last executing test programs:

2m23.380329028s ago: executing program 2 (id=24):
r0 = socket$inet6_sctp(0xa, 0x1, 0x84)
getsockopt$inet6_int(r0, 0x29, 0x19, 0x0, &(0x7f0000000100))

2m22.985911398s ago: executing program 2 (id=27):
bpf$BPF_LINK_CREATE(0x8, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff, 0x22, 0x0, @val=@tcx}, 0x1c)

2m22.384443902s ago: executing program 2 (id=29):
symlink(&(0x7f0000001640)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa/../file0\x00', &(0x7f0000000000)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00')
setxattr$security_capability(&(0x7f0000001a00)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa/../file0\x00', &(0x7f0000000380), 0x0, 0x0, 0x1)

2m21.996517252s ago: executing program 2 (id=32):
syz_mount_image$exfat(&(0x7f00000000c0), &(0x7f0000000000)='./file0\x00', 0x0, &(0x7f0000000100)={[{@errors_remount}, {@discard}, {@time_offset={'time_offset', 0x3d, 0x2}}, {@errors_remount}, {@keep_last_dots}, {@gid}, {@zero_size_dir}, {@time_offset={'time_offset', 0x3d, 0x6}}, {@umask={'umask', 0x3d, 0x3ff}}, {@zero_size_dir}]}, 0x1, 0x1534, &(0x7f0000000380)="$eJzs3AucTtX6OPDnWWvtMSbpbZLLsNZ6Nm8SyyRJLklySZIkSXJLSJrkSEJiyC1pSJJch+QyhOQyMWnc7/dLQpI0SRKSW7L+H8Vfnep3zvmdfjmfM8/383k/1jNrP2s/+33ey94b83WnwdUb1qhSn4jg34I//5EMALEA0B8ArgKAAADKxJeJPz+fU2Lyv7cT9ud6MO1yV8AuJ+5/9sb9z964/9kb9z974/5nb9z/7I37n71x/xnLzjZOLXA1P7Lvg+////er+4cz/P3/XySr5OjPV5e8tjNAzD+bwv3P3rj//7WCf2Yj7n/2xv3PrmIvdwHsPwC//7ODHH84w/3P3rj/jGVnl/v+8+V+QCR7PweX+/XHGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYYyx7OOUvUQBwcXy562KMMcYYY4wxxtifx+e43BUwxhhjjDHGGGPs/x6CAAkKAoiBHBALOSEOBABcCbnhKojA1RAP10AeuBbyQj7IDwUgAQpCIdBgwAJBCIWhCEThOigK10MxuAGKQwlwUBIS4UYoBTdBabgZysAtUBZuhXJQHipARbgNKsHtUBnugCpwJ1SFalAdasBdUBPuhlpwD9SGe6EO3Ad14X6oBw9AfXgQGsBD0BAehkbwCDSGJtAUmkHz/1X+89ANXoDu0AOSoSf0ghehN/SBvtAP+sNLMABehoHwCqTAIBgMr8IQeA2GwuswDN6A4fAmjICRMApGwxgYC6kwDsbDWzAB3oaJMAkmwxRIg6kwDd6B6TADZsK7MAveg9kwB+bCPEiH92E+LIAM+AAWwoeQCYtgMSyBpbAMlsMKWAmrYDWsgbWwDtbDBtgIm2AzbIGtsA22w0ewAz6GnbALdsMnsAc+/RfzT/5dfmcEBBQoUKHCGIzBWIzFOIzDXJgLc2NujGAE4zEe82AezIt5MT/mxwRMwEJYCA0aJCQsjIUxilEsikWxGBbD4lgcHTpMxEQshTdhaSyNZbAMlsWyWA7LY3msiBWxElbCylgZq2AVrIpVsTpWx7vwLuyJtbAW1sbaWAfrXLw9hfWxPjbABtgQG2IjbISNsTE2xabYHJtjC2yBLbEltsbW2AbbYFtsi0mYhO2wHbbH9tgBO2BH7IidsBN2xi7YJev5HIAv4AvYA6uKntgLe2FvTMnRF/thP3wJB+DL+DK+gik4CAfjq/gqvoZD8QQOwzdwOA7HSmIkjsLRSGIspmIqjsfxOAEn4ESchJNwCqbhVJyG03A6zsAZ+C7OwvfwPZyDc3AepmM6zscFmIEZuBBPYiYuwsW4BJfiMlyKK3AlrsDVuAZX4zpchxtwA27CTbgFt+A23AYfoQLAj3EX7sIU3IN7cC/uxX24D/fjfszCLDyAB/AgHsRDeAgP42E8gkfxGB7F43gcT+BJPIWn8AyewbP4bMKXDT66YVUKiPOUUCJGxIhYESviRJzIJXKJ3CK3iIiIiBfxIo/II/KKvCK/yC8SRIIoJAoJI4wgEcYAgIiKqCgqiopiopgoLooLJ5xIFImilCglSovSooy4RZQVt4pyorxo5SqKiqKSaO0qiztEFVFFVBXVRHVRQ9QQNUVNUUvUErVFbVFH1BF1xf2inuiJffFBcb4zDcUgbCQGY2PRRMgLn2AtxFBsKVqJ1uJx8QYOw7aihUsST4l2YhS2F38To/EZ0VGMxU7iOdFZdBFdxfOim2jpuoseYiL2FL3EFOwt+oi+op+YjtXEuzgrZ3XxikgRg8Rg8aqYh6+JoeJ1MeynI31TjBAjxSgxWowRY0WqGCfGi7fEBPG2mCgmicliikgTU8U08Y6YLmaImeJdMUu8J2aLOWKumCfSxftivlggMsQHYqH4UGSKRWKxWCKWimViuVghVopVYrVYI9aKdWK92CA2ik1is9gitoptYrv4SOwQH4udYpfYLT4Re8SnYq/4TOwTn4v94guRJb4UB8RX4qD4WhwS34jD4ltxRBwVx8R34rj4XpwQJ8UpcVqcET+Is+JHcU54ARKlkFIqGcgYmUPGypwyTl4hc8ngwrN7tYyX18g88lqZV+aT+WUBmSALykJSSyOtJBnKwrKIjMrrZFF5vSwmb5DFZQnpZEmZKG+UpeRNsrS8WZaRt8iy8lZZTpaXFWRFeZusJG+XEPl5H1VlNVld1pB3yWS4W9aS98ja8l5ZR94n68r7ZT35gKwvH5QN5EOyoXxYNpKPyMayiWwqm8nm8lHZQj4mW8pWsrV8XLaRT8i28kmZJJ+S7aS/8BJ5RnaUz8pO8jnZWXaRXeWP8pz0srvsIaEnyF7yRdlb9pF9ZT/ZX74kB8iX5UD5ikyRg+Rg+aocIl+TQ+Xrcph8Qw6Xb8oRcqQcJUfLMXKsTJXj5Hj5lpwg35YT5SQ5WU6RaXKq7HthpZlS/sP8t34nf+BPe98gN8pNcrPcIrfKbXK7/EjukDvkTrlT7pa75R65R+6Ve+U+uU/ul/tllsySB+QBeVAelIfkIXlYHpZH5FF5Wn4nj8vv5Ql5Up6Up+UZeUaevfAcgEIllFRKBSpG5VCxKqeKU1eoXOpKlVtdpSLqahWvrlF51LUqr8qn8qsCKkEVVIWUVkZZRSpUhVURFVXX4YUXjCquSiinSqpEdeO/kq+KqutVMXXDr/Iv1pf8B/U1V81VC9VCtVQtVWvVWrVRbVRb1VYlqSTVTrVT7VV71UF1UB1VR9VJdVKdVWfVVXVV3VQ31V11V8kqWfVSL6reqo/qq/qp/uolNUANUAPVQJWiUtRgNVgNUUPUUDVUDVPD1HA1XI1QI9QoNUqNUWNUqkpV49V4NUFNUBPVRDVZTVZpKk1NU9PUdDVdzVQz1Sw1S81Ws9VcNVelq3Q1X81XGSpDLVQLVaZapBapJWqJWqaWqRVqhVqlVqk1ao1ap9apTLVRbVSb1Wa1VW1V29V2tUPtUDvVTrVb7VZ71B61V+1V+9Q+tV/tV1kqSx1QB9RBdVAdUofUYXVYHVFH1DF1TB1Xx9UJdUKdUqfUGXVGnVVn1Tl17vxpXyACEahABTFBTBAbxAZxQVyQK8gV5A5yB5EgEsQH8UGe4Nogb5AvyB8UCBKCgkGhQAcmsIG40PRocF1QNLg+KBbcEBQPSgQuKBkkBjcGpYKbgtLBzUGZ4JagbHBrUC4oH1QIKga3BZWC24PKwR1BleDOoGpQLage1AjuCmoGdwe1gnuC2sG9QZ3gvqBucH9QL3ggqB88GDQIHgoaBg8HjYJHgsZBk6Bp0Cxo/qeu7/2JfI+57rqHTtY9dS/9ou6t++i+up/ur1/SA/TLeqB+RafoQXqwflUP0a/pofp1PUy/oYfrN/UIPVKP0qP1GD1Wp+pxerx+S0/Qb+uJepKerKfoND1VT9Pv6Ol6hp6p39Wz9Ht6tp6j5+p5Ol2/r+frBTpDf6AX6g91pl6kF+sleqleppfrFXqlXqVX6zV6rV6n1+sNeqPepDfrLXqr3qa364/0Dv2x3ql36d36E71Hf6r36s/0Pv253q+/0Fn6S31Af6UP6q/1If2NPqy/1Uf0UX1Mf6eP6+/1CX1Sn9Kn9Rn9gz6rf9TntD9/cn/+690oo0yMiTGxJtbEmTiTy+QyuU1uEzERE2/iTR6Tx+Q1eU1+k98kmARTyBQy55EhU9gUNlETNUVNUVPMFDPFTXHjjDOJJtGUMqVMaVPalDFlTFlT1pQz5UwFU8HcZm4zt5vbzR3mDnOnudNUM9VMDVPD1DQ1TS1Ty9Q2tU0dU8fUNXVNPVPP1Df1TQPTwDQ0DU0j08g0No1NU9PUNDfNTQvTwrQ0LU1r09q0MW1MW9PWJJkk0860M+1Ne9PBdDAdTUfTyXQynU1n09V0Nd1MN9PddDfJJtn0Mr1Mb9Pb9DV9TX/T3wwwA8xAM9CkmBQz2Aw2Q8wQM9QMNcPMG2b4+RNVM9KMMqPNGDPWpJpUM96MNxPMBDPRTDSTzWSTZtLMNDPNTDfTzUwz08wys8xsM9vMNXNNukk38818k2EyzEKz0GSaTLPYLDZLzVKz3Cw3K81Ks9qsNmthrVlv1puNZqPZbDabrWar2W62mx1mh9lpdprdZrfZY/aYvWav2Wf2mf1mv8kyWeaAOWAOmoPmkDlkDpvD5og5Yo6ZY+a4OW5OmBPmlDllzph8F74vvYm1OW2cvcLmslfa3PYq+/dxflvAJtiCtpDVNq/N96vYWGuL2RtscVvCOlvSJtobfxOXs+VtBVvR3mYr2dtt5d/ENe3dtpa9x9a299oa9q5fxXXsfbaufdjWQwSwTWwD28w2tA/bRvYR29g2sU1tM9vGPmHb2idtkn3KtrNP/yaebxfYlXaVXW3X2J12lz1lT9uD9mt7xv5gu9setr99yQ6wL9uB9hWbYgf9Jh5u37Qj7Eg7yo62Y+zY38ST7RSbZqfaafYdO93O+E2cbt+3s2yGnW3n2Ll23k/x+Zoy7Ad2of3QZtoAFtsldqldZpfbFf+/1iV2nV1vN9gd9mO72W6xW+02u/3iibDdZXfbT+we+6k9YL+y++zndr89ZLPslz/F54/vkP3GHrbf2iP2qD1mv7PH7ffqp9yRvQHsD/Y7+6M9Z70FQgKSpCigGMpBsZST4ugKykVXUm66iiJ0NcXTNZSHrqW8lI/yUwFKoIJUiDQZskQUUmEqQlG6ji6WV5xKkKOSlEg3Uim6iUrTzVSGbqGydCuVo/JUgSrSbVSJbqfKdAdVoTupKlWj6lSD7qKadDfVonuoNt1Ldeg+qkv3Uz16gOrTg9SAHqKG9DA1okeoMTWhptSMmtOj1IIeo5bUilrT49SGnqC29CQl0VPUjp6m9vQ36kDPUEd6ljrRc9SZulBXep660QvUnXpQMvWkXvQi9aY+1Jf6UX96iQbQyzSQXqEUGkSD6VUaQq/RUHqdhtEbNJzepBE0kkbRaBpDYymVxtF4eosm0Ns0kSbRZJpCaTSVptE7NJ1m0Ex6l2bRezSb5tBcmkfp9D7NpwWUQR/QQvqQMmkRLaYltJSW0XJaQStpFa2mNbSW1tF62kAbaRNtpi20lbbRdvqIdtDHtJN20W76hPbQp7SXPqN99Dntpy8oi76kA/QVHaSv6RB943vQt3SEjtIx+o6O0/d0gk7SKTpNZ+gHOks/0jnyBCGGIpShCoMwJswRxoY5w7jwijBXeGWYO7wqjIRXh/HhNWGe8Nowb5gvzB8WCBPCgmGhUIcmtCGFYVg4LBJGw+vCouH1YbEQw+JhidCFJcPE8MawVHhTWDq8OSwT3hKWDW8Ny4Xlw4fvrRjeFlYKbw8rh3eEVcI7w6phtbB6WCO8K6wZ3h3WCu8Ja4f3hqXD+8K64f1hvfCBsH74YNggfChsGD4cNgofCRuHTcKmYbOwefho2CJ8LGwZtgpbh4+HbcInwrbhk2FS+FTYLnz6p/n7FvzxfHLYM+wVvhi+GHp/j5wbnRdNj74fnR9dEM2IfhBdGP0wmhldFF0cXRJdGl0WXR5dEV0ZXRVdHV0TXRtdF10f3RD1vkYOcOiEk065wMW4HC7W5XRx7gqXy13pcrurXMRd7eLdNS6Pu9bldflcflfAJbiCrpDTzjjryIWusCviou46V9Rd74q5G1xxV8I5V9IlumauuWvuWrjHXEvXyrV2j7vH3RPuCfeke9I95dq5p1179zfXwT3jOrpn3bPuOdfZdXFd3fOumxuX++f3ZLLr5Xq53q636+v6uv6uvxvgBriBbqBLcSlusBvshrghbqgb6oa5YW64G+5GuBFulBvlxrgxLtWluvFuvJvgJriJbqKb7Ca7NJfmprlpbrqb7irN+Hkvs91sN9fNdeku3c13588ZM9xCt9Bluky32C12S91St9wtdyvdSrfarXZr3Vq33q13G91Gt9ltdlvdVrfdbXc73A6301/186Juj9vr9rp9bp/b775wWe5Ld8B95Q66r90h94077L51R9xRd8x95467790Jd9KdcqfdGfeDO+t+dOecd6mRcZHxkbciEyJvRyZGJkUmR6ZE0iJTI9Mi70SmR2ZEZkbejcyKvBeZHZkTmRuZF0mPvB+ZH1kQyYh8EFkY+TCSGVkUWRxZElkaWRbxvuDm0Bf2RXzUX+eL+ut9MX+DL+5LeOdL+kR/oy/lb/Kl/c2+jL/Fl/W3+nK+vK/gH/GNfRPf1Dfzzf2jvoV/zLf0rXxr/7hv45/wbf2TPsk/5dv5p317/zffwT/jO/pnfSf/nO/su/iu/nnfzb/gu/sePtn39L38i7637+P7+n6+v3/JD/Av+4H+FZ/iB/nB/lU/xL/mh/rX/TD/hh8e86YfcfESGcb6VD/Oj/dv+Qn+bT/RT/KT/RSf5qf6af4dP93P8DP9u36Wf8/P9nP8XD/Pp/v3/Xy/wGf4D/xC/6HP9Isu3lT2y/0Kv9Kv8qv9Gr/Wr/Pr/Qa/0W/ym/0Wv9Vv89v9R36H/9jv9Lv8bv+J3+M/9Xv9Z36f/9zv91/4LP+lP+C/8gf91/6Q/8Yf9t/6I/6oP+a/88f99/6EP+lP+dP+jP/Bn/U/+nP8f9YYY4wxxv4p4y4Nxa9nfr6d3/N3csQvNu4FAFduKZD1y/nzZ5Rr8/487iMS2kQA4KkenR68+KhaNTk5+cK2mRKCInMALv5N0HkxcCleBK3hCUiCVlDqd+vvI7qcoX+wfvQWgLhf5MTCpfjS+p8BYPLvrP/o48Pnlw1Pxf8P688BKFbkUk5OuBQvgtY/3V9pBaX/oP58LX5Zf+xv18/5eSpAy1/k5IJL8aX6E+ExeBqSfrUlY4wxxhhjjDH2sz6iQoeL158X/8Xn712fJ6hLOTngUvyPrs8ZY4wxxhhjjDF2+T3TpeuTjyYlterwrw8q/6+y/ulBI/i/WvkvGdzxn1HGvzDwHuDiTxQA/JsLApwfyL/yKDb9JftKufDW+fuppad9AP8ZrfwzBpf5g4kxxhhjjDH2p7t00v/rn6vLVRBjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMZYN/RW/TuyX++tx+Q6VMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYu2z+XwAAAP//dMcCKA==")
mount$bind(&(0x7f00000002c0)='.\x00', &(0x7f0000000200)='./file0/../file0\x00', 0x0, 0x109041, 0x0)
mount$bind(0x0, &(0x7f0000000140)='./file0\x00', 0x0, 0x100000, 0x0)
mount$bind(&(0x7f0000000040)='./file0/file0\x00', &(0x7f0000000340)='./file0/file0\x00', 0x0, 0x81105a, 0x0)
mount$bind(&(0x7f0000000100)='./file0/../file0\x00', &(0x7f0000000080)='./file0/file0/file0\x00', 0x0, 0x887008, 0x0)
r0 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000040)='mountinfo\x00')
read$FUSE(r0, &(0x7f0000006b40)={0x2020}, 0x206e)

2m20.989808093s ago: executing program 2 (id=35):
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
mmap(&(0x7f0000000000/0xa000)=nil, 0xa000, 0x1000006, 0x4132, 0xffffffffffffffff, 0x0)
setsockopt$sock_int(r0, 0x1, 0x3c, &(0x7f0000000040)=0x1, 0xfff0)
setsockopt$inet_tcp_TCP_REPAIR(r0, 0x6, 0x13, &(0x7f00000000c0)=0x1, 0x4)
connect$inet(r0, &(0x7f0000000080)={0x2, 0x0, @loopback}, 0x10)
setsockopt$inet_tcp_TCP_REPAIR(r0, 0x6, 0x13, &(0x7f00000001c0)=0xffffffffffffffff, 0x4)
sendmmsg$inet(r0, &(0x7f0000000780)=[{{0x0, 0x0, &(0x7f0000000500)=[{&(0x7f0000000300)='T', 0xffa6}], 0x1}}, {{0x0, 0x0, &(0x7f0000000480)=[{&(0x7f0000000380)='q', 0x1}], 0x1, &(0x7f0000000600)=ANY=[], 0x158}}], 0x2, 0x4048841)

2m20.119588969s ago: executing program 2 (id=38):
openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0)
r0 = socket$nl_route(0x10, 0x3, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f00000002c0)={'ipvlan0\x00'})
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffe}, 0x0)
syz_usb_connect(0x0, 0x5f, 0x0, 0x0)
r3 = openat$cuse(0xffffffffffffff9c, 0x0, 0x2, 0x0)
write$FUSE_NOTIFY_DELETE(r3, &(0x7f0000000200)=ANY=[@ANYBLOB="45000000060000000000000000000f00050000040000000003000000000000001c0000000000"], 0x45)
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0xd2e, &(0x7f00000000c0))
msgctl$IPC_INFO(0x0, 0x3, &(0x7f0000000200)=""/112)
socket$inet6_tcp(0xa, 0x1, 0x0)
r4 = syz_io_uring_setup(0x74d, &(0x7f0000000100)={0x0, 0x59c4, 0x8, 0x1000, 0x5cc}, &(0x7f0000000300)=<r5=>0x0, &(0x7f0000000080)=<r6=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r5, 0x4, &(0x7f0000000180)=0xfffffffc, 0x0, 0x4)
r7 = socket$nl_generic(0x10, 0x3, 0x10)
syz_io_uring_submit(r5, r6, &(0x7f0000000000)=@IORING_OP_SENDMSG={0x9, 0x50, 0x0, r7, 0x0, &(0x7f0000000280)={0x0, 0x0, &(0x7f00000000c0)=[{0x0}, {0x0}], 0x2}, 0x0, 0x0, 0x1})
io_uring_enter(r4, 0x749f, 0x4, 0x0, 0x0, 0xfffffffffffffef5)

2m18.081049759s ago: executing program 32 (id=38):
openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0)
r0 = socket$nl_route(0x10, 0x3, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f00000002c0)={'ipvlan0\x00'})
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffe}, 0x0)
syz_usb_connect(0x0, 0x5f, 0x0, 0x0)
r3 = openat$cuse(0xffffffffffffff9c, 0x0, 0x2, 0x0)
write$FUSE_NOTIFY_DELETE(r3, &(0x7f0000000200)=ANY=[@ANYBLOB="45000000060000000000000000000f00050000040000000003000000000000001c0000000000"], 0x45)
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0xd2e, &(0x7f00000000c0))
msgctl$IPC_INFO(0x0, 0x3, &(0x7f0000000200)=""/112)
socket$inet6_tcp(0xa, 0x1, 0x0)
r4 = syz_io_uring_setup(0x74d, &(0x7f0000000100)={0x0, 0x59c4, 0x8, 0x1000, 0x5cc}, &(0x7f0000000300)=<r5=>0x0, &(0x7f0000000080)=<r6=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r5, 0x4, &(0x7f0000000180)=0xfffffffc, 0x0, 0x4)
r7 = socket$nl_generic(0x10, 0x3, 0x10)
syz_io_uring_submit(r5, r6, &(0x7f0000000000)=@IORING_OP_SENDMSG={0x9, 0x50, 0x0, r7, 0x0, &(0x7f0000000280)={0x0, 0x0, &(0x7f00000000c0)=[{0x0}, {0x0}], 0x2}, 0x0, 0x0, 0x1})
io_uring_enter(r4, 0x749f, 0x4, 0x0, 0x0, 0xfffffffffffffef5)

1m59.756684266s ago: executing program 1 (id=98):
creat(&(0x7f0000000040)='./file0\x00', 0x0)
write$P9_RVERSION(0xffffffffffffffff, &(0x7f00000002c0)=ANY=[@ANYBLOB="1500000065ffff018000000800395032303030"], 0x15)
r0 = dup(0xffffffffffffffff)
write$P9_RLERRORu(r0, &(0x7f00000000c0)=ANY=[@ANYBLOB="5300000007000046009d40", @ANYBLOB="fe4cecb210bc09"], 0x53)
mount$9p_fd(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000180), 0x800000, &(0x7f0000019200)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX, @ANYBLOB=',wfdno=', @ANYRESHEX=r0])

1m59.425058301s ago: executing program 1 (id=100):
r0 = syz_open_procfs(0x0, &(0x7f0000000140)='net/ipv6_route\x00')
preadv(r0, &(0x7f0000000080)=[{&(0x7f0000000240)=""/135, 0x87}], 0x1, 0x1fe, 0x7)

1m59.044644798s ago: executing program 1 (id=102):
r0 = socket$nl_route(0x10, 0x3, 0x0)
syz_usb_connect(0x5, 0xf4, &(0x7f0000000700)=ANY=[@ANYBLOB="120110014c306f10da0b38011230010203010902e20002a60000000904b10403d7b5d25b09210400020122c705090500100004f40804072501832f08000905000040008103ff0905091b08000c078009042201040e010003090509000000030004090502020002f7810671300c458e9532438d4aae3ef0c9bf5c520b1aaab11a8cae9a60c3160adc1dfedebf5a6ead8834c7780c2eb777ef0caf96cd8b3b77f357f4aa1b662ab40651e6ae8cc63dd9f6e2d24afaed81a927ca2e0354281cfeffffffffffffffbf09aac591308e5c0c3c419bb288a21890e1af4af409050303ff030840040705a6c6415a9f09058503"], 0x0)
sendmsg$nl_route(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={0x0, 0x60}, 0x1, 0x0, 0x0, 0x20004040}, 0x54)

1m56.736775995s ago: executing program 1 (id=106):
syz_mount_image$exfat(&(0x7f00000000c0), &(0x7f0000000000)='./file0\x00', 0x0, &(0x7f0000000100)={[{@errors_remount}, {@discard}, {@time_offset={'time_offset', 0x3d, 0x2}}, {@errors_remount}, {@keep_last_dots}, {@gid}, {@zero_size_dir}, {@time_offset={'time_offset', 0x3d, 0x6}}, {@umask={'umask', 0x3d, 0x3ff}}, {@zero_size_dir}]}, 0x1, 0x1534, &(0x7f0000000380)="$eJzs3AucTtX6OPDnWWvtMSbpbZLLsNZ6Nm8SyyRJLklySZIkSXJLSJrkSEJiyC1pSJJch+QyhOQyMWnc7/dLQpI0SRKSW7L+H8Vfnep3zvmdfjmfM8/383k/1jNrP2s/+33ey94b83WnwdUb1qhSn4jg34I//5EMALEA0B8ArgKAAADKxJeJPz+fU2Lyv7cT9ud6MO1yV8AuJ+5/9sb9z964/9kb9z974/5nb9z/7I37n71x/xnLzjZOLXA1P7Lvg+////er+4cz/P3/XySr5OjPV5e8tjNAzD+bwv3P3rj//7WCf2Yj7n/2xv3PrmIvdwHsPwC//7ODHH84w/3P3rj/jGVnl/v+8+V+QCR7PweX+/XHGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYYyx7OOUvUQBwcXy562KMMcYYY4wxxtifx+e43BUwxhhjjDHGGGPs/x6CAAkKAoiBHBALOSEOBABcCbnhKojA1RAP10AeuBbyQj7IDwUgAQpCIdBgwAJBCIWhCEThOigK10MxuAGKQwlwUBIS4UYoBTdBabgZysAtUBZuhXJQHipARbgNKsHtUBnugCpwJ1SFalAdasBdUBPuhlpwD9SGe6EO3Ad14X6oBw9AfXgQGsBD0BAehkbwCDSGJtAUmkHz/1X+89ANXoDu0AOSoSf0ghehN/SBvtAP+sNLMABehoHwCqTAIBgMr8IQeA2GwuswDN6A4fAmjICRMApGwxgYC6kwDsbDWzAB3oaJMAkmwxRIg6kwDd6B6TADZsK7MAveg9kwB+bCPEiH92E+LIAM+AAWwoeQCYtgMSyBpbAMlsMKWAmrYDWsgbWwDtbDBtgIm2AzbIGtsA22w0ewAz6GnbALdsMnsAc+/RfzT/5dfmcEBBQoUKHCGIzBWIzFOIzDXJgLc2NujGAE4zEe82AezIt5MT/mxwRMwEJYCA0aJCQsjIUxilEsikWxGBbD4lgcHTpMxEQshTdhaSyNZbAMlsWyWA7LY3msiBWxElbCylgZq2AVrIpVsTpWx7vwLuyJtbAW1sbaWAfrXLw9hfWxPjbABtgQG2IjbISNsTE2xabYHJtjC2yBLbEltsbW2AbbYFtsi0mYhO2wHbbH9tgBO2BH7IidsBN2xi7YJev5HIAv4AvYA6uKntgLe2FvTMnRF/thP3wJB+DL+DK+gik4CAfjq/gqvoZD8QQOwzdwOA7HSmIkjsLRSGIspmIqjsfxOAEn4ESchJNwCqbhVJyG03A6zsAZ+C7OwvfwPZyDc3AepmM6zscFmIEZuBBPYiYuwsW4BJfiMlyKK3AlrsDVuAZX4zpchxtwA27CTbgFt+A23AYfoQLAj3EX7sIU3IN7cC/uxX24D/fjfszCLDyAB/AgHsRDeAgP42E8gkfxGB7F43gcT+BJPIWn8AyewbP4bMKXDT66YVUKiPOUUCJGxIhYESviRJzIJXKJ3CK3iIiIiBfxIo/II/KKvCK/yC8SRIIoJAoJI4wgEcYAgIiKqCgqiopiopgoLooLJ5xIFImilCglSovSooy4RZQVt4pyorxo5SqKiqKSaO0qiztEFVFFVBXVRHVRQ9QQNUVNUUvUErVFbVFH1BF1xf2inuiJffFBcb4zDcUgbCQGY2PRRMgLn2AtxFBsKVqJ1uJx8QYOw7aihUsST4l2YhS2F38To/EZ0VGMxU7iOdFZdBFdxfOim2jpuoseYiL2FL3EFOwt+oi+op+YjtXEuzgrZ3XxikgRg8Rg8aqYh6+JoeJ1MeynI31TjBAjxSgxWowRY0WqGCfGi7fEBPG2mCgmicliikgTU8U08Y6YLmaImeJdMUu8J2aLOWKumCfSxftivlggMsQHYqH4UGSKRWKxWCKWimViuVghVopVYrVYI9aKdWK92CA2ik1is9gitoptYrv4SOwQH4udYpfYLT4Re8SnYq/4TOwTn4v94guRJb4UB8RX4qD4WhwS34jD4ltxRBwVx8R34rj4XpwQJ8UpcVqcET+Is+JHcU54ARKlkFIqGcgYmUPGypwyTl4hc8ngwrN7tYyX18g88lqZV+aT+WUBmSALykJSSyOtJBnKwrKIjMrrZFF5vSwmb5DFZQnpZEmZKG+UpeRNsrS8WZaRt8iy8lZZTpaXFWRFeZusJG+XEPl5H1VlNVld1pB3yWS4W9aS98ja8l5ZR94n68r7ZT35gKwvH5QN5EOyoXxYNpKPyMayiWwqm8nm8lHZQj4mW8pWsrV8XLaRT8i28kmZJJ+S7aS/8BJ5RnaUz8pO8jnZWXaRXeWP8pz0srvsIaEnyF7yRdlb9pF9ZT/ZX74kB8iX5UD5ikyRg+Rg+aocIl+TQ+Xrcph8Qw6Xb8oRcqQcJUfLMXKsTJXj5Hj5lpwg35YT5SQ5WU6RaXKq7HthpZlS/sP8t34nf+BPe98gN8pNcrPcIrfKbXK7/EjukDvkTrlT7pa75R65R+6Ve+U+uU/ul/tllsySB+QBeVAelIfkIXlYHpZH5FF5Wn4nj8vv5Ql5Up6Up+UZeUaevfAcgEIllFRKBSpG5VCxKqeKU1eoXOpKlVtdpSLqahWvrlF51LUqr8qn8qsCKkEVVIWUVkZZRSpUhVURFVXX4YUXjCquSiinSqpEdeO/kq+KqutVMXXDr/Iv1pf8B/U1V81VC9VCtVQtVWvVWrVRbVRb1VYlqSTVTrVT7VV71UF1UB1VR9VJdVKdVWfVVXVV3VQ31V11V8kqWfVSL6reqo/qq/qp/uolNUANUAPVQJWiUtRgNVgNUUPUUDVUDVPD1HA1XI1QI9QoNUqNUWNUqkpV49V4NUFNUBPVRDVZTVZpKk1NU9PUdDVdzVQz1Sw1S81Ws9VcNVelq3Q1X81XGSpDLVQLVaZapBapJWqJWqaWqRVqhVqlVqk1ao1ap9apTLVRbVSb1Wa1VW1V29V2tUPtUDvVTrVb7VZ71B61V+1V+9Q+tV/tV1kqSx1QB9RBdVAdUofUYXVYHVFH1DF1TB1Xx9UJdUKdUqfUGXVGnVVn1Tl17vxpXyACEahABTFBTBAbxAZxQVyQK8gV5A5yB5EgEsQH8UGe4Nogb5AvyB8UCBKCgkGhQAcmsIG40PRocF1QNLg+KBbcEBQPSgQuKBkkBjcGpYKbgtLBzUGZ4JagbHBrUC4oH1QIKga3BZWC24PKwR1BleDOoGpQLage1AjuCmoGdwe1gnuC2sG9QZ3gvqBucH9QL3ggqB88GDQIHgoaBg8HjYJHgsZBk6Bp0Cxo/qeu7/2JfI+57rqHTtY9dS/9ou6t++i+up/ur1/SA/TLeqB+RafoQXqwflUP0a/pofp1PUy/oYfrN/UIPVKP0qP1GD1Wp+pxerx+S0/Qb+uJepKerKfoND1VT9Pv6Ol6hp6p39Wz9Ht6tp6j5+p5Ol2/r+frBTpDf6AX6g91pl6kF+sleqleppfrFXqlXqVX6zV6rV6n1+sNeqPepDfrLXqr3qa364/0Dv2x3ql36d36E71Hf6r36s/0Pv253q+/0Fn6S31Af6UP6q/1If2NPqy/1Uf0UX1Mf6eP6+/1CX1Sn9Kn9Rn9gz6rf9TntD9/cn/+690oo0yMiTGxJtbEmTiTy+QyuU1uEzERE2/iTR6Tx+Q1eU1+k98kmARTyBQy55EhU9gUNlETNUVNUVPMFDPFTXHjjDOJJtGUMqVMaVPalDFlTFlT1pQz5UwFU8HcZm4zt5vbzR3mDnOnudNUM9VMDVPD1DQ1TS1Ty9Q2tU0dU8fUNXVNPVPP1Df1TQPTwDQ0DU0j08g0No1NU9PUNDfNTQvTwrQ0LU1r09q0MW1MW9PWJJkk0860M+1Ne9PBdDAdTUfTyXQynU1n09V0Nd1MN9PddDfJJtn0Mr1Mb9Pb9DV9TX/T3wwwA8xAM9CkmBQz2Aw2Q8wQM9QMNcPMG2b4+RNVM9KMMqPNGDPWpJpUM96MNxPMBDPRTDSTzWSTZtLMNDPNTDfTzUwz08wys8xsM9vMNXNNukk38818k2EyzEKz0GSaTLPYLDZLzVKz3Cw3K81Ks9qsNmthrVlv1puNZqPZbDabrWar2W62mx1mh9lpdprdZrfZY/aYvWav2Wf2mf1mv8kyWeaAOWAOmoPmkDlkDpvD5og5Yo6ZY+a4OW5OmBPmlDllzph8F74vvYm1OW2cvcLmslfa3PYq+/dxflvAJtiCtpDVNq/N96vYWGuL2RtscVvCOlvSJtobfxOXs+VtBVvR3mYr2dtt5d/ENe3dtpa9x9a299oa9q5fxXXsfbaufdjWQwSwTWwD28w2tA/bRvYR29g2sU1tM9vGPmHb2idtkn3KtrNP/yaebxfYlXaVXW3X2J12lz1lT9uD9mt7xv5gu9setr99yQ6wL9uB9hWbYgf9Jh5u37Qj7Eg7yo62Y+zY38ST7RSbZqfaafYdO93O+E2cbt+3s2yGnW3n2Ll23k/x+Zoy7Ad2of3QZtoAFtsldqldZpfbFf+/1iV2nV1vN9gd9mO72W6xW+02u/3iibDdZXfbT+we+6k9YL+y++zndr89ZLPslz/F54/vkP3GHrbf2iP2qD1mv7PH7ffqp9yRvQHsD/Y7+6M9Z70FQgKSpCigGMpBsZST4ugKykVXUm66iiJ0NcXTNZSHrqW8lI/yUwFKoIJUiDQZskQUUmEqQlG6ji6WV5xKkKOSlEg3Uim6iUrTzVSGbqGydCuVo/JUgSrSbVSJbqfKdAdVoTupKlWj6lSD7qKadDfVonuoNt1Ldeg+qkv3Uz16gOrTg9SAHqKG9DA1okeoMTWhptSMmtOj1IIeo5bUilrT49SGnqC29CQl0VPUjp6m9vQ36kDPUEd6ljrRc9SZulBXep660QvUnXpQMvWkXvQi9aY+1Jf6UX96iQbQyzSQXqEUGkSD6VUaQq/RUHqdhtEbNJzepBE0kkbRaBpDYymVxtF4eosm0Ns0kSbRZJpCaTSVptE7NJ1m0Ex6l2bRezSb5tBcmkfp9D7NpwWUQR/QQvqQMmkRLaYltJSW0XJaQStpFa2mNbSW1tF62kAbaRNtpi20lbbRdvqIdtDHtJN20W76hPbQp7SXPqN99Dntpy8oi76kA/QVHaSv6RB943vQt3SEjtIx+o6O0/d0gk7SKTpNZ+gHOks/0jnyBCGGIpShCoMwJswRxoY5w7jwijBXeGWYO7wqjIRXh/HhNWGe8Nowb5gvzB8WCBPCgmGhUIcmtCGFYVg4LBJGw+vCouH1YbEQw+JhidCFJcPE8MawVHhTWDq8OSwT3hKWDW8Ny4Xlw4fvrRjeFlYKbw8rh3eEVcI7w6phtbB6WCO8K6wZ3h3WCu8Ja4f3hqXD+8K64f1hvfCBsH74YNggfChsGD4cNgofCRuHTcKmYbOwefho2CJ8LGwZtgpbh4+HbcInwrbhk2FS+FTYLnz6p/n7FvzxfHLYM+wVvhi+GHp/j5wbnRdNj74fnR9dEM2IfhBdGP0wmhldFF0cXRJdGl0WXR5dEV0ZXRVdHV0TXRtdF10f3RD1vkYOcOiEk065wMW4HC7W5XRx7gqXy13pcrurXMRd7eLdNS6Pu9bldflcflfAJbiCrpDTzjjryIWusCviou46V9Rd74q5G1xxV8I5V9IlumauuWvuWrjHXEvXyrV2j7vH3RPuCfeke9I95dq5p1179zfXwT3jOrpn3bPuOdfZdXFd3fOumxuX++f3ZLLr5Xq53q636+v6uv6uvxvgBriBbqBLcSlusBvshrghbqgb6oa5YW64G+5GuBFulBvlxrgxLtWluvFuvJvgJriJbqKb7Ca7NJfmprlpbrqb7irN+Hkvs91sN9fNdeku3c13588ZM9xCt9Bluky32C12S91St9wtdyvdSrfarXZr3Vq33q13G91Gt9ltdlvdVrfdbXc73A6301/186Juj9vr9rp9bp/b775wWe5Ld8B95Q66r90h94077L51R9xRd8x95467790Jd9KdcqfdGfeDO+t+dOecd6mRcZHxkbciEyJvRyZGJkUmR6ZE0iJTI9Mi70SmR2ZEZkbejcyKvBeZHZkTmRuZF0mPvB+ZH1kQyYh8EFkY+TCSGVkUWRxZElkaWRbxvuDm0Bf2RXzUX+eL+ut9MX+DL+5LeOdL+kR/oy/lb/Kl/c2+jL/Fl/W3+nK+vK/gH/GNfRPf1Dfzzf2jvoV/zLf0rXxr/7hv45/wbf2TPsk/5dv5p317/zffwT/jO/pnfSf/nO/su/iu/nnfzb/gu/sePtn39L38i7637+P7+n6+v3/JD/Av+4H+FZ/iB/nB/lU/xL/mh/rX/TD/hh8e86YfcfESGcb6VD/Oj/dv+Qn+bT/RT/KT/RSf5qf6af4dP93P8DP9u36Wf8/P9nP8XD/Pp/v3/Xy/wGf4D/xC/6HP9Isu3lT2y/0Kv9Kv8qv9Gr/Wr/Pr/Qa/0W/ym/0Wv9Vv89v9R36H/9jv9Lv8bv+J3+M/9Xv9Z36f/9zv91/4LP+lP+C/8gf91/6Q/8Yf9t/6I/6oP+a/88f99/6EP+lP+dP+jP/Bn/U/+nP8f9YYY4wxxv4p4y4Nxa9nfr6d3/N3csQvNu4FAFduKZD1y/nzZ5Rr8/487iMS2kQA4KkenR68+KhaNTk5+cK2mRKCInMALv5N0HkxcCleBK3hCUiCVlDqd+vvI7qcoX+wfvQWgLhf5MTCpfjS+p8BYPLvrP/o48Pnlw1Pxf8P688BKFbkUk5OuBQvgtY/3V9pBaX/oP58LX5Zf+xv18/5eSpAy1/k5IJL8aX6E+ExeBqSfrUlY4wxxhhjjDH2sz6iQoeL158X/8Xn712fJ6hLOTngUvyPrs8ZY4wxxhhjjDF2+T3TpeuTjyYlterwrw8q/6+y/ulBI/i/WvkvGdzxn1HGvzDwHuDiTxQA/JsLApwfyL/yKDb9JftKufDW+fuppad9AP8ZrfwzBpf5g4kxxhhjjDH2p7t00v/rn6vLVRBjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMZYN/RW/TuyX++tx+Q6VMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYu2z+XwAAAP//dMcCKA==")
mount$bind(&(0x7f00000002c0)='.\x00', &(0x7f0000000200)='./file0/../file0\x00', 0x0, 0x109041, 0x0)
mount$bind(&(0x7f0000000040)='./file0/file0\x00', &(0x7f0000000340)='./file0/file0\x00', 0x0, 0x81105a, 0x0)
mount$bind(&(0x7f0000000880)='./file0/../file0\x00', &(0x7f0000000440)='./file0/file0\x00', 0x0, 0x1adc11, 0x0)
mount$bind(&(0x7f0000000100)='./file0/../file0\x00', &(0x7f0000000080)='./file0/file0/file0\x00', 0x0, 0x887008, 0x0)
r0 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000040)='mountinfo\x00')
read$FUSE(r0, &(0x7f0000006b40)={0x2020}, 0x206e)

