(0xffffffffffffffff, 0x0, 0x0, 0x0, &(0x7f0000000300)={0xa, 0x4e20, 0x0, @mcast1}, 0x1c)
r2 = socket$nl_netfilter(0x10, 0x3, 0xc)
recvfrom(0xffffffffffffffff, &(0x7f0000000140)=""/67, 0x43, 0x40011040, 0x0, 0x0)
sendmsg$IPSET_CMD_CREATE(r2, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000044c0)={&(0x7f0000000080)=ANY=[@ANYBLOB="5c00000002060500000000000000000007000000140007800800114040000000080012400000ffff0500010006000000050005000200000005000400000000000900020073797a310000000010000300686173683a69702c6d6163"], 0x5c}, 0x1, 0x0, 0x0, 0x810}, 0x4084)
ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f00000005c0)={'wlan0\x00', <r3=>0x0})
sendmsg$NL80211_CMD_DEL_STATION(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000001c0)=ANY=[@ANYRES16=r0, @ANYBLOB="21012cbd70000000000014000000080003", @ANYRES32=r3, @ANYBLOB="0600360000000000050029000c000000"], 0x2c}}, 0x0)
syz_usb_connect(0x0, 0x3f, &(0x7f0000000280)=ANY=[@ANYBLOB="1201000329d76808e815009161610102030109022d20010700b0060904d50f036151576a09058f0210000002070905"], 0x0)

36.105548817s ago: executing program 4 (id=258):
r0 = socket$nl_route(0x10, 0x3, 0x0)
mmap(&(0x7f00003d0000/0x1000)=nil, 0x1000, 0x0, 0xb5972, 0xffffffffffffffff, 0x0)
socket$igmp6(0xa, 0x3, 0x2)
prlimit64(0x0, 0xe, &(0x7f0000000200)={0x8, 0x8a}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x3)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8)
openat$sysfs(0xffffffffffffff9c, 0x0, 0x149882, 0x60)
set_mempolicy(0x2, 0x0, 0x3)
r2 = socket(0x80000000000000a, 0x2, 0x0)
setsockopt$inet6_group_source_req(r2, 0x29, 0x2e, &(0x7f0000000200)={0x0, {{0xa, 0x0, 0x3, @mcast1={0xff, 0x7}}}, {{0xa, 0x0, 0x2, @loopback}}}, 0x108)
syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
setsockopt$inet6_group_source_req(r2, 0x29, 0x2e, 0x0, 0x0)
close(r2)
sendmsg$nl_route(r0, 0x0, 0x0)

34.681179164s ago: executing program 4 (id=261):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
symlink(&(0x7f0000000040)='.\x00', &(0x7f0000000100)='./file0\x00')
mkdirat(0xffffffffffffff9c, &(0x7f0000000340)='./file1\x00', 0x0)
mkdir(&(0x7f00000004c0)='./bus\x00', 0x0)
lsetxattr$security_capability(&(0x7f0000000180)='./file0\x00', &(0x7f0000000200), &(0x7f00000002c0)=@v3={0x3000000, [{0x2, 0x9}, {0x3, 0x3ff}]}, 0x18, 0x1)
mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f0000000500)={[{@lowerdir={'lowerdir', 0x3d, './file0'}}, {@upperdir={'upperdir', 0x3d, './file1'}}, {@workdir={'workdir', 0x3d, './bus'}}]})
chdir(&(0x7f00000001c0)='./bus\x00')
lchown(&(0x7f0000000000)='./file0\x00', 0x0, 0x0)

33.398564278s ago: executing program 4 (id=264):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000003c0)={0x18, 0x4, &(0x7f0000000340)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f00000000c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x2, '\x00', 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r0}, 0x10)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x100}, 0x0)
r1 = getpid()
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000680)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sendmsg$NL80211_CMD_ASSOCIATE(0xffffffffffffffff, 0x0, 0x850)
openat$nci(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0)
syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
socket(0x1, 0x5, 0x0)
sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000200)={0x14, 0x34, 0x9, 0x0, 0x4000, {0x2}}, 0x14}, 0x1, 0x0, 0x0, 0x4841}, 0x4000010)

24.136170117s ago: executing program 34 (id=254):
socket$inet6(0xa, 0x1, 0x0)
socket$inet6_sctp(0xa, 0x5, 0x84)
socket$inet6_sctp(0xa, 0x1, 0x84)
socket$nl_route(0x10, 0x3, 0x0)
openat$nci(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0)
syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
bpf$PROG_LOAD(0x5, &(0x7f0000000580)={0x6, 0x5, &(0x7f0000000b40)=ANY=[@ANYBLOB="1800000000000000000000000000000085000000bc000000850000002300000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x1, '\x00', 0x0, @fallback=0x1, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
socket(0x10, 0x803, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0e000000040000000800000005"], 0x48)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x6, 0xc, &(0x7f00000001c0)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bc82000000000000a6020000f8ffffffb703000008000000b703000000000000850000003300000095"], &(0x7f0000000780)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x26, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f00000008c0)={{r0}, &(0x7f0000000840), &(0x7f0000000880)=r1}, 0x20)
r2 = socket$inet_tcp(0x2, 0x1, 0x0)
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000180)={'syz_tun\x00', <r3=>0x0})
bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f00000005c0)={r1, r3, 0x25, 0x2, @void}, 0x10)
syz_emit_ethernet(0x2a, &(0x7f0000000140)={@link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x2}, @local, @void, {@ipv4={0x800, @icmp={{0x5, 0x4, 0x0, 0x0, 0x1c, 0x67, 0x0, 0x0, 0x1, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}, @broadcast}, @address_reply={0x12, 0x0, 0x0, 0x400}}}}}, 0x0)

22.409036009s ago: executing program 0 (id=282):
syz_open_dev$cec(0x0, 0x0, 0x113101)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000280)=0x1)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
bind$unix(0xffffffffffffffff, 0x0, 0x0)
r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8)
set_mempolicy(0x3, &(0x7f0000000080)=0x7, 0x400)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000140)='./file1\x00', 0x401c2, 0x10)
ftruncate(r1, 0x8800000)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000001c40)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
recvmmsg(r3, &(0x7f00000034c0)=[{{0x0, 0x0, &(0x7f0000001e40)=[{&(0x7f0000000b80)=""/4096, 0x20001b80}, {&(0x7f0000001b80)=""/112, 0x70}], 0x2, 0x0, 0xa0028cb4}}], 0x40000000000013c, 0x700, 0x0)
sendfile(r2, r1, 0x0, 0x578410eb)
r4 = socket$kcm(0x10, 0x2, 0x10)
recvmmsg(r4, 0x0, 0x0, 0x42, 0x0)

19.184239289s ago: executing program 0 (id=287):
socket$inet6(0xa, 0x1, 0x0)
r0 = gettid()
kcmp(r0, r0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff)
prlimit64(r0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r1 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x3000)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file1/file0\x00'}, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r4 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000300)={0x11, 0x5, &(0x7f00000002c0)=ANY=[@ANYBLOB="18050000000000fe000000004b64ffec850000007d000000040000000700000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000080)='sched_switch\x00', r4}, 0xc)
sched_setscheduler(0x0, 0x2, 0x0)
mknod$loop(&(0x7f00000017c0)='./file0\x00', 0x2480, 0x0)
mount(&(0x7f00000000c0)=@filename='./file0\x00', &(0x7f0000000100)='./file0\x00', &(0x7f0000000080)='ubifs\x00', 0x0, 0x0)

17.944020233s ago: executing program 0 (id=289):
r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f0000000100))
r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000140)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000080)={0x8, 0x0, &(0x7f0000000400)=[@increfs], 0x0, 0x0, 0x0})
r2 = dup3(r1, r0, 0x0)
ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f00000004c0)={0x8, 0x0, &(0x7f0000000000)=[@acquire], 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f00000001c0)={0x4c, 0x0, &(0x7f0000000fc0)=[@transaction_sg={0x40486311, {0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x48, 0x18, &(0x7f0000000300)={@flat=@weak_binder={0x77622a85, 0x100a, 0x8000000000}, @flat=@weak_binder={0x77622a85, 0x1100, 0x3}}, &(0x7f0000000200)={0x0, 0x18, 0x30}}}], 0x0, 0x0, 0x0})
mmap$binder(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0x1, 0x11, r0, 0x10000000000)

17.844806678s ago: executing program 35 (id=264):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000003c0)={0x18, 0x4, &(0x7f0000000340)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f00000000c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x2, '\x00', 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r0}, 0x10)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x100}, 0x0)
r1 = getpid()
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000680)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sendmsg$NL80211_CMD_ASSOCIATE(0xffffffffffffffff, 0x0, 0x850)
openat$nci(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0)
syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
socket(0x1, 0x5, 0x0)
sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000200)={0x14, 0x34, 0x9, 0x0, 0x4000, {0x2}}, 0x14}, 0x1, 0x0, 0x0, 0x4841}, 0x4000010)

17.75201468s ago: executing program 0 (id=292):
bpf$MAP_CREATE(0x0, 0x0, 0x0)
sendmmsg$unix(0xffffffffffffffff, 0x0, 0x0, 0x0)
socket(0x2a, 0x2, 0x0)
ioctl$SNDRV_SEQ_IOCTL_DELETE_PORT(0xffffffffffffffff, 0x40a85321, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
socket(0x40000000015, 0x5, 0x0)
removexattr(&(0x7f0000000200)='./cgroup\x00', &(0x7f0000000240)=@known='user.incfs.metadata\x00')

16.749426807s ago: executing program 0 (id=293):
landlock_restrict_self(0xffffffffffffffff, 0x1)
r0 = syz_open_dev$video4linux(&(0x7f0000000000), 0x24, 0x20000)
ioctl$VIDIOC_QUERY_EXT_CTRL(r0, 0xc0e85667, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r4 = bpf$PROG_LOAD(0x5, &(0x7f0000000400)={0x11, 0xb, &(0x7f0000000640)=ANY=[@ANYBLOB="18060000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000003000000b703000000000000850000007300000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0xe, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000002c0)={&(0x7f0000000080)='sched_switch\x00', r4}, 0x10)
r5 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r5, 0x0, 0x0)
r6 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000007c0)=ANY=[@ANYBLOB="1b0000000000000000000000000004"], 0x48)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000240)={0x6, 0x10, &(0x7f0000000300)=@ringbuf={{0x18, 0x0, 0x0, 0x0, 0xbf21, 0x0, 0x0, 0x0, 0x3}, {{0x18, 0x1, 0x1, 0x0, r6}, {}, {0x7, 0x0, 0xb, 0x3, 0x0, 0x0, 0x10000000}}, {}, [@func={0x85, 0x0, 0x1, 0x0, 0xfffffff5}], {{}, {}, {0x85, 0x0, 0x0, 0x84}, {0x7, 0x0, 0xb, 0x0, 0x0, 0x0, 0x102}}}, &(0x7f0000000200)='syzkaller\x00', 0x1, 0x0, 0x0, 0x41000}, 0x94)

15.563958669s ago: executing program 0 (id=294):
r0 = openat$zero(0xffffffffffffff9c, 0x0, 0x400101, 0x0)
syz_init_net_socket$netrom(0x6, 0x5, 0x0)
r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x48241, 0x0)
ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f00000000c0)={'syzkaller1\x00', 0x6bf1c2d5adba8c32})
r2 = socket$igmp6(0xa, 0x3, 0x2)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000003c0)={0x0}, 0x18)
prlimit64(0x0, 0xe, &(0x7f0000000040)={0x8, 0x20008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000640)=0x3)
sched_setaffinity(0x0, 0x8, &(0x7f0000000280)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r3 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r3, &(0x7f000001aa40)=""/102400, 0x19000)
bpf$PROG_LOAD_XDP(0x5, 0x0, 0x0)
r4 = socket$can_j1939(0x1d, 0x2, 0x7)
bind$can_j1939(r0, &(0x7f0000000340)={0x1d, 0x0, 0xfffffffffffffffe, {0x1, 0xff, 0x6}, 0x2}, 0x18)
sendmsg$sock(r4, &(0x7f0000000200)={&(0x7f00000005c0)=@can={0x1d, 0x0, 0xf5}, 0x80, 0x0}, 0x800)
ioctl$sock_SIOCSIFVLAN_ADD_VLAN_CMD(r2, 0x8983, &(0x7f0000000300)={0x0, 'syzkaller1\x00'})

4.744225381s ago: executing program 5 (id=308):
syz_usb_connect$printer(0x2, 0x0, 0x0, &(0x7f00000009c0)={0x0, 0x0, 0x5, 0x0})
ioctl$vim2m_VIDIOC_S_FMT(0xffffffffffffffff, 0xc0d05605, &(0x7f0000000140)={0x2, @pix_mp={0x80000000, 0x9, 0x31363553, 0x0, 0x3, [{0x4, 0x5}, {0x6, 0x7f36}, {0x8, 0x6f}, {0x3, 0x1000f}, {0xa, 0xff}, {0x6, 0x589}, {0x8, 0x7}, {0x10041, 0x8}], 0xc, 0x8, 0x2, 0x1, 0x5}})
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000280)=0x4)
r0 = socket$inet_sctp(0x2, 0x5, 0x84)
getsockopt$inet_int(r0, 0x0, 0x22, 0x0, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r1, &(0x7f0000019a00)=""/102376, 0x18fe8)
r2 = socket$kcm(0x10, 0x2, 0x4)
r3 = openat$dsp(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0)
r4 = socket$kcm(0x10, 0x2, 0x0)
sendmsg$kcm(0xffffffffffffffff, 0x0, 0x4004090)
sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000003c0)=[{&(0x7f0000000000)="d800000010008104685fa3aa7143a0f8c81ded0b25000000e8fe09a118001500060014ea0000001208000300430000", 0x2f}], 0x1}, 0x20000880)
write$cgroup_subtree(r4, &(0x7f0000000000)=ANY=[], 0xfe33)
sendmsg$sock(r2, &(0x7f0000001b00)={0x0, 0x0, &(0x7f0000001a00)=[{0x0}, {&(0x7f00000007c0)}, {&(0x7f0000000100)='d', 0x1}, {&(0x7f0000000580)="342ef719052e2328cf9a4ce76e7b47912da790240a156a9d901a9468800f40bde7128827b42939e17d888a7e0a199bc9e10054632ebf19e3f0f96d482109486a6f4206f2864a0b392cce", 0x4a}, {0x0}, {&(0x7f0000000600)="4035d3b5a2ddc6b062448bcdd73ac5431f22", 0x12}], 0x6, &(0x7f0000001a80)=[@timestamping={{0x14, 0x1, 0x25, 0x1}}, @txtime={{0x18, 0x1, 0x3d, 0x8}}, @timestamping={{0x14, 0x1, 0x25, 0x6}}, @timestamping={{0x14, 0x1, 0x25, 0xab2b}}], 0x60}, 0x0)
mmap$dsp(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x9, 0x11, r3, 0x0)

4.146003385s ago: executing program 5 (id=309):
r0 = getpid()
prlimit64(r0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x8)
r1 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r1, 0x2, &(0x7f0000000040)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r4 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=ANY=[@ANYBLOB="0b00000005000000000400000d00000001"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000440)=ANY=[@ANYBLOB, @ANYRES32=r4], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r5 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='sched_switch\x00', r5}, 0x10)
socket$inet6(0x10, 0x3, 0x0)
r6 = syz_open_procfs(0x0, &(0x7f0000000300)='fdinfo\x00')
getdents64(r6, &(0x7f0000002f40)=""/4084, 0x1007)

3.162096438s ago: executing program 5 (id=310):
r0 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r0, &(0x7f0000000080)={0x26, 'aead\x00', 0x0, 0x0, 'generic-gcm-aesni\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000180)="10797fcd6cd957d2b903c6bf46b4abf3629ff075475e4bd6e43be1712bf8b4dc", 0x20)
r1 = accept$alg(r0, 0x0, 0x0)
readv(r1, &(0x7f0000000040)=[{&(0x7f0000000700)=""/222, 0xde}], 0x1)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r2 = getpid()
sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x7)
mbind(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x2000, 0x0, 0x0, 0x2)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
pipe2$9p(0x0, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
r5 = syz_open_dev$tty1(0xc, 0x4, 0x4)
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000340)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff000000000200000009000100"], 0x7c}}, 0x0)
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000680)={{0x14}, [@NFT_MSG_NEWRULE={0x2c, 0x6, 0xa, 0x40b, 0x0, 0x0, {0x2}, [@NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_RULE_CHAIN={0x9, 0x2, 'syz2\x00'}]}], {0x14}}, 0x54}}, 0x4048010)
ioctl$TIOCL_SETSEL(r5, 0x541c, 0x0)
socket$inet6(0xa, 0x3, 0xff)
sendmmsg$unix(0xffffffffffffffff, &(0x7f0000008380), 0x400000000000174, 0x4008890)
sendmmsg$alg(r1, &(0x7f0000000cc0)=[{0x0, 0x0, &(0x7f0000000d80)=[{&(0x7f00000001c0)="4e84e4676ca902ac9c70861e766bc5b85dfc3b00850b25a33d8a18f15c0406e31744d9759871d981e2eaebf7b6d7a28a9af929a662e3680b39b5aef78716c1191540235a0007f76ee004987a65b6f980a3d0a4dc49e79daf74b87cb3ac62faf3187f039a231f6b8aa279b5ff9a99c66b29f4a2ac4fcce458a51553fcedd67541a3011f5b5e871a0aeb6588025ba85f27dc7e86e09d2a3b8d4a439b85208ed05983761d5e09b83048bfa8f2448e08593c09c166b2c1840093b292acf135303de89cf2a6", 0xc3}], 0x1, &(0x7f00000006c0)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18, 0x4000000}], 0x1, 0x4800)

2.125972721s ago: executing program 5 (id=311):
r0 = syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0)
sendmmsg$inet(r0, 0x0, 0x0, 0x44004)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000019240)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
pread64(0xffffffffffffffff, 0x0, 0x0, 0x1000000000)
getgroups(0x0, 0x0)
add_key(&(0x7f0000000040)='user\x00', 0x0, 0x0, 0x0, 0x0)
bind$802154_dgram(r0, &(0x7f0000000040)={0x24, @long={0x3, 0x0, {0xaaaaaaaaaaaa0102}}}, 0x14)
connect$802154_dgram(r0, &(0x7f0000000240)={0x24, @none={0x0, 0x1}}, 0x14)
sendmmsg(r0, &(0x7f00000196c0)=[{{0x0, 0x0, 0x0}}, {{0x0, 0xd, 0x0}}], 0x4000050, 0x400c010)

1.135583054s ago: executing program 5 (id=312):
r0 = epoll_create1(0x0)
poll(&(0x7f0000000040)=[{r0, 0x200}], 0x1, 0xdb3)
r1 = socket$inet6(0xa, 0x80003, 0xff)
socket$nl_generic(0x10, 0x3, 0x10)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r2 = getpid()
sched_setaffinity(0x0, 0x0, 0x0)
sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r4, &(0x7f0000000000), 0x400000000000041, 0x0)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
lsetxattr$system_posix_acl(&(0x7f0000000400)='.\x00', &(0x7f0000002440)='system.posix_acl_default\x00', &(0x7f00000000c0)=ANY=[@ANYBLOB="02000000010000000000000002000000", @ANYRES32=0xee01, @ANYBLOB="02000000", @ANYRES32=0xee00, @ANYBLOB="02000000", @ANYRES32=0xee00, @ANYBLOB="02000000", @ANYRES32=0x0, @ANYBLOB="040000000000800008000000", @ANYRES32=0x0, @ANYBLOB='\b\x00\x00\x00', @ANYRES32=0x0, @ANYBLOB='\b\x00\x00\x00', @ANYRES32=0x0, @ANYBLOB="100000000000000020"], 0x5c, 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x0)
lgetxattr(&(0x7f0000000000)='./file1\x00', &(0x7f0000000040)=@known='system.posix_acl_access\x00', 0x0, 0x0)
close(r1)

159.770287ms ago: executing program 36 (id=294):
r0 = openat$zero(0xffffffffffffff9c, 0x0, 0x400101, 0x0)
syz_init_net_socket$netrom(0x6, 0x5, 0x0)
r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x48241, 0x0)
ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f00000000c0)={'syzkaller1\x00', 0x6bf1c2d5adba8c32})
r2 = socket$igmp6(0xa, 0x3, 0x2)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000003c0)={0x0}, 0x18)
prlimit64(0x0, 0xe, &(0x7f0000000040)={0x8, 0x20008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000640)=0x3)
sched_setaffinity(0x0, 0x8, &(0x7f0000000280)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r3 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r3, &(0x7f000001aa40)=""/102400, 0x19000)
bpf$PROG_LOAD_XDP(0x5, 0x0, 0x0)
r4 = socket$can_j1939(0x1d, 0x2, 0x7)
bind$can_j1939(r0, &(0x7f0000000340)={0x1d, 0x0, 0xfffffffffffffffe, {0x1, 0xff, 0x6}, 0x2}, 0x18)
sendmsg$sock(r4, &(0x7f0000000200)={&(0x7f00000005c0)=@can={0x1d, 0x0, 0xf5}, 0x80, 0x0}, 0x800)
ioctl$sock_SIOCSIFVLAN_ADD_VLAN_CMD(r2, 0x8983, &(0x7f0000000300)={0x0, 'syzkaller1\x00'})

