last executing test programs:

3m0.285317321s ago: executing program 2 (id=441):
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000100)={0x0, 0x40}, 0x1, 0x0, 0x0, 0x24040804}, 0x40000)
openat$sysfs(0xffffffffffffff9c, &(0x7f0000000000)='/sys/power/pm_test', 0x41, 0x4)
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='rdma.current\x00', 0x275a, 0x0)
write$binfmt_script(r2, &(0x7f0000000000), 0x208e24b)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, r2, 0x0)
preadv(r2, &(0x7f00000015c0)=[{&(0x7f0000000080)=""/124, 0xffffff23}], 0x1, 0x0, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil})
r3 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r3, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@text64={0x40, 0x0}], 0x1, 0x64, 0x0, 0x0)
sendmsg$NL80211_CMD_SET_REKEY_OFFLOAD(r2, &(0x7f0000000300)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x800}, 0x0)
ioctl$KVM_RUN(r3, 0xae80, 0x0)

2m59.455921132s ago: executing program 2 (id=444):
r0 = socket(0x2, 0x80805, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0xa, 0xf}, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000009c0)=ANY=[], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, 0x2}, 0x94)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x7)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbee2, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f0000000300)=@abs={0x0, 0x0, 0x4e21}, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
getsockopt$inet_sctp6_SCTP_MAX_BURST(r0, 0x84, 0x82, 0x0, &(0x7f00000001c0))

2m58.140306861s ago: executing program 2 (id=446):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$ETHTOOL_MSG_LINKINFO_SET(r0, &(0x7f0000000280)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x20003810}, 0x4001)
sendmsg$FOU_CMD_GET(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000b00)={&(0x7f00000000c0)=ANY=[], 0x14}, 0x1, 0x0, 0x0, 0x94}, 0x80)
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60)
r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
ioctl$KVM_SET_IRQCHIP(r2, 0x8208ae63, &(0x7f0000000880)={0x0, 0x0, @pic={0x2a, 0xe, 0x7, 0x6, 0xfb, 0x2, 0xf, 0x4, 0x3, 0x0, 0x3, 0x5a, 0x9e, 0xa, 0x6, 0x7f}})
ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f0000000000)={[0x35, 0xfff, 0x0, 0x180, 0x4, 0x14, 0xf1, 0x0, 0x7fffffffffffe, 0x5, 0x4005, 0x6, 0x0, 0x45, 0x1, 0xbdb], 0x1, 0x1c4213})
bind$inet(0xffffffffffffffff, &(0x7f0000000000)={0x2, 0x4e23, @rand_addr=0x64010101}, 0x10)
sendmmsg$inet(0xffffffffffffffff, &(0x7f0000000bc0)=[{{&(0x7f0000000180)={0x2, 0x4e27, @empty}, 0x10, 0x0, 0x64}}], 0x1, 0x20004840)
ioctl$KVM_RUN(r3, 0xae80, 0x0)

2m57.798898024s ago: executing program 2 (id=449):
socket$inet6_tcp(0xa, 0x1, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
socket$kcm(0xa, 0x1, 0x106)
socket$nl_xfrm(0x10, 0x3, 0x6)
socket$inet6(0xa, 0x3, 0x87)
socket$kcm(0xa, 0x5, 0x0)
socket$kcm(0x2, 0x200000000000001, 0x0)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='cgroup.stat\x00', 0x275a, 0x0)
r0 = syz_open_dev$dri(&(0x7f0000000080), 0x1, 0x0)
ioctl$DRM_IOCTL_SET_CLIENT_CAP(r0, 0x4010640d, &(0x7f0000000280)={0x3, 0x2})
ioctl$DRM_IOCTL_MODE_GETPLANERESOURCES(r0, 0xc01064b5, &(0x7f0000000140)={&(0x7f0000000100)=[<r1=>0x0], 0x40000012})
ioctl$DRM_IOCTL_MODE_SETPLANE(r0, 0xc03064b7, &(0x7f00000003c0)={r1, 0x0, 0x0, 0x7e3c, 0x4, 0x9, 0xfffffff9, 0xffff, 0xfffffffe, 0x7, 0x1, 0xfefffffd})
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200))
ioctl$DRM_IOCTL_MODE_ATOMIC(r0, 0xc03864bc, &(0x7f0000000180)={0x300, 0x1, &(0x7f0000000340)=[r1], &(0x7f0000000040)=[0x1], &(0x7f0000000200), &(0x7f00000000c0), 0x0, 0x7f})

2m57.377160105s ago: executing program 2 (id=451):
syz_mount_image$fuse(0x0, &(0x7f0000001080)='./file0\x00', 0x2080031, 0x0, 0x1, 0x0, 0x0)
pipe2$9p(&(0x7f0000000240)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x800)
r2 = bpf$MAP_CREATE(0x0, &(0x7f0000001740)=ANY=[@ANYBLOB="1b00000000000000000000000080"], 0x48)
r3 = bpf$PROG_LOAD(0x5, &(0x7f0000001800)={0x11, 0xc, &(0x7f0000000c00)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000008200000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x38, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000bc0)={&(0x7f0000000040)='kmem_cache_free\x00', r3}, 0x10)
write$P9_RVERSION(r1, &(0x7f0000000080)=ANY=[@ANYBLOB="1500000065ffff097b000008003950323030302e4c"], 0x15)
r4 = dup(r1)
write$FUSE_BMAP(r4, &(0x7f0000000100)={0x18}, 0x18)
write$FUSE_DIRENTPLUS(r4, &(0x7f0000000440)=ANY=[@ANYBLOB="b0000000"], 0xb0)
write$FUSE_NOTIFY_RETRIEVE(r4, &(0x7f00000000c0)={0x14c}, 0x137)
mount$9p_fd(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f0000000b80), 0x0, &(0x7f0000000000)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r4])
syz_mount_image$fuse(0x0, &(0x7f0000000080)='./bus\x00', 0x10040d0, 0x0, 0x0, 0x0, 0x0)
mount$overlay(0x0, &(0x7f0000000100)='./bus\x00', &(0x7f0000000440), 0x8, &(0x7f0000000200)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, '.'}}, {@upperdir={'upperdir', 0x3d, './file0'}}]})
syz_mount_image$fuse(0x0, &(0x7f00000000c0)='./file0/file1\x00', 0x200810, 0x0, 0x0, 0x0, 0x0)

2m55.577311942s ago: executing program 2 (id=454):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
r1 = openat$audio1(0xffffffffffffff9c, &(0x7f0000000380), 0x80001, 0x0)
ioctl$SNDCTL_DSP_SUBDIVIDE(r1, 0xc0045009, &(0x7f0000000440)=0x10)
ioctl$SNDCTL_DSP_SETFRAGMENT(r1, 0xc004500a, &(0x7f00000000c0)=0x53fffffe)
r2 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/oops_count', 0x549180, 0x8)
sendmsg$NFT_BATCH(r2, &(0x7f0000000080)={0x0, 0x0, 0x0}, 0x4048010)
r3 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101})
socket(0x400000000010, 0x3, 0x0)
r4 = socket$unix(0x1, 0x1, 0x0)
ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r5=>0x0})
sendmsg$nl_route_sched(r3, &(0x7f0000001200)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000b80)=@newqdisc={0x2c, 0x28, 0x4ee4e6a52ff56541, 0x4001, 0xfffffdfc, {0x0, 0x0, 0x0, r5, {}, {0xffff, 0xffff}, {0x2, 0x5}}, [@TCA_INGRESS_BLOCK={0x8, 0xd, 0x401}]}, 0x2c}, 0x1, 0x0, 0x0, 0x400dc}, 0x4000080)
sendmsg$IPCTNL_MSG_CT_GET(r0, 0x0, 0x404c044)

2m45.047480132s ago: executing program 0 (id=484):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x80000100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000300)=0x7)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x3)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0xce7c1000)
r1 = syz_clone(0x8000, 0x0, 0xfffffffffffffe7e, 0x0, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, r1, 0x1, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x400000bce)
r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r2, &(0x7f0000019680)=""/102392, 0x18ff8)
open_by_handle_at(0xffffffffffffffff, 0x0, 0xe40)
r3 = socket$vsock_stream(0x28, 0x1, 0x0)
close_range(r3, 0xffffffffffffffff, 0x0)

2m43.854225739s ago: executing program 0 (id=486):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x7, 0x100}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
r3 = fsopen(&(0x7f0000000300)='tracefs\x00', 0x0)
fsconfig$FSCONFIG_SET_STRING(r3, 0x1, &(0x7f0000000580)='gid', &(0x7f0000000440)='0\x00#\x00\xd0\x00 \x00\x00qS\x00\x00\x00\x00\x00\x00\x00\x00$\xf6_\xbdI\x1c\xf2\xa9]\xcc\xe0*\xef\x01\x8d\x15\xd2h\x93\xc9\xb57\xc3\xeaEb\xf8\xe6,\xdf\xd4\xfae\x84\xcc\xd5\"d\xf0D-\x98\x9f\x81{\xfc$\xc4\xbcF\xf8\xc8\x8d\xcb\xb8\xf2\x1e\xe4\'U\xb3\xb8\xd3\xe6\xd7\x80Y\xc2\xeb\n\xb8_\xe8\x96YY\xe3\xc7\xe6\xf28\x19\xa6\xa7\xfa\xdb\x1ce\xc1\x03\x86J\xb2fh\x19\xee#\xcc\x0f\xed\xfea\xdc\x88\xcb%bW\xd35\xda=\xac\x1d\xae\x93\xfd\'T6\x94\n\xa4\x9cU\xc4\fA~[\xbf\x8b\x90\xfe\x04\xe7U\xf3h\x81\x14l7u\x95\x96t\\\x0f\xef;\x03\xa4C\xbc(Vc!a\xc1\xe39\xc6b\x905\xf8\xc9@h\x01\xf5\xcb\x88\xdf9\xaf5\xc8a:z\xe4\xcbag&67\x814\xf6}\xe10v6l\xd6,\x1e\xa0\xcc\xbf\xfdkm\b?\x839\x85N\x1c\xc1\xcb\xfc\x85\xd2\n\x02\"\xf2\x81g\x90\x01n%\x7f_\xe1.f>>\xa5\xfb\"\xab\xdb\x06\x12e\x14\x11~\x9a\bR-\x85\xc3\xa9\xe6\xf6R\x11\"\xc3\xc9\xfc\x14s X\xec\xdd\xc2qB\x85\xf0\xd7\x04\xdd<\x9a\x84\'\xa3\xf1\xd9<\xb9k\x00', 0x0)
fsconfig$FSCONFIG_CMD_CREATE(r3, 0x6, 0x0, 0x0, 0x100000000000000)
sendmsg$NFT_BATCH(0xffffffffffffffff, 0x0, 0x40000)

2m42.463253306s ago: executing program 0 (id=490):
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a00)={0x5, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="1804000000000000000000000000000018010000696c6c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b70300000000000085000000b100000095"], 0x0, 0x0, 0x0, 0x0, 0x40f00, 0xc94284a3061bb7fe, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x7}, 0x94)
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket$inet6_udp(0xa, 0x2, 0x0)
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000040)={'lo\x00', <r2=>0x0})
sendmsg$nl_route_sched(r0, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000580)={&(0x7f0000000280)=@newqdisc={0x48, 0x24, 0x4ee4e6a52ff56541, 0x70bd26, 0x0, {0x0, 0x0, 0x0, r2, {}, {0xfff1, 0xffff}}, [@qdisc_kind_options=@q_clsact={0xb}, @TCA_EGRESS_BLOCK={0x8, 0xe, 0x7}, @TCA_RATE={0x6, 0x5, {0x7f}}, @TCA_INGRESS_BLOCK={0x8, 0xd, 0x30ed}]}, 0x48}}, 0x0)
r3 = bpf$PROG_LOAD(0x5, &(0x7f00000003c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000340)='kfree\x00', r3}, 0x10)
socket$nl_route(0x10, 0x3, 0x0)
syz_mount_image$erofs(&(0x7f0000000200), &(0x7f0000000100)='./file0\x00', 0x810801, &(0x7f0000000140)=ANY=[], 0x4, 0x223, &(0x7f0000000240)="$eJzslb9rFEEUx78zu7e5RAlaaGFzFgEjmL3dPZU0grEXhETU8jBjiNnkwt0VuQNJgo2NtfiPWKSysNPK2kIFwcKUgiA4MrOzt7PebeJ6h03eB27uOz/em/dmZ9+CIIgTy+dP3z8+v7W4cgXAacxhyox/dbI13Fr/4aVTMfLN1uyTA6NvpvMMgJTZeveY/T0Ar5ccYC9xK6VtDcwZnyvgWivuguOy0ffA4KexysxagOGBGX68LQfZtKaNiAV72IpXH63HIlBNqJpINQ1pSOM/3GdYBVA1WzArvk6vv9GMgXYiYpGKikz3GZoqK3IHtps/Px3fEscN6wjU87r/7Om+6vtmPLDOLwRHaHQDDMtGL2IKvu/XTFeEVv4X3My/kzy2hL0ymVTHO4iy4uzCiCl1w482n46FynYjTXHcMH7JieYlpdxVwstdwX92qFIdOzAVR3krXhu28o7xI4w4pW7o3++VvtNqhHV6fZyx1jD7Spw/PHg77OfLf7u0kxe6cP3xlF+oa/N+Jo5vj7Q6lxu5WPDKeEe9IFl9Yi5wyapPrvVVqHc3t+udXn9hfbO5JtbEVhQ1rgdXg+BaVNe1OWlRhIuqrk8zlv9KwVqPedhpdrvtcAfotsNBP0paq+Iuv2p90zZc1z+O+Z/ZR0GnnX4oWX4PZn5c/ys17xQGTxAEQRAEQRAEQRAEQRAEUYYfNTC8mx305Wjc6I6e/h0AAP//pYth6A==")
creat(&(0x7f0000000580)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x40)
r4 = creat(&(0x7f0000000100)='./file0\x00', 0xd931d3864d39dcca)
write$binfmt_elf32(r4, &(0x7f0000000040)=ANY=[@ANYBLOB="7f454c46000000000000000000000000030006"], 0x69)
bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0x8, 0x4, &(0x7f0000000040)=ANY=[@ANYBLOB="b4020000000000006311a0000000000045000000000000009500740000000000"], &(0x7f0000003ff6)='GPL\x00', 0x4, 0xfd90, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @cgroup_skb}, 0x21)
close(r4)

2m42.353248256s ago: executing program 0 (id=492):
r0 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$DRM_IOCTL_SET_CLIENT_CAP(0xffffffffffffffff, 0x4010640d, 0x0)
ioctl$DRM_IOCTL_MODE_GETPLANERESOURCES(0xffffffffffffffff, 0xc01064b5, &(0x7f0000000040)={&(0x7f0000000100)=[0x0], 0x1})
prlimit64(0x0, 0xe, 0x0, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
openat$sequencer(0xffffffffffffff9c, 0x0, 0x0, 0x0)
r1 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r1, &(0x7f0000000840)=[{0x0}], 0x1)
recvmmsg(0xffffffffffffffff, &(0x7f0000002ec0), 0x0, 0x2, 0x0)
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000080)={'veth0\x00'})
socket$inet_sctp(0x2, 0x5, 0x84)
io_setup(0x1, &(0x7f0000000380))
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000100)=@newqdisc={0x44, 0x24, 0x400, 0x70bd2b, 0x0, {0x0, 0x0, 0x0, 0x0, {}, {0xfff2, 0xffff}}, [@qdisc_kind_options=@q_fq_pie={{0xb}, {0x14, 0x8002, [@TCA_FQ_PIE_ECN_PROB={0x8, 0x9, 0x50}, @TCA_FQ_PIE_FLOWS={0x8, 0x2, 0xf01d}]}}]}, 0x44}}, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)=ANY=[@ANYBLOB="500000001000010425bbe5ad600027842cf52300", @ANYRES32=0x0, @ANYBLOB="0000000000008000280012800a00010076786c616e00"], 0x50}}, 0x20008844)

2m42.1133558s ago: executing program 0 (id=494):
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x2})
r1 = openat$tun(0xffffffffffffff9c, &(0x7f00000001c0), 0x102, 0x0)
close(r1)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
r3 = syz_genetlink_get_family_id$tipc(&(0x7f00000000c0), r2)
sendmsg$TIPC_CMD_ENABLE_BEARER(r2, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000680)=ANY=[@ANYBLOB='8\x00\x00\x00', @ANYRES16=r3, @ANYBLOB="010000000d0000000000010000000000000001410000001c001700000000000000006574683a73797a6b616c6c657230"], 0x38}}, 0x0)
ioctl$SIOCSIFHWADDR(r1, 0x8914, &(0x7f0000002280)={'syzkaller0\x00', @multicast})
r4 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x100, 0x0)
close(r4)
r5 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r6=>0x0})
sendmsg$nl_route_sched(r5, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000400)=@newqdisc={0x58, 0x24, 0x4ee4e6a52ff56541, 0x0, 0x0, {0x0, 0x0, 0x0, r6, {0x0, 0xb}, {0xffff, 0xffff}, {0x0, 0xfff3}}, [@qdisc_kind_options=@q_sfb={{0x8}, {0x2c, 0x2, @TCA_SFB_PARMS={0x28, 0x1, {0x0, 0x9, 0x3ff, 0xa, 0x401, 0x6, 0x1, 0xe, 0x7d3}}}}]}, 0x58}}, 0x4c014)
ioctl$SIOCSIFHWADDR(r4, 0x8922, &(0x7f0000002280)={'syzkaller0\x00', @random="2b0100004ec6"})

2m39.828206584s ago: executing program 32 (id=454):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
r1 = openat$audio1(0xffffffffffffff9c, &(0x7f0000000380), 0x80001, 0x0)
ioctl$SNDCTL_DSP_SUBDIVIDE(r1, 0xc0045009, &(0x7f0000000440)=0x10)
ioctl$SNDCTL_DSP_SETFRAGMENT(r1, 0xc004500a, &(0x7f00000000c0)=0x53fffffe)
r2 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/oops_count', 0x549180, 0x8)
sendmsg$NFT_BATCH(r2, &(0x7f0000000080)={0x0, 0x0, 0x0}, 0x4048010)
r3 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101})
socket(0x400000000010, 0x3, 0x0)
r4 = socket$unix(0x1, 0x1, 0x0)
ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r5=>0x0})
sendmsg$nl_route_sched(r3, &(0x7f0000001200)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000b80)=@newqdisc={0x2c, 0x28, 0x4ee4e6a52ff56541, 0x4001, 0xfffffdfc, {0x0, 0x0, 0x0, r5, {}, {0xffff, 0xffff}, {0x2, 0x5}}, [@TCA_INGRESS_BLOCK={0x8, 0xd, 0x401}]}, 0x2c}, 0x1, 0x0, 0x0, 0x400dc}, 0x4000080)
sendmsg$IPCTNL_MSG_CT_GET(r0, 0x0, 0x404c044)

2m39.563179589s ago: executing program 0 (id=498):
sync()
sync()
sync()
sync()
sync()
sync()
sync()
getrusage(0xffffffffffffffff, &(0x7f0000000180))
sync()
sync()
sync()
sync()
sync()
getrusage(0x0, &(0x7f00000003c0))

2m24.208030743s ago: executing program 33 (id=498):
sync()
sync()
sync()
sync()
sync()
sync()
sync()
getrusage(0xffffffffffffffff, &(0x7f0000000180))
sync()
sync()
sync()
sync()
sync()
getrusage(0x0, &(0x7f00000003c0))

17.744699903s ago: executing program 4 (id=764):
syz_usb_connect$hid(0x0, 0x36, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f00000000c0)={0x8, 0x8b}, 0x0)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r0, 0x2, 0x0)
sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(0xffffffffffffffff, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
socket$inet6(0xa, 0x3, 0x7)
r1 = socket$inet(0xa, 0x801, 0x84)
bpf$BPF_BTF_LOAD(0x12, &(0x7f00000000c0)={&(0x7f0000000000)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x40, 0x40, 0x2, [@array={0x0, 0x0, 0x0, 0x3, 0x0, {0x3, 0x3}}, @int={0x0, 0x0, 0x0, 0x1, 0x5, 0x20}, @array={0x0, 0x0, 0x0, 0x3, 0x0, {0x2, 0x2}}]}}, 0x0, 0x5a}, 0x20)
preadv(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0)
syz_emit_vhci(&(0x7f0000000040)=ANY=[@ANYBLOB="040ed5000410"], 0x11)
listen(r1, 0x8)
socket$alg(0x26, 0x5, 0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(0x0, 0x4, 0x0, 0x0, 0x4)
io_uring_enter(0xffffffffffffffff, 0x3426, 0x0, 0xa, 0x0, 0x0)

15.043985817s ago: executing program 4 (id=769):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x20000008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f0000000180)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4)
r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0xb, &(0x7f0000000380)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020000000000000000000007b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x24, '\x00', 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000300)='rcu_utilization\x00', r3}, 0x10)
r4 = socket$inet_udp(0x2, 0x2, 0x0)
bind$inet(r4, &(0x7f0000000100)={0x2, 0x0, @dev={0xac, 0x14, 0x14, 0x17}}, 0x10)
setsockopt$sock_int(r4, 0x1, 0x6, &(0x7f0000000000)=0x4, 0x4)
connect$inet(r4, &(0x7f0000000280)={0x2, 0x0, @broadcast}, 0x10)
sendmmsg$inet(r4, &(0x7f0000004d00), 0x7fffffffffffd33, 0x20000890)

13.904811939s ago: executing program 4 (id=771):
socket$netlink(0x10, 0x3, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x7, 0x100}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
r3 = socket$inet_udp(0x2, 0x2, 0x0)
r4 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r4, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000840)=ANY=[@ANYBLOB="fc0000001900010000000000fcdbdf2500000000000000000000000000000000fe8000000002000000000000000000bb00000000000000000200000000000000", @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="000000000000000004000000000000000000000000000000000000000000000000000000000000000200000000000000000000000000000000000000000000000000000000000000000000000000000000000000002000000000000000000000000000000000000001000000000000004400050000000000000000000000000000000000000000022b0000000a000000fe8000000000000000000000000000aa0000000004"], 0xfc}, 0x1, 0x0, 0x0, 0x20008000}, 0x0)
bind$inet(r3, &(0x7f0000000100)={0x2, 0x0, @dev={0xac, 0x14, 0x14, 0xb}}, 0x10)
setsockopt$sock_int(r3, 0x1, 0x6, &(0x7f0000000000)=0x4, 0x4)
connect$inet(r3, &(0x7f0000000280)={0x2, 0x0, @broadcast}, 0x10)
sendmmsg$inet(r3, &(0x7f0000004d00)=[{{0x0, 0x6000, 0x0, 0x0, 0x0, 0x0, 0x30000}}], 0x300, 0xf00)

12.66138352s ago: executing program 4 (id=774):
syz_open_dev$tty1(0xc, 0x4, 0x1)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000300)={0x18, 0x5, 0x0, &(0x7f0000000480)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94)
prctl$PR_SET_PTRACER(0x59616d61, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
r3 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
bind$bt_hci(r3, &(0x7f0000000280)={0x1f, 0xffff, 0x3}, 0x6)
io_setup(0x8f0, &(0x7f0000002400)=<r4=>0x0)
io_submit(r4, 0x1, &(0x7f0000000340)=[&(0x7f0000000100)={0x2002000000, 0x4, 0x0, 0x1, 0x0, r3, &(0x7f0000000040)="0200ffff0000", 0x6, 0x0, 0x0, 0x2}])

10.149347346s ago: executing program 1 (id=777):
r0 = socket$inet6_mptcp(0xa, 0x1, 0x106)
listen(r0, 0x0)
r1 = socket$inet6_tcp(0xa, 0x1, 0x0)
listen(r1, 0x3)
r2 = socket$inet6_tcp(0xa, 0x1, 0x0)
listen(r2, 0x0)
r3 = socket$inet6_tcp(0xa, 0x1, 0x0)
listen(r3, 0x0)
r4 = socket$inet6_tcp(0xa, 0x1, 0x0)
listen(r4, 0xfff)
r5 = socket$inet6_mptcp(0xa, 0x1, 0x106)
connect$inet6(r5, &(0x7f0000000280)={0xa, 0x0, 0x0, @dev, 0x7}, 0x1c)
r6 = socket$inet6_tcp(0xa, 0x1, 0x0)
listen(r6, 0x0)
r7 = socket$inet6_mptcp(0xa, 0x1, 0x106)
listen(r7, 0xfffff3c6)
r8 = socket$netlink(0x10, 0x3, 0x8000000004)
writev(r8, &(0x7f00000000c0)=[{&(0x7f0000000200)="580000001400192340834b80040d8c560a0677bc45ff810500000000000058000b480400945f64009400050028925a01000000000000008000f0fffeffe809000000fff5dd0000001000010002081000418e00000004fcff", 0x58}], 0x1)

10.146587296s ago: executing program 4 (id=778):
ioctl$FS_IOC_FSSETXATTR(0xffffffffffffffff, 0x401c5820, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
r0 = getpid()
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0x11, 0x6, &(0x7f00000005c0)=ANY=[@ANYBLOB="050000000000000061110c00000000008510000002000000850000000500000095000000000000009500a5050000000077d8f3b423cdac8d80000000000000002be16ad10a48b243ccc42606d25dfd73a015e0ca7fc2506a0f7535f7866907dc6751dfb265a0e3ccae669e17fd6587d452d6453559c3421eed73d56615fe6c54c3b3ffe1b4ce25d7c983c044c03bf3a48dfe47ec9dd6c091c30b93bfae76d9ebacd3ed3e26e7a23129d6606fd28a69989d552af6bda9df2c3af36effff9af2551ce896165127cb3f011a7d06602e2fd52347125907000000000000003ed38ae89d24e1cebfba2f87925bfacba83109751fe6c05405d027edd68149ee99eef6a6992308a4fc0b7c70bc677d6dd4aed4af7500d7900a820b6347184e9a217b5614cd50cbe43a1ed2526814bc0000e9e086ce48e90defb6670c3df262ad0a97aec7291c25447c106a99893e10db21901eb397b2f5fd71d20fa7a050fbbef9e326ea27e513e96068fd1e8a43e89f9c85c822a961546ed5363c17ff1432d08806bc376e3e49ee52b59d13182e1f24ed200ada12f7a1001500a710eb1affb87ba55b2d72078e9f40b4ae7d01000000d11cd22c35d32940000088dde499000000fdffffff000000000000000000000000000000000000000000000c52f4ebd2c893bb97a068bd10734a83584898eccb26f7b789cfc4cd995fa3e11a5c74c85404e2df3ad37b729ac83b0dcb4f48f3c3356b9997fc455a17690b6f7f9ccbe4b1701941b18a904c0e585a66c3b84b138efc20a546d3d5227e23b03f2a834391ad24fe7d9b20cf92cb151763d41f5c76e2ff3e93ee296c4082ee73e7e197253a2b66c353312c9d75711ce1623e9c54bdff59d2a69dcb7d84c235b23a4480c2461b405cfd1a38992f295ad3adc94cd07c850d1ce6d0b2fea02c24e9280333152fb794e4ddea02017a6c139b50101caecaf2abc0842b99a96fc4275ad107274e2934a87a4ddcdb112754ca5bdec0ead14b6c0f19a43a2f04c7f0be31491eb8c9ff68236c8600000000000000000000000066e034c81c3cab4e33fc8dc55ce0ada18dcbf31c6e82893add3bee3e10fc873d1d922b0877cbcd95b839d3059d5140a1f742f6e75741e39e5cb6a193e06a1043375b0f61b5d4e17c81baa31b924d84f2243471221c15fa12313ffbfa7c2730302b66a99f66705b71e6205e7cbf3643561eabb9a63fcd604d5cc27e1317ad94cf438d71873e540be16b6ca20508011132153c528f7bca92980a3223c5b9cdddedb0a14adddf9a6e70a26b5c0ee0879c349814bee9d96d8bd23db4e801d49201ae84090455682794098afa42b34196b1d849020eeeb1ef48d003d71524683d7cdfa841bca708414fb8ff49742420d1ab7fa678aa4806d5247616e8bc0b02887f8efe9310ccf9bec1c9b7f6671c9d59ac6b09b4436cafdd1887c8e884c930d21ace088ccc99a94d4b33da2fc1b1310bb607a9ad65844655de1ac9fd36d12e07a821fb950368a970c58fb4f3f403fdaf68902874"], &(0x7f0000000080)='GPL\x00', 0x5, 0x29e, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x6}, 0x70)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000580)={&(0x7f0000000080)='sched_switch\x00', r1}, 0x10)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
sched_setscheduler(0x0, 0x2, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
r4 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000080)='/sys/power/disk', 0x169a82, 0x0)
setsockopt$MRT_FLUSH(0xffffffffffffffff, 0x0, 0xd0, 0x0, 0x0)
sendfile(r4, r4, 0x0, 0x30)