1m55.877936684s ago: executing program 1 (id=109):
syz_open_dev$ttys(0xc, 0x2, 0x0)
socket$netlink(0x10, 0x3, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0)
r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r3, 0x4020ae46, &(0x7f0000000180)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
add_key$keyring(0x0, 0x0, 0x0, 0x0, 0x0)
syz_clone3(0x0, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r4, &(0x7f0000fe5000/0x18000)=nil, &(0x7f00000001c0)=[@text16={0x10, 0x0}], 0x1, 0xe79b04dd2a128718, 0x0, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000fe8000/0x18000)=nil, &(0x7f00000000c0)=[@text16={0x10, &(0x7f0000000000)="0f080fae04a200400f01c426660f3a15e6160fc76bdbf08666350f2170260fed9c000066b9230b00000f32", 0x2b}], 0x1, 0x0, 0x0, 0x0)
ioctl$KVM_RUN(r4, 0xae80, 0x0)
syz_emit_ethernet(0x1a, &(0x7f0000000440)={@local, @remote, @void, {@llc={0x4, {@llc={0xaa, 0xd4, 's', "1839b3fd4aabb47e7a"}}}}}, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r5=>0xffffffffffffffff})
r6 = openat$binder_debug(0xffffffffffffff9c, 0x0, 0x0, 0x0)
ioctl$KVM_CREATE_VCPU(r6, 0xae41, 0x1)
socket$netlink(0x10, 0x3, 0x0)
r7 = socket$nl_route(0x10, 0x3, 0x0)
r8 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r5, 0x8933, &(0x7f0000000000)={'batadv_slave_0\x00', <r9=>0x0})
sendmsg$nl_route(r8, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000140)=@ipv6_newnexthop={0x20, 0x68, 0x5fb9a818fb7378e9, 0x0, 0x25dfdbff, {}, [@NHA_OIF={0x8, 0x5, r9}]}, 0x20}}, 0x0)
r10 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r10, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000004c0)=@newnexthop={0x38, 0x68, 0x1, 0x100003, 0x7ffffffd, {}, [@NHA_GROUP={0xc, 0x2, [{0x1, 0x15}]}, @NHA_RES_GROUP={0xc, 0xc, 0x0, 0x1, [@NHA_RES_GROUP_BUCKETS={0x6, 0x1, 0x3fd4}]}, @NHA_GROUP_TYPE={0x6, 0x3, 0x1}]}, 0x38}, 0x1, 0x0, 0x0, 0x4008018}, 0x4000080)
sendmsg$nl_route(r7, &(0x7f0000000080)={0x0, 0x0, 0x0}, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0xa, 0xc, 0x42, 0x40, 0x46}, 0x50)
openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)

1m55.112574875s ago: executing program 1 (id=114):
ioctl$KVM_SET_REGS(0xffffffffffffffff, 0x4090ae82, &(0x7f0000000000)={[0x3, 0x7, 0x2, 0x17d, 0x4, 0x10, 0xf1, 0x50, 0x7fffffffffffe, 0x5, 0x0, 0x9, 0x0, 0x6, 0x0, 0xbd8], 0xffff1001, 0x120182})
syz_kvm_add_vcpu$x86(0x0, &(0x7f00000000c0)={0x0, &(0x7f00000001c0)=ANY=[@ANYBLOB="010000000000000045000000040000000fa2"], 0x45})
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000340), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil})
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_CPUID2(r2, 0x4008ae90, &(0x7f0000000240)=ANY=[@ANYBLOB="0100000000000000010000807e2a0000030079040000080000007ef9000000000000000000009cd2cabd63923a2d1bc631089fd6f9ce0eb5c100bfbf051c60"])
ioctl$KVM_RUN(r2, 0xae80, 0x0)
ioctl$KVM_RUN(r2, 0xae80, 0x0)

1m53.037802141s ago: executing program 33 (id=114):
ioctl$KVM_SET_REGS(0xffffffffffffffff, 0x4090ae82, &(0x7f0000000000)={[0x3, 0x7, 0x2, 0x17d, 0x4, 0x10, 0xf1, 0x50, 0x7fffffffffffe, 0x5, 0x0, 0x9, 0x0, 0x6, 0x0, 0xbd8], 0xffff1001, 0x120182})
syz_kvm_add_vcpu$x86(0x0, &(0x7f00000000c0)={0x0, &(0x7f00000001c0)=ANY=[@ANYBLOB="010000000000000045000000040000000fa2"], 0x45})
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000340), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil})
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_CPUID2(r2, 0x4008ae90, &(0x7f0000000240)=ANY=[@ANYBLOB="0100000000000000010000807e2a0000030079040000080000007ef9000000000000000000009cd2cabd63923a2d1bc631089fd6f9ce0eb5c100bfbf051c60"])
ioctl$KVM_RUN(r2, 0xae80, 0x0)
ioctl$KVM_RUN(r2, 0xae80, 0x0)

1m26.391661366s ago: executing program 4 (id=214):
r0 = openat$iommufd(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0)
ioctl$IOMMU_IOAS_ALLOC(r0, 0x3b81, &(0x7f00000000c0)={0xc})
r1 = epoll_create1(0x0)
r2 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r2, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=@newlink={0x44, 0x10, 0x44b, 0x0, 0x0, {0x7a, 0x0, 0x0, 0x0, 0x0, 0x2200}, [@IFLA_LINKINFO={0x18, 0x12, 0x0, 0x1, @ip6erspan={{0xe}, {0x4}}}, @IFLA_ADDRESS={0xa, 0x1, @dev}]}, 0x44}}, 0x4)
fcntl$dupfd(r1, 0x2, 0xffffffffffffffff)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r3=>0xffffffffffffffff})
connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0)
r4 = syz_io_uring_setup(0x88f, &(0x7f00000010c0)={0x0, 0xc941, 0x0, 0x2, 0xbfdffffc}, &(0x7f0000000000)=<r5=>0x0, &(0x7f0000000280)=<r6=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r5, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4)
r7 = socket$can_j1939(0x1d, 0x2, 0x7)
syz_io_uring_submit(r5, r6, &(0x7f00000002c0)=@IORING_OP_CONNECT={0x10, 0x0, 0x0, r7, 0x73, &(0x7f00000000c0)=@can, 0x0, 0x0, 0x2})
io_uring_enter(r4, 0x47f6, 0x0, 0x4, 0x0, 0x0)

1m25.192642525s ago: executing program 4 (id=221):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_DESTROY(r0, &(0x7f0000000180)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x20000008}, 0xc, &(0x7f0000000100)={&(0x7f00000001c0)={0x3c, 0x3, 0x6, 0x401, 0x0, 0x0, {0x3, 0x0, 0x8}, [@IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_PROTOCOL={0x5}]}, 0x3c}, 0x1, 0x0, 0x0, 0x48040}, 0x4010)

1m24.967730428s ago: executing program 4 (id=222):
r0 = socket$inet6(0xa, 0x2, 0x0)
bind$inet6(r0, &(0x7f0000f5dfe4)={0xa, 0x4e20, 0x0, @empty}, 0x1c)
setsockopt$inet6_int(r0, 0x29, 0x3, &(0x7f0000004240)=0x40000006, 0x4)
recvmmsg(r0, &(0x7f0000002640)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000000680)=""/4096, 0x1000}, 0xcf}], 0x1, 0x3, 0x0)
sendto$inet6(r0, 0x0, 0x0, 0x20000001, &(0x7f0000000300)={0xa, 0x4e20, 0x5, @mcast1}, 0x1c)

1m24.60443844s ago: executing program 4 (id=225):
syz_mount_image$exfat(&(0x7f00000000c0), &(0x7f0000000000)='./file0\x00', 0x0, &(0x7f0000000100)={[{@errors_remount}, {@discard}, {@time_offset={'time_offset', 0x3d, 0x2}}, {@errors_remount}, {@keep_last_dots}, {@gid}, {@zero_size_dir}, {@time_offset={'time_offset', 0x3d, 0x6}}, {@umask={'umask', 0x3d, 0x3ff}}, {@zero_size_dir}]}, 0x1, 0x1534, &(0x7f0000000380)="$eJzs3AucTtX6OPDnWWvtMSbpbZLLsNZ6Nm8SyyRJLklySZIkSXJLSJrkSEJiyC1pSJJch+QyhOQyMWnc7/dLQpI0SRKSW7L+H8Vfnep3zvmdfjmfM8/383k/1jNrP2s/+33ey94b83WnwdUb1qhSn4jg34I//5EMALEA0B8ArgKAAADKxJeJPz+fU2Lyv7cT9ud6MO1yV8AuJ+5/9sb9z964/9kb9z974/5nb9z/7I37n71x/xnLzjZOLXA1P7Lvg+////er+4cz/P3/XySr5OjPV5e8tjNAzD+bwv3P3rj//7WCf2Yj7n/2xv3PrmIvdwHsPwC//7ODHH84w/3P3rj/jGVnl/v+8+V+QCR7PweX+/XHGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYYyx7OOUvUQBwcXy562KMMcYYY4wxxtifx+e43BUwxhhjjDHGGGPs/x6CAAkKAoiBHBALOSEOBABcCbnhKojA1RAP10AeuBbyQj7IDwUgAQpCIdBgwAJBCIWhCEThOigK10MxuAGKQwlwUBIS4UYoBTdBabgZysAtUBZuhXJQHipARbgNKsHtUBnugCpwJ1SFalAdasBdUBPuhlpwD9SGe6EO3Ad14X6oBw9AfXgQGsBD0BAehkbwCDSGJtAUmkHz/1X+89ANXoDu0AOSoSf0ghehN/SBvtAP+sNLMABehoHwCqTAIBgMr8IQeA2GwuswDN6A4fAmjICRMApGwxgYC6kwDsbDWzAB3oaJMAkmwxRIg6kwDd6B6TADZsK7MAveg9kwB+bCPEiH92E+LIAM+AAWwoeQCYtgMSyBpbAMlsMKWAmrYDWsgbWwDtbDBtgIm2AzbIGtsA22w0ewAz6GnbALdsMnsAc+/RfzT/5dfmcEBBQoUKHCGIzBWIzFOIzDXJgLc2NujGAE4zEe82AezIt5MT/mxwRMwEJYCA0aJCQsjIUxilEsikWxGBbD4lgcHTpMxEQshTdhaSyNZbAMlsWyWA7LY3msiBWxElbCylgZq2AVrIpVsTpWx7vwLuyJtbAW1sbaWAfrXLw9hfWxPjbABtgQG2IjbISNsTE2xabYHJtjC2yBLbEltsbW2AbbYFtsi0mYhO2wHbbH9tgBO2BH7IidsBN2xi7YJev5HIAv4AvYA6uKntgLe2FvTMnRF/thP3wJB+DL+DK+gik4CAfjq/gqvoZD8QQOwzdwOA7HSmIkjsLRSGIspmIqjsfxOAEn4ESchJNwCqbhVJyG03A6zsAZ+C7OwvfwPZyDc3AepmM6zscFmIEZuBBPYiYuwsW4BJfiMlyKK3AlrsDVuAZX4zpchxtwA27CTbgFt+A23AYfoQLAj3EX7sIU3IN7cC/uxX24D/fjfszCLDyAB/AgHsRDeAgP42E8gkfxGB7F43gcT+BJPIWn8AyewbP4bMKXDT66YVUKiPOUUCJGxIhYESviRJzIJXKJ3CK3iIiIiBfxIo/II/KKvCK/yC8SRIIoJAoJI4wgEcYAgIiKqCgqiopiopgoLooLJ5xIFImilCglSovSooy4RZQVt4pyorxo5SqKiqKSaO0qiztEFVFFVBXVRHVRQ9QQNUVNUUvUErVFbVFH1BF1xf2inuiJffFBcb4zDcUgbCQGY2PRRMgLn2AtxFBsKVqJ1uJx8QYOw7aihUsST4l2YhS2F38To/EZ0VGMxU7iOdFZdBFdxfOim2jpuoseYiL2FL3EFOwt+oi+op+YjtXEuzgrZ3XxikgRg8Rg8aqYh6+JoeJ1MeynI31TjBAjxSgxWowRY0WqGCfGi7fEBPG2mCgmicliikgTU8U08Y6YLmaImeJdMUu8J2aLOWKumCfSxftivlggMsQHYqH4UGSKRWKxWCKWimViuVghVopVYrVYI9aKdWK92CA2ik1is9gitoptYrv4SOwQH4udYpfYLT4Re8SnYq/4TOwTn4v94guRJb4UB8RX4qD4WhwS34jD4ltxRBwVx8R34rj4XpwQJ8UpcVqcET+Is+JHcU54ARKlkFIqGcgYmUPGypwyTl4hc8ngwrN7tYyX18g88lqZV+aT+WUBmSALykJSSyOtJBnKwrKIjMrrZFF5vSwmb5DFZQnpZEmZKG+UpeRNsrS8WZaRt8iy8lZZTpaXFWRFeZusJG+XEPl5H1VlNVld1pB3yWS4W9aS98ja8l5ZR94n68r7ZT35gKwvH5QN5EOyoXxYNpKPyMayiWwqm8nm8lHZQj4mW8pWsrV8XLaRT8i28kmZJJ+S7aS/8BJ5RnaUz8pO8jnZWXaRXeWP8pz0srvsIaEnyF7yRdlb9pF9ZT/ZX74kB8iX5UD5ikyRg+Rg+aocIl+TQ+Xrcph8Qw6Xb8oRcqQcJUfLMXKsTJXj5Hj5lpwg35YT5SQ5WU6RaXKq7HthpZlS/sP8t34nf+BPe98gN8pNcrPcIrfKbXK7/EjukDvkTrlT7pa75R65R+6Ve+U+uU/ul/tllsySB+QBeVAelIfkIXlYHpZH5FF5Wn4nj8vv5Ql5Up6Up+UZeUaevfAcgEIllFRKBSpG5VCxKqeKU1eoXOpKlVtdpSLqahWvrlF51LUqr8qn8qsCKkEVVIWUVkZZRSpUhVURFVXX4YUXjCquSiinSqpEdeO/kq+KqutVMXXDr/Iv1pf8B/U1V81VC9VCtVQtVWvVWrVRbVRb1VYlqSTVTrVT7VV71UF1UB1VR9VJdVKdVWfVVXVV3VQ31V11V8kqWfVSL6reqo/qq/qp/uolNUANUAPVQJWiUtRgNVgNUUPUUDVUDVPD1HA1XI1QI9QoNUqNUWNUqkpV49V4NUFNUBPVRDVZTVZpKk1NU9PUdDVdzVQz1Sw1S81Ws9VcNVelq3Q1X81XGSpDLVQLVaZapBapJWqJWqaWqRVqhVqlVqk1ao1ap9apTLVRbVSb1Wa1VW1V29V2tUPtUDvVTrVb7VZ71B61V+1V+9Q+tV/tV1kqSx1QB9RBdVAdUofUYXVYHVFH1DF1TB1Xx9UJdUKdUqfUGXVGnVVn1Tl17vxpXyACEahABTFBTBAbxAZxQVyQK8gV5A5yB5EgEsQH8UGe4Nogb5AvyB8UCBKCgkGhQAcmsIG40PRocF1QNLg+KBbcEBQPSgQuKBkkBjcGpYKbgtLBzUGZ4JagbHBrUC4oH1QIKga3BZWC24PKwR1BleDOoGpQLage1AjuCmoGdwe1gnuC2sG9QZ3gvqBucH9QL3ggqB88GDQIHgoaBg8HjYJHgsZBk6Bp0Cxo/qeu7/2JfI+57rqHTtY9dS/9ou6t++i+up/ur1/SA/TLeqB+RafoQXqwflUP0a/pofp1PUy/oYfrN/UIPVKP0qP1GD1Wp+pxerx+S0/Qb+uJepKerKfoND1VT9Pv6Ol6hp6p39Wz9Ht6tp6j5+p5Ol2/r+frBTpDf6AX6g91pl6kF+sleqleppfrFXqlXqVX6zV6rV6n1+sNeqPepDfrLXqr3qa364/0Dv2x3ql36d36E71Hf6r36s/0Pv253q+/0Fn6S31Af6UP6q/1If2NPqy/1Uf0UX1Mf6eP6+/1CX1Sn9Kn9Rn9gz6rf9TntD9/cn/+690oo0yMiTGxJtbEmTiTy+QyuU1uEzERE2/iTR6Tx+Q1eU1+k98kmARTyBQy55EhU9gUNlETNUVNUVPMFDPFTXHjjDOJJtGUMqVMaVPalDFlTFlT1pQz5UwFU8HcZm4zt5vbzR3mDnOnudNUM9VMDVPD1DQ1TS1Ty9Q2tU0dU8fUNXVNPVPP1Df1TQPTwDQ0DU0j08g0No1NU9PUNDfNTQvTwrQ0LU1r09q0MW1MW9PWJJkk0860M+1Ne9PBdDAdTUfTyXQynU1n09V0Nd1MN9PddDfJJtn0Mr1Mb9Pb9DV9TX/T3wwwA8xAM9CkmBQz2Aw2Q8wQM9QMNcPMG2b4+RNVM9KMMqPNGDPWpJpUM96MNxPMBDPRTDSTzWSTZtLMNDPNTDfTzUwz08wys8xsM9vMNXNNukk38818k2EyzEKz0GSaTLPYLDZLzVKz3Cw3K81Ks9qsNmthrVlv1puNZqPZbDabrWar2W62mx1mh9lpdprdZrfZY/aYvWav2Wf2mf1mv8kyWeaAOWAOmoPmkDlkDpvD5og5Yo6ZY+a4OW5OmBPmlDllzph8F74vvYm1OW2cvcLmslfa3PYq+/dxflvAJtiCtpDVNq/N96vYWGuL2RtscVvCOlvSJtobfxOXs+VtBVvR3mYr2dtt5d/ENe3dtpa9x9a299oa9q5fxXXsfbaufdjWQwSwTWwD28w2tA/bRvYR29g2sU1tM9vGPmHb2idtkn3KtrNP/yaebxfYlXaVXW3X2J12lz1lT9uD9mt7xv5gu9setr99yQ6wL9uB9hWbYgf9Jh5u37Qj7Eg7yo62Y+zY38ST7RSbZqfaafYdO93O+E2cbt+3s2yGnW3n2Ll23k/x+Zoy7Ad2of3QZtoAFtsldqldZpfbFf+/1iV2nV1vN9gd9mO72W6xW+02u/3iibDdZXfbT+we+6k9YL+y++zndr89ZLPslz/F54/vkP3GHrbf2iP2qD1mv7PH7ffqp9yRvQHsD/Y7+6M9Z70FQgKSpCigGMpBsZST4ugKykVXUm66iiJ0NcXTNZSHrqW8lI/yUwFKoIJUiDQZskQUUmEqQlG6ji6WV5xKkKOSlEg3Uim6iUrTzVSGbqGydCuVo/JUgSrSbVSJbqfKdAdVoTupKlWj6lSD7qKadDfVonuoNt1Ldeg+qkv3Uz16gOrTg9SAHqKG9DA1okeoMTWhptSMmtOj1IIeo5bUilrT49SGnqC29CQl0VPUjp6m9vQ36kDPUEd6ljrRc9SZulBXep660QvUnXpQMvWkXvQi9aY+1Jf6UX96iQbQyzSQXqEUGkSD6VUaQq/RUHqdhtEbNJzepBE0kkbRaBpDYymVxtF4eosm0Ns0kSbRZJpCaTSVptE7NJ1m0Ex6l2bRezSb5tBcmkfp9D7NpwWUQR/QQvqQMmkRLaYltJSW0XJaQStpFa2mNbSW1tF62kAbaRNtpi20lbbRdvqIdtDHtJN20W76hPbQp7SXPqN99Dntpy8oi76kA/QVHaSv6RB943vQt3SEjtIx+o6O0/d0gk7SKTpNZ+gHOks/0jnyBCGGIpShCoMwJswRxoY5w7jwijBXeGWYO7wqjIRXh/HhNWGe8Nowb5gvzB8WCBPCgmGhUIcmtCGFYVg4LBJGw+vCouH1YbEQw+JhidCFJcPE8MawVHhTWDq8OSwT3hKWDW8Ny4Xlw4fvrRjeFlYKbw8rh3eEVcI7w6phtbB6WCO8K6wZ3h3WCu8Ja4f3hqXD+8K64f1hvfCBsH74YNggfChsGD4cNgofCRuHTcKmYbOwefho2CJ8LGwZtgpbh4+HbcInwrbhk2FS+FTYLnz6p/n7FvzxfHLYM+wVvhi+GHp/j5wbnRdNj74fnR9dEM2IfhBdGP0wmhldFF0cXRJdGl0WXR5dEV0ZXRVdHV0TXRtdF10f3RD1vkYOcOiEk065wMW4HC7W5XRx7gqXy13pcrurXMRd7eLdNS6Pu9bldflcflfAJbiCrpDTzjjryIWusCviou46V9Rd74q5G1xxV8I5V9IlumauuWvuWrjHXEvXyrV2j7vH3RPuCfeke9I95dq5p1179zfXwT3jOrpn3bPuOdfZdXFd3fOumxuX++f3ZLLr5Xq53q636+v6uv6uvxvgBriBbqBLcSlusBvshrghbqgb6oa5YW64G+5GuBFulBvlxrgxLtWluvFuvJvgJriJbqKb7Ca7NJfmprlpbrqb7irN+Hkvs91sN9fNdeku3c13588ZM9xCt9Bluky32C12S91St9wtdyvdSrfarXZr3Vq33q13G91Gt9ltdlvdVrfdbXc73A6301/186Juj9vr9rp9bp/b775wWe5Ld8B95Q66r90h94077L51R9xRd8x95467790Jd9KdcqfdGfeDO+t+dOecd6mRcZHxkbciEyJvRyZGJkUmR6ZE0iJTI9Mi70SmR2ZEZkbejcyKvBeZHZkTmRuZF0mPvB+ZH1kQyYh8EFkY+TCSGVkUWRxZElkaWRbxvuDm0Bf2RXzUX+eL+ut9MX+DL+5LeOdL+kR/oy/lb/Kl/c2+jL/Fl/W3+nK+vK/gH/GNfRPf1Dfzzf2jvoV/zLf0rXxr/7hv45/wbf2TPsk/5dv5p317/zffwT/jO/pnfSf/nO/su/iu/nnfzb/gu/sePtn39L38i7637+P7+n6+v3/JD/Av+4H+FZ/iB/nB/lU/xL/mh/rX/TD/hh8e86YfcfESGcb6VD/Oj/dv+Qn+bT/RT/KT/RSf5qf6af4dP93P8DP9u36Wf8/P9nP8XD/Pp/v3/Xy/wGf4D/xC/6HP9Isu3lT2y/0Kv9Kv8qv9Gr/Wr/Pr/Qa/0W/ym/0Wv9Vv89v9R36H/9jv9Lv8bv+J3+M/9Xv9Z36f/9zv91/4LP+lP+C/8gf91/6Q/8Yf9t/6I/6oP+a/88f99/6EP+lP+dP+jP/Bn/U/+nP8f9YYY4wxxv4p4y4Nxa9nfr6d3/N3csQvNu4FAFduKZD1y/nzZ5Rr8/487iMS2kQA4KkenR68+KhaNTk5+cK2mRKCInMALv5N0HkxcCleBK3hCUiCVlDqd+vvI7qcoX+wfvQWgLhf5MTCpfjS+p8BYPLvrP/o48Pnlw1Pxf8P688BKFbkUk5OuBQvgtY/3V9pBaX/oP58LX5Zf+xv18/5eSpAy1/k5IJL8aX6E+ExeBqSfrUlY4wxxhhjjDH2sz6iQoeL158X/8Xn712fJ6hLOTngUvyPrs8ZY4wxxhhjjDF2+T3TpeuTjyYlterwrw8q/6+y/ulBI/i/WvkvGdzxn1HGvzDwHuDiTxQA/JsLApwfyL/yKDb9JftKufDW+fuppad9AP8ZrfwzBpf5g4kxxhhjjDH2p7t00v/rn6vLVRBjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMZYN/RW/TuyX++tx+Q6VMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYu2z+XwAAAP//dMcCKA==")
mount$bind(&(0x7f00000002c0)='.\x00', &(0x7f0000000200)='./file0/../file0\x00', 0x0, 0x109041, 0x0)
mount$bind(0x0, 0x0, 0x0, 0x100000, 0x0)
mount$bind(&(0x7f0000000040)='./file0/file0\x00', &(0x7f0000000340)='./file0/file0\x00', 0x0, 0x81105a, 0x0)
mount$bind(&(0x7f0000000880)='./file0/../file0\x00', &(0x7f0000000440)='./file0/file0\x00', 0x0, 0x1adc11, 0x0)
mount$bind(&(0x7f0000000100)='./file0/../file0\x00', &(0x7f0000000080)='./file0/file0/file0\x00', 0x0, 0x887008, 0x0)
r0 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000040)='mountinfo\x00')
read$FUSE(r0, &(0x7f0000006b40)={0x2020}, 0x206e)

1m23.299092638s ago: executing program 4 (id=228):
r0 = socket$inet6_udplite(0xa, 0x2, 0x88)
sendmsg$inet6(r0, &(0x7f0000002280)={&(0x7f0000001e40)={0xa, 0x4e24, 0x0, @mcast1, 0x2}, 0x1c, 0x0, 0x0, 0x0, 0x5b0}, 0x20008001)
sendmsg$inet6(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000180)=[{&(0x7f00000022c0)="f14889c2ad234ad6f0a71da72859c7c1e176134eff431253493482c723f8633d838bf127", 0x24}], 0x1}, 0x20000044)

1m22.544673348s ago: executing program 4 (id=229):
r0 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r0, &(0x7f00000004c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'ctr(aes-aesni)\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000280)="ad56b6c5820fae9d6dcd3292ea54c7beef915d564c90c200", 0x18)
r1 = accept4(r0, 0x0, 0x0, 0x800)
sendmsg$NFT_BATCH(r1, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000002640)={{0x14, 0x10, 0x1, 0x0, 0x0, {0xa}}, [], {0x14, 0x11, 0x1, 0x0, 0x0, {0x6}}}, 0x28}, 0x1, 0x0, 0x0, 0x4000014}, 0x80c5)
recvmsg$unix(r1, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000240)=[{&(0x7f00000006c0)=""/105, 0x69}], 0x1}, 0x2160)

1m21.30669892s ago: executing program 34 (id=229):
r0 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r0, &(0x7f00000004c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'ctr(aes-aesni)\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000280)="ad56b6c5820fae9d6dcd3292ea54c7beef915d564c90c200", 0x18)
r1 = accept4(r0, 0x0, 0x0, 0x800)
sendmsg$NFT_BATCH(r1, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000002640)={{0x14, 0x10, 0x1, 0x0, 0x0, {0xa}}, [], {0x14, 0x11, 0x1, 0x0, 0x0, {0x6}}}, 0x28}, 0x1, 0x0, 0x0, 0x4000014}, 0x80c5)
recvmsg$unix(r1, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000240)=[{&(0x7f00000006c0)=""/105, 0x69}], 0x1}, 0x2160)

1m7.096754294s ago: executing program 3 (id=276):
r0 = socket(0x1e, 0x4, 0x0)
connect$tipc(r0, &(0x7f0000000040)=@name={0x1e, 0x2, 0x0, {{0x1, 0x1}}}, 0x10)
sendmmsg$unix(r0, 0x0, 0x0, 0x0)
setsockopt$TIPC_IMPORTANCE(r0, 0x10f, 0x7f, &(0x7f0000000480)=0x7, 0x4)

1m6.860571733s ago: executing program 3 (id=278):
r0 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r0, &(0x7f00000007c0)={0x26, 'rng\x00', 0x0, 0x0, 'drbg_pr_sha512\x00'}, 0x58)
r1 = accept$alg(r0, 0x0, 0x0)
recvmmsg(r1, &(0x7f0000000300)=[{{0x0, 0x0, 0x0}, 0xffffff0b}, {{0x0, 0x0, 0x0}, 0xf}], 0x2, 0x2101, 0x0)

