last executing test programs:

13m56.143751792s ago: executing program 4 (id=97):
r0 = socket(0x28, 0x5, 0x0)
bind$vsock_stream(r0, &(0x7f0000000040), 0x10)
listen(r0, 0x0)
r1 = socket(0x28, 0x5, 0x0)
connect$vsock_stream(r1, &(0x7f0000000080), 0x10)
setsockopt$sock_linger(r1, 0x1, 0x3c, &(0x7f0000000180)={0x1, 0x5}, 0x8)
sendmmsg(r1, &(0x7f0000000100)=[{{0x0, 0x0, &(0x7f0000000200)=[{&(0x7f0000000000)="1b", 0x40000}], 0x1}}], 0x1, 0x24008094)
socket$netlink(0x10, 0x3, 0x400000000000004)
r2 = accept4$unix(r0, 0x0, 0x0, 0x0)
recvfrom$unix(r2, &(0x7f0000000140)=""/263, 0x107, 0x0, 0x0, 0x0)
close(0x4)

13m55.834014808s ago: executing program 4 (id=100):
prlimit64(0x0, 0xe, 0x0, 0x0)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0)
r0 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r0, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
r1 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{0x6, 0x0, 0x0, 0x7fff7ffc}]})
close_range(r1, 0xffffffffffffffff, 0x0)
setsockopt$SO_ATTACH_FILTER(0xffffffffffffffff, 0x1, 0x1a, &(0x7f0000000240)={0x1, &(0x7f0000000400)=[{0x6, 0x0, 0x1d}]}, 0x10)
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, 0x0)
r2 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f0000000480)=ANY=[@ANYBLOB="1801000021000000000000003b810000850000006d000000850000005000000095"], &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x3, '\x00', 0x0, 0x2}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000340)={&(0x7f00000002c0)='mmap_lock_acquire_returned\x00', r2}, 0x10)
sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x8840)

13m55.036069965s ago: executing program 4 (id=103):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0xa, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f0000000180)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x66)

13m53.986681921s ago: executing program 4 (id=106):
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = userfaultfd(0x80001)
ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f00000000c0)={0xaa, 0xcd})
mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x3000006, 0x31, 0xffffffffffffffff, 0x0)
r2 = userfaultfd(0x1)
ioctl$UFFDIO_API(r2, 0xc018aa3f, &(0x7f0000000000)={0xaa, 0x3e4})
mmap(&(0x7f00009fd000/0x600000)=nil, 0x600000, 0x0, 0x6031, 0xffffffffffffffff, 0x0)
ioctl$UFFDIO_REGISTER(r2, 0xc020aa00, &(0x7f0000000280)={{&(0x7f0000000000/0x3000)=nil, 0x3000}, 0x4})
ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000000100)={{&(0x7f00000e2000/0xc00000)=nil, 0xc00000}, 0x1})
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x0, 0x8031, 0xffffffffffffffff, 0x0)
close_range(r0, 0xffffffffffffffff, 0x0)

13m53.535875287s ago: executing program 4 (id=107):
mkdir(&(0x7f0000000200)='./file1\x00', 0x0)
mount$fuse(0x0, 0x0, 0x0, 0x0, &(0x7f0000000400)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=0x0])
mount(0x0, &(0x7f0000000140)='./file1\x00', &(0x7f0000000040)='autofs\x00', 0x0, &(0x7f0000000400))
chdir(&(0x7f0000000080)='./file1\x00')
r0 = open(&(0x7f0000000000)='.\x00', 0x0, 0x0)
munmap(&(0x7f0000001000/0x4000)=nil, 0x4000)
syz_mount_image$ext4(&(0x7f0000000140)='ext4\x00', &(0x7f0000000040)='./file0\x00', 0x1018e58, &(0x7f0000000080)={[{@usrquota}, {@noblock_validity}, {@bh}, {@max_batch_time={'max_batch_time', 0x3d, 0x8c9}}, {@debug}, {@inlinecrypt}]}, 0x6, 0x5fd, &(0x7f0000000600)="$eJzs3c9rHGUfAPDvzCZ5kzavaUXEFsWAhxakaVKLVS+29WAPBQv2IOKhoUlq6PYHTQq2FkzBg4KCiFeRXvwHvEvv3kRQb56FKlJRUOnK7M62m2Q3XdPsTpr5fGCzz/PM7D7PdydP5pmZPDsBlNZ49iON2BVx51QSMdaybDQaC8fz9W7/du109kiiVnv91ySSvKy5fpI/b88zwxHx7dGIRyur6124cvXsdLXW8F7E/sVzF/cvXLm6b/7c9JnZM7Pnpw68cPDQ5ItTB6c2JM7t+fOx4689+fH7bz8/9111XxKH4+TguzOxIo6NMh7jcScPsbV8ICIOZYk2n8vDZguEUGqV/PdxMCIej7Go1HMNYzH/UaGNA3qqVomoASWV6P9QUs1xQPPYvrvj4JM9HpX0z60jjQOg1fEPNM6NxHD92Gjb7aTlyKhxbmPHBtSf1fHPtd2fZ49Ydh7iz7tbZ2AD6ulk6XpEPNEu/qTeth31SLP402XtSCJiMiKG8va98gBtSFrSvTgPs5b1xp9GxOH8OSs/us76x1fk+x0/AOV080i+I1/Kcvf2f9nYozn+iTbjn9E2+671KHr/13n819zfD9fPkacrxmHZmOVE+7ccXFnw04fHPu1Uf+v4L3tk9TfHgv1w63rE7hXxf5AFm49/sviTNts/W+XU4e7qePX7X451WlZ0/LUbEXvaHv/cG5VmqTWuT+6fm6/OTjZ+tq3j62/e+rJT/UXHn23/bR3ib9n+6crXZZ/JxS7r+OrEjXOdlo3eN/7056Gkcbw5lJe8M724eGkqYig5nq/SUn5g7bY012m+Rxb/3mfa9/9lv//Xl7/PSPNPZhcuvnH2dqdl69n+LReT79S6bEMnWfwz99/+q/p/VvZJl3X88eblpzotWyv+kQcJDAAAAAAAAEoorV+DTdKJu+k0nZhozJd9LLal1QsLi8/OXbh8fiZib/3/IQfT5pXusUY+yfJT+f/DNvMHVuSfi4idEfFZZaSenzh9oTpTdPAAAAAAAAAAAAAAAAAAAACwSWzP5/8371P9e6Ux/x8oiV7eYA7Y3PR/KK96/191iyegDOz/obz0fygv/R/KS/+H8tL/obz0fygv/R/KS/8HAAAAgC1p59M3f0wiYumlkfojM5QvMyMItrbBohsAFKZSdAOAwty99G+wD6XT1fj/r/zLAXvfHKAASbvC+uCgtnbnv9n2lQAAAAAAAAAAAABAD+zZ1Xn+v7nBsLWZ9gfl9QDz/311ADzkfPU/lJdjfOB+s/iHOy0w/x8AAAAAAAAAAAAA+ma0/kjSiXwu8Gik6cRExP8jYkcMJnPz1dnJiHgkIn6oDP4vy08V3WgAAAAAAAAAAAAAAAAAAADYYhauXD07Xa3OXmpN/L2qZGsnmndB7UNdL8d/fFUk/f9YRiKi8I3Ss8RAS0kSsZRt+U3RsEsLsTmaUU8U/IcJAAAAAAAAAAAAAAAAAABKqGXucXu7v+hziwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACg/+7d/793iaJjBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAeTv8GAAD//7V5QCw=")
madvise(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x8)
bpf$ENABLE_STATS(0x20, 0x0, 0x0)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000180)={0xffffffffffffffff, 0x2000000, 0x0, 0x0, 0x0, 0x0, 0x3800, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50)
ioctl$AUTOFS_IOC_PROTOSUBVER(r0, 0x40049366, &(0x7f0000000180))

13m51.488035862s ago: executing program 4 (id=116):
r0 = socket$unix(0x1, 0x1, 0x0)
r1 = socket$unix(0x1, 0x1, 0x0)
r2 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="06000000040000000800000008"], 0x48)
r3 = bpf$PROG_LOAD(0x5, &(0x7f00000002c0)={0x18, 0xd, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000850000005000000018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000300000095"], &(0x7f0000001b80)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000bc0)={&(0x7f0000000040)='kmem_cache_free\x00', r3}, 0x10)
bind$unix(r1, &(0x7f00000000c0)=@file={0x1, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0x6e)
listen(r1, 0x0)
shutdown(r0, 0x0)
connect$unix(r0, &(0x7f0000fce000)=@file={0x1, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0xc)
r4 = accept(r1, 0x0, 0x0)
sendto$inet6(r4, &(0x7f0000000000)='\x00', 0x1, 0x0, 0x0, 0x0)

13m36.444331818s ago: executing program 32 (id=116):
r0 = socket$unix(0x1, 0x1, 0x0)
r1 = socket$unix(0x1, 0x1, 0x0)
r2 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="06000000040000000800000008"], 0x48)
r3 = bpf$PROG_LOAD(0x5, &(0x7f00000002c0)={0x18, 0xd, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000850000005000000018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000300000095"], &(0x7f0000001b80)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000bc0)={&(0x7f0000000040)='kmem_cache_free\x00', r3}, 0x10)
bind$unix(r1, &(0x7f00000000c0)=@file={0x1, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0x6e)
listen(r1, 0x0)
shutdown(r0, 0x0)
connect$unix(r0, &(0x7f0000fce000)=@file={0x1, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0xc)
r4 = accept(r1, 0x0, 0x0)
sendto$inet6(r4, &(0x7f0000000000)='\x00', 0x1, 0x0, 0x0, 0x0)

20.050426372s ago: executing program 2 (id=1919):
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000080)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000000)={'lo\x00', <r1=>0x0})
prlimit64(0x0, 0xe, &(0x7f0000000340)={0xd, 0x200200090}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r2 = getpid()
sched_setscheduler(r2, 0x1, &(0x7f0000000040)=0x7)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f0000000180)=@abs, 0x6e)
sendmmsg$unix(r4, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4)
r5 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0xb, &(0x7f0000000380)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020000000000000000000007b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000300)='rcu_utilization\x00', r5, 0x0, 0x8}, 0x18)
r6 = openat$audio(0xffffffffffffff9c, &(0x7f00000000c0), 0x82, 0x0)
ioctl$SNDCTL_DSP_SETFMT(r6, 0xc0045005, &(0x7f0000000080)=0x3)
r7 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r7, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000000100)=@newqdisc={0x368, 0x24, 0xd0f, 0x0, 0x25dfdbfb, {0x60, 0x0, 0x0, r1, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_red={{0x8}, {0x33c, 0x2, [@TCA_RED_STAB={0x104, 0x2, "a08741d53c17fe788c52901a81d1b55cac4134f7a04b4912d6d32223ec53f0f61efb5e06a113b739419f64fb10e47d9a31b8e43cb652fe7c40ef95996b3f9594a9ac4287bd548b76af89a5f0eceb4373fefeba1adb94a86f2892f1654f6f6c47b0b4c6fc930a7a001394c1e1c7e45b3842f682f0e473b8d58e70b3e2017457a33a1a2f62915604ba172eb0e09f3d2249561e2faa3b6bd250eac2a9eafc22b0fd4d008fabbab0fe519afde99b517780d70c1c116a7f677f62aeb04b69b5b41e5323a3632b933e874af700b3b6b632f9c2f86f238d1f0404e8a273cb44f40ae977ae1220bd65705cd5a849c8df8464c6b7596b3b3c38545eeb7afc96f607f7b77d"}, @TCA_RED_MARK_BLOCK={0x8}, @TCA_RED_FLAGS={0xc, 0x4, {0x8, 0x8}}, @TCA_RED_EARLY_DROP_BLOCK={0x4b, 0x5, 0x2}, @TCA_RED_STAB={0x104, 0x2, "4de23153c68f053466cb6ac48362e2ad4cbd487dcf7527be298f7596b3d4bd8923602ddf6bb55037729d80ec49aeff73aecd417c86b27d290f01fa1c0217eb1c8a0222e2f3da011886baa923327774b6f419e33fb5ee728d7eaa256dff89729b3c022e8512e27379e5f15b223a1d74aafcf586bfec1e1166b705d4f883b4f30d44661570dfc9c0facc6026f8d48d01c321728ee3e5d95ca37817536ef83b691ff82ed46c9740a8f31e21fe1cf67abf25f0bcdbfa3147890c680d2a374b5224b2fc5c47595c7ad8fa49a995abbedb562653b450fa7d09464c4d933088e3bedf218ac9ced8f60dfda347cd3933adcae458f82dbb00bdb5081d9381b2ca5913cb6b"}, @TCA_RED_STAB={0x104, 0x2, "f4534ae7bd4eea390f4194942f4148904fea37b71f8f07f3c6a74df8228d7b9b645fb0d04bd3cad3351675f048613c6bade4b3d1788d94f8124a81ef6569d9a374480a6001be15ce245e2a671df3d8579c493e9fe6da8576f0f7e4ae7dabf48307362bedad2b5314e84bc6a81f72fd25e678e4ab76fdcec5e4d28ee7ec0e5c8a59166bccd18c8e2ff321d927f737c425f93dc2e316dd4846d652912570e55a3100de9346b6ff4f40243627dfb40bd562f1493c50a857614d0f0fb365c6f754f8875a699cd5f2fb50754dfa45e3aad4fbaf0765bbff2b255ab9d50300b9b031279970f1f75c1c22452a198b7d858f2906bf9bb6f1c752b2ceccfa6cf900f4c79f"}, @TCA_RED_MAX_P={0x8, 0x3, 0x8}, @TCA_RED_EARLY_DROP_BLOCK={0x8, 0x5, 0x8}]}}]}, 0x368}, 0x1, 0x0, 0x0, 0x801}, 0x0)

20.040017736s ago: executing program 5 (id=1920):
sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0)
r0 = socket$nl_rdma(0x10, 0x3, 0x14)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000040)={0x4, 0x1000085}, 0x0)
r1 = socket$packet(0x11, 0x3, 0x300)
setsockopt$SO_ATTACH_FILTER(r1, 0x1, 0x1a, 0x0, 0x0)
r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000180)=0x2)
sched_setaffinity(0x0, 0x8, &(0x7f0000000340)=0x2)
read$msr(r2, &(0x7f0000019680)=""/102384, 0x18ff0)
openat(0xffffffffffffff9c, 0x0, 0x2040, 0x0)
listxattr(0x0, 0x0, 0xfffffef5)
dup(0xffffffffffffffff)
r3 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r3, 0x0, 0x0)
prctl$PR_SET_IO_FLUSHER(0x39, 0x1)
bpf$MAP_CREATE(0x0, 0x0, 0x0)
sendmsg$RDMA_NLDEV_CMD_SET(r0, &(0x7f0000000140)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x4000801}, 0x0)

16.864799537s ago: executing program 3 (id=1923):
syz_open_procfs(0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x20000008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x1, &(0x7f0000000400)=0x7)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f0000000180)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={0x0}, 0x18)
syz_io_uring_setup(0x0, 0x0, 0x0, 0x0)
mmap$xdp(&(0x7f0000800000/0x800000)=nil, 0x800000, 0x2, 0x42031, 0xffffffffffffffff, 0x0)
close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2)
r3 = mq_open(&(0x7f0000000680)='\r\x00elinu\xef\xe3elinux\x00\x96\xf6\x92\n#*\xac\x05|\xf8D\\\x9a\xe6[]L+\xf6\v\xe8\xf2\xd3\b\x15\n\xb8F!Q9o\x1f#\xbdt\r\xfb\"\x18%\xfdM\xaf_t\xd2\xdcJ\x10\a\xbab\x1a\xdf\xb1\xbdU\xd7jo\xe7\xac\x81\x10k\xce-\xf5@\xbb\x9d;\xe8\xf6\xffQ\x04\xaai\x92k\x1b;\xddM\xa2\xe1-\x0e\xd8\xde\x00\xff\x18\xdd\bL\xfb\xa2\x1e\xd8\xdfJ\xcc\xd7\x9b\xfa\xf0\x0f\x05\xf1\xc4 \xde@\x80q\xf7\x04\xf5\x85T\x1f\xc2S]*\xc9lw\xd3J\xc5\xe8\x02\xcb\xbbAHxr\xac\xb77F\xdf\x1c\xcb\xd4\xce\x88L\xf1\xf9[\x98\xd4+pTx\x95\xb5\x1b]x\x1a\x95\xe1c6\xe7`83\xb7n#\xe0\xc1_\xec\xba\xec\x87\x1b\xde\a\x8b\xc5\x86woo\xbc\x1c\xa3r\x82\xf3enq-\x90/\xed\xff\xad+\x03\x10\t\xda\xfd\xa2\xd0\xef4\n%\xf1\xd8\x99$\xfb(\x9b5\xcbF4?O\x1d\xd7\x01*\xc9\xd6L\x86 \x1b\xab9\x1b\x12k\xf9\xec\xd8\x16E\x11-\xfd\x10\x89\x8d\xccbP\x14\x89w\xef\x90\x1d\xc9\x02\xeb\x01V\xfbm\x86\x8a\xc1.m\xd0\xa2\xa4\xc9\a;(\n\xc0\"\x1f\xe4\x1d\x85\xb3\x95\xec\xbb\x9b\x01\x85\xffx\xf2\a\f=\xd1\xcf\xec\xb8!\v\x958\xbf\x15b-\x92\xd6\xb5\xbf\xe2\x92\xc2\xa3}\xd0;\xd1\x96\x86\x8a\x1b\xe1w\xf9\xb0\xd2\xab\xc9\x8a\x19\n\xc5o\x1e\x13/\xe4\x91\x7f\xa5\xf1\xddW\xdb\x98\xcd\x94\xfc\x90\xa0\x05*', 0x6e93ebbbcc0884f2, 0x15b, 0x0)
mq_getsetattr(r3, 0x0, 0x0)
mq_timedreceive(r3, 0x0, 0x0, 0xfffffffffffffffc, 0x0)
socket$nl_netfilter(0x10, 0x3, 0xc)

16.624992412s ago: executing program 2 (id=1924):
syz_open_dev$vim2m(&(0x7f0000000080), 0x7, 0x2)
prlimit64(0x0, 0xe, &(0x7f00000007c0)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0)
r0 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r0, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
r1 = syz_io_uring_setup(0x5c2, &(0x7f0000000380)={0x0, 0x0, 0x0, 0x3, 0x348}, &(0x7f00000001c0)=<r2=>0x0, &(0x7f0000000200)=<r3=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x4, &(0x7f0000000080)=0xfffffff8, 0x0, 0x4)
syz_io_uring_submit(r2, r3, &(0x7f00000004c0)=@IORING_OP_TIMEOUT={0xb, 0x18, 0x0, 0x0, 0x4, &(0x7f0000000280)={0x0, 0x989680}, 0x1, 0x40, 0x1})
io_uring_enter(r1, 0x6e2, 0x3900, 0x1, 0x0, 0xe00)
rt_sigsuspend(&(0x7f00000002c0), 0x8)
syz_io_uring_complete(r2)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000140), 0x4803, 0x0)
openat$vhost_vsock(0xffffffffffffff9c, 0x0, 0x2, 0x0)
syz_open_dev$swradio(0x0, 0x1, 0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
userfaultfd(0x801)

16.500780382s ago: executing program 5 (id=1925):
prlimit64(0x0, 0xe, &(0x7f00000007c0)={0x8, 0x89}, 0x0)
sched_setscheduler(0x0, 0x2, 0x0)
syz_open_dev$sndmidi(0x0, 0x2, 0x141102)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, 0x0}, 0x0)
syz_emit_ethernet(0x0, 0x0, 0x0)
mmap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x200000f, 0x4002012, 0xffffffffffffffff, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000100)=0x2)
sched_setaffinity(0x0, 0x8, &(0x7f0000000200)=0x400000bce)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r0, &(0x7f0000002000)=""/102400, 0x19000)
ioctl$TCSETS(0xffffffffffffffff, 0x40045431, 0x0)
syz_open_pts(0xffffffffffffffff, 0x191200)
r1 = socket$nl_route(0x10, 0x3, 0x0)
r2 = socket$can_raw(0x1d, 0x3, 0x1)
setsockopt$CAN_RAW_FILTER(r2, 0x65, 0x1, 0x0, 0x0)
ioctl$ifreq_SIOCGIFINDEX_vcan(r2, 0x8933, &(0x7f0000000180)={'vxcan1\x00', <r3=>0x0})
sendmsg$nl_route_sched(r1, &(0x7f00000003c0)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f00000000c0)=@getchain={0x24, 0x11, 0x839, 0x70bd25, 0x0, {0x0, 0x0, 0x0, r3, {0x1, 0x6}, {0xffff}, {0x1}}}, 0x24}}, 0x0)

15.673156689s ago: executing program 0 (id=1927):
bind$inet(0xffffffffffffffff, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x8)
r0 = getpid()
bpf$PROG_LOAD_XDP(0x5, 0x0, 0x0)
openat(0xffffffffffffff9c, &(0x7f00000001c0)='./file2\x00', 0x84a42, 0x99)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
syz_clone(0x8000, 0x0, 0x0, 0x0, 0x0, 0x0)
ioctl$SNDRV_CTL_IOCTL_ELEM_ADD(0xffffffffffffffff, 0xc1105517, 0x0)
r3 = syz_open_dev$sndpcmc(&(0x7f0000000000), 0x0, 0x0)
mount$9p_fd(0x0, &(0x7f0000000180)='./file0\x00', &(0x7f0000004380), 0x0, 0x0)
ioctl$SNDRV_PCM_IOCTL_HW_REFINE_OLD(r3, 0xc1004110, &(0x7f0000000040)={0x0, [0x2, 0x8, 0x5], [{0x0, 0x0, 0x0, 0x0, 0x1}, {0x9, 0x0, 0x0, 0x1}, {0x0, 0x3fffffe}, {0x7}, {}, {0x0, 0x9}, {0x0, 0x1}, {}, {0x0, 0x7}], 0x20})

14.015641121s ago: executing program 2 (id=1928):
openat$sysfs(0xffffffffffffff9c, 0x0, 0x242, 0x0)
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r0}, 0x10)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x102}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs={0x0, 0x0, 0xfffffffe}, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
r4 = socket$can_bcm(0x1d, 0x2, 0x2)
connect$can_bcm(r4, &(0x7f0000000080), 0x10)
ioctl$ifreq_SIOCGIFINDEX_vcan(r4, 0x8933, &(0x7f00000000c0)={'vcan0\x00', <r5=>0x0})
sendmsg$can_bcm(r4, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000380)={&(0x7f0000000400)=ANY=[], 0x48}}, 0x0)
sendmsg$can_bcm(r4, &(0x7f00000002c0)={&(0x7f0000000000)={0x1d, r5}, 0x10, &(0x7f0000000280)={&(0x7f00000004c0)={0x6, 0x0, 0x0, {0x0, 0xea60}, {0x77359400}, {}, 0x1, @can={{}, 0x0, 0x0, 0x0, 0x0, "1d0b6382972f4b8f"}}, 0x48}}, 0x0)

14.015015376s ago: executing program 3 (id=1929):
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
listen(r0, 0x220c)
r1 = socket$inet6_tcp(0xa, 0x1, 0x0)
listen(r1, 0x3)
r2 = socket$inet6_tcp(0xa, 0x1, 0x0)
listen(r2, 0x0)
r3 = socket$inet6_tcp(0xa, 0x1, 0x0)
listen(r3, 0x0)
r4 = socket$inet6_tcp(0xa, 0x1, 0x0)
bind$inet6(r4, &(0x7f0000000040)={0xa, 0x4e22, 0x0, @empty}, 0x1c)
r5 = socket$inet6_tcp(0xa, 0x1, 0x0)
listen(r5, 0x0)
r6 = socket$inet6_tcp(0xa, 0x1, 0x0)
listen(r6, 0x0)
r7 = socket$inet6_tcp(0xa, 0x1, 0x0)
listen(r7, 0x0)
r8 = socket$netlink(0x10, 0x3, 0x8000000004)
writev(r8, &(0x7f0000000040)=[{&(0x7f0000000200)="580000001400192340834b80040d8c560a0677bc45ff810500000000000058000b480400945f64009400050028925a01000000000000008000f0fffeffe809000000fff5dd0000001000010002081000418e00000004fcff", 0x7d}], 0x1)

13.996619966s ago: executing program 1 (id=1930):
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000440)={0x18, 0x4, &(0x7f00000000c0)=ANY=[@ANYRES64], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x100}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
epoll_create1(0x0)
r3 = openat$dsp(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0)
ioctl$SNDCTL_DSP_SETTRIGGER(r3, 0x40045010, &(0x7f0000000000))
mmap$dsp(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x9, 0x11, r3, 0x0)
ioctl$SNDCTL_DSP_SETFRAGMENT(r3, 0xc004500a, 0x0)
ioctl$SNDCTL_DSP_GETIPTR(r3, 0x800c5011, &(0x7f0000000040))
mlock2(&(0x7f0000fff000/0x1000)=nil, 0x1000, 0x0)

12.381734699s ago: executing program 3 (id=1931):
socket$inet6_sctp(0xa, 0x1, 0x84)
setxattr$security_ima(0x0, 0x0, 0x0, 0x0, 0x0)
socket$nl_xfrm(0x10, 0x3, 0x6)
prlimit64(0x0, 0xe, &(0x7f00000007c0)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0)
r0 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141142)
writev(r0, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
fcntl$setpipe(0xffffffffffffffff, 0x407, 0x9)
unshare(0x20000400)
r1 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0)
r2 = openat$sw_sync_info(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0)
write$RDMA_USER_CM_CMD_MIGRATE_ID(r1, &(0x7f0000000340)={0x12, 0x10, 0xfa00, {0x0, 0xffffffffffffffff, r2}}, 0x18)
sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0)
r3 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmmsg(0xffffffffffffffff, 0x0, 0x8c, 0x40840)
sendmsg$IPSET_CMD_CREATE(r3, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000001c0)=ANY=[@ANYBLOB="640000000206050000000000000000000000000015000300686173683a69702c706f72742c6e6574000000000900020073797a300000000005000400004000000500050002000000050001000600000014000780080006400000000008001340"], 0x64}}, 0x0)

11.364621365s ago: executing program 1 (id=1932):
socket$nl_netfilter(0x10, 0x3, 0xc)
pipe(0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
syz_io_uring_setup(0xbdc, &(0x7f0000000640)={0x0, 0xec25, 0x0, 0x1, 0x40000333}, 0x0, 0x0)
symlink(&(0x7f0000001780)='./file0/../file0\x00', &(0x7f00000017c0)='./file0\x00')
r2 = syz_io_uring_setup(0x109, &(0x7f0000000140)={0x0, 0x114df, 0x0, 0x1, 0x89}, &(0x7f00000003c0)=<r3=>0x0, &(0x7f0000000200)=<r4=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r3, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4)
syz_io_uring_submit(r3, r4, &(0x7f00000002c0)=@IORING_OP_OPENAT={0x12, 0x0, 0x0, 0xffffffffffffff9c, 0x0, &(0x7f0000000480)='./file0\x00', 0x0, 0x29c780})
io_uring_enter(r2, 0x3518, 0xaddf, 0x2, 0x0, 0x0)
write$binfmt_misc(0xffffffffffffffff, 0x0, 0x0)
openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0)
socket$inet6(0xa, 0x802, 0x88)

11.191931331s ago: executing program 2 (id=1933):
r0 = socket$inet_udp(0x2, 0x2, 0x0)
bind$inet(r0, &(0x7f0000000280)={0x2, 0x0, @local}, 0x10)
connect$inet(r0, &(0x7f0000000480)={0x2, 0x0, @multicast2}, 0x10)
r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r1}, 0x10)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x7, 0x100}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r2 = getpid()
sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
preadv2(0xffffffffffffffff, &(0x7f0000000080), 0x0, 0x0, 0x0, 0x9)
sendmmsg(r0, &(0x7f0000007fc0), 0x800001d, 0x0)
setsockopt$IP_VS_SO_SET_ADD(r0, 0x0, 0x482, &(0x7f0000000040)={0x100000011, @multicast2, 0x0, 0x0, 'rr\x00', 0x0, 0x80001088, 0x73}, 0x2c)