10.135502087s ago: executing program 3 (id=779):
syz_mount_image$hfsplus(&(0x7f0000000a40), &(0x7f0000000180)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x2010410, &(0x7f0000000000)=ANY=[], 0x1, 0x68b, &(0x7f0000000a80)="$eJzs3U1sHFcdAPD/rNdrbwip2zptQJVqNRIgLBI7lgvmQkCALNFDVQ6crcRprGzSYm+RWyG6fF976BWpHHxA4oTEPVK5cIFbD734WAmJSy+Y06KZndnvTXeTOLumv180+97Mm3kf/5nZt95VNAF8bm2vRvl+JLG9+sphun58tFE7Ptq4W+QjYiEiGhHliChFRPKfZrP5YcT1iKRdTdKXRsz3tvP+3tZrH316/ElrrZwv2f6lnuMeSiNfYiUi5vL0cdV345HrS9ojvB4Rl/MUpi69TZs9fvr3862SSs+O1WFHLz6ZTgKnKmnNmwOWIs7lN3r6OaA1K7bm7DOtMe0OAAAAwBPw1EmcxGFyYdr9AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgLOi0Xn+f5IvpSK/Eknx/P9Kvi3y/Gx5cbLd759WPwAAAAAAAADgYS1MfsiLJ3ESh3GhWG8m2W/+L2Ury9nrF+KtOIjd2I8rcRg7UY967Md6RCx1VVQ53KnX99fHOPLa0COvjTm26kDJ4BYAAAAAAAAA+Pz5VWx3fv8HAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIBZkETMtZJsWY5ya/NSlNLcYkRU0g2NiH8W+bPs/rQ7AAAAAI+uOmzjQlf+qZM4icO4UKw3k1iOiOeyv/8X4624F/XYi3rUYjduZt8JtP7qLx0fbdSOjzbupstgG9/990T9zGqM1ncPw1u+lO1RjVuxl225EjfijajFzShlR6Yu5f0pau3r1y/TPiXfyY3Zs5t5mo78vTwd8O5Egx3lwV+m3FnMM3N5upRFZL4dkbW8b2k0ni7OzPAzVJyd+fE61t/SepTanV3ua6lvEJ2YL47XVupcnqbj+d2omE9FTySyEXWuvuceHPOIr/71zz+5Xbt35/atg9XZGdJ4iouumb1WB6+Jja5IPP//HIkBa1kkLrbXt+OH8eNYjZV4NfZjL34WO1GP3ViJ72e5nfx6Trpu+RGRut6z9uqIDrTfvCv5Fdo6WZP16aXs2Aux135TeDn7dy3W45uxGZux1XWGLz74DGd3fWnEO23zi0NHcflreSads34/au6aijSuTxdxTaLnPXcpK+ve0onSM2NEacL5qPzl/B5M2/h1ns6G/kisd0Xi2QdH4o/ZkA5q9+7s3955c7zmnnkvz6T30W9napao5PdQ67eT3qsjvZaeHVq2npUtt8tKA2UX22WtO7URb8TN2B1yp1byz3CDNV3Lyp4fWraRlV3qKhv2eQuAmZZOh+e+fq5S/Vf1H9UPqr+p3q6+svi9hW8tvFCJ+b/Nf7u8NveV0gvJX+KD+EXnIyQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPDwDt5+585Orba735Np1JrN5rtDix418/HHf8oe8PT4ax4nUzzO7Ak2+qXzEZ+58/mpROORM0ky7s7/bTab+Zbk8XWjFKczrmZuVuI8jcx035eA03e1fvfNqwdvv/ONvbs7r+++vntva3Nza21r8+WNq7f2artrrdf+oyZ4piswszqTfn/JH6bTIQAAAAAAAAAAAOAznfb/IkimPUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADgzNtejfL9SGJ97cpaun58tFFLlyLf2bMcEaWISH4ekXwYcT1aSyx1VZeMauf9va3XPvr0+JNOXeVi/9KQ434w2Sga+RIrETGXp4UfjVVFeWR9N/pLJ5a0R5gG7HIROJi2/wUAAP//UBcJ2Q==")
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r0}, 0x10)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x7, 0x100}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
r4 = openat(0xffffffffffffff9c, &(0x7f0000000280)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x101042, 0xb0)
r5 = openat(0xffffffffffffff9c, &(0x7f00000001c0)='.\x00', 0x0, 0x938b962ab0b0156c)
unlinkat(r5, &(0x7f0000000480)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x0)
write$cgroup_type(r4, &(0x7f0000000440), 0x9)

7.471541018s ago: executing program 5 (id=782):
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000400)=@base={0xe, 0x4, 0x4, 0x3}, 0x48)
r1 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000001d40)={0x2, 0x4, 0x8, 0x1, 0x80, r0, 0x0, '\x00', 0x0, 0x0}, 0x50)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00'}, 0x18)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x100}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r2 = getpid()
sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f000057eff8)=@abs={0x0, 0x0, 0xfffffffe}, 0x6e)
sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
rt_tgsigqueueinfo(0x0, 0x0, 0x24, &(0x7f0000000000)={0x17, 0xb, 0x85})
bpf$PROG_LOAD(0x5, &(0x7f0000000840)={0xa, 0x1c, &(0x7f0000000d80)=@ringbuf={{0x18, 0x8, 0x0, 0x0, 0x20, 0x0, 0x0, 0x0, 0x6}, {{0x18, 0x1, 0x1, 0x0, r0}, {}, {}, {0x85, 0x0, 0x0, 0x5}}, {{0x5, 0x0, 0x3}, {0x95, 0x0, 0x0, 0x700}}, [@snprintf={{0x7, 0x0, 0xb, 0x2}, {0x3, 0x3, 0x3, 0xa, 0x9, 0xfe00}, {0x6, 0x0, 0x6, 0x9, 0x0, 0x0, 0x3}, {0x3, 0x3, 0x6, 0xa, 0xa, 0xfff0, 0x50}, {0x7, 0x1, 0xb, 0x6, 0x8}, {0x7, 0x0, 0x0, 0x8}, {}, {}, {0x7, 0x0, 0x6, 0x0}, {0x18, 0x9, 0x2, 0x0, r1}, {}, {0x46, 0x8, 0xfff0, 0x76}}], {{0x6, 0x1, 0x5, 0x2}, {0x6, 0x0, 0x5, 0x8, 0x0, 0x0, 0x1}, {0x85, 0x0, 0x0, 0x7}}}, &(0x7f0000000980)='GPL\x00', 0x3, 0x0, 0x0, 0x0, 0xd, '\x00', 0x0, @fallback=0xd, 0x0, 0xf00, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
capset(0x0, 0x0)
timerfd_settime(0xffffffffffffffff, 0x1, 0x0, 0x0)

7.394437526s ago: executing program 3 (id=783):
syz_mount_image$minix(&(0x7f0000000180), &(0x7f00000001c0)='./file0\x00', 0x0, &(0x7f0000000700)=ANY=[@ANYRES16, @ANYBLOB="d81058c357d34b1e1b334deb6597aa756f36b6c8d8bed0ad6709442e674aecd3303d61370cba4bbf296b2a55aad551c35f8de560402a9aacd150974d703b97208852b0c2eca74757d331895cad7f2f93e063ac5502265b1e91479406e7e6382f9b2038995985fa956a2454a469428f6ee839584438795250f5df8e9f85a6185174366a2a14e1156340580a35b0e726531ce8156ffe7aa8c28e5c233ce263ce7a4644efb8bdffd47c6875f319775b3bc36edf54058cc29cbdf0f2cc6689fcf3030cdbfd", @ANYRES64, @ANYRES8, @ANYRESOCT, @ANYRES32, @ANYRESHEX, @ANYRESDEC], 0x1, 0x171, &(0x7f0000000580)="$eJzs281O4mAUxvGnwBSG+WKGmVkYFyYudCPlI5K400shUAmxqBE3EBd6BV6DV+XWC9CFO1diaFq/KG2ikRfh/9vwlicnHBannJBUABbWtlZkyZI9uljOFc6LlumWAEzJMHi9HwJYPOk70x0AMONmR7qSdH170lTaHtsPRvlpmKey4/mZtJQJciunr6/3iwtpLay38pH1+cf8W2S+vhp+/nf90E/9UkG/9UfFIG8F9Tn9f8cmBADA4rBUen55GZGX4upT2u14bnli/sXPKxNz28+rCXltYp7181LzwGvFtQkgQkqx4504/+mE+c8kzD8Ac3r9wV7D89wjDhzm/GDPRhszdci8uAOE/96N3jF8YwLw4Zzj7qHT6w82Ot1G2227+9Vyeau+WavUq46/2Tvx+z2Az+vp1990JwAAAAAAAAAAAAAA4K3+6p/pFgAAAABMyTSeNDL9HQEAAAAAAAAAAAAAAAAAmDcPAQAA//9W9x5W")
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x100088}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbee2, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e21}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
accept$alg(0xffffffffffffffff, 0x0, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
r3 = syz_open_procfs(0x0, &(0x7f00000001c0)='pagemap\x00')
pread64(r3, &(0x7f000001a240)=""/102400, 0x19000, 0x1000000000)
r4 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$nl_route(r4, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000540)={&(0x7f0000008c80)=ANY=[@ANYBLOB="2c00000026000506"], 0x2c}}, 0x0)
recvmmsg(r4, &(0x7f0000007700), 0x318, 0xfc0, 0x0)

7.361053789s ago: executing program 1 (id=784):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x6, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x2)
sched_setaffinity(0x0, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8)
r1 = socket$inet_mptcp(0x2, 0x1, 0x106)
connect$inet(r1, &(0x7f0000000000)={0x2, 0x4e22, @local}, 0x10)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
r3 = syz_genetlink_get_family_id$mptcp(0x0, 0xffffffffffffffff)
sendmsg$MPTCP_PM_CMD_ADD_ADDR(r2, &(0x7f0000000400)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000300)={0x14, r3, 0x1}, 0x14}}, 0x10)
sendmsg$MPTCP_PM_CMD_DEL_ADDR(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x48050}, 0x0)
r4 = socket$inet6_tcp(0xa, 0x1, 0x0)
r5 = socket(0x2, 0x80805, 0x0)
ioctl$sock_inet_SIOCSARP(r5, 0x80108906, 0x0)
setsockopt$inet6_tcp_TLS_TX(r4, 0x11a, 0x2, &(0x7f0000000300)=@gcm_128={{0x303}, "fc674d000000f8f7", "c5991ee20139b401046a89606ffcf92e", "2c5be7c6", "a0ca05c0707e52f4"}, 0x28)
timer_create(0x3, 0x0, &(0x7f0000bbdffc))

6.263338427s ago: executing program 5 (id=785):
r0 = openat$adsp1(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0)
r1 = syz_open_dev$dri(&(0x7f0000000180), 0x1, 0x0)
r2 = syz_open_dev$dri(&(0x7f0000000180), 0x1, 0x0)
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r2, 0xc02064b2, &(0x7f0000000100)={0x6, 0x1f, 0x6})
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r1, 0xc02064b2, &(0x7f00000000c0)={0x80db, 0xabf4, 0x1})
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r2, 0xc02064b2, &(0x7f0000000000)={0x7fff, 0x8, 0x100})
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r1, 0xc02064b2, &(0x7f0000000240)={0x2, 0x5, 0x40003})
r3 = syz_open_dev$dri(&(0x7f0000000180), 0x1, 0x0)
r4 = syz_open_dev$dri(&(0x7f0000000180), 0x1, 0x20400)
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r4, 0xc02064b2, &(0x7f0000000340)={0x9c, 0x8163, 0x7})
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r1, 0xc02064b2, &(0x7f0000000200)={0x200, 0x1fb, 0xc38})
r5 = syz_open_dev$dri(&(0x7f0000000180), 0x1, 0x0)
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r5, 0xc02064b2, &(0x7f0000000340)={0x8, 0x8169, 0x6})
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r3, 0xc02064b2, &(0x7f0000000280)={0x40, 0x403, 0xc})
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r2, 0xc02064b2, &(0x7f00000001c0)={0x7, 0x1, 0x7})
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r1, 0xc02064b2, &(0x7f0000000040)={0x40045, 0x6, 0x4})
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r1, 0xc02064b2, &(0x7f0000000380)={0xff, 0x3, 0xd83f})
close_range(r0, 0xffffffffffffffff, 0x0)

6.255740028s ago: executing program 3 (id=786):
setpriority(0x3, 0x0, 0x100)
r0 = socket(0x26, 0x3, 0x3)
bind$inet(r0, &(0x7f0000000080)={0x2, 0xfffa, @local}, 0x10)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000002200)=0x1)
r1 = syz_open_dev$MSR(0x0, 0x0, 0x0)
read$msr(r1, &(0x7f000001b700)=""/102392, 0x18ff8)
r2 = fsopen(&(0x7f00000001c0)='ramfs\x00', 0x0)
fsconfig$FSCONFIG_CMD_CREATE(r2, 0x6, 0x0, 0x0, 0x0)
r3 = fsmount(r2, 0x0, 0x0)
fchdir(r3)
r4 = open(&(0x7f0000000040)='./bus\x00', 0x143142, 0x80)
r5 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./bus\x00', 0x1c1840, 0x0)
r6 = openat(0xffffffffffffff9c, &(0x7f0000000e80)='./bus\x00', 0x1c1002, 0x0)
write(r6, &(0x7f0000004200)='t', 0x1)
sendfile(r6, r5, 0x0, 0x40001)
ftruncate(r4, 0x2007ffb)
sendfile(r4, r4, 0x0, 0x1000000201005)

6.087598843s ago: executing program 1 (id=787):
socket$inet6_udp(0xa, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0xa, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f0000000180)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r3 = syz_init_net_socket$netrom(0x6, 0x5, 0x0)
socketpair$unix(0x1, 0x1, 0x0, 0x0)
ioctl$sock_netrom_SIOCADDRT(r3, 0x890b, 0x0)
r4 = syz_init_net_socket$netrom(0x6, 0x5, 0x0)
ioctl$sock_netrom_SIOCDELRT(r4, 0x890c, &(0x7f0000000680)={0x1, @null, @bpq0, 0x89, 'syz1\x00', @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, 0x2, 0x8, [@null, @default, @null, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @default, @bcast, @bcast]})
r5 = socket$inet6(0xa, 0x6, 0x0)
setsockopt$inet6_buf(r5, 0x29, 0x39, &(0x7f0000e86000)="0022040000ffffebfffffffeffffff0700000000ff000207835eeb1317b208feefaf234b4ff8b4cc4c39bdc8451792b903f4b7d8c8cf2153622652328c19ef68234f905557c4070000008735e9ab2f77c62e0a5cdd2cf9984c070400000000000003ff23353d8b2fc6a3ae1ebfcb49004a3ccd3560ae01010000079c60ed7449b842f3e253be8a62b37f820fe75a9ea937ea4efbfb9b4a128f2dbe2837496d00ad7765abaac2ec0f91c88a1ea1ff6ee308c72febedcf00798d41991ac25bb6fce2220c25ea380c7e112ab358c3a6bd8a59c100000001b4e82cb03419544a3988bc226a85abe6eb60cd7cf8d103d38c31c7c86d16c4d86cbe4ab190c092d077ce70590fbbd4f8bf4d6ab1cea6dbe9d4a54c17aac0db6e3845", 0x118)
connect$inet6(r5, &(0x7f00000000c0)={0xa, 0x0, 0x0, @loopback={0xfec0ffff00000000}}, 0x1c)

5.664202595s ago: executing program 5 (id=788):
syz_open_dev$tty1(0xc, 0x4, 0x1)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000300)={0x18, 0x5, 0x0, &(0x7f0000000480)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94)
prctl$PR_SET_PTRACER(0x59616d61, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
r3 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
bind$bt_hci(r3, &(0x7f0000000280)={0x1f, 0xffff, 0x3}, 0x6)
io_setup(0x8f0, &(0x7f0000002400)=<r4=>0x0)
io_submit(r4, 0x1, &(0x7f0000000340)=[&(0x7f0000000100)={0x2002000000, 0x4, 0x0, 0x1, 0x0, r3, &(0x7f0000000040)="0200ffff0000", 0x6, 0x0, 0x0, 0x2}])

5.663923205s ago: executing program 4 (id=789):
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0)
sched_setscheduler(0x0, 0x1, 0x0)
writev(0xffffffffffffffff, &(0x7f0000000840)=[{0x0}], 0x1)
sendto$inet6(0xffffffffffffffff, 0x0, 0x0, 0x20000008, &(0x7f00000001c0)={0xa, 0x4e20, 0x8, @loopback}, 0x1c)
socket$igmp6(0xa, 0x3, 0x2)
prlimit64(0x0, 0xe, 0x0, 0x0)
r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8)
read$FUSE(0xffffffffffffffff, 0x0, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000200)=ANY=[@ANYBLOB="1c00000020000103000000006389355e020000040000000000000000"], 0x1c}, 0x1, 0x0, 0x0, 0x240480d4}, 0x0)
r2 = socket(0x11, 0xa, 0x5)
ioctl$sock_inet_SIOCSIFDSTADDR(0xffffffffffffffff, 0x8918, &(0x7f0000000040)={'ipvlan0\x00', {0x2, 0x4e20, @loopback}})
mprotect(&(0x7f0000000000/0xf000)=nil, 0xf000, 0x1)
sendto$inet(r2, &(0x7f0000000300)="da9019d02404e49cf90a0a4363d1", 0xe, 0x8800, &(0x7f0000000040)={0x2, 0x4e20, @remote}, 0x10)
keyctl$read(0xb, 0x0, &(0x7f0000001300)=""/4096, 0xffffffffffffffd2)

4.926616548s ago: executing program 1 (id=790):
socket$nl_netfilter(0x10, 0x3, 0xc)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x20008008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000002100)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f0000000180)=@abs, 0x6e)
arch_prctl$ARCH_SHSTK_DISABLE(0x5002, 0x2)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4)
r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0xb, &(0x7f0000000380)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020000000000000000000007b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000300)='rcu_utilization\x00', r3}, 0x10)
r4 = socket$inet(0x2, 0x2, 0x0)
r5 = memfd_create(&(0x7f0000000b40)='\x9d#\x00\xe6Z\x00\xafq%\xa5\x83\xa6\xb5\x00\x83y\xf3\xb2\xe6b \x00\x00\x00\x00\x00\x00\x01\x00\x00\xf7\xffg\xf5\x12oP\xfe\xe6\xd2SLR\xa1\x00\x00\x17\x1f$^\xe1\x00\x00\x00\x00\x00\x00\a\xff;\xeb\xf1\xd0\xce\xe5\x19\x12\b\x01\xd9\xae>/\x05\x00\x00\x00\x15\x00\x00\x00\xa1\xa2\xe0g\x98\xbf*\xdcc\x12.\xb7\xbe`\'\xcb\xb6\xaf\xdc\xa0D\x93.\xf25\x957\xec\xfb\xe6|\\\xe4h\xfc\x14\x05\x00\xfd\xc7\x00\x00\x00\x00\x91\x98\x15\xec\xdb\xaa\t9\x11\xb4h$&0\xdd\x19\x86\x90\xbe\xd7\xdc\n\xcbC\x15\xfcp\x11\xdai\f{a?\xd0\xe1{\x84\xb5\x82q\x19\xacS\x88|\x99\xfd\x9eS\x80\xcb\x14G\xfa\xff\xff\xff\xff\xff\xff\xff\xcd\xf0%\x97!\xba\xe3J\xc2t\x96\xf8\xb1\xd2\x168\xbf`$\xbf\xca\xea\xa3\x83\x8e-k\x12\xdf\xb9q\xb6Pr\xd4\xb5X\\\xdbD\n\x03G\x00\x04\x00\x00\xbc\xac\x18\xba\xce\xb3%QF\x03\b\x9dh\xcb)\xf4f\x12[\xf9\r\t\xef{h\xb0\xc0:\x8f|\x8f\x06\xf8T\x826`M\x11\x1c\xb0*8\v\x1e\xcf\x03\xd3\xe8,?P\xac\x86\x13b\xa8D\x0f\x93\xab\x1c\x11\x00\xc5\x8d\x82\x9c\xd6B[\xc9\x00\xf5]\x81\xf3\xfd\x06M\xbe\xf9\xba\x9em\xe9\"\x03\x933P\x9b\xcc\x9b\f\xa7\x8f9\x988\tgC\xbc\xe0\xc5\xf4\xe0E%\xd9\xd8w\x00k\x042Y\xd9\xc5\xe59\xa95\xd1m\xd8hCuZYi\x10D\xb9\xe6\xff\x04K%yH\xe5\xf4\x8b\x03Ca8\x1e\xe9\\#\xf8O\fw\xd9\xf5cF\xcc\x1a2ex\xb4\x0fi$\x97\x81.\x02\x04m\xfbT2\xd4\"\x1e\xf0\x16\x0f\x97\xe6j}J\xca\xb8)f\xd5\xfd>\x9bU\xb0\x03Zt0\xc0b\xad\xef@o\xc1\xd6\x17T\f\xc30\xe2\x89\xf6L\x1b1\x9c\t\xa7\x80\x1b:\xbb\x04\xd7\xd1\x06\xa0\xe9\xbah\xb6\xb2\xea/{Q\xca\x14\x13\x9ajWt\xc9\xecd\r\xd5)\x1d\xaf\n\xc0\xc1\x1d}DY\x95&\xe7\xf4U\xff\xcd&\a\x9f\x1bg\xe5|~\xc1\xc5n\x12%ur\xa1\x9e`\xc2\x01\b,\x18\xaf\xccD\xdeag\xc6\xf3\xd6\x94\x9d\xae\x8bl\xee\x7fu\xe5bu\x84\x04\xb3@\xa1\xf7\xc6\x13\xf9I\xfa\x12\xfc\x96\",aT\xfd\"\x01\x92\xb1\xbf\x8a\x15\x88\xfd\x8f\x88\x87\x82\x9c:L\xd2\xb8\xfa5\x066\x82\xf3_LUr\xfa\xd2\x99d \x97c9G\x99\xe3\xcc$\x96cu\x97\xe7\xc7a\tm\xe8F\xc7j\xf8\x98\x81\xe7\xf7\xab3F\xf4u\xdaav\xd21\v\x99HG\xdfx\x1cPl\t#\xc1\x8e\xddW\x00'/668, 0x6)
fcntl$addseals(r5, 0x409, 0xc)
setsockopt$IPT_SO_SET_REPLACE(r4, 0x4000000000000, 0x40, &(0x7f0000000000)=@raw={'raw\x00', 0x8, 0x3, 0x208, 0xb8, 0x8, 0xfa04, 0xb8, 0x6c02, 0x170, 0x194, 0x194, 0x170, 0x194, 0x3, 0x0, {[{{@ip={@multicast2, @broadcast, 0x0, 0x0, 'veth0_to_hsr\x00', 'veth0_virt_wifi\x00', {}, {}, 0x6}, 0x0, 0x90, 0xb8, 0x0, {0x0, 0x74020000}, [@common=@socket0={{0x20}}]}, @common=@inet=@TCPMSS={0x28, 'TCPMSS\x00', 0x0, {0xffff}}}, {{@ip={@multicast2, @dev, 0x0, 0x0, '\x00', 'tunl0\x00'}, 0x0, 0x70, 0xb8}, @unspec=@CT0={0x48, 'CT\x00', 0x0, {0x0, 0x0, 0x0, 0x0, 'snmp\x00'}}}], {{'\x00', 0x0, 0x70, 0x98}, {0x28}}}}, 0x268)

4.035530695s ago: executing program 3 (id=791):
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0xa, 0x88}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
r3 = socket$l2tp(0x2, 0x2, 0x73)
bind$inet(r3, &(0x7f0000000000)={0x2, 0x8000, @empty}, 0x10)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
sendto$netrom(0xffffffffffffffff, 0x0, 0x0, 0x240480c2, 0x0, 0x0)
r5 = syz_genetlink_get_family_id$l2tp(&(0x7f0000000440), 0xffffffffffffffff)
sendmsg$L2TP_CMD_TUNNEL_CREATE(r4, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000080)=ANY=[@ANYBLOB='<\x00\x00\x00', @ANYRES16=r5, @ANYBLOB="2309fefffffffcffffff0100000005000700000000000800090000000000060002000100000008000a000400010008001700", @ANYRES32], 0x3c}}, 0x0)

