last executing test programs:

5.633507492s ago: executing program 1 (id=127):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000001c0)=ANY=[@ANYBLOB="1c0000002b00090025bd7000ffd3df2501000000080001"], 0x1c}, 0x1, 0x0, 0x0, 0x4000811}, 0x480f0)

5.477689927s ago: executing program 1 (id=129):
bpf$MAP_CREATE(0x0, &(0x7f0000000240)=ANY=[@ANYBLOB="1e00000007000000090000000e000000140400", @ANYRES32, @ANYBLOB='\'\v'], 0x50)

5.301348493s ago: executing program 1 (id=132):
r0 = socket$inet_sctp(0x2, 0x5, 0x84)
setsockopt$inet_sctp_SCTP_SOCKOPT_BINDX_ADD(r0, 0x84, 0x64, &(0x7f00000011c0)=[@in={0x2, 0x0, @dev={0xac, 0x14, 0x14, 0x15}}, @in={0x2, 0x0, @dev={0xac, 0x14, 0x14, 0x14}}], 0x20)
sendto$inet(r0, &(0x7f0000000080)="d3", 0x1, 0x20000050, &(0x7f0000000100)={0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0x2e}}, 0x10)

5.081340139s ago: executing program 1 (id=135):
r0 = openat$comedi(0xffffffffffffff9c, &(0x7f0000000080)='/dev/comedi1\x00', 0x1, 0x0)
r1 = memfd_create(&(0x7f0000000d80)='[\v\xdbX\xae[\x1a\xa9\xfd\xfa\xad\xd1md\xc8\x85HX\xa9%\f\x1ae\xe0\x00\x00\x00\x00\xfb\xff\x00\x00\x81\x9eG\xd9\xd6\x1c\x1b*\x9a!?\x7f\xa5\xad\x9a,\xe2\xc6a\x9f\xe8\xf1\xb3\x86\xe2+Op\xd0\xa2\x82\x1eb;(\xb5\xe1jS\xd6\x91%||\xa0\x8ez\xadT\xc8\f\xe5\x89\xbf#2\x99\x1e\xa1`\xc3\xcf\xd3\xae\xd2\a\x11\xa9\xa5^\xff\xf5\x95\f<\x8f\xc1\x99\x89r\xe1?\xbdu\x98\xc3\xf8\xd2Q#\xc6g\xa0\x85\xd6G\x85\x11X\x8d,\x02\xd45\xb8\xca\x97\x9d\xcb\x1e\x80\xd6\xd5>N&\xf8#\x80z8Z\xd2}\xf5\xe4\x9f5\x9b\x01\xf9t\xbb\x1er\x14\xdb\xd3\xcd\xfd\xbdnC\xec\x8aog\x87BR\x9d\xad\xd4FcB\xda\x95\xc3\xdd\x9d\x8f\x1a\xce\x18\x80\"j\xe1\xba\x1e\x97uX\xccv\xd6\vcz\x92A^\xbc\xceF\xf7\xe5:\xaf\xc5~\xbcJ e\r\x88c\x9d\xb92\xb6i4zq\xb3c\x0f\xb2t\x93\xf2E6b\xfa\xcdJ5\xe3W]`4\xd8D\x05\v\xfc)\xca\xedQ\xd0]Ot\'\xc2tDF\xf9\xa7\xb5(\x83\xa5\x0f\x1d\x1d\x06Dg\x13>\x19\xe85#\aaT\x89=\x104\xd5\x85Q\x96\x91\xea\x172P\xb3:\xadZ\xbc\xbe\x00\xf0\x14\x96\xd9M\xd7\x88QZs\xb2\xe1+$jfQodH\x05/y`~Mx\x02\x00(v\xe6`\x026\xfcgC\xb5\xf0\x13.zb\xc5bj+@\x00\x00\x00\x00\x00\x8e[\xb3\xa3\x87\xb9\xe2_Z\x11\xef\xc2]V\xf3\x03\x94\xb9\xe1\xa68\x8d\\\xe5\xef\xacpM\xf0\xa6\x04\x10\xb7\xc0t\x83\\\xf7\x12k\x9f\x10\xd5Z\x19\xc1\xc1\x80\\o\x97\xce=U\xdd\xaa\x1b\x05\x14\x13\xa6\xbd#\xde\x04\xe6$\xec$3\xf6\x97\xc6\xeaSL\xb7A72M\x88k@\xe5\xa3\n&\x1e\xc84\xa9\xe2\xccM\x906\x95xQ-2p\xd62\'\xec\x0f\x13;I\x95fE_\r\xe7\t!A\x05\xe4\x8f\x9e0\xf8/T\x18\xf7\xa1\x9f\xde1\xd5\x80<\xf5\b\xa9\xec\x85\xaeW\xb3\xd8#)bn \xfb\xf2\x88\xfaR\xff\xdd\x80\x96_\xec5\xf0\x1c\a\x8a\x80\x00@=\r8u+%f:\x1e\x82\xfap\xf6\x89\xea\xba\xe3\xbbM%F\xdb\\\xd1eJJ*\xc67\xca\x03\xa3\xf7(\xbb\xecN\xd4\xe7\xf2:u\x8a\b\xd5\v\xca\xfd\\\xd6\xe3\x05\xb3\x03\xd5\xe0\xd2\xf2{&\x8b\xdf\xa1\xbe}\xb2\xe4y\xbb\xe6\x1f\x10c\xf5WQ\x82\x04\x01C\x83,\x90\x1a\xfa\x8e\x17\x89\xe2\xedX\x8d\rmq\t\xb5$\xb4\x9b\x92z\xd6/-\x13,\xb5%\x8eM/\x04\xa7\x7f\x1b\x85\xf1\xa4X\x17\xbb\x1cR14\xfb!\b\x10\xe8\xb2\xd41gK\xe4\xea\xe39d\bL\xe5\x1b\xbd[\x9bWD:\r&\xe9\vn^\xcc\x86\xe3\xce1>3{\xaa{\xbd0P\x9f\xa68\xf5\x82\xb8\x9aD\x9c{\xe6\xf8\xcbD\xb5aJ\xb0\x92\x89\xbc\x80\x1ch\x89\xe7\xdd]q\x0e,>/\xaf|\xf0\x01V\x7f\xc9?\xba\x16\xe4$+\x02\x00\x00\x00\x00\x00\x00\x00\xa5\x94d9\xaf\xcfq\x8b=\x026\xef\r\x91\x18\xc5\xb6\xb9fM\x8ayZ\xbcd\xa5\x8a\x88\x98\xc3\xfc`\xa6\xba\x1f\x17\v$\x88g\xb4\xad\b\xc1\xddW\xa6\xc1\xb7\xb0\xa3\x84Q\x13GoU\xe2\xb7\x03\x9c\xd5\x0f\xa8\x0ef\"\x15\x82\xe7\xbd\xf8\xca\x10f\xfe6h\xe9\xc3\xc2\xa0O:\xac~\x1a\xf7\xbeF\xbe\xe5\xf0\x81\xd6&\xc0<Q8\xbeX\xde\xd6 \xef\x0e\xc2.\x9c=1\x15d\xddIv\x0fh\xe6M(D\xad\xeb\xcfX8\xb9\x8d\xbe(\xd3\x16?x\xbd@\x0f\xf5\xdb\xeb\xd7i*\xea\x86JX\xff;\x96\xbb\xa7\xa8u5R\xa2,\xba\xbc\x01\x12\xb3q,\x9d\xf8\xbdb`\xb3\xc6\x0f\xb3\xac\xc7\xa4O@\x81\xfc\x1a4$\x885\x97\xa9|\x99\x86*.\xda\x96RQ\xe5\xb1\xef\xb7\x10\x99\xd4\xa7\b\xcd\xe9\xa5\xf6wR\xc1\xdfH).\a\x9a\xab\x9e&+\xc4#\x90\xc9%\xbe\xd7o\x86\x13\a\xc0\x01w9u6\xdd\x9fJ^o\x1d\xda\x11?\xc1\xf5\xf7\xff\xec\x916\xceQ\xcfU\x035\x96\x8f\xc7\x84\"2\xef\x02\xcf\a+\x8a\xd1\x11\xb5\xa8\x92\f\xb3R\",\xfc!_&pD\xeb5\xc6\xc8\xff2\xee\x14\x83\x14l\x04\x80\xaa7\x80\xf1\x18\xf5\xa5\xd23\xe5\b\x00\xe8\x9c\xd4\xd0\a\x93#\xb9Z\xc0y\x97<\xe5i\xe9\xe4\xb02Cu\xe1d\r\x0e\xc1\xf1\x81^\xa7\xffz)\x19U\xe5\xd4\xf5@O#W\x8a\xbb3c+\n\x97\xa6\xf7\x90$\xd6*\xd0\x1b\x10\xe4HM:XO\x1b\rx\xc7\x12|\x7fN\xc9\xf9i\xe4\xe5-\x9b\xe407\x9d\xe8\xc6\x90\x9f_Jf\x05\r\x1b\x9af\v\xbcv\x83\xf3j\xaf\xd0_91 ^x\x85\x80[\xa3B\n#!\xc2R\xdd\xf4)\xba\x1e\xfb6U\xabc\xda\x9a)\xc3\x9a\x06\xc5\xccP)\xdf.\xa7-\x84\xdf8\xbf\xfc1^}B\xee\xccR/z\x1e\xe8\x1e\x99\x99\n\xf4u\xd4\xbd^L\xb2j\xda\xff\x1d\x10\xc8\xad\xbd_OI\xb1\xe8y\x003\a\x06\x92\x8e\n\x8b\xf3\xd4G\x85\xbd\x1a\x81+3\x99jq\xd1\xacK^\xef\xb6!8\xcd?\x1e\\\x16W2\xbd4$zn\xa9\x7f\x9dE\xaf\x0f\xdb\xe0\xfa\x10\xc3\xb2\xf8\x80\x8c\xec$\xda\xc0\x94y1\t\xc5\xe4\xf9\xf1%4\xb6&\xc28\x02\xc9\xce\xb8W6`S\bR\xb7\x8e\xdd\xb4\x1ehc\xbb\x87\xad\xdc\xe3\xf9\x18 \xee\xa1\xf1\tp\x0e{\x9ft\x81\xceH\xec{z\xa4E\x83YVa\xc4\x8c\xb4j\xc2\xc3DI\xa2\x8d\xe0', 0x3)
write$binfmt_misc(r1, &(0x7f0000000180), 0x0)
execveat(r1, &(0x7f0000000000)='\x00', 0x0, 0x0, 0x1000)
r2 = syz_open_dev$dri(&(0x7f0000000080), 0x1ff, 0x0)
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r2, 0xc02064b2, &(0x7f0000000200)={0x28f, 0xfff, 0x1})
ioctl$DRM_IOCTL_MODE_GETRESOURCES(r2, 0xc04064a0, &(0x7f0000000700)={0x0, &(0x7f0000000000)=[<r3=>0x0], 0x0, 0x0, 0x0, 0x1})
ioctl$DRM_IOCTL_MODE_CURSOR(r2, 0xc01c64a3, &(0x7f0000000340)={0x3, r3, 0xfffffffa, 0x4, 0xb, 0x1fd, 0x1})
ioctl$DRM_IOCTL_MODE_CURSOR(r2, 0xc01c64a3, &(0x7f0000001880)={0x1, r3, 0x8fff, 0x3ff, 0x4, 0x944})
r4 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000001300)=ANY=[@ANYBLOB="12010000000000205804115000000000000109022400010000000009040000050300000009210000000122940309058103"], 0x0)
close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2)
openat$snapshot(0xffffffffffffff9c, 0x0, 0x3f, 0x0)
syz_usb_control_io(r4, 0x0, 0x0)
timer_create(0x9, 0x0, &(0x7f0000000480))
timer_settime(0x0, 0x5, &(0x7f00000001c0)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0)
r5 = socket$inet_sctp(0x2, 0x1, 0x84)
r6 = socket$inet6_sctp(0xa, 0x5, 0x84)
shutdown(r6, 0x0)
getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r6, 0x84, 0x6f, &(0x7f0000000200)={<r7=>0x0, 0x10, &(0x7f00000001c0)=[@in={0x2, 0x4e23, @rand_addr=0x64010100}]}, &(0x7f0000000140)=0x10)
getsockopt$inet_sctp6_SCTP_PRIMARY_ADDR(r6, 0x84, 0x7a, &(0x7f0000000340)={<r8=>r7, @in6={{0xa, 0x3, 0x3, @mcast1}}}, &(0x7f0000000040)=0x84)
setsockopt$inet_sctp_SCTP_DEFAULT_SEND_PARAM(r5, 0x84, 0xa, &(0x7f0000000000)={0x10, 0x9, 0x200, 0x8, 0x74, 0x7, 0x1, 0x3, r8}, 0x20)
syz_usb_control_io$hid(r4, &(0x7f0000000340)={0x24, 0x0, 0x0, &(0x7f0000000000)=ANY=[@ANYBLOB="00220508"], 0x0}, 0x0)
syz_usb_control_io$hid(r4, 0x0, 0x0)
syz_usb_control_io(r4, 0x0, 0x0)
r9 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_CREATE(r9, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000004c0)={&(0x7f00000000c0)=ANY=[], 0x4c}, 0x1, 0x0, 0x0, 0x4010}, 0x0)
syz_open_dev$hiddev(&(0x7f0000000540), 0x0, 0x0)
ioctl$COMEDI_DEVCONFIG(r0, 0x40946400, &(0x7f0000000140)={'comedi_parport\x00', [0x400, 0x2, 0x7fffffff, 0x84e1, 0x2f, 0x2006, 0x6, 0x8, 0xa0ffa, 0x0, 0x7, 0x2, 0x1003, 0x1000004, 0xf, 0x10000, 0xffffffa8, 0x7ffbfffd, 0x1ff, 0xecd0, 0x10, 0x3fffe, 0x8, 0x7, 0x746f, 0x4, 0x5, 0x408, 0x4, 0x0, 0x7ffd]})