10.113034296s ago: executing program 0 (id=1934):
syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f0000000140)='./file1\x00', 0x200000, &(0x7f0000000480)={[{@resgid}, {}, {@data_err_ignore}, {@nobarrier}, {@debug_want_extra_isize={'debug_want_extra_isize', 0x3d, 0x80}}, {@orlov}, {@nogrpid}, {@nombcache}, {@stripe={'stripe', 0x3d, 0x2}}]}, 0x3, 0x572, &(0x7f0000000c40)="$eJzs3c9rHFUcAPDvbJL+1qZQinqQQA9WajdN4o8KQutRtFjQe12SaSjZdEt2U5pYaHuwIF6kCCIWxD/Au8fiH6B/RUELRUrQg5fIbGbbbZLNJunWbJ3PB6Z9b2ayb96++b79zs4uG0BhjWT/lCJejoivk4iDbdsGI984srLf0sNrk9mSxPLyJ38mkeTrWvsn+f/788pLEfHLFxHHS2vbrS8szlSq1XQur482Zi+P1hcWT1ycrUyn0+ml8YmJU29NjL/7zts96+vr5/7+7uO7H5z66ujStz/dP3Q7iTNxIN/W3o+ncKO9MhIj+XMyFGdW7TjWg8b6SbLTB8C2DORxPhTZHHAwBvKoB/7/rkfEMlBQifiHgmrlAa1r+x5dBz83Hry/cgG0tv+DK++NxJ7mtdG+peSJK6Psene4B+1nbfz8x53b2RJd3oe43oP2AFpu3IyIk4ODa+e/JJ//tu9k883jja1uo2ivP7CT7mb5zxvr5T+lR/lPrJP/7F8ndreje/yX7vegmY6y/O+9dfPfR1PX8EBee6GZ8w0lFy5W05MR8WJEHIuh3Vl9o/s5p5buLXfa1p7/ZUvWfisXzI/j/uDuJ/9mqtKoPE2f2z24GfHK4/w3iTXz/55mrrt6/LPn41xW+PXLrm0cSe+82mlb9/63630GvPxjxGvrjv/jO1rJxvcnR5vnw2jrrFjrr1tHfuvU/tb633vZ+O/buP/DSfv92vrW2/hhzz9pp23bPf93JZ82y7vydVcrjcbcWMSu5KO168cf/22r3to/6/+xoxvPf+ud/3sj4rNN9v/W4Vsdd+2H8Z/a0vhvvXDvw8+/79T+5sb/zWbpWL5mM/PfZg/waZ47AAAAAAAA6DeliDgQSan8qFwqlcsrn+84HPtK1Vq9cfxCbf7SVDS/KzscQ6XWne6DbZ+HGMs/D9uqj6+qT0TEoYj4ZmBvs16erFWndrrzAAAAAAAAAAAAAAAAAAAA0Cf2d/j+f+b3gZ0+OuCZ85PfUFxd478Xv/QE9CWv/1Bc4h+KS/xDcYl/KC7xD8Ul/qG4xD8Ul/gHAAAAAAAAAAAAAAAAAAAAAAAAAACAnjp39my2LC89vDaZ1aeuLMzP1K6cmErrM+XZ+cnyZG3ucnm6VpuupuXJ2my3x6vWapfHxmP+6mgjrTdG6wuL52dr85ca5y/OVqbT8+nQf9IrAAAAAAAAAAAAAAAAAAAAeL7UFxZnKtVqOqfQsXA6+uIwtl1Iuo3y6fxk2NIjR14Y3PkOKjyDwg5PTAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADQ5t8AAAD//8nLNLM=")
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000240)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
r3 = socket(0x10, 0x3, 0x0)
write(r3, &(0x7f0000000000)="240000001a005f0314f9f407000904000200000001000000000000000800040001000000", 0x24)
socket$inet6(0xa, 0x2, 0x0)
r4 = syz_open_dev$sndctrl(&(0x7f0000000100), 0x0, 0x0)
ioctl$SNDRV_CTL_IOCTL_ELEM_WRITE(r4, 0xc4c85513, &(0x7f0000000540)={{0xb, 0x6, 0x0, 0x2, 'syz0\x00', 0x281d}, 0x0, [0x1, 0x4ea3, 0x9, 0x56cd, 0x5, 0x6, 0x0, 0x80000001, 0x201, 0x1, 0x3fb, 0x1, 0x9, 0x7, 0x4, 0x10000, 0x43, 0x49b5e351, 0xfffffffffffffffc, 0xe8de, 0xfffffffffffffff9, 0x9, 0x1ff, 0x9, 0x1, 0x8, 0x80000000, 0x4, 0x2, 0x8000, 0x8, 0xa36, 0x57bf4b04, 0x4, 0x40000000000001, 0x6, 0x8, 0x100000000, 0x8, 0x7ff, 0x6, 0x401, 0x5, 0x1, 0x1ff, 0x10000, 0x2, 0xb7, 0x0, 0x5, 0xbe5, 0xa0000000000, 0x0, 0x1, 0x8, 0x8000000000000000, 0xd3d, 0xbbeb, 0x1, 0x6, 0x4, 0x6, 0x8001, 0x3, 0x1, 0x8000000000ec7, 0x646, 0xc58e, 0x3, 0x11ad, 0x0, 0x6, 0x8000, 0x100080, 0x7f, 0x9, 0x1, 0x5, 0x8000000000000000, 0x4, 0x7, 0xa5, 0x1b13, 0x4, 0x85, 0x8, 0x4, 0xf75, 0x9, 0xb, 0xffffffffffff66e3, 0xfffffffffffffff9, 0x851a, 0x5e997b8e, 0x0, 0x7, 0xffffffffffffffff, 0x3, 0x800000100, 0x4, 0x3ff, 0x6, 0x0, 0xffffffffffffff95, 0xa, 0x108000001, 0xcc7e, 0x8, 0x0, 0x6, 0x6, 0xfffffffffffffd96, 0x3f3, 0x1, 0x4, 0x0, 0x7, 0x5, 0x6, 0x1, 0xe1, 0xec2, 0x1, 0x5, 0xfff, 0x0, 0x80]})
setxattr$trusted_overlay_upper(&(0x7f0000000380)='./file0/file0\x00', &(0x7f00000001c0), &(0x7f0000001400)=ANY=[], 0x835, 0x0)
truncate(&(0x7f0000000100)='./file0/file0\x00', 0x5)

10.044698327s ago: executing program 5 (id=1935):
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000080)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000000)={'lo\x00', <r1=>0x0})
prlimit64(0x0, 0xe, &(0x7f0000000340)={0xd, 0x200200090}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r2 = getpid()
sched_setscheduler(r2, 0x1, &(0x7f0000000040)=0x7)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f0000000180)=@abs, 0x6e)
sendmmsg$unix(r4, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4)
r5 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0xb, &(0x7f0000000380)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020000000000000000000007b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000300)='rcu_utilization\x00', r5, 0x0, 0x8}, 0x18)
r6 = openat$audio(0xffffffffffffff9c, &(0x7f00000000c0), 0x82, 0x0)
ioctl$SNDCTL_DSP_SETFMT(r6, 0xc0045005, &(0x7f0000000080)=0x3)
r7 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r7, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000000100)=@newqdisc={0x368, 0x24, 0xd0f, 0x0, 0x25dfdbfb, {0x60, 0x0, 0x0, r1, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_red={{0x8}, {0x33c, 0x2, [@TCA_RED_STAB={0x104, 0x2, "a08741d53c17fe788c52901a81d1b55cac4134f7a04b4912d6d32223ec53f0f61efb5e06a113b739419f64fb10e47d9a31b8e43cb652fe7c40ef95996b3f9594a9ac4287bd548b76af89a5f0eceb4373fefeba1adb94a86f2892f1654f6f6c47b0b4c6fc930a7a001394c1e1c7e45b3842f682f0e473b8d58e70b3e2017457a33a1a2f62915604ba172eb0e09f3d2249561e2faa3b6bd250eac2a9eafc22b0fd4d008fabbab0fe519afde99b517780d70c1c116a7f677f62aeb04b69b5b41e5323a3632b933e874af700b3b6b632f9c2f86f238d1f0404e8a273cb44f40ae977ae1220bd65705cd5a849c8df8464c6b7596b3b3c38545eeb7afc96f607f7b77d"}, @TCA_RED_MARK_BLOCK={0x8}, @TCA_RED_FLAGS={0xc, 0x4, {0x8, 0x8}}, @TCA_RED_EARLY_DROP_BLOCK={0x4b, 0x5, 0x2}, @TCA_RED_STAB={0x104, 0x2, "4de23153c68f053466cb6ac48362e2ad4cbd487dcf7527be298f7596b3d4bd8923602ddf6bb55037729d80ec49aeff73aecd417c86b27d290f01fa1c0217eb1c8a0222e2f3da011886baa923327774b6f419e33fb5ee728d7eaa256dff89729b3c022e8512e27379e5f15b223a1d74aafcf586bfec1e1166b705d4f883b4f30d44661570dfc9c0facc6026f8d48d01c321728ee3e5d95ca37817536ef83b691ff82ed46c9740a8f31e21fe1cf67abf25f0bcdbfa3147890c680d2a374b5224b2fc5c47595c7ad8fa49a995abbedb562653b450fa7d09464c4d933088e3bedf218ac9ced8f60dfda347cd3933adcae458f82dbb00bdb5081d9381b2ca5913cb6b"}, @TCA_RED_STAB={0x104, 0x2, "f4534ae7bd4eea390f4194942f4148904fea37b71f8f07f3c6a74df8228d7b9b645fb0d04bd3cad3351675f048613c6bade4b3d1788d94f8124a81ef6569d9a374480a6001be15ce245e2a671df3d8579c493e9fe6da8576f0f7e4ae7dabf48307362bedad2b5314e84bc6a81f72fd25e678e4ab76fdcec5e4d28ee7ec0e5c8a59166bccd18c8e2ff321d927f737c425f93dc2e316dd4846d652912570e55a3100de9346b6ff4f40243627dfb40bd562f1493c50a857614d0f0fb365c6f754f8875a699cd5f2fb50754dfa45e3aad4fbaf0765bbff2b255ab9d50300b9b031279970f1f75c1c22452a198b7d858f2906bf9bb6f1c752b2ceccfa6cf900f4c79f"}, @TCA_RED_MAX_P={0x8, 0x3, 0x8}, @TCA_RED_EARLY_DROP_BLOCK={0x8, 0x5, 0x8}]}}]}, 0x368}, 0x1, 0x0, 0x0, 0x801}, 0x0)

9.261204096s ago: executing program 3 (id=1936):
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e20}, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x218, 0x0)
ioctl$TIOCL_BLANKSCREEN(0xffffffffffffffff, 0x560e, 0x0)
ioctl$TIOCSWINSZ(0xffffffffffffffff, 0x5414, &(0x7f0000000340)={0x4, 0x1, 0x9, 0x3})
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
socket$inet_udp(0x2, 0x2, 0x0)
r2 = openat$qrtrtun(0xffffffffffffff9c, &(0x7f0000000100), 0x8000)
r3 = socket$qrtr(0x2a, 0x2, 0x0)
connect$qrtr(r3, &(0x7f0000000040)={0x2a, 0xffffffffffffffff, 0xfffffffe}, 0xc)
r4 = syz_io_uring_setup(0x497, &(0x7f0000000200)={0x0, 0x4661, 0x400, 0x3, 0x288}, &(0x7f0000000340)=<r5=>0x0, &(0x7f0000000280)=<r6=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r5, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4)
syz_io_uring_submit(r5, r6, &(0x7f00000002c0)=@IORING_OP_WRITEV={0x2, 0x0, 0x0, @fd=r3, 0x0, 0x0})
io_uring_enter(r4, 0x40f9, 0x217, 0xa5, 0x0, 0x0)
close_range(r2, r3, 0x0)
socket$inet6(0xa, 0x3, 0xff)
openat$qrtrtun(0xffffffffffffff9c, &(0x7f0000002740), 0x101002)

9.107141031s ago: executing program 5 (id=1937):
socket$inet6_tcp(0xa, 0x1, 0x0)
timer_create(0x3, &(0x7f0000533fa0)={0x0, 0x21, 0x0, @thr={0x0, 0x0}}, &(0x7f00000001c0)=<r0=>0x0)
signalfd4(0xffffffffffffffff, &(0x7f0000001140)={[0xfffffffffffffff5]}, 0x8, 0x0)
r1 = socket$netlink(0x10, 0x3, 0x8000000004)
r2 = syz_io_uring_setup(0x9e, &(0x7f0000000640)={0x0, 0x936, 0x0, 0x0, 0x40000333}, &(0x7f00000006c0)=<r3=>0x0, &(0x7f00000001c0)=<r4=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r3, 0x4, &(0x7f0000000180)=0xfffffffc, 0x0, 0x4)
syz_io_uring_submit(r3, r4, &(0x7f0000000200)=@IORING_OP_READV=@pass_iovec={0x1, 0x0, 0x0, @fd_index=0x4, 0x0, &(0x7f0000000240)=[{&(0x7f0000001800)=""/216, 0xd8}], 0x1})
timer_settime(r0, 0x0, &(0x7f0000000000)={{}, {0x0, 0x989680}}, 0x0)
io_uring_enter(r2, 0x47ba, 0x0, 0x0, 0x0, 0x0)
writev(r1, &(0x7f0000000140)=[{&(0x7f0000000080)="580000001400192340834b80040d8c560a067f0200ff000000000000000058000b4824ca945f64009400ff0325010ebc000000000000008000f0fffeffe809005300fff5dd00000010000100080c10000000000000000000", 0x58}], 0x1)
r5 = openat$audio(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
ioctl$SNDCTL_DSP_SETFRAGMENT(r5, 0xc004500a, &(0x7f0000000100))
ioctl$SNDCTL_DSP_SETFMT(r5, 0xc0045005, &(0x7f0000000580)=0xe)
ioctl$SNDCTL_DSP_CHANNELS(r5, 0xc0045006, &(0x7f0000000080)=0x7f)
ioctl$SNDCTL_DSP_SPEED(r5, 0xc0045002, &(0x7f00000000c0)=0x6)
read$dsp(r5, &(0x7f00000011c0)=""/4117, 0x200021d5)
syz_genetlink_get_family_id$ethtool(&(0x7f0000000300), 0xffffffffffffffff)
ioctl$KVM_SET_USER_MEMORY_REGION(0xffffffffffffffff, 0xc0686611, &(0x7f0000000000)={0x1fe, 0x0, 0xdddd0000, 0x2000, &(0x7f0000ffd000/0x2000)=nil})

9.098520032s ago: executing program 2 (id=1938):
prlimit64(0x0, 0xe, 0x0, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
syz_open_procfs$namespace(0xffffffffffffffff, &(0x7f00000000c0)='ns/time_for_children\x00')
setsockopt$sock_attach_bpf(0xffffffffffffffff, 0x1, 0x32, &(0x7f0000000000), 0x4)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r0, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
openat$cuse(0xffffffffffffff9c, &(0x7f0000000300), 0x2, 0x0)
r3 = socket$inet_smc(0x2b, 0x1, 0x0)
connect$inet(r3, &(0x7f0000000000)={0x2, 0x4001, @remote}, 0x10)
setsockopt$SO_BINDTODEVICE_wg(r3, 0x1, 0x19, &(0x7f0000000080)='wg1\x00', 0x4)
sendto$inet(r3, &(0x7f0000000040)="e5", 0xffffffe4, 0x1f4, 0x0, 0x0)

8.015437709s ago: executing program 0 (id=1939):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x3)
sched_setaffinity(0x0, 0x8, &(0x7f0000000280)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000500)={0x0}, 0x1, 0x0, 0x0, 0x8000}, 0x4008040)
r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r0, &(0x7f0000001a40)=""/102392, 0x18ff8)
r1 = openat$iommufd(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
ioctl$IOMMU_IOAS_ALLOC(r1, 0x3b81, &(0x7f0000000200)={0xc, 0x0, <r2=>0x0})
ioctl$IOMMU_VFIO_IOAS$SET(r1, 0x3b88, &(0x7f00000002c0)={0xc, r2})
ioctl$IOMMU_IOAS_MAP$PAGES(r1, 0x3b85, &(0x7f0000000340)={0x28, 0x2, r2, 0x0, &(0x7f0000ffb000/0x3000)=nil, 0x3000, 0x10})
ioctl$IOMMU_VFIO_SET_IOMMU(r1, 0x3b66, 0x1)
r3 = socket(0x10, 0x3, 0x0)
write(r3, &(0x7f0000000080)="1400000052004f030e789e7ee2ce2fa4ff612d", 0x13)
sendmsg$nl_xfrm(r3, 0x0, 0x20004885)
ioctl$IOMMU_VFIO_IOMMU_UNMAP_DMA(r1, 0x3b72, &(0x7f0000000440)=ANY=[@ANYBLOB="1800007f00000000002000000000000000010021"])
keyctl$read(0xb, 0x0, 0x0, 0x0)
mkdirat(0xffffffffffffff9c, 0x0, 0x5)

7.049567151s ago: executing program 5 (id=1940):
socket$nl_netfilter(0x10, 0x3, 0xc)
ioctl$ifreq_SIOCGIFINDEX_vcan(0xffffffffffffffff, 0x8933, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000080)={0x80000000005, 0x100000001000087}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4)
sched_setaffinity(0x0, 0x43, &(0x7f0000000040)=0x2)
r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8)
r1 = openat$iommufd(0xffffffffffffff9c, 0x0, 0x0, 0x0)
ioctl$IOMMU_TEST_OP_MOCK_DOMAIN(r1, 0x3ba0, &(0x7f0000000200)={0x48, 0x2, 0x0, 0x0, 0x0, 0x0, <r2=>0x0})
ioctl$IOMMU_HWPT_ALLOC$NONE(r1, 0x3b89, &(0x7f00000001c0)={0x28, 0x0, r2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
ioctl$IOMMU_TEST_OP_CREATE_ACCESS(r1, 0x3ba0, &(0x7f0000000100)={0x48, 0x5, 0x0, 0x0, 0xffffffffffffffff, 0x1})
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
sendmsg$NFT_BATCH(0xffffffffffffffff, 0x0, 0x0)
setsockopt$SO_ATTACH_FILTER(0xffffffffffffffff, 0x1, 0x1a, &(0x7f0000000140)={0x0, 0x0}, 0x10)
sendto$inet(0xffffffffffffffff, 0x0, 0x0, 0x200007fd, 0x0, 0x0)
setsockopt$inet_tcp_TCP_CONGESTION(0xffffffffffffffff, 0x6, 0xd, &(0x7f0000000100)='bbr\x00', 0x4)
openat$ocfs2_control(0xffffffffffffff9c, &(0x7f0000000480), 0x0, 0x0)

6.740848888s ago: executing program 0 (id=1941):
fsopen(&(0x7f00000007c0)='erofs\x00', 0x1)
socket(0x1d, 0x2, 0x2)
socket$inet6(0xa, 0x800000000000002, 0x0)
prlimit64(0x0, 0xe, &(0x7f00000007c0)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
openat$sequencer(0xffffffffffffff9c, &(0x7f00000001c0), 0xa0602, 0x0)
r0 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r0, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
socket$inet6_tcp(0xa, 0x1, 0x0)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
sendmsg$inet(r2, &(0x7f0000001b00)={0x0, 0x0, 0x0, 0x0, &(0x7f0000001d80)=ANY=[@ANYBLOB="28010000000000000100000001"], 0x128}, 0x0)
recvmsg$unix(r1, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000140), 0x100}, 0x0)
r3 = syz_io_uring_setup(0x10d2, &(0x7f0000000540)={0x0, 0x7731, 0x80, 0x0, 0x34c}, &(0x7f0000000600)=<r4=>0x0, &(0x7f00000000c0)=<r5=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r4, 0x4, &(0x7f0000000180)=0xfffffffc, 0x0, 0x4)
mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x5)
syz_io_uring_submit(r4, r5, &(0x7f0000000200)=@IORING_OP_RECVMSG={0xa, 0x4, 0x1cd83f7c25e05491, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x100, 0x1, {0x3}})
io_uring_enter(r3, 0x47bc, 0x0, 0x0, 0x0, 0x0)

5.590325497s ago: executing program 5 (id=1942):
syz_mount_image$udf(&(0x7f00000000c0), &(0x7f0000000180)='./file0\x00', 0x4080, &(0x7f0000000540)=ANY=[@ANYBLOB='lastblock=00000000000000000000,umask=00000000000000000000002,dmode=00000000000000000077777,novrs,shortad,shortad,undelete,iocharset=cp437,shortad,umask=00000000000000000000006,dmode=00000000000000000000002,nostrict,uid=', @ANYRESOCT=0x0, @ANYRESDEC], 0x2, 0xc36, &(0x7f0000002540)="$eJzs3U9sHNd9B/DfGy3FldxWTOwoThoXm7ZIZcVy9S+mYhXuqqbZBpBlIRRzC8AVSakLUyRBUo1spAXTSw89BCiKHnIi0BoFUjQwmiLokWldILn4UOTUE9HCRlD0wBYBcgoYzOxbcUmRNi2SEmV9Pjb13Z19b/a9eeMZWdCbFwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABAxB+8cun0mfSwWwEAPEhXRr56+qz7PwA8Vq75/38AAAAAAAAAAAAAADjoUhTxZKSYvbKaxqr3HfXL7b7bd0aHhreudiRVNQ9V5cuf+pmz585/6YXBC9283J7+gPp77bPx2si1S42XZ27Nzk3Oz09ONEan2+MzE5M73sNu6292sjoAjVuv3564cWO+cfb5cxs+vjPwfv8TxwcuDj576plu2dGh4eGR9SL13vK1+25Ix3YzPA5HEacixXPf+2lqRUQRuz8W9Qc79psdqTpxsurE6NBw1ZGpdmt6ofzwavdAFBGNnkrN7jHaeiyi1vdA+7C9ZsRi2fyywSfL7o3MtuZa16cmG1dbcwvthfbM9NXUaW3Zn0YUcSFFLEXESv+9u+uLImqR4jvHVtP1iDjUPQ5frCYGb9+OYh/7uANlOxt9EUvFIzBmB1h/FPFqpPjZOydiPF9nqmvNFyJeLfMHEW+V+VJEKk+M8xHvbXEe8WiqRRF/WY7/xdU0UV0PuteVy19rfGX6xkxP2e515SPeH+65Ujyk+8ORTflgHPBrUz2KaFVX/NV0/7/ZAQAAAAAAAAAAAAAAAGCvHYkiPhMpXvmPP6nmFUc1L/3YxcE/HPjV3jnjT3/Ifsqyz0fEYrGzObmH88TAq+lqSg95LvHjrB5F/Gme//eth90YAAAAAAAAAAAAAAAAAACAx1oRP4kUL757Ii1F75ri7embjWut61OdVWG7a/9210xfW1tba6RONnOO5VzMuZRzOedKzihy/ZzNnGM5F3Mu5VzOuZIzDuX6OZs5x3Iu5lzKuZxzJWfUcv2czZxjORfLrK93dDlvX8kZB2TtXgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACAj5MiivhFpPj2N1ZTpIhoRoxFJ5f7H3brAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIBSfyri+5Gi8UfNu9tqEZGqfztOlL+cj+bhMj8ZzcEyX4rmpZytKmvNbz2E9rM7famIH0eK/vrbdwc8j39f593d0yDe+ub6u8/WOnmo++HA+/1PHD92cXD4N57e7nXaqgEnL7enb99pjA4ND4/0bK7lb/9kz7aB/L3F3nSdiJh/483XW1NTk3P3/6I8BXZR/RF6kWqPS08f1ovFvTgh9+5F1A5EMx5O33kMlPf/9yLF7777n90bfuf+X49f6by7e4ePn//Z+v3/xc072uH9v7a5Xr7/l/f0re7/T/ZsezH/bqSvFlFfuDXbdzyiPv/Gm6fat1o3J29OTp8/ffrLg4NfPne673BE/UZ7arLn1Z4cLgAAAAAAAAAAAAAAAIAHJxXx+5Gi9ePV1IiIO9V8rYGLg8+eeuZQHKrmW22Yt/3ayLVLjZdnbs3OTc7PT040Rqfb4zMTkzv9uno13Wt0aHhfOvOhjuxz+4/UX56ZfWOuffOPF7b8/Gj90vX5hbnW+NYfx5EoIpq9W05WDR4dGq4aPdVuTVdVr245mf6j60tF/FekGD/fSJ/P2/L8/80z/DfM/1/cvKN9mv//iZ5t5XemVMTPI8Xv/NXT8fmqnUfjnmOWy/1dpDh54XO5XBwuy3Xb0HmuQGdmYFn2/yLFP/1iY9nufMgn18ue2fGBfUSU438sUnz/L74bv5m3bXz+w9bjf3TzjvZp/J/q2XZ0w/MKdt118vifihQvPfl2/Fbe9kHP/+g+e+NELnz3+Rz7NP6f6tk2kL/3t/em6wAAAAAAAAAAAI+0vlTE30eKHw7X0gt5207+/t/E5h3t09//+nTPtom9Wa/oQ1/s+qACAAAAwAHRl4r4SaS4ufD23TnUG+d/98z//L31+Z9DadOn1Z/z/Vr13IC9/PO/XgP5e8d2320AAAAAAAAAAAAAAAAAAAA4UFIq4oW8nvpYNZ9/Ytv11JcjxSv/81wul46X5brrwA9Uv9avzEyfujQ1NTPeWmhdn5psjMy2xifLuk9FitW//VyuW1Trq3fXm++s8b6+FvtcpBj+h27Zzlrs3bXJn1ove6Ys+4lI8d//uLFsdx3rT62XPVuW/ZtI8fV/2brs8fWy58qy340UP/p6o1v2aFm2+3zUT6+XfX58ptiHUQEAAAAAAAAAAAAAAAAAAOBx05eK+PNI8b+3lu7O5c/r//f1vK289c2e9f43uVOt8z9Qrf+/3ev7Wf+/eq7A4nbfCgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAH08pingzUsxeWU3L/eX7jvrl9vTtO6NDw1tXO5Kqmoeq8uVP/czZc+e/9MLghW5+cP299pl4beTapcbLM7dm5ybn5ycnGqPT7fGZickd72G39Tc7WR2Axq3Xb0/cuDHfOPv8uQ0f3xl4v/+J4wMXB5899Uy37OjQ8PBIT5la331/+z3SNtsPRxF/HSme+95P0w/7I4rY/bH4kHNnvx2pOnGy6sTo0HDVkal2a3qh/PBq90AUEY2eSs3uMXoAY7ErzYjFsvllg0+W3RuZbc21rk9NNq625hbaC+2Z6aup09qyP40o4kKKWIqIlf57d9cXRbweKb5zbDX9a3/Eoe5x+OKVka+ePrt9O4p97OMOlO1s9EUsFY/AmB1g/VHEP0eKn71zIv6tP6IWnZ/4QsSrZf4g4q3ojHcqT4zzEe9tcR7xaKpFEf9fjv/F1fROf3k96F5XLn+t8ZXpGzM9ZbvXlUf+/vAgHfBrUz2K+FF1xV9N/+6/awAAAAAAAAAAAAAAAIADpIhfjxQvvnsiVfOD784pbk/fbFxrXZ/qTOvrzv3rzpleW1tba6RONnOO5VzMuZRzOedKzihy/ZzNMutra2P5/WLOpZzLOVdyxqFcP2cz51jOxZxLOZdzruSMWq6fs5lzLOdizqWcyzlXcsYBmbsHAAAAAAAAAAAAAAAAAAB8vBTVPym+/Y3VtNbfWV96LDq5bD3Qj71fBgAA//8dq/O8")
creat(&(0x7f00000004c0)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x162)
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r0}, 0x10)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
socket$inet6_tcp(0xa, 0x1, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
rename(&(0x7f0000000240)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', &(0x7f0000000f40)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00')
symlink(&(0x7f0000000280)='.\x02\x00', &(0x7f00000002c0)='.\x02\x00')