0s ago: executing program 5 (id=314):
bpf$MAP_CREATE_CONST_STR(0x0, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
syz_emit_ethernet(0x0, 0x0, 0x0)
r0 = syz_open_dev$MSR(&(0x7f0000000040), 0x0, 0x0)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_NEW(r1, &(0x7f0000000300)={0x0, 0x0, 0x0}, 0x10)
socket$nl_netfilter(0x10, 0x3, 0xc)
memfd_create(0x0, 0x6)
fcntl$lock(0xffffffffffffffff, 0x24, 0x0)
read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8)
open(&(0x7f0000000180)='./bus\x00', 0x14927e, 0x0)
r2 = userfaultfd(0x801)
ioctl$UFFDIO_API(r2, 0xc018aa3f, &(0x7f0000000040))
ioctl$UFFDIO_REGISTER(r2, 0xc020aa00, &(0x7f0000000140)={{&(0x7f000005f000/0x4000)=nil, 0x4000}, 0x3})
ioctl$UFFDIO_UNREGISTER(r2, 0x8010aa01, &(0x7f00000000c0)={&(0x7f0000000000/0xc00000)=nil, 0xc00000})

kernel console output (not intermixed with test programs):

Warning: Permanently added '10.128.0.97' (ED25519) to the list of known hosts.
[   86.036519][ T5818] cgroup: Unknown subsys name 'net'
[   86.162364][ T5818] cgroup: Unknown subsys name 'cpuset'
[   86.171661][ T5818] cgroup: Unknown subsys name 'rlimit'
Setting up swapspace version 1, size = 127995904 bytes
[   87.671410][ T5818] Adding 124996k swap on ./swap-file.  Priority:0 extents:1 across:124996k 
[   92.208218][ T5837] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[   92.221730][ T5840] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1
[   92.229331][ T5837] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[   92.234371][ T5841] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1
[   92.237328][ T5837] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[   92.244632][ T5841] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9
[   92.250819][ T5840] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9
[   92.258210][ T5841] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9
[   92.266939][ T5840] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[   92.272253][ T5841] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9
[   92.279016][ T5840] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[   92.286823][ T5841] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4
[   92.304510][ T5841] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2
[   92.306552][ T5840] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4
[   92.320112][ T5840] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2
[   92.350651][   T51] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1
[   92.358467][   T51] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9
[   92.377913][   T51] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9
[   92.388880][   T51] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4
[   92.397166][   T51] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2
[   92.438969][ T5841] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1
[   92.447085][ T5841] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1
[   92.455552][ T5841] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9
[   92.463125][ T5841] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9
[   92.471687][ T5841] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4
[   92.479788][ T5841] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2
[   92.493717][ T5840] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9
[   92.505695][ T5841] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9
[   92.514978][ T5841] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4
[   92.522747][ T5841] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2
[   93.270968][ T5830] chnl_net:caif_netlink_parms(): no params data found
[   93.283988][ T5839] chnl_net:caif_netlink_parms(): no params data found
[   93.447076][ T5834] chnl_net:caif_netlink_parms(): no params data found
[   93.501003][ T5832] chnl_net:caif_netlink_parms(): no params data found
[   93.763562][ T5850] chnl_net:caif_netlink_parms(): no params data found
[   93.797784][ T5842] chnl_net:caif_netlink_parms(): no params data found
[   93.811894][ T5839] bridge0: port 1(bridge_slave_0) entered blocking state
[   93.819217][ T5839] bridge0: port 1(bridge_slave_0) entered disabled state
[   93.826533][ T5839] bridge_slave_0: entered allmulticast mode
[   93.836185][ T5839] bridge_slave_0: entered promiscuous mode
[   93.872603][ T5830] bridge0: port 1(bridge_slave_0) entered blocking state
[   93.879830][ T5830] bridge0: port 1(bridge_slave_0) entered disabled state
[   93.886951][ T5830] bridge_slave_0: entered allmulticast mode
[   93.894651][ T5830] bridge_slave_0: entered promiscuous mode
[   93.909869][ T5839] bridge0: port 2(bridge_slave_1) entered blocking state
[   93.917017][ T5839] bridge0: port 2(bridge_slave_1) entered disabled state
[   93.924507][ T5839] bridge_slave_1: entered allmulticast mode
[   93.932465][ T5839] bridge_slave_1: entered promiscuous mode
[   93.955143][ T5834] bridge0: port 1(bridge_slave_0) entered blocking state
[   93.962307][ T5834] bridge0: port 1(bridge_slave_0) entered disabled state
[   93.969706][ T5834] bridge_slave_0: entered allmulticast mode
[   93.977438][ T5834] bridge_slave_0: entered promiscuous mode
[   94.002404][ T5830] bridge0: port 2(bridge_slave_1) entered blocking state
[   94.009624][ T5830] bridge0: port 2(bridge_slave_1) entered disabled state
[   94.016734][ T5830] bridge_slave_1: entered allmulticast mode
[   94.024822][ T5830] bridge_slave_1: entered promiscuous mode
[   94.106680][ T5834] bridge0: port 2(bridge_slave_1) entered blocking state
[   94.114207][ T5834] bridge0: port 2(bridge_slave_1) entered disabled state
[   94.121759][ T5834] bridge_slave_1: entered allmulticast mode
[   94.132989][ T5834] bridge_slave_1: entered promiscuous mode
[   94.210280][ T5830] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   94.229185][ T5839] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   94.242420][ T5839] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   94.272747][ T5832] bridge0: port 1(bridge_slave_0) entered blocking state
[   94.280254][ T5832] bridge0: port 1(bridge_slave_0) entered disabled state
[   94.287781][ T5832] bridge_slave_0: entered allmulticast mode
[   94.295198][ T5832] bridge_slave_0: entered promiscuous mode
[   94.305911][ T5830] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   94.339075][   T51] Bluetooth: hci2: command tx timeout
[   94.339386][ T5841] Bluetooth: hci0: command tx timeout
[   94.370673][ T5832] bridge0: port 2(bridge_slave_1) entered blocking state
[   94.378066][ T5832] bridge0: port 2(bridge_slave_1) entered disabled state
[   94.385238][ T5832] bridge_slave_1: entered allmulticast mode
[   94.393411][ T5832] bridge_slave_1: entered promiscuous mode
[   94.422715][ T5841] Bluetooth: hci3: command tx timeout
[   94.428490][   T51] Bluetooth: hci1: command tx timeout
[   94.459819][ T5839] team0: Port device team_slave_0 added
[   94.468991][ T5834] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   94.527384][ T5830] team0: Port device team_slave_0 added
[   94.550416][ T5839] team0: Port device team_slave_1 added
[   94.576870][ T5834] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   94.586335][   T51] Bluetooth: hci4: command tx timeout
[   94.586661][   T51] Bluetooth: hci5: command tx timeout
[   94.635264][ T5832] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   94.646613][ T5830] team0: Port device team_slave_1 added
[   94.683438][ T5842] bridge0: port 1(bridge_slave_0) entered blocking state
[   94.690730][ T5842] bridge0: port 1(bridge_slave_0) entered disabled state
[   94.698325][ T5842] bridge_slave_0: entered allmulticast mode
[   94.705798][ T5842] bridge_slave_0: entered promiscuous mode
[   94.730010][ T5850] bridge0: port 1(bridge_slave_0) entered blocking state
[   94.737156][ T5850] bridge0: port 1(bridge_slave_0) entered disabled state
[   94.744931][ T5850] bridge_slave_0: entered allmulticast mode
[   94.752451][ T5850] bridge_slave_0: entered promiscuous mode
[   94.762094][ T5832] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   94.804256][ T5839] batman_adv: batadv0: Adding interface: batadv_slave_0
[   94.812114][ T5839] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   94.838147][ T5839] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   94.850902][ T5842] bridge0: port 2(bridge_slave_1) entered blocking state
[   94.858642][ T5842] bridge0: port 2(bridge_slave_1) entered disabled state
[   94.865860][ T5842] bridge_slave_1: entered allmulticast mode
[   94.873376][ T5842] bridge_slave_1: entered promiscuous mode
[   94.899068][ T5834] team0: Port device team_slave_0 added
[   94.905154][ T5850] bridge0: port 2(bridge_slave_1) entered blocking state
[   94.912405][ T5850] bridge0: port 2(bridge_slave_1) entered disabled state
[   94.919908][ T5850] bridge_slave_1: entered allmulticast mode
[   94.927317][ T5850] bridge_slave_1: entered promiscuous mode
[   94.965245][ T5839] batman_adv: batadv0: Adding interface: batadv_slave_1
[   94.972335][ T5839] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   95.002820][ T5839] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   95.039650][ T5834] team0: Port device team_slave_1 added
[   95.048590][ T5842] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   95.074654][ T5832] team0: Port device team_slave_0 added
[   95.085069][ T5832] team0: Port device team_slave_1 added
[   95.091812][ T5830] batman_adv: batadv0: Adding interface: batadv_slave_0
[   95.098817][ T5830] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   95.126136][ T5830] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   95.139256][ T5830] batman_adv: batadv0: Adding interface: batadv_slave_1
[   95.146198][ T5830] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   95.172688][ T5830] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   95.218290][ T5842] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   95.312777][ T5839] hsr_slave_0: entered promiscuous mode
[   95.319491][ T5839] hsr_slave_1: entered promiscuous mode
[   95.343234][ T5834] batman_adv: batadv0: Adding interface: batadv_slave_0
[   95.350325][ T5834] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   95.376863][ T5834] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   95.407277][ T5850] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   95.421986][ T5850] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   95.432694][ T5832] batman_adv: batadv0: Adding interface: batadv_slave_0
[   95.439962][ T5832] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   95.466395][ T5832] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   95.479961][ T5832] batman_adv: batadv0: Adding interface: batadv_slave_1
[   95.486907][ T5832] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   95.512941][ T5832] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   95.525335][ T5834] batman_adv: batadv0: Adding interface: batadv_slave_1
[   95.532373][ T5834] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   95.558798][ T5834] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   95.657204][ T5842] team0: Port device team_slave_0 added
[   95.665018][ T5850] team0: Port device team_slave_0 added
[   95.673800][ T5850] team0: Port device team_slave_1 added
[   95.802522][ T5830] hsr_slave_0: entered promiscuous mode
[   95.809287][ T5830] hsr_slave_1: entered promiscuous mode
[   95.815570][ T5830] debugfs: 'hsr0' already exists in 'hsr'
[   95.821416][ T5830] Cannot create hsr debugfs directory
[   95.846988][ T5842] team0: Port device team_slave_1 added
[   95.903739][ T5832] hsr_slave_0: entered promiscuous mode
[   95.910984][ T5832] hsr_slave_1: entered promiscuous mode
[   95.918625][ T5832] debugfs: 'hsr0' already exists in 'hsr'
[   95.924370][ T5832] Cannot create hsr debugfs directory
[   95.982486][ T5850] batman_adv: batadv0: Adding interface: batadv_slave_0
[   95.990011][ T5850] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   96.016344][ T5850] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   96.029880][ T5850] batman_adv: batadv0: Adding interface: batadv_slave_1
[   96.036836][ T5850] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   96.062841][ T5850] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   96.089856][ T5834] hsr_slave_0: entered promiscuous mode
[   96.096463][ T5834] hsr_slave_1: entered promiscuous mode
[   96.103390][ T5834] debugfs: 'hsr0' already exists in 'hsr'
[   96.109167][ T5834] Cannot create hsr debugfs directory
[   96.115459][ T5842] batman_adv: batadv0: Adding interface: batadv_slave_0
[   96.122710][ T5842] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   96.148690][ T5842] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   96.161496][ T5842] batman_adv: batadv0: Adding interface: batadv_slave_1
[   96.168580][ T5842] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   96.194651][ T5842] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   96.419096][   T51] Bluetooth: hci2: command tx timeout
[   96.424529][   T51] Bluetooth: hci0: command tx timeout
[   96.433044][   T24] cfg80211: failed to load regulatory.db
[   96.450121][ T5850] hsr_slave_0: entered promiscuous mode
[   96.456637][ T5850] hsr_slave_1: entered promiscuous mode
[   96.463591][ T5850] debugfs: 'hsr0' already exists in 'hsr'
[   96.470373][ T5850] Cannot create hsr debugfs directory
[   96.488473][ T5842] hsr_slave_0: entered promiscuous mode
[   96.494911][ T5842] hsr_slave_1: entered promiscuous mode
[   96.500605][   T51] Bluetooth: hci3: command tx timeout
[   96.506927][ T5842] debugfs: 'hsr0' already exists in 'hsr'
[   96.508358][   T51] Bluetooth: hci1: command tx timeout
[   96.512776][ T5842] Cannot create hsr debugfs directory
[   96.663590][   T51] Bluetooth: hci5: command tx timeout
[   96.663603][ T5841] Bluetooth: hci4: command tx timeout
[   97.023409][ T5839] netdevsim netdevsim2 netdevsim0: renamed from eth0
[   97.073477][ T5839] netdevsim netdevsim2 netdevsim1: renamed from eth1
[   97.115166][ T5839] netdevsim netdevsim2 netdevsim2: renamed from eth2
[   97.149662][ T5839] netdevsim netdevsim2 netdevsim3: renamed from eth3
[   97.243446][ T5830] netdevsim netdevsim0 netdevsim0: renamed from eth0
[   97.256457][ T5830] netdevsim netdevsim0 netdevsim1: renamed from eth1
[   97.268300][ T5830] netdevsim netdevsim0 netdevsim2: renamed from eth2
[   97.283358][ T5830] netdevsim netdevsim0 netdevsim3: renamed from eth3
[   97.376909][ T5834] netdevsim netdevsim5 netdevsim0: renamed from eth0
[   97.407409][ T5834] netdevsim netdevsim5 netdevsim1: renamed from eth1
[   97.419999][ T5834] netdevsim netdevsim5 netdevsim2: renamed from eth2
[   97.432035][ T5834] netdevsim netdevsim5 netdevsim3: renamed from eth3
[   97.512328][ T5832] netdevsim netdevsim1 netdevsim0: renamed from eth0
[   97.534488][ T5832] netdevsim netdevsim1 netdevsim1: renamed from eth1
[   97.563838][ T5832] netdevsim netdevsim1 netdevsim2: renamed from eth2
[   97.575113][ T5832] netdevsim netdevsim1 netdevsim3: renamed from eth3
[   97.711584][ T5839] 8021q: adding VLAN 0 to HW filter on device bond0
[   97.721735][ T5850] netdevsim netdevsim4 netdevsim0: renamed from eth0
[   97.733612][ T5850] netdevsim netdevsim4 netdevsim1: renamed from eth1
[   97.768877][ T5850] netdevsim netdevsim4 netdevsim2: renamed from eth2
[   97.780810][ T5850] netdevsim netdevsim4 netdevsim3: renamed from eth3
[   97.904151][ T5842] netdevsim netdevsim3 netdevsim0: renamed from eth0
[   97.915662][ T5842] netdevsim netdevsim3 netdevsim1: renamed from eth1
[   97.932712][ T5842] netdevsim netdevsim3 netdevsim2: renamed from eth2
[   97.946771][ T5839] 8021q: adding VLAN 0 to HW filter on device team0
[   97.963628][ T5830] 8021q: adding VLAN 0 to HW filter on device bond0
[   97.971309][ T5842] netdevsim netdevsim3 netdevsim3: renamed from eth3
[   97.994568][  T138] bridge0: port 1(bridge_slave_0) entered blocking state
[   98.001821][  T138] bridge0: port 1(bridge_slave_0) entered forwarding state
[   98.051836][   T13] bridge0: port 2(bridge_slave_1) entered blocking state
[   98.059009][   T13] bridge0: port 2(bridge_slave_1) entered forwarding state
[   98.095341][ T5830] 8021q: adding VLAN 0 to HW filter on device team0
[   98.143449][  T138] bridge0: port 1(bridge_slave_0) entered blocking state
[   98.150621][  T138] bridge0: port 1(bridge_slave_0) entered forwarding state
[   98.184738][ T5834] 8021q: adding VLAN 0 to HW filter on device bond0
[   98.217174][  T138] bridge0: port 2(bridge_slave_1) entered blocking state
[   98.224395][  T138] bridge0: port 2(bridge_slave_1) entered forwarding state
[   98.276818][ T5834] 8021q: adding VLAN 0 to HW filter on device team0
[   98.335563][  T138] bridge0: port 1(bridge_slave_0) entered blocking state
[   98.342725][  T138] bridge0: port 1(bridge_slave_0) entered forwarding state
[   98.386836][ T5832] 8021q: adding VLAN 0 to HW filter on device bond0
[   98.427515][  T138] bridge0: port 2(bridge_slave_1) entered blocking state
[   98.434666][  T138] bridge0: port 2(bridge_slave_1) entered forwarding state
[   98.464283][ T5850] 8021q: adding VLAN 0 to HW filter on device bond0
[   98.497883][   T51] Bluetooth: hci0: command tx timeout
[   98.498634][ T5841] Bluetooth: hci2: command tx timeout
[   98.511148][ T5832] 8021q: adding VLAN 0 to HW filter on device team0
[   98.556705][ T5842] 8021q: adding VLAN 0 to HW filter on device bond0
[   98.577111][   T49] bridge0: port 1(bridge_slave_0) entered blocking state
[   98.578095][ T5841] Bluetooth: hci3: command tx timeout
[   98.584365][   T49] bridge0: port 1(bridge_slave_0) entered forwarding state
[   98.597200][ T5841] Bluetooth: hci1: command tx timeout
[   98.616884][ T5850] 8021q: adding VLAN 0 to HW filter on device team0
[   98.669351][ T1330] bridge0: port 2(bridge_slave_1) entered blocking state
[   98.676486][ T1330] bridge0: port 2(bridge_slave_1) entered forwarding state
[   98.689903][ T1330] bridge0: port 1(bridge_slave_0) entered blocking state
[   98.697087][ T1330] bridge0: port 1(bridge_slave_0) entered forwarding state