4.901853925s ago: executing program 0 (id=137):
syz_open_dev$usbfs(&(0x7f0000000080), 0x77, 0x10b701)
openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000040)=ANY=[@ANYBLOB="12010000000018105e04da070000000000010902"], 0x0)
socket$alg(0x26, 0x5, 0x0)
socket$inet6_tcp(0xa, 0x1, 0x0)
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000001300)={&(0x7f0000000280)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0xc, 0xc, 0x2, [@enum]}}, 0x0, 0x26}, 0x28)
syz_usb_connect$hid(0x4, 0x36, &(0x7f0000000000)=ANY=[], 0x0)
openat$sndseq(0xffffffffffffff9c, &(0x7f00000002c0), 0x202)
socket$inet6_tcp(0xa, 0x1, 0x0)
r0 = socket$unix(0x1, 0x5, 0x0)
sendmsg$NL80211_CMD_CONNECT(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000000)=ANY=[@ANYRES32, @ANYRES16=0x0, @ANYRES8=r0], 0x1c}, 0x1, 0x0, 0x0, 0x20000844}, 0x48885)
r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000000)=ANY=[@ANYBLOB="1400000007"], 0x50)
pwrite64(r1, &(0x7f0000000000)='L', 0x1, 0x7ffffffa)
r2 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
bind$bt_hci(r2, &(0x7f0000000040)={0x1f, 0xffff, 0x3}, 0x6)
write$binfmt_misc(r2, &(0x7f0000000000), 0xd)

3.649401385s ago: executing program 3 (id=145):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000a40)={{0x14, 0x10, 0x1, 0x0, 0x0, {0x1}}, [@NFT_MSG_NEWTABLE={0x14, 0x0, 0xa, 0x401, 0x0, 0x0, {0x1, 0x0, 0x8043}}, @NFT_MSG_NEWRULE={0x20, 0x6, 0xa, 0x401, 0x0, 0x0, {0x1}, [@NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}]}], {0x14, 0x11, 0x1, 0x0, 0x0, {0x2}}}, 0x5c}}, 0x0)

3.649182725s ago: executing program 2 (id=146):
r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f0000000100))
r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000140)='./binderfs/binder0\x00', 0x802, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000080)={0x8, 0x0, &(0x7f0000000400)=[@increfs], 0x0, 0x0, 0x0})
r2 = dup3(r1, r0, 0x0)
r3 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000040)='./binderfs/binder0\x00', 0x0, 0x0)
mmap$binder(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x1, 0x11, r3, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r3, 0x4018620d, &(0x7f0000004a80)={0x73622a85, 0x100, 0x1})
ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f00000004c0)={0x8, 0x0, &(0x7f0000000000)=[@acquire], 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f00000001c0)={0x4c, 0x0, &(0x7f0000000fc0)=[@transaction_sg={0x40486311, {0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x48, 0x18, &(0x7f0000000300)={@flat=@weak_binder={0x77622a85, 0x100a, 0x8000000000}, @flat=@weak_binder={0x77622a85, 0x1100, 0x3}}, &(0x7f0000000200)={0x0, 0x18, 0x30}}}], 0x0, 0x0, 0x0})
ioctl$BINDER_THREAD_EXIT(r1, 0x40046208, 0x0)

3.630313415s ago: executing program 3 (id=147):
openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0)
openat$sequencer(0xffffffffffffff9c, &(0x7f00000001c0), 0x0, 0x0)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000000), 0x20001, 0x0)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0)
mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1)
syz_open_dev$video(&(0x7f0000000000), 0x8, 0x20202)
syz_open_dev$audion(&(0x7f0000000040), 0x1ff, 0x0)
syz_open_dev$sndctrl(0x0, 0x80000000, 0x0)
syz_open_dev$usbfs(&(0x7f0000000040), 0x76, 0x101a01)
openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x0, 0x1cf)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='memory.stat\x00', 0x275a, 0x0)
openat$qrtrtun(0xffffffffffffff9c, &(0x7f0000000100), 0x0)
openat$tun(0xffffffffffffff9c, &(0x7f0000000040), 0x1c1341, 0x0)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='cgroup.stat\x00', 0x275a, 0x0)
openat2$dir(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', &(0x7f0000000080)={0x8000, 0x44, 0x18}, 0x18)