3.938607474s ago: executing program 1 (id=792):
getsockopt$EBT_SO_GET_INIT_ENTRIES(0xffffffffffffffff, 0x0, 0x83, &(0x7f0000000280)={'filter\x00', 0x0, 0x3, 0x0, [0x1, 0x800, 0x702c, 0x3, 0x30873ae, 0x3], 0x0, 0x0, 0x0}, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0)
socket$inet_udplite(0x2, 0x2, 0x88)
sched_setscheduler(0x0, 0x1, &(0x7f0000000000)=0x7)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0)
r0 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r0, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
open(&(0x7f0000000140)='./file0\x00', 0x2a4c0, 0x0)
r1 = openat$fuse(0xffffffffffffff9c, &(0x7f0000002080), 0x42, 0x0)
mount$fuse(0x0, &(0x7f00000020c0)='./file0\x00', &(0x7f0000000000), 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r1, @ANYBLOB=',rootmode=00000000000000000100000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0])
read$FUSE(r1, &(0x7f0000006380)={0x2020, 0x0, <r2=>0x0}, 0x2020)
write$FUSE_INIT(r1, &(0x7f0000000340)={0x50, 0x0, r2, {0x7, 0x1f, 0x0, 0x34808521, 0x401, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0xa4001f7e}}, 0x50)
syz_fuse_handle_req(r1, &(0x7f00000041c0)="412e450a2a7b9586d1e6e9de257afc4fd60c8de430c0d6348b2cf1db8d070a539de9c1e91a178f9240dbcfe303566018f6c20c55d643a2ed46aaacf49ca491ee2f06184bdb548778a2c56e56f6b40b994419428bbbb9dfa5f9593511ca8ae1c088fb0ee5da72f505000000000000002c04754204f194ae6ceff4570d44496eeffe619998eafc7167d22e1c6aa73e89ad19224e35130a37cf68d5c41ccafe59b4b753a26e06c4306d31d78de6cede97c06e3ca2cc4af66b7548268efa91621ffca2655d2c8f1a9bb019b88fa729cb3d32f72c098c44898d42c42f39feb4faead93980726c236129acdf31c01f1cabb5ca3ec4e45eb5e6e59912792b4976e3f2b560c861d49b539d8e1870040a8cf190a8a767ec067a8048aac53336b44669d3d425843ae80681a7c02a5d5a3d90f355fd4a6ac277e75230d558f0df20cb323cc65e9b5a258cdd669c8a9534e4aff09a8fe89b124748c9e756c28789c2152a5142bc0bb205e339d43bb980b3f04a3c1a424a2a093966b20600a5410e0528fb35937c998eea19f01eaf2f39e16d85563a6737ddab3213ca1832f0afdf891e34a582f6a4ac81fda70ebc3fedac2fb3a492fdb40b91021e5d371d990064cd1f7c2c1a6472dec7505f9a4940057a3e57fd53aa3cd2eb914e073a19b6e925f8553e6875c093c7d19de25861fd9640f0eca4cda0467f12126daa2e0c6df7d4e4babe5a6e59e8391be7700790315b6b8a8aa74cd6d3f054aceaeda79430676b67fe25c9029e0894b413377fc4d8300d9f9338fadd07e4c80cac08113df8971a868458c47c06fff0c1c4bfd48ea583e9e76ef103d42c233b6de10b30612cdbeb6b60a6a4dbbe2da63cc2dd4fb93cac65af3c1279274f4af0e2c5b96e6068aa5b41f7548fb72b0c142351f64446db7425115b89132b5589ee642ebbde655adb2d7d1117456a6e4f2886879b42baf85e05d53e2aceea9c3830673bdc4d081675fe76b994651af9c3f16b7513834fce4654f84558a8308fa677d05bffcc893d9813bf87c5ec520cd66ad58dc06f0c47d253cd36dfec82980fc8dbdcd4b1c037c2b30bef455984f3e8ed19d69e185fe4fbdda2c2517ec9abfbb4841252e650b6bf56fdeca9a4ee3c311de3c6859ec14cc00e95323c57c02fa894d83ea17944f3112fc19a7e11335d7951ec6dd5b4f06fb9b637313a230341ea5da6a7a959e707d0cd5fca60a6649c8df8d6c17e9a49d230e5775df14e4b43aa3420bd0b8814ec7360ab1910e69fab8932f7646d7998bdc2e8ec354c52da21ed83fb7582cb9d37bb95f144974f72c7b0ae7b42945768fa8ec0dd6daba72d05809670506ef1054282201b00906c8af64e3e13a10f180688c96549b2d3d6b04403fd571e7b132891dd4b7cf37aec25ca1e9190c17aaefbc31e059915c12c232fb7097e9fa6f35fbb265c7102db62e2264590c583ea90f1aee3f166af81430d9084eb0c760ebbb16049c9fd1fee6ce33c8ac205e3ac9c275531feadfa4054e0c027c26beb009f54aa72b864d39bb11753f77931bb960276db33021c65671e57b3708bbf979be222e8439d71f58ca87cec7a054517af398a42735b580717377a54f139e2c46813cbb03d98e49c26f4ed54d75e48573cd06145f913f4e313eeee837496dfff75aa722fd8486c45f9c959da12ae48ba4a10712120a203e2476c7b96031d8f8773f68344e6fa21831287655aabbd594e9f272eb1a7315d2d79b8bcd5e63004cd106f80b1e40a5d9e428a01bc58264f4d63c2ee9db6efa70607a642aeb883bf4b9fe009d7f09c16b05a2c9b73573e9019e161ebbdc1fc9b9cd0c5fe1b57adcba2d0f3a767ad59aafa159b3dd181f0601ff95e8af8b5410e56c81ffb8ab35b1e04af35dabf69f08572e69260b72bfd502c5a0de627fd3fee44bf1d4a261bd356056c5739398e3ff161beec1240a089625daffbc61dc5e660c274565477a0ff1797fefff04a98704802ab0674ab72d400686229608cbfd2ca20f4e62495e8b09de9d180c47375bbad72f4474b67d56104b4b466192be60f7aa668fd0a4338b856f114311842ee806d6488ab09098ed9de0e21bcc8b42a5d5713d15eca108fcc7a65d6b414a112524a6e1418644508dd957147a92d4399d13faaf01cacef40549cd11900f9aa32a8333f55796ef25d33c554a308da9797cd0ac25888311b0ac88eff0be7a36ddedcfc2b095abb4d5a6a4edbbad67b70cdf60c7ed0c5e040ced90edb3322ef684332358942ede9191b431c99b3abf8f9c50206479f0ac118c0a99df61fb9c90d846f41caa6a2448fb7e15640965e051c2af4ee72a5cc7c962bacff7019615c10e6c3054e2e5792df3aa6e2c33425552148466a88568cc79b6edebf0107b7d3d24423a665d20c3a1c0f1a6b34eb475bf875912115914cfabcf394f8a096d64e5dc95705074fe5e985497dcf052b9f748b9d4688859c0200fa43719e4722ed6c064c0efa7e07beb2a26fd724b63537fa0eb506365d5c029cd8dce7dd0a1cb9d9058c061739734af6be9e880fe7e28a211a4c368a7babd1107110ecbb384b274cc092b9511c4abde2ddd863162e2739984a9f3c0a76e3c530a27d5e385f4a3b87607b2a944e09d28239661d27719e22c0a657ea383c30859ca29cdb8fbc79bc83e995dcb361743a7e195650c37e570b768a0a1f0b118fa5be9b3c838326343ec5b376d5ee040ee29dfd868cccf9cfa4591151f519cd6e2ae1453a58aa92f90ee5be11ceb8511ab743f399be0a190eeddfd112336866831c3255ef6520d88b2581ea3767f3df01a38d9b4656f2a89c5df41443291a795da45c8a846015cd041bea0dfbe648348b10ae73ce43d9017182792cd9172eee642c549a530cc1f537f9aa70ca63792ba4a86a713ae09b917136e5bf1506ad7f367d8d2f77f47a2318facd109bba9b1327b5db9e4aeffbdcf414db761eeacc227a15cd72aa52c8ede33bdbab9de9aa1e8f470a388013d07f08777e2131bbd4856ab5c1c38d03ef407197ccf24e8b2a8db69e78f9d6623033c453541bb79f9e0be9a55588e2e54fce65fb785467064a146c4bf218068b5e3efdafaf93a98253becaef226cd79468ff1bbe0c9d43877f5cbb5844fd8957f15d3ef208aac11816585cdccf039c36b429d3d7fb634054fd0f09c8abea3746a6b7379142abde26d998ac7e39b94746c60c09f86ddbd7497849d1ef839730672449f35a3c3253666e9fc053ac1c518e44e0b84555be507f7c00fa9e4864b4bf40ac3d93f12001eb780a779e655d0633803268c094ae161a0efd652003d6ac47f9a6c28d866b56233f371627b01e0fe9361dca611a28841968d4e12cb73d49ce08fe25de4a90b2d34607202b20e71f5e1eed38e17d0a2748f548cf61735f4c9cead1cb93b11929d906d65fc60f88e6919b7b5a1014e6d408bce9c8cc832eecf9147708fe451891717d2ed99dee70773feaa97985102abd3dd05c904c28898afe060621db6564887bc4afe158fbe1d819136a1ac1dc9d8674798a93daf5255460b50c34496205834c668db4c764e76ebb6cdaf5fc44b881cc2ae87b4a7cc045143f96b1620abfd0f116e673b335beefdafa1e58d9194e010cb78956044646da5ba853ce981667f2b8e5001c2df437c9d597ccd2be7d2887f5cb7aad0539abb3f9db1c8f5cd4d7d831946ba1c1aa8737c114fec1ac9a82519f57cb48c49b7f62e9eaa89f448df33fb307cd0036c70b490ac340f7d04e14f32bfeebb08a9d5bc7bbef8f231ea09311d4c82cc55c90eb53c6c003cc98a34dd3c4ec2d8b3a655a78e16e908f368733d0a02b36fe963e2d80b5e6f7b2e3aae3013c900c76e4d56e8348bef221f8a642e692c23b12520fb68c793e789eeeceb4efb2097a4d5952d144094cd7be6edc933d257f6230e962d70ba42e1b07ad9eca0ccd60d3d9a6e06b73ccf96a8aa490ed3bd58bf4d79db65355ae145b54be004e464f4dd23fb8b1bf15e13838116083da67186513652608e37c8f847b2bcafb57bcefc7efc8c8182c7d708cce5d14695b4e618e77f8e7be81f27a05e415fd37ac21507a665b2558daee5c0b0859fedfede8c03f181ef5e0ec0da6caa3edf402dd73bcb4026c489a7cca8ab700d3e9f050006c36768a16e8a48e48ed5750b8cdb7ad1fd12d4cc8333d324d6c83905303fa7013fc02553b587544affe38f1a95e0c4c39740d63b6d387fc89b30bd5fd745cb64844b13897ccf5cca135f7d39e03ce8adcda919d86b25b52764b0a0c4f07f88df68868415de13863df84a7e8d355b09cf90e482eb4174fd01f1b371a4dc52f3c89fc3a70c71657aa5d7573ef9acf4d2b0b321c41ff2640515bb43637ba2288ca0bff2e2a3a998ad8294c52f9edfe0a4ee0a3f8ed5b4b5c43319bb9c58dd07ea3237d7bb62cb086e7ea4a81cba2cdeb28794a09c275a704963110b64720bd089e3737ee1a91e348b5e97b63e1724de1fa9f49961d653bbb47b6fa993b035cf59659bcd0306180645162568abf51127845cbe6e37cc3c19b9d69657db4258fa5e8428a73eff6506bff474c2e302ad5559ac8de44c6f0baba5e2e579e7d7f9d9ebf540674432ac11d92bfc9abdc24126888b533f43bd6f293b0bc315915743114a35308a0ee2e710522137918a2b09ddbbc7a2313a2a6b85a1ad26f14dd70072651c8300ddf6de29704b716ce1bc431c66ccc96731f46359a9f6850976c96dcb5e0ee47446f50b6b3ba90d45224066e123ad3854d877c0cdd9325000ac0d6813c30cd43d3e150335601724ca3666458dc4c04f6562296982353e155d5255c9008c0b46d21a678c8fcb3aa8d6574476e0458eb0a76a6cb50f929ed218cc4654cb4f95fb3afbc2548b74acc312563375a19e55d488599488dfed4dd31b39f29ad61dad343dfca3b45b316a34e7a7bebd2b0f562a9e69848d13fc80a4fa52d0f17bd15d9e1fd39a7dcc86128d14493805d105a745673bddea68ca74ac09d95cc7412d5be2cbd0a247a81dc9e148111e22cdf3375805469226ca3538f960a6ba6aa0eeeb87c784ffb1bfc09180a61be3c7c535fc6d593c3b3f4de21b8c3eccc9021e80fb07dce0aeb3b023bd55f24356f646791ba80e5ca21ac092a069ae0a22cfefc08c23cc7aa69b570bd17cce9de15871d363f167288f99f04761caa67f12c949466493f661d39ee4280c955446ff5a9bb14f2d1ae21cdb91a5868e0c52097cf380f571935b140562922763f1b79c3709b949c57a00b08828ce9e685f6b234b5fe3c62d9feb249ce75e81f5efd556c14d5da24dc0554723fdbe52659969a39f470e82c50c4777c908628436e31177af1125d5f70ff627462247e5bc20c47ef75f369174586d43d42f7eefdd47fefa745badebca2a881ccc018ea411cc8a7a0881422bee8704bb98e6bea9fbec63441fb45d7ccfd436909b57a2b60b788e15bda3ca7663b19bd84d0879deb639f10def9a99d42a4b9a4fd7fecbf6d2e7598678307ba9a5b6f143c27cf1ca41e3c904007bb762cd5df6e63c4cf422c2ba959e53bd8e5664cf5df6a91a4bc8cebc52b22f30060fcbc5ead53d38eabd160c1da4cab8aa95c3640ffd78074aa2cbb05cb8ea90a0c95a4a1b2be1ee94f238000f1faffa069d87039f13f5f84ff368aec5a0b10020232b9fc954a6c22573ef48459e574d48a4845837e1d6ef386738ccedd093d4d5bf3a3f790c875ba7449d03397642feb71100f2c25ab2cadf0b0802544a2095a51b19cdece623b17d420b173a99c081f8e229b6de3c680d6bb39bb98b479517d77cca581b81cf856753a44ebd64cff111fb8ca37ea45d217a3fca44a083e6c35b0fed9f8f7631178d15e88f86c85f1ce68c900afdd1f7e5b8bd4ef3f58c447b77d3befc49180df7a5eb2ae8ae33b4ef573f3a425da8a60cde84d8eeae6d6399b9fbbfa0fa8d448b25c7f79b7554d0b02b0decbc74ae8560f630af596313fb33d442a410061ace0aa7a440d5e31ca8bb2cc495c4f0b672edb011b0c5f16781836df7f4af8329143d5a1a99d7b18ef9f774c4199d635848cedebac82637a03a189c65be667503737c75b6639ac65ad424ca475285437e6f19830b36549f607ffc387c8b11a34a838159376a6335afaa045bd2bb04e279dd72436331d07dfbd72e2436b27f0df23a266fd15cf56d1a9e93aaac8901cfe49a3219ae36c5c65c75e5c708fb82cac4d6a50726509ec3a7d32d54cf584ae353a5bff75a6de77a0b240cf8a0a72817c9d37699ca89c96e0e0d96a7665ac3a7d1febca1a1d79e2cbde8025c271360e2f90048b2d9fd56f45c013e001dad4b7785be69dc01f8a954ef7a84455986fc5c9d5167d91808efdb4476ed79f99563d887cfd4e99809d9e388501dea228cbb3cf3770082dc566455251fd9c2c742963c33500618c6ec99e0bef007408a0462a081237be4c6e5db0258d4be5fc9cf63fd1ace1f4166c053b0fb84fe24917da1255cf40bbb1b45644f6a7699cf802a35a932c374b1d62013e6afca3787627469994c02f622ab877ed5491fc2a89eea60e4e1628da89e3ad600ff6442e4ebf20e47304176b6a1703c094b3cf6d7fbbddd8d8fa5a00f28b4d8f43d88487e9d4531071512f2027198714a8d1cef126775547fc74f2a35840510f325e50361be76557767560055e084f2ecaefa0dd8ca8215301a7a887d2eaddaeb1f5c3dfdbd2cc1ba5f02d4426b98c0f861c5f724405758f442560ea6cd1d953456cc4aac6642ad61c03dbaffc2364d8ec2ef9f483c70355139d1fbd9617ab3c7eedf0b8963c1cfdab769180db43c416a90d9fdf3fd0eb2f81187642b4e2a09d6462d27527fdfda31f7b262501749dcfc6c184983f9923424131d05cc811cacf5c2c87e8e6f135349e68cde0e8997bf1dde248e5124d5dca2681abdbe58d327a8edd585821f03fdd4515728f1336495ba25c9bba56a3f706d60c35cbd0b40d0ac0583a981f9af08510ed8ed0a726e5472f8995af3837fbf1e89587633d2ef944868a153919165778e963710872af12faf96c0919c638e5affa97104471ba6e178d27602f96b9546ebe52190d91be245be08742b96389080676a566d3229e593e4f56a76ae4c58113c6adc1088703b1b92dafe32a5600e14ac1e71df829dfef425911f16a2b91f693599ecabf93065c6c4f5fefca8d4ed095599113529f65d9120d5252f577af95b404979508c343df54e4d239720e7d3a861f1dcabfa69e12d655c8a026c10a4df279b139fd222e561d205ac9b45c1054f8699eca594fb23886e0de565186597766dd5e40f74a423d5708dac254f4172f1089270988fb18715813f13ee4d131b64dd517c7e77f27f804b229f5339ac2f483b14739ac33a9645044d3010bd77ed18fb117f7b11bb51c4ed683b59e28bf25a58f123dfbeb1f0f21f03d9b57d8e61d59b311037a5b757b03ca5c95e0eb73922c6918530c99de4d6733640f2b8d13bebce31d4f5e27aab201101e48cde23a0d7e87b9511949d812e3187ee5ff11bc5858c022ed7b00790eba32f9ef7e134ce5f73a01269ca971b40e62133eca9d596a768686d6390b2c74602f6dc597faec3ed9d9658102d99c9624c1a97d00d63853578afaccc7e30a77fe054ebc23eec45f608f996fd015cd6bd50a111360f0790eff6ffb1ea59d13c8e29480bd96217188f97e53a1f5d9eae0a2badb4fea52f2bb4f8cb04d0afd99e7371a978a7d7ef473f77ea6738ff84af655313a12db24cff692ec7e282245ae9a42338db814593448f7115df3dc3f4e2faa2c2fdbd68f679d6aba01a15031347bb17d8bf8f1fad0ecf365e9dcd32e69803c5c05f4b47adbf8a21af7e9fb327f267df1c914486389a9820edf0a03bde6ef388c255761e439b2f7e1f9c1c3c95bd30c502197ab37f76b52f0d0675f366e919be19329853767bba34a540fb75bcdcc9596a4cda254a660e11bed5af9d8646ac4b7d6d7aa5d7c0005879b6d08058a56c3d3a4d3d401b883153fa7f2f6a6d34dd010f6b9e7b4e457b9ff5a5802d7723abb35f9dca0afc10f6791824dbe0a7725d534e7753445b7268d90145b6438b93fc475f44d5d678d79da6c5770f3a9106f3cffbabe4b88cbe7eda9b8a495be4f6717b0fbee6fec78c86031b6d878d47e357b2089de3e6dd19a265552553d1f7da53884ef84d0eebe782791c48a9c68a28d8ea3bb70c922b01dc20b2cd05cfb276e326651398f766f5faaea54a41da597cf6b50f3d5ebc634185b99069126b8d935c6bc42c47f2109de42091ef4ade3d87cc44aeb78709255501e64f34ac2d4b2725cf7777315f8ca9424bc9d61a896a93500faa6cf5a5aee1fb888e17b47a38a667be2ffa3bae46afa88bfd8b5b6e1186d6e41b9a4e490591043372c23f36fb48d80caff74cc349adc92bb25f701738c809ccf74c47afa193795ee67bc58ea7fd85542fa7e70218490fff212163401cfde016df2f42496bae403d5391e53fe200f758bbcdead0fe72c77861889b9632a257229c35bdfe8fa78375b4f5c768b9c60cafbde1f00aff6ca1879f6472f28001f5f13d4d9d6c3a90e04d8df09873550daa8262d39efbe96a79c697fbcc9a7f27c9f6d782d5d5f6d024b291376e9cc40d902f809072e1f0f2c2ab88ce3d074e88461f5971853e7be749943ab6e25e25e8afa5042dd73407f49b50841c7782c54eece62ec2beef1f16caf1ca5989427bd2726ca0fee33e303702e9892e4382e92c3f3a03a6188f39762db81819c7e12b424be8fd964dcdbfbac00139e8c5a6200506f13f484ac34ef3d26e7cadd53cf402117419c1618205bfa5382486094bd55448f2b1aa4dbec2289189b601b1bbf5792b2a641c6f5dd19cf24abc72fc5264cf11f6b44a4929267a02cd1de1b602b9de65a6c06640aa0f76109baa90d66eeb17295b1711365b7d6835a2dd55b7fe868c59453613240643c847a5b48d27897a58dda63e579c1bba58350550e147b190f0a2c9a5ce719d627ce3302028b4b6801bbfa8cd74874ffba35817c0eca034d19210950796807125fe6065dcd47d7c870ed2db5c00cff235e4154e2d89ec2a09a87551f9b7ca25d519b5603c0c33d2cf72878199ffab567fc5e093529b89d1163587f3564ba8291d2d96cf9762e7f568e786ea90849f6312c1a10f45d61600cd45c48e6870a7d76c913f9c4497374fc04401cbd11f7710740148234fe8f041f24d0278fcfd48846e6aa49f05016fc332dc5d46b4a26574fed5c0751cebb9f7ab4cdbc1ee011d82d6ef95c52c9df8eedac3ab5cf30805f23d88d4f707601f8e6c606b58f2fe234e948d6756d430a5c4ec76a33874886c8fb484059b47a9bd198a61a1896419288a9e81d0969dec778a53e8233f0f63bd0134e5f29825e7817e7c8ccb7d9acd8f86ac9d3af78c43df3036d7934dd294f2bb12063bee52c547d27a218145befb0ca96cbfaabd39fa245b51c39f4cd4cf8db105f9dc46a7aaa8f7d06fa208120ce1ac49326179618fa2c8596c44e174eb7a141056b1d17689c10dee089c8b0867b8a757ae12251bbd68db5fba2be341275fb6ee379309f5cde9b31242b0b2bac44da74776fac141936bd96e3177161f057c820a8c22cca8cce29b158eb55aed0260253fbee70a6dd281d9fca23e0b0a38d46c76a95e1262f1cafcf0fc37b52e649a1ba1e2c0f97d10bbf4d2b5632cf340bce56736071d5885ec9b4e17910744d3e63e2ca6deb21e43fc21e89c6865d3ad424ef4a14efe8843ff3168c99ee395400dcc8755719d290c567c95a5e7d28ec1190ceee240084d444265cc801cd960f69b368359bbf06b8a4ec23b47c7bf9d4b16c701a1c4fb9e81abb55bf49d450b566ce03de939fc6f5c51291380086f8c995cdd4fa15a325601c4846a69f15c77f55c900270bc9ea5f406480cb0e3e89bc869fe8b7cec4fbef7e76283d50c25ab1b4d34d093a7df062990a925a9c44aa2661abd7d381a4d6cdb64821ef624dd51b72e99af914bca2f80c25b82ac6945df7c7582e6d0ce2cd073e35f1fc120a68ba210410db64592a9aa319b30f2b818c495750e1cea0610e27d52be31e52e501a3bd51b501bc51c2ec8592f679b6e55b9aa58d513fd2bebadc83ba76eb45e5676f130193e9a666b8c8132c9f5141681fbab324b555c5c890d488ac2dd00feead0a20fbd8a46391438e3193edc6fb89161cd864fca98f4f39a2893c933dcd13bc8c5d5a548d24862e8161c0fad7f33aca8c86791d620815fe3f0daddb5defd933d0c10097a7a98e67625420b6c0db7c3e17ab07ea64e6f0f53fdc670799e06a2e3a871d6be363a2639e35339361311e0f528cc433eacea4f79bf217108c7b1d657840253ffdea18bdd1f93cdee63e7a9b8dbcb4ee06162b253e09ea0641f2771bd9823dd210905e9ea495f43194bb471cdeb690e8890b03b50835d53dde1b572dd123ccc8507bb57a45e46c0efb8fb3d5596bddf9782d86dd911636eae2cf64b5829cf8893faf789be3fa22859accf688f5b5da6c29cacc96d477e23b63cc934f685b6e42e1655c9a9b94d6d78402de22b8d9776e3915391aa258e57467d770d65480ba2f6a94b0337965a8c659c42b4e90b14da4697d0c0a6d74774c94c52d8ecb694eee747bdaa6c3a6d60739db18c6446090eebba72e62ab88b0e8b88e728ba8cb133d8524eda89a2bff1c8414da3edfa6f83788331c8a7e5a8af2dd3682d4752190a3c689949abdad8350111373e7fb46151f54a10f79d91940e37efb05f9f157bddcfacf018b65a38ab614807c34a2786af4a1d48c4d1c1abd31815715f9d1b103992207fc664f12c82fd923c57d8e7cfb9f4af55182318d055c704865cf484206d60e34cf7fe9b6ce60b1772c5c7cdacb6695227d80da18ec1f98a434b1aaf9c6b6d082f5663aed2bf267e559dca6b93d3ce34273846fc677f529690482df0a8f782b8ad7269f344f5f2b4d320a7ce2d2fa02284f8db634dc930c3e2b9a629245364acf35d41e9a14c88efde4e742ef1ea4b43d0caf2e70d4a617278823e6403934524debbd933e7676e441a48f630dc8bcccd55d9032d6bf3dea97d1669c39fb865b0e619eeb3f5461e517000f5aee3ef2abdb87d3a76b88e140eb4644a9fbddbdc9e20972cdfacf00bffa3a1ca5f84122c2ebc54067cdaa23967eaeb7bbbfe44e5843382b834fae1f62a066688595e4ee67c7ff9858672355abf7893ebeb4bcf88a62b2237c6e6cec9aebe3f28bfc310ced3a590e88d4bd0f53289206deb9addbf6f3c02115ce4980dadfc112683ae250c2d438fd9c0f2a090dbf122a0072828db798bdb868dcd47384dd3f5eeebc0307a5b268683cd51f312e8f02b5a7746b11a97ac43287d9b9765f03c720503cfe6e0117660a4c00d67895224c4d42b032000a10d7a743054758a8f54941fd5eaf72498b678d1579b3de4e5518f90f1e3d32517d09d7f5da9d180215e66218e9dd64036819cf12638ce82712a6cc79a9ddb36e86814b797d72c2bc58b18ba439e99965f745b4fb7de2878e3186e3e7b835c746b0935f6c67e92e3770bd8d5eb4f66d8175ceb7850e418c55e574db891639aa77fc62bc45dcb734681ede8484d4d4109a9adb8c3d00", 0x2000, &(0x7f0000000e40)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000500)={0x20, 0x0, 0x0, {0x0, 0x1}}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
r3 = openat(0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x24c01, 0x8)
io_setup(0x202, &(0x7f0000000200)=<r4=>0x0)
io_submit(r4, 0x2, &(0x7f0000000780)=[&(0x7f0000000440)={0xfffffffe, 0x20011004, 0x4, 0x1, 0x0, r3, &(0x7f00000000c0)='!', 0xb7f40, 0x3000000000000000}])
dup3(r3, r1, 0x0)

3.795760108s ago: executing program 5 (id=793):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x9a860675e5aa2a63, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
timerfd_settime(0xffffffffffffffff, 0x0, 0x0, 0x0)
r3 = socket$phonet(0x23, 0x2, 0x1)
ioctl$SIOCPNADDRESOURCE(r3, 0x89e0, 0x0)
r4 = socket$inet_udp(0x2, 0x2, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
ioctl$SIOCPNDELRESOURCE(r3, 0x89ef, &(0x7f00000001c0)=0x5)
ioctl$sock_ipv4_tunnel_SIOCADDTUNNEL(r4, 0x89f1, &(0x7f0000001040)={'gre0\x00', &(0x7f0000001000)={'syztnl2\x00', 0x0, 0x0, 0xa000, 0x0, 0x0, {{0x5, 0x4, 0x0, 0x0, 0x14, 0x0, 0x0, 0x0, 0x2f, 0x0, @empty, @rand_addr=0x3}}}})

2.394418535s ago: executing program 3 (id=794):
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94)
sendmmsg$inet6(0xffffffffffffffff, &(0x7f0000000740)=[{{&(0x7f0000000180)={0xa, 0x4e22, 0xfff, @mcast1, 0x5}, 0x1c, 0x0, 0x0, &(0x7f0000000500)=ANY=[], 0x18}}, {{&(0x7f0000000580)={0xa, 0x4e22, 0x4, @loopback, 0x9}, 0x1c, &(0x7f0000000680), 0x0, &(0x7f00000006c0)=[@rthdrdstopts={{0x30, 0x29, 0x37, {0x5c, 0x2, '\x00', [@hao={0xc9, 0x10, @mcast1}, @pad1]}}}], 0x30}}], 0x2, 0x810)
r0 = socket$unix(0x1, 0x1, 0x0)
getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000000540), &(0x7f0000000640)=0xc)
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
r3 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r3, &(0x7f0000000380)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc-cast5-avx\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r3, 0x117, 0x1, &(0x7f00000004c0)="2c385a7af3be", 0x6)
r4 = accept4(r3, 0x0, 0x0, 0x800)
sendmmsg$alg(r4, &(0x7f0000000040)=[{0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000080)="f78d9ca38fff48f3be52163448412ba8", 0xfffffe3f}, {&(0x7f0000000140)="ebe3a0e9796cfd1647e299f4e376fdba128280b372219d205e81f4a7f71c1926aae1efd7e0054a863f3d5cfe6cb55b5bb9fa6935849e6098ed884e7cb51726b360fbb37b4fe035bbb095873048"}, {&(0x7f00000003c0)="e8700e444d50a969ff67347cff6127e6ef12ee3819271482a4975a52c1ab9b8b4db3945d1032005eabe97b4dc33a47d3a158da988456d30026b433186f53cdcdb93a4722bf306a10470d50f5cb1ece9ead3459bab1cf1538cd0b157653c5e892962c80f158c443e9c6ad7d2a8103ef2f4b93766b9a21501f94c1568b13756b66f74f46cf801704d2da8b96c34070b233af0afcc436712e58ed25e721193af05a045ad3fdc928f02f3dbad19d3e66eebda2e63f3f46ef4511cee26d7b48241847bf9e343ef4674c45e2a085060f11"}], 0x1, &(0x7f0000000380)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18}], 0x1, 0x40800)
recvmsg(r4, &(0x7f00000005c0)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f00000000c0)=""/81, 0x7ffff000}, {&(0x7f0000000200)=""/83, 0x20000253}], 0x2}, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000840)={0x1fe, 0x2, 0x3000, 0x2000, &(0x7f0000003000/0x2000)=nil})
r5 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x2)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r5, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000100)=[@text32={0x20, &(0x7f00000000c0)="650f340f3566b842000f00d8b805000000b9a00000000f01c13e0f070fde460b0f0130670f01c2f2360f217a0f07", 0x2e}], 0x1, 0x11, 0x0, 0x0)
pwritev(0xffffffffffffffff, &(0x7f0000000440)=[{&(0x7f0000001880)="ea7c5828b87d70214008724bcae1ce6577c01031b19698ecb8a7f5183947918ce2cc9dc778dbfff9e28e1a6df7d8f95c3e45768a6786d6325bc0fe4ed394c8ed0edcbb9f917074251a7f5b6b24c52516a68f181592262dfd12b5af7386658c5fb6c36d86d5084624a302a155c0463b6c36e9fc88338b0f66e2713728a21d19d9a33da93d419df63d8a87fa100381ec74de8b7409f4977d3cd7a9f2fb03cec91c4277b39b2c9f227a9b74926a11960d085e2aaf98673d2a67fa95b8d9dcc72ca6181f6b9b2d1c402267e6cfef5599e1520077d9bc472fb5a5db42b1befd498ec7b8d519b12f065323b15280a2540bc7a4ffe508fc12f93707064caf4111e893142f9867b432b1e6258caa2ae081b8b646c25de7f5366a21f9dd257b84546cd316e17b79d22c4bcaf70e8a96d1e502b53c581c75482d1d63f0d5f3fb5bdbb714583f0798e0c4d6c9d99513e91a68a26612053290f15f5a2e06acfa229356e37b4d57697224e9561c0430a67fcb5dea72acc91e60751a5b07eb603548a646f082ce213347b4ee908bd95cc56775330aa09d4f19f48a8cb5d7f6346d82bab8ff019309684bd01eb4d90febe2269cd2a1100130c242a2995ce38638a3bbc9008ac0e820a1e0b9a9511af47aa7f3e30a69589985423f3b4ea98152433bf1aa53a0981f783f11c4cc50f70fe63b2043b74b9cb7da59caedadc1fa1f662831a353969893d4f93b919cda52a1ce2200a0a7895abb293c29d6d197cce98a4df8fc90c582014742a00b4bd09f1fcc5ff5753320d2b5593e657c0fb87a4cfa323ce59111eea806a6e020fb0c4fdd601087811e33e793975b5e9e936c16d243bdea757e0ee4508f5d5b496ed07b6f0f1f46ed752448f30d679b23ba8142d4ab25beb913ee77547866e5d9501a55e9797ba3407f3f4cc11398bdaf3ac4c2e79a5b133a09fcf8ae790bb985fa01daf2758fd8a77fde15a822227dddf64bb2ebc49a56ad025e01c6c59e4818abdf808789d9f87c103cf7f7d21d2a1345b9b7fd66b1cf96002343fbd62f8080d945e70bd93d4bf42b401477abed49065b4a8ccfb9d93724118168de2e8df4f78ccf3b9593f993423a619ef6bd8392a2cfc6424d3687fcdc67d33073db95d856f312b934d05a3c4e967217837920fee73b00757b617d1ef3bfc2e88a8a72f0948263db2c9e7bd491f059b6ee8d0ea3f2193314562910529869b248172bfe0f914f7a91a27c6e9e6c2e3455a7ae765392b48fc959958aa39a5a483b2a6e873ac76f8579515e42f7a3bbc82bcf71edaf12f7b40a2adc74d67ef793988cc8ac788185049e57fb84757bdc700ffde10afc19df290787ed98222f8afb2b6d11944666331350e2914466b398750acae526146373b2cbe1bdd1803e6c920a182a1ad118a3d09313c2ce2703a0a1c09215cab90c35b03b1c795cf704f42dd31ddff6be67bb355977b2e07609c5228299a170308e54705674384fc294cdfa4abf989d3c3bf3eabbbcf52a6a0646bf6db5b61ad027007464fd6fc10490ee2e9190c28ae5cb3733105cb782c0d53e5c79c3e455609d557d824154d01e282788ec8ae7c8a03fcd6cd4e37829b0f921c46d715454d5e1281c641cf0756a2f31b0369ce94e819e6254af95b88bffd7bb2cfe9469d303497fead174839b2789b5aa703176510eab1f46916b3b63f6f5b2df262fe7274a0cee9bd6e115e5f9f48ac1c09e5b3c546ae95b9916a633869854d3ee39d4acb800e876e7fc084ffd79a20fca8331caff657ec89b445c6012ff7eb9531eb1e8c90cdc66b82d6fd608310099503a9dcf50b40d10a3b1ab520477e20ad5f6405cd4b5b36d201e12088d7868c6e94737ea88db6ed5f7df4d31cbd2d0c4f21cdcc3b181f5aae7216dc4c06b2989bb44e5369ba96ce87f3e3abbb530d103a53d7e0b914115c302c935eea7d256a73aa851d84dec6d9112163be8135889c67fa90e796a6f050fba0a6a740618cd513748072daac9f3e25034772cc400a14834afbde835bc9fd7cf1113d67ebe99a3b78907596886ad5a1670ef572c18e26c98fe40194428de339cba7b8efc5fa7faf7512ef6b89a877f3e534fb4512729df686e14aece08fab3b42ea14acde0e18ffe5dc00e74288661c7463e00f3b942cddf3b71e1dcf71989f378b933df099316451cca296a4e117bbeb3b1e552e5a10f9731449ae830de14989049ce818f720e77e78a86c307c80450b26278bc25ee7390ce6d4c4dfc8d39b6b4b1ce6f3865dbdd1d37aedb555288bea9ef95c8600dea1cd10e9e42d15aa804f99a31bfaa5ea52185333d734c766e3bb4a9abf86cf4d840dc188167a25cc3054b65fd7ce053d38518474ab55e59c1ccaf34d57b4cd73b07ed63d754ab3d57dfc0f67bbdb22e33d9f63aa2b36cf0af338794d4acbd1b13669bde67f7bd032f9c6b400e8054a0cff77fc6e0591195b21715e42c881e23156b4ba504d7e1b6eb9c2ec9b9e382d85f7c52bd964d305da9496dbaa022880ddf236730c458f31258d64ae2668aa863b3fe558c7f8cfb3dabf42edcaf2891e9b9462c44153658eae85cd499abd9dca762adf26d9904d28b772b3fc3d066d56261474c944387ac7eb00059025ff25e34b8f7c2986db1ccc4297e1315c3ceeef1b8f98e0500bbb8bb0ab52d80f8c6c8fa5d24b9a05f5350e2fd59af4b9fa9a2b4339b61e208f227ba968d4dbd36246133de2078c6a15dd57754a3537c31d04da545f062dbf9cbaa0840e23974f441a4d5937fec23ff81c193bd951a7bacac8eb6d4705702cbe3c930f27869753ba6026455bbb7742c53644f1646d7545467091a207905f831505f214fbd818aea4455705b5e727850cdcac40620135b8dba85cb0c0f393af252ec082cba5c43385fbc2cc5682bc1994b064e29c8c5a20e7e6d15fbb13e6fd1a86b2fda666fbcd80fd08be00a7423fcafbdd8283bac88ead203bc10d1c1a13ca2fe853fa6cc8991b0476561be085b086b0d0e45f73e59f519342c13f368a37464cb55b8a13846f4cd610536d5c4b8704fcd347abe6712d3de67d7918e6954898f31647a8ea37ecc2e1bb02b1b26e7a60fbb2b0a48efc5795c12d5c4ac8dc4149dea0f2e085422ec69352882622711b74e1e32c7ead2cf3c554e8ff1648e8b66d0dc6997b6304b3b560a33d75aa49476175a386ca721156ea79bdba432d439dbceb0285561abd5d134badd9f38c04fae8fa920edfff15705371c907848c14acdfb0b22a4c7168e1840e8b8a50349dcee5f429b3cb34e30f0f67acf93604792b8574f36ea9409d422621f3c0c7b781fc8e23d1d46f04a9b44f633e5f72cb079fbde66a9745705666c6dab6238628e57ee6cffa8cfad616dac1abe2789c9efccb4fc7e65e490d9a4e49e7ce72a6980e72f70a17649e67de86f86b61a4b6219daefc939b5904e5712ecaf85c98484fc02585b1aa990b95173e4a2907cf877af696e528e6b2b634a4fb7d791cacc8644fa76e062148d411e18f0da5aed22116828cd700a28e8f46bca950550acb4ab05eddeb6b2dac24702cff4de0a3ece393cac879ed2f0c5b9645839cfdb79fb1df87596b14504cba9dddda51edaffcd0214b91b5898ea022774e699aa0caf0f646cc0cb8e8fc8b8be43c23aa7f6bd29fd0615c0b78f3514a52989d7f35ad08a4bd473e61da6657cc2e85d3b2b7d3fb51174a96f27038ddbc87a35e09a668e436aa40146c6a26dca87b39220f139b772719d80aadb752c622bf09acd6846838fb48a8817ba4aa72eaa32e82251b3789969d8518f9aa07cdcb9a355f73f119725c086168aaca262f13cd742e5f06c969a462638a557e15a4f5d43e3242c08f23b00d2b8d57c60d3636abd4068ec03a4be3429b95e41351ab5c58812e552df90c3e6c9d8779aa484e74f073ea9fcdce13b1dff8e7c101b2c6865c5cefe108e3559f520e2bc42c9dc39b57fddb44ca49f2689e10c1381c0740d20cbca46da475c62f513cb08398a5fd5d4f6b13ce839fe149df0d291a8f7267fe90a7e1845dace17cd927c2d1aeffbdc36bb983172ceff025e84b0419645fcc72897b992f5081c78756122391947f08ccd20806cfc2bded705b472fc52e84734e016cbd309aadebbbb4e8bdfed77b1e0b15ce0904838d9e4d64643df66f0353c377e554b428dc0f31189a134cdb8e66d2755e84c2b2409c3d63a81f5f05616baf6a243b09153a4f8289e15a5a4ffb007b0cbeffde25391bb2acd86b453e245643c0fa1dfe5d42e0e3f1c592a00b77f0133adf7989c6c2bf3ddc0b8a2b14f35d33f62f4ee2fc56166372058e997b9abe6bad8aa718f8d87ad095e8f354aaef540840437b5451771266a8358ed75954db52b38bca4a1c8696dca1de03b12627254409f8bb68c94eeaa1a8bcf894482b96e81b9ff5c2383a907537a191aff0bb5b5418ef5670cecca1cfbd41b61879b11a5a5053cd86cf5d61f8c2f7d7ad2034a1801b3b92a79ac3b4343c680008b1ba10577a35173cac6d4dbc1d00e436f238b57093b34d4ea19c225b84a2d6086cc6cf72595b980c88142d268bbf9c8375a93afe75c3583b3b9687368d78147985d209e6d89c335e948c51696a948f01ad062dcf84a99584466e24646b2e441fefb10ef962432f2925d6d98e790acf4ca7d9339a589a537aa3392ec79f34a6544144072ab8248e45ac560a78c70c5afcbf10909299dfcd67981c88780c1340c951e115ffec56d23b9ead6a55024e199238f4b133e3e1e0e84318b5037a3947ae09749c25c7e4887936ecf0ba9a807dfa471ea1f3350b70feb58dc9e2836365ce4db456a341e43410cac1253fe08e79c21fca932716f4c171fc957cb325737b70532d81f0eb2f0a16478c0d934165728f7b29a8a0ff6bc964e99dea26d3efd28336b00c112a26da7a2ea1c21a9688cc3a68293958edf27ae89e5f9b8348af4121028e760cf68c931af92906d27dad4d330df9201b5395ccce0c803806422883667ccb11438d9dbe1901d4ab98d89914b313338486deb6f748053517e2188c479adb1eabb8e8ed5d05bb3f66826fae83bbc5bce3615ee32d937ffbe8846a1156aaf7bf9b9d4189bdf290b3df254077688eeda824d6ea0a452f7e7f915c1a94ee250a3907ec035d7ba7bb0256811f04646ca156b8925506c774df4d4072c02929e985057a5f7ddc1469c7306e6fdb86b810ada1cc96f6bd389597dd27dd656f55c316fb2d56b2d13eddf893722e813934a19778719be99697c365222db64039f9caab1201c430e53df1af8a0321c8759fc33e8204150080979936d0717f6c4c9145fb828389acbb894a4600485e8b105c7165a40e814889343deead6d434a8da60eed1e50aa507ac2793b4a4c5517265f859f223bb4f6cadc6fb53430304baea18189e2b5ddd266c38f5c325ba391a50fcd34060d217c4118889c4275e40a8428099ddfa3cc0d8241c22fc1554318e922f3b1257f2046d70df460c5283a539487583ffca1972a19237b06480e0a56d9e185fe4dc3607666d81ed0d9d9f5c5c568a5a0a87160b6d35c73dae9c6177f2b25d90a2598042f4b43bc765fa86a831c401a01c391a8fdc8f8c742f2322a1b8ef18ec7d82f013893c981f6bd96ec57d8e73e1633ae3970721fcea055ecc836ce3", 0xf91}], 0x1, 0x1, 0x2)
syz_kvm_setup_cpu$x86(r2, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000180)=[@text64={0x40, 0x0}], 0x1, 0x18, 0x0, 0x0)
ioctl$KVM_RUN(r5, 0xae80, 0x0)