1m6.658863002s ago: executing program 3 (id=280):
r0 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000600), 0x0)
ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r0, 0xc08c5332, &(0x7f00000003c0)={0x9c9, 0x0, 0x0, 'queue1\x00', 0x200000})
ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_TIMER(r0, 0x40605346, 0x0)
r1 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000000), 0x8882)
write$sndseq(r1, &(0x7f0000000140)=[{0x1f, 0x0, 0x0, 0xfd, @tick=0x4, {}, {}, @raw32}], 0x1c)

1m6.424706871s ago: executing program 3 (id=281):
syz_mount_image$exfat(&(0x7f00000000c0), &(0x7f0000000000)='./file0\x00', 0x0, &(0x7f0000000100)={[{@errors_remount}, {@discard}, {@time_offset={'time_offset', 0x3d, 0x2}}, {@errors_remount}, {@keep_last_dots}, {@gid}, {@zero_size_dir}, {@time_offset={'time_offset', 0x3d, 0x6}}, {@umask={'umask', 0x3d, 0x3ff}}, {@zero_size_dir}]}, 0x1, 0x1534, &(0x7f0000000380)="$eJzs3AucTtX6OPDnWWvtMSbpbZLLsNZ6Nm8SyyRJLklySZIkSXJLSJrkSEJiyC1pSJJch+QyhOQyMWnc7/dLQpI0SRKSW7L+H8Vfnep3zvmdfjmfM8/383k/1jNrP2s/+33ey94b83WnwdUb1qhSn4jg34I//5EMALEA0B8ArgKAAADKxJeJPz+fU2Lyv7cT9ud6MO1yV8AuJ+5/9sb9z964/9kb9z974/5nb9z/7I37n71x/xnLzjZOLXA1P7Lvg+////er+4cz/P3/XySr5OjPV5e8tjNAzD+bwv3P3rj//7WCf2Yj7n/2xv3PrmIvdwHsPwC//7ODHH84w/3P3rj/jGVnl/v+8+V+QCR7PweX+/XHGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYYyx7OOUvUQBwcXy562KMMcYYY4wxxtifx+e43BUwxhhjjDHGGGPs/x6CAAkKAoiBHBALOSEOBABcCbnhKojA1RAP10AeuBbyQj7IDwUgAQpCIdBgwAJBCIWhCEThOigK10MxuAGKQwlwUBIS4UYoBTdBabgZysAtUBZuhXJQHipARbgNKsHtUBnugCpwJ1SFalAdasBdUBPuhlpwD9SGe6EO3Ad14X6oBw9AfXgQGsBD0BAehkbwCDSGJtAUmkHz/1X+89ANXoDu0AOSoSf0ghehN/SBvtAP+sNLMABehoHwCqTAIBgMr8IQeA2GwuswDN6A4fAmjICRMApGwxgYC6kwDsbDWzAB3oaJMAkmwxRIg6kwDd6B6TADZsK7MAveg9kwB+bCPEiH92E+LIAM+AAWwoeQCYtgMSyBpbAMlsMKWAmrYDWsgbWwDtbDBtgIm2AzbIGtsA22w0ewAz6GnbALdsMnsAc+/RfzT/5dfmcEBBQoUKHCGIzBWIzFOIzDXJgLc2NujGAE4zEe82AezIt5MT/mxwRMwEJYCA0aJCQsjIUxilEsikWxGBbD4lgcHTpMxEQshTdhaSyNZbAMlsWyWA7LY3msiBWxElbCylgZq2AVrIpVsTpWx7vwLuyJtbAW1sbaWAfrXLw9hfWxPjbABtgQG2IjbISNsTE2xabYHJtjC2yBLbEltsbW2AbbYFtsi0mYhO2wHbbH9tgBO2BH7IidsBN2xi7YJev5HIAv4AvYA6uKntgLe2FvTMnRF/thP3wJB+DL+DK+gik4CAfjq/gqvoZD8QQOwzdwOA7HSmIkjsLRSGIspmIqjsfxOAEn4ESchJNwCqbhVJyG03A6zsAZ+C7OwvfwPZyDc3AepmM6zscFmIEZuBBPYiYuwsW4BJfiMlyKK3AlrsDVuAZX4zpchxtwA27CTbgFt+A23AYfoQLAj3EX7sIU3IN7cC/uxX24D/fjfszCLDyAB/AgHsRDeAgP42E8gkfxGB7F43gcT+BJPIWn8AyewbP4bMKXDT66YVUKiPOUUCJGxIhYESviRJzIJXKJ3CK3iIiIiBfxIo/II/KKvCK/yC8SRIIoJAoJI4wgEcYAgIiKqCgqiopiopgoLooLJ5xIFImilCglSovSooy4RZQVt4pyorxo5SqKiqKSaO0qiztEFVFFVBXVRHVRQ9QQNUVNUUvUErVFbVFH1BF1xf2inuiJffFBcb4zDcUgbCQGY2PRRMgLn2AtxFBsKVqJ1uJx8QYOw7aihUsST4l2YhS2F38To/EZ0VGMxU7iOdFZdBFdxfOim2jpuoseYiL2FL3EFOwt+oi+op+YjtXEuzgrZ3XxikgRg8Rg8aqYh6+JoeJ1MeynI31TjBAjxSgxWowRY0WqGCfGi7fEBPG2mCgmicliikgTU8U08Y6YLmaImeJdMUu8J2aLOWKumCfSxftivlggMsQHYqH4UGSKRWKxWCKWimViuVghVopVYrVYI9aKdWK92CA2ik1is9gitoptYrv4SOwQH4udYpfYLT4Re8SnYq/4TOwTn4v94guRJb4UB8RX4qD4WhwS34jD4ltxRBwVx8R34rj4XpwQJ8UpcVqcET+Is+JHcU54ARKlkFIqGcgYmUPGypwyTl4hc8ngwrN7tYyX18g88lqZV+aT+WUBmSALykJSSyOtJBnKwrKIjMrrZFF5vSwmb5DFZQnpZEmZKG+UpeRNsrS8WZaRt8iy8lZZTpaXFWRFeZusJG+XEPl5H1VlNVld1pB3yWS4W9aS98ja8l5ZR94n68r7ZT35gKwvH5QN5EOyoXxYNpKPyMayiWwqm8nm8lHZQj4mW8pWsrV8XLaRT8i28kmZJJ+S7aS/8BJ5RnaUz8pO8jnZWXaRXeWP8pz0srvsIaEnyF7yRdlb9pF9ZT/ZX74kB8iX5UD5ikyRg+Rg+aocIl+TQ+Xrcph8Qw6Xb8oRcqQcJUfLMXKsTJXj5Hj5lpwg35YT5SQ5WU6RaXKq7HthpZlS/sP8t34nf+BPe98gN8pNcrPcIrfKbXK7/EjukDvkTrlT7pa75R65R+6Ve+U+uU/ul/tllsySB+QBeVAelIfkIXlYHpZH5FF5Wn4nj8vv5Ql5Up6Up+UZeUaevfAcgEIllFRKBSpG5VCxKqeKU1eoXOpKlVtdpSLqahWvrlF51LUqr8qn8qsCKkEVVIWUVkZZRSpUhVURFVXX4YUXjCquSiinSqpEdeO/kq+KqutVMXXDr/Iv1pf8B/U1V81VC9VCtVQtVWvVWrVRbVRb1VYlqSTVTrVT7VV71UF1UB1VR9VJdVKdVWfVVXVV3VQ31V11V8kqWfVSL6reqo/qq/qp/uolNUANUAPVQJWiUtRgNVgNUUPUUDVUDVPD1HA1XI1QI9QoNUqNUWNUqkpV49V4NUFNUBPVRDVZTVZpKk1NU9PUdDVdzVQz1Sw1S81Ws9VcNVelq3Q1X81XGSpDLVQLVaZapBapJWqJWqaWqRVqhVqlVqk1ao1ap9apTLVRbVSb1Wa1VW1V29V2tUPtUDvVTrVb7VZ71B61V+1V+9Q+tV/tV1kqSx1QB9RBdVAdUofUYXVYHVFH1DF1TB1Xx9UJdUKdUqfUGXVGnVVn1Tl17vxpXyACEahABTFBTBAbxAZxQVyQK8gV5A5yB5EgEsQH8UGe4Nogb5AvyB8UCBKCgkGhQAcmsIG40PRocF1QNLg+KBbcEBQPSgQuKBkkBjcGpYKbgtLBzUGZ4JagbHBrUC4oH1QIKga3BZWC24PKwR1BleDOoGpQLage1AjuCmoGdwe1gnuC2sG9QZ3gvqBucH9QL3ggqB88GDQIHgoaBg8HjYJHgsZBk6Bp0Cxo/qeu7/2JfI+57rqHTtY9dS/9ou6t++i+up/ur1/SA/TLeqB+RafoQXqwflUP0a/pofp1PUy/oYfrN/UIPVKP0qP1GD1Wp+pxerx+S0/Qb+uJepKerKfoND1VT9Pv6Ol6hp6p39Wz9Ht6tp6j5+p5Ol2/r+frBTpDf6AX6g91pl6kF+sleqleppfrFXqlXqVX6zV6rV6n1+sNeqPepDfrLXqr3qa364/0Dv2x3ql36d36E71Hf6r36s/0Pv253q+/0Fn6S31Af6UP6q/1If2NPqy/1Uf0UX1Mf6eP6+/1CX1Sn9Kn9Rn9gz6rf9TntD9/cn/+690oo0yMiTGxJtbEmTiTy+QyuU1uEzERE2/iTR6Tx+Q1eU1+k98kmARTyBQy55EhU9gUNlETNUVNUVPMFDPFTXHjjDOJJtGUMqVMaVPalDFlTFlT1pQz5UwFU8HcZm4zt5vbzR3mDnOnudNUM9VMDVPD1DQ1TS1Ty9Q2tU0dU8fUNXVNPVPP1Df1TQPTwDQ0DU0j08g0No1NU9PUNDfNTQvTwrQ0LU1r09q0MW1MW9PWJJkk0860M+1Ne9PBdDAdTUfTyXQynU1n09V0Nd1MN9PddDfJJtn0Mr1Mb9Pb9DV9TX/T3wwwA8xAM9CkmBQz2Aw2Q8wQM9QMNcPMG2b4+RNVM9KMMqPNGDPWpJpUM96MNxPMBDPRTDSTzWSTZtLMNDPNTDfTzUwz08wys8xsM9vMNXNNukk38818k2EyzEKz0GSaTLPYLDZLzVKz3Cw3K81Ks9qsNmthrVlv1puNZqPZbDabrWar2W62mx1mh9lpdprdZrfZY/aYvWav2Wf2mf1mv8kyWeaAOWAOmoPmkDlkDpvD5og5Yo6ZY+a4OW5OmBPmlDllzph8F74vvYm1OW2cvcLmslfa3PYq+/dxflvAJtiCtpDVNq/N96vYWGuL2RtscVvCOlvSJtobfxOXs+VtBVvR3mYr2dtt5d/ENe3dtpa9x9a299oa9q5fxXXsfbaufdjWQwSwTWwD28w2tA/bRvYR29g2sU1tM9vGPmHb2idtkn3KtrNP/yaebxfYlXaVXW3X2J12lz1lT9uD9mt7xv5gu9setr99yQ6wL9uB9hWbYgf9Jh5u37Qj7Eg7yo62Y+zY38ST7RSbZqfaafYdO93O+E2cbt+3s2yGnW3n2Ll23k/x+Zoy7Ad2of3QZtoAFtsldqldZpfbFf+/1iV2nV1vN9gd9mO72W6xW+02u/3iibDdZXfbT+we+6k9YL+y++zndr89ZLPslz/F54/vkP3GHrbf2iP2qD1mv7PH7ffqp9yRvQHsD/Y7+6M9Z70FQgKSpCigGMpBsZST4ugKykVXUm66iiJ0NcXTNZSHrqW8lI/yUwFKoIJUiDQZskQUUmEqQlG6ji6WV5xKkKOSlEg3Uim6iUrTzVSGbqGydCuVo/JUgSrSbVSJbqfKdAdVoTupKlWj6lSD7qKadDfVonuoNt1Ldeg+qkv3Uz16gOrTg9SAHqKG9DA1okeoMTWhptSMmtOj1IIeo5bUilrT49SGnqC29CQl0VPUjp6m9vQ36kDPUEd6ljrRc9SZulBXep660QvUnXpQMvWkXvQi9aY+1Jf6UX96iQbQyzSQXqEUGkSD6VUaQq/RUHqdhtEbNJzepBE0kkbRaBpDYymVxtF4eosm0Ns0kSbRZJpCaTSVptE7NJ1m0Ex6l2bRezSb5tBcmkfp9D7NpwWUQR/QQvqQMmkRLaYltJSW0XJaQStpFa2mNbSW1tF62kAbaRNtpi20lbbRdvqIdtDHtJN20W76hPbQp7SXPqN99Dntpy8oi76kA/QVHaSv6RB943vQt3SEjtIx+o6O0/d0gk7SKTpNZ+gHOks/0jnyBCGGIpShCoMwJswRxoY5w7jwijBXeGWYO7wqjIRXh/HhNWGe8Nowb5gvzB8WCBPCgmGhUIcmtCGFYVg4LBJGw+vCouH1YbEQw+JhidCFJcPE8MawVHhTWDq8OSwT3hKWDW8Ny4Xlw4fvrRjeFlYKbw8rh3eEVcI7w6phtbB6WCO8K6wZ3h3WCu8Ja4f3hqXD+8K64f1hvfCBsH74YNggfChsGD4cNgofCRuHTcKmYbOwefho2CJ8LGwZtgpbh4+HbcInwrbhk2FS+FTYLnz6p/n7FvzxfHLYM+wVvhi+GHp/j5wbnRdNj74fnR9dEM2IfhBdGP0wmhldFF0cXRJdGl0WXR5dEV0ZXRVdHV0TXRtdF10f3RD1vkYOcOiEk065wMW4HC7W5XRx7gqXy13pcrurXMRd7eLdNS6Pu9bldflcflfAJbiCrpDTzjjryIWusCviou46V9Rd74q5G1xxV8I5V9IlumauuWvuWrjHXEvXyrV2j7vH3RPuCfeke9I95dq5p1179zfXwT3jOrpn3bPuOdfZdXFd3fOumxuX++f3ZLLr5Xq53q636+v6uv6uvxvgBriBbqBLcSlusBvshrghbqgb6oa5YW64G+5GuBFulBvlxrgxLtWluvFuvJvgJriJbqKb7Ca7NJfmprlpbrqb7irN+Hkvs91sN9fNdeku3c13588ZM9xCt9Bluky32C12S91St9wtdyvdSrfarXZr3Vq33q13G91Gt9ltdlvdVrfdbXc73A6301/186Juj9vr9rp9bp/b775wWe5Ld8B95Q66r90h94077L51R9xRd8x95467790Jd9KdcqfdGfeDO+t+dOecd6mRcZHxkbciEyJvRyZGJkUmR6ZE0iJTI9Mi70SmR2ZEZkbejcyKvBeZHZkTmRuZF0mPvB+ZH1kQyYh8EFkY+TCSGVkUWRxZElkaWRbxvuDm0Bf2RXzUX+eL+ut9MX+DL+5LeOdL+kR/oy/lb/Kl/c2+jL/Fl/W3+nK+vK/gH/GNfRPf1Dfzzf2jvoV/zLf0rXxr/7hv45/wbf2TPsk/5dv5p317/zffwT/jO/pnfSf/nO/su/iu/nnfzb/gu/sePtn39L38i7637+P7+n6+v3/JD/Av+4H+FZ/iB/nB/lU/xL/mh/rX/TD/hh8e86YfcfESGcb6VD/Oj/dv+Qn+bT/RT/KT/RSf5qf6af4dP93P8DP9u36Wf8/P9nP8XD/Pp/v3/Xy/wGf4D/xC/6HP9Isu3lT2y/0Kv9Kv8qv9Gr/Wr/Pr/Qa/0W/ym/0Wv9Vv89v9R36H/9jv9Lv8bv+J3+M/9Xv9Z36f/9zv91/4LP+lP+C/8gf91/6Q/8Yf9t/6I/6oP+a/88f99/6EP+lP+dP+jP/Bn/U/+nP8f9YYY4wxxv4p4y4Nxa9nfr6d3/N3csQvNu4FAFduKZD1y/nzZ5Rr8/487iMS2kQA4KkenR68+KhaNTk5+cK2mRKCInMALv5N0HkxcCleBK3hCUiCVlDqd+vvI7qcoX+wfvQWgLhf5MTCpfjS+p8BYPLvrP/o48Pnlw1Pxf8P688BKFbkUk5OuBQvgtY/3V9pBaX/oP58LX5Zf+xv18/5eSpAy1/k5IJL8aX6E+ExeBqSfrUlY4wxxhhjjDH2sz6iQoeL158X/8Xn712fJ6hLOTngUvyPrs8ZY4wxxhhjjDF2+T3TpeuTjyYlterwrw8q/6+y/ulBI/i/WvkvGdzxn1HGvzDwHuDiTxQA/JsLApwfyL/yKDb9JftKufDW+fuppad9AP8ZrfwzBpf5g4kxxhhjjDH2p7t00v/rn6vLVRBjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMZYN/RW/TuyX++tx+Q6VMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYu2z+XwAAAP//dMcCKA==")
mount$bind(&(0x7f00000002c0)='.\x00', &(0x7f0000000200)='./file0/../file0\x00', 0x0, 0x109041, 0x0)
mount$bind(0x0, &(0x7f0000000140)='./file0\x00', 0x0, 0x100000, 0x0)
mount$bind(&(0x7f0000000040)='./file0/file0\x00', 0x0, 0x0, 0x81105a, 0x0)
mount$bind(&(0x7f0000000880)='./file0/../file0\x00', &(0x7f0000000440)='./file0/file0\x00', 0x0, 0x1adc11, 0x0)
mount$bind(&(0x7f0000000100)='./file0/../file0\x00', &(0x7f0000000080)='./file0/file0/file0\x00', 0x0, 0x887008, 0x0)
r0 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000040)='mountinfo\x00')
read$FUSE(r0, &(0x7f0000006b40)={0x2020}, 0x206e)

1m5.804272093s ago: executing program 3 (id=283):
dup(0xffffffffffffffff)
socket$inet6_tcp(0xa, 0x1, 0x0)
syz_mount_image$vfat(&(0x7f00000000c0), &(0x7f0000000040)='./file0\x00', 0x2008080, &(0x7f0000000340)={[{@iocharset={'iocharset', 0x3d, 'cp869'}}, {@rodir}, {@numtail}, {@numtail}, {@uni_xlateno}, {@fat=@errors_continue}, {@iocharset={'iocharset', 0x3d, 'none'}}, {@rodir}, {@rodir}, {@iocharset={'iocharset', 0x3d, 'ascii'}}, {@utf8}, {@rodir}, {@utf8no}, {@rodir}]}, 0x81, 0x2c5, &(0x7f0000000840)="$eJzs3T+LI2UYAPBnNpPdrAqbWiwGtLBabu8T3CIrHKZSptBGDy8HkoSDDQRyirmr7AUrv4PfwQ9g4zewsBTsvEIcSWaSTbKT9SIxK3e/X5Mn877PO+8/smFh3nz21qD38PHw0bOvfolWK4mDe3EvnifRjoOYexoAwMvkeVHE70Up4vDGuumsvDip3h3sp4cAwK4t/f1PIiK57f4AAP+9jz7+5IPzTufiwyxrRQy+GeXTrwCDZJSX5eeP4ovoRzfuxEn8GVEslPEb9zsXkWbZ/J8Bo+PIIwaf/lS9P/8tYpZ/FifRvp7//v3OxVlWincGk1E+vfP0tRmvJRHnRfWV5G75UjSjauQq/25NfuSH8e7b31f9/6sbp3ESP38ej6MfD2dNXOV/fZZl7xXf/fFlOYI8IpmM8qNZvStFYz8rAgAAAAAAAAAAAAAAAAAAAADAq+A0W2gvn59TFFX5aX357HygRs35QNUJP5Ol83XuZFk2P8ZnlDejzE/jzTTSWx08AAAAAAAAAAAAAAAAAAAA/E8Mx096D/r97uVK8GOxfqUmqJ7oj+pKulSUrhbd3E5N0Psh4unWWf8UHPce9KNRda2fRKzVmQ/ohRtMN1c+erGORXvWsbp24mDTHKb9KDv/7TaTsLToW01d8S8mfH6j6Sa5oXIjhuNW/SZZ2pnHVWOXw9kCHW/atKtBUTN1jY1ZhzvaY4ev73bTTkfcXEzmap3WdCWXJrO5qZ3pNt3+7uufFMlOP3cAAAAAAAAAAAAAAAAAAIDrhuOkeug3fr1W+OxWugQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAezccP6l+/38RRHv9ynowqZK7delrwdHlsOa27T0PEwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgJfc3wEAAP//cFFPtg==")
r0 = openat(0xffffffffffffff9c, &(0x7f0000000300)='./file1\x00', 0xc4042, 0x1ff)
r1 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000040), 0xb24d547a82164f02, 0x0)
sendfile(r0, r1, 0x0, 0xfffe82)

1m5.240615892s ago: executing program 3 (id=285):
syz_usb_connect$cdc_ncm(0x0, 0x0, 0x0, &(0x7f0000000580)={0x0, 0x0, 0x19, &(0x7f0000000080)={0x5, 0xf, 0x19, 0x1, [@ss_container_id={0x14, 0x10, 0x4, 0x76, "4356904e0fcc1c823edc379ecfa5c199"}]}})
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000840)={0x1fe, 0x2, 0x2000, 0x1000, &(0x7f0000003000/0x1000)=nil})
r2 = ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r0, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000100)=[@textreal={0x8, 0x0}], 0x1, 0x42, 0x0, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000040)=[@text64={0x40, 0x0}], 0x1, 0x11, 0x0, 0x0)
ioctl$KVM_RUN(r2, 0xae80, 0x0)

1m4.826264282s ago: executing program 35 (id=285):
syz_usb_connect$cdc_ncm(0x0, 0x0, 0x0, &(0x7f0000000580)={0x0, 0x0, 0x19, &(0x7f0000000080)={0x5, 0xf, 0x19, 0x1, [@ss_container_id={0x14, 0x10, 0x4, 0x76, "4356904e0fcc1c823edc379ecfa5c199"}]}})
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000840)={0x1fe, 0x2, 0x2000, 0x1000, &(0x7f0000003000/0x1000)=nil})
r2 = ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r0, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000100)=[@textreal={0x8, 0x0}], 0x1, 0x42, 0x0, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000040)=[@text64={0x40, 0x0}], 0x1, 0x11, 0x0, 0x0)
ioctl$KVM_RUN(r2, 0xae80, 0x0)

16.294170131s ago: executing program 6 (id=499):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000001c0), 0x10b200, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000600)=[@text64={0x40, 0x0}], 0x1, 0x74, 0x0, 0x0)
io_setup(0x5, &(0x7f0000000e80)=<r3=>0x0)
openat$random(0xffffffffffffff9c, &(0x7f0000000380), 0x0, 0x0)
io_submit(r3, 0x0, &(0x7f0000001580))

15.535184631s ago: executing program 6 (id=504):
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x1, 0xc, &(0x7f0000000000)=@framed={{0x18, 0x0, 0x0, 0x0, 0x3}, [@printk={@u, {}, {}, {}, {}, {0x7, 0x0, 0xb, 0x3, 0x0, 0x0, 0x7}, {0x85, 0x0, 0x0, 0xa0}}, @call={0x85, 0x0, 0x0, 0xf}]}, &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, 0x0, 0x0)

15.036537483s ago: executing program 6 (id=506):
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000140))
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x20040, 0x0)
ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$DRM_IOCTL_MODE_ADDFB2(0xffffffffffffffff, 0xc06864b8, &(0x7f00000001c0)={0x0, 0xb0, 0x3ff, 0x34325241, 0x0, [], [0x2b8, 0x200000], [0x0, 0x9, 0x0, 0x8003]})
r1 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil})
syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000024000/0x18000)=nil, &(0x7f0000000680)=[@text16={0x10, &(0x7f0000000280)="66b9800000c00f326635010000000f3064660f38828e4258660f086766c744240012e93bf96766c7442402010000006766c744240600000000670f011c2466b9800000c00f326635002000000f300f01df66b80500000066b900200000a90a000f01c40f019f09000f01c2", 0x6b}], 0x1, 0x7d, 0x0, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
r3 = syz_open_dev$swradio(&(0x7f00000046c0), 0x1, 0x2)
ioctl$VIDIOC_S_FREQUENCY(r3, 0x402c5639, &(0x7f00000000c0)={0x0, 0x4})
ioctl$AUTOFS_DEV_IOCTL_SETPIPEFD(0xffffffffffffffff, 0xc0189378, &(0x7f0000000040)={{0x1, 0x1, 0x18, r3}, './file0\x00'})
ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000300)={[0x7, 0x800, 0x100, 0x0, 0x5700000000000000, 0x401, 0x6, 0xfffffffffffffff7, 0x0, 0x13f, 0x100000001, 0xba25, 0xfff, 0x3, 0xfffffffffffffe00, 0x4], 0xeeef0000, 0x1c0080})
ioctl$KVM_RUN(r2, 0xae80, 0x0)

14.659769133s ago: executing program 6 (id=507):
mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x0)
r0 = open_tree(0xffffffffffffff9c, &(0x7f0000000040)='.\x00', 0x89901)
move_mount(r0, &(0x7f0000000140)='.\x00', 0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x0)
r1 = open_tree(0xffffffffffffff9c, &(0x7f0000000640)='\x00', 0x89901)
move_mount(r1, &(0x7f0000000140)='.\x00', 0xffffffffffffff9c, &(0x7f0000000300)='./file0\x00', 0x0)
pivot_root(&(0x7f00000000c0)='./file0/../file0/../file0/../file0\x00', 0x0)

14.068392674s ago: executing program 6 (id=512):
r0 = syz_open_dev$tty1(0xc, 0x4, 0x1)
r1 = socket(0x10, 0x3, 0x0)
setsockopt$netlink_NETLINK_TX_RING(r1, 0x10e, 0xc, &(0x7f0000000180)={0xffffff, 0x100000}, 0x10)
write(r1, &(0x7f0000000000), 0x0)
socket$nl_netfilter(0x10, 0x3, 0xc)
syz_emit_ethernet(0x0, 0x0, 0x0)
dup(r0)
socket$nl_route(0x10, 0x3, 0x0)
socket$nl_sock_diag(0x10, 0x3, 0x4)
setsockopt$sock_int(0xffffffffffffffff, 0x1, 0xf, &(0x7f0000000180)=0x80000004, 0x4)
ioctl$KVM_RUN(0xffffffffffffffff, 0xae80, 0x0)
syz_emit_ethernet(0x3a, 0x0, 0x0)
openat$tun(0xffffffffffffff9c, 0x0, 0x0, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
setxattr$incfs_metadata(&(0x7f0000000800)='./cgroup\x00', &(0x7f0000000840), &(0x7f0000000880)="22cff5", 0x3, 0x1)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
socket$inet6(0x10, 0x80000, 0x3)
getsockopt$bt_hci(r2, 0x0, 0x2, &(0x7f00000001c0)=""/22, 0x0)
sendmsg(r3, &(0x7f0000000180)={0x0, 0x0, 0x0}, 0x0)
sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5, 0x0, 0x0, 0x0, 0xb49, 0x9, 0x8, 0x0, 0x3}, 0x0)
syz_usb_connect(0x0, 0x0, 0x0, 0x0)
r4 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX_80211(r4, 0x8b29, &(0x7f0000000040)={'wlan1\x00'})
r5 = syz_genetlink_get_family_id$devlink(&(0x7f0000000040), 0xffffffffffffffff)
sendmsg$DEVLINK_CMD_PORT_GET(0xffffffffffffffff, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000240)={0x38, r5, 0x1, 0x0, 0x0, {0x54}, [{{@pci={{0x8}, {0x11}}, {0x8}}}]}, 0x38}}, 0x0)

13.448516021s ago: executing program 6 (id=516):
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x1, 0xc, &(0x7f0000000000)=@framed={{0x18, 0x0, 0x0, 0x0, 0x3}, [@printk={@u, {}, {}, {}, {}, {0x7, 0x0, 0xb, 0x3, 0x0, 0x0, 0x7}, {0x85, 0x0, 0x0, 0xa0}}, @call={0x85, 0x0, 0x0, 0xf}]}, &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, 0x0, 0x0)

12.429703026s ago: executing program 36 (id=516):
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x1, 0xc, &(0x7f0000000000)=@framed={{0x18, 0x0, 0x0, 0x0, 0x3}, [@printk={@u, {}, {}, {}, {}, {0x7, 0x0, 0xb, 0x3, 0x0, 0x0, 0x7}, {0x85, 0x0, 0x0, 0xa0}}, @call={0x85, 0x0, 0x0, 0xf}]}, &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, 0x0, 0x0)

5.432617376s ago: executing program 0 (id=550):
r0 = mq_open(&(0x7f000084dff0)='z\xbf\x17', 0x6e93ebbbcc0884f2, 0x0, 0x0)
r1 = syz_io_uring_setup(0x239, &(0x7f0000000200)={0x0, 0xcd0c, 0x10100}, &(0x7f0000000180)=<r2=>0x0, &(0x7f00000001c0)=<r3=>0x0)
syz_io_uring_submit(r2, r3, &(0x7f0000000040)=@IORING_OP_POLL_ADD={0x6, 0x14, 0x0, @fd_index=0x3})
io_uring_enter(r1, 0x2def, 0x0, 0x0, 0x0, 0x0)
unshare(0x6a040000)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x3, 0x8031, 0xffffffffffffffff, 0xc3490000)
mq_timedsend(r0, 0x0, 0x0, 0x0, 0x0)

5.364638596s ago: executing program 7 (id=551):
socket(0xa, 0x3, 0x3a)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setattr(0x0, &(0x7f0000000280)={0x38, 0x5, 0x8, 0x8001, 0x0, 0x9, 0x0, 0xfffffe0000000001, 0xfa11, 0xffffffff}, 0x0)
bpf$BPF_PROG_GET_NEXT_ID(0xb, &(0x7f0000000100)={0x5}, 0x8)
ioctl$VIDIOC_EXPBUF(0xffffffffffffffff, 0xc0405610, &(0x7f0000000340)={0xc, 0xb21, 0x1ff, 0x80080})
mlock(&(0x7f0000000000/0x800000)=nil, 0x800000)
r2 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r2, &(0x7f0000000200)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb-cast5-avx\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r2, 0x117, 0x1, &(0x7f0000001280)="b7f2288a911993f0", 0x8)
r3 = openat$rtc(0xffffffffffffff9c, &(0x7f0000000280), 0x40000, 0x0)
ioctl$RTC_ALM_SET(r3, 0x40247007, &(0x7f00000002c0)={0x14, 0x10, 0x3, 0xb, 0x4, 0x2, 0x3, 0x84, 0x1})
accept$alg(r2, 0x0, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x0)
write$6lowpan_enable(0xffffffffffffffff, 0x0, 0x0)
bind$alg(0xffffffffffffffff, 0x0, 0x0)
r4 = socket$inet6_mptcp(0xa, 0x1, 0x106)
setsockopt$inet6_tcp_TCP_CONGESTION(r4, 0x6, 0xd, &(0x7f0000000080)='cdg\x00', 0x4)
bind$inet6(r4, &(0x7f0000000000)={0xa, 0x3, 0x0, @loopback}, 0x1c)
connect$inet6(r4, &(0x7f0000000040)={0xa, 0x3, 0x0, @loopback}, 0x1c)
sendmmsg$inet6(r4, &(0x7f0000000e40)=[{{0x0, 0x0, &(0x7f0000002c40)=[{&(0x7f00000002c0)=';', 0x1}], 0x1}}, {{0x0, 0x0, &(0x7f00000007c0)=[{&(0x7f0000000380)="12", 0x1}], 0x1}}], 0x2, 0x10)
r5 = syz_mount_image$fuse(&(0x7f0000000140), &(0x7f0000000180)='./file0\x00', 0x84008, &(0x7f00000003c0)={{}, 0x2c, {'rootmode', 0x3d, 0xa000}, 0x2c, {'user_id', 0x3d, 0xee00}, 0x2c, {'group_id', 0x3d, 0xee00}, 0x2c, {[{@blksize={'blksize', 0x3d, 0x400}}, {@max_read={'max_read', 0x3d, 0xe6f9}}, {@blksize={'blksize', 0x3d, 0xe00}}, {@max_read={'max_read', 0x3d, 0x6}}, {@max_read={'max_read', 0x3d, 0x8}}], [{@dont_measure}, {@appraise_type}, {@subj_user={'subj_user', 0x3d, '*#('}}, {@rootcontext={'rootcontext', 0x3d, 'sysadm_u'}}, {@mask={'mask', 0x3d, 'MAY_EXEC'}}, {@fsmagic={'fsmagic', 0x3d, 0x2}}, {@smackfshat={'smackfshat', 0x3d, '\x00'}}, {@fowner_eq}, {@smackfshat={'smackfshat', 0x3d, '\x00'}}]}}, 0x1, 0x0, &(0x7f0000000580)="0903c87329ad4d3d3cad91621a8de377ccb3a739e80f22fedb60ad6033bfecf765e23f306615354dbe033011b8388f6ffd79c8ea2b159cd306d1ac2db026b5b194ef9dc4a1fe0117883c50f779e999c4945b1cc942c90d9218bf579fd8c2c67d20d00bcb59a3c2ff6cac321b1c1982f187e943a41498bf8fd870e0cb049708fb4e4165688494955c6ab462bf6a42e59a000cc91fbc3e03d387ef88cb3400305686f88acc20361c7b7853ad8b4ba6f610669d1b99949009fceda8bf8fad0366010e2532871108f1968dfa9bf66e08ee507c7dbaa64962d7b5e059f68cf8e4f9f8ab1b6d8479b4")
mknodat(r5, &(0x7f00000001c0)='./file0\x00', 0xc000, 0x4)
syz_usb_disconnect(0xffffffffffffffff)
setsockopt$inet6_tcp_TCP_CONGESTION(r4, 0x6, 0xd, &(0x7f00000000c0)='westwood\x00', 0x9)
r6 = socket(0x10, 0x2, 0x0)
ioctl$sock_ipv6_tunnel_SIOCADDTUNNEL(r6, 0x89f1, &(0x7f0000000040)={'ip6_vti0\x00', &(0x7f0000000080)={'syztnl1\x00', 0x0, 0x29, 0x8, 0xc, 0x0, 0x0, @dev={0xfe, 0x80, '\x00', 0x2a}, @loopback={0x0, 0x460c6}, 0x8, 0x7, 0x1}})