4.64497406s ago: executing program 1 (id=1943):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x100008f}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x1, &(0x7f0000000100)=0x5)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000001c0)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f00000003c0)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
mknodat$loop(0xffffffffffffff9c, &(0x7f0000000140)='./file0\x00', 0x1000, 0x1)
r3 = gettid()
timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r3}, &(0x7f0000bbdffc))
timer_settime(0x0, 0x0, &(0x7f0000000340)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0)
r4 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_CREATE(r4, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000000)={0x4c, 0x2, 0x6, 0x801, 0xe4340000, 0x0, {}, [@IPSET_ATTR_PROTOCOL={0x5, 0x1, 0x6}, @IPSET_ATTR_REVISION={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_FAMILY={0x5, 0x5, 0xa}, @IPSET_ATTR_TYPENAME={0x11, 0x3, 'hash:ip,port\x00'}]}, 0x4c}}, 0x2)
r5 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_TEST(r5, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000500)={0x54, 0xb, 0x6, 0x801, 0x0, 0x0, {0x6, 0x0, 0x2}, [@IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_DATA={0x2c, 0x7, 0x0, 0x1, [@IPSET_ATTR_IP={0x18, 0x1, 0x0, 0x1, @IPSET_ATTR_IPADDR_IPV6={0x14, 0x2, 0x1, 0x0, @mcast2}}, @IPSET_ATTR_PORT={0x6, 0x4, 0x1, 0x0, 0x4e21}, @IPSET_ATTR_PROTO={0x5, 0x7, 0x73}]}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}]}, 0x54}, 0x1, 0x0, 0x0, 0x20008041}, 0x8190)
name_to_handle_at(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x0, &(0x7f0000000180), 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x48240, 0x2)

4.154126s ago: executing program 3 (id=1944):
socket(0xa, 0x3, 0x3a)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f00000000c0)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0xc2354000)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r3 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000100), 0x2, 0x0)
write$RDMA_USER_CM_CMD_CREATE_ID(r3, &(0x7f0000000040)={0x0, 0x7, 0xfa00, {0x0, &(0x7f0000000000)={<r4=>0xffffffffffffffff}, 0x13f}}, 0x20)
write$RDMA_USER_CM_CMD_RESOLVE_ADDR(r3, 0x0, 0x0)
write$RDMA_USER_CM_CMD_LISTEN(r3, &(0x7f0000000180)={0x7, 0x8, 0xfa00, {r4, 0x9}}, 0x10)
chdir(0x0)
socket$inet_mptcp(0x2, 0x1, 0x106)
syz_open_dev$evdev(&(0x7f0000007bc0), 0x0, 0x0)

3.904762873s ago: executing program 2 (id=1945):
socket$nl_netfilter(0x10, 0x3, 0xc)
userfaultfd(0x801)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e20}, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x218, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffe}, 0x0)
memfd_create(&(0x7f0000000d00)='Y\xff\xff\x00\x00\x00\x00\x00K\xb2\x02\x80B\xe9\xe8\xcc\xde\x06\x00l\xa8\x1aJ\xaf\xb2M\xba\xb8_\x05U\xcd<|>\x9e\xec^\x0e\xbe\x18+-\x9b\x893\x02\x00\xa6\x1f+\xb3\xc5\x90z5\xe0\xdfi\xb7\x9f\xb4QW\xc9\xc9\x92\x03\t\x00\x00\x00\x00\x00\xb2\x0f\xee\xbe\f8\xcc\x7f\x00\x00\x00Z\x81\x00\x00\x00\x00\x18I\x13\xf1\xa2x\x04\x81R\xd45R\xae\x05\x00\x00\x00\x00\x00\x00\x00_M^dQ:\xbc\xafq\x88\x19nSF|;]\xe1A\x8c\x8a\x98\xd7|\xdcLF\r\xb1\xfd\xbf!\xc7u\xccP\xdd\x13~\x89\xcf\x85\xca\xa0%\xc6\xc7\x11\x00\x00\x00\x00\x00\x00\x00?M9\\\av~\'\xd9\xb0\xacdya]8\x9d\xb7\v\xf39\xc5{\x9c!\x0f/\xb8o8\xb9\x8d\x19\xe2\xca\x01y\x83\xe7\ng\x87\xd93<u\xbe\xeag\xd2\x04e\xf2s\xde}o#\x90\xda\x9cs,r\xfd:\xcb\xc7\vTmPZJ\xac\x8b\xd0\xc0\xbcRK\xcb\x1e8\xce\xbd[N\xb0\xb4<\xeb\x86[\xec\x8f\x14\n\x83\x9e&\\\xb7!\xed\xa0\xc3,\x90m\x0f\x00\x00\x00\x00\x00\x00\xff\xd0\xb3\x94\x00\x00\x00\x00\x00\x00\x00\x9dH\xf8\xffRo\xa3W\xe1\xed\x8eS\xaeX\x93\x7f\xd3\xb9\x84Q\x9c\"\xd9\xf5\xe4e\xf9\xcam\xe3\x03\xe4\xad\xd5&A\x02\xc8\xa9\xfe\xcb\x87\xd9\xd3\x8c\f\xc08T~\xc4\xbd\x90?\x1f\x9c\x9b0\x19 \x9f\xd1p`\xc0/\x00u\x19\x1d\xac\xe8%\xb7\t\x9f4\xbb\x89\xe9\xc1\x81\xb0\xd6\xf7\x90\x1f\x94\x01M.\x16\x05\x16\xb9\xe9\xdc~\xd3-s\xe6;\x94\x1c^\x06\xdav;\xccD\x95sj\xe0\xd5\xbeS\xac\xe5N\xea\x9eyl[[\xce5\xee\x05\x9c\x96\xabJ^c\xf7\x19\xb4\xd8\xe4\x87\x9dp\xea?/\xcb\x9a\xaa5\'Q\fuG\x81\x8a@\x97M=v\xfe\a\xabp\xf3\x93\x9d\x7f@9\xc0\xd2\xf1\x00\x10\x00\x00\x00\x00\x00\x00\x82\x13\xb2\xa9\xef\xa5\xf8\x8bk\xb3\x9ev\x92\x0e\xd1\x1f\x17Dx[\xad\xb0\x9d/\x96\xe42mO\x9fh\xea\xf3\x14\xcd\x96\x89_)\x1b\xe2\xd6\b\x94b\xaf;\x92T\xafz\x94\x9fG\xfb\xfd|$k\x03\xd7;\x9ay\xee\xf9W?\xb3\xf9\xf8I.E4\xc3eWq\xfa\":$\xd0\x17Q\x94\xf5\xe5mk\x8e&\xf1;#z\xef*\xce\x99\x04\xb9\x90\xbc\xc9#-\x8di\xae\xc5\xdf\x13\xd2K\x8b\xf5\f\xb2x\xdd\xd5\xb4\xa9^~O<\x12\xe3\xc3P|7\xc4\xc8\xb1r0Z\x98\x87^\xc8C\x1b\x96\xb4lsyF\xc5\xbc\xffOE\xe9\xd70\xe7\xfep\x83\xa7\xa1\xd9\xe4\xba\x92\x17\xbf\xe0\xe1\x01\xb7\x8b\x18j\x19n\xc8\xff\xe9\xf4\xf4\xcf a\xd7_w\x0f\x9dF\xae\xccA-/\x83\xabU\xd5\xbf8\xa4O\xb4\xef\xc8\xccH\xd1=\xbe\xbex\xb5-\x05\x01\x11\xfa\xcf\x1dm\xb5X\xe9\xb5O\x15\xc7;Lb\xce\x1a\xcc\x98\xe8\xe9e\xe0\xc2N\xe7\xd7\x1d\x92\x87F8\x9e\xf7\xdd\xdaW\xf5X\x80\xa0f\xceo\xd8\x7f\xc0\x96\bSB\xce&\x04$\xc3\xe31U\x84\x82\xf0{i\x1d\x02\x10\xc6C\x01^\xcf\x93?w\x01\x84\xa0\xd6\xa2\x10\xa4\xfcG\xabD\xd6dGZ\xb2Cx\x1b\xfdD9\x17\xe6\xcauM\xe3\x05)\xe2\x03\xe2j$F1n@\xde\n9t.[\xad\xb5\f<o\xdb\xa4\x90\xc4\xd0I\xa6\x96\xa1\x00\xbb\xdd\x94\x00t/1YekG\x7f\xbdrI\x1e\x8a4=\xa2\xe9\x82<\x9e|\xf5\xa4\x05#\x7f\xa8\x01\x00\x82ih\xf9?\x03Q\xf5\xc4\x95\x99 \xa7v~:$\x02O\xe3\xaa\x1f\x00\xebh\'\xd2q\x10\x1e\x94n\xd7w\xb1\xc8G\x89\xf4\x8ct\xf9R\x85\x1b8OE\x04\x9a\xd8\x80\x10x\xbf\n0\b,r\xc6r\xf7=\xfe\xc1\x16\xe6\xee\xbb:-h\xba\x8b\x14\x9a?\x8e\x03;\xe5\x04\xd8\xa9\x9a\xd3\x05(\x7f|\xadU\xafe\x87V.i4$6U,R\x9b\n{\'\xfe1\xc4\xb09\x96{\xc0e\xa1\xe7\xa9\xb4\x1a\n\xf5\xd7zuvz\x972\xd4\xfb\x13u2\xab\x18\x01~r\xbbcW!)\xf4\x9b\x1dI\x9ex;\xb2\xe3I\xbd\x16T\xb75\xa6\a\xb7\xa1\x8d\xc9\x12\xb1\xbd\xbc\xd9c\xe9\xe6k\xee\x06\x83\xf4\xab\x18\x038\x8f\xc9^\x0f\xab\xea&P\b\xef#\xf6\xc3\xfc\xd4\xa0\xfd\x15N\xd3\xa0\x80\x9f\bU\xa63\xf6\xc9\xecZ`\xa4\xa0(\xf9\x98B\xaf\xde*\x91\xddk\xa1`d\xf0\x97\xc9e\xc1\"EC\x9a?x\x89\x8d\xb3\xfaF}\x82D\xf8\f\xf1`\x90D\xd1|%(\xd8\t\xea\x00C\xce\x7fo+?v\xee\xc6bL\x1d\xbe\x84p\x8d\xa3\xec\xf7\xe0\xfe\x8c=<\xf2\x1f@\xe66E\xa7\x9c\xd3\xb6\xf5\xe0\x14\xb8\xd4`\x85\xe3;\x8c\xf8\xf2\xd9)\x0e\xd0\xff\xa5K\xf3\xf1\xc4\x18\xf4Z\xdci\x91\x84\xe8\xb7\x10\x90\xbc\xect\x14\xdfR\xe2\x80\xf8a\x92\xb2R\xdf0\xcaQ\xdf\x87\xbdjp\x1ch3h\xcf<\x82\x97\xa5s/m\xb2\x1dd\xf7\xfc\xf5\xa9\x1d\xd34{\xcc\x1f\t,i\x16\x82\xad\x8e\xb6\x17\x0f\xaa\x85^/w\xbb~\xff\xce\x92\x90\x83\n\xe5\x14\x95\x92|\xfe-S%\x91i\xafh\x97z\x00@K\xbb\xc2\fcD\xff\xdcl\xa1\xfaR\xbc\xd0k\\\x92\x19a6Sv\x05%{\xe2\xe9\xf1\xddRB$8\xb0q9\xa1g&\x17\xe5P\xef\xb1<\xb6\xe2\xb2\xc06^\x0f4\xba\x10\xba\x00\x00\x00\x00\x00\x00\x00\x00\xef\xba\"\xb7\xc7~T\xc4Ei\xfdk\xa9\"F\xa9C\xa0\xd3\xa0\x1b\xbf\x13\xfb\x14S<\xa6\n5\x86\x9e\xb2=8\'g`\x8f\xa8\x027\xbd\xb5s\xe9dti\xc0\xbd\\H\xe5v\xdd\x0fP\x8b+-\x02i\x8eZU\xa8YB\xfc\xc2R7\xe9\x11\x06\x1aRd\xa93\xa1\\\xf4_s\xf7\xe8+\xbdg\x13\xaea\x04\xd8\x82\xf6\x90\xaf1\x86b\x81J\xb7E\xb0\xe2\xd6\x93S\xb3\x98\xcb\xf9\xde=\xd6T\x8d\xea\xab\xa9Z!\xd3-\xa6_\xc4\xa4\xb6+\x89\xdc]O<g\x06~\x12W\x86\x06\xba\x15#\xa7Q\xffa\x926>\xf0y\xd6\xb0\xf2\x9f\xa7\xcf\xad\x86\\\xec\xec\xd6\x9d\bT\xcd\xa2\xea', 0xe)
r2 = socket$inet_mptcp(0x2, 0x1, 0x106)
bind$inet(r2, &(0x7f0000000080)={0x2, 0x4e24, @multicast2}, 0x10)
connect$inet(r2, &(0x7f0000000180)={0x2, 0x4e24, @dev={0xac, 0x14, 0x14, 0x21}}, 0x10)
writev(r2, &(0x7f0000000200)=[{&(0x7f00000000c0)='X', 0x8030000}], 0x1)
openat$uinput(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0)
shutdown(r2, 0x1)
fsconfig$FSCONFIG_SET_STRING(0xffffffffffffffff, 0x1, &(0x7f0000000080)='source', 0x0, 0x0)
r3 = openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000240), 0xc2882, 0x0)
close(r3)

3.572787024s ago: executing program 0 (id=1946):
setsockopt$inet6_tcp_int(0xffffffffffffffff, 0x6, 0x13, &(0x7f0000000040)=0x100000001, 0x4)
setsockopt$inet6_tcp_TCP_REPAIR_QUEUE(0xffffffffffffffff, 0x6, 0x14, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x20000008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f0000000180)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4)
r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0xb, &(0x7f0000000380)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020000000000000000000007b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000300)='rcu_utilization\x00', r3}, 0x10)
r4 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000240)=ANY=[@ANYBLOB="0200000004000000080000000100000080", @ANYRES32=0x0, @ANYRES32=0x0, @ANYRES32=0x0], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000840)={0xc, 0x1c, &(0x7f0000000d80)=ANY=[@ANYBLOB="18080000e9ff0000000000000000000018110000", @ANYRES32=r4, @ANYBLOB="0000000000000000b702000014000000b70300002bb91a008500000008000000bc0900000000000045080100002000009500000000000000b7020000000000007b9af8ff00000000b5090000000000007baaf0ff00000000bf2700000000000007080000fffdffffbfa400000000000007040000f0ffffffc40200000800000018220000", @ANYRES32=r4, @ANYBLOB="0000000000000000b7050000080000004608efff76000000bf9800000000000056090000000000008500000000020800b70000000000000095"], &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
connect$inet6(0xffffffffffffffff, &(0x7f0000000080)={0xa, 0x0, 0x0, @ipv4={'\x00', '\xff\xff', @remote}, 0x53e}, 0x1c)
setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x2a, &(0x7f0000000000)=0x1, 0x4)

3.169469534s ago: executing program 1 (id=1947):
r0 = socket$inet6_udp(0xa, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x20000008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000040)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f0000000180)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r3, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000140)={&(0x7f0000000040)='sched_switch\x00'}, 0x10)
bpf$PROG_LOAD(0x5, &(0x7f00000054c0)={0x2, 0x16, &(0x7f0000000780)=ANY=[@ANYBLOB="61128c000000000061138c0000000000bf2000000000000015000000081400002d0301000000000095000000000000006916600000000000bf67000000000000260300000fff0710670600000f000000170300000ee60020bf050000000000001d360000000000006507f9ff01000000070700004c000000cc75000000000000bf54000000000000070400000400f9ffad4301000000000095000000000000000500000000000000950000000000000032ff7f5be95e09b67754bb12feffffff8ecf264e0f84f9f17d3c51e3c7bdd2d17f2f1754558f2278af6d71d79a5e12814cb1d8a5d4601d295c45a6a0b9bdb7dd399703d6c4f6f3be5b369289aa6812b8e007e733b9a4f16d0abbd5ad9381806ef08513e3d3778a814261bdb94a05000000c6c60bf70d742a81762bab8395fa64810b5b40d893ea8fe01c5473d51b546cad5b803306b17cf4ef3f1d45f65727546e7c955ccefa1f6ab689fde4de4e63edf10271a5144ddc8da3aa5b0ab733a1b901627b562ed04ae76002d4519af619e3a2a4d69e0dee5eb106774a8f3e6916dfec88b5634ef79b02d2ca8ff54c158f0200000000eafb735fd552bdc206004aeb0743eb2dc819c75c8ac86d8a297dff0445a13d006723888fb126a163f16fb2ad9bc1162ba7cbebe174cecac4d03723f1c932b3faffffffffffffff5fc998e13b670e373e3e5897f7ad2e99e0e67a993716dbf580469f0f53acbb40b401e3738270b315d362ed834f2a0700000096649a462e7ee4bcf8b07a101c879730beb4000000000000000000000000000000bc00f674629709e7e78f4ddc3d1bc3ebf0bd9d42ca019dd5d022cf7468659fbe2562671cd47840a7afaab43176e65ec1118d46d1e827f3472f4445d253887a5ad103649afa17690884f800031e03a651bb96589a7eab04871bc47287cd313f3bea788ea2bcdc340ffb567b40407d000000000000000000000000005f37d83f84e98a523d80bd0d0d703f3767ce603c9d4867b63d20a268bb9f15a0a6e66ce4660fbee91629ab028acfc1d9260e9659a0f6a5480a55c22fe3ae5f562d0ae520c38d2bab6528000000596fb73a96b33c81cdbbd421a27f7f1db054cc7a0a4d372849c99a98822103b9851d924b85b1ca4b21b187db00000000000000066dead3b9670a7604a5ddd0fd2e4fb8a5749a8a8ad78454ba1eebeff1b528da294247d294d2487babb176fdfafeb3d492a325671e6b91afb41f87feda4ce2f468a3758750c0b8f151d4d8574bbbe027687a0e12311cdf3384a26ee3f6f2424ba1e5be98ef1f8f2db9a4991e234f9f447e1730ceaf54cf25c0e3ad7cbb0de06d55db89d154c9d3fcd01c551b0ef58034c252629aefbfd5305845b9a8763b264e8f0bcd0f606fe92e511f122325ebc5fef1b68f2e2ec7bebe423d4baae0e27845d0eb8b8a4f97f83424221e94a5c4623feb8496ccdbc55b27773bf1b3e6a91a20e0c27fc80262647f88d8d1123d199b2c7729bb7700e887ea963f00004a1d0851dbfb9308d16cadcc7b477c9a9586571182526898735552a203c4797228533b1a73ab44aa115136353964648abcc4adbe765556643842290a92eafea0ec2c000000000000000000000000000000e1f3518dc3fc2bbefe043804ac1b6b1c8b7e3afed045a3a808700bca61a39d5bfa83877803013e2d145e642253632f3a283c6eee0e22cb69fe7f94786220c31e9b2a82a9856e947bace74923e4740bf1c17cb41ef19161c3d417655517c28bd08dee32d77a40b834ba7a12223354e9321b8300f7d5d63fa0e8f074adc176285a8f41609ce040cec99943792f5443ca5292447b0f0f240743c4b2b8142ce0b43d4d1731ce11533f61ef241c83557f5aae58a848b5ccce86b8b0fb21fe369c90f06e2d9680003df72f3f0060e6c3415cc1026d342003bece09fbfd062efdd9b48377335903f3b4e87386915e3ac429a4db646da1cc6e29ad8650f4da326cbfdce12c8d5deba32549d6aefe422e0d665d62325c737fe76ec1f3c3670ed96f86738a2cf1c59b5f9b84ffd068f7b4509f53617910a41b811a3f7cd6251f8100008133af11a4db2d00c0ad86ce9f40f3e06b41b45f72b1598a12abddf58ac778bff2f1e49306a1d2f80b2a7d7a28f3997ee60793c62ffee96535e47adac9f367395cf26056a4b76d646f7682f21beafcdb7a9c07acfd145487426f1a009327b8ec6e695e6a7ddcc2c9151cc9c4efa413fa1e521b398151247104bc47748199441cf298e925ef2e3374f4ec0193b38a355c35ee44962fceb3f418510742c93a442f857733b74b6d9197cd62784d7f2afa6a4bc5cae18e33435665250241a7ffd96fc0790000009c17c570096bb75de737107e029b18ec0e61ab3761366452a1c6e3e3c912170f874555aaefc9644cffa768eb2b47c6b040698746df86026730db64859c46cdfb775b86214cfd1932d5ad87c56ea4f38bca780000000000000000000000003bf179c894590cb06b546082451bb735e7152afd5340683663e8effbfb49855ec98703a1e141ab7510fc0e3b081e72d25bfa4e52bedadd11e152bb1dcfcfe942b97b813cf4cdd8626ecfb630425db071c1bfdb03"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8, 0x10, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x1}, 0x10}, 0x94)
setsockopt$IP6T_SO_SET_REPLACE(r0, 0x29, 0x40, &(0x7f0000000580)=@raw={'raw\x00', 0x3c1, 0x3, 0x458, 0x0, 0x168, 0x10, 0x190, 0xb, 0x388, 0x250, 0x250, 0x388, 0x250, 0x3, 0x0, {[{{@ipv6={@remote, @rand_addr=' \x01\x00', [], [], 'veth1_to_batadv\x00', 'veth1_to_hsr\x00', {}, {}, 0x3a}, 0x6000000, 0x128, 0x190, 0x0, {0x0, 0x28e}, [@common=@icmp6={{0x28}, {0x0, 'K\r'}}, @common=@inet=@hashlimit1={{0x58}, {'netdevsim0\x00', {0x0, 0x0, 0x9, 0x1, 0x0, 0x10000, 0x80000001}}}]}, @unspec=@CT1={0x68, 'CT\x00', 0x1, {0x0, 0x0, 0x0, 0x0, 'pptp\x00', 'syz1\x00'}}}, {{@uncond, 0x0, 0xd0, 0x1f8, 0x0, {}, [@common=@inet=@set2={{0x28}}]}, @common=@unspec=@SECMARK={0x128, 'SECMARK\x00', 0x0, {0x0, 0x0, 'system_u:object_r:usb_device_t:s0\x00'}}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x4b8)
bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x4, 0x13, &(0x7f0000000040)=ANY=[@ANYBLOB="18020000020000000000000000"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x6e, '\x00', 0x0, @fallback=0x7, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
prctl$PR_SET_MM_EXE_FILE(0x36, 0xd, 0xffffffffffffffff)
syz_emit_vhci(&(0x7f0000000040)=ANY=[@ANYBLOB="043e1f1b"], 0x22)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000540)='./cgroup/pids.max\x00', 0x2, 0x0)

2.228664608s ago: executing program 3 (id=1948):
openat$dir(0xffffffffffffff9c, &(0x7f0000001a00)='./file1\x00', 0x40, 0xdc)
r0 = syz_open_dev$ndb(&(0x7f00000000c0), 0x0, 0x80000)
r1 = socket(0x2, 0x2, 0x0)
r2 = syz_open_dev$ndb(&(0x7f0000000000), 0x0, 0x0)
ioctl$NBD_SET_SOCK(r0, 0xab00, r1)
ioctl$NBD_DO_IT(r2, 0xab03)
ioctl$NBD_SET_SIZE_BLOCKS(r0, 0xab07, 0x100000000)
mount(&(0x7f0000000000)=@nbd={'/dev/nbd', 0x0}, &(0x7f0000004a00)='./file1\x00', &(0x7f0000000080)='udf\x00', 0x2008087, 0x0)
prlimit64(0x0, 0xe, &(0x7f00000007c0)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x2, 0x0)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0)
writev(0xffffffffffffffff, 0x0, 0x0)
pselect6(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000140)={0x0}, 0x18)
setsockopt$inet_int(0xffffffffffffffff, 0x0, 0xf, 0x0, 0x0)
setsockopt$inet_sctp6_SCTP_SOCKOPT_BINDX_ADD(0xffffffffffffffff, 0x84, 0x64, 0x0, 0x0)
getpid()

1.246282263s ago: executing program 1 (id=1949):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000300)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f00000000c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0xa7)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r0}, 0x10)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x7, 0x100}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
r4 = syz_io_uring_setup(0x23c, &(0x7f0000000080)={0x0, 0x0, 0x10100}, &(0x7f0000000180)=<r5=>0x0, &(0x7f0000000040)=<r6=>0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000140)={<r7=>0xffffffffffffffff, <r8=>0xffffffffffffffff})
syz_io_uring_submit(r5, r6, &(0x7f0000000000)=@IORING_OP_SEND={0x1a, 0x0, 0x0, r8, 0x0, &(0x7f0000000240)="352f1938d141676d9b6c59065f664735c08b9d697a645f85b19ba9030648cd046d1f26aad0196458046b81", 0xfffffffffffffe08, 0xebec93e830f96115})
openat$uinput(0xffffffffffffff9c, &(0x7f00000001c0), 0x802, 0x0)
io_uring_enter(r4, 0x7f5f, 0x4000000, 0x0, 0x0, 0x0)
shutdown(r7, 0x1)

1.244738485s ago: executing program 0 (id=1950):
socket$inet_mptcp(0x2, 0x1, 0x106)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r1, 0x0, 0x0, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sendmsg(r1, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x8f, 0x0, 0xffffffffffffffd9}, 0x4000400)
sched_setattr(0x0, 0x0, 0x0)
ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(0xffffffffffffffff, 0x4020ae46, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x200, 0x0)
r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r3, 0xae60)
ioctl$KVM_SET_USER_MEMORY_REGION(r3, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil})
r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0)
ioctl$KVM_RUN(r4, 0xae80, 0x0)
ioctl$KVM_RUN(r4, 0xae80, 0x0)
ioctl$KVM_RUN(r4, 0xae80, 0x0)

0s ago: executing program 1 (id=1951):
socket$nl_xfrm(0x10, 0x3, 0x6)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000640)=0x6)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x4)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
sched_setaffinity(0x0, 0x8, &(0x7f0000000280)=0x2)
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setaffinity(0x0, 0xfffffffffffffc33, &(0x7f0000000280)=0x2)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xc, 0x12, 0xffffffffffffffff, 0x0)
r3 = socket$packet(0x11, 0x2, 0x300)
bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000cc0)={0xffffffffffffffff, 0x0, 0x0}, 0x10)
setsockopt$packet_tx_ring(r3, 0x107, 0xd, 0x0, 0x0)
r4 = openat$dsp1(0xffffffffffffff9c, &(0x7f0000000800), 0x400, 0x0)
ioctl$SNDCTL_DSP_CHANNELS(r4, 0xc0045006, &(0x7f00000000c0)=0x40)
read$dsp(r4, &(0x7f0000000500)=""/101, 0x65)

kernel console output (not intermixed with test programs):