[   98.738553][ T5841] Bluetooth: hci4: command tx timeout
[   98.744038][ T5841] Bluetooth: hci5: command tx timeout
[   98.784349][ T5842] 8021q: adding VLAN 0 to HW filter on device team0
[   98.814863][   T36] bridge0: port 2(bridge_slave_1) entered blocking state
[   98.822050][   T36] bridge0: port 2(bridge_slave_1) entered forwarding state
[   98.871962][  T138] bridge0: port 1(bridge_slave_0) entered blocking state
[   98.879157][  T138] bridge0: port 1(bridge_slave_0) entered forwarding state
[   98.918066][  T138] bridge0: port 2(bridge_slave_1) entered blocking state
[   98.925192][  T138] bridge0: port 2(bridge_slave_1) entered forwarding state
[   99.135186][ T5839] 8021q: adding VLAN 0 to HW filter on device batadv0
[   99.282427][ T5830] 8021q: adding VLAN 0 to HW filter on device batadv0
[   99.413256][ T5839] veth0_vlan: entered promiscuous mode
[   99.485624][ T5839] veth1_vlan: entered promiscuous mode
[   99.512151][ T5834] 8021q: adding VLAN 0 to HW filter on device batadv0
[   99.602488][ T5830] veth0_vlan: entered promiscuous mode
[   99.673403][ T5830] veth1_vlan: entered promiscuous mode
[   99.863394][ T5839] veth0_macvtap: entered promiscuous mode
[   99.882948][ T5850] 8021q: adding VLAN 0 to HW filter on device batadv0
[   99.913283][ T5839] veth1_macvtap: entered promiscuous mode
[   99.975099][ T5830] veth0_macvtap: entered promiscuous mode
[  100.010376][ T5830] veth1_macvtap: entered promiscuous mode
[  100.048263][ T5832] 8021q: adding VLAN 0 to HW filter on device batadv0
[  100.144353][ T5842] 8021q: adding VLAN 0 to HW filter on device batadv0
[  100.160232][ T5839] batman_adv: batadv0: Interface activated: batadv_slave_0
[  100.223514][ T5839] batman_adv: batadv0: Interface activated: batadv_slave_1
[  100.237081][ T5830] batman_adv: batadv0: Interface activated: batadv_slave_0
[  100.274954][   T59] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  100.295331][ T5830] batman_adv: batadv0: Interface activated: batadv_slave_1
[  100.323181][   T59] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  100.336767][   T59] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  100.389454][   T59] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  100.399061][   T59] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  100.446782][   T59] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  100.456674][   T59] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  100.471232][   T59] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  100.488561][ T5832] veth0_vlan: entered promiscuous mode
[  100.514992][ T5842] veth0_vlan: entered promiscuous mode
[  100.533560][ T5834] veth0_vlan: entered promiscuous mode
[  100.570912][ T5832] veth1_vlan: entered promiscuous mode
[  100.578543][ T5841] Bluetooth: hci0: command tx timeout
[  100.579060][   T51] Bluetooth: hci2: command tx timeout
[  100.613474][ T5842] veth1_vlan: entered promiscuous mode
[  100.659317][ T5834] veth1_vlan: entered promiscuous mode
[  100.660139][   T51] Bluetooth: hci1: command tx timeout
[  100.664821][ T5841] Bluetooth: hci3: command tx timeout
[  100.709095][ T1330] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  100.717914][ T1330] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  100.795458][   T49] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  100.818157][ T5841] Bluetooth: hci5: command tx timeout
[  100.821000][   T49] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  100.831241][ T5841] Bluetooth: hci4: command tx timeout
[  100.841249][ T5850] veth0_vlan: entered promiscuous mode
[  100.849888][ T5842] veth0_macvtap: entered promiscuous mode
[  100.884355][ T5832] veth0_macvtap: entered promiscuous mode
[  100.922499][ T5834] veth0_macvtap: entered promiscuous mode
[  100.941616][ T5832] veth1_macvtap: entered promiscuous mode
[  100.962010][ T5842] veth1_macvtap: entered promiscuous mode
[  100.974767][   T36] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  100.983083][ T5850] veth1_vlan: entered promiscuous mode
[  100.992526][   T36] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  101.000484][ T5834] veth1_macvtap: entered promiscuous mode
[  101.014528][   T36] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  101.023135][   T36] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  101.075018][ T5834] batman_adv: batadv0: Interface activated: batadv_slave_0
[  101.100947][ T5842] batman_adv: batadv0: Interface activated: batadv_slave_0
[  101.118686][ T5839] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality.
[  101.124771][ T5832] batman_adv: batadv0: Interface activated: batadv_slave_0
[  101.158874][ T5834] batman_adv: batadv0: Interface activated: batadv_slave_1
[  101.186018][   T36] netdevsim netdevsim5 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  101.214135][   T36] netdevsim netdevsim5 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  101.239786][ T5842] batman_adv: batadv0: Interface activated: batadv_slave_1
[  101.250668][ T5832] batman_adv: batadv0: Interface activated: batadv_slave_1
[  101.283061][   T36] netdevsim netdevsim5 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  101.308646][   T36] netdevsim netdevsim5 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  101.346101][   T36] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  101.531157][   T36] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  101.720128][   T36] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  101.912916][ T5850] veth0_macvtap: entered promiscuous mode
[  102.019078][ T5850] veth1_macvtap: entered promiscuous mode
[  102.043605][   T36] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  102.053345][   T36] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  102.153474][   T36] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  102.192981][   T36] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  102.238557][   T36] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  102.274644][ T5987] netlink: 8 bytes leftover after parsing attributes in process `syz.0.7'.
[  102.342959][ T5987] netlink: 8 bytes leftover after parsing attributes in process `syz.0.7'.
[  102.609411][ T5850] batman_adv: batadv0: Interface activated: batadv_slave_0
[  102.621957][ T5850] batman_adv: batadv0: Interface activated: batadv_slave_1
[  102.696396][ T1330] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  102.726230][ T1330] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  102.762518][   T36] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  102.797167][   T36] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  102.827344][   T36] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  102.844105][   T36] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  102.855158][   T59] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  102.868113][   T59] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  102.980654][   T59] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  102.998300][   T59] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  103.105164][ T1330] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  103.113373][ T1330] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  103.223319][   T36] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  103.231738][ T5995] loop2: detected capacity change from 0 to 1024
[  103.245188][ T5995] =======================================================
[  103.245188][ T5995] WARNING: The mand mount option has been deprecated and
[  103.245188][ T5995]          and is ignored by this kernel. Remove the mand
[  103.245188][ T5995]          option from the mount to silence this warning.
[  103.245188][ T5995] =======================================================
[  103.254475][   T36] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  103.303851][ T5995] EXT4-fs: Ignoring removed orlov option
[  103.363641][ T5995] EXT4-fs (loop2): mounted filesystem 00000000-0000-0006-0000-000000000000 r/w without journal. Quota mode: none.
[  103.423036][ T2953] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  103.439218][ T2953] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  103.461187][ T5995] ext4 filesystem being mounted at /2/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  103.526165][ T5995] EXT4-fs error (device loop2): ext4_map_blocks:814: inode #15: comm syz.2.10: lblock 0 mapped to illegal pblock 0 (length 4)
[  103.555465][ T5993] loop0: detected capacity change from 0 to 32768
[  103.578897][ T5995] EXT4-fs (loop2): Delayed block allocation failed for inode 15 at logical offset 0 with max blocks 4 with error 117
[  103.619878][ T5993] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop0 (7:0) scanned by syz.0.9 (5993)
[  103.639407][ T5995] EXT4-fs (loop2): This should not happen!! Data will be lost
[  103.639407][ T5995] 
[  103.684363][ T6000] EXT4-fs error (device loop2): ext4_map_blocks:778: inode #15: comm syz.2.10: lblock 0 mapped to illegal pblock 0 (length 4)
[  103.730466][   T13] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  103.744555][ T5993] BTRFS info (device loop0): first mount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d
[  103.776566][   T13] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  103.798444][ T6004] EXT4-fs (loop2): shut down requested (1)
[  103.817319][ T5993] BTRFS info (device loop0): using sha256 (sha256-lib) checksum algorithm
[  104.062214][ T2953] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  104.087864][ T2953] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  104.161192][ T5839] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0006-0000-000000000000.
[  104.184449][ T5993] BTRFS info (device loop0): enabling ssd optimizations
[  104.204744][ T6024] netlink: 8 bytes leftover after parsing attributes in process `syz.5.11'.
[  104.241547][ T5993] BTRFS info (device loop0): enabling free space tree
[  104.415665][ T3547] BTRFS info (device loop0): qgroup scan completed (inconsistency flag cleared)
[  104.846770][ T6036] loop5: detected capacity change from 0 to 512
[  104.909856][ T6036] EXT4-fs: Warning: mounting with data=journal disables delayed allocation, dioread_nolock, O_DIRECT and fast_commit support!
[  105.017860][ T6036] EXT4-fs (loop5): encrypted files will use data=ordered instead of data journaling mode
[  105.125209][ T6036] EXT4-fs warning (device loop5): ext4_expand_extra_isize_ea:2848: Unable to expand inode 15. Delete some EAs or run e2fsck.
[  105.127339][ T6044] loop3: detected capacity change from 0 to 256
[  105.202051][ T6045] loop2: detected capacity change from 0 to 128
[  105.235720][ T6044] exFAT-fs (loop3): failed to load upcase table (idx : 0x0000fd4f, chksum : 0x53fda505, utbl_chksum : 0xe619d30d)
[  105.282206][ T6036] EXT4-fs (loop5): 1 truncate cleaned up
[  105.291823][ T6044] exFAT-fs (loop3): bogus allocation bitmap size(need : 2, cur : 17179869186)
[  105.339225][ T6036] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  105.374411][ T5830] BTRFS info (device loop0): last unmount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d
[  105.441136][   T30] audit: type=1800 audit(1759420941.300:2): pid=6044 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.3.14" name="file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" dev="loop3" ino=1048605 res=0 errno=0
[  105.483377][    C1] vkms_vblank_simulate: vblank timer overrun
[  105.559345][    T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!!
[  105.752334][    T0] NOHZ tick-stop error: local softirq work is pending, handler #40!!!
[  106.571474][    T0] NOHZ tick-stop error: local softirq work is pending, handler #40!!!
[  106.770179][    T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!!
[  106.878696][    T0] NOHZ tick-stop error: local softirq work is pending, handler #40!!!
[  106.951578][    T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!!
[  106.960236][    T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!!
[  106.968782][    T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!!
[  106.977394][    T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!!
[  107.001852][    T0] NOHZ tick-stop error: local softirq work is pending, handler #10!!!
[  107.956733][ T5834] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  110.254792][ T6076] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  111.880320][   T12] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  112.065694][ T6090] loop3: detected capacity change from 0 to 512
[  112.150288][   T12] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  112.153953][ T6090] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  112.268941][ T6090] ext4 filesystem being mounted at /4/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  112.542043][   T12] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  114.070063][   T12] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  114.335392][ T5842] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  114.598797][ T6116] capability: warning: `syz.3.36' uses deprecated v2 capabilities in a way that may be insecure
[  114.643771][   T12] bridge_slave_1: left allmulticast mode
[  114.677316][   T12] bridge_slave_1: left promiscuous mode
[  114.694126][   T51] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1
[  114.703505][   T51] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9
[  114.711545][   T51] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9
[  114.730596][   T51] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4
[  114.739111][   T51] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2
[  114.747771][   T12] bridge0: port 2(bridge_slave_1) entered disabled state
[  114.845588][ T6121] process 'syz.1.38' launched '/dev/fd/3' with NULL argv: empty string added
[  115.460376][   T12] bridge_slave_0: left allmulticast mode
[  115.507505][   T12] bridge_slave_0: left promiscuous mode
[  115.524102][   T12] bridge0: port 1(bridge_slave_0) entered disabled state
[  116.937507][   T51] Bluetooth: hci3: command tx timeout
[  117.160912][ T6143] loop5: detected capacity change from 0 to 512
[  117.179974][ T6143] EXT4-fs: Ignoring removed oldalloc option
[  117.307624][ T6143] EXT4-fs (loop5): encrypted files will use data=ordered instead of data journaling mode
[  117.355382][ T6143] EXT4-fs (loop5): 1 truncate cleaned up
[  117.369333][ T6143] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  117.713473][ T5834] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  117.748566][ T6147] loop1: detected capacity change from 0 to 1024
[  118.592141][ T6151] netlink: ct family unspecified
[  118.597376][ T6151] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  118.619755][   T30] audit: type=1800 audit(1759420954.470:3): pid=6147 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.1.43" name="file1" dev="loop1" ino=20 res=0 errno=0
[  118.698246][ T6058] hfsplus: b-tree write err: -5, ino 4
[  118.987708][   T51] Bluetooth: hci3: command tx timeout
[  119.143261][ T6157] dlm: no local IP address has been set
[  119.149442][ T6157] dlm: cannot start dlm midcomms -107
[  120.167179][ T6163] UDPLite: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list
[  121.060019][   T51] Bluetooth: hci3: command tx timeout
[  121.179244][   T12] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  121.578429][   T12] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  121.940224][   T12] bond0 (unregistering): Released all slaves
[  123.232995][ T6179] loop0: detected capacity change from 0 to 40427
[  123.243319][   T51] Bluetooth: hci3: command tx timeout
[  123.393697][ T6179] F2FS-fs (loop0): build fault injection rate: 14
[  123.400387][ T6179] F2FS-fs (loop0): build fault injection type: 0x3bfe8c
[  123.412783][ T6179] F2FS-fs (loop0): invalid crc value
[  123.437953][    C1] F2FS-fs (loop0): inject read IO error in f2fs_read_end_io of blk_update_request+0x57e/0xe60
[  123.468358][    C1] F2FS-fs (loop0): inject read IO error in f2fs_read_end_io of blk_update_request+0x57e/0xe60
[  123.535697][ T6179] F2FS-fs (loop0): f2fs_recover_fsync_data: recovery fsync data, check_only: 0
[  123.544976][ T6179] F2FS-fs (loop0): inject page alloc in f2fs_grab_cache_folio of __get_meta_folio+0x157/0x4f0
[  123.560301][ T6179] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e5
[  124.614324][ T6191] F2FS-fs (loop0): inject slab alloc in f2fs_kmem_cache_alloc of f2fs_new_node_folio+0x1d9/0xa40
[  124.930711][ T5830] F2FS-fs (loop0): inject inconsistent footer in sanity_check_node_footer of f2fs_get_dnode_of_data+0xab1/0x1cf0
[  124.987658][ T5830] F2FS-fs (loop0): inconsistent node block, node_type:0, nid:13, node_footer[nid:13,ino:3,ofs:185694,cpver:0,blkaddr:0]
[  125.087728][    C1] F2FS-fs (loop0): inject write IO error in f2fs_write_end_io of blk_update_request+0x57e/0xe60
[  125.098532][    C1] CPU: 1 UID: 0 PID: 23 Comm: ksoftirqd/1 Not tainted syzkaller #0 PREEMPT(full) 
[  125.098563][    C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
[  125.098578][    C1] Call Trace:
[  125.098587][    C1]  <TASK>
[  125.098597][    C1]  dump_stack_lvl+0x189/0x250
[  125.098637][    C1]  ? __pfx_dump_stack_lvl+0x10/0x10
[  125.098670][    C1]  ? __pfx_queue_work_on+0x10/0x10
[  125.098699][    C1]  ? _raw_spin_unlock_irqrestore+0xad/0x110
[  125.098726][    C1]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[  125.098765][    C1]  f2fs_handle_critical_error+0x37c/0x540
[  125.098813][    C1]  f2fs_write_end_io+0x886/0xb60
[  125.098859][    C1]  blk_update_request+0x57e/0xe60
[  125.098907][    C1]  blk_mq_end_request+0x3e/0x70
[  125.098939][    C1]  blk_done_softirq+0x10a/0x160
[  125.098970][    C1]  handle_softirqs+0x286/0x870
[  125.099004][    C1]  ? run_ksoftirqd+0x9b/0x100
[  125.099042][    C1]  ? __pfx_handle_softirqs+0x10/0x10
[  125.099074][    C1]  ? smpboot_thread_fn+0x4d/0xa60
[  125.099102][    C1]  ? srso_alias_return_thunk+0x5/0xfbef5
[  125.099143][    C1]  ? smpboot_thread_fn+0x4d/0xa60
[  125.099169][    C1]  run_ksoftirqd+0x9b/0x100
[  125.099201][    C1]  ? __pfx_run_ksoftirqd+0x10/0x10