3.893943204s ago: executing program 8 (id=559):
r0 = open_tree(0xffffffffffffff9c, &(0x7f0000000640)='\x00', 0x89901)
close(r0)
signalfd(0xffffffffffffffff, &(0x7f00000001c0)={[0x226e88d4]}, 0x8)
r1 = creat(&(0x7f0000000280)='./file0\x00', 0xecf86c37d53049cc)
close(r1)
r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x20040, 0x0)
r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000180)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
connect$unix(r4, &(0x7f000057eff8)=@abs, 0x6e)
openat$random(0xffffffffffffff9c, 0x0, 0x800, 0x0)
sendmmsg$unix(r5, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r4, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sendto$inet(0xffffffffffffffff, 0x0, 0x0, 0x200007fd, 0x0, 0x0)
sendto$inet(0xffffffffffffffff, 0x0, 0x0, 0x11, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r3, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil})
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000600)=[@text64={0x40, &(0x7f0000000640)="430fc73f0f2390b9800000c00f3235010000000f300f20d835080000000f22d8c4e18173f53866baf80cb83879e487ef66bafc0cec66b88e008ec02d1aa80000460f1c460041ae", 0x47}], 0x1, 0x74, 0x0, 0x0)
openat$sw_sync_info(0xffffffffffffff9c, &(0x7f00000004c0), 0x1, 0x0)
ioctl$KVM_RUN(0xffffffffffffffff, 0xae80, 0x0)

2.798100142s ago: executing program 7 (id=562):
add_key$user(0x0, 0x0, 0x0, 0x0, 0x0)
bind$inet6(0xffffffffffffffff, 0x0, 0x0)
sendmsg$MPTCP_PM_CMD_ADD_ADDR(0xffffffffffffffff, 0x0, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x2, 0x0)
r0 = socket$netlink(0x10, 0x3, 0x9)
bind$netlink(r0, 0x0, 0x0)
setsockopt$netlink_NETLINK_ADD_MEMBERSHIP(r0, 0x10e, 0x1, 0x0, 0x0)
mremap(&(0x7f0000000000/0x9000)=nil, 0x600002, 0x600002, 0x7, &(0x7f0000a00000/0x600000)=nil)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x19)
mremap(&(0x7f0000000000/0x9000)=nil, 0x600600, 0x200000, 0x3, &(0x7f0000a00000/0x600000)=nil)

2.399357133s ago: executing program 0 (id=563):
r0 = openat$uinput(0xffffffffffffff9c, &(0x7f00000000c0), 0x802, 0x0)
ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x11)
ioctl$UI_DEV_SETUP(r0, 0x405c5503, 0x0)
ioctl$UI_DEV_CREATE(r0, 0x5501)
write$input_event(r0, &(0x7f0000000200)={{0x77359400}, 0x11, 0xae, 0x7fffffff}, 0xffffffe7)

2.064636396s ago: executing program 0 (id=564):
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
connect$inet6(r0, &(0x7f0000000180)={0xa, 0x4001, 0x0, @dev={0xfe, 0x80, '\x00', 0x1b}, 0xd}, 0x1c)
setsockopt$SO_BINDTODEVICE_wg(r0, 0x1, 0x19, &(0x7f0000000080)='wg2\x00', 0x4)
sendmmsg(r0, &(0x7f0000002b40)=[{{0x0, 0x0, &(0x7f00000000c0)=[{&(0x7f00000003c0)="ebbbc61ded6c6a64b5aceec4322279ff42b8afce454d240618892c5f746ba36e1b69b4e34ed01d6ddc73af17cf237ae5b92e24415bf0d3d23fe735fd44b819eb51014a3c3b7f5f26d5e44749888e54b518a909fc7ccb5d3ec5440c07c8048ee49a8530ca96d0f68cc1260c3a706a9f06c2ed502b20a8ed6b997fa15392054493dfbfe178881b35d8a003ec02cbdf060cc7d5d9d9373cd36ec313d07fa967cfd194ec1284b51b91af16c907ac67310aef110491ad073b6b5b977e145694ad073b6faef79279224a486d2dcd7f55d28def3fca0ab27763f835e10caf52d6a9645e75a195e848905b77bbd4ac8a9f3339c53997937d815d6571172b7f6bf813eb9e02267f04bfe08ce60900de11f38685193e38e5e3f03c6b78fe8469c3a35fd4d51745b089115931739ef1ee0fb869cabf25a6620a9a3956e89bc155326a612056481e00a475189dabd622cd09f10c122dd9d5f4a193838245778b893570ea5f08700c5feecdc8a979d5fd1413045a5aec8ec9858968fbd3d6d09bbd36507b92a8cb6a92d650396c44850a0241c2117828cf98386f4f634f4c08f06289a25827e178798445ef8df8bcec2de152d7930c6759e2539d4c98abfd1d23b1eb213fadea8e79c946a019128c92a12ff6268f7d7e5353b13151ec200238b90bb2521de66d94fec336f8147550d579f4f81d7ede3441cfbb149889fd557421cccc14bd6b00a9b19ea156c03fbf670406e5fb516bedd09df641d7682659b9dac391be8818ac2bcca62d3e4b3ab3d3fdc938017afcbc9e6ce471e0ceb88e9f6105efc79ec717c02edf3d7ae8fa31543f7709c12e5d972ad590d0b052d44cdbb893938bf8b6fee99ff2e10efee738f16550bb57e9e9a2c120dba43bf1cfc102015c897ea7c8765542add4598568af4a7fb38d5aca614cd7f0abedc6240bab2bbb0747fadcfdca2a1ad473eeae8925315039ea17f60e408a817501114dccbd01f835a9576677a7ed8aacea6e43256d24295d2156c0466fd8dfa5eaee8d84ac0b34f4c1fb6a235d3d35cc3a4c86c5c00625bbd7925929ad436ed8fa72cc823963a5f89e5fed4f72215453702f2939131f7bce34fe1fad7d053a5ea5dcc21bd63e7c5a9a92028dda9cc7306f6421b09486865a18644b775877367e1e9036801bbf824fa0e165d8715d33542c023c4674624beba523016400ae53ab619be059125dd3aa701cadcd5fbda9d950b13c38de4dbaca871a1111f436cf83e21e7976e5bd5b29f31b2cbe00e772a9ecfd6d656db3f01014f24967ee1cb84d470db06e0471a0b21dee7b20aa6ad895210663d0e1cdf9c4f8530d0ad69f1ebb68f671f300b1bb86a9d577ff7e4cea6f43cabbc6a1bb160c3903b2520571721315e54219f508e160ad9de86912d96bb5f5235ad10ab60e75b7d27493f3f576a51b9e9cd3cdb068ae5d30ba3aa226c8b4c8886b896f6745f8cf316b54a85575f2a008db275636d067f074ab093bf6ce80febeef4fae786d72812a1080e02e4ef8815c8524e84d9239ac354bb90c573a6c773206875595b47b6d1ec09a1a401848edb6ff91ba962f18ff628e010db14df50221daa0c11663b9a6c1879a9dfdb4ebb1b8d795f1b8104c880f32be3dc1ddfcc12e582c49e387932b6e17e95d6dcce489bbb6fb04ceb9e0d8b3b960281dfcf5c83007e1c244e9a9744b4b124a7ffba84573dbb0ab9a618c50f10a0bf47691ffc966deaae5660176de93be1ac09f278eab34997cc9a3189f8ae1cc28a7481e466d9b4ef26375bb6eba77ff34400385587c192f06fcc5be567094d03ebd0dcae994ca27c2041eea53c6543efac5239cc9c51554298a679cef4f36a9134233015f61e42d484c8094f2bdb1ba1be21b9bb86f8c439b5ae26d2e6eeb4d6dbe16fb88450822452a0e096acb055ff9fc7a2f35df43b43febfb8d52da5a6d33bb6f94897817ef13b1356563161f0f0b06480ff3d2c53db1de3e71fd4ba94e6236642d2450d3686c1c781228b0d4878b357440fb8df8ae74eccc3327759146894691c1f8e6c6012a5e4fb95e04d918b90f7bc85d91a88a193e96ef59c62119abd0f4594b5a81abb9fd6665e9a66203ff42c3f9741d43dcc4674090f5920a52bf023348148c1899062fbab32d92d449bb445f9566541d0953630428d95d3597a99f1898a65fdfe911d4f58ab6a97d9fa6dddbc832e006be2873c0a493283e54bd47af93df9380dcf6e4a174d6f30288ae84b4461745a3fd23502ee04290a61acdf54dd191dcca5d4d5269582401e27e406335bb1627e1dceff693bd669a853f0120c42ef7bd4acc23a631f35d8446af168830613592533e464a829c55d7c2294b02d5c80eb2c114eb294cb0f2275b2a2f91845daf81d5f751baafb1bf5efc8d93e26fe0b72e937f0409a047a145352b61ca5fd9afafe558bbc18d67b9c193db266a5c71cb7f6b484b30a14f951b4ebcb6a885e00a0332179d720eb2eef8d92040c020c0baa3767025a8eed4bb63aaf4af2cce17d2cf43149ed4e89b8ce14c3471d840555d965bffcb984cad9c25a948e2299bc0dd1a3a8f95ab3681dba8b489931d6fdb9298bfb0a38f74378227e758145c6e3d3f142dfda59afd40ffb8c02a30f6a2fbb3b2949661980c9d9ab98fdb5ad07aa64dab0bd0591210bfc8b9d1203b4d2d1e4fe04fa3e10de1e783bbd8800425bc8df40d1273578b432043932d59f1498990c219c09b8bc6de755a0692dd0b679e8d379af55d6fce967b1fdd75c9e8468c0da2b8a31b225fc3197dc5bef5890d12a4bffae2d26bff96f221fcb268e6d05ee951c69ef909f126f17ed8d09fe26e7a504390bc1d2789a19f9b3e6ab1f31bd6a930de6c9e3316853663c27f6455b5011b4db251ea5cf2db15494caa343b40eec7fd98d16e73ee8e479f66fa0544eca19ee60520753e6287a674be3e5419d782e61a5fc5f48dfc111f273dabb4cc5716e4f9d5758317e41f6ac98d79a75b48a483ca58ad332d5f4d2ad2d3017b6f8f8c084fd1bce7f965c0e6fbd051387a726821052c951ca44f9dc769465878fe161660ff559f7717a1b27510c20f96c7b4b99c2175ea0958f8ff1914451cdcdda68fa1d56617e3ecb9a62005002160d358382f6a01f842afd926bb7c015bb62c1d01a33483949212b51c29b30304c0154e3c0a620ac706799cf2f37767abc9f01632947ba505e4438c8e7cc941021ca2b737890205a5a846733a93c6f76999437878852a06d5bd58e2c844955f501347c595b84ae13256f4fc397c5b7e770bfe9b199d76e3f08d2f0155470833412070a15e6c1e524e6ca5e0b11dc1c27bf5fd9eb78dea4d7663669baeff18005dec75ec17d1876f459b2b06b8dacd748128d4295f77530d6d4c0816fada0b1e087254b0e5e99fabd1888046135d0ba41934611633463b40bc2bc8dad0786f1ed0eb956df1a8f9be0643068cd8349cf71b24f236f1f8b04e738fa35539fed1d46f4cd27fa2435369fc787cf95641da94db7b304eff85db75d25155bf98ef744e229704593c5184832776a0f39ca0e58c8309e5d2dc3017747d1e92bcbd3587a4c19d127aa6f5ad3c4090ab2101e8825b1f0e8340456e24f7621576ddee5a703cc051dfd0851a3ecd21f71c1bfc45095454d920596a55b32cb49d558aef5b780de75edc5d846b6415dcfa7f56f2d420d9d2238febf1a2fddb6f75f6467f4c5c2b746e10d347e86b56eba979ebd211c29765b3a176086583d95aa28d071b022777a8bc69c3f15d0f247be03a965e9a4006244c5ff54eccefc02110ea07ec881b4af9320ce4fc4ea501344a27d9f9f7b61bd29c42ac52eb7e6e421d2726f6a2c2159f766c97b9bc515e82a0eff17f0bd2d250dfdc5f88f2151051f6de3cdf51122ccd56ee996f04b2709276a1f3860236ccc721ae1aba3ca723fb3e175268ac62f4234bbd9f6efda6017ed51792d6d17ba3809e43a21b7c5cc41f2d4a514207e9a3bcf267bb70af", 0xb02}], 0x1}}], 0x1, 0x44010)
connect$inet6(r0, 0x0, 0x0)

1.998145609s ago: executing program 8 (id=565):
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_int(r0, 0x29, 0x2, &(0x7f0000000000)=0x7, 0x4)
r1 = openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0)
write$UHID_CREATE2(r1, &(0x7f0000000040)=ANY=[], 0x118)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x5, 0x12, r1, 0x0)
setsockopt$inet6_int(r0, 0x29, 0x42, &(0x7f0000000040)=0xf2b, 0x4)
getsockopt$inet6_buf(r0, 0x29, 0x6, &(0x7f00000000c0)=""/25, &(0x7f0000000080)=0x17)

1.987558662s ago: executing program 5 (id=566):
munmap(&(0x7f0000bff000/0x400000)=nil, 0x400000)
brk(0x200000ffa000)

1.832598909s ago: executing program 0 (id=567):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
r2 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000c00), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f0000000000)={'wlan1\x00', <r3=>0x0})
sendmsg$NL80211_CMD_TRIGGER_SCAN(r0, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000540)={0x20, r2, 0x1, 0x4, 0x25dfdbfc, {{}, {@val={0x8, 0x3, r3}, @void}}, [@NL80211_ATTR_SCAN_FREQUENCIES={0x4}]}, 0x20}, 0x1, 0x0, 0x0, 0x10}, 0x40000)

1.805265546s ago: executing program 5 (id=568):
bpf$MAP_CREATE(0x0, &(0x7f0000000100)=@base={0x13, 0x10, 0x2}, 0x50)
removexattr(&(0x7f0000000180)='./file0\x00', &(0x7f00000001c0)=@random={'user.', '\\\x10[]+\\\x00'})
mkdir(&(0x7f0000000000)='./cgroup/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x0)
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000fe7000/0x18000)=nil, &(0x7f0000000000)=[@text64={0x40, 0x0}], 0x1, 0x1, 0x0, 0x0)
ioctl$KVM_RUN(0xffffffffffffffff, 0xae80, 0x0)
ioctl$KVM_RUN(0xffffffffffffffff, 0xae80, 0x0)

1.802816523s ago: executing program 8 (id=569):
r0 = epoll_create1(0x0)
r1 = epoll_create1(0x0)
close(r0)
r2 = openat$fuse(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0)
syz_mount_image$fuse(&(0x7f0000000040), &(0x7f0000000000)='./file0\x00', 0x0, &(0x7f00000008c0)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r2, @ANYBLOB=',rootmode=00000000000000000040000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id='], 0x0, 0x0, 0x0)
epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, r0, &(0x7f0000c85000)={0x8000200d})
epoll_ctl$EPOLL_CTL_MOD(r1, 0x3, r0, &(0x7f0000000180)={0x40002000})
epoll_pwait(r1, &(0x7f0000000240)=[{}], 0x1, 0x2, 0x0, 0x0)

1.707813605s ago: executing program 0 (id=570):
socket(0x10, 0x803, 0x0)
mknod$loop(&(0x7f0000000140)='./file0\x00', 0xfff, 0x1)
r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000100), 0x42, 0x0)
mount$fuse(0x0, &(0x7f00000020c0)='./file0\x00', &(0x7f0000002100), 0x0, &(0x7f0000002140)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r0, @ANYBLOB=',rootmode=000000000100000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0])
read$FUSE(r0, &(0x7f0000006300)={0x2020, 0x0, <r1=>0x0}, 0x2020)
write$FUSE_INIT(r0, &(0x7f0000000040)={0x50, 0x0, r1, {0x7, 0x1f, 0x0, 0x10408}}, 0x50)
syz_fuse_handle_req(r0, &(0x7f00000021c0)="0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000e00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000800000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000dc4e00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ba045abcd5dfc67d00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000081000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000230000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000050000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000090000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000dc000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000008000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000209bfd66eea210560000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000020000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000003dc150f4000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000030000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000f50000000000000000000000000000000000000000000000000000000000000000000000000000000000c6d90000000000001354c4b6000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000f8000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001a00", 0x2000, &(0x7f00000062c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000300)={0x20}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
r2 = openat(0xffffffffffffff9c, &(0x7f000000c380)='./file0\x00', 0x80101, 0x0)
dup2(r2, r0)
r3 = syz_io_uring_setup(0x497, &(0x7f0000000300)={0x0, 0x7079, 0x1000, 0x14, 0x28b}, &(0x7f0000000180)=<r4=>0x0, &(0x7f00000001c0))
syz_memcpy_off$IO_URING_METADATA_GENERIC(r4, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4)
io_uring_enter(r3, 0x3af6, 0xbebb, 0x0, 0x0, 0xfffffea9)

1.512506735s ago: executing program 8 (id=571):
socket$kcm(0x10, 0x400000002, 0x0)
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200), 0x800, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_VCPU_EVENTS(r2, 0x4138ae84, &(0x7f0000000240)=@x86={0x0, 0x2, 0x84, 0x0, 0x1, 0x5, 0x3, 0x4, 0x80, 0x10, 0x3, 0xbe, 0x0, 0x7f, 0x4, 0xf0, 0xd5, 0x8, 0x6, '\x00', 0xc, 0x21})
ioctl$KVM_SET_IRQCHIP(r1, 0x8208ae63, &(0x7f0000000e40)={0x2, 0x0, @ioapic={0x1000, 0xffffffff, 0x40, 0x4, 0x0, [{0x1, 0x85, 0x8, '\x00', 0x6}, {0xb, 0x0, 0x0, '\x00', 0xa}, {0x6c, 0x8, 0x6, '\x00', 0xff}, {0xf2, 0x8, 0x10, '\x00', 0x9}, {0x9, 0x1, 0x3, '\x00', 0xb}, {0x2, 0xff, 0x9, '\x00', 0x1}, {0xf0, 0x3, 0xf7, '\x00', 0xf3}, {0x0, 0xa, 0x40, '\x00', 0x3}, {0x80, 0x74, 0x3, '\x00', 0xd}, {0xe7, 0xfe, 0xfe, '\x00', 0xf}, {0xbe, 0x1, 0x4, '\x00', 0x2}, {0x8, 0x5, 0xf, '\x00', 0x7f}, {0xa6, 0x0, 0xd, '\x00', 0x18}, {0x15, 0x8, 0x0, '\x00', 0x6}, {0x4, 0x4d, 0x9, '\x00', 0x1}, {0x9, 0xa, 0x9, '\x00', 0x2}, {0x5, 0x8, 0x81, '\x00', 0x3}, {0x7, 0x7, 0x90, '\x00', 0xfe}, {0xfd, 0x0, 0x5, '\x00', 0x7f}, {0xfd, 0x3, 0xe2, '\x00', 0x2}, {0x0, 0x2, 0x7, '\x00', 0x6}, {0x0, 0xfe, 0xfd, '\x00', 0x9}, {0xe, 0x11, 0x2, '\x00', 0xfd}, {0xd, 0x9, 0x8e, '\x00', 0x8}]}})

1.457645973s ago: executing program 5 (id=572):
r0 = socket$inet6_sctp(0xa, 0x801, 0x84)
r1 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080), 0x4000000004002, 0x0)
r2 = dup(r1)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb, 0x13, r2, 0x2000)
getsockopt$bt_hci(r0, 0x84, 0x9, 0x0, &(0x7f0000000000))

1.351170563s ago: executing program 7 (id=573):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_CREATE(r1, 0x0, 0x2)
sendmsg$IPSET_CMD_ADD(r0, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000240)={&(0x7f00000001c0)={0x4c, 0x9, 0x6, 0x801, 0x0, 0x0, {0x5}, [@IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_DATA={0x24, 0x7, 0x0, 0x1, [@IPSET_ATTR_PROTO={0x5, 0x7, 0xff}, @IPSET_ATTR_IP={0xc, 0x1, 0x0, 0x1, @IPSET_ATTR_IPADDR_IPV4={0x8, 0x1, 0x1, 0x0, @private=0xa010101}}, @IPSET_ATTR_IP_TO={0xc, 0x2, 0x0, 0x1, @IPSET_ATTR_IPADDR_IPV4={0x8, 0x1, 0x1, 0x0, @multicast2}}]}]}, 0x4c}, 0x1, 0x0, 0x0, 0x10004893}, 0x80)

1.294907765s ago: executing program 0 (id=574):
r0 = open_tree(0xffffffffffffff9c, &(0x7f0000000640)='\x00', 0x89901)
close(r0)
signalfd(0xffffffffffffffff, &(0x7f00000001c0)={[0x226e88d4]}, 0x8)
r1 = creat(&(0x7f0000000280)='./file0\x00', 0xecf86c37d53049cc)
close(r1)
r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x20040, 0x0)
r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000180)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
connect$unix(r4, &(0x7f000057eff8)=@abs, 0x6e)
openat$random(0xffffffffffffff9c, 0x0, 0x800, 0x0)
sendmmsg$unix(r5, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r4, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sendto$inet(0xffffffffffffffff, 0x0, 0x0, 0x200007fd, 0x0, 0x0)
sendto$inet(0xffffffffffffffff, 0x0, 0x0, 0x11, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r3, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil})
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000600)=[@text64={0x40, &(0x7f0000000640)="430fc73f0f2390b9800000c00f3235010000000f300f20d835080000000f22d8c4e18173f53866baf80cb83879e487ef66bafc0cec66b88e008ec02d1aa80000460f1c460041ae", 0x47}], 0x1, 0x74, 0x0, 0x0)
openat$sw_sync_info(0xffffffffffffff9c, &(0x7f00000004c0), 0x1, 0x0)
ioctl$KVM_RUN(0xffffffffffffffff, 0xae80, 0x0)

1.233296279s ago: executing program 8 (id=575):
socket(0x10, 0x803, 0x0)
openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
socket(0x400000000010, 0x3, 0x0)
io_uring_setup(0x194e, &(0x7f0000000a80)={0x0, 0xd3d5, 0x80, 0x5, 0x2b0})
r0 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0)
ioctl$VHOST_SET_MEM_TABLE(r0, 0x4008af03, &(0x7f0000000280))
ioctl$VHOST_SET_FEATURES(r0, 0x4008af00, &(0x7f0000000080)=0x200000000)
ioctl$VHOST_VSOCK_SET_RUNNING(r0, 0x4004af61, &(0x7f0000000040)=0x1)
r1 = dup2(r0, r0)
signalfd4(0xffffffffffffffff, &(0x7f0000000140), 0x8, 0x0)
syz_io_uring_setup(0x39, &(0x7f0000000580)={0x0, 0xe7b7, 0x13500}, 0x0, 0x0)
pselect6(0x40, &(0x7f00000001c0)={0x0, 0x0, 0x3, 0xfffffffffffffffd}, 0x0, &(0x7f00000002c0)={0x3ff, 0x0, 0x0, 0x9, 0x0, 0x0, 0x7fffffff}, 0x0, 0x0)
read$FUSE(r1, &(0x7f0000002b40)={0x2020}, 0x2020)

1.164656167s ago: executing program 5 (id=576):
ioctl$vim2m_VIDIOC_ENUM_FMT(0xffffffffffffffff, 0xc0405602, &(0x7f0000000000)={0x26, 0x1, 0x0, "3a8e00000034b52ba75066c27891ca55e21f0000000000b2b678d200", 0x32344d59})

1.015328892s ago: executing program 5 (id=577):
munmap(&(0x7f0000bff000/0x400000)=nil, 0x400000)
brk(0x200000ffa000)

1.00520718s ago: executing program 7 (id=578):
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_int(r0, 0x29, 0x2, &(0x7f0000000000)=0x7, 0x4)
r1 = openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0)
write$UHID_CREATE2(r1, &(0x7f0000000040)=ANY=[], 0x118)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x5, 0x12, r1, 0x0)
setsockopt$inet6_int(r0, 0x29, 0x42, &(0x7f0000000040)=0xf2b, 0x4)
getsockopt$inet6_buf(r0, 0x29, 0x6, &(0x7f00000000c0)=""/25, &(0x7f0000000080)=0x17)

796.829477ms ago: executing program 5 (id=579):
r0 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r0, &(0x7f0000000000)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb-serpent-sse2\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, 0x0, 0x0)
r1 = accept4(r0, 0x0, 0x0, 0x0)
r2 = syz_io_uring_setup(0x9e, &(0x7f0000000640)={0x0, 0x5867, 0x10, 0xfffffffc, 0x24d}, &(0x7f00000006c0)=<r3=>0x0, &(0x7f00000001c0)=<r4=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r3, 0x4, &(0x7f00000002c0)=0xfffffffc, 0x0, 0x4)
sendmsg$NL80211_CMD_SET_WDS_PEER(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000500)=ANY=[], 0x38}, 0x1, 0x0, 0x0, 0x10}, 0x2404c000)
syz_io_uring_submit(r3, r4, &(0x7f0000000200)=@IORING_OP_READV=@pass_iovec={0x1, 0x0, 0x4007, @fd_index=0x4, 0x0, &(0x7f0000000100)=[{&(0x7f0000001800)=""/216, 0xd8}], 0x1})
io_uring_enter(r2, 0x100847c0, 0x0, 0x1, 0x0, 0x0)

468.613607ms ago: executing program 7 (id=580):
r0 = openat$adsp1(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
ioctl$SNDCTL_DSP_SETFRAGMENT(r0, 0xc004500a, 0x0)
ioctl$SOUND_PCM_READ_CHANNELS(r0, 0x80045006, 0x0)

124.384811ms ago: executing program 8 (id=581):
bpf$MAP_CREATE(0x0, &(0x7f0000000100)=@base={0x13, 0x10, 0x2}, 0x50)
removexattr(&(0x7f0000000180)='./file0\x00', &(0x7f00000001c0)=@random={'user.', '\\\x10[]+\\\x00'})
mkdir(&(0x7f0000000000)='./cgroup/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x0)
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000fe7000/0x18000)=nil, &(0x7f0000000000)=[@text64={0x40, 0x0}], 0x1, 0x1, 0x0, 0x0)
ioctl$KVM_RUN(r2, 0xae80, 0x0)
ioctl$KVM_RUN(r2, 0xae80, 0x0)

0s ago: executing program 7 (id=582):
r0 = socket$inet_smc(0x2b, 0x1, 0x0)
setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000100)='dctcp-reno\x00', 0xb)
r1 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080), 0x4000000004002, 0x0)
sendmmsg(0xffffffffffffffff, &(0x7f0000009340)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4008004)
setsockopt$SO_RDS_TRANSPORT(0xffffffffffffffff, 0x114, 0x8, &(0x7f00000008c0)=0x2, 0x4)
prctl$PR_SET_MM_MAP(0x23, 0xe, &(0x7f0000000000)={&(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000a5f000/0x3000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000000000/0x2000)=nil, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000ffb000/0x4000)=nil, &(0x7f0000ffc000/0x1000)=nil, 0x0}, 0x68)
ptrace(0x10, 0x1)
r2 = socket(0x840000000002, 0x3, 0xff)
connect$inet(r2, &(0x7f0000000280)={0x2, 0x4e21, @remote}, 0x10)
sendmmsg$inet(r2, &(0x7f0000005240)=[{{0x0, 0xfffffdef, 0x0, 0x0, 0x0, 0x0, 0x10}, 0xfffffdef}], 0x4000095, 0x401eb94)
r3 = dup(r1)
socket$inet6(0xa, 0x5, 0xffff)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x1000007, 0x38011, r3, 0x2c9ab000)
r4 = bpf$MAP_CREATE(0x0, &(0x7f0000000080)=@base={0x2, 0x4, 0x6, 0x504}, 0x48)
bpf$MAP_LOOKUP_BATCH(0x18, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000000), &(0x7f0000000200), 0xa7c, r4}, 0x38)
r5 = syz_open_procfs(0x0, &(0x7f00000001c0)='maps\x00')
ioctl$KVM_SET_USER_MEMORY_REGION(r5, 0xc0686611, &(0x7f0000000180)={0x68, 0x0, 0x17, 0x2000, &(0x7f0000ffd000/0x2000)=nil})
socketpair$unix(0x1, 0x3, 0x0, &(0x7f00000003c0))
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r6 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080), 0x4000000004002, 0x0)
madvise(&(0x7f0000000000/0xc00000)=nil, 0xc00304, 0x15)
fadvise64(r6, 0x18, 0x0, 0x4)

kernel console output (not intermixed with test programs):