: 28 bytes leftover after parsing attributes in process `syz.1.124'.
[  153.099377][ T6424] netlink: 28 bytes leftover after parsing attributes in process `syz.1.124'.
[  153.118452][ T6424] ip6gretap0: entered promiscuous mode
[  153.137695][ T6424] syz_tun: entered promiscuous mode
[  154.410495][ T6430] Driver unsupported XDP return value 0 on prog  (id 28) dev N/A, expect packet loss!
[  154.645044][ T6436] loop1: detected capacity change from 0 to 8
[  154.672101][ T6436] squashfs: Unknown parameter 'fd/3'
[  155.469622][ T6447] netlink: 'syz.3.126': attribute type 9 has an invalid length.
[  155.477836][ T6447] netlink: 61951 bytes leftover after parsing attributes in process `syz.3.126'.
[  156.692785][ T5907] usb 2-1: new full-speed USB device number 2 using dummy_hcd
[  156.892548][ T5907] usb 2-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[  156.938999][ T5907] usb 2-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  156.959810][ T5907] usb 2-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23
[  156.969967][ T5907] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  157.208021][ T5907] usb 2-1: GET_CAPABILITIES returned 0
[  157.240286][ T5907] usbtmc 2-1:16.0: can't read capabilities
[  157.370567][ T6459] loop3: detected capacity change from 0 to 256
[  158.011268][ T6461] loop2: detected capacity change from 0 to 131072
[  158.062392][ T6461] F2FS-fs (loop2): Test dummy encryption mode enabled
[  158.105889][ T6461] F2FS-fs (loop2): invalid crc value
[  158.211255][ T6461] F2FS-fs (loop2): f2fs_recover_fsync_data: recovery fsync data, check_only: 0
[  158.225623][ T5945] usb 2-1: USB disconnect, device number 2
[  158.243223][ T6461] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e5
[  158.388230][   T30] audit: type=1326 audit(1752807726.958:4): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6468 comm="syz.1.139" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f674118e929 code=0x0
[  158.442973][ T6459] FAT-fs (loop3): Directory bread(block 64) failed
[  158.449826][ T6459] FAT-fs (loop3): Directory bread(block 65) failed
[  158.480500][ T6459] FAT-fs (loop3): Directory bread(block 66) failed
[  158.487074][ T6459] FAT-fs (loop3): Directory bread(block 67) failed
[  158.505639][   T30] audit: type=1800 audit(1752807726.968:5): pid=6461 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.2.137" name="file1" dev="loop2" ino=11 res=0 errno=0
[  158.550832][ T6459] FAT-fs (loop3): Directory bread(block 68) failed
[  158.558599][ T6459] FAT-fs (loop3): Directory bread(block 69) failed
[  158.580182][ T6459] FAT-fs (loop3): Directory bread(block 70) failed
[  158.606032][ T6459] FAT-fs (loop3): Directory bread(block 71) failed
[  158.657167][ T6459] FAT-fs (loop3): Directory bread(block 72) failed
[  158.694827][ T6459] FAT-fs (loop3): Directory bread(block 73) failed
[  158.893438][   T51] Bluetooth: hci0: Controller not accepting commands anymore: ncmd = 0
[  158.902326][   T51] Bluetooth: hci0: Injecting HCI hardware error event
[  158.911149][   T51] Bluetooth: hci0: hardware error 0x00
[  159.859950][ T6484] tipc: Started in network mode
[  159.878384][ T6484] tipc: Node identity 2, cluster identity 5
[  159.886125][ T6484] tipc: Node number set to 2
[  159.896064][ T6484] tipc: Cannot configure node identity twice
[  161.332789][   T51] Bluetooth: hci0: Opcode 0x0c03 failed: -110
[  163.580101][ T5976] usb 2-1: new high-speed USB device number 3 using dummy_hcd
[  163.820108][ T5976] usb 2-1: Using ep0 maxpacket: 32
[  163.829035][ T5976] usb 2-1: config 1 interface 0 altsetting 84 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[  163.860180][ T5976] usb 2-1: config 1 interface 0 has no altsetting 0
[  163.910353][ T5976] usb 2-1: New USB device found, idVendor=05ac, idProduct=0222, bcdDevice= 0.40
[  163.940873][ T5976] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  163.987349][ T5976] usb 2-1: Product: с
[  163.994069][ T5976] usb 2-1: Manufacturer: Ж
[  164.125323][ T6516] syz.0.153 calls setitimer() with new_value NULL pointer. Misfeature support will be removed
[  164.576825][ T6529] loop2: detected capacity change from 0 to 512
[  164.636054][ T6529] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  164.726223][ T6529] ext4 filesystem being mounted at /30/bus supports timestamps until 2038-01-19 (0x7fffffff)
[  164.800549][ T5976] usbhid 2-1:1.0: can't add hid device: -71
[  164.850226][ T5976] usbhid 2-1:1.0: probe with driver usbhid failed with error -71
[  164.869168][ T5976] usb 2-1: USB disconnect, device number 3
[  165.316371][ T5847] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  166.792339][ T5869] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1
[  166.803191][ T5869] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9
[  166.813270][ T5869] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9
[  166.828672][ T5869] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4
[  166.836362][ T5869] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2
[  167.564863][ T3503] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  167.648020][ T6563] netlink: 4 bytes leftover after parsing attributes in process `syz.3.167'.
[  167.832063][ T6564] netlink: 4 bytes leftover after parsing attributes in process `syz.3.167'.
[  167.896893][ T3503] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  168.073958][ T3503] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  168.223556][ T3503] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  168.915146][   T51] Bluetooth: hci2: command tx timeout
[  169.449107][ T3503] bridge_slave_1: left allmulticast mode
[  169.454979][ T3503] bridge_slave_1: left promiscuous mode
[  169.466188][ T3503] bridge0: port 2(bridge_slave_1) entered disabled state
[  169.944392][ T3503] bridge_slave_0: left allmulticast mode
[  169.964430][ T3503] bridge_slave_0: left promiscuous mode
[  169.993045][ T3503] bridge0: port 1(bridge_slave_0) entered disabled state
[  170.224602][ T6583] netlink: 'syz.2.171': attribute type 1 has an invalid length.
[  170.970280][   T51] Bluetooth: hci2: command tx timeout
[  171.319445][ T6598] netlink: 788 bytes leftover after parsing attributes in process `syz.1.174'.
[  171.493879][ T3503] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  171.545745][ T3503] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  171.565445][ T3503] bond0 (unregistering): Released all slaves
[  171.848418][ T6583] bond1: entered promiscuous mode
[  171.888660][ T6583] 8021q: adding VLAN 0 to HW filter on device bond1
[  171.973563][ T6585] 8021q: adding VLAN 0 to HW filter on device bond1
[  171.992318][ T6585] bond1: (slave ip6gre1): The slave device specified does not support setting the MAC address
[  172.003477][ T6585] bond1: (slave ip6gre1): Setting fail_over_mac to active for active-backup mode
[  172.035901][ T6585] bond1: (slave ip6gre1): making interface the new active one
[  172.047073][ T6585] ip6gre1: entered promiscuous mode
[  172.069556][ T6585] bond1: (slave ip6gre1): Enslaving as an active interface with an up link
[  172.455079][ T6552] chnl_net:caif_netlink_parms(): no params data found
[  172.518502][   T30] audit: type=1804 audit(1752807741.098:6): pid=6613 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.0.177" name="/newroot/35/file0" dev="tmpfs" ino=203 res=1 errno=0
[  172.656369][ T6585] syz.2.171 (6585) used greatest stack depth: 19808 bytes left
[  172.667082][ T6616] netlink: 'syz.1.178': attribute type 10 has an invalid length.
[  172.779563][ T6619] loop1: detected capacity change from 0 to 256
[  172.928801][ T6619] netlink: 4 bytes leftover after parsing attributes in process `syz.1.178'.
[  173.024347][ T6616] bridge0: port 2(bridge_slave_1) entered disabled state
[  173.033238][ T6616] bridge0: port 1(bridge_slave_0) entered disabled state
[  173.062463][   T51] Bluetooth: hci2: command tx timeout
[  173.646917][ T6616] bridge0: port 2(bridge_slave_1) entered blocking state
[  173.654589][ T6616] bridge0: port 2(bridge_slave_1) entered forwarding state
[  173.662833][ T6616] bridge0: port 1(bridge_slave_0) entered blocking state
[  173.670065][ T6616] bridge0: port 1(bridge_slave_0) entered forwarding state
[  173.756150][ T6616] bond0: (slave bridge0): Enslaving as an active interface with an up link
[  174.020249][ T3503] hsr_slave_0: left promiscuous mode
[  174.053649][ T3503] hsr_slave_1: left promiscuous mode
[  174.067962][ T3503] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  174.208954][ T3503] batman_adv: batadv0: Removing interface: batadv_slave_0
[  174.598509][ T3503] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  174.622357][ T3503] batman_adv: batadv0: Removing interface: batadv_slave_1
[  174.763422][ T3503] veth1_macvtap: left promiscuous mode
[  174.789489][ T3503] veth0_macvtap: left promiscuous mode
[  174.800666][ T3503] veth1_vlan: left promiscuous mode
[  174.827101][ T3503] veth0_vlan: left promiscuous mode
[  175.130843][   T51] Bluetooth: hci2: command tx timeout
[  175.978063][ T3503] team0 (unregistering): Port device team_slave_1 removed
[  176.385885][ T3503] team0 (unregistering): Port device team_slave_0 removed
[  177.010157][ T6619] bridge_slave_1: left allmulticast mode
[  177.021174][ T6619] bridge_slave_1: left promiscuous mode
[  177.027038][ T6619] bridge0: port 2(bridge_slave_1) entered disabled state
[  177.038500][ T6619] bridge_slave_0: left allmulticast mode
[  177.098344][ T6619] bridge_slave_0: left promiscuous mode
[  177.128945][ T6619] bridge0: port 1(bridge_slave_0) entered disabled state
[  177.214643][ T6619] bond0: (slave bridge0): Releasing backup interface
[  178.658410][ T6552] bridge0: port 1(bridge_slave_0) entered blocking state
[  179.440887][ T6671] loop2: detected capacity change from 0 to 131072
[  179.516203][ T6552] bridge0: port 1(bridge_slave_0) entered disabled state
[  179.568825][ T6671] F2FS-fs (loop2): invalid crc value
[  179.599653][ T6552] bridge_slave_0: entered allmulticast mode
[  179.624106][ T6552] bridge_slave_0: entered promiscuous mode
[  179.740117][ T6552] bridge0: port 2(bridge_slave_1) entered blocking state
[  179.880601][ T6552] bridge0: port 2(bridge_slave_1) entered disabled state
[  179.906354][ T6552] bridge_slave_1: entered allmulticast mode
[  179.966064][ T6671] F2FS-fs (loop2): f2fs_recover_fsync_data: recovery fsync data, check_only: 0
[  179.991224][ T6552] bridge_slave_1: entered promiscuous mode
[  180.080197][ T6671] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e4
[  180.150360][   T30] audit: type=1800 audit(1752807748.698:7): pid=6671 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.2.189" name="file1" dev="loop2" ino=7 res=0 errno=0
[  181.247692][ T6552] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  181.536765][ T6552] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  181.738719][ T6552] team0: Port device team_slave_0 added
[  181.846889][ T6552] team0: Port device team_slave_1 added
[  182.377022][ T6552] batman_adv: batadv0: Adding interface: batadv_slave_0
[  182.429831][ T6552] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  182.554542][ T6552] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  182.728959][ T6552] batman_adv: batadv0: Adding interface: batadv_slave_1
[  182.750087][ T6552] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  182.876971][ T6552] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  182.969456][ T6700] netlink: 'syz.3.195': attribute type 12 has an invalid length.
[  183.285841][ T6552] hsr_slave_0: entered promiscuous mode
[  183.366193][ T6552] hsr_slave_1: entered promiscuous mode
[  183.440437][ T6552] debugfs: 'hsr0' already exists in 'hsr'
[  183.446240][ T6552] Cannot create hsr debugfs directory
[  183.555564][ T6711] netlink: 64 bytes leftover after parsing attributes in process `syz.3.197'.
[  184.067151][ T6717] 8021q: adding VLAN 0 to HW filter on device bond1
[  184.544226][ T6720] bond_slave_0: entered promiscuous mode
[  184.550985][ T6720] bond_slave_1: entered promiscuous mode
[  184.557379][ T6720] 8021q: adding VLAN 0 to HW filter on device macvlan2
[  184.832879][ T6720] bond1: (slave macvlan2): Enslaving as a backup interface with an up link
[  185.088094][ T6730] loop1: detected capacity change from 0 to 512
[  185.155561][ T6730] EXT4-fs: Warning: mounting with data=journal disables delayed allocation, dioread_nolock, O_DIRECT and fast_commit support!
[  185.248982][ T6730] EXT4-fs (loop1): encrypted files will use data=ordered instead of data journaling mode
[  185.328798][ T6730] EXT4-fs (loop1): 1 truncate cleaned up
[  185.361996][ T6730] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  185.566633][ T6730] EXT4-fs error (device loop1): ext4_generic_delete_entry:2668: inode #2: block 13: comm syz.1.202: bad entry in directory: rec_len is smaller than minimal - offset=24, inode=11, rec_len=8, size=1024 fake=0
[  185.761106][ T6730] EXT4-fs (loop1): Remounting filesystem read-only
[  185.767684][ T6730] EXT4-fs warning (device loop1): ext4_rename_delete:3726: inode #2: comm syz.1.202: Deleting old file: nlink 4, error=-117
[  185.970241][   T10] usb 2-1: new high-speed USB device number 4 using dummy_hcd
[  186.218005][   T10] usb 2-1: Using ep0 maxpacket: 32
[  186.235801][   T10] usb 2-1: config index 0 descriptor too short (expected 50757, got 91)
[  186.272110][   T10] usb 2-1: config 20 has too many interfaces: 194, using maximum allowed: 32
[  186.310867][   T10] usb 2-1: config 20 has an invalid descriptor of length 15, skipping remainder of the config
[  186.351915][   T10] usb 2-1: config 20 has 0 interfaces, different from the descriptor's value: 194
[  186.392794][   T10] usb 2-1: New USB device found, idVendor=046d, idProduct=08f0, bcdDevice=5e.1b
[  186.405888][   T10] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  186.432470][   T10] usb 2-1: Product: syz
[  186.448101][   T10] usb 2-1: Manufacturer: syz
[  186.457810][ T6552] netdevsim netdevsim5 netdevsim0: renamed from eth0
[  186.458685][   T10] usb 2-1: SerialNumber: syz
[  186.477502][ T6552] netdevsim netdevsim5 netdevsim1: renamed from eth1
[  186.506207][ T6552] netdevsim netdevsim5 netdevsim2: renamed from eth2
[  186.523074][ T6552] netdevsim netdevsim5 netdevsim3: renamed from eth3
[  187.107237][   T10] usb 2-1: USB disconnect, device number 4
[  187.606905][ T6552] 8021q: adding VLAN 0 to HW filter on device bond0
[  187.629540][ T6552] 8021q: adding VLAN 0 to HW filter on device team0
[  187.840785][ T3503] bridge0: port 1(bridge_slave_0) entered blocking state
[  187.848124][ T3503] bridge0: port 1(bridge_slave_0) entered forwarding state
[  188.331825][ T3503] bridge0: port 2(bridge_slave_1) entered blocking state
[  188.339077][ T3503] bridge0: port 2(bridge_slave_1) entered forwarding state
[  188.389388][ T5849] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  188.568507][ T6552] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[  190.117340][ T6552] 8021q: adding VLAN 0 to HW filter on device batadv0
[  192.485084][ T6552] veth0_vlan: entered promiscuous mode
[  192.589154][ T6552] veth1_vlan: entered promiscuous mode
[  192.958683][ T6552] veth0_macvtap: entered promiscuous mode
[  193.263326][ T6552] veth1_macvtap: entered promiscuous mode
[  193.319445][ T6552] batman_adv: batadv0: Interface activated: batadv_slave_0
[  193.733018][ T6552] batman_adv: batadv0: Interface activated: batadv_slave_1
[  193.910734][ T3503] netdevsim netdevsim5 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  194.002756][ T3503] netdevsim netdevsim5 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  194.083988][ T3503] netdevsim netdevsim5 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  194.120478][ T3503] netdevsim netdevsim5 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  194.256124][ T1304] ieee802154 phy0 wpan0: encryption failed: -22
[  194.262814][ T1304] ieee802154 phy1 wpan1: encryption failed: -22
[  195.304034][ T6851] netlink: 'syz.2.232': attribute type 4 has an invalid length.
[  195.419046][ T6853] loop1: detected capacity change from 0 to 128
[  195.583093][ T6853] FAT-fs (loop1): utf8 is not a recommended IO charset for FAT filesystems, filesystem will be case sensitive!
[  195.650977][   T38] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  195.658845][   T38] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  195.671608][ T6853] FAT-fs (loop1): Invalid FSINFO signature: 0x41615252, 0x80417272 (sector = 1)
[  195.860885][ T3456] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  196.086417][ T3456] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  199.243557][ T6890] netlink: 104 bytes leftover after parsing attributes in process `syz.2.245'.
[  199.331353][ T6890] netlink: 104 bytes leftover after parsing attributes in process `syz.2.245'.
[  200.479135][   T30] audit: type=1804 audit(1752807769.058:8): pid=6906 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.5.251" name="/newroot/3/file0" dev="tmpfs" ino=33 res=1 errno=0
[  200.481837][ T6906] ref_ctr going negative. vaddr: 0x200000ffc002, curr val: -29824, delta: 1
[  200.527804][ T6906] ref_ctr increment failed for inode: 0x21 offset: 0x7 ref_ctr_offset: 0x2 of mm: 0xffff8880763bb5c0
[  201.200833][ T6916] netlink: 104 bytes leftover after parsing attributes in process `syz.2.254'.
[  201.728705][ T6927] netlink: 8 bytes leftover after parsing attributes in process `syz.2.259'.
[  201.875052][ T6931] netlink: 1343 bytes leftover after parsing attributes in process `syz.2.260'.
[  202.244900][ T6939] loop1: detected capacity change from 0 to 128
[  202.331118][ T6939] EXT4-fs: Ignoring removed nomblk_io_submit option
[  202.367405][ T6939] EXT4-fs: Ignoring removed nomblk_io_submit option
[  202.538207][ T6939] EXT4-fs (loop1): Test dummy encryption mode enabled
[  203.036632][ T6939] EXT4-fs (loop1): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none.
[  203.090400][ T6939] ext4 filesystem being mounted at /57/mnt supports timestamps until 2038-01-19 (0x7fffffff)
[  203.161538][ T6939] fscrypt: AES-256-CBC-CTS using implementation "cts-cbc-aes-aesni"
[  203.286941][ T6939] EXT4-fs (loop1): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09.
[  209.016211][ T7009] : entered promiscuous mode
[  210.862979][ T7035] macvlan2: entered allmulticast mode
[  210.889932][ T7035] bond_slave_0: entered promiscuous mode
[  210.895755][ T7035] bond_slave_1: entered promiscuous mode
[  210.956984][ T7035] bond0: entered allmulticast mode
[  210.980103][ T5841] usb 6-1: new high-speed USB device number 2 using dummy_hcd
[  211.005352][ T7035] bond_slave_0: entered allmulticast mode
[  211.033921][ T7035] bond_slave_1: entered allmulticast mode
[  211.047952][ T7035] 8021q: adding VLAN 0 to HW filter on device macvlan2
[  211.099457][ T7035] team0: Port device macvlan2 added
[  211.479535][ T5841] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  211.517168][ T5841] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  211.525729][ T7042] netlink: 24 bytes leftover after parsing attributes in process `syz.3.295'.
[  211.550068][ T5841] usb 6-1: New USB device found, idVendor=10c4, idProduct=ea90, bcdDevice= 0.00
[  211.570866][ T5841] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  211.831388][ T5841] usb 6-1: config 0 descriptor??
[  211.981439][   T51] Bluetooth: hci3: command 0x0406 tx timeout
[  211.987737][   T51] Bluetooth: hci4: command 0x0405 tx timeout
[  211.994936][   T51] Bluetooth: hci1: command 0x0406 tx timeout
[  212.874611][ T5841] cp2112 0003:10C4:EA90.0001: unknown main item tag 0x0
[  212.920997][ T5841] cp2112 0003:10C4:EA90.0001: unknown main item tag 0x2
[  212.961960][ T5841] cp2112 0003:10C4:EA90.0001: hidraw0: USB HID v0.00 Device [HID 10c4:ea90] on usb-dummy_hcd.5-1/input0
[  213.113314][ T5841] cp2112 0003:10C4:EA90.0001: Part Number: 0x00 Device Version: 0x00
[  213.189367][ T7053] lo speed is unknown, defaulting to 1000
[  213.210436][ T7053] lo speed is unknown, defaulting to 1000
[  213.281869][ T7053] lo speed is unknown, defaulting to 1000
[  213.288641][ T7054] netlink: 6 bytes leftover after parsing attributes in process `syz.3.299'.
[  213.305957][ T7054] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check.
[  213.354484][ T7053] iwpm_register_pid: Unable to send a nlmsg (client = 2)
[  213.420874][ T7053] infiniband syz2: RDMA CMA: cma_listen_on_dev, error -98
[  213.666661][ T7053] lo speed is unknown, defaulting to 1000
[  213.674302][ T7053] lo speed is unknown, defaulting to 1000
[  213.681924][ T7053] lo speed is unknown, defaulting to 1000
[  213.690925][ T7053] lo speed is unknown, defaulting to 1000
[  213.699484][ T7053] lo speed is unknown, defaulting to 1000
[  213.931399][ T5907] usb 6-1: USB disconnect, device number 2
[  214.058058][   T30] audit: type=1326 audit(1752807782.638:9): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7059 comm="syz.2.304" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f69be78e929 code=0x7fc00000
[  214.085996][   T30] audit: type=1326 audit(1752807782.638:10): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7059 comm="syz.2.304" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f69be78e929 code=0x7fc00000
[  214.117089][   T30] audit: type=1326 audit(1752807782.698:11): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7059 comm="syz.2.304" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f69be78e929 code=0x7fc00000
[  214.191659][   T30] audit: type=1326 audit(1752807782.728:12): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7059 comm="syz.2.304" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f69be78e929 code=0x7fc00000
[  214.231822][   T30] audit: type=1326 audit(1752807782.768:13): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7059 comm="syz.2.304" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f69be78e929 code=0x7fc00000
[  214.910398][   T30] audit: type=1326 audit(1752807783.378:14): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7059 comm="syz.2.304" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f69be78e929 code=0x7fc00000
[  221.270137][    T9] usb 4-1: new high-speed USB device number 2 using dummy_hcd
[  221.420228][ T5945] usb 1-1: new high-speed USB device number 2 using dummy_hcd
[  221.521088][    T9] usb 4-1: Using ep0 maxpacket: 32
[  221.640722][ T5945] usb 1-1: Using ep0 maxpacket: 16
[  221.808766][    T9] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  221.819150][    T9] usb 4-1: config 0 has 0 interfaces, different from the descriptor's value: 1
[  221.843660][    T9] usb 4-1: New USB device found, idVendor=1044, idProduct=7a4d, bcdDevice= 0.00
[  221.853672][    T9] usb 4-1: New USB device strings: Mfr=0, Product=1, SerialNumber=0
[  221.862348][    T9] usb 4-1: Product: syz
[  221.869649][    T9] usb 4-1: config 0 descriptor??
[  221.968651][ T5945] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x84 has invalid wMaxPacketSize 0
[  222.217173][ T5945] usb 1-1: New USB device found, idVendor=2040, idProduct=0264, bcdDevice=4e.d1
[  222.226478][ T5945] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  222.248631][ T5945] usb 1-1: Product: syz
[  223.070192][ T5945] usb 1-1: Manufacturer: syz
[  223.075035][ T5945] usb 1-1: SerialNumber: syz
[  223.167044][ T5945] usb 1-1: config 0 descriptor??
[  223.221037][ T5945] em28xx 1-1:0.0: New device syz syz @ 480 Mbps (2040:0264, interface 0, class 0)
[  223.232477][ T5945] em28xx 1-1:0.0: DVB interface 0 found: bulk
[  223.988329][ T5945] em28xx 1-1:0.0: unknown em28xx chip ID (0)
[  224.380122][ T5941] usb 4-1: USB disconnect, device number 2
[  224.592269][ T5945] em28xx 1-1:0.0: reading from i2c device at 0xa0 failed (error=-5)
[  224.608175][ T5945] em28xx 1-1:0.0: board has no eeprom
[  225.328536][ T7166] loop3: detected capacity change from 0 to 1024
[  225.386665][ T5945] em28xx 1-1:0.0: Identified as PCTV tripleStick (292e) (card=94)
[  225.626545][ T5945] em28xx 1-1:0.0: dvb set to bulk mode.
[  226.322479][ T5941] em28xx 1-1:0.0: Binding DVB extension
[  226.404208][ T5945] usb 1-1: USB disconnect, device number 2
[  226.408488][ T1162] hfsplus: b-tree write err: -5, ino 4
[  226.417840][ T5945] em28xx 1-1:0.0: Disconnecting em28xx
[  226.661049][ T5941] em28xx 1-1:0.0: Registering input extension
[  226.690482][ T5945] em28xx 1-1:0.0: Closing input extension
[  226.939323][ T5945] em28xx 1-1:0.0: Freeing device
[  227.644267][   T30] audit: type=1804 audit(1752807796.228:15): pid=7190 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.2.343" name="file0" dev="tmpfs" ino=478 res=1 errno=0
[  227.836060][   T10] IPVS: starting estimator thread 0...
[  227.883133][ T7195] netlink: 1 bytes leftover after parsing attributes in process `syz.3.344'.
[  227.930269][ T7197] IPVS: using max 36 ests per chain, 86400 per kthread
[  228.414292][ T7205] loop0: detected capacity change from 0 to 1024
[  228.427889][ T7205] EXT4-fs (loop0): stripe (65535) is not aligned with cluster size (16), stripe is disabled
[  228.440147][ T7205] JBD2: no valid journal superblock found
[  228.447029][ T7205] EXT4-fs (loop0): Could not load journal inode
[  228.470862][ T7205] cgroup2: Unexpected value for 'nsdelegate'
[  228.510624][ T7204] netlink: 'syz.1.345': attribute type 1 has an invalid length.
[  228.679256][ T7204] bond2: entered promiscuous mode
[  228.809258][ T7210] loop0: detected capacity change from 0 to 512
[  228.843318][ T7210] EXT4-fs: Quota format mount options ignored when QUOTA feature is enabled
[  228.853969][ T7204] 8021q: adding VLAN 0 to HW filter on device bond2
[  229.210289][ T7221] xt_CHECKSUM: CHECKSUM should be avoided.  If really needed, restrict with "-p udp" and only use in OUTPUT
[  230.042548][ T7210] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000d40000 r/w without journal. Quota mode: writeback.