1.370373095s ago: executing program 5 (id=795):
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000140)={0x6, 0x3, &(0x7f0000000680)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x6f}, 0x94)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x4, 0x0, &(0x7f0000000300)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x46, '\x00', 0x0, 0x2}, 0x94)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbee2, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e21}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000280)={0x0, &(0x7f0000000100)=""/223, 0x0, 0xdf, 0x1}, 0x28)
ioctl$SG_GET_VERSION_NUM(0xffffffffffffffff, 0x2284, &(0x7f0000000080))
r3 = socket$inet6_sctp(0xa, 0x801, 0x84)
connect$inet6(r3, &(0x7f0000000100)={0xa, 0x0, 0x0, @private1, 0x200000}, 0x1c)
bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000000300)=@bpf_lsm={0xd, 0x5, &(0x7f0000000040)=@framed={{0xd6, 0xa, 0x0, 0x0, 0x0, 0x61, 0x11, 0xa0}, [@initr0={0x18, 0x0, 0x0, 0x0, 0x2000}]}, &(0x7f0000000000)='GPL\x00'}, 0x80)
shutdown(r3, 0x1)

1.364647106s ago: executing program 1 (id=796):
mkdir(0x0, 0x0)
mount$bind(0x0, &(0x7f0000000280)='./file0\x00', 0x0, 0x1005848, 0x0)
chdir(0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x6)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x0, 0x0)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f0000000380)=@abs={0x0, 0x0, 0x4e22}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="180100001c0000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000100)={&(0x7f00000000c0)='sys_enter\x00', r3}, 0x10)
rt_sigprocmask(0x0, &(0x7f0000000000)={[0xfffffffffffffffd]}, 0x0, 0x8)
unlinkat(0xffffffffffffffff, 0x0, 0x0)
unlink(0x0)

1.257160766s ago: executing program 3 (id=797):
socket$inet6_udp(0xa, 0x2, 0x0)
syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x3)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000240)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
setsockopt$MRT6_ASSERT(0xffffffffffffffff, 0x29, 0xcf, 0x0, 0x0)
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
r3 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r3, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000002c0)={{0x14}, [@NFT_MSG_NEWTABLE={0x20, 0x0, 0xa, 0x3, 0x0, 0x0, {0x7}, [@NFTA_TABLE_NAME={0x9, 0x1, 'syz0\x00'}]}, @NFT_MSG_NEWSET={0x5c, 0x9, 0xa, 0x409, 0x0, 0x0, {0x7}, [@NFTA_SET_ID={0x8}, @NFTA_SET_NAME={0x9, 0x2, 'syz1\x00'}, @NFTA_SET_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_SET_KEY_LEN={0x8, 0x5, 0x1, 0x0, 0x31}, @NFTA_SET_EXPR={0x20, 0x11, 0x0, 0x1, @quota={{0xa}, @val={0x10, 0x2, 0x0, 0x1, [@NFTA_QUOTA_BYTES={0xc, 0x1, 0x1, 0x0, 0x8}]}}}]}], {0x14, 0x11, 0x1, 0x0, 0x0, {0x0, 0x84}}}, 0xa4}, 0x1, 0x0, 0x0, 0x4008084}, 0x0)
socket(0x1e, 0x5, 0x0)

0s ago: executing program 5 (id=798):
r0 = syz_create_resource$binfmt(&(0x7f0000000040)='./file0\x00')
openat$binfmt(0xffffffffffffff9c, r0, 0x41, 0x1ff)
open(&(0x7f0000000280)='.\x00', 0x0, 0x0)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000001c0))
socket$netlink(0x10, 0x3, 0x10)
socket$netlink(0x10, 0x3, 0x4)
socket$netlink(0x10, 0x3, 0x10)
socket$nl_netfilter(0x10, 0x3, 0xc)
openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
openat$ttyS3(0xffffffffffffff9c, &(0x7f00000000c0), 0x2000, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
socket$nl_generic(0x10, 0x3, 0x10)
socket$nl_generic(0x10, 0x3, 0x10)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080))
r1 = socket$nl_route(0x10, 0x3, 0x0)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
r3 = syz_genetlink_get_family_id$ethtool(&(0x7f00000000c0), 0xffffffffffffffff)
sendmsg$ETHTOOL_MSG_COALESCE_SET(r2, &(0x7f0000000540)={0x0, 0x0, &(0x7f0000000500)={&(0x7f0000000400)=ANY=[@ANYBLOB='\\\x00\x00\x00', @ANYRES16=r3, @ANYBLOB="010000000000000000001400000008000f00fc00000018000180140002006e657464657673696d300000000000000800060000fcffff08000900fc000000080011000700000008000e00800000000800", @ANYRES16=r1], 0x5c}, 0x1, 0x0, 0x0, 0x4000800}, 0x140cc014)

kernel console output (not intermixed with test programs):