[  125.099241][    C1]  smpboot_thread_fn+0x542/0xa60
[  125.099272][    C1]  ? smpboot_thread_fn+0x4d/0xa60
[  125.099311][    C1]  kthread+0x711/0x8a0
[  125.099349][    C1]  ? __pfx_smpboot_thread_fn+0x10/0x10
[  125.099378][    C1]  ? __pfx_kthread+0x10/0x10
[  125.099408][    C1]  ? srso_alias_return_thunk+0x5/0xfbef5
[  125.099441][    C1]  ? _raw_spin_unlock_irq+0x23/0x50
[  125.099465][    C1]  ? srso_alias_return_thunk+0x5/0xfbef5
[  125.099492][    C1]  ? lockdep_hardirqs_on+0x9c/0x150
[  125.099518][    C1]  ? __pfx_kthread+0x10/0x10
[  125.099553][    C1]  ret_from_fork+0x439/0x7d0
[  125.099585][    C1]  ? __pfx_ret_from_fork+0x10/0x10
[  125.099620][    C1]  ? __switch_to_asm+0x39/0x70
[  125.099655][    C1]  ? __switch_to_asm+0x33/0x70
[  125.099689][    C1]  ? __pfx_kthread+0x10/0x10
[  125.099724][    C1]  ret_from_fork_asm+0x1a/0x30
[  125.099778][    C1]  </TASK>
[  125.099788][    C1] F2FS-fs (loop0): Stopped filesystem due to reason: 3
[  125.306891][    C1] CPU: 1 UID: 0 PID: 23 Comm: ksoftirqd/1 Not tainted syzkaller #0 PREEMPT(full) 
[  125.306914][    C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
[  125.306925][    C1] Call Trace:
[  125.306933][    C1]  <TASK>
[  125.306940][    C1]  dump_stack_lvl+0x189/0x250
[  125.306972][    C1]  ? __pfx_dump_stack_lvl+0x10/0x10
[  125.306996][    C1]  ? __pfx_queue_work_on+0x10/0x10
[  125.307016][    C1]  ? _raw_spin_unlock_irqrestore+0xad/0x110
[  125.307036][    C1]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[  125.307064][    C1]  f2fs_handle_critical_error+0x37c/0x540
[  125.307107][    C1]  f2fs_write_end_io+0x886/0xb60
[  125.307142][    C1]  blk_update_request+0x57e/0xe60
[  125.307178][    C1]  blk_mq_end_request+0x3e/0x70
[  125.307201][    C1]  blk_done_softirq+0x10a/0x160
[  125.307224][    C1]  handle_softirqs+0x286/0x870
[  125.307249][    C1]  ? run_ksoftirqd+0x9b/0x100
[  125.307277][    C1]  ? __pfx_handle_softirqs+0x10/0x10
[  125.307300][    C1]  ? smpboot_thread_fn+0x4d/0xa60
[  125.307319][    C1]  ? srso_alias_return_thunk+0x5/0xfbef5
[  125.307343][    C1]  ? smpboot_thread_fn+0x4d/0xa60
[  125.307362][    C1]  run_ksoftirqd+0x9b/0x100
[  125.307385][    C1]  ? __pfx_run_ksoftirqd+0x10/0x10
[  125.307415][    C1]  smpboot_thread_fn+0x542/0xa60
[  125.307437][    C1]  ? smpboot_thread_fn+0x4d/0xa60
[  125.307465][    C1]  kthread+0x711/0x8a0
[  125.307494][    C1]  ? __pfx_smpboot_thread_fn+0x10/0x10
[  125.307514][    C1]  ? __pfx_kthread+0x10/0x10
[  125.307543][    C1]  ? srso_alias_return_thunk+0x5/0xfbef5
[  125.307573][    C1]  ? _raw_spin_unlock_irq+0x23/0x50
[  125.307596][    C1]  ? srso_alias_return_thunk+0x5/0xfbef5
[  125.307624][    C1]  ? lockdep_hardirqs_on+0x9c/0x150
[  125.307648][    C1]  ? __pfx_kthread+0x10/0x10
[  125.307681][    C1]  ret_from_fork+0x439/0x7d0
[  125.307712][    C1]  ? __pfx_ret_from_fork+0x10/0x10
[  125.307747][    C1]  ? __switch_to_asm+0x39/0x70
[  125.307780][    C1]  ? __switch_to_asm+0x33/0x70
[  125.307811][    C1]  ? __pfx_kthread+0x10/0x10
[  125.307849][    C1]  ret_from_fork_asm+0x1a/0x30
[  125.307907][    C1]  </TASK>
[  125.507187][    C1] F2FS-fs (loop0): Stopped filesystem due to reason: 3
[  125.514088][    C1] CPU: 1 UID: 0 PID: 23 Comm: ksoftirqd/1 Not tainted syzkaller #0 PREEMPT(full) 
[  125.514109][    C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
[  125.514120][    C1] Call Trace:
[  125.514129][    C1]  <TASK>
[  125.514137][    C1]  dump_stack_lvl+0x189/0x250
[  125.514171][    C1]  ? __pfx_dump_stack_lvl+0x10/0x10
[  125.514195][    C1]  ? __pfx_queue_work_on+0x10/0x10
[  125.514216][    C1]  ? _raw_spin_unlock_irqrestore+0xad/0x110
[  125.514236][    C1]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[  125.514264][    C1]  f2fs_handle_critical_error+0x37c/0x540
[  125.514304][    C1]  f2fs_write_end_io+0x886/0xb60
[  125.514348][    C1]  blk_update_request+0x57e/0xe60
[  125.514397][    C1]  blk_mq_end_request+0x3e/0x70
[  125.514427][    C1]  blk_done_softirq+0x10a/0x160
[  125.514459][    C1]  handle_softirqs+0x286/0x870
[  125.514491][    C1]  ? run_ksoftirqd+0x9b/0x100
[  125.514530][    C1]  ? __pfx_handle_softirqs+0x10/0x10
[  125.514563][    C1]  ? smpboot_thread_fn+0x4d/0xa60
[  125.514590][    C1]  ? srso_alias_return_thunk+0x5/0xfbef5
[  125.514623][    C1]  ? smpboot_thread_fn+0x4d/0xa60
[  125.514651][    C1]  run_ksoftirqd+0x9b/0x100
[  125.514683][    C1]  ? __pfx_run_ksoftirqd+0x10/0x10
[  125.514725][    C1]  smpboot_thread_fn+0x542/0xa60
[  125.514757][    C1]  ? smpboot_thread_fn+0x4d/0xa60
[  125.514797][    C1]  kthread+0x711/0x8a0
[  125.514836][    C1]  ? __pfx_smpboot_thread_fn+0x10/0x10
[  125.514873][    C1]  ? __pfx_kthread+0x10/0x10
[  125.514904][    C1]  ? srso_alias_return_thunk+0x5/0xfbef5
[  125.514938][    C1]  ? _raw_spin_unlock_irq+0x23/0x50
[  125.514962][    C1]  ? srso_alias_return_thunk+0x5/0xfbef5
[  125.514990][    C1]  ? lockdep_hardirqs_on+0x9c/0x150
[  125.515017][    C1]  ? __pfx_kthread+0x10/0x10
[  125.515053][    C1]  ret_from_fork+0x439/0x7d0
[  125.515086][    C1]  ? __pfx_ret_from_fork+0x10/0x10
[  125.515118][    C1]  ? __switch_to_asm+0x39/0x70
[  125.515154][    C1]  ? __switch_to_asm+0x33/0x70
[  125.515188][    C1]  ? __pfx_kthread+0x10/0x10
[  125.515225][    C1]  ret_from_fork_asm+0x1a/0x30
[  125.515281][    C1]  </TASK>
[  125.515290][    C1] F2FS-fs (loop0): Stopped filesystem due to reason: 3
[  125.722804][    C1] CPU: 1 UID: 0 PID: 23 Comm: ksoftirqd/1 Not tainted syzkaller #0 PREEMPT(full) 
[  125.722827][    C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
[  125.722839][    C1] Call Trace:
[  125.722850][    C1]  <TASK>
[  125.722858][    C1]  dump_stack_lvl+0x189/0x250
[  125.722888][    C1]  ? __pfx_dump_stack_lvl+0x10/0x10
[  125.722912][    C1]  ? __pfx_queue_work_on+0x10/0x10
[  125.722933][    C1]  ? _raw_spin_unlock_irqrestore+0xad/0x110
[  125.722952][    C1]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[  125.722981][    C1]  f2fs_handle_critical_error+0x37c/0x540
[  125.723015][    C1]  f2fs_write_end_io+0x886/0xb60
[  125.723049][    C1]  blk_update_request+0x57e/0xe60
[  125.723084][    C1]  blk_mq_end_request+0x3e/0x70
[  125.723108][    C1]  blk_done_softirq+0x10a/0x160
[  125.723130][    C1]  handle_softirqs+0x286/0x870
[  125.723154][    C1]  ? run_ksoftirqd+0x9b/0x100
[  125.723182][    C1]  ? __pfx_handle_softirqs+0x10/0x10
[  125.723206][    C1]  ? smpboot_thread_fn+0x4d/0xa60
[  125.723225][    C1]  ? srso_alias_return_thunk+0x5/0xfbef5
[  125.723249][    C1]  ? smpboot_thread_fn+0x4d/0xa60
[  125.723268][    C1]  run_ksoftirqd+0x9b/0x100
[  125.723291][    C1]  ? __pfx_run_ksoftirqd+0x10/0x10
[  125.723320][    C1]  smpboot_thread_fn+0x542/0xa60
[  125.723343][    C1]  ? smpboot_thread_fn+0x4d/0xa60
[  125.723371][    C1]  kthread+0x711/0x8a0
[  125.723399][    C1]  ? __pfx_smpboot_thread_fn+0x10/0x10
[  125.723420][    C1]  ? __pfx_kthread+0x10/0x10
[  125.723442][    C1]  ? srso_alias_return_thunk+0x5/0xfbef5
[  125.723466][    C1]  ? _raw_spin_unlock_irq+0x23/0x50
[  125.723483][    C1]  ? srso_alias_return_thunk+0x5/0xfbef5
[  125.723502][    C1]  ? lockdep_hardirqs_on+0x9c/0x150
[  125.723521][    C1]  ? __pfx_kthread+0x10/0x10
[  125.723547][    C1]  ret_from_fork+0x439/0x7d0
[  125.723570][    C1]  ? __pfx_ret_from_fork+0x10/0x10
[  125.723596][    C1]  ? __switch_to_asm+0x39/0x70
[  125.723620][    C1]  ? __switch_to_asm+0x33/0x70
[  125.723645][    C1]  ? __pfx_kthread+0x10/0x10
[  125.723670][    C1]  ret_from_fork_asm+0x1a/0x30
[  125.723710][    C1]  </TASK>
[  125.723717][    C1] F2FS-fs (loop0): Stopped filesystem due to reason: 3
[  125.930659][    C1] CPU: 1 UID: 0 PID: 23 Comm: ksoftirqd/1 Not tainted syzkaller #0 PREEMPT(full) 
[  125.930682][    C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
[  125.930692][    C1] Call Trace:
[  125.930700][    C1]  <TASK>
[  125.930707][    C1]  dump_stack_lvl+0x189/0x250
[  125.930738][    C1]  ? __pfx_dump_stack_lvl+0x10/0x10
[  125.930762][    C1]  ? __pfx_queue_work_on+0x10/0x10
[  125.930783][    C1]  ? _raw_spin_unlock_irqrestore+0xad/0x110
[  125.930803][    C1]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[  125.930831][    C1]  f2fs_handle_critical_error+0x37c/0x540
[  125.930871][    C1]  f2fs_write_end_io+0x886/0xb60
[  125.930906][    C1]  blk_update_request+0x57e/0xe60
[  125.930941][    C1]  blk_mq_end_request+0x3e/0x70
[  125.930965][    C1]  blk_done_softirq+0x10a/0x160
[  125.930988][    C1]  handle_softirqs+0x286/0x870
[  125.931013][    C1]  ? run_ksoftirqd+0x9b/0x100
[  125.931041][    C1]  ? __pfx_handle_softirqs+0x10/0x10
[  125.931064][    C1]  ? smpboot_thread_fn+0x4d/0xa60
[  125.931083][    C1]  ? srso_alias_return_thunk+0x5/0xfbef5
[  125.931108][    C1]  ? smpboot_thread_fn+0x4d/0xa60
[  125.931127][    C1]  run_ksoftirqd+0x9b/0x100
[  125.931150][    C1]  ? __pfx_run_ksoftirqd+0x10/0x10
[  125.931180][    C1]  smpboot_thread_fn+0x542/0xa60
[  125.931202][    C1]  ? smpboot_thread_fn+0x4d/0xa60
[  125.931231][    C1]  kthread+0x711/0x8a0
[  125.931260][    C1]  ? __pfx_smpboot_thread_fn+0x10/0x10
[  125.931281][    C1]  ? __pfx_kthread+0x10/0x10
[  125.931304][    C1]  ? srso_alias_return_thunk+0x5/0xfbef5
[  125.931327][    C1]  ? _raw_spin_unlock_irq+0x23/0x50
[  125.931344][    C1]  ? srso_alias_return_thunk+0x5/0xfbef5
[  125.931364][    C1]  ? lockdep_hardirqs_on+0x9c/0x150
[  125.931383][    C1]  ? __pfx_kthread+0x10/0x10
[  125.931409][    C1]  ret_from_fork+0x439/0x7d0
[  125.931432][    C1]  ? __pfx_ret_from_fork+0x10/0x10
[  125.931458][    C1]  ? __switch_to_asm+0x39/0x70
[  125.931483][    C1]  ? __switch_to_asm+0x33/0x70
[  125.931507][    C1]  ? __pfx_kthread+0x10/0x10
[  125.931533][    C1]  ret_from_fork_asm+0x1a/0x30
[  125.931573][    C1]  </TASK>
[  125.931580][    C1] F2FS-fs (loop0): Stopped filesystem due to reason: 3
[  126.214171][ T5830] F2FS-fs (loop0): do_checkpoint failed err:-5, stop checkpoint
[  129.649959][   T12] hsr_slave_0: left promiscuous mode
[  129.714357][   T12] hsr_slave_1: left promiscuous mode
[  129.737312][   T12] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  129.765608][   T12] batman_adv: batadv0: Removing interface: batadv_slave_0
[  129.812544][   T12] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  129.844726][   T12] batman_adv: batadv0: Removing interface: batadv_slave_1
[  130.961519][   T12] veth1_macvtap: left promiscuous mode
[  130.967440][   T12] veth0_macvtap: left promiscuous mode
[  131.018655][   T12] veth1_vlan: left promiscuous mode
[  131.047418][   T12] veth0_vlan: left promiscuous mode
[  132.182888][ T6250] netlink: 52 bytes leftover after parsing attributes in process `syz.5.67'.
[  132.529287][   T24] usb 2-1: new high-speed USB device number 2 using dummy_hcd
[  132.651984][   T12] team0 (unregistering): Port device team_slave_1 removed
[  132.691985][   T12] team0 (unregistering): Port device team_slave_0 removed
[  132.727674][   T24] usb 2-1: Using ep0 maxpacket: 16
[  132.750317][   T24] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x84 has invalid wMaxPacketSize 0
[  132.800584][   T24] usb 2-1: New USB device found, idVendor=2040, idProduct=0264, bcdDevice=4e.d1
[  132.816727][   T24] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  132.842033][   T24] usb 2-1: Product: syz
[  132.850143][   T24] usb 2-1: Manufacturer: syz
[  132.854765][   T24] usb 2-1: SerialNumber: syz
[  132.882230][   T24] usb 2-1: config 0 descriptor??
[  132.916406][   T24] em28xx 2-1:0.0: New device syz syz @ 480 Mbps (2040:0264, interface 0, class 0)
[  132.926734][   T24] em28xx 2-1:0.0: DVB interface 0 found: bulk
[  133.419844][ T6234] Zero length message leads to an empty skb
[  133.511537][   T24] em28xx 2-1:0.0: unknown em28xx chip ID (0)
[  133.512775][ T6251] bridge_slave_0: left allmulticast mode
[  133.571881][ T6251] bridge0: port 1(bridge_slave_0) entered disabled state
[  134.086068][ T6266] loop4: detected capacity change from 0 to 40427
[  134.215778][ T6266] F2FS-fs (loop4): build fault injection rate: 14
[  134.222963][ T6266] F2FS-fs (loop4): build fault injection type: 0x3bfe8c
[  134.265092][ T6266] F2FS-fs (loop4): invalid crc value
[  134.282787][   T24] em28xx 2-1:0.0: reading from i2c device at 0xa0 failed (error=-5)
[  134.293962][   T24] em28xx 2-1:0.0: board has no eeprom
[  134.623368][    C0] F2FS-fs (loop4): inject read IO error in f2fs_read_end_io of blk_update_request+0x57e/0xe60
[  134.648486][    C1] F2FS-fs (loop4): inject read IO error in f2fs_read_end_io of blk_update_request+0x57e/0xe60
[  134.711269][ T6266] F2FS-fs (loop4): f2fs_recover_fsync_data: recovery fsync data, check_only: 0
[  134.720368][ T6266] F2FS-fs (loop4): inject page alloc in f2fs_grab_cache_folio of __get_meta_folio+0x157/0x4f0
[  134.742175][ T6266] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e5
[  135.546263][ T6118] chnl_net:caif_netlink_parms(): no params data found
[  135.638478][ T6272] em28xx 2-1:0.0: writing to i2c device at 0x8 failed (error=-5)
[  135.729949][   T24] em28xx 2-1:0.0: Identified as PCTV tripleStick (292e) (card=94)
[  135.794353][   T24] em28xx 2-1:0.0: dvb set to bulk mode.
[  135.804539][    C0] F2FS-fs (loop4): inject write IO error in f2fs_write_end_io of blk_update_request+0x57e/0xe60
[  135.815078][    C0] CPU: 0 UID: 0 PID: 15 Comm: ksoftirqd/0 Not tainted syzkaller #0 PREEMPT(full) 
[  135.815105][    C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
[  135.815120][    C0] Call Trace:
[  135.815135][    C0]  <TASK>
[  135.815145][    C0]  dump_stack_lvl+0x189/0x250
[  135.815184][    C0]  ? __pfx_dump_stack_lvl+0x10/0x10
[  135.815215][    C0]  ? __pfx_queue_work_on+0x10/0x10
[  135.815243][    C0]  ? _raw_spin_unlock_irqrestore+0xad/0x110
[  135.815271][    C0]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[  135.815309][    C0]  f2fs_handle_critical_error+0x37c/0x540
[  135.815354][    C0]  f2fs_write_end_io+0x886/0xb60
[  135.815401][    C0]  blk_update_request+0x57e/0xe60
[  135.815449][    C0]  blk_mq_end_request+0x3e/0x70
[  135.815481][    C0]  blk_done_softirq+0x10a/0x160
[  135.815512][    C0]  handle_softirqs+0x286/0x870
[  135.815545][    C0]  ? run_ksoftirqd+0x9b/0x100
[  135.815583][    C0]  ? __pfx_handle_softirqs+0x10/0x10
[  135.815615][    C0]  ? smpboot_thread_fn+0x4d/0xa60
[  135.815642][    C0]  ? srso_alias_return_thunk+0x5/0xfbef5
[  135.815673][    C0]  ? smpboot_thread_fn+0x4d/0xa60
[  135.815700][    C0]  run_ksoftirqd+0x9b/0x100
[  135.815731][    C0]  ? __pfx_run_ksoftirqd+0x10/0x10
[  135.815772][    C0]  smpboot_thread_fn+0x542/0xa60
[  135.815802][    C0]  ? smpboot_thread_fn+0x4d/0xa60
[  135.815841][    C0]  kthread+0x711/0x8a0
[  135.815879][    C0]  ? __pfx_smpboot_thread_fn+0x10/0x10
[  135.815907][    C0]  ? __pfx_kthread+0x10/0x10
[  135.815938][    C0]  ? srso_alias_return_thunk+0x5/0xfbef5
[  135.815970][    C0]  ? _raw_spin_unlock_irq+0x23/0x50
[  135.815994][    C0]  ? srso_alias_return_thunk+0x5/0xfbef5
[  135.816021][    C0]  ? lockdep_hardirqs_on+0x9c/0x150
[  135.816046][    C0]  ? __pfx_kthread+0x10/0x10
[  135.816082][    C0]  ret_from_fork+0x439/0x7d0
[  135.816113][    C0]  ? __pfx_ret_from_fork+0x10/0x10
[  135.816155][    C0]  ? __switch_to_asm+0x39/0x70
[  135.816189][    C0]  ? __switch_to_asm+0x33/0x70
[  135.816222][    C0]  ? __pfx_kthread+0x10/0x10
[  135.816258][    C0]  ret_from_fork_asm+0x1a/0x30
[  135.816312][    C0]  </TASK>
[  135.816322][    C0] F2FS-fs (loop4): Stopped filesystem due to reason: 3
[  135.832619][ T5975] em28xx 2-1:0.0: Binding DVB extension
[  135.835668][    C0] CPU: 0 UID: 0 PID: 15 Comm: ksoftirqd/0 Not tainted syzkaller #0 PREEMPT(full) 
[  135.835695][    C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
[  135.835708][    C0] Call Trace:
[  135.835717][    C0]  <TASK>
[  135.835727][    C0]  dump_stack_lvl+0x189/0x250
[  135.835766][    C0]  ? __pfx_dump_stack_lvl+0x10/0x10
[  135.835798][    C0]  ? __pfx_queue_work_on+0x10/0x10
[  135.835825][    C0]  ? _raw_spin_unlock_irqrestore+0xad/0x110
[  135.835852][    C0]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[  135.835890][    C0]  f2fs_handle_critical_error+0x37c/0x540
[  135.835935][    C0]  f2fs_write_end_io+0x886/0xb60
[  135.835982][    C0]  blk_update_request+0x57e/0xe60
[  135.836029][    C0]  blk_mq_end_request+0x3e/0x70
[  135.836060][    C0]  blk_done_softirq+0x10a/0x160
[  135.836090][    C0]  handle_softirqs+0x286/0x870
[  135.836128][    C0]  ? run_ksoftirqd+0x9b/0x100
[  135.836166][    C0]  ? __pfx_handle_softirqs+0x10/0x10
[  135.836197][    C0]  ? smpboot_thread_fn+0x4d/0xa60
[  135.836223][    C0]  ? srso_alias_return_thunk+0x5/0xfbef5
[  135.836255][    C0]  ? smpboot_thread_fn+0x4d/0xa60
[  135.836281][    C0]  run_ksoftirqd+0x9b/0x100
[  135.836311][    C0]  ? __pfx_run_ksoftirqd+0x10/0x10
[  135.836351][    C0]  smpboot_thread_fn+0x542/0xa60
[  135.836380][    C0]  ? smpboot_thread_fn+0x4d/0xa60
[  135.836418][    C0]  kthread+0x711/0x8a0
[  135.836456][    C0]  ? __pfx_smpboot_thread_fn+0x10/0x10
[  135.836483][    C0]  ? __pfx_kthread+0x10/0x10
[  135.836513][    C0]  ? srso_alias_return_thunk+0x5/0xfbef5
[  135.836544][    C0]  ? _raw_spin_unlock_irq+0x23/0x50
[  135.836567][    C0]  ? srso_alias_return_thunk+0x5/0xfbef5
[  135.836593][    C0]  ? lockdep_hardirqs_on+0x9c/0x150
[  135.836618][    C0]  ? __pfx_kthread+0x10/0x10
[  135.836652][    C0]  ret_from_fork+0x439/0x7d0
[  135.836684][    C0]  ? __pfx_ret_from_fork+0x10/0x10
[  135.836718][    C0]  ? __switch_to_asm+0x39/0x70
[  135.836750][    C0]  ? __switch_to_asm+0x33/0x70
[  135.836783][    C0]  ? __pfx_kthread+0x10/0x10
[  135.836818][    C0]  ret_from_fork_asm+0x1a/0x30
[  135.836870][    C0]  </TASK>
[  135.836879][    C0] F2FS-fs (loop4): Stopped filesystem due to reason: 3
[  136.237730][    C0] CPU: 0 UID: 0 PID: 15 Comm: ksoftirqd/0 Not tainted syzkaller #0 PREEMPT(full) 
[  136.237752][    C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
[  136.237763][    C0] Call Trace:
[  136.237770][    C0]  <TASK>
[  136.237779][    C0]  dump_stack_lvl+0x189/0x250