[  230.320211][ T7210] ext4 filesystem being mounted at /69/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  230.501582][ T7211] 8021q: adding VLAN 0 to HW filter on device bond2
[  230.530924][ T7211] bond2: (slave ip6gre1): The slave device specified does not support setting the MAC address
[  230.580848][ T7211] bond2: (slave ip6gre1): Setting fail_over_mac to active for active-backup mode
[  230.872143][ T7211] bond2: (slave ip6gre1): making interface the new active one
[  230.886857][ T7211] ip6gre1: entered promiscuous mode
[  231.973827][ T7211] bond2: (slave ip6gre1): Enslaving as an active interface with an up link
[  232.021088][ T5852] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000d40000.
[  234.556308][ T7245] syz_tun: entered allmulticast mode
[  234.595954][ T7243] syz_tun: left allmulticast mode
[  234.833756][ T7249] netlink: 72 bytes leftover after parsing attributes in process `syz.2.359'.
[  235.142746][ T7258] loop0: detected capacity change from 0 to 8
[  235.594631][ T7264] process 'syz.0.363' launched './file1' with NULL argv: empty string added
[  235.609688][ T7264] SQUASHFS error: Failed to read block 0x8f: -5
[  237.790215][   T30] audit: type=1326 audit(1752807806.298:16): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7274 comm="syz.0.367" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fee9d18e929 code=0x0
[  240.162606][ T7301] netlink: 4 bytes leftover after parsing attributes in process `syz.0.374'.
[  242.367052][ T7315] netlink: 4 bytes leftover after parsing attributes in process `syz.3.378'.
[  242.631652][ T7320] loop5: detected capacity change from 0 to 1024
[  245.265677][ T7341] input: syz0 as /devices/virtual/input/input6
[  247.893153][ T7365] netlink: 8 bytes leftover after parsing attributes in process `syz.2.393'.
[  252.581192][ T7408] netlink: 4 bytes leftover after parsing attributes in process `syz.3.405'.
[  253.004443][ T7399] loop0: detected capacity change from 0 to 2048
[  253.208891][ T7399] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  253.556319][ T5852] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  254.442222][ T7444] netlink: 'syz.0.415': attribute type 1 has an invalid length.
[  254.457072][ T7444] netlink: 'syz.0.415': attribute type 4 has an invalid length.
[  254.466181][ T7444] netlink: 9462 bytes leftover after parsing attributes in process `syz.0.415'.
[  255.700775][ T1304] ieee802154 phy0 wpan0: encryption failed: -22
[  255.750210][ T1304] ieee802154 phy1 wpan1: encryption failed: -22
[  255.949417][ T7460] netlink: 'syz.3.422': attribute type 4 has an invalid length.
[  255.974082][ T5907] lo speed is unknown, defaulting to 1000
[  255.990347][ T5907] syz2: Port: 1 Link DOWN
[  256.001749][ T7460] netlink: 'syz.3.422': attribute type 4 has an invalid length.
[  256.043512][ T5907] lo speed is unknown, defaulting to 1000
[  256.049392][ T5907] syz2: Port: 1 Link ACTIVE
[  256.760505][ T7479] netlink: 2028 bytes leftover after parsing attributes in process `syz.2.428'.
[  256.907555][ T7479] netlink: 12 bytes leftover after parsing attributes in process `syz.2.428'.
[  256.973982][ T7480] netlink: 36 bytes leftover after parsing attributes in process `syz.5.425'.
[  258.410582][ T5865] Bluetooth: hci1: command 0x0406 tx timeout
[  259.718587][ T7506] capability: warning: `syz.1.437' uses 32-bit capabilities (legacy support in use)
[  260.278522][ T7518] sch_tbf: burst 19872 is lower than device lo mtu (65550) !
[  262.656877][ T7539] netlink: 'syz.2.448': attribute type 13 has an invalid length.
[  262.700418][ T7539] netlink: 'syz.2.448': attribute type 17 has an invalid length.
[  263.880935][ T7539] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.
[  268.246389][ T7576] ./file0: Can't open blockdev
[  271.159616][ T7598] netlink: 4 bytes leftover after parsing attributes in process `syz.2.466'.
[  271.483882][ T7604] netlink: 'syz.1.467': attribute type 4 has an invalid length.
[  271.746381][ T7605] netlink: 'syz.1.467': attribute type 4 has an invalid length.
[  273.108617][ T7624] Invalid source name
[  273.112790][ T7624] UBIFS error (pid: 7624): cannot open "/dev/sg0", error -22
[  276.780188][ T7653] overlayfs: option "workdir=./bus" is useless in a non-upper mount, ignore
[  276.798417][ T7653] overlayfs: option "index=on" is useless in a non-upper mount, ignore
[  276.806984][ T7653] overlayfs: NFS export requires "redirect_dir=nofollow" on non-upper mount, falling back to nfs_export=off.
[  276.819090][ T7653] overlayfs: at least 2 lowerdir are needed while upperdir nonexistent
[  283.123380][   T30] audit: type=1326 audit(1752807851.698:17): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7687 comm="syz.2.492" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f69be78e929 code=0x7ffc0000
[  283.150377][   T30] audit: type=1326 audit(1752807851.698:18): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7687 comm="syz.2.492" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f69be78e929 code=0x7ffc0000
[  283.175004][   T30] audit: type=1326 audit(1752807851.708:19): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7687 comm="syz.2.492" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f69be78e929 code=0x7ffc0000
[  283.202753][   T30] audit: type=1326 audit(1752807851.708:20): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7687 comm="syz.2.492" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f69be78e929 code=0x7ffc0000
[  283.243293][   T30] audit: type=1326 audit(1752807851.708:21): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7687 comm="syz.2.492" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f69be78e929 code=0x7ffc0000
[  283.408917][ T7683] wireguard0: entered promiscuous mode
[  283.414617][ T7683] wireguard0: entered allmulticast mode
[  283.424730][   T30] audit: type=1326 audit(1752807851.708:22): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7687 comm="syz.2.492" exe="/root/syz-executor" sig=0 arch=c000003e syscall=111 compat=0 ip=0x7f69be78e929 code=0x7ffc0000
[  283.666642][   T30] audit: type=1326 audit(1752807851.708:23): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7687 comm="syz.2.492" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f69be78e929 code=0x7ffc0000
[  283.890076][   T30] audit: type=1326 audit(1752807851.708:24): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7687 comm="syz.2.492" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f69be78e929 code=0x7ffc0000
[  283.928012][   T30] audit: type=1326 audit(1752807851.708:25): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7687 comm="syz.2.492" exe="/root/syz-executor" sig=0 arch=c000003e syscall=434 compat=0 ip=0x7f69be78e929 code=0x7ffc0000
[  284.794398][   T30] audit: type=1326 audit(1752807851.708:26): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7687 comm="syz.2.492" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f69be78e929 code=0x7ffc0000
[  286.312681][ T7703] netlink: 'syz.2.497': attribute type 1 has an invalid length.
[  286.459832][ T7707] netlink: 8 bytes leftover after parsing attributes in process `syz.2.497'.
[  286.538061][ T7707] 8021q: adding VLAN 0 to HW filter on device batadv1
[  286.597480][ T7707] bond2: (slave batadv1): Enslaving as a backup interface with an up link
[  286.706613][ T7703] bond2 (unregistering): (slave batadv1): Releasing backup interface
[  286.742400][ T7703] bond2 (unregistering): Released all slaves
[  287.021638][ T7719] netlink: 'syz.1.502': attribute type 4 has an invalid length.
[  287.030294][ T7719] netlink: 152 bytes leftover after parsing attributes in process `syz.1.502'.
[  287.972305][ T7719] : renamed from bond0 (while UP)
[  287.981828][ T7719] bond_slave_0: left promiscuous mode
[  288.010651][ T7719] bond_slave_1: left promiscuous mode
[  294.498611][ T7764] loop3: detected capacity change from 0 to 32768
[  294.508374][ T5865] Bluetooth: hci2: command 0x0406 tx timeout
[  294.557281][ T7762] loop5: detected capacity change from 0 to 32768
[  294.683074][ T7764] Dev loop3 SGI disklabel: csum bad, label corrupted
[  295.016885][ T7762] bcachefs (loop5): starting version 1.7: mi_btree_bitmap opts=errors=continue,metadata_checksum=none,data_checksum=none,compression=lz4,nojournal_transaction_names
[  295.016914][ T7762]   allowing incompatible features above 0.0: (unknown version)
[  295.016924][ T7762]   features: lz4,new_siphash,inline_data,new_extent_overwrite,btree_ptr_v2,new_varint,journal_no_flush,alloc_v2,extents_across_btree_nodes
[  295.055945][ T7762] bcachefs (loop5): Using encoding defined by superblock: utf8-12.1.0
[  295.064256][ T7762] bcachefs (loop5): initializing new filesystem
[  295.093282][ T7762] bcachefs (loop5): going read-write
[  296.450813][ T7762] bcachefs (loop5): initializing freespace
[  296.517826][ T7789] netlink: 'syz.1.517': attribute type 2 has an invalid length.
[  296.914801][ T7762] syz.5.515 (7762) used greatest stack depth: 14824 bytes left
[  296.986544][ T7791] overlayfs: failed to clone upperpath
[  297.097761][ T6552] bcachefs (loop5): clean shutdown complete, journal seq 8
[  297.532697][ T7799] bridge_slave_0: left allmulticast mode
[  297.725904][ T7799] bridge_slave_0: left promiscuous mode
[  297.817429][ T7799] bridge0: port 1(bridge_slave_0) entered disabled state
[  298.291536][ T7799] bridge_slave_1: left allmulticast mode
[  298.314764][ T7799] bridge_slave_1: left promiscuous mode
[  298.323089][ T7799] bridge0: port 2(bridge_slave_1) entered disabled state
[  298.416521][ T7799] bond0: (slave bond_slave_0): Releasing backup interface
[  298.526649][ T7799] bond0: (slave bond_slave_1): Releasing backup interface
[  300.176301][ T7799] team0: Port device team_slave_0 removed
[  300.213984][ T7799] team0: Port device team_slave_1 removed
[  300.224120][ T7799] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  300.234268][ T7799] batman_adv: batadv0: Removing interface: batadv_slave_0
[  300.289589][ T7799] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  300.306246][ T7799] batman_adv: batadv0: Removing interface: batadv_slave_1
[  300.942118][ T7822] random: crng reseeded on system resumption
[  302.193689][ T7830] blktrace: Concurrent blktraces are not allowed on loop0
[  303.673029][ T7848] futex_wake_op: syz.1.539 tries to shift op by -1; fix this program
[  303.931510][ T7850] lo speed is unknown, defaulting to 1000
[  306.262270][ T7868] netlink: 4 bytes leftover after parsing attributes in process `syz.0.544'.
[  306.340195][ T7872] netlink: 12 bytes leftover after parsing attributes in process `syz.0.544'.
[  306.907765][ T7877] netlink: 'syz.3.547': attribute type 1 has an invalid length.
[  307.006285][ T7877] 8021q: adding VLAN 0 to HW filter on device bond1
[  307.611406][ T7892] vlan2: entered allmulticast mode
[  307.616888][ T7892] veth1: entered allmulticast mode
[  307.628302][ T7892] bond1: (slave vlan2): making interface the new active one
[  307.638781][ T7892] bond1: (slave vlan2): Enslaving as an active interface with an up link
[  314.910293][ T5907] usb 6-1: new high-speed USB device number 3 using dummy_hcd
[  315.323138][ T5907] usb 6-1: config 0 has no interfaces?
[  315.331134][ T5907] usb 6-1: New USB device found, idVendor=08b7, idProduct=0000, bcdDevice= 0.00
[  315.341765][ T5907] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3
[  315.357194][ T5907] usb 6-1: SerialNumber: syz
[  315.383274][ T5907] usb 6-1: config 0 descriptor??
[  316.360982][ T7936] netlink: 277 bytes leftover after parsing attributes in process `syz.5.565'.
[  316.525806][ T5907] usb 6-1: USB disconnect, device number 3
[  317.260429][ T1304] ieee802154 phy0 wpan0: encryption failed: -22
[  317.266832][ T1304] ieee802154 phy1 wpan1: encryption failed: -22
[  322.789078][ T8011] netlink: 'syz.3.584': attribute type 39 has an invalid length.
[  326.186311][ T8048] loop0: detected capacity change from 0 to 512
[  326.244821][ T8048] EXT4-fs (loop0): revision level too high, forcing read-only mode
[  326.257557][ T8048] EXT4-fs (loop0): orphan cleanup on readonly fs
[  326.265489][ T8048] __quota_error: 15 callbacks suppressed
[  326.265508][ T8048] Quota error (device loop0): v2_read_file_info: Block with free entry 1 out of range (1, 6).
[  326.289032][ T8048] EXT4-fs warning (device loop0): ext4_enable_quotas:7168: Failed to enable quota tracking (type=1, err=-117, ino=4). Please run e2fsck to fix.
[  326.312652][ T8048] EXT4-fs (loop0): Cannot turn on quotas: error -117
[  326.333370][ T8048] EXT4-fs error (device loop0): ext4_validate_block_bitmap:441: comm syz.0.597: bg 0: block 40: padding at end of block bitmap is not set
[  326.359436][ T8048] EXT4-fs error (device loop0) in ext4_mb_clear_bb:6548: Corrupt filesystem
[  326.375319][ T8048] EXT4-fs (loop0): 1 truncate cleaned up
[  326.387614][ T8048] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback.
[  326.932326][ T5852] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  328.022524][ T8078] serio: Serial port ptm0
[  332.057785][ T8099] loop0: detected capacity change from 0 to 1024
[  332.318618][ T8099] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  332.383060][ T8101] evm: overlay not supported
[  332.390292][   T30] audit: type=1804 audit(1752807900.938:42): pid=8101 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.3.612" name="/newroot/128/bus/bus" dev="overlay" ino=702 res=1 errno=0
[  332.442374][ T8101] Invalid ELF header magic: != ELF
[  332.753698][ T5852] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  335.054380][ T8124] netlink: 4 bytes leftover after parsing attributes in process `syz.2.618'.
[  336.150286][ T8124] vxlan0: entered promiscuous mode
[  336.157795][ T3541] netdevsim netdevsim2 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0
[  336.173318][ T8129] netlink: 12 bytes leftover after parsing attributes in process `syz.3.620'.
[  336.175920][ T3541] netdevsim netdevsim2 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0
[  336.238814][ T3541] netdevsim netdevsim2 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0
[  337.351209][ T3541] netdevsim netdevsim2 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0
[  337.436160][ T8132] kvm: pic: single mode not supported
[  337.436259][ T8132] kvm: pic: single mode not supported
[  337.483106][ T8133] bond2: (slave ip6gretap1): Enslaving as an active interface with an up link
[  337.518915][ T8137] bond2 (unregistering): (slave ip6gretap1): Releasing backup interface
[  337.626387][ T8137] bond2 (unregistering): Released all slaves
[  352.645988][ T5941] usb 4-1: new high-speed USB device number 3 using dummy_hcd
[  353.640524][ T5941] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  353.651738][ T5941] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  353.664199][ T5941] usb 4-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21
[  354.060874][ T8270] netlink: 8 bytes leftover after parsing attributes in process `syz.2.659'.
[  354.071771][ T8270] IPVS: Error joining to the multicast group
[  354.090210][ T5941] usb 4-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[  354.148579][ T5941] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  354.199412][ T5941] usb 4-1: config 0 descriptor??
[  355.234147][ T5941] usbhid 4-1:0.0: can't add hid device: -71
[  355.268586][ T5941] usbhid 4-1:0.0: probe with driver usbhid failed with error -71
[  355.303313][ T5941] usb 4-1: USB disconnect, device number 3
[  355.387120][ T8278] netlink: 16 bytes leftover after parsing attributes in process `syz.2.662'.
[  355.502427][ T8280] netlink: 28 bytes leftover after parsing attributes in process `syz.2.662'.
[  357.041095][ T8294] bridge0: trying to set multicast startup query interval below minimum, setting to 100 (1000ms)
[  357.126051][ T8294] bridge0: port 2(bridge_slave_1) entered disabled state
[  357.134942][ T8294] bridge0: port 1(bridge_slave_0) entered disabled state
[  357.523791][ T8299] IPVS: dh: UDP 224.0.0.2:0 - no destination available
[  357.533644][ T5860] IPVS: starting estimator thread 0...
[  357.603029][ T8304] netlink: 12 bytes leftover after parsing attributes in process `syz.1.669'.
[  357.630748][ T8302] IPVS: using max 25 ests per chain, 60000 per kthread
[  357.869859][ T8309] overlayfs: failed to clone upperpath
[  364.426814][ T8356] vlan2: entered allmulticast mode
[  364.432072][ T8356] dummy0: entered allmulticast mode
[  365.283894][ T8375] xt_CT: No such helper "syz1"
[  369.741099][ T8406] netlink: 4 bytes leftover after parsing attributes in process `syz.3.701'.
[  369.881677][ T5860] usb 1-1: new high-speed USB device number 3 using dummy_hcd
[  369.995590][ T8408] overlayfs: failed to clone upperpath
[  370.031419][ T8408] Invalid ELF header magic: != ELF
[  370.031863][ T5860] usb 1-1: device descriptor read/64, error -71
[  371.240930][ T8422] netlink: 4 bytes leftover after parsing attributes in process `syz.2.708'.
[  371.290130][ T5860] usb 1-1: new high-speed USB device number 4 using dummy_hcd
[  371.440180][ T5860] usb 1-1: device descriptor read/64, error -71
[  372.504335][ T5860] usb usb1-port1: attempt power cycle
[  377.834108][ T8479] netlink: 12 bytes leftover after parsing attributes in process `syz.0.724'.
[  378.576215][ T1304] ieee802154 phy0 wpan0: encryption failed: -22
[  378.582685][ T1304] ieee802154 phy1 wpan1: encryption failed: -22
[  381.768429][ T8503] batadv_slave_0: entered promiscuous mode
[  386.242117][ T8527] loop5: detected capacity change from 0 to 512
[  386.439733][ T8527] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled
[  386.532046][ T8527] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  386.580248][ T8527] ext4 filesystem being mounted at /88/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  388.081703][ T6552] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  388.510236][  T929] usb 6-1: new high-speed USB device number 4 using dummy_hcd
[  388.672349][  T929] usb 6-1: Using ep0 maxpacket: 16
[  388.712934][  T929] usb 6-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  388.743016][  T929] usb 6-1: config 1 has 1 interface, different from the descriptor's value: 3
[  388.755438][  T929] usb 6-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[  388.765614][  T929] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  388.774446][  T929] usb 6-1: Product: syz
[  388.827221][  T929] usb 6-1: Manufacturer: syz
[  388.835246][  T929] usb 6-1: SerialNumber: syz
[  389.164993][  T929] usb 6-1: 0:2 : does not exist
[  389.215134][  T929] usb 6-1: 5:0: failed to get current value for ch 0 (-22)
[  389.299480][  T929] usb 6-1: USB disconnect, device number 4
[  391.843855][ T8598] xt_NFQUEUE: number of queues (65532) out of range (got 66665)
[  393.080025][  T929] usb 6-1: new high-speed USB device number 5 using dummy_hcd
[  393.212497][ T8607] misc userio: No port type given on /dev/userio
[  394.037040][  T929] usb 6-1: New USB device found, idVendor=0af0, idProduct=7a05, bcdDevice= 0.00
[  394.079987][  T929] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  394.139967][  T929] usb 6-1: Product: syz
[  394.160860][  T929] usb 6-1: Manufacturer: syz
[  394.174606][  T929] usb 6-1: SerialNumber: syz
[  394.533888][  T929] usb 6-1: config 0 descriptor??
[  394.844671][  T929] hso 6-1:0.0: Failed to find INT IN ep
[  394.943804][  T929] usb-storage 6-1:0.0: USB Mass Storage device detected
[  395.089215][  T929] usb 6-1: USB disconnect, device number 5
[  395.505605][ T8621] bridge0: entered allmulticast mode
[  396.443486][ T8629] netlink: 36 bytes leftover after parsing attributes in process `syz.1.769'.
[  396.545414][ T8629] netlink: 16 bytes leftover after parsing attributes in process `syz.1.769'.
[  396.803331][ T8629] netlink: 36 bytes leftover after parsing attributes in process `syz.1.769'.
[  396.813123][  T929] usb 1-1: new high-speed USB device number 6 using dummy_hcd
[  397.108299][ T8629] netlink: 36 bytes leftover after parsing attributes in process `syz.1.769'.
[  397.255994][  T929] usb 1-1: config 0 has no interfaces?
[  397.314089][  T929] usb 1-1: New USB device found, idVendor=091e, idProduct=0003, bcdDevice=d7.3b
[  397.340014][  T929] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  397.348330][  T929] usb 1-1: Product: syz
[  397.358480][  T929] usb 1-1: Manufacturer: syz
[  397.368648][  T929] usb 1-1: SerialNumber: syz
[  397.400636][  T929] usb 1-1: config 0 descriptor??
[  401.326222][ T8661] trusted_key: encrypted_key: insufficient parameters specified
[  401.343825][  T929] usb 1-1: USB disconnect, device number 6
[  401.500166][   T30] audit: type=1326 audit(1752807970.078:43): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8664 comm="syz.5.781" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f381c98e929 code=0x7ffc0000
[  401.556475][ T8671] netlink: 24 bytes leftover after parsing attributes in process `syz.0.783'.
[  401.706352][   T30] audit: type=1326 audit(1752807970.078:44): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8664 comm="syz.5.781" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f381c98e929 code=0x7ffc0000
[  401.730399][   T30] audit: type=1326 audit(1752807970.078:45): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8664 comm="syz.5.781" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f381c98e929 code=0x7ffc0000
[  401.753458][   T30] audit: type=1326 audit(1752807970.078:46): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8664 comm="syz.5.781" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f381c98e929 code=0x7ffc0000
[  401.773472][ T5841] usb 6-1: new low-speed USB device number 6 using dummy_hcd
[  401.812049][ T8671] sch_tbf: burst 88 is lower than device veth3 mtu (1514) !
[  401.816613][   T30] audit: type=1326 audit(1752807970.078:47): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8664 comm="syz.5.781" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f381c98e929 code=0x7ffc0000
[  402.756082][   T30] audit: type=1326 audit(1752807970.078:48): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8664 comm="syz.5.781" exe="/root/syz-executor" sig=0 arch=c000003e syscall=260 compat=0 ip=0x7f381c98e929 code=0x7ffc0000
[  402.769354][ T5841] usb 6-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  402.779084][   T30] audit: type=1326 audit(1752807970.078:49): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8664 comm="syz.5.781" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f381c98e929 code=0x7ffc0000
[  402.819706][   T30] audit: type=1326 audit(1752807970.078:50): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8664 comm="syz.5.781" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7f381c98d290 code=0x7ffc0000
[  402.852344][ T5841] usb 6-1: config 1 has 1 interface, different from the descriptor's value: 3
[  402.930889][ T5841] usb 6-1: string descriptor 0 read error: -22
[  402.949976][   T30] audit: type=1326 audit(1752807970.078:51): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8664 comm="syz.5.781" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7f381c98e52b code=0x7ffc0000
[  402.950068][ T5841] usb 6-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[  403.080011][ T5841] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  403.299003][   T30] audit: type=1326 audit(1752807970.078:52): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8664 comm="syz.5.781" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7f381c98e52b code=0x7ffc0000
[  403.365255][ T5841] usb 6-1: Quirk or no altset; falling back to MIDI 1.0
[  405.222301][ T8683] loop0: detected capacity change from 0 to 8
[  405.266447][ T8683] SQUASHFS error: zlib decompression failed, data probably corrupt
[  405.293568][ T8683] SQUASHFS error: Failed to read block 0x9b: -5
[  405.325726][ T5841] usb 6-1: USB disconnect, device number 6
[  405.351166][ T8683] SQUASHFS error: Unable to read metadata cache entry [99]
[  405.358428][ T8683] SQUASHFS error: Unable to read inode 0x127
[  405.926593][ T8693] 9pnet_fd: p9_fd_create_tcp (8693): problem connecting socket to 127.0.0.1
[  406.231640][ T8703] netlink: 12 bytes leftover after parsing attributes in process `syz.0.786'.
[  406.254900][ T8702] netlink: 8 bytes leftover after parsing attributes in process `syz.1.792'.
[  406.287048][ T8703] netlink: 12 bytes leftover after parsing attributes in process `syz.0.786'.
[  406.736278][ T8712] loop0: detected capacity change from 0 to 512
[  406.785921][ T8712] EXT4-fs (loop0): can't mount with data_err=abort, fs mounted w/o journal
[  407.130197][ T8719] ip6t_REJECT: TCP_RESET illegal for non-tcp
[  409.592102][ T8726] netlink: 'syz.1.800': attribute type 16 has an invalid length.
[  409.620092][ T8726] netlink: 'syz.1.800': attribute type 17 has an invalid length.
[  409.648017][ T8734] netlink: 'syz.1.800': attribute type 16 has an invalid length.
[  409.719096][ T8734] netlink: 'syz.1.800': attribute type 17 has an invalid length.
[  409.942786][   T30] kauditd_printk_skb: 32 callbacks suppressed
[  409.942807][   T30] audit: type=1326 audit(1752807978.518:85): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8733 comm="syz.0.802" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7fee9d18e929 code=0x0
[  411.343691][ T8734] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  411.512249][ T8734] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  412.858507][ T8771] tmpfs: Unknown parameter './bus'
[  413.242203][ T8774] loop5: detected capacity change from 0 to 4096
[  413.938367][ T8774] ntfs3(loop5): Different NTFS sector size (4096) and media sector size (512).
[  414.170529][ T8774] ntfs3(loop5): ino=19, mi_enum_attr
[  414.183513][ T8774] ntfs3(loop5): Mark volume as dirty due to NTFS errors
[  414.269813][ T3541] netdevsim netdevsim1 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0
[  414.273970][ T8774] ntfs3(loop5): failed to convert "c46c" to cp932
[  414.298746][ T8774] ntfs3(loop5): ino=20, mi_enum_attr