exists in 'hsr'
[   90.838810][ T5857] Cannot create hsr debugfs directory
[   90.853200][ T5844] batman_adv: batadv0: Adding interface: batadv_slave_1
[   90.860421][ T5844] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   90.891095][ T5844] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   90.918790][ T5859] team0: Port device team_slave_0 added
[   90.952733][ T5853] hsr_slave_0: entered promiscuous mode
[   90.959488][ T5853] hsr_slave_1: entered promiscuous mode
[   90.966133][ T5853] debugfs: 'hsr0' already exists in 'hsr'
[   90.971877][ T5853] Cannot create hsr debugfs directory
[   91.001426][ T5859] team0: Port device team_slave_1 added
[   91.132855][ T5859] batman_adv: batadv0: Adding interface: batadv_slave_0
[   91.140385][ T5859] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   91.167328][ T5859] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   91.231567][ T5859] batman_adv: batadv0: Adding interface: batadv_slave_1
[   91.238594][ T5859] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   91.265503][ T5859] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   91.295115][ T5844] hsr_slave_0: entered promiscuous mode
[   91.301592][ T5844] hsr_slave_1: entered promiscuous mode
[   91.308308][ T5844] debugfs: 'hsr0' already exists in 'hsr'
[   91.314054][ T5844] Cannot create hsr debugfs directory
[   91.615225][ T5859] hsr_slave_0: entered promiscuous mode
[   91.621716][ T5859] hsr_slave_1: entered promiscuous mode
[   91.628203][ T5859] debugfs: 'hsr0' already exists in 'hsr'
[   91.634039][ T5859] Cannot create hsr debugfs directory
[   91.827819][ T5845] netdevsim netdevsim4 netdevsim0: renamed from eth0
[   91.878079][ T5845] netdevsim netdevsim4 netdevsim1: renamed from eth1
[   91.888442][    T9] cfg80211: failed to load regulatory.db
[   91.892713][ T5845] netdevsim netdevsim4 netdevsim2: renamed from eth2
[   91.908401][ T5845] netdevsim netdevsim4 netdevsim3: renamed from eth3
[   92.020185][ T5857] netdevsim netdevsim2 netdevsim0: renamed from eth0
[   92.033936][ T5857] netdevsim netdevsim2 netdevsim1: renamed from eth1
[   92.076834][ T5857] netdevsim netdevsim2 netdevsim2: renamed from eth2
[   92.090377][ T5857] netdevsim netdevsim2 netdevsim3: renamed from eth3
[   92.184117][ T5853] netdevsim netdevsim3 netdevsim0: renamed from eth0
[   92.198732][ T5853] netdevsim netdevsim3 netdevsim1: renamed from eth1
[   92.205674][ T5167] Bluetooth: hci0: command tx timeout
[   92.217088][ T5853] netdevsim netdevsim3 netdevsim2: renamed from eth2
[   92.249232][ T5853] netdevsim netdevsim3 netdevsim3: renamed from eth3
[   92.286312][ T5850] Bluetooth: hci1: command tx timeout
[   92.291942][ T5167] Bluetooth: hci2: command tx timeout
[   92.345926][ T5844] netdevsim netdevsim0 netdevsim0: renamed from eth0
[   92.360031][ T5844] netdevsim netdevsim0 netdevsim1: renamed from eth1
[   92.367879][ T5167] Bluetooth: hci3: command tx timeout
[   92.382369][ T5844] netdevsim netdevsim0 netdevsim2: renamed from eth2
[   92.393997][ T5844] netdevsim netdevsim0 netdevsim3: renamed from eth3
[   92.444824][ T5167] Bluetooth: hci4: command tx timeout
[   92.511225][ T5845] 8021q: adding VLAN 0 to HW filter on device bond0
[   92.534317][ T5859] netdevsim netdevsim1 netdevsim0: renamed from eth0
[   92.545757][ T5859] netdevsim netdevsim1 netdevsim1: renamed from eth1
[   92.558678][ T5859] netdevsim netdevsim1 netdevsim2: renamed from eth2
[   92.590465][ T5859] netdevsim netdevsim1 netdevsim3: renamed from eth3
[   92.642768][ T5845] 8021q: adding VLAN 0 to HW filter on device team0
[   92.678336][ T5857] 8021q: adding VLAN 0 to HW filter on device bond0
[   92.702663][ T3535] bridge0: port 1(bridge_slave_0) entered blocking state
[   92.710210][ T3535] bridge0: port 1(bridge_slave_0) entered forwarding state
[   92.769334][ T5857] 8021q: adding VLAN 0 to HW filter on device team0
[   92.778692][ T3535] bridge0: port 2(bridge_slave_1) entered blocking state
[   92.785903][ T3535] bridge0: port 2(bridge_slave_1) entered forwarding state
[   92.828232][ T3535] bridge0: port 1(bridge_slave_0) entered blocking state
[   92.835446][ T3535] bridge0: port 1(bridge_slave_0) entered forwarding state
[   92.876072][ T3535] bridge0: port 2(bridge_slave_1) entered blocking state
[   92.883241][ T3535] bridge0: port 2(bridge_slave_1) entered forwarding state
[   92.949761][ T5853] 8021q: adding VLAN 0 to HW filter on device bond0
[   92.980042][ T5844] 8021q: adding VLAN 0 to HW filter on device bond0
[   93.009365][ T5853] 8021q: adding VLAN 0 to HW filter on device team0
[   93.051260][   T12] bridge0: port 1(bridge_slave_0) entered blocking state
[   93.058473][   T12] bridge0: port 1(bridge_slave_0) entered forwarding state
[   93.078907][ T5844] 8021q: adding VLAN 0 to HW filter on device team0
[   93.118026][ T3571] bridge0: port 1(bridge_slave_0) entered blocking state
[   93.125257][ T3571] bridge0: port 1(bridge_slave_0) entered forwarding state
[   93.176627][ T3571] bridge0: port 2(bridge_slave_1) entered blocking state
[   93.183838][ T3571] bridge0: port 2(bridge_slave_1) entered forwarding state
[   93.216916][ T3571] bridge0: port 2(bridge_slave_1) entered blocking state
[   93.224164][ T3571] bridge0: port 2(bridge_slave_1) entered forwarding state
[   93.319864][ T5859] 8021q: adding VLAN 0 to HW filter on device bond0
[   93.512080][ T5859] 8021q: adding VLAN 0 to HW filter on device team0
[   93.556321][   T12] bridge0: port 1(bridge_slave_0) entered blocking state
[   93.563525][   T12] bridge0: port 1(bridge_slave_0) entered forwarding state
[   93.598016][   T13] bridge0: port 2(bridge_slave_1) entered blocking state
[   93.605220][   T13] bridge0: port 2(bridge_slave_1) entered forwarding state
[   93.652700][ T5845] 8021q: adding VLAN 0 to HW filter on device batadv0
[   93.705723][ T5857] 8021q: adding VLAN 0 to HW filter on device batadv0
[   93.988052][ T5857] veth0_vlan: entered promiscuous mode
[   94.083631][ T5844] 8021q: adding VLAN 0 to HW filter on device batadv0
[   94.121995][ T5853] 8021q: adding VLAN 0 to HW filter on device batadv0
[   94.134525][ T5857] veth1_vlan: entered promiscuous mode
[   94.285777][ T5167] Bluetooth: hci0: command tx timeout
[   94.330165][ T5857] veth0_macvtap: entered promiscuous mode
[   94.362136][ T5844] veth0_vlan: entered promiscuous mode
[   94.378440][ T5167] Bluetooth: hci2: command tx timeout
[   94.382098][ T5853] veth0_vlan: entered promiscuous mode
[   94.383899][ T5167] Bluetooth: hci1: command tx timeout
[   94.407519][ T5857] veth1_macvtap: entered promiscuous mode
[   94.437783][ T5844] veth1_vlan: entered promiscuous mode
[   94.444890][ T5167] Bluetooth: hci3: command tx timeout
[   94.459135][ T5853] veth1_vlan: entered promiscuous mode
[   94.512195][ T5859] 8021q: adding VLAN 0 to HW filter on device batadv0
[   94.525797][ T5167] Bluetooth: hci4: command tx timeout
[   94.547711][ T5845] veth0_vlan: entered promiscuous mode
[   94.558236][ T5857] batman_adv: batadv0: Interface activated: batadv_slave_0
[   94.573743][ T5853] veth0_macvtap: entered promiscuous mode
[   94.590432][ T5845] veth1_vlan: entered promiscuous mode
[   94.599221][ T5857] batman_adv: batadv0: Interface activated: batadv_slave_1
[   94.621640][ T5844] veth0_macvtap: entered promiscuous mode
[   94.636307][ T5853] veth1_macvtap: entered promiscuous mode
[   94.669975][ T5844] veth1_macvtap: entered promiscuous mode
[   94.677237][   T49] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   94.690423][   T49] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   94.712467][   T49] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   94.737557][   T49] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   94.761198][ T5853] batman_adv: batadv0: Interface activated: batadv_slave_0
[   94.795664][ T5853] batman_adv: batadv0: Interface activated: batadv_slave_1
[   94.809278][ T5845] veth0_macvtap: entered promiscuous mode
[   94.833368][ T5844] batman_adv: batadv0: Interface activated: batadv_slave_0
[   94.843758][ T5845] veth1_macvtap: entered promiscuous mode
[   94.875685][   T13] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   94.890868][ T5844] batman_adv: batadv0: Interface activated: batadv_slave_1
[   94.902677][ T5859] veth0_vlan: entered promiscuous mode
[   94.919381][   T49] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   94.930197][   T49] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   94.975097][   T49] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   94.992498][ T5859] veth1_vlan: entered promiscuous mode
[   95.052396][   T49] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   95.061575][   T49] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   95.071468][   T49] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   95.113618][   T49] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   95.127441][ T5845] batman_adv: batadv0: Interface activated: batadv_slave_0
[   95.148472][   T49] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   95.162546][ T3515] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   95.162601][   T49] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   95.173753][ T3515] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   95.235495][ T5845] batman_adv: batadv0: Interface activated: batadv_slave_1
[   95.278277][   T78] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   95.286746][   T78] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   95.289289][ T5859] veth0_macvtap: entered promiscuous mode
[   95.323998][   T78] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   95.324525][   T13] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   95.341979][   T13] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   95.386979][   T78] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   95.403317][   T78] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   95.442193][ T5859] veth1_macvtap: entered promiscuous mode
[   95.452597][ T5857] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality.
[   95.460933][ T3535] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   95.491005][   T78] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   95.503476][ T3535] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   95.668608][ T5859] batman_adv: batadv0: Interface activated: batadv_slave_0
[   95.693215][ T3515] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   95.710844][ T3515] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   95.748990][ T5859] batman_adv: batadv0: Interface activated: batadv_slave_1
[   95.822062][ T3515] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   95.832688][ T3515] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   95.851994][ T3515] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   95.902898][ T3515] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   95.912559][    T9] usb 3-1: new high-speed USB device number 2 using dummy_hcd
[   95.977223][ T3535] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   96.003379][ T3535] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   96.099415][    T9] usb 3-1: config 27 has an invalid descriptor of length 0, skipping remainder of the config
[   96.141838][    T9] usb 3-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7
[   96.147991][ T3535] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   96.192928][    T9] usb 3-1: config 27 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[   96.211840][ T3535] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   96.268562][   T78] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   96.286722][ T5975] loop3: detected capacity change from 0 to 512
[   96.304903][   T78] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   96.375322][ T5167] Bluetooth: hci0: command tx timeout
[   96.429875][ T5975] EXT4-fs (loop3): orphan cleanup on readonly fs
[   96.445450][ T5167] Bluetooth: hci1: command tx timeout
[   96.450928][ T5167] Bluetooth: hci2: command tx timeout
[   96.468097][ T3535] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   96.493544][ T3535] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   96.536144][ T5850] Bluetooth: hci3: command tx timeout
[   96.562211][    T9] usb 3-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d
[   96.563717][ T5975] Quota error (device loop3): find_tree_dqentry: Cycle in quota tree detected: block 2 index 0
[   96.582893][    T9] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[   96.606313][ T5850] Bluetooth: hci4: command tx timeout
[   96.622845][ T5975] Quota error (device loop3): qtree_read_dquot: Can't read quota structure for id 0
[   96.643176][ T5975] EXT4-fs error (device loop3): ext4_acquire_dquot:6933: comm syz.3.7: Failed to acquire dquot type 1
[   96.675758][    T9] usb 3-1: Quirk or no altset; falling back to MIDI 1.0
[   96.720091][    T9] usb 3-1: invalid MIDI out EP 0
[   96.745028][ T5975] EXT4-fs (loop3): 1 truncate cleaned up
[   96.767773][ T5975] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback.
[   96.928570][ T5975] EXT4-fs (loop3): re-mounted 00000000-0000-0000-0000-000000000000.
[   97.029578][ T5985] syz.4.5 uses obsolete (PF_INET,SOCK_PACKET)
[   97.050078][    T9] snd-usb-audio 3-1:27.0: probe with driver snd-usb-audio failed with error -22
[   97.071140][    T9] usb 3-1: USB disconnect, device number 2
[   97.107129][ T5853] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   97.315328][ T5982] loop1: detected capacity change from 0 to 32768
[   97.322902][ T5898] udevd[5898]: error opening ATTR{/sys/devices/platform/dummy_hcd.2/usb3/3-1/3-1:27.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[   97.352948][ T5982] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop1 (7:1) scanned by syz.1.2 (5982)
[   97.398411][ T5982] BTRFS info (device loop1): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[   97.409234][ T5982] BTRFS info (device loop1): using crc32c (crc32c-lib) checksum algorithm
[   97.418782][ T5982] BTRFS info (device loop1): disk space caching is enabled
[   97.426252][ T5982] BTRFS warning (device loop1): space cache v1 is being deprecated and will be removed in a future release, please use -o space_cache=v2
[   97.657612][ T5982] BTRFS info (device loop1): rebuilding free space tree
[   97.730898][ T5982] BTRFS info (device loop1): disabling free space tree
[   97.738042][ T5982] BTRFS info (device loop1): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1)
[   97.747977][ T5982] BTRFS info (device loop1): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2)
[   97.943851][ T6010] usb usb8: usbfs: process 6010 (syz.2.12) did not claim interface 0 before use
[   98.084216][ T6003] loop4: detected capacity change from 0 to 32768
[   98.145959][ T6009] kvm_intel: L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/l1tf.html for details.
[   98.330378][ T6003] bcachefs (loop4): starting version 1.7: mi_btree_bitmap opts=metadata_checksum=none,data_checksum=none,compression=lz4,recovery_pass_last=initialize_subvolumes,nojournal_transaction_names,noexcl,read_only
[   98.330408][ T6003]   allowing incompatible features above 0.0: (unknown version)
[   98.330421][ T6003]   features: lz4,new_siphash,inline_data,new_extent_overwrite,btree_ptr_v2,new_varint,journal_no_flush,alloc_v2,extents_across_btree_nodes
[   98.373017][ T6003] bcachefs (loop4): Using encoding defined by superblock: utf8-12.1.0
[   98.381656][ T6003] bcachefs (loop4): recovering from clean shutdown, journal seq 10
[   98.390072][ T6003] bcachefs (loop4): Version upgrade required:
[   98.390072][ T6003] Version upgrade from 0.24: unwritten_extents to 1.7: mi_btree_bitmap incomplete
[   98.390072][ T6003] Doing incompatible version upgrade from 0.24: unwritten_extents to 1.28: inode_has_case_insensitive
[   98.390072][ T6003]   running recovery passes: check_allocations,check_alloc_info,check_lrus,check_btree_backpointers,check_backpointers_to_extents,check_extents_to_backpointers,check_alloc_to_lru_refs,bucket_gens_init,check_snapshot_trees,check_snapshots,check_subvols,check_subvol_children,delete_dead_snapshots,check_inodes,check_extents,check_indirect_extents,check_dirents,check_xattrs,check_root,check_unreachable_inodes,check_subvolume_structure,check_directory_structure,check_nlinks,check_rebalance_work,set_fs_needs_rebalance
[   98.606083][ T6003] bcachefs (loop4): error reading btree root btree=alloc level=0: btree_node_read_error, fixing
[   98.651550][ T6003] bcachefs (loop4): check_topology... done
[   98.660336][ T6003] bcachefs (loop4): accounting_read... done
[   99.424489][ T6003] bcachefs (loop4): alloc_read... done
[   99.445122][ T6003] bcachefs (loop4): Fixed errors, running fsck a second time to verify fs is clean
[   99.459592][ T6003] bcachefs (loop4): done starting filesystem
[   99.499391][    T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!!
[   99.617520][ T5845] bcachefs (loop4): shutting down
[   99.770762][ T6019] netlink: 132 bytes leftover after parsing attributes in process `syz.0.13'.
[   99.881529][ T5845] bcachefs (loop4): shutdown complete
[   99.890081][    T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!!
[  100.045275][    T0] NOHZ tick-stop error: local softirq work is pending, handler #08!!!
[  100.354831][ T5961] usb 4-1: new high-speed USB device number 2 using dummy_hcd
[  100.466180][    T9] usb 3-1: new high-speed USB device number 3 using dummy_hcd
[  100.545405][ T5961] usb 4-1: Using ep0 maxpacket: 8
[  100.565044][ T5961] usb 4-1: config 0 has an invalid interface number: 31 but max is 0
[  100.575049][ T5961] usb 4-1: config 0 has no interface number 0
[  100.588881][ T5961] usb 4-1: New USB device found, idVendor=046d, idProduct=08c3, bcdDevice=6b.16
[  100.600412][    T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!!
[  100.610460][ T5961] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  100.619882][ T5961] usb 4-1: Product: syz
[  100.619899][ T5859] BTRFS info (device loop1): last unmount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[  100.624272][ T5961] usb 4-1: Manufacturer: syz
[  100.641275][ T5961] usb 4-1: SerialNumber: syz
[  100.657928][    T9] usb 3-1: config 0 has an invalid interface number: 204 but max is 0
[  100.671880][    T9] usb 3-1: config 0 has no interface number 0
[  100.691166][ T5961] usb 4-1: config 0 descriptor??
[  100.708208][    T9] usb 3-1: New USB device found, idVendor=12d6, idProduct=0444, bcdDevice=29.3d
[  100.737590][    T9] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  100.756191][    T9] usb 3-1: Product: syz
[  100.765034][    T0] NOHZ tick-stop error: local softirq work is pending, handler #08!!!
[  100.789238][    T9] usb 3-1: Manufacturer: syz
[  100.799181][    T9] usb 3-1: SerialNumber: syz
[  100.821437][    T9] usb 3-1: config 0 descriptor??
[  100.839238][    T9] ems_usb 3-1:0.204 (unnamed net_device) (uninitialized): couldn't initialize controller: -22
[  100.899031][    T9] ems_usb 3-1:0.204: probe with driver ems_usb failed with error -22
[  100.945021][ T5961] usb 4-1: Found UVC 0.04 device syz (046d:08c3)
[  100.976204][ T5961] usb 4-1: No valid video chain found.
[  101.175191][ T5961] usb 4-1: USB disconnect, device number 2
[  101.233508][ T5913] usb 3-1: USB disconnect, device number 3
[  101.245055][    T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!!
[  101.805424][    T0] NOHZ tick-stop error: local softirq work is pending, handler #08!!!
[  102.035129][    T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!!
[  102.134964][    T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!!
[  102.255998][ T6047] IPVS: length: 4096 != 8
[  102.285462][    T0] NOHZ tick-stop error: local softirq work is pending, handler #08!!!
[  103.453900][ T6067] team_slave_0: entered promiscuous mode
[  103.460727][ T6067] team_slave_1: entered promiscuous mode
[  103.729915][ T6069] loop0: detected capacity change from 0 to 40427
[  103.747167][ T6067] macsec1: entered promiscuous mode
[  103.752439][ T6067] team0: entered promiscuous mode
[  103.813606][ T6067] macsec1: entered allmulticast mode
[  103.815751][ T6069] F2FS-fs (loop0): invalid crc value
[  103.823140][ T6067] team0: entered allmulticast mode
[  103.928128][ T6071] loop2: detected capacity change from 0 to 256
[  103.951185][ T6069] F2FS-fs (loop0): Start checkpoint disabled!
[  103.975645][ T6069] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e6
[  104.004735][ T6067] team_slave_0: entered allmulticast mode
[  104.010536][ T6067] team_slave_1: entered allmulticast mode
[  104.071185][ T6071] exFAT-fs (loop2): failed to load upcase table (idx : 0x00010000, chksum : 0xf6dff195, utbl_chksum : 0xe619d30d)
[  104.129256][ T6067] team0: Device macsec1 is already an upper device of the team interface
[  104.186097][ T6071] =======================================================
[  104.186097][ T6071] WARNING: The mand mount option has been deprecated and
[  104.186097][ T6071]          and is ignored by this kernel. Remove the mand
[  104.186097][ T6071]          option from the mount to silence this warning.
[  104.186097][ T6071] =======================================================
[  104.280927][ T6067] team0: left allmulticast mode
[  104.349904][ T6067] team_slave_0: left allmulticast mode
[  104.371738][ T6067] team_slave_1: left allmulticast mode
[  104.394904][ T6067] team0: left promiscuous mode
[  104.484957][ T6067] team_slave_0: left promiscuous mode
[  104.490459][ T6067] team_slave_1: left promiscuous mode
[  104.960309][ T6078] IPv6: sit1: Disabled Multicast RS
[  105.468992][ T3515] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  105.872731][ T3515] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  106.035630][ T5961] usb 1-1: new high-speed USB device number 2 using dummy_hcd
[  106.079119][ T3515] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  106.207307][ T5961] usb 1-1: Using ep0 maxpacket: 16
[  106.957555][ T5961] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  107.096954][ T3515] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  107.120188][ T5961] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  107.167516][ T5961] usb 1-1: New USB device found, idVendor=1044, idProduct=7a4d, bcdDevice= 0.00
[  107.201825][ T5961] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  107.379426][ T5961] usb 1-1: config 0 descriptor??
[  107.502494][ T5961] usbhid 1-1:0.0: can't add hid device: -22
[  107.574413][ T5961] usbhid 1-1:0.0: probe with driver usbhid failed with error -22
[  107.575787][ T6093] netlink: 8 bytes leftover after parsing attributes in process `syz.3.40'.
[  107.616987][ T6093] netlink: 'syz.3.40': attribute type 5 has an invalid length.
[  107.660025][ T6093] netlink: 28 bytes leftover after parsing attributes in process `syz.3.40'.
[  107.835171][ T6093] geneve2: entered promiscuous mode
[  107.858756][ T6093] geneve2: entered allmulticast mode
[  108.197099][ T3571] netdevsim netdevsim3 netdevsim0: set [1, 1] type 2 family 0 port 256 - 0
[  108.213596][ T3571] netdevsim netdevsim3 netdevsim1: set [1, 1] type 2 family 0 port 256 - 0
[  108.366233][ T3571] netdevsim netdevsim3 netdevsim2: set [1, 1] type 2 family 0 port 256 - 0
[  108.413692][ T3571] netdevsim netdevsim3 netdevsim3: set [1, 1] type 2 family 0 port 256 - 0
[  108.466463][ T3515] bridge_slave_1: left allmulticast mode
[  108.491058][ T3515] bridge_slave_1: left promiscuous mode
[  108.525734][ T3515] bridge0: port 2(bridge_slave_1) entered disabled state
[  108.596470][ T3515] bridge_slave_0: left allmulticast mode
[  108.602365][ T3515] bridge_slave_0: left promiscuous mode
[  108.617090][ T3515] bridge0: port 1(bridge_slave_0) entered disabled state
[  109.197012][ T6106] loop3: detected capacity change from 0 to 40427
[  109.253055][ T6106] F2FS-fs (loop3): invalid crc value
[  109.355178][ T6106] F2FS-fs (loop3): Start checkpoint disabled!
[  109.392503][ T6106] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e6
[  109.449807][ T5167] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1
[  109.465267][ T5167] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9
[  109.473501][ T5167] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9
[  109.484773][ T5167] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4
[  109.492898][ T5167] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2
[  110.084139][ T5913] usb 1-1: USB disconnect, device number 2
[  111.039205][ T6135] loop0: detected capacity change from 0 to 32768
[  111.664827][ T5850] Bluetooth: hci3: command tx timeout
[  111.696006][ T6135] bcachefs (loop0): starting version 1.7: mi_btree_bitmap opts=errors=continue,metadata_checksum=none,data_checksum=none,compression=lz4,nocow
[  111.696032][ T6135]   allowing incompatible features above 0.0: (unknown version)
[  111.696046][ T6135]   features: lz4,new_siphash,inline_data,new_extent_overwrite,btree_ptr_v2,new_varint,journal_no_flush,alloc_v2,extents_across_btree_nodes
[  111.719853][ T6146] loop3: detected capacity change from 0 to 40427
[  111.735317][ T6135] bcachefs (loop0): Using encoding defined by superblock: utf8-12.1.0
[  111.750277][ T6135] bcachefs (loop0): initializing new filesystem
[  111.766220][ T6146] F2FS-fs (loop3): invalid crc value
[  111.770611][ T6135] bcachefs (loop0): going read-write
[  111.857091][ T6135] bcachefs (loop0): marking superblocks
[  111.880843][ T6135] bcachefs (loop0): initializing freespace
[  111.890734][ T6135] bcachefs (loop0): done initializing freespace
[  111.900513][ T6135] bcachefs (loop0): reading snapshots table
[  111.906705][ T6135] bcachefs (loop0): reading snapshots done
[  111.946166][ T6146] F2FS-fs (loop3): Start checkpoint disabled!
[  111.981084][ T6135] bcachefs (loop0):  loop0: Superblock write was silently dropped! (seq 0 expected 42)
[  111.993025][ T6135] bcachefs (loop0): done starting filesystem
[  112.028007][ T6146] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e6
[  112.105511][ T3515] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  112.117046][ T6135] syz.0.50 (6135) used greatest stack depth: 16376 bytes left
[  112.188430][ T5844] bcachefs (loop0): shutting down
[  112.193520][ T5844] bcachefs (loop0): going read-only
[  112.205116][ T5844] bcachefs (loop0): finished waiting for writes to stop
[  112.270553][ T3515] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  112.295990][ T5844] bcachefs (loop0): flushing journal and stopping allocators, journal seq 5
[  112.327330][ T3515] bond0 (unregistering): Released all slaves
[  112.473966][ T5844] bcachefs (loop0): flushing journal and stopping allocators complete, journal seq 5
[  112.582599][ T5844] bcachefs (loop0): clean shutdown complete, journal seq 6
[  112.611555][ T5844] bcachefs (loop0): marking filesystem clean
[  112.665323][    T9] usb 2-1: new high-speed USB device number 2 using dummy_hcd
[  112.775952][ T5844] bcachefs (loop0): shutdown complete
[  112.844964][    T9] usb 2-1: Using ep0 maxpacket: 8
[  112.857383][    T9] usb 2-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[  112.875332][    T9] usb 2-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0
[  112.896968][    T9] usb 2-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32
[  112.956619][    T9] usb 2-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  112.992019][    T9] usb 2-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23
[  113.055672][    T9] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  113.315181][    T9] usb 2-1: GET_CAPABILITIES returned 0
[  113.320744][    T9] usbtmc 2-1:16.0: can't read capabilities
[  113.336607][ T3515] hsr_slave_0: left promiscuous mode
[  113.393116][ T3515] hsr_slave_1: left promiscuous mode
[  113.402591][ T3515] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  113.413850][ T6171] loop3: detected capacity change from 0 to 128
[  113.434162][ T3515] batman_adv: batadv0: Removing interface: batadv_slave_0
[  113.463438][ T3515] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  113.475428][ T3515] batman_adv: batadv0: Removing interface: batadv_slave_1
[  113.543627][    T9] usb 2-1: USB disconnect, device number 2
[  113.552919][ T3515] veth1_macvtap: left promiscuous mode
[  113.611798][ T3515] veth0_macvtap: left promiscuous mode
[  113.625244][ T3515] veth1_vlan: left promiscuous mode
[  113.659272][ T3515] veth0_vlan: left promiscuous mode
[  113.724837][ T5850] Bluetooth: hci3: command tx timeout
[  115.490691][ T6196] capability: warning: `syz.3.63' uses deprecated v2 capabilities in a way that may be insecure
[  115.810032][ T5850] Bluetooth: hci3: command tx timeout
[  116.129690][ T6202] loop3: detected capacity change from 0 to 40427
[  116.151114][ T6202] F2FS-fs (loop3): invalid crc value
[  116.253085][ T6202] F2FS-fs (loop3): Start checkpoint disabled!
[  116.263514][ T6202] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e6
[  116.285005][   T30] audit: type=1800 audit(1751868064.080:2): pid=6202 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.3.66" name="file2" dev="loop3" ino=10 res=0 errno=0
[  116.308431][ T6202] syz.3.66: attempt to access beyond end of device
[  116.308431][ T6202] loop3: rw=10241, sector=45096, nr_sectors = 8 limit=40427
[  116.324400][ T6202] syz.3.66: attempt to access beyond end of device
[  116.324400][ T6202] loop3: rw=2049, sector=45104, nr_sectors = 8 limit=40427
[  116.338675][ T6202] syz.3.66: attempt to access beyond end of device
[  116.338675][ T6202] loop3: rw=2049, sector=45096, nr_sectors = 8 limit=40427
[  116.462072][ T1311] kworker/u8:5: attempt to access beyond end of device
[  116.462072][ T1311] loop3: rw=2049, sector=45112, nr_sectors = 8 limit=40427
[  116.536355][ T1311] CPU: 1 UID: 0 PID: 1311 Comm: kworker/u8:5 Not tainted 6.16.0-rc4-next-20250704-syzkaller #0 PREEMPT(full) 
[  116.536386][ T1311] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  116.536401][ T1311] Workqueue: writeback wb_workfn (flush-7:3)
[  116.536452][ T1311] Call Trace:
[  116.536461][ T1311]  <TASK>
[  116.536470][ T1311]  dump_stack_lvl+0x189/0x250
[  116.536502][ T1311]  ? __pfx_dump_stack_lvl+0x10/0x10
[  116.536524][ T1311]  ? _raw_spin_unlock_irqrestore+0x85/0x110
[  116.536551][ T1311]  ? __pfx_queue_work_on+0x10/0x10
[  116.536577][ T1311]  ? _raw_spin_unlock_irqrestore+0xad/0x110
[  116.536603][ T1311]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[  116.536631][ T1311]  ? f2fs_hw_is_readonly+0x39b/0x470
[  116.536669][ T1311]  f2fs_handle_critical_error+0x37c/0x540
[  116.536710][ T1311]  f2fs_write_end_io+0x495/0x810
[  116.536733][ T1311]  ? blkg_put+0x22/0x240
[  116.536772][ T1311]  __submit_merged_bio+0x27a/0x6a0
[  116.536813][ T1311]  __submit_merged_write_cond+0x255/0x530
[  116.536854][ T1311]  f2fs_write_data_pages+0x261d/0x3000
[  116.536916][ T1311]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[  116.536955][ T1311]  ? __pfx_f2fs_available_free_memory+0x10/0x10
[  116.537021][ T1311]  ? __pfx_f2fs_balance_fs_bg+0x10/0x10
[  116.537058][ T1311]  ? trace_f2fs_writepages+0x7f/0x200
[  116.537094][ T1311]  ? f2fs_write_node_pages+0x478/0x6e0
[  116.537133][ T1311]  ? __pfx_f2fs_write_node_pages+0x10/0x10
[  116.537182][ T1311]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[  116.537207][ T1311]  do_writepages+0x32e/0x550
[  116.537237][ T1311]  ? reacquire_held_locks+0x127/0x1d0
[  116.537259][ T1311]  ? writeback_sb_inodes+0x384/0x1010
[  116.537300][ T1311]  __writeback_single_inode+0x145/0xff0
[  116.537326][ T1311]  ? do_raw_spin_unlock+0x122/0x240
[  116.537359][ T1311]  writeback_sb_inodes+0x6c7/0x1010
[  116.537413][ T1311]  ? __pfx_writeback_sb_inodes+0x10/0x10
[  116.537485][ T1311]  ? rcu_is_watching+0x15/0xb0
[  116.537519][ T1311]  wb_writeback+0x43b/0xaf0
[  116.537553][ T1311]  ? queue_io+0x3d1/0x590
[  116.537580][ T1311]  ? __pfx_wb_writeback+0x10/0x10
[  116.537614][ T1311]  ? _raw_spin_unlock_irq+0x23/0x50
[  116.537645][ T1311]  wb_workfn+0x409/0xef0
[  116.537696][ T1311]  ? __pfx_wb_workfn+0x10/0x10
[  116.537739][ T1311]  ? __lock_acquire+0xab9/0xd20
[  116.537784][ T1311]  ? process_scheduled_works+0x9ef/0x17b0
[  116.537813][ T1311]  ? _raw_spin_unlock_irq+0x23/0x50
[  116.537837][ T1311]  ? process_scheduled_works+0x9ef/0x17b0
[  116.537857][ T1311]  ? process_scheduled_works+0x9ef/0x17b0
[  116.537880][ T1311]  process_scheduled_works+0xae1/0x17b0
[  116.537935][ T1311]  ? __pfx_process_scheduled_works+0x10/0x10
[  116.537977][ T1311]  worker_thread+0x8a0/0xda0
[  116.538002][ T1311]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[  116.538038][ T1311]  ? __kthread_parkme+0x7b/0x200
[  116.538073][ T1311]  kthread+0x70e/0x8a0
[  116.538104][ T1311]  ? __pfx_worker_thread+0x10/0x10
[  116.538125][ T1311]  ? __pfx_kthread+0x10/0x10
[  116.538154][ T1311]  ? _raw_spin_unlock_irq+0x23/0x50
[  116.538178][ T1311]  ? lockdep_hardirqs_on+0x9c/0x150
[  116.538203][ T1311]  ? __pfx_kthread+0x10/0x10
[  116.538231][ T1311]  ret_from_fork+0x3fc/0x770
[  116.538255][ T1311]  ? __pfx_ret_from_fork+0x10/0x10
[  116.538289][ T1311]  ? __switch_to_asm+0x39/0x70
[  116.538315][ T1311]  ? __switch_to_asm+0x33/0x70
[  116.538341][ T1311]  ? __pfx_kthread+0x10/0x10
[  116.538368][ T1311]  ret_from_fork_asm+0x1a/0x30
[  116.538412][ T1311]  </TASK>
[  116.538421][ T1311] F2FS-fs (loop3): Stopped filesystem due to reason: 3
[  116.996829][ T6212] netlink: 8 bytes leftover after parsing attributes in process `syz.0.56'.
[  117.300260][ T3515] team0 (unregistering): Port device team_slave_1 removed
[  117.442313][ T3515] team0 (unregistering): Port device team_slave_0 removed
[  117.895388][ T5850] Bluetooth: hci3: command tx timeout
[  119.479171][ T6235] netlink: 12 bytes leftover after parsing attributes in process `syz.1.76'.
[  119.596938][ T6101] Set syz1 is full, maxelem 65536 reached
[  119.608368][ T6099] Set syz1 is full, maxelem 65536 reached
[  119.993974][ T6219] netlink: 8 bytes leftover after parsing attributes in process `syz.0.72'.
[  120.016991][ T6219] sch_tbf: burst 0 is lower than device lo mtu (65550) !
[  120.054221][ T6235] vlan2: entered promiscuous mode
[  120.059443][ T6235] erspan0: entered promiscuous mode
[  120.827208][ T6111] chnl_net:caif_netlink_parms(): no params data found