3.547907058s ago: executing program 3 (id=148):
r0 = io_uring_setup(0x7fc0, &(0x7f0000000000)={0x0, 0x3, 0x40})
io_uring_register$IORING_REGISTER_RESTRICTIONS(r0, 0xb, &(0x7f0000000280), 0x0)
io_uring_register$IORING_REGISTER_RESIZE_RINGS(r0, 0x21, &(0x7f0000000100)={0x0, 0x1513, 0x100, 0x3, 0x29d}, 0x1)
r1 = open(&(0x7f0000000440)='./bus\x00', 0x6687e, 0x221)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x300000c, 0x204031, 0xffffffffffffffff, 0xffffd000)
ioctl$int_in(r1, 0x5452, &(0x7f0000000200)=0x676d1df6)

3.46909178s ago: executing program 2 (id=149):
r0 = syz_open_dev$vbi(&(0x7f0000000040), 0x2, 0x2)
mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x0)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r1, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000040)=ANY=[@ANYBLOB="140000001000040000000000000000000000000a20000000000a01020000000000000000010000000900010073797a300000000058000000160a01000000000000000000010000000900010073797a30000000000900020073797a30000000002c0003800800014000000000080002400000000010000380140001007465616d3000000000000000000000005c000000160a0101000b000000000000010000000900020073797a30000000000900010073797a3000000000300003802c00038014"], 0xfc}}, 0x0)
ioctl$XFS_IOC_GETBMAPX(r1, 0xc0205838, &(0x7f0000000140)={0x5, 0x1, 0x3, 0x1, 0x6a, 0x8, 0x6})
sendmsg$NFT_BATCH(r1, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={0x0, 0x7c}}, 0x0)
openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x0, 0x0)
syz_init_net_socket$bt_l2cap(0x1f, 0x2, 0x0)
r2 = openat$vcs(0xffffff9c, &(0x7f0000000180), 0x50040, 0x0)
getsockopt$SO_TIMESTAMPING(r2, 0x1, 0x41, &(0x7f00000001c0), &(0x7f0000000240)=0x4)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x5)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x80200, 0x0)
r3 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r3, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
r4 = socket$qrtr(0x2a, 0x2, 0x0)
socket$kcm(0x10, 0x2, 0x0)
syz_open_dev$sndmidi(&(0x7f0000000280), 0x80000001, 0x101000)
socket$nl_rdma(0x10, 0x3, 0x14)
sendmsg$RDMA_NLDEV_CMD_NEWLINK(r2, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000140)=ANY=[@ANYRES32=r4], 0x38}, 0x1, 0x0, 0x0, 0x800}, 0x20000000)
r5 = openat$dlm_plock(0xffffffffffffff9c, &(0x7f0000000000), 0x41, 0x0)
r6 = socket$inet_mptcp(0x2, 0x1, 0x106)
connect$inet(r6, &(0x7f0000000040)={0x2, 0x4e24, @initdev={0xac, 0x1e, 0x0, 0x0}}, 0x10)
setsockopt$sock_int(r6, 0x1, 0x20, &(0x7f0000000000)=0xfff, 0x4)
write$nbd(r5, &(0x7f0000000340)={0x1000000, 0x0, 0x0, 0x40, 0x9, "82b0cfc4337965941538be09000000000000000000007400a391793ba70d0000000000fdf700000000baffda6e4a4d83"}, 0x40)
bpf$MAP_DELETE_ELEM(0x3, &(0x7f0000001880)={r5, &(0x7f0000000880)="4ac6a6728c7057c003ef14ffac9a8ede36268acefa248ac0847fbd52a6b941d0056b15e142d1ace4efd6bd4e5e6af46cbfb203b1bb8f4cbbb6c93d2830ff33bdf8e772619bb8b597ff939dbe3f8450766f786bfc46329bdc255d2df667412e93f8d31d81ede15db8f94b45131aab7201f29866b2dc17511e9ad3d73233b27a2c6b762e19ae058e19b3211efd5dd379afabd9337ac8f6fa6a048c3393a6833ef97932f4c845825fcacaab0629e420cabac4c87239f6212888881ae6169d2bb1506e06b00afb65f7f1b142496b2bd919266190d34c3e3a00dd2ba7953ac030d74abea09cc2780b61a88e83c46e9a8a605e3f8fa28f23e15ed5329eedd31ec396688a155467e318d0b8ba34c7d191a4ddd14ceb3a6c337de63d36c303233b0818b2a8481a602a5230d5e601905f07c1fed05d7605737b3d37cbac980494997f85e61c510a70d4ce705a7badc197c700c9a2b2d506decaf301983361b57ecc4f64f89bbfc552400a0b7eae787607e32a0cf985813cca32ea18dee39da4bc4ded12ec983eb9b5b51fdb94f11da9eb87b86756d2f6c2df637ef6a89432c68ebff0e7826efe9e633f072a1e29de97fcff16b30693dd1df20e1a89dc4ca728073bf0edfce4644da3b48468a1c2433636f4d2e48db8ddb3d942496bb11d9ac7c388ae2062916018b4eaf8843465c40962e1b7cb062d32db236020e99d8de18a70862885532a4dd17ad383cc1db443f23c6e5ab44ddb5fcfebe1225dcaed0595194f179db455d7e5efe5df5961b437293a8f2436a90cf94a64c07e86bf1989bbc7044c4e15021f9c33c31740a8ae7a073e8b507341b70896b44fd00af117e601635a8d9613695848934e22b30587476062185a2d9a1f258dbf77cacb8ffe6cca1cc024fb11659a637e9bdfcf07b5a1ec0226425ad19e9bf0744501db925d2f46daebba755f3e44585e981816f53c32f105130f6757fad9fae496dbe4507c56d4ff3e2eaaacdab05e0bd46bd2822791ba43b2adf2e0954a1629ba06a30374997669e96ffe5003e7f661ded0631fd23c982496025dcb3cc5dbe1aae56389c09958b0e620b0453921fa21a6bfeab349930a6e9051e2491b9c87c89bfb0c54389a5a90671fab22538b6acb50d9140f0d3770c0f2683dfe442823242ae5bc84084971e96a666ff449a9bcc27022271443def7565264aa8ea5a4afbf1421ec72469c4d260122b8fd560b6f7acd2089c526deb89207375ee2ffa4c47b103560eac98b6b9b6a300dd6e23986b711a8a0b1918fccd2debef558886a0edebbd3ab7ba0b9368582ac287623a90cc443b55b563f1ec60edbb45d2734452222519ab04957f2b0bd5577080216c02c3aefa15a92c8f35eb72a4a282f2d167b91f5ec4ab61fcb4d0831c49a8a1e4e00cb48959a95211e85fd2150c5d046c5c759e0d579f75198cb57157e84cccadb281be9d4038d67589558c69a2743225713093c2f9b365b719b465f7e4dc7ae68403b4d049dce986ed04f624cac63ff0664ac14bc8a32aad5faf86f12cbce5e5ddd0d1daf1a224912ac53a0366d9c2725cc1ce359bfb5f5cd4e7d7ed8b7d5db761f8343e03fa1b638d8bc81b66f945d26f7519d2aeb77cabcf707a9a5ecb4b9e593aa5a6a961421f3c5fac0a1da1ad02d9e47369867ba3a4c57d01e2cd4f778249dd1f5fc7b59f5a7f8c1d6f5ede07fb95d5c954ea7723d4181219b71c8c7807cd87144049f3890b754c81882112827a37fa305ba3159fe920f1fdc255c8dc991941771c5f4ff580bce744a8b9639260ec345cd2328f8c467f970b897af04159f235f72f6cab529429ede677cd57fa6c5bfbff6cd2480e33c57d486714601f48162e8750fb1c2c815b54df3525ee311c591fa41f00812680fd7b9be619caf4af568437d77db5c6e42fa91facdde0893393e87f28039dabba1c29273517ca7bd224773dbcd0d0849003cdfcf6122d372623eba7e4f35773b11c840db2cd8c220c7f1482ab139f8ae3a7cea70e7a430dddc09be9017ee9f5e92dc3061309624c38cef0f695eacaa9932a2a935c8ba799c28e4b2f3e16fc2f643cef9e48ff344ecee342a7c1e13ce51f5d48958f954c76b45f8e9a7a4ee69c4fb53bff92659f461ae5b914ba66cc2e8ca64edded17de4f8d86f50ea1c4094b88e9151217302b9e233d306fb297a67178a75d52416bfe44938c174f9233f22a7d9fff3556f7eeb40d200af605160ec7342f3811faea07418701358d4bfc6d18e161ee6128edd7d321291da90dc852930ed0cf8098431e375124f4919f66f2cf539990f0f7f99a8e3bc55275cf60ea03251f9892d9b959efed12b84a27604687ae4469b5d1c28d03cb29e8cbf1b1ecde50c612b8c8890d8c985740604b4e3e4cea832ecfd3bb5038dbaea276eaa3938b20be57d66ceccbd4990a8d3682913a277e7b02181ec9d96f0bbab2892338326facfff4fb05323506be340d1556795dd8a49fd7d2f45ad0dadffef52533eb9105c89f61461d440292100f59229b260a70e3f9b831ab2c9f60996a9644d6676363cb05068460f538173408f6854a39bb7a999ab1047eddd3f6122aa0679995cd0dafca218766698a68fbf75056991ab5e7f8362cfa67b3c6a05ad87841dc8be1edd5d8a6972a8c7038cf6585ffdb8d549902a5dc58fb98847829871c23fe4ab996e9417018be5ff3f6da37b4cf48176f1dd8a257ffa739d8a2061baa1935439cd7e2f313aedbb003a96cdace07cc72d86dcbcc61f8c2938dbce32c9f17ddf115126c83a2dbadb44493dcc42dca8a785f5d9759e59cfe2758ae0910384a076325ca2b3c67f83a3c010f82f762978c8aabe38c30fdb7b881644175c2b6a828f60431707336d64d3768aeab7bd806a42dd18a239b95745f7f803b6110f5ef0d65dfad9b1e8d04bd42c651eee489d46bd296c790aaa34f739534070a76b0b876871edac7d2304099bb54884590b51aa680220cc2dbc9c3ecf5bf954eb51c1acd6549329e47140a1245f344274fd72a05d5c76ac6faeabdc7561aa375ffc54887720ecd405ff82dc4f9ed27f440d6be57f0653736e876d7109d03f126d52dc9d546eea34d00b442e9be7b5fa33b98e605926c8e39c1644c9cb39334d28a83cbc02f05e73e9b5d0a3be0caded1e7be2e7ed0b078bc0d749ac5483270692f39ed2b648b847d2fecbf56581745c0c15a6faa5dfac40e94f249cac74fcc297bb3645969590cb99ee9b630c61e0ca8c622f1f66732eec4af330a91ad60444d4de2c2aa47a902488b6202511b542935ee478880378d4e18ad26abde96a1c21c917dbd0c9e4233b79595a871b8abe23b078c1721d45fb36a9fa5249b7a9624774ac5e8f64785fa9c2421d717ff97cfa497d7b730d7d62d2c4678bf36a1a69cbecd94bd916949827fcd7f4ba30f7d5ebc6c851f7232fc98680154770b98e00f5294a87044150e0501686fdd409b060fe8773bc6e48b3ed6d96a0b2c06b05ed6382b8d6571e7704256e0589ec91cec529a587a6f5924c8089d1af458a2c058f465ee0bac693867a9ba3c1622eab93f0cb82dee81f49a825426c52f93e92efa2d516ada9fb34735ddc72243de09de60aca6e7738fd731d724d91b97ac59ce73012937de00f31b899f62677ae0ced6413d087b087d4af995305c2e286039b9c96d397e285eeba5f1b88a809550d7df9634b98f38fa37b881ce74b54d5e39e5fa21b4f1bfb50d2615d026a175f26bf41931905f416a16d7c1b98631987156982af8d09a86d51d1075614bb94b35f1fd039571489200902830da3d130ce2e0e70687c57d150ba6810db46a9841fe22502135a007bf5ef07621c0e0cb3c5cd2f02044b50481f92c2dcdcd2ded742d6209f476160f55934b4952474d31ae2fe4e3c062526f90f1d157e218689548b9428fe85d353c9c53acce7fae82211326cffeaa55e1d5f7b3d8d33ddf64db181942648ead68fa50d0221fc56faf2b6ee0819d0343272ab343aeed2915c03615d39d149d44e8d7665ce1a38435acd7024028f156ba5c325833d1c67e026048ed7eb8510f9a2e93ddd2bcd67a005d8cca6018179bcfa06ce3926390c53b6d5e7b8e1457e292e7e7e3b61c4004ea8f69bc07afcc38668f7321fbb1bfda0a34f833f99cbac160d71813070c9a6e8e0e726519dc93bf2036eef5aeaed26bf87fc2cb8eab8cd9418f518446dff64478541fcced68c874a88075f0a5968670bde512a2444c6abfd4dc8cbbc2d1025afa13a69caadf1896b343bacce6fc84dbc214bc8d512f62327cced78f1334dde05a19cd0c4442229f3af1ddace078aad37106f20e53b1c5fe92dd2dacdc4f07ba07397ff72ec9913ab6c8e66fc2c7a2622c4ff7ba27fd7def9dab918a0c7876f5b620b48eb893e608f332f483cf85594d3e71b309fcf9580e0ee83ac45cce642aa4d79fecc6ada27e6104f9238119e2b43122a15ac43e88c442a723eccac43ab5ae47050ac54c87590bdab5f8d6c195ef67520a4a7aedf10930e197f06cf546e036385d587db366180adf0f670ebd0e42e91ea3d33cf972d878af7fe93d6720a0d0adcd20f57495ae9e334f06916ce5d67b19da0228d1820a14f7c1d0077d683ff6ff8d93f8ec7753906f6351c8d34663a6b35edc9ea7d2be17fbe5cb5d1f3d6f08e511af7e4835e9f7f9d3e3259432924ae25bbb3ea463683f42a12cad569a7bb43c335ee153e21aa3a76f16d90a1cd4d7f4bd9d6928ce1750c62e79ab0c19e9af5dfe17af1bbdd041fd3c936b546a8f5e5b796dc1488c433e3fdf58309df4f7df6f84e9c9fba3bdffe4dffe9d300c339f8fffb92f3b3c4fe75b55c955a0ef42536c8181dc6131dbfb7d6a779ba7fd4075d46cd8a7e9e9dc41e33102da8a55db8c4e544a636c34ab557339dbc2337359508f15dc00ceb300469eace213e5271e9065e903fb54953288e593024cce2c6c0e3f295b354d57389686270512d171d055d4c5d1b1e519f8899829cd81b7577274ef337720b3ade83aa8826a6e5341d472191878b9326702e506f1847a2f7b25eedba0a04b0b118779497e1ab31be8bae65abf492407291be8a54346c333c75860c6de779b4c13b6e7305331e7db6506e88e91587c81bf816b1b9315763fd7ebfe6beb4f47014e3a9f198c4fc83944b4991b57cdbff3d7c7351becbfc0db7175fec16dd89b9fea469b1d81bc4da4ea137d0f871e72c065f318ddcb289108030b924b26b97f4a40df779cf766e0029da3713a53156c9de2ed0f3666f09833d7844d4f485143cb7a3393904796aa365e1830f06bec89b34d24053fc23e0bf699683131b0ad327418d7e9acc25dd67783cab30349ee97cca653034c7f0dc6b8b0e922602f30bfa2ee5ada218886b2d8a79daad247a13a96dba8c74a1f91176ca62ae315ec45622c0adfb254e02efbaac05bd3abfca614e0b9bfbab8500f87a8f253c4b06cd81ab6013e03ba854ac42b73ce47ee6ad75412afa4265a822c153e3f0bba475b20004f3fc77d40d6e024a3aed0c1101b59878ceb4624730ca1e3facb8fa6f4c69672235c0709d6488a166b5725a232105f3c8daa9dedfa345ab65a89c2082aace03740e7b6c"}, 0x1c)
mount$afs(0x0, &(0x7f0000002840)='./file0\x00', &(0x7f0000002880), 0x700, &(0x7f0000000200)=ANY=[@ANYBLOB='dyn'])
umount2(&(0x7f00000002c0)='./file0\x00', 0x9)
ioctl$VIDIOC_S_FMT(r0, 0xc0d05605, &(0x7f0000000440)={0x5, @win={{0x735, 0x9, 0xe1, 0xfffffff9}, 0x1, 0x8, 0x0, 0x6, 0x0, 0xcf}})