[  136.237809][    C0]  ? __pfx_dump_stack_lvl+0x10/0x10
[  136.237833][    C0]  ? __pfx_queue_work_on+0x10/0x10
[  136.237854][    C0]  ? _raw_spin_unlock_irqrestore+0xad/0x110
[  136.237880][    C0]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[  136.237909][    C0]  f2fs_handle_critical_error+0x37c/0x540
[  136.237944][    C0]  f2fs_write_end_io+0x886/0xb60
[  136.237979][    C0]  blk_update_request+0x57e/0xe60
[  136.238015][    C0]  blk_mq_end_request+0x3e/0x70
[  136.238038][    C0]  blk_done_softirq+0x10a/0x160
[  136.238061][    C0]  handle_softirqs+0x286/0x870
[  136.238086][    C0]  ? run_ksoftirqd+0x9b/0x100
[  136.238115][    C0]  ? __pfx_handle_softirqs+0x10/0x10
[  136.238143][    C0]  ? smpboot_thread_fn+0x4d/0xa60
[  136.238170][    C0]  ? srso_alias_return_thunk+0x5/0xfbef5
[  136.238205][    C0]  ? smpboot_thread_fn+0x4d/0xa60
[  136.238236][    C0]  run_ksoftirqd+0x9b/0x100
[  136.238264][    C0]  ? __pfx_run_ksoftirqd+0x10/0x10
[  136.238295][    C0]  smpboot_thread_fn+0x542/0xa60
[  136.238317][    C0]  ? smpboot_thread_fn+0x4d/0xa60
[  136.238346][    C0]  kthread+0x711/0x8a0
[  136.238375][    C0]  ? __pfx_smpboot_thread_fn+0x10/0x10
[  136.238395][    C0]  ? __pfx_kthread+0x10/0x10
[  136.238418][    C0]  ? srso_alias_return_thunk+0x5/0xfbef5
[  136.238441][    C0]  ? _raw_spin_unlock_irq+0x23/0x50
[  136.238459][    C0]  ? srso_alias_return_thunk+0x5/0xfbef5
[  136.238479][    C0]  ? lockdep_hardirqs_on+0x9c/0x150
[  136.238497][    C0]  ? __pfx_kthread+0x10/0x10
[  136.238524][    C0]  ret_from_fork+0x439/0x7d0
[  136.238547][    C0]  ? __pfx_ret_from_fork+0x10/0x10
[  136.238573][    C0]  ? __switch_to_asm+0x39/0x70
[  136.238598][    C0]  ? __switch_to_asm+0x33/0x70
[  136.238622][    C0]  ? __pfx_kthread+0x10/0x10
[  136.238649][    C0]  ret_from_fork_asm+0x1a/0x30
[  136.238689][    C0]  </TASK>
[  136.438046][    C0] F2FS-fs (loop4): Stopped filesystem due to reason: 3
[  136.444987][    C0] CPU: 0 UID: 0 PID: 15 Comm: ksoftirqd/0 Not tainted syzkaller #0 PREEMPT(full) 
[  136.445011][    C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
[  136.445022][    C0] Call Trace:
[  136.445029][    C0]  <TASK>
[  136.445038][    C0]  dump_stack_lvl+0x189/0x250
[  136.445070][    C0]  ? __pfx_dump_stack_lvl+0x10/0x10
[  136.445094][    C0]  ? __pfx_queue_work_on+0x10/0x10
[  136.445115][    C0]  ? _raw_spin_unlock_irqrestore+0xad/0x110
[  136.445135][    C0]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[  136.445163][    C0]  f2fs_handle_critical_error+0x37c/0x540
[  136.445199][    C0]  f2fs_write_end_io+0x886/0xb60
[  136.445234][    C0]  blk_update_request+0x57e/0xe60
[  136.445270][    C0]  blk_mq_end_request+0x3e/0x70
[  136.445294][    C0]  blk_done_softirq+0x10a/0x160
[  136.445318][    C0]  handle_softirqs+0x286/0x870
[  136.445344][    C0]  ? run_ksoftirqd+0x9b/0x100
[  136.445372][    C0]  ? __pfx_handle_softirqs+0x10/0x10
[  136.445396][    C0]  ? smpboot_thread_fn+0x4d/0xa60
[  136.445415][    C0]  ? srso_alias_return_thunk+0x5/0xfbef5
[  136.445440][    C0]  ? smpboot_thread_fn+0x4d/0xa60
[  136.445459][    C0]  run_ksoftirqd+0x9b/0x100
[  136.445482][    C0]  ? __pfx_run_ksoftirqd+0x10/0x10
[  136.445512][    C0]  smpboot_thread_fn+0x542/0xa60
[  136.445536][    C0]  ? smpboot_thread_fn+0x4d/0xa60
[  136.445566][    C0]  kthread+0x711/0x8a0
[  136.445595][    C0]  ? __pfx_smpboot_thread_fn+0x10/0x10
[  136.445616][    C0]  ? __pfx_kthread+0x10/0x10
[  136.445639][    C0]  ? srso_alias_return_thunk+0x5/0xfbef5
[  136.445662][    C0]  ? _raw_spin_unlock_irq+0x23/0x50
[  136.445679][    C0]  ? srso_alias_return_thunk+0x5/0xfbef5
[  136.445699][    C0]  ? lockdep_hardirqs_on+0x9c/0x150
[  136.445717][    C0]  ? __pfx_kthread+0x10/0x10
[  136.445744][    C0]  ret_from_fork+0x439/0x7d0
[  136.445768][    C0]  ? __pfx_ret_from_fork+0x10/0x10
[  136.445794][    C0]  ? __switch_to_asm+0x39/0x70
[  136.445820][    C0]  ? __switch_to_asm+0x33/0x70
[  136.445845][    C0]  ? __pfx_kthread+0x10/0x10
[  136.445872][    C0]  ret_from_fork_asm+0x1a/0x30
[  136.445918][    C0]  </TASK>
[  136.445925][    C0] F2FS-fs (loop4): Stopped filesystem due to reason: 3
[  136.653316][    C0] CPU: 0 UID: 0 PID: 15 Comm: ksoftirqd/0 Not tainted syzkaller #0 PREEMPT(full) 
[  136.653339][    C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
[  136.653350][    C0] Call Trace:
[  136.653359][    C0]  <TASK>
[  136.653368][    C0]  dump_stack_lvl+0x189/0x250
[  136.653400][    C0]  ? __pfx_dump_stack_lvl+0x10/0x10
[  136.653424][    C0]  ? __pfx_queue_work_on+0x10/0x10
[  136.653445][    C0]  ? _raw_spin_unlock_irqrestore+0xad/0x110
[  136.653465][    C0]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[  136.653494][    C0]  f2fs_handle_critical_error+0x37c/0x540
[  136.653529][    C0]  f2fs_write_end_io+0x886/0xb60
[  136.653564][    C0]  blk_update_request+0x57e/0xe60
[  136.653604][    C0]  blk_mq_end_request+0x3e/0x70
[  136.653628][    C0]  blk_done_softirq+0x10a/0x160
[  136.653651][    C0]  handle_softirqs+0x286/0x870
[  136.653675][    C0]  ? run_ksoftirqd+0x9b/0x100
[  136.653703][    C0]  ? __pfx_handle_softirqs+0x10/0x10
[  136.653727][    C0]  ? smpboot_thread_fn+0x4d/0xa60
[  136.653746][    C0]  ? srso_alias_return_thunk+0x5/0xfbef5
[  136.653771][    C0]  ? smpboot_thread_fn+0x4d/0xa60
[  136.653790][    C0]  run_ksoftirqd+0x9b/0x100
[  136.653814][    C0]  ? __pfx_run_ksoftirqd+0x10/0x10
[  136.653844][    C0]  smpboot_thread_fn+0x542/0xa60
[  136.653872][    C0]  ? smpboot_thread_fn+0x4d/0xa60
[  136.653900][    C0]  kthread+0x711/0x8a0
[  136.653929][    C0]  ? __pfx_smpboot_thread_fn+0x10/0x10
[  136.653949][    C0]  ? __pfx_kthread+0x10/0x10
[  136.653972][    C0]  ? srso_alias_return_thunk+0x5/0xfbef5
[  136.653995][    C0]  ? _raw_spin_unlock_irq+0x23/0x50
[  136.654013][    C0]  ? srso_alias_return_thunk+0x5/0xfbef5
[  136.654033][    C0]  ? lockdep_hardirqs_on+0x9c/0x150
[  136.654051][    C0]  ? __pfx_kthread+0x10/0x10
[  136.654077][    C0]  ret_from_fork+0x439/0x7d0
[  136.654100][    C0]  ? __pfx_ret_from_fork+0x10/0x10
[  136.654129][    C0]  ? __switch_to_asm+0x39/0x70
[  136.654155][    C0]  ? __switch_to_asm+0x33/0x70
[  136.654180][    C0]  ? __pfx_kthread+0x10/0x10
[  136.654206][    C0]  ret_from_fork_asm+0x1a/0x30
[  136.654246][    C0]  </TASK>
[  136.654253][    C0] F2FS-fs (loop4): Stopped filesystem due to reason: 3
[  136.879715][ T5850] F2FS-fs (loop4): do_checkpoint failed err:-5, stop checkpoint
[  136.998596][   T24] usb 2-1: USB disconnect, device number 2
[  137.007181][   T24] em28xx 2-1:0.0: Disconnecting em28xx
[  137.286861][ T6290] netlink: 'syz.0.75': attribute type 6 has an invalid length.
[  137.428692][ T1294] ieee802154 phy0 wpan0: encryption failed: -22
[  137.435305][ T1294] ieee802154 phy1 wpan1: encryption failed: -22
[  137.725862][ T5975] em28xx 2-1:0.0: Registering input extension
[  137.769904][   T24] em28xx 2-1:0.0: Closing input extension
[  137.940504][   T24] em28xx 2-1:0.0: Freeing device
[  138.579058][ T6309] mmap: syz.4.74 (6309) uses deprecated remap_file_pages() syscall. See Documentation/mm/remap_file_pages.rst.
[  140.052073][ T6118] bridge0: port 1(bridge_slave_0) entered blocking state
[  140.061381][ T6118] bridge0: port 1(bridge_slave_0) entered disabled state
[  141.048236][ T6118] bridge_slave_0: entered allmulticast mode
[  141.057181][ T6118] bridge_slave_0: entered promiscuous mode
[  141.435372][ T6118] bridge0: port 2(bridge_slave_1) entered blocking state
[  141.443214][ T6118] bridge0: port 2(bridge_slave_1) entered disabled state
[  141.450585][ T6118] bridge_slave_1: entered allmulticast mode
[  141.459385][ T6118] bridge_slave_1: entered promiscuous mode
[  142.095315][ T6332] loop1: detected capacity change from 0 to 128
[  142.212877][ T6332] syz.1.83: attempt to access beyond end of device
[  142.212877][ T6332] loop1: rw=2049, sector=138, nr_sectors = 72 limit=128
[  142.298914][ T6332] syz.1.83: attempt to access beyond end of device
[  142.298914][ T6332] loop1: rw=2049, sector=210, nr_sectors = 8 limit=128
[  142.336253][ T6332] syz.1.83: attempt to access beyond end of device
[  142.336253][ T6332] loop1: rw=2049, sector=216, nr_sectors = 2 limit=128
[  142.363342][ T6118] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  142.394543][ T6332] Buffer I/O error on dev loop1, logical block 108, lost async page write
[  142.421865][   T30] audit: type=1804 audit(1759420978.280:4): pid=6342 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.1.83" name="/newroot/14/file2/file0" dev="loop1" ino=1048607 res=1 errno=0
[  142.422565][ T6332] syz.1.83: attempt to access beyond end of device
[  142.422565][ T6332] loop1: rw=2049, sector=234, nr_sectors = 8 limit=128
[  142.468319][ T6332] syz.1.83: attempt to access beyond end of device
[  142.468319][ T6332] loop1: rw=2049, sector=240, nr_sectors = 2 limit=128
[  142.490457][ T6332] Buffer I/O error on dev loop1, logical block 120, lost async page write
[  142.503711][ T6332] syz.1.83: attempt to access beyond end of device
[  142.503711][ T6332] loop1: rw=2049, sector=242, nr_sectors = 8 limit=128
[  142.529127][ T6332] syz.1.83: attempt to access beyond end of device
[  142.529127][ T6332] loop1: rw=2049, sector=248, nr_sectors = 2 limit=128
[  142.548728][ T6332] Buffer I/O error on dev loop1, logical block 124, lost async page write
[  142.595796][ T6332] syz.1.83: attempt to access beyond end of device
[  142.595796][ T6332] loop1: rw=2049, sector=218, nr_sectors = 8 limit=128
[  142.611859][ T6340] team0: Port device team_slave_0 removed
[  142.621238][ T6332] syz.1.83: attempt to access beyond end of device
[  142.621238][ T6332] loop1: rw=2049, sector=224, nr_sectors = 2 limit=128
[  142.662743][ T6118] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  142.700560][ T6332] Buffer I/O error on dev loop1, logical block 112, lost async page write
[  142.747132][ T6332] syz.1.83: attempt to access beyond end of device
[  142.747132][ T6332] loop1: rw=2049, sector=226, nr_sectors = 8 limit=128
[  142.768845][ T6332] Buffer I/O error on dev loop1, logical block 116, lost async page write
[  142.899192][ T6118] team0: Port device team_slave_0 added
[  142.919308][ T6118] team0: Port device team_slave_1 added
[  143.935899][ T6118] batman_adv: batadv0: Adding interface: batadv_slave_0
[  143.959614][ T6346] Invalid source name
[  144.041406][ T6346] UBIFS error (pid: 6346): cannot open "./file0", error -22
[  144.068559][ T6118] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  144.408735][ T6118] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  144.659472][ T6118] batman_adv: batadv0: Adding interface: batadv_slave_1
[  144.680744][ T6118] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  144.745810][ T6118] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  144.909325][ T6356] bond_slave_0: entered promiscuous mode
[  144.915297][ T6356] bond_slave_1: entered promiscuous mode
[  144.993515][ T6356] vlan2: entered promiscuous mode
[  144.999241][ T6356] bond0: entered promiscuous mode
[  145.680659][ T6118] hsr_slave_0: entered promiscuous mode
[  145.711310][ T6118] hsr_slave_1: entered promiscuous mode
[  147.447092][ T6387] loop3: detected capacity change from 0 to 128
[  148.671516][ T6407] gfs2: not a GFS2 filesystem
[  150.788592][ T6414] loop3: detected capacity change from 0 to 136
[  150.831513][ T6414] iso9660: Unknown parameter '/dev/input/event#'
[  152.884077][ T6118] netdevsim netdevsim6 netdevsim0: renamed from eth0
[  152.953638][ T6118] netdevsim netdevsim6 netdevsim1: renamed from eth1
[  153.042931][ T6118] netdevsim netdevsim6 netdevsim2: renamed from eth2
[  153.159924][ T6118] netdevsim netdevsim6 netdevsim3: renamed from eth3
[  157.962794][ T6118] 8021q: adding VLAN 0 to HW filter on device bond0
[  158.428399][ T6118] 8021q: adding VLAN 0 to HW filter on device team0
[  159.521785][ T2953] bridge0: port 1(bridge_slave_0) entered blocking state
[  159.529043][ T2953] bridge0: port 1(bridge_slave_0) entered forwarding state
[  159.947354][ T2953] bridge0: port 2(bridge_slave_1) entered blocking state
[  159.954541][ T2953] bridge0: port 2(bridge_slave_1) entered forwarding state
[  160.763815][ T6497] loop4: detected capacity change from 0 to 32768
[  160.850794][ T6497] BTRFS: device fsid ed167579-eb65-4e76-9a50-61ac97e9b59d devid 1 transid 8 /dev/loop4 (7:4) scanned by syz.4.122 (6497)
[  160.900027][ T6497] BTRFS info (device loop4): first mount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d
[  160.910254][ T6497] BTRFS info (device loop4): using sha256 (sha256-lib) checksum algorithm
[  161.526282][ T6118] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[  161.710143][ T6497] BTRFS info (device loop4): enabling ssd optimizations
[  161.717116][ T6497] BTRFS info (device loop4): enabling free space tree
[  163.127343][ T5850] BTRFS info (device loop4): last unmount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d
[  166.242631][ T5946] usb 5-1: new full-speed USB device number 2 using dummy_hcd
[  166.532443][ T6118] 8021q: adding VLAN 0 to HW filter on device batadv0
[  166.572330][ T5946] usb 5-1: config 0 has an invalid interface number: 1 but max is 0
[  166.657588][ T5946] usb 5-1: config 0 has no interface number 0
[  166.868392][ T5946] usb 5-1: New USB device found, idVendor=0b48, idProduct=1005, bcdDevice=8c.1e
[  167.077370][ T5946] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  167.186332][ T5946] usb 5-1: config 0 descriptor??
[  167.300006][ T5946] usb 5-1: selecting invalid altsetting 1
[  167.368367][ T5946] dvb_ttusb_budget: ttusb_init_controller: error
[  167.412141][ T5946] dvbdev: DVB: registering new adapter (Technotrend/Hauppauge Nova-USB)
[  168.982288][   T30] audit: type=1326 audit(1759421004.840:5): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6597 comm="syz.3.139" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f4b6ef8eec9 code=0x0
[  169.150010][ T5946] DVB: Unable to find symbol cx22700_attach()
[  169.217995][ T1210] usb 2-1: new full-speed USB device number 3 using dummy_hcd
[  169.292554][ T6608] UDPLite6: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list
[  169.416744][ T5946] DVB: Unable to find symbol tda10046_attach()
[  169.440666][ T1210] usb 2-1: New USB device found, idVendor=0ccd, idProduct=00b3, bcdDevice=2d.ea
[  169.445125][ T5946] dvb_ttusb_budget: no frontend driver found for device [0b48:1005]
[  169.494327][ T1210] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  169.557622][ T1210] usb 2-1: Product: syz
[  169.564786][ T5946] usb 5-1: USB disconnect, device number 2
[  169.583109][ T1210] usb 2-1: Manufacturer: syz
[  169.619341][ T1210] usb 2-1: SerialNumber: syz
[  169.676135][ T1210] usb 2-1: config 0 descriptor??
[  170.022202][ T6622] loop3: detected capacity change from 0 to 256
[  170.048192][ T6622] vfat: Bad value for 'tz'
[  170.074669][ T6622] 9pnet_fd: p9_fd_create_tcp (6622): problem connecting socket to 127.0.0.1
[  170.167053][ T1210] usb 2-1: dvb_usb_v2: found a 'TerraTec NOXON DAB Stick' in warm state
[  171.304275][ T6118] veth0_vlan: entered promiscuous mode
[  172.025409][ T6118] veth1_vlan: entered promiscuous mode
[  172.061200][ T6118] veth0_macvtap: entered promiscuous mode
[  172.071603][ T6118] veth1_macvtap: entered promiscuous mode
[  172.174066][ T6118] batman_adv: batadv0: Interface activated: batadv_slave_0
[  172.232749][ T6118] batman_adv: batadv0: Interface activated: batadv_slave_1
[  172.323139][ T6631] loop3: detected capacity change from 0 to 256
[  172.346281][ T6631] exFAT-fs (loop3): failed to load upcase table (idx : 0x00010000, chksum : 0xf6e00961, utbl_chksum : 0xe619d30d)
[  173.143694][ T1210] dvb_usb_rtl28xxu 2-1:0.0: probe with driver dvb_usb_rtl28xxu failed with error -71
[  173.164316][ T1330] netdevsim netdevsim6 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  173.206347][ T1330] netdevsim netdevsim6 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  173.216602][ T1210] usb 2-1: USB disconnect, device number 3
[  173.322521][ T6059] netdevsim netdevsim6 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  173.388227][ T6059] netdevsim netdevsim6 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  176.842696][ T6674] tty tty4: ldisc open failed (-12), clearing slot 3
[  177.918043][ T5841] Bluetooth: hci6: unexpected cc 0x0c03 length: 249 > 1
[  177.938751][ T5841] Bluetooth: hci6: unexpected cc 0x1003 length: 249 > 9
[  177.951334][ T5841] Bluetooth: hci6: unexpected cc 0x1001 length: 249 > 9
[  177.970449][ T5841] Bluetooth: hci6: unexpected cc 0x0c23 length: 249 > 4
[  177.990818][ T6683] loop1: detected capacity change from 0 to 2048
[  178.005114][ T5841] Bluetooth: hci6: unexpected cc 0x0c38 length: 249 > 2
[  178.303300][ T6683] NILFS (loop1): broken superblock, retrying with spare superblock (blocksize = 1024)
[  178.366347][ T6692] ptrace attach of "./syz-executor exec"[5842] was attempted by "./syz-executor exec"[6692]
[  179.146797][ T6694] NILFS (loop1): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
[  180.040504][   T30] audit: type=1800 audit(1759421015.900:6): pid=6683 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.1.158" name="file1" dev="loop1" ino=15 res=0 errno=0
[  180.152959][   T51] Bluetooth: hci6: command tx timeout
[  180.611334][ T6699] NILFS error (device loop1): __nilfs_read_inode: invalid file type bits in mode 0177777 for inode 12
[  180.625273][ T6699] Remounting filesystem read-only
[  180.793121][ T5832] NILFS (loop1): disposed unprocessed dirty file(s) when detaching log writer
[  182.257922][   T51] Bluetooth: hci6: command tx timeout
[  182.591402][ T3547] netdevsim netdevsim6 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  184.372084][   T51] Bluetooth: hci6: command tx timeout
[  185.233150][ T3547] netdevsim netdevsim6 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  186.411577][ T3547] netdevsim netdevsim6 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  186.422352][   T51] Bluetooth: hci6: command tx timeout