[  121.917508][ T5927] usb 1-1: new high-speed USB device number 3 using dummy_hcd
[  121.995374][ T6265] vlan0: entered promiscuous mode
[  122.096839][ T5927] usb 1-1: config 0 has an invalid interface number: 9 but max is 0
[  122.141989][ T5927] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  122.181467][ T6111] bridge0: port 1(bridge_slave_0) entered blocking state
[  122.195109][ T5927] usb 1-1: config 0 has no interface number 0
[  122.201271][ T5927] usb 1-1: New USB device found, idVendor=0421, idProduct=0302, bcdDevice=45.e8
[  122.213017][ T6111] bridge0: port 1(bridge_slave_0) entered disabled state
[  122.258477][ T6111] bridge_slave_0: entered allmulticast mode
[  122.280190][ T5927] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  122.303221][ T6111] bridge_slave_0: entered promiscuous mode
[  122.330631][ T5927] usb 1-1: config 0 descriptor??
[  122.363470][ T5927] rndis_host 1-1:0.9: More than one union descriptor, skipping ...
[  122.366048][ T6111] bridge0: port 2(bridge_slave_1) entered blocking state
[  122.527322][ T5927] rndis_host 1-1:0.9: skipping garbage
[  122.535196][ T6111] bridge0: port 2(bridge_slave_1) entered disabled state
[  122.552700][ T6111] bridge_slave_1: entered allmulticast mode
[  122.575298][ T5927] usb 1-1: bad CDC descriptors
[  122.610942][ T6111] bridge_slave_1: entered promiscuous mode
[  122.613156][ T5927] cdc_acm 1-1:0.9: More than one union descriptor, skipping ...
[  122.665635][ T5927] cdc_acm 1-1:0.9: skipping garbage
[  123.066278][ T6290] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  123.076312][ T6290] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  123.142104][ T6289] Zero length message leads to an empty skb
[  123.158424][ T6111] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  123.187105][ T6111] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  123.471648][ T6304] PKCS7: Unknown OID: [5] (bad)
[  123.477938][ T6304] PKCS7: Only support pkcs7_signedData type
[  123.635955][ T6111] team0: Port device team_slave_0 added
[  123.661283][ T6111] team0: Port device team_slave_1 added
[  124.206356][ T6111] batman_adv: batadv0: Adding interface: batadv_slave_0
[  124.233771][ T6111] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  124.301127][ T6111] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  124.495387][ T6111] batman_adv: batadv0: Adding interface: batadv_slave_1
[  124.580513][ T6111] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  124.690553][ T6111] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  124.789210][ T6312] tipc: Started in network mode
[  124.878011][ T6312] tipc: Node identity e2978cd8eac8, cluster identity 4711
[  124.951660][ T6312] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  125.071860][ T6310] syzkaller0: entered promiscuous mode
[  125.091115][ T6310] syzkaller0: entered allmulticast mode
[  125.217632][ T6319] tipc: Resetting bearer <eth:syzkaller0>
[  125.405577][ T6111] hsr_slave_0: entered promiscuous mode
[  125.464992][ T6111] hsr_slave_1: entered promiscuous mode
[  125.492836][ T6111] debugfs: 'hsr0' already exists in 'hsr'
[  125.512697][ T6111] Cannot create hsr debugfs directory
[  125.590996][ T6319] tipc: Resetting bearer <eth:syzkaller0>
[  125.628347][ T6319] tipc: Disabling bearer <eth:syzkaller0>
[  125.997250][ T6331] 9pnet_fd: Insufficient options for proto=fd
[  126.264956][  T977] usb 1-1: USB disconnect, device number 3
[  126.757552][  T977] usb 1-1: new high-speed USB device number 4 using dummy_hcd
[  126.790768][ T6111] netdevsim netdevsim5 netdevsim0: renamed from eth0
[  126.834585][ T6111] netdevsim netdevsim5 netdevsim1: renamed from eth1
[  126.841442][ T5913] usb 2-1: new high-speed USB device number 3 using dummy_hcd
[  126.886114][ T6111] netdevsim netdevsim5 netdevsim2: renamed from eth2
[  126.910999][ T6111] netdevsim netdevsim5 netdevsim3: renamed from eth3
[  126.955599][  T977] usb 1-1: Using ep0 maxpacket: 32
[  126.981937][  T977] usb 1-1: config index 0 descriptor too short (expected 29220, got 36)
[  127.024933][  T977] usb 1-1: config 0 has too many interfaces: 81, using maximum allowed: 32
[  127.033621][  T977] usb 1-1: config 0 has 1 interface, different from the descriptor's value: 81
[  127.064798][ T5913] usb 2-1: Using ep0 maxpacket: 16
[  127.091366][  T977] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x1 has invalid wMaxPacketSize 0
[  127.112723][ T5913] usb 2-1: config 166 has an invalid interface number: 177 but max is 1
[  127.118308][  T977] usb 1-1: config 0 interface 0 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 0
[  127.135979][ T5913] usb 2-1: config 166 has an invalid interface number: 34 but max is 1
[  127.153249][  T977] usb 1-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 18
[  127.184682][ T5913] usb 2-1: config 166 has no interface number 0
[  127.192215][ T5913] usb 2-1: config 166 has no interface number 1
[  127.218401][  T977] usb 1-1: New USB device found, idVendor=03f0, idProduct=6c17, bcdDevice= 0.40
[  127.220264][ T5913] usb 2-1: config 166 interface 177 altsetting 4 has an invalid descriptor for endpoint zero, skipping
[  127.257897][  T977] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  127.280254][  T977] usb 1-1: config 0 descriptor??
[  127.312872][ T5913] usb 2-1: config 166 interface 177 altsetting 4 has an invalid descriptor for endpoint zero, skipping
[  127.349782][ T6111] 8021q: adding VLAN 0 to HW filter on device bond0
[  127.375610][ T5913] usb 2-1: config 166 interface 34 altsetting 1 has a duplicate endpoint with address 0x9, skipping
[  127.413813][ T5913] usb 2-1: config 166 interface 34 altsetting 1 has an endpoint descriptor with address 0xA6, changing to 0x86
[  127.432821][ T6111] 8021q: adding VLAN 0 to HW filter on device team0
[  127.466119][ T5913] usb 2-1: config 166 interface 34 altsetting 1 endpoint 0x86 has invalid maxpacket 23105, setting to 1024
[  127.485086][ T5913] usb 2-1: config 166 interface 34 altsetting 1 bulk endpoint 0x86 has invalid maxpacket 1024
[  127.521597][ T5913] usb 2-1: config 166 interface 34 altsetting 1 endpoint 0x85 has an invalid bInterval 0, changing to 7
[  127.544837][  T977] usblp 1-1:0.0: usblp0: USB Bidirectional printer dev 4 if 0 alt 0 proto 3 vid 0x03F0 pid 0x6C17
[  127.579958][ T3571] bridge0: port 1(bridge_slave_0) entered blocking state
[  127.587179][ T3571] bridge0: port 1(bridge_slave_0) entered forwarding state
[  127.590295][ T5913] usb 2-1: config 166 interface 34 altsetting 1 endpoint 0x85 has invalid wMaxPacketSize 0
[  127.612111][ T6351] EXT4-fs: Value of option "test_dummy_encryption" is unrecognized
[  127.624390][  T977] usb 1-1: USB disconnect, device number 4
[  127.640653][  T977] usblp0: removed
[  127.807515][ T5913] usb 2-1: config 166 interface 34 altsetting 1 has 5 endpoint descriptors, different from the interface descriptor's value: 4
[  127.825240][ T5913] usb 2-1: config 166 interface 177 has no altsetting 0
[  127.834842][ T5913] usb 2-1: config 166 interface 34 has no altsetting 0
[  127.845831][ T5913] usb 2-1: New USB device found, idVendor=0bda, idProduct=0138, bcdDevice=30.12
[  127.866272][ T5913] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  127.884142][ T5913] usb 2-1: Product: syz
[  127.884413][   T49] bridge0: port 2(bridge_slave_1) entered blocking state
[  127.891511][ T5913] usb 2-1: Manufacturer: syz
[  127.895620][   T49] bridge0: port 2(bridge_slave_1) entered forwarding state
[  127.900377][ T5913] usb 2-1: SerialNumber: syz
[  128.139686][ T5913] ums-realtek 2-1:166.177: USB Mass Storage device detected
[  128.175778][  T977] usb 1-1: new high-speed USB device number 5 using dummy_hcd
[  128.334803][   T10] usb 5-1: new high-speed USB device number 2 using dummy_hcd
[  128.366089][  T977] usb 1-1: Using ep0 maxpacket: 32
[  128.380835][  T977] usb 1-1: config index 0 descriptor too short (expected 29220, got 36)
[  128.410135][  T977] usb 1-1: config 0 has too many interfaces: 81, using maximum allowed: 32
[  128.452932][ T5913] ums-realtek 2-1:166.34: USB Mass Storage device detected
[  128.455245][  T977] usb 1-1: config 0 has 1 interface, different from the descriptor's value: 81
[  128.522660][  T977] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x1 has invalid wMaxPacketSize 0
[  128.554450][  T977] usb 1-1: config 0 interface 0 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 0
[  128.574979][   T10] usb 5-1: Using ep0 maxpacket: 16
[  128.600858][   T10] usb 5-1: config 8 has an invalid interface number: 39 but max is 0
[  128.611490][   T10] usb 5-1: config 8 has no interface number 0
[  128.632911][ T5913] ums-realtek 2-1:166.34: probe with driver ums-realtek failed with error -5
[  128.643436][   T10] usb 5-1: config 8 interface 39 altsetting 1 bulk endpoint 0x1 has invalid maxpacket 521
[  128.664140][  T977] usb 1-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 18
[  128.678019][ T5913] usb 2-1: Found UVC 0.00 device syz (0bda:0138)
[  128.720214][ T5913] usb 2-1: No valid video chain found.
[  128.725064][   T10] usb 5-1: config 8 interface 39 has no altsetting 0
[  128.792002][  T977] usb 1-1: New USB device found, idVendor=03f0, idProduct=6c17, bcdDevice= 0.40
[  128.815710][ T5913] usb 2-1: USB disconnect, device number 3
[  128.831829][   T10] usb 5-1: New USB device found, idVendor=05ac, idProduct=c704, bcdDevice=62.77
[  128.871588][   T10] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  128.900629][  T977] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  128.947515][   T10] usb 5-1: Product: syz
[  128.986023][  T977] usb 1-1: config 0 descriptor??
[  129.003364][   T10] usb 5-1: Manufacturer: syz
[  129.020912][   T10] usb 5-1: SerialNumber: syz
[  129.062585][ T6375] loop1: detected capacity change from 0 to 256
[  129.198376][  T977] usblp 1-1:0.0: usblp0: USB Bidirectional printer dev 5 if 0 alt 0 proto 3 vid 0x03F0 pid 0x6C17
[  129.239142][ T6375] exFAT-fs (loop1): failed to load upcase table (idx : 0x00010000, chksum : 0xf6dff195, utbl_chksum : 0xe619d30d)
[  129.415411][  T977] usb 1-1: USB disconnect, device number 5
[  129.455711][  T977] usblp0: removed
[  129.646783][ T6111] 8021q: adding VLAN 0 to HW filter on device batadv0
[  129.849814][   T10] usb 5-1: can't set config #8, error -71
[  129.875403][   T10] usb 5-1: USB disconnect, device number 2
[  130.747440][ T3571] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  130.869116][ T6410] netlink: 104 bytes leftover after parsing attributes in process `syz.0.115'.
[  131.425988][ T3571] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  133.088515][ T3571] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  133.367007][ T3571] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  133.571074][ T6111] veth0_vlan: entered promiscuous mode
[  133.620502][ T6111] veth1_vlan: entered promiscuous mode
[  133.953573][ T6111] veth0_macvtap: entered promiscuous mode
[  133.998824][ T3571] bridge_slave_1: left allmulticast mode
[  134.006662][ T3571] bridge_slave_1: left promiscuous mode
[  134.034906][ T3571] bridge0: port 2(bridge_slave_1) entered disabled state
[  134.045952][ T5167] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1
[  134.057582][ T5167] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9
[  134.066870][ T5167] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9
[  134.090951][ T5167] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4
[  134.107226][ T5167] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2
[  134.108386][ T3571] bridge_slave_0: left allmulticast mode
[  134.188671][ T3571] bridge_slave_0: left promiscuous mode
[  134.195396][ T3571] bridge0: port 1(bridge_slave_0) entered disabled state
[  135.115061][   T43] usb 5-1: new high-speed USB device number 3 using dummy_hcd
[  135.215130][ T5927] usb 1-1: new full-speed USB device number 6 using dummy_hcd
[  135.279396][   T43] usb 5-1: Using ep0 maxpacket: 32
[  135.311435][   T43] usb 5-1: config index 0 descriptor too short (expected 26090, got 796)
[  135.328965][   T43] usb 5-1: config 231 has too many interfaces: 103, using maximum allowed: 32
[  135.362214][   T43] usb 5-1: config 231 has an invalid descriptor of length 0, skipping remainder of the config
[  135.373352][ T3571] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  135.382596][   T43] usb 5-1: config 231 has 0 interfaces, different from the descriptor's value: 103
[  135.399340][ T3571] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  135.408977][ T5927] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  135.419577][ T5927] usb 1-1: config 0 has 1 interface, different from the descriptor's value: 2
[  135.429290][ T5927] usb 1-1: New USB device found, idVendor=05d8, idProduct=810a, bcdDevice=92.b8
[  135.441703][ T3571] bond0 (unregistering): Released all slaves
[  135.454235][   T43] usb 5-1: New USB device found, idVendor=d024, idProduct=5e5a, bcdDevice=16.a9
[  135.469631][   T43] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  135.479105][ T5927] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  135.487600][   T43] usb 5-1: Product: syz
[  135.493618][   T43] usb 5-1: Manufacturer: syz
[  135.501675][   T43] usb 5-1: SerialNumber: syz
[  135.508028][ T5927] usb 1-1: config 0 descriptor??
[  135.509591][ T6111] veth1_macvtap: entered promiscuous mode
[  135.527644][ T5927] dvb-usb: found a 'Artec T1 USB2.0' in warm state.
[  135.569343][ T5927] dvb-usb: bulk message failed: -22 (3/0)
[  135.606211][ T3571] tipc: Left network mode
[  135.618888][ T5927] dvb-usb: will use the device's hardware PID filter (table count: 16).
[  135.631085][ T6111] batman_adv: batadv0: Interface activated: batadv_slave_0
[  135.642373][ T5927] dvbdev: DVB: registering new adapter (Artec T1 USB2.0)
[  135.660557][ T5927] usb 1-1: media controller created
[  135.698617][ T5927] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered.
[  135.720157][ T6111] batman_adv: batadv0: Interface activated: batadv_slave_1
[  135.772557][   T78] netdevsim netdevsim5 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  135.788615][ T6446] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  135.843102][ T6446] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  135.875366][ T5927] dvb-usb: bulk message failed: -22 (6/0)
[  135.893530][ T5927] dvb-usb: no frontend was attached by 'Artec T1 USB2.0'
[  135.933570][ T5927] input: IR-receiver inside an USB DVB receiver as /devices/platform/dummy_hcd.0/usb1/1-1/input/input5
[  135.971372][ T5927] dvb-usb: schedule remote query interval to 150 msecs.
[  135.983529][ T5927] dvb-usb: Artec T1 USB2.0 successfully initialized and connected.
[  136.048913][   T78] netdevsim netdevsim5 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  136.137329][ T5927] dvb-usb: bulk message failed: -22 (1/0)
[  136.186020][ T5927] dvb-usb: error while querying for an remote control event.
[  136.207161][ T5167] Bluetooth: hci4: command tx timeout
[  136.242062][   T78] netdevsim netdevsim5 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  136.262820][   T78] netdevsim netdevsim5 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  136.425220][ T5927] dvb-usb: bulk message failed: -22 (1/0)
[  136.470626][ T5927] dvb-usb: error while querying for an remote control event.
[  136.694762][ T5913] dvb-usb: bulk message failed: -22 (1/0)
[  136.719058][ T5913] dvb-usb: error while querying for an remote control event.
[  136.746702][ T3571] hsr_slave_0: left promiscuous mode
[  136.767299][ T3571] hsr_slave_1: left promiscuous mode
[  136.788033][ T3571] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  136.830224][ T3571] batman_adv: batadv0: Removing interface: batadv_slave_0
[  136.868859][ T3571] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  136.886290][ T3571] batman_adv: batadv0: Removing interface: batadv_slave_1
[  136.914777][ T5913] dvb-usb: bulk message failed: -22 (1/0)
[  137.028032][ T5913] dvb-usb: error while querying for an remote control event.
[  137.181167][ T3571] veth1_macvtap: left promiscuous mode
[  137.189372][ T3571] veth0_macvtap: left promiscuous mode
[  137.199809][ T3571] veth1_vlan: left promiscuous mode
[  137.210387][ T3571] veth0_vlan: left promiscuous mode
[  137.220333][ T5913] dvb-usb: bulk message failed: -22 (1/0)
[  137.278172][ T5913] dvb-usb: error while querying for an remote control event.
[  137.484799][ T5913] dvb-usb: bulk message failed: -22 (1/0)
[  137.490629][ T5913] dvb-usb: error while querying for an remote control event.
[  137.704975][ T5913] dvb-usb: bulk message failed: -22 (1/0)
[  137.721190][ T5913] dvb-usb: error while querying for an remote control event.
[  137.925638][ T5913] dvb-usb: bulk message failed: -22 (1/0)
[  137.972479][ T1300] ieee802154 phy0 wpan0: encryption failed: -22
[  137.985012][ T5913] dvb-usb: error while querying for an remote control event.
[  137.992643][ T1300] ieee802154 phy1 wpan1: encryption failed: -22
[  138.103752][  T977] usb 1-1: USB disconnect, device number 6
[  138.208278][  T977] dvb-usb: Artec T1 USB2.0 successfully deinitialized and disconnected.
[  138.259683][   T43] usb 5-1: USB disconnect, device number 3
[  138.285490][ T5167] Bluetooth: hci4: command tx timeout
[  138.492862][ T6479] kvm: kvm [6478]: vcpu0, guest rIP: 0x18e Unhandled WRMSR(0xc1) = 0x800
[  138.507151][ T6479] kvm: kvm [6478]: vcpu0, guest rIP: 0x18e Unhandled WRMSR(0x11e) = 0x0
[  138.521014][ T6479] kvm: kvm [6478]: vcpu0, guest rIP: 0x18e Unhandled WRMSR(0x187) = 0x800
[  138.880416][ T3571] team0 (unregistering): Port device team_slave_1 removed
[  138.933074][ T3571] team0 (unregistering): Port device team_slave_0 removed
[  139.861988][   T78] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  139.893727][   T78] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  140.056409][   T13] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  140.064850][   T13] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  140.256476][ T6511] input: syz0 as /devices/virtual/input/input6
[  140.348765][ T6428] chnl_net:caif_netlink_parms(): no params data found
[  140.373466][ T5167] Bluetooth: hci4: command tx timeout
[  140.640647][ T6514] loop3: detected capacity change from 0 to 32768
[  140.863287][ T6514] bcachefs (loop3): starting version 1.7: mi_btree_bitmap opts=errors=continue,metadata_checksum=none,data_checksum=none,compression=lz4,nocow
[  140.863315][ T6514]   allowing incompatible features above 0.0: (unknown version)
[  140.863329][ T6514]   features: lz4,new_siphash,inline_data,new_extent_overwrite,btree_ptr_v2,new_varint,journal_no_flush,alloc_v2,extents_across_btree_nodes
[  140.900890][ T6514] bcachefs (loop3): Using encoding defined by superblock: utf8-12.1.0
[  140.909463][ T6514] bcachefs (loop3): initializing new filesystem
[  140.926524][ T6514] bcachefs (loop3): going read-write
[  140.994335][ T6514] bcachefs (loop3): marking superblocks
[  141.011126][ T6514] bcachefs (loop3): initializing freespace
[  141.020185][ T6514] bcachefs (loop3): done initializing freespace
[  141.028477][ T6514] bcachefs (loop3): reading snapshots table
[  141.034427][ T6514] bcachefs (loop3): reading snapshots done
[  141.114888][ T6514] bcachefs (loop3):  loop3: Superblock write was silently dropped! (seq 0 expected 42)
[  141.137150][ T6514] bcachefs (loop3): done starting filesystem
[  141.446171][ T5853] bcachefs (loop3): shutting down
[  141.485901][ T5853] bcachefs (loop3): going read-only
[  141.491172][ T5853] bcachefs (loop3): finished waiting for writes to stop
[  141.534564][ T5853] bcachefs (loop3): flushing journal and stopping allocators, journal seq 3
[  141.624692][ T6428] bridge0: port 1(bridge_slave_0) entered blocking state
[  141.718627][ T6428] bridge0: port 1(bridge_slave_0) entered disabled state
[  141.774977][ T5853] bcachefs (loop3): flushing journal and stopping allocators complete, journal seq 4
[  141.775015][ T6428] bridge_slave_0: entered allmulticast mode
[  141.796716][ T6428] bridge_slave_0: entered promiscuous mode
[  141.802995][ T6539] UDPLite6: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list
[  141.818626][ T6428] bridge0: port 2(bridge_slave_1) entered blocking state
[  141.830748][ T6428] bridge0: port 2(bridge_slave_1) entered disabled state
[  141.846379][ T5853] bcachefs (loop3): clean shutdown complete, journal seq 5
[  141.864289][ T6428] bridge_slave_1: entered allmulticast mode
[  141.873450][ T6428] bridge_slave_1: entered promiscuous mode
[  141.905626][ T5853] bcachefs (loop3): marking filesystem clean
[  142.121616][ T5853] bcachefs (loop3): shutdown complete
[  142.151243][ T6428] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  142.229166][ T6428] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  142.447188][ T5850] Bluetooth: hci4: command tx timeout
[  142.522129][ T6428] team0: Port device team_slave_0 added
[  142.547156][ T6428] team0: Port device team_slave_1 added
[  142.608517][ T6428] batman_adv: batadv0: Adding interface: batadv_slave_0
[  142.615685][ T6428] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  142.671039][ T6428] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  142.700484][ T6558] netlink: 32 bytes leftover after parsing attributes in process `syz.5.150'.
[  142.723192][ T6428] batman_adv: batadv0: Adding interface: batadv_slave_1
[  142.734673][ T6428] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  142.844779][ T6428] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  143.093960][ T6428] hsr_slave_0: entered promiscuous mode
[  143.125389][ T6428] hsr_slave_1: entered promiscuous mode
[  143.131903][ T6428] debugfs: 'hsr0' already exists in 'hsr'
[  143.142088][ T6428] Cannot create hsr debugfs directory
[  143.164836][  T977] usb 1-1: new high-speed USB device number 7 using dummy_hcd
[  143.365427][  T977] usb 1-1: Using ep0 maxpacket: 32
[  143.393942][  T977] usb 1-1: New USB device found, idVendor=0ccd, idProduct=0080, bcdDevice=67.fe
[  143.403556][  T977] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  143.432314][  T977] usb 1-1: Product: syz
[  143.443443][  T977] usb 1-1: Manufacturer: syz
[  143.454799][  T977] usb 1-1: SerialNumber: syz
[  143.488637][  T977] usb 1-1: config 0 descriptor??
[  143.706539][  T977] snd-usb-6fire 1-1:0.0: unknown device firmware state received from device:
[  143.730528][  T977] eb 9a 47 80 9b f8 7a f0 
[  143.741237][  T977] snd-usb-6fire 1-1:0.0: probe with driver snd-usb-6fire failed with error -5
[  143.906042][ T5961] usb 1-1: USB disconnect, device number 7
[  144.626411][ T6428] netdevsim netdevsim6 netdevsim0: renamed from eth0
[  144.711506][ T6428] netdevsim netdevsim6 netdevsim1: renamed from eth1
[  144.755186][ T6428] netdevsim netdevsim6 netdevsim2: renamed from eth2
[  144.797500][ T6428] netdevsim netdevsim6 netdevsim3: renamed from eth3
[  145.385933][ T6611] usb usb9: Requested nonsensical USBDEVFS_URB_SHORT_NOT_OK.
[  145.393444][ T6611] usb usb9: Requested nonsensical USBDEVFS_URB_ZERO_PACKET.
[  145.402860][ T6611] trusted_key: syz.0.159 sent an empty control message without MSG_MORE.
[  145.799811][ T6428] 8021q: adding VLAN 0 to HW filter on device bond0
[  145.980889][ T6428] 8021q: adding VLAN 0 to HW filter on device team0
[  146.246345][   T12] bridge0: port 1(bridge_slave_0) entered blocking state
[  146.253572][   T12] bridge0: port 1(bridge_slave_0) entered forwarding state
[  146.276636][ T6617] loop3: detected capacity change from 0 to 4096
[  146.415584][   T12] bridge0: port 2(bridge_slave_1) entered blocking state
[  146.422746][   T12] bridge0: port 2(bridge_slave_1) entered forwarding state
[  146.479087][ T6617] NILFS (loop3): invalid segment: Checksum error in segment payload
[  146.513788][ T6617] NILFS (loop3): trying rollback from an earlier position
[  146.641746][ T6617] NILFS (loop3): recovery complete
[  146.709882][ T6623] NILFS (loop3): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
[  146.817846][ T6622] netlink: 8 bytes leftover after parsing attributes in process `syz.4.163'.
[  147.018165][ T6622] vlan3: entered promiscuous mode
[  147.044742][ T6622] vlan2: entered promiscuous mode
[  147.082874][ T6622] gretap0: entered promiscuous mode
[  147.420890][ T6634] netlink: 4 bytes leftover after parsing attributes in process `syz.5.166'.
[  147.763135][ T6428] 8021q: adding VLAN 0 to HW filter on device batadv0
[  148.633025][ T6671] loop4: detected capacity change from 0 to 4096
[  148.742237][ T6671] NILFS (loop4): invalid segment: Checksum error in segment payload
[  148.817913][ T6671] NILFS (loop4): trying rollback from an earlier position
[  148.978741][ T6671] NILFS (loop4): recovery complete
[  149.019858][ T6678] NILFS (loop4): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
[  149.492257][ T6428] veth0_vlan: entered promiscuous mode
[  149.566779][ T6428] veth1_vlan: entered promiscuous mode
[  149.741105][ T6428] veth0_macvtap: entered promiscuous mode
[  149.923399][ T6428] veth1_macvtap: entered promiscuous mode
[  149.981867][ T6687] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check.
[  150.109055][ T6428] batman_adv: batadv0: Interface activated: batadv_slave_0
[  150.165461][ T6428] batman_adv: batadv0: Interface activated: batadv_slave_1
[  150.238519][   T12] netdevsim netdevsim6 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  150.286046][   T12] netdevsim netdevsim6 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  150.418261][   T12] netdevsim netdevsim6 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  150.462254][   T12] netdevsim netdevsim6 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  150.671396][ T3571] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  150.701896][ T3571] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  150.774822][   T24] usb 4-1: new high-speed USB device number 3 using dummy_hcd
[  150.868221][ T3571] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  150.898303][ T3571] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  150.940768][   T24] usb 4-1: config 0 has an invalid interface number: 91 but max is 0
[  150.959291][   T24] usb 4-1: config 0 has no interface number 0
[  150.969448][   T24] usb 4-1: config 0 interface 91 has no altsetting 0
[  150.990012][   T24] usb 4-1: New USB device found, idVendor=174f, idProduct=5212, bcdDevice=60.41
[  151.021429][ T6707] loop0: detected capacity change from 0 to 4096
[  151.032147][   T24] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  151.059409][   T24] usb 4-1: config 0 descriptor??
[  151.162005][ T6707] NILFS (loop0): invalid segment: Checksum error in segment payload
[  151.189340][ T6707] NILFS (loop0): trying rollback from an earlier position
[  151.310982][   T24] usb 4-1: string descriptor 0 read error: -71
[  151.335456][ T6707] NILFS (loop0): recovery complete
[  151.347214][   T24] usb 4-1: Found UVC 0.00 device <unnamed> (174f:5212)
[  151.354137][   T24] usb 4-1: No valid video chain found.
[  151.388613][ T6723] NILFS (loop0): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
[  151.425598][   T24] usb 4-1: USB disconnect, device number 3
[  151.654861][ T5927] usb 6-1: new high-speed USB device number 2 using dummy_hcd
[  151.837028][ T5927] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  151.868435][ T5927] usb 6-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[  151.934309][ T5927] usb 6-1: New USB device found, idVendor=07b5, idProduct=0312, bcdDevice= 0.00
[  151.953771][ T5927] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  151.993563][ T5927] usb 6-1: config 0 descriptor??
[  152.042252][   T30] audit: type=1326 audit(1751868099.840:3): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6733 comm="syz.6.192" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f2abeb8e929 code=0x0
[  153.968749][ T6767] loop4: detected capacity change from 0 to 32768
[  154.145029][ T6767] bcachefs (loop4): starting version 1.7: mi_btree_bitmap opts=errors=continue,metadata_checksum=none,data_checksum=none,compression=lz4,nocow
[  154.145056][ T6767]   allowing incompatible features above 0.0: (unknown version)
[  154.145070][ T6767]   features: lz4,new_siphash,inline_data,new_extent_overwrite,btree_ptr_v2,new_varint,journal_no_flush,alloc_v2,extents_across_btree_nodes
[  154.168454][ T6777] random: crng reseeded on system resumption
[  154.181806][ T6767] bcachefs (loop4): Using encoding defined by superblock: utf8-12.1.0
[  154.181855][ T6767] bcachefs (loop4): initializing new filesystem
[  154.192252][ T6767] bcachefs (loop4): going read-write
[  154.277127][ T6767] bcachefs (loop4): marking superblocks
[  154.288822][ T6767] bcachefs (loop4): initializing freespace
[  154.297595][ T6767] bcachefs (loop4): done initializing freespace
[  154.306462][ T6767] bcachefs (loop4): reading snapshots table
[  154.312436][ T6767] bcachefs (loop4): reading snapshots done
[  154.460949][ T6767] bcachefs (loop4):  loop4: Superblock write was silently dropped! (seq 0 expected 42)
[  154.490979][ T6767] bcachefs (loop4): done starting filesystem
[  154.810821][ T5845] bcachefs (loop4): shutting down
[  154.852630][ T5845] bcachefs (loop4): going read-only
[  154.870417][ T6762] loop6: detected capacity change from 0 to 32768
[  154.888521][ T5845] bcachefs (loop4): finished waiting for writes to stop
[  154.911212][ T5845] bcachefs (loop4): flushing journal and stopping allocators, journal seq 2
[  155.133576][ T5845] bcachefs (loop4): flushing journal and stopping allocators complete, journal seq 3
[  155.166907][ T5845] bcachefs (loop4): clean shutdown complete, journal seq 4
[  155.193682][ T6762] bcachefs (loop6): starting version 1.7: mi_btree_bitmap opts=errors=continue,metadata_checksum=xxhash,data_checksum=xxhash,compression=lz4,str_hash=crc64,norecovery,reconstruct_alloc
[  155.193711][ T6762]   allowing incompatible features above 0.0: (unknown version)
[  155.193725][ T6762]   features: lz4,new_siphash,inline_data,new_extent_overwrite,btree_ptr_v2,new_varint,journal_no_flush,alloc_v2,extents_across_btree_nodes
[  155.218323][ T5845] bcachefs (loop4): marking filesystem clean
[  155.369417][ T5845] bcachefs (loop4): shutdown complete
[  155.470152][ T6762] bcachefs (loop6): Using encoding defined by superblock: utf8-12.1.0
[  155.495594][ T6762] bcachefs (loop6): recovering from clean shutdown, journal seq 10
[  155.526769][ T6762] bcachefs (loop6): Version upgrade from 1.19: autofix_errors to 1.7: mi_btree_bitmap incomplete
[  155.526769][ T6762] Doing compatible version upgrade from 1.19: autofix_errors to 1.28: inode_has_case_insensitive
[  155.526769][ T6762]   running recovery passes: check_extents_to_backpointers,check_inodes
[  155.620238][ T6762] bcachefs (loop6): dropping and reconstructing all alloc info
[  155.718982][ T6762] bcachefs (loop6): invalid bkey in btree_node btree=inodes level=0: u64s 18 type inode_v3 0:4098:U32_MAX len 0 ver 0: 
[  155.719034][ T6762]     mode=0
[  155.719047][ T6762]     flags=(15300000)
[  155.719058][ T6762]     journal_seq=4
[  155.719069][ T6762]     hash_seed=ece93825deac2443
[  155.719080][ T6762]     hash_type=siphash
[  155.719090][ T6762]     bi_size=0
[  155.719100][ T6762]     bi_sectors=0
[  155.719110][ T6762]     bi_version=0
[  155.719120][ T6762]     bi_atime=2770562249
[  155.719131][ T6762]     bi_ctime=2780562352
[  155.719141][ T6762]     bi_mtime=2780562352
[  155.719151][ T6762]     bi_otime=2770562249
[  155.719162][ T6762]     bi_uid=0
[  155.719172][ T6762]     bi_gid=0
[  155.719182][ T6762]     bi_nlink=0
[  155.719204][ T6762]     bi_generation=0
[  155.719215][ T6762]     bi_dev=0
[  155.719225][ T6762]     bi_data_checksum=0
[  155.719235][ T6762]     bi_compression=0
[  155.719245][ T6762]     bi_project=0
[  155.719255][ T6762]     bi_background_compression=0
[  155.719266][ T6762]     bi_data_replicas=0
[  155.719277][ T6762]     bi_promote_target=0
[  155.719287][ T6762]     bi_foreground_target=0
[  155.719298][ T6762]     bi_background_target=0
[  155.719308][ T6762]     bi_erasure_code=0
[  155.719319][ T6762]     bi_fields_set=0
[  155.719329][ T6762]     bi_dir=4096
[  155.719339][ T6762]     bi_dir_offset=189491840996961599
[  155.719350][ T6762]     bi_subvol=0
[  155.719360][ T6762]     bi_parent_subvol=0
[  155.719371][ T6762]     bi_nocow=0
[  155.719388][ T6762]     bi_depth=0
[  155.719398][ T6762]     bi_inodes_32bit=0
[  155.719409][ T6762]     bi_casefold=0
[  155.719419][ T6762]   invalid fields_start (got 18, min 6 max 13), deleting
[  155.975069][ T5927] usbhid 6-1:0.0: can't add hid device: -71
[  155.975183][ T5927] usbhid 6-1:0.0: probe with driver usbhid failed with error -71
[  156.010190][ T5927] usb 6-1: USB disconnect, device number 2
[  156.438104][ T6807] cgroup: fork rejected by pids controller in /syz0
[  156.702988][ T6762] bcachefs (loop6): accounting_read... done
[  156.720670][ T6762] bcachefs (loop6): alloc_read... done
[  157.742632][ T5927] usb 5-1: new full-speed USB device number 4 using dummy_hcd
[  157.747724][ T7239] netlink: 4 bytes leftover after parsing attributes in process `syz.5.204'.
[  157.754692][ T6762] bcachefs (loop6): snapshots_read... done
[  157.779108][ T7239] netlink: 64 bytes leftover after parsing attributes in process `syz.5.204'.
[  157.848524][ T6762] bcachefs (loop6): Fixed errors, running fsck a second time to verify fs is clean
[  157.898974][ T6762] bcachefs (loop6): done starting filesystem
[  158.116760][ T5927] usb 5-1: config 0 has an invalid interface number: 93 but max is 0
[  158.132516][ T5927] usb 5-1: config 0 has no interface number 0
[  158.182048][ T5927] usb 5-1: New USB device found, idVendor=19ab, idProduct=1000, bcdDevice= 0.35
[  158.233674][ T5927] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  158.285727][ T5927] usb 5-1: config 0 descriptor??
[  158.291913][ T6428] bcachefs (loop6): shutting down
[  158.477919][ T6428] bcachefs (loop6): shutdown complete
[  158.569071][ T5927] usb 5-1: string descriptor 0 read error: -71
[  158.621727][ T5927] usb 5-1: Found UVC 0.00 device <unnamed> (19ab:1000)
[  158.699313][ T5927] usb 5-1: No valid video chain found.
[  158.774818][ T5927] usb 5-1: USB disconnect, device number 4
[  160.103937][ T7279] tipc: Started in network mode