3.413310432s ago: executing program 3 (id=150):
syz_mount_image$ext4(&(0x7f0000000080)='ext3\x00', &(0x7f0000000480)='./file0\x00', 0x0, &(0x7f0000000300)={[{@nombcache}, {@max_dir_size_kb={'max_dir_size_kb', 0x3d, 0x7}}, {}, {@commit={'commit', 0x3d, 0x6}}, {@quota}, {@nomblk_io_submit}]}, 0xfe, 0x470, &(0x7f0000000580)="$eJzs3M9rHFUcAPDvTH71d6LWH62tRitY/JE06c+Dl4qCBwVBDxVPMUlLbdpoE8GWQquHepSCd/Eo+Bd40ouoJ0HwpHcpFOnFKggrMzuTrJvdmG222W7384Fp35t52/e+++btzLy32wB61mj2RxKxLSJ+jYhN1ex/C4xW/7p189L0XzcvTSdRqbzxR5KX+/PmpemyaPm6rdVMpVLkhxrUe/XtiKm5udnzRX588ex74wsXLj5/+uzUqdlTs+cmjx07dHDv4JHJw22Jczhr61DM79n1ylvXXps+ce2dH77K2rutOF4bR7uMVt/dlfraXVPnba9JJ/0Ni9yDUXe/rFOy7hrIx/9w9MXmpWPD8fLHHW0ccEdVKpVKo+tz4UqlTtTvALpYYkhDjyov9Nnzb7lt0K3HXeHG8Yj3j1bjv1Vs1SP9kRZlBuqeb9tpNCJOXPn782yLOzQPAQBQ65vjEfFco/u/NB6qKbejWEMZiYj7IuL+iHggInZGxIMRedmHI+KRFuuvXyFZef+TXr+twNYou/97oVjbWrr/+6eSx18Y6Sty2/P4B5KTp+dmDxTvyf4YGMryE6vU8e1LP3/a7Fjt/V+2ZfWX94JV6fX+ugm6manFqXWGveTGRxG7++vizyVRLuMkEbErIna39C8vP2GcfubLPc1KLce/OSIaxb+KxutMrbXyi4inq/1/JeriLyVN1ycnjh6ZPDy+KeZmD4yXZ8VKP/509fVm9f9//99ZWf9vqT//l3vvcnbKJ5siFi5cPJOv1y60XsfV3z5p+EyzZR3n/2DyZp4eLPZ9OLW4eH4iYjB5deX+yeXXlvmyfBb//n2Nzv80/4yLov8fjYjsJN4bEY9FxONF25+IiCcjYt8q8X//4lPvNjvWPP5VZuXbKIt/pkH/15z/I1lquf9bT/Sd+e7r1uMvZf1/KE/tL/as5fNvrQ1cz3sHAAAA3SLNvwOfpGNL6TQdG6t+h39nbEnn5hcWnz05/8G5mep35UdiIC1nuoZr5kMnirnhMj9Zlz9YzBt/1rc5z49Nz8/NdDp46HFbm4z/zO9+sQH3vjasowFdyviH3mX8Q+9aHv9HOtoOYOO5/kPvajT+L3egHcDGc/2H3mX8Q+8y/qF3Gf/Qk5r+Nj5d10/+uzbxy467ohldkIi09Vf1RyfbPNjR2m870b/m/8ziNhNDDQ91+pMJAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACgPf4NAAD//1xS8Ns=")

