last executing test programs:

13m27.688332534s ago: executing program 1 (id=197):
sendmmsg$sock(0xffffffffffffffff, 0x0, 0x0, 0x0)
mount$fuse(0x0, &(0x7f0000000280)='./file0\x00', 0x0, 0x100000, 0x0)
syz_open_dev$loop(&(0x7f0000000100), 0xf01c, 0x0)
sendmmsg$inet6(0xffffffffffffffff, &(0x7f0000000740)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000000b40)=[@hoplimit={{0x14, 0x29, 0x34, 0x4}}, @hoplimit={{0x14, 0x29, 0x34, 0xfffffffd}}, @dstopts_2292={{0x118, 0x29, 0x4, {0x4, 0x1f, '\x00', [@calipso={0x7, 0x10, {0x1, 0x2, 0x9, 0x9f, [0x8]}}, @generic={0xfe, 0x64, "f4a4a3142ee1e12b9826287997a6b33d89f3d60da1641d9fe3896c3c1b6c130ef4f01be8f5836d417874540898619050b14420ab124b11de36afb16ef4fc1cf3f4e4fa0e647cd1b07b068d3894180b6aa7527a4a8252f6836a0d67a7782c675a838ea989"}, @generic={0x80, 0x14, "09e12e5f0b6bdcf72f2ec7008a15fa88b025e0ad"}, @calipso={0x7, 0x40, {0x1, 0xe, 0x7a, 0x8001, [0x5, 0x9, 0x4, 0x6, 0x4, 0x400, 0xb]}}, @ra={0x5, 0x2, 0xa7e}, @pad1, @ra={0x5, 0x2, 0xbf4}, @hao={0xc9, 0x10, @private2}, @generic={0x93, 0xc, "e80ee304ecb784ec4655260c"}]}}}, @hoplimit={{0x14}}, @hopopts={{0x88, 0x29, 0x36, {0x5e, 0xd, '\x00', [@pad1, @pad1, @padn={0x1, 0x8, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}, @calipso={0x7, 0x30, {0x3, 0xa, 0x0, 0xfff, [0x2, 0x966, 0xfffffffffffffff7, 0x1, 0x1]}}, @calipso={0x7, 0x8, {0x0, 0x0, 0x7, 0x6}}, @generic={0x8}, @calipso={0x7, 0x18, {0x3, 0x4, 0x3, 0x7, [0x0, 0x8000]}}, @generic={0x1, 0x4, "2bdb86d1"}]}}}, @rthdrdstopts={{0x20, 0x29, 0x37, {0x73, 0x0, '\x00', [@pad1]}}}, @flowinfo={{0x14, 0x29, 0xb, 0x2}}, @rthdr_2292={{0x28, 0x29, 0x39, {0x3a, 0x2, 0x2, 0x70, 0x0, [@mcast2]}}}], 0x248}}], 0x1, 0x810)
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r2, &(0x7f0000000380)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc-cast5-avx\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r2, 0x117, 0x1, &(0x7f00000004c0)="2c385a7af3be", 0x6)
r3 = accept4(r2, 0x0, 0x0, 0x800)
sendmmsg$alg(r3, &(0x7f0000000040)=[{0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000080)="f78d9ca38fff48f3be52163448412ba8", 0xfffffe3f}, {&(0x7f0000000140)="ebe3a0e9796cfd1647e299f4e376fdba128280b372219d205e81f4a7f71c1926aae1efd7e0054a863f3d5cfe6cb55b5bb9fa6935849e6098ed884e7cb51726b360fbb37b4fe035bbb095873048", 0xff31}, {&(0x7f00000003c0)="e8700e444d50a969ff67347cff6127e6ef12ee3819271482a4975a52c1ab9b8b4db3945d1032005eabe97b4dc33a47d3a158da988456d30026b433186f53cdcdb93a4722bf306a10470d50f5cb1ece9ead3459bab1cf1538cd0b157653c5e892962c80f158c443e9c6ad7d2a8103ef2f4b93766b9a21501f94c1568b13756b66f74f46cf801704d2da8b96c34070b233af0afcc436712e58ed25e721193af05a045ad3fdc928f02f3dbad19d3e66eebda2e63f3f46ef4511cee26d7b48241847bf9e343ef4674c45e2a085060f11"}], 0x1, &(0x7f0000000380)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18}], 0x1, 0x40800)
recvmsg(r3, &(0x7f00000005c0)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f00000000c0)=""/81, 0x7ffff000}, {&(0x7f0000000200)=""/83, 0x20000253}], 0x2}, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000840)={0x1fe, 0x2, 0x3000, 0x2000, &(0x7f0000003000/0x2000)=nil})
r4 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x2)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r4, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000100)=[@text32={0x20, &(0x7f00000000c0)="650f340f3566b842000f00d8b805000000b9a00000000f01c13e0f070fde460b0f0130670f01c2f2360f217a0f07", 0x2e}], 0x1, 0x11, 0x0, 0x0)
pwritev(0xffffffffffffffff, &(0x7f0000000b00)=[{&(0x7f0000001880)="ea7c5828b87d70214008724bcae1ce6577c01031b19698ecb8a7f5183947918ce2cc9dc778dbfff9e28e1a6df7d8f95c3e45768a6786d6325bc0fe4ed394c8ed0edcbb9f917074251a7f5b6b24c52516a68f181592262dfd12b5af7386658c5fb6c36d86d5084624a302a155c0463b6c36e9fc88338b0f66e2713728a21d19d9a33da93d419df63d8a87fa100381ec74de8b7409f4977d3cd7a9f2fb03cec91c4277b39b2c9f227a9b74926a11960d085e2aaf98673d2a67fa95b8d9dcc72ca6181f6b9b2d1c402267e6cfef5599e1520077d9bc472fb5a5db42b1befd498ec7b8d519b12f065323b15280a2540bc7a4ffe508fc12f93707064caf4111e893142f9867b432b1e6258caa2ae081b8b646c25de7f5366a21f9dd257b84546cd316e17b79d22c4bcaf70e8a96d1e502b53c581c75482d1d63f0d5f3fb5bdbb714583f0798e0c4d6c9d99513e91a68a26612053290f15f5a2e06acfa229356e37b4d57697224e9561c0430a67fcb5dea72acc91e60751a5b07eb603548a646f082ce213347b4ee908bd95cc56775330aa09d4f19f48a8cb5d7f6346d82bab8ff019309684bd01eb4d90febe2269cd2a1100130c242a2995ce38638a3bbc9008ac0e820a1e0b9a9511af47aa7f3e30a69589985423f3b4ea98152433bf1aa53a0981f783f11c4cc50f70fe63b2043b74b9cb7da59caedadc1fa1f662831a353969893d4f93b919cda52a1ce2200a0a7895abb293c29d6d197cce98a4df8fc90c582014742a00b4bd09f1fcc5ff5753320d2b5593e657c0fb87a4cfa323ce59111eea806a6e020fb0c4fdd601087811e33e793975b5e9e936c16d243bdea757e0ee4508f5d5b496ed07b6f0f1f46ed752448f30d679b23ba8142d4ab25beb913ee77547866e5d9501a55e9797ba3407f3f4cc11398bdaf3ac4c2e79a5b133a09fcf8ae790bb985fa01daf2758fd8a77fde15a822227dddf64bb2ebc49a56ad025e01c6c59e4818abdf808789d9f87c103cf7f7d21d2a1345b9b7fd66b1cf96002343fbd62f8080d945e70bd93d4bf42b401477abed49065b4a8ccfb9d93724118168de2e8df4f78ccf3b9593f993423a619ef6bd8392a2cfc6424d3687fcdc67d33073db95d856f312b934d05a3c4e967217837920fee73b00757b617d1ef3bfc2e88a8a72f0948263db2c9e7bd491f059b6ee8d0ea3f2193314562910529869b248172bfe0f914f7a91a27c6e9e6c2e3455a7ae765392b48fc959958aa39a5a483b2a6e873ac76f8579515e42f7a3bbc82bcf71edaf12f7b40a2adc74d67ef793988cc8ac788185049e57fb84757bdc700ffde10afc19df290787ed98222f8afb2b6d11944666331350e2914466b398750acae526146373b2cbe1bdd1803e6c920a182a1ad118a3d09313c2ce2703a0a1c09215cab90c35b03b1c795cf704f42dd31ddff6be67bb355977b2e07609c5228299a170308e54705674384fc294cdfa4abf989d3c3bf3eabbbcf52a6a0646bf6db5b61ad027007464fd6fc10490ee2e9190c28ae5cb3733105cb782c0d53e5c79c3e455609d557d824154d01e282788ec8ae7c8a03fcd6cd4e37829b0f921c46d715454d5e1281c641cf0756a2f31b0369ce94e819e6254af95b88bffd7bb2cfe9469d303497fead174839b2789b5aa703176510eab1f46916b3b63f6f5b2df262fe7274a0cee9bd6e115e5f9f48ac1c09e5b3c546ae95b9916a633869854d3ee39d4acb800e876e7fc084ffd79a20fca8331caff657ec89b445c6012ff7eb9531eb1e8c90cdc66b82d6fd608310099503a9dcf50b40d10a3b1ab520477e20ad5f6405cd4b5b36d201e12088d7868c6e94737ea88db6ed5f7df4d31cbd2d0c4f21cdcc3b181f5aae7216dc4c06b2989bb44e5369ba96ce87f3e3abbb530d103a53d7e0b914115c302c935eea7d256a73aa851d84dec6d9112163be8135889c67fa90e796a6f050fba0a6a740618cd513748072daac9f3e25034772cc400a14834afbde835bc9fd7cf1113d67ebe99a3b78907596886ad5a1670ef572c18e26c98fe40194428de339cba7b8efc5fa7faf7512ef6b89a877f3e534fb4512729df686e14aece08fab3b42ea14acde0e18ffe5dc00e74288661c7463e00f3b942cddf3b71e1dcf71989f378b933df099316451cca296a4e117bbeb3b1e552e5a10f9731449ae830de14989049ce818f720e77e78a86c307c80450b26278bc25ee7390ce6d4c4dfc8d39b6b4b1ce6f3865dbdd1d37aedb555288bea9ef95c8600dea1cd10e9e42d15aa804f99a31bfaa5ea52185333d734c766e3bb4a9abf86cf4d840dc188167a25cc3054b65fd7ce053d38518474ab55e59c1ccaf34d57b4cd73b07ed63d754ab3d57dfc0f67bbdb22e33d9f63aa2b36cf0af338794d4acbd1b13669bde67f7bd032f9c6b400e8054a0cff77fc6e0591195b21715e42c881e23156b4ba504d7e1b6eb9c2ec9b9e382d85f7c52bd964d305da9496dbaa022880ddf236730c458f31258d64ae2668aa863b3fe558c7f8cfb3dabf42edcaf2891e9b9462c44153658eae85cd499abd9dca762adf26d9904d28b772b3fc3d066d56261474c944387ac7eb00059025ff25e34b8f7c2986db1ccc4297e1315c3ceeef1b8f98e0500bbb8bb0ab52d80f8c6c8fa5d24b9a05f5350e2fd59af4b9fa9a2b4339b61e208f227ba968d4dbd36246133de2078c6a15dd57754a3537c31d04da545f062dbf9cbaa0840e23974f441a4d5937fec23ff81c193bd951a7bacac8eb6d4705702cbe3c930f27869753ba6026455bbb7742c53644f1646d7545467091a207905f831505f214fbd818aea4455705b5e727850cdcac40620135b8dba85cb0c0f393af252ec082cba5c43385fbc2cc5682bc1994b064e29c8c5a20e7e6d15fbb13e6fd1a86b2fda666fbcd80fd08be00a7423fcafbdd8283bac88ead203bc10d1c1a13ca2fe853fa6cc8991b0476561be085b086b0d0e45f73e59f519342c13f368a37464cb55b8a13846f4cd610536d5c4b8704fcd347abe6712d3de67d7918e6954898f31647a8ea37ecc2e1bb02b1b26e7a60fbb2b0a48efc5795c12d5c4ac8dc4149dea0f2e085422ec69352882622711b74e1e32c7ead2cf3c554e8ff1648e8b66d0dc6997b6304b3b560a33d75aa49476175a386ca721156ea79bdba432d439dbceb0285561abd5d134badd9f38c04fae8fa920edfff15705371c907848c14acdfb0b22a4c7168e1840e8b8a50349dcee5f429b3cb34e30f0f67acf93604792b8574f36ea9409d422621f3c0c7b781fc8e23d1d46f04a9b44f633e5f72cb079fbde66a9745705666c6dab6238628e57ee6cffa8cfad616dac1abe2789c9efccb4fc7e65e490d9a4e49e7ce72a6980e72f70a17649e67de86f86b61a4b6219daefc939b5904e5712ecaf85c98484fc02585b1aa990b95173e4a2907cf877af696e528e6b2b634a4fb7d791cacc8644fa76e062148d411e18f0da5aed22116828cd700a28e8f46bca950550acb4ab05eddeb6b2dac24702cff4de0a3ece393cac879ed2f0c5b9645839cfdb79fb1df87596b14504cba9dddda51edaffcd0214b91b5898ea022774e699aa0caf0f646cc0cb8e8fc8b8be43c23aa7f6bd29fd0615c0b78f3514a52989d7f35ad08a4bd473e61da6657cc2e85d3b2b7d3fb51174a96f27038ddbc87a35e09a668e436aa40146c6a26dca87b39220f139b772719d80aadb752c622bf09acd6846838fb48a8817ba4aa72eaa32e82251b3789969d8518f9aa07cdcb9a355f73f119725c086168aaca262f13cd742e5f06c969a462638a557e15a4f5d43e3242c08f23b00d2b8d57c60d3636abd4068ec03a4be3429b95e41351ab5c58812e552df90c3e6c9d8779aa484e74f073ea9fcdce13b1dff8e7c101b2c6865c5cefe108e3559f520e2bc42c9dc39b57fddb44ca49f2689e10c1381c0740d20cbca46da475c62f513cb08398a5fd5d4f6b13ce839fe149df0d291a8f7267fe90a7e1845dace17cd927c2d1aeffbdc36bb983172ceff025e84b0419645fcc72897b992f5081c78756122391947f08ccd20806cfc2bded705b472fc52e84734e016cbd309aadebbbb4e8bdfed77b1e0b15ce0904838d9e4d64643df66f0353c377e554b428dc0f31189a134cdb8e66d2755e84c2b2409c3d63a81f5f05616baf6a243b09153a4f8289e15a5a4ffb007b0cbeffde25391bb2acd86b453e245643c0fa1dfe5d42e0e3f1c592a00b77f0133adf7989c6c2bf3ddc0b8a2b14f35d33f62f4ee2fc56166372058e997b9abe6bad8aa718f8d87ad095e8f354aaef540840437b5451771266a8358ed75954db52b38bca4a1c8696dca1de03b12627254409f8bb68c94eeaa1a8bcf894482b96e81b9ff5c2383a907537a191aff0bb5b5418ef5670cecca1cfbd41b61879b11a5a5053cd86cf5d61f8c2f7d7ad2034a1801b3b92a79ac3b4343c680008b1ba10577a35173cac6d4dbc1d00e436f238b57093b34d4ea19c225b84a2d6086cc6cf72595b980c88142d268bbf9c8375a93afe75c3583b3b9687368d78147985d209e6d89c335e948c51696a948f01ad062dcf84a99584466e24646b2e441fefb10ef962432f2925d6d98e790acf4ca7d9339a589a537aa3392ec79f34a6544144072ab8248e45ac560a78c70c5afcbf10909299dfcd67981c88780c1340c951e115ffec56d23b9ead6a55024e199238f4b133e3e1e0e84318b5037a3947ae09749c25c7e4887936ecf0ba9a807dfa471ea1f3350b70feb58dc9e2836365ce4db456a341e43410cac1253fe08e79c21fca932716f4c171fc957cb325737b70532d81f0eb2f0a16478c0d934165728f7b29a8a0ff6bc964e99dea26d3efd28336b00c112a26da7a2ea1c21a9688cc3a68293958edf27ae89e5f9b8348af4121028e760cf68c931af92906d27dad4d330df9201b5395ccce0c803806422883667ccb11438d9dbe1901d4ab98d89914b313338486deb6f748053517e2188c479adb1eabb8e8ed5d05bb3f66826fae83bbc5bce3615ee32d937ffbe8846a1156aaf7bf9b9d4189bdf290b3df254077688eeda824d6ea0a452f7e7f915c1a94ee250a3907ec035d7ba7bb0256811f04646ca156b8925506c774df4d4072c02929e985057a5f7ddc1469c7306e6fdb86b810ada1cc96f6bd389597dd27dd656f55c316fb2d56b2d13eddf893722e813934a19778719be99697c365222db64039f9caab1201c430e53df1af8a0321c8759fc33e8204150080979936d0717f6c4c9145fb828389acbb894a4600485e8b105c7165a40e814889343deead6d434a8da60eed1e50aa507ac2793b4a4c5517265f859f223bb4f6cadc6fb53430304baea18189e2b5ddd266c38f5c325ba391a50fcd34060d217c4118889c4275e40a8428099ddfa3cc0d8241c22fc1554318e922f3b1257f2046d70df460c5283a539487583ffca1972a19237b06480e0a56d9e185fe4dc3607666d81ed0d9d9f5c5c568a5a0a87160b6d35c73dae9c6177f2b25d90a2598042f4b43bc765fa86a831c401a01c391a8fdc8f8c742f2322a1b8ef18ec7d82f013893c981f6bd96ec57d8e73e1633ae3970721fcea055ecc836ce3", 0xf91}], 0x1, 0x1, 0x2)
syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000180)=[@text64={0x40, 0x0}], 0x1, 0x18, 0x0, 0x0)
ioctl$KVM_RUN(r4, 0xae80, 0x0)

13m26.356525011s ago: executing program 1 (id=203):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
r1 = getpid()
sched_setscheduler(r1, 0x1, &(0x7f0000000100)=0x5)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000001480)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f0000000000)=@abs={0x0, 0x0, 0x4e22}, 0x6e)
sendmmsg$unix(r3, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
socket$nl_netfilter(0x10, 0x3, 0xc)
socket$nl_netfilter(0x10, 0x3, 0xc)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
bpf$MAP_CREATE(0x0, 0x0, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
r4 = syz_open_dev$sndpcmc(&(0x7f0000000180), 0x0, 0x0)
ioctl$SNDRV_PCM_IOCTL_HW_REFINE(r4, 0xc2604110, &(0x7f00000001c0)={0x0, [[0x1, 0x0, 0x4000000], [0x7ff, 0x100003, 0x3, 0x0, 0x0, 0x0, 0x0, 0x1000], [0x91, 0x0, 0x738, 0x0, 0x8, 0x0, 0x1]], '\x00', [{0xfffffffd, 0xfffffffe}, {0x100775, 0xe}, {0x0, 0x5}, {0x5}, {}, {0x8564}, {}, {0x0, 0xffffffff}, {}, {0x5, 0x1}, {0xb6f}], '\x00', 0x5})
bind$netlink(r0, &(0x7f0000000080)={0x10, 0x0, 0x0, 0x1}, 0xc)
r5 = socket$inet6(0xa, 0x3, 0x7)
r6 = syz_open_dev$vbi(&(0x7f0000000040), 0x2, 0x2)
ioctl$VIDIOC_S_CTRL(r6, 0xc008561c, &(0x7f00000000c0)={0xf0f025, 0xfb})
connect$inet6(r5, &(0x7f00000000c0)={0xa, 0x0, 0x0, @loopback}, 0x1c)

13m23.550973081s ago: executing program 1 (id=205):
socket$inet_tcp(0x2, 0x1, 0x0)
ioctl$AUTOFS_DEV_IOCTL_CLOSEMOUNT(0xffffffffffffffff, 0xc0189375, 0x0)
syz_open_dev$usbmon(&(0x7f0000001980), 0x1, 0x10280)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000440)={0x18, 0x3, &(0x7f0000000380)=ANY=[], &(0x7f0000000000)='GPL\x00', 0x2, 0xba, &(0x7f0000000140)=""/186, 0x41000, 0x2b, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x37}, 0x94)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f00000000c0)=0x7)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0xc2354000)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r0, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r3 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000100), 0x2, 0x0)
write$RDMA_USER_CM_CMD_CREATE_ID(r3, &(0x7f0000000040)={0x0, 0x7, 0xfa00, {0x0, &(0x7f0000000000)={<r4=>0xffffffffffffffff}, 0x13f}}, 0x20)
write$RDMA_USER_CM_CMD_LISTEN(r3, &(0x7f0000000180)={0x7, 0x8, 0xfa00, {r4, 0x9}}, 0x10)
r5 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_TIMEOUT_NEW(r5, &(0x7f0000000800)={0x0, 0x0, &(0x7f00000007c0)={&(0x7f0000000700)={0x34, 0x0, 0x8, 0x101, 0x0, 0x0, {0x3}, [@CTA_TIMEOUT_L3PROTO={0x6, 0x2, 0x1, 0x0, 0x3}, @CTA_TIMEOUT_NAME={0x9, 0x1, 'syz0\x00'}, @CTA_TIMEOUT_DATA={0x4, 0x4, 0x0, 0x1, @icmp}, @CTA_TIMEOUT_L4PROTO={0x5, 0x3, 0x3a}]}, 0x34}, 0x1, 0x0, 0x0, 0x4000}, 0x0)
openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0), 0x200, 0x0)

13m21.69247022s ago: executing program 1 (id=207):
sendmmsg$sock(0xffffffffffffffff, &(0x7f0000002480)=[{{0x0, 0x0, &(0x7f0000001780)}}], 0x1, 0x0)
mount$fuse(0x0, &(0x7f0000000280)='./file0\x00', 0x0, 0x100000, 0x0)
syz_open_dev$loop(&(0x7f0000000100), 0xf01c, 0x0)
sendmmsg$inet6(0xffffffffffffffff, &(0x7f0000000740)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000000b40)=[@hoplimit={{0x14, 0x29, 0x34, 0x4}}, @hoplimit={{0x14, 0x29, 0x34, 0xfffffffd}}, @dstopts_2292={{0x118, 0x29, 0x4, {0x4, 0x1f, '\x00', [@calipso={0x7, 0x10, {0x1, 0x2, 0x9, 0x9f, [0x8]}}, @generic={0xfe, 0x64, "f4a4a3142ee1e12b9826287997a6b33d89f3d60da1641d9fe3896c3c1b6c130ef4f01be8f5836d417874540898619050b14420ab124b11de36afb16ef4fc1cf3f4e4fa0e647cd1b07b068d3894180b6aa7527a4a8252f6836a0d67a7782c675a838ea989"}, @generic={0x80, 0x14, "09e12e5f0b6bdcf72f2ec7008a15fa88b025e0ad"}, @calipso={0x7, 0x40, {0x1, 0xe, 0x7a, 0x8001, [0x5, 0x9, 0x4, 0x6, 0x4, 0x400, 0xb]}}, @ra={0x5, 0x2, 0xa7e}, @pad1, @ra={0x5, 0x2, 0xbf4}, @hao={0xc9, 0x10, @private2}, @generic={0x93, 0xc, "e80ee304ecb784ec4655260c"}]}}}, @hoplimit={{0x14}}, @hopopts={{0x88, 0x29, 0x36, {0x5e, 0xd, '\x00', [@pad1, @pad1, @padn={0x1, 0x8, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}, @calipso={0x7, 0x30, {0x3, 0xa, 0x0, 0xfff, [0x2, 0x966, 0xfffffffffffffff7, 0x1, 0x1]}}, @calipso={0x7, 0x8, {0x0, 0x0, 0x7, 0x6}}, @generic={0x8}, @calipso={0x7, 0x18, {0x3, 0x4, 0x3, 0x7, [0x0, 0x8000]}}, @generic={0x1, 0x4, "2bdb86d1"}]}}}, @rthdrdstopts={{0x20, 0x29, 0x37, {0x73, 0x0, '\x00', [@pad1]}}}, @flowinfo={{0x14, 0x29, 0xb, 0x2}}, @rthdr_2292={{0x28, 0x29, 0x39, {0x3a, 0x2, 0x2, 0x70, 0x0, [@mcast2]}}}], 0x248}}], 0x1, 0x810)
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r2, &(0x7f0000000380)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc-cast5-avx\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r2, 0x117, 0x1, &(0x7f00000004c0)="2c385a7af3be", 0x6)
r3 = accept4(r2, 0x0, 0x0, 0x800)
sendmmsg$alg(r3, &(0x7f0000000040)=[{0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000080)="f78d9ca38fff48f3be52163448412ba8", 0xfffffe3f}, {&(0x7f0000000140)="ebe3a0e9796cfd1647e299f4e376fdba128280b372219d205e81f4a7f71c1926aae1efd7e0054a863f3d5cfe6cb55b5bb9fa6935849e6098ed884e7cb51726b360fbb37b4fe035bbb095873048", 0xff31}, {&(0x7f00000003c0)="e8700e444d50a969ff67347cff6127e6ef12ee3819271482a4975a52c1ab9b8b4db3945d1032005eabe97b4dc33a47d3a158da988456d30026b433186f53cdcdb93a4722bf306a10470d50f5cb1ece9ead3459bab1cf1538cd0b157653c5e892962c80f158c443e9c6ad7d2a8103ef2f4b93766b9a21501f94c1568b13756b66f74f46cf801704d2da8b96c34070b233af0afcc436712e58ed25e721193af05a045ad3fdc928f02f3dbad19d3e66eebda2e63f3f46ef4511cee26d7b48241847bf9e343ef4674c45e2a085060f11"}], 0x1, &(0x7f0000000380)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18}], 0x1, 0x40800)
recvmsg(r3, &(0x7f00000005c0)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f00000000c0)=""/81, 0x7ffff000}, {&(0x7f0000000200)=""/83, 0x20000253}], 0x2}, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000840)={0x1fe, 0x2, 0x3000, 0x2000, &(0x7f0000003000/0x2000)=nil})
r4 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x2)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r4, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000100)=[@text32={0x20, &(0x7f00000000c0)="650f340f3566b842000f00d8b805000000b9a00000000f01c13e0f070fde460b0f0130670f01c2f2360f217a0f07", 0x2e}], 0x1, 0x11, 0x0, 0x0)
pwritev(0xffffffffffffffff, &(0x7f0000000b00)=[{&(0x7f0000001880)="ea7c5828b87d70214008724bcae1ce6577c01031b19698ecb8a7f5183947918ce2cc9dc778dbfff9e28e1a6df7d8f95c3e45768a6786d6325bc0fe4ed394c8ed0edcbb9f917074251a7f5b6b24c52516a68f181592262dfd12b5af7386658c5fb6c36d86d5084624a302a155c0463b6c36e9fc88338b0f66e2713728a21d19d9a33da93d419df63d8a87fa100381ec74de8b7409f4977d3cd7a9f2fb03cec91c4277b39b2c9f227a9b74926a11960d085e2aaf98673d2a67fa95b8d9dcc72ca6181f6b9b2d1c402267e6cfef5599e1520077d9bc472fb5a5db42b1befd498ec7b8d519b12f065323b15280a2540bc7a4ffe508fc12f93707064caf4111e893142f9867b432b1e6258caa2ae081b8b646c25de7f5366a21f9dd257b84546cd316e17b79d22c4bcaf70e8a96d1e502b53c581c75482d1d63f0d5f3fb5bdbb714583f0798e0c4d6c9d99513e91a68a26612053290f15f5a2e06acfa229356e37b4d57697224e9561c0430a67fcb5dea72acc91e60751a5b07eb603548a646f082ce213347b4ee908bd95cc56775330aa09d4f19f48a8cb5d7f6346d82bab8ff019309684bd01eb4d90febe2269cd2a1100130c242a2995ce38638a3bbc9008ac0e820a1e0b9a9511af47aa7f3e30a69589985423f3b4ea98152433bf1aa53a0981f783f11c4cc50f70fe63b2043b74b9cb7da59caedadc1fa1f662831a353969893d4f93b919cda52a1ce2200a0a7895abb293c29d6d197cce98a4df8fc90c582014742a00b4bd09f1fcc5ff5753320d2b5593e657c0fb87a4cfa323ce59111eea806a6e020fb0c4fdd601087811e33e793975b5e9e936c16d243bdea757e0ee4508f5d5b496ed07b6f0f1f46ed752448f30d679b23ba8142d4ab25beb913ee77547866e5d9501a55e9797ba3407f3f4cc11398bdaf3ac4c2e79a5b133a09fcf8ae790bb985fa01daf2758fd8a77fde15a822227dddf64bb2ebc49a56ad025e01c6c59e4818abdf808789d9f87c103cf7f7d21d2a1345b9b7fd66b1cf96002343fbd62f8080d945e70bd93d4bf42b401477abed49065b4a8ccfb9d93724118168de2e8df4f78ccf3b9593f993423a619ef6bd8392a2cfc6424d3687fcdc67d33073db95d856f312b934d05a3c4e967217837920fee73b00757b617d1ef3bfc2e88a8a72f0948263db2c9e7bd491f059b6ee8d0ea3f2193314562910529869b248172bfe0f914f7a91a27c6e9e6c2e3455a7ae765392b48fc959958aa39a5a483b2a6e873ac76f8579515e42f7a3bbc82bcf71edaf12f7b40a2adc74d67ef793988cc8ac788185049e57fb84757bdc700ffde10afc19df290787ed98222f8afb2b6d11944666331350e2914466b398750acae526146373b2cbe1bdd1803e6c920a182a1ad118a3d09313c2ce2703a0a1c09215cab90c35b03b1c795cf704f42dd31ddff6be67bb355977b2e07609c5228299a170308e54705674384fc294cdfa4abf989d3c3bf3eabbbcf52a6a0646bf6db5b61ad027007464fd6fc10490ee2e9190c28ae5cb3733105cb782c0d53e5c79c3e455609d557d824154d01e282788ec8ae7c8a03fcd6cd4e37829b0f921c46d715454d5e1281c641cf0756a2f31b0369ce94e819e6254af95b88bffd7bb2cfe9469d303497fead174839b2789b5aa703176510eab1f46916b3b63f6f5b2df262fe7274a0cee9bd6e115e5f9f48ac1c09e5b3c546ae95b9916a633869854d3ee39d4acb800e876e7fc084ffd79a20fca8331caff657ec89b445c6012ff7eb9531eb1e8c90cdc66b82d6fd608310099503a9dcf50b40d10a3b1ab520477e20ad5f6405cd4b5b36d201e12088d7868c6e94737ea88db6ed5f7df4d31cbd2d0c4f21cdcc3b181f5aae7216dc4c06b2989bb44e5369ba96ce87f3e3abbb530d103a53d7e0b914115c302c935eea7d256a73aa851d84dec6d9112163be8135889c67fa90e796a6f050fba0a6a740618cd513748072daac9f3e25034772cc400a14834afbde835bc9fd7cf1113d67ebe99a3b78907596886ad5a1670ef572c18e26c98fe40194428de339cba7b8efc5fa7faf7512ef6b89a877f3e534fb4512729df686e14aece08fab3b42ea14acde0e18ffe5dc00e74288661c7463e00f3b942cddf3b71e1dcf71989f378b933df099316451cca296a4e117bbeb3b1e552e5a10f9731449ae830de14989049ce818f720e77e78a86c307c80450b26278bc25ee7390ce6d4c4dfc8d39b6b4b1ce6f3865dbdd1d37aedb555288bea9ef95c8600dea1cd10e9e42d15aa804f99a31bfaa5ea52185333d734c766e3bb4a9abf86cf4d840dc188167a25cc3054b65fd7ce053d38518474ab55e59c1ccaf34d57b4cd73b07ed63d754ab3d57dfc0f67bbdb22e33d9f63aa2b36cf0af338794d4acbd1b13669bde67f7bd032f9c6b400e8054a0cff77fc6e0591195b21715e42c881e23156b4ba504d7e1b6eb9c2ec9b9e382d85f7c52bd964d305da9496dbaa022880ddf236730c458f31258d64ae2668aa863b3fe558c7f8cfb3dabf42edcaf2891e9b9462c44153658eae85cd499abd9dca762adf26d9904d28b772b3fc3d066d56261474c944387ac7eb00059025ff25e34b8f7c2986db1ccc4297e1315c3ceeef1b8f98e0500bbb8bb0ab52d80f8c6c8fa5d24b9a05f5350e2fd59af4b9fa9a2b4339b61e208f227ba968d4dbd36246133de2078c6a15dd57754a3537c31d04da545f062dbf9cbaa0840e23974f441a4d5937fec23ff81c193bd951a7bacac8eb6d4705702cbe3c930f27869753ba6026455bbb7742c53644f1646d7545467091a207905f831505f214fbd818aea4455705b5e727850cdcac40620135b8dba85cb0c0f393af252ec082cba5c43385fbc2cc5682bc1994b064e29c8c5a20e7e6d15fbb13e6fd1a86b2fda666fbcd80fd08be00a7423fcafbdd8283bac88ead203bc10d1c1a13ca2fe853fa6cc8991b0476561be085b086b0d0e45f73e59f519342c13f368a37464cb55b8a13846f4cd610536d5c4b8704fcd347abe6712d3de67d7918e6954898f31647a8ea37ecc2e1bb02b1b26e7a60fbb2b0a48efc5795c12d5c4ac8dc4149dea0f2e085422ec69352882622711b74e1e32c7ead2cf3c554e8ff1648e8b66d0dc6997b6304b3b560a33d75aa49476175a386ca721156ea79bdba432d439dbceb0285561abd5d134badd9f38c04fae8fa920edfff15705371c907848c14acdfb0b22a4c7168e1840e8b8a50349dcee5f429b3cb34e30f0f67acf93604792b8574f36ea9409d422621f3c0c7b781fc8e23d1d46f04a9b44f633e5f72cb079fbde66a9745705666c6dab6238628e57ee6cffa8cfad616dac1abe2789c9efccb4fc7e65e490d9a4e49e7ce72a6980e72f70a17649e67de86f86b61a4b6219daefc939b5904e5712ecaf85c98484fc02585b1aa990b95173e4a2907cf877af696e528e6b2b634a4fb7d791cacc8644fa76e062148d411e18f0da5aed22116828cd700a28e8f46bca950550acb4ab05eddeb6b2dac24702cff4de0a3ece393cac879ed2f0c5b9645839cfdb79fb1df87596b14504cba9dddda51edaffcd0214b91b5898ea022774e699aa0caf0f646cc0cb8e8fc8b8be43c23aa7f6bd29fd0615c0b78f3514a52989d7f35ad08a4bd473e61da6657cc2e85d3b2b7d3fb51174a96f27038ddbc87a35e09a668e436aa40146c6a26dca87b39220f139b772719d80aadb752c622bf09acd6846838fb48a8817ba4aa72eaa32e82251b3789969d8518f9aa07cdcb9a355f73f119725c086168aaca262f13cd742e5f06c969a462638a557e15a4f5d43e3242c08f23b00d2b8d57c60d3636abd4068ec03a4be3429b95e41351ab5c58812e552df90c3e6c9d8779aa484e74f073ea9fcdce13b1dff8e7c101b2c6865c5cefe108e3559f520e2bc42c9dc39b57fddb44ca49f2689e10c1381c0740d20cbca46da475c62f513cb08398a5fd5d4f6b13ce839fe149df0d291a8f7267fe90a7e1845dace17cd927c2d1aeffbdc36bb983172ceff025e84b0419645fcc72897b992f5081c78756122391947f08ccd20806cfc2bded705b472fc52e84734e016cbd309aadebbbb4e8bdfed77b1e0b15ce0904838d9e4d64643df66f0353c377e554b428dc0f31189a134cdb8e66d2755e84c2b2409c3d63a81f5f05616baf6a243b09153a4f8289e15a5a4ffb007b0cbeffde25391bb2acd86b453e245643c0fa1dfe5d42e0e3f1c592a00b77f0133adf7989c6c2bf3ddc0b8a2b14f35d33f62f4ee2fc56166372058e997b9abe6bad8aa718f8d87ad095e8f354aaef540840437b5451771266a8358ed75954db52b38bca4a1c8696dca1de03b12627254409f8bb68c94eeaa1a8bcf894482b96e81b9ff5c2383a907537a191aff0bb5b5418ef5670cecca1cfbd41b61879b11a5a5053cd86cf5d61f8c2f7d7ad2034a1801b3b92a79ac3b4343c680008b1ba10577a35173cac6d4dbc1d00e436f238b57093b34d4ea19c225b84a2d6086cc6cf72595b980c88142d268bbf9c8375a93afe75c3583b3b9687368d78147985d209e6d89c335e948c51696a948f01ad062dcf84a99584466e24646b2e441fefb10ef962432f2925d6d98e790acf4ca7d9339a589a537aa3392ec79f34a6544144072ab8248e45ac560a78c70c5afcbf10909299dfcd67981c88780c1340c951e115ffec56d23b9ead6a55024e199238f4b133e3e1e0e84318b5037a3947ae09749c25c7e4887936ecf0ba9a807dfa471ea1f3350b70feb58dc9e2836365ce4db456a341e43410cac1253fe08e79c21fca932716f4c171fc957cb325737b70532d81f0eb2f0a16478c0d934165728f7b29a8a0ff6bc964e99dea26d3efd28336b00c112a26da7a2ea1c21a9688cc3a68293958edf27ae89e5f9b8348af4121028e760cf68c931af92906d27dad4d330df9201b5395ccce0c803806422883667ccb11438d9dbe1901d4ab98d89914b313338486deb6f748053517e2188c479adb1eabb8e8ed5d05bb3f66826fae83bbc5bce3615ee32d937ffbe8846a1156aaf7bf9b9d4189bdf290b3df254077688eeda824d6ea0a452f7e7f915c1a94ee250a3907ec035d7ba7bb0256811f04646ca156b8925506c774df4d4072c02929e985057a5f7ddc1469c7306e6fdb86b810ada1cc96f6bd389597dd27dd656f55c316fb2d56b2d13eddf893722e813934a19778719be99697c365222db64039f9caab1201c430e53df1af8a0321c8759fc33e8204150080979936d0717f6c4c9145fb828389acbb894a4600485e8b105c7165a40e814889343deead6d434a8da60eed1e50aa507ac2793b4a4c5517265f859f223bb4f6cadc6fb53430304baea18189e2b5ddd266c38f5c325ba391a50fcd34060d217c4118889c4275e40a8428099ddfa3cc0d8241c22fc1554318e922f3b1257f2046d70df460c5283a539487583ffca1972a19237b06480e0a56d9e185fe4dc3607666d81ed0d9d9f5c5c568a5a0a87160b6d35c73dae9c6177f2b25d90a2598042f4b43bc765fa86a831c401a01c391a8fdc8f8c742f2322a1b8ef18ec7d82f013893c981f6bd96ec57d8e73e1633ae3970721fcea055ecc836ce3", 0xf91}], 0x1, 0x1, 0x2)
syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000180)=[@text64={0x40, 0x0}], 0x1, 0x18, 0x0, 0x0)
ioctl$KVM_RUN(r4, 0xae80, 0x0)