[  414.313554][ T3541] netdevsim netdevsim1 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0
[  414.346603][ T3541] netdevsim netdevsim1 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0
[  414.357400][ T3541] netdevsim netdevsim1 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0
[  415.734499][ T8803] netlink: 4 bytes leftover after parsing attributes in process `syz.2.823'.
[  420.090381][    T9] usb 4-1: new high-speed USB device number 4 using dummy_hcd
[  420.324154][    T9] usb 4-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  420.369063][    T9] usb 4-1: config 1 has 1 interface, different from the descriptor's value: 3
[  421.475844][    T9] usb 4-1: New USB device found, idVendor=08b7, idProduct=0000, bcdDevice= 0.00
[  421.525810][    T9] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3
[  421.546245][    T9] usb 4-1: SerialNumber: syz
[  421.793552][    T9] usb 4-1: 0:2 : does not exist
[  421.818967][    T9] usb 4-1: unit 255 not found!
[  421.838490][    T9] usb 4-1: 5:0: cannot get min/max values for control 2 (id 5)
[  422.138830][    T9] usb 4-1: 5:0: cannot get min/max values for control 3 (id 5)
[  422.171425][    T9] usb 4-1: 5:0: cannot get min/max values for control 4 (id 5)
[  423.264860][    T9] usb 4-1: 5:0: cannot get min/max values for control 7 (id 5)
[  423.329775][    T9] usb 4-1: 5:0: cannot get min/max values for control 8 (id 5)
[  423.668388][    T9] usb 4-1: USB disconnect, device number 4
[  426.333680][ T8891] dummy0: entered allmulticast mode
[  429.267827][ T5941] kernel read not supported for file /545/oom_adj (pid: 5941 comm: kworker/1:5)
[  429.267994][ T8908] netlink: 'syz.3.851': attribute type 3 has an invalid length.
[  429.345878][ T8911] openvswitch: netlink: Unexpected mask (mask=200040, allowed=10048)
[  429.377989][ T8908] netlink: 8 bytes leftover after parsing attributes in process `syz.3.851'.
[  432.825730][ T8942] netlink: 28 bytes leftover after parsing attributes in process `syz.0.862'.
[  433.517344][ T8947] netlink: 28 bytes leftover after parsing attributes in process `syz.0.862'.
[  433.746476][ T5945] hid-generic 0000:0000:0000.0002: unknown main item tag 0x0
[  433.755402][ T8950] loop5: detected capacity change from 0 to 1024
[  433.770532][ T5945] hid-generic 0000:0000:0000.0002: hidraw0: <UNKNOWN> HID v0.00 Device [syz1] on syz0
[  434.597795][ T8950] EXT4-fs: Ignoring removed nomblk_io_submit option
[  434.645016][ T8950] EXT4-fs: Quota format mount options ignored when QUOTA feature is enabled
[  434.690547][ T8950] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  435.981903][ T6552] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  440.051113][ T1304] ieee802154 phy0 wpan0: encryption failed: -22
[  440.248061][ T1304] ieee802154 phy1 wpan1: encryption failed: -22
[  447.442869][ T9059] loop3: detected capacity change from 0 to 256
[  447.627837][ T9059] exFAT-fs (loop3): error, The cluster chain has a loop
[  447.642831][ T9059] exFAT-fs (loop3): failed to count the number of clusters in root
[  447.840470][ T9059] exFAT-fs (loop3): failed to recognize exfat type
[  449.883960][ T9087] netlink: 168 bytes leftover after parsing attributes in process `syz.2.899'.
[  453.161523][ T9105] loop3: detected capacity change from 0 to 1024
[  453.183269][ T9105] EXT4-fs: Ignoring removed oldalloc option
[  453.301506][ T9105] EXT4-fs (loop3): stripe (3) is not aligned with cluster size (16), stripe is disabled
[  453.373330][ T9105] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  453.974743][ T5869] sysfs: cannot create duplicate filename '/devices/virtual/bluetooth/hci4/hci4:201'
[  453.984775][ T5869] CPU: 0 UID: 0 PID: 5869 Comm: kworker/u9:9 Not tainted 6.16.0-rc6-next-20250717-syzkaller #0 PREEMPT(full) 
[  453.984805][ T5869] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  453.984820][ T5869] Workqueue: hci4 hci_rx_work
[  453.984861][ T5869] Call Trace:
[  453.984871][ T5869]  <TASK>
[  453.984881][ T5869]  dump_stack_lvl+0x189/0x250
[  453.984911][ T5869]  ? __pfx_dump_stack_lvl+0x10/0x10
[  453.984937][ T5869]  ? __pfx__printk+0x10/0x10
[  453.984974][ T5869]  ? kernfs_path_from_node+0x250/0x290
[  453.984999][ T5869]  ? kernfs_path_from_node+0x2f/0x290
[  453.985032][ T5869]  sysfs_create_dir_ns+0x259/0x280
[  453.985065][ T5869]  ? __pfx_sysfs_create_dir_ns+0x10/0x10
[  453.985094][ T5869]  ? do_raw_spin_unlock+0x122/0x240
[  453.985127][ T5869]  kobject_add_internal+0x59f/0xb40
[  453.985158][ T5869]  kobject_add+0x155/0x220
[  453.985197][ T5869]  ? __pfx_kobject_add+0x10/0x10
[  453.985231][ T5869]  ? _raw_spin_unlock+0x28/0x50
[  453.985261][ T5869]  ? get_device_parent+0x366/0x3a0
[  453.985291][ T5869]  device_add+0x408/0xb50
[  453.985321][ T5869]  hci_conn_add_sysfs+0xd5/0x1e0
[  453.985349][ T5869]  le_conn_complete_evt+0xc3a/0x1220
[  453.985396][ T5869]  ? __pfx_le_conn_complete_evt+0x10/0x10
[  453.985438][ T5869]  ? __mutex_unlock_slowpath+0x1cd/0x700
[  453.985468][ T5869]  ? __asan_memcpy+0x40/0x70
[  453.985496][ T5869]  ? __pfx___mutex_lock+0x10/0x10
[  453.985526][ T5869]  ? __pfx___mutex_unlock_slowpath+0x10/0x10
[  453.985556][ T5869]  ? skb_pull_data+0xfb/0x200
[  453.985588][ T5869]  hci_le_enh_conn_complete_evt+0x189/0x470
[  453.985623][ T5869]  ? __pfx_hci_le_enh_conn_complete_evt+0x10/0x10
[  453.985659][ T5869]  hci_event_packet+0x78c/0x1200
[  453.985690][ T5869]  ? __pfx_hci_le_meta_evt+0x10/0x10
[  453.985724][ T5869]  ? __pfx_hci_event_packet+0x10/0x10
[  453.985753][ T5869]  ? kcov_remote_start+0x4d3/0x7f0
[  453.985783][ T5869]  ? lockdep_hardirqs_on+0x10/0x150
[  453.985816][ T5869]  ? hci_send_to_monitor+0xe2/0x570
[  453.985853][ T5869]  hci_rx_work+0x46a/0xe80
[  453.985890][ T5869]  ? process_scheduled_works+0x9ef/0x17b0
[  453.985926][ T5869]  process_scheduled_works+0xae1/0x17b0
[  453.985993][ T5869]  ? __pfx_process_scheduled_works+0x10/0x10
[  453.986048][ T5869]  worker_thread+0x8a0/0xda0
[  453.986073][ T5869]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[  453.986110][ T5869]  ? __kthread_parkme+0x7b/0x200
[  453.986145][ T5869]  kthread+0x70e/0x8a0
[  453.986176][ T5869]  ? __pfx_worker_thread+0x10/0x10
[  453.986195][ T5869]  ? __pfx_kthread+0x10/0x10
[  453.986223][ T5869]  ? _raw_spin_unlock_irq+0x23/0x50
[  453.986249][ T5869]  ? lockdep_hardirqs_on+0x9c/0x150
[  453.986275][ T5869]  ? __pfx_kthread+0x10/0x10
[  453.986302][ T5869]  ret_from_fork+0x3f9/0x770
[  453.986327][ T5869]  ? __pfx_ret_from_fork+0x10/0x10
[  453.986356][ T5869]  ? __switch_to_asm+0x39/0x70
[  453.986382][ T5869]  ? __switch_to_asm+0x33/0x70
[  453.986408][ T5869]  ? __pfx_kthread+0x10/0x10
[  453.986443][ T5869]  ret_from_fork_asm+0x1a/0x30
[  453.986489][ T5869]  </TASK>
[  453.988371][ T5869] kobject: kobject_add_internal failed for hci4:201 with -EEXIST, don't try to register things with the same name in the same directory.
[  454.300061][ T5869] Bluetooth: hci4: failed to register connection device
[  454.426615][ T9114] Bluetooth: hci1: Opcode 0x0c1a failed: -4
[  454.441654][ T9114] Bluetooth: hci1: Error when powering off device on rfkill (-4)
[  454.460698][ T9117] 8021q: adding VLAN 0 to HW filter on device 
[  454.476796][ T9119] loop0: detected capacity change from 0 to 1024
[  454.656403][ T9117] 8021q: adding VLAN 0 to HW filter on device team0
[  454.664414][ T9117] dummy0: left allmulticast mode
[  454.676244][ T9114] Bluetooth: hci3: Opcode 0x0c1a failed: -4
[  454.687459][ T9114] Bluetooth: hci3: Error when powering off device on rfkill (-4)
[  454.940997][ T9117] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.
[  455.524105][ T9125] veth5: entered promiscuous mode
[  455.540031][   T30] audit: type=1800 audit(1752808280.112:86): pid=9119 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.909" name="file1" dev="loop0" ino=20 res=0 errno=0
[  455.589742][ T5854] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  455.848321][ T9114] Bluetooth: hci4: Opcode 0x0c1a failed: -4
[  456.335166][ T5869] Bluetooth: hci4: command 0x0405 tx timeout
[  456.640180][ T9114] Bluetooth: hci4: Error when powering off device on rfkill (-4)
[  459.540798][ T9148] tipc: Started in network mode
[  459.578134][ T9148] tipc: Node identity 4, cluster identity 4711
[  459.593734][ T9148] tipc: Node number set to 4
[  459.604673][ T9159] netlink: 'syz.3.919': attribute type 10 has an invalid length.
[  459.806815][ T5941] kernel write not supported for file [eventfd] (pid: 5941 comm: kworker/1:5)
[  459.940586][ T9114] Bluetooth: hci2: Opcode 0x0c1a failed: -4
[  459.946512][ T9114] Bluetooth: hci2: Error when powering off device on rfkill (-4)
[  465.139800][ T9203] loop5: detected capacity change from 0 to 16
[  465.407330][ T9203] erofs (device loop5): mounted with root inode @ nid 36.
[  469.407157][ T9223] loop0: detected capacity change from 0 to 64
[  470.021889][   T30] audit: type=1800 audit(1752808294.612:87): pid=9223 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.937" name="file1" dev="loop0" ino=21 res=0 errno=0
[  470.119725][ T9226] syz.0.937: attempt to access beyond end of device
[  470.119725][ T9226] loop0: rw=34817, sector=39, nr_sectors = 125 limit=64
[  470.142373][ T9226] syz.0.937: attempt to access beyond end of device
[  470.142373][ T9226] loop0: rw=34817, sector=167, nr_sectors = 1 limit=64
[  470.150343][ T9232] netlink: 40 bytes leftover after parsing attributes in process `syz.2.939'.
[  470.155863][ T9226] syz.0.937: attempt to access beyond end of device
[  470.155863][ T9226] loop0: rw=34817, sector=169, nr_sectors = 1 limit=64
[  470.191146][ T9226] syz.0.937: attempt to access beyond end of device
[  470.191146][ T9226] loop0: rw=34817, sector=171, nr_sectors = 7 limit=64
[  470.244737][ T9226] syz.0.937: attempt to access beyond end of device
[  470.244737][ T9226] loop0: rw=34817, sector=179, nr_sectors = 371 limit=64
[  472.798585][ T9262] kvm: pic: non byte write
[  472.824212][ T9259] kvm: vcpu 0: requested 64 ns lapic timer period limited to 200000 ns
[  474.458063][ T9273] xt_CT: You must specify a L4 protocol and not use inversions on it
[  476.004101][ T9279] netlink: 8 bytes leftover after parsing attributes in process `syz.1.952'.
[  476.432963][   T30] audit: type=1326 audit(1752808301.022:88): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9286 comm="syz.1.955" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f674118e929 code=0x7ffc0000
[  476.517192][   T30] audit: type=1326 audit(1752808301.022:89): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9286 comm="syz.1.955" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f674118e929 code=0x7ffc0000
[  476.545893][   T30] audit: type=1326 audit(1752808301.042:90): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9286 comm="syz.1.955" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7f674118e929 code=0x7ffc0000
[  476.613031][ T9293] netfs: Couldn't get user pages (rc=-14)
[  476.806523][   T30] audit: type=1326 audit(1752808301.042:91): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9286 comm="syz.1.955" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f674118e929 code=0x7ffc0000
[  476.853513][   T30] audit: type=1326 audit(1752808301.042:92): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9286 comm="syz.1.955" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f674118e929 code=0x7ffc0000
[  476.950312][   T30] audit: type=1326 audit(1752808301.052:93): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9286 comm="syz.1.955" exe="/root/syz-executor" sig=0 arch=c000003e syscall=206 compat=0 ip=0x7f674118e929 code=0x7ffc0000
[  477.007275][   T30] audit: type=1326 audit(1752808301.052:94): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9286 comm="syz.1.955" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f674118e929 code=0x7ffc0000
[  477.537699][ T9295] loop0: detected capacity change from 0 to 32768
[  477.634347][   T30] audit: type=1326 audit(1752808301.052:95): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9286 comm="syz.1.955" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f674118e929 code=0x7ffc0000
[  477.681053][ T9299] netlink: 24 bytes leftover after parsing attributes in process `syz.3.959'.
[  477.760438][ T9301] netlink: 'syz.3.959': attribute type 10 has an invalid length.
[  477.787573][   T30] audit: type=1326 audit(1752808301.052:96): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9286 comm="syz.1.955" exe="/root/syz-executor" sig=0 arch=c000003e syscall=290 compat=0 ip=0x7f674118e929 code=0x7ffc0000
[  477.827509][ T9295] ocfs2: Slot 0 on device (7,0) was already allocated to this node!
[  477.865275][   T30] audit: type=1326 audit(1752808301.052:97): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9286 comm="syz.1.955" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f674118e929 code=0x7ffc0000
[  477.973599][ T9301] bond0: (slave netdevsim0): Enslaving as an active interface with an up link
[  478.061897][ T9306] syzkaller0: entered promiscuous mode
[  478.075801][ T9306] syzkaller0: entered allmulticast mode
[  478.128867][ T9295] ocfs2: Mounting device (7,0) on (node local, slot 0) with ordered data mode.
[  479.825251][ T5852] ocfs2: Unmounting device (7,0) on (node local)
[  486.013664][ T9365] 9pnet: Found fid 0 not clunked
[  491.035314][ T9405] loop5: detected capacity change from 0 to 8
[  491.048417][ T9405] SQUASHFS error: zlib decompression failed, data probably corrupt
[  491.056873][ T9405] SQUASHFS error: Failed to read block 0x4e8: -5
[  491.068639][ T9405] SQUASHFS error: Failed to read block 0x6e6: -5
[  491.075258][ T9405] SQUASHFS error: Unable to read metadata cache entry [6e4]
[  491.082621][ T9405] SQUASHFS error: read_indexes: reading block [6e4:0]
[  491.089423][ T9405] SQUASHFS error: Failed to read block 0x0: -5
[  491.095736][ T9405] SQUASHFS error: Unable to read metadata cache entry [6e4]
[  491.103071][ T9405] SQUASHFS error: read_indexes: reading block [6e4:0]
[  491.110082][ T9405] SQUASHFS error: Failed to read block 0x0: -5
[  491.116296][ T9405] SQUASHFS error: Unable to read metadata cache entry [6e4]
[  491.123644][ T9405] SQUASHFS error: read_indexes: reading block [6e4:0]
[  491.130521][ T9405] SQUASHFS error: Failed to read block 0x0: -5
[  491.136781][ T9405] SQUASHFS error: Unable to read metadata cache entry [6e4]
[  491.144105][ T9405] SQUASHFS error: read_indexes: reading block [6e4:0]
[  491.150945][ T9405] SQUASHFS error: Failed to read block 0x0: -5
[  491.157140][ T9405] SQUASHFS error: Unable to read metadata cache entry [6e4]
[  491.164557][ T9405] SQUASHFS error: read_indexes: reading block [6e4:0]
[  491.171404][ T9405] SQUASHFS error: Failed to read block 0x0: -5
[  491.177646][ T9405] SQUASHFS error: Unable to read metadata cache entry [6e4]
[  491.184956][ T9405] SQUASHFS error: read_indexes: reading block [6e4:0]
[  491.191882][ T9405] SQUASHFS error: Failed to read block 0x0: -5
[  491.198077][ T9405] SQUASHFS error: Unable to read metadata cache entry [6e4]
[  491.205388][ T9405] SQUASHFS error: read_indexes: reading block [6e4:0]
[  491.212275][ T9405] SQUASHFS error: Failed to read block 0x0: -5
[  491.218495][ T9405] SQUASHFS error: Unable to read metadata cache entry [6e4]
[  491.225814][ T9405] SQUASHFS error: read_indexes: reading block [6e4:0]
[  491.232757][ T9405] SQUASHFS error: Failed to read block 0x0: -5
[  491.238950][ T9405] SQUASHFS error: Unable to read metadata cache entry [6e4]
[  491.246263][ T9405] SQUASHFS error: read_indexes: reading block [6e4:0]
[  491.253116][ T9405] SQUASHFS error: Failed to read block 0x0: -5
[  491.259336][ T9405] SQUASHFS error: Unable to read metadata cache entry [6e4]
[  491.266674][ T9405] SQUASHFS error: read_indexes: reading block [6e4:0]
[  491.273542][ T9405] SQUASHFS error: Failed to read block 0x0: -5
[  491.279744][ T9405] SQUASHFS error: Unable to read metadata cache entry [6e4]
[  491.287091][ T9405] SQUASHFS error: read_indexes: reading block [6e4:0]
[  491.293951][ T9405] SQUASHFS error: Failed to read block 0x0: -5
[  491.300221][ T9405] SQUASHFS error: Unable to read metadata cache entry [6e4]
[  491.307589][ T9405] SQUASHFS error: read_indexes: reading block [6e4:0]
[  491.314432][ T9405] SQUASHFS error: Failed to read block 0x0: -5
[  491.320731][ T9405] SQUASHFS error: Unable to read metadata cache entry [6e4]
[  491.328026][ T9405] SQUASHFS error: read_indexes: reading block [6e4:0]
[  491.334874][ T9405] SQUASHFS error: Failed to read block 0x0: -5
[  491.341152][ T9405] SQUASHFS error: Unable to read metadata cache entry [6e4]
[  491.348435][ T9405] SQUASHFS error: read_indexes: reading block [6e4:0]
[  491.355290][ T9405] SQUASHFS error: Failed to read block 0x0: -5
[  491.361529][ T9405] SQUASHFS error: Unable to read metadata cache entry [6e4]
[  491.368805][ T9405] SQUASHFS error: read_indexes: reading block [6e4:0]
[  491.375728][ T9405] SQUASHFS error: Failed to read block 0x0: -5
[  491.382019][ T9405] SQUASHFS error: Unable to read metadata cache entry [6e4]
[  491.389296][ T9405] SQUASHFS error: read_indexes: reading block [6e4:0]
[  491.396123][ T9405] SQUASHFS error: Failed to read block 0x0: -5
[  491.403193][ T9405] SQUASHFS error: Unable to read metadata cache entry [6e4]
[  491.410529][ T9405] SQUASHFS error: read_indexes: reading block [6e4:0]
[  491.417313][ T9405] SQUASHFS error: Failed to read block 0x0: -5
[  491.424955][ T9405] SQUASHFS error: Unable to read metadata cache entry [6e4]
[  491.425244][ T9406] SQUASHFS error: Unable to read metadata cache entry [6e4]
[  491.432326][ T9405] SQUASHFS error: read_indexes: reading block [6e4:0]
[  491.432389][ T9405] SQUASHFS error: Failed to read block 0x0: -5
[  491.439665][ T9406] SQUASHFS error: read_indexes: reading block [6e4:0]
[  491.446660][ T9405] SQUASHFS error: Unable to read metadata cache entry [6e4]
[  491.453224][ T9406] SQUASHFS error: Unable to read metadata cache entry [6e4]
[  491.459454][ T9405] SQUASHFS error: read_indexes: reading block [6e4:0]
[  491.459525][ T9405] SQUASHFS error: Failed to read block 0x0: -5
[  491.467162][ T9406] SQUASHFS error: read_indexes: reading block [6e4:0]
[  491.474589][ T9405] SQUASHFS error: Unable to read metadata cache entry [6e4]
[  491.501980][ T9405] SQUASHFS error: read_indexes: reading block [6e4:0]
[  491.510156][ T9405] SQUASHFS error: Failed to read block 0x0: -5
[  491.516387][ T9405] SQUASHFS error: Unable to read metadata cache entry [6e4]
[  491.523740][ T9405] SQUASHFS error: read_indexes: reading block [6e4:0]
[  491.530730][ T9405] SQUASHFS error: Failed to read block 0x0: -5
[  491.536936][ T9405] SQUASHFS error: Unable to read metadata cache entry [6e4]
[  491.544261][ T9405] SQUASHFS error: read_indexes: reading block [6e4:0]
[  491.551119][ T9405] SQUASHFS error: Failed to read block 0x0: -5
[  491.557324][ T9405] SQUASHFS error: Unable to read metadata cache entry [6e4]
[  491.564682][ T9405] SQUASHFS error: read_indexes: reading block [6e4:0]
[  491.571527][ T9405] SQUASHFS error: Failed to read block 0x0: -5
[  491.577731][ T9405] SQUASHFS error: Unable to read metadata cache entry [6e4]
[  491.585035][ T9405] SQUASHFS error: read_indexes: reading block [6e4:0]
[  491.591864][ T9405] SQUASHFS error: Failed to read block 0x0: -5
[  491.598075][ T9405] SQUASHFS error: Unable to read metadata cache entry [6e4]
[  491.605411][ T9405] SQUASHFS error: read_indexes: reading block [6e4:0]
[  491.612350][ T9405] SQUASHFS error: Failed to read block 0x0: -5
[  491.618554][ T9405] SQUASHFS error: Unable to read metadata cache entry [6e4]
[  491.625882][ T9405] SQUASHFS error: read_indexes: reading block [6e4:0]
[  491.632727][ T9405] SQUASHFS error: Failed to read block 0x0: -5
[  491.638926][ T9405] SQUASHFS error: Unable to read metadata cache entry [6e4]
[  491.646244][ T9405] SQUASHFS error: read_indexes: reading block [6e4:0]
[  491.653195][ T9405] SQUASHFS error: Failed to read block 0x0: -5
[  491.659396][ T9405] SQUASHFS error: Unable to read metadata cache entry [6e4]
[  491.666729][ T9405] SQUASHFS error: read_indexes: reading block [6e4:0]
[  491.673563][ T9405] SQUASHFS error: Failed to read block 0x0: -5
[  491.679765][ T9405] SQUASHFS error: Unable to read metadata cache entry [6e4]
[  491.687096][ T9405] SQUASHFS error: read_indexes: reading block [6e4:0]
[  491.693950][ T9405] SQUASHFS error: Failed to read block 0x0: -5
[  491.700214][ T9405] SQUASHFS error: Unable to read metadata cache entry [6e4]
[  491.707497][ T9405] SQUASHFS error: read_indexes: reading block [6e4:0]
[  491.714431][ T9405] SQUASHFS error: Failed to read block 0x0: -5
[  491.720796][ T9405] SQUASHFS error: Unable to read metadata cache entry [6e4]
[  491.728077][ T9405] SQUASHFS error: read_indexes: reading block [6e4:0]
[  491.734912][ T9405] SQUASHFS error: Failed to read block 0x0: -5
[  491.741160][ T9405] SQUASHFS error: Unable to read metadata cache entry [6e4]
[  491.748443][ T9405] SQUASHFS error: read_indexes: reading block [6e4:0]
[  491.755307][ T9405] SQUASHFS error: Failed to read block 0x0: -5
[  491.761548][ T9405] SQUASHFS error: Unable to read metadata cache entry [6e4]
[  491.768844][ T9405] SQUASHFS error: read_indexes: reading block [6e4:0]
[  491.775693][ T9405] SQUASHFS error: Failed to read block 0x0: -5
[  491.781940][ T9405] SQUASHFS error: Unable to read metadata cache entry [6e4]
[  491.789220][ T9405] SQUASHFS error: read_indexes: reading block [6e4:0]
[  491.796203][ T9405] SQUASHFS error: Unable to read metadata cache entry [6e4]
[  491.803535][ T9405] SQUASHFS error: read_indexes: reading block [6e4:0]
[  491.875562][   T30] kauditd_printk_skb: 50 callbacks suppressed
[  491.875583][   T30] audit: type=1800 audit(1752808316.650:148): pid=9405 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.5.992" name="file1" dev="loop5" ino=5 res=0 errno=0
[  492.063754][ T9407] loop0: detected capacity change from 0 to 1024
[  492.192035][ T9407] hfsplus: inconsistency in B*Tree (9,1,255,1,0)
[  492.237313][ T9407] hfsplus: xattr searching failed
[  492.240283][ T9410] IPVS: sync thread started: state = BACKUP, mcast_ifn = lo, syncid = 5, id = 0
[  492.263018][ T9411] hfsplus: inconsistency in B*Tree (9,1,255,1,0)
[  492.269407][ T9411] hfsplus: xattr searching failed
[  492.276929][ T9409] IPVS: stopping backup sync thread 9410 ...
[  492.309957][   T30] audit: type=1800 audit(1752808317.890:149): pid=9407 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.991" name="memory.events" dev="loop0" ino=26 res=0 errno=0
[  492.451673][ T9411] hfsplus: inconsistency in B*Tree (9,1,255,1,0)
[  492.458207][ T9411] hfsplus: xattr search failed
[  492.521755][ T9411] hfsplus: inconsistency in B*Tree (9,1,255,1,0)
[  492.563086][ T9411] hfsplus: xattr search failed
[  492.702301][   T12] hfsplus: b-tree write err: -5, ino 4
[  492.913773][ T9414] binder: 9412:9414 ioctl c0306201 200000000280 returned -14
[  494.629690][ T9423] lo speed is unknown, defaulting to 1000
[  495.645899][ T9443] netlink: 28 bytes leftover after parsing attributes in process `syz.1.1001'.
[  497.474354][ T9460] bridge2: entered allmulticast mode
[  498.497097][ T9473] netlink: 20 bytes leftover after parsing attributes in process `syz.0.1013'.
[  500.472973][ T9491] capability: warning: `syz.5.1016' uses deprecated v2 capabilities in a way that may be insecure
[  501.536565][ T1304] ieee802154 phy0 wpan0: encryption failed: -22
[  501.544038][ T1304] ieee802154 phy1 wpan1: encryption failed: -22
[  501.971174][ T9503] netlink: 28 bytes leftover after parsing attributes in process `syz.5.1019'.
[  505.015901][ T9497] bridge3: entered allmulticast mode
[  507.554388][ T9539] netlink: 44 bytes leftover after parsing attributes in process `syz.0.1030'.
[  516.353141][ T9601] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1045'.
[  521.443371][ T9638] netlink: 96 bytes leftover after parsing attributes in process `syz.3.1054'.
[  523.083697][ T9652] loop5: detected capacity change from 0 to 512
[  523.101764][ T9652] EXT4-fs (loop5): mounting ext3 file system using the ext4 subsystem
[  523.251256][ T9652] EXT4-fs (loop5): invalid journal inode
[  523.269808][ T9652] EXT4-fs (loop5): can't get journal size
[  524.378073][ T9652] EXT4-fs (loop5): 1 truncate cleaned up
[  524.395356][ T9652] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  526.773331][ T6552] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  531.910149][ T5860] usb 6-1: new high-speed USB device number 7 using dummy_hcd
[  532.079957][ T5860] usb 6-1: Using ep0 maxpacket: 16
[  532.268155][ T5860] usb 6-1: config 1 interface 0 altsetting 9 bulk endpoint 0x1 has invalid maxpacket 1024
[  532.307299][ T5860] usb 6-1: config 1 interface 0 has no altsetting 0
[  532.369083][ T5860] usb 6-1: string descriptor 0 read error: -22
[  532.376070][ T5860] usb 6-1: New USB device found, idVendor=0525, idProduct=a4a8, bcdDevice= 0.40
[  532.388793][ T5860] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  532.450136][ T9749] raw-gadget.0 gadget.5: fail, usb_ep_enable returned -22
[  532.614002][ T9764] loop3: detected capacity change from 0 to 256
[  532.634803][ T9764] exfat: Unknown parameter 'ioscard�}�K���T�'
[  534.590022][ T5945] usb 4-1: new high-speed USB device number 5 using dummy_hcd
[  534.804176][ T5945] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  534.869587][ T5945] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  534.897029][ T5945] usb 4-1: New USB device found, idVendor=18ec, idProduct=3288, bcdDevice=69.cf
[  534.897074][ T5945] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  534.897108][ T5945] usb 4-1: Product: syz
[  534.897119][ T5945] usb 4-1: Manufacturer: syz
[  534.897130][ T5945] usb 4-1: SerialNumber: syz
[  534.903882][ T5945] usb 4-1: config 0 descriptor??
[  535.003799][ T5945] usb 4-1: Found UVC 0.00 device syz (18ec:3288)
[  535.003841][ T5945] usb 4-1: No valid video chain found.