2.744076724s ago: executing program 0 (id=151):
mkdirat(0xffffffffffffff9c, &(0x7f0000000200)='./file0\x00', 0x0)
mount(0x0, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000080)='sysfs\x00', 0x1214040, 0x0)
mount$tmpfs(0x0, &(0x7f0000000000)='./file0\x00', 0x0, 0x100000, 0x0)
mount$bind(&(0x7f0000000000)='.\x00', &(0x7f0000000200)='./file0\x00', 0x0, 0x81899, 0x0)
mount$bind(0x0, 0x0, 0x0, 0x100000, 0x0)
mount$bind(&(0x7f0000000080)='./file0/../file0\x00', &(0x7f00000000c0)='./file0/file0\x00', 0x0, 0x8b101a, 0x0)
mount(0x0, 0x0, 0x0, 0x80000, 0x0)
mount$tmpfs(0x0, 0x0, 0x0, 0x0, 0x0)
r0 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$SMC_PNETID_ADD(r0, 0x0, 0x4)
mount$bind(&(0x7f0000000500)='./file0\x00', &(0x7f0000000180)='./file0\x00', 0x0, 0x1333404, 0x0)
mount$bind(&(0x7f0000000240)='.\x00', &(0x7f0000000280)='./file0\x00', 0x0, 0x1005848, 0x0)
umount2(&(0x7f0000000000)='./file0\x00', 0xb)
syz_io_uring_complete(0x0, 0x0)

2.381531235s ago: executing program 2 (id=152):
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
ioctl$sock_netdev_private(r0, 0x8942, 0x0)

2.381255805s ago: executing program 1 (id=153):
prlimit64(0x0, 0xe, &(0x7f0000000000)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
bpf$BPF_BTF_LOAD(0x12, 0x0, 0x0)
sched_setaffinity(0x0, 0x0, 0x0)
r0 = getpid()
sched_setscheduler(r0, 0x1, &(0x7f0000000100)=0x5)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000001480)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f00000004c0)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
openat$binfmt_format(0xffffff9c, &(0x7f0000000040)='/proc/sys/fs/binfmt_misc/syz0\x00', 0x2, 0x0)
syz_open_dev$vim2m(&(0x7f0000000140), 0x200000001003, 0x2)
syz_mount_image$fuse(0x0, 0x0, 0x420, 0x0, 0x0, 0x0, 0x0)
mount$nfs(0x0, &(0x7f0000000180)='./file0\x00', &(0x7f0000000080), 0x293808, &(0x7f0000000240)=ANY=[])
r3 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
bind$bt_hci(r3, &(0x7f0000000080)={0x1f, 0xffff, 0x3}, 0x6)
write(r3, &(0x7f0000000340)="4700000001003f", 0x7)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
keyctl$KEYCTL_PKEY_QUERY(0x18, 0x0, 0x0, &(0x7f0000000080)=' hash=', 0x0)
r4 = syz_open_dev$usbfs(&(0x7f0000000480), 0x76, 0x160341)
ioctl$USBDEVFS_IOCTL(r4, 0xc0105512, &(0x7f0000000200))
ioctl$USBDEVFS_IOCTL(r4, 0xc0105512, &(0x7f00000000c0)=@usbdevfs_connect)
waitid(0x1, 0x0, 0x0, 0x8, 0x0)
socket$nl_netfilter(0x10, 0x3, 0xc)
r5 = syz_open_dev$vim2m(&(0x7f0000000000), 0x100000002, 0x2)
ioctl$vim2m_VIDIOC_CREATE_BUFS(r5, 0xc100565c, &(0x7f0000000180)={0x0, 0xfff, 0x1, {0x0, @raw_data="67183bd515bc034bd9a3ebb9ae2bb55882d73f1090d5daddab857282a9c42dccd25ecad83500ac40f2485453aa1ad21578aa5269183a784e8600754210e6f289f506c8929ee7a29ccd26abddbe6f6d60461be157cb2bc0d89d484e4f8b1f1c8ab8855edab1ec89403607f2da2db807b3d2e8f881a30ca59d7b490483ff074ab430d4ae1d45ab8fd3699825da1d398912715a299ad6ef1dec70a9b1e97246aae1cdd2f63e37eac8c9146a554ca335e498dca727b67b9587f9938490ce1145ab0a49d70a09b87329a3"}})
ioctl$vim2m_VIDIOC_PREPARE_BUF(r5, 0xc058565d, 0x0)
socket$nl_netfilter(0x10, 0x3, 0xc)

2.357217306s ago: executing program 2 (id=154):
ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x1})
r0 = socket$inet(0x2, 0x2, 0x1)
bind$inet(r0, 0x0, 0x0)
r1 = socket$inet(0x2, 0x2, 0x1)
setsockopt$sock_int(r0, 0x1, 0x2, 0x0, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
ioctl$BTRFS_IOC_INO_PATHS(r1, 0xc0389423, 0x0)
ioctl$TUNSETPERSIST(0xffffffffffffffff, 0x400454cb, 0x1)
r2 = socket(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000000)={'lo\x00', <r3=>0x0})
sendmsg$nl_route_sched(r2, &(0x7f0000000740)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000000040)=@newqdisc={0x5c, 0x24, 0xd0f, 0x3, 0x0, {0x60, 0x0, 0x0, r3, {0x0, 0x3}, {0xffff, 0xffff}, {0x4}}, [@qdisc_kind_options=@q_pfifo={{0xa}, {0x8, 0x2, 0xff}}, @TCA_STAB={0x24, 0x8, 0x0, 0x1, [{{0x1c, 0x1, {0x6, 0x1d, 0x5, 0x2, 0x0, 0x3, 0x4}}, {0x4}}]}]}, 0x5c}, 0x1, 0x0, 0x0, 0x1d4}, 0x8840)
sendmsg$netlink(r2, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)=[{0x0}], 0x1, 0x0, 0x0, 0x4040010}, 0x0)
mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x5)
r4 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$nl_route(r4, &(0x7f0000000740)={0x0, 0x0, 0x0}, 0x0)

2.266080059s ago: executing program 0 (id=155):
r0 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
r1 = syz_open_procfs(0x0, &(0x7f0000000480)='task\x00')
r2 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000840)={0x1, 0x2, 0x3000, 0x2000, &(0x7f0000003000/0x2000)=nil})
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x11, 0x0, 0x0)
timerfd_settime(0xffffffffffffffff, 0x3, 0x0, 0x0)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='memory.events.local\x00', 0x275a, 0x0)
syz_open_procfs$namespace(0x0, 0x0)
mount_setattr(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0)
fchdir(r1)
mount(0x0, &(0x7f0000000080)='.\x00', &(0x7f0000000000)='proc\x00', 0x0, 0x0)
syz_open_procfs(r0, &(0x7f0000000280)='auxv\x00')

2.185459851s ago: executing program 2 (id=156):
r0 = socket$netlink(0x10, 0x3, 0x0)
bind$netlink(r0, &(0x7f00000000c0)={0x10, 0x0, 0x0, 0x2ffffffff}, 0xc)
setsockopt$sock_int(r0, 0x1, 0x8, &(0x7f0000000240), 0x4)
r1 = socket$netlink(0x10, 0x3, 0x0)
bind$netlink(r1, &(0x7f0000514ff4)={0x10, 0x0, 0x0, 0x2ffffffff}, 0xc)
r2 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r2, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000040)=ANY=[@ANYBLOB="280000001000010029bd7000fcdbdf2500010000", @ANYRES32=0x0, @ANYBLOB="1a8904000a00000008001b"], 0x28}, 0x1, 0x0, 0x0, 0x40801}, 0x6000000)
r3 = openat$tun(0xffffffffffffff9c, 0x0, 0x20a02, 0x0)
ioctl$TUNSETIFF(r3, 0x400454ca, &(0x7f0000000080)={'\x00', 0x2})