13m20.589756307s ago: executing program 1 (id=211):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
r1 = getpid()
sched_setscheduler(r1, 0x1, &(0x7f0000000100)=0x5)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000001480)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f0000000000)=@abs={0x0, 0x0, 0x4e22}, 0x6e)
sendmmsg$unix(r3, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
socket$nl_netfilter(0x10, 0x3, 0xc)
socket$nl_netfilter(0x10, 0x3, 0xc)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
bpf$MAP_CREATE(0x0, 0x0, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
r4 = syz_open_dev$sndpcmc(&(0x7f0000000180), 0x0, 0x0)
ioctl$SNDRV_PCM_IOCTL_HW_REFINE(r4, 0xc2604110, &(0x7f00000001c0)={0x0, [[0x1, 0x0, 0x4000000], [0x7ff, 0x100003, 0x3, 0x0, 0x0, 0x0, 0x0, 0x1000], [0x91, 0x0, 0x738, 0x0, 0x8, 0x0, 0x1]], '\x00', [{0xfffffffd, 0xfffffffe}, {0x100775, 0xe}, {0x0, 0x5}, {0x5}, {}, {0x8564}, {}, {0x0, 0xffffffff}, {}, {0x5, 0x1}, {0xb6f}], '\x00', 0x5})
bind$netlink(r0, &(0x7f0000000080)={0x10, 0x0, 0x0, 0x1}, 0xc)
r5 = socket$inet6(0xa, 0x3, 0x7)
r6 = syz_open_dev$vbi(&(0x7f0000000040), 0x2, 0x2)
ioctl$VIDIOC_S_CTRL(r6, 0xc008561c, &(0x7f00000000c0)={0xf0f025, 0xfb})
connect$inet6(r5, &(0x7f00000000c0)={0xa, 0x0, 0x0, @loopback}, 0x1c)

13m16.968135712s ago: executing program 1 (id=216):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
r1 = getpid()
sched_setscheduler(r1, 0x1, &(0x7f0000000100)=0x5)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000001480)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f0000000000)=@abs={0x0, 0x0, 0x4e22}, 0x6e)
sendmmsg$unix(r3, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
socket$nl_netfilter(0x10, 0x3, 0xc)
socket$nl_netfilter(0x10, 0x3, 0xc)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
bpf$MAP_CREATE(0x0, 0x0, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
r4 = syz_open_dev$sndpcmc(&(0x7f0000000180), 0x0, 0x0)
ioctl$SNDRV_PCM_IOCTL_HW_REFINE(r4, 0xc2604110, &(0x7f00000001c0)={0x0, [[0x1, 0x0, 0x4000000], [0x7ff, 0x100003, 0x3, 0x0, 0x0, 0x0, 0x0, 0x1000], [0x91, 0x0, 0x738, 0x0, 0x8, 0x0, 0x1]], '\x00', [{0xfffffffd, 0xfffffffe}, {0x100775, 0xe}, {0x0, 0x5}, {0x5}, {}, {0x8564}, {}, {0x0, 0xffffffff}, {}, {0x5, 0x1}, {0xb6f}], '\x00', 0x5})
bind$netlink(r0, &(0x7f0000000080)={0x10, 0x0, 0x0, 0x1}, 0xc)
r5 = socket$inet6(0xa, 0x3, 0x7)
syz_open_dev$vbi(&(0x7f0000000040), 0x2, 0x2)
connect$inet6(r5, &(0x7f00000000c0)={0xa, 0x0, 0x0, @loopback}, 0x1c)
sendmmsg(r5, &(0x7f0000000480), 0x2e9, 0x0)

13m1.428944037s ago: executing program 32 (id=216):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
r1 = getpid()
sched_setscheduler(r1, 0x1, &(0x7f0000000100)=0x5)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000001480)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f0000000000)=@abs={0x0, 0x0, 0x4e22}, 0x6e)
sendmmsg$unix(r3, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
socket$nl_netfilter(0x10, 0x3, 0xc)
socket$nl_netfilter(0x10, 0x3, 0xc)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
bpf$MAP_CREATE(0x0, 0x0, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
r4 = syz_open_dev$sndpcmc(&(0x7f0000000180), 0x0, 0x0)
ioctl$SNDRV_PCM_IOCTL_HW_REFINE(r4, 0xc2604110, &(0x7f00000001c0)={0x0, [[0x1, 0x0, 0x4000000], [0x7ff, 0x100003, 0x3, 0x0, 0x0, 0x0, 0x0, 0x1000], [0x91, 0x0, 0x738, 0x0, 0x8, 0x0, 0x1]], '\x00', [{0xfffffffd, 0xfffffffe}, {0x100775, 0xe}, {0x0, 0x5}, {0x5}, {}, {0x8564}, {}, {0x0, 0xffffffff}, {}, {0x5, 0x1}, {0xb6f}], '\x00', 0x5})
bind$netlink(r0, &(0x7f0000000080)={0x10, 0x0, 0x0, 0x1}, 0xc)
r5 = socket$inet6(0xa, 0x3, 0x7)
syz_open_dev$vbi(&(0x7f0000000040), 0x2, 0x2)
connect$inet6(r5, &(0x7f00000000c0)={0xa, 0x0, 0x0, @loopback}, 0x1c)
sendmmsg(r5, &(0x7f0000000480), 0x2e9, 0x0)

11m23.327700434s ago: executing program 3 (id=416):
tkill(0x0, 0x12)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r3 = bpf$MAP_CREATE(0x0, &(0x7f0000001780)=ANY=[@ANYBLOB="0200000004000000060000000500"], 0x48)
r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000001070000000000000000260018110000", @ANYRES32=r3, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000000)='sched_switch\x00', r4}, 0x10)
r5 = socket$inet(0xa, 0x801, 0x0)
setsockopt$IPT_SO_SET_REPLACE(r5, 0x0, 0x40, &(0x7f0000000a00)=@mangle={'mangle\x00', 0x44, 0x6, 0x460, 0x98, 0x160, 0x160, 0x0, 0x220, 0x3c8, 0x3c8, 0x3c8, 0x3c8, 0x3c8, 0x6, 0x0, {[{{@ip={@broadcast, @dev, 0xff, 0x0, 'geneve1\x00', 'ip6gre0\x00'}, 0x0, 0x70, 0x98}, @common=@unspec=@STANDARD={0x28, '\x00', 0x0, 0x98}}, {{@ip={@remote, @local, 0x0, 0x0, 'vcan0\x00', 'veth0_virt_wifi\x00', {0xff}, {}, 0x6, 0x0, 0x40}, 0x0, 0x98, 0xc8, 0x0, {}, [@common=@unspec=@state={{0x28}}]}, @TPROXY={0x30, 'TPROXY\x00', 0x0, {0x0, 0x0, @multicast2}}}, {{@ip={@private=0xa010102, @multicast1, 0xffffffff, 0xff000000, 'veth1\x00', 'veth1_to_hsr\x00', {0xff}, {0xff}, 0xff, 0x1, 0xc}, 0x0, 0x98, 0xc0, 0x0, {}, [@inet=@rpfilter={{0x28}, {0x6}}]}, @TTL={0x28, 'TTL\x00', 0x0, {0x2, 0x7}}}, {{@ip={@rand_addr, @local, 0x0, 0x0, 'syzkaller0\x00', 'bond0\x00', {0xff}}, 0x0, 0xb8, 0xe0, 0x0, {}, [@inet=@rpfilter={{0x28}}, @common=@socket0={{0x20}}]}, @unspec=@CHECKSUM={0x28}}, {{@ip={@broadcast, @initdev={0xac, 0x1e, 0x0, 0x0}, 0x0, 0x0, 'lo\x00', 'batadv_slave_1\x00'}, 0x0, 0xa0, 0xc8, 0x0, {}, [@common=@ah={{0x30}, {[0x0, 0xffff]}}]}, @common=@unspec=@NFQUEUE1={0x28}}], {{'\x00', 0x0, 0x70, 0x98}, {0x28}}}}, 0x4c0)

11m21.833279238s ago: executing program 3 (id=420):
syz_mount_image$erofs(&(0x7f0000000180), &(0x7f0000000000)='./file0\x00', 0x0, &(0x7f00000020c0)=ANY=[], 0x1, 0x1f0, &(0x7f00000022c0)="$eJzsmb9rFEEUx78z++NiEMHGwsbCgBHN3u6ehjQpIlgKQhS1PMwaopucXFZIAmKCjY2lhWBrY2lhYWXhX2CrhQqChSnthJF5O7s73u0dpxyemPeBe/fdt29n5s0x32IPDMMcWD5/+v7x8YWFK2cBHMYMGib/1alqpFX/4em9M08WLz57+f75240j91/3jicAKDX6/D6AN0sOMgg3z/z69AzFXUsDVyFx2uhrEAhIuT8UkecTCNwwNbct3TlkRJoENzvpyq21NAl1iHSIdWjZ8+tF7e8JrACYotUpJaz7m9s7d9ppmnR7haeKefpu/a4Ytn+0viWJRRS7p5T+va4/erinrwOTDyHL/YsgERndgsCy0QtoIAiCakus/o+71fjOKP1PVrwgcXTub01anJF/off/WHhjGUf0ZvSBLjPH9gsPtGu+TKDleW8845BxAei79W46TS/lGfXgD86yX7NRpaj8STv7KcufXLilfzSz9bvNze2dubX19mqymmzEcWs+PBeG5+MmGVEeh/jfFPnTtDW+N6DWFz622lnWjbaArBuV13EeLcddftX5Rs9I8j+J2ZN0SZ5KbTfq5xDmI+lbq1mnvnJ3YE8MwzAMwzAMwzAMwzAMwzD1nIBA/k+YEuaFaB3xZXpD+TMAAP//eRpmJg==")
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00'}, 0x10)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
landlock_restrict_self(0xffffffffffffffff, 0x0)
r3 = userfaultfd(0x80001)
ioctl$UFFDIO_REGISTER(r3, 0xc020aa00, &(0x7f0000000040)={{&(0x7f0000ff2000/0xe000)=nil, 0xe000}, 0x3})
ioctl$UFFDIO_WRITEPROTECT(r3, 0xc020aa08, &(0x7f0000000100)={{&(0x7f0000ffb000/0x4000)=nil, 0x4000}, 0x1})
r4 = socket$inet6(0xa, 0x2, 0x0)
recvmmsg(r4, &(0x7f0000000000), 0x0, 0x0, 0x0)
ioctl$SIOCGSTAMP(r4, 0x8906, &(0x7f0000000000))
socket(0x2b, 0x80801, 0x1)
r5 = syz_init_net_socket$bt_l2cap(0x1f, 0x3, 0x0)
setsockopt$bt_l2cap_L2CAP_OPTIONS(r5, 0x6, 0x1, &(0x7f0000000000)={0x0, 0x747, 0x0, 0x3}, 0xc)
connect$bt_l2cap(r5, &(0x7f0000000040)={0x1f, 0x0, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x10}}, 0xe)
sendmsg$inet(r5, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)}, 0x4040004)

11m20.559009422s ago: executing program 3 (id=423):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
r1 = getpid()
sched_setscheduler(r1, 0x1, &(0x7f0000000100)=0x5)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000001480)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f0000000000)=@abs={0x0, 0x0, 0x4e22}, 0x6e)
sendmmsg$unix(r3, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
socket$nl_netfilter(0x10, 0x3, 0xc)
socket$nl_netfilter(0x10, 0x3, 0xc)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
bpf$MAP_CREATE(0x0, 0x0, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
ioctl$SNDRV_PCM_IOCTL_HW_REFINE(0xffffffffffffffff, 0xc2604110, &(0x7f00000001c0)={0x0, [[0x1, 0x0, 0x4000000], [0x7ff, 0x100003, 0x3, 0x0, 0x0, 0x0, 0x0, 0x1000], [0x91, 0x0, 0x738, 0x0, 0x8, 0x0, 0x1]], '\x00', [{0xfffffffd, 0xfffffffe}, {0x100775, 0xe}, {0x0, 0x5}, {0x5}, {}, {0x8564}, {}, {0x0, 0xffffffff}, {}, {0x5, 0x1}, {0xb6f}], '\x00', 0x5})
bind$netlink(r0, &(0x7f0000000080)={0x10, 0x0, 0x0, 0x1}, 0xc)
syz_open_dev$vbi(&(0x7f0000000040), 0x2, 0x2)
connect$inet6(0xffffffffffffffff, &(0x7f00000000c0)={0xa, 0x0, 0x0, @loopback}, 0x1c)
sendmmsg(0xffffffffffffffff, &(0x7f0000000480), 0x2e9, 0x0)

11m17.58375108s ago: executing program 3 (id=429):
tkill(0x0, 0x12)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r3 = bpf$MAP_CREATE(0x0, &(0x7f0000001780)=ANY=[@ANYBLOB="0200000004000000060000000500"], 0x48)
r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000001070000000000000000260018110000", @ANYRES32=r3, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000000)='sched_switch\x00', r4}, 0x10)
r5 = socket$inet(0xa, 0x801, 0x0)
setsockopt$IPT_SO_SET_REPLACE(r5, 0x0, 0x40, &(0x7f0000000a00)=@mangle={'mangle\x00', 0x44, 0x6, 0x460, 0x98, 0x160, 0x160, 0x0, 0x220, 0x3c8, 0x3c8, 0x3c8, 0x3c8, 0x3c8, 0x6, 0x0, {[{{@ip={@broadcast, @dev, 0xff, 0x0, 'geneve1\x00', 'ip6gre0\x00'}, 0x0, 0x70, 0x98}, @common=@unspec=@STANDARD={0x28, '\x00', 0x0, 0x98}}, {{@ip={@remote, @local, 0x0, 0x0, 'vcan0\x00', 'veth0_virt_wifi\x00', {0xff}, {}, 0x6, 0x0, 0x40}, 0x0, 0x98, 0xc8, 0x0, {}, [@common=@unspec=@state={{0x28}}]}, @TPROXY={0x30, 'TPROXY\x00', 0x0, {0x0, 0x0, @multicast2}}}, {{@ip={@private=0xa010102, @multicast1, 0xffffffff, 0xff000000, 'veth1\x00', 'veth1_to_hsr\x00', {0xff}, {0xff}, 0xff, 0x1, 0xc}, 0x0, 0x98, 0xc0, 0x0, {}, [@inet=@rpfilter={{0x28}, {0x6}}]}, @TTL={0x28, 'TTL\x00', 0x0, {0x2, 0x7}}}, {{@ip={@rand_addr, @local, 0x0, 0x0, 'syzkaller0\x00', 'bond0\x00', {0xff}}, 0x0, 0xb8, 0xe0, 0x0, {}, [@inet=@rpfilter={{0x28}}, @common=@socket0={{0x20}}]}, @unspec=@CHECKSUM={0x28}}, {{@ip={@broadcast, @initdev={0xac, 0x1e, 0x0, 0x0}, 0x0, 0x0, 'lo\x00', 'batadv_slave_1\x00'}, 0x0, 0xa0, 0xc8, 0x0, {}, [@common=@ah={{0x30}, {[0x0, 0xffff]}}]}, @common=@unspec=@NFQUEUE1={0x28}}], {{'\x00', 0x0, 0x70, 0x98}, {0x28}}}}, 0x4c0)

11m14.5286272s ago: executing program 3 (id=434):
r0 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x800)
ioctl$SG_IO(r0, 0x2285, &(0x7f0000000040)={0x53, 0xfffffffffffffffd, 0x0, 0x10, @scatter={0x1, 0xcc, &(0x7f00000006c0)=[{&(0x7f0000000080)=""/197, 0xc5}]}, &(0x7f0000000240), 0x0, 0x0, 0x0, 0xffffffff, 0x0})
socket(0x10, 0x3, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x9, 0xff}, 0x0)
syz_init_net_socket$bt_bnep(0x1f, 0x3, 0x4)
ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, 0x0)
r1 = socket$unix(0x1, 0x1, 0x0)
ioctl(r1, 0x8b01, &(0x7f0000000040))
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000040)={'batadv_slave_1\x00'})
r2 = socket(0x10, 0x3, 0x0)
setsockopt$netlink_NETLINK_TX_RING(r2, 0x10e, 0xc, &(0x7f0000000140)={0x7fffffff, 0x200, 0x0, 0x6}, 0x10)
setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x3c, 0x0, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x5)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x80200, 0x0)
r3 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r3, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
r4 = syz_open_dev$I2C(&(0x7f0000000040), 0x7f9f, 0x0)
ioctl$I2C_SMBUS(r4, 0x720, &(0x7f0000000080)={0x0, 0x0, 0x4, &(0x7f0000000000)={0x22, "e922604a455494c905fd824393fe53e14fcab3d1eb0000000000000000000800"}})
r5 = userfaultfd(0x80801)
ioctl$UFFDIO_API(r5, 0xc018aa3f, &(0x7f00000000c0))
r6 = syz_open_procfs(0x0, &(0x7f00000190c0)='oom_score\x00')
pread64(r6, &(0x7f0000000080)=""/102355, 0x18fd3, 0xc2a)
ioctl$UFFDIO_REGISTER(r5, 0xc020aa00, &(0x7f0000000140)={{&(0x7f00000e2000/0xc00000)=nil, 0xc00000}, 0x1})
ioctl$UFFDIO_REGISTER(r5, 0xc020aa04, &(0x7f0000000000)={{&(0x7f00000e2000/0xc00000)=nil, 0xc00000}, 0x0, 0x2})
syz_io_uring_setup(0x231, &(0x7f0000000080)={0x0, 0x0, 0x10100}, &(0x7f0000019080), &(0x7f0000000100))

11m12.735827578s ago: executing program 3 (id=439):
r0 = epoll_create1(0x0)
prlimit64(0x0, 0xe, 0x0, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000002100)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f0000000180)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r4 = epoll_create1(0x0)
epoll_ctl$EPOLL_CTL_ADD(r4, 0x1, r0, &(0x7f0000000040))
r5 = eventfd2(0x0, 0x0)
epoll_ctl$EPOLL_CTL_ADD(r0, 0x1, r5, &(0x7f0000000b80))
epoll_ctl$EPOLL_CTL_MOD(r0, 0x3, r5, &(0x7f0000000180)={0x20000005})

10m56.695206414s ago: executing program 33 (id=439):
r0 = epoll_create1(0x0)
prlimit64(0x0, 0xe, 0x0, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000002100)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f0000000180)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r4 = epoll_create1(0x0)
epoll_ctl$EPOLL_CTL_ADD(r4, 0x1, r0, &(0x7f0000000040))
r5 = eventfd2(0x0, 0x0)
epoll_ctl$EPOLL_CTL_ADD(r0, 0x1, r5, &(0x7f0000000b80))
epoll_ctl$EPOLL_CTL_MOD(r0, 0x3, r5, &(0x7f0000000180)={0x20000005})

50.172751285s ago: executing program 2 (id=2165):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
socket$nl_generic(0x10, 0x3, 0x10)
socket$nl_route(0x10, 0x3, 0x0)
openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x802, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x5)
sendto$inet6(0xffffffffffffffff, 0x0, 0x0, 0x4000014, 0x0, 0x0)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x80200, 0x0)
r1 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r1, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0)
ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x1)
r4 = socket$nl_netfilter(0x10, 0x3, 0xc)
r5 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$inet_tcp_int(r5, 0x6, 0xa, &(0x7f00000000c0)=0x100005, 0xfff8)
bind$inet(r5, &(0x7f0000000080)={0x2, 0x4e21, @multicast2}, 0x10)
connect$inet(r5, &(0x7f0000000180)={0x2, 0x4e21, @local}, 0x10)
setsockopt$inet_tcp_TCP_REPAIR_OPTIONS(r5, 0x6, 0x16, &(0x7f0000000240)=[@sack_perm, @timestamp, @sack_perm, @window, @window={0x3, 0x0, 0xfffc}, @timestamp, @timestamp], 0x7)
connect$vsock_stream(r4, 0x0, 0x0)
setsockopt$inet_tcp_TCP_CONGESTION(r5, 0x6, 0xd, &(0x7f0000000140)='cubic', 0x4)
setsockopt$inet_tcp_TCP_REPAIR(r5, 0x6, 0x13, &(0x7f00000001c0), 0xc7)
sendto$inet(r5, &(0x7f0000000000), 0xffffffffffffff94, 0x0, 0x0, 0x11)
r6 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r6, &(0x7f0000000440)={0x0, 0x0, 0x0}, 0x0)
sendmsg$NFT_BATCH(r0, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000640)={{0x14}, [@NFT_MSG_NEWTABLE={0x14, 0x0, 0xa, 0x201, 0x0, 0x0, {0x1}}, @NFT_MSG_NEWFLOWTABLE={0x40, 0x16, 0xa, 0x301, 0x0, 0x0, {0x1}, [@NFTA_FLOWTABLE_HOOK={0xc, 0x3, 0x0, 0x1, [@NFTA_FLOWTABLE_HOOK_NUM={0x8}]}, @NFTA_FLOWTABLE_NAME={0x9, 0x2, 'syz0\x00'}, @NFTA_FLOWTABLE_HOOK={0x14, 0x3, 0x0, 0x1, [@NFTA_FLOWTABLE_HOOK_NUM={0x8}, @NFTA_FLOWTABLE_HOOK_PRIORITY={0x8}]}]}, @NFT_MSG_DELFLOWTABLE={0x20, 0x18, 0xa, 0x101, 0xb00, 0x0, {0x1}, [@NFTA_FLOWTABLE_HANDLE={0xc, 0x5, 0x1, 0x0, 0x9}]}], {0x14, 0x10, 0x1, 0x0, 0x0, {0x2}}}, 0x9c}, 0x1, 0x0, 0x0, 0x20000010}, 0x0)

49.416594825s ago: executing program 2 (id=2168):
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=@newtaction={0xa4, 0x30, 0x1, 0x0, 0x0, {}, [{0x90, 0x1, [@m_ct={0x44, 0x2, 0x0, 0x0, {{0x7}, {0x1c, 0x2, 0x0, 0x1, [@TCA_CT_PARMS={0x18, 0x1, {0x9d, 0x11e41e7a, 0x20000000, 0x0, 0xf}}]}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x0, 0x1}}}}, @m_ife={0x48, 0x1, 0x0, 0x0, {{0x8}, {0x20, 0x2, 0x0, 0x1, [@TCA_IFE_PARMS={0x1c}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0xa4}, 0x1, 0x0, 0x0, 0x804}, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000380)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r0, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
syz_genetlink_get_family_id$netlbl_cipso(&(0x7f00000002c0), 0xffffffffffffffff)
syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10)
r3 = socket$inet(0x2, 0x2, 0x0)
r4 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000000)='./binderfs/binder0\x00', 0x0, 0x0)
mmap$binder(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x1, 0x11, r4, 0x0)
openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0)
setsockopt$inet_mreqn(r3, 0x0, 0x23, &(0x7f0000000100)={@multicast2, @loopback}, 0xc)
r5 = socket$netlink(0x10, 0x3, 0x0)
ioctl$SNDCTL_DSP_CHANNELS(0xffffffffffffffff, 0xc0045006, &(0x7f0000000340)=0x10001)
add_key(&(0x7f0000000080)='dns_resolver\x00', 0x0, 0x0, 0x0, 0xfffffffffffffffd)
r6 = bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000140)={&(0x7f0000000540)=ANY=[], 0x0, 0x34}, 0x28)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000400)={0x18, 0x8, &(0x7f00000004c0)=ANY=[@ANYBLOB="1801000f2020642500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb7020000080000013c8d609ddc0500b703000007004d0085f479b85d"], &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x13, '\x00', 0x0, 0x0, r6, 0x8, &(0x7f0000000080)={0x0, 0x1}, 0x8}, 0x94)
mkdir(&(0x7f00000001c0)='./file0\x00', 0x0)
open(&(0x7f0000000380)='./file0\x00', 0x6ec58fa5834dfb19, 0xdb)
r7 = open$dir(&(0x7f0000000040)='./file0\x00', 0x0, 0x109)
getdents(r7, &(0x7f0000000080)=""/59, 0x3b)
writev(r5, &(0x7f00000003c0)=[{&(0x7f0000000180)="390000001300034700bb65e1c3e4ffff01000000010000005600000025000000190004000400000007fd17e5ffff0800040000000000000000", 0x39}], 0x1)
writev(r5, 0x0, 0x0)

46.422150214s ago: executing program 2 (id=2183):
socket$inet6_sctp(0xa, 0x1, 0x84)
socket$inet6_sctp(0xa, 0x1, 0x84)
socket$inet6_sctp(0xa, 0x5, 0x84)
socket$inet6_sctp(0xa, 0x5, 0x84)
socket$nl_xfrm(0x10, 0x3, 0x6)
syz_emit_ethernet(0x46, &(0x7f0000000000)=ANY=[@ANYBLOB="aaaaaaaaaaaaffffffffffff86dd6016000000102b00fc0100000000000000e2ff0000000000fe8000000000000000000400000000aa"], 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080))
ioctl$KVM_SET_REGS(0xffffffffffffffff, 0x4090ae82, &(0x7f00000000c0)={[0x0, 0x1000000400000000, 0x0, 0x7, 0x0, 0x0, 0x0, 0x1, 0x4, 0x3, 0x0, 0x0, 0x7, 0x6], 0x0, 0x2e1090})
ioctl$KVM_CAP_SPLIT_IRQCHIP(0xffffffffffffffff, 0x4068aea3, &(0x7f00000000c0)={0x79, 0x0, 0x119})
connect$l2tp6(0xffffffffffffffff, &(0x7f0000000000)={0xa, 0x0, 0x0, @private1, 0xa}, 0x20)
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000004c0), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil})
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_RUN(r2, 0xae80, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000140)=[@text32={0x20, &(0x7f0000000180)="66b80e010f00d0b0060f21a20f01c40f009b2700000066b80c008ee00f3235008000000f30b80e0000000f23d80f21f835800000a00f23f8c9b9490300000f60b932c00a00b9730200000f32328fe858b660002fb90d090000b800680000ba000000000f30", 0x65}], 0x1, 0x0, 0x0, 0x0)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000140))
ioctl$KVM_RUN(r2, 0xae80, 0x0)

45.873439475s ago: executing program 2 (id=2186):
syz_open_procfs(0xffffffffffffffff, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000380)='./cgroup.cpu/cgroup.procs\x00', 0x0, 0x0)
openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
ioctl$USBDEVFS_RESET(0xffffffffffffffff, 0x5514)
sched_setscheduler(0x0, 0x1, &(0x7f0000000000)=0x7)
r0 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x143102)
writev(r0, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
r1 = socket$inet6(0xa, 0x1, 0x8010000000000084)
bind$inet6(r1, &(0x7f00000000c0)={0xa, 0x4e21, 0x0, @empty}, 0x1c)
r2 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r2, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=ANY=[@ANYBLOB="140000001000010600000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030004e6ff1b000000020000000900010073797a30000001000900030073797a3200000000140000001100"], 0x7c}}, 0x0)
r3 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000100)=ANY=[@ANYBLOB="1400000010000100000000000000000000fc000a20000000000a09000000000000000000070000000900010073797a30000000004c000000090a010400000000000000000700000008000a40000000000900020073797a31000000000900010073797a3000000000080005400000001c08000640ffffff000800034000000028580000000c0a01010000000000000000070000000900020073797a31000000000900010073797a30000000002c000380280000800800"], 0xec}, 0x1, 0x0, 0x0, 0x840}, 0x0)
r4 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000140)=ANY=[@ANYBLOB="9000000010000305000000000000000000000700", @ANYRES32=0x0, @ANYBLOB="996e06004d4c0700540012800800010068737200480002800500030008000000050003000500000005000300fd00000008000200", @ANYRES32=r3, @ANYBLOB="08000100", @ANYRES32=r4], 0x90}}, 0x0)
r5 = socket(0x10, 0x80002, 0x0)
sendmmsg$alg(r5, &(0x7f00000000c0), 0x492492492492627, 0x0)
io_setup(0x2, &(0x7f0000000080)=<r6=>0x0)
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000006680))
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x8031, 0xffffffffffffffff, 0x0)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600002, 0x9)
io_destroy(r6)
sendmsg$NFT_BATCH(r2, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000003c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a3c000000120a01020000030000000000000000000900020073797a310000000008000440000000000900010073797a3000000000080003400000000a140000001100010000000000000000000000000aa1b27ba8a4a6d28709a04387ed2ffc39c8acf3a42dbd0656e493c975cc160e4a4f7996bd4cbdfda39c7724a3bc188d74ab2b6be4d0151e9518d2f9959ac5d7a8ac80575c7ab6ef9d0a515a63969c7c64795d5e1c794480781d75a2c870b280a4f930930e0ec70bc8ef8a6563ead0c6c26265eeccf7e7f2b548f8fc722153c1adee41684f1198f9178d4afd86065127d07ab2c18c27b152c50e3b5a"], 0x64}}, 0x0)
connect$inet6(r1, &(0x7f0000000000)={0xa, 0x4e21, 0x0, @ipv4={'\x00', '\xff\xff', @dev={0xac, 0x14, 0x14, 0x14}}}, 0x1c)
setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(r1, 0x84, 0x9, &(0x7f0000000300)={0x0, @in={{0x2, 0x4e24, @dev={0xac, 0x14, 0x14, 0x28}}}, 0x0, 0x0, 0x318, 0x1, 0x24}, 0x9c)
r7 = socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$mptcp(&(0x7f0000000080), r7)

42.340663506s ago: executing program 2 (id=2199):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0)
r1 = openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0)
ioctl$SNDCTL_FM_4OP_ENABLE(r1, 0x4004510f, &(0x7f0000000000)=0xff)
ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x804}, 0x0)
r2 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x10000000000002)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r4, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r2, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r5 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0xb, &(0x7f0000000840)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b70300000000000085000000710000"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x7}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000080)='sched_switch\x00', r5}, 0x10)
r6 = socket(0x28, 0x1, 0x0)
r7 = syz_io_uring_setup(0x512, &(0x7f0000000280)={0x0, 0xc65d, 0x100, 0x8, 0x40}, &(0x7f0000000240)=<r8=>0x0, &(0x7f0000000040)=<r9=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r8, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4)
syz_io_uring_submit(r8, r9, &(0x7f00000000c0)=@IORING_OP_RECVMSG={0xa, 0x0, 0x0, r6, 0x0, &(0x7f00000001c0)={0x0, 0x0, 0x0}, 0x0, 0x2121, 0x0, {0x3}})
io_uring_enter(r7, 0x47f6, 0xb277, 0x28, 0x0, 0xfffffffffffffd65)