Warning: Permanently added '10.128.0.145' (ED25519) to the list of known hosts.
[   81.008784][ T5779] cgroup: Unknown subsys name 'net'
[   81.111946][ T5779] cgroup: Unknown subsys name 'rlimit'
Setting up swapspace version 1, size = 127995904 bytes
[   82.754976][ T5779] Adding 124996k swap on ./swap-file.  Priority:0 extents:1 across:124996k 
[   84.817242][   T50] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[   84.829920][   T50] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1
[   84.837843][   T50] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[   84.846219][   T50] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[   84.854084][   T50] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9
[   84.864665][ T5795] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9
[   84.872650][ T5795] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1
[   84.881777][ T5795] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1
[   84.890646][ T5795] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9
[   84.898755][ T5795] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9
[   84.907398][ T5795] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9
[   84.914826][ T5795] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9
[   84.924439][ T5795] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4
[   84.932574][ T5795] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3
[   84.940102][ T5795] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2
[   84.954067][ T5800] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[   84.969402][ T5803] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3
[   84.976767][ T5800] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4
[   84.985383][ T5803] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[   84.997677][ T5104] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3
[   85.005284][ T5104] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2
[   85.035670][ T5104] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4
[   85.064134][ T5800] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3
[   85.073078][ T5800] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2
[   85.541156][ T5793] chnl_net:caif_netlink_parms(): no params data found
[   85.589371][ T5789] chnl_net:caif_netlink_parms(): no params data found
[   85.648336][ T5798] chnl_net:caif_netlink_parms(): no params data found
[   85.745354][ T5794] chnl_net:caif_netlink_parms(): no params data found
[   85.816304][ T5793] bridge0: port 1(bridge_slave_0) entered blocking state
[   85.824322][ T5793] bridge0: port 1(bridge_slave_0) entered disabled state
[   85.832014][ T5793] bridge_slave_0: entered allmulticast mode
[   85.840011][ T5793] bridge_slave_0: entered promiscuous mode
[   85.876677][ T5793] bridge0: port 2(bridge_slave_1) entered blocking state
[   85.884092][ T5793] bridge0: port 2(bridge_slave_1) entered disabled state
[   85.891427][ T5793] bridge_slave_1: entered allmulticast mode
[   85.898843][ T5793] bridge_slave_1: entered promiscuous mode
[   85.961168][ T5789] bridge0: port 1(bridge_slave_0) entered blocking state
[   85.968627][ T5789] bridge0: port 1(bridge_slave_0) entered disabled state
[   85.976689][ T5789] bridge_slave_0: entered allmulticast mode
[   85.983868][ T5789] bridge_slave_0: entered promiscuous mode
[   86.008695][ T5798] bridge0: port 1(bridge_slave_0) entered blocking state
[   86.016093][ T5798] bridge0: port 1(bridge_slave_0) entered disabled state
[   86.023582][ T5798] bridge_slave_0: entered allmulticast mode
[   86.035710][ T5798] bridge_slave_0: entered promiscuous mode
[   86.043197][ T5789] bridge0: port 2(bridge_slave_1) entered blocking state
[   86.050723][ T5789] bridge0: port 2(bridge_slave_1) entered disabled state
[   86.058478][ T5789] bridge_slave_1: entered allmulticast mode
[   86.065688][ T5789] bridge_slave_1: entered promiscuous mode
[   86.081374][ T5793] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   86.094097][ T5793] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   86.104435][ T5798] bridge0: port 2(bridge_slave_1) entered blocking state
[   86.111577][ T5798] bridge0: port 2(bridge_slave_1) entered disabled state
[   86.118858][ T5798] bridge_slave_1: entered allmulticast mode
[   86.126039][ T5798] bridge_slave_1: entered promiscuous mode
[   86.216558][ T5798] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   86.231318][ T5789] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   86.265613][ T5798] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   86.289983][ T5789] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   86.300054][ T5794] bridge0: port 1(bridge_slave_0) entered blocking state
[   86.307815][ T5794] bridge0: port 1(bridge_slave_0) entered disabled state
[   86.315132][ T5794] bridge_slave_0: entered allmulticast mode
[   86.322128][ T5794] bridge_slave_0: entered promiscuous mode
[   86.334346][ T5793] team0: Port device team_slave_0 added
[   86.378676][ T5794] bridge0: port 2(bridge_slave_1) entered blocking state
[   86.386625][ T5794] bridge0: port 2(bridge_slave_1) entered disabled state
[   86.394942][ T5794] bridge_slave_1: entered allmulticast mode
[   86.401898][ T5794] bridge_slave_1: entered promiscuous mode
[   86.421949][ T5793] team0: Port device team_slave_1 added
[   86.444399][ T5798] team0: Port device team_slave_0 added
[   86.459815][ T5789] team0: Port device team_slave_0 added
[   86.493969][ T5793] batman_adv: batadv0: Adding interface: batadv_slave_0
[   86.500987][ T5793] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   86.527019][ T5793] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   86.542021][ T5798] team0: Port device team_slave_1 added
[   86.550046][ T5789] team0: Port device team_slave_1 added
[   86.569745][ T5794] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   86.580134][ T5793] batman_adv: batadv0: Adding interface: batadv_slave_1
[   86.587323][ T5793] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   86.613490][ T5793] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   86.663112][ T5789] batman_adv: batadv0: Adding interface: batadv_slave_0
[   86.670153][ T5789] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   86.696784][ T5789] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   86.710769][ T5794] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   86.750681][ T5798] batman_adv: batadv0: Adding interface: batadv_slave_0
[   86.757795][ T5798] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   86.783919][ T5798] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   86.796210][ T5789] batman_adv: batadv0: Adding interface: batadv_slave_1
[   86.803191][ T5789] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   86.829489][ T5789] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   86.851522][ T5794] team0: Port device team_slave_0 added
[   86.859635][ T5798] batman_adv: batadv0: Adding interface: batadv_slave_1
[   86.866994][ T5798] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   86.893184][ T5798] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   86.928661][ T5794] team0: Port device team_slave_1 added
[   86.998565][ T5798] hsr_slave_0: entered promiscuous mode
[   87.006347][ T5798] hsr_slave_1: entered promiscuous mode
[   87.043498][   T50] Bluetooth: hci2: command tx timeout
[   87.059478][ T5793] hsr_slave_0: entered promiscuous mode
[   87.066657][ T5793] hsr_slave_1: entered promiscuous mode
[   87.073061][ T5793] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[   87.087531][ T5793] Cannot create hsr debugfs directory
[   87.095324][ T5794] batman_adv: batadv0: Adding interface: batadv_slave_0
[   87.102297][ T5794] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   87.128454][   T50] Bluetooth: hci1: command tx timeout
[   87.128712][   T50] Bluetooth: hci0: command tx timeout
[   87.140019][ T5800] Bluetooth: hci3: command tx timeout
[   87.145493][ T5794] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   87.148178][ T5794] batman_adv: batadv0: Adding interface: batadv_slave_1
[   87.169856][ T5794] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   87.201947][ T5794] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   87.245788][ T5789] hsr_slave_0: entered promiscuous mode
[   87.252508][ T5789] hsr_slave_1: entered promiscuous mode
[   87.264073][ T5789] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[   87.271669][ T5789] Cannot create hsr debugfs directory
[   87.500029][ T5794] hsr_slave_0: entered promiscuous mode
[   87.507421][ T5794] hsr_slave_1: entered promiscuous mode
[   87.516876][ T5794] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[   87.524712][ T5794] Cannot create hsr debugfs directory
[   87.856406][ T5793] netdevsim netdevsim1 netdevsim0: renamed from eth0
[   87.869922][ T5793] netdevsim netdevsim1 netdevsim1: renamed from eth1
[   87.882771][ T5793] netdevsim netdevsim1 netdevsim2: renamed from eth2
[   87.895661][ T5793] netdevsim netdevsim1 netdevsim3: renamed from eth3
[   87.987547][ T5794] netdevsim netdevsim3 netdevsim0: renamed from eth0
[   88.004965][ T5794] netdevsim netdevsim3 netdevsim1: renamed from eth1
[   88.016526][ T5794] netdevsim netdevsim3 netdevsim2: renamed from eth2
[   88.028303][ T5794] netdevsim netdevsim3 netdevsim3: renamed from eth3
[   88.126270][ T5798] netdevsim netdevsim2 netdevsim0: renamed from eth0
[   88.138800][ T5798] netdevsim netdevsim2 netdevsim1: renamed from eth1
[   88.149182][ T5798] netdevsim netdevsim2 netdevsim2: renamed from eth2
[   88.166046][ T5798] netdevsim netdevsim2 netdevsim3: renamed from eth3
[   88.236536][ T5789] netdevsim netdevsim0 netdevsim0: renamed from eth0
[   88.265321][ T5789] netdevsim netdevsim0 netdevsim1: renamed from eth1
[   88.275869][ T5789] netdevsim netdevsim0 netdevsim2: renamed from eth2
[   88.290672][ T5789] netdevsim netdevsim0 netdevsim3: renamed from eth3
[   88.336684][ T5793] 8021q: adding VLAN 0 to HW filter on device bond0
[   88.396333][ T5794] 8021q: adding VLAN 0 to HW filter on device bond0
[   88.447238][ T5793] 8021q: adding VLAN 0 to HW filter on device team0
[   88.482206][   T58] bridge0: port 1(bridge_slave_0) entered blocking state
[   88.489548][   T58] bridge0: port 1(bridge_slave_0) entered forwarding state
[   88.502795][ T5794] 8021q: adding VLAN 0 to HW filter on device team0
[   88.519194][ T1140] bridge0: port 1(bridge_slave_0) entered blocking state
[   88.526408][ T1140] bridge0: port 1(bridge_slave_0) entered forwarding state
[   88.540699][ T1140] bridge0: port 2(bridge_slave_1) entered blocking state
[   88.547921][ T1140] bridge0: port 2(bridge_slave_1) entered forwarding state
[   88.584690][ T1140] bridge0: port 2(bridge_slave_1) entered blocking state
[   88.591844][ T1140] bridge0: port 2(bridge_slave_1) entered forwarding state
[   88.621422][ T5798] 8021q: adding VLAN 0 to HW filter on device bond0
[   88.695999][ T5798] 8021q: adding VLAN 0 to HW filter on device team0
[   88.720009][ T1085] bridge0: port 1(bridge_slave_0) entered blocking state
[   88.727198][ T1085] bridge0: port 1(bridge_slave_0) entered forwarding state
[   88.758045][ T5794] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[   88.779430][ T1085] bridge0: port 2(bridge_slave_1) entered blocking state
[   88.786678][ T1085] bridge0: port 2(bridge_slave_1) entered forwarding state
[   88.815899][ T5789] 8021q: adding VLAN 0 to HW filter on device bond0
[   88.880004][ T5789] 8021q: adding VLAN 0 to HW filter on device team0
[   88.950869][   T58] bridge0: port 1(bridge_slave_0) entered blocking state
[   88.958102][   T58] bridge0: port 1(bridge_slave_0) entered forwarding state
[   88.997675][ T1094] bridge0: port 2(bridge_slave_1) entered blocking state
[   89.004991][ T1094] bridge0: port 2(bridge_slave_1) entered forwarding state
[   89.107252][ T5800] Bluetooth: hci2: command tx timeout
[   89.184046][   T50] Bluetooth: hci0: command tx timeout
[   89.189557][   T50] Bluetooth: hci1: command tx timeout
[   89.196198][ T5800] Bluetooth: hci3: command tx timeout
[   89.322182][ T5794] 8021q: adding VLAN 0 to HW filter on device batadv0
[   89.439462][ T5794] veth0_vlan: entered promiscuous mode
[   89.467102][ T5793] 8021q: adding VLAN 0 to HW filter on device batadv0
[   89.528465][ T5794] veth1_vlan: entered promiscuous mode
[   89.561562][ T5789] 8021q: adding VLAN 0 to HW filter on device batadv0
[   89.576343][ T5798] 8021q: adding VLAN 0 to HW filter on device batadv0
[   89.632645][ T5793] veth0_vlan: entered promiscuous mode
[   89.661430][ T5794] veth0_macvtap: entered promiscuous mode
[   89.673055][ T5794] veth1_macvtap: entered promiscuous mode
[   89.701536][ T5793] veth1_vlan: entered promiscuous mode
[   89.730473][ T5798] veth0_vlan: entered promiscuous mode
[   89.765715][ T5798] veth1_vlan: entered promiscuous mode
[   89.774947][ T5794] batman_adv: batadv0: Interface activated: batadv_slave_0
[   89.826129][ T5794] batman_adv: batadv0: Interface activated: batadv_slave_1
[   89.852546][ T5789] veth0_vlan: entered promiscuous mode
[   89.862714][ T5794] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   89.872189][ T5794] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   89.881179][ T5794] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   89.890415][ T5794] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   89.918647][ T5793] veth0_macvtap: entered promiscuous mode
[   89.931385][ T5793] veth1_macvtap: entered promiscuous mode
[   89.967307][ T5789] veth1_vlan: entered promiscuous mode
[   89.977653][ T5793] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[   89.989574][ T5793] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   90.004063][ T5793] batman_adv: batadv0: Interface activated: batadv_slave_0
[   90.031905][ T5798] veth0_macvtap: entered promiscuous mode
[   90.040618][ T5793] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[   90.052396][ T5793] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   90.067185][ T5793] batman_adv: batadv0: Interface activated: batadv_slave_1
[   90.113043][ T5798] veth1_macvtap: entered promiscuous mode
[   90.130995][ T5793] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   90.141076][ T5793] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   90.151402][ T5793] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   90.160249][ T5793] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   90.223674][ T5798] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[   90.234808][ T5798] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   90.246273][ T5798] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[   90.257416][ T5798] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   90.269269][ T5798] batman_adv: batadv0: Interface activated: batadv_slave_0
[   90.296285][ T5789] veth0_macvtap: entered promiscuous mode
[   90.320814][ T5798] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[   90.339848][ T5798] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   90.350914][ T5798] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[   90.361982][ T5798] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   90.374377][ T5798] batman_adv: batadv0: Interface activated: batadv_slave_1
[   90.385272][   T11] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   90.388977][ T5798] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   90.402761][ T5798] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   90.408824][   T11] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   90.411909][ T5798] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   90.429454][ T5798] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   90.442950][ T5789] veth1_macvtap: entered promiscuous mode
[   90.503165][   T34] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   90.513983][   T34] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   90.538838][ T5789] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[   90.550834][ T5789] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   90.561181][ T5789] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[   90.572495][ T5789] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   90.582574][ T5789] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[   90.593922][ T5789] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   90.605521][ T5789] batman_adv: batadv0: Interface activated: batadv_slave_0
[   90.664658][   T58] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   90.667665][ T1002] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   90.674571][ T5789] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[   90.695222][ T1002] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   90.696202][   T58] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   90.710523][ T5789] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   90.721299][ T5789] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[   90.731859][ T5789] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   90.741857][ T5789] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[   90.752353][ T5789] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   90.764142][ T5789] batman_adv: batadv0: Interface activated: batadv_slave_1
[   90.780530][ T5789] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   90.795721][ T5789] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   90.804841][ T5789] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   90.813948][ T5789] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   90.861986][   T11] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   90.907528][   T11] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   90.990039][ T1140] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   91.003986][ T1140] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   91.052410][   T12] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   91.084310][   T12] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   91.186167][   T50] Bluetooth: hci2: command tx timeout
[   91.227096][   T34] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   91.245238][   T34] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   91.267456][   T50] Bluetooth: hci1: command tx timeout
[   91.272937][ T5800] Bluetooth: hci3: command tx timeout
[   91.272948][ T5104] Bluetooth: hci0: command tx timeout
[   91.558659][ T5891] kvm_intel: L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/l1tf.html for details.
[   91.942984][ T5898] bridge_slave_0: left allmulticast mode
[   91.949122][ T5898] bridge_slave_0: left promiscuous mode
[   91.957010][ T5898] bridge0: port 1(bridge_slave_0) entered disabled state
[   91.966047][    T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!!
[   92.014466][ T5898] bridge_slave_1: left allmulticast mode
[   92.023573][ T5898] bridge_slave_1: left promiscuous mode
[   92.029406][ T5898] bridge0: port 2(bridge_slave_1) entered disabled state
[   92.042845][    T0] NOHZ tick-stop error: local softirq work is pending, handler #140!!!
[   92.065782][ T5898] bond0: (slave bond_slave_0): Releasing backup interface
[   92.111818][ T5898] bond0: (slave bond_slave_1): Releasing backup interface
[   92.166340][   T27] cfg80211: failed to load regulatory.db
[   92.201823][ T5898] team0: Port device team_slave_0 removed
[   92.232263][ T5898] team0: Port device team_slave_1 removed
[   92.266055][ T5898] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[   92.297822][ T5898] batman_adv: batadv0: Removing interface: batadv_slave_0
[   92.389310][ T5898] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[   92.406959][ T5898] batman_adv: batadv0: Removing interface: batadv_slave_1
[   92.611983][ T5900] netlink: 'syz.3.6': attribute type 10 has an invalid length.
[   92.706764][ T5900] 8021q: adding VLAN 0 to HW filter on device bond0
[   92.723837][ T5900] team0: Port device bond0 added
[   93.093754][    T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!!
[   93.144942][    T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!!
[   93.264002][ T5800] Bluetooth: hci2: command tx timeout
[   93.343460][   T50] Bluetooth: hci0: command tx timeout
[   93.348932][   T50] Bluetooth: hci1: command tx timeout
[   93.354622][ T5800] Bluetooth: hci3: command tx timeout
[   93.782196][    T0] NOHZ tick-stop error: local softirq work is pending, handler #40!!!
[   93.955142][    T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!!
[   93.967173][    T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!!
[   93.976076][    T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!!
[   94.191966][    T0] NOHZ tick-stop error: local softirq work is pending, handler #40!!!
[   94.445848][    T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!!
[   94.673081][ T5937] kvm: emulating exchange as write
[   95.793753][    T8] usb 3-1: new high-speed USB device number 2 using dummy_hcd
[   95.810729][ T5956] syzkaller0: entered promiscuous mode
[   95.826292][ T5956] syzkaller0: entered allmulticast mode
[   96.019394][    T8] usb 3-1: Using ep0 maxpacket: 16
[   96.028756][    T8] usb 3-1: config 0 has an invalid interface number: 41 but max is 0
[   96.049984][    T8] usb 3-1: config 0 has no interface number 0
[   96.074492][    T8] usb 3-1: config 0 interface 41 altsetting 2 bulk endpoint 0x4 has invalid maxpacket 16
[   96.111867][    T8] usb 3-1: config 0 interface 41 altsetting 2 bulk endpoint 0x82 has invalid maxpacket 64
[   96.151668][    T8] usb 3-1: config 0 interface 41 has no altsetting 0
[   96.168040][    T8] usb 3-1: New USB device found, idVendor=0fe6, idProduct=9800, bcdDevice=d1.9a
[   96.189969][    T8] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[   96.208025][    T8] usb 3-1: Product: syz
[   96.219135][    T8] usb 3-1: Manufacturer: syz
[   96.235051][    T8] usb 3-1: SerialNumber: syz
[   96.258825][    T8] usb 3-1: config 0 descriptor??
[   96.268674][ T5952] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22
[   96.286896][ T5952] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22
[   96.358188][ T5962] syz.1.23 uses obsolete (PF_INET,SOCK_PACKET)
[   96.598535][ T5952] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22
[   96.626595][ T5952] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22
[   97.229485][ T5974] netdevsim netdevsim0: Direct firmware load for  failed with error -2
[   97.240705][ T5974] netdevsim netdevsim0: Falling back to sysfs fallback for: 
[   97.398421][    T8] CoreChips 3-1:0.41 (unnamed net_device) (uninitialized): sr_get_phy_addr : Error reading PHYID register:ffffffe0
[   98.205789][ T5986] netlink: 'syz.0.28': attribute type 1 has an invalid length.
[   99.196011][    T8] CoreChips 3-1:0.41 (unnamed net_device) (uninitialized): Error reading RX_CTL register:ffffffb9
[   99.349426][    T8] CoreChips 3-1:0.41 (unnamed net_device) (uninitialized): Failed to write RX_CTL mode to 0x0000:ffffffb9
[   99.487007][    T8] CoreChips: probe of 3-1:0.41 failed with error -71
[   99.655573][ T5998] bridge_slave_0: left allmulticast mode
[   99.661304][ T5998] bridge_slave_0: left promiscuous mode
[   99.668028][ T5998] bridge0: port 1(bridge_slave_0) entered disabled state
[   99.676817][    T8] usb 3-1: USB disconnect, device number 2
[   99.786506][ T6001] input: syz1 as /devices/virtual/input/input5
[   99.823216][ T5998] bridge_slave_1: left allmulticast mode
[   99.863483][ T5998] bridge_slave_1: left promiscuous mode
[   99.880768][ T5998] bridge0: port 2(bridge_slave_1) entered disabled state
[   99.929318][ T5998] bond0: (slave bond_slave_0): Releasing backup interface
[   99.982601][ T5998] bond0: (slave bond_slave_1): Releasing backup interface
[  100.058679][ T5998] team0: Port device team_slave_0 removed
[  100.149175][ T5998] team0: Port device team_slave_1 removed
[  100.157582][ T5998] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  100.165271][ T5998] batman_adv: batadv0: Removing interface: batadv_slave_0
[  100.175430][ T5998] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  100.183185][ T5998] batman_adv: batadv0: Removing interface: batadv_slave_1
[  100.210192][ T6002] team0: Mode changed to "random"
[  100.743424][ T5842] usb 3-1: new high-speed USB device number 3 using dummy_hcd
[  100.933518][ T5842] usb 3-1: Using ep0 maxpacket: 16
[  100.956792][ T5842] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x84 has invalid wMaxPacketSize 0
[  100.981402][ T5842] usb 3-1: New USB device found, idVendor=2040, idProduct=0264, bcdDevice=4e.d1
[  101.002103][ T5842] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  101.024203][ T5842] usb 3-1: Product: syz
[  101.038532][ T5842] usb 3-1: Manufacturer: syz
[  101.050637][ T6025] netdevsim netdevsim0 netdevsim0: entered promiscuous mode
[  101.084981][ T5842] usb 3-1: SerialNumber: syz
[  101.094137][ T5842] usb 3-1: config 0 descriptor??
[  101.122433][ T5842] em28xx 3-1:0.0: New device syz syz @ 480 Mbps (2040:0264, interface 0, class 0)
[  101.149194][ T5842] em28xx 3-1:0.0: DVB interface 0 found: bulk
[  102.192442][ T5842] em28xx 3-1:0.0: chip ID is em2765
[  102.404164][    T8] usb 2-1: new high-speed USB device number 2 using dummy_hcd
[  102.603567][    T8] usb 2-1: Using ep0 maxpacket: 16
[  102.616059][    T8] usb 2-1: config 0 has an invalid interface number: 41 but max is 0
[  102.630673][    T8] usb 2-1: config 0 has no interface number 0
[  102.641689][    T8] usb 2-1: config 0 interface 41 altsetting 2 bulk endpoint 0x4 has invalid maxpacket 16
[  102.662201][    T8] usb 2-1: config 0 interface 41 altsetting 2 bulk endpoint 0x82 has invalid maxpacket 64
[  102.683072][    T8] usb 2-1: config 0 interface 41 has no altsetting 0
[  102.698885][    T8] usb 2-1: New USB device found, idVendor=0fe6, idProduct=9800, bcdDevice=d1.9a
[  102.711073][    T8] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  102.723018][    T8] usb 2-1: Product: syz
[  102.729864][    T8] usb 2-1: Manufacturer: syz
[  102.737233][    T8] usb 2-1: SerialNumber: syz
[  102.755974][    T8] usb 2-1: config 0 descriptor??
[  102.761799][ T6040] raw-gadget.1 gadget.1: fail, usb_ep_enable returned -22
[  102.781012][ T6040] raw-gadget.1 gadget.1: fail, usb_ep_enable returned -22
[  102.850587][ T5842] em28xx 3-1:0.0: reading from i2c device at 0xa0 failed (error=-5)
[  102.859914][ T5842] em28xx 3-1:0.0: board has no eeprom
[  102.865916][   T23] usb 4-1: new high-speed USB device number 2 using dummy_hcd
[  103.022326][ T6040] raw-gadget.1 gadget.1: fail, usb_ep_enable returned -22
[  103.040661][ T6040] raw-gadget.1 gadget.1: fail, usb_ep_enable returned -22
[  103.104967][   T23] usb 4-1: Using ep0 maxpacket: 32
[  103.143881][   T23] usb 4-1: config 0 has an invalid interface number: 12 but max is 0
[  103.162207][   T23] usb 4-1: config 0 has no interface number 0
[  103.173634][ T5842] em28xx 3-1:0.0: Identified as PCTV tripleStick (292e) (card=94)
[  103.182054][   T23] usb 4-1: config 0 interface 12 has no altsetting 0
[  103.191809][ T5842] em28xx 3-1:0.0: dvb set to bulk mode.
[  103.214136][   T23] usb 4-1: New USB device found, idVendor=2c42, idProduct=1202, bcdDevice=85.40
[  103.226663][ T5781] em28xx 3-1:0.0: Binding DVB extension
[  103.251794][ T5842] usb 3-1: USB disconnect, device number 3
[  103.257849][   T23] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  103.281211][   T23] usb 4-1: Product: syz
[  103.291597][ T5842] em28xx 3-1:0.0: Disconnecting em28xx
[  103.303375][   T23] usb 4-1: Manufacturer: syz
[  103.333373][   T23] usb 4-1: SerialNumber: syz
[  103.346888][   T23] usb 4-1: config 0 descriptor??
[  103.387034][ T5781] em28xx 3-1:0.0: Registering input extension
[  103.395882][ T5842] em28xx 3-1:0.0: Closing input extension
[  103.405733][   T23] f81534 4-1:0.12: required endpoints missing
[  103.455349][ T5842] em28xx 3-1:0.0: Freeing device
[  103.662354][    T8] CoreChips 2-1:0.41 (unnamed net_device) (uninitialized): sr_get_phy_addr : Error reading PHYID register:ffffffe0
[  104.893562][ T5842] usb 3-1: new high-speed USB device number 4 using dummy_hcd
[  104.979147][    T8] CoreChips 2-1:0.41 (unnamed net_device) (uninitialized): Error reading RX_CTL register:ffffffb9
[  104.995821][    T8] CoreChips 2-1:0.41 (unnamed net_device) (uninitialized): Failed to write RX_CTL mode to 0x0000:ffffffb9
[  105.008062][    T8] CoreChips: probe of 2-1:0.41 failed with error -71
[  105.031552][    T8] usb 2-1: USB disconnect, device number 2
[  105.093691][ T5842] usb 3-1: Using ep0 maxpacket: 32
[  105.106080][ T5842] usb 3-1: config 0 has an invalid interface number: 89 but max is 0
[  105.132505][ T5842] usb 3-1: config 0 has no interface number 0
[  105.143480][ T5842] usb 3-1: config 0 interface 89 has no altsetting 0
[  105.159040][ T5842] usb 3-1: New USB device found, idVendor=0ccd, idProduct=10af, bcdDevice=38.4e
[  105.176802][ T5842] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  105.193490][ T5842] usb 3-1: Product: syz
[  105.201946][ T5842] usb 3-1: Manufacturer: syz
[  105.207871][ T5842] usb 3-1: SerialNumber: syz
[  105.225660][ T5842] usb 3-1: config 0 descriptor??
[  105.246123][ T5842] em28xx 3-1:0.89: New device syz syz @ 480 Mbps (0ccd:10af, interface 89, class 89)
[  105.261662][ T5842] em28xx 3-1:0.89: Video interface 89 found: bulk
[  105.738047][ T5781] usb 4-1: USB disconnect, device number 2
[  105.860541][ T5842] em28xx 3-1:0.89: unknown em28xx chip ID (0)
[  106.084715][ T6076] netdevsim netdevsim3: Direct firmware load for  failed with error -2
[  106.094674][ T6076] netdevsim netdevsim3: Falling back to sysfs fallback for: 
[  106.920028][ T6079] netlink: 24 bytes leftover after parsing attributes in process `syz.0.54'.
[  107.331482][ T5842] em28xx 3-1:0.89: reading from i2c device at 0xa0 failed (error=-5)
[  107.345330][ T6093] kvm: requested 4190 ns i8254 timer period limited to 200000 ns
[  107.353223][ T5842] em28xx 3-1:0.89: board has no eeprom
[  107.392163][ T6093] kvm: pic: non byte read
[  107.398288][ T6098] syz_tun: entered allmulticast mode
[  107.403423][ T6093] kvm: pic: level sensitive irq not supported
[  107.409448][ T6093] kvm: pic: non byte read
[  107.441875][ T6093] kvm: pic: level sensitive irq not supported
[  107.442260][ T6093] kvm: pic: non byte read
[  107.459891][ T5842] em28xx 3-1:0.89: Identified as Terratec Grabby (card=67)
[  107.471577][ T6093] kvm: pic: level sensitive irq not supported
[  107.471674][ T6093] kvm: pic: non byte read
[  107.507144][ T5842] em28xx 3-1:0.89: analog set to bulk mode.
[  107.534751][   T23] em28xx 3-1:0.89: Registering V4L2 extension
[  107.569133][ T5842] usb 3-1: USB disconnect, device number 4
[  107.610267][ T5842] em28xx 3-1:0.89: Disconnecting em28xx
[  108.293592][   T23] em28xx 3-1:0.89: Config register raw data: 0xffffffed
[  108.301984][   T23] em28xx 3-1:0.89: AC97 chip type couldn't be determined
[  108.310504][   T23] em28xx 3-1:0.89: No AC97 audio processor
[  108.336251][   T23] usb 3-1: Decoder not found
[  108.349913][   T23] em28xx 3-1:0.89: failed to create media graph
[  108.363466][   T23] em28xx 3-1:0.89: V4L2 device video103 deregistered
[  108.382192][ T6105] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.
[  108.401313][   T23] em28xx 3-1:0.89: Registering snapshot button...
[  108.412213][ T6108] netlink: 4 bytes leftover after parsing attributes in process `syz.3.62'.
[  108.426301][   T23] input: em28xx snapshot button as /devices/platform/dummy_hcd.2/usb3/3-1/3-1:0.89/input/input7
[  108.467091][   T23] em28xx 3-1:0.89: Remote control support is not available for this card.
[  108.511957][ T5842] em28xx 3-1:0.89: Closing input extension
[  108.529863][ T5842] em28xx 3-1:0.89: Deregistering snapshot button
[  108.590456][ T5842] em28xx 3-1:0.89: Freeing device
[  108.619990][ T6111] netlink: 4 bytes leftover after parsing attributes in process `syz.0.72'.
[  109.482957][ T6123] netdevsim netdevsim2: Direct firmware load for  failed with error -2
[  109.495403][ T6123] netdevsim netdevsim2: Falling back to sysfs fallback for: 
[  109.565922][ T6125] netlink: 104 bytes leftover after parsing attributes in process `syz.0.75'.
[  109.641563][ T6128] syz.1.68[6128]: memfd_create() called without MFD_EXEC or MFD_NOEXEC_SEAL set
[  109.793875][ T6128] Invalid ELF header magic: != ELF
[  110.401941][ T6132] loop2: detected capacity change from 0 to 2048
[  110.452117][ T6132] =======================================================
[  110.452117][ T6132] WARNING: The mand mount option has been deprecated and
[  110.452117][ T6132]          and is ignored by this kernel. Remove the mand
[  110.452117][ T6132]          option from the mount to silence this warning.
[  110.452117][ T6132] =======================================================
[  110.548338][ T6132] UDF-fs: error (device loop2): udf_read_tagged: read failed, block=18576, location=18576
[  110.621601][ T6132] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000)
[  110.636470][   T28] audit: type=1326 audit(1760997885.694:2): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6134 comm="syz.3.71" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f1a0f78efc9 code=0x0