[  536.544718][ T9791] netlink: 'syz.1.1090': attribute type 4 has an invalid length.
[  538.070234][ T5860] usblp 6-1:1.0: usblp0: USB Unidirectional printer dev 7 if 0 alt 9 proto 1 vid 0x0525 pid 0xA4A8
[  539.951438][    T9] usb 6-1: USB disconnect, device number 7
[  540.001881][ T5841] usb 4-1: USB disconnect, device number 5
[  540.037125][    T9] usblp0: removed
[  540.338130][ T9814] IPVS: sync thread started: state = MASTER, mcast_ifn = wg2, syncid = 0, id = 0
[  540.448222][ T9817] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  543.138683][ T9834] IPVS: stopping master sync thread 9814 ...
[  547.108710][ T9859] loop5: detected capacity change from 0 to 128
[  547.133566][ T9850] lo speed is unknown, defaulting to 1000
[  547.200688][ T9859] hpfs: Bad magic ... probably not HPFS
[  547.310841][ T9859] netlink: 4 bytes leftover after parsing attributes in process `syz.5.1107'.
[  548.497263][ T9871] loop5: detected capacity change from 0 to 2048
[  548.563019][ T9874] CIFS: No dialect specified on mount. Default has changed to a more secure dialect, SMB2.1 or later (e.g. SMB3.1.1), from CIFS (SMB1). To use the less secure SMB1 dialect to access old servers which do not support SMB3.1.1 (or even SMB3 or SMB2.1) specify vers=1.0 on mount.
[  548.589677][ T9874] CIFS: Unable to determine destination address
[  548.614222][ T9871] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  549.498534][ T6552] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  556.437681][ T9935] lo speed is unknown, defaulting to 1000
[  559.673985][ T9970] syz.2.1137 uses obsolete (PF_INET,SOCK_PACKET)
[  562.924752][ T1304] ieee802154 phy0 wpan0: encryption failed: -22
[  562.931201][ T1304] ieee802154 phy1 wpan1: encryption failed: -22
[  563.508487][T10003] openvswitch: netlink: VXLAN extension message has 45 unknown bytes.
[  569.810691][T10022] bond0: (slave netdevsim0): Releasing backup interface
[  569.896368][T10022] bond1: (slave vlan2): Releasing active interface
[  570.395573][T10027] xt_CT: You must specify a L4 protocol and not use inversions on it
[  577.387953][T10075] 9pnet: p9_errstr2errno: server reported unknown error 18446744073
[  577.450317][T10077] xt_CT: You must specify a L4 protocol and not use inversions on it
[  585.571828][T10130] xt_CT: You must specify a L4 protocol and not use inversions on it
[  586.121709][T10132] EXT4-fs: Value of option "test_dummy_encryption" is unrecognized
[  586.903998][   T30] audit: type=1800 audit(1752808412.490:150): pid=10134 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.5.1179" name="/" dev="9p" ino=4611686018427387906 res=0 errno=0
[  592.996232][T10185] netlink: 4 bytes leftover after parsing attributes in process `syz.5.1192'.
[  593.020117][T10185] bridge_slave_1: left allmulticast mode
[  593.039885][T10185] bridge_slave_1: left promiscuous mode
[  593.100205][T10185] bridge0: port 2(bridge_slave_1) entered disabled state
[  593.124556][T10185] bridge_slave_0: left allmulticast mode
[  593.130479][T10185] bridge_slave_0: left promiscuous mode
[  593.140119][T10185] bridge0: port 1(bridge_slave_0) entered disabled state
[  595.591951][T10203] libceph: resolve '.
[  595.591951][T10203] #)|.��f��ǝ�a���2s�o�w���?�'�%ЏKAq�f��C���z�e�Sb3L)Hy�o����������Ǥ�Y�M�����h�E$
[  595.591951][T10203] ' (ret=-3): failed
[  597.392635][T10219] netlink: 'syz.1.1200': attribute type 66 has an invalid length.
[  610.224008][T10322] netlink: 550 bytes leftover after parsing attributes in process `syz.3.1234'.
[  612.935548][T10355] xt_TCPMSS: Only works on TCP SYN packets
[  615.459897][T10372] loop5: detected capacity change from 0 to 256
[  618.457447][T10372] FAT-fs (loop5): Directory bread(block 64) failed
[  618.467424][T10372] FAT-fs (loop5): Directory bread(block 65) failed
[  618.475286][T10372] FAT-fs (loop5): Directory bread(block 66) failed
[  618.481880][T10372] FAT-fs (loop5): Directory bread(block 67) failed
[  618.488474][T10372] FAT-fs (loop5): Directory bread(block 68) failed
[  618.495132][T10372] FAT-fs (loop5): Directory bread(block 69) failed
[  618.501748][T10372] FAT-fs (loop5): Directory bread(block 70) failed
[  618.508269][T10372] FAT-fs (loop5): Directory bread(block 71) failed
[  618.514911][T10372] FAT-fs (loop5): Directory bread(block 72) failed
[  618.521470][T10372] FAT-fs (loop5): Directory bread(block 73) failed
[  618.693631][T10385] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  618.855213][T10391] bridge: RTM_NEWNEIGH with invalid ether address
[  620.253226][T10411] netlink: 4 bytes leftover after parsing attributes in process `syz.5.1255'.
[  621.640566][T10423] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1259'.
[  624.336149][ T1304] ieee802154 phy0 wpan0: encryption failed: -22
[  624.342760][ T1304] ieee802154 phy1 wpan1: encryption failed: -22
[  628.277225][T10453] loop3: detected capacity change from 0 to 4096
[  638.663823][   T30] audit: type=1800 audit(1752808464.250:151): pid=10530 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.1.1286" name="bus" dev="ramfs" ino=24248 res=0 errno=0
[  645.269406][T10584] xt_CONNSECMARK: invalid mode: 0
[  650.077237][   T30] audit: type=1800 audit(1752808475.660:152): pid=10602 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.1.1303" name="bus" dev="ramfs" ino=25681 res=0 errno=0
[  653.683013][T10651] netlink: 24 bytes leftover after parsing attributes in process `syz.0.1320'.
[  655.418782][T10663] netlink: 24 bytes leftover after parsing attributes in process `syz.0.1320'.
[  656.890001][ T9144] usb 4-1: new high-speed USB device number 6 using dummy_hcd
[  657.069951][ T9144] usb 4-1: Using ep0 maxpacket: 8
[  657.155229][ T9144] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  657.403196][ T9144] usb 4-1: New USB device found, idVendor=05ac, idProduct=8215, bcdDevice=8f.58
[  657.491577][ T9144] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  657.526370][T10688] 8021q: adding VLAN 0 to HW filter on device bond0
[  657.621519][ T9144] usb 4-1: config 0 descriptor??
[  657.657929][T10688] bond0: (slave rose0): Enslaving as an active interface with an up link
[  658.996448][ T5860] usb 4-1: USB disconnect, device number 6
[  660.938051][T10711] libceph: resolve '.
[  660.938051][T10711] #)|.��f��ǝ�a���2s�o�w���?�'�%ЏKAq�f��C���z�e�Sb3L)Hy�o����������Ǥ�Y�M�����h�E$
[  660.938051][T10711] ' (ret=-3): failed
[  663.401046][T10731] loop0: detected capacity change from 0 to 1024
[  663.662124][T10731] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  663.701203][T10740] netlink: 76 bytes leftover after parsing attributes in process `syz.2.1340'.
[  666.344261][T10754] loop5: detected capacity change from 0 to 40427
[  667.212326][T10754] F2FS-fs (loop5): Invalid log_blocksize (268), supports only 12
[  667.223881][T10754] F2FS-fs (loop5): Can't find valid F2FS filesystem in 1th superblock
[  667.238706][T10754] F2FS-fs (loop5): invalid crc value
[  667.316998][T10754] F2FS-fs (loop5): f2fs_recover_fsync_data: recovery fsync data, check_only: 0
[  667.925100][T10754] F2FS-fs (loop5): Try to recover 1th superblock, ret: 0
[  667.932279][T10754] F2FS-fs (loop5): Mounted with checkpoint version = 48b305e5
[  668.960168][T10765] set match dimension is over the limit!
[  669.173305][ T5852] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  669.259157][T10770] random: crng reseeded on system resumption
[  669.836665][T10772] x_tables: duplicate underflow at hook 1
[  671.106510][T10791] lo speed is unknown, defaulting to 1000
[  673.237586][T10807] loop5: detected capacity change from 0 to 32768
[  673.280257][T10807] batman_adv: batadv0: Adding interface: dummy0
[  673.286546][T10807] batman_adv: batadv0: The MTU of interface dummy0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  673.311864][T10807] batman_adv: batadv0: Interface activated: dummy0
[  673.327728][T10807] batadv0: mtu less than device minimum
[  673.334470][T10807] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320)
[  673.346655][T10807] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320)
[  673.358441][T10807] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320)
[  673.369965][T10807] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320)
[  673.381824][T10807] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320)
[  673.393342][T10807] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320)
[  673.404784][T10807] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320)
[  673.416200][T10807] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320)
[  673.427644][T10807] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320)
[  679.996524][T10847] ptrace attach of "./syz-executor exec"[5847] was attempted by "                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              
[  686.568926][T10886] sctp: [Deprecated]: syz.2.1380 (pid 10886) Use of int in max_burst socket option.
[  686.568926][T10886] Use struct sctp_assoc_value instead
[  686.633705][ T1304] ieee802154 phy0 wpan0: encryption failed: -22
[  686.689414][ T1304] ieee802154 phy1 wpan1: encryption failed: -22
[  687.039854][T10901] ptrace attach of "./syz-executor exec"[5854] was attempted by "                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              
[  687.399542][T10897] gtp0: entered promiscuous mode
[  690.116694][T10924] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  698.868554][T10981] batman_adv: batadv0: Interface deactivated: dummy0
[  699.140722][T10984] loop0: detected capacity change from 0 to 40427
[  699.152093][T10981] batman_adv: batadv0: Removing interface: dummy0
[  699.192125][T10984] F2FS-fs (loop0): invalid crc value
[  699.244805][T10984] F2FS-fs (loop0): f2fs_recover_fsync_data: recovery fsync data, check_only: 1
[  699.307642][T10984] F2FS-fs (loop0): Start checkpoint disabled!
[  699.345859][T10984] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e6
[  699.760674][T10981] bond0: (slave bond_slave_0): Releasing backup interface
[  699.959564][T10981] bond0: (slave bond_slave_1): Releasing backup interface
[  699.968985][ T9704] kworker/u8:16: attempt to access beyond end of device
[  699.968985][ T9704] loop0: rw=2049, sector=45096, nr_sectors = 8 limit=40427
[  700.025843][ T9704] CPU: 0 UID: 0 PID: 9704 Comm: kworker/u8:16 Not tainted 6.16.0-rc6-next-20250717-syzkaller #0 PREEMPT(full) 
[  700.025875][ T9704] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  700.025889][ T9704] Workqueue: writeback wb_workfn (flush-7:0)
[  700.025928][ T9704] Call Trace:
[  700.025937][ T9704]  <TASK>
[  700.025948][ T9704]  dump_stack_lvl+0x189/0x250
[  700.025981][ T9704]  ? __pfx_dump_stack_lvl+0x10/0x10
[  700.026007][ T9704]  ? __pfx_queue_work_on+0x10/0x10
[  700.026027][ T9704]  ? _raw_spin_unlock_irqrestore+0xad/0x110
[  700.026056][ T9704]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[  700.026100][ T9704]  f2fs_handle_critical_error+0x37c/0x540
[  700.026146][ T9704]  f2fs_write_end_io+0x886/0xb60
[  700.026195][ T9704]  __submit_merged_bio+0x27a/0x6a0
[  700.026238][ T9704]  __submit_merged_write_cond+0x255/0x530
[  700.026289][ T9704]  f2fs_write_data_pages+0x261d/0x3000
[  700.026360][ T9704]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[  700.026403][ T9704]  ? __pfx_f2fs_available_free_memory+0x10/0x10
[  700.026478][ T9704]  ? __pfx_f2fs_balance_fs_bg+0x10/0x10
[  700.026531][ T9704]  ? trace_f2fs_writepages+0x7f/0x200
[  700.026567][ T9704]  ? f2fs_write_node_pages+0x478/0x6e0
[  700.026608][ T9704]  ? __pfx_f2fs_write_node_pages+0x10/0x10
[  700.026662][ T9704]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[  700.026688][ T9704]  do_writepages+0x32e/0x550
[  700.026726][ T9704]  ? reacquire_held_locks+0x127/0x1d0
[  700.026748][ T9704]  ? writeback_sb_inodes+0x384/0x1010
[  700.026791][ T9704]  __writeback_single_inode+0x145/0xff0
[  700.026824][ T9704]  ? do_raw_spin_unlock+0x122/0x240
[  700.026869][ T9704]  writeback_sb_inodes+0x6c7/0x1010
[  700.026936][ T9704]  ? __pfx_writeback_sb_inodes+0x10/0x10
[  700.027024][ T9704]  ? rcu_is_watching+0x15/0xb0
[  700.027058][ T9704]  wb_writeback+0x43b/0xaf0
[  700.027100][ T9704]  ? queue_io+0x381/0x590
[  700.027135][ T9704]  ? __pfx_wb_writeback+0x10/0x10
[  700.027177][ T9704]  ? _raw_spin_unlock_irq+0x23/0x50
[  700.027211][ T9704]  wb_workfn+0x409/0xef0
[  700.027258][ T9704]  ? __pfx_wb_workfn+0x10/0x10
[  700.027296][ T9704]  ? __lock_acquire+0xab9/0xd20
[  700.027342][ T9704]  ? process_scheduled_works+0x9ef/0x17b0
[  700.027384][ T9704]  ? _raw_spin_unlock_irq+0x23/0x50
[  700.027409][ T9704]  ? process_scheduled_works+0x9ef/0x17b0
[  700.027441][ T9704]  ? process_scheduled_works+0x9ef/0x17b0
[  700.027477][ T9704]  process_scheduled_works+0xae1/0x17b0
[  700.027550][ T9704]  ? __pfx_process_scheduled_works+0x10/0x10
[  700.027608][ T9704]  worker_thread+0x8a0/0xda0
[  700.027666][ T9704]  kthread+0x70e/0x8a0
[  700.027696][ T9704]  ? __pfx_worker_thread+0x10/0x10
[  700.027716][ T9704]  ? __pfx_kthread+0x10/0x10
[  700.027745][ T9704]  ? _raw_spin_unlock_irq+0x23/0x50
[  700.027771][ T9704]  ? lockdep_hardirqs_on+0x9c/0x150
[  700.027797][ T9704]  ? __pfx_kthread+0x10/0x10
[  700.027825][ T9704]  ret_from_fork+0x3f9/0x770
[  700.027850][ T9704]  ? __pfx_ret_from_fork+0x10/0x10
[  700.027880][ T9704]  ? __switch_to_asm+0x39/0x70
[  700.027924][ T9704]  ? __switch_to_asm+0x33/0x70
[  700.027949][ T9704]  ? __pfx_kthread+0x10/0x10
[  700.027978][ T9704]  ret_from_fork_asm+0x1a/0x30
[  700.028029][ T9704]  </TASK>
[  700.028039][ T9704] F2FS-fs (loop0): Stopped filesystem due to reason: 3
[  700.240342][T10981] team0: Port device team_slave_0 removed
[  700.468084][T10981] team0: Port device team_slave_1 removed
[  700.483048][T10981] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  700.512075][T10981] batman_adv: batadv0: Removing interface: batadv_slave_0
[  700.536574][T10981] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  700.582167][T10981] batman_adv: batadv0: Removing interface: batadv_slave_1
[  700.614669][T10992] netlink: 28 bytes leftover after parsing attributes in process `syz.2.1409'.
[  700.641131][T10992] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1409'.
[  700.669550][T10994] netlink: 'syz.2.1409': attribute type 10 has an invalid length.
[  700.694918][T10982] team0: Mode changed to "activebackup"
[  700.724301][T10988] tipc: Started in network mode
[  700.733498][T10988] tipc: Node identity aaaaaaaaaa1a, cluster identity 4711
[  700.743083][T10988] tipc: Enabled bearer <eth:team0>, priority 0
[  700.763796][T10985] vlan0: entered promiscuous mode
[  700.892987][T10985] team0: Port device vlan0 added
[  701.857663][T10994] bridge0: port 3(team0) entered blocking state
[  701.874808][   T10] tipc: Node number set to 11578026
[  701.902637][T10994] bridge0: port 3(team0) entered disabled state
[  701.909120][T10994] team0: entered allmulticast mode
[  701.980393][T10994] team_slave_0: entered allmulticast mode
[  702.006729][T10994] team_slave_1: entered allmulticast mode
[  702.269568][   T30] audit: type=1326 audit(1752808527.850:153): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10998 comm="syz.1.1410" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f674118e929 code=0x0
[  703.898224][T10994] team0: entered promiscuous mode
[  703.945311][T10994] team_slave_0: entered promiscuous mode
[  704.001224][   T30] audit: type=1804 audit(1752808529.590:154): pid=11011 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.3.1412" name="/newroot/272/file0" dev="tmpfs" ino=1457 res=1 errno=0
[  704.044934][T10994] team_slave_1: entered promiscuous mode
[  704.119687][T10994] macvlan2: entered promiscuous mode
[  704.173521][T10994] bond0: entered promiscuous mode
[  704.393487][T10994] bridge0: port 3(team0) entered blocking state
[  704.400065][T10994] bridge0: port 3(team0) entered forwarding state
[  706.036792][T11035] (unnamed net_device) (uninitialized): peer notification delay (31) is not a multiple of miimon (100), value rounded to 0 ms
[  706.554778][T11035] workqueue: Failed to create a rescuer kthread for wq "bond2": -EINTR
[  706.979880][ T5860] usb 1-1: new high-speed USB device number 7 using dummy_hcd
[  708.369903][ T5860] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  708.381016][ T5860] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  708.392509][ T5860] usb 1-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21
[  708.443344][ T5860] usb 1-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[  708.479101][ T5860] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  708.630642][ T5860] usb 1-1: config 0 descriptor??
[  709.582820][ T5860] usbhid 1-1:0.0: can't add hid device: -71
[  709.596814][ T5860] usbhid 1-1:0.0: probe with driver usbhid failed with error -71
[  709.626567][ T5860] usb 1-1: USB disconnect, device number 7
[  710.833923][T11064] netlink: 'syz.1.1427': attribute type 10 has an invalid length.
[  710.906101][T11064] team0: Port device netdevsim0 added
[  710.907317][T11070] netlink: 'syz.1.1427': attribute type 10 has an invalid length.
[  710.993185][T11070] team0: Port device netdevsim0 removed
[  711.024277][T11070] : (slave netdevsim0): Enslaving as an active interface with an up link
[  711.342984][T11078] lo speed is unknown, defaulting to 1000
[  711.349537][T11078] lo speed is unknown, defaulting to 1000
[  711.366714][T11078] lo speed is unknown, defaulting to 1000
[  711.491302][T11078] infiniband syz0: RDMA CMA: cma_listen_on_dev, error -98
[  711.654247][T11078] lo speed is unknown, defaulting to 1000
[  711.677586][T11078] lo speed is unknown, defaulting to 1000
[  711.700669][T11078] lo speed is unknown, defaulting to 1000
[  711.721913][T11078] lo speed is unknown, defaulting to 1000
[  711.743805][T11078] lo speed is unknown, defaulting to 1000
[  712.054527][T11074] netlink: 'syz.0.1429': attribute type 10 has an invalid length.
[  712.074829][T11074] bond0: (slave wlan1): Opening slave failed
[  718.093754][T11128] netlink: 32 bytes leftover after parsing attributes in process `syz.1.1443'.
[  718.126187][T11127] loop0: detected capacity change from 0 to 2048
[  718.150233][ T5860] IPVS: starting estimator thread 0...
[  718.217845][T11127] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  718.241891][T11131] IPVS: using max 36 ests per chain, 86400 per kthread
[  718.345081][   T30] audit: type=1800 audit(1752808543.930:155): pid=11127 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.1444" name="file1" dev="loop0" ino=15 res=0 errno=0
[  718.412020][T11138] binder: BINDER_SET_CONTEXT_MGR already set
[  718.418428][T11138] binder: 11137:11138 ioctl 4018620d 200000000040 returned -16
[  718.456191][T11127] net_ratelimit: 10 callbacks suppressed
[  718.456213][T11127] ip6_tunnel: non-ECT from fc00:0000:0000:0000:0000:0000:0000:0000 with DS=0x3
[  718.963912][ T5852] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  727.744011][T11202] netlink: 44 bytes leftover after parsing attributes in process `syz.2.1463'.
[  730.721206][T11226] RDS: rds_bind could not find a transport for fec0:ffff::1, load rds_tcp or rds_rdma?
[  730.945166][T11238] loop3: detected capacity change from 0 to 2048
[  731.040421][T11238] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000)
[  735.848276][T11302] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  735.858083][T11302] syzkaller0: entered promiscuous mode
[  735.865178][T11302] syzkaller0: entered allmulticast mode
[  736.370683][T11303] workqueue: Failed to create a rescuer kthread for wq "wg-crypt-��:�/": -EINTR
[  736.489080][T11302] tipc: Resetting bearer <eth:syzkaller0>
[  736.720582][T11301] tipc: Resetting bearer <eth:syzkaller0>
[  737.206597][T11301] tipc: Disabling bearer <eth:syzkaller0>
[  737.954994][T11307] loop3: detected capacity change from 0 to 32768
[  742.532599][T11339] delete_channel: no stack
[  743.456907][T11361] Bluetooth: MGMT ver 1.23
[  745.023710][T11379] Invalid source name
[  745.027869][T11379] UBIFS error (pid: 11379): cannot open "ubifs", error -22
[  745.202642][T11374] loop0: detected capacity change from 0 to 2048
[  745.237604][T11374] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000)
[  746.069319][T11378] UDF-fs: warning (device loop0): udf_truncate_tail_extent: Too long extent after EOF in inode 1436: i_size: 12288 lbcount: 16384 extent 129+15360
[  747.220312][ T1304] ieee802154 phy0 wpan0: encryption failed: -22
[  747.226881][ T1304] ieee802154 phy1 wpan1: encryption failed: -22
[  748.545238][T11395] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  748.821063][T11400] syzkaller0: entered promiscuous mode
[  748.826588][T11400] syzkaller0: entered allmulticast mode
[  751.517276][T11395] tipc: Resetting bearer <eth:syzkaller0>
[  751.558275][T11394] tipc: Resetting bearer <eth:syzkaller0>
[  751.807398][T11394] tipc: Disabling bearer <eth:syzkaller0>
[  752.855340][T11437] overlayfs: failed to clone upperpath
[  754.117445][T11447] hub 6-0:1.0: USB hub found
[  754.124660][T11447] hub 6-0:1.0: 1 port detected
[  758.182337][T11477] loop3: detected capacity change from 0 to 512
[  758.210284][T11477] EXT4-fs (loop3): encrypted files will use data=ordered instead of data journaling mode
[  758.299477][T11477] EXT4-fs warning (device loop3): ext4_expand_extra_isize_ea:2848: Unable to expand inode 15. Delete some EAs or run e2fsck.
[  758.515643][T11477] EXT4-fs (loop3): 1 truncate cleaned up
[  758.522676][T11477] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  761.890081][T11504] SET target dimension over the limit!
[  762.634289][ T5854] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  764.670338][   T30] audit: type=1326 audit(1752808590.250:156): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11518 comm="syz.2.1541" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f69be78e929 code=0x0
[  764.824774][T11522] xt_physdev: --physdev-out and --physdev-is-out only supported in the FORWARD and POSTROUTING chains with bridged traffic
[  765.577930][T11530] netlink: 24 bytes leftover after parsing attributes in process `syz.1.1542'.
[  775.089865][   T30] audit: type=1800 audit(1752808600.670:157): pid=11606 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.3.1563" name="bus" dev="overlay" ino=1582 res=0 errno=0
[  776.200523][T11614] loop5: detected capacity change from 0 to 128
[  776.620527][T11625] openvswitch: netlink: Either Ethernet header or EtherType is required.
[  778.317026][T11641] GUP no longer grows the stack in syz.3.1574 (11641): 200000004000-200000008000 (200000002000)
[  778.386540][T11645] netlink: 8 bytes leftover after parsing attributes in process `syz.5.1572'.
[  778.981196][T11641] CPU: 1 UID: 0 PID: 11641 Comm: syz.3.1574 Not tainted 6.16.0-rc6-next-20250717-syzkaller #0 PREEMPT(full) 
[  778.981225][T11641] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  778.981237][T11641] Call Trace:
[  778.981245][T11641]  <TASK>
[  778.981253][T11641]  dump_stack_lvl+0x189/0x250
[  778.981281][T11641]  ? __pfx_dump_stack_lvl+0x10/0x10
[  778.981302][T11641]  ? __pfx__printk+0x10/0x10
[  778.981325][T11641]  ? find_vma+0xe7/0x160
[  778.981363][T11641]  __get_user_pages+0x24d0/0x2ce0
[  778.981406][T11641]  ? mtree_load+0x100/0x700
[  778.981450][T11641]  get_user_pages_remote+0x2f1/0xad0
[  778.981472][T11641]  ? __pfx_mtree_load+0x10/0x10
[  778.981500][T11641]  ? __pfx_get_user_pages_remote+0x10/0x10
[  778.981524][T11641]  ? __access_remote_vm+0x367/0x7d0
[  778.981552][T11641]  __access_remote_vm+0x211/0x7d0
[  778.981584][T11641]  ? __pfx___access_remote_vm+0x10/0x10
[  778.981619][T11641]  ? alloc_pages_noprof+0xbe/0x190
[  778.981648][T11641]  proc_pid_cmdline_read+0x440/0x840
[  778.981675][T11641]  ? __pfx_proc_pid_cmdline_read+0x10/0x10
[  778.981696][T11641]  ? rw_verify_area+0x2a6/0x4d0
[  778.981724][T11641]  vfs_readv+0x5a7/0x850
[  778.981741][T11641]  ? __pfx_proc_pid_cmdline_read+0x10/0x10
[  778.981762][T11641]  ? __pfx_vfs_readv+0x10/0x10
[  778.981792][T11641]  ? __fget_files+0x2a/0x420
[  778.981811][T11641]  ? __fget_files+0x3a0/0x420
[  778.981827][T11641]  ? __fget_files+0x2a/0x420
[  778.981850][T11641]  __x64_sys_preadv+0x197/0x2a0
[  778.981868][T11641]  ? __pfx___x64_sys_preadv+0x10/0x10
[  778.981881][T11641]  ? rcu_is_watching+0x15/0xb0
[  778.981901][T11641]  ? do_syscall_64+0xbe/0x3b0
[  778.981928][T11641]  do_syscall_64+0xfa/0x3b0
[  778.981950][T11641]  ? lockdep_hardirqs_on+0x9c/0x150
[  778.981972][T11641]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  778.981988][T11641]  ? clear_bhb_loop+0x60/0xb0
[  778.982008][T11641]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  778.982032][T11641] RIP: 0033:0x7f177818e929
[  778.982051][T11641] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  778.982066][T11641] RSP: 002b:00007f1778faf038 EFLAGS: 00000246 ORIG_RAX: 0000000000000127
[  778.982085][T11641] RAX: ffffffffffffffda RBX: 00007f17783b5fa0 RCX: 00007f177818e929
[  778.982097][T11641] RDX: 0000000000000001 RSI: 0000200000000d00 RDI: 0000000000000006
[  778.982108][T11641] RBP: 00007f1778210ca1 R08: 0000000000000200 R09: 0000000000000000
[  778.982118][T11641] R10: 0000000000000004 R11: 0000000000000246 R12: 0000000000000000
[  778.982128][T11641] R13: 0000000000000000 R14: 00007f17783b5fa0 R15: 00007ffddbf3a9a8
[  778.982171][T11641]  </TASK>
[  781.517289][T11671] semctl(GETNCNT/GETZCNT) is since 3.16 Single Unix Specification compliant.
[  781.517289][T11671] The task syz.5.1575 (11671) triggered the difference, watch for misbehavior.
[  792.974470][T11734] dvmrp8: entered allmulticast mode
[  794.057222][T11747] loop0: detected capacity change from 0 to 16
[  794.977490][T11747] erofs (device loop0): mounted with root inode @ nid 36.
[  795.898673][T11768] syz.0.1600: attempt to access beyond end of device
[  795.898673][T11768] loop0: rw=0, sector=48, nr_sectors = 16 limit=16