37.4644963s ago: executing program 2 (id=2213):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000240)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a28000000000a030000000000000000000a00000708000240000000020900010073797a31000000002c000000030a010100000000000000000a0000070900010073797a31000000000900030073797a320000000014000000110001"], 0x7c}, 0x1, 0x0, 0x0, 0x4000}, 0x0)
sendmsg$NFT_BATCH(r0, &(0x7f0000009b40)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000001480)={{0x14, 0x10, 0x1, 0x0, 0x0, {0x5}}, [@NFT_MSG_NEWRULE={0x84, 0x6, 0xa, 0x401, 0x0, 0x0, {0xa, 0x0, 0x1}, [@NFTA_RULE_TABLE={0x9, 0x1, 'syz1\x00'}, @NFTA_RULE_EXPRESSIONS={0x58, 0x4, 0x0, 0x1, [{0x54, 0x1, 0x0, 0x1, @numgen={{0xb}, @val={0x44, 0x2, 0x0, 0x1, [@NFTA_NG_MODULUS={0x8}, @NFTA_NG_DREG={0x8, 0x1, 0x1, 0x0, 0x17}, @NFTA_NG_TYPE={0x8}, @NFTA_NG_OFFSET={0x8, 0x4, 0x1, 0x0, 0xf1d6}, @NFTA_NG_TYPE={0x8, 0x3, 0x1, 0x0, 0x1}, @NFTA_NG_MODULUS={0x8, 0x2, 0x1, 0x0, 0x7}, @NFTA_NG_DREG={0x8, 0x1, 0x1, 0x0, 0x3}, @NFTA_NG_OFFSET={0x8, 0x4, 0x1, 0x0, 0x9}]}}}]}, @NFTA_RULE_CHAIN={0x9, 0x2, 'syz2\x00'}]}], {0x14, 0x11, 0x1, 0x0, 0x0, {0xa}}}, 0xac}, 0x1, 0x0, 0x0, 0x4008091}, 0x24000000)
syz_clone(0x40200000, &(0x7f0000000000)='U', 0x1, &(0x7f0000000140), &(0x7f0000000180), &(0x7f0000000480)="d946005a59d8b49a77bbb1948ac1cc28c8f24f89f9b2def7e23dcde1d5b2a65c81fa756607f48b92a1b1ea812dd3b2e7fb941b2467794353b87b915aefdb7c0c4a85e939a6aadb9f6d381352f4674cd9623320393294f1ff0f99af96fb865b681e1c721400cff6a0bdbd16be518aa52a89a7daeec51a09b92908e17f690986fc587a609d690da3455bb1ccf6d64952354d71dda934f8207883d1e78123fc566ff55e873a0555ca595726eb32360bfa59129b03e6399e65721527d57d8596fc8c6002518670ebea9a641db0e7c4898effbcecb5a4b4ca5ed70351372cfb1a71f8bde70ee70aae9f2a2f72f2519b0199cd342f4dfb647a607331b9e00780743524641a5219c6a36ba9fd2f10abd6c9c9fa1d6efc04efeda6b50ebddc8e96418802fec58a35fc5d543f06935153daef4b3bdfbeb0fafe608b811db453d06ca3fecee472c4e2f3feef065927fb8adef9784761b7ccc9934184458e14ea669df861b27c86abc7ca09c3935d93767582df912ea232c3c499906aa1163b381e63c4cb7377f602c57fe2824324e0e53ea713483615b01e337e577b390c18a7526449dbe6edd9a213791b04aab04657277bcdfe45b1cc78c61a128473ec27adfabb7b10c89707a2b37aaa19c8349894eb364170bc26f0ea6b13c49e500bba8a2f5521138c60dcf62ae7c2908b971fe2cfe9668c097ef13200bb962e6dac0b4d2ba8cb3ed84140892aece37f073699b86f815a690344174b995d8cf8d24056d6aa01e36d87d024e564f1622a545d6d18b51a2a7618048db06692fb46593305c58d9fadd796b0e8c3f128bee7a71922d4e9188b5cb33da1bffa77de28c407ae327061d127528d621226a247dcfc013fa9742869212aa4cb0fa47aa900a6d02a754c27293b12281899cab825220b5201bc66f216abc707921b693fc2353bbfb63bd419231f93bbfee9c4dd5af6e9721f6b9cb9b1233e1a0e12d4a86b1a14435fdc53aed6351d6124e1799611b3423102e6ff8460a59a7072f667ce836343d11517fef5bc3ec837878e5478b70afa02d7b06079a75761fd3e852b22073a135d7ea106cc3fd68268062c375585f08594973d8336a22451744526c3c85156942f0b173e067de7c905959ebc8447265df0f03d9a3390e2297385c9992e4f392ea6949913d08c2334ff1374ba14322576cc2557608e387b0bc6fde4276c89321961f92a555d4eb0c0cd8fba869ee38725f3185909392acb44c18a66021449fdeab9ddce40b5b06c20ef2e010c02cee80739217e503c73641bd1d812972b44a740c0a5d12809f0e59039cc750e682fc88e63ba4019ce926b814b88c87d05629f84fe5c8608951b639fc4c5d6dddd6cfe77a8bad55f323f04d84f25e87a0a00b2ca7d6a214ac450d31c917237754950c78824b653bf113ef3537855ba0dabf4f01613a92a15aa548e453aa051ff4627b2ea5ab5a61cd3cb84884ee1cd474adaf9ddad4292f8ff476bbc5916f9a16de2198a2dc4f74d80773a0ebaf001b180239832177b1f92bc461c420569afb05cbedbd04e8963837a5d96a12632132f5143a0d1811a51002bcd11bc4b4f28d00beb9168b21a69abb0c651f4d81828181297b6c87bc9c25aeca6b19b69a7ee57643f9d5a57d193e96a2cc971ad9f95940749281c0cffae1dfd1309140394ca3b5613ebc063958eeab466a42232f9c7edec90f3d03d962aa2ebf5e4f9e35eaf6bc5e25ea0c4a8d0ae72b645086bd36a5086de12cea21d06fd886e522df0e9f0a0a02c0b05cb39d113617018dbafacdc76377f8c863f5f8b6de231d1af5262199867a1dd63367e45e4c7cd93a8544d74fa6a603bf54a360854f309e8e6ac2f5b6358fd1c2ae093411759a4e2dc2e4f7ec725d125eaa045c2ed0abe407195494479698a1d9a0ac7db993913a71a808b95d2b896d2394fef9030c351dffea8526a69b542c83469be9e88a2501e85017212f1216180c074c9586f299890578a76d4ad6039f4a6b8b964f5ebced0242132411da79d6d44eef1e563758d60c8852259aac62dbff442645f3d55781ed012e7bc37c5882c4dba8deaec38642771b2ed8065d074b5e6e8969f64cdb639a6844a60c4b4c2cc187e93e8865edfd734376cdf6d1e6fe54cf0206e4270ed8a240603801be4476dccaa9d62db04460052a724bb44a6000ef041807959ff4eb31d371ae01ffa0726dcbfbd86daff2b6d576e2a2b526668d8e4b020953b94f8e1370c94aa65630ac7999502de05672dc1734f66c4c818ec5a49a0f304d42bfe12b8c64f56ef6e59a1304434dd86edc759e2bad28bdbf96a812ceef50c63fb48d92ee0759ab444ae1f7676fbb79dd00e0d779bfa1480d43becae856c17d8e764a64a478b2855d1f86b0b21d84c203c0811d68ed1e39ddb836ebbcd52745fc10b2f86fb9852abed66ff400f93648a0a66346a203ab8c72356f0df6723399bb38a59ff8ada0592fc873c31b0abf18b0b7f52a34d73a2c403521d24ea117c53b2285084d3cc00e7b6468cf24b9f3d6b567a028db8d13ed62ed007d16139881641a869334b6e11a8d499d04b866c22654ee447977be785a50259a8ea84906bf9914533d82bd97ab23178377a02b71d1eaae625d221fc354a926f0f93d366153f757f08701f2bddfc48a47399a92b61e605fdad641be0e8be914cbdd8af8919a4548070ad302fccf53b3560cb62f74aff6de32e865e3cd8f2b160d90009b8121041b2ea3bc61ac13952fa258cf34759229727d53b938c0591dfee9276d3fd728533e323926224a49c33adbcbeaa5d8238b0a00ad7d9650207edb59b68ffad1c07da28eb35dd332cd928a41765a9bf93633343e1e3755f8765ccf12df5eb15a1dc5adca474d58e904a6270960b16cf75f1e112f0d6a72d76c715753bce56aadc92e3744b14757508035f5a1dc15f4c26c07b681a1b20cbd4e21c8a80b9e225d0ef1c888acbe2dcab3a68ce72267e6d16cad868796a450b46992216c5279a70fa8e0b340a2cd5a2171991003cba3135411a8576d1af95da6f83fc5794b41923856035b91ae57efc00e2c5b7287c95366418cfc1d8ded75b82335e141911ebf833def84f1b3b1a08a13cfd78fa6e02e8be7a3d022539a28be2d926ad44c680f71b8420a9df9c8bea7b74eb801fd7aab1835f4d8dc6dd65edff9d06b4d9abb3b6c17e808acfea4d731947b60d2c1164b64aec15e7a0872ff1b3001415529cd1c1987ac7d98e296f9eb4585e38fd4fce3735dde46cb23246b92b6bcdd12b645e8b2f36fd1099ec6ef9d9642e14b64a61bb35e6f917df6b4f2d3c2b5a4f3a84e498e7d94ad568a4f6265ed06959bc3064d3b1dc6e6f2bd83e84a0ae8d85f35c38fac0c9f229ed4d3746f2fce0ae0910c6d8db50090dc1c3fd147945e999d29df4b94c82c3efa91d1da782441ccda21b203c89d3457c5096cc04a2023c6da2ad0d012ff65d039a03b7520db3ac968e1bc80917ddc41d213d374f5334ac0c0bcdd4182734fa4573446480872b7e9946eef2e1de2181cd0dfb7d73a90dc0a859cf60c355d8e0be3af60d32e33bd367803ca2feb62e62af102d272666cba78f0d36ca76c78b9e002367a2f12a06fa3aa145e42ae32fa19c1522b5752f9347f1aed14c40bd69c107fe1557ea555f198a8fd6c2e0c3e0d707e872517100c619c97db6f77dc2100fe44dbc9e7b0765d072b5e34478fc1b1d2cb8de037d8c2bc2974fa74605af0cb812e30166cecf031e2491092caeeca1dce3ff947aae0e08721c7c60bba36abfc5542237380517d8a0075b31ea1a79c8ebdd0bcae9f18a9fce9d868540f02ca55cd0473272773f0ad1ae94201a24cc085fd76edf0efdeb2fca71bd298cc3972211cf4af7df4e69e534e9c73c031632adaaccf5081fd4038482124d6011774213db9cb28cf77d566fc4e925ee05c5dc2599b89c11519065414fed786c35d6dcae7d7eea2a36c8636344a2fe0f1e88f1048ec339c6f284ca51b33e00213d00af04d88139a10d31e91a1467c85982d0a00bf687e5640256885c14f236438d835f436aa6f235e66bb8b7d445dbe16d426ad8f8af6c7dae527c1c7a220e86a5dcf2c3f5ac56287cb8d6eb63bfe71ddf7be393786b452abb923a9dd44a88ef955ce5e9b275d06e8e53123c1c2966de1bf08964d6a4bf716575317227db8c40cad2f4c49d548201f148c2f4f88bceeb58f2cc9a1488a886b71325cc90c50bcc1bdaedbe324c24a52501facbddd48184016713a130d393470b5894537f0687bbf64f98f59c54e913b0a1182051252e6d9d9a4b878f2b327f91998092dd679632f035bb3a2833bc53635f4411d7de0841754cb3a1cc9fbb217a89fd0f704f70d22745bceb4a01089e467ab048eafa2cf2021b2131d1e67cb615b63ea9c36e37291dd7a881c9307ef396e5915bc4942fd94143b2c1f27ad3195b4c376046e17ba55834ce08d81b160e6ed85976571c68f3b1880c93600ace0c9dac4c1edc1290345e9ce5a49b77809c1410f2532764214ad0583cbcf09ae822e08f1a2c0699df5e5cde01994924605eed6dda01e4ddbed0b8c6ed12f15632867f7e74858c473314f007fe85adf88a0f55861644f022cf377b077ccaa232e19f5433096ce75a343d276c26d8f5520bcb4d2330345ada3871d6701884d3a71fd3053a40e7bdd7aa6e5ec940a758d75ea5f6d0a452417188b057bc3d1b119613cb514f8e0e82950795040d6ec47016969a70e46f31f9378c73e85af267b7400a27724afe325b375b3e6a452efccd847274346b250392e85c3ceef9fd423a6542cf83fb27e1483d0164af1ef2303fdca509e2bfaf7b0344f1992d49395ccc11e20993382a0cb5573da5f3608ce41499abdb3d86c76186a46b1204fea8dc2c80db82f39c6d06465da8aece2f9ba663e3d0ce8e9946ee72e27b4ca1c6b6f949b5a10eb069895524f36364adaa89e2be477eaf3e5669d74473651290d49b77f0f32245a28f23eb8f7911649360f02e4072a070f2667026964e38502eb1d0fd7cb5c470417e95580fe61a0243cb34b5d855a9101bc82f39728bc202612b635430015e15b81c9c35174c3ea38b457b7067353c38cd4b1b6ce3041909fc18ae9f98045da1f20437ee3880f383c381508ebba153bbc98a6a4f5789a5f8d9b5ccbe280004030db5fe026a281b4d71aa342575f6b9a62fc70dfebf517f76b062bfbed0fbfe2093dfcf1fcb731719dfea35835ed4b0288343811407e24a40c015925ecb914fc0927c308acfbdcd89eaad7f710daa73716885f8319b7537eaf281f18e2037fd2c1bc5fa8dd0ee88d4816fcf8e1560c40fe709e0e0718ce615ecb93de9ed8c531c5b8a7445ead5a7c3af757836ee7190365694e34b50b0c4e2bcd01de1c9289581ff0d9377c075ad952e2f4a1921dd13b2dd1b807a35ceb7d3c830dd250b0adb288f904dbb80a59fb30a5fb1114cba11b39cce618d57e684b9aa080f1ea249d4906cd6b803c71742417523f0a4f2a3d0aac4233992c970f1caf3db062336db7458f50971282602f804c1195c259687a5fad4b2073f74f2d97209afc545bb89c20af5bdd69094c7e683841f2730d566956e040311c85758e60073d151ecc369fc22728176dc4c6321b585ef125fe33d05842cb880c3722cfabc83e7f0bad74f79f76d8f66416f9cdae608e5b2316bc640dfebca40fdd1c288b61ebacc9ba0f769574811169638af31da76799e5283986891a322ebfbea56e8acc25751a4b7caf383d3c39b29a9f85f9312587680c499f7231a45fc05593cc24f5be52894cec3ecc4")
r1 = open_tree(0xffffffffffffff9c, &(0x7f0000000100)='\x00', 0x89901)
fchdir(r1)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x40ead000)
madvise(&(0x7f0000130000/0xd000)=nil, 0xd000, 0x66)
madvise(&(0x7f0000000000/0x600000)=nil, 0x60005f, 0x19)
r2 = socket$netlink(0x10, 0x3, 0xb)
r3 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r3, &(0x7f0000000080)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb(arc4)\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r3, 0x117, 0x1, &(0x7f0000c18000)="ad", 0x1)
r4 = accept4(r3, 0x0, 0x0, 0x0)
sendmsg$NL80211_CMD_TESTMODE(r4, &(0x7f00000005c0)={0x0, 0x0, &(0x7f0000000580)={&(0x7f0000002300)={0x28, 0x0, 0x200, 0x70bd2a, 0x25dfdbfb, {{}, {@val={0x8}, @val={0xc, 0x99, {0xa8, 0xd}}}}}, 0x28}, 0x1, 0x0, 0x0, 0x4}, 0x80)
recvmsg$unix(r4, &(0x7f0000000840)={0x0, 0x0, &(0x7f0000000140)=[{&(0x7f0000000100)=""/30, 0x1e}], 0x1}, 0x0)
close_range(r2, 0xffffffffffffffff, 0x0)
syz_clone3(&(0x7f00000001c0)={0x2000000, 0x0, 0x0, 0x0, {0x1f}, 0x0, 0x0, 0x0, 0x0}, 0x58)
close(r1)
r5 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_tcp_int(r5, 0x6, 0x13, &(0x7f0000000040)=0x100000001, 0x76dc)
getsockopt$bt_l2cap_L2CAP_OPTIONS(r4, 0x6, 0x1, &(0x7f0000000340), &(0x7f0000000380)=0xc)
connect$inet6(r5, &(0x7f0000000080), 0x1c)
setsockopt$inet6_tcp_TCP_ULP(r5, 0x6, 0x1f, &(0x7f00000002c0), 0x4)
setsockopt$inet6_tcp_TCP_ULP(r5, 0x6, 0x1f, &(0x7f0000000300), 0x3)
mount_setattr(0xffffffffffffff9c, &(0x7f00000001c0)='.\x00', 0x1000, &(0x7f0000001dc0)={0xf, 0x0, 0x100000}, 0x20)

21.769344104s ago: executing program 34 (id=2213):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000240)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a28000000000a030000000000000000000a00000708000240000000020900010073797a31000000002c000000030a010100000000000000000a0000070900010073797a31000000000900030073797a320000000014000000110001"], 0x7c}, 0x1, 0x0, 0x0, 0x4000}, 0x0)
sendmsg$NFT_BATCH(r0, &(0x7f0000009b40)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000001480)={{0x14, 0x10, 0x1, 0x0, 0x0, {0x5}}, [@NFT_MSG_NEWRULE={0x84, 0x6, 0xa, 0x401, 0x0, 0x0, {0xa, 0x0, 0x1}, [@NFTA_RULE_TABLE={0x9, 0x1, 'syz1\x00'}, @NFTA_RULE_EXPRESSIONS={0x58, 0x4, 0x0, 0x1, [{0x54, 0x1, 0x0, 0x1, @numgen={{0xb}, @val={0x44, 0x2, 0x0, 0x1, [@NFTA_NG_MODULUS={0x8}, @NFTA_NG_DREG={0x8, 0x1, 0x1, 0x0, 0x17}, @NFTA_NG_TYPE={0x8}, @NFTA_NG_OFFSET={0x8, 0x4, 0x1, 0x0, 0xf1d6}, @NFTA_NG_TYPE={0x8, 0x3, 0x1, 0x0, 0x1}, @NFTA_NG_MODULUS={0x8, 0x2, 0x1, 0x0, 0x7}, @NFTA_NG_DREG={0x8, 0x1, 0x1, 0x0, 0x3}, @NFTA_NG_OFFSET={0x8, 0x4, 0x1, 0x0, 0x9}]}}}]}, @NFTA_RULE_CHAIN={0x9, 0x2, 'syz2\x00'}]}], {0x14, 0x11, 0x1, 0x0, 0x0, {0xa}}}, 0xac}, 0x1, 0x0, 0x0, 0x4008091}, 0x24000000)
syz_clone(0x40200000, &(0x7f0000000000)='U', 0x1, &(0x7f0000000140), &(0x7f0000000180), &(0x7f0000000480)="d946005a59d8b49a77bbb1948ac1cc28c8f24f89f9b2def7e23dcde1d5b2a65c81fa756607f48b92a1b1ea812dd3b2e7fb941b2467794353b87b915aefdb7c0c4a85e939a6aadb9f6d381352f4674cd9623320393294f1ff0f99af96fb865b681e1c721400cff6a0bdbd16be518aa52a89a7daeec51a09b92908e17f690986fc587a609d690da3455bb1ccf6d64952354d71dda934f8207883d1e78123fc566ff55e873a0555ca595726eb32360bfa59129b03e6399e65721527d57d8596fc8c6002518670ebea9a641db0e7c4898effbcecb5a4b4ca5ed70351372cfb1a71f8bde70ee70aae9f2a2f72f2519b0199cd342f4dfb647a607331b9e00780743524641a5219c6a36ba9fd2f10abd6c9c9fa1d6efc04efeda6b50ebddc8e96418802fec58a35fc5d543f06935153daef4b3bdfbeb0fafe608b811db453d06ca3fecee472c4e2f3feef065927fb8adef9784761b7ccc9934184458e14ea669df861b27c86abc7ca09c3935d93767582df912ea232c3c499906aa1163b381e63c4cb7377f602c57fe2824324e0e53ea713483615b01e337e577b390c18a7526449dbe6edd9a213791b04aab04657277bcdfe45b1cc78c61a128473ec27adfabb7b10c89707a2b37aaa19c8349894eb364170bc26f0ea6b13c49e500bba8a2f5521138c60dcf62ae7c2908b971fe2cfe9668c097ef13200bb962e6dac0b4d2ba8cb3ed84140892aece37f073699b86f815a690344174b995d8cf8d24056d6aa01e36d87d024e564f1622a545d6d18b51a2a7618048db06692fb46593305c58d9fadd796b0e8c3f128bee7a71922d4e9188b5cb33da1bffa77de28c407ae327061d127528d621226a247dcfc013fa9742869212aa4cb0fa47aa900a6d02a754c27293b12281899cab825220b5201bc66f216abc707921b693fc2353bbfb63bd419231f93bbfee9c4dd5af6e9721f6b9cb9b1233e1a0e12d4a86b1a14435fdc53aed6351d6124e1799611b3423102e6ff8460a59a7072f667ce836343d11517fef5bc3ec837878e5478b70afa02d7b06079a75761fd3e852b22073a135d7ea106cc3fd68268062c375585f08594973d8336a22451744526c3c85156942f0b173e067de7c905959ebc8447265df0f03d9a3390e2297385c9992e4f392ea6949913d08c2334ff1374ba14322576cc2557608e387b0bc6fde4276c89321961f92a555d4eb0c0cd8fba869ee38725f3185909392acb44c18a66021449fdeab9ddce40b5b06c20ef2e010c02cee80739217e503c73641bd1d812972b44a740c0a5d12809f0e59039cc750e682fc88e63ba4019ce926b814b88c87d05629f84fe5c8608951b639fc4c5d6dddd6cfe77a8bad55f323f04d84f25e87a0a00b2ca7d6a214ac450d31c917237754950c78824b653bf113ef3537855ba0dabf4f01613a92a15aa548e453aa051ff4627b2ea5ab5a61cd3cb84884ee1cd474adaf9ddad4292f8ff476bbc5916f9a16de2198a2dc4f74d80773a0ebaf001b180239832177b1f92bc461c420569afb05cbedbd04e8963837a5d96a12632132f5143a0d1811a51002bcd11bc4b4f28d00beb9168b21a69abb0c651f4d81828181297b6c87bc9c25aeca6b19b69a7ee57643f9d5a57d193e96a2cc971ad9f95940749281c0cffae1dfd1309140394ca3b5613ebc063958eeab466a42232f9c7edec90f3d03d962aa2ebf5e4f9e35eaf6bc5e25ea0c4a8d0ae72b645086bd36a5086de12cea21d06fd886e522df0e9f0a0a02c0b05cb39d113617018dbafacdc76377f8c863f5f8b6de231d1af5262199867a1dd63367e45e4c7cd93a8544d74fa6a603bf54a360854f309e8e6ac2f5b6358fd1c2ae093411759a4e2dc2e4f7ec725d125eaa045c2ed0abe407195494479698a1d9a0ac7db993913a71a808b95d2b896d2394fef9030c351dffea8526a69b542c83469be9e88a2501e85017212f1216180c074c9586f299890578a76d4ad6039f4a6b8b964f5ebced0242132411da79d6d44eef1e563758d60c8852259aac62dbff442645f3d55781ed012e7bc37c5882c4dba8deaec38642771b2ed8065d074b5e6e8969f64cdb639a6844a60c4b4c2cc187e93e8865edfd734376cdf6d1e6fe54cf0206e4270ed8a240603801be4476dccaa9d62db04460052a724bb44a6000ef041807959ff4eb31d371ae01ffa0726dcbfbd86daff2b6d576e2a2b526668d8e4b020953b94f8e1370c94aa65630ac7999502de05672dc1734f66c4c818ec5a49a0f304d42bfe12b8c64f56ef6e59a1304434dd86edc759e2bad28bdbf96a812ceef50c63fb48d92ee0759ab444ae1f7676fbb79dd00e0d779bfa1480d43becae856c17d8e764a64a478b2855d1f86b0b21d84c203c0811d68ed1e39ddb836ebbcd52745fc10b2f86fb9852abed66ff400f93648a0a66346a203ab8c72356f0df6723399bb38a59ff8ada0592fc873c31b0abf18b0b7f52a34d73a2c403521d24ea117c53b2285084d3cc00e7b6468cf24b9f3d6b567a028db8d13ed62ed007d16139881641a869334b6e11a8d499d04b866c22654ee447977be785a50259a8ea84906bf9914533d82bd97ab23178377a02b71d1eaae625d221fc354a926f0f93d366153f757f08701f2bddfc48a47399a92b61e605fdad641be0e8be914cbdd8af8919a4548070ad302fccf53b3560cb62f74aff6de32e865e3cd8f2b160d90009b8121041b2ea3bc61ac13952fa258cf34759229727d53b938c0591dfee9276d3fd728533e323926224a49c33adbcbeaa5d8238b0a00ad7d9650207edb59b68ffad1c07da28eb35dd332cd928a41765a9bf93633343e1e3755f8765ccf12df5eb15a1dc5adca474d58e904a6270960b16cf75f1e112f0d6a72d76c715753bce56aadc92e3744b14757508035f5a1dc15f4c26c07b681a1b20cbd4e21c8a80b9e225d0ef1c888acbe2dcab3a68ce72267e6d16cad868796a450b46992216c5279a70fa8e0b340a2cd5a2171991003cba3135411a8576d1af95da6f83fc5794b41923856035b91ae57efc00e2c5b7287c95366418cfc1d8ded75b82335e141911ebf833def84f1b3b1a08a13cfd78fa6e02e8be7a3d022539a28be2d926ad44c680f71b8420a9df9c8bea7b74eb801fd7aab1835f4d8dc6dd65edff9d06b4d9abb3b6c17e808acfea4d731947b60d2c1164b64aec15e7a0872ff1b3001415529cd1c1987ac7d98e296f9eb4585e38fd4fce3735dde46cb23246b92b6bcdd12b645e8b2f36fd1099ec6ef9d9642e14b64a61bb35e6f917df6b4f2d3c2b5a4f3a84e498e7d94ad568a4f6265ed06959bc3064d3b1dc6e6f2bd83e84a0ae8d85f35c38fac0c9f229ed4d3746f2fce0ae0910c6d8db50090dc1c3fd147945e999d29df4b94c82c3efa91d1da782441ccda21b203c89d3457c5096cc04a2023c6da2ad0d012ff65d039a03b7520db3ac968e1bc80917ddc41d213d374f5334ac0c0bcdd4182734fa4573446480872b7e9946eef2e1de2181cd0dfb7d73a90dc0a859cf60c355d8e0be3af60d32e33bd367803ca2feb62e62af102d272666cba78f0d36ca76c78b9e002367a2f12a06fa3aa145e42ae32fa19c1522b5752f9347f1aed14c40bd69c107fe1557ea555f198a8fd6c2e0c3e0d707e872517100c619c97db6f77dc2100fe44dbc9e7b0765d072b5e34478fc1b1d2cb8de037d8c2bc2974fa74605af0cb812e30166cecf031e2491092caeeca1dce3ff947aae0e08721c7c60bba36abfc5542237380517d8a0075b31ea1a79c8ebdd0bcae9f18a9fce9d868540f02ca55cd0473272773f0ad1ae94201a24cc085fd76edf0efdeb2fca71bd298cc3972211cf4af7df4e69e534e9c73c031632adaaccf5081fd4038482124d6011774213db9cb28cf77d566fc4e925ee05c5dc2599b89c11519065414fed786c35d6dcae7d7eea2a36c8636344a2fe0f1e88f1048ec339c6f284ca51b33e00213d00af04d88139a10d31e91a1467c85982d0a00bf687e5640256885c14f236438d835f436aa6f235e66bb8b7d445dbe16d426ad8f8af6c7dae527c1c7a220e86a5dcf2c3f5ac56287cb8d6eb63bfe71ddf7be393786b452abb923a9dd44a88ef955ce5e9b275d06e8e53123c1c2966de1bf08964d6a4bf716575317227db8c40cad2f4c49d548201f148c2f4f88bceeb58f2cc9a1488a886b71325cc90c50bcc1bdaedbe324c24a52501facbddd48184016713a130d393470b5894537f0687bbf64f98f59c54e913b0a1182051252e6d9d9a4b878f2b327f91998092dd679632f035bb3a2833bc53635f4411d7de0841754cb3a1cc9fbb217a89fd0f704f70d22745bceb4a01089e467ab048eafa2cf2021b2131d1e67cb615b63ea9c36e37291dd7a881c9307ef396e5915bc4942fd94143b2c1f27ad3195b4c376046e17ba55834ce08d81b160e6ed85976571c68f3b1880c93600ace0c9dac4c1edc1290345e9ce5a49b77809c1410f2532764214ad0583cbcf09ae822e08f1a2c0699df5e5cde01994924605eed6dda01e4ddbed0b8c6ed12f15632867f7e74858c473314f007fe85adf88a0f55861644f022cf377b077ccaa232e19f5433096ce75a343d276c26d8f5520bcb4d2330345ada3871d6701884d3a71fd3053a40e7bdd7aa6e5ec940a758d75ea5f6d0a452417188b057bc3d1b119613cb514f8e0e82950795040d6ec47016969a70e46f31f9378c73e85af267b7400a27724afe325b375b3e6a452efccd847274346b250392e85c3ceef9fd423a6542cf83fb27e1483d0164af1ef2303fdca509e2bfaf7b0344f1992d49395ccc11e20993382a0cb5573da5f3608ce41499abdb3d86c76186a46b1204fea8dc2c80db82f39c6d06465da8aece2f9ba663e3d0ce8e9946ee72e27b4ca1c6b6f949b5a10eb069895524f36364adaa89e2be477eaf3e5669d74473651290d49b77f0f32245a28f23eb8f7911649360f02e4072a070f2667026964e38502eb1d0fd7cb5c470417e95580fe61a0243cb34b5d855a9101bc82f39728bc202612b635430015e15b81c9c35174c3ea38b457b7067353c38cd4b1b6ce3041909fc18ae9f98045da1f20437ee3880f383c381508ebba153bbc98a6a4f5789a5f8d9b5ccbe280004030db5fe026a281b4d71aa342575f6b9a62fc70dfebf517f76b062bfbed0fbfe2093dfcf1fcb731719dfea35835ed4b0288343811407e24a40c015925ecb914fc0927c308acfbdcd89eaad7f710daa73716885f8319b7537eaf281f18e2037fd2c1bc5fa8dd0ee88d4816fcf8e1560c40fe709e0e0718ce615ecb93de9ed8c531c5b8a7445ead5a7c3af757836ee7190365694e34b50b0c4e2bcd01de1c9289581ff0d9377c075ad952e2f4a1921dd13b2dd1b807a35ceb7d3c830dd250b0adb288f904dbb80a59fb30a5fb1114cba11b39cce618d57e684b9aa080f1ea249d4906cd6b803c71742417523f0a4f2a3d0aac4233992c970f1caf3db062336db7458f50971282602f804c1195c259687a5fad4b2073f74f2d97209afc545bb89c20af5bdd69094c7e683841f2730d566956e040311c85758e60073d151ecc369fc22728176dc4c6321b585ef125fe33d05842cb880c3722cfabc83e7f0bad74f79f76d8f66416f9cdae608e5b2316bc640dfebca40fdd1c288b61ebacc9ba0f769574811169638af31da76799e5283986891a322ebfbea56e8acc25751a4b7caf383d3c39b29a9f85f9312587680c499f7231a45fc05593cc24f5be52894cec3ecc4")
r1 = open_tree(0xffffffffffffff9c, &(0x7f0000000100)='\x00', 0x89901)
fchdir(r1)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x40ead000)
madvise(&(0x7f0000130000/0xd000)=nil, 0xd000, 0x66)
madvise(&(0x7f0000000000/0x600000)=nil, 0x60005f, 0x19)
r2 = socket$netlink(0x10, 0x3, 0xb)
r3 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r3, &(0x7f0000000080)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb(arc4)\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r3, 0x117, 0x1, &(0x7f0000c18000)="ad", 0x1)
r4 = accept4(r3, 0x0, 0x0, 0x0)
sendmsg$NL80211_CMD_TESTMODE(r4, &(0x7f00000005c0)={0x0, 0x0, &(0x7f0000000580)={&(0x7f0000002300)={0x28, 0x0, 0x200, 0x70bd2a, 0x25dfdbfb, {{}, {@val={0x8}, @val={0xc, 0x99, {0xa8, 0xd}}}}}, 0x28}, 0x1, 0x0, 0x0, 0x4}, 0x80)
recvmsg$unix(r4, &(0x7f0000000840)={0x0, 0x0, &(0x7f0000000140)=[{&(0x7f0000000100)=""/30, 0x1e}], 0x1}, 0x0)
close_range(r2, 0xffffffffffffffff, 0x0)
syz_clone3(&(0x7f00000001c0)={0x2000000, 0x0, 0x0, 0x0, {0x1f}, 0x0, 0x0, 0x0, 0x0}, 0x58)
close(r1)
r5 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_tcp_int(r5, 0x6, 0x13, &(0x7f0000000040)=0x100000001, 0x76dc)
getsockopt$bt_l2cap_L2CAP_OPTIONS(r4, 0x6, 0x1, &(0x7f0000000340), &(0x7f0000000380)=0xc)
connect$inet6(r5, &(0x7f0000000080), 0x1c)
setsockopt$inet6_tcp_TCP_ULP(r5, 0x6, 0x1f, &(0x7f00000002c0), 0x4)
setsockopt$inet6_tcp_TCP_ULP(r5, 0x6, 0x1f, &(0x7f0000000300), 0x3)
mount_setattr(0xffffffffffffff9c, &(0x7f00000001c0)='.\x00', 0x1000, &(0x7f0000001dc0)={0xf, 0x0, 0x100000}, 0x20)

9.633585637s ago: executing program 5 (id=2294):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f00000003c0)={'wlan0\x00', <r2=>0x0})
r3 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff)
sendmsg$NL80211_CMD_FRAME(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000140)={0x40, r3, 0x1, 0x70bd26, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_FRAME={0x22, 0x33, @action={{{0x0, 0x0, 0xd, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1}, {0xd}, @broadcast, @device_a, @random="828f50255961", {0x3}}, @ext_ch_sw={0x4, 0x4, {{0x1, 0x5, 0x80, 0x3}, @void}}}}]}, 0x40}, 0x1, 0x0, 0x0, 0xc0}, 0x0)

7.720269433s ago: executing program 6 (id=2304):
r0 = socket(0xa, 0x3, 0x3a)
setsockopt$MRT6_ADD_MFC(r0, 0x29, 0xcc, &(0x7f0000000000)={{0xa, 0x0, 0x0, @private0, 0x809}, {0xa, 0x8, 0x1, @empty, 0x1000}, 0x2, {[0x2, 0x1, 0xfffffffe, 0x0, 0xffffffff]}}, 0x5c)
setsockopt$MRT6_ADD_MFC(r0, 0x29, 0xcc, &(0x7f0000000280)={{0xa, 0x0, 0x0, @loopback}, {0xa, 0x0, 0x0, @mcast2}, 0x0, {[0x1, 0x0, 0x0, 0x0, 0x9]}}, 0x5c)
setsockopt$MRT6_ADD_MFC(r0, 0x29, 0xcc, &(0x7f00000001c0)={{0xa, 0x4e23, 0x0, @loopback}, {0xa, 0x4e26, 0x0, @mcast1}, 0x0, {[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4]}}, 0x5c)
setsockopt$MRT6_FLUSH(r0, 0x29, 0xd4, &(0x7f00000000c0)=0x7, 0x4)

7.567173139s ago: executing program 5 (id=2305):
r0 = socket$inet6_sctp(0xa, 0x1, 0x84)
setsockopt$inet_sctp6_SCTP_DEFAULT_PRINFO(r0, 0x84, 0x72, &(0x7f0000000240)={0x0, 0x20, 0x30}, 0xc)
bind$inet6(r0, &(0x7f0000000000)={0xa, 0x4e23, 0x4, @loopback}, 0x1c)
sendto$inet6(r0, &(0x7f0000000180)="1a", 0x1, 0x40, &(0x7f0000000200)={0xa, 0x4e23, 0x0, @loopback}, 0x1c)
sendto$inet6(r0, &(0x7f0000000280)='|', 0x1, 0xc010, 0x0, 0x0)
writev(r0, &(0x7f0000001300)=[{&(0x7f0000000100)='^', 0x34000}], 0x1)