1.304180479s ago: executing program 3 (id=157):
syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff)
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000340)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff000000000200"], 0x7c}}, 0x0)
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000500)=ANY=[@ANYBLOB="140000001000010000000000000000000300000a6c000000060a0104000000000000000002000001400004803c0001800a0001006c696d69740000002c00028008000340000000050c000140fffffffffffffffe06000240000000000000000408000440000000010900010073797a30000000000900020073797a3200000000140000001100010000000000000000000000000a"], 0x94}}, 0x8810)
ioctl$KVM_SET_IRQCHIP(0xffffffffffffffff, 0x8208ae63, 0x0)
r0 = socket$kcm(0x10, 0x2, 0x10)
sendmsg$NFT_BATCH(0xffffffffffffffff, 0x0, 0x20050840)
sendmsg$kcm(r0, 0x0, 0x0)
dup(0xffffffffffffffff)
connect$inet6(0xffffffffffffffff, &(0x7f0000001940)={0xa, 0x0, 0x0, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, 0x9}, 0x1c)
openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040), 0xa101, 0x0)
openat(0xffffffffffffffff, &(0x7f0000000380)='./cgroup.cpu/cgroup.procs\x00', 0x0, 0x4)
openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000200), 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000000)=0x7)
r1 = syz_open_dev$sndmidi(&(0x7f0000000780), 0x2, 0x143102)
writev(r1, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
r2 = socket$nl_netfilter(0x10, 0x3, 0xc)
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, 0x0)
r3 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$nl_route(r3, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000001140)={0x0, 0x84}}, 0x20008040)
r4 = syz_init_net_socket$bt_l2cap(0x1f, 0x2, 0x0)
r5 = syz_open_dev$radio(&(0x7f0000000100), 0x2, 0x2)
ioctl$VIDIOC_SUBSCRIBE_EVENT(r5, 0x4020565a, &(0x7f0000000140)={0x3, 0x98f907, 0x5})
connect$bt_l2cap(r4, &(0x7f0000000040)={0x1f, 0x0, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x10}, 0xb}, 0xe)
sendmmsg$sock(r4, &(0x7f0000004100)=[{{0x0, 0x0, 0x0}}], 0xffffff80, 0x0)

1.294728119s ago: executing program 1 (id=158):
syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f0000000000)='./bus\x00', 0x2008002, &(0x7f00000001c0)={[{@max_dir_size_kb={'max_dir_size_kb', 0x3d, 0x1000}}, {@quota}, {@nodiscard}, {@stripe={'stripe', 0x3d, 0x9}}, {@barrier}]}, 0x1, 0x558, &(0x7f0000000680)="$eJzs3c9vI1cdAPDvTH52d9vsQg9QAbtAYUGrtTfedlX10nIBoaoSouKAOGxD4o3C2nGIndKESKR/A0ggcYI/gQMSB6SeOHDjiMQBEOWAVCACbZA4GM14kriJw5rEsdn485Fm58ebme979s6852dnXgBj60ZE7ETEdES8GRFzxfakmOLVzpTt92h3e3Fvd3sxiXb7jb8leXq2LbqOyVwuzjkbEV/9UsQ3k+Nxm5tbDxdqtep6sV5u1dfKzc2t2yv1heXqcnW1Urk3f+/OS3dfrAysrNfrP3v/iyuvfe2Xv/j4e7/Z+fx3s2xdKdK6yzFInaJPHcTJTEbEa+cRbAQmivn0iPPB6aQR8aGI+FR+/c/FRP6/EwC4yNrtuWjPda8DABddmveBJWkpItK0aASUOn14z8altNZotm49aGysLnX6yq7GVPpgpVa9c23md9/Od55KsvX5PC1Pz9crR9bvRsS1iPjBzFP5emmxUVsaTZMHAMbe5e76PyL+OZOmpVJfh/b4Vg8AeGLMjjoDAMDQqf8BYPyo/wFg/PRR/xdf9u+ce14AgOHw+R8Axo/6HwDGj/ofAMbKV15/PZvae8Xzr5fe2tx42Hjr9lK1+bBU31gsLTbW10rLjcZy/sye+uPOV2s01uZfiI23y61qs1Vubm7drzc2Vlv38+d6369ODaVUAMB/c+36u79NImLn5afyKbrGclBXw8WWDnAv4MkycZaDNRDgiWa0LxhffVXheSPh1+eeF2A0ej7Me7bn4gf96H8I4ndG8H/l5kf77/83xjNcLHr2YXydrv//lYHnAxi+U/f//2Gw+QCGr91Ojo75P32QBABcSGf4CV/7e4NqhAAj9bjBvAfy/T8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABcMFci4luRpKV8LPA0+zctlSKejoirMZU8WKlV70TEM3E9IqZmsvX5UWcaADij9C9JMf7XzbnnrxxNnU7+NZPPI+I7P37jh28vtFrr89n2vx9sn9kfPqxyeNwZxhUEAPr3p352yuvvSjHv+iD/aHd7cX86xzwe8/4XDgYfXdzb3c6nTspktNvtdsRs3pa49I8kJotjZiPiuYiYGED8nXci4iO9yp/kfSNXi5FPu+NHEfvpocZPPxA/zdM68+zl+/AA8gLj5t3s/vNqr+svjRv5vPf1P5vfoc4uv//NRuzf+/a64k8WkSZ6xM+u+Rv9xnjhV18+trE910l7J+K5yV7xk4P4yQnxn+8z/u8/9onvv3JCWvsnETejd/zuWOVWfa3c3Ny6vVJfWK4uV1crlXvz9+68dPfFSjnvoy7v91Qf99eXbz1zUt6y8l86IX7nnb98pPzTB8d+ps/y//Tfb37jk4erM0fjf+7Tvd//Z/N579c/qxM/22f8hUs/P3H47iz+0gnlf9z7f6vP+O/9eWupz10BgCFobm49XKjVqutnWsg+hQ7iPMcWsiz2t/N+c/FsQf8Y+cLhy5JEEoMuV9YY62fnqfN6Vc99YfKgrTjYM389O+OQi5MOvBSnWYirxcKjYQUd3T0JGI7Di37UOQEAAAAAAAAAAAAAAE4yjL9hGnUZAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAuLj+EwAA//8GP8IF")
lchown(&(0x7f0000000000)='.\x00', 0xffffffffffffffff, 0xee01)
mknodat$loop(0xffffffffffffff9c, &(0x7f0000000080)='./file0\x00', 0x1000, 0x0)

1.109415756s ago: executing program 2 (id=159):
mount$9p_rdma(0x0, 0x0, 0x0, 0x800, 0x0)
socket$nl_netfilter(0x10, 0x3, 0xc)
openat$sysctl(0xffffffffffffff9c, 0x0, 0x1, 0x0)
mkdir(0x0, 0x21)
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_CREATE(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000001140)={&(0x7f0000000200)={0x14, 0x2, 0x6, 0x5, 0x0, 0x0, {0x4, 0x0, 0x1}}, 0x14}}, 0x0)
sched_setaffinity(0x0, 0x0, 0x0)
r1 = syz_open_dev$vim2m(0x0, 0x20000000fe, 0x2)
ioctl$vim2m_VIDIOC_REQBUFS(r1, 0xc0145608, &(0x7f0000000040)={0x8, 0x1, 0x1})
pipe2(0x0, 0x100080)
lseek(0xffffffffffffffff, 0x8000000000000000, 0x0)
sendmsg$IPSET_CMD_ADD(r0, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000180)={0x40, 0x9, 0x6, 0x201, 0x0, 0x0, {0x2, 0x0, 0xffff}, [@IPSET_ATTR_DATA={0x18, 0x7, 0x0, 0x1, [@IPSET_ATTR_IP={0xc, 0x1, 0x0, 0x1, @IPSET_ATTR_IPADDR_IPV4={0x8, 0x1, 0x1, 0x0, @multicast2}}, @IPSET_ATTR_MARK={0x8, 0xa, 0x1, 0x0, 0x2}]}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_PROTOCOL={0x5}]}, 0x40}, 0x1, 0x0, 0x0, 0x800}, 0x40c0080)
syz_usb_control_io$lan78xx(0xffffffffffffffff, 0x0, 0x0)

1.066470837s ago: executing program 0 (id=160):
r0 = socket$inet_smc(0x2b, 0x1, 0x0)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='memory.events\x00', 0x275a, 0x0)
write$cgroup_subtree(r1, &(0x7f0000000100)=ANY=[], 0x32600)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x2000001, 0x12, r1, 0x0)
close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2)
connect$inet(r0, &(0x7f0000000140)={0x2, 0x4e23, @rand_addr=0x8}, 0x10)