[  110.834220][ T6137] Bluetooth: MGMT ver 1.22
[  112.655368][ T6158] binder: 6153:6158 ioctl c0306201 200000000180 returned -14
[  112.722818][ T6156] loop0: detected capacity change from 0 to 4096
[  112.834491][ T6163] NILFS (loop0): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
[  112.926775][   T28] audit: type=1800 audit(1760997887.974:3): pid=6156 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.80" name="file1" dev="loop0" ino=15 res=0 errno=0
[  113.040937][   T28] audit: type=1800 audit(1760997887.984:4): pid=6156 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.80" name="file1" dev="loop0" ino=15 res=0 errno=0
[  113.373440][  T786] usb 1-1: new high-speed USB device number 2 using dummy_hcd
[  113.401360][ T6166] loop2: detected capacity change from 0 to 40427
[  113.413881][ T6166] F2FS-fs (loop2): Invalid log_blocksize (268), supports only 12
[  113.421932][ T6166] F2FS-fs (loop2): Can't find valid F2FS filesystem in 1th superblock
[  113.436774][ T6168] Ignoring NSS change in VHT Operating Mode Notification from 08:02:11:00:00:01 with invalid nss 7
[  113.444648][ T6166] F2FS-fs (loop2): invalid crc value
[  113.485384][ T6166] F2FS-fs (loop2): Found nat_bits in checkpoint
[  113.568829][ T6166] F2FS-fs (loop2): Try to recover 1th superblock, ret: 0
[  113.576346][ T6166] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e5
[  113.656112][  T786] usb 1-1: Using ep0 maxpacket: 32
[  113.690640][  T786] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  113.737265][  T786] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  114.600710][  T786] usb 1-1: New USB device found, idVendor=1e7d, idProduct=2d5a, bcdDevice= 0.00
[  114.609949][  T786] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  114.638582][  T786] usb 1-1: config 0 descriptor??
[  114.756504][ T6177] syz.2.82: attempt to access beyond end of device
[  114.756504][ T6177] loop2: rw=2049, sector=45096, nr_sectors = 8 limit=40427
[  115.247543][ T1199] usb 2-1: new high-speed USB device number 3 using dummy_hcd
[  115.313453][  T786] usbhid 1-1:0.0: can't add hid device: -71
[  115.335304][  T786] usbhid: probe of 1-1:0.0 failed with error -71
[  115.355692][  T786] usb 1-1: USB disconnect, device number 2
[  115.443683][ T1199] usb 2-1: Using ep0 maxpacket: 8
[  115.458345][ T1199] usb 2-1: New USB device found, idVendor=0c45, idProduct=613a, bcdDevice=c4.6d
[  115.473666][ T1199] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  115.492222][ T1199] usb 2-1: Product: syz
[  115.502173][ T1199] usb 2-1: Manufacturer: syz
[  115.507020][ T1199] usb 2-1: SerialNumber: syz
[  115.525780][ T1199] usb 2-1: config 0 descriptor??
[  115.536446][ T1199] gspca_main: sonixj-2.14.0 probing 0c45:613a
[  116.108315][ T6193] loop0: detected capacity change from 0 to 2048
[  116.137034][ T6193] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000)
[  118.159982][ T6215] loop0: detected capacity change from 0 to 764
[  118.172912][ T1199] gspca_sonixj: reg_w1 err -71
[  118.243444][ T1199] sonixj: probe of 2-1:0.0 failed with error -71
[  118.272468][ T1199] usb 2-1: USB disconnect, device number 3
[  118.486961][ T6220] loop3: detected capacity change from 0 to 128
[  118.614982][ T6222] Symlink component flag not implemented
[  118.620937][ T6222] Symlink component flag not implemented
[  118.627570][ T6222] Symlink component flag not implemented (129)
[  118.633892][ T6222] Symlink component flag not implemented (6)
[  118.651006][ T6222] rock: directory entry would overflow storage
[  118.657529][ T6222] rock: sig=0x4f50, size=4, remaining=3
[  118.663223][ T6222] iso9660: Corrupted directory entry in block 6 of inode 1792
[  119.355679][ T6226] loop1: detected capacity change from 0 to 2048
[  119.434864][ T6226] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  119.546369][ T5793] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  119.910719][   T23] usb 1-1: new high-speed USB device number 3 using dummy_hcd
[  120.908849][   T23] usb 1-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  120.935153][   T23] usb 1-1: config 1 has 1 interface, different from the descriptor's value: 2
[  120.948994][   T23] usb 1-1: config 1 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1
[  120.978194][   T23] usb 1-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[  120.990251][   T23] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  120.998660][   T23] usb 1-1: Product: syz
[  121.004436][   T23] usb 1-1: Manufacturer: syz
[  121.010542][   T23] usb 1-1: SerialNumber: syz
[  121.304600][   T23] cdc_ncm 1-1:1.0: CDC Union missing and no IAD found
[  121.311962][   T23] cdc_ncm 1-1:1.0: bind() failure
[  121.352792][   T23] usb 1-1: USB disconnect, device number 3
[  122.109442][ T6268] loop3: detected capacity change from 0 to 1024
[  122.120771][ T6268] EXT4-fs: inline encryption not supported
[  122.242415][ T6268] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  122.338223][   T28] audit: type=1800 audit(1760997897.394:5): pid=6268 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.3.110" name="bus" dev="loop3" ino=18 res=0 errno=0
[  122.350327][ T6268] EXT4-fs error (device loop3): ext4_mb_mark_diskspace_used:4031: comm syz.3.110: Allocating blocks 481-513 which overlap fs metadata
[  122.447550][ T6268] EXT4-fs (loop3): Remounting filesystem read-only
[  122.693041][ T5794] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  123.556550][ T6303] loop0: detected capacity change from 0 to 512
[  123.575268][ T6303] EXT4-fs (loop0): orphan cleanup on readonly fs
[  123.589378][ T6303] EXT4-fs error (device loop0): ext4_do_update_inode:5236: inode #15: comm syz.0.120: corrupted inode contents
[  123.605567][ T6303] EXT4-fs error (device loop0) in ext4_orphan_del:301: Corrupt filesystem
[  123.614691][ T6303] EXT4-fs error (device loop0): ext4_do_update_inode:5236: inode #15: comm syz.0.120: corrupted inode contents
[  123.649003][ T6303] EXT4-fs error (device loop0): ext4_evict_inode:300: inode #15: comm syz.0.120: mark_inode_dirty error
[  123.661392][ T6303] EXT4-fs (loop0): 1 orphan inode deleted
[  123.671952][ T6303] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: none.
[  123.705579][ T6310] syzkaller0: entered promiscuous mode
[  123.711555][ T6310] syzkaller0: entered allmulticast mode
[  123.757709][ T6307] kvm: requested 4190 ns i8254 timer period limited to 200000 ns
[  123.768823][ T5789] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  123.805524][ T5104] Bluetooth: hci2: unexpected cc 0x2027 length: 5 > 1
[  124.140149][ T6323] syzkaller0: entered promiscuous mode
[  124.148306][ T6323] syzkaller0: entered allmulticast mode
[  124.337431][ T6325] loop0: detected capacity change from 0 to 128
[  124.360464][ T6325] FAT-fs (loop0): Unrecognized mount option "ÿÿ" or missing value
[  124.440268][ T6325] 8021q: adding VLAN 0 to HW filter on device ipvlan2
[  124.450842][ T6329] syzkaller0: entered promiscuous mode
[  124.458607][ T6329] syzkaller0: entered allmulticast mode
[  124.850503][ T6327] loop2: detected capacity change from 0 to 40427
[  124.859721][ T6327] F2FS-fs (loop2): Small segment_count (9 < 1 * 24)
[  124.873616][ T6327] F2FS-fs (loop2): Can't find valid F2FS filesystem in 1th superblock
[  124.889830][ T6327] F2FS-fs (loop2): Found nat_bits in checkpoint
[  124.951876][ T6327] F2FS-fs (loop2): Try to recover 1th superblock, ret: 0
[  124.963110][ T6327] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e5
[  125.027374][ T6327] syz.2.127: attempt to access beyond end of device
[  125.027374][ T6327] loop2: rw=0, sector=79872, nr_sectors = 8 limit=40427
[  125.056343][ T6327] syz.2.127: attempt to access beyond end of device
[  125.056343][ T6327] loop2: rw=524288, sector=77824, nr_sectors = 8 limit=40427
[  125.079756][ T6327] syz.2.127: attempt to access beyond end of device
[  125.079756][ T6327] loop2: rw=524288, sector=77832, nr_sectors = 8 limit=40427
[  125.100203][ T6327] syz.2.127: attempt to access beyond end of device
[  125.100203][ T6327] loop2: rw=524288, sector=77840, nr_sectors = 8 limit=40427
[  125.122246][ T6327] syz.2.127: attempt to access beyond end of device
[  125.122246][ T6327] loop2: rw=524288, sector=77848, nr_sectors = 8 limit=40427
[  125.142228][ T6327] syz.2.127: attempt to access beyond end of device
[  125.142228][ T6327] loop2: rw=524288, sector=77856, nr_sectors = 8 limit=40427
[  125.158558][ T6327] syz.2.127: attempt to access beyond end of device
[  125.158558][ T6327] loop2: rw=524288, sector=77864, nr_sectors = 8 limit=40427
[  125.180392][ T6327] syz.2.127: attempt to access beyond end of device
[  125.180392][ T6327] loop2: rw=524288, sector=77872, nr_sectors = 8 limit=40427
[  125.202699][ T6327] syz.2.127: attempt to access beyond end of device
[  125.202699][ T6327] loop2: rw=524288, sector=77880, nr_sectors = 8 limit=40427
[  125.228796][ T6327] syz.2.127: attempt to access beyond end of device
[  125.228796][ T6327] loop2: rw=524288, sector=77888, nr_sectors = 8 limit=40427
[  125.309391][ T5798] F2FS-fs (loop2): Stopped filesystem due to reason: 3
[  125.317648][ T5798] F2FS-fs (loop2): Stopped filesystem due to reason: 3
[  126.148133][ T6352] loop0: detected capacity change from 0 to 128
[  126.165358][ T6352] EXT4-fs (loop0): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none.
[  126.182692][ T6352] ext4 filesystem being mounted at /29/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa supports timestamps until 2038-01-19 (0x7fffffff)
[  126.257327][ T6352] EXT4-fs error (device loop0): dx_make_map:1328: inode #2: block 20: comm syz.0.137: bad entry in directory: inode out of bounds - offset=988, inode=128, rec_len=36, size=1024 fake=1
[  126.293868][ T6352] EXT4-fs error (device loop0) in do_split:2095: Corrupt filesystem
[  126.313500][ T6352] EXT4-fs error (device loop0): htree_dirblock_to_tree:1112: inode #2: block 20: comm syz.0.137: bad entry in directory: inode out of bounds - offset=2012, inode=128, rec_len=36, size=1024 fake=1
[  126.420806][ T5789] EXT4-fs (loop0): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09.
[  128.312142][ T6395] loop3: detected capacity change from 0 to 8192
[  128.497977][ T6403] FAT-fs (loop3): error, clusters badly computed (2 != 1)
[  128.505852][ T6403] FAT-fs (loop3): Filesystem has been set read-only
[  128.758732][ T6408] syzkaller0: entered promiscuous mode
[  128.764576][ T6408] syzkaller0: entered allmulticast mode
[  129.981915][ T6414] loop3: detected capacity change from 0 to 1024
[  130.461290][ T6422] overlayfs: statfs failed on './file0'
[  130.671042][ T6432] syzkaller0: entered promiscuous mode
[  130.676771][ T6432] syzkaller0: entered allmulticast mode
[  131.546528][ T6446] tun0: tun_chr_ioctl cmd 1074025678
[  131.598525][ T6446] tun0: group set to 0
[  132.219106][ T6461] loop3: detected capacity change from 0 to 512
[  132.330935][ T6461] EXT4-fs error (device loop3): ext4_free_branches:1030: inode #13: comm syz.3.174: invalid indirect mapped block 1024 (level 0)
[  132.362613][ T6463] loop0: detected capacity change from 0 to 8192
[  132.364338][ T6461] EXT4-fs error (device loop3): ext4_validate_block_bitmap:439: comm syz.3.174: bg 0: block 35: padding at end of block bitmap is not set
[  132.481167][ T6461] EXT4-fs error (device loop3) in ext4_mb_clear_bb:6637: Corrupt filesystem
[  132.538765][ T6461] EXT4-fs (loop3): 1 truncate cleaned up
[  132.607052][ T6463] REISERFS warning:  read_super_block: reiserfs filesystem is deprecated and scheduled to be removed from the kernel in 2025
[  132.656076][ T6461] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  132.774904][ T6463] REISERFS (device loop0): found reiserfs format "3.6" with non-standard journal
[  132.950754][ T6463] REISERFS (device loop0): using journaled data mode
[  132.967191][ T6461] netlink: 124 bytes leftover after parsing attributes in process `syz.3.174'.
[  132.981520][ T6463] reiserfs: using flush barriers
[  133.030735][ T6463] REISERFS (device loop0): journal params: device loop0, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30
[  133.079979][ T6463] REISERFS (device loop0): checking transaction log (loop0)
[  133.100121][ T5794] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  133.121028][ T1292] ieee802154 phy0 wpan0: encryption failed: -22
[  133.128745][ T1292] ieee802154 phy1 wpan1: encryption failed: -22
[  133.165891][ T6463] REISERFS (device loop0): Using r5 hash to sort names
[  133.191396][ T6463] REISERFS warning (device loop0): vs-13060 reiserfs_update_sd_size: stat data of object [1 2 0x0 SD] (nlink == 1) not found (pos 2)
[  133.221904][ T6463] REISERFS (device loop0): Created .reiserfs_priv - reserved for xattr storage.
[  133.236819][ T6475] netlink: 'syz.2.178': attribute type 10 has an invalid length.
[  133.257324][ T6475] bridge0: port 2(bridge_slave_1) entered disabled state
[  133.283710][ T6475] bridge_slave_1: left allmulticast mode
[  133.289827][ T6475] bridge_slave_1: left promiscuous mode
[  133.296681][ T6475] bridge0: port 2(bridge_slave_1) entered disabled state
[  133.306763][ T6463] process 'syz.0.175' launched './file2' with NULL argv: empty string added
[  133.315056][ T6475] bond0: (slave bridge_slave_1): Enslaving as an active interface with an up link
[  133.452154][ T6479] syzkaller0: entered promiscuous mode
[  133.457966][ T6479] syzkaller0: entered allmulticast mode
[  135.553419][ T5880] usb 4-1: new high-speed USB device number 3 using dummy_hcd
[  135.745839][ T5880] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  135.777916][ T5880] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  135.808886][ T5880] usb 4-1: New USB device found, idVendor=1e7d, idProduct=2cf6, bcdDevice= 0.00
[  135.850567][ T5880] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  135.878194][ T5880] usb 4-1: config 0 descriptor??
[  136.421732][ T5880] usbhid 4-1:0.0: can't add hid device: -71
[  136.436066][ T5880] usbhid: probe of 4-1:0.0 failed with error -71
[  136.454146][ T5880] usb 4-1: USB disconnect, device number 3
[  138.664712][ T6525] binder_alloc: 6524: pid 6524 spamming oneway? 1 buffers allocated for a total size of 4096
[  138.803545][ T6529] kvm: requested 4190 ns i8254 timer period limited to 200000 ns
[  138.860208][ T5104] Bluetooth: hci3: unexpected cc 0x2027 length: 5 > 1
[  138.933558][   T27] usb 4-1: new full-speed USB device number 4 using dummy_hcd
[  139.163846][   T27] usb 4-1: not running at top speed; connect to a high speed hub
[  139.189459][   T27] usb 4-1: config 9 has an invalid interface number: 139 but max is 0
[  139.203400][   T27] usb 4-1: config 9 has no interface number 0
[  139.211344][   T27] usb 4-1: config 9 interface 139 has no altsetting 0
[  139.228316][   T27] usb 4-1: New USB device found, idVendor=12d1, idProduct=5437, bcdDevice=7b.f0
[  139.243416][   T27] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  139.260997][   T27] usb 4-1: Product: syz
[  139.265505][   T27] usb 4-1: Manufacturer: syz
[  139.275643][   T27] usb 4-1: SerialNumber: syz
[  139.614939][ T6527] UDPLite: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list
[  139.694217][ T6527] netlink: 4 bytes leftover after parsing attributes in process `syz.3.193'.
[  140.786288][   T27] qmi_wwan: probe of 4-1:9.139 failed with error -22
[  140.798474][   T27] usb 4-1: USB disconnect, device number 4
[  141.037230][ T6558] bridge0: port 1(vxlan0) entered blocking state
[  141.053872][ T6558] bridge0: port 1(vxlan0) entered disabled state
[  141.060488][ T6558] vxlan0: entered allmulticast mode
[  141.075261][ T6558] vxlan0: entered promiscuous mode
[  141.109731][ T6537] loop0: detected capacity change from 0 to 40427
[  141.146366][ T6537] F2FS-fs (loop0): Insane cp_payload (553648128 >= 504)
[  141.185840][ T6537] F2FS-fs (loop0): Can't find valid F2FS filesystem in 1th superblock
[  141.416253][ T6537] F2FS-fs (loop0): build fault injection attr: rate: 17008, type: 0x7ffff
[  141.437969][ T6537] F2FS-fs (loop0): build fault injection attr: rate: 0, type: 0x1f8
[  141.569004][ T6537] F2FS-fs (loop0): invalid crc value
[  141.798790][ T6537] F2FS-fs (loop0): Found nat_bits in checkpoint
[  141.933117][ T6569] kvm: requested 4190 ns i8254 timer period limited to 200000 ns
[  141.996012][ T5104] Bluetooth: hci1: unexpected cc 0x2027 length: 5 > 1
[  142.251572][ T6572] loop2: detected capacity change from 0 to 40427
[  142.262303][ T6572] F2FS-fs (loop2): invalid crc value
[  142.276972][ T6572] F2FS-fs (loop2): Found nat_bits in checkpoint
[  142.331943][ T6572] F2FS-fs (loop2): Start checkpoint disabled!
[  142.346261][ T6572] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e6
[  142.381999][ T6580] loop3: detected capacity change from 0 to 2048
[  142.428466][ T6580] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000)
[  143.216692][ T1085] bio_check_eod: 506 callbacks suppressed
[  143.216710][ T1085] kworker/u4:6: attempt to access beyond end of device
[  143.216710][ T1085] loop2: rw=2049, sector=40960, nr_sectors = 16 limit=40427
[  143.607084][ T1085] F2FS-fs (loop2): Stopped filesystem due to reason: 3
[  143.719913][ T1085] F2FS-fs (loop2): Stopped filesystem due to reason: 3
[  144.316925][ T6593] overlayfs: statfs failed on './file0'
[  144.382489][ T6575] loop1: detected capacity change from 0 to 40427
[  144.404394][ T6575] F2FS-fs (loop1): Small segment_count (9 < 1 * 24)
[  144.423573][ T6575] F2FS-fs (loop1): Can't find valid F2FS filesystem in 1th superblock
[  144.472982][ T6575] F2FS-fs (loop1): Found nat_bits in checkpoint
[  144.603594][ T6575] F2FS-fs (loop1): Try to recover 1th superblock, ret: 0
[  144.631452][ T6575] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e5
[  144.779762][ T6575] syz.1.209: attempt to access beyond end of device
[  144.779762][ T6575] loop1: rw=0, sector=79872, nr_sectors = 8 limit=40427
[  144.829983][ T6575] syz.1.209: attempt to access beyond end of device
[  144.829983][ T6575] loop1: rw=524288, sector=77824, nr_sectors = 8 limit=40427
[  144.873495][ T6575] syz.1.209: attempt to access beyond end of device
[  144.873495][ T6575] loop1: rw=524288, sector=77832, nr_sectors = 8 limit=40427
[  144.904901][ T6575] syz.1.209: attempt to access beyond end of device
[  144.904901][ T6575] loop1: rw=524288, sector=77840, nr_sectors = 8 limit=40427
[  144.933758][ T6575] syz.1.209: attempt to access beyond end of device
[  144.933758][ T6575] loop1: rw=524288, sector=77848, nr_sectors = 8 limit=40427
[  144.970785][ T6613] UDPLite6: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list
[  145.003538][ T6575] syz.1.209: attempt to access beyond end of device
[  145.003538][ T6575] loop1: rw=524288, sector=77856, nr_sectors = 8 limit=40427
[  145.043540][ T6575] syz.1.209: attempt to access beyond end of device
[  145.043540][ T6575] loop1: rw=524288, sector=77864, nr_sectors = 8 limit=40427
[  145.095429][ T6575] syz.1.209: attempt to access beyond end of device
[  145.095429][ T6575] loop1: rw=524288, sector=77872, nr_sectors = 8 limit=40427
[  145.129380][ T6612] loop0: detected capacity change from 0 to 8192
[  145.135919][ T6575] syz.1.209: attempt to access beyond end of device
[  145.135919][ T6575] loop1: rw=524288, sector=77880, nr_sectors = 8 limit=40427
[  145.265010][ T5793] F2FS-fs (loop1): Stopped filesystem due to reason: 3
[  145.296531][ T5793] F2FS-fs (loop1): Stopped filesystem due to reason: 3
[  145.454327][ T6618] FAT-fs (loop0): error, clusters badly computed (2 != 1)
[  145.505983][ T6618] FAT-fs (loop0): Filesystem has been set read-only
[  145.555968][ T6618] FAT-fs (loop0): error, invalid access to FAT (entry 0x00000cdf)
[  145.605988][ T6621] team0: Port device bond0 removed
[  145.724113][ T6622] team0: Mode changed to "random"
[  146.961624][ T6635] loop2: detected capacity change from 0 to 8192
[  146.992284][ T6635] REISERFS warning:  read_super_block: reiserfs filesystem is deprecated and scheduled to be removed from the kernel in 2025
[  147.023368][ T6635] REISERFS (device loop2): found reiserfs format "3.6" with non-standard journal
[  147.044779][ T6635] REISERFS (device loop2): using ordered data mode
[  147.051799][ T6635] reiserfs: using flush barriers
[  147.206854][ T6635] REISERFS (device loop2): journal params: device loop2, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30
[  147.270287][ T6635] REISERFS (device loop2): checking transaction log (loop2)
[  148.255781][ T6635] REISERFS (device loop2): Using tea hash to sort names
[  148.281033][ T6635] REISERFS warning (device loop2): vs-13060 reiserfs_update_sd_size: stat data of object [1 2 0x0 SD] (nlink == 4) not found (pos 2)
[  148.318266][ T6635] REISERFS (device loop2): Created .reiserfs_priv - reserved for xattr storage.
[  149.115068][ T6661] bridge_slave_0: left allmulticast mode
[  149.136729][ T6661] bridge_slave_0: left promiscuous mode
[  149.142604][ T6661] bridge0: port 1(bridge_slave_0) entered disabled state
[  149.214013][ T6661] bond0: (slave bridge_slave_1): Releasing backup interface
[  149.255884][ T6661] bond0: (slave bond_slave_0): Releasing backup interface
[  149.345873][ T6661] bond0: (slave bond_slave_1): Releasing backup interface
[  149.431423][ T6661] team0: Port device team_slave_0 removed
[  149.516418][ T6661] team0: Port device team_slave_1 removed
[  149.563301][ T6661] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  149.570778][ T6661] batman_adv: batadv0: Removing interface: batadv_slave_0
[  149.707893][ T6661] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  149.726090][ T6661] batman_adv: batadv0: Removing interface: batadv_slave_1
[  149.774337][ T6662] team0: Mode changed to "random"
[  152.466281][ T6700] netlink: 4 bytes leftover after parsing attributes in process `syz.2.250'.
[  152.490077][ T6700] netlink: 24 bytes leftover after parsing attributes in process `syz.2.250'.
[  152.585006][ T6696] loop1: detected capacity change from 0 to 8192
[  152.606293][ T6696] REISERFS warning:  read_super_block: reiserfs filesystem is deprecated and scheduled to be removed from the kernel in 2025
[  152.658928][ T6696] REISERFS (device loop1): found reiserfs format "3.6" with non-standard journal
[  152.693912][ T6706] loop2: detected capacity change from 0 to 1024
[  152.698946][ T6696] REISERFS (device loop1): using journaled data mode
[  152.726939][ T6696] reiserfs: using flush barriers
[  152.767289][ T6696] REISERFS (device loop1): journal params: device loop1, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30
[  152.784219][ T6696] REISERFS (device loop1): checking transaction log (loop1)
[  152.794348][ T6696] REISERFS (device loop1): Using r5 hash to sort names
[  152.801438][ T6706] hfsplus: xattr searching failed
[  152.810532][ T6696] REISERFS warning (device loop1): vs-13060 reiserfs_update_sd_size: stat data of object [1 2 0x0 SD] (nlink == 1) not found (pos 2)
[  152.826358][ T6696] REISERFS (device loop1): Created .reiserfs_priv - reserved for xattr storage.
[  152.830781][ T6706] hfsplus: xattr searching failed
[  152.847921][ T6706] hfsplus: xattr searching failed
[  153.031059][ T6713] netlink: 'syz.3.256': attribute type 1 has an invalid length.
[  153.102116][ T6713] bond1: (slave bridge0): making interface the new active one
[  153.112857][ T6713] bond1: (slave bridge0): Enslaving as an active interface with an up link
[  153.148140][ T6713] macvlan2: entered promiscuous mode
[  153.153860][ T6713] macvlan2: entered allmulticast mode
[  153.160459][ T6713] bond1: entered promiscuous mode
[  153.165759][ T6713] bridge0: entered promiscuous mode
[  153.171907][ T6713] 8021q: adding VLAN 0 to HW filter on device macvlan2
[  153.181439][ T6713] bond1: (slave macvlan2): the slave hw address is in use by the bond; couldn't find a slave with a free hw address to give it (this should not have happened)
[  153.204313][ T6713] bond1: left promiscuous mode
[  153.209319][ T6713] bridge0: left promiscuous mode
[  153.573421][ T5781] usb 3-1: new high-speed USB device number 5 using dummy_hcd
[  153.803633][ T5781] usb 3-1: Using ep0 maxpacket: 32
[  153.817827][ T5781] usb 3-1: config 0 has an invalid interface number: 12 but max is 0
[  153.833556][ T5781] usb 3-1: config 0 has no interface number 0
[  153.845399][ T5781] usb 3-1: config 0 interface 12 has no altsetting 0
[  153.864840][ T5781] usb 3-1: New USB device found, idVendor=2c42, idProduct=1202, bcdDevice=85.40
[  153.882378][ T5781] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  153.911490][ T5781] usb 3-1: Product: syz
[  153.922884][ T5781] usb 3-1: Manufacturer: syz
[  153.938207][ T5781] usb 3-1: SerialNumber: syz
[  153.956904][ T5781] usb 3-1: config 0 descriptor??
[  153.970063][ T5781] f81534 3-1:0.12: required endpoints missing
[  154.387996][ T6738] 9pnet_fd: Insufficient options for proto=fd
[  155.839980][ T6746] fuse: Bad value for 'fd'
[  155.907058][ T5800] Bluetooth: hci1: command 0x0406 tx timeout
[  156.150365][ T6753] loop0: detected capacity change from 0 to 2048
[  156.173030][ T6753] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000)
[  156.830458][ T5781] usb 3-1: USB disconnect, device number 5
[  159.222838][ T6767] netlink: 20 bytes leftover after parsing attributes in process `syz.3.274'.
[  159.466141][ T6798] netlink: 60 bytes leftover after parsing attributes in process `syz.2.292'.
[  159.477876][ T6798] unsupported nlmsg_type 40
[  160.859979][    C1] vxcan0: j1939_tp_rxtimer: 0xffff88805f1f2800: rx timeout, send abort
[  161.369940][    C1] vxcan0: j1939_tp_rxtimer: 0xffff88805f1f2800: abort rx timeout. Force session deactivation
[  162.160656][ T6838] 9pnet_virtio: no channels available for device syz
[  163.306744][ T6850] SET target dimension over the limit!
[  164.085579][ T6851] loop2: detected capacity change from 0 to 4096
[  164.092922][ T6851] EXT4-fs: Ignoring removed nomblk_io_submit option
[  164.139925][ T6851] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  164.463845][ T5798] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  165.180429][ T6870] netlink: 28 bytes leftover after parsing attributes in process `syz.3.309'.
[  165.210211][ T6870] netlink: 28 bytes leftover after parsing attributes in process `syz.3.309'.
[  165.308245][ T6876] binder_alloc: 6875: binder_alloc_buf size 1024 failed, no address space
[  165.362683][ T6876] binder_alloc: allocated: 12288 (num: 2 largest: 12280), free: 0 (num: 0 largest: 0)
[  168.186577][ T6904] loop1: detected capacity change from 0 to 256
[  168.283152][ T6904] exfat: Deprecated parameter 'namecase'
[  168.289329][ T6904] exfat: Deprecated parameter 'namecase'
[  168.332237][ T6904] exFAT-fs (loop1): failed to load upcase table (idx : 0x00010000, chksum : 0x36dfe6b4, utbl_chksum : 0xe619d30d)
[  170.419548][ T6880] Set syz1 is full, maxelem 65536 reached
[  172.127329][ T6950] mmap: syz.2.331 (6950) uses deprecated remap_file_pages() syscall. See Documentation/mm/remap_file_pages.rst.
[  172.391415][ T6952] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  172.451200][    T8] wlan1: authenticate with 08:02:11:00:00:00
[  172.473329][ T5781] usb 2-1: new high-speed USB device number 4 using dummy_hcd
[  172.478218][    T8] wlan1: send auth to 08:02:11:00:00:00 (try 1/3)
[  172.544303][   T12] wlan1: send auth to 08:02:11:00:00:00 (try 2/3)
[  172.568221][   T12] wlan1: send auth to 08:02:11:00:00:00 (try 3/3)
[  172.577389][   T12] wlan1: authentication with 08:02:11:00:00:00 timed out
[  172.703521][ T5781] usb 2-1: Using ep0 maxpacket: 32
[  172.734976][ T5781] usb 2-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 8
[  172.765671][ T5781] usb 2-1: New USB device found, idVendor=056e, idProduct=00fe, bcdDevice= 0.00
[  172.783310][ T5781] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  172.808837][ T5781] usb 2-1: config 0 descriptor??
[  172.881745][ T6957] netlink: 'syz.3.338': attribute type 4 has an invalid length.
[  173.287217][ T5781] usbhid 2-1:0.0: can't add hid device: -71
[  173.323429][ T5781] usbhid: probe of 2-1:0.0 failed with error -71
[  173.347293][ T5781] usb 2-1: USB disconnect, device number 4
[  174.982211][ T6982] veth0_to_team: entered promiscuous mode
[  174.988799][ T6982] veth0_to_team: entered allmulticast mode
[  175.302265][ T6996] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE
[  175.310210][ T6996] IPv6: NLM_F_CREATE should be set when creating new route
[  175.543587][ T6996] lo: entered allmulticast mode
[  176.276740][ T6996] tunl0: entered allmulticast mode
[  176.355101][ T6996] gre0: entered allmulticast mode
[  176.521592][ T6996] gretap0: entered allmulticast mode
[  176.592392][ T6996] erspan0: entered allmulticast mode
[  176.645139][ T6996] ip_vti0: entered allmulticast mode
[  176.837462][ T6996] ip6_vti0: entered allmulticast mode
[  176.914336][ T6996] sit0: entered allmulticast mode
[  176.990640][ T6996] ip6tnl0: entered allmulticast mode
[  177.222997][ T6996] ip6gre0: entered allmulticast mode
[  177.425411][ T6996] ip6gretap0: entered allmulticast mode
[  177.500480][ T6996] vcan0: entered allmulticast mode
[  177.514921][ T6996] bond0: entered allmulticast mode
[  177.549377][ T6996] team0: entered allmulticast mode
[  177.638037][ T6996] dummy0: entered allmulticast mode
[  177.707255][ T6996] nlmon0: entered allmulticast mode
[  177.717028][ T6996] caif0: entered allmulticast mode
[  177.751860][ T6996] batadv0: entered allmulticast mode
[  177.816396][ T6996] vxcan0: entered allmulticast mode
[  177.846126][ T6996] vxcan1: entered allmulticast mode
[  177.877902][ T6996] veth0: entered allmulticast mode
[  177.992140][ T6996] veth1: entered allmulticast mode
[  178.101458][ T6996] wg0: entered allmulticast mode
[  178.171589][ T6996] wg1: entered allmulticast mode
[  178.247717][ T6996] wg2: entered allmulticast mode
[  178.325816][ T6996] veth0_to_bridge: entered allmulticast mode
[  178.461460][ T6996] bridge_slave_0: entered allmulticast mode
[  178.536823][ T6996] veth1_to_bridge: entered allmulticast mode
[  178.620170][ T6996] bridge_slave_1: entered allmulticast mode
[  178.687472][ T6996] veth0_to_bond: entered allmulticast mode
[  178.707194][ T6996] bond_slave_0: entered allmulticast mode
[  178.744079][ T6996] veth1_to_bond: entered allmulticast mode
[  178.756198][ T6996] bond_slave_1: entered allmulticast mode
[  178.804831][ T6996] veth0_to_team: entered allmulticast mode
[  178.828021][ T6996] team_slave_0: entered allmulticast mode
[  178.858979][ T6996] veth1_to_team: entered allmulticast mode
[  178.879043][ T6996] team_slave_1: entered allmulticast mode
[  178.897609][ T6996] veth0_to_batadv: entered allmulticast mode
[  178.917784][ T6996] batadv_slave_0: entered allmulticast mode
[  179.014631][ T6996] veth1_to_batadv: entered allmulticast mode
[  179.090155][ T6996] batadv_slave_1: entered allmulticast mode
[  179.148794][ T6996] xfrm0: entered allmulticast mode
[  179.206180][ T6996] veth0_to_hsr: entered allmulticast mode
[  179.236662][ T6996] hsr_slave_0: entered allmulticast mode
[  179.260320][ T6996] veth1_to_hsr: entered allmulticast mode
[  179.287258][ T6996] hsr_slave_1: entered allmulticast mode
[  179.317751][ T6996] hsr0: entered allmulticast mode
[  179.336745][ T6996] veth1_virt_wifi: entered allmulticast mode
[  179.350249][ T6996] veth0_virt_wifi: entered allmulticast mode
[  179.360962][ T6996] net veth1_virt_wifi virt_wifi0: entered allmulticast mode
[  179.425570][ T6996] veth1_vlan: entered allmulticast mode
[  179.489292][ T6996] veth0_vlan: entered allmulticast mode
[  179.556907][ T6996] vlan0: entered allmulticast mode
[  179.566994][ T6996] vlan1: entered allmulticast mode
[  179.575560][ T6996] macvlan0: entered allmulticast mode
[  179.597792][ T6996] macvlan1: entered allmulticast mode
[  179.616788][ T6996] ipvlan0: entered allmulticast mode
[  179.622648][ T6996] ipvlan1: entered allmulticast mode
[  179.684544][ T6996] veth1_macvtap: entered allmulticast mode
[  179.707720][ T6996] veth0_macvtap: entered allmulticast mode
[  179.735845][ T6996] macvtap0: entered allmulticast mode
[  179.796007][ T6996] macsec0: entered allmulticast mode
[  179.973717][ T6996] geneve0: entered allmulticast mode
[  180.024809][ T6996] netdevsim netdevsim3 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0
[  180.043642][ T6996] netdevsim netdevsim3 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0
[  180.054576][ T6996] netdevsim netdevsim3 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0
[  180.063988][ T6996] netdevsim netdevsim3 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0
[  180.073674][ T6996] geneve1: entered allmulticast mode
[  180.121993][ T6996] netdevsim netdevsim3 netdevsim0: entered allmulticast mode
[  180.148537][ T6996] netdevsim netdevsim3 netdevsim1: entered allmulticast mode
[  180.180803][ T6996] netdevsim netdevsim3 netdevsim2: entered allmulticast mode
[  180.225322][ T6996] netdevsim netdevsim3 netdevsim3: entered allmulticast mode
[  180.262739][ T6996] mac80211_hwsim hwsim2 wlan0: entered allmulticast mode