7.54311014s ago: executing program 6 (id=2306):
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r0, &(0x7f0000000000)={0x0, 0xffffffffffffff2e, &(0x7f0000000040)={&(0x7f0000000200)=@acquire={0x128, 0x17, 0x1, 0x70bd29, 0x25dfdbfd, {{@in=@remote, 0x4d2, 0xff}, @in6=@mcast1, {@in=@rand_addr=0x64010101, @in=@local, 0x4e22, 0x0, 0x4e24, 0xe0ec, 0x2, 0x80, 0x0, 0x32}, {{@in6=@rand_addr=' \x01\x00', @in=@local, 0x4e24, 0x9, 0x4e23, 0x5, 0x2, 0x80, 0xa0, 0x16}, {0x9, 0x40000003, 0x800, 0x7, 0x5, 0x2, 0x9, 0x1ff}, {0x27b, 0x2, 0x2, 0x4000000000000}, 0x3, 0x6e6bb9, 0x0, 0x1, 0x2}, 0x5, 0x20000, 0xab, 0x70bd2c}}, 0x128}, 0x1, 0x0, 0x0, 0x8c0}, 0x2000)
socket$nl_generic(0x10, 0x3, 0x10)
socket$nl_route(0x10, 0x3, 0x0)
r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000b00)=ANY=[@ANYBLOB="0b00000005000000020000000900000001"], 0x50)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000600)={0x11, 0x14, &(0x7f0000000800)=ANY=[@ANYBLOB="180000000000000000000000fcffffff180100002020782500000000002020207b1a00ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000007000000850000000600000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b70800001c0000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000002000000850000000300000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x1f, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='tlb_flush\x00', r2}, 0x10)
r3 = bpf$MAP_CREATE(0x0, &(0x7f0000000500)=ANY=[@ANYBLOB="0a000000050000000200000007"], 0x48)
r4 = openat$ppp(0xffffffffffffff9c, &(0x7f00000004c0), 0x28e83, 0x0)
ioctl$PPPIOCSNPMODE(r4, 0x4008744b, &(0x7f0000000540)={0x281, 0x2})
bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f0000000780)={0x0, 0x0, &(0x7f0000000540), &(0x7f0000000740), 0x75, r3}, 0x38)
r5 = socket$nl_generic(0x10, 0x3, 0x10)
r6 = syz_genetlink_get_family_id$fou(&(0x7f00000000c0), 0xffffffffffffffff)
r7 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
connect$bt_sco(r7, 0x0, 0x0)
syz_emit_ethernet(0x6e, &(0x7f00000001c0)=ANY=[@ANYBLOB="bbbbbbbbbbbb0180c200000286dd697a262d00383afefe8000000000000000000000000000aaff02000000000000000000000000000102009066e40004fe620813313f6fff00fc020000000000000000000000000000ff01000000000000000000000000000188000a38"], 0x0)
r8 = socket$inet_udp(0x2, 0x2, 0x0)
setsockopt$SO_TIMESTAMPING(r8, 0x1, 0x25, &(0x7f0000000200)=0x474c, 0x4)
r9 = socket$inet_tcp(0x2, 0x1, 0x0)
ioctl$sock_inet_SIOCDELRT(r9, 0x890c, &(0x7f0000000040)={0x0, {0x2, 0x4e22, @broadcast}, {0x2, 0x4e20, @multicast1}, {0x2, 0x4e21, @broadcast}, 0x1, 0x0, 0x0, 0x0, 0x8, 0x0, 0x7f, 0x32, 0xfff})
bind$inet(r8, &(0x7f0000000240)={0x2, 0x0, @local}, 0x6f)
connect$inet(r8, &(0x7f0000000480)={0x2, 0x0, @multicast2}, 0x10)
sendmmsg(r8, &(0x7f0000007fc0), 0x800001d, 0x300)
setsockopt$inet_int(r8, 0x0, 0xd, &(0x7f0000000180)=0x6, 0x4)
recvmmsg(r8, &(0x7f0000000040), 0x291962b, 0x45833af92e4b39ff, 0x0)
sendmsg$FOU_CMD_GET(r5, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000040)={0x14, r6, 0xb01, 0x70bd28, 0x25dfdbf8}, 0x14}, 0x1, 0x0, 0x0, 0x24040015}, 0x40000)
bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x4, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="180000000000000000000000090000", @ANYRES32=r3, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$PROG_BIND_MAP(0x23, &(0x7f0000000000)={r2, r3}, 0xc)

7.503376111s ago: executing program 0 (id=2307):
r0 = socket$netlink(0x10, 0x3, 0x4)
r1 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000040), 0x4000, 0x0)
mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x1000002, 0x200000005c831, 0xffffffffffffffff, 0x0)
preadv2(r1, &(0x7f00000008c0)=[{&(0x7f0000002200)=""/4096, 0x1000}], 0x1, 0x0, 0x1, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0)
getsockopt(0xffffffffffffffff, 0x200000000114, 0x2715, 0x0, &(0x7f0000000240))
sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x0)
mkdir(0x0, 0x32)
syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r2 = openat$sysfs(0xffffff9c, &(0x7f0000000900)='/sys/kernel/fscaps', 0x40, 0x56)
read$FUSE(r2, &(0x7f0000001600)={0x2020}, 0x2020)
sendmsg$NFT_BATCH(0xffffffffffffffff, 0x0, 0x0)
syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
unshare(0x6a040000)
r3 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101)
r4 = dup(r3)
socket$inet_icmp_raw(0x2, 0x3, 0x1)
write$6lowpan_enable(r4, &(0x7f0000000000)='0', 0xfffffd2c)
r5 = socket(0x21, 0x2, 0x10000000000002)
connect$rxrpc(r5, &(0x7f0000000140)=@in4={0x21, 0x0, 0x2, 0x10, {0x2, 0x8000, @multicast2}}, 0x24)
sendmmsg(r5, &(0x7f0000000180), 0x0, 0x40001)
recvmmsg(r5, &(0x7f0000002940)=[{{0x0, 0x0, 0x0}}], 0xf000, 0x10002, 0x0)
write(r0, &(0x7f00000000c0)="29000000140005b7ff000051915f95eb01010003a606a40e07fff024bb000000000000000040000000", 0x29)

7.364838687s ago: executing program 5 (id=2308):
setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x3c, 0x0, 0x0)
openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0)
prctl$PR_SET_VMA(0x53564d41, 0x0, &(0x7f0000ffa000/0x2000)=nil, 0x2000, &(0x7f0000000000))
prctl$PR_SET_VMA(0x53564d41, 0x0, &(0x7f0000ffa000/0x3000)=nil, 0x3000, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x5)
fchmod(0xffffffffffffffff, 0x101)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000040), 0x20000, 0x0)
r0 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r0, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
mkdirat(0xffffffffffffff9c, &(0x7f0000000280)='./file0\x00', 0x10)
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f00000000c0)={0x1, &(0x7f0000000080)=[{0x6, 0x6, 0x0, 0x7fff0000}]})
r1 = openat$dir(0xffffffffffffff9c, &(0x7f0000000000)='.\x00', 0x0, 0x0)
r2 = fanotify_init(0x200, 0x0)
socket(0xa, 0x3, 0x87)
fanotify_mark(r2, 0x1, 0x4800003e, r1, 0x0)
r3 = io_uring_setup(0x7d76, &(0x7f00000003c0)={0x0, 0x3a9f, 0x40, 0x1, 0x6})
r4 = syz_io_uring_setup(0x110, &(0x7f0000000140)={0x0, 0x0, 0x0, 0x3, 0x0, 0x0, r3}, &(0x7f0000000340)=<r5=>0x0, &(0x7f0000000000)=<r6=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r5, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4)
syz_io_uring_submit(r5, r6, &(0x7f0000000300)=@IORING_OP_OPENAT={0x12, 0x0, 0x0, 0xffffffffffffff9c, 0x0, &(0x7f0000000480)='./file0\x00', 0x0, 0x80})
io_uring_enter(r4, 0x3516, 0x0, 0x0, 0x0, 0xfffffdcf)
io_submit(0x0, 0x0, 0x0)
r7 = socket(0x2b, 0x80801, 0x1)
connect$inet6(r7, &(0x7f0000000000)={0xa, 0x0, 0x10000, @loopback, 0x1}, 0x1c)
epoll_create1(0x80000)
setsockopt$inet_tcp_TCP_FASTOPEN_KEY(r7, 0x6, 0x21, &(0x7f00000002c0)="d76268833fb94fc3cf79bff8301caff9", 0x10)

5.314963149s ago: executing program 6 (id=2309):
sendmmsg$inet6(0xffffffffffffffff, 0x0, 0x0, 0x1c000)
socket$unix(0x1, 0x5, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000380)='./cgroup.cpu/cgroup.procs\x00', 0x0, 0x0)
openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
socket$unix(0x1, 0x5, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000000)=0x7)
r0 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x143102)
writev(r0, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
r1 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r1, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000000)={0x0, 0x138}, 0x1, 0x0, 0x0, 0xc0}, 0x80)
r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='blkio.bfq.io_wait_time_recursive\x00', 0x275a, 0x0)
write$binfmt_script(r2, &(0x7f0000000000), 0x208e24b)
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0xffffffff, 0x0, &(0x7f0000000540)=0x2)
lseek(r2, 0xa, 0x4)
madvise(&(0x7f0000c00000/0x400000)=nil, 0x400000, 0x17)
userfaultfd(0x801)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x19)
mbind(&(0x7f00001fa000/0x2000)=nil, 0x2000, 0x1, 0x0, 0x0, 0x1)
openat$adsp1(0xffffffffffffff9c, &(0x7f0000000480), 0x1, 0x0)
syz_fuse_handle_req(0xffffffffffffffff, 0x0, 0x0, &(0x7f0000000c80)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000580)={0x78, 0x0, 0x6, {0xfeffffffffffffff, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x3966, 0x1, 0x8000, 0xfffffffc, 0x0, 0x0, 0x3, 0x4}}}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
setsockopt$inet6_IPV6_IPSEC_POLICY(r2, 0x29, 0x22, &(0x7f0000000580)={{{@in6=@dev={0xfe, 0x80, '\x00', 0x25}, @in=@rand_addr=0x64010100, 0x4e23, 0x0, 0x4e20, 0xe00, 0x2, 0x80, 0xa0, 0x87}, {0xffff, 0xffffffff, 0x3, 0x6f0, 0x3, 0xa, 0x3, 0xf}, {0x5, 0x2c5, 0x8, 0x12}, 0x5, 0x0, 0x1, 0x1, 0x1}, {{@in=@local, 0x4d2, 0xff}, 0x2, @in6=@private0={0xfc, 0x0, '\x00', 0x1}, 0x3502, 0x4, 0x2, 0xd, 0x1, 0x0, 0x3}}, 0xe4)
syz_open_dev$dri(&(0x7f0000000280), 0xff, 0x400000)
unshare(0x24060400)
pselect6(0x0, 0x0, 0x0, &(0x7f0000000240)={0x9, 0xfffffffffffffffe, 0x0, 0x7, 0x7, 0x4, 0x0, 0xfffffffffffffffc}, 0x0, 0x0)
io_submit(0x0, 0x1, &(0x7f0000000300)=[&(0x7f0000000000)={0x0, 0x0, 0x0, 0x5, 0x0, 0xffffffffffffffff, 0x0}])
madvise(&(0x7f0000000000/0x3000)=nil, 0x7fffffffffffffff, 0x15)
mkdirat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0)

5.314674259s ago: executing program 5 (id=2310):
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000840)={0x11, 0x3, &(0x7f0000000940)=@framed, &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x4, '\x00', 0x0, @fallback=0x1c0b7d010fdeb5fb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000140)={&(0x7f00000000c0)='contention_begin\x00', r0}, 0x18)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r1, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000240)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a28000000000a030000000000000000000a00000708000240000000020900010073797a31000000002c000000030a010100000000000000000a0000070900010073797a31000000000900030073797a320000000014000000110001"], 0x7c}, 0x1, 0x0, 0x0, 0x4000}, 0x44004000)
sendmsg$NFT_BATCH(r1, &(0x7f0000009b40)={0x0, 0x0, &(0x7f0000009b00)={&(0x7f00000003c0)={{0x14, 0x10, 0x1, 0x0, 0x0, {0x5}}, [@NFT_MSG_NEWRULE={0x80, 0x6, 0xa, 0x401, 0x0, 0x0, {0xa, 0x0, 0x1}, [@NFTA_RULE_EXPRESSIONS={0x54, 0x4, 0x0, 0x1, [{0x50, 0x1, 0x0, 0x1, @target={{0xb}, @val={0x40, 0x2, 0x0, 0x1, [@NFTA_TARGET_REV={0x8, 0x2, 0x1, 0x0, 0x1}, @NFTA_TARGET_INFO={0x2c, 0x3, "7339f2f10455afb9fdd672bad09dfb78c7699c74e891a0c700"/40}, @NFTA_TARGET_NAME={0x8, 0x1, 'TEE\x00'}]}}}]}, @NFTA_RULE_CHAIN={0x9, 0x2, 'syz2\x00'}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz1\x00'}]}], {0x14, 0x11, 0x1, 0x0, 0x0, {0x1}}}, 0xa8}, 0x1, 0x0, 0x0, 0x4000850}, 0x24000840)

4.810342068s ago: executing program 5 (id=2311):
readv(0xffffffffffffffff, &(0x7f0000001580)=[{&(0x7f0000000080)=""/200, 0xc8}, {0x0}], 0x2)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000040)=@setlink={0x30, 0x13, 0x1, 0x70bd2a, 0x25dfdbfe, {0x0, 0x0, 0x0, 0x0, 0x2624, 0x7920}, [@IFLA_NET_NS_PID={0x8}, @IFLA_MTU={0x8, 0x4, 0x76}]}, 0x30}, 0x1, 0x0, 0x0, 0xc0008cd}, 0x20048000)
sched_setattr(0x0, &(0x7f0000000000)={0x38, 0x0, 0x32, 0xd86, 0x2c1, 0x9, 0x4, 0x7f, 0x5, 0x29d0}, 0x0)
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000740), 0x0, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101})
socket$nl_route(0x10, 0x3, 0x0)
syz_emit_ethernet(0x6a, &(0x7f0000000140)={@link_local={0x3}, @link_local, @void, {@ipv4={0x800, @icmp={{0x5, 0x4, 0x0, 0x0, 0x5c, 0x0, 0x0, 0x0, 0x1, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}, @local}, @redirect={0x5, 0x1, 0x0, @loopback, {0x10, 0x4, 0x2, 0x27, 0x3, 0x64, 0x200, 0xff, 0x2f, 0x0, @initdev={0xac, 0x1e, 0x1, 0x0}, @dev={0xac, 0x14, 0x14, 0x1a}, {[@ra={0x94, 0x4, 0x1}, @timestamp_addr={0x44, 0x24, 0x36, 0x1, 0x4, [{@dev={0xac, 0x14, 0x14, 0x39}, 0x9}, {@local, 0x9bf}, {@dev={0xac, 0x14, 0x14, 0x43}, 0x8}, {@local, 0x5}]}, @lsrr={0x83, 0x3, 0xcf}]}}}}}}}, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=@newtaction={0x60, 0x30, 0x1, 0x0, 0x0, {}, [{0x4c, 0x1, [@m_ife={0x48, 0x1, 0x0, 0x0, {{0x8}, {0x20, 0x2, 0x0, 0x1, [@TCA_IFE_PARMS={0x1c}]}, {0x4}, {0xc}, {0xc, 0x8, {0x0, 0x2}}}}]}]}, 0x60}, 0x1, 0x0, 0x0, 0x804}, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000380)=0x34)
r1 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x10000000000002)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r1, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r4 = syz_open_dev$tty20(0xc, 0x4, 0x1)
ioctl$VT_RESIZEX(r4, 0x560a, &(0x7f0000000040)={0x0, 0x8, 0x0, 0x4})
r5 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000840)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000007100000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x1f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={0x0, r5}, 0x18)
madvise(&(0x7f0000bdc000/0x4000)=nil, 0x86ac726dff2f4713, 0xa)
syz_clone3(&(0x7f000000c340)={0xa802100, 0x0, 0x0, 0x0, {0x2e}, 0x0, 0x0, 0x0, &(0x7f000000c2c0)=[0x0], 0x1}, 0x58)
r6 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$TIOCSCTTY(r6, 0x540e, 0xfffffffffffffffa)

4.76302399s ago: executing program 0 (id=2312):
mkdir(&(0x7f0000000000)='./file0\x00', 0x0)
socket(0x10, 0x80002, 0x0)
sendmsg$NFT_BATCH(0xffffffffffffffff, 0x0, 0x0)
openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0)
sendmsg$can_j1939(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, 0x0}, 0x14001)
sched_setscheduler(0x0, 0x1, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
r0 = syz_open_dev$MSR(&(0x7f0000000240), 0x0, 0x0)
read$msr(r0, &(0x7f0000032680)=""/102392, 0x18ff8)
r1 = openat$audio(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
ioctl$SNDCTL_DSP_SETFRAGMENT(r1, 0xc004500a, &(0x7f0000000240)=0x3)
read(0xffffffffffffffff, &(0x7f0000000080)=""/116, 0xfffffeb2)
ioctl$SNDCTL_DSP_CHANNELS(r1, 0xc0045006, &(0x7f0000000080)=0x7f)
ioctl$SNDCTL_DSP_SPEED(r1, 0xc0045002, &(0x7f00000000c0))
syz_genetlink_get_family_id$tipc2(0x0, 0xffffffffffffffff)
read$dsp(r1, &(0x7f00000001c0)=""/95, 0x5f)

4.636835735s ago: executing program 6 (id=2313):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200), 0x100, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
ioctl$KVM_CREATE_PIT2(r1, 0x4040ae77, &(0x7f0000000180)={0x5})
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000002000/0x18000)=nil, &(0x7f00000000c0)=[@text16={0x10, &(0x7f0000000040)="0f01cb650f741065666765f36f0f330f09660f3a0cb9000000752066b9800000c00f326635004000000f300f01d7ba4100ed", 0xfffffffffffffe1b}], 0x0, 0x4498bda7e2139f37, 0x0, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000000)={0x1, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
ioctl$KVM_SET_REGS(0xffffffffffffffff, 0x4090ae82, &(0x7f00000003c0)={[0x0, 0x0, 0x8, 0x40, 0x0, 0x0, 0x2004cb, 0x0, 0xfffffffffffffffe, 0x3, 0x4, 0x200004, 0x0, 0x2, 0x0, 0x1], 0x80a0000})
ioctl$KVM_RUN(0xffffffffffffffff, 0xae80, 0x0)

4.309921378s ago: executing program 6 (id=2314):
syz_usb_connect(0x0, 0x0, 0x0, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
madvise(&(0x7f0000000000/0x4000)=nil, 0x0, 0x12)
r2 = shmget$private(0x0, 0x2000, 0x100, &(0x7f0000ff2000/0x2000)=nil)
r3 = shmat(r2, &(0x7f0000ff1000/0x3000)=nil, 0x400c)
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x1, &(0x7f0000006680))
shmdt(r3)
mlock(&(0x7f0000000000/0x800000)=nil, 0x800000)
mremap(&(0x7f00005f4000/0x1000)=nil, 0x1000, 0x3000, 0x3, &(0x7f000022c000/0x3000)=nil)
madvise(&(0x7f0000a93000/0x4000)=nil, 0x4000, 0xe)
ioctl$EVIOCSMASK(0xffffffffffffffff, 0x40104593, &(0x7f0000000240)={0x15, 0xfffffffffffffec9, 0x0})
ioctl$EVIOCGMASK(0xffffffffffffffff, 0x80104592, &(0x7f0000000880)={0x3, 0x0, 0x0})
prctl$PR_SET_IO_FLUSHER(0x43, 0x1)
prctl$PR_SET_IO_FLUSHER(0x43, 0x0)
epoll_ctl$EPOLL_CTL_MOD(0xffffffffffffffff, 0x3, 0xffffffffffffffff, 0x0)
sendmsg$unix(r0, 0x0, 0x4040c81)
r4 = creat(&(0x7f0000000280)='./file0\x00', 0xecf86c37d53049cc)
write$binfmt_script(r4, &(0x7f0000000400)={'#! ', './file0'}, 0xb)

1.852736586s ago: executing program 0 (id=2320):
timer_create(0x0, &(0x7f0000000240)={0x0, 0x21, 0x2, @thr={0x0, 0x0}}, &(0x7f0000000300)=<r0=>0x0)
fcntl$lock(0xffffffffffffffff, 0x25, &(0x7f0000000040)={0x0, 0x0, 0xfd8b, 0x5})
mprotect(&(0x7f0000000000/0xf000)=nil, 0xf000, 0x1)
sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000003c0)=ANY=[@ANYBLOB="3c020000190001000000000000000000fc020000000000000000000000000000ac1414bb0000000000000000000000000000000304000000", @ANYRES32=0x0], 0x23c}}, 0x0)
timer_settime(r0, 0x1, &(0x7f0000000040)={{}, {0x0, 0x989680}}, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x100000e, 0x20c44fb6edc09a38, 0xffffffffffffffff, 0x0)
pipe2(&(0x7f0000000040)={<r1=>0xffffffffffffffff}, 0x0)
syz_emit_ethernet(0x41, &(0x7f00000000c0)={@local, @random="7f0a00034011", @void, {@ipv4={0x800, @icmp={{0x5, 0x4, 0x0, 0x0, 0x33, 0x0, 0x0, 0x0, 0x1, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}, @local}, @time_exceeded={0xb, 0x0, 0x0, 0x12, 0x0, 0x2802, {0x5, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2f, 0x0, @loopback, @local}, "140022"}}}}}, 0x0)
vmsplice(r1, &(0x7f0000000280)=[{&(0x7f0000000000)="a6", 0x1}], 0x1, 0x5)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
sendmmsg$inet(0xffffffffffffffff, &(0x7f0000001540)=[{{0x0, 0xfffffffffffffda1, 0x0}}], 0x40001b6, 0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000100)={0xffffffffffffffff, <r2=>0xffffffffffffffff})
sendmmsg$unix(r2, &(0x7f0000000bc0)=[{{0x0, 0x0, &(0x7f00000000c0)=[{&(0x7f0000000080)="b7", 0x1}], 0x1, 0x0, 0x0, 0x20000080}}], 0x1, 0x0)

1.852507886s ago: executing program 4 (id=2321):
socket$nl_generic(0x10, 0x3, 0x10)
r0 = openat$sndseq(0xffffffffffffff9c, &(0x7f00000002c0), 0x1)
ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r0, 0xc08c5332, &(0x7f0000000300)={0x1, 0x0, 0x0, 'queue1\x00'})
write$sndseq(r0, &(0x7f0000000000)=[{0x84, 0x77, 0x0, 0x0, @tick, {}, {}, @raw32}], 0xffc8)
r1 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000000), 0x80000)
ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_CLIENT(r1, 0x404c534a, &(0x7f0000000380)={0x0, 0x1, 0xbe})
r2 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f00000000c0)={0x1, &(0x7f0000000000)=[{0x6, 0x10, 0x0, 0x7fff7ffc}]})
close_range(r2, 0xffffffffffffffff, 0x0)

1.635493575s ago: executing program 0 (id=2322):
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000180000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2c, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000002c0)={'wlan1\x00', <r2=>0x0})
sendmsg$NL80211_CMD_JOIN_MESH(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000180)=ANY=[@ANYBLOB='@\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="010000000000000000000200000008000300", @ANYRES32=r2, @ANYBLOB="0c00990000000000000000000800a102ffff0000080026008d03000008009f"], 0x40}}, 0x0)

1.390799945s ago: executing program 4 (id=2323):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200), 0x100, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
ioctl$KVM_CREATE_PIT2(r1, 0x4040ae77, &(0x7f0000000180)={0x5})
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000002000/0x18000)=nil, &(0x7f00000000c0)=[@text16={0x10, &(0x7f0000000040)="0f01cb650f741065666765f36f0f330f09660f3a0cb9000000752066b9800000c00f326635004000000f300f01d7ba4100ed", 0xfffffffffffffe1b}], 0x0, 0x4498bda7e2139f37, 0x0, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000000)={0x1, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
ioctl$KVM_SET_REGS(0xffffffffffffffff, 0x4090ae82, &(0x7f00000003c0)={[0x0, 0x0, 0x8, 0x40, 0x0, 0x0, 0x2004cb, 0x0, 0xfffffffffffffffe, 0x3, 0x4, 0x200004, 0x0, 0x2, 0x0, 0x1], 0x80a0000})
ioctl$KVM_RUN(0xffffffffffffffff, 0xae80, 0x0)

1.200678662s ago: executing program 0 (id=2324):
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_tcp_int(r0, 0x6, 0x13, &(0x7f0000000040)=0x100000001, 0x76dc)
connect$inet6(r0, &(0x7f0000000100)={0xa, 0x0, 0x0, @empty}, 0x1c)
setsockopt$inet6_tcp_TCP_ULP(r0, 0x6, 0x1f, &(0x7f00000002c0), 0x4)
mmap(&(0x7f0000000000/0x95c000)=nil, 0x95c000, 0x9, 0x8c4b815a5465c2b1, 0xffffffffffffffff, 0x0)
connect$inet6(r0, &(0x7f00000001c0)={0xa, 0x4e23, 0x4, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}}, 0x1c)

1.123857895s ago: executing program 4 (id=2325):
r0 = socket(0xa, 0x3, 0x3a)
setsockopt$MRT6_ADD_MFC(r0, 0x29, 0xcc, &(0x7f0000000000)={{0xa, 0x0, 0x0, @private0, 0x809}, {0xa, 0x8, 0x1, @empty, 0x1000}, 0x2, {[0x2, 0x1, 0xfffffffe, 0x0, 0xffffffff]}}, 0x5c)
setsockopt$MRT6_ADD_MFC(r0, 0x29, 0xcc, &(0x7f0000000280)={{0xa, 0x0, 0x0, @loopback}, {0xa, 0x0, 0x0, @mcast2}, 0x0, {[0x1, 0x0, 0x0, 0x0, 0x9]}}, 0x5c)
setsockopt$MRT6_ADD_MFC(r0, 0x29, 0xcc, &(0x7f0000000000)={{0xa, 0x0, 0x0, @private2}, {0xa, 0x0, 0x0, @empty}}, 0x5c)
setsockopt$MRT6_FLUSH(r0, 0x29, 0xd4, &(0x7f00000000c0)=0x7, 0x4)

970.475021ms ago: executing program 0 (id=2326):
ioctl$vim2m_VIDIOC_S_FMT(0xffffffffffffffff, 0xc0d05605, &(0x7f0000000140)={0x2, @vbi={0x6, 0x2, 0xc7a, 0x38414762, [0x3, 0x7], [0x2, 0x6], 0x2}})
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x2, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000180)=0x4)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
sendmsg$IPSET_CMD_DESTROY(0xffffffffffffffff, &(0x7f0000000500)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1}, 0x0)
read$msr(r0, &(0x7f0000019540)=""/102392, 0x18ff8)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sendmsg$RDMA_NLDEV_CMD_NEWLINK(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000440)={&(0x7f0000000400)=ANY=[], 0x38}, 0x1, 0x0, 0x0, 0x8000}, 0x4040)
ioctl$FBIOPUT_VSCREENINFO(0xffffffffffffffff, 0x4601, &(0x7f0000000a00)={0x800, 0x640, 0x10, 0x300, 0x7, 0x4, 0x8, 0x0, {0x77, 0x10001}, {0x3}, {0x4, 0x9}, {0x1fd, 0xffffffff, 0x1}, 0x0, 0x0, 0x7f8, 0x10, 0x0, 0x6, 0x0, 0xd, 0x4, 0x0, 0xd, 0x4000080, 0x1b, 0x0, 0x36da993df1f56046, 0x7})
bpf$BPF_PROG_TEST_RUN(0xa, 0x0, 0x0)
writev(0xffffffffffffffff, 0x0, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
r2 = socket$inet_udplite(0x2, 0x2, 0x88)
r3 = getegid()
fchown(r0, 0x0, r3)
sendmsg$AUDIT_USER_AVC(0xffffffffffffffff, &(0x7f00000009c0)={0x0, 0x0, 0x0}, 0x8800)
prctl$PR_SET_SECUREBITS(0x1c, 0x2c)
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000340)={'bridge0\x00', <r4=>0x0})
r5 = socket(0x10, 0x80002, 0x0)
connect$inet6(r5, 0x0, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)=ANY=[@ANYBLOB="440000001300290a000000000000000007000000", @ANYRES32=r4, @ANYBLOB="00000000000000001c001a800800028008000200080000003e120000080002001040e5"], 0x44}}, 0x0)
openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0)
clock_gettime(0x0, &(0x7f0000000800)={<r6=>0x0, <r7=>0x0})
recvmmsg(r5, &(0x7f00000004c0)=[{{&(0x7f0000000380)=@in, 0x80, &(0x7f0000000400)=[{0x0}, {&(0x7f0000000540)=""/248, 0xf8}, {&(0x7f0000000640)=""/151, 0x97}, {&(0x7f0000000700)=""/99, 0x63}], 0x4, &(0x7f0000000780)=""/127, 0x7f}, 0x6}], 0x1, 0x80000002, &(0x7f0000000840)={r6, r7+10000000})
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000080)={0xffffffffffffffff, <r8=>0xffffffffffffffff})
r9 = memfd_create(&(0x7f0000000240)='+\x8b\x8a\xa9\x16\x11\x91J\xbc+  \x18\x17\xc2:}\xa3\x9bO\xdd\xdf\xdf\x92\xd5\xed\xb4\x17\xe5\xd6\x9a\xb2\xd8\x9ba\xde\xb2.F\xc0\x99}|\xaf\xd3\x1d\x84[*_\x9f\x9d\xb0rYP\x1b\x9f \xe0\x9cgq\x103\x89\x11\x87Rv\x169\xdf\xe3>B\x04\x00\x00\x00W\xd3\xec\xfb\xdf?\xa2\x90+\xa4!\xb2\xf2\xff\x90\a\xc3\x12\xc4;\xffh\xf1x=\xb9c\xce\x03h\xdap\x88U\x1788\x82\xd7\xfd\x83\x00Sx\x91%\x99_\xfe\xd4c\x83\x86\x0f\xa4a-\xaf\x9e\xd9\xef\xe0)]\x00F\xfa\x03\xbc4\xc4\x9a\v\x03\x8b\xa4\xf3\x8f\xf4\"\'\xd3\a9\x14H}j&~\xe9\x16\x83o\xbd\xab\xcd[\xbd\xcb\x04\xfc\xe7\xe3\x9e?\x12\xf0\xf4\x83M3\xd88\x92?@\v\xe6\xd1\xd2\xe4\xde\xdaUeJ\x9fR\xd1`\xfa\xc8\v\xed\xfd\x0e\xc8\x89W\x847\x88\x82\x94\x14\xe33\xb7H\xc8b\xd6@3F#\xb7\x04C\x8dm\t\x16a\x0fI\xf4\xfe\xf8\x06j\x19Pz&\xb8\x0f\x98`W\xdb\xc6\"81A\xa4\x8bT\xf1\xcb\xab\xa3\t\xef\xdf&\x0e\xad\x03\x123.\xc2V\xaa\xd5\xf8\xde\x8aV\xa4p{\xcez\xa2\x92\xdb8*wLO\f\x97X\x05\x9a\xc2\xe8\x85\x9d\xcb\xc8\xf0\xc4\x01\x03\xe3?\x9f1\xf4\xfb\xa5y`KB\xdf\xae#\x94C\a\x04\xea\xccG\xf2\b\x8f\xf7\xb1\xe96\x90\xf5P\xa4\'\xce\xe3\xa24\x196\xc5Q\xa1K\x95\xd6\xfal\xe9\xd1\\\r&\xb2c\xb3\x8d\xa7\xb7\xa8\x03S\xbd\xdd\b{\xae\f\x10\xc2\xbb\xd0\xdd*\xa3\xb4\fJ\x00X\xab`N; LF\xa5D\xee\xdf\x7f\x80p\xf6o\x1c\xbdXR\xf2\xa0\x81a\xa1\xe1B\x93Xn\xaf\xfc\x05?\xab\xac\x91x\xa8#\xe1\xbeQ\xd1^\x9b\xb9)\xd3\n\xf7(3!\x18\b\xc0\xaampRl\xfdQ\x03\x8c\xd5\xe4\\\xed\x9a\xd1?\xd21\xc8\x90\x1dl|\xd1\x14\xbc3\xe0\x1e\x0e\xe6\x88Y\x99K\x93\x1c@_P\x8c\xc7\x9eZ\xb74KT:\x8a\xdbJ#w\x18\x14\x00\x93\x86\xa5wo\xf6M\xe7D\xf4*\xe3X\x1d\x19\x83\xa7w\xc7+7\x89s\xed\x8a\xd7O\xdd\rhh`\xc0\xa8$\x06pu\xa0\xd0L\x0ez@I\xb8\x83\xb2f\x93j\a0I\xc8l\xe5\x9b\x06\xb5\xac`d\xa3\xcf/\x14\x10\xab\xab\t\xec\xc1c\fA\xaf\x14\xef\xbap@*7\x86\xdf\',\x03Y\xb1$\xf0\xb5}\xf0\x82%)9`\x8f\x04\x85m\x80\xd2\xcf@\x06}\xea\xe7w`\xa5\x11\x9f\x9b\x9e\x8f\xb7cb\x1a\xe1\xcf\x87\x1c\\\xf5\xc21\xf7\x82C*\xd5;\x00\x00\x00\x00\x03\xba\xe3\xdc\x92\'\x8e\xd5\x7fG\xfd.\x91\x89T\x99t\xd4d,\xd5\x92O\xf1\xafT!Y\x8e\\\xac\xf7\x11R\x05p\x1a\"\r\xe9\xe5\x8b&\x0f\x8c\xfb\xef\xf8\xd5\x18\xde\xeb\xe5\x19\xdd\xebQ8\xc5iS+\x06D\x16\xfe\xf5.\xe5\v\x89\xb0\"\xa3M\xe9\x81\x11P\xdb\xc4\xc2y\x14\x04\x06\xf6\f\xb0\xecz\x8d`\xb5\x9b\xb43\xcc1\xa7\x9e\xa8\xb5\'\xc6MAe\x0f\xd1\xfcG\xc2/\xe8\xe9t\xcaQ\xf1\fI\x1chM\xc1\x92\xe3\xc3\x01M\xc8/\xefJ\xcb\xd0]\f\xff\xf5\x92\xce\x97Z\xea\xe8\x99\xfa\x96\xce\xa7\x02\xad\xa2\xce\x955\xeaNg\x02\xcd\xfd\x1a}.\xd3\"x\x89/8H\xc2\x93B\na)\x86\xa9U\xa0\xb7\x18\xfb\xe9\xd1\x97', 0x3)
write$binfmt_misc(r9, &(0x7f0000000740), 0xff67)
sendfile(r8, r9, &(0x7f00000000c0), 0xfffb)
fcntl$addseals(r9, 0x409, 0x8)