249.99µs ago: executing program 3 (id=161):
r0 = creat(&(0x7f00000002c0)='./file0\x00', 0x104)
r1 = open$dir(&(0x7f0000000080)='./file0\x00', 0xc402, 0x80)
mmap$xdp(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x0, 0x12, r1, 0x0)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000003bc0)={0x2, 0x4, &(0x7f0000000200)=ANY=[@ANYBLOB="180000000300000000000000fe020010850000000700000095"], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x100, 0x70, '\x00', 0x0, @fallback=0x30, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x100000}, 0x94)
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
write$P9_RVERSION(r0, &(0x7f0000000c40)=ANY=[], 0x13)
bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f00000003c0)={r2, 0x0, 0x30, 0x0, @val=@uprobe_multi={&(0x7f0000000280)='./file0\x00', &(0x7f0000000300)=[0x5], 0x0, 0x0, 0x1, 0x1}}, 0x3c)

77.96µs ago: executing program 0 (id=162):
sendmsg$NFT_MSG_GETRULE(0xffffffffffffffff, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000640)={&(0x7f0000000540)=ANY=[@ANYBLOB="780023e3070a0102000000000000e96db119af190d91d83cf022d771468600000a0000060900020073797a30000000005800048054000180090001006d657461000000004400028008000140000056d60800f80d0000000008000140000000010800014000000009080001400000000b08"], 0x78}, 0x1, 0x0, 0x0, 0x48055}, 0x1000c080)
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000040), r0)
sendmsg$ETHTOOL_MSG_DEBUG_SET(r0, &(0x7f0000001540)={0x0, 0x0, &(0x7f0000001500)={&(0x7f0000000580)=ANY=[@ANYBLOB='8\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="01000000040200f2c8dc1b000000180001801400020073797a5f74756e0000000000000000000c000280"], 0x38}, 0x1, 0x0, 0x0, 0x20000844}, 0x0)

0s ago: executing program 0 (id=163):
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000001480)={<r0=>0xffffffffffffffff})
r1 = socket$can_j1939(0x1d, 0x2, 0x7)
ioctl$ifreq_SIOCGIFINDEX_vcan(r0, 0x8933, &(0x7f0000000380)={'vxcan0\x00', <r2=>0x0})
bind$can_j1939(r1, &(0x7f0000000100)={0x1d, r2, 0x0, {0x0, 0x0, 0x4}}, 0x18)
connect$can_j1939(r1, &(0x7f0000000080)={0x1d, r2, 0xffffffffffffffff, {0x1, 0xf0, 0x4}, 0x1}, 0x18)

kernel console output (not intermixed with test programs):