[  180.281345][ T6996] mac80211_hwsim hwsim4 wlan1: entered allmulticast mode
[  180.290473][ T6996] bond1: entered allmulticast mode
[  180.301150][ T6996] bridge0: entered allmulticast mode
[  180.311371][ T6996] batadv1: entered allmulticast mode
[  181.736145][   T28] audit: type=1326 audit(1760997956.794:6): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7063 comm="syz.3.365" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f1a0f78efc9 code=0x0
[  181.945571][ T7061] netlink: 12 bytes leftover after parsing attributes in process `syz.1.360'.
[  182.386253][ T7046] usb 3-1: new high-speed USB device number 6 using dummy_hcd
[  183.298847][ T7046] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  183.333339][ T7046] usb 3-1: config 0 has no interfaces?
[  183.372306][ T7046] usb 3-1: New USB device found, idVendor=07fd, idProduct=0004, bcdDevice=26.50
[  183.418800][ T7046] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  183.448955][ T7046] usb 3-1: Product: syz
[  183.459009][ T7046] usb 3-1: Manufacturer: syz
[  183.473510][ T7046] usb 3-1: SerialNumber: syz
[  183.489621][ T7046] usb 3-1: config 0 descriptor??
[  183.886891][ T7069] loop2: detected capacity change from 0 to 512
[  184.061786][ T7069] EXT4-fs: Warning: mounting with data=journal disables delayed allocation, dioread_nolock, O_DIRECT and fast_commit support!
[  184.267569][ T7069] EXT4-fs (loop2): encrypted files will use data=ordered instead of data journaling mode
[  184.502412][ T7069] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=a002c119, mo2=0002]
[  184.553702][ T7069] System zones: 1-12
[  184.585495][ T7069] EXT4-fs (loop2): 1 truncate cleaned up
[  184.592481][ T7069] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  184.767969][    T8] usb 3-1: USB disconnect, device number 6
[  185.663018][ T5798] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  186.083404][   T27] usb 3-1: new high-speed USB device number 7 using dummy_hcd
[  186.293962][   T27] usb 3-1: Using ep0 maxpacket: 32
[  186.338559][   T27] usb 3-1: New USB device found, idVendor=0ac8, idProduct=0321, bcdDevice=6f.be
[  186.352127][   T27] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  186.392190][   T27] usb 3-1: config 0 descriptor??
[  186.408599][   T27] gspca_main: vc032x-2.14.0 probing 0ac8:0321
[  187.244261][ T7124] loop1: detected capacity change from 0 to 256
[  187.778175][ T7129] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  187.998972][ T7129] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  188.121723][ T7129] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  188.256603][ T7129] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  188.449494][ T7129] netdevsim netdevsim0 eth0: set [1, 0] type 2 family 0 port 6081 - 0
[  188.511335][ T7129] netdevsim netdevsim0 eth1: set [1, 0] type 2 family 0 port 6081 - 0
[  188.558245][ T7129] netdevsim netdevsim0 eth2: set [1, 0] type 2 family 0 port 6081 - 0
[  188.591059][ T7129] netdevsim netdevsim0 eth3: set [1, 0] type 2 family 0 port 6081 - 0
[  189.125958][   T27] gspca_vc032x: reg_r err -71
[  189.141307][   T27] gspca_vc032x: I2c Bus Busy Wait 00
[  189.171345][   T27] gspca_vc032x: I2c Bus Busy Wait 00
[  189.176849][   T27] gspca_vc032x: I2c Bus Busy Wait 00
[  189.182174][   T27] gspca_vc032x: I2c Bus Busy Wait 00
[  189.208249][   T27] gspca_vc032x: I2c Bus Busy Wait 00
[  189.223327][   T27] gspca_vc032x: I2c Bus Busy Wait 00
[  189.241402][   T27] gspca_vc032x: I2c Bus Busy Wait 00
[  189.253856][   T27] gspca_vc032x: I2c Bus Busy Wait 00
[  189.259226][   T27] gspca_vc032x: I2c Bus Busy Wait 00
[  189.294502][   T27] gspca_vc032x: I2c Bus Busy Wait 00
[  189.299866][   T27] gspca_vc032x: I2c Bus Busy Wait 00
[  189.312246][   T27] gspca_vc032x: I2c Bus Busy Wait 00
[  189.331631][   T27] gspca_vc032x: I2c Bus Busy Wait 00
[  189.337208][   T27] gspca_vc032x: I2c Bus Busy Wait 00
[  189.342825][   T27] gspca_vc032x: I2c Bus Busy Wait 00
[  189.348398][   T27] gspca_vc032x: I2c Bus Busy Wait 00
[  189.363384][   T27] gspca_vc032x: I2c Bus Busy Wait 00
[  189.369834][   T27] gspca_vc032x: Unknown sensor...
[  189.392198][   T27] vc032x: probe of 3-1:0.0 failed with error -22
[  189.420195][   T27] usb 3-1: USB disconnect, device number 7
[  190.081536][ T7162] loop2: detected capacity change from 0 to 64
[  194.633875][ T1292] ieee802154 phy0 wpan0: encryption failed: -22
[  194.640244][ T1292] ieee802154 phy1 wpan1: encryption failed: -22
[  196.229163][ T7217] tipc: Started in network mode
[  196.235691][ T7217] tipc: Node identity 4230754ddca9, cluster identity 4711
[  196.247704][ T7217] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  196.266293][ T7217] syzkaller0: entered promiscuous mode
[  196.274853][ T7217] syzkaller0: entered allmulticast mode
[  196.312066][ T7217] tipc: Resetting bearer <eth:syzkaller0>
[  196.350283][ T7216] tipc: Resetting bearer <eth:syzkaller0>
[  196.393282][ T7216] tipc: Disabling bearer <eth:syzkaller0>
[  197.912461][ T7230] xt_CHECKSUM: CHECKSUM should be avoided.  If really needed, restrict with "-p udp" and only use in OUTPUT
[  197.936193][ T7230] x_tables: ip_tables: rpfilter match: used from hooks FORWARD, but only valid from PREROUTING
[  203.428535][ T7261] sched: RT throttling activated
[  203.841930][ T7275] netlink: 36 bytes leftover after parsing attributes in process `syz.0.430'.
[  203.860015][ T7275] overlayfs: failed to clone upperpath
[  205.971724][   T28] audit: type=1326 audit(1760997980.874:7): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7290 comm="syz.2.435" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9eff58efc9 code=0x7ffc0000
[  206.000397][   T28] audit: type=1326 audit(1760997980.874:8): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7290 comm="syz.2.435" exe="/root/syz-executor" sig=0 arch=c000003e syscall=13 compat=0 ip=0x7f9eff58efc9 code=0x7ffc0000
[  206.710532][   T28] audit: type=1326 audit(1760997980.874:9): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7290 comm="syz.2.435" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9eff58efc9 code=0x7ffc0000
[  206.744128][   T28] audit: type=1326 audit(1760997980.874:10): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7290 comm="syz.2.435" exe="/root/syz-executor" sig=0 arch=c000003e syscall=7 compat=0 ip=0x7f9eff58efc9 code=0x7ffc0000
[  206.782873][   T28] audit: type=1326 audit(1760997980.894:11): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7290 comm="syz.2.435" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9eff58efc9 code=0x7ffc0000
[  206.810881][   T28] audit: type=1326 audit(1760997980.894:12): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7290 comm="syz.2.435" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9eff58efc9 code=0x7ffc0000
[  206.860504][   T28] audit: type=1326 audit(1760997980.894:13): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7290 comm="syz.2.435" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7f9eff58efc9 code=0x7ffc0000
[  206.951817][   T28] audit: type=1326 audit(1760997980.894:14): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7290 comm="syz.2.435" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9eff58efc9 code=0x7ffc0000
[  207.074255][   T28] audit: type=1326 audit(1760997980.894:15): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7290 comm="syz.2.435" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9eff58efc9 code=0x7ffc0000
[  207.136942][   T28] audit: type=1326 audit(1760997980.894:16): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7290 comm="syz.2.435" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7f9eff58efc9 code=0x7ffc0000
[  207.203433][ T7314] netlink: 4 bytes leftover after parsing attributes in process `syz.3.442'.
[  210.400379][ T7346] overlayfs: statfs failed on './file0'
[  211.989014][ T5805] Bluetooth: hci2: command 0x0406 tx timeout
[  211.995923][ T5805] Bluetooth: hci0: command 0x0406 tx timeout
[  212.002242][ T5805] Bluetooth: hci3: command 0x0406 tx timeout
[  212.826099][ T5104] Bluetooth: hci0: unexpected event for opcode 0x200d
[  213.205612][ T7364] IPVS: length: 111 != 24
[  214.214369][ T7375] 9pnet_fd: Insufficient options for proto=fd
[  216.662573][ T7396] overlayfs: failed to clone upperpath
[  216.865588][ T5104] Bluetooth: hci0: Controller not accepting commands anymore: ncmd = 0
[  216.875802][ T5104] Bluetooth: hci0: Injecting HCI hardware error event
[  216.885189][   T50] Bluetooth: hci0: hardware error 0x00
[  219.013785][   T50] Bluetooth: hci0: Opcode 0x0c03 failed: -110
[  219.794198][ T7418] loop1: detected capacity change from 0 to 128
[  219.853591][ T7418] UDF-fs: bad mount option "1844674407370955161518446744073709551615ÿÿ" or missing value
[  224.006658][ T7465] 8021q: adding VLAN 0 to HW filter on device bond2
[  224.059997][ T7467] 8021q: adding VLAN 0 to HW filter on device macvlan2
[  224.069872][ T7467] bond2: (slave macvlan2): Enslaving as a backup interface with a down link
[  224.567340][ T7473] netlink: 2028 bytes leftover after parsing attributes in process `syz.1.488'.
[  224.737442][ T7473] netlink: 24 bytes leftover after parsing attributes in process `syz.1.488'.
[  224.957391][ T7481] netlink: 8 bytes leftover after parsing attributes in process `syz.0.492'.
[  224.966549][ T7481] netlink: 4 bytes leftover after parsing attributes in process `syz.0.492'.
[  227.482463][ T7490] tipc: Enabling of bearer <eth:syzkaller0> rejected, failed to enable media
[  228.122516][ T5104] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1
[  228.139484][ T5104] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9
[  228.151175][ T5104] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9
[  228.162725][ T5104] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4
[  228.174555][ T5104] Bluetooth: hci4: unexpected cc 0x0c25 length: 249 > 3
[  228.181995][ T5104] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2
[  228.624974][ T7511] chnl_net:caif_netlink_parms(): no params data found
[  229.094082][   T28] kauditd_printk_skb: 13 callbacks suppressed
[  229.094118][   T28] audit: type=1326 audit(1760998004.144:30): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7515 comm="syz.3.501" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1a0f78efc9 code=0x7fc00000
[  229.389959][ T7511] bridge0: port 1(bridge_slave_0) entered blocking state
[  229.398262][ T7511] bridge0: port 1(bridge_slave_0) entered disabled state
[  229.406036][ T7511] bridge_slave_0: entered allmulticast mode
[  229.415714][   T28] audit: type=1326 audit(1760998004.474:31): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7531 comm="syz.3.503" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f1a0f78efc9 code=0x0
[  229.439396][ T7511] bridge_slave_0: entered promiscuous mode
[  229.459401][ T7511] bridge0: port 2(bridge_slave_1) entered blocking state
[  229.472441][ T7511] bridge0: port 2(bridge_slave_1) entered disabled state
[  229.480077][ T7511] bridge_slave_1: entered allmulticast mode
[  229.488106][ T7511] bridge_slave_1: entered promiscuous mode
[  229.538763][ T7511] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  229.552478][ T7511] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  229.607073][ T7511] team0: Port device team_slave_0 added
[  229.632347][ T7511] team0: Port device team_slave_1 added
[  229.672196][ T7511] batman_adv: batadv0: Adding interface: batadv_slave_0
[  229.682480][ T7511] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  229.710478][ T7511] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  229.723857][ T7511] batman_adv: batadv0: Adding interface: batadv_slave_1
[  229.730851][ T7511] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  229.757218][ T7511] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  229.817797][ T7511] hsr_slave_0: entered promiscuous mode
[  229.826058][ T7511] hsr_slave_1: entered promiscuous mode
[  229.832734][ T7511] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  229.840642][ T7511] Cannot create hsr debugfs directory
[  230.056103][ T7511] netdevsim netdevsim4 netdevsim0: renamed from eth0
[  230.066988][ T7511] netdevsim netdevsim4 netdevsim1: renamed from eth1
[  230.079367][ T7511] netdevsim netdevsim4 netdevsim2: renamed from eth2
[  230.094463][ T7511] netdevsim netdevsim4 netdevsim3: renamed from eth3
[  230.224626][   T50] Bluetooth: hci4: command tx timeout
[  230.245098][ T7511] 8021q: adding VLAN 0 to HW filter on device bond0
[  230.341233][ T7511] 8021q: adding VLAN 0 to HW filter on device team0
[  230.407735][ T1140] bridge0: port 1(bridge_slave_0) entered blocking state
[  230.415041][ T1140] bridge0: port 1(bridge_slave_0) entered forwarding state
[  230.455915][ T1140] bridge0: port 2(bridge_slave_1) entered blocking state
[  230.463181][ T1140] bridge0: port 2(bridge_slave_1) entered forwarding state
[  232.467941][   T50] Bluetooth: hci4: command tx timeout
[  232.891790][ T7562] Zero length message leads to an empty skb
[  233.016052][ T7511] 8021q: adding VLAN 0 to HW filter on device batadv0
[  235.311422][   T50] Bluetooth: hci4: command tx timeout
[  236.088175][ T7581] netlink: 12 bytes leftover after parsing attributes in process `syz.3.513'.
[  236.175090][ T7511] veth0_vlan: entered promiscuous mode
[  236.206389][ T7511] veth1_vlan: entered promiscuous mode
[  236.271507][ T7511] veth0_macvtap: entered promiscuous mode
[  236.299493][ T7511] veth1_macvtap: entered promiscuous mode
[  236.334467][ T7511] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  236.349079][ T7511] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  236.362700][ T7511] batman_adv: batadv0: Interface activated: batadv_slave_0
[  236.382560][ T7511] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  236.399840][ T7511] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  236.400399][ T7585] loop1: detected capacity change from 0 to 2048
[  236.415506][ T7511] batman_adv: batadv0: Interface activated: batadv_slave_1
[  236.541546][ T7511] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  236.593723][ T7585] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000)
[  236.633966][ T7511] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  236.688757][ T7511] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  236.731777][ T7511] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  237.357306][   T50] Bluetooth: hci4: command tx timeout
[  237.794535][ T1094] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  237.802630][ T1094] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  237.866384][   T34] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  237.875774][   T34] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  239.512540][ T7608] loop1: detected capacity change from 0 to 1024
[  239.993132][ T7608] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  240.219542][ T5793] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  242.035004][ T7640] loop4: detected capacity change from 0 to 256
[  242.764088][ T7644] UBIFS error (pid: 7644): cannot open "ubifs", error -22
[  243.322027][ T7652] xt_socket: unknown flags 0x4c
[  243.531378][ T7651] netlink: 4 bytes leftover after parsing attributes in process `syz.1.530'.
[  245.140601][ T7671] loop4: detected capacity change from 0 to 512
[  245.178769][ T5104] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1
[  245.198182][ T5104] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9
[  245.209812][ T5104] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9
[  245.220512][ T5800] Bluetooth: hci4: unknown advertising packet type: 0x6c
[  245.220619][ T5800] Bluetooth: hci4: unknown advertising packet type: 0x20
[  245.228648][ T5800] Bluetooth: hci4: unknown advertising packet type: 0x40
[  245.236521][ T5800] Bluetooth: hci4: unknown advertising packet type: 0x09
[  245.243839][ T5800] Bluetooth: hci4: Malformed LE Event: 0x02
[  245.267162][ T5800] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4
[  245.294780][ T5800] Bluetooth: hci5: unexpected cc 0x0c25 length: 249 > 3
[  245.302209][ T5800] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2
[  247.351768][ T5800] Bluetooth: hci5: command tx timeout
[  247.438632][ T7684] vxlan0: left allmulticast mode
[  247.467458][ T7684] vxlan0: left promiscuous mode
[  247.500419][ T7684] bridge0: port 1(vxlan0) entered disabled state
[  247.549520][ T7686] team0: Mode changed to "loadbalance"
[  247.607660][ T7672] chnl_net:caif_netlink_parms(): no params data found
[  248.970790][ T5800] Bluetooth: hci4: Controller not accepting commands anymore: ncmd = 0
[  248.983336][ T5800] Bluetooth: hci4: Injecting HCI hardware error event
[  248.994410][   T50] Bluetooth: hci4: hardware error 0x00
[  249.862248][ T7708] loop4: detected capacity change from 0 to 40427
[  250.212728][ T5800] Bluetooth: hci5: command tx timeout
[  250.213845][ T7708] F2FS-fs (loop4): invalid crc value
[  250.238399][ T7708] F2FS-fs (loop4): Found nat_bits in checkpoint
[  250.281727][ T7708] F2FS-fs (loop4): Start checkpoint disabled!
[  250.313828][ T7708] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e6
[  251.093661][   T50] Bluetooth: hci4: Opcode 0x0c03 failed: -110
[  251.335291][ T7672] bridge0: port 1(bridge_slave_0) entered blocking state
[  251.363150][ T7672] bridge0: port 1(bridge_slave_0) entered disabled state
[  251.371211][ T7672] bridge_slave_0: entered allmulticast mode
[  251.897344][ T7672] bridge_slave_0: entered promiscuous mode
[  251.931367][ T7672] bridge0: port 2(bridge_slave_1) entered blocking state
[  251.942455][ T7672] bridge0: port 2(bridge_slave_1) entered disabled state
[  251.959540][ T7672] bridge_slave_1: entered allmulticast mode
[  251.970618][ T7672] bridge_slave_1: entered promiscuous mode
[  251.982377][   T12] bio_check_eod: 507 callbacks suppressed
[  251.982392][   T12] kworker/u4:1: attempt to access beyond end of device
[  251.982392][   T12] loop4: rw=2049, sector=40960, nr_sectors = 16 limit=40427
[  252.008605][   T12] F2FS-fs (loop4): Stopped filesystem due to reason: 3
[  252.021626][   T12] F2FS-fs (loop4): Stopped filesystem due to reason: 3
[  252.110042][ T7672] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  252.143129][ T7672] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  252.191478][ T7724] netlink: 4 bytes leftover after parsing attributes in process `syz.1.548'.
[  252.223445][   T50] Bluetooth: hci5: command tx timeout
[  252.290163][ T7672] team0: Port device team_slave_0 added
[  252.460428][ T7672] team0: Port device team_slave_1 added
[  252.725581][ T7046] IPVS: starting estimator thread 0...
[  252.808719][ T7672] batman_adv: batadv0: Adding interface: batadv_slave_0
[  252.849640][ T7732] IPVS: using max 17 ests per chain, 40800 per kthread
[  253.241298][ T7672] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  253.269640][ T7672] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  253.360895][ T7672] batman_adv: batadv0: Adding interface: batadv_slave_1
[  253.375037][ T7672] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  253.424262][ T7672] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  253.735412][ T7740] xt_CONNSECMARK: only valid in 'mangle' or 'security' table, not 'raw'
[  254.429157][ T7672] hsr_slave_0: entered promiscuous mode
[  254.435138][   T50] Bluetooth: hci5: command tx timeout
[  254.459947][ T7672] hsr_slave_1: entered promiscuous mode
[  254.475900][ T7672] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  254.493335][ T7672] Cannot create hsr debugfs directory
[  255.990248][ T1292] ieee802154 phy0 wpan0: encryption failed: -22
[  255.996754][ T1292] ieee802154 phy1 wpan1: encryption failed: -22
[  256.926508][ T7760] xt_socket: unknown flags 0x4c
[  258.207294][ T7767] loop1: detected capacity change from 0 to 40427
[  258.276288][ T7767] F2FS-fs (loop1): Invalid log_blocksize (268), supports only 12
[  258.284302][ T7767] F2FS-fs (loop1): Can't find valid F2FS filesystem in 1th superblock
[  258.296695][ T7767] F2FS-fs (loop1): invalid crc value
[  258.322100][ T7767] F2FS-fs (loop1): Found nat_bits in checkpoint
[  258.346079][ T7672] netdevsim netdevsim5 netdevsim0: renamed from eth0
[  258.378782][ T7672] netdevsim netdevsim5 netdevsim1: renamed from eth1
[  258.390775][ T7767] F2FS-fs (loop1): Try to recover 1th superblock, ret: 0
[  258.398022][ T7767] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e5
[  258.422959][ T7672] netdevsim netdevsim5 netdevsim2: renamed from eth2
[  259.091409][ T7672] netdevsim netdevsim5 netdevsim3: renamed from eth3
[  261.438072][ T7672] 8021q: adding VLAN 0 to HW filter on device bond0
[  261.848971][ T7672] 8021q: adding VLAN 0 to HW filter on device team0
[  261.939882][   T12] bridge0: port 1(bridge_slave_0) entered blocking state
[  261.947104][   T12] bridge0: port 1(bridge_slave_0) entered forwarding state
[  261.987592][ T1085] bridge0: port 2(bridge_slave_1) entered blocking state
[  261.994826][ T1085] bridge0: port 2(bridge_slave_1) entered forwarding state
[  262.542588][ T7672] 8021q: adding VLAN 0 to HW filter on device batadv0
[  263.753647][ T7672] veth0_vlan: entered promiscuous mode
[  264.306351][ T7672] veth1_vlan: entered promiscuous mode
[  264.425803][ T7672] veth0_macvtap: entered promiscuous mode
[  264.454900][ T7672] veth1_macvtap: entered promiscuous mode
[  264.527771][ T7672] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  264.538771][ T7672] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  264.549318][ T7672] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  264.561623][ T7672] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  264.610424][ T7672] batman_adv: batadv0: Interface activated: batadv_slave_0
[  264.802717][ T7672] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  264.816295][ T7672] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  264.827646][ T7672] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  264.854177][ T7672] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  264.874741][ T7672] batman_adv: batadv0: Interface activated: batadv_slave_1
[  265.068015][ T1140] F2FS-fs (loop1): f2fs_check_nid_range: out-of-range nid=1, run fsck to fix.
[  265.081195][ T7672] netdevsim netdevsim5 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  265.139935][ T1140] F2FS-fs (loop1): f2fs_check_nid_range: out-of-range nid=2, run fsck to fix.
[  265.155653][ T7672] netdevsim netdevsim5 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  265.426541][ T7672] netdevsim netdevsim5 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  265.470161][ T7672] netdevsim netdevsim5 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  265.753073][ T1094] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  265.773590][ T1094] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  265.859904][ T1094] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  265.900060][ T7838] syzkaller0: entered promiscuous mode
[  265.908645][ T1094] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  265.929155][ T7838] syzkaller0: entered allmulticast mode
[  267.172219][ T7845] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  267.315687][ T7849] syzkaller0: entered promiscuous mode
[  267.355700][ T7849] syzkaller0: entered allmulticast mode
[  267.724925][ T7849] tipc: Resetting bearer <eth:syzkaller0>
[  268.797413][   T23] tipc: Node number set to 2660857165
[  268.811226][ T7843] tipc: Resetting bearer <eth:syzkaller0>
[  270.244489][ T7843] tipc: Disabling bearer <eth:syzkaller0>
[  271.884550][ T7869] xt_CT: No such helper "netbios-ns"
[  273.075887][ T7878] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  273.086454][ T7878] syzkaller0: entered promiscuous mode
[  273.091993][ T7878] syzkaller0: entered allmulticast mode
[  274.220042][ T7891] tipc: Resetting bearer <eth:syzkaller0>
[  274.441790][ T7877] tipc: Resetting bearer <eth:syzkaller0>
[  275.203668][ T7877] tipc: Disabling bearer <eth:syzkaller0>
[  275.598617][ T7901] loop5: detected capacity change from 0 to 4096
[  276.101508][ T7907] loop4: detected capacity change from 0 to 32768
[  276.657157][ T7907] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop4 scanned by syz.4.587 (7907)
[  276.702765][ T7907] BTRFS info (device loop4): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[  276.713702][ T7907] BTRFS info (device loop4): using crc32c (crc32c-intel) checksum algorithm
[  276.722490][ T7907] BTRFS info (device loop4): setting nodatasum
[  276.728983][ T7907] BTRFS info (device loop4): force zlib compression, level 3
[  276.736542][ T7907] BTRFS info (device loop4): enabling ssd optimizations
[  276.743626][ T7907] BTRFS info (device loop4): allowing degraded mounts
[  276.750711][ T7907] BTRFS warning (device loop4): the 'inode_cache' option is deprecated and has no effect since 5.11
[  276.761872][ T7907] BTRFS info (device loop4): using free space tree
[  276.814239][ T7901] ntfs3: loop5: Mark volume as dirty due to NTFS errors
[  277.588529][ T7907] BTRFS info (device loop4): last unmount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[  277.970487][ T7901] ntfs3: loop5: Failed to load $Extend (-22).
[  277.994566][ T7901] ntfs3: loop5: Failed to initialize $Extend.
[  285.576301][ T8001] (null): rxe_set_mtu: Set mtu to 1024
[  285.585216][ T8001] wg2 speed is unknown, defaulting to 1000
[  285.594699][ T8001] wg2 speed is unknown, defaulting to 1000
[  285.602567][ T8001] wg2 speed is unknown, defaulting to 1000
[  285.718748][ T8001] infiniband syz2: set down
[  285.723700][ T8001] infiniband syz2: added wg2
[  285.737716][ T5880] wg2 speed is unknown, defaulting to 1000
[  285.792042][ T8001] RDS/IB: syz2: added
[  285.797276][ T8001] smc: adding ib device syz2 with port count 1
[  285.803732][ T8001] smc:    ib device syz2 port 1 has pnetid 
[  285.815189][ T8001] wg2 speed is unknown, defaulting to 1000
[  285.940024][ T8001] wg2 speed is unknown, defaulting to 1000
[  286.063101][ T8001] wg2 speed is unknown, defaulting to 1000
[  286.190345][ T8001] wg2 speed is unknown, defaulting to 1000
[  286.311854][ T8001] wg2 speed is unknown, defaulting to 1000
[  286.427871][ T8001] wg2 speed is unknown, defaulting to 1000
[  286.561805][ T5880] wg2 speed is unknown, defaulting to 1000
[  288.160725][ T8021] netlink: 'syz.3.617': attribute type 1 has an invalid length.
[  288.461861][ T8022] loop5: detected capacity change from 0 to 8
[  288.491371][ T8021] 8021q: adding VLAN 0 to HW filter on device bond3
[  288.519431][ T8024] macvlan3: entered promiscuous mode
[  288.540084][ T8024] macvlan3: entered allmulticast mode
[  288.644230][ T8024] bond3: entered promiscuous mode
[  288.658751][ T8022] SQUASHFS error: xz decompression failed, data probably corrupt
[  288.667302][ T8022] SQUASHFS error: Failed to read block 0x108: -5
[  288.674460][ T8024] 8021q: adding VLAN 0 to HW filter on device macvlan3
[  288.681421][ T8022] SQUASHFS error: Unable to read metadata cache entry [106]
[  288.689761][ T8022] SQUASHFS error: Unable to read inode 0x11f
[  288.794593][ T8024] bond3: left promiscuous mode
[  289.660658][ T8021] bond3: (slave gretap1): making interface the new active one
[  289.692031][ T8021] bond3: (slave gretap1): Enslaving as an active interface with an up link
[  289.740090][ T8027] syzkaller0: entered promiscuous mode
[  289.821023][ T8027] syzkaller0: entered allmulticast mode
[  292.020465][ T8051] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  292.041737][ T8051] syzkaller0: entered promiscuous mode
[  292.049669][ T8051] syzkaller0: entered allmulticast mode
[  292.144769][ T8058] tipc: Resetting bearer <eth:syzkaller0>
[  292.174782][ T8056] syzkaller0: entered promiscuous mode
[  292.203354][ T8056] syzkaller0: entered allmulticast mode
[  292.218508][ T8050] tipc: Resetting bearer <eth:syzkaller0>
[  292.270980][ T8050] tipc: Disabling bearer <eth:syzkaller0>
[  295.575055][ T8077] tipc: Started in network mode
[  295.591610][ T8077] tipc: Node identity b61a7369eecd, cluster identity 4711
[  295.618967][ T8077] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  295.796360][ T8084] team0: Port device team_slave_0 removed
[  295.893316][ T8077] syzkaller0: entered promiscuous mode
[  295.904866][ T8077] syzkaller0: entered allmulticast mode
[  295.994417][ T8077] tipc: Resetting bearer <eth:syzkaller0>
[  296.036099][ T8076] tipc: Resetting bearer <eth:syzkaller0>
[  296.094964][ T8076] tipc: Disabling bearer <eth:syzkaller0>
[  296.649075][ T8104] netlink: 4 bytes leftover after parsing attributes in process `syz.3.638'.
[  296.912030][ T8108] vcan0: tx drop: invalid sa for name 0x0000000000000005
[  298.425324][ T8120] syzkaller0: entered promiscuous mode
[  298.437374][ T8120] syzkaller0: entered allmulticast mode
[  298.952106][ T8122] netlink: 'syz.5.643': attribute type 1 has an invalid length.
[  299.002799][ T8129] netlink: 16 bytes leftover after parsing attributes in process `syz.3.645'.
[  299.760132][ T8122] vlan2: entered allmulticast mode
[  299.783311][ T8122] veth1: entered allmulticast mode
[  305.966941][   T28] audit: type=1326 audit(1760998081.024:32): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8168 comm="syz.4.655" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3da178efc9 code=0x7ffc0000
[  305.981596][ T8167] syzkaller0: entered promiscuous mode
[  306.113383][   T28] audit: type=1326 audit(1760998081.024:33): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8168 comm="syz.4.655" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3da178efc9 code=0x7ffc0000
[  306.137201][ T8167] syzkaller0: entered allmulticast mode
[  306.195573][   T28] audit: type=1326 audit(1760998081.024:34): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8168 comm="syz.4.655" exe="/root/syz-executor" sig=0 arch=c000003e syscall=186 compat=0 ip=0x7f3da178efc9 code=0x7ffc0000
[  306.224284][   T28] audit: type=1326 audit(1760998081.024:35): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8168 comm="syz.4.655" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3da178efc9 code=0x7ffc0000
[  307.116363][   T28] audit: type=1326 audit(1760998081.054:36): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8168 comm="syz.4.655" exe="/root/syz-executor" sig=0 arch=c000003e syscall=222 compat=0 ip=0x7f3da178efc9 code=0x7ffc0000
[  307.155469][   T28] audit: type=1326 audit(1760998081.054:37): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8168 comm="syz.4.655" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3da178efc9 code=0x7ffc0000
[  307.254068][   T28] audit: type=1326 audit(1760998081.054:38): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8168 comm="syz.4.655" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3da178efc9 code=0x7ffc0000
[  307.277144][   T28] audit: type=1326 audit(1760998081.054:39): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8168 comm="syz.4.655" exe="/root/syz-executor" sig=0 arch=c000003e syscall=223 compat=0 ip=0x7f3da178efc9 code=0x7ffc0000
[  307.301110][   T28] audit: type=1326 audit(1760998081.054:40): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8168 comm="syz.4.655" exe="/root/syz-executor" sig=0 arch=c000003e syscall=39 compat=0 ip=0x7f3da1785e67 code=0x7ffc0000
[  307.326915][   T28] audit: type=1326 audit(1760998081.054:41): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8168 comm="syz.4.655" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f3da172b099 code=0x7ffc0000
[  310.094574][ T8191] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  310.123953][ T8191] syzkaller0: entered promiscuous mode
[  310.287551][ T8191] syzkaller0: entered allmulticast mode
[  312.324124][ T8202] tipc: Resetting bearer <eth:syzkaller0>
[  312.558574][ T8189] tipc: Resetting bearer <eth:syzkaller0>
[  313.368950][ T8189] tipc: Disabling bearer <eth:syzkaller0>
[  316.772725][ T8242] No such timeout policy "syz0"
[  317.430989][ T1292] ieee802154 phy0 wpan0: encryption failed: -22
[  317.437696][ T1292] ieee802154 phy1 wpan1: encryption failed: -22
[  321.930832][ T8286] Cannot find add_set index 0 as target
[  324.473298][ T5881] IPVS: starting estimator thread 0...
[  324.593553][ T8304] IPVS: using max 17 ests per chain, 40800 per kthread
[  324.840791][ T8309] tipc: Enabling of bearer <eth:syzkaller0> rejected, failed to enable media
[  326.330568][ T8325] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  326.341748][ T8325] syzkaller0: entered promiscuous mode
[  326.369592][ T8325] syzkaller0: entered allmulticast mode
[  327.791485][ T8340] tipc: Resetting bearer <eth:syzkaller0>
[  327.928743][ T5881] IPVS: starting estimator thread 0...
[  328.610341][ T8324] tipc: Resetting bearer <eth:syzkaller0>
[  328.674820][ T8346] IPVS: using max 27 ests per chain, 64800 per kthread
[  328.686059][ T8324] tipc: Disabling bearer <eth:syzkaller0>
[  330.687454][ T8363] loop1: detected capacity change from 0 to 64
[  331.420853][ T8376] netlink: 24 bytes leftover after parsing attributes in process `syz.3.704'.
[  332.630687][ T5880] IPVS: starting estimator thread 0...