[  188.496983][ T6761] netlink: 4 bytes leftover after parsing attributes in process `syz.1.174'.
[  188.539014][ T6761] netlink: 4 bytes leftover after parsing attributes in process `syz.1.174'.
[  189.054559][ T6750] ALSA: mixer_oss: invalid OSS volume ''
[  189.259557][ T3547] netdevsim netdevsim6 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  189.473372][ T6738] Bluetooth: hci1: Opcode 0x0c1a failed: -4
[  189.527667][ T6738] Bluetooth: hci1: Error when powering off device on rfkill (-4)
[  190.709545][ T6738] Bluetooth: hci2: Opcode 0x0c1a failed: -4
[  190.720796][ T6738] Bluetooth: hci2: Error when powering off device on rfkill (-4)
[  192.115711][ T6792] loop1: detected capacity change from 0 to 164
[  192.145687][ T6792] rock: corrupted directory entry. extent=28, offset=16056320, size=0
[  192.532339][ T6794] loop0: detected capacity change from 0 to 4096
[  192.539919][ T6794] ntfs3: Unknown parameter 'discardRÀéNdows_names'
[  193.056286][   T51] Bluetooth: hci2: command 0x0c1a tx timeout
[  193.379450][ T6738] Bluetooth: hci5: Opcode 0x0c1a failed: -4
[  193.487494][ T6738] Bluetooth: hci5: Error when powering off device on rfkill (-4)
[  195.466686][   T51] Bluetooth: hci5: command 0x0c1a tx timeout
[  196.551882][ T6813] loop4: detected capacity change from 0 to 4096
[  196.569393][ T6813] ntfs3: Unknown parameter 'discardRÀéNdows_names'
[  198.102111][ T6738] Bluetooth: hci4: Opcode 0x0c1a failed: -4
[  198.124946][ T6684] chnl_net:caif_netlink_parms(): no params data found
[  198.148641][ T6738] Bluetooth: hci4: Error when powering off device on rfkill (-4)
[  198.486211][ T3547] bridge_slave_1: left allmulticast mode
[  198.486257][ T3547] bridge_slave_1: left promiscuous mode
[  198.487263][ T3547] bridge0: port 2(bridge_slave_1) entered disabled state
[  198.588764][ T3547] bridge_slave_0: left allmulticast mode
[  198.588792][ T3547] bridge_slave_0: left promiscuous mode
[  198.589036][ T3547] bridge0: port 1(bridge_slave_0) entered disabled state
[  199.718068][ T1294] ieee802154 phy0 wpan0: encryption failed: -22
[  199.718163][ T1294] ieee802154 phy1 wpan1: encryption failed: -22
[  201.593457][ T6840] loop4: detected capacity change from 0 to 40427
[  201.624369][ T6840] F2FS-fs (loop4): Invalid log_blocksize (268), supports only 12
[  201.624413][ T6840] F2FS-fs (loop4): Can't find valid F2FS filesystem in 1th superblock
[  201.647686][ T6840] F2FS-fs (loop4): invalid crc value
[  201.744687][ T6840] F2FS-fs (loop4): f2fs_recover_fsync_data: recovery fsync data, check_only: 0
[  201.771063][ T6840] F2FS-fs (loop4): Try to recover 1th superblock, ret: 0
[  201.771115][ T6840] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e5
[  205.014255][ T6861] loop1: detected capacity change from 0 to 4096
[  205.026264][ T6861] ntfs3: Unknown parameter 'discardRÀéNdows_names'
[  205.558645][ T6859] orangefs_mount: mount request failed with -4
[  209.306104][ T3547] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  210.684375][ T3547] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  211.297794][ T3547] bond0 (unregistering): Released all slaves
[  214.041960][ T6913] loop0: detected capacity change from 0 to 512
[  215.075644][ T6913] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  215.232625][ T6919] loop1: detected capacity change from 0 to 4096
[  215.244339][ T6919] ntfs3: Unknown parameter 'discardRÀéNdows_names'
[  215.408048][ T6913] ext4 filesystem being mounted at /34/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  215.768778][ T3547] hsr_slave_0: left promiscuous mode
[  216.061538][ T3547] hsr_slave_1: left promiscuous mode
[  216.099944][ T3547] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  216.107362][ T3547] batman_adv: batadv0: Removing interface: batadv_slave_0
[  216.218631][ T3547] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  216.226037][ T3547] batman_adv: batadv0: Removing interface: batadv_slave_1
[  216.276452][ T6930] EXT4-fs warning (device loop0): ext4_empty_dir:3089: inode #12: comm syz.0.209: directory missing '.'
[  216.457064][ T3547] veth1_macvtap: left promiscuous mode
[  216.477543][ T3547] veth0_macvtap: left promiscuous mode
[  216.506611][ T3547] veth1_vlan: left promiscuous mode
[  216.549633][ T3547] veth0_vlan: left promiscuous mode
[  216.765649][ T6937] loop1: detected capacity change from 0 to 128
[  216.892899][ T6937] qnx6: superblock #1 checksum error
[  217.482274][ T5830] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  217.777893][ T5975] usb 2-1: new high-speed USB device number 4 using dummy_hcd
[  217.967640][ T5975] usb 2-1: Using ep0 maxpacket: 16
[  217.986279][ T5975] usb 2-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  218.027592][ T5975] usb 2-1: config 1 has 1 interface, different from the descriptor's value: 3
[  218.045706][ T5975] usb 2-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[  218.056452][ T5975] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  218.071887][ T5975] usb 2-1: Product: syz
[  218.081380][ T5975] usb 2-1: Manufacturer: syz
[  218.110649][ T5975] usb 2-1: SerialNumber: syz
[  218.376568][ T5975] usb 2-1: 0:2 : does not exist
[  218.417795][ T5975] usb 2-1: 5:0: failed to get current value for ch 0 (-22)
[  218.494152][ T5975] usb 2-1: USB disconnect, device number 4
[  218.650177][ T6051] udevd[6051]: error opening ATTR{/sys/devices/platform/dummy_hcd.1/usb2/2-1/2-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  223.614155][ T6973] loop1: detected capacity change from 0 to 1024
[  223.622941][ T6973] EXT4-fs: quotafile must be on filesystem root
[  223.805038][ T5841] Bluetooth: hci6: command 0x0405 tx timeout
[  225.195741][   T30] audit: type=1326 audit(1759421061.020:7): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6979 comm="syz.1.227" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f031dd8eec9 code=0x7ffc0000
[  225.764567][   T30] audit: type=1326 audit(1759421061.080:8): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6979 comm="syz.1.227" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f031dd8eec9 code=0x7ffc0000
[  225.848907][   T30] audit: type=1326 audit(1759421061.080:9): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6979 comm="syz.1.227" exe="/root/syz-executor" sig=0 arch=c000003e syscall=83 compat=0 ip=0x7f031dd8eec9 code=0x7ffc0000
[  225.872859][   T30] audit: type=1326 audit(1759421061.120:10): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6979 comm="syz.1.227" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f031dd8eec9 code=0x7ffc0000
[  226.060775][   T30] audit: type=1326 audit(1759421061.140:11): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6979 comm="syz.1.227" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f031dd8eec9 code=0x7ffc0000
[  226.084853][   T30] audit: type=1326 audit(1759421061.140:12): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6979 comm="syz.1.227" exe="/root/syz-executor" sig=0 arch=c000003e syscall=188 compat=0 ip=0x7f031dd8eec9 code=0x7ffc0000
[  226.107037][   T30] audit: type=1326 audit(1759421061.150:13): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6979 comm="syz.1.227" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f031dd8eec9 code=0x7ffc0000
[  226.157030][   T30] audit: type=1326 audit(1759421061.150:14): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6979 comm="syz.1.227" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f031dd8eec9 code=0x7ffc0000
[  226.778426][   T30] audit: type=1326 audit(1759421061.150:15): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6979 comm="syz.1.227" exe="/root/syz-executor" sig=0 arch=c000003e syscall=192 compat=0 ip=0x7f031dd8eec9 code=0x7ffc0000
[  226.801163][   T30] audit: type=1326 audit(1759421061.160:16): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6979 comm="syz.1.227" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f031dd8eec9 code=0x7ffc0000
[  231.157219][ T3547] team0 (unregistering): Port device team_slave_1 removed
[  232.726444][ T3547] team0 (unregistering): Port device team_slave_0 removed
[  232.832064][ T7029] ubi31: attaching mtd0
[  232.861558][ T7029] ubi31: scanning is finished
[  232.866329][ T7029] ubi31: empty MTD device detected
[  233.703913][ T7031] loop4: detected capacity change from 0 to 1024
[  233.769933][ T7029] ubi31: attached mtd0 (name "mtdram test device", size 0 MiB)
[  233.777809][ T7029] ubi31: PEB size: 4096 bytes (4 KiB), LEB size: 3968 bytes
[  233.785103][ T7029] ubi31: min./max. I/O unit sizes: 1/64, sub-page size 1
[  233.792238][ T7029] ubi31: VID header offset: 64 (aligned 64), data offset: 128
[  233.799813][ T7029] ubi31: good PEBs: 32, bad PEBs: 0, corrupted PEBs: 0
[  233.806658][ T7029] ubi31: user volume: 0, internal volumes: 1, max. volumes count: 23
[  233.814806][ T7029] ubi31: max/mean erase counter: 0/0, WL threshold: 4096, image sequence number: 1969214882
[  233.824951][ T7029] ubi31: available PEBs: 28, total reserved PEBs: 4, PEBs reserved for bad PEB handling: 0
[  233.885642][ T7033] ubi31: background thread "ubi_bgt31d" started, PID 7033
[  238.444230][   T59] hfsplus: b-tree write err: -5, ino 4
[  241.631900][ T7064] loop4: detected capacity change from 0 to 1024
[  241.648674][ T7064] EXT4-fs (loop4): mounting ext2 file system using the ext4 subsystem
[  241.657206][ T7064] EXT4-fs (loop4): ext4_check_descriptors: Inode bitmap for group 0 overlaps block group descriptors
[  241.668244][ T7064] EXT4-fs (loop4): ext4_check_descriptors: Checksum for group 0 failed (59422!=20869)
[  241.677985][ T7064] EXT4-fs (loop4): stripe (65535) is not aligned with cluster size (16), stripe is disabled
[  241.690504][ T7064] EXT4-fs error (device loop4): ext4_get_journal_inode:5806: inode #17: comm syz.4.249: iget: bad i_size value: 4398046511204
[  241.716634][ T7064] EXT4-fs (loop4): no journal found
[  242.829671][ T7089] loop4: detected capacity change from 0 to 128
[  242.858599][ T7089] UDF-fs: error (device loop4): udf_read_tagged: read failed, block=256, location=256
[  242.884618][ T7089] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000)
[  243.043335][ T6684] workqueue: Failed to create a rescuer kthread for wq "wg-crypt-wg0": -EINTR
[  243.278368][ T7082] loop0: detected capacity change from 0 to 32768
[  243.341800][ T7082] BTRFS: device fsid 3d39d0ba-bdae-447e-827b-b091e1a68885 devid 1 transid 8 /dev/loop0 (7:0) scanned by syz.0.253 (7082)
[  243.411366][    C0] vcan0: j1939_tp_rxtimer: 0xffff888054452400: rx timeout, send abort
[  243.412577][ T7082] BTRFS info (device loop0): first mount of filesystem 3d39d0ba-bdae-447e-827b-b091e1a68885
[  243.471115][ T7082] BTRFS info (device loop0): using crc32c (crc32c-lib) checksum algorithm
[  243.668242][   T51] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1
[  243.678049][   T51] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9
[  243.685721][   T51] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9
[  243.694530][   T51] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4
[  243.713087][   T51] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2
[  243.726935][ T7082] BTRFS info (device loop0): enabling ssd optimizations
[  243.737303][   T51] Bluetooth: hci7: unexpected cc 0x0c03 length: 249 > 1
[  243.758833][ T5841] Bluetooth: hci7: unexpected cc 0x1003 length: 249 > 9
[  243.767130][ T5841] Bluetooth: hci7: unexpected cc 0x1001 length: 249 > 9
[  243.802264][ T7082] BTRFS info (device loop0): disabling tree log
[  243.808978][ T5840] Bluetooth: hci7: unexpected cc 0x0c23 length: 249 > 4
[  243.827664][ T5840] Bluetooth: hci7: unexpected cc 0x0c38 length: 249 > 2
[  243.835187][ T7082] BTRFS info (device loop0): turning on async discard
[  243.883559][ T7082] BTRFS info (device loop0): enabling free space tree
[  243.904189][ T7082] BTRFS info (device loop0): enabling auto defrag
[  243.919981][    C0] vcan0: j1939_tp_rxtimer: 0xffff888054452400: abort rx timeout. Force session deactivation
[  244.067870][ T5918] usb 5-1: new high-speed USB device number 3 using dummy_hcd
[  244.254843][   T49] BTRFS info (device loop0): cannot satisfy tickets, dumping space info
[  244.263602][   T49] BTRFS info (device loop0): space_info DATA+METADATA (sub-group id 0) has 10039296 free, is full
[  244.274342][   T49] BTRFS info (device loop0): space_info total=11534336, used=53248, pinned=0, reserved=0, may_use=1441792, readonly=0 zone_unusable=0
[  244.288327][   T49] BTRFS info (device loop0): failing ticket with 16781312 bytes
[  244.304934][ T5918] usb 5-1: Using ep0 maxpacket: 8
[  244.311716][ T7082] BTRFS info (device loop0): space_info DATA+METADATA (sub-group id 0) has 10039296 free, is full
[  244.322719][ T7082] BTRFS info (device loop0): space_info total=11534336, used=53248, pinned=0, reserved=0, may_use=1441792, readonly=0 zone_unusable=0
[  244.336675][ T7082] BTRFS info (device loop0): global_block_rsv: size 1441792 reserved 1441792
[  244.345904][ T7082] BTRFS info (device loop0): trans_block_rsv: size 0 reserved 0
[  244.353790][ T7082] BTRFS info (device loop0): chunk_block_rsv: size 0 reserved 0
[  244.361570][ T7082] BTRFS info (device loop0): delayed_block_rsv: size 0 reserved 0
[  244.369529][ T7082] BTRFS info (device loop0): delayed_refs_rsv: size 0 reserved 0
[  244.392777][ T5918] usb 5-1: unable to get BOS descriptor or descriptor too short
[  244.406921][ T5918] usb 5-1: unable to read config index 0 descriptor/start: -71
[  244.463412][ T5918] usb 5-1: can't read configurations, error -71
[  245.077700][ T5830] BTRFS info (device loop0): last unmount of filesystem 3d39d0ba-bdae-447e-827b-b091e1a68885
[  245.778308][ T5833] Bluetooth: hci3: command 0x0c1a tx timeout
[  245.786491][  T972] Bluetooth: hci3: Opcode 0x0c1a failed: -110
[  245.802314][  T972] Bluetooth: hci3: Error when powering off device on rfkill (-110)
[  245.819630][ T3547] bond0 (unregistering): Released all slaves
[  247.052480][ T7154] trusted_key: syz.5.262 sent an empty control message without MSG_MORE.
[  247.238717][ T7156] evm: overlay not supported
[  247.773534][ T7152] netlink: 'syz.0.263': attribute type 10 has an invalid length.
[  247.827980][ T7152] bond0: (slave wlan1): Opening slave failed
[  247.861224][ T7158] mac80211_hwsim hwsim5 wlan1: entered allmulticast mode
[  249.441053][   T30] kauditd_printk_skb: 57 callbacks suppressed
[  249.441072][   T30] audit: type=1326 audit(1759421085.300:74): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7175 comm="syz.0.266" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ffa17d8eec9 code=0x7ffc0000
[  249.500382][   T30] audit: type=1326 audit(1759421085.340:75): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7175 comm="syz.0.266" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ffa17d8eec9 code=0x7ffc0000
[  249.543102][   T30] audit: type=1326 audit(1759421085.340:76): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7175 comm="syz.0.266" exe="/root/syz-executor" sig=0 arch=c000003e syscall=293 compat=0 ip=0x7ffa17d8eec9 code=0x7ffc0000
[  249.589895][   T30] audit: type=1326 audit(1759421085.340:77): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7175 comm="syz.0.266" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ffa17d8eec9 code=0x7ffc0000
[  249.656461][   T30] audit: type=1326 audit(1759421085.340:78): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7175 comm="syz.0.266" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ffa17d8eec9 code=0x7ffc0000
[  249.691101][   T30] audit: type=1326 audit(1759421085.340:79): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7175 comm="syz.0.266" exe="/root/syz-executor" sig=0 arch=c000003e syscall=72 compat=0 ip=0x7ffa17d8eec9 code=0x7ffc0000
[  249.713320][   T30] audit: type=1326 audit(1759421085.340:80): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7175 comm="syz.0.266" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ffa17d8eec9 code=0x7ffc0000
[  249.735778][   T30] audit: type=1326 audit(1759421085.340:81): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7175 comm="syz.0.266" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ffa17d8eec9 code=0x7ffc0000
[  249.757904][   T30] audit: type=1326 audit(1759421085.340:82): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7175 comm="syz.0.266" exe="/root/syz-executor" sig=0 arch=c000003e syscall=278 compat=0 ip=0x7ffa17d8eec9 code=0x7ffc0000
[  249.780020][   T30] audit: type=1326 audit(1759421085.340:83): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7175 comm="syz.0.266" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ffa17d8eec9 code=0x7ffc0000
[  251.915804][ T7225] (unnamed net_device) (uninitialized): option all_slaves_active: invalid value (13)
[  256.179761][ T7257] gfs2: not a GFS2 filesystem
[  260.277125][ T1294] ieee802154 phy0 wpan0: encryption failed: -22
[  260.283608][ T1294] ieee802154 phy1 wpan1: encryption failed: -22
[  262.490696][ T7311] Invalid source name
[  262.494761][ T7311] UBIFS error (pid: 7311): cannot open "./file0", error -22
[  276.457836][ T7475] netlink: 168 bytes leftover after parsing attributes in process `syz.5.308'.
[  306.637048][ T5202] udevd[5202]: worker [6051] /devices/virtual/block/loop0 is taking a long time
[  321.703727][ T1294] ieee802154 phy0 wpan0: encryption failed: -22
[  321.710114][ T1294] ieee802154 phy1 wpan1: encryption failed: -22
[  383.151966][ T1294] ieee802154 phy0 wpan0: encryption failed: -22
[  383.159101][ T1294] ieee802154 phy1 wpan1: encryption failed: -22
[  393.381148][   T31] INFO: task kworker/1:3:5843 blocked for more than 143 seconds.
[  393.389189][   T31]       Not tainted syzkaller #0
[  393.394654][   T31] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
[  393.403380][   T31] task:kworker/1:3     state:D stack:24360 pid:5843  tgid:5843  ppid:2      task_flags:0x4208060 flags:0x00080000
[  393.415500][   T31] Workqueue: events rfkill_sync_work
[  393.420845][   T31] Call Trace:
[  393.424118][   T31]  <TASK>
[  393.427046][   T31]  __schedule+0x1798/0x4cc0
SYZFAIL: failed to recv rpc
fd=3 want=4 recv=0 n=0 (errno 9: Bad file descriptor)