[  160.116931][ T7279] tipc: Node identity fe150604a93a, cluster identity 4711
[  160.176552][ T7279] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  160.250878][ T7282] syzkaller0: entered promiscuous mode
[  160.257606][ T7282] syzkaller0: entered allmulticast mode
[  160.267501][ T7279] tipc: Resetting bearer <eth:syzkaller0>
[  160.308810][ T7278] tipc: Resetting bearer <eth:syzkaller0>
[  160.398384][ T7278] tipc: Disabling bearer <eth:syzkaller0>
[  161.039124][ T7302] loop4: detected capacity change from 0 to 256
[  161.201911][ T7302] exFAT-fs (loop4): failed to load upcase table (idx : 0x00010000, chksum : 0xf6dff195, utbl_chksum : 0xe619d30d)
[  162.571948][ T7321] bridge1: entered promiscuous mode
[  162.577684][ T7321] bridge1: entered allmulticast mode
[  162.590286][ T7321] team0: Port device bridge1 added
[  163.366312][   T78] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  163.718341][   T78] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  164.418113][   T78] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  165.136533][   T78] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  165.352673][ T7349] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  165.561757][ T7349] syzkaller0: entered promiscuous mode
[  165.584735][ T7349] syzkaller0: entered allmulticast mode
[  165.734444][ T7349] tipc: Resetting bearer <eth:syzkaller0>
[  165.778451][ T5850] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1
[  165.795085][ T5850] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9
[  165.816229][ T5850] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9
[  165.819159][ T7348] tipc: Resetting bearer <eth:syzkaller0>
[  165.831437][ T5850] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4
[  165.840184][ T5850] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2
[  166.113947][ T7348] tipc: Disabling bearer <eth:syzkaller0>
[  166.250442][   T78] bridge_slave_1: left allmulticast mode
[  166.250468][   T78] bridge_slave_1: left promiscuous mode
[  166.250670][   T78] bridge0: port 2(bridge_slave_1) entered disabled state
[  166.267506][   T78] bridge_slave_0: left allmulticast mode
[  166.267533][   T78] bridge_slave_0: left promiscuous mode
[  166.267745][   T78] bridge0: port 1(bridge_slave_0) entered disabled state
[  167.407323][ T7361] loop6: detected capacity change from 0 to 32768
[  167.772182][   T78] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  167.782138][ T7361] bcachefs (loop6): starting version 1.7: mi_btree_bitmap opts=errors=continue,metadata_checksum=xxhash,data_checksum=xxhash,compression=lz4,str_hash=crc64,norecovery,reconstruct_alloc
[  167.782166][ T7361]   allowing incompatible features above 0.0: (unknown version)
[  167.782180][ T7361]   features: lz4,new_siphash,inline_data,new_extent_overwrite,btree_ptr_v2,new_varint,journal_no_flush,alloc_v2,extents_across_btree_nodes
[  167.829881][   T78] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  167.858243][   T78] bond0 (unregistering): Released all slaves
[  167.940661][ T7361] bcachefs (loop6): Using encoding defined by superblock: utf8-12.1.0
[  167.946711][ T7390] fuse: Bad value for 'fd'
[  167.960936][ T7361] bcachefs (loop6): recovering from clean shutdown, journal seq 10
[  167.971306][ T5850] Bluetooth: hci1: command tx timeout
[  168.029311][ T7361] bcachefs (loop6): Version upgrade from 1.19: autofix_errors to 1.7: mi_btree_bitmap incomplete
[  168.029311][ T7361] Doing compatible version upgrade from 1.19: autofix_errors to 1.28: inode_has_case_insensitive
[  168.029311][ T7361]   running recovery passes: check_extents_to_backpointers,check_inodes
[  168.101554][ T7361] bcachefs (loop6): dropping and reconstructing all alloc info
[  168.249775][ T7361] bcachefs (loop6): invalid bkey in btree_node btree=inodes level=0: u64s 18 type inode_v3 0:4098:U32_MAX len 0 ver 0: 
[  168.249795][ T7361]     mode=0
[  168.249802][ T7361]     flags=(15300000)
[  168.249809][ T7361]     journal_seq=4
[  168.249816][ T7361]     hash_seed=ece93825deac2443
[  168.249823][ T7361]     hash_type=siphash
[  168.249830][ T7361]     bi_size=0
[  168.249837][ T7361]     bi_sectors=0
[  168.249844][ T7361]     bi_version=0
[  168.249851][ T7361]     bi_atime=2770562249
[  168.249858][ T7361]     bi_ctime=2780562352
[  168.249865][ T7361]     bi_mtime=2780562352
[  168.249872][ T7361]     bi_otime=2770562249
[  168.249879][ T7361]     bi_uid=0
[  168.249886][ T7361]     bi_gid=0
[  168.249892][ T7361]     bi_nlink=0
[  168.249899][ T7361]     bi_generation=0
[  168.249906][ T7361]     bi_dev=0
[  168.249912][ T7361]     bi_data_checksum=0
[  168.249919][ T7361]     bi_compression=0
[  168.249926][ T7361]     bi_project=0
[  168.249933][ T7361]     bi_background_compression=0
[  168.249940][ T7361]     bi_data_replicas=0
[  168.249947][ T7361]     bi_promote_target=0
[  168.249954][ T7361]     bi_foreground_target=0
[  168.249962][ T7361]     bi_background_target=0
[  168.249969][ T7361]     bi_erasure_code=0
[  168.249976][ T7361]     bi_fields_set=0
[  168.249983][ T7361]     bi_dir=4096
[  168.249990][ T7361]     bi_dir_offset=189491840996961599
[  168.249998][ T7361]     bi_subvol=0
[  168.250004][ T7361]     bi_parent_subvol=0
[  168.250012][ T7361]     bi_nocow=0
[  168.250018][ T7361]     bi_depth=0
[  168.250025][ T7361]     bi_inodes_32bit=0
[  168.250032][ T7361]     bi_casefold=0
[  168.250039][ T7361]   invalid fields_start (got 18, min 6 max 13), deleting
[  168.478228][ T7406] random: crng reseeded on system resumption
[  169.288215][ T7361] bcachefs (loop6): accounting_read... done
[  169.329291][ T7361] bcachefs (loop6): alloc_read... done
[  169.376598][ T7361] bcachefs (loop6): snapshots_read... done
[  169.414063][ T7361] bcachefs (loop6): Fixed errors, running fsck a second time to verify fs is clean
[  169.461612][ T7361] bcachefs (loop6): done starting filesystem
[  169.478392][ T7356] chnl_net:caif_netlink_parms(): no params data found
[  169.650723][ T6428] bcachefs (loop6): shutting down
[  169.787369][ T6428] bcachefs (loop6): shutdown complete
[  169.905504][   T78] hsr_slave_0: left promiscuous mode
[  169.939025][   T78] hsr_slave_1: left promiscuous mode
[  169.946672][   T78] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  169.974724][   T78] batman_adv: batadv0: Removing interface: batadv_slave_0
[  169.982894][   T78] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  170.005890][   T78] batman_adv: batadv0: Removing interface: batadv_slave_1
[  170.048483][ T5850] Bluetooth: hci1: command tx timeout
[  170.062324][   T78] veth1_macvtap: left promiscuous mode
[  170.094899][   T24] usb 4-1: new high-speed USB device number 4 using dummy_hcd
[  170.126323][   T78] veth0_macvtap: left promiscuous mode
[  170.137070][   T78] veth1_vlan: left promiscuous mode
[  170.295001][   T24] usb 4-1: device descriptor read/64, error -71
[  170.548487][   T24] usb 4-1: new high-speed USB device number 5 using dummy_hcd
[  170.694932][   T24] usb 4-1: device descriptor read/64, error -71
[  170.812059][   T24] usb usb4-port1: attempt power cycle
[  170.920664][ T7435] fuse: Bad value for 'fd'
[  171.194786][   T24] usb 4-1: new high-speed USB device number 6 using dummy_hcd
[  171.232118][   T24] usb 4-1: device descriptor read/8, error -71
[  171.504724][   T24] usb 4-1: new high-speed USB device number 7 using dummy_hcd
[  171.538990][   T24] usb 4-1: device descriptor read/8, error -71
[  171.657469][   T24] usb usb4-port1: unable to enumerate USB device
[  171.728011][ T7443] random: crng reseeded on system resumption
[  172.125002][ T5850] Bluetooth: hci1: command tx timeout
[  172.249040][   T78] team0 (unregistering): Port device team_slave_1 removed
[  172.445511][   T78] team0 (unregistering): Port device team_slave_0 removed
[  173.293438][ T7451] loop5: detected capacity change from 0 to 32768
[  173.982101][ T7451] bcachefs (loop5): starting version 1.7: mi_btree_bitmap opts=errors=continue,metadata_checksum=xxhash,data_checksum=xxhash,compression=lz4,str_hash=crc64,norecovery,reconstruct_alloc
[  173.982131][ T7451]   allowing incompatible features above 0.0: (unknown version)
[  173.982145][ T7451]   features: lz4,new_siphash,inline_data,new_extent_overwrite,btree_ptr_v2,new_varint,journal_no_flush,alloc_v2,extents_across_btree_nodes
[  174.264881][ T5850] Bluetooth: hci1: command tx timeout
[  174.439012][ T7451] bcachefs (loop5): Using encoding defined by superblock: utf8-12.1.0
[  174.495283][ T7451] bcachefs (loop5): recovering from clean shutdown, journal seq 10
[  174.543678][ T7451] bcachefs (loop5): Version upgrade from 1.19: autofix_errors to 1.7: mi_btree_bitmap incomplete
[  174.543678][ T7451] Doing compatible version upgrade from 1.19: autofix_errors to 1.28: inode_has_case_insensitive
[  174.543678][ T7451]   running recovery passes: check_extents_to_backpointers,check_inodes
[  174.591114][ T7451] bcachefs (loop5): dropping and reconstructing all alloc info
[  174.680474][ T7451] bcachefs (loop5): invalid bkey in btree_node btree=inodes level=0: u64s 18 type inode_v3 0:4098:U32_MAX len 0 ver 0: 
[  174.680493][ T7451]     mode=0
[  174.680499][ T7451]     flags=(15300000)
[  174.680506][ T7451]     journal_seq=4
[  174.680513][ T7451]     hash_seed=ece93825deac2443
[  174.680520][ T7451]     hash_type=siphash
[  174.680528][ T7451]     bi_size=0
[  174.680534][ T7451]     bi_sectors=0
[  174.680541][ T7451]     bi_version=0
[  174.680547][ T7451]     bi_atime=2770562249
[  174.680554][ T7451]     bi_ctime=2780562352
[  174.680562][ T7451]     bi_mtime=2780562352
[  174.680569][ T7451]     bi_otime=2770562249
[  174.680576][ T7451]     bi_uid=0
[  174.680582][ T7451]     bi_gid=0
[  174.680589][ T7451]     bi_nlink=0
[  174.680596][ T7451]     bi_generation=0
[  174.680602][ T7451]     bi_dev=0
[  174.680609][ T7451]     bi_data_checksum=0
[  174.680616][ T7451]     bi_compression=0
[  174.680623][ T7451]     bi_project=0
[  174.680629][ T7451]     bi_background_compression=0
[  174.680637][ T7451]     bi_data_replicas=0
[  174.680644][ T7451]     bi_promote_target=0
[  174.680651][ T7451]     bi_foreground_target=0
[  174.680658][ T7451]     bi_background_target=0
[  174.680665][ T7451]     bi_erasure_code=0
[  174.680672][ T7451]     bi_fields_set=0
[  174.680679][ T7451]     bi_dir=4096
[  174.680685][ T7451]     bi_dir_offset=189491840996961599
[  174.680693][ T7451]     bi_subvol=0
[  174.680700][ T7451]     bi_parent_subvol=0
[  174.680707][ T7451]     bi_nocow=0
[  174.680713][ T7451]     bi_depth=0
[  174.680720][ T7451]     bi_inodes_32bit=0
[  174.680727][ T7451]     bi_casefold=0
[  174.680734][ T7451]   invalid fields_start (got 18, min 6 max 13), deleting
[  174.983740][ T7473] syzkaller0: entered promiscuous mode
[  174.983762][ T7473] syzkaller0: entered allmulticast mode
[  175.234474][ T7451] bcachefs (loop5): accounting_read... done
[  175.254679][ T7451] bcachefs (loop5): alloc_read... done
[  175.283563][ T7451] bcachefs (loop5): snapshots_read... done
[  175.296616][ T7451] bcachefs (loop5): Fixed errors, running fsck a second time to verify fs is clean
[  175.311203][ T7451] bcachefs (loop5): done starting filesystem
[  175.443542][ T6111] bcachefs (loop5): shutting down
[  175.550939][ T6111] bcachefs (loop5): shutdown complete
[  176.864277][  T977] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0
[  176.918535][  T977] hid-generic 0000:0000:0000.0001: hidraw0: <UNKNOWN> HID v0.00 Device [syz1] on syz0
[  176.963429][ T7499] loop6: detected capacity change from 0 to 256
[  177.079249][   T30] audit: type=1800 audit(1751868124.880:4): pid=7499 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.6.273" name="file1" dev="loop6" ino=1048652 res=0 errno=0
[  177.459497][ T7504] netlink: 4 bytes leftover after parsing attributes in process `syz.6.274'.
[  177.969178][  T977] usb 6-1: new high-speed USB device number 3 using dummy_hcd
[  178.144868][  T977] usb 6-1: Using ep0 maxpacket: 32
[  178.152062][  T977] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  178.163855][  T977] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  178.175464][  T977] usb 6-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 5
[  178.206465][  T977] usb 6-1: New USB device found, idVendor=0458, idProduct=5011, bcdDevice= 0.00
[  178.215883][  T977] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  178.244962][  T977] usb 6-1: config 0 descriptor??
[  178.488908][ T7356] bridge0: port 1(bridge_slave_0) entered blocking state
[  178.520095][ T7356] bridge0: port 1(bridge_slave_0) entered disabled state
[  178.550569][ T7356] bridge_slave_0: entered allmulticast mode
[  178.570291][ T7356] bridge_slave_0: entered promiscuous mode
[  178.583691][ T7356] bridge0: port 2(bridge_slave_1) entered blocking state
[  178.602102][ T7356] bridge0: port 2(bridge_slave_1) entered disabled state
[  178.622077][ T7356] bridge_slave_1: entered allmulticast mode
[  178.648093][ T7356] bridge_slave_1: entered promiscuous mode
[  178.724684][  T977] hid (null): global environment stack underflow
[  178.871312][  T977] input: HID 0458:5011 as /devices/platform/dummy_hcd.5/usb6/6-1/6-1:0.0/0003:0458:5011.0002/input/input7
[  179.067996][  T977] input: HID 0458:5011 as /devices/platform/dummy_hcd.5/usb6/6-1/6-1:0.0/0003:0458:5011.0002/input/input8
[  179.185524][ T7356] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  179.212076][ T7356] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  179.261749][  T977] kye 0003:0458:5011.0002: input,hiddev0,hidraw0: USB HID v0.00 Mouse [HID 0458:5011] on usb-dummy_hcd.5-1/input0
[  179.337918][ T7528] loop3: detected capacity change from 0 to 256
[  179.385724][ T7528] exFAT-fs (loop3): failed to load upcase table (idx : 0x00010000, chksum : 0xf6dff195, utbl_chksum : 0xe619d30d)
[  179.802795][ T7356] team0: Port device team_slave_0 added
[  179.846558][ T7356] team0: Port device team_slave_1 added
[  179.949428][    C0] kye 0003:0458:5011.0002: usb_submit_urb(ctrl) failed: -1
[  180.089459][ T7356] batman_adv: batadv0: Adding interface: batadv_slave_0
[  180.099657][ T7356] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  180.160454][ T7356] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  180.192082][ T7533] tipc: Started in network mode
[  180.221710][ T7533] tipc: Node identity 62d553e5e7f1, cluster identity 4711
[  180.244575][ T7533] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  180.276528][ T7535] syzkaller0: entered promiscuous mode
[  180.334786][ T7535] syzkaller0: entered allmulticast mode
[  180.421991][ T7356] batman_adv: batadv0: Adding interface: batadv_slave_1
[  180.444811][ T7356] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  180.550949][ T7356] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  180.703493][ T3535] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  180.731850][ T3535] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 1] type 2 family 0 port 256 - 0
[  180.772237][    T9] usb 6-1: USB disconnect, device number 3
[  180.835855][ T7535] tipc: Resetting bearer <eth:syzkaller0>
[  180.897126][ T7532] tipc: Resetting bearer <eth:syzkaller0>
[  180.982573][ T7532] tipc: Disabling bearer <eth:syzkaller0>
[  181.145998][ T3535] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  181.166105][ T3535] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 1] type 2 family 0 port 256 - 0
[  181.399404][ T7566] netlink: 8 bytes leftover after parsing attributes in process `syz.0.293'.
[  181.514525][ T3535] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  181.529683][ T3535] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 1] type 2 family 0 port 256 - 0
[  181.549115][ T5167] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1
[  181.579723][ T5167] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9
[  181.592973][ T5167] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9
[  181.608555][ T5167] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4
[  181.622905][ T7356] hsr_slave_0: entered promiscuous mode
[  181.629789][ T5167] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2
[  181.640105][ T7356] hsr_slave_1: entered promiscuous mode
[  181.743917][ T3535] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  181.761326][ T3535] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 1] type 2 family 0 port 256 - 0
[  183.265329][ T3535] bridge_slave_1: left allmulticast mode
[  183.271073][ T3535] bridge_slave_1: left promiscuous mode
[  183.279135][ T3535] bridge0: port 2(bridge_slave_1) entered disabled state
[  183.345785][ T3535] bridge_slave_0: left allmulticast mode
[  183.351455][ T3535] bridge_slave_0: left promiscuous mode
[  183.372044][ T3535] bridge0: port 1(bridge_slave_0) entered disabled state
[  183.735081][ T5850] Bluetooth: hci2: command tx timeout
[  184.189452][ T3535] team0: Port device bridge1 removed
[  184.594720][   T24] usb 6-1: new full-speed USB device number 4 using dummy_hcd
[  184.701632][ T3535] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  184.729227][ T3535] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  184.750849][ T3535] bond0 (unregistering): Released all slaves
[  184.782472][ T7598] tipc: Started in network mode
[  184.796614][ T7598] tipc: Node identity d2c17802f19b, cluster identity 4711
[  184.804100][ T7598] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  184.825099][   T24] usb 6-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  184.859813][ T7599] syzkaller0: entered promiscuous mode
[  184.860771][   T24] usb 6-1: config 1 interface 0 altsetting 0 has an invalid descriptor for endpoint zero, skipping
[  184.865777][ T7599] syzkaller0: entered allmulticast mode
[  184.876908][   T24] usb 6-1: config 1 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 3
[  184.916781][   T24] usb 6-1: New USB device found, idVendor=0525, idProduct=a4a5, bcdDevice= 0.40
[  184.927497][   T24] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=1
[  184.957369][   T24] usb 6-1: SerialNumber: syz
[  184.987822][   T24] cdc_ether 6-1:1.0: probe with driver cdc_ether failed with error -22
[  184.999312][   T24] usb-storage 6-1:1.0: USB Mass Storage device detected
[  185.075294][   T24] usb-storage 6-1:1.0: Quirks match for vid 0525 pid a4a5: 10000
[  185.129192][ T7603] tipc: Resetting bearer <eth:syzkaller0>
[  185.150945][ T7596] tipc: Resetting bearer <eth:syzkaller0>
[  185.182074][ T7596] tipc: Disabling bearer <eth:syzkaller0>
[  185.298319][ T7628] tipc: Enabled bearer <ib:gre0>, priority 0
[  185.313121][ T7625] syzkaller0: entered promiscuous mode
[  185.321449][ T7625] syzkaller0: entered allmulticast mode
[  185.468161][ T7632] input: syz1 as /devices/virtual/input/input9
[  185.474400][ T7632] input: failed to attach handler leds to device input9, error: -6
[  185.805344][ T5850] Bluetooth: hci2: command tx timeout
[  186.017391][ T3535] hsr_slave_0: left promiscuous mode
[  186.028368][ T3535] hsr_slave_1: left promiscuous mode
[  186.042152][ T3535] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  186.066785][ T3535] batman_adv: batadv0: Removing interface: batadv_slave_0
[  186.081135][ T3535] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  186.265120][ T3535] batman_adv: batadv0: Removing interface: batadv_slave_1
[  187.044672][  T977] tipc: Node number set to 2233750501
[  187.151255][ T3535] veth1_macvtap: left promiscuous mode
[  187.175569][ T3535] veth0_macvtap: left promiscuous mode
[  187.209350][ T3535] veth1_vlan: left promiscuous mode
[  187.212019][   T10] usb 6-1: USB disconnect, device number 4
[  187.254851][ T3535] veth0_vlan: left promiscuous mode
[  187.891506][ T5850] Bluetooth: hci2: command tx timeout
[  188.066555][ T5961] usb 6-1: new high-speed USB device number 5 using dummy_hcd
[  188.246983][ T5961] usb 6-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7
[  188.258355][ T5961] usb 6-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47
[  188.269006][ T5961] usb 6-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d
[  188.278802][ T5961] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  188.305302][ T7662] raw-gadget.0 gadget.5: fail, usb_ep_enable returned -22
[  188.319752][ T5961] usb 6-1: Quirk or no altset; falling back to MIDI 1.0
[  188.461022][ T3535] team0 (unregistering): Port device team_slave_1 removed
[  188.544518][ T3535] team0 (unregistering): Port device team_slave_0 removed
[  188.547743][ T5961] usb 6-1: USB disconnect, device number 5
[  189.776696][ T7356] netdevsim netdevsim7 netdevsim0: renamed from eth0
[  189.841899][ T7356] netdevsim netdevsim7 netdevsim1: renamed from eth1
[  189.871441][ T7356] netdevsim netdevsim7 netdevsim2: renamed from eth2
[  189.898270][ T7680] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  189.924954][ T7683] syzkaller0: entered promiscuous mode
[  189.958811][ T7683] syzkaller0: entered allmulticast mode
[  189.964918][ T5167] Bluetooth: hci2: command tx timeout
[  190.017614][ T7356] netdevsim netdevsim7 netdevsim3: renamed from eth3
[  190.075235][ T7680] tipc: Resetting bearer <eth:syzkaller0>
[  190.112028][ T7570] chnl_net:caif_netlink_parms(): no params data found
[  190.130691][ T7679] tipc: Resetting bearer <eth:syzkaller0>
[  190.157094][ T7679] tipc: Disabling bearer <eth:syzkaller0>
[  190.492527][ T7570] bridge0: port 1(bridge_slave_0) entered blocking state
[  190.507359][ T7570] bridge0: port 1(bridge_slave_0) entered disabled state
[  190.524905][ T7570] bridge_slave_0: entered allmulticast mode
[  190.546925][ T7570] bridge_slave_0: entered promiscuous mode
[  190.590304][ T7570] bridge0: port 2(bridge_slave_1) entered blocking state
[  190.611464][ T7570] bridge0: port 2(bridge_slave_1) entered disabled state
[  190.625608][ T7570] bridge_slave_1: entered allmulticast mode
[  190.633550][ T7570] bridge_slave_1: entered promiscuous mode
[  190.808585][ T7570] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  190.843732][ T7570] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  191.007537][ T7570] team0: Port device team_slave_0 added
[  191.031609][ T7570] team0: Port device team_slave_1 added
[  191.549191][ T7570] batman_adv: batadv0: Adding interface: batadv_slave_0
[  191.583663][ T7570] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  191.784697][ T7570] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  191.817922][ T7570] batman_adv: batadv0: Adding interface: batadv_slave_1
[  191.834183][ T7570] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  191.919614][ T7570] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  192.162415][ T7570] hsr_slave_0: entered promiscuous mode
[  192.195124][ T7570] hsr_slave_1: entered promiscuous mode
[  192.232439][ T7570] debugfs: 'hsr0' already exists in 'hsr'
[  192.469040][ T7570] Cannot create hsr debugfs directory
[  192.571439][ T7356] 8021q: adding VLAN 0 to HW filter on device bond0
[  194.004548][ T7356] 8021q: adding VLAN 0 to HW filter on device team0
[  194.217801][ T3515] bridge0: port 1(bridge_slave_0) entered blocking state
[  194.224981][ T3515] bridge0: port 1(bridge_slave_0) entered forwarding state
[  194.360225][ T7764] cgroup: fork rejected by pids controller in /syz6
[  194.630669][ T1336] bridge0: port 2(bridge_slave_1) entered blocking state
[  194.637858][ T1336] bridge0: port 2(bridge_slave_1) entered forwarding state
[  195.441910][ T7570] netdevsim netdevsim8 netdevsim0: renamed from eth0
[  195.653998][ T7570] netdevsim netdevsim8 netdevsim1: renamed from eth1
[  195.749448][ T7570] netdevsim netdevsim8 netdevsim2: renamed from eth2
[  195.861915][ T7570] netdevsim netdevsim8 netdevsim3: renamed from eth3
[  196.499609][ T7356] 8021q: adding VLAN 0 to HW filter on device batadv0
[  196.662099][ T7570] 8021q: adding VLAN 0 to HW filter on device bond0
[  196.772440][ T7570] 8021q: adding VLAN 0 to HW filter on device team0
[  196.822710][ T3535] bridge0: port 1(bridge_slave_0) entered blocking state
[  196.829971][ T3535] bridge0: port 1(bridge_slave_0) entered forwarding state
[  196.930345][ T3535] bridge0: port 2(bridge_slave_1) entered blocking state
[  196.937564][ T3535] bridge0: port 2(bridge_slave_1) entered forwarding state
[  197.908024][ T7356] veth0_vlan: entered promiscuous mode
[  197.980635][ T7356] veth1_vlan: entered promiscuous mode
[  198.101769][ T7356] veth0_macvtap: entered promiscuous mode
[  198.121415][ T7356] veth1_macvtap: entered promiscuous mode
[  198.212146][ T7356] batman_adv: batadv0: Interface activated: batadv_slave_0
[  198.352314][ T7570] 8021q: adding VLAN 0 to HW filter on device batadv0
[  198.396358][ T7356] batman_adv: batadv0: Interface activated: batadv_slave_1
[  198.479362][ T3515] netdevsim netdevsim7 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  198.494959][   T43] usb 1-1: new high-speed USB device number 8 using dummy_hcd
[  198.510289][ T3515] netdevsim netdevsim7 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  198.560906][ T3515] netdevsim netdevsim7 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  198.583274][ T3515] netdevsim netdevsim7 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  198.655901][   T43] usb 1-1: Using ep0 maxpacket: 16
[  198.849499][   T12] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  198.888943][   T12] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  199.161690][   T49] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  199.190853][   T49] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  199.410675][ T1300] ieee802154 phy0 wpan0: encryption failed: -22
[  199.410790][ T1300] ieee802154 phy1 wpan1: encryption failed: -22
[  199.465453][ T5927] usb 7-1: new high-speed USB device number 2 using dummy_hcd
[  199.608070][ T8546] UDPLite: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list
[  199.620569][ T5927] usb 7-1: Using ep0 maxpacket: 8
[  199.633012][ T5927] usb 7-1: New USB device found, idVendor=1660, idProduct=0932, bcdDevice=80.ea
[  199.633060][ T5927] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  199.633081][ T5927] usb 7-1: Product: syz
[  199.633097][ T5927] usb 7-1: Manufacturer: syz
[  199.633113][ T5927] usb 7-1: SerialNumber: syz
[  199.639026][ T5927] usb 7-1: config 0 descriptor??
[  199.674903][ T5927] dvb-usb: found a 'Medion MD95700 (MDUSBTV-HYBRID)' in warm state.
[  199.674997][ T5927] usb 7-1: setting power ON
[  199.675357][ T5927] dvb-usb: bulk message failed: -22 (2/0)
[  199.715640][ T5927] dvb-usb: will pass the complete MPEG2 transport stream to the software demuxer.
[  199.718065][ T5927] dvbdev: DVB: registering new adapter (Medion MD95700 (MDUSBTV-HYBRID))
[  199.718159][ T5927] usb 7-1: media controller created
[  199.859420][ T8538] dvb-usb: bulk message failed: -22 (3/0)
[  199.919751][ T5927] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered.
[  199.965359][ T7570] veth0_vlan: entered promiscuous mode
[  200.027736][ T7570] veth1_vlan: entered promiscuous mode
[  200.083732][ T5927] usb 7-1: selecting invalid altsetting 6
[  200.083818][ T5927] usb 7-1: digital interface selection failed (-22)
[  200.083860][ T5927] dvb-usb: no frontend was attached by 'Medion MD95700 (MDUSBTV-HYBRID)'
[  200.093432][ T5927] usb 7-1: setting power OFF
[  200.093579][ T5927] dvb-usb: bulk message failed: -22 (2/0)
[  200.093621][ T5927] dvb-usb: Medion MD95700 (MDUSBTV-HYBRID) successfully initialized and connected.
[  200.093636][ T5927] (NULL device *): no alternate interface
[  200.196455][ T7570] veth0_macvtap: entered promiscuous mode
[  200.241432][ T7570] veth1_macvtap: entered promiscuous mode
[  200.281978][ T5927] dvb-usb: Medion MD95700 (MDUSBTV-HYBRID) successfully deinitialized and disconnected.
[  200.572093][ T7570] batman_adv: batadv0: Interface activated: batadv_slave_0
[  200.601885][ T5927] usb 7-1: USB disconnect, device number 2
[  200.669650][ T7570] batman_adv: batadv0: Interface activated: batadv_slave_1
[  200.741702][   T13] netdevsim netdevsim8 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  200.829629][   T13] netdevsim netdevsim8 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  201.024318][   T13] netdevsim netdevsim8 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  201.042592][   T13] netdevsim netdevsim8 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  201.608940][ T3515] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  201.641599][   T43] usb 1-1: unable to get BOS descriptor or descriptor too short
[  201.663889][ T3515] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  201.692602][   T43] usb 1-1: unable to read config index 0 descriptor/start: -71
[  201.716792][   T43] usb 1-1: can't read configurations, error -71
[  201.832813][ T3515] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  202.064673][ T3515] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  202.135972][ T8593] netlink: 4 bytes leftover after parsing attributes in process `syz.0.368'.
[  202.164772][ T5961] usb 6-1: new high-speed USB device number 6 using dummy_hcd
[  202.525857][ T5854] usb 8-1: new high-speed USB device number 2 using dummy_hcd
[  202.632714][ T5961] usb 6-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7
[  202.655362][ T5961] usb 6-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47
[  202.686162][ T5961] usb 6-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d
[  202.720423][ T5961] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  202.777071][ T5854] usb 8-1: device descriptor read/64, error -71
[  202.798549][ T8586] raw-gadget.0 gadget.5: fail, usb_ep_enable returned -22
[  202.865451][ T5961] usb 6-1: Quirk or no altset; falling back to MIDI 1.0
[  202.955218][ T8604] loop6: detected capacity change from 0 to 256
[  203.036057][ T5854] usb 8-1: new high-speed USB device number 3 using dummy_hcd
[  203.132997][ T8583] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  203.144494][ T8583] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  203.214861][ T5854] usb 8-1: device descriptor read/64, error -71
[  203.259203][   T30] audit: type=1800 audit(1751868151.060:5): pid=8604 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.6.370" name="file1" dev="loop6" ino=1048675 res=0 errno=0
[  203.325102][ T5854] usb usb8-port1: attempt power cycle
[  203.684894][ T5854] usb 8-1: new high-speed USB device number 4 using dummy_hcd
[  203.736462][ T5854] usb 8-1: device descriptor read/8, error -71
[  203.850623][ T5961] usb 6-1: USB disconnect, device number 6
[  204.041521][ T5854] usb 8-1: new high-speed USB device number 5 using dummy_hcd
[  204.075410][ T5854] usb 8-1: device descriptor read/8, error -71
[  204.211905][ T5854] usb usb8-port1: unable to enumerate USB device
[  205.304897][ T5860] usb 8-1: new full-speed USB device number 6 using dummy_hcd
[  205.486927][ T5860] usb 8-1: unable to get BOS descriptor or descriptor too short
[  205.497661][ T5860] usb 8-1: not running at top speed; connect to a high speed hub
[  205.520719][ T5860] usb 8-1: config 111 has an invalid interface number: 251 but max is 1
[  205.532027][ T5860] usb 8-1: config 111 has an invalid interface number: 171 but max is 1
[  205.584447][ T5860] usb 8-1: config 111 has no interface number 0
[  205.615228][ T5860] usb 8-1: config 111 has no interface number 1
[  205.632085][ T5860] usb 8-1: config 111 interface 251 altsetting 249 endpoint 0x1 has invalid maxpacket 1024, setting to 64
[  205.665002][ T5860] usb 8-1: config 111 interface 251 altsetting 249 has an invalid descriptor for endpoint zero, skipping
[  205.693982][ T5860] usb 8-1: config 111 interface 251 has no altsetting 0
[  205.729363][ T5860] usb 8-1: config 111 interface 171 has no altsetting 0
[  205.778776][ T5860] usb 8-1: New USB device found, idVendor=0499, idProduct=1050, bcdDevice=fa.da
[  205.898908][ T5860] usb 8-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  206.003730][ T5860] usb 8-1: Product: syz
[  206.020754][ T5860] usb 8-1: Manufacturer: syz
[  206.048821][ T5860] usb 8-1: SerialNumber: syz
[  206.155380][ T8655] raw-gadget.0 gadget.7: fail, usb_ep_enable returned -22
[  206.488032][ T5860] usb 8-1: Quirk or no altset; falling back to MIDI 1.0
[  206.509536][ T5860] usb 8-1: invalid MIDI in EP 0
[  206.539020][ T5860] snd-usb-audio 8-1:111.251: probe with driver snd-usb-audio failed with error -22
[  206.689005][ T5860] usb 8-1: Quirk or no altset; falling back to MIDI 1.0
[  206.806607][ T8692] tipc: Started in network mode
[  206.811575][ T8692] tipc: Node identity a2bc8ac4586c, cluster identity 4711
[  206.870121][ T8692] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  206.890292][ T8693] syzkaller0: entered promiscuous mode
[  206.910048][ T5860] snd-usb-audio 8-1:111.171: probe with driver snd-usb-audio failed with error -2
[  206.955767][ T8693] syzkaller0: entered allmulticast mode
[  206.975840][ T5860] usb 8-1: USB disconnect, device number 6
[  207.049492][ T8693] tipc: Resetting bearer <eth:syzkaller0>
[  207.057174][ T6725] udevd[6725]: error opening ATTR{/sys/devices/platform/dummy_hcd.7/usb8/8-1/8-1:111.171/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  207.157978][ T8691] tipc: Resetting bearer <eth:syzkaller0>
[  207.273302][ T8691] tipc: Disabling bearer <eth:syzkaller0>
[  207.394921][    T9] usb 7-1: new high-speed USB device number 3 using dummy_hcd
[  207.565192][    T9] usb 7-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7
[  207.592397][    T9] usb 7-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47
[  207.615324][    T9] usb 7-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d
[  207.636556][    T9] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  207.679936][ T8701] raw-gadget.0 gadget.6: fail, usb_ep_enable returned -22
[  207.740054][    T9] usb 7-1: Quirk or no altset; falling back to MIDI 1.0
[  207.967270][    T9] usb 7-1: USB disconnect, device number 3
[  208.685542][    T9] usb 8-1: new high-speed USB device number 7 using dummy_hcd
[  208.764852][ T5961] usb 6-1: new high-speed USB device number 7 using dummy_hcd
[  208.884293][    T9] usb 8-1: Using ep0 maxpacket: 16
[  208.935924][ T5961] usb 6-1: device descriptor read/64, error -71
[  208.956306][    T9] usb 8-1: config 0 has an invalid interface number: 105 but max is 0