488.87481ms ago: executing program 6 (id=2327):
bind$can_j1939(0xffffffffffffffff, &(0x7f0000000040)={0x1d, 0x0, 0x8000000000000003, {}, 0x1}, 0x18)
r0 = syz_usb_connect(0x0, 0x3f, &(0x7f00000000c0)=ANY=[@ANYBLOB="11010000733336088dee1adb23610000000109022d0001100000000904000003fe03010009cd8d1f00020000000905050200de7e001009058b1e20"], 0x0)
syz_usb_control_io(r0, 0x0, &(0x7f0000000300)={0x84, &(0x7f0000000080)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
r1 = syz_open_dev$char_usb(0xc, 0xb4, 0x0)
ioctl$FS_IOC_GETVERSION(r1, 0xc0145b0d, &(0x7f0000000040))

359.606576ms ago: executing program 4 (id=2328):
r0 = socket$inet6_sctp(0xa, 0x1, 0x84)
setsockopt$inet_sctp6_SCTP_DEFAULT_PRINFO(r0, 0x84, 0x72, &(0x7f0000000240)={0x0, 0x20, 0x30}, 0xc)
bind$inet6(r0, &(0x7f0000000000)={0xa, 0x4e23, 0x4, @loopback}, 0x1c)
sendto$inet6(r0, &(0x7f0000000180)="1a", 0x1, 0x40, &(0x7f0000000200)={0xa, 0x4e23, 0x0, @loopback}, 0x1c)
setsockopt$inet_sctp6_SCTP_DEFAULT_PRINFO(r0, 0x84, 0x72, &(0x7f0000000080), 0xc)
writev(r0, &(0x7f0000001300)=[{&(0x7f0000000100)='^', 0x34000}], 0x1)

211.926172ms ago: executing program 4 (id=2329):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_FLUSH(r0, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000180)={0x28, 0x4, 0x6, 0x5, 0x0, 0x0, {0x0, 0x0, 0x6}, [@IPSET_ATTR_SETNAME={0x9, 0x2, 'syz2\x00'}, @IPSET_ATTR_PROTOCOL={0x5}]}, 0x28}, 0x1, 0x0, 0x0, 0x20040c00}, 0x80)

56.647378ms ago: executing program 5 (id=2330):
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=@newtaction={0xa4, 0x30, 0x1, 0x0, 0x0, {}, [{0x90, 0x1, [@m_ct={0x44, 0x2, 0x0, 0x0, {{0x7}, {0x1c, 0x2, 0x0, 0x1, [@TCA_CT_PARMS={0x18, 0x1, {0xe4b, 0x11e41e7a, 0x20000000, 0x3, 0xf}}]}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x0, 0x1}}}}, @m_ife={0x48, 0x1, 0x0, 0x0, {{0x8}, {0x20, 0x2, 0x0, 0x1, [@TCA_IFE_PARMS={0x1c}]}, {0x4}, {0xc}, {0xc, 0x8, {0x0, 0x2}}}}]}]}, 0xa4}, 0x1, 0x0, 0x0, 0x804}, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000380)=0x34)
prlimit64(0x0, 0x8, 0x0, 0x0)
r0 = getpid()
sched_setaffinity(0x0, 0x0, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r0, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
socket$netlink(0x10, 0x3, 0x15)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000840)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000007100000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x1f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7}, 0x94)
r3 = syz_open_dev$dri(&(0x7f0000000280), 0x1, 0x0)
ioctl$DRM_IOCTL_MODE_GET_LEASE(r3, 0xc01064c8, &(0x7f0000000200)={0x1, 0x0, &(0x7f0000000300)=[<r4=>0x0]})
ioctl$DRM_IOCTL_MODE_GETPROPERTY(r3, 0xc04064aa, &(0x7f0000000040)={0x0, 0x0, r4})
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
r5 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r5, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000340)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0)
sendmsg$NFT_BATCH(r5, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000011c0)={{0x14, 0x10, 0x1, 0x0, 0x0, {0x2}}, [@NFT_MSG_NEWRULE={0x78, 0x6, 0xa, 0x40b, 0x0, 0x0, {0x2, 0x0, 0xfffe}, [@NFTA_RULE_EXPRESSIONS={0x4c, 0x4, 0x0, 0x1, [{0x28, 0x1, 0x0, 0x1, @fib={{0x8}, @val={0x1c, 0x2, 0x0, 0x1, [@NFTA_FIB_FLAGS={0x8, 0x3, 0x1, 0x0, 0x6}, @NFTA_FIB_RESULT={0x8, 0x2, 0x1, 0x0, 0x2}, @NFTA_FIB_DREG={0x8, 0x1, 0x1, 0x0, 0x9}]}}}, {0x20, 0x1, 0x0, 0x1, @ct={{0x7}, @val={0x14, 0x2, 0x0, 0x1, [@NFTA_CT_KEY={0x8, 0x2, 0x1, 0x0, 0x11}, @NFTA_CT_SREG={0x8, 0x4, 0x1, 0x0, 0xc}]}}}]}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_RULE_CHAIN={0x9, 0x2, 'syz2\x00'}]}, @NFT_MSG_NEWSET={0x14, 0x9, 0xa, 0x101, 0x0, 0x0, {0x5, 0x0, 0x6}}], {0x14, 0x11, 0x1, 0x0, 0x0, {0x5}}}, 0xb4}}, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000001c0)={0x1, 0xb, 0x0, 0x0, 0xe, 0x0, 0x0, 0x40f00}, 0x94)
r6 = socket(0x10, 0x803, 0x0)
getsockname$packet(r6, 0x0, &(0x7f0000000200))
syz_memcpy_off$IO_URING_METADATA_GENERIC(0x0, 0x4, &(0x7f0000000180)=0xfffffffc, 0x0, 0x4)

0s ago: executing program 4 (id=2331):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000006c0)={0x18, 0xb, &(0x7f0000000640)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020000000000000000000007b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000095"], &(0x7f00000004c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f00000002c0)='contention_begin\x00', r0, 0x0, 0xd}, 0x18)
syz_emit_vhci(&(0x7f0000000000)=ANY=[@ANYBLOB="043ef50d", @ANYRESHEX], 0xf8)

kernel console output (not intermixed with test programs):