[  795.912874][T11768] erofs (device loop0): read error -5 @ 43 of nid 36
[  795.924544][T11768] syz.0.1600: attempt to access beyond end of device
[  795.924544][T11768] loop0: rw=0, sector=48, nr_sectors = 16 limit=16
[  795.943045][T11768] erofs (device loop0): read error -5 @ 43 of nid 36
[  797.711199][T11765] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  797.743927][T11765] syzkaller0: entered promiscuous mode
[  797.828806][T11765] syzkaller0: entered allmulticast mode
[  798.809228][T11781] loop0: detected capacity change from 0 to 1024
[  798.814674][T11765] tipc: Resetting bearer <eth:syzkaller0>
[  799.046089][T11760] tipc: Resetting bearer <eth:syzkaller0>
[  799.124879][T11781] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  799.376307][T11760] tipc: Disabling bearer <eth:syzkaller0>
[  799.510904][T11793] netlink: 36 bytes leftover after parsing attributes in process `syz.2.1610'.
[  799.548939][T11781] ext4 filesystem being mounted at /296/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  802.095093][ T5852] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  807.129353][T11848] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  807.140152][T11848] syzkaller0: entered promiscuous mode
[  807.152039][T11848] syzkaller0: entered allmulticast mode
[  807.621217][T11848] tipc: Resetting bearer <eth:syzkaller0>
[  807.938956][T11847] tipc: Resetting bearer <eth:syzkaller0>
[  808.036504][T11847] tipc: Disabling bearer <eth:syzkaller0>
[  808.682407][ T1304] ieee802154 phy0 wpan0: encryption failed: -22
[  808.699022][ T1304] ieee802154 phy1 wpan1: encryption failed: -22
[  810.989075][T11894] SET target dimension over the limit!
[  816.852936][T11936] loop5: detected capacity change from 0 to 4096
[  816.939733][T11938] loop3: detected capacity change from 0 to 2048
[  817.035662][T11941] NILFS (loop5): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
[  817.064720][T11938] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  817.257917][   T30] audit: type=1800 audit(2000000009.160:158): pid=11936 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.5.1650" name="file1" dev="loop5" ino=15 res=0 errno=0
[  817.881133][T11951] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1652'.
[  817.939299][ T5854] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  820.156482][T11967] ptrace attach of "./syz-executor exec"[5847] was attempted by "                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                               �      ��      �      ��      ��      ��      ��              ��      ��      ��                 ����"[11967]
[  820.979797][T11970] openvswitch: netlink: Message has 16 unknown bytes.
[  820.996838][T11970] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  821.026264][T11971] netlink: 4 bytes leftover after parsing attributes in process `syz.5.1656'.
[  821.425980][T11971] team0: Port device vlan0 removed
[  821.923172][ T3541] tipc: Resetting bearer <eth:team0>
[  823.444688][T11988] loop5: detected capacity change from 0 to 40427
[  823.455271][T11988] F2FS-fs (loop5): Invalid log_blocksize (268), supports only 12
[  823.463094][T11988] F2FS-fs (loop5): Can't find valid F2FS filesystem in 1th superblock
[  823.482448][T11988] F2FS-fs (loop5): invalid crc value
[  823.801788][T11988] F2FS-fs (loop5): f2fs_recover_fsync_data: recovery fsync data, check_only: 0
[  823.821012][T11988] F2FS-fs (loop5): Try to recover 1th superblock, ret: 0
[  823.828121][T11988] F2FS-fs (loop5): Mounted with checkpoint version = 48b305e5
[  827.581351][T12017] netlink: 24 bytes leftover after parsing attributes in process `syz.2.1669'.
[  828.904908][T12028] xt_NFQUEUE: number of total queues is 0
[  830.723341][T12035] loop3: detected capacity change from 0 to 256
[  830.777630][T12035] exFAT-fs (loop3): failed to load upcase table (idx : 0x00010000, chksum : 0x905a013b, utbl_chksum : 0xe619d30d)
[  831.966807][T12043] netlink: 12 bytes leftover after parsing attributes in process `syz.2.1676'.
[  832.974468][T12046] bridge3: port 1(veth0_to_bond) entered blocking state
[  833.148822][T12046] bridge3: port 1(veth0_to_bond) entered disabled state
[  833.156145][T12046] veth0_to_bond: entered allmulticast mode
[  833.190470][T12046] veth0_to_bond: entered promiscuous mode
[  833.948153][T12048] vlan3: entered allmulticast mode
[  833.968446][T12048] veth1: entered allmulticast mode
[  833.988805][T12048] bridge3: port 2(vlan3) entered blocking state
[  834.025771][T12048] bridge3: port 2(vlan3) entered disabled state
[  834.046009][T12048] vlan3: entered promiscuous mode
[  834.058344][T12048] veth1: entered promiscuous mode
[  834.190613][T12058] loop3: detected capacity change from 0 to 128
[  834.822457][T12058] EXT4-fs (loop3): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none.
[  834.858804][T12058] ext4 filesystem being mounted at /322/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa supports timestamps until 2038-01-19 (0x7fffffff)
[  835.803450][ T5854] EXT4-fs (loop3): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09.
[  841.010505][T12106] mmap: syz.2.1692 (12106) uses deprecated remap_file_pages() syscall. See Documentation/mm/remap_file_pages.rst.
[  842.342220][T12124] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  843.862580][T12142] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1700'.
[  843.871694][T12142] netlink: 36 bytes leftover after parsing attributes in process `syz.2.1700'.
[  850.751505][T12184] ptrace attach of "./syz-executor exec"[12189] was attempted by "./syz-executor exec"[12184]
[  851.616590][T12207] xt_NFQUEUE: number of total queues is 0
[  853.387677][T12218] loop0: detected capacity change from 0 to 2048
[  855.811706][T12241] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  858.110128][T12259] xt_NFQUEUE: number of total queues is 0
[  866.825042][T12333] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  870.137058][ T1304] ieee802154 phy0 wpan0: encryption failed: -22
[  870.150514][ T1304] ieee802154 phy1 wpan1: encryption failed: -22
[  871.445859][T12367] block device autoloading is deprecated and will be removed.
[  871.456661][T12367] syz.3.1761: attempt to access beyond end of device
[  871.456661][T12367] md0: rw=2048, sector=0, nr_sectors = 8 limit=0
[  873.093329][T12385] netlink: 324 bytes leftover after parsing attributes in process `syz.0.1767'.
[  873.102557][T12385] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1767'.
[  883.296367][T12426] xt_policy: output policy not valid in PREROUTING and INPUT
[  886.124834][   T30] audit: type=1800 audit(2000000078.024:159): pid=12446 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.1.1781" name="nullb0" dev="tmpfs" ino=1798 res=0 errno=0
[  892.374110][T12488] loop3: detected capacity change from 0 to 512
[  893.613314][T12490] loop0: detected capacity change from 0 to 2048
[  893.783783][T12488] EXT4-fs (loop3): encrypted files will use data=ordered instead of data journaling mode
[  893.803898][T12490] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000)
[  894.103298][T12488] EXT4-fs (loop3): 1 truncate cleaned up
[  894.693288][T12488] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  895.740803][ T5854] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  896.115855][T12519] loop6: detected capacity change from 0 to 63
[  897.018981][T12519] buffer_io_error: 3880 callbacks suppressed
[  897.018998][T12519] Buffer I/O error on dev loop6, logical block 0, async page read
[  897.177367][T12519] Buffer I/O error on dev loop6, logical block 0, async page read
[  898.597824][T12519] Buffer I/O error on dev loop6, logical block 0, async page read
[  898.626040][T12519] Buffer I/O error on dev loop6, logical block 0, async page read
[  898.634035][T12519] Buffer I/O error on dev loop6, logical block 0, async page read
[  898.699282][T12519] Buffer I/O error on dev loop6, logical block 0, async page read
[  900.864130][T12554] tipc: Enabled bearer <udp:syz2>, priority 10
[  900.934996][T12554] tipc: Enabled bearer <eth:team0>, priority 0
[  901.529041][T12557] loop3: detected capacity change from 0 to 40427
[  901.608829][T12557] F2FS-fs (loop3): Invalid log_blocksize (268), supports only 12
[  901.616703][T12557] F2FS-fs (loop3): Can't find valid F2FS filesystem in 1th superblock
[  901.627156][T12557] F2FS-fs (loop3): invalid crc value
[  901.877755][T12557] F2FS-fs (loop3): f2fs_recover_fsync_data: recovery fsync data, check_only: 0
[  901.902075][T12557] F2FS-fs (loop3): Try to recover 1th superblock, ret: 0
[  901.909415][T12557] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e5
[  905.676090][T12584] overlayfs: failed to resolve './file0': -2
[  909.396050][T12616] netlink: 'syz.5.1827': attribute type 12 has an invalid length.
[  909.437062][T12616] netlink: 9472 bytes leftover after parsing attributes in process `syz.5.1827'.
[  909.688191][T12621] netlink: 16 bytes leftover after parsing attributes in process `syz.2.1829'.
[  914.360585][T12655] xt_connbytes: Forcing CT accounting to be enabled
[  914.367299][T12655] set match dimension is over the limit!
[  919.484014][T12689] loop3: detected capacity change from 0 to 40427
[  920.346244][T12696] netlink: 'syz.5.1846': attribute type 1 has an invalid length.
[  920.354150][T12696] netlink: 168864 bytes leftover after parsing attributes in process `syz.5.1846'.
[  923.351213][T12716] loop0: detected capacity change from 0 to 256
[  923.419706][T12716] exFAT-fs (loop0): failed to read boot sector
[  923.453587][T12716] exFAT-fs (loop0): failed to recognize exfat type
[  924.204861][T12721] loop0: detected capacity change from 0 to 4096
[  925.158406][T12722] NILFS (loop0): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
[  926.024194][T12731] ecryptfs_validate_options: You must supply at least one valid auth tok signature as a mount parameter; see the eCryptfs README
[  926.037741][T12731] Error validating options; rc = [-22]
[  927.524792][T12741] /dev/nullb0: Can't lookup blockdev
[  930.473785][T12767] loop0: detected capacity change from 0 to 2048
[  930.532949][T12767] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  931.563668][ T1304] ieee802154 phy0 wpan0: encryption failed: -22
[  931.570031][ T1304] ieee802154 phy1 wpan1: encryption failed: -22
[  931.681912][ T5852] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  934.573307][T12788] ip6t_srh: unknown srh invflags 7D00
[  939.283872][   T30] audit: type=1800 audit(2000000130.187:160): pid=12826 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.1878" name="bus" dev="overlay" ino=1797 res=0 errno=0
[  943.200900][T12843] lo: entered promiscuous mode
[  943.213031][T12843] tunl0: entered promiscuous mode
[  943.533162][T12843] gre0: entered promiscuous mode
[  943.542314][T12846] loop5: detected capacity change from 0 to 512
[  943.573025][T12846] EXT4-fs: Ignoring removed bh option
[  943.579996][T12843] gretap0: entered promiscuous mode
[  943.595257][T12846] EXT4-fs (loop5): mounting ext3 file system using the ext4 subsystem
[  943.752624][T12843] erspan0: entered promiscuous mode
[  943.758597][T12843] ip_vti0: entered promiscuous mode
[  943.764882][T12843] ip6_vti0: entered promiscuous mode
[  943.770952][T12843] sit0: entered promiscuous mode
[  943.777009][T12843] ip6tnl0: entered promiscuous mode
[  943.864439][T12843] ip6gre0: entered promiscuous mode
[  943.892930][T12846] EXT4-fs (loop5): 1 truncate cleaned up
[  943.903111][T12843] syz_tun: entered promiscuous mode
[  943.909190][T12843] ip6gretap0: entered promiscuous mode
[  943.989737][T12860] xt_TPROXY: Can be used only with -p tcp or -p udp
[  944.416826][T12846] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  944.446753][T12843] bridge0: port 2(bridge_slave_1) entered blocking state
[  944.454046][T12843] bridge0: port 2(bridge_slave_1) entered forwarding state
[  944.461724][T12843] bridge0: port 1(bridge_slave_0) entered blocking state
[  944.468996][T12843] bridge0: port 1(bridge_slave_0) entered forwarding state
[  944.572725][T12843] bridge0: entered promiscuous mode
[  944.580793][T12843] vcan0: entered promiscuous mode
[  944.588130][T12843] bond0: entered promiscuous mode
[  944.595300][T12843] bond_slave_0: entered promiscuous mode
[  944.601815][T12843] bond_slave_1: entered promiscuous mode
[  944.609820][T12843] team0: entered promiscuous mode
[  944.620298][T12843] team_slave_0: entered promiscuous mode
[  944.678497][T12843] team_slave_1: entered promiscuous mode
[  944.735106][T12843] dummy0: entered promiscuous mode
[  944.741366][T12843] nlmon0: entered promiscuous mode
[  944.762709][T12843] caif0: entered promiscuous mode
[  944.767784][T12843] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.
[  945.833292][ T6552] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  946.021059][T12868] loop3: detected capacity change from 0 to 64
[  946.099075][T12868] MINIX-fs: file system does not have enough imap blocks allocated.  Refusing to mount.
[  946.110139][T12868] MINIX-fs: bad superblock or unable to read bitmaps
[  946.603107][T12875] netlink: 28 bytes leftover after parsing attributes in process `syz.5.1890'.
[  949.884279][T12898] loop3: detected capacity change from 0 to 64
[  950.525338][T12892] loop0: detected capacity change from 0 to 2048
[  950.846371][T12904] netlink: 112 bytes leftover after parsing attributes in process `syz.5.1896'.
[  951.625563][T12908] NILFS (loop0): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
[  951.647998][   T30] audit: type=1800 audit(2000000143.558:161): pid=12892 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.1894" name="file2" dev="loop0" ino=16 res=0 errno=0
[  951.765151][T12914] NILFS error (device loop0): nilfs_sufile_mark_dirty: active segment 3 is erroneous
[  951.828797][T12914] Remounting filesystem read-only
[  952.038828][T12919] loop3: detected capacity change from 0 to 512
[  952.160274][T12919] EXT4-fs: Ignoring removed bh option
[  952.389317][T12919] EXT4-fs (loop3): mounting ext3 file system using the ext4 subsystem
[  952.435006][ T5852] NILFS (loop0): disposed unprocessed dirty file(s) when stopping log writer
[  952.435299][T12919] EXT4-fs (loop3): 1 truncate cleaned up
[  952.455938][T12919] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  953.501001][ T5854] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  953.678227][T12931] loop3: detected capacity change from 0 to 512
[  953.742992][T12931] EXT4-fs: Ignoring removed mblk_io_submit option
[  953.779593][T12931] EXT4-fs error (device loop3): ext4_iget_extra_inode:5103: inode #15: comm syz.3.1904: corrupted in-inode xattr: overlapping e_value 
[  953.800166][T12931] EXT4-fs error (device loop3): ext4_orphan_get:1397: comm syz.3.1904: couldn't read orphan inode 15 (err -117)
[  953.823664][T12931] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  955.280651][ T5854] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  956.219436][T12951] loop3: detected capacity change from 0 to 16
[  958.135955][T12951] erofs (device loop3): mounted with root inode @ nid 36.
[  958.913867][T12950] erofs (device loop3): bogus lookback distance 1388 @ lcn 42 of nid 36
[  958.927136][T12950] erofs (device loop3): failed to decompress -29 in[58, 4038] out[1851]
[  958.935893][T12950] erofs (device loop3): read error -117 @ 43 of nid 36
[  958.957100][T12950] erofs (device loop3): bogus lookback distance 1388 @ lcn 42 of nid 36
[  958.966010][T12950] erofs (device loop3): failed to decompress -29 in[58, 4038] out[1851]
[  958.975107][T12950] erofs (device loop3): read error -117 @ 43 of nid 36
[  959.143645][T12964] loop0: detected capacity change from 0 to 1024
[  963.286439][T12997] netlink: 'syz.2.1919': attribute type 5 has an invalid length.
[  966.911141][T13023] netlink: 4 bytes leftover after parsing attributes in process `syz.5.1925'.
[  971.381486][T13052] IPVS: dh: UDP 224.0.0.2:0 - no destination available
[  971.391398][T13053] netlink: 'syz.5.1935': attribute type 5 has an invalid length.
[  971.526752][T13047] loop0: detected capacity change from 0 to 1024
[  971.548658][T13047] EXT4-fs: Ignoring removed orlov option
[  971.557328][T13047] EXT4-fs (loop0): stripe (2) is not aligned with cluster size (16), stripe is disabled
[  971.722538][T13047] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  972.838131][ T5852] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  976.632604][T13086] loop5: detected capacity change from 0 to 2048
[  977.002897][T13086] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000)
[  979.443756][T13104] xt_CT: No such helper "pptp"
[  980.084669][T13122] syz.3.1948: attempt to access beyond end of device
[  980.084669][T13122] nbd3: rw=0, sector=64, nr_sectors = 1 limit=0
[  980.785750][T13122] syz.3.1948: attempt to access beyond end of device
[  980.785750][T13122] nbd3: rw=0, sector=256, nr_sectors = 1 limit=0
[  980.834302][T13122] UDF-fs: error (device nbd3): udf_read_tagged: read failed, block=256, location=256
[  980.875889][T13122] ------------[ cut here ]------------
[  980.881922][T13122] WARNING: fs/buffer.c:1125 at bdev_getblk+0x580/0x660, CPU#0: syz.3.1948/13122
[  980.891110][T13122] Modules linked in:
[  980.895356][T13122] CPU: 0 UID: 0 PID: 13122 Comm: syz.3.1948 Not tainted 6.16.0-rc6-next-20250717-syzkaller #0 PREEMPT(full) 
[  980.906943][T13122] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  980.917222][T13122] RIP: 0010:bdev_getblk+0x580/0x660
[  980.922695][T13122] Code: 26 fb ff ff e8 01 d1 79 ff 48 c7 c7 a0 fa 99 8b 48 c7 c6 a6 43 9e 8d 4c 89 fa 4c 89 e9 e8 e8 bc e1 fe eb bd e8 e1 d0 79 ff 90 <0f> 0b 90 48 b8 00 00 00 00 00 fc ff df 41 80 3c 07 00 74 08 48 89
[  980.942445][T13122] RSP: 0018:ffffc90013d976b0 EFLAGS: 00010287
[  980.948691][T13122] RAX: ffffffff8245e0cf RBX: ffff888148cc8018 RCX: 0000000000080000
[  980.956979][T13122] RDX: ffffc90010229000 RSI: 000000000000d294 RDI: 000000000000d295
[  980.965182][T13122] RBP: 0000000000000200 R08: 0000000000000000 R09: ffffffff8215aaad
[  980.973294][T13122] R10: 0000000000000406 R11: 0000000000000002 R12: ffff888148cc8970
[  980.981471][T13122] R13: ffff888148cc8000 R14: 0000000000000200 R15: 1ffff11029199003
[  980.989562][T13122] FS:  00007f1778f4c6c0(0000) GS:ffff888125be2000(0000) knlGS:0000000000000000
[  980.998775][T13122] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  981.005671][T13122] CR2: 000000110c32c49f CR3: 000000005968a000 CR4: 00000000003526f0
[  981.013749][T13122] Call Trace:
[  981.017139][T13122]  <TASK>
[  981.020193][T13122]  ? __pfx__udf_err+0x10/0x10
[  981.024911][T13122]  ? __bread_gfp+0x216/0x3c0
[  981.029542][T13122]  __bread_gfp+0x89/0x3c0
[  981.033974][T13122]  udf_read_tagged+0xad/0xe00
[  981.038696][T13122]  udf_check_anchor_block+0x99/0x550
[  981.044116][T13122]  ? udf_get_last_block+0x286/0x360
[  981.049354][T13122]  ? __pfx_udf_check_anchor_block+0x10/0x10
[  981.055465][T13122]  udf_load_vrs+0xa83/0xf20
[  981.060096][T13122]  ? __pfx_udf_load_vrs+0x10/0x10
[  981.065153][T13122]  ? udf_get_last_session+0x100/0x200
[  981.070640][T13122]  udf_fill_super+0x5ad/0x17a0
[  981.075446][T13122]  ? __pfx_udf_fill_super+0x10/0x10
[  981.080735][T13122]  ? set_blocksize+0x21e/0x500
[  981.085563][T13122]  ? sb_set_blocksize+0x104/0x180
[  981.090717][T13122]  ? setup_bdev_super+0x4c1/0x5b0
[  981.095789][T13122]  get_tree_bdev_flags+0x40b/0x4d0
[  981.101023][T13122]  ? __pfx_udf_fill_super+0x10/0x10
[  981.106262][T13122]  ? __pfx_get_tree_bdev_flags+0x10/0x10
[  981.112024][T13122]  vfs_get_tree+0x8f/0x2b0
[  981.116489][T13122]  do_new_mount+0x2a2/0x9e0
[  981.121111][T13122]  ? ns_capable+0x8a/0xf0
[  981.125474][T13122]  ? __pfx_do_new_mount+0x10/0x10
[  981.130588][T13122]  ? path_mount+0x61c/0xfe0
[  981.135122][T13122]  ? user_path_at+0x44/0x60
[  981.139664][T13122]  __se_sys_mount+0x317/0x410
[  981.144416][T13122]  ? __pfx___se_sys_mount+0x10/0x10
[  981.149648][T13122]  ? do_syscall_64+0xbe/0x3b0
[  981.154405][T13122]  ? __x64_sys_mount+0x20/0xc0
[  981.159289][T13122]  do_syscall_64+0xfa/0x3b0
[  981.163908][T13122]  ? lockdep_hardirqs_on+0x9c/0x150
[  981.169144][T13122]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  981.175273][T13122]  ? clear_bhb_loop+0x60/0xb0
[  981.180072][T13122]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  981.185998][T13122] RIP: 0033:0x7f177818e929
[  981.190509][T13122] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  981.210682][T13122] RSP: 002b:00007f1778f4c038 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5
[  981.219143][T13122] RAX: ffffffffffffffda RBX: 00007f17783b6240 RCX: 00007f177818e929
[  981.227213][T13122] RDX: 0000200000000080 RSI: 0000200000004a00 RDI: 0000200000000000
[  981.235290][T13122] RBP: 00007f1778210ca1 R08: 0000000000000000 R09: 0000000000000000
[  981.243339][T13122] R10: 0000000002008087 R11: 0000000000000246 R12: 0000000000000000
[  981.251406][T13122] R13: 0000000000000001 R14: 00007f17783b6240 R15: 00007ffddbf3a9a8
[  981.259427][T13122]  </TASK>
[  981.262522][T13122] Kernel panic - not syncing: kernel: panic_on_warn set ...
[  981.269850][T13122] CPU: 0 UID: 0 PID: 13122 Comm: syz.3.1948 Not tainted 6.16.0-rc6-next-20250717-syzkaller #0 PREEMPT(full) 
[  981.281402][T13122] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  981.291465][T13122] Call Trace:
[  981.294758][T13122]  <TASK>
[  981.297701][T13122]  dump_stack_lvl+0x99/0x250
[  981.302333][T13122]  ? __asan_memcpy+0x40/0x70
[  981.306957][T13122]  ? __pfx_dump_stack_lvl+0x10/0x10
[  981.312179][T13122]  ? __pfx__printk+0x10/0x10
[  981.316794][T13122]  vpanic+0x281/0x750
[  981.320786][T13122]  ? __pfx__printk+0x10/0x10
[  981.325388][T13122]  ? __pfx_vpanic+0x10/0x10
[  981.329997][T13122]  ? is_bpf_text_address+0x292/0x2b0
[  981.335286][T13122]  ? is_bpf_text_address+0x26/0x2b0
[  981.340495][T13122]  panic+0xb9/0xc0
[  981.344221][T13122]  ? __pfx_panic+0x10/0x10
[  981.348652][T13122]  __warn+0x334/0x4c0
[  981.352732][T13122]  ? bdev_getblk+0x580/0x660
[  981.357351][T13122]  ? bdev_getblk+0x580/0x660
[  981.361949][T13122]  report_bug+0x2be/0x4f0
[  981.366307][T13122]  ? bdev_getblk+0x580/0x660
[  981.370900][T13122]  ? bdev_getblk+0x580/0x660
[  981.375543][T13122]  ? bdev_getblk+0x582/0x660
[  981.380137][T13122]  handle_bug+0x84/0x160
[  981.384382][T13122]  exc_invalid_op+0x1a/0x50
[  981.388882][T13122]  asm_exc_invalid_op+0x1a/0x20
[  981.393738][T13122] RIP: 0010:bdev_getblk+0x580/0x660
[  981.398961][T13122] Code: 26 fb ff ff e8 01 d1 79 ff 48 c7 c7 a0 fa 99 8b 48 c7 c6 a6 43 9e 8d 4c 89 fa 4c 89 e9 e8 e8 bc e1 fe eb bd e8 e1 d0 79 ff 90 <0f> 0b 90 48 b8 00 00 00 00 00 fc ff df 41 80 3c 07 00 74 08 48 89
[  981.418667][T13122] RSP: 0018:ffffc90013d976b0 EFLAGS: 00010287
[  981.424749][T13122] RAX: ffffffff8245e0cf RBX: ffff888148cc8018 RCX: 0000000000080000
[  981.432783][T13122] RDX: ffffc90010229000 RSI: 000000000000d294 RDI: 000000000000d295
[  981.440758][T13122] RBP: 0000000000000200 R08: 0000000000000000 R09: ffffffff8215aaad
[  981.448728][T13122] R10: 0000000000000406 R11: 0000000000000002 R12: ffff888148cc8970
[  981.456702][T13122] R13: ffff888148cc8000 R14: 0000000000000200 R15: 1ffff11029199003
[  981.464693][T13122]  ? fs_reclaim_acquire+0x7d/0x100
[  981.469826][T13122]  ? bdev_getblk+0x57f/0x660
[  981.474438][T13122]  ? __pfx__udf_err+0x10/0x10
[  981.479130][T13122]  ? __bread_gfp+0x216/0x3c0
[  981.483733][T13122]  __bread_gfp+0x89/0x3c0
[  981.488074][T13122]  udf_read_tagged+0xad/0xe00
[  981.492771][T13122]  udf_check_anchor_block+0x99/0x550
[  981.498070][T13122]  ? udf_get_last_block+0x286/0x360
[  981.503298][T13122]  ? __pfx_udf_check_anchor_block+0x10/0x10
[  981.509214][T13122]  udf_load_vrs+0xa83/0xf20
[  981.513726][T13122]  ? __pfx_udf_load_vrs+0x10/0x10
[  981.518752][T13122]  ? udf_get_last_session+0x100/0x200
[  981.524147][T13122]  udf_fill_super+0x5ad/0x17a0
[  981.528919][T13122]  ? __pfx_udf_fill_super+0x10/0x10
[  981.534114][T13122]  ? set_blocksize+0x21e/0x500
[  981.538893][T13122]  ? sb_set_blocksize+0x104/0x180
[  981.543952][T13122]  ? setup_bdev_super+0x4c1/0x5b0
[  981.548997][T13122]  get_tree_bdev_flags+0x40b/0x4d0
[  981.554120][T13122]  ? __pfx_udf_fill_super+0x10/0x10
[  981.559364][T13122]  ? __pfx_get_tree_bdev_flags+0x10/0x10
[  981.565018][T13122]  vfs_get_tree+0x8f/0x2b0
[  981.569470][T13122]  do_new_mount+0x2a2/0x9e0
[  981.573993][T13122]  ? ns_capable+0x8a/0xf0
[  981.578324][T13122]  ? __pfx_do_new_mount+0x10/0x10
[  981.583353][T13122]  ? path_mount+0x61c/0xfe0
[  981.587859][T13122]  ? user_path_at+0x44/0x60
[  981.592398][T13122]  __se_sys_mount+0x317/0x410
[  981.597101][T13122]  ? __pfx___se_sys_mount+0x10/0x10
[  981.602337][T13122]  ? do_syscall_64+0xbe/0x3b0
[  981.607026][T13122]  ? __x64_sys_mount+0x20/0xc0
[  981.611796][T13122]  do_syscall_64+0xfa/0x3b0
[  981.616312][T13122]  ? lockdep_hardirqs_on+0x9c/0x150
[  981.621608][T13122]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  981.627855][T13122]  ? clear_bhb_loop+0x60/0xb0
[  981.632542][T13122]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  981.638441][T13122] RIP: 0033:0x7f177818e929
[  981.642884][T13122] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  981.662516][T13122] RSP: 002b:00007f1778f4c038 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5
[  981.670941][T13122] RAX: ffffffffffffffda RBX: 00007f17783b6240 RCX: 00007f177818e929
[  981.678933][T13122] RDX: 0000200000000080 RSI: 0000200000004a00 RDI: 0000200000000000
[  981.686907][T13122] RBP: 00007f1778210ca1 R08: 0000000000000000 R09: 0000000000000000
[  981.694919][T13122] R10: 0000000002008087 R11: 0000000000000246 R12: 0000000000000000
[  981.702897][T13122] R13: 0000000000000001 R14: 00007f17783b6240 R15: 00007ffddbf3a9a8
[  981.710882][T13122]  </TASK>
[  981.714246][T13122] Kernel Offset: disabled
[  981.718575][T13122] Rebooting in 86400 seconds..