[  208.984734][    T9] usb 8-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  209.017539][    T9] usb 8-1: config 0 has no interface number 0
[  209.043674][    T9] usb 8-1: New USB device found, idVendor=046d, idProduct=08f3, bcdDevice= b.28
[  209.081954][    T9] usb 8-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  209.108879][    T9] usb 8-1: Product: syz
[  209.113663][    T9] usb 8-1: Manufacturer: syz
[  209.135284][    T9] usb 8-1: SerialNumber: syz
[  209.155264][    T9] usb 8-1: config 0 descriptor??
[  209.175997][    T9] usb 8-1: Found UVC 0.00 device syz (046d:08f3)
[  209.215155][    T9] usb 8-1: No valid video chain found.
[  209.224137][ T5961] usb 6-1: new high-speed USB device number 8 using dummy_hcd
[  209.281996][ T8599] usb 1-1: new high-speed USB device number 10 using dummy_hcd
[  209.707098][    T9] usb 8-1: USB disconnect, device number 7
[  209.734680][ T5961] usb 6-1: device descriptor read/64, error -71
[  209.845355][ T5961] usb usb6-port1: attempt power cycle
[  209.869046][ T8599] usb 1-1: Using ep0 maxpacket: 8
[  209.877396][ T8599] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  209.897759][ T8599] usb 1-1: config 0 has no interfaces?
[  210.055031][ T8599] usb 1-1: New USB device found, idVendor=1557, idProduct=7720, bcdDevice=b7.eb
[  210.107252][ T8599] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  210.165050][ T8599] usb 1-1: config 0 descriptor??
[  210.236328][ T8732] loop8: detected capacity change from 0 to 32768
[  210.324788][ T5961] usb 6-1: new high-speed USB device number 9 using dummy_hcd
[  210.355545][ T5961] usb 6-1: device descriptor read/8, error -71
[  210.515565][ T8761] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  210.605320][ T8761] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  210.628699][ T8732] bcachefs (loop8): starting version 1.7: mi_btree_bitmap opts=errors=continue,metadata_checksum=none,data_checksum=none,compression=lz4,nocow
[  210.628717][ T8732]   allowing incompatible features above 0.0: (unknown version)
[  210.628727][ T8732]   features: lz4,new_siphash,inline_data,new_extent_overwrite,btree_ptr_v2,new_varint,journal_no_flush,alloc_v2,extents_across_btree_nodes
[  210.648939][ T5961] usb 6-1: new high-speed USB device number 10 using dummy_hcd
[  210.669976][ T5961] usb 6-1: device descriptor read/8, error -71
[  210.747055][ T8732] bcachefs (loop8): Using encoding defined by superblock: utf8-12.1.0
[  210.787587][ T8732] bcachefs (loop8): initializing new filesystem
[  210.826265][ T5961] usb usb6-port1: unable to enumerate USB device
[  210.899500][ T8732] bcachefs (loop8): going read-write
[  211.003003][ T8732] bcachefs (loop8): marking superblocks
[  211.057770][ T8732] bcachefs (loop8): initializing freespace
[  211.168049][ T8732] bcachefs (loop8): done initializing freespace
[  211.221478][ T8732] bcachefs (loop8): reading snapshots table
[  211.248553][ T8732] bcachefs (loop8): reading snapshots done
[  211.486148][ T8732] bcachefs (loop8):  loop8: Superblock write was silently dropped! (seq 0 expected 42)
[  211.500603][ T8777] program syz.7.413 is using a deprecated SCSI ioctl, please convert it to SG_IO
[  211.543653][ T8732] bcachefs (loop8): done starting filesystem
[  211.658077][ T7570] bcachefs (loop8): shutting down
[  211.685030][ T7570] bcachefs (loop8): going read-only
[  211.690312][ T7570] bcachefs (loop8): finished waiting for writes to stop
[  211.726467][ T5847] Bluetooth: hci0: command 0x0406 tx timeout
[  211.861128][ T7570] bcachefs (loop8): flushing journal and stopping allocators, journal seq 3
[  212.054913][   T24] usb 1-1: USB disconnect, device number 10
[  212.097702][ T7570] bcachefs (loop8): flushing journal and stopping allocators complete, journal seq 3
[  212.244774][ T7570] bcachefs (loop8): clean shutdown complete, journal seq 4
[  212.255371][ T7570] bcachefs (loop8): marking filesystem clean
[  212.522207][ T7570] bcachefs (loop8): shutdown complete
[  212.655249][ T8804] vhci_hcd vhci_hcd.0: pdev(6) rhport(0) sockfd(3)
[  212.662101][ T8804] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed)
[  212.746725][ T8813] openvswitch: netlink: Either Ethernet header or EtherType is required.
[  212.787933][ T8813] netlink: 'syz.0.418': attribute type 10 has an invalid length.
[  212.847818][ T8804] vhci_hcd vhci_hcd.0: Device attached
[  212.870700][ T8806] vhci_hcd: connection closed
[  212.873171][ T3515] vhci_hcd: stop threads
[  213.269978][ T3515] vhci_hcd: release socket
[  213.277615][ T3515] vhci_hcd: disconnect device
[  213.753344][ T8823] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  214.370029][ T8831] netlink: 156 bytes leftover after parsing attributes in process `syz.7.423'.
[  214.400772][ T8831] ip6t_REJECT: TCP_RESET illegal for non-tcp
[  215.825005][ T8830] loop5: detected capacity change from 0 to 32768
[  216.262620][ T8830] bcachefs (loop5): starting version 1.7: mi_btree_bitmap opts=errors=continue,metadata_checksum=none,data_checksum=none,compression=lz4,nocow
[  216.262649][ T8830]   allowing incompatible features above 0.0: (unknown version)
[  216.262663][ T8830]   features: lz4,new_siphash,inline_data,new_extent_overwrite,btree_ptr_v2,new_varint,journal_no_flush,alloc_v2,extents_across_btree_nodes
[  216.365022][ T5860] usb 7-1: new high-speed USB device number 4 using dummy_hcd
[  216.513980][ T8830] bcachefs (loop5): Using encoding defined by superblock: utf8-12.1.0
[  216.532857][ T5860] usb 7-1: config 0 has an invalid interface number: 49 but max is 0
[  216.562149][ T5860] usb 7-1: config 0 has no interface number 0
[  216.575172][ T8830] bcachefs (loop5): initializing new filesystem
[  216.587255][ T5860] usb 7-1: New USB device found, idVendor=0c45, idProduct=6128, bcdDevice=e7.29
[  216.605585][ T5860] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  216.653916][ T5860] usb 7-1: Product: syz
[  216.669555][ T5860] usb 7-1: Manufacturer: syz
[  216.704257][ T5860] usb 7-1: SerialNumber: syz
[  216.712623][ T8830] bcachefs (loop5): going read-write
[  216.916603][ T5860] usb 7-1: config 0 descriptor??
[  217.131444][ T8830] bcachefs (loop5): marking superblocks
[  217.156523][ T5860] gspca_main: sonixj-2.14.0 probing 0c45:6128
[  217.246099][ T8830] bcachefs (loop5): initializing freespace
[  217.322896][ T8830] bcachefs (loop5): done initializing freespace
[  217.342882][ T8830] bcachefs (loop5): reading snapshots table
[  217.394804][ T8830] bcachefs (loop5): reading snapshots done
[  217.480889][ T8830] bcachefs (loop5):  loop5: Superblock write was silently dropped! (seq 0 expected 42)
[  217.532685][ T8830] bcachefs (loop5): done starting filesystem
[  217.593860][ T8830] syz.5.425 (8830) used greatest stack depth: 15192 bytes left
[  217.649748][ T6111] bcachefs (loop5): shutting down
[  217.679652][ T6111] bcachefs (loop5): going read-only
[  217.696800][ T5860] gspca_sonixj: reg_w1 err -110
[  217.714657][ T6111] bcachefs (loop5): finished waiting for writes to stop
[  217.718254][ T5860] sonixj 7-1:0.49: probe with driver sonixj failed with error -110
[  217.767514][ T6111] bcachefs (loop5): flushing journal and stopping allocators, journal seq 3
[  217.871653][ T6111] bcachefs (loop5): flushing journal and stopping allocators complete, journal seq 3
[  217.879746][ T5860] usb 7-1: USB disconnect, device number 4
[  217.931414][ T6111] bcachefs (loop5): clean shutdown complete, journal seq 4
[  217.972351][ T6111] bcachefs (loop5): marking filesystem clean
[  218.077216][ T6111] bcachefs (loop5): shutdown complete
[  219.036557][ T8898] process 'syz.0.437' launched './file0' with NULL argv: empty string added
[  219.485296][ T5927] usb 1-1: new low-speed USB device number 11 using dummy_hcd
[  219.787860][ T5927] usb 1-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  219.798201][ T5927] usb 1-1: config 1 has 1 interface, different from the descriptor's value: 2
[  219.814090][ T5927] usb 1-1: config 1 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F
[  219.853721][ T5927] usb 1-1: config 1 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 10
[  219.902361][ T5927] usb 1-1: config 1 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 65535, setting to 8
[  219.958799][ T5927] usb 1-1: New USB device found, idVendor=0225, idProduct=0000, bcdDevice= 0.00
[  219.994215][ T5927] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  220.028596][ T8906] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22
[  220.117806][ T5927] hub 1-1:1.0: bad descriptor, ignoring hub
[  220.171808][ T5927] hub 1-1:1.0: probe with driver hub failed with error -5
[  220.235338][ T5927] cdc_wdm 1-1:1.0: skipping garbage
[  220.299947][ T5927] cdc_wdm 1-1:1.0: skipping garbage
[  220.410580][ T5927] cdc_wdm 1-1:1.0: cdc-wdm0: USB WDM device
[  220.490259][ T5927] cdc_wdm 1-1:1.0: Unknown control protocol
[  221.621807][ T8932] tipc: Started in network mode
[  221.651699][ T8932] tipc: Node identity 363e055ddcfe, cluster identity 4711
[  221.715884][ T8932] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  221.798496][ T8933] syzkaller0: entered promiscuous mode
[  221.849117][ T8933] syzkaller0: entered allmulticast mode
[  221.953143][ T8932] tipc: Enabled bearer <ib:gre0>, priority 0
[  222.047649][ T8931] tipc: Resetting bearer <eth:syzkaller0>
[  222.260480][ T8931] tipc: Disabling bearer <eth:syzkaller0>
[  222.376086][ T8937] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  222.440535][ T8937] syzkaller0: entered promiscuous mode
[  222.464809][ T8937] syzkaller0: entered allmulticast mode
[  222.584856][ T8936] tipc: Resetting bearer <eth:syzkaller0>
[  222.830230][ T8936] tipc: Disabling bearer <eth:syzkaller0>
[  222.966074][    T9] tipc: Node number set to 3938452829
[  222.975721][ T5927] usb 1-1: USB disconnect, device number 11
[  225.748473][ T9019] 9pnet: p9_errstr2errno: server reported unknown error �@
[  226.696886][ T9044] kvm: pic: non byte write
[  226.701557][ T9044] kvm: pic: non byte write
[  226.759237][    T9] hid-generic 0000:0000:0000.0003: unknown main item tag 0x0
[  226.820964][    T9] hid-generic 0000:0000:0000.0003: hidraw0: <UNKNOWN> HID v0.00 Device [syz1] on syz0
[  227.022143][ T9061] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  227.139736][ T9061] tipc: Enabled bearer <ib:gre0>, priority 0
[  227.176287][ T9059] tipc: Disabling bearer <eth:syzkaller0>
[  228.255153][ T5927] tipc: Node number set to 593131522
[  229.656979][ T5961] usb 8-1: new high-speed USB device number 8 using dummy_hcd
[  229.894737][ T5961] usb 8-1: Using ep0 maxpacket: 16
[  230.065939][ T5961] usb 8-1: New USB device found, idVendor=1604, idProduct=8007, bcdDevice=af.a6
[  230.065976][ T5961] usb 8-1: New USB device strings: Mfr=1, Product=23, SerialNumber=3
[  230.066001][ T5961] usb 8-1: Product: syz
[  230.066018][ T5961] usb 8-1: Manufacturer: syz
[  230.066036][ T5961] usb 8-1: SerialNumber: syz
[  230.069149][ T5961] usb 8-1: config 0 descriptor??
[  232.204800][ T5847] Bluetooth: hci3: command 0x0406 tx timeout
[  232.313899][   T36] netdevsim netdevsim6 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  232.507571][   T36] netdevsim netdevsim6 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  232.713265][ T5860] usb 8-1: USB disconnect, device number 8
[  232.737768][   T36] netdevsim netdevsim6 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  232.942904][   T36] netdevsim netdevsim6 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  233.316291][   T36] bridge_slave_1: left allmulticast mode
[  233.330837][   T36] bridge_slave_1: left promiscuous mode
[  233.366349][   T36] bridge0: port 2(bridge_slave_1) entered disabled state
[  233.441628][   T36] bridge_slave_0: left allmulticast mode
[  233.447920][ T5860] usb 1-1: new high-speed USB device number 12 using dummy_hcd
[  233.458330][   T36] bridge_slave_0: left promiscuous mode
[  233.465795][   T36] bridge0: port 1(bridge_slave_0) entered disabled state
[  233.567181][   T36] tipc: Resetting bearer <ib:gre0>
[  233.634950][ T5860] usb 1-1: Using ep0 maxpacket: 32
[  233.647838][ T5860] usb 1-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xA6, changing to 0x86
[  233.709540][ T5860] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x86 has an invalid bInterval 0, changing to 7
[  233.762936][ T5860] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x86 has invalid wMaxPacketSize 0
[  233.826285][ T5860] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x7 has invalid wMaxPacketSize 0
[  233.869734][ T5860] usb 1-1: New USB device found, idVendor=05ef, idProduct=020a, bcdDevice=91.36
[  233.889117][ T5860] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  233.921407][ T5860] usb 1-1: Product: syz
[  233.951577][ T5860] usb 1-1: Manufacturer: syz
[  233.977813][ T5860] usb 1-1: SerialNumber: syz
[  234.011406][ T5860] usb 1-1: config 0 descriptor??
[  234.276836][ T9188] misc userio: The device must be registered before sending interrupts
[  234.322665][ T5860] usb 1-1: USB disconnect, device number 12
[  234.366565][ T9188] netlink: 8 bytes leftover after parsing attributes in process `syz.0.518'.
[  234.388710][ T5847] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1
[  234.411960][ T5847] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9
[  234.422641][ T5847] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9
[  234.438525][ T5847] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4
[  234.447146][ T9188] netlink: 8 bytes leftover after parsing attributes in process `syz.0.518'.
[  234.456790][ T5847] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2
[  234.585068][ T5854] usb 9-1: new high-speed USB device number 2 using dummy_hcd
[  234.619373][   T36] tipc: Disabling bearer <ib:gre0>
[  234.775263][ T5854] usb 9-1: Using ep0 maxpacket: 32
[  234.814923][ T5854] usb 9-1: config 0 has no interfaces?
[  234.821126][ T5854] usb 9-1: New USB device found, idVendor=046d, idProduct=c314, bcdDevice= 0.40
[  234.831410][ T5854] usb 9-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  234.856251][ T5854] usb 9-1: config 0 descriptor??
[  235.037437][   T36] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  235.054521][   T36] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  235.074339][   T36] bond0 (unregistering): Released all slaves
[  235.646577][   T36] tipc: Left network mode
[  236.464250][ T5961] usb 9-1: USB disconnect, device number 2
[  236.536145][ T5167] Bluetooth: hci4: command tx timeout
[  237.430987][   T36] hsr_slave_0: left promiscuous mode
[  237.447710][   T36] hsr_slave_1: left promiscuous mode
[  237.497692][   T36] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  237.532436][   T36] batman_adv: batadv0: Removing interface: batadv_slave_0
[  237.579351][   T36] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  237.697935][   T36] batman_adv: batadv0: Removing interface: batadv_slave_1
[  237.896406][   T36] veth1_macvtap: left promiscuous mode
[  237.907651][   T36] veth0_macvtap: left promiscuous mode
[  237.918461][   T36] veth1_vlan: left promiscuous mode
[  237.923938][   T36] veth0_vlan: left promiscuous mode
[  238.605195][ T5167] Bluetooth: hci4: command tx timeout
[  238.932933][ T9273] binder: 9272:9273 ioctl 400c620e 0 returned -14
[  238.957254][ T9273] binder: 9272:9273 ioctl c0046209 0 returned -22
[  239.505097][   T36] team0 (unregistering): Port device team_slave_1 removed
[  239.547375][   T36] team0 (unregistering): Port device team_slave_0 removed
[  240.115340][ T9209] chnl_net:caif_netlink_parms(): no params data found
[  240.691795][ T5167] Bluetooth: hci4: command tx timeout
[  240.951746][ T9303] syz_tun: entered allmulticast mode
[  240.962841][ T9209] bridge0: port 1(bridge_slave_0) entered blocking state
[  240.976142][ T9209] bridge0: port 1(bridge_slave_0) entered disabled state
[  240.988709][ T9209] bridge_slave_0: entered allmulticast mode
[  241.080542][ T9209] bridge_slave_0: entered promiscuous mode
[  241.117897][ T9209] bridge0: port 2(bridge_slave_1) entered blocking state
[  241.135339][ T9209] bridge0: port 2(bridge_slave_1) entered disabled state
[  241.144928][ T9209] bridge_slave_1: entered allmulticast mode
[  241.152906][ T9209] bridge_slave_1: entered promiscuous mode
[  241.170095][ T9300] syz_tun: left allmulticast mode
[  241.378187][ T9209] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  241.527200][ T9314] fuse: Bad value for 'group_id'
[  241.544742][ T9314] fuse: Bad value for 'group_id'
[  241.658211][ T9209] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  241.809747][ T9209] team0: Port device team_slave_0 added
[  241.825452][ T9209] team0: Port device team_slave_1 added
[  242.059075][ T9209] batman_adv: batadv0: Adding interface: batadv_slave_0
[  242.087134][ T9209] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  242.163405][ T9209] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  242.184498][ T9209] batman_adv: batadv0: Adding interface: batadv_slave_1
[  242.192084][ T9209] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  242.220945][ T9209] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  242.245450][ T9319] netlink: 'syz.5.560': attribute type 6 has an invalid length.
[  242.253700][ T9319] netlink: 32 bytes leftover after parsing attributes in process `syz.5.560'.
[  242.705430][ T9209] hsr_slave_0: entered promiscuous mode
[  242.712197][ T9209] hsr_slave_1: entered promiscuous mode
[  242.770184][ T5167] Bluetooth: hci4: command tx timeout
[  242.782033][ T9209] debugfs: 'hsr0' already exists in 'hsr'
[  242.790101][ T9209] Cannot create hsr debugfs directory
[  243.527013][ T9209] netdevsim netdevsim9 netdevsim0: renamed from eth0
[  243.652329][ T9209] netdevsim netdevsim9 netdevsim1: renamed from eth1
[  243.695731][ T9209] netdevsim netdevsim9 netdevsim2: renamed from eth2
[  243.777547][ T9342] fuse: Bad value for 'group_id'
[  243.809046][ T9209] netdevsim netdevsim9 netdevsim3: renamed from eth3
[  243.824817][ T9342] fuse: Bad value for 'group_id'
[  244.212079][ T9209] 8021q: adding VLAN 0 to HW filter on device bond0
[  244.355924][ T9209] 8021q: adding VLAN 0 to HW filter on device team0
[  244.410297][ T3571] bridge0: port 1(bridge_slave_0) entered blocking state
[  244.417512][ T3571] bridge0: port 1(bridge_slave_0) entered forwarding state
[  244.537677][ T3571] bridge0: port 2(bridge_slave_1) entered blocking state
[  244.544931][ T3571] bridge0: port 2(bridge_slave_1) entered forwarding state
[  245.694183][ T9386] ptrace attach of "./syz-executor exec"[7356] was attempted by " ��      ��      �      ��      ��      ��      ��              ��      ��      ��                 ����                        /dev/nullb0                                                                                                                     dctcp-reno                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    
[  245.853150][ T9209] 8021q: adding VLAN 0 to HW filter on device batadv0
[  245.956159][ T9383] BUG: sleeping function called from invalid context at kernel/locking/rwsem.c:1523
SYZFAIL: failed to recv rpc
fd=3 want=4 recv=0 n=0 (errno 9: Bad file descriptor)
[  246.050272][ T9383] in_atomic(): 0, irqs_disabled(): 0, non_block: 0, pid: 9383, name: syz.7.582
[  246.062900][ T9383] preempt_count: 0, expected: 0
[  246.155408][ T9383] RCU nest depth: 1, expected: 0
[  246.234971][ T9383] 2 locks held by syz.7.582/9383:
[  246.333582][ T9383]  #0: ffffffff8e13bf60 (rcu_read_lock){....}-{1:3}, at: query_vma_setup+0x18/0x110
[  246.396164][ T9383]  #1: ffff888032a22448 (vm_lock){++++}-{0:0}, at: lock_next_vma+0x146/0xdc0
[  246.455563][ T9383] CPU: 1 UID: 0 PID: 9383 Comm: syz.7.582 Not tainted 6.16.0-rc4-next-20250704-syzkaller #0 PREEMPT(full) 
[  246.455594][ T9383] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  246.455610][ T9383] Call Trace:
[  246.455619][ T9383]  <TASK>
[  246.455629][ T9383]  dump_stack_lvl+0x189/0x250
[  246.455666][ T9383]  ? __pfx_dump_stack_lvl+0x10/0x10
[  246.455702][ T9383]  ? print_lock_name+0xde/0x100
[  246.455740][ T9383]  __might_resched+0x495/0x610
[  246.455771][ T9383]  ? __pfx___might_resched+0x10/0x10
[  246.455799][ T9383]  ? vma_start_read+0x218/0x3b0
[  246.455827][ T9383]  ? vma_start_read+0x259/0x3b0
[  246.455860][ T9383]  ? __filemap_get_folio+0x9a6/0xaf0
[  246.455898][ T9383]  down_read+0x22/0x2e0
[  246.455935][ T9383]  freader_get_folio+0x38b/0x830
[  246.455971][ T9383]  freader_fetch+0xa3/0x5d0
[  246.456006][ T9383]  __build_id_parse+0x133/0x7d0
[  246.456039][ T9383]  ? __pfx___build_id_parse+0x10/0x10
[  246.456076][ T9383]  ? query_matching_vma+0x494/0x4b0
[  246.456130][ T9383]  procfs_procmap_ioctl+0x7dd/0xce0
[  246.456172][ T9383]  ? __pfx_procfs_procmap_ioctl+0x10/0x10
[  246.456224][ T9383]  ? __fget_files+0x2a/0x420
[  246.456260][ T9383]  ? __fget_files+0x2a/0x420
[  246.456290][ T9383]  ? __fget_files+0x3a0/0x420
[  246.456319][ T9383]  ? __fget_files+0x2a/0x420
[  246.456355][ T9383]  ? bpf_lsm_file_ioctl+0x9/0x20
[  246.456380][ T9383]  ? __pfx_procfs_procmap_ioctl+0x10/0x10
[  246.456412][ T9383]  __se_sys_ioctl+0xf9/0x170
[  246.456440][ T9383]  do_syscall_64+0xfa/0x3b0
[  246.456470][ T9383]  ? lockdep_hardirqs_on+0x9c/0x150
[  246.456499][ T9383]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  246.456521][ T9383]  ? clear_bhb_loop+0x60/0xb0
[  246.456550][ T9383]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  246.456572][ T9383] RIP: 0033:0x7f9c85d8e929
[  246.456605][ T9383] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  246.456625][ T9383] RSP: 002b:00007f9c86bc0038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  246.456649][ T9383] RAX: ffffffffffffffda RBX: 00007f9c85fb5fa0 RCX: 00007f9c85d8e929
[  246.456666][ T9383] RDX: 0000200000000180 RSI: 00000000c0686611 RDI: 0000000000000008
[  246.456682][ T9383] RBP: 00007f9c85e10b39 R08: 0000000000000000 R09: 0000000000000000
[  246.456696][ T9383] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  246.456709][ T9383] R13: 0000000000000000 R14: 00007f9c85fb5fa0 R15: 00007ffdcfa8c718
[  246.456745][ T9383]  </TASK>
[  246.456759][ T9383] 
[  246.701642][ T9383] =============================
[  246.706498][ T9383] [ BUG: Invalid wait context ]
[  246.711337][ T9383] 6.16.0-rc4-next-20250704-syzkaller #0 Tainted: G        W          
[  246.719568][ T9383] -----------------------------
[  246.724495][ T9383] syz.7.582/9383 is trying to lock:
[  246.729686][ T9383] ffff888148defc40 (mapping.invalidate_lock){++++}-{4:4}, at: freader_get_folio+0x38b/0x830
[  246.739782][ T9383] other info that might help us debug this:
[  246.745662][ T9383] context-{5:5}
[  246.749112][ T9383] 2 locks held by syz.7.582/9383:
[  246.754127][ T9383]  #0: ffffffff8e13bf60 (rcu_read_lock){....}-{1:3}, at: query_vma_setup+0x18/0x110
[  246.763542][ T9383]  #1: ffff888032a22448 (vm_lock){++++}-{0:0}, at: lock_next_vma+0x146/0xdc0
[  246.772345][ T9383] stack backtrace:
[  246.776075][ T9383] CPU: 1 UID: 0 PID: 9383 Comm: syz.7.582 Tainted: G        W           6.16.0-rc4-next-20250704-syzkaller #0 PREEMPT(full) 
[  246.776099][ T9383] Tainted: [W]=WARN
[  246.776105][ T9383] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  246.776115][ T9383] Call Trace:
[  246.776121][ T9383]  <TASK>
[  246.776128][ T9383]  dump_stack_lvl+0x189/0x250
[  246.776151][ T9383]  ? __pfx_dump_stack_lvl+0x10/0x10
[  246.776169][ T9383]  ? __pfx__printk+0x10/0x10
[  246.776199][ T9383]  __lock_acquire+0xbcb/0xd20
[  246.776226][ T9383]  ? freader_get_folio+0x38b/0x830
[  246.776246][ T9383]  lock_acquire+0x120/0x360
[  246.776268][ T9383]  ? freader_get_folio+0x38b/0x830
[  246.776289][ T9383]  ? vma_start_read+0x218/0x3b0
[  246.776309][ T9383]  ? vma_start_read+0x259/0x3b0
[  246.776331][ T9383]  down_read+0x46/0x2e0
[  246.776354][ T9383]  ? freader_get_folio+0x38b/0x830
[  246.776374][ T9383]  freader_get_folio+0x38b/0x830
[  246.776396][ T9383]  freader_fetch+0xa3/0x5d0
[  246.776419][ T9383]  __build_id_parse+0x133/0x7d0
[  246.776439][ T9383]  ? __pfx___build_id_parse+0x10/0x10
[  246.776460][ T9383]  ? query_matching_vma+0x494/0x4b0
[  246.776489][ T9383]  procfs_procmap_ioctl+0x7dd/0xce0
[  246.776513][ T9383]  ? __pfx_procfs_procmap_ioctl+0x10/0x10
[  246.776537][ T9383]  ? __fget_files+0x2a/0x420
[  246.776559][ T9383]  ? __fget_files+0x2a/0x420
[  246.776579][ T9383]  ? __fget_files+0x3a0/0x420
[  246.776598][ T9383]  ? __fget_files+0x2a/0x420
[  246.776619][ T9383]  ? bpf_lsm_file_ioctl+0x9/0x20
[  246.776636][ T9383]  ? __pfx_procfs_procmap_ioctl+0x10/0x10
[  246.776656][ T9383]  __se_sys_ioctl+0xf9/0x170
[  246.776673][ T9383]  do_syscall_64+0xfa/0x3b0
[  246.776694][ T9383]  ? lockdep_hardirqs_on+0x9c/0x150
[  246.776714][ T9383]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  246.776728][ T9383]  ? clear_bhb_loop+0x60/0xb0
[  246.776745][ T9383]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  246.776760][ T9383] RIP: 0033:0x7f9c85d8e929
[  246.776775][ T9383] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  246.776789][ T9383] RSP: 002b:00007f9c86bc0038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  246.776805][ T9383] RAX: ffffffffffffffda RBX: 00007f9c85fb5fa0 RCX: 00007f9c85d8e929
[  246.776817][ T9383] RDX: 0000200000000180 RSI: 00000000c0686611 RDI: 0000000000000008
[  246.776828][ T9383] RBP: 00007f9c85e10b39 R08: 0000000000000000 R09: 0000000000000000
[  246.776837][ T9383] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  246.776847][ T9383] R13: 0000000000000000 R14: 00007f9c85fb5fa0 R15: 00007ffdcfa8c718
[  246.776863][ T9383]  </TASK>
[  247.045459][ T9383] BUG: sleeping function called from invalid context at ./include/linux/sched/mm.h:321
[  247.063979][ T9383] in_atomic(): 0, irqs_disabled(): 0, non_block: 0, pid: 9383, name: syz.7.582
[  247.075306][ T9383] preempt_count: 0, expected: 0
[  247.080191][ T9383] RCU nest depth: 1, expected: 0
[  247.093406][ T9383] INFO: lockdep is turned off.
[  247.099322][ T9383] CPU: 1 UID: 0 PID: 9383 Comm: syz.7.582 Tainted: G        W           6.16.0-rc4-next-20250704-syzkaller #0 PREEMPT(full) 
[  247.099348][ T9383] Tainted: [W]=WARN
[  247.099353][ T9383] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  247.099363][ T9383] Call Trace:
[  247.099369][ T9383]  <TASK>
[  247.099375][ T9383]  dump_stack_lvl+0x189/0x250
[  247.099399][ T9383]  ? __pfx_dump_stack_lvl+0x10/0x10
[  247.099418][ T9383]  ? __pfx__printk+0x10/0x10
[  247.099438][ T9383]  ? rcu_is_watching+0x15/0xb0
[  247.099456][ T9383]  ? rcu_is_watching+0x15/0xb0
[  247.099473][ T9383]  __might_resched+0x495/0x610
[  247.099490][ T9383]  ? down_read+0x54/0x2e0
[  247.099513][ T9383]  ? __pfx___might_resched+0x10/0x10
[  247.099529][ T9383]  ? lock_acquire+0x5f/0x360
[  247.099553][ T9383]  ? rcu_is_watching+0x15/0xb0
[  247.099569][ T9383]  ? fs_reclaim_acquire+0x7d/0x100
[  247.099593][ T9383]  prepare_alloc_pages+0x1d9/0x610
[  247.099619][ T9383]  __alloc_frozen_pages_noprof+0x123/0x370
[  247.099645][ T9383]  ? __pfx___alloc_frozen_pages_noprof+0x10/0x10
[  247.099673][ T9383]  ? filemap_get_entry+0xad/0x2f0
[  247.099697][ T9383]  alloc_pages_mpol+0x232/0x4a0
[  247.099720][ T9383]  alloc_pages_noprof+0xa9/0x190
[  247.099741][ T9383]  folio_alloc_noprof+0x1e/0x30
[  247.099761][ T9383]  filemap_alloc_folio_noprof+0xdf/0x470
[  247.099784][ T9383]  ? __pfx_filemap_alloc_folio_noprof+0x10/0x10
[  247.099807][ T9383]  ? __filemap_get_folio+0x9a6/0xaf0
[  247.099830][ T9383]  ? vma_start_read+0x218/0x3b0
[  247.099852][ T9383]  do_read_cache_folio+0x2da/0x590
[  247.099867][ T9383]  ? __pfx_blkdev_read_folio+0x10/0x10
[  247.099884][ T9383]  freader_get_folio+0x3c4/0x830
[  247.099906][ T9383]  freader_fetch+0xa3/0x5d0
[  247.099929][ T9383]  __build_id_parse+0x133/0x7d0
[  247.099950][ T9383]  ? __pfx___build_id_parse+0x10/0x10
[  247.099978][ T9383]  ? query_matching_vma+0x494/0x4b0
[  247.100007][ T9383]  procfs_procmap_ioctl+0x7dd/0xce0
[  247.100031][ T9383]  ? __pfx_procfs_procmap_ioctl+0x10/0x10
[  247.100056][ T9383]  ? __fget_files+0x2a/0x420
[  247.100079][ T9383]  ? __fget_files+0x2a/0x420
[  247.100099][ T9383]  ? __fget_files+0x3a0/0x420
[  247.100119][ T9383]  ? __fget_files+0x2a/0x420
[  247.100140][ T9383]  ? bpf_lsm_file_ioctl+0x9/0x20
[  247.100157][ T9383]  ? __pfx_procfs_procmap_ioctl+0x10/0x10
[  247.100179][ T9383]  __se_sys_ioctl+0xf9/0x170
[  247.100195][ T9383]  do_syscall_64+0xfa/0x3b0
[  247.100217][ T9383]  ? lockdep_hardirqs_on+0x9c/0x150
[  247.100248][ T9383]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  247.100263][ T9383]  ? clear_bhb_loop+0x60/0xb0
[  247.100280][ T9383]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  247.100294][ T9383] RIP: 0033:0x7f9c85d8e929
[  247.100307][ T9383] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  247.100321][ T9383] RSP: 002b:00007f9c86bc0038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  247.100337][ T9383] RAX: ffffffffffffffda RBX: 00007f9c85fb5fa0 RCX: 00007f9c85d8e929
[  247.100349][ T9383] RDX: 0000200000000180 RSI: 00000000c0686611 RDI: 0000000000000008
[  247.100359][ T9383] RBP: 00007f9c85e10b39 R08: 0000000000000000 R09: 0000000000000000
[  247.100368][ T9383] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  247.100377][ T9383] R13: 0000000000000000 R14: 00007f9c85fb5fa0 R15: 00007ffdcfa8c718
[  247.100393][ T9383]  </TASK>
[  248.427835][ T3571] bridge_slave_1: left allmulticast mode
[  248.433528][ T3571] bridge_slave_1: left promiscuous mode
[  248.439819][ T3571] bridge0: port 2(bridge_slave_1) entered disabled state
[  248.449660][ T3571] bridge_slave_0: left allmulticast mode
[  248.458222][ T3571] bridge_slave_0: left promiscuous mode
[  248.463978][ T3571] bridge0: port 1(bridge_slave_0) entered disabled state
[  248.550394][ T3571] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  248.562174][ T3571] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  248.573674][ T3571] bond0 (unregistering): Released all slaves
[  248.660982][ T3571] hsr_slave_0: left promiscuous mode
[  248.668024][ T3571] hsr_slave_1: left promiscuous mode
[  248.673893][ T3571] batman_adv: batadv0: Removing interface: batadv_slave_0
[  248.688053][ T3571] batman_adv: batadv0: Removing interface: batadv_slave_1
[  248.807185][ T3571] team0 (unregistering): Port device team_slave_1 removed
[  248.830791][ T3571] team0 (unregistering): Port device team_slave_0 removed
[  249.130025][ T3571] netdevsim netdevsim8 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  249.183175][ T3571] netdevsim netdevsim8 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  249.256379][ T3571] netdevsim netdevsim8 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  249.321999][ T3571] netdevsim netdevsim8 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  249.410278][ T3571] netdevsim netdevsim7 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  249.484881][ T3571] netdevsim netdevsim7 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  249.556311][ T3571] netdevsim netdevsim7 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  249.613061][ T3571] netdevsim netdevsim7 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  249.718924][ T3571] bridge_slave_1: left allmulticast mode
[  249.724739][ T3571] bridge_slave_1: left promiscuous mode
[  249.730513][ T3571] bridge0: port 2(bridge_slave_1) entered disabled state
[  249.740066][ T3571] bridge_slave_0: left allmulticast mode
[  249.745975][ T3571] bridge_slave_0: left promiscuous mode
[  249.751707][ T3571] bridge0: port 1(bridge_slave_0) entered disabled state
[  249.762137][ T3571] bridge_slave_1: left allmulticast mode
[  249.768373][ T3571] bridge_slave_1: left promiscuous mode
[  249.774129][ T3571] bridge0: port 2(bridge_slave_1) entered disabled state
[  249.784026][ T3571] bridge_slave_0: left allmulticast mode
[  249.789925][ T3571] bridge_slave_0: left promiscuous mode
[  249.796099][ T3571] bridge0: port 1(bridge_slave_0) entered disabled state
[  249.806634][ T3571] tipc: Resetting bearer <ib:gre0>
[  249.965280][ T3571] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  249.981362][ T3571] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  249.991503][ T3571] bond0 (unregistering): Released all slaves
[  250.039602][ T3571] tipc: Disabling bearer <ib:gre0>
[  250.143738][ T3571] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  250.153721][ T3571] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  250.163760][ T3571] bond0 (unregistering): Released all slaves
[  250.221451][ T3571] tipc: Left network mode
[  250.227575][ T3571] tipc: Left network mode
[  250.512573][ T3571] hsr_slave_0: left promiscuous mode
[  250.521114][ T3571] hsr_slave_1: left promiscuous mode
[  250.527199][ T3571] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  250.536046][ T3571] batman_adv: batadv0: Removing interface: batadv_slave_0
[  250.543748][ T3571] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  250.552048][ T3571] batman_adv: batadv0: Removing interface: batadv_slave_1
[  250.562184][ T3571] hsr_slave_0: left promiscuous mode
[  250.568682][ T3571] hsr_slave_1: left promiscuous mode
[  250.574426][ T3571] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  250.581953][ T3571] batman_adv: batadv0: Removing interface: batadv_slave_0
[  250.591047][ T3571] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  250.598785][ T3571] batman_adv: batadv0: Removing interface: batadv_slave_1
[  250.613216][ T3571] veth1_macvtap: left promiscuous mode
[  250.618918][ T3571] veth0_macvtap: left promiscuous mode
[  250.624481][ T3571] veth1_vlan: left promiscuous mode
[  250.629972][ T3571] veth0_vlan: left promiscuous mode
[  250.636306][ T3571] veth1_macvtap: left promiscuous mode
[  250.641801][ T3571] veth0_macvtap: left promiscuous mode
[  250.647934][ T3571] veth1_vlan: left promiscuous mode
[  250.653236][ T3571] veth0_vlan: left promiscuous mode
[  250.860953][ T3571] team0 (unregistering): Port device team_slave_1 removed
[  250.883820][ T3571] team0 (unregistering): Port device team_slave_0 removed
[  251.062111][ T3571] team0 (unregistering): Port device team_slave_1 removed
[  251.080907][ T3571] team0 (unregistering): Port device team_slave_0 removed