mand 0x040f tx timeout
[  317.628664][ T1422] ieee802154 phy0 wpan0: encryption failed: -22
[  317.635022][ T1422] ieee802154 phy1 wpan1: encryption failed: -22
[  317.690945][ T6349] EXT4-fs error (device loop2): ext4_get_branch:178: inode #11: block 4294967295: comm syz.2.470: invalid block
[  317.908453][ T6349] EXT4-fs error (device loop2): ext4_free_branches:1030: inode #11: comm syz.2.470: invalid indirect mapped block 4294967295 (level 1)
[  318.023111][ T6349] EXT4-fs error (device loop2): ext4_free_branches:1030: inode #11: comm syz.2.470: invalid indirect mapped block 4294967295 (level 1)
[  318.046849][ T6349] EXT4-fs (loop2): 2 truncates cleaned up
[  318.285668][ T6349] EXT4-fs (loop2): mounted filesystem without journal. Opts: grpjquota=,init_itable=0x0000000000000007,dioread_nolock,auto_da_alloc=0x000000007fffffff,nobarrier,auto_da_alloc=0x0000000000000002,nombcache,,errors=continue. Quota mode: writeback.
[  318.731613][ T4240] Bluetooth: hci5: command 0x0419 tx timeout
[  318.737820][ T4240] Bluetooth: hci0: command 0x041b tx timeout
[  318.905718][ T6314] chnl_net:caif_netlink_parms(): no params data found
[  319.199283][ T6334] chnl_net:caif_netlink_parms(): no params data found
[  320.592446][ T6314] bridge0: port 1(bridge_slave_0) entered blocking state
[  320.600403][ T6314] bridge0: port 1(bridge_slave_0) entered disabled state
[  320.628373][ T6314] device bridge_slave_0 entered promiscuous mode
[  321.311031][ T4952] Bluetooth: hci0: command 0x040f tx timeout
[  321.666713][ T6421] loop2: detected capacity change from 0 to 16
[  321.676101][ T6314] bridge0: port 2(bridge_slave_1) entered blocking state
[  321.683193][ T6314] bridge0: port 2(bridge_slave_1) entered disabled state
[  321.725530][ T6421] erofs: (device loop2): mounted with root inode @ nid 36.
[  321.758793][ T6314] device bridge_slave_1 entered promiscuous mode
[  321.769407][ T4225] device hsr_slave_0 left promiscuous mode
[  321.812067][ T4225] device hsr_slave_1 left promiscuous mode
[  321.836618][ T4225] batman_adv: batadv0: Removing interface: batadv_slave_0
[  321.865903][ T4225] batman_adv: batadv0: Removing interface: batadv_slave_1
[  321.889195][ T4225] device bridge_slave_1 left promiscuous mode
[  321.915032][ T4225] bridge0: port 2(bridge_slave_1) entered disabled state
[  321.972848][ T4225] device bridge_slave_0 left promiscuous mode
[  322.074351][ T4225] bridge0: port 1(bridge_slave_0) entered disabled state
[  322.959388][ T6439] loop2: detected capacity change from 0 to 512
[  323.051497][ T6440] xt_TPROXY: Can be used only with -p tcp or -p udp
[  323.384075][ T4225] team0 (unregistering): Port device team_slave_1 removed
[  323.474567][ T6439] EXT4-fs (loop2): Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE
[  323.523816][ T6439] EXT4-fs error (device loop2): ext4_free_branches:1030: inode #11: comm syz.2.484: invalid indirect mapped block 4294967295 (level 1)
[  323.912450][ T4952] Bluetooth: hci0: command 0x0419 tx timeout
[  324.056719][ T6439] EXT4-fs error (device loop2): ext4_free_branches:1030: inode #11: comm syz.2.484: invalid indirect mapped block 4294967295 (level 1)
[  324.571956][ T4225] team0 (unregistering): Port device team_slave_0 removed
[  324.641437][ T6439] EXT4-fs (loop2): 2 truncates cleaned up
[  324.648131][ T6439] EXT4-fs (loop2): mounted filesystem without journal. Opts: grpjquota=,init_itable=0x0000000000000007,dioread_nolock,auto_da_alloc=0x000000007fffffff,nobarrier,auto_da_alloc=0x0000000000000002,nombcache,,errors=continue. Quota mode: writeback.
[  325.663425][ T4225] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  325.748002][ T4225] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  325.904493][ T6448] EXT4-fs error (device loop2): ext4_validate_block_bitmap:429: comm ext4lazyinit: bg 0: block 5: invalid block bitmap
[  326.515610][ T4225] bond0 (unregistering): Released all slaves
[  326.580899][ T6334] bridge0: port 1(bridge_slave_0) entered blocking state
[  326.594645][ T6334] bridge0: port 1(bridge_slave_0) entered disabled state
[  326.614793][ T6334] device bridge_slave_0 entered promiscuous mode
[  326.662891][ T6334] bridge0: port 2(bridge_slave_1) entered blocking state
[  326.686747][ T6334] bridge0: port 2(bridge_slave_1) entered disabled state
[  326.713493][ T6334] device bridge_slave_1 entered promiscuous mode
[  327.420680][ T6314] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  327.468694][ T6314] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  327.606138][ T6314] team0: Port device team_slave_0 added
[  327.637234][ T6334] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  327.810652][ T6314] team0: Port device team_slave_1 added
[  327.957876][ T6334] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  328.033279][ T6334] team0: Port device team_slave_0 added
[  328.042695][ T6334] team0: Port device team_slave_1 added
[  328.052257][ T6314] batman_adv: batadv0: Adding interface: batadv_slave_0
[  328.072578][ T6314] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  328.396267][ T6314] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  328.711251][ T6314] batman_adv: batadv0: Adding interface: batadv_slave_1
[  328.736998][ T6314] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  329.504832][ T6314] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  330.005689][ T6334] batman_adv: batadv0: Adding interface: batadv_slave_0
[  330.044489][ T6334] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  330.088966][ T6334] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  330.119448][ T6314] device hsr_slave_0 entered promiscuous mode
[  330.170519][ T6314] device hsr_slave_1 entered promiscuous mode
[  330.187894][ T6314] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  330.205976][ T6314] Cannot create hsr debugfs directory
[  330.216314][ T6334] batman_adv: batadv0: Adding interface: batadv_slave_1
[  330.237529][ T6334] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  330.507220][ T6334] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  331.296301][ T6334] device hsr_slave_0 entered promiscuous mode
[  331.325613][ T6334] device hsr_slave_1 entered promiscuous mode
[  331.354918][ T6334] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  331.362582][ T6334] Cannot create hsr debugfs directory
[  335.992784][ T6557] loop4: detected capacity change from 0 to 16
[  336.051199][ T6557] erofs: (device loop4): mounted with root inode @ nid 36.
[  336.350893][ T6334] netdevsim netdevsim6 netdevsim0: renamed from eth0
[  336.398736][ T6334] netdevsim netdevsim6 netdevsim1: renamed from eth1
[  336.431042][ T6334] netdevsim netdevsim6 netdevsim2: renamed from eth2
[  337.294968][ T6334] netdevsim netdevsim6 netdevsim3: renamed from eth3
[  337.395541][ T6571] xt_TPROXY: Can be used only with -p tcp or -p udp
[  337.407140][ T6573] loop0: detected capacity change from 0 to 16
[  337.897637][ T6573] erofs: (device loop0): mounted with root inode @ nid 36.
[  338.469744][ T6314] netdevsim netdevsim5 netdevsim0: renamed from eth0
[  338.554606][ T6314] netdevsim netdevsim5 netdevsim1: renamed from eth1
[  338.834963][ T6314] netdevsim netdevsim5 netdevsim2: renamed from eth2
[  338.935706][ T6314] netdevsim netdevsim5 netdevsim3: renamed from eth3
[  339.131662][ T6334] 8021q: adding VLAN 0 to HW filter on device bond0
[  339.274674][ T4310] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[  339.288983][ T4310] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[  339.337323][ T6334] 8021q: adding VLAN 0 to HW filter on device team0
[  339.448635][ T5942] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[  339.476131][ T5942] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[  339.523256][ T5942] bridge0: port 1(bridge_slave_0) entered blocking state
[  339.524657][ T6613] loop4: detected capacity change from 0 to 16
[  339.530434][ T5942] bridge0: port 1(bridge_slave_0) entered forwarding state
[  339.579954][ T6613] erofs: (device loop4): mounted with root inode @ nid 36.
[  340.069647][ T5942] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[  340.216415][ T5942] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[  340.323354][ T5942] bridge0: port 2(bridge_slave_1) entered blocking state
[  340.330640][ T5942] bridge0: port 2(bridge_slave_1) entered forwarding state
[  340.494697][ T5942] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[  340.608139][ T6314] 8021q: adding VLAN 0 to HW filter on device bond0
[  340.714910][ T6314] 8021q: adding VLAN 0 to HW filter on device team0
[  340.761408][ T5942] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[  340.862572][ T5942] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[  340.888944][ T5942] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[  340.900055][ T5942] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[  340.909587][ T5942] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[  340.918602][ T5942] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[  340.931432][ T5942] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[  340.939668][ T5942] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[  340.950738][ T5942] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[  341.983842][ T6314] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network
[  342.014234][ T6314] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[  342.033193][ T5942] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[  342.105792][ T5942] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[  342.242782][ T5942] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[  342.353593][ T5942] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[  342.363715][ T5942] bridge0: port 1(bridge_slave_0) entered blocking state
[  342.371221][ T5942] bridge0: port 1(bridge_slave_0) entered forwarding state
[  342.382531][ T5942] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[  342.392905][ T5942] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[  342.402087][ T5942] bridge0: port 2(bridge_slave_1) entered blocking state
[  342.409213][ T5942] bridge0: port 2(bridge_slave_1) entered forwarding state
[  342.522536][ T5942] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[  342.685274][ T5942] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[  342.727161][ T5942] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[  342.755734][ T5942] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[  342.767365][ T5942] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[  342.779197][ T5942] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[  342.790681][ T5942] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[  342.800276][ T5942] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[  342.810558][ T5942] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[  342.846779][ T5942] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[  343.042489][ T5942] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[  343.156042][ T5942] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[  343.164630][ T5942] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[  343.321865][ T4310] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[  343.394776][ T4310] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[  343.571388][ T6334] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[  343.875571][ T4310] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready
[  343.883805][ T4310] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready
[  344.829628][ T6334] 8021q: adding VLAN 0 to HW filter on device batadv0
[  345.046425][ T5942] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready
[  345.064126][ T5942] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready
[  345.091163][ T6314] 8021q: adding VLAN 0 to HW filter on device batadv0
[  346.746523][ T4292] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready
[  346.767411][ T4292] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[  347.022323][ T4225] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  347.072845][ T4404] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready
[  347.090370][ T4404] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[  347.099770][ T4404] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[  347.108904][ T4404] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[  347.140924][ T4225] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  347.214283][ T6334] device veth0_vlan entered promiscuous mode
[  347.221185][ T4292] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready
[  347.267188][ T4292] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[  347.320979][ T4225] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  347.411124][ T6334] device veth1_vlan entered promiscuous mode
[  347.450511][ T4310] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready
[  347.470016][ T4310] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready
[  347.502165][ T4310] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[  347.524893][ T4310] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[  347.547781][ T4310] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[  347.557430][ T6702] xt_TPROXY: Can be used only with -p tcp or -p udp
[  347.582150][ T4225] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  347.618940][ T6314] device veth0_vlan entered promiscuous mode
[  347.660609][ T6314] device veth1_vlan entered promiscuous mode
[  347.782392][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready
[  347.796220][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready
[  347.815214][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready
[  347.823583][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready
[  347.845261][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[  347.887814][ T6314] device veth0_macvtap entered promiscuous mode
[  347.962231][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready
[  348.192347][ T6314] device veth1_macvtap entered promiscuous mode
[  348.769529][ T4402] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready
[  348.779641][ T4402] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[  348.805733][ T6715] loop2: detected capacity change from 0 to 16
[  348.822121][ T6314] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  348.893885][ T6715] erofs: (device loop2): mounted with root inode @ nid 36.
[  348.916599][ T6314] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  348.971130][ T6314] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  348.991821][ T6314] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  349.024585][ T6314] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  349.043874][ T6314] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  349.054043][ T6314] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  349.073071][ T6314] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  349.093344][ T6314] batman_adv: batadv0: Interface activated: batadv_slave_0
[  349.137294][ T6334] device veth0_macvtap entered promiscuous mode
[  350.575588][ T4404] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready
[  350.584003][ T4404] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready
[  350.668762][ T4404] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[  350.706203][ T4225] tipc: Left network mode
[  350.708849][ T6334] device veth1_macvtap entered promiscuous mode
[  350.744063][ T6314] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  350.792462][ T6314] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  350.844402][ T6314] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  350.896733][ T6314] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  350.966389][ T6314] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  351.017871][ T6314] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  351.057607][ T6314] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  351.104688][ T6314] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  351.144937][ T6314] batman_adv: batadv0: Interface activated: batadv_slave_1
[  351.167950][ T4404] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
[  351.186553][ T4404] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[  351.208528][ T6314] netdevsim netdevsim5 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  351.218411][ T6314] netdevsim netdevsim5 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  351.236903][ T6314] netdevsim netdevsim5 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  351.256425][ T6314] netdevsim netdevsim5 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  351.322414][ T6334] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  351.358828][ T6334] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  351.412655][ T6334] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  351.451996][ T6334] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  351.638602][ T6334] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  351.889617][ T6334] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  352.046219][ T6334] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  352.326464][ T6334] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  352.337053][ T6334] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  352.371556][ T6334] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  352.515547][ T6334] batman_adv: batadv0: Interface activated: batadv_slave_0
[  353.103967][ T4292] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready
[  353.135078][ T4292] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[  353.201259][ T4292] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  353.235679][ T6334] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  353.250157][ T4292] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  353.266029][ T6334] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  353.275979][ T6334] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  353.291460][ T6334] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  353.302996][ T6334] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  353.313567][ T6334] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  353.323882][ T6334] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  353.334728][ T6334] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  355.235179][ T6334] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  355.308593][ T6334] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  355.319813][ T6334] batman_adv: batadv0: Interface activated: batadv_slave_1
[  355.499498][  T145] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready
[  355.885949][  T145] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
[  356.994781][  T145] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[  357.046408][ T6334] netdevsim netdevsim6 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  357.128556][ T6334] netdevsim netdevsim6 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  357.137420][ T6334] netdevsim netdevsim6 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  357.146282][ T6334] netdevsim netdevsim6 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  357.264145][ T4292] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  357.272714][ T4292] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  358.174059][ T5345] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready
[  358.490742][ T4404] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  358.539264][ T4404] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  359.693234][  T145] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready
[  359.870818][ T4404] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  359.915741][ T6823] loop4: detected capacity change from 0 to 16
[  359.950556][ T4404] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  360.002739][ T4404] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready
[  360.241316][ T6823] erofs: (device loop4): mounted with root inode @ nid 36.
[  362.381942][ T6861] loop0: detected capacity change from 0 to 16
[  362.448286][ T6861] erofs: (device loop0): mounted with root inode @ nid 36.
[  366.299550][ T6887] input: Bluetooth HID Boot Protocol Device as /devices/virtual/bluetooth/hci0/hci0:200/input8
[  366.792602][ T4225] device hsr_slave_0 left promiscuous mode
[  366.799861][ T4225] device hsr_slave_1 left promiscuous mode
[  367.227094][ T4225] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  367.436956][ T4225] batman_adv: batadv0: Removing interface: batadv_slave_0
[  367.545011][ T4225] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  367.552666][ T4225] batman_adv: batadv0: Removing interface: batadv_slave_1
[  367.570167][ T4225] device bridge_slave_1 left promiscuous mode
[  367.584464][ T4225] bridge0: port 2(bridge_slave_1) entered disabled state
[  367.594078][ T4225] device bridge_slave_0 left promiscuous mode
[  367.612629][ T4225] bridge0: port 1(bridge_slave_0) entered disabled state
[  367.710247][ T4225] device hsr_slave_0 left promiscuous mode
[  367.795424][ T4225] device hsr_slave_1 left promiscuous mode
[  367.809943][ T4225] batman_adv: batadv0: Removing interface: batadv_slave_0
[  367.855707][ T4225] batman_adv: batadv0: Removing interface: batadv_slave_1
[  368.757977][ T4225] device bridge_slave_1 left promiscuous mode
[  368.805132][ T4225] bridge0: port 2(bridge_slave_1) entered disabled state
[  368.821811][ T6937] loop0: detected capacity change from 0 to 16
[  368.833565][ T4225] device bridge_slave_0 left promiscuous mode
[  368.840017][ T4225] bridge0: port 1(bridge_slave_0) entered disabled state
[  368.866674][ T6937] erofs: Unknown parameter '0000000000000000000018446744073709551615’’'
[  368.875439][ T4225] device veth1_macvtap left promiscuous mode
[  368.881444][ T4225] device veth0_macvtap left promiscuous mode
[  368.897799][ T4225] device veth1_vlan left promiscuous mode
[  368.903751][ T4225] device veth0_vlan left promiscuous mode
[  369.483945][ T6941] loop5: detected capacity change from 0 to 16
[  370.205442][ T6941] erofs: (device loop5): mounted with root inode @ nid 36.
[  371.537494][ T6951] loop5: detected capacity change from 0 to 16
[  371.627930][ T6951] erofs: (device loop5): mounted with root inode @ nid 36.
[  372.522193][ T4225] team0 (unregistering): Port device team_slave_1 removed
[  372.565745][ T4225] team0 (unregistering): Port device team_slave_0 removed
[  372.597002][ T4225] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  372.704741][ T4225] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  373.246506][ T4225] bond0 (unregistering): Released all slaves
[  373.827550][ T6971] loop5: detected capacity change from 0 to 16
[  373.871878][ T4225] team0 (unregistering): Port device team_slave_1 removed
[  373.898653][ T6971] erofs: (device loop5): mounted with root inode @ nid 36.
[  373.919008][ T4225] team0 (unregistering): Port device team_slave_0 removed
[  373.988450][ T4225] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  374.005971][ T4225] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  374.114101][ T4225] bond0 (unregistering): Released all slaves
[  374.918340][ T6978] loop5: detected capacity change from 0 to 16
[  375.094408][ T6978] erofs: (device loop5): mounted with root inode @ nid 36.
[  377.413840][ T7020] loop4: detected capacity change from 0 to 16
[  377.549358][ T7020] erofs: (device loop4): mounted with root inode @ nid 36.
[  377.811725][ T7027] loop0: detected capacity change from 0 to 16
[  377.977835][ T7029] loop2: detected capacity change from 0 to 16
[  378.119563][ T7027] erofs: (device loop0): mounted with root inode @ nid 36.
[  378.305055][ T7029] erofs: (device loop2): mounted with root inode @ nid 36.
[  379.094667][ T7033] xt_TPROXY: Can be used only with -p tcp or -p udp
[  379.414527][ T1422] ieee802154 phy0 wpan0: encryption failed: -22
[  379.420866][ T1422] ieee802154 phy1 wpan1: encryption failed: -22
[  383.957087][ T7082] loop6: detected capacity change from 0 to 16
[  384.036814][ T7082] erofs: (device loop6): mounted with root inode @ nid 36.
[  388.960244][ T7141] loop2: detected capacity change from 0 to 16
[  389.155537][ T7141] erofs: Unknown parameter '0000000000000000000018446744073709551615’’'
[  390.323507][ T7158] input: Bluetooth HID Boot Protocol Device as /devices/virtual/bluetooth/hci0/hci0:200/input9
[  399.085862][ T7265] loop0: detected capacity change from 0 to 16
[  399.129017][ T7265] erofs: (device loop0): mounted with root inode @ nid 36.
[  399.433022][ T7270] loop4: detected capacity change from 0 to 16
[  399.528766][ T7270] erofs: (device loop4): mounted with root inode @ nid 36.
[  400.238304][ T7284] loop5: detected capacity change from 0 to 16
[  400.384305][ T7284] erofs: (device loop5): mounted with root inode @ nid 36.
[  414.961834][ T7419] loop0: detected capacity change from 0 to 16
[  415.050527][ T7419] erofs: (device loop0): mounted with root inode @ nid 36.
[  416.417810][ T7442] loop4: detected capacity change from 0 to 16
[  417.309240][ T7442] erofs: (device loop4): mounted with root inode @ nid 36.
[  418.190463][ T7460] loop2: detected capacity change from 0 to 16
[  418.398994][ T7460] erofs: (device loop2): mounted with root inode @ nid 36.
[  418.761771][ T7469] input: Bluetooth HID Boot Protocol Device as /devices/virtual/bluetooth/hci0/hci0:200/input10
[  424.854391][ T7533] input: Bluetooth HID Boot Protocol Device as /devices/virtual/bluetooth/hci0/hci0:200/input11
[  430.206966][ T7572] loop0: detected capacity change from 0 to 16
[  430.383459][ T7572] erofs: (device loop0): mounted with root inode @ nid 36.
[  437.199292][ T4255] Bluetooth: hci5: command 0x0406 tx timeout
[  440.067522][ T1422] ieee802154 phy0 wpan0: encryption failed: -22
[  440.073972][ T1422] ieee802154 phy1 wpan1: encryption failed: -22
[  442.971667][ T7715] loop4: detected capacity change from 0 to 512
[  443.118487][ T7715] EXT4-fs (loop4): Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE
[  443.568262][ T7715] EXT4-fs error (device loop4): ext4_get_branch:178: inode #11: block 4294967295: comm syz.4.737: invalid block
[  443.581967][ T7715] EXT4-fs error (device loop4): ext4_free_branches:1030: inode #11: comm syz.4.737: invalid indirect mapped block 4294967295 (level 1)
[  443.655534][ T7715] EXT4-fs error (device loop4): ext4_free_branches:1030: inode #11: comm syz.4.737: invalid indirect mapped block 4294967295 (level 1)
[  443.739472][ T7727] loop0: detected capacity change from 0 to 16
[  443.744606][ T7715] EXT4-fs (loop4): 2 truncates cleaned up
[  443.751660][ T7715] EXT4-fs (loop4): mounted filesystem without journal. Opts: grpjquota=,init_itable=0x0000000000000007,dioread_nolock,auto_da_alloc=0x000000007fffffff,nobarrier,auto_da_alloc=0x0000000000000002,nombcache,,errors=continue. Quota mode: writeback.
[  443.861075][ T7727] erofs: (device loop0): mounted with root inode @ nid 36.
[  450.929816][ T7812] loop2: detected capacity change from 0 to 512
[  450.937973][ T7813] loop0: detected capacity change from 0 to 16
[  451.114486][ T7812] EXT4-fs (loop2): Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE
[  451.256237][ T7813] erofs: (device loop0): mounted with root inode @ nid 36.
[  451.280365][ T7812] EXT4-fs error (device loop2): ext4_get_branch:178: inode #11: block 4294967295: comm syz.2.755: invalid block
[  451.691181][ T7812] EXT4-fs error (device loop2): ext4_free_branches:1030: inode #11: comm syz.2.755: invalid indirect mapped block 4294967295 (level 1)
[  451.998763][ T7812] EXT4-fs error (device loop2): ext4_free_branches:1030: inode #11: comm syz.2.755: invalid indirect mapped block 4294967295 (level 1)
[  452.144643][ T7812] EXT4-fs (loop2): 2 truncates cleaned up
[  452.198985][ T7812] EXT4-fs (loop2): mounted filesystem without journal. Opts: grpjquota=,init_itable=0x0000000000000007,dioread_nolock,auto_da_alloc=0x000000007fffffff,nobarrier,auto_da_alloc=0x0000000000000002,nombcache,,errors=continue. Quota mode: writeback.
[  456.880684][ T7873] loop2: detected capacity change from 0 to 16
[  456.945468][ T7873] erofs: Unknown parameter '0000000000000000000018446744073709551615’’'
[  461.010733][ T7902] loop2: detected capacity change from 0 to 512
[  461.149233][ T7902] EXT4-fs (loop2): Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE
[  461.249860][ T7902] EXT4-fs error (device loop2): ext4_free_branches:1030: inode #11: comm syz.2.772: invalid indirect mapped block 4294967295 (level 1)
[  461.479878][ T7902] EXT4-fs error (device loop2): ext4_free_branches:1030: inode #11: comm syz.2.772: invalid indirect mapped block 4294967295 (level 1)
[  461.545849][ T7902] EXT4-fs (loop2): 2 truncates cleaned up
[  461.568712][ T7902] EXT4-fs (loop2): mounted filesystem without journal. Opts: grpjquota=,init_itable=0x0000000000000007,dioread_nolock,auto_da_alloc=0x000000007fffffff,nobarrier,auto_da_alloc=0x0000000000000002,nombcache,,errors=continue. Quota mode: writeback.
[  462.244459][ T7921] loop4: detected capacity change from 0 to 16
[  462.475050][ T7921] erofs: Unknown parameter '0000000000000000000018446744073709551615’’'
[  464.795050][ T7942] loop2: detected capacity change from 0 to 16
[  465.105795][ T7942] erofs: Unknown parameter '0000000000000000000018446744073709551615’’'
[  467.162488][ T7965] loop4: detected capacity change from 0 to 16
[  467.268010][ T7965] erofs: (device loop4): mounted with root inode @ nid 36.
[  470.175664][ T8011] loop0: detected capacity change from 0 to 16
[  470.192997][ T8008] netlink: 8 bytes leftover after parsing attributes in process `syz.2.791'.
[  470.281749][ T8011] erofs: (device loop0): mounted with root inode @ nid 36.
[  473.511980][ T8066] loop6: detected capacity change from 0 to 16
[  473.571375][ T8066] erofs: Unknown parameter '0000000000000000000018446744073709551615’’'
[  475.695507][ T8090] loop4: detected capacity change from 0 to 16
[  475.775534][ T8090] erofs: Unknown parameter '0000000000000000000018446744073709551615’’'
[  477.191840][ T8104] loop2: detected capacity change from 0 to 16
[  477.327937][ T8104] erofs: (device loop2): mounted with root inode @ nid 36.
[  478.706210][ T8129] loop2: detected capacity change from 0 to 16
[  478.757634][ T8129] erofs: (device loop2): mounted with root inode @ nid 36.
[  481.056767][ T8159] loop2: detected capacity change from 0 to 16
[  481.093013][ T8159] erofs: (device loop2): mounted with root inode @ nid 36.
[  485.773298][ T8233] input: Bluetooth HID Boot Protocol Device as /devices/virtual/bluetooth/hci0/hci0:200/input12
[  488.018300][ T8277] loop4: detected capacity change from 0 to 16
[  488.115630][ T8277] erofs: (device loop4): mounted with root inode @ nid 36.
[  488.204545][ T8281] input: Bluetooth HID Boot Protocol Device as /devices/virtual/bluetooth/hci0/hci0:200/input13
[  490.803350][ T8315] input: Bluetooth HID Boot Protocol Device as /devices/virtual/bluetooth/hci0/hci0:200/input14
[  491.913013][ T8328] loop0: detected capacity change from 0 to 16
[  491.969445][ T8328] erofs: (device loop0): mounted with root inode @ nid 36.
[  493.095780][ T8336] loop0: detected capacity change from 0 to 16
[  493.137587][ T8336] erofs: Unknown parameter '0000000000000000000018446744073709551615’’'
[  497.468963][ T8412] xt_TPROXY: Can be used only with -p tcp or -p udp
[  497.863784][ T8415] input: Bluetooth HID Boot Protocol Device as /devices/virtual/bluetooth/hci0/hci0:200/input15
[  500.409983][ T8449] loop2: detected capacity change from 0 to 16
[  500.576977][ T8449] erofs: Unknown parameter '0000000000000000000018446744073709551615’’'
[  501.518698][ T1422] ieee802154 phy0 wpan0: encryption failed: -22
[  501.525148][ T1422] ieee802154 phy1 wpan1: encryption failed: -22
[  508.828605][ T8527] loop4: detected capacity change from 0 to 16
[  509.164304][ T8533] xt_TPROXY: Can be used only with -p tcp or -p udp
[  509.659623][ T8527] erofs: (device loop4): mounted with root inode @ nid 36.
[  520.416786][ T8662] loop2: detected capacity change from 0 to 16
[  520.735395][ T8662] erofs: (device loop2): mounted with root inode @ nid 36.
[  524.059966][ T8696] loop4: detected capacity change from 0 to 16
[  524.192312][ T8696] erofs: (device loop4): mounted with root inode @ nid 36.
[  526.287914][ T8727] loop2: detected capacity change from 0 to 16
[  526.754340][ T8727] erofs: (device loop2): mounted with root inode @ nid 36.
[  532.345646][ T8786] loop6: detected capacity change from 0 to 16
[  532.409430][ T8786] erofs: Unknown parameter '0000000000000000000018446744073709551615’’'
[  550.029893][ T8968] xt_TPROXY: Can be used only with -p tcp or -p udp
[  555.105753][ T9027] xt_TPROXY: Can be used only with -p tcp or -p udp
[  556.747960][ T9066] loop0: detected capacity change from 0 to 16
[  556.836547][ T9066] erofs: (device loop0): mounted with root inode @ nid 36.
[  558.571979][ T9090] xt_TPROXY: Can be used only with -p tcp or -p udp
[  561.802743][ T9133] loop5: detected capacity change from 0 to 16
[  561.932004][ T9133] erofs: (device loop5): mounted with root inode @ nid 36.
[  562.496066][ T9145] xt_TPROXY: Can be used only with -p tcp or -p udp
[  562.955499][ T1422] ieee802154 phy0 wpan0: encryption failed: -22
[  562.962709][ T1422] ieee802154 phy1 wpan1: encryption failed: -22
[  568.130981][ T9191] xt_TPROXY: Can be used only with -p tcp or -p udp
[  574.155139][ T9250] loop5: detected capacity change from 0 to 16
[  574.204749][ T9250] erofs: Unknown parameter '0000000000000000000018446744073709551615’’'
[  580.198693][ T9314] loop4: detected capacity change from 0 to 16
[  580.241827][ T9314] erofs: (device loop4): mounted with root inode @ nid 36.
[  581.279742][ T9323] loop6: detected capacity change from 0 to 16
[  581.336446][ T9323] erofs: (device loop6): mounted with root inode @ nid 36.
[  582.459064][ T9333] loop4: detected capacity change from 0 to 16
[  582.828307][ T9333] erofs: (device loop4): mounted with root inode @ nid 36.
[  588.864651][ T9392] KVM: KVM_SET_CPUID{,2} after KVM_RUN may cause guest instability
[  588.960704][ T9392] KVM: KVM_SET_CPUID{,2} will fail after KVM_RUN starting with Linux 5.16
[  592.778672][ T9434] loop0: detected capacity change from 0 to 16
[  592.835051][ T9434] erofs: (device loop0): mounted with root inode @ nid 36.
[  597.456512][ T9480] loop5: detected capacity change from 0 to 16
[  597.590445][ T9480] erofs: (device loop5): mounted with root inode @ nid 36.
[  598.446862][ T4198] Bluetooth: hci0: link tx timeout
[  598.452389][ T4198] Bluetooth: hci0: killing stalled connection 11:aa:aa:aa:aa:aa
[  598.741357][ T9497] loop6: detected capacity change from 0 to 16
[  598.793305][ T9497] erofs: (device loop6): mounted with root inode @ nid 36.
[  600.224455][ T9514] loop6: detected capacity change from 0 to 16
[  600.438983][ T9514] erofs: (device loop6): mounted with root inode @ nid 36.
[  601.794106][ T4226] Bluetooth: hci0: command 0x0406 tx timeout
[  603.137725][ T9545] loop2: detected capacity change from 0 to 16
[  603.242940][ T9545] erofs: (device loop2): mounted with root inode @ nid 36.
[  605.148499][ T9580] loop0: detected capacity change from 0 to 16
[  605.235322][ T9580] erofs: (device loop0): mounted with root inode @ nid 36.
[  606.649509][ T9600] loop4: detected capacity change from 0 to 512
[  606.853872][ T9600] EXT4-fs (loop4): Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE
[  607.056339][ T9600] EXT4-fs error (device loop4): ext4_free_branches:1030: inode #11: comm syz.4.1170: invalid indirect mapped block 4294967295 (level 1)
[  607.081151][ T9600] EXT4-fs error (device loop4): ext4_free_branches:1030: inode #11: comm syz.4.1170: invalid indirect mapped block 4294967295 (level 1)
[  607.205400][ T9600] EXT4-fs (loop4): 2 truncates cleaned up
[  607.241041][ T9600] EXT4-fs (loop4): mounted filesystem without journal. Opts: grpjquota=,init_itable=0x0000000000000007,dioread_nolock,auto_da_alloc=0x000000007fffffff,nobarrier,auto_da_alloc=0x0000000000000002,nombcache,,errors=continue. Quota mode: writeback.
[  608.744518][ T9636] loop2: detected capacity change from 0 to 16
[  608.891430][ T9636] erofs: (device loop2): mounted with root inode @ nid 36.
[  614.198163][ T9723] xt_TPROXY: Can be used only with -p tcp or -p udp
[  617.708262][ T9778] xt_TPROXY: Can be used only with -p tcp or -p udp
[  622.148436][ T9828] xt_TPROXY: Can be used only with -p tcp or -p udp
[  624.386742][ T1422] ieee802154 phy0 wpan0: encryption failed: -22
[  624.393083][ T1422] ieee802154 phy1 wpan1: encryption failed: -22
[  628.286858][ T9929] loop6: detected capacity change from 0 to 16
[  628.359361][ T9929] erofs: (device loop6): mounted with root inode @ nid 36.
[  633.009448][ T9992] loop5: detected capacity change from 0 to 512
[  633.056255][ T9992] EXT4-fs (loop5): Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE
[  633.207030][ T9992] EXT4-fs error (device loop5): ext4_free_branches:1030: inode #11: comm syz.5.1266: invalid indirect mapped block 4294967295 (level 1)
[  633.421218][ T9992] EXT4-fs error (device loop5): ext4_free_branches:1030: inode #11: comm syz.5.1266: invalid indirect mapped block 4294967295 (level 1)
[  633.774553][ T9992] EXT4-fs (loop5): 2 truncates cleaned up
[  633.906109][ T9992] EXT4-fs (loop5): mounted filesystem without journal. Opts: grpjquota=,init_itable=0x0000000000000007,dioread_nolock,auto_da_alloc=0x000000007fffffff,nobarrier,auto_da_alloc=0x0000000000000002,nombcache,,errors=continue. Quota mode: writeback.
[  634.099052][T10007] loop6: detected capacity change from 0 to 16
[  634.155474][T10007] erofs: (device loop6): mounted with root inode @ nid 36.
[  643.189355][T10054] loop2: detected capacity change from 0 to 512
[  644.197253][T10054] EXT4-fs (loop2): Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE
[  644.281791][T10054] EXT4-fs error (device loop2): ext4_get_branch:178: inode #11: block 4294967295: comm syz.2.1281: invalid block
[  644.417907][T10054] EXT4-fs error (device loop2): ext4_free_branches:1030: inode #11: comm syz.2.1281: invalid indirect mapped block 4294967295 (level 1)
[  644.553505][T10054] EXT4-fs error (device loop2): ext4_free_branches:1030: inode #11: comm syz.2.1281: invalid indirect mapped block 4294967295 (level 1)
[  644.612598][T10054] EXT4-fs (loop2): 2 truncates cleaned up
[  644.621723][T10054] EXT4-fs (loop2): mounted filesystem without journal. Opts: grpjquota=,init_itable=0x0000000000000007,dioread_nolock,auto_da_alloc=0x000000007fffffff,nobarrier,auto_da_alloc=0x0000000000000002,nombcache,,errors=continue. Quota mode: writeback.
[  645.651647][T10070] EXT4-fs error (device loop2): ext4_validate_block_bitmap:429: comm ext4lazyinit: bg 0: block 5: invalid block bitmap
[  656.256507][T10196] IPVS: rr: UDP 224.0.0.2:0 - no destination available
[  659.565938][T10240] IPVS: rr: UDP 224.0.0.2:0 - no destination available
[  659.629005][T10243] IPVS: rr: UDP 224.0.0.2:0 - no destination available
[  659.722469][T10252] loop6: detected capacity change from 0 to 256
[  659.843026][T10252] FAT-fs (loop6): Volume was not properly unmounted. Some data may be corrupt. Please run fsck.
[  661.822138][T10275] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1337'.
[  665.847447][T10304] xt_TPROXY: Can be used only with -p tcp or -p udp
[  667.371520][T10301] netlink: 4 bytes leftover after parsing attributes in process `syz.6.1344'.
[  667.383031][T10301] netlink: 4 bytes leftover after parsing attributes in process `syz.6.1344'.
[  667.463142][T10307] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1345'.
[  667.490711][T10307] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1345'.
[  668.807469][T10325] netlink: 4 bytes leftover after parsing attributes in process `syz.5.1352'.
[  670.022895][T10337] loop4: detected capacity change from 0 to 256
[  670.556213][T10334] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1353'.
[  670.566601][T10334] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1353'.
[  670.579081][T10331] netlink: 4 bytes leftover after parsing attributes in process `syz.6.1355'.
[  670.589563][T10331] netlink: 4 bytes leftover after parsing attributes in process `syz.6.1355'.
[  670.756653][T10342] netlink: 4 bytes leftover after parsing attributes in process `syz.5.1354'.
[  671.491065][T10335] IPVS: rr: UDP 224.0.0.2:0 - no destination available
[  671.757951][T10337] FAT-fs (loop4): Volume was not properly unmounted. Some data may be corrupt. Please run fsck.
[  673.972867][T10356] __nla_validate_parse: 3 callbacks suppressed
[  673.972909][T10356] netlink: 4 bytes leftover after parsing attributes in process `syz.5.1360'.
[  674.054356][T10356] netlink: 4 bytes leftover after parsing attributes in process `syz.5.1360'.
[  674.818203][T10358] loop2: detected capacity change from 0 to 16
[  674.889553][T10365] IPVS: rr: UDP 224.0.0.2:0 - no destination available
[  674.949613][T10368] IPVS: rr: UDP 224.0.0.2:0 - no destination available
[  675.061907][T10358] erofs: (device loop2): mounted with root inode @ nid 36.
[  676.594549][T10370] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1361'.
[  676.605405][T10370] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1361'.
[  677.271907][T10378] netlink: 4 bytes leftover after parsing attributes in process `syz.5.1367'.
[  677.284824][T10378] netlink: 4 bytes leftover after parsing attributes in process `syz.5.1367'.
[  678.586886][T10396] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1368'.
[  678.608745][T10396] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1368'.
[  679.637812][T10401] loop0: detected capacity change from 0 to 512
[  679.811515][T10404] netlink: 4 bytes leftover after parsing attributes in process `syz.5.1374'.
[  679.833223][T10404] netlink: 4 bytes leftover after parsing attributes in process `syz.5.1374'.
[  679.973253][T10401] EXT4-fs (loop0): Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE
[  680.631300][T10407] loop2: detected capacity change from 0 to 512
[  680.665045][T10401] EXT4-fs error (device loop0): ext4_free_branches:1030: inode #11: comm syz.0.1373: invalid indirect mapped block 4294967295 (level 1)
[  680.680184][T10401] EXT4-fs error (device loop0): ext4_free_branches:1030: inode #11: comm syz.0.1373: invalid indirect mapped block 4294967295 (level 1)
[  680.734318][T10401] EXT4-fs (loop0): 2 truncates cleaned up
[  680.740110][T10401] EXT4-fs (loop0): mounted filesystem without journal. Opts: grpjquota=,init_itable=0x0000000000000007,dioread_nolock,auto_da_alloc=0x000000007fffffff,nobarrier,auto_da_alloc=0x0000000000000002,nombcache,,errors=continue. Quota mode: writeback.
[  680.753716][T10411] loop5: detected capacity change from 0 to 512
[  680.834454][T10407] EXT4-fs (loop2): Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE
[  680.878927][T10411] EXT4-fs (loop5): Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE
[  680.902490][T10407] EXT4-fs error (device loop2): ext4_free_branches:1030: inode #11: comm syz.2.1375: invalid indirect mapped block 4294967295 (level 1)
[  681.047211][T10407] EXT4-fs error (device loop2): ext4_free_branches:1030: inode #11: comm syz.2.1375: invalid indirect mapped block 4294967295 (level 1)
[  681.075197][T10411] EXT4-fs error (device loop5): ext4_free_branches:1030: inode #11: comm syz.5.1376: invalid indirect mapped block 4294967295 (level 1)
[  681.130469][T10411] EXT4-fs error (device loop5): ext4_free_branches:1030: inode #11: comm syz.5.1376: invalid indirect mapped block 4294967295 (level 1)
[  681.151610][T10407] EXT4-fs (loop2): 2 truncates cleaned up
[  681.167827][T10407] EXT4-fs (loop2): mounted filesystem without journal. Opts: grpjquota=,init_itable=0x0000000000000007,dioread_nolock,auto_da_alloc=0x000000007fffffff,nobarrier,auto_da_alloc=0x0000000000000002,nombcache,,errors=continue. Quota mode: writeback.
[  681.224244][T10411] EXT4-fs (loop5): 2 truncates cleaned up