[  333.106508][ T8388] overlayfs: failed to clone upperpath
[  333.123924][ T8389] IPVS: using max 18 ests per chain, 43200 per kthread
[  333.159797][ T8391] loop1: detected capacity change from 0 to 256
[  333.237100][ T8391] FAT-fs (loop1): Volume was not properly unmounted. Some data may be corrupt. Please run fsck.
[  334.630122][ T8404] tipc: Started in network mode
[  334.649461][ T8404] tipc: Node identity 1634c67bd6fe, cluster identity 4711
[  334.678360][ T8404] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  335.064152][ T8408] syzkaller0: entered promiscuous mode
[  335.167820][ T8408] syzkaller0: entered allmulticast mode
[  335.361992][ T8403] tipc: Resetting bearer <eth:syzkaller0>
[  335.475226][ T8403] tipc: Disabling bearer <eth:syzkaller0>
[  340.114436][ T8472] netlink: 12 bytes leftover after parsing attributes in process `syz.1.726'.
[  344.084753][ T8497] netlink: 28 bytes leftover after parsing attributes in process `syz.1.731'.
[  346.149460][ T8511] x_tables: ip6_tables: TPROXY target: used from hooks FORWARD, but only usable from PREROUTING
[  347.318041][ T8515] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  347.442718][ T8517] syzkaller0: entered promiscuous mode
[  348.014351][ T8517] syzkaller0: entered allmulticast mode
[  348.153569][ T8517] netlink: 12 bytes leftover after parsing attributes in process `syz.1.736'.
[  348.199894][ T8515] tipc: Resetting bearer <eth:syzkaller0>
[  348.252993][ T8522] loop4: detected capacity change from 0 to 64
[  348.283783][ T8514] tipc: Resetting bearer <eth:syzkaller0>
[  348.287913][ T8520] loop5: detected capacity change from 0 to 4096
[  348.467613][ T8520] ntfs3: loop5: Mark volume as dirty due to NTFS errors
[  348.643752][ T8514] tipc: Disabling bearer <eth:syzkaller0>
[  348.687375][ T8520] ntfs3: loop5: Failed to load $Extend (-22).
[  348.730154][ T8520] ntfs3: loop5: Failed to initialize $Extend.
[  350.429759][ T8531] loop1: detected capacity change from 0 to 1024
[  356.141624][ T8553] loop5: detected capacity change from 0 to 8192
[  356.220171][ T8553]  loop5: p2 p3 p4[EZD]
[  356.345172][ T8553] loop5: p3 start 360447 is beyond EOD, truncated
[  356.513352][ T8553] loop5: p4 size 264072 extends beyond EOD, truncated
[  358.724436][ T8578] xt_TCPMSS: Only works on TCP SYN packets
[  363.956666][ T8600] loop5: detected capacity change from 0 to 256
[  364.008762][ T8600] exFAT-fs (loop5): failed to load upcase table (idx : 0x000104d0, chksum : 0x60d18d7c, utbl_chksum : 0xe619d30d)
[  364.382901][   T28] kauditd_printk_skb: 48 callbacks suppressed
[  364.382941][   T28] audit: type=1800 audit(1760998139.424:90): pid=8602 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.5.757" name="file1" dev="loop5" ino=1048617 res=0 errno=0
[  366.139736][ T8605] loop1: detected capacity change from 0 to 32768
[  366.375843][ T8605] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop1 scanned by syz.1.758 (8605)
[  366.661172][ T8607] loop5: detected capacity change from 0 to 1024
[  367.284407][ T8605] BTRFS info (device loop1): first mount of filesystem e417788f-7a09-42b2-9266-8ddc5d5d35d2
[  367.302241][ T8605] BTRFS info (device loop1): using xxhash64 (xxhash64-generic) checksum algorithm
[  367.311950][ T8605] BTRFS info (device loop1): enabling ssd optimizations
[  367.319064][ T8605] BTRFS info (device loop1): turning on sync discard
[  367.325957][ T8605] BTRFS info (device loop1): using free space tree
[  367.634041][ T8609] netlink: 8 bytes leftover after parsing attributes in process `syz.4.760'.
[  367.960770][ T8609] batadv0: entered promiscuous mode
[  367.974796][ T8609] vlan2: entered promiscuous mode
[  369.486142][ T8605] BTRFS error (device loop1): open_ctree failed: -4
[  370.260400][ T8638] No such timeout policy "syz0"
[  370.455574][ T8635] warning: `syz.5.763' uses wireless extensions which will stop working for Wi-Fi 7 hardware; use nl80211
[  370.923642][ T5800] Bluetooth: hci5: command 0x0406 tx timeout
[  373.416796][ T8663] macvtap0: entered promiscuous mode
[  373.423909][ T8663] macvtap0: left promiscuous mode
[  376.771134][ T8704] Timeout policy `syz0' can only be used by L3 protocol number 34915
[  379.843853][ T1292] ieee802154 phy0 wpan0: encryption failed: -22
[  379.850258][ T1292] ieee802154 phy1 wpan1: encryption failed: -22
[  380.752132][ T8726] netlink: 8 bytes leftover after parsing attributes in process `syz.3.783'.
[  380.763364][ T8726] netlink: 8 bytes leftover after parsing attributes in process `syz.3.783'.
[  380.772611][ T8726] netlink: 8 bytes leftover after parsing attributes in process `syz.3.783'.
[  380.781811][ T8726] netlink: 8 bytes leftover after parsing attributes in process `syz.3.783'.
[  381.222916][   T28] audit: type=1804 audit(1760998156.274:91): pid=8737 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.3.786" name="bus" dev="ramfs" ino=18971 res=1 errno=0
[  381.279545][   T28] audit: type=1804 audit(1760998156.304:92): pid=8737 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz.3.786" name="bus" dev="ramfs" ino=18971 res=1 errno=0
[  382.731844][ T8750] xt_TCPMSS: Only works on TCP SYN packets
[  388.021060][   T29] INFO: task syz.0.498:7500 blocked for more than 143 seconds.
[  388.289871][   T29]       Not tainted syzkaller #0
[  388.301728][   T29] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
[  388.333880][   T29] task:syz.0.498       state:D stack:28784 pid:7500  ppid:5789   flags:0x00004006
[  388.366827][   T29] Call Trace:
[  388.370187][   T29]  <TASK>
[  388.373968][   T29]  __schedule+0x14d2/0x44d0
[  388.381996][   T29]  ? asan.module_dtor+0x20/0x20
[  388.387978][   T29]  ? mark_lock+0x94/0x320
[  388.392373][   T29]  ? lockdep_hardirqs_on_prepare+0x400/0x760
[  388.394265][ T8791] loop1: detected capacity change from 0 to 1024
[  388.412549][   T29]  ? _raw_spin_lock_irqsave+0xf0/0xf0
[  388.419952][   T29]  ? rwsem_down_read_slowpath+0x50e/0x840
[  388.432916][   T29]  schedule+0xbd/0x170
[  388.437502][   T29]  schedule_preempt_disabled+0x13/0x20
[  388.443028][   T29]  rwsem_down_read_slowpath+0x4f8/0x840
[  388.454511][ T8791] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  388.465639][   T29]  ? down_write_killable_nested+0x220/0x220
[  388.472486][   T29]  ? read_lock_is_recursive+0x20/0x20
[  388.483280][   T29]  down_read+0x98/0x2e0
[  388.487878][   T29]  super_lock+0x167/0x360
[  388.492859][   T29]  ? user_get_super+0x180/0x180
[  388.498249][   T29]  ? __lock_acquire+0x7c80/0x7c80
[  388.503618][   T29]  ? __rwlock_init+0x150/0x150
[  388.508575][   T29]  ? do_raw_spin_unlock+0x121/0x230
[  388.525817][   T29]  ? ksys_sync+0x150/0x150
[  388.532920][   T29]  iterate_supers+0x80/0x170
[  388.542797][   T29]  ksys_sync+0x95/0x150
[  388.547586][   T29]  ? sync_filesystem+0x220/0x220
[  388.561002][   T29]  ? syscall_enter_from_user_mode+0x25/0x80
[  388.567576][   T29]  ? lockdep_hardirqs_on+0x98/0x150
[  388.572928][   T29]  __ia32_sys_sync+0xe/0x20
[  388.578197][   T29]  do_syscall_64+0x55/0xb0
[  388.585033][   T29]  ? clear_bhb_loop+0x40/0x90
[  388.596706][   T29]  ? clear_bhb_loop+0x40/0x90
[  388.607190][   T29]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[  388.617976][   T29] RIP: 0033:0x7ff4fc78efc9
[  388.622544][   T29] RSP: 002b:00007ff4fd541038 EFLAGS: 00000246 ORIG_RAX: 00000000000000a2
[  388.639928][   T29] RAX: ffffffffffffffda RBX: 00007ff4fc9e5fa0 RCX: 00007ff4fc78efc9
[  388.656201][   T29] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[  388.669416][   T29] RBP: 00007ff4fc9e5fa0 R08: 0000000000000000 R09: 0000000000000000
[  388.681231][   T29] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  388.698179][   T29] R13: 00007ff4fc9e6038 R14: 00007ff4fc9e5fa0 R15: 00007ffef2fb2a18
[  388.711131][   T29]  </TASK>
[  388.714862][   T29] INFO: task syz.0.498:7501 blocked for more than 144 seconds.
[  388.722522][   T29]       Not tainted syzkaller #0
[  388.732238][   T29] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
[  388.741142][   T29] task:syz.0.498       state:D stack:28816 pid:7501  ppid:5789   flags:0x00004004
[  388.751031][   T29] Call Trace:
[  388.754720][   T29]  <TASK>
[  388.757799][   T29]  __schedule+0x14d2/0x44d0
[  388.762467][   T29]  ? asan.module_dtor+0x20/0x20
[  388.768684][   T29]  ? mark_lock+0x94/0x320
[  388.773486][   T29]  ? lockdep_hardirqs_on_prepare+0x400/0x760
[  388.779618][   T29]  ? _raw_spin_lock_irqsave+0xf0/0xf0
[  388.785375][   T29]  ? rwsem_down_read_slowpath+0x50e/0x840
[  388.791234][   T29]  schedule+0xbd/0x170
[  388.795761][   T29]  schedule_preempt_disabled+0x13/0x20
[  388.802311][   T29]  rwsem_down_read_slowpath+0x4f8/0x840
[  388.808071][   T29]  ? down_write_killable_nested+0x220/0x220
[  388.814601][   T29]  ? read_lock_is_recursive+0x20/0x20
[  388.820129][   T29]  ? _raw_spin_lock_irq+0xaf/0xe0
[  388.825705][   T29]  down_read+0x98/0x2e0
[  388.829932][   T29]  super_lock+0x167/0x360
[  388.834518][   T29]  ? user_get_super+0x180/0x180
[  388.839420][   T29]  ? __lock_acquire+0x7c80/0x7c80
[  388.844916][   T29]  ? __rwlock_init+0x150/0x150
[  388.849734][   T29]  ? do_raw_spin_unlock+0x121/0x230
[  388.855269][   T29]  ? ksys_sync+0x150/0x150
[  388.859735][   T29]  iterate_supers+0x80/0x170
[  388.864825][   T29]  ksys_sync+0x95/0x150
[  388.869043][   T29]  ? sync_filesystem+0x220/0x220
[  388.894385][   T29]  ? syscall_enter_from_user_mode+0x25/0x80
[  388.935223][   T29]  ? lockdep_hardirqs_on+0x98/0x150
[  388.940651][   T29]  __ia32_sys_sync+0xe/0x20
[  388.950634][   T29]  do_syscall_64+0x55/0xb0
[  388.955266][   T29]  ? clear_bhb_loop+0x40/0x90
[  388.960298][   T29]  ? clear_bhb_loop+0x40/0x90
[  388.965287][   T29]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[  388.971592][   T29] RIP: 0033:0x7ff4fc78efc9
[  388.976282][   T29] RSP: 002b:00007ff4fa9f6038 EFLAGS: 00000246 ORIG_RAX: 00000000000000a2
[  388.985166][   T29] RAX: ffffffffffffffda RBX: 00007ff4fc9e6090 RCX: 00007ff4fc78efc9
[  388.993338][   T29] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[  389.002596][   T29] RBP: 00007ff4fc9e6090 R08: 0000000000000000 R09: 0000000000000000
[  389.024798][   T29] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  389.661866][   T29] R13: 00007ff4fc9e6128 R14: 00007ff4fc9e6090 R15: 00007ffef2fb2a18
[  389.675350][   T29]  </TASK>
[  389.678614][   T29] INFO: task syz.0.498:7502 blocked for more than 145 seconds.
[  389.688058][   T29]       Not tainted syzkaller #0
[  389.694303][   T29] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
[  389.703544][   T29] task:syz.0.498       state:D stack:29128 pid:7502  ppid:5789   flags:0x00004004
[  389.712835][   T29] Call Trace:
[  389.716669][   T29]  <TASK>
[  389.720408][   T29]  __schedule+0x14d2/0x44d0
[  389.725491][   T29]  ? asan.module_dtor+0x20/0x20
[  389.730480][   T29]  ? mark_lock+0x94/0x320
[  389.735198][   T29]  ? lockdep_hardirqs_on_prepare+0x400/0x760
[  389.741268][   T29]  ? _raw_spin_lock_irqsave+0xf0/0xf0
[  389.747151][   T29]  ? rwsem_down_read_slowpath+0x50e/0x840
[  389.752925][   T29]  schedule+0xbd/0x170
[  389.757457][   T29]  schedule_preempt_disabled+0x13/0x20
[  389.762977][   T29]  rwsem_down_read_slowpath+0x4f8/0x840
[  389.768804][   T29]  ? down_write_killable_nested+0x220/0x220
[  389.774888][   T29]  ? read_lock_is_recursive+0x20/0x20
[  389.780323][   T29]  down_read+0x98/0x2e0
[  389.784790][   T29]  super_lock+0x167/0x360
[  389.789204][   T29]  ? user_get_super+0x180/0x180
[  389.794229][   T29]  ? __lock_acquire+0x7c80/0x7c80
[  389.799312][   T29]  ? __rwlock_init+0x150/0x150
[  389.804224][   T29]  ? do_raw_spin_unlock+0x121/0x230
[  389.809461][   T29]  ? ksys_sync+0x150/0x150
[  389.814063][   T29]  iterate_supers+0x80/0x170
[  389.818702][   T29]  ksys_sync+0x95/0x150
[  389.823956][   T29]  ? sync_filesystem+0x220/0x220
[  389.828967][   T29]  ? syscall_enter_from_user_mode+0x25/0x80
[  389.835302][   T29]  ? lockdep_hardirqs_on+0x98/0x150
[  389.840577][   T29]  __ia32_sys_sync+0xe/0x20
[  389.845397][   T29]  do_syscall_64+0x55/0xb0
[  389.849879][   T29]  ? clear_bhb_loop+0x40/0x90
[  389.854918][   T29]  ? clear_bhb_loop+0x40/0x90
[  389.859646][   T29]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[  389.865935][   T29] RIP: 0033:0x7ff4fc78efc9
[  389.870387][   T29] RSP: 002b:00007ff4fa9d5038 EFLAGS: 00000246 ORIG_RAX: 00000000000000a2
[  389.879004][   T29] RAX: ffffffffffffffda RBX: 00007ff4fc9e6180 RCX: 00007ff4fc78efc9
[  389.887061][   T29] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[  389.895198][   T29] RBP: 00007ff4fc9e6180 R08: 0000000000000000 R09: 0000000000000000
[  389.903356][   T29] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  389.911362][   T29] R13: 00007ff4fc9e6218 R14: 00007ff4fc9e6180 R15: 00007ffef2fb2a18
[  389.919511][   T29]  </TASK>
[  389.923978][   T29] INFO: task syz.0.498:7505 blocked for more than 145 seconds.
[  389.931573][   T29]       Not tainted syzkaller #0
[  389.936756][   T29] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
[  389.945860][   T29] task:syz.0.498       state:D stack:28936 pid:7505  ppid:5789   flags:0x00004004
[  389.955300][   T29] Call Trace:
[  389.958626][   T29]  <TASK>
[  389.961593][   T29]  __schedule+0x14d2/0x44d0
[  389.966323][   T29]  ? asan.module_dtor+0x20/0x20
[  389.971231][   T29]  ? mark_lock+0x94/0x320
[  389.975695][   T29]  ? lockdep_hardirqs_on_prepare+0x400/0x760
[  389.981769][   T29]  ? _raw_spin_lock_irqsave+0xf0/0xf0
[  389.987529][   T29]  ? rwsem_down_read_slowpath+0x50e/0x840
[  389.993371][   T29]  schedule+0xbd/0x170
[  389.997525][   T29]  schedule_preempt_disabled+0x13/0x20
[  390.003038][   T29]  rwsem_down_read_slowpath+0x4f8/0x840
[  390.008755][   T29]  ? down_write_killable_nested+0x220/0x220
[  390.014886][   T29]  ? read_lock_is_recursive+0x20/0x20
[  390.020299][   T29]  ? _raw_spin_lock_irq+0xaf/0xe0
[  390.027423][   T29]  down_read+0x98/0x2e0
[  390.031684][   T29]  super_lock+0x167/0x360
[  390.036303][   T29]  ? user_get_super+0x180/0x180
[  390.041221][   T29]  ? __lock_acquire+0x7c80/0x7c80
[  390.046467][   T29]  ? __rwlock_init+0x150/0x150
[  390.051281][   T29]  ? do_raw_spin_unlock+0x121/0x230
[  390.056594][   T29]  ? ksys_sync+0x150/0x150
[  390.061064][   T29]  iterate_supers+0x80/0x170
[  390.065824][   T29]  ksys_sync+0x95/0x150
[  390.070028][   T29]  ? sync_filesystem+0x220/0x220
[  390.075106][   T29]  ? syscall_enter_from_user_mode+0x25/0x80
[  390.081064][   T29]  ? lockdep_hardirqs_on+0x98/0x150
[  390.086412][   T29]  __ia32_sys_sync+0xe/0x20
[  390.090953][   T29]  do_syscall_64+0x55/0xb0
[  390.095775][   T29]  ? clear_bhb_loop+0x40/0x90
[  390.100492][   T29]  ? clear_bhb_loop+0x40/0x90
[  390.105352][   T29]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[  390.111286][   T29] RIP: 0033:0x7ff4fc78efc9
[  390.115983][   T29] RSP: 002b:00007ff4fa5b2038 EFLAGS: 00000246 ORIG_RAX: 00000000000000a2
[  390.124510][   T29] RAX: ffffffffffffffda RBX: 00007ff4fc9e6270 RCX: 00007ff4fc78efc9
[  390.132842][   T29] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[  390.140922][   T29] RBP: 00007ff4fc9e6270 R08: 0000000000000000 R09: 0000000000000000
[  390.149334][   T29] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  390.157429][   T29] R13: 00007ff4fc9e6308 R14: 00007ff4fc9e6270 R15: 00007ffef2fb2a18
[  390.165621][   T29]  </TASK>
[  390.168707][   T29] INFO: task syz.0.498:7510 blocked for more than 145 seconds.
[  390.178876][   T29]       Not tainted syzkaller #0
[  390.185453][   T29] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
[  390.201781][   T29] task:syz.0.498       state:D stack:28936 pid:7510  ppid:5789   flags:0x00004004
[  390.212410][   T29] Call Trace:
[  390.223082][   T29]  <TASK>
[  390.230802][   T29]  __schedule+0x14d2/0x44d0
[  390.243270][   T29]  ? asan.module_dtor+0x20/0x20
[  390.248674][   T29]  ? mark_lock+0x94/0x320
[  390.260307][   T29]  ? lockdep_hardirqs_on_prepare+0x400/0x760
[  390.268030][   T29]  ? _raw_spin_lock_irqsave+0xf0/0xf0
[  390.280677][   T29]  ? rwsem_down_read_slowpath+0x50e/0x840
[  390.287853][   T29]  schedule+0xbd/0x170
[  390.292024][   T29]  schedule_preempt_disabled+0x13/0x20
[  390.297915][   T29]  rwsem_down_read_slowpath+0x4f8/0x840
[  390.303859][   T29]  ? down_write_killable_nested+0x220/0x220
[  390.309943][   T29]  ? read_lock_is_recursive+0x20/0x20
[  390.315638][   T29]  ? _raw_spin_lock_irq+0xaf/0xe0
[  390.320773][   T29]  down_read+0x98/0x2e0
[  390.325375][   T29]  super_lock+0x167/0x360
[  390.329758][   T29]  ? user_get_super+0x180/0x180
[  390.337745][   T29]  ? __lock_acquire+0x7c80/0x7c80
[  390.342917][   T29]  ? __rwlock_init+0x150/0x150
[  390.347948][   T29]  ? do_raw_spin_unlock+0x121/0x230
[  390.353347][   T29]  ? ksys_sync+0x150/0x150
[  390.357812][   T29]  iterate_supers+0x80/0x170
[  390.362438][   T29]  ksys_sync+0x95/0x150
[  390.367035][   T29]  ? sync_filesystem+0x220/0x220
[  390.372025][   T29]  ? syscall_enter_from_user_mode+0x25/0x80
[  390.378169][   T29]  ? lockdep_hardirqs_on+0x98/0x150
[  390.383808][   T29]  __ia32_sys_sync+0xe/0x20
[  390.388440][   T29]  do_syscall_64+0x55/0xb0
[  390.392913][   T29]  ? clear_bhb_loop+0x40/0x90
[  390.398314][   T29]  ? clear_bhb_loop+0x40/0x90
[  390.403899][   T29]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[  390.410049][   T29] RIP: 0033:0x7ff4fc78efc9
[  390.414786][   T29] RSP: 002b:00007ff4fa18f038 EFLAGS: 00000246 ORIG_RAX: 00000000000000a2
[  390.423382][   T29] RAX: ffffffffffffffda RBX: 00007ff4fc9e6360 RCX: 00007ff4fc78efc9
[  390.431500][   T29] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[  390.440784][   T29] RBP: 00007ff4fc9e6360 R08: 0000000000000000 R09: 0000000000000000
[  390.450298][   T29] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  390.458384][   T29] R13: 00007ff4fc9e63f8 R14: 00007ff4fc9e6360 R15: 00007ffef2fb2a18
[  390.466580][   T29]  </TASK>
[  390.470761][   T29] INFO: task syz.0.498:7514 blocked for more than 145 seconds.
[  390.478782][   T29]       Not tainted syzkaller #0
[  390.483810][   T29] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
[  390.490676][ T5793] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  390.492508][   T29] task:syz.0.498       state:D stack:27120 pid:7514  ppid:5789   flags:0x00004004
[  390.511144][   T29] Call Trace:
[  390.514541][   T29]  <TASK>
[  390.517517][   T29]  __schedule+0x14d2/0x44d0
[  390.522118][   T29]  ? asan.module_dtor+0x20/0x20
[  390.527124][   T29]  ? mark_lock+0x94/0x320
[  390.531512][   T29]  ? lockdep_hardirqs_on_prepare+0x400/0x760
[  390.538048][   T29]  ? _raw_spin_lock_irqsave+0xf0/0xf0
[  390.544335][   T29]  ? rwsem_down_read_slowpath+0x50e/0x840
[  390.550232][   T29]  schedule+0xbd/0x170
[  390.555241][   T29]  schedule_preempt_disabled+0x13/0x20
[  390.560846][   T29]  rwsem_down_read_slowpath+0x4f8/0x840
[  390.567018][   T29]  ? down_write_killable_nested+0x220/0x220
[  390.573097][   T29]  ? read_lock_is_recursive+0x20/0x20
[  390.579146][   T29]  down_read+0x98/0x2e0
[  390.583822][   T29]  super_lock+0x167/0x360
[  390.588201][   T29]  ? user_get_super+0x180/0x180
[  390.593079][   T29]  ? __lock_acquire+0x7c80/0x7c80
[  390.598730][   T29]  ? __rwlock_init+0x150/0x150
[  390.603893][   T29]  ? do_raw_spin_unlock+0x121/0x230
[  390.609139][   T29]  ? ksys_sync+0x150/0x150
[  390.613628][   T29]  iterate_supers+0x80/0x170
[  390.618441][   T29]  ksys_sync+0x95/0x150
[  390.622637][   T29]  ? sync_filesystem+0x220/0x220
[  390.627871][   T29]  ? syscall_enter_from_user_mode+0x25/0x80
[  390.634107][   T29]  ? lockdep_hardirqs_on+0x98/0x150
[  390.640469][   T29]  __ia32_sys_sync+0xe/0x20
[  390.645151][   T29]  do_syscall_64+0x55/0xb0
[  390.649627][   T29]  ? clear_bhb_loop+0x40/0x90
[  390.654622][   T29]  ? clear_bhb_loop+0x40/0x90
[  390.659343][   T29]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[  390.667731][   T29] RIP: 0033:0x7ff4fc78efc9
[  390.672191][   T29] RSP: 002b:00007ff4f9d6c038 EFLAGS: 00000246 ORIG_RAX: 00000000000000a2
[  390.680713][   T29] RAX: ffffffffffffffda RBX: 00007ff4fc9e6450 RCX: 00007ff4fc78efc9
[  390.688800][   T29] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[  390.696913][   T29] RBP: 00007ff4fc9e6450 R08: 0000000000000000 R09: 0000000000000000
[  390.707344][   T29] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  390.715985][   T29] R13: 00007ff4fc9e64e8 R14: 00007ff4fc9e6450 R15: 00007ffef2fb2a18
[  390.724682][   T29]  </TASK>
[  390.727849][   T29] INFO: task syz.0.498:7517 blocked for more than 146 seconds.
[  390.735806][   T29]       Not tainted syzkaller #0
[  390.740801][   T29] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
[  390.750918][   T29] task:syz.0.498       state:D stack:27336 pid:7517  ppid:5789   flags:0x00004004
[  390.760244][   T29] Call Trace:
[  390.763622][   T29]  <TASK>
[  390.766581][   T29]  __schedule+0x14d2/0x44d0
[  390.771116][   T29]  ? asan.module_dtor+0x20/0x20
[  390.777182][   T29]  ? mark_lock+0x94/0x320
[  390.781562][   T29]  ? lockdep_hardirqs_on_prepare+0x400/0x760
[  390.787872][   T29]  ? _raw_spin_lock_irqsave+0xf0/0xf0
[  390.793331][   T29]  ? rwsem_down_read_slowpath+0x50e/0x840
[  390.799143][   T29]  schedule+0xbd/0x170
[  390.803345][   T29]  schedule_preempt_disabled+0x13/0x20
[  390.808838][   T29]  rwsem_down_read_slowpath+0x4f8/0x840
[  390.814596][   T29]  ? down_write_killable_nested+0x220/0x220
[  390.820572][   T29]  ? read_lock_is_recursive+0x20/0x20
[  390.826132][   T29]  ? _raw_spin_lock_irq+0xaf/0xe0
[  390.831197][   T29]  down_read+0x98/0x2e0
[  390.835465][   T29]  super_lock+0x167/0x360
[  390.839847][   T29]  ? user_get_super+0x180/0x180
[  390.845738][   T29]  ? __lock_acquire+0x7c80/0x7c80
[  390.850813][   T29]  ? __rwlock_init+0x150/0x150
[  390.855688][   T29]  ? do_raw_spin_unlock+0x121/0x230
[  390.860962][   T29]  ? ksys_sync+0x150/0x150
[  390.865706][   T29]  iterate_supers+0x80/0x170
[  390.870363][   T29]  ksys_sync+0x95/0x150
[  390.874727][   T29]  ? sync_filesystem+0x220/0x220
[  390.879716][   T29]  ? syscall_enter_from_user_mode+0x25/0x80
[  390.885824][   T29]  ? lockdep_hardirqs_on+0x98/0x150
[  390.891076][   T29]  __ia32_sys_sync+0xe/0x20
[  390.895684][   T29]  do_syscall_64+0x55/0xb0
[  390.900143][   T29]  ? clear_bhb_loop+0x40/0x90
[  390.905235][   T29]  ? clear_bhb_loop+0x40/0x90
[  390.909957][   T29]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[  390.916146][   T29] RIP: 0033:0x7ff4fc78efc9
[  390.920600][   T29] RSP: 002b:00007ff4f9949038 EFLAGS: 00000246 ORIG_RAX: 00000000000000a2
[  390.929131][   T29] RAX: ffffffffffffffda RBX: 00007ff4fc9e6540 RCX: 00007ff4fc78efc9
[  390.937193][   T29] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[  390.945499][   T29] RBP: 00007ff4fc9e6540 R08: 0000000000000000 R09: 0000000000000000
[  390.954516][   T29] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  390.962611][   T29] R13: 00007ff4fc9e65d8 R14: 00007ff4fc9e6540 R15: 00007ffef2fb2a18
[  390.970703][   T29]  </TASK>
[  390.973840][   T29] INFO: task syz.0.498:7519 blocked for more than 146 seconds.
[  390.981411][   T29]       Not tainted syzkaller #0
[  390.986914][   T29] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
[  390.996174][   T29] task:syz.0.498       state:D stack:28392 pid:7519  ppid:5789   flags:0x00004004
[  391.005596][   T29] Call Trace:
[  391.009045][   T29]  <TASK>
[  391.012013][   T29]  __schedule+0x14d2/0x44d0
[  391.016696][   T29]  ? asan.module_dtor+0x20/0x20
[  391.021595][   T29]  ? mark_lock+0x94/0x320
[  391.027801][   T29]  ? lockdep_hardirqs_on_prepare+0x400/0x760
[  391.034371][   T29]  ? _raw_spin_lock_irqsave+0xf0/0xf0
[  391.039809][   T29]  ? rwsem_down_read_slowpath+0x50e/0x840
[  391.045658][   T29]  schedule+0xbd/0x170
[  391.050479][   T29]  schedule_preempt_disabled+0x13/0x20
[  391.056070][   T29]  rwsem_down_read_slowpath+0x4f8/0x840
[  391.061676][   T29]  ? down_write_killable_nested+0x220/0x220
[  391.067771][   T29]  ? read_lock_is_recursive+0x20/0x20
[  391.073516][   T29]  ? _raw_spin_lock_irq+0xaf/0xe0
[  391.078632][   T29]  down_read+0x98/0x2e0
[  391.082813][   T29]  super_lock+0x167/0x360
[  391.087228][   T29]  ? user_get_super+0x180/0x180
[  391.092122][   T29]  ? __lock_acquire+0x7c80/0x7c80
[  391.097259][   T29]  ? __rwlock_init+0x150/0x150
[  391.102085][   T29]  ? do_raw_spin_unlock+0x121/0x230
[  391.107952][   T29]  ? ksys_sync+0x150/0x150
[  391.112473][   T29]  iterate_supers+0x80/0x170
[  391.117219][   T29]  ksys_sync+0x95/0x150
[  391.121417][   T29]  ? sync_filesystem+0x220/0x220
[  391.126492][   T29]  ? syscall_enter_from_user_mode+0x25/0x80
[  391.132443][   T29]  ? lockdep_hardirqs_on+0x98/0x150
[  391.137841][   T29]  __ia32_sys_sync+0xe/0x20
[  391.142397][   T29]  do_syscall_64+0x55/0xb0
[  391.147196][   T29]  ? clear_bhb_loop+0x40/0x90
[  391.152832][   T29]  ? clear_bhb_loop+0x40/0x90
[  391.157710][   T29]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[  391.163711][   T29] RIP: 0033:0x7ff4fc78efc9
[  391.168166][   T29] RSP: 002b:00007ff4f9526038 EFLAGS: 00000246 ORIG_RAX: 00000000000000a2
[  391.176696][   T29] RAX: ffffffffffffffda RBX: 00007ff4fc9e6630 RCX: 00007ff4fc78efc9
[  391.184958][   T29] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[  391.193014][   T29] RBP: 00007ff4fc9e6630 R08: 0000000000000000 R09: 0000000000000000
[  391.201101][   T29] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  391.209187][   T29] R13: 00007ff4fc9e66c8 R14: 00007ff4fc9e6630 R15: 00007ffef2fb2a18
[  391.217400][   T29]  </TASK>
[  391.220494][   T29] 
[  391.220494][   T29] Showing all locks held in the system:
[  391.228418][   T29] 1 lock held by khungtaskd/29:
[  391.233509][   T29]  #0: ffffffff8cd2ff20 (rcu_read_lock){....}-{1:2}, at: debug_show_all_locks+0x55/0x290
[  391.243500][   T29] 2 locks held by kworker/u4:3/48:
[  391.248670][   T29] 2 locks held by getty/5556:
[  391.253440][   T29]  #0: ffff88814cfa60a0 (&tty->ldisc_sem){++++}-{0:0}, at: tty_ldisc_ref_wait+0x25/0x70
[  391.264410][   T29]  #1: ffffc9000326e2f0 (&ldata->atomic_read_lock){+.+.}-{3:3}, at: n_tty_read+0x425/0x1380
[  391.274693][   T29] 1 lock held by syz-executor/5779:
[  391.280010][   T29]  #0: ffff8880b8e3c218 (&rq->__lock){-.-.}-{2:2}, at: raw_spin_rq_lock_nested+0x2a/0x140
[  391.290064][   T29] 1 lock held by syz-executor/5798:
[  391.295355][   T29]  #0: ffff88807a8d00e0 (&type->s_umount_key#60){++++}-{3:3}, at: deactivate_super+0xa4/0xe0
[  391.305891][   T29] 1 lock held by syz.0.498/7500:
[  391.310857][   T29]  #0: ffff88807a8d00e0 (&type->s_umount_key#60){++++}-{3:3}, at: super_lock+0x167/0x360
[  391.320839][   T29] 1 lock held by syz.0.498/7501:
[  391.326028][   T29]  #0: ffff88807a8d00e0 (&type->s_umount_key#60){++++}-{3:3}, at: super_lock+0x167/0x360
[  391.336283][   T29] 1 lock held by syz.0.498/7502:
[  391.341243][   T29]  #0: ffff88807a8d00e0 (&type->s_umount_key#60){++++}-{3:3}, at: super_lock+0x167/0x360
[  391.351277][   T29] 1 lock held by syz.0.498/7505:
[  391.357183][   T29]  #0: ffff88807a8d00e0 (&type->s_umount_key#60){++++}-{3:3}, at: super_lock+0x167/0x360
[  391.367209][   T29] 1 lock held by syz.0.498/7510:
[  391.372170][   T29]  #0: ffff88807a8d00e0 (&type->s_umount_key#60){++++}-{3:3}, at: super_lock+0x167/0x360
[  391.382127][   T29] 1 lock held by syz.0.498/7514:
[  391.387233][   T29]  #0: ffff88807a8d00e0 (&type->s_umount_key#60){++++}-{3:3}, at: super_lock+0x167/0x360
[  391.397229][   T29] 1 lock held by syz.0.498/7517:
[  391.402188][   T29]  #0: ffff88807a8d00e0 (&type->s_umount_key#60){++++}-{3:3}, at: super_lock+0x167/0x360
[  391.412154][   T29] 1 lock held by syz.0.498/7519:
[  391.417178][   T29]  #0: ffff88807a8d00e0 (&type->s_umount_key#60){++++}-{3:3}, at: super_lock+0x167/0x360
[  391.427265][   T29] 
[  391.429646][   T29] =============================================
[  391.429646][   T29] 
[  391.438377][   T29] NMI backtrace for cpu 1
[  391.442756][   T29] CPU: 1 PID: 29 Comm: khungtaskd Not tainted syzkaller #0
[  391.449976][   T29] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[  391.460060][   T29] Call Trace:
[  391.463362][   T29]  <TASK>
[  391.466322][   T29]  dump_stack_lvl+0x16c/0x230
[  391.471034][   T29]  ? preempt_count_add+0x91/0x1a0
[  391.476082][   T29]  ? show_regs_print_info+0x20/0x20
[  391.481309][   T29]  ? load_image+0x3b0/0x3b0
[  391.485846][   T29]  nmi_cpu_backtrace+0x39b/0x3d0
[  391.490836][   T29]  ? nmi_trigger_cpumask_backtrace+0x2f0/0x2f0
[  391.497017][   T29]  ? _printk+0xd0/0x110
[  391.501198][   T29]  ? load_image+0x3b0/0x3b0
[  391.505727][   T29]  ? load_image+0x3b0/0x3b0
[  391.510262][   T29]  ? arch_trigger_cpumask_backtrace+0x10/0x10
[  391.516360][   T29]  nmi_trigger_cpumask_backtrace+0x17a/0x2f0
[  391.522376][   T29]  watchdog+0xf41/0xf80
[  391.526556][   T29]  ? watchdog+0x1e1/0xf80
[  391.530916][   T29]  kthread+0x2fa/0x390
[  391.535007][   T29]  ? hungtask_pm_notify+0x90/0x90
[  391.540064][   T29]  ? kthread_blkcg+0xd0/0xd0
[  391.544677][   T29]  ret_from_fork+0x48/0x80
[  391.549133][   T29]  ? kthread_blkcg+0xd0/0xd0
[  391.553777][   T29]  ret_from_fork_asm+0x11/0x20
[  391.558609][   T29]  </TASK>
[  391.562733][   T29] Sending NMI from CPU 1 to CPUs 0:
[  391.568242][    C0] NMI backtrace for cpu 0
[  391.568254][    C0] CPU: 0 PID: 1094 Comm: kworker/u4:7 Not tainted syzkaller #0
[  391.568271][    C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[  391.568281][    C0] Workqueue: bat_events batadv_nc_worker
[  391.568309][    C0] RIP: 0010:kasan_check_range+0x1bd/0x290
[  391.568332][    C0] Code: 4d 01 f3 49 8d 5c 24 07 4d 85 e4 49 0f 49 dc 48 83 e3 f8 49 29 dc 74 12 41 80 3b 00 0f 85 a6 00 00 00 49 ff c3 49 ff cc 75 ee <5b> 41 5c 41 5d 41 5e 41 5f 5d c3 45 84 ff 75 61 41 f7 c7 00 ff 00
[  391.568347][    C0] RSP: 0018:ffffc90004667a08 EFLAGS: 00000256
[  391.568360][    C0] RAX: 0000000000000001 RBX: 0000000000000000 RCX: ffffffff81677adb
[  391.568371][    C0] RDX: 0000000000000000 RSI: 0000000000000008 RDI: ffffffff8e4a8a68
[  391.568381][    C0] RBP: ffffc90004667b50 R08: ffffffff8e4a8a6f R09: 1ffffffff1c9514d
[  391.568394][    C0] R10: dffffc0000000000 R11: fffffbfff1c9514e R12: 0000000000000001
[  391.568405][    C0] R13: dffffc0000000000 R14: fffffbfff1c9514e R15: 1ffffffff1c9514d
[  391.568417][    C0] FS:  0000000000000000(0000) GS:ffff8880b8e00000(0000) knlGS:0000000000000000
[  391.568430][    C0] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  391.568442][    C0] CR2: 00007f0b835b4198 CR3: 000000002443b000 CR4: 00000000003506f0
[  391.568456][    C0] DR0: ffffffffffffffff DR1: 00000000000001f8 DR2: 0000000000000083
[  391.568466][    C0] DR3: ffffffffefffff15 DR6: 00000000ffff0ff0 DR7: 0000000000000400
[  391.568477][    C0] Call Trace:
[  391.568482][    C0]  <TASK>
[  391.568489][    C0]  ? batadv_nc_worker+0xd2/0x610
[  391.568512][    C0]  lock_release+0xab/0x8b0
[  391.568533][    C0]  ? batadv_nc_worker+0xd2/0x610
[  391.568555][    C0]  ? __lock_acquire+0x7c80/0x7c80
[  391.568573][    C0]  ? lockdep_hardirqs_on_prepare+0x400/0x760
[  391.568594][    C0]  ? batadv_nc_worker+0xd2/0x610
[  391.568616][    C0]  batadv_nc_worker+0x291/0x610
[  391.568640][    C0]  ? process_scheduled_works+0x957/0x15b0
[  391.568660][    C0]  process_scheduled_works+0xa45/0x15b0
[  391.568695][    C0]  ? assign_work+0x400/0x400
[  391.568717][    C0]  ? assign_work+0x39e/0x400
[  391.568738][    C0]  worker_thread+0xa55/0xfc0
[  391.568771][    C0]  kthread+0x2fa/0x390
[  391.568785][    C0]  ? pr_cont_work+0x560/0x560
[  391.568803][    C0]  ? kthread_blkcg+0xd0/0xd0
[  391.568817][    C0]  ret_from_fork+0x48/0x80
[  391.568836][    C0]  ? kthread_blkcg+0xd0/0xd0
[  391.568850][    C0]  ret_from_fork_asm+0x11/0x20
[  391.568880][    C0]  </TASK>
[  391.573623][   T29] Kernel panic - not syncing: hung_task: blocked tasks
[  391.573638][   T29] CPU: 1 PID: 29 Comm: khungtaskd Not tainted syzkaller #0
[  391.573661][   T29] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[  391.573674][   T29] Call Trace:
[  391.573683][   T29]  <TASK>
[  391.573692][   T29]  dump_stack_lvl+0x16c/0x230
[  391.573730][   T29]  ? show_regs_print_info+0x20/0x20
[  391.573760][   T29]  ? load_image+0x3b0/0x3b0
[  391.573794][   T29]  panic+0x2c0/0x710
[  391.573814][   T29]  ? schedule_preempt_disabled+0x20/0x20
[  391.573850][   T29]  ? bpf_jit_dump+0xd0/0xd0
[  391.573870][   T29]  ? __irq_work_queue_local+0x13a/0x3b0
[  391.573899][   T29]  ? nmi_trigger_cpumask_backtrace+0x2a4/0x2f0
[  391.573938][   T29]  watchdog+0xf80/0xf80
[  391.573968][   T29]  ? watchdog+0x1e1/0xf80
[  391.574003][   T29]  kthread+0x2fa/0x390
[  391.574024][   T29]  ? hungtask_pm_notify+0x90/0x90
[  391.574052][   T29]  ? kthread_blkcg+0xd0/0xd0
[  391.574072][   T29]  ret_from_fork+0x48/0x80
[  391.574098][   T29]  ? kthread_blkcg+0xd0/0xd0
[  391.574119][   T29]  ret_from_fork_asm+0x11/0x20
[  391.574174][   T29]  </TASK>
[  391.577864][   T29] Kernel Offset: disabled
[  391.921309][   T29] Rebooting in 86400 seconds..