[  393.431612][   T31]  ? __pfx___schedule+0x10/0x10
[  393.436476][   T31]  ? srso_alias_return_thunk+0x5/0xfbef5
[  393.443644][   T31]  ? schedule+0x91/0x360
[  393.448071][   T31]  schedule+0x165/0x360
[  393.452239][   T31]  schedule_preempt_disabled+0x13/0x30
[  393.457953][   T31]  __mutex_lock+0x7e6/0x1350
[  393.463457][   T31]  ? __mutex_lock+0x5bb/0x1350
[  393.471618][   T31]  ? nfc_rfkill_set_block+0x50/0x2e0
[  393.476932][   T31]  ? __pfx___mutex_lock+0x10/0x10
[  393.535940][   T31]  ? srso_alias_return_thunk+0x5/0xfbef5
[  393.557637][   T31]  ? lockdep_hardirqs_on+0x9c/0x150
[  393.562876][   T31]  ? srso_alias_return_thunk+0x5/0xfbef5
[  393.594606][   T31]  ? _raw_spin_unlock_irqrestore+0xad/0x110
[  393.601729][   T31]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[  393.608319][   T31]  ? __pfx_nfc_rfkill_set_block+0x10/0x10
[  393.617087][   T31]  nfc_rfkill_set_block+0x50/0x2e0
[  393.622497][   T31]  ? __pfx_nfc_rfkill_set_block+0x10/0x10
[  393.632297][   T31]  rfkill_set_block+0x1d2/0x440
[  393.637172][   T31]  rfkill_sync_work+0x114/0x200
[  393.642316][   T31]  ? process_scheduled_works+0x9ef/0x17b0
[  393.648367][   T31]  process_scheduled_works+0xae1/0x17b0
[  393.653975][   T31]  ? __pfx_process_scheduled_works+0x10/0x10
[  393.661221][   T31]  ? srso_alias_return_thunk+0x5/0xfbef5
[  393.666880][   T31]  worker_thread+0x8a0/0xda0
[  393.672673][   T31]  kthread+0x711/0x8a0
[  393.676764][   T31]  ? __pfx_worker_thread+0x10/0x10
[  393.682105][   T31]  ? __pfx_kthread+0x10/0x10
[  393.686705][   T31]  ? srso_alias_return_thunk+0x5/0xfbef5
[  393.692596][   T31]  ? _raw_spin_unlock_irq+0x23/0x50
[  393.699805][   T31]  ? srso_alias_return_thunk+0x5/0xfbef5
[  393.705451][   T31]  ? lockdep_hardirqs_on+0x9c/0x150
[  393.715561][   T31]  ? __pfx_kthread+0x10/0x10
[  393.721226][   T31]  ret_from_fork+0x439/0x7d0
[  393.725831][   T31]  ? __pfx_ret_from_fork+0x10/0x10
[  393.735272][   T31]  ? __switch_to_asm+0x39/0x70
[  393.741137][   T31]  ? __switch_to_asm+0x33/0x70
[  393.745918][   T31]  ? __pfx_kthread+0x10/0x10
[  393.757224][   T31]  ret_from_fork_asm+0x1a/0x30
[  393.762194][   T31]  </TASK>
[  393.788084][   T31] INFO: task udevd:6051 blocked for more than 143 seconds.
[  393.795302][   T31]       Not tainted syzkaller #0
[  393.822368][   T31] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
[  393.847520][   T31] task:udevd           state:D stack:23432 pid:6051  tgid:6051  ppid:5202   task_flags:0x400140 flags:0x00080001
[  393.867463][   T31] Call Trace:
[  393.870752][   T31]  <TASK>
[  393.873681][   T31]  __schedule+0x1798/0x4cc0
[  393.887502][   T31]  ? kasan_save_free_info+0x46/0x50
[  393.892720][   T31]  ? srso_alias_return_thunk+0x5/0xfbef5
[  393.917522][   T31]  ? __pfx___schedule+0x10/0x10
[  393.922414][   T31]  ? srso_alias_return_thunk+0x5/0xfbef5
[  393.937672][   T31]  ? schedule+0x91/0x360
[  393.941934][   T31]  schedule+0x165/0x360
[  393.946095][   T31]  schedule_preempt_disabled+0x13/0x30
[  393.951827][   T31]  __mutex_lock+0x7e6/0x1350
[  393.956428][   T31]  ? srso_alias_return_thunk+0x5/0xfbef5
[  393.962316][   T31]  ? __mutex_lock+0x5bb/0x1350
[  393.967099][   T31]  ? misc_open+0x51/0x330
[  393.971744][   T31]  ? __pfx___mutex_lock+0x10/0x10
[  393.976787][   T31]  ? srso_alias_return_thunk+0x5/0xfbef5
[  393.982711][   T31]  ? srso_alias_return_thunk+0x5/0xfbef5
[  393.988599][   T31]  misc_open+0x51/0x330
[  393.992778][   T31]  chrdev_open+0x4cc/0x5e0
[  393.997209][   T31]  ? __pfx_chrdev_open+0x10/0x10
[  394.002561][   T31]  ? srso_alias_return_thunk+0x5/0xfbef5
[  394.008357][   T31]  ? fsnotify_open_perm_and_set_mode+0x113/0x610
[  394.014722][   T31]  ? __pfx_chrdev_open+0x10/0x10
[  394.020037][   T31]  do_dentry_open+0x953/0x13f0
[  394.024827][   T31]  vfs_open+0x3b/0x340
[  394.037476][   T31]  ? path_openat+0x2ecd/0x3830
[  394.042259][   T31]  path_openat+0x2ee5/0x3830
[  394.046861][   T31]  ? arch_stack_walk+0xfc/0x150
[  394.053082][   T31]  ? stack_depot_save_flags+0x40/0x860
[  394.058749][   T31]  ? __pfx_path_openat+0x10/0x10
[  394.063694][   T31]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  394.070041][   T31]  do_filp_open+0x1fa/0x410
[  394.074554][   T31]  ? __lock_acquire+0xab9/0xd20
[  394.079632][   T31]  ? __pfx_do_filp_open+0x10/0x10
[  394.084694][   T31]  ? _raw_spin_unlock+0x28/0x50
[  394.089799][   T31]  ? srso_alias_return_thunk+0x5/0xfbef5
[  394.095444][   T31]  ? alloc_fd+0x64c/0x6c0
[  394.107659][   T31]  do_sys_openat2+0x121/0x1c0
[  394.112364][   T31]  ? __pfx_do_sys_openat2+0x10/0x10
[  394.117830][   T31]  ? fput_close_sync+0x119/0x200
[  394.122782][   T31]  ? __pfx_fput_close_sync+0x10/0x10
[  394.128348][   T31]  ? srso_alias_return_thunk+0x5/0xfbef5
[  394.134013][   T31]  __x64_sys_openat+0x138/0x170
[  394.139097][   T31]  do_syscall_64+0xfa/0x3b0
[  394.143622][   T31]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  394.149973][   T31]  ? asm_sysvec_reschedule_ipi+0x1a/0x20
[  394.155617][   T31]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  394.162004][   T31] RIP: 0033:0x7f9cd0ea7407
[  394.166427][   T31] RSP: 002b:00007fffacb3a5e0 EFLAGS: 00000202 ORIG_RAX: 0000000000000101
[  394.175102][   T31] RAX: ffffffffffffffda RBX: 00007f9cd158a880 RCX: 00007f9cd0ea7407
[  394.183299][   T31] RDX: 0000000000080002 RSI: 0000555bfb3bcfba RDI: ffffffffffffff9c
[  394.191500][   T31] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  394.199633][   T31] R10: 0000000000000000 R11: 0000000000000202 R12: 00007fffacb3a680
[  394.208845][   T31] R13: 0000555c2bc75e00 R14: 00007fffacb3bae0 R15: 00007fffacb3b6e0
[  394.216843][   T31]  </TASK>
[  394.220133][   T31] INFO: task syz.3.170:6738 blocked for more than 144 seconds.
[  394.229533][   T31]       Not tainted syzkaller #0
[  394.234466][   T31]       Blocked by coredump.
[  394.239311][   T31] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
[  394.249065][   T31] task:syz.3.170       state:D stack:25048 pid:6738  tgid:6735  ppid:5842   task_flags:0x40054c flags:0x00080001
[  394.262754][   T31] Call Trace:
[  394.266034][   T31]  <TASK>
[  394.270903][   T31]  __schedule+0x1798/0x4cc0
[  394.275461][   T31]  ? __pfx___schedule+0x10/0x10
[  394.282850][   T31]  ? srso_alias_return_thunk+0x5/0xfbef5
[  394.291176][   T31]  ? schedule+0x91/0x360
[  394.295439][   T31]  schedule+0x165/0x360
[  394.303264][   T31]  schedule_preempt_disabled+0x13/0x30
[  394.310881][   T31]  __mutex_lock+0x7e6/0x1350
[  394.315495][   T31]  ? __mutex_lock+0x5bb/0x1350
[  394.324319][   T31]  ? rfkill_unregister+0xc8/0x220
[  394.329602][   T31]  ? __pfx___mutex_lock+0x10/0x10
[  394.334646][   T31]  ? __pfx_device_del+0x10/0x10
[  394.341128][   T31]  ? hci_sock_dev_event+0x42d/0x600
[  394.346357][   T31]  rfkill_unregister+0xc8/0x220
[  394.351456][   T31]  hci_unregister_dev+0x374/0x510
[  394.356493][   T31]  vhci_release+0x152/0x1a0
[  394.361289][   T31]  ? __pfx_vhci_release+0x10/0x10
[  394.366336][   T31]  __fput+0x44c/0xa70
[  394.370616][   T31]  task_work_run+0x1d4/0x260
[  394.375231][   T31]  ? __pfx_task_work_run+0x10/0x10
[  394.383247][   T31]  ? kmem_cache_free+0x18f/0x400
[  394.390011][   T31]  do_exit+0x6b5/0x2300
[  394.394197][   T31]  ? srso_alias_return_thunk+0x5/0xfbef5
[  394.403397][   T31]  ? do_raw_spin_lock+0x121/0x290
[  394.411205][   T31]  ? __pfx_do_exit+0x10/0x10
[  394.415836][   T31]  do_group_exit+0x21c/0x2d0
[  394.423506][   T31]  ? srso_alias_return_thunk+0x5/0xfbef5
[  394.432145][   T31]  ? lockdep_hardirqs_on+0x9c/0x150
[  394.437357][   T31]  get_signal+0x1285/0x1340
[  394.444986][   T31]  arch_do_signal_or_restart+0xa0/0x790
[  394.453315][   T31]  ? __pfx___fput_deferred+0x10/0x10
[  394.461243][   T31]  ? __pfx_arch_do_signal_or_restart+0x10/0x10
[  394.469254][   T31]  ? exit_to_user_mode_loop+0x40/0x110
[  394.474725][   T31]  exit_to_user_mode_loop+0x72/0x110
[  394.482722][   T31]  do_syscall_64+0x2bd/0x3b0
[  394.487323][   T31]  ? lockdep_hardirqs_on+0x9c/0x150
[  394.500861][   T31]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  394.506941][   T31]  ? srso_alias_return_thunk+0x5/0xfbef5
[  394.515496][   T31]  ? exc_page_fault+0x9f/0xf0
[  394.523809][   T31]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  394.531523][   T31] RIP: 0033:0x7f4b6ef8eec9
[  394.535941][   T31] RSP: 002b:00007f4b6fede038 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[  394.549715][   T31] RAX: 0000000000000008 RBX: 00007f4b6f1e5fa0 RCX: 00007f4b6ef8eec9
[  394.558106][   T31] RDX: 0000000000000008 RSI: 0000200000000080 RDI: 000000000000000b
[  394.566090][   T31] RBP: 00007f4b6f011f91 R08: 0000000000000000 R09: 0000000000000000
[  394.574186][   T31] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  394.582217][   T31] R13: 00007f4b6f1e6038 R14: 00007f4b6f1e5fa0 R15: 00007ffd6e4682e8
[  394.590279][   T31]  </TASK>
[  394.593307][   T31] INFO: task syz-executor:6867 blocked for more than 144 seconds.
[  394.601308][   T31]       Not tainted syzkaller #0
[  394.606240][   T31] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
[  394.614925][   T31] task:syz-executor    state:D stack:23912 pid:6867  tgid:6867  ppid:1      task_flags:0x400140 flags:0x00080002
[  394.626919][   T31] Call Trace:
[  394.630271][   T31]  <TASK>
[  394.633199][   T31]  __schedule+0x1798/0x4cc0
[  394.637776][   T31]  ? __pfx___schedule+0x10/0x10
[  394.642640][   T31]  ? srso_alias_return_thunk+0x5/0xfbef5
[  394.648464][   T31]  ? schedule+0x91/0x360
[  394.652714][   T31]  schedule+0x165/0x360
[  394.656856][   T31]  schedule_preempt_disabled+0x13/0x30
[  394.662357][   T31]  __mutex_lock+0x7e6/0x1350
[  394.666961][   T31]  ? srso_alias_return_thunk+0x5/0xfbef5
[  394.672655][   T31]  ? __mutex_lock+0x5bb/0x1350
[  394.677468][   T31]  ? misc_open+0x51/0x330
[  394.681819][   T31]  ? __pfx___mutex_lock+0x10/0x10
[  394.686844][   T31]  ? srso_alias_return_thunk+0x5/0xfbef5
[  394.692523][   T31]  ? srso_alias_return_thunk+0x5/0xfbef5
[  394.698188][   T31]  misc_open+0x51/0x330
[  394.702353][   T31]  chrdev_open+0x4cc/0x5e0
[  394.706764][   T31]  ? __pfx_chrdev_open+0x10/0x10
[  394.711730][   T31]  ? srso_alias_return_thunk+0x5/0xfbef5
[  394.717384][   T31]  ? fsnotify_open_perm_and_set_mode+0x113/0x610
[  394.723767][   T31]  ? __pfx_chrdev_open+0x10/0x10
[  394.728744][   T31]  do_dentry_open+0x953/0x13f0
[  394.733521][   T31]  vfs_open+0x3b/0x340
[  394.737813][   T31]  ? path_openat+0x2ecd/0x3830
[  394.742586][   T31]  path_openat+0x2ee5/0x3830
[  394.747484][   T31]  ? arch_stack_walk+0xfc/0x150
[  394.752362][   T31]  ? stack_depot_save_flags+0x40/0x860
[  394.757878][   T31]  ? __pfx_path_openat+0x10/0x10
[  394.762816][   T31]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  394.768926][   T31]  do_filp_open+0x1fa/0x410
[  394.773448][   T31]  ? __lock_acquire+0xab9/0xd20
[  394.778334][   T31]  ? __pfx_do_filp_open+0x10/0x10
[  394.783381][   T31]  ? _raw_spin_unlock+0x28/0x50
[  394.788269][   T31]  ? srso_alias_return_thunk+0x5/0xfbef5
[  394.793915][   T31]  ? alloc_fd+0x64c/0x6c0
[  394.798311][   T31]  do_sys_openat2+0x121/0x1c0
[  394.802995][   T31]  ? __pfx_do_sys_openat2+0x10/0x10
[  394.808220][   T31]  ? fput_close_sync+0x119/0x200
[  394.813158][   T31]  ? __pfx_fput_close_sync+0x10/0x10
[  394.818486][   T31]  ? srso_alias_return_thunk+0x5/0xfbef5
[  394.824130][   T31]  __x64_sys_openat+0x138/0x170
[  394.829006][   T31]  do_syscall_64+0xfa/0x3b0
[  394.833498][   T31]  ? lockdep_hardirqs_on+0x9c/0x150
[  394.838733][   T31]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  394.844798][   T31]  ? srso_alias_return_thunk+0x5/0xfbef5
[  394.850480][   T31]  ? exc_page_fault+0x9f/0xf0
[  394.855162][   T31]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  394.861221][   T31] RIP: 0033:0x7f93fa98d710
[  394.865635][   T31] RSP: 002b:00007ffedea5abd0 EFLAGS: 00000293 ORIG_RAX: 0000000000000101
[  394.874069][   T31] RAX: ffffffffffffffda RBX: 0000000000000802 RCX: 00007f93fa98d710
[  394.882058][   T31] RDX: 0000000000000802 RSI: 00007f93faa12e65 RDI: 00000000ffffff9c
[  394.890047][   T31] RBP: 00007f93faa12e65 R08: 0000000000000000 R09: 0000000000000000
[  394.898045][   T31] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000008
[  394.906007][   T31] R13: 0000000000000003 R14: 0000000000000009 R15: 0000000000000000
[  394.914042][   T31]  </TASK>
[  394.917079][   T31] INFO: task syz-executor:7072 blocked for more than 144 seconds.
[  394.924924][   T31]       Not tainted syzkaller #0
[  394.929891][   T31] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
[  394.938602][   T31] task:syz-executor    state:D stack:26920 pid:7072  tgid:7072  ppid:1      task_flags:0x400140 flags:0x00080000
[  394.950569][   T31] Call Trace:
[  394.953839][   T31]  <TASK>
[  394.956756][   T31]  __schedule+0x1798/0x4cc0
[  394.961336][   T31]  ? srso_alias_return_thunk+0x5/0xfbef5
[  394.966975][   T31]  ? __lock_acquire+0xab9/0xd20
[  394.971868][   T31]  ? __lock_acquire+0xab9/0xd20
[  394.976726][   T31]  ? __pfx___schedule+0x10/0x10
[  394.981711][   T31]  ? srso_alias_return_thunk+0x5/0xfbef5
[  394.987525][   T31]  ? schedule+0x91/0x360
[  394.991786][   T31]  schedule+0x165/0x360
[  394.995935][   T31]  schedule_preempt_disabled+0x13/0x30
[  395.001701][   T31]  __mutex_lock+0x7e6/0x1350
[  395.006316][   T31]  ? __mutex_lock+0x5bb/0x1350
[  395.011157][   T31]  ? rfkill_fop_open+0x12d/0x820
[  395.016106][   T31]  ? __pfx___mutex_lock+0x10/0x10
[  395.021184][   T31]  ? srso_alias_return_thunk+0x5/0xfbef5
[  395.026822][   T31]  ? __raw_spin_lock_init+0x45/0x100
[  395.032155][   T31]  ? srso_alias_return_thunk+0x5/0xfbef5
[  395.037818][   T31]  ? __init_waitqueue_head+0xa9/0x150
[  395.043214][   T31]  rfkill_fop_open+0x12d/0x820
[  395.048043][   T31]  ? srso_alias_return_thunk+0x5/0xfbef5
[  395.053700][   T31]  ? __pfx_rfkill_fop_open+0x10/0x10
[  395.059161][   T31]  misc_open+0x2bc/0x330
[  395.063434][   T31]  chrdev_open+0x4cc/0x5e0
[  395.068072][   T31]  ? __pfx_chrdev_open+0x10/0x10
[  395.073024][   T31]  ? srso_alias_return_thunk+0x5/0xfbef5
[  395.078700][   T31]  ? fsnotify_open_perm_and_set_mode+0x113/0x610
[  395.085053][   T31]  ? __pfx_chrdev_open+0x10/0x10
[  395.090027][   T31]  do_dentry_open+0x953/0x13f0
[  395.094809][   T31]  vfs_open+0x3b/0x340
[  395.098898][   T31]  ? path_openat+0x2ecd/0x3830
[  395.103664][   T31]  path_openat+0x2ee5/0x3830
[  395.108287][   T31]  ? arch_stack_walk+0xfc/0x150
[  395.113163][   T31]  ? stack_depot_save_flags+0x40/0x860
[  395.118661][   T31]  ? srso_alias_return_thunk+0x5/0xfbef5
[  395.124312][   T31]  ? __pfx_path_openat+0x10/0x10
[  395.129287][   T31]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  395.135461][   T31]  do_filp_open+0x1fa/0x410
[  395.141639][   T31]  ? __lock_acquire+0xab9/0xd20
[  395.146506][   T31]  ? __pfx_do_filp_open+0x10/0x10
[  395.153016][   T31]  ? _raw_spin_unlock+0x28/0x50
[  395.158079][   T31]  ? srso_alias_return_thunk+0x5/0xfbef5
[  395.163828][   T31]  ? alloc_fd+0x64c/0x6c0
[  395.168369][   T31]  do_sys_openat2+0x121/0x1c0
[  395.173066][   T31]  ? __pfx_do_sys_openat2+0x10/0x10
[  395.179496][   T31]  ? exc_page_fault+0x76/0xf0
[  395.184175][   T31]  ? srso_alias_return_thunk+0x5/0xfbef5
[  395.189856][   T31]  ? do_user_addr_fault+0xc85/0x1380
[  395.195302][   T31]  __x64_sys_openat+0x138/0x170
[  395.200363][   T31]  do_syscall_64+0xfa/0x3b0
[  395.204908][   T31]  ? lockdep_hardirqs_on+0x9c/0x150
[  395.210159][   T31]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  395.216242][   T31]  ? srso_alias_return_thunk+0x5/0xfbef5
[  395.222107][   T31]  ? exc_page_fault+0x9f/0xf0
[  395.226792][   T31]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  395.232767][   T31] RIP: 0033:0x7ff43bb8d710
[  395.237182][   T31] RSP: 002b:00007fffc85b0e40 EFLAGS: 00000293 ORIG_RAX: 0000000000000101
[  395.245684][   T31] RAX: ffffffffffffffda RBX: 0000000000000001 RCX: 00007ff43bb8d710
[  395.253697][   T31] RDX: 0000000000000001 RSI: 00007ff43bc12a45 RDI: 00000000ffffff9c
[  395.262044][   T31] RBP: 00007ff43bc12a45 R08: 0000000000000000 R09: 00007fffc85b0dd7
[  395.270062][   T31] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000007
[  395.278137][   T31] R13: 0000000000000007 R14: 0000000000000009 R15: 0000000000000000
[  395.286122][   T31]  </TASK>
[  395.289309][   T31] INFO: task syz.1.254:7078 blocked for more than 145 seconds.
[  395.296847][   T31]       Not tainted syzkaller #0
[  395.302168][   T31]       Blocked by coredump.
[  395.306753][   T31] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
[  395.315630][   T31] task:syz.1.254       state:D stack:25640 pid:7078  tgid:7077  ppid:5832   task_flags:0x40044c flags:0x00080001
[  395.328018][   T31] Call Trace:
[  395.331293][   T31]  <TASK>
[  395.334218][   T31]  __schedule+0x1798/0x4cc0
[  395.338811][   T31]  ? srso_alias_return_thunk+0x5/0xfbef5
[  395.344453][   T31]  ? srso_alias_return_thunk+0x5/0xfbef5
[  395.350144][   T31]  ? validate_chain+0x897/0x2140
[  395.355178][   T31]  ? _raw_spin_unlock_irqrestore+0x85/0x110
[  395.361209][   T31]  ? srso_alias_return_thunk+0x5/0xfbef5
[  395.366851][   T31]  ? lockdep_hardirqs_on+0x9c/0x150
[  395.372312][   T31]  ? srso_alias_return_thunk+0x5/0xfbef5
[  395.386577][   T31]  ? __lock_acquire+0xab9/0xd20
[  395.391485][   T31]  ? __pfx___schedule+0x10/0x10
[  395.396360][   T31]  ? srso_alias_return_thunk+0x5/0xfbef5
[  395.403173][   T31]  ? schedule+0x91/0x360
[  395.407476][   T31]  schedule+0x165/0x360
[  395.411648][   T31]  schedule_timeout+0x9a/0x270
[  395.416409][   T31]  ? __pfx_schedule_timeout+0x10/0x10
[  395.421885][   T31]  ? srso_alias_return_thunk+0x5/0xfbef5
[  395.427557][   T31]  ? _raw_spin_unlock_irq+0x23/0x50
[  395.432741][   T31]  ? srso_alias_return_thunk+0x5/0xfbef5
[  395.438454][   T31]  ? lockdep_hardirqs_on+0x9c/0x150
[  395.443663][   T31]  ? wait_for_completion+0x267/0x5d0
[  395.449019][   T31]  wait_for_completion+0x2bf/0x5d0