[  681.230030][T10411] EXT4-fs (loop5): mounted filesystem without journal. Opts: grpjquota=,init_itable=0x0000000000000007,dioread_nolock,auto_da_alloc=0x000000007fffffff,nobarrier,auto_da_alloc=0x0000000000000002,nombcache,,errors=continue. Quota mode: writeback.
[  681.379628][T10391] netlink: 4 bytes leftover after parsing attributes in process `syz.6.1372'.
[  681.391357][T10391] netlink: 4 bytes leftover after parsing attributes in process `syz.6.1372'.
[  681.664977][T10408] EXT4-fs error (device loop0): ext4_validate_block_bitmap:429: comm ext4lazyinit: bg 0: block 5: invalid block bitmap
[  682.536385][T10427] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1378'.
[  682.559120][T10427] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1378'.
[  683.495599][T10431] loop0: detected capacity change from 0 to 16
[  683.568997][T10431] erofs: (device loop0): mounted with root inode @ nid 36.
[  683.810213][T10434] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1381'.
[  683.832614][T10434] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1381'.
[  685.989534][ T1422] ieee802154 phy0 wpan0: encryption failed: -22
[  685.995967][ T1422] ieee802154 phy1 wpan1: encryption failed: -22
[  686.233646][T10440] netlink: 4 bytes leftover after parsing attributes in process `syz.5.1379'.
[  686.244086][T10440] netlink: 4 bytes leftover after parsing attributes in process `syz.5.1379'.
[  686.766894][T10448] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1383'.
[  686.789392][T10448] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1383'.
[  687.540312][T10449] loop2: detected capacity change from 0 to 512
[  687.705053][T10449] EXT4-fs (loop2): Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE
[  687.844768][T10449] EXT4-fs error (device loop2): ext4_free_branches:1030: inode #11: comm syz.2.1384: invalid indirect mapped block 4294967295 (level 1)
[  687.962545][T10449] EXT4-fs error (device loop2): ext4_free_branches:1030: inode #11: comm syz.2.1384: invalid indirect mapped block 4294967295 (level 1)
[  688.090797][T10449] EXT4-fs (loop2): 2 truncates cleaned up
[  688.114580][T10449] EXT4-fs (loop2): mounted filesystem without journal. Opts: grpjquota=,init_itable=0x0000000000000007,dioread_nolock,auto_da_alloc=0x000000007fffffff,nobarrier,auto_da_alloc=0x0000000000000002,nombcache,,errors=continue. Quota mode: writeback.
[  689.995072][T10471] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1388'.
[  690.005583][T10471] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1388'.
[  690.664782][T10485] loop4: detected capacity change from 0 to 256
[  690.727762][T10485] FAT-fs (loop4): Volume was not properly unmounted. Some data may be corrupt. Please run fsck.
[  692.314123][T10498] IPVS: rr: UDP 224.0.0.2:0 - no destination available
[  692.925734][T10462] EXT4-fs error (device loop2): ext4_validate_block_bitmap:429: comm ext4lazyinit: bg 0: block 5: invalid block bitmap
[  693.790827][T10517] loop5: detected capacity change from 0 to 16
[  693.919608][T10517] erofs: (device loop5): mounted with root inode @ nid 36.
[  694.897778][T10530] IPVS: rr: UDP 224.0.0.2:0 - no destination available
[  695.496543][T10544] loop2: detected capacity change from 0 to 512
[  695.530437][T10544] EXT4-fs (loop2): Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE
[  695.625524][T10549] loop6: detected capacity change from 0 to 16
[  695.633550][T10544] EXT4-fs error (device loop2): ext4_free_branches:1030: inode #11: comm syz.2.1408: invalid indirect mapped block 4294967295 (level 1)
[  695.650025][T10544] EXT4-fs error (device loop2): ext4_free_branches:1030: inode #11: comm syz.2.1408: invalid indirect mapped block 4294967295 (level 1)
[  695.671412][T10544] EXT4-fs (loop2): 2 truncates cleaned up
[  695.689405][T10549] erofs: (device loop6): mounted with root inode @ nid 36.
[  695.697113][T10544] EXT4-fs (loop2): mounted filesystem without journal. Opts: grpjquota=,init_itable=0x0000000000000007,dioread_nolock,auto_da_alloc=0x000000007fffffff,nobarrier,auto_da_alloc=0x0000000000000002,nombcache,,errors=continue. Quota mode: writeback.
[  697.191569][T10561] loop0: detected capacity change from 0 to 512
[  697.485376][T10561] EXT4-fs (loop0): Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE
[  697.512539][T10570] loop2: detected capacity change from 0 to 512
[  697.525376][T10561] EXT4-fs error (device loop0): ext4_free_branches:1030: inode #11: comm syz.0.1413: invalid indirect mapped block 4294967295 (level 1)
[  697.626951][T10571] netlink: 4 bytes leftover after parsing attributes in process `syz.6.1411'.
[  697.646654][T10571] netlink: 4 bytes leftover after parsing attributes in process `syz.6.1411'.
[  697.743744][T10561] EXT4-fs error (device loop0): ext4_free_branches:1030: inode #11: comm syz.0.1413: invalid indirect mapped block 4294967295 (level 1)
[  697.813629][T10570] EXT4-fs (loop2): Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE
[  698.100074][T10561] EXT4-fs (loop0): 2 truncates cleaned up
[  698.314634][T10561] EXT4-fs (loop0): mounted filesystem without journal. Opts: grpjquota=,init_itable=0x0000000000000007,dioread_nolock,auto_da_alloc=0x000000007fffffff,nobarrier,auto_da_alloc=0x0000000000000002,nombcache,,errors=continue. Quota mode: writeback.
[  698.341889][T10570] EXT4-fs error (device loop2): ext4_get_branch:178: inode #11: block 4294967295: comm syz.2.1414: invalid block
[  698.432019][T10570] EXT4-fs error (device loop2): ext4_free_branches:1030: inode #11: comm syz.2.1414: invalid indirect mapped block 4294967295 (level 1)
[  698.534154][T10570] EXT4-fs error (device loop2): ext4_free_branches:1030: inode #11: comm syz.2.1414: invalid indirect mapped block 4294967295 (level 1)
[  698.576844][T10570] EXT4-fs (loop2): 2 truncates cleaned up
[  698.582775][T10570] EXT4-fs (loop2): mounted filesystem without journal. Opts: grpjquota=,init_itable=0x0000000000000007,dioread_nolock,auto_da_alloc=0x000000007fffffff,nobarrier,auto_da_alloc=0x0000000000000002,nombcache,,errors=continue. Quota mode: writeback.
[  698.684485][T10582] loop5: detected capacity change from 0 to 16
[  698.779909][T10582] erofs: (device loop5): mounted with root inode @ nid 36.
[  700.286843][T10600] netlink: 4 bytes leftover after parsing attributes in process `syz.5.1420'.
[  700.344827][T10600] netlink: 4 bytes leftover after parsing attributes in process `syz.5.1420'.
[  700.624836][T10548] EXT4-fs error (device loop0): ext4_validate_block_bitmap:429: comm ext4lazyinit: bg 0: block 5: invalid block bitmap
[  702.864137][T10548] EXT4-fs error (device loop2): ext4_validate_block_bitmap:429: comm ext4lazyinit: bg 0: block 5: invalid block bitmap
[  703.588811][T10640] loop0: detected capacity change from 0 to 512
[  703.655594][T10640] EXT4-fs (loop0): Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE
[  703.713574][T10640] EXT4-fs error (device loop0): ext4_free_branches:1030: inode #11: comm syz.0.1432: invalid indirect mapped block 4294967295 (level 1)
[  703.742909][T10640] EXT4-fs error (device loop0): ext4_free_branches:1030: inode #11: comm syz.0.1432: invalid indirect mapped block 4294967295 (level 1)
[  703.799786][T10640] EXT4-fs (loop0): 2 truncates cleaned up
[  703.824186][T10640] EXT4-fs (loop0): mounted filesystem without journal. Opts: grpjquota=,init_itable=0x0000000000000007,dioread_nolock,auto_da_alloc=0x000000007fffffff,nobarrier,auto_da_alloc=0x0000000000000002,nombcache,,errors=continue. Quota mode: writeback.
[  708.128941][T10692] IPVS: rr: UDP 224.0.0.2:0 - no destination available
[  708.644193][ T4329] usb 3-1: new full-speed USB device number 2 using dummy_hcd
[  709.244998][ T4329] usb 3-1: New USB device found, idVendor=0ccd, idProduct=00b3, bcdDevice=2d.ea
[  709.325793][ T4329] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  709.443479][ T4329] usb 3-1: Product: syz
[  709.603022][ T4329] usb 3-1: Manufacturer: syz
[  709.642052][ T4329] usb 3-1: SerialNumber: syz
[  709.670643][T10706] loop0: detected capacity change from 0 to 256
[  709.717692][ T4329] usb 3-1: config 0 descriptor??
[  709.727181][T10711] loop4: detected capacity change from 0 to 512
[  709.763043][T10711] EXT4-fs (loop4): Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE
[  709.763952][T10706] FAT-fs (loop0): Volume was not properly unmounted. Some data may be corrupt. Please run fsck.
[  709.843115][T10711] EXT4-fs error (device loop4): ext4_free_branches:1030: inode #11: comm syz.4.1453: invalid indirect mapped block 4294967295 (level 1)
[  709.866627][T10711] EXT4-fs error (device loop4): ext4_free_branches:1030: inode #11: comm syz.4.1453: invalid indirect mapped block 4294967295 (level 1)
[  709.888111][T10711] EXT4-fs (loop4): 2 truncates cleaned up
[  709.899112][T10711] EXT4-fs (loop4): mounted filesystem without journal. Opts: grpjquota=,init_itable=0x0000000000000007,dioread_nolock,auto_da_alloc=0x000000007fffffff,nobarrier,auto_da_alloc=0x0000000000000002,nombcache,,errors=continue. Quota mode: writeback.
[  710.014538][ T4329] usb 3-1: dvb_usb_v2: found a 'TerraTec NOXON DAB Stick' in warm state
[  711.731930][T10726] netlink: 4 bytes leftover after parsing attributes in process `syz.5.1454'.
[  711.752692][T10726] netlink: 4 bytes leftover after parsing attributes in process `syz.5.1454'.
[  712.886009][T10725] loop4: detected capacity change from 0 to 512
[  714.197219][ T4329] dvb_usb_rtl28xxu: probe of 3-1:0.0 failed with error -71
[  714.205399][T10725] EXT4-fs (loop4): Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE
[  714.233942][ T4329] usb 3-1: USB disconnect, device number 2
[  714.302819][T10725] EXT4-fs error (device loop4): ext4_free_branches:1030: inode #11: comm syz.4.1455: invalid indirect mapped block 4294967295 (level 1)
[  714.336002][T10740] loop0: detected capacity change from 0 to 2048
[  714.349546][T10725] EXT4-fs error (device loop4): ext4_free_branches:1030: inode #11: comm syz.4.1455: invalid indirect mapped block 4294967295 (level 1)
[  714.370305][T10740] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000)
[  714.471179][T10725] EXT4-fs (loop4): 2 truncates cleaned up
[  714.514170][T10725] EXT4-fs (loop4): mounted filesystem without journal. Opts: grpjquota=,init_itable=0x0000000000000007,dioread_nolock,auto_da_alloc=0x000000007fffffff,nobarrier,auto_da_alloc=0x0000000000000002,nombcache,,errors=continue. Quota mode: writeback.
[  715.432409][T10757] loop2: detected capacity change from 0 to 512
[  715.463049][T10757] EXT4-fs (loop2): Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE
[  715.577565][T10757] EXT4-fs error (device loop2): ext4_free_branches:1030: inode #11: comm syz.2.1465: invalid indirect mapped block 4294967295 (level 1)
[  715.591165][T10762] loop4: detected capacity change from 0 to 512
[  715.631498][T10757] EXT4-fs error (device loop2): ext4_free_branches:1030: inode #11: comm syz.2.1465: invalid indirect mapped block 4294967295 (level 1)
[  715.658103][T10766] loop6: detected capacity change from 0 to 512
[  715.708391][T10762] EXT4-fs (loop4): Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE
[  715.737850][T10766] EXT4-fs (loop6): Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE
[  715.787001][T10766] EXT4-fs error (device loop6): ext4_free_branches:1030: inode #11: comm syz.6.1467: invalid indirect mapped block 4294967295 (level 1)
[  715.810066][T10757] EXT4-fs (loop2): 2 truncates cleaned up
[  715.859330][T10757] EXT4-fs (loop2): mounted filesystem without journal. Opts: grpjquota=,init_itable=0x0000000000000007,dioread_nolock,auto_da_alloc=0x000000007fffffff,nobarrier,auto_da_alloc=0x0000000000000002,nombcache,,errors=continue. Quota mode: writeback.
[  715.889971][T10766] EXT4-fs error (device loop6): ext4_free_branches:1030: inode #11: comm syz.6.1467: invalid indirect mapped block 4294967295 (level 1)
[  715.893083][T10762] EXT4-fs error (device loop4): ext4_free_branches:1030: inode #11: comm syz.4.1464: invalid indirect mapped block 4294967295 (level 1)
[  715.921658][T10762] EXT4-fs error (device loop4): ext4_free_branches:1030: inode #11: comm syz.4.1464: invalid indirect mapped block 4294967295 (level 1)
[  716.007060][T10766] EXT4-fs (loop6): 2 truncates cleaned up
[  716.018984][T10766] EXT4-fs (loop6): mounted filesystem without journal. Opts: grpjquota=,init_itable=0x0000000000000007,dioread_nolock,auto_da_alloc=0x000000007fffffff,nobarrier,auto_da_alloc=0x0000000000000002,nombcache,,errors=continue. Quota mode: writeback.
[  716.047562][T10762] EXT4-fs (loop4): 2 truncates cleaned up
[  716.058207][T10762] EXT4-fs (loop4): mounted filesystem without journal. Opts: grpjquota=,init_itable=0x0000000000000007,dioread_nolock,auto_da_alloc=0x000000007fffffff,nobarrier,auto_da_alloc=0x0000000000000002,nombcache,,errors=continue. Quota mode: writeback.
[  718.384161][T10738] EXT4-fs error (device loop4): ext4_validate_block_bitmap:429: comm ext4lazyinit: bg 0: block 5: invalid block bitmap
[  718.881289][T10788] batman_adv: batadv0: adding TT local entry aa:aa:aa:aa:aa:2a to non-existent VLAN 2621
[  719.851137][T10793] loop6: detected capacity change from 0 to 512
[  720.194409][T10800] xt_TPROXY: Can be used only with -p tcp or -p udp
[  720.954520][T10793] EXT4-fs (loop6): Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE
[  721.029804][T10793] EXT4-fs error (device loop6): ext4_free_branches:1030: inode #11: comm syz.6.1473: invalid indirect mapped block 4294967295 (level 1)
[  721.074998][T10788] loop2: detected capacity change from 0 to 8192
[  721.101209][T10793] EXT4-fs error (device loop6): ext4_free_branches:1030: inode #11: comm syz.6.1473: invalid indirect mapped block 4294967295 (level 1)
[  721.140988][T10808] loop4: detected capacity change from 0 to 512
[  721.161128][T10793] EXT4-fs (loop6): 2 truncates cleaned up
[  721.199421][T10793] EXT4-fs (loop6): mounted filesystem without journal. Opts: grpjquota=,init_itable=0x0000000000000007,dioread_nolock,auto_da_alloc=0x000000007fffffff,nobarrier,auto_da_alloc=0x0000000000000002,nombcache,,errors=continue. Quota mode: writeback.
[  721.249242][T10808] EXT4-fs (loop4): Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE
[  721.310814][T10808] EXT4-fs error (device loop4): ext4_get_branch:178: inode #11: block 4294967295: comm syz.4.1472: invalid block
[  721.474230][T10808] EXT4-fs error (device loop4): ext4_free_branches:1030: inode #11: comm syz.4.1472: invalid indirect mapped block 4294967295 (level 1)
[  721.564431][T10808] EXT4-fs error (device loop4): ext4_free_branches:1030: inode #11: comm syz.4.1472: invalid indirect mapped block 4294967295 (level 1)
[  721.674673][T10808] EXT4-fs (loop4): 2 truncates cleaned up
[  721.680728][T10808] EXT4-fs (loop4): mounted filesystem without journal. Opts: grpjquota=,init_itable=0x0000000000000007,dioread_nolock,auto_da_alloc=0x000000007fffffff,nobarrier,auto_da_alloc=0x0000000000000002,nombcache,,errors=continue. Quota mode: writeback.
[  722.608442][T10821] loop5: detected capacity change from 0 to 2048
[  722.696881][T10823] batman_adv: batadv0: adding TT local entry aa:aa:aa:aa:aa:2a to non-existent VLAN 2621
[  722.731661][T10821] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000)
[  722.808090][T10827] loop0: detected capacity change from 0 to 512
[  723.471460][T10820] delete_channel: no stack
[  723.498224][T10823] loop6: detected capacity change from 0 to 8192
[  723.507010][T10827] EXT4-fs (loop0): Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE
[  723.572923][T10827] EXT4-fs error (device loop0): ext4_get_branch:178: inode #11: block 4294967295: comm syz.0.1482: invalid block
[  723.700837][T10827] EXT4-fs error (device loop0): ext4_free_branches:1030: inode #11: comm syz.0.1482: invalid indirect mapped block 4294967295 (level 1)
[  723.717200][T10827] EXT4-fs error (device loop0): ext4_free_branches:1030: inode #11: comm syz.0.1482: invalid indirect mapped block 4294967295 (level 1)
[  723.749352][T10827] EXT4-fs (loop0): 2 truncates cleaned up
[  723.760737][T10827] EXT4-fs (loop0): mounted filesystem without journal. Opts: grpjquota=,init_itable=0x0000000000000007,dioread_nolock,auto_da_alloc=0x000000007fffffff,nobarrier,auto_da_alloc=0x0000000000000002,nombcache,,errors=continue. Quota mode: writeback.
[  725.895934][T10806] EXT4-fs error (device loop0): ext4_validate_block_bitmap:429: comm ext4lazyinit: bg 0: block 5: invalid block bitmap
[  726.952912][T10865] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1489'.
[  726.963034][T10865] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1489'.
[  727.172505][T10874] loop0: detected capacity change from 0 to 512
[  727.298767][T10874] EXT4-fs (loop0): Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE
[  727.436954][T10874] EXT4-fs error (device loop0): ext4_free_branches:1030: inode #11: comm syz.0.1490: invalid indirect mapped block 4294967295 (level 1)
[  727.559212][T10874] EXT4-fs error (device loop0): ext4_free_branches:1030: inode #11: comm syz.0.1490: invalid indirect mapped block 4294967295 (level 1)
[  727.576275][T10874] EXT4-fs (loop0): 2 truncates cleaned up
[  727.582051][T10874] EXT4-fs (loop0): mounted filesystem without journal. Opts: grpjquota=,init_itable=0x0000000000000007,dioread_nolock,auto_da_alloc=0x000000007fffffff,nobarrier,auto_da_alloc=0x0000000000000002,nombcache,,errors=continue. Quota mode: writeback.
[  727.722934][T10889] loop6: detected capacity change from 0 to 256
[  727.876868][T10889] FAT-fs (loop6): Unrecognized mount option "io×ĖVset=iso8859-15" or missing value
[  731.578363][T10909] loop5: detected capacity change from 0 to 16
[  731.736831][T10909] erofs: (device loop5): mounted with root inode @ nid 36.
[  733.551839][T10918] netlink: 4 bytes leftover after parsing attributes in process `syz.6.1500'.
[  733.573251][T10918] netlink: 4 bytes leftover after parsing attributes in process `syz.6.1500'.
[  733.582565][T10886] EXT4-fs error (device loop0): ext4_validate_block_bitmap:429: comm ext4lazyinit: bg 0: block 5: invalid block bitmap
[  735.785437][T10953] netlink: 4 bytes leftover after parsing attributes in process `syz.6.1510'.
[  735.796759][T10953] netlink: 4 bytes leftover after parsing attributes in process `syz.6.1510'.
[  736.210581][T10962] loop2: detected capacity change from 0 to 16
[  736.244855][T10962] erofs: (device loop2): mounted with root inode @ nid 36.
[  737.300652][T10972] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1517'.
[  737.355322][T10970] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1517'.
[  737.601277][T10974] loop2: detected capacity change from 0 to 16
[  737.742271][T10974] erofs: (device loop2): mounted with root inode @ nid 36.
[  738.035822][T10980] loop6: detected capacity change from 0 to 2048
[  738.133695][T10980] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000)
[  738.639932][T10979] delete_channel: no stack
[  738.761282][T10988] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1521'.
[  738.783716][T10988] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1521'.
[  739.976008][T10998] loop5: detected capacity change from 0 to 512
[  740.382495][T10995] loop6: detected capacity change from 0 to 2048
[  740.591394][T11014] loop4: detected capacity change from 0 to 2048
[  740.592760][T11012] loop2: detected capacity change from 0 to 16
[  740.610314][T10998] EXT4-fs (loop5): Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE
[  740.624570][T10995] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000)
[  740.656360][T11014] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000)
[  740.679918][T10998] EXT4-fs error (device loop5): ext4_get_branch:178: inode #11: block 4294967295: comm syz.5.1525: invalid block
[  740.734507][T10998] EXT4-fs error (device loop5): ext4_free_branches:1030: inode #11: comm syz.5.1525: invalid indirect mapped block 4294967295 (level 1)
[  740.761893][T11012] erofs: (device loop2): mounted with root inode @ nid 36.
[  740.878410][T10998] EXT4-fs error (device loop5): ext4_free_branches:1030: inode #11: comm syz.5.1525: invalid indirect mapped block 4294967295 (level 1)
[  740.899086][T10994] delete_channel: no stack
[  740.939763][T10998] EXT4-fs (loop5): 2 truncates cleaned up
[  740.992960][T10998] EXT4-fs (loop5): mounted filesystem without journal. Opts: grpjquota=,init_itable=0x0000000000000007,dioread_nolock,auto_da_alloc=0x000000007fffffff,nobarrier,auto_da_alloc=0x0000000000000002,nombcache,,errors=continue. Quota mode: writeback.
[  742.970724][T11027] netlink: 4 bytes leftover after parsing attributes in process `syz.6.1531'.
[  742.981358][T11027] netlink: 4 bytes leftover after parsing attributes in process `syz.6.1531'.
[  743.041139][T11013] delete_channel: no stack
[  743.202950][T11019] EXT4-fs error (device loop5): ext4_validate_block_bitmap:429: comm ext4lazyinit: bg 0: block 5: invalid block bitmap
[  743.653014][T11042] netlink: 4 bytes leftover after parsing attributes in process `syz.6.1535'.
[  743.663604][T11042] netlink: 4 bytes leftover after parsing attributes in process `syz.6.1535'.
[  743.969722][T11039] loop4: detected capacity change from 0 to 2048
[  744.083497][T11039] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000)
[  744.374642][T11037] delete_channel: no stack
[  746.748836][T11075] loop5: detected capacity change from 0 to 2048
[  746.829555][T11075] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000)
[  747.485152][ T1422] ieee802154 phy0 wpan0: encryption failed: -22
[  747.500767][ T1422] ieee802154 phy1 wpan1: encryption failed: -22
[  747.860999][T11079] loop2: detected capacity change from 0 to 8192
[  748.046920][T11072] delete_channel: no stack
[  749.755106][T11104] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1549'.
[  749.779903][T11104] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1549'.
[  751.311104][T11125] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1554'.
[  751.330153][T11125] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1554'.
[  751.911792][T11129] loop6: detected capacity change from 0 to 512
[  752.687922][T11135] loop5: detected capacity change from 0 to 512
[  752.725239][T11129] EXT4-fs (loop6): Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE
[  752.800477][T11140] loop0: detected capacity change from 0 to 512
[  752.814197][T11135] EXT4-fs (loop5): Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE
[  752.823462][T11129] EXT4-fs error (device loop6): ext4_free_branches:1030: inode #11: comm syz.6.1558: invalid indirect mapped block 4294967295 (level 1)
[  752.840711][T11129] EXT4-fs error (device loop6): ext4_free_branches:1030: inode #11: comm syz.6.1558: invalid indirect mapped block 4294967295 (level 1)
[  752.855541][T11129] EXT4-fs (loop6): 2 truncates cleaned up
[  752.862069][T11129] EXT4-fs (loop6): mounted filesystem without journal. Opts: grpjquota=,init_itable=0x0000000000000007,dioread_nolock,auto_da_alloc=0x000000007fffffff,nobarrier,auto_da_alloc=0x0000000000000002,nombcache,,errors=continue. Quota mode: writeback.
[  752.893038][T11135] EXT4-fs error (device loop5): ext4_get_branch:178: inode #11: block 4294967295: comm syz.5.1559: invalid block
[  752.918295][T11135] EXT4-fs error (device loop5): ext4_free_branches:1030: inode #11: comm syz.5.1559: invalid indirect mapped block 4294967295 (level 1)
[  752.966717][T11140] EXT4-fs (loop0): Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE
[  753.096015][T11135] EXT4-fs error (device loop5): ext4_free_branches:1030: inode #11: comm syz.5.1559: invalid indirect mapped block 4294967295 (level 1)
[  753.160980][T11135] EXT4-fs (loop5): 2 truncates cleaned up
[  753.167850][T11135] EXT4-fs (loop5): mounted filesystem without journal. Opts: grpjquota=,init_itable=0x0000000000000007,dioread_nolock,auto_da_alloc=0x000000007fffffff,nobarrier,auto_da_alloc=0x0000000000000002,nombcache,,errors=continue. Quota mode: writeback.
[  753.205161][T11140] EXT4-fs error (device loop0): ext4_free_branches:1030: inode #11: comm syz.0.1562: invalid indirect mapped block 4294967295 (level 1)
[  753.419024][T11140] EXT4-fs error (device loop0): ext4_free_branches:1030: inode #11: comm syz.0.1562: invalid indirect mapped block 4294967295 (level 1)
[  753.904152][T11144] EXT4-fs error (device loop6): ext4_validate_block_bitmap:429: comm ext4lazyinit: bg 0: block 5: invalid block bitmap
[  754.121996][T11140] EXT4-fs (loop0): 2 truncates cleaned up
[  754.154204][T11140] EXT4-fs (loop0): mounted filesystem without journal. Opts: grpjquota=,init_itable=0x0000000000000007,dioread_nolock,auto_da_alloc=0x000000007fffffff,nobarrier,auto_da_alloc=0x0000000000000002,nombcache,,errors=continue. Quota mode: writeback.
[  754.165561][T11144] EXT4-fs error (device loop5): ext4_validate_block_bitmap:429: comm ext4lazyinit: bg 0: block 5: invalid block bitmap
[  756.200672][T11167] netlink: 12 bytes leftover after parsing attributes in process `syz.4.1567'.
[  756.209881][T11167] netlink: 12 bytes leftover after parsing attributes in process `syz.4.1567'.
[  756.234705][T11167] netlink: 12 bytes leftover after parsing attributes in process `syz.4.1567'.
[  756.244456][T11167] netlink: 12 bytes leftover after parsing attributes in process `syz.4.1567'.
[  756.901867][ T4288] usb 7-1: new full-speed USB device number 2 using dummy_hcd
[  757.534417][ T4288] usb 7-1: New USB device found, idVendor=0ccd, idProduct=00b3, bcdDevice=2d.ea
[  757.543655][ T4288] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  757.556287][ T4288] usb 7-1: Product: syz
[  757.560578][ T4288] usb 7-1: Manufacturer: syz
[  757.566407][ T4288] usb 7-1: SerialNumber: syz
[  757.587426][ T4288] usb 7-1: config 0 descriptor??
[  757.812811][T11198] loop4: detected capacity change from 0 to 512
[  757.859298][ T4288] usb 7-1: dvb_usb_v2: found a 'TerraTec NOXON DAB Stick' in warm state
[  757.893138][T11198] EXT4-fs (loop4): Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE
[  757.945520][T11198] EXT4-fs error (device loop4): ext4_free_branches:1030: inode #11: comm syz.4.1575: invalid indirect mapped block 4294967295 (level 1)
[  757.970283][T11198] EXT4-fs error (device loop4): ext4_free_branches:1030: inode #11: comm syz.4.1575: invalid indirect mapped block 4294967295 (level 1)
[  758.021304][T11198] EXT4-fs (loop4): 2 truncates cleaned up
[  758.052866][T11198] EXT4-fs (loop4): mounted filesystem without journal. Opts: grpjquota=,init_itable=0x0000000000000007,dioread_nolock,auto_da_alloc=0x000000007fffffff,nobarrier,auto_da_alloc=0x0000000000000002,nombcache,,errors=continue. Quota mode: writeback.
[  759.515196][ T4288] dvb_usb_rtl28xxu: probe of 7-1:0.0 failed with error -71
[  759.618125][ T4288] usb 7-1: USB disconnect, device number 2
[  761.706687][T11225] netlink: 12 bytes leftover after parsing attributes in process `syz.2.1579'.
[  761.716255][T11225] netlink: 12 bytes leftover after parsing attributes in process `syz.2.1579'.
[  761.727293][T11225] netlink: 12 bytes leftover after parsing attributes in process `syz.2.1579'.
[  761.736358][T11225] netlink: 12 bytes leftover after parsing attributes in process `syz.2.1579'.
[  763.233179][T11248] loop2: detected capacity change from 0 to 512
[  763.309188][T11248] EXT4-fs (loop2): Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE
[  763.643169][T11266] netlink: 4 bytes leftover after parsing attributes in process `syz.6.1589'.
[  764.609689][T11248] EXT4-fs error (device loop2): ext4_free_branches:1030: inode #11: comm syz.2.1588: invalid indirect mapped block 4294967295 (level 1)
[  765.351471][T11248] EXT4-fs error (device loop2): ext4_free_branches:1030: inode #11: comm syz.2.1588: invalid indirect mapped block 4294967295 (level 1)
[  766.161673][T11248] EXT4-fs (loop2): 2 truncates cleaned up
[  766.227815][T11248] EXT4-fs (loop2): mounted filesystem without journal. Opts: grpjquota=,init_itable=0x0000000000000007,dioread_nolock,auto_da_alloc=0x000000007fffffff,nobarrier,auto_da_alloc=0x0000000000000002,nombcache,,errors=continue. Quota mode: writeback.
[  771.531591][T11350] netlink: 12 bytes leftover after parsing attributes in process `syz.6.1613'.
[  771.540715][T11350] netlink: 12 bytes leftover after parsing attributes in process `syz.6.1613'.
[  771.552463][T11350] netlink: 12 bytes leftover after parsing attributes in process `syz.6.1613'.
[  771.561585][T11350] netlink: 12 bytes leftover after parsing attributes in process `syz.6.1613'.
[  773.920152][T11363] netlink: 12 bytes leftover after parsing attributes in process `syz.6.1614'.
[  773.929311][T11363] netlink: 12 bytes leftover after parsing attributes in process `syz.6.1614'.
[  773.938383][T11363] netlink: 20 bytes leftover after parsing attributes in process `syz.6.1614'.
[  773.947415][T11363] netlink: 20 bytes leftover after parsing attributes in process `syz.6.1614'.
[  773.977511][T11363] netlink: 12 bytes leftover after parsing attributes in process `syz.6.1614'.
[  773.986661][T11363] netlink: 12 bytes leftover after parsing attributes in process `syz.6.1614'.
[  774.177197][T11362] loop2: detected capacity change from 0 to 512
[  774.758533][T11362] EXT4-fs (loop2): Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE
[  774.825111][T11362] EXT4-fs error (device loop2): ext4_free_branches:1030: inode #11: comm syz.2.1617: invalid indirect mapped block 4294967295 (level 1)
[  775.009446][T11362] EXT4-fs error (device loop2): ext4_free_branches:1030: inode #11: comm syz.2.1617: invalid indirect mapped block 4294967295 (level 1)
[  775.246891][T11362] EXT4-fs (loop2): 2 truncates cleaned up
[  775.375858][T11362] EXT4-fs (loop2): mounted filesystem without journal. Opts: grpjquota=,init_itable=0x0000000000000007,dioread_nolock,auto_da_alloc=0x000000007fffffff,nobarrier,auto_da_alloc=0x0000000000000002,nombcache,,errors=continue. Quota mode: writeback.
[  776.686143][T11373] EXT4-fs error (device loop2): ext4_validate_block_bitmap:429: comm ext4lazyinit: bg 0: block 5: invalid block bitmap
[  778.046953][T11402] loop4: detected capacity change from 0 to 512
[  779.888437][T11402] EXT4-fs (loop4): Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE
[  780.516568][T11402] EXT4-fs error (device loop4): ext4_free_branches:1030: inode #11: comm syz.4.1626: invalid indirect mapped block 4294967295 (level 1)
[  780.631178][T11402] EXT4-fs error (device loop4): ext4_free_branches:1030: inode #11: comm syz.4.1626: invalid indirect mapped block 4294967295 (level 1)
[  780.749772][T11402] EXT4-fs (loop4): 2 truncates cleaned up
[  780.765838][T11402] EXT4-fs (loop4): mounted filesystem without journal. Opts: grpjquota=,init_itable=0x0000000000000007,dioread_nolock,auto_da_alloc=0x000000007fffffff,nobarrier,auto_da_alloc=0x0000000000000002,nombcache,,errors=continue. Quota mode: writeback.
[  781.434406][T11420] EXT4-fs error (device loop4): ext4_validate_block_bitmap:429: comm ext4lazyinit: bg 0: block 5: invalid block bitmap
[  783.476156][T11450] loop0: detected capacity change from 0 to 512
[  784.391027][T11450] EXT4-fs (loop0): Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE
[  784.676553][T11450] EXT4-fs error (device loop0): ext4_get_branch:178: inode #11: block 4294967295: comm syz.0.1636: invalid block
[  785.286574][T11450] EXT4-fs error (device loop0): ext4_free_branches:1030: inode #11: comm syz.0.1636: invalid indirect mapped block 4294967295 (level 1)
[  785.305278][T11450] EXT4-fs error (device loop0): ext4_free_branches:1030: inode #11: comm syz.0.1636: invalid indirect mapped block 4294967295 (level 1)
[  785.560039][T11450] EXT4-fs (loop0): 2 truncates cleaned up
[  786.084674][T11450] EXT4-fs (loop0): mounted filesystem without journal. Opts: grpjquota=,init_itable=0x0000000000000007,dioread_nolock,auto_da_alloc=0x000000007fffffff,nobarrier,auto_da_alloc=0x0000000000000002,nombcache,,errors=continue. Quota mode: writeback.
[  786.319698][T11498] loop5: detected capacity change from 0 to 512
[  787.519271][T11510] loop0: detected capacity change from 0 to 512
[  787.535037][T11498] EXT4-fs (loop5): Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE
[  787.562802][T11498] EXT4-fs error (device loop5): ext4_free_branches:1030: inode #11: comm syz.5.1646: invalid indirect mapped block 4294967295 (level 1)
[  787.784165][T11498] EXT4-fs error (device loop5): ext4_free_branches:1030: inode #11: comm syz.5.1646: invalid indirect mapped block 4294967295 (level 1)
[  787.821879][T11498] EXT4-fs (loop5): 2 truncates cleaned up
[  788.322871][T11520] xt_TPROXY: Can be used only with -p tcp or -p udp
[  788.456598][T11510] EXT4-fs (loop0): Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE
[  788.484101][T11498] EXT4-fs (loop5): mounted filesystem without journal. Opts: grpjquota=,init_itable=0x0000000000000007,dioread_nolock,auto_da_alloc=0x000000007fffffff,nobarrier,auto_da_alloc=0x0000000000000002,nombcache,,errors=continue. Quota mode: writeback.
[  789.812806][T11510] EXT4-fs error (device loop0): ext4_get_branch:178: inode #11: block 4294967295: comm syz.0.1649: invalid block
[  790.240680][T11535] loop2: detected capacity change from 0 to 512
[  790.333900][T11510] EXT4-fs error (device loop0): ext4_free_branches:1030: inode #11: comm syz.0.1649: invalid indirect mapped block 4294967295 (level 1)
[  790.390823][T11537] loop6: detected capacity change from 0 to 16
[  790.405335][T11535] EXT4-fs (loop2): Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE
[  790.443581][T11510] EXT4-fs error (device loop0): ext4_free_branches:1030: inode #11: comm syz.0.1649: invalid indirect mapped block 4294967295 (level 1)
[  790.486696][T11510] EXT4-fs (loop0): 2 truncates cleaned up
[  790.493151][T11510] EXT4-fs (loop0): mounted filesystem without journal. Opts: grpjquota=,init_itable=0x0000000000000007,dioread_nolock,auto_da_alloc=0x000000007fffffff,nobarrier,auto_da_alloc=0x0000000000000002,nombcache,,errors=continue. Quota mode: writeback.
[  790.493417][T11535] EXT4-fs error (device loop2): ext4_free_branches:1030: inode #11: comm syz.2.1656: invalid indirect mapped block 4294967295 (level 1)
[  790.554383][T11537] erofs: (device loop6): mounted with root inode @ nid 36.
[  790.634146][T11535] EXT4-fs error (device loop2): ext4_free_branches:1030: inode #11: comm syz.2.1656: invalid indirect mapped block 4294967295 (level 1)
[  790.720653][T11546] loop5: detected capacity change from 0 to 512
[  790.740742][T11535] EXT4-fs (loop2): 2 truncates cleaned up
[  790.762175][T11535] EXT4-fs (loop2): mounted filesystem without journal. Opts: grpjquota=,init_itable=0x0000000000000007,dioread_nolock,auto_da_alloc=0x000000007fffffff,nobarrier,auto_da_alloc=0x0000000000000002,nombcache,,errors=continue. Quota mode: writeback.
[  790.836495][T11546] EXT4-fs (loop5): Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE
[  791.683225][T11546] EXT4-fs error (device loop5): ext4_free_branches:1030: inode #11: comm syz.5.1657: invalid indirect mapped block 4294967295 (level 1)
[  791.921976][T11546] EXT4-fs error (device loop5): ext4_free_branches:1030: inode #11: comm syz.5.1657: invalid indirect mapped block 4294967295 (level 1)
[  791.955611][T11546] EXT4-fs (loop5): 2 truncates cleaned up
[  793.293270][T11546] EXT4-fs (loop5): mounted filesystem without journal. Opts: grpjquota=,init_itable=0x0000000000000007,dioread_nolock,auto_da_alloc=0x000000007fffffff,nobarrier,auto_da_alloc=0x0000000000000002,nombcache,,errors=continue. Quota mode: writeback.
[  796.566555][T11594] loop5: detected capacity change from 0 to 512
[  796.765962][T11594] EXT4-fs (loop5): Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE
[  797.104020][T11594] EXT4-fs error (device loop5): ext4_get_branch:178: inode #11: block 4294967295: comm syz.5.1668: invalid block
[  797.462373][T11594] EXT4-fs error (device loop5): ext4_free_branches:1030: inode #11: comm syz.5.1668: invalid indirect mapped block 4294967295 (level 1)
[  797.551621][T11594] EXT4-fs error (device loop5): ext4_free_branches:1030: inode #11: comm syz.5.1668: invalid indirect mapped block 4294967295 (level 1)
[  797.581801][T11594] EXT4-fs (loop5): 2 truncates cleaned up
[  797.602379][T11594] EXT4-fs (loop5): mounted filesystem without journal. Opts: grpjquota=,init_itable=0x0000000000000007,dioread_nolock,auto_da_alloc=0x000000007fffffff,nobarrier,auto_da_alloc=0x0000000000000002,nombcache,,errors=continue. Quota mode: writeback.
[  800.793058][T11641] loop4: detected capacity change from 0 to 16
[  800.839772][T11643] loop0: detected capacity change from 0 to 16
[  800.868733][T11641] erofs: (device loop4): mounted with root inode @ nid 36.
[  801.007174][T11643] erofs: (device loop0): mounted with root inode @ nid 36.
[  803.606796][T11673] loop5: detected capacity change from 0 to 16
[  804.222160][T11673] erofs: (device loop5): mounted with root inode @ nid 36.
[  804.942737][T11684] loop4: detected capacity change from 0 to 512
[  805.173216][T11689] loop0: detected capacity change from 0 to 16
[  805.281899][T11684] EXT4-fs (loop4): Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE
[  805.325995][T11689] erofs: (device loop0): mounted with root inode @ nid 36.
[  805.545806][T11692] loop5: detected capacity change from 0 to 16
[  805.574179][T11684] EXT4-fs error (device loop4): ext4_free_branches:1030: inode #11: comm syz.4.1693: invalid indirect mapped block 4294967295 (level 1)
[  805.604113][T11684] EXT4-fs error (device loop4): ext4_free_branches:1030: inode #11: comm syz.4.1693: invalid indirect mapped block 4294967295 (level 1)
[  805.618489][T11692] erofs: (device loop5): mounted with root inode @ nid 36.
[  806.184766][T11684] EXT4-fs (loop4): 2 truncates cleaned up
[  806.224344][T11684] EXT4-fs (loop4): mounted filesystem without journal. Opts: grpjquota=,init_itable=0x0000000000000007,dioread_nolock,auto_da_alloc=0x000000007fffffff,nobarrier,auto_da_alloc=0x0000000000000002,nombcache,,errors=continue. Quota mode: writeback.
[  806.639174][T11705] loop5: detected capacity change from 0 to 256
[  806.676106][T11705] FAT-fs (loop5): Unrecognized mount option "io×ĖVset=iso8859-15" or missing value
[  807.856962][T11711] loop4: detected capacity change from 0 to 512
[  807.925214][T11711] EXT4-fs (loop4): Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE
[  808.000852][T11711] EXT4-fs error (device loop4): ext4_free_branches:1030: inode #11: comm syz.4.1699: invalid indirect mapped block 4294967295 (level 1)
[  808.015358][T11711] EXT4-fs error (device loop4): ext4_free_branches:1030: inode #11: comm syz.4.1699: invalid indirect mapped block 4294967295 (level 1)
[  808.043937][T11711] EXT4-fs (loop4): 2 truncates cleaned up
[  808.064163][T11711] EXT4-fs (loop4): mounted filesystem without journal. Opts: grpjquota=,init_itable=0x0000000000000007,dioread_nolock,auto_da_alloc=0x000000007fffffff,nobarrier,auto_da_alloc=0x0000000000000002,nombcache,,errors=continue. Quota mode: writeback.
[  808.737656][T11723] xt_TPROXY: Can be used only with -p tcp or -p udp
[  808.745897][ T1422] ieee802154 phy0 wpan0: encryption failed: -22
[  808.762319][ T1422] ieee802154 phy1 wpan1: encryption failed: -22
[  811.953216][T11741] loop2: detected capacity change from 0 to 16
[  811.980491][T11744] loop5: detected capacity change from 0 to 16
[  812.064714][T11741] erofs: (device loop2): mounted with root inode @ nid 36.
[  812.123921][T11744] erofs: (device loop5): mounted with root inode @ nid 36.
[  815.736841][T11775] xt_TPROXY: Can be used only with -p tcp or -p udp
[  816.813203][T11787] loop6: detected capacity change from 0 to 512
[  817.712742][T11805] loop2: detected capacity change from 0 to 16
[  817.800831][T11808] loop5: detected capacity change from 0 to 16
[  817.810138][T11787] EXT4-fs (loop6): Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE
[  817.836181][T11805] erofs: (device loop2): mounted with root inode @ nid 36.
[  817.844184][T11808] erofs: (device loop5): mounted with root inode @ nid 36.
[  817.876971][T11787] EXT4-fs error (device loop6): ext4_free_branches:1030: inode #11: comm syz.6.1717: invalid indirect mapped block 4294967295 (level 1)
[  818.062203][T11787] EXT4-fs error (device loop6): ext4_free_branches:1030: inode #11: comm syz.6.1717: invalid indirect mapped block 4294967295 (level 1)
[  818.122375][T11787] EXT4-fs (loop6): 2 truncates cleaned up
[  818.174639][T11787] EXT4-fs (loop6): mounted filesystem without journal. Opts: grpjquota=,init_itable=0x0000000000000007,dioread_nolock,auto_da_alloc=0x000000007fffffff,nobarrier,auto_da_alloc=0x0000000000000002,nombcache,,errors=continue. Quota mode: writeback.
[  820.925579][T11836] loop5: detected capacity change from 0 to 16
[  821.101717][T11836] erofs: (device loop5): mounted with root inode @ nid 36.
[  825.604243][T11882] xt_TPROXY: Can be used only with -p tcp or -p udp
[  826.587183][T11911] loop4: detected capacity change from 0 to 16
[  826.731962][T11911] erofs: (device loop4): mounted with root inode @ nid 36.
[  828.641130][T11937] loop6: detected capacity change from 0 to 512
[  828.700433][T11937] EXT4-fs (loop6): Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE
[  828.779437][T11937] EXT4-fs error (device loop6): ext4_free_branches:1030: inode #11: comm syz.6.1752: invalid indirect mapped block 4294967295 (level 1)
[  828.820676][T11937] EXT4-fs error (device loop6): ext4_free_branches:1030: inode #11: comm syz.6.1752: invalid indirect mapped block 4294967295 (level 1)
[  828.843521][T11937] EXT4-fs (loop6): 2 truncates cleaned up
[  828.849545][T11937] EXT4-fs (loop6): mounted filesystem without journal. Opts: grpjquota=,init_itable=0x0000000000000007,dioread_nolock,auto_da_alloc=0x000000007fffffff,nobarrier,auto_da_alloc=0x0000000000000002,nombcache,,errors=continue. Quota mode: writeback.
[  833.940315][T12012] loop4: detected capacity change from 0 to 512
[  834.010240][T12012] EXT4-fs (loop4): Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE
[  834.056730][T12012] EXT4-fs error (device loop4): ext4_free_branches:1030: inode #11: comm syz.4.1771: invalid indirect mapped block 4294967295 (level 1)
[  834.082756][T12012] EXT4-fs error (device loop4): ext4_free_branches:1030: inode #11: comm syz.4.1771: invalid indirect mapped block 4294967295 (level 1)
[  834.110512][T12012] EXT4-fs (loop4): 2 truncates cleaned up
[  834.124177][T12012] EXT4-fs (loop4): mounted filesystem without journal. Opts: grpjquota=,init_itable=0x0000000000000007,dioread_nolock,auto_da_alloc=0x000000007fffffff,nobarrier,auto_da_alloc=0x0000000000000002,nombcache,,errors=continue. Quota mode: writeback.
[  838.580494][T12086] loop6: detected capacity change from 0 to 512
[  838.677240][T12086] EXT4-fs (loop6): Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE
[  838.776333][T12086] EXT4-fs error (device loop6): ext4_free_branches:1030: inode #11: comm syz.6.1790: invalid indirect mapped block 4294967295 (level 1)
[  838.827816][T12086] EXT4-fs error (device loop6): ext4_free_branches:1030: inode #11: comm syz.6.1790: invalid indirect mapped block 4294967295 (level 1)
[  838.997910][T12086] EXT4-fs (loop6): 2 truncates cleaned up
[  839.075092][T12086] EXT4-fs (loop6): mounted filesystem without journal. Opts: grpjquota=,init_itable=0x0000000000000007,dioread_nolock,auto_da_alloc=0x000000007fffffff,nobarrier,auto_da_alloc=0x0000000000000002,nombcache,,errors=continue. Quota mode: writeback.
[  840.023073][T12091] EXT4-fs error (device loop6): ext4_validate_block_bitmap:429: comm ext4lazyinit: bg 0: block 5: invalid block bitmap
[  842.182110][T12127] xt_TPROXY: Can be used only with -p tcp or -p udp
[  842.488583][T12139] loop6: detected capacity change from 0 to 512
[  842.575176][T12139] EXT4-fs (loop6): Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE
[  842.681704][T12139] EXT4-fs error (device loop6): ext4_free_branches:1030: inode #11: comm syz.6.1804: invalid indirect mapped block 4294967295 (level 1)
[  842.765751][T12139] EXT4-fs error (device loop6): ext4_free_branches:1030: inode #11: comm syz.6.1804: invalid indirect mapped block 4294967295 (level 1)
[  842.877206][T12139] EXT4-fs (loop6): 2 truncates cleaned up
[  842.896536][T12139] EXT4-fs (loop6): mounted filesystem without journal. Opts: grpjquota=,init_itable=0x0000000000000007,dioread_nolock,auto_da_alloc=0x000000007fffffff,nobarrier,auto_da_alloc=0x0000000000000002,nombcache,,errors=continue. Quota mode: writeback.
[  845.362940][T12175] loop5: detected capacity change from 0 to 16
[  845.449559][T12175] erofs: (device loop5): mounted with root inode @ nid 36.
[  846.338140][T12198] loop0: detected capacity change from 0 to 16
[  846.394999][T12198] erofs: (device loop0): mounted with root inode @ nid 36.
[  849.163151][T12241] loop5: detected capacity change from 0 to 512
[  849.221405][T12241] EXT4-fs (loop5): Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE
[  849.265722][T12248] loop4: detected capacity change from 0 to 16
[  849.329874][T12241] EXT4-fs error (device loop5): ext4_free_branches:1030: inode #11: comm syz.5.1829: invalid indirect mapped block 4294967295 (level 1)
[  849.386045][T12248] erofs: (device loop4): mounted with root inode @ nid 36.
[  849.434437][T12241] EXT4-fs error (device loop5): ext4_free_branches:1030: inode #11: comm syz.5.1829: invalid indirect mapped block 4294967295 (level 1)
[  849.589413][T12241] EXT4-fs (loop5): 2 truncates cleaned up
[  849.604197][T12241] EXT4-fs (loop5): mounted filesystem without journal. Opts: grpjquota=,init_itable=0x0000000000000007,dioread_nolock,auto_da_alloc=0x000000007fffffff,nobarrier,auto_da_alloc=0x0000000000000002,nombcache,,errors=continue. Quota mode: writeback.
[  850.386370][T12251] EXT4-fs error (device loop5): ext4_validate_block_bitmap:429: comm ext4lazyinit: bg 0: block 5: invalid block bitmap
[  856.590545][T12381] loop2: detected capacity change from 0 to 16
[  856.716880][T12381] erofs: (device loop2): mounted with root inode @ nid 36.
[  858.133792][T12407] xt_TPROXY: Can be used only with -p tcp or -p udp
[  859.299967][T12427] loop6: detected capacity change from 0 to 16
[  859.355749][T12427] erofs: (device loop6): mounted with root inode @ nid 36.
[  860.483568][T12439] loop6: detected capacity change from 0 to 16
[  860.543841][T12439] erofs: (device loop6): mounted with root inode @ nid 36.
[  861.166179][T12451] xt_TPROXY: Can be used only with -p tcp or -p udp
[  863.998117][T12505] xt_TPROXY: Can be used only with -p tcp or -p udp
[  870.147997][ T1422] ieee802154 phy0 wpan0: encryption failed: -22
[  870.154414][ T1422] ieee802154 phy1 wpan1: encryption failed: -22
[  873.648388][T12656] loop5: detected capacity change from 0 to 16
[  873.693666][T12656] erofs: (device loop5): mounted with root inode @ nid 36.
[  873.722455][T12658] loop4: detected capacity change from 0 to 16
[  873.871964][T12658] erofs: (device loop4): mounted with root inode @ nid 36.
[  874.819148][T12684] xt_TPROXY: Can be used only with -p tcp or -p udp
[  876.529047][T12715] loop6: detected capacity change from 0 to 16
[  876.580849][T12720] loop0: detected capacity change from 0 to 16
[  876.637865][T12720] erofs: (device loop0): mounted with root inode @ nid 36.
[  876.745632][T12715] erofs: (device loop6): mounted with root inode @ nid 36.
[  877.673820][T12727] loop4: detected capacity change from 0 to 512
[  877.902752][T12727] EXT4-fs (loop4): Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE
[  877.992354][T12739] loop2: detected capacity change from 0 to 16
[  878.064605][T12740] xt_TPROXY: Can be used only with -p tcp or -p udp
[  878.475052][T12727] EXT4-fs error (device loop4): ext4_free_branches:1030: inode #11: comm syz.4.1960: invalid indirect mapped block 4294967295 (level 1)
[  878.530741][T12739] erofs: (device loop2): mounted with root inode @ nid 36.
[  878.853811][T12727] EXT4-fs error (device loop4): ext4_free_branches:1030: inode #11: comm syz.4.1960: invalid indirect mapped block 4294967295 (level 1)
[  879.005023][T12727] EXT4-fs (loop4): 2 truncates cleaned up
[  879.025560][T12727] EXT4-fs (loop4): mounted filesystem without journal. Opts: grpjquota=,init_itable=0x0000000000000007,dioread_nolock,auto_da_alloc=0x000000007fffffff,nobarrier,auto_da_alloc=0x0000000000000002,nombcache,,errors=continue. Quota mode: writeback.
[  881.264358][T12742] EXT4-fs error (device loop4): ext4_validate_block_bitmap:429: comm ext4lazyinit: bg 0: block 5: invalid block bitmap
[  887.012289][T12903] loop6: detected capacity change from 0 to 16
[  887.074377][T12903] erofs: (device loop6): mounted with root inode @ nid 36.
[  896.260235][T13077] loop0: detected capacity change from 0 to 16
[  896.341479][T13077] erofs: (device loop0): mounted with root inode @ nid 36.
[  897.627010][T13101] xt_TPROXY: Can be used only with -p tcp or -p udp
[  907.754811][T13298] loop0: detected capacity change from 0 to 16
[  907.798751][T13298] erofs: (device loop0): mounted with root inode @ nid 36.
[  909.183512][T13327] xt_TPROXY: Can be used only with -p tcp or -p udp
[  910.235618][T13341] loop4: detected capacity change from 0 to 16
[  910.290253][T13341] erofs: (device loop4): mounted with root inode @ nid 36.
[  913.027758][T13407] __nla_validate_parse: 2 callbacks suppressed
[  913.027777][T13407] netlink: 72 bytes leftover after parsing attributes in process `syz.0.2134'.
[  913.560651][T13419] binder: 13418:13419 unknown command 0
[  913.574022][T13419] binder: 13418:13419 ioctl c0306201 200000000080 returned -22
[  913.608144][T13419] binder: BINDER_SET_CONTEXT_MGR already set
[  913.624417][T13419] binder: 13418:13419 ioctl 4018620d 200000000040 returned -16
[  914.325095][T13423] sctp: failed to load transform for md5: -2
[  915.800146][   T26] audit: type=1326 audit(1763772806.569:4): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13448 comm="syz.2.2146" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8e29ed0749 code=0x7ffc0000
[  916.015078][   T26] audit: type=1326 audit(1763772806.619:5): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13448 comm="syz.2.2146" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8e29ed0749 code=0x7ffc0000
[  916.041855][   T26] audit: type=1326 audit(1763772806.619:6): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13448 comm="syz.2.2146" exe="/root/syz-executor" sig=0 arch=c000003e syscall=314 compat=0 ip=0x7f8e29ed0749 code=0x7ffc0000
[  916.068170][   T26] audit: type=1326 audit(1763772806.619:7): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13448 comm="syz.2.2146" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8e29ed0749 code=0x7ffc0000
[  916.091667][   T26] audit: type=1326 audit(1763772806.639:8): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13448 comm="syz.2.2146" exe="/root/syz-executor" sig=0 arch=c000003e syscall=188 compat=0 ip=0x7f8e29ed0749 code=0x7ffc0000
[  916.114207][   T26] audit: type=1326 audit(1763772806.639:9): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13448 comm="syz.2.2146" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8e29ed0749 code=0x7ffc0000
[  916.136902][   T26] audit: type=1326 audit(1763772806.639:10): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13448 comm="syz.2.2146" exe="/root/syz-executor" sig=0 arch=c000003e syscall=189 compat=0 ip=0x7f8e29ed0749 code=0x7ffc0000
[  916.161671][   T26] audit: type=1326 audit(1763772806.639:11): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13448 comm="syz.2.2146" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8e29ed0749 code=0x7ffc0000
[  916.192695][   T26] audit: type=1326 audit(1763772806.639:12): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13448 comm="syz.2.2146" exe="/root/syz-executor" sig=0 arch=c000003e syscall=149 compat=0 ip=0x7f8e29ed0749 code=0x7ffc0000
[  916.287480][ T4226] libceph: connect (1)[c::]:6789 error -101
[  916.296601][ T4226] libceph: mon0 (1)[c::]:6789 connect error
[  916.308307][ T4226] libceph: connect (1)[c::]:6789 error -101
[  916.314574][ T4226] libceph: mon0 (1)[c::]:6789 connect error
[  916.377961][T13437] ceph: No mds server is up or the cluster is laggy
[  916.385809][   T26] audit: type=1326 audit(1763772807.159:13): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13448 comm="syz.2.2146" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8e29ed0749 code=0x7ffc0000
[  916.586285][ T7709] libceph: connect (1)[c::]:6789 error -101
[  916.599660][ T7709] libceph: mon0 (1)[c::]:6789 connect error
[  916.874292][ T4226] usb 7-1: new high-speed USB device number 3 using dummy_hcd
[  917.193707][T13476] fuse: Bad value for 'group_id'
[  917.231399][T13476] netlink: 'syz.0.2154': attribute type 1 has an invalid length.
[  917.307964][ T4226] usb 7-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7
[  917.329606][ T4226] usb 7-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47
[  917.352732][ T4226] usb 7-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d
[  917.362343][ T4226] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  917.434517][T13463] raw-gadget.0 gadget: fail, usb_ep_enable returned -22
[  917.755001][T13472] sctp: failed to load transform for md5: -2
[  919.088252][   T21] usb 7-1: USB disconnect, device number 3
[  919.508160][T13536] nf_conntrack: default automatic helper assignment has been turned off for security reasons and CT-based firewall rule not found. Use the iptables CT target to attach helpers instead.
[  921.423644][T13556] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2176'.
[  921.454535][T13556] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2176'.
[  921.872775][T13568] device syzkaller0 entered promiscuous mode
[  922.675216][T13587] binder_alloc: 13579: binder_alloc_buf, no vma
[  922.910568][T13592] netlink: 20 bytes leftover after parsing attributes in process `syz.2.2186'.
[  922.919593][T13592] netlink: 28 bytes leftover after parsing attributes in process `syz.2.2186'.
[  923.005547][T13598] device veth2 entered promiscuous mode
[  923.192840][T13600] device syzkaller0 entered promiscuous mode
[  926.142301][T13611] pit: kvm: requested 4190 ns i8254 timer period limited to 200000 ns
[  926.193781][T13611] kvm: pic: non byte read
[  926.224757][T13611] kvm: pic: level sensitive irq not supported
[  926.225090][T13611] kvm: pic: non byte read
[  926.249938][T13611] kvm: pic: level sensitive irq not supported
[  926.250100][T13611] kvm: pic: non byte read
[  926.337522][T13611] kvm: pic: level sensitive irq not supported
[  926.341289][T13611] kvm: pic: non byte read
[  926.382299][T13611] kvm: pic: level sensitive irq not supported
[  926.382382][T13611] kvm: pic: non byte read
[  926.408735][T13611] kvm: pic: level sensitive irq not supported
[  926.408939][T13611] kvm: pic: non byte read
[  926.423376][T13611] kvm: pic: level sensitive irq not supported
[  926.423524][T13611] kvm: pic: non byte read
[  926.461306][T13611] kvm: pic: level sensitive irq not supported
[  926.461386][T13611] kvm: pic: non byte read
[  926.474897][T13611] kvm: pic: level sensitive irq not supported
[  926.474977][T13611] kvm: pic: non byte read
[  926.488329][T13611] kvm: pic: level sensitive irq not supported
[  926.488475][T13611] kvm: pic: non byte read
[  926.505905][T13611] kvm: pic: level sensitive irq not supported
[  927.111982][T13650] 9pnet_virtio: no channels available for device syz
[  927.139567][T13648] nf_conntrack: default automatic helper assignment has been turned off for security reasons and CT-based firewall rule not found. Use the iptables CT target to attach helpers instead.
[  927.551105][   T26] kauditd_printk_skb: 1 callbacks suppressed
[  927.551124][   T26] audit: type=1326 audit(1763772818.319:15): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13654 comm="syz.5.2205" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fbbcb436749 code=0x7ffc0000
[  927.654903][   T26] audit: type=1326 audit(1763772818.319:16): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13654 comm="syz.5.2205" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fbbcb436749 code=0x7ffc0000
[  927.991026][   T26] audit: type=1326 audit(1763772818.379:17): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13654 comm="syz.5.2205" exe="/root/syz-executor" sig=0 arch=c000003e syscall=56 compat=0 ip=0x7fbbcb436749 code=0x7ffc0000
[  928.200084][   T26] audit: type=1326 audit(1763772818.459:18): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13654 comm="syz.5.2205" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fbbcb436749 code=0x7ffc0000
[  928.327565][   T26] audit: type=1326 audit(1763772818.459:19): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13654 comm="syz.5.2205" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fbbcb436749 code=0x7ffc0000
[  928.436018][   T26] audit: type=1326 audit(1763772818.569:20): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13657 comm="syz.5.2205" exe="/root/syz-executor" sig=0 arch=c000003e syscall=230 compat=0 ip=0x7fbbcb469005 code=0x7ffc0000
[  928.525837][   T26] audit: type=1326 audit(1763772818.749:21): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13657 comm="syz.5.2205" exe="/root/syz-executor" sig=0 arch=c000003e syscall=60 compat=0 ip=0x7fbbcb436749 code=0x7ffc0000
[  928.651488][   T26] audit: type=1326 audit(1763772818.819:22): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13654 comm="syz.5.2205" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7fbbcb3d2829 code=0x7ffc0000
[  928.774010][   T26] audit: type=1326 audit(1763772818.819:23): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13654 comm="syz.5.2205" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fbbcb436749 code=0x7ffc0000
[  928.924148][   T26] audit: type=1326 audit(1763772818.849:24): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13663 comm="syz.4.2207" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa3fd797749 code=0x7ffc0000
[  929.146684][T13676] capability: warning: `syz.5.2210' uses deprecated v2 capabilities in a way that may be insecure
[  929.296261][ T4226] Bluetooth: hci0: command 0x0409 tx timeout
[  931.108444][T13685] platform regulatory.0: loading /lib/firmware/regulatory.db failed with error -4
[  931.118149][T13685] platform regulatory.0: Direct firmware load for regulatory.db failed with error -4
[  931.127729][T13685] platform regulatory.0: Falling back to sysfs fallback for: regulatory.db
[  931.216522][T13685] syz.5.2212 (13685) used greatest stack depth: 18816 bytes left
[  931.587335][ T1422] ieee802154 phy0 wpan0: encryption failed: -22
[  931.593720][ T1422] ieee802154 phy1 wpan1: encryption failed: -22
[  932.408822][T13691] "syz.2.2213" (13691) uses obsolete ecb(arc4) skcipher
[  932.849785][T13698] bridge0: port 2(bridge_slave_1) entered disabled state
[  932.857716][T13698] bridge0: port 1(bridge_slave_0) entered disabled state
[  933.807501][T13721] 9pnet_virtio: no channels available for device syz
[  934.401408][T13698] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  934.537149][T13698] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  934.641419][T13727] uffd: Set unprivileged_userfaultfd sysctl knob to 1 if kernel faults must be handled without obtaining CAP_SYS_PTRACE capability
[  937.172420][T13698] netdevsim netdevsim5 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0
[  937.182922][T13698] netdevsim netdevsim5 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0
[  937.195151][T13698] netdevsim netdevsim5 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0
[  937.207960][T13698] netdevsim netdevsim5 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0
[  937.351324][T13723] bridge: RTM_NEWNEIGH bridge0 with NTF_USE is not supported
[  937.516626][T13741] syz.0.2227[13741] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  937.516732][T13741] syz.0.2227[13741] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  937.846388][T13747] pit: kvm: requested 4190 ns i8254 timer period limited to 200000 ns
[  937.883278][T13747] picdev_read: 69 callbacks suppressed
[  937.883297][T13747] kvm: pic: non byte read
[  937.909063][T13747] pic_ioport_write: 68 callbacks suppressed
[  937.909080][T13747] kvm: pic: level sensitive irq not supported
[  937.940660][T13747] kvm: pic: non byte read
[  937.992490][T13747] kvm: pic: level sensitive irq not supported
[  937.993646][T13747] kvm: pic: non byte read
[  938.039266][T13747] kvm: pic: level sensitive irq not supported
[  938.040256][T13747] kvm: pic: non byte read
[  938.080446][T13734] device syzkaller0 entered promiscuous mode
[  938.123261][T13747] kvm: pic: level sensitive irq not supported
[  938.124504][T13747] kvm: pic: non byte read
[  938.245848][T13747] kvm: pic: level sensitive irq not supported
[  938.245911][T13747] kvm: pic: non byte read
[  938.307711][T13747] kvm: pic: level sensitive irq not supported
[  938.307914][T13747] kvm: pic: non byte read
[  938.434286][T13747] kvm: pic: level sensitive irq not supported
[  938.435416][T13747] kvm: pic: non byte read
[  939.365193][T13776] netlink: 28 bytes leftover after parsing attributes in process `syz.6.2236'.
[  939.374446][T13776] netlink: 28 bytes leftover after parsing attributes in process `syz.6.2236'.
[  942.628714][T13789] device syzkaller0 entered promiscuous mode
[  943.562238][ T4952] usb 7-1: new high-speed USB device number 4 using dummy_hcd
[  943.930107][T13802] device syzkaller0 entered promiscuous mode
[  944.019843][ T4952] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  944.059863][ T4952] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  944.099255][ T4952] usb 7-1: New USB device found, idVendor=10c4, idProduct=ea90, bcdDevice= 0.00
[  944.162514][ T4952] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  944.197683][ T4952] usb 7-1: config 0 descriptor??
[  944.308753][T13811] input: syz1 as /devices/virtual/input/input16
[  944.470131][T13796] udc-core: couldn't find an available UDC or it's busy
[  944.514767][T13796] misc raw-gadget: fail, usb_gadget_probe_driver returned -16
[  947.151419][ T4952] usbhid 7-1:0.0: can't add hid device: -71
[  947.171381][ T4952] usbhid: probe of 7-1:0.0 failed with error -71
[  947.190843][ T4952] usb 7-1: USB disconnect, device number 4
[  947.232940][T13821] 8021q: adding VLAN 0 to HW filter on device bond0
[  947.950940][T13821] bond0: (slave rose0): Enslaving as an active interface with an up link
[  948.146703][    C0] llc_conn_state_process: llc_conn_service failed
[  948.245077][ T4310] IPv6: ADDRCONF(NETDEV_CHANGE): bond0: link becomes ready
[  948.571400][   T26] kauditd_printk_skb: 552 callbacks suppressed
[  948.571413][   T26] audit: type=1326 audit(1763772839.329:577): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13825 comm="syz.4.2251" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa3fd797749 code=0x7ffc0000
[  949.539670][T13852] netlink: 196 bytes leftover after parsing attributes in process `syz.0.2255'.
[  949.844839][   T26] audit: type=1326 audit(1763772839.329:578): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13825 comm="syz.4.2251" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa3fd797749 code=0x7ffc0000
[  949.868740][   T26] audit: type=1326 audit(1763772839.339:579): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13825 comm="syz.4.2251" exe="/root/syz-executor" sig=0 arch=c000003e syscall=56 compat=0 ip=0x7fa3fd797749 code=0x7ffc0000
[  949.891501][   T26] audit: type=1326 audit(1763772839.779:580): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13825 comm="syz.4.2251" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa3fd797749 code=0x7ffc0000
[  949.914209][   T26] audit: type=1326 audit(1763772839.789:581): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13825 comm="syz.4.2251" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa3fd797749 code=0x7ffc0000
[  949.936674][   T26] audit: type=1326 audit(1763772840.039:582): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13847 comm="syz.4.2251" exe="/root/syz-executor" sig=0 arch=c000003e syscall=230 compat=0 ip=0x7fa3fd7ca005 code=0x7ffc0000
[  950.044288][   T26] audit: type=1326 audit(1763772840.819:583): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13847 comm="syz.4.2251" exe="/root/syz-executor" sig=0 arch=c000003e syscall=60 compat=0 ip=0x7fa3fd797749 code=0x7ffc0000
[  950.405390][T13867] netlink: 'syz.6.2258': attribute type 12 has an invalid length.
[  950.485707][T13871] device vlan0 entered promiscuous mode
[  950.571487][T13871] team0: Port device vlan0 added
[  950.835790][T13880] ODEBUG: Out of memory. ODEBUG disabled
[  950.882573][T13884] vhci_hcd: Failed attach request for unsupported USB speed: super-speed-plus
[  950.947222][ T4197] sysfs: cannot create duplicate filename '/devices/virtual/bluetooth/hci3/hci3:201'
[  950.957559][ T4197] CPU: 0 PID: 4197 Comm: kworker/u5:6 Not tainted syzkaller #0
[  950.965230][ T4197] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[  950.975320][ T4197] Workqueue: hci3 hci_rx_work
[  950.980034][ T4197] Call Trace:
[  950.983326][ T4197]  <TASK>
[  950.986268][ T4197]  dump_stack_lvl+0x168/0x230
[  950.990982][ T4197]  ? show_regs_print_info+0x20/0x20
[  950.996293][ T4197]  ? load_image+0x3b0/0x3b0
[  951.000823][ T4197]  sysfs_create_dir_ns+0x252/0x280
[  951.005964][ T4197]  ? __lock_acquire+0x7c60/0x7c60
[  951.011003][ T4197]  ? sysfs_warn_dup+0xa0/0xa0
[  951.015678][ T4197]  ? le_conn_complete_evt+0xcbc/0x1590
[  951.021161][ T4197]  ? hci_event_packet+0xe05/0x12f0
[  951.026283][ T4197]  ? process_one_work+0x863/0x1000
[  951.031398][ T4197]  ? do_raw_spin_unlock+0x11d/0x230
[  951.036609][ T4197]  kobject_add_internal+0x662/0xd00
[  951.041821][ T4197]  kobject_add+0x152/0x210
[  951.046256][ T4197]  ? kobject_init+0x1d0/0x1d0
[  951.050932][ T4197]  ? klist_children_get+0x50/0x50
[  951.055955][ T4197]  ? get_device_parent+0x121/0x3f0
[  951.061063][ T4197]  device_add+0x483/0xfb0
[  951.065408][ T4197]  hci_conn_add_sysfs+0xd1/0x1e0
[  951.070378][ T4197]  le_conn_complete_evt+0xcbc/0x1590
[  951.075702][ T4197]  ? cs_le_create_conn+0x5e0/0x5e0
[  951.080938][ T4197]  ? __mutex_trylock_common+0x14f/0x250
[  951.086524][ T4197]  hci_le_meta_evt+0xd04/0x3b80
[  951.091386][ T4197]  ? hci_event_packet+0x36d/0x12f0
[  951.096494][ T4197]  ? hci_event_packet+0x2e2/0x12f0
[  951.101597][ T4197]  ? __lock_acquire+0x7c60/0x7c60
[  951.106623][ T4197]  ? hci_remote_host_features_evt+0x280/0x280
[  951.112693][ T4197]  ? __mutex_unlock_slowpath+0x19e/0x6a0
[  951.118340][ T4197]  ? mark_lock+0x94/0x320
[  951.122687][ T4197]  ? mutex_unlock+0x10/0x10
[  951.127189][ T4197]  ? lockdep_hardirqs_on_prepare+0x3fc/0x760
[  951.133176][ T4197]  ? lock_chain_count+0x20/0x20
[  951.138022][ T4197]  ? __rwlock_init+0x140/0x140
[  951.142791][ T4197]  hci_event_packet+0xe05/0x12f0
[  951.147752][ T4197]  ? lockdep_hardirqs_on+0x94/0x140
[  951.152971][ T4197]  ? rcu_lock_release+0x20/0x20
[  951.157832][ T4197]  ? hci_send_to_monitor+0x9c/0x4a0
[  951.163026][ T4197]  hci_rx_work+0x255/0xa10
[  951.167472][ T4197]  process_one_work+0x863/0x1000
[  951.172435][ T4197]  ? worker_detach_from_pool+0x240/0x240
[  951.178064][ T4197]  ? lockdep_hardirqs_off+0x70/0x100
[  951.183348][ T4197]  ? _raw_spin_lock_irq+0xab/0xe0
[  951.188385][ T4197]  ? _raw_spin_lock_irqsave+0xf0/0xf0
[  951.193746][ T4197]  ? wq_worker_running+0x97/0x170
[  951.198759][ T4197]  worker_thread+0xaa8/0x12a0
[  951.203442][ T4197]  kthread+0x436/0x520
[  951.207509][ T4197]  ? rcu_lock_release+0x20/0x20
[  951.212353][ T4197]  ? kthread_blkcg+0xd0/0xd0
[  951.216948][ T4197]  ret_from_fork+0x1f/0x30
[  951.221390][ T4197]  </TASK>
[  951.226198][ T4197] kobject_add_internal failed for hci3:201 with -EEXIST, don't try to register things with the same name in the same directory.
[  951.239521][ T4197] Bluetooth: hci3: failed to register connection device
[  951.278319][T13838] chnl_net:caif_netlink_parms(): no params data found
[  951.813341][T11779] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  951.872758][T13838] bridge0: port 1(bridge_slave_0) entered blocking state
[  951.881329][T13838] bridge0: port 1(bridge_slave_0) entered disabled state
[  952.565285][ T4226] Bluetooth: hci1: command 0x0409 tx timeout
[  953.015331][T13838] device bridge_slave_0 entered promiscuous mode
[  953.036160][T13838] bridge0: port 2(bridge_slave_1) entered blocking state
[  953.086848][T13838] bridge0: port 2(bridge_slave_1) entered disabled state
[  953.117238][T13838] device bridge_slave_1 entered promiscuous mode
[  953.229694][T11779] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  953.306358][T13838] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  953.337010][T13838] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  953.391016][T11779] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  953.513394][T13838] team0: Port device team_slave_0 added
[  953.558205][T11779] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  953.671549][T13838] team0: Port device team_slave_1 added
[  953.731358][T13939] batman_adv: Cannot find parent device
[  953.795969][T13838] batman_adv: batadv0: Adding interface: batadv_slave_0
[  953.802988][T13838] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  953.934014][T13838] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  954.185985][T13838] batman_adv: batadv0: Adding interface: batadv_slave_1
[  954.193117][T13838] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  954.219710][T13838] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  954.427645][T13958] 9pnet: Insufficient options for proto=fd
[  954.611806][T13838] device hsr_slave_0 entered promiscuous mode
[  955.024466][ T4329] Bluetooth: hci1: command 0x041b tx timeout
[  955.633043][T13838] device hsr_slave_1 entered promiscuous mode
[  955.666006][T13838] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  955.712928][T13838] Cannot create hsr debugfs directory
[  955.923693][T13969] netlink: 'syz.4.2279': attribute type 1 has an invalid length.
[  955.984678][T13969] 8021q: adding VLAN 0 to HW filter on device bond1
[  956.053780][T13971] device bond1 entered promiscuous mode
[  956.320482][T13838] netdevsim netdevsim7 netdevsim0: renamed from eth0
[  956.373487][T13838] netdevsim netdevsim7 netdevsim1: renamed from eth1
[  956.420152][T13838] netdevsim netdevsim7 netdevsim2: renamed from eth2
[  956.454843][T13838] netdevsim netdevsim7 netdevsim3: renamed from eth3
[  956.611816][T13989] 9pnet_virtio: no channels available for device syz
[  957.465880][T13838] 8021q: adding VLAN 0 to HW filter on device bond0
[  957.483741][T13838] 8021q: adding VLAN 0 to HW filter on device team0
[  957.576244][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[  957.598403][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[  957.664218][ T7709] Bluetooth: hci1: command 0x040f tx timeout
[  957.719608][  T145] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[  957.802356][  T145] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[  957.944542][  T145] bridge0: port 1(bridge_slave_0) entered blocking state
[  957.951655][  T145] bridge0: port 1(bridge_slave_0) entered forwarding state
[  957.977986][  T145] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[  957.994802][  T145] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[  958.013592][  T145] bridge0: port 2(bridge_slave_1) entered blocking state
[  958.020760][  T145] bridge0: port 2(bridge_slave_1) entered forwarding state
[  958.041738][  T145] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[  958.055751][  T145] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[  958.622701][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[  958.738165][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[  958.902787][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[  959.059085][T11779] device hsr_slave_0 left promiscuous mode
[  959.171723][T11779] device hsr_slave_1 left promiscuous mode
[  959.241772][T11779] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  959.338917][T11779] batman_adv: batadv0: Removing interface: batadv_slave_0
[  959.407495][T11779] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  959.430854][T11779] batman_adv: batadv0: Removing interface: batadv_slave_1
[  959.480890][T11779] device bridge_slave_1 left promiscuous mode
[  959.502066][T11779] bridge0: port 2(bridge_slave_1) entered disabled state
[  959.510669][T11779] device bridge_slave_0 left promiscuous mode
[  959.517622][T11779] bridge0: port 1(bridge_slave_0) entered disabled state
[  959.531647][T11779] device veth1_macvtap left promiscuous mode
[  959.538728][T11779] device veth0_macvtap left promiscuous mode
[  959.546239][T11779] device veth1_vlan left promiscuous mode
[  959.552147][T11779] device veth0_vlan left promiscuous mode
[  959.746060][ T7709] Bluetooth: hci1: command 0x0419 tx timeout
[  960.140088][T11779] team0 (unregistering): Port device team_slave_1 removed
[  960.218960][T11779] team0 (unregistering): Port device team_slave_0 removed
[  960.278626][T11779] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  960.345833][T11779] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  960.378162][T14048] vhci_hcd: Failed attach request for unsupported USB speed: super-speed-plus
[  960.694219][T11779] bond0 (unregistering): Released all slaves
[  960.915148][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[  960.927089][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[  960.949329][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[  960.960406][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[  960.979793][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[  961.025309][T13838] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[  961.103208][T13838] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[  961.132389][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[  961.188966][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[  963.950288][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready
[  963.984417][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready
[  964.008860][T13838] 8021q: adding VLAN 0 to HW filter on device batadv0
[  965.072906][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready
[  965.073551][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[  965.415940][ T4310] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready
[  965.445419][ T4310] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[  965.476045][T13838] device veth0_vlan entered promiscuous mode
[  965.485433][ T4310] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[  965.493762][ T4310] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[  965.521606][T13838] device veth1_vlan entered promiscuous mode
[  965.668452][ T4310] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready
[  965.700706][ T4310] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready
[  965.841897][ T4310] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready
[  965.900859][ T4310] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[  966.516681][T13838] device veth0_macvtap entered promiscuous mode
[  966.560557][T13838] device veth1_macvtap entered promiscuous mode
[  966.769567][T13838] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  966.840690][T13838] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  966.893842][T13838] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  966.975816][T13838] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  967.054718][T13838] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  967.113023][T13838] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  967.178735][T13838] batman_adv: batadv0: Interface activated: batadv_slave_0
[  967.275309][ T4310] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready
[  967.305693][ T4310] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[  967.384066][T13838] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  967.431060][T13838] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  967.643970][T13838] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  967.703872][T13838] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  967.750361][T13838] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  967.784005][T13838] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  967.823303][T13838] batman_adv: batadv0: Interface activated: batadv_slave_1
[  968.195647][  T145] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
[  968.212246][  T145] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[  968.235537][T13838] netdevsim netdevsim7 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  968.253999][T13838] netdevsim netdevsim7 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  968.263368][T13838] netdevsim netdevsim7 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  968.273746][T13838] netdevsim netdevsim7 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  968.394206][ T4288] usb 7-1: new high-speed USB device number 5 using dummy_hcd
[  968.596004][T11150] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  968.641804][T11150] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  968.654146][ T4288] usb 7-1: Using ep0 maxpacket: 8
[  968.717352][ T5942] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready
[  968.742348][ T5942] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  968.774214][ T4288] usb 7-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid maxpacket 56832, setting to 1024
[  968.794553][ T4288] usb 7-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 1024
[  968.814317][ T4197] Bluetooth: hci3: Unknown advertising packet type: 0x6678
[  968.814441][ T4197] ==================================================================
[  968.830172][ T4197] BUG: KASAN: slab-out-of-bounds in hci_le_meta_evt+0x12c0/0x3b80
[  968.837975][ T4197] Read of size 1 at addr ffff8880263d340a by task kworker/u5:6/4197
[  968.845939][ T4197] 
[  968.848253][ T4197] CPU: 0 PID: 4197 Comm: kworker/u5:6 Not tainted syzkaller #0
[  968.855782][ T4197] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[  968.866014][ T4197] Workqueue: hci3 hci_rx_work
[  968.870735][ T4197] Call Trace:
[  968.874171][ T4197]  <TASK>
[  968.877111][ T4197]  dump_stack_lvl+0x168/0x230
[  968.881823][ T4197]  ? show_regs_print_info+0x20/0x20
[  968.887027][ T4197]  ? load_image+0x3b0/0x3b0
[  968.891554][ T4197]  ? _raw_spin_lock_irqsave+0xb0/0xf0
[  968.896942][ T4197]  print_address_description+0x60/0x2d0
[  968.902489][ T4197]  ? hci_le_meta_evt+0x12c0/0x3b80
[  968.907598][ T4197]  kasan_report+0xdf/0x130
[  968.912011][ T4197]  ? hci_le_meta_evt+0x12c0/0x3b80
[  968.917119][ T4197]  hci_le_meta_evt+0x12c0/0x3b80
[  968.922050][ T4197]  ? hci_event_packet+0x2a0/0x12f0
[  968.927166][ T4197]  ? hci_remote_host_features_evt+0x280/0x280
[  968.933257][ T4197]  ? __mutex_unlock_slowpath+0x19e/0x6a0
[  968.938881][ T4197]  ? mark_lock+0x94/0x320
[  968.943203][ T4197]  ? mutex_unlock+0x10/0x10
[  968.947693][ T4197]  ? lockdep_hardirqs_on_prepare+0x3fc/0x760
[  968.953687][ T4197]  ? lock_chain_count+0x20/0x20
[  968.958701][ T4197]  ? __rwlock_init+0x140/0x140
[  968.963457][ T4197]  hci_event_packet+0xe05/0x12f0
[  968.968415][ T4197]  ? lockdep_hardirqs_on+0x94/0x140
[  968.973609][ T4197]  ? rcu_lock_release+0x20/0x20
[  968.978459][ T4197]  ? hci_send_to_monitor+0x9c/0x4a0
[  968.983662][ T4197]  hci_rx_work+0x255/0xa10
[  968.988079][ T4197]  process_one_work+0x863/0x1000
[  968.993022][ T4197]  ? worker_detach_from_pool+0x240/0x240
[  968.998641][ T4197]  ? lockdep_hardirqs_off+0x70/0x100
[  969.003945][ T4197]  ? _raw_spin_lock_irq+0xab/0xe0
[  969.008978][ T4197]  ? _raw_spin_lock_irqsave+0xf0/0xf0
[  969.014352][ T4197]  ? wq_worker_running+0x97/0x170
[  969.019372][ T4197]  worker_thread+0xaa8/0x12a0
[  969.024057][ T4197]  kthread+0x436/0x520
[  969.028122][ T4197]  ? rcu_lock_release+0x20/0x20
[  969.032970][ T4197]  ? kthread_blkcg+0xd0/0xd0
[  969.038245][ T4197]  ret_from_fork+0x1f/0x30
[  969.042661][ T4197]  </TASK>
[  969.045676][ T4197] 
[  969.047989][ T4197] Allocated by task 14203:
[  969.052385][ T4197]  __kasan_kmalloc+0xb5/0xf0
[  969.056975][ T4197]  __alloc_skb+0x22c/0x750
[  969.061385][ T4197]  vhci_write+0xbc/0x450
[  969.065614][ T4197]  vfs_write+0x712/0xd00
[  969.069842][ T4197]  ksys_write+0x14d/0x250
[  969.074242][ T4197]  do_syscall_64+0x4c/0xa0
[  969.078645][ T4197]  entry_SYSCALL_64_after_hwframe+0x66/0xd0
[  969.084534][ T4197] 
[  969.086861][ T4197] Last potentially related work creation:
[  969.092562][ T4197]  kasan_save_stack+0x35/0x60
[  969.097228][ T4197]  kasan_record_aux_stack+0xb8/0x100
[  969.102500][ T4197]  kvfree_call_rcu+0x10a/0x7c0
[  969.107249][ T4197]  cgroup_free+0x143/0x1d0
[  969.111653][ T4197]  __put_task_struct+0xe3/0x480
[  969.116488][ T4197]  rcu_core+0x962/0x15d0
[  969.120722][ T4197]  handle_softirqs+0x328/0x820
[  969.125475][ T4197]  __irq_exit_rcu+0x12f/0x220
[  969.130163][ T4197]  irq_exit_rcu+0x5/0x20
[  969.134396][ T4197]  sysvec_apic_timer_interrupt+0x52/0xc0
[  969.140020][ T4197]  asm_sysvec_apic_timer_interrupt+0x16/0x20
[  969.145990][ T4197] 
[  969.148300][ T4197] Second to last potentially related work creation:
[  969.154866][ T4197]  kasan_save_stack+0x35/0x60
[  969.159536][ T4197]  kasan_record_aux_stack+0xb8/0x100
[  969.164807][ T4197]  kvfree_call_rcu+0x10a/0x7c0
[  969.169560][ T4197]  cgroup_free+0x143/0x1d0
[  969.173977][ T4197]  __put_task_struct+0xe3/0x480
[  969.178832][ T4197]  rcu_core+0x962/0x15d0
[  969.183063][ T4197]  handle_softirqs+0x328/0x820
[  969.187817][ T4197]  __irq_exit_rcu+0x12f/0x220
[  969.192491][ T4197]  irq_exit_rcu+0x5/0x20
[  969.196731][ T4197]  sysvec_apic_timer_interrupt+0xa0/0xc0
[  969.202351][ T4197]  asm_sysvec_apic_timer_interrupt+0x16/0x20
[  969.208320][ T4197] 
[  969.210643][ T4197] The buggy address belongs to the object at ffff8880263d3000
[  969.210643][ T4197]  which belongs to the cache kmalloc-1k of size 1024
[  969.224681][ T4197] The buggy address is located 10 bytes to the right of
[  969.224681][ T4197]  1024-byte region [ffff8880263d3000, ffff8880263d3400)
[  969.238491][ T4197] The buggy address belongs to the page:
[  969.244121][ T4197] page:ffffea000098f400 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x263d0
[  969.254258][ T4197] head:ffffea000098f400 order:3 compound_mapcount:0 compound_pincount:0
[  969.262574][ T4197] flags: 0xfff00000010200(slab|head|node=0|zone=1|lastcpupid=0x7ff)
[  969.270549][ T4197] raw: 00fff00000010200 ffffea0000836a00 0000000400000002 ffff888016841dc0
[  969.279256][ T4197] raw: 0000000000000000 0000000080100010 00000001ffffffff 0000000000000000
[  969.287841][ T4197] page dumped because: kasan: bad access detected
[  969.294279][ T4197] page_owner tracks the page as allocated
[  969.300003][ T4197] page last allocated via order 3, migratetype Unmovable, gfp_mask 0xd2a20(GFP_ATOMIC|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 4240, ts 63959758700, free_ts 63535811943
[  969.318526][ T4197]  get_page_from_freelist+0x1b77/0x1c60
[  969.324071][ T4197]  __alloc_pages+0x1e1/0x470
[  969.328693][ T4197]  new_slab+0xc0/0x4b0
[  969.332786][ T4197]  ___slab_alloc+0x81e/0xdf0
[  969.337466][ T4197]  __kmalloc_node_track_caller+0x1fc/0x3a0
[  969.343259][ T4197]  __alloc_skb+0x22c/0x750
[  969.347665][ T4197]  inet6_rt_notify+0xdd/0x290
[  969.352363][ T4197]  fib6_add+0x1d3b/0x3d30
[  969.356690][ T4197]  ip6_ins_rt+0xc5/0x110
[  969.360952][ T4197]  __ipv6_ifa_notify+0x4be/0xda0
[  969.365917][ T4197]  addrconf_dad_completed+0x179/0xca0
[  969.371318][ T4197]  addrconf_dad_work+0xc70/0x1520
[  969.376365][ T4197]  process_one_work+0x863/0x1000
[  969.381334][ T4197]  worker_thread+0xaa8/0x12a0
[  969.386039][ T4197]  kthread+0x436/0x520
[  969.390119][ T4197]  ret_from_fork+0x1f/0x30
[  969.394536][ T4197] page last free stack trace:
[  969.399205][ T4197]  free_unref_page_prepare+0x637/0x6c0
[  969.404677][ T4197]  free_unref_page+0x94/0x280
[  969.409354][ T4197]  __unfreeze_partials+0x1a5/0x200
[  969.414462][ T4197]  put_cpu_partial+0x12d/0x190
[  969.419222][ T4197]  qlist_free_all+0x35/0x90
[  969.423726][ T4197]  kasan_quarantine_reduce+0x150/0x160
[  969.429190][ T4197]  __kasan_slab_alloc+0x2f/0xd0
[  969.434078][ T4197]  slab_post_alloc_hook+0x4c/0x380
[  969.439212][ T4197]  kmem_cache_alloc_node+0x12d/0x2d0
[  969.444496][ T4197]  __alloc_skb+0xf4/0x750
[  969.448823][ T4197]  mld_newpack+0x12a/0xb90
[  969.453237][ T4197]  add_grhead+0x5a/0x240
[  969.457488][ T4197]  add_grec+0x1341/0x15d0
[  969.461813][ T4197]  mld_ifc_work+0x6e7/0xb40
[  969.466312][ T4197]  process_one_work+0x863/0x1000
[  969.471252][ T4197]  worker_thread+0xaa8/0x12a0
[  969.475926][ T4197] 
[  969.478247][ T4197] Memory state around the buggy address:
[  969.483869][ T4197]  ffff8880263d3300: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[  969.491928][ T4197]  ffff8880263d3380: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[  969.499991][ T4197] >ffff8880263d3400: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[  969.508057][ T4197]                       ^
[  969.512393][ T4197]  ffff8880263d3480: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[  969.520467][ T4197]  ffff8880263d3500: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[  969.528534][ T4197] ==================================================================
[  969.536607][ T4197] Disabling lock debugging due to kernel taint
[  969.544333][ T4197] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[  969.551550][ T4197] CPU: 0 PID: 4197 Comm: kworker/u5:6 Tainted: G    B             syzkaller #0
[  969.555670][ T5942] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  969.560496][ T4197] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[  969.560510][ T4197] Workqueue: hci3 hci_rx_work
[  969.560534][ T4197] Call Trace:
[  969.585921][ T4197]  <TASK>
[  969.588872][ T4197]  dump_stack_lvl+0x168/0x230
[  969.593589][ T4197]  ? show_regs_print_info+0x20/0x20
[  969.598824][ T4197]  ? load_image+0x3b0/0x3b0
[  969.603374][ T4197]  panic+0x2c9/0x7f0
[  969.607405][ T4197]  ? bpf_jit_dump+0xd0/0xd0
[  969.611943][ T4197]  ? _raw_spin_unlock_irqrestore+0xf6/0x100
[  969.617861][ T4197]  ? _raw_spin_unlock+0x40/0x40
[  969.622744][ T4197]  ? hci_le_meta_evt+0x12c0/0x3b80
[  969.627887][ T4197]  check_panic_on_warn+0x80/0xa0
[  969.632863][ T4197]  ? hci_le_meta_evt+0x12c0/0x3b80
[  969.638008][ T4197]  end_report+0x6d/0xf0
[  969.642190][ T4197]  kasan_report+0x102/0x130
[  969.646723][ T4197]  ? hci_le_meta_evt+0x12c0/0x3b80
[  969.651864][ T4197]  hci_le_meta_evt+0x12c0/0x3b80
[  969.656827][ T4197]  ? hci_event_packet+0x2a0/0x12f0
[  969.662051][ T4197]  ? hci_remote_host_features_evt+0x280/0x280
[  969.668157][ T4197]  ? __mutex_unlock_slowpath+0x19e/0x6a0
[  969.673815][ T4197]  ? mark_lock+0x94/0x320
[  969.678172][ T4197]  ? mutex_unlock+0x10/0x10
[  969.682701][ T4197]  ? lockdep_hardirqs_on_prepare+0x3fc/0x760
[  969.688716][ T4197]  ? lock_chain_count+0x20/0x20
[  969.693663][ T4197]  ? __rwlock_init+0x140/0x140
[  969.698425][ T4197]  hci_event_packet+0xe05/0x12f0
[  969.703381][ T4197]  ? lockdep_hardirqs_on+0x94/0x140
[  969.708615][ T4197]  ? rcu_lock_release+0x20/0x20
[  969.713502][ T4197]  ? hci_send_to_monitor+0x9c/0x4a0
[  969.718718][ T4197]  hci_rx_work+0x255/0xa10
[  969.723133][ T4197]  process_one_work+0x863/0x1000
[  969.728138][ T4197]  ? worker_detach_from_pool+0x240/0x240
[  969.733762][ T4197]  ? lockdep_hardirqs_off+0x70/0x100
[  969.739049][ T4197]  ? _raw_spin_lock_irq+0xab/0xe0
[  969.744073][ T4197]  ? _raw_spin_lock_irqsave+0xf0/0xf0
[  969.749454][ T4197]  ? wq_worker_running+0x97/0x170
[  969.754470][ T4197]  worker_thread+0xaa8/0x12a0
[  969.759144][ T4197]  kthread+0x436/0x520
[  969.763201][ T4197]  ? rcu_lock_release+0x20/0x20
[  969.768042][ T4197]  ? kthread_blkcg+0xd0/0xd0
[  969.772622][ T4197]  ret_from_fork+0x1f/0x30
[  969.777033][ T4197]  </TASK>
[  969.780265][ T4197] Kernel Offset: disabled
[  969.784582][ T4197] Rebooting in 86400 seconds..