[  395.454137][   T31]  ? srso_alias_return_thunk+0x5/0xfbef5
[  395.460100][   T31]  ? __pfx_wait_for_completion+0x10/0x10
[  395.466021][   T31]  ? srso_alias_return_thunk+0x5/0xfbef5
[  395.471712][   T31]  ? __flush_work+0xd2/0xbc0
[  395.476311][   T31]  ? __flush_work+0xd2/0xbc0
[  395.480948][   T31]  __flush_work+0x9b9/0xbc0
[  395.485465][   T31]  ? __flush_work+0xd2/0xbc0
[  395.490131][   T31]  ? __pfx___flush_work+0x10/0x10
[  395.495167][   T31]  ? __pfx_wq_barrier_func+0x10/0x10
[  395.500498][   T31]  ? __pfx___cancel_work+0x10/0x10
[  395.505620][   T31]  ? nfc_genl_device_removed+0x23c/0x330
[  395.511359][   T31]  __cancel_work_sync+0xbe/0x110
[  395.516313][   T31]  rfkill_unregister+0x92/0x220
[  395.521191][   T31]  nfc_unregister_device+0x96/0x2a0
[  395.526398][   T31]  ? __pfx_virtual_ncidev_close+0x10/0x10
[  395.532172][   T31]  virtual_ncidev_close+0x56/0x90
[  395.537204][   T31]  __fput+0x44c/0xa70
[  395.541324][   T31]  task_work_run+0x1d4/0x260
[  395.545935][   T31]  ? __pfx_task_work_run+0x10/0x10
[  395.551081][   T31]  ? srso_alias_return_thunk+0x5/0xfbef5
[  395.556725][   T31]  ? srso_alias_return_thunk+0x5/0xfbef5
[  395.562389][   T31]  do_exit+0x6b5/0x2300
[  395.566572][   T31]  ? srso_alias_return_thunk+0x5/0xfbef5
[  395.572254][   T31]  ? do_raw_spin_lock+0x121/0x290
[  395.577307][   T31]  ? __pfx_do_exit+0x10/0x10
[  395.582041][   T31]  do_group_exit+0x21c/0x2d0
[  395.586657][   T31]  ? srso_alias_return_thunk+0x5/0xfbef5
[  395.592365][   T31]  ? lockdep_hardirqs_on+0x9c/0x150
[  395.597612][   T31]  get_signal+0x1285/0x1340
[  395.602139][   T31]  arch_do_signal_or_restart+0xa0/0x790
[  395.607711][   T31]  ? __pfx_arch_do_signal_or_restart+0x10/0x10
[  395.613863][   T31]  ? do_sys_openat2+0x154/0x1c0
[  395.618805][   T31]  ? srso_alias_return_thunk+0x5/0xfbef5
[  395.624462][   T31]  ? __se_sys_futex+0x36f/0x400
[  395.629380][   T31]  ? exit_to_user_mode_loop+0x40/0x110
[  395.634850][   T31]  exit_to_user_mode_loop+0x72/0x110
[  395.640156][   T31]  do_syscall_64+0x2bd/0x3b0
[  395.644750][   T31]  ? lockdep_hardirqs_on+0x9c/0x150
[  395.649993][   T31]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  395.656055][   T31]  ? srso_alias_return_thunk+0x5/0xfbef5
[  395.661724][   T31]  ? exc_page_fault+0x9f/0xf0
[  395.666407][   T31]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  395.672348][   T31] RIP: 0033:0x7f031dd8eec9
[  395.676761][   T31] RSP: 002b:00007f031ec18038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101
[  395.685206][   T31] RAX: 0000000000000007 RBX: 00007f031dfe5fa0 RCX: 00007f031dd8eec9
[  395.693217][   T31] RDX: 0000000000000002 RSI: 0000200000000080 RDI: ffffffffffffff9c
[  395.701242][   T31] RBP: 00007f031de11f91 R08: 0000000000000000 R09: 0000000000000000
[  395.709238][   T31] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  395.717217][   T31] R13: 00007f031dfe6038 R14: 00007f031dfe5fa0 R15: 00007ffd4ce4f3b8
[  395.725264][   T31]  </TASK>
[  395.728322][   T31] INFO: task syz.4.264:7167 blocked for more than 145 seconds.
[  395.735856][   T31]       Not tainted syzkaller #0
[  395.740805][   T31] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
[  395.749510][   T31] task:syz.4.264       state:D stack:27720 pid:7167  tgid:7159  ppid:5850   task_flags:0x400040 flags:0x00080002
[  395.761485][   T31] Call Trace:
[  395.764849][   T31]  <TASK>
[  395.767805][   T31]  __schedule+0x1798/0x4cc0
[  395.772317][   T31]  ? kasan_save_free_info+0x46/0x50
[  395.777550][   T31]  ? srso_alias_return_thunk+0x5/0xfbef5
[  395.783186][   T31]  ? __lock_acquire+0xab9/0xd20
[  395.788076][   T31]  ? __lock_acquire+0xab9/0xd20
[  395.792930][   T31]  ? __pfx___schedule+0x10/0x10
[  395.797829][   T31]  ? srso_alias_return_thunk+0x5/0xfbef5
[  395.803471][   T31]  ? schedule+0x91/0x360
[  395.807750][   T31]  schedule+0x165/0x360
[  395.811908][   T31]  schedule_preempt_disabled+0x13/0x30
[  395.817351][   T31]  __mutex_lock+0x7e6/0x1350
[  395.821970][   T31]  ? srso_alias_return_thunk+0x5/0xfbef5
[  395.827651][   T31]  ? __mutex_lock+0x5bb/0x1350
[  395.832427][   T31]  ? misc_open+0x51/0x330
[  395.836751][   T31]  ? __pfx___mutex_lock+0x10/0x10
[  395.841831][   T31]  ? srso_alias_return_thunk+0x5/0xfbef5
[  395.847503][   T31]  ? srso_alias_return_thunk+0x5/0xfbef5
[  395.853150][   T31]  misc_open+0x51/0x330
[  395.857332][   T31]  chrdev_open+0x4cc/0x5e0
[  395.861827][   T31]  ? __pfx_chrdev_open+0x10/0x10
[  395.866777][   T31]  ? srso_alias_return_thunk+0x5/0xfbef5
[  395.872451][   T31]  ? fsnotify_open_perm_and_set_mode+0x113/0x610
[  395.878828][   T31]  ? __pfx_chrdev_open+0x10/0x10
[  395.883757][   T31]  do_dentry_open+0x953/0x13f0
[  395.888563][   T31]  vfs_open+0x3b/0x340
[  395.892623][   T31]  ? path_openat+0x2ecd/0x3830
[  395.897374][   T31]  path_openat+0x2ee5/0x3830
[  395.901979][   T31]  ? arch_stack_walk+0xfc/0x150
[  395.906852][   T31]  ? stack_depot_save_flags+0x40/0x860
[  395.912357][   T31]  ? __pfx_path_openat+0x10/0x10
[  395.917297][   T31]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  395.923419][   T31]  do_filp_open+0x1fa/0x410
[  395.927955][   T31]  ? __lock_acquire+0xab9/0xd20
[  395.932804][   T31]  ? __pfx_do_filp_open+0x10/0x10
[  395.937883][   T31]  ? _raw_spin_unlock+0x28/0x50
[  395.942739][   T31]  ? srso_alias_return_thunk+0x5/0xfbef5
[  395.948408][   T31]  ? alloc_fd+0x64c/0x6c0
[  395.952775][   T31]  do_sys_openat2+0x121/0x1c0
[  395.957527][   T31]  ? srso_alias_return_thunk+0x5/0xfbef5
[  395.963162][   T31]  ? __se_sys_futex+0x36f/0x400
[  395.968051][   T31]  ? __pfx_do_sys_openat2+0x10/0x10
[  395.973258][   T31]  ? srso_alias_return_thunk+0x5/0xfbef5
[  395.978945][   T31]  ? rcu_is_watching+0x15/0xb0
[  395.983731][   T31]  __x64_sys_openat+0x138/0x170
[  395.988635][   T31]  do_syscall_64+0xfa/0x3b0
[  395.993145][   T31]  ? lockdep_hardirqs_on+0x9c/0x150
[  395.998379][   T31]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  396.004452][   T31]  ? srso_alias_return_thunk+0x5/0xfbef5
[  396.010104][   T31]  ? exc_page_fault+0x9f/0xf0
[  396.014785][   T31]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  396.020735][   T31] RIP: 0033:0x7f9488b8eec9
[  396.025148][   T31] RSP: 002b:00007f9486db4038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101
[  396.033593][   T31] RAX: ffffffffffffffda RBX: 00007f9488de6180 RCX: 00007f9488b8eec9
[  396.041633][   T31] RDX: 0000000000000002 RSI: 0000200000000080 RDI: ffffffffffffff9c
[  396.049637][   T31] RBP: 00007f9488c11f91 R08: 0000000000000000 R09: 0000000000000000
[  396.057655][   T31] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  396.065623][   T31] R13: 00007f9488de6218 R14: 00007f9488de6180 R15: 00007ffdf66dde78
[  396.073645][   T31]  </TASK>
[  396.076669][   T31] 
[  396.076669][   T31] Showing all locks held in the system:
[  396.084404][   T31] 1 lock held by khungtaskd/31:
[  396.089336][   T31]  #0: ffffffff8dd3a860 (rcu_read_lock){....}-{1:3}, at: debug_show_all_locks+0x2e/0x180
[  396.099512][   T31] 4 locks held by kworker/0:2/1210:
[  396.104797][   T31]  #0: ffff8880b8839fd8 (&rq->__lock){-.-.}-{2:2}, at: raw_spin_rq_lock_nested+0xad/0x140
[  396.116095][   T31]  #1: ffff8880b8824048 (psi_seq){-.-.}-{0:0}, at: psi_task_switch+0x53/0x880
[  396.125120][   T31]  #2: ffff888059fe0fe0 (&r->consumer_lock#2){+.+.}-{3:3}, at: wg_packet_decrypt_worker+0x87a/0xd10
[  396.136194][   T31]  #3: ffff8880b8839fd8 (&rq->__lock){-.-.}-{2:2}, at: raw_spin_rq_lock_nested+0xad/0x140
[  396.146494][   T31] 2 locks held by syslogd/5184:
[  396.151578][   T31] 1 lock held by klogd/5191:
[  396.156170][   T31]  #0: ffff8880b8839fd8 (&rq->__lock){-.-.}-{2:2}, at: raw_spin_rq_lock_nested+0xad/0x140
[  396.166164][   T31] 2 locks held by getty/5590:
[  396.170872][   T31]  #0: ffff88803340d0a0 (&tty->ldisc_sem){++++}-{0:0}, at: tty_ldisc_ref_wait+0x25/0x70
[  396.181803][   T31]  #1: ffffc900036bb2f0 (&ldata->atomic_read_lock){+.+.}-{4:4}, at: n_tty_read+0x43e/0x1400
[  396.192281][   T31] 1 lock held by syz-executor/5832:
[  396.197519][   T31]  #0: ffffffff8f39b7e8 (rfkill_global_mutex){+.+.}-{4:4}, at: rfkill_unregister+0xc8/0x220
[  396.207826][   T31] 1 lock held by syz-executor/5834:
[  396.213008][   T31]  #0: ffffffff8f39b7e8 (rfkill_global_mutex){+.+.}-{4:4}, at: rfkill_unregister+0xc8/0x220
[  396.223198][   T31] 4 locks held by kworker/1:3/5843:
[  396.228561][   T31]  #0: ffff88801a079148 ((wq_completion)events){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0
[  396.239741][   T31]  #1: ffffc90002f27bc0 ((work_completion)(&rfkill->sync_work)){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0
[  396.252394][   T31]  #2: ffffffff8f39b7e8 (rfkill_global_mutex){+.+.}-{4:4}, at: rfkill_sync_work+0x2e/0x200
[  396.262853][   T31]  #3: ffff88807de51100 (&dev->mutex){....}-{4:4}, at: nfc_rfkill_set_block+0x50/0x2e0
[  396.272664][   T31] 1 lock held by udevd/6051:
[  396.277247][   T31]  #0: ffffffff8e556f28 (misc_mtx){+.+.}-{4:4}, at: misc_open+0x51/0x330
[  396.285884][   T31] 1 lock held by syz.3.170/6738:
[  396.290887][   T31]  #0: ffffffff8f39b7e8 (rfkill_global_mutex){+.+.}-{4:4}, at: rfkill_unregister+0xc8/0x220
[  396.301082][   T31] 1 lock held by syz-executor/6867:
[  396.306267][   T31]  #0: ffffffff8e556f28 (misc_mtx){+.+.}-{4:4}, at: misc_open+0x51/0x330
[  396.314792][   T31] 2 locks held by syz-executor/7072:
[  396.320098][   T31]  #0: ffffffff8e556f28 (misc_mtx){+.+.}-{4:4}, at: misc_open+0x51/0x330
[  396.328637][   T31]  #1: ffffffff8f39b7e8 (rfkill_global_mutex){+.+.}-{4:4}, at: rfkill_fop_open+0x12d/0x820
[  396.339354][   T31] 1 lock held by syz.1.254/7078:
[  396.344288][   T31]  #0: ffff88807de51100 (&dev->mutex){....}-{4:4}, at: nfc_unregister_device+0x63/0x2a0
[  396.354242][   T31] 1 lock held by syz.4.264/7167:
[  396.359252][   T31]  #0: ffffffff8e556f28 (misc_mtx){+.+.}-{4:4}, at: misc_open+0x51/0x330
[  396.368157][   T31] 1 lock held by syz-executor/7292:
[  396.373344][   T31]  #0: ffffffff8e556f28 (misc_mtx){+.+.}-{4:4}, at: misc_open+0x51/0x330
[  396.382122][   T31] 1 lock held by syz-executor/7315:
[  396.387308][   T31]  #0: ffffffff8e556f28 (misc_mtx){+.+.}-{4:4}, at: misc_open+0x51/0x330
[  396.395835][   T31] 1 lock held by syz-executor/7332:
[  396.401292][   T31]  #0: ffffffff8e556f28 (misc_mtx){+.+.}-{4:4}, at: misc_open+0x51/0x330
[  396.409863][   T31] 1 lock held by syz.0.294/7345:
[  396.414796][   T31]  #0: ffffffff8e556f28 (misc_mtx){+.+.}-{4:4}, at: misc_open+0x51/0x330
[  396.423546][   T31] 1 lock held by syz-executor/7501:
[  396.428804][   T31]  #0: ffffffff8e556f28 (misc_mtx){+.+.}-{4:4}, at: misc_open+0x51/0x330
[  396.437348][   T31] 1 lock held by syz-executor/7559:
[  396.442587][   T31]  #0: ffffffff8e556f28 (misc_mtx){+.+.}-{4:4}, at: misc_open+0x51/0x330
[  396.451134][   T31] 1 lock held by syz-executor/7565:
[  396.456310][   T31]  #0: ffffffff8e556f28 (misc_mtx){+.+.}-{4:4}, at: misc_open+0x51/0x330
[  396.464876][   T31] 1 lock held by syz-executor/7567:
[  396.470113][   T31]  #0: ffffffff8e556f28 (misc_mtx){+.+.}-{4:4}, at: misc_open+0x51/0x330
[  396.478868][   T31] 1 lock held by syz-executor/7569:
[  396.484059][   T31]  #0: ffffffff8e556f28 (misc_mtx){+.+.}-{4:4}, at: misc_open+0x51/0x330
[  396.492607][   T31] 1 lock held by syz-executor/7571:
[  396.498299][   T31]  #0: ffffffff8e556f28 (misc_mtx){+.+.}-{4:4}, at: misc_open+0x51/0x330
[  396.506847][   T31] 1 lock held by syz-executor/7573:
[  396.512442][   T31]  #0: ffffffff8e556f28 (misc_mtx){+.+.}-{4:4}, at: misc_open+0x51/0x330
[  396.521208][   T31] 1 lock held by syz-executor/7576:
[  396.526407][   T31]  #0: ffffffff8e556f28 (misc_mtx){+.+.}-{4:4}, at: misc_open+0x51/0x330
[  396.535241][   T31] 1 lock held by syz-executor/7581:
[  396.540677][   T31]  #0: ffffffff8e556f28 (misc_mtx){+.+.}-{4:4}, at: misc_open+0x51/0x330
[  396.549432][   T31] 1 lock held by syz-executor/7583:
[  396.554620][   T31]  #0: ffffffff8e556f28 (misc_mtx){+.+.}-{4:4}, at: misc_open+0x51/0x330
[  396.563113][   T31] 
[  396.565431][   T31] =============================================
[  396.565431][   T31] 
[  396.573881][   T31] NMI backtrace for cpu 1
[  396.573897][   T31] CPU: 1 UID: 0 PID: 31 Comm: khungtaskd Not tainted syzkaller #0 PREEMPT(full) 
[  396.573921][   T31] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
[  396.573934][   T31] Call Trace:
[  396.573942][   T31]  <TASK>
[  396.573951][   T31]  dump_stack_lvl+0x189/0x250
[  396.573989][   T31]  ? __pfx_dump_stack_lvl+0x10/0x10
[  396.574019][   T31]  ? __pfx__printk+0x10/0x10
[  396.574056][   T31]  nmi_cpu_backtrace+0x39e/0x3d0
[  396.574097][   T31]  ? __pfx_nmi_cpu_backtrace+0x10/0x10
[  396.574137][   T31]  ? __pfx__printk+0x10/0x10
[  396.574158][   T31]  ? srso_alias_return_thunk+0x5/0xfbef5
[  396.574189][   T31]  ? __pfx_nmi_raise_cpu_backtrace+0x10/0x10
[  396.574218][   T31]  nmi_trigger_cpumask_backtrace+0x17a/0x300
[  396.574258][   T31]  watchdog+0xf93/0xfe0
[  396.574289][   T31]  ? watchdog+0x1de/0xfe0
[  396.574319][   T31]  kthread+0x711/0x8a0
[  396.574356][   T31]  ? __pfx_watchdog+0x10/0x10
[  396.574378][   T31]  ? __pfx_kthread+0x10/0x10
[  396.574408][   T31]  ? srso_alias_return_thunk+0x5/0xfbef5
[  396.574445][   T31]  ? _raw_spin_unlock_irq+0x23/0x50
[  396.574469][   T31]  ? srso_alias_return_thunk+0x5/0xfbef5
[  396.574494][   T31]  ? lockdep_hardirqs_on+0x9c/0x150
[  396.574519][   T31]  ? __pfx_kthread+0x10/0x10
[  396.574553][   T31]  ret_from_fork+0x439/0x7d0
[  396.574584][   T31]  ? __pfx_ret_from_fork+0x10/0x10
[  396.574617][   T31]  ? __switch_to_asm+0x39/0x70
[  396.574649][   T31]  ? __switch_to_asm+0x33/0x70
[  396.574680][   T31]  ? __pfx_kthread+0x10/0x10
[  396.574713][   T31]  ret_from_fork_asm+0x1a/0x30
[  396.574765][   T31]  </TASK>
[  396.574774][   T31] Sending NMI from CPU 1 to CPUs 0:
[  396.736922][    C0] NMI backtrace for cpu 0
[  396.736940][    C0] CPU: 0 UID: 0 PID: 0 Comm: swapper/0 Not tainted syzkaller #0 PREEMPT(full) 
[  396.736963][    C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
[  396.736976][    C0] RIP: 0010:pv_native_safe_halt+0x13/0x20
[  396.737005][    C0] Code: de 9a d8 f5 cc cc cc 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 f3 0f 1e fa 66 90 0f 00 2d b3 7d 10 00 f3 0f 1e fa fb f4 <e9> b3 9a d8 f5 cc cc cc cc cc cc cc cc 90 90 90 90 90 90 90 90 90
[  396.737022][    C0] RSP: 0018:ffffffff8da07d80 EFLAGS: 000002c2
[  396.737040][    C0] RAX: 737d05985a565000 RBX: ffffffff81953917 RCX: 737d05985a565000
[  396.737057][    C0] RDX: 0000000000000001 RSI: ffffffff8d51801b RDI: ffffffff8b9ec360
[  396.737071][    C0] RBP: ffffffff8da07eb8 R08: ffff8880b8832fdb R09: 1ffff110171065fb
[  396.737087][    C0] R10: dffffc0000000000 R11: ffffed10171065fc R12: ffffffff8f5bfe30
[  396.737103][    C0] R13: 0000000000000000 R14: 0000000000000000 R15: 1ffffffff1b52a28
[  396.737119][    C0] FS:  0000000000000000(0000) GS:ffff888126380000(0000) knlGS:0000000000000000
[  396.737136][    C0] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  396.737150][    C0] CR2: 000055626f447000 CR3: 000000000db36000 CR4: 0000000000350ef0
[  396.737167][    C0] Call Trace:
[  396.737174][    C0]  <TASK>
[  396.737182][    C0]  default_idle+0x13/0x20
[  396.737209][    C0]  default_idle_call+0x73/0xb0
[  396.737237][    C0]  do_idle+0x1e7/0x510
[  396.737260][    C0]  ? asm_sysvec_reschedule_ipi+0x1a/0x20
[  396.737282][    C0]  ? srso_alias_return_thunk+0x5/0xfbef5
[  396.737310][    C0]  ? __pfx_do_idle+0x10/0x10
[  396.737340][    C0]  ? do_idle+0x10/0x510
[  396.737366][    C0]  cpu_startup_entry+0x44/0x60
[  396.737390][    C0]  rest_init+0x2de/0x300
[  396.737425][    C0]  start_kernel+0x3ae/0x410
[  396.737463][    C0]  x86_64_start_reservations+0x24/0x30
[  396.737488][    C0]  x86_64_start_kernel+0x143/0x1c0
[  396.737513][    C0]  common_startup_64+0x13e/0x147
[  396.737557][    C0]  </TASK>
[  396.741136][   T31] Kernel panic - not syncing: hung_task: blocked tasks
[  396.741155][   T31] CPU: 1 UID: 0 PID: 31 Comm: khungtaskd Not tainted syzkaller #0 PREEMPT(full) 
[  396.741181][   T31] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
[  396.741196][   T31] Call Trace:
[  396.741206][   T31]  <TASK>
[  396.741217][   T31]  dump_stack_lvl+0x99/0x250
[  396.741252][   T31]  ? __asan_memcpy+0x40/0x70
[  396.741280][   T31]  ? __pfx_dump_stack_lvl+0x10/0x10
[  396.741313][   T31]  ? __pfx__printk+0x10/0x10
[  396.741346][   T31]  ? srso_alias_return_thunk+0x5/0xfbef5
[  396.741379][   T31]  vpanic+0x281/0x750
[  396.741416][   T31]  ? __pfx_vpanic+0x10/0x10
[  396.741446][   T31]  ? preempt_schedule+0xae/0xc0
[  396.741473][   T31]  ? srso_alias_return_thunk+0x5/0xfbef5
[  396.741501][   T31]  ? preempt_schedule_common+0x83/0xd0
[  396.741536][   T31]  panic+0xb9/0xc0
[  396.741568][   T31]  ? __pfx_panic+0x10/0x10
[  396.741602][   T31]  ? srso_alias_return_thunk+0x5/0xfbef5
[  396.741629][   T31]  ? preempt_schedule_thunk+0x16/0x30
[  396.741662][   T31]  ? srso_alias_return_thunk+0x5/0xfbef5
[  396.741695][   T31]  ? nmi_trigger_cpumask_backtrace+0x2bb/0x300
[  396.741739][   T31]  watchdog+0xfd2/0xfe0
[  396.741771][   T31]  ? watchdog+0x1de/0xfe0
[  396.741803][   T31]  kthread+0x711/0x8a0
[  396.741843][   T31]  ? __pfx_watchdog+0x10/0x10
[  396.741867][   T31]  ? __pfx_kthread+0x10/0x10
[  396.741899][   T31]  ? srso_alias_return_thunk+0x5/0xfbef5
[  397.064596][   T31]  ? _raw_spin_unlock_irq+0x23/0x50
[  397.069794][   T31]  ? srso_alias_return_thunk+0x5/0xfbef5
[  397.075419][   T31]  ? lockdep_hardirqs_on+0x9c/0x150
[  397.080608][   T31]  ? __pfx_kthread+0x10/0x10
[  397.085196][   T31]  ret_from_fork+0x439/0x7d0
[  397.089787][   T31]  ? __pfx_ret_from_fork+0x10/0x10
[  397.094897][   T31]  ? __switch_to_asm+0x39/0x70
[  397.099657][   T31]  ? __switch_to_asm+0x33/0x70
[  397.104423][   T31]  ? __pfx_kthread+0x10/0x10
[  397.109012][   T31]  ret_from_fork_asm+0x1a/0x30
[  397.113794][   T31]  </TASK>
[  397.117009][   T31] Kernel Offset: disabled
[  397.121318][   T31] Rebooting in 86400 seconds..