Warning: Permanently added '10.128.0.226' (ED25519) to the list of known hosts.
[   85.341045][ T5762] cgroup: Unknown subsys name 'net'
[   85.475095][ T5762] cgroup: Unknown subsys name 'rlimit'
Setting up swapspace version 1, size = 127995904 bytes
[   86.925514][ T5762] Adding 124996k swap on ./swap-file.  Priority:0 extents:1 across:124996k 
[   88.516907][ T5775] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[   88.521461][ T5778] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1
[   88.533711][ T5775] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9
[   88.543425][ T5778] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[   88.543789][ T5775] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9
[   88.560990][ T5781] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1
[   88.577548][ T5781] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[   88.586140][ T5775] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9
[   88.599055][ T5788] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9
[   88.608960][ T5781] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[   88.609236][ T5788] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1
[   88.630308][ T5788] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9
[   88.638218][ T5775] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3
[   88.638512][ T5775] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4
[   88.648944][ T5788] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[   88.679061][ T5775] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4
[   88.705083][ T5775] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3
[   88.713915][ T5787] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3
[   88.728681][ T5775] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2
[   88.736544][ T5787] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2
[   88.748107][ T5781] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9
[   88.769075][ T5778] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4
[   88.789141][ T5778] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3
[   88.801600][   T51] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2
[   89.092946][ T5773] chnl_net:caif_netlink_parms(): no params data found
[   89.203166][ T5783] chnl_net:caif_netlink_parms(): no params data found
[   89.277445][ T5780] chnl_net:caif_netlink_parms(): no params data found
[   89.305601][ T5773] bridge0: port 1(bridge_slave_0) entered blocking state
[   89.315078][ T5773] bridge0: port 1(bridge_slave_0) entered disabled state
[   89.324271][ T5773] bridge_slave_0: entered allmulticast mode
[   89.332603][ T5773] bridge_slave_0: entered promiscuous mode
[   89.346971][ T5773] bridge0: port 2(bridge_slave_1) entered blocking state
[   89.355427][ T5773] bridge0: port 2(bridge_slave_1) entered disabled state
[   89.363812][ T5773] bridge_slave_1: entered allmulticast mode
[   89.370979][ T5773] bridge_slave_1: entered promiscuous mode
[   89.449556][ T5773] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   89.502252][ T5773] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   89.528850][ T5783] bridge0: port 1(bridge_slave_0) entered blocking state
[   89.537354][ T5783] bridge0: port 1(bridge_slave_0) entered disabled state
[   89.547432][ T5783] bridge_slave_0: entered allmulticast mode
[   89.555292][ T5783] bridge_slave_0: entered promiscuous mode
[   89.572498][ T5774] chnl_net:caif_netlink_parms(): no params data found
[   89.602456][ T5783] bridge0: port 2(bridge_slave_1) entered blocking state
[   89.610472][ T5783] bridge0: port 2(bridge_slave_1) entered disabled state
[   89.619156][ T5783] bridge_slave_1: entered allmulticast mode
[   89.625846][ T5783] bridge_slave_1: entered promiscuous mode
[   89.650790][ T5773] team0: Port device team_slave_0 added
[   89.661386][ T5773] team0: Port device team_slave_1 added
[   89.667750][ T5780] bridge0: port 1(bridge_slave_0) entered blocking state
[   89.675216][ T5780] bridge0: port 1(bridge_slave_0) entered disabled state
[   89.685258][ T5780] bridge_slave_0: entered allmulticast mode
[   89.692354][ T5780] bridge_slave_0: entered promiscuous mode
[   89.701696][ T5780] bridge0: port 2(bridge_slave_1) entered blocking state
[   89.709433][ T5780] bridge0: port 2(bridge_slave_1) entered disabled state
[   89.716716][ T5780] bridge_slave_1: entered allmulticast mode
[   89.724550][ T5780] bridge_slave_1: entered promiscuous mode
[   89.806498][ T5783] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   89.822053][ T5780] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   89.833206][ T5773] batman_adv: batadv0: Adding interface: batadv_slave_0
[   89.841077][ T5773] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   89.869948][ T5773] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   89.892609][ T5783] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   89.904519][ T5780] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   89.926514][ T5773] batman_adv: batadv0: Adding interface: batadv_slave_1
[   89.938293][ T5773] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   89.971442][ T5773] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   90.044634][ T5780] team0: Port device team_slave_0 added
[   90.052100][ T5774] bridge0: port 1(bridge_slave_0) entered blocking state
[   90.064126][ T5774] bridge0: port 1(bridge_slave_0) entered disabled state
[   90.074558][ T5774] bridge_slave_0: entered allmulticast mode
[   90.082639][ T5774] bridge_slave_0: entered promiscuous mode
[   90.094813][ T5774] bridge0: port 2(bridge_slave_1) entered blocking state
[   90.103053][ T5774] bridge0: port 2(bridge_slave_1) entered disabled state
[   90.111321][ T5774] bridge_slave_1: entered allmulticast mode
[   90.119947][ T5774] bridge_slave_1: entered promiscuous mode
[   90.130797][ T5783] team0: Port device team_slave_0 added
[   90.139893][ T5780] team0: Port device team_slave_1 added
[   90.165609][ T5783] team0: Port device team_slave_1 added
[   90.204416][ T5780] batman_adv: batadv0: Adding interface: batadv_slave_0
[   90.211718][ T5780] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   90.238246][ T5780] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   90.275412][ T5773] hsr_slave_0: entered promiscuous mode
[   90.281861][ T5773] hsr_slave_1: entered promiscuous mode
[   90.300586][ T5780] batman_adv: batadv0: Adding interface: batadv_slave_1
[   90.307572][ T5780] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   90.334358][ T5780] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   90.353745][ T5774] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   90.393214][ T5774] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   90.403843][ T5783] batman_adv: batadv0: Adding interface: batadv_slave_0
[   90.411779][ T5783] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   90.444411][ T5783] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   90.493138][ T5783] batman_adv: batadv0: Adding interface: batadv_slave_1
[   90.501188][ T5783] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   90.534047][ T5783] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   90.558391][ T5780] hsr_slave_0: entered promiscuous mode
[   90.565223][ T5780] hsr_slave_1: entered promiscuous mode
[   90.575983][ T5780] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[   90.584027][ T5780] Cannot create hsr debugfs directory
[   90.606019][ T5774] team0: Port device team_slave_0 added
[   90.633635][ T5774] team0: Port device team_slave_1 added
[   90.665014][ T5774] batman_adv: batadv0: Adding interface: batadv_slave_0
[   90.672449][ T5774] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   90.700966][ T5774] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   90.738946][   T51] Bluetooth: hci0: command tx timeout
[   90.762506][ T5774] batman_adv: batadv0: Adding interface: batadv_slave_1
[   90.770939][ T5774] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   90.803297][ T5774] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   90.832621][ T5777] Bluetooth: hci1: command tx timeout
[   90.840630][   T51] Bluetooth: hci2: command tx timeout
[   90.856087][ T5783] hsr_slave_0: entered promiscuous mode
[   90.864075][ T5783] hsr_slave_1: entered promiscuous mode
[   90.871885][ T5783] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[   90.880554][ T5783] Cannot create hsr debugfs directory
[   90.898162][ T5777] Bluetooth: hci3: command tx timeout
[   91.043691][ T5774] hsr_slave_0: entered promiscuous mode
[   91.050078][ T5774] hsr_slave_1: entered promiscuous mode
[   91.059887][ T5774] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[   91.072972][ T5774] Cannot create hsr debugfs directory
[   91.227363][ T5773] netdevsim netdevsim1 netdevsim0: renamed from eth0
[   91.242555][ T5773] netdevsim netdevsim1 netdevsim1: renamed from eth1
[   91.264500][ T5773] netdevsim netdevsim1 netdevsim2: renamed from eth2
[   91.285805][ T5773] netdevsim netdevsim1 netdevsim3: renamed from eth3
[   91.405053][ T5780] netdevsim netdevsim3 netdevsim0: renamed from eth0
[   91.418446][ T5780] netdevsim netdevsim3 netdevsim1: renamed from eth1
[   91.450279][ T5780] netdevsim netdevsim3 netdevsim2: renamed from eth2
[   91.464869][ T5780] netdevsim netdevsim3 netdevsim3: renamed from eth3
[   91.555522][ T5783] netdevsim netdevsim2 netdevsim0: renamed from eth0
[   91.577540][ T5783] netdevsim netdevsim2 netdevsim1: renamed from eth1
[   91.590815][ T5783] netdevsim netdevsim2 netdevsim2: renamed from eth2
[   91.603752][ T5783] netdevsim netdevsim2 netdevsim3: renamed from eth3
[   91.685781][ T5774] netdevsim netdevsim0 netdevsim0: renamed from eth0
[   91.711251][ T5774] netdevsim netdevsim0 netdevsim1: renamed from eth1
[   91.725148][ T5774] netdevsim netdevsim0 netdevsim2: renamed from eth2
[   91.736545][ T5774] netdevsim netdevsim0 netdevsim3: renamed from eth3
[   91.862083][ T5773] 8021q: adding VLAN 0 to HW filter on device bond0
[   91.883169][ T5780] 8021q: adding VLAN 0 to HW filter on device bond0
[   91.943383][ T5780] 8021q: adding VLAN 0 to HW filter on device team0
[   91.965141][ T5773] 8021q: adding VLAN 0 to HW filter on device team0
[   92.001215][ T2951] bridge0: port 1(bridge_slave_0) entered blocking state
[   92.010286][ T2951] bridge0: port 1(bridge_slave_0) entered forwarding state
[   92.025804][ T2951] bridge0: port 1(bridge_slave_0) entered blocking state
[   92.034277][ T2951] bridge0: port 1(bridge_slave_0) entered forwarding state
[   92.046467][ T2951] bridge0: port 2(bridge_slave_1) entered blocking state
[   92.055662][ T2951] bridge0: port 2(bridge_slave_1) entered forwarding state
[   92.084244][   T40] bridge0: port 2(bridge_slave_1) entered blocking state
[   92.095701][   T40] bridge0: port 2(bridge_slave_1) entered forwarding state
[   92.130140][ T5783] 8021q: adding VLAN 0 to HW filter on device bond0
[   92.219033][ T5783] 8021q: adding VLAN 0 to HW filter on device team0
[   92.300725][   T12] bridge0: port 1(bridge_slave_0) entered blocking state
[   92.309722][   T12] bridge0: port 1(bridge_slave_0) entered forwarding state
[   92.326244][   T12] bridge0: port 2(bridge_slave_1) entered blocking state
[   92.335053][   T12] bridge0: port 2(bridge_slave_1) entered forwarding state
[   92.374328][ T5774] 8021q: adding VLAN 0 to HW filter on device bond0
[   92.492098][ T5774] 8021q: adding VLAN 0 to HW filter on device team0
[   92.524647][ T2926] bridge0: port 1(bridge_slave_0) entered blocking state
[   92.536262][ T2926] bridge0: port 1(bridge_slave_0) entered forwarding state
[   92.592569][ T2880] bridge0: port 2(bridge_slave_1) entered blocking state
[   92.600604][ T2880] bridge0: port 2(bridge_slave_1) entered forwarding state
[   92.685914][ T5773] 8021q: adding VLAN 0 to HW filter on device batadv0
[   92.819925][ T5777] Bluetooth: hci0: command tx timeout
[   92.842721][ T5780] 8021q: adding VLAN 0 to HW filter on device batadv0
[   92.898842][ T5777] Bluetooth: hci1: command tx timeout
[   92.906111][ T5777] Bluetooth: hci2: command tx timeout
[   92.935135][ T5773] veth0_vlan: entered promiscuous mode
[   92.978318][ T5777] Bluetooth: hci3: command tx timeout
[   92.994573][ T5783] 8021q: adding VLAN 0 to HW filter on device batadv0
[   93.023775][ T5773] veth1_vlan: entered promiscuous mode
[   93.072193][ T5780] veth0_vlan: entered promiscuous mode
[   93.123467][ T5780] veth1_vlan: entered promiscuous mode
[   93.200887][ T5773] veth0_macvtap: entered promiscuous mode
[   93.229358][ T5773] veth1_macvtap: entered promiscuous mode
[   93.265229][ T5783] veth0_vlan: entered promiscuous mode
[   93.307568][ T5780] veth0_macvtap: entered promiscuous mode
[   93.350653][ T5783] veth1_vlan: entered promiscuous mode
[   93.391006][ T5780] veth1_macvtap: entered promiscuous mode
[   93.423343][ T5774] 8021q: adding VLAN 0 to HW filter on device batadv0
[   93.483929][ T5773] batman_adv: batadv0: Interface activated: batadv_slave_0
[   93.524981][ T5773] batman_adv: batadv0: Interface activated: batadv_slave_1
[   93.540516][ T5780] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[   93.555274][ T5780] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   93.574279][ T5780] batman_adv: batadv0: Interface activated: batadv_slave_0
[   93.602774][ T5780] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[   93.616429][ T5780] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   93.642937][ T5780] batman_adv: batadv0: Interface activated: batadv_slave_1
[   93.683534][ T5773] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   93.694518][ T5773] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   93.713738][ T5773] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   93.725094][ T5773] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   93.743623][ T5783] veth0_macvtap: entered promiscuous mode
[   93.764260][ T5780] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   93.776511][ T5780] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   93.787825][ T5780] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   93.798983][ T5780] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   93.820904][ T5783] veth1_macvtap: entered promiscuous mode
[   93.884898][ T5774] veth0_vlan: entered promiscuous mode
[   93.895972][ T5783] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[   93.907536][ T5783] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   93.924226][ T5783] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[   93.936773][ T5783] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   93.951889][ T5783] batman_adv: batadv0: Interface activated: batadv_slave_0
[   93.990761][ T5774] veth1_vlan: entered promiscuous mode
[   94.035008][ T5783] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[   94.051184][ T5783] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   94.063906][ T5783] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[   94.076561][ T5783] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   94.089586][ T5783] batman_adv: batadv0: Interface activated: batadv_slave_1
[   94.124304][ T5783] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   94.135571][ T5783] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   94.149319][ T5783] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   94.161238][ T5783] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   94.216635][   T40] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   94.231740][   T40] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   94.311948][   T40] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   94.313030][ T5774] veth0_macvtap: entered promiscuous mode
[   94.334501][   T40] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   94.362100][ T5774] veth1_macvtap: entered promiscuous mode
[   94.409862][   T11] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   94.420924][   T11] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   94.504740][  T989] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   94.507105][ T5774] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[   94.529895][  T989] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   94.536541][ T5774] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   94.550534][ T5774] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[   94.562704][ T5774] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   94.575093][ T5774] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[   94.591940][ T5774] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   94.606344][ T5774] batman_adv: batadv0: Interface activated: batadv_slave_0
[   94.642177][ T5774] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[   94.656300][ T5774] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   94.670014][ T5774] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[   94.686483][ T5774] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   94.702694][ T5774] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[   94.716007][ T5774] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   94.732807][ T5774] batman_adv: batadv0: Interface activated: batadv_slave_1
[   94.754101][ T2880] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   94.772763][ T2880] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   94.823672][ T5774] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   94.836152][ T5774] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   94.846976][ T5774] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   94.857579][ T5774] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   94.900296][ T5777] Bluetooth: hci0: command tx timeout
[   94.905424][ T5842] syz.1.2[5842]: memfd_create() called without MFD_EXEC or MFD_NOEXEC_SEAL set
[   94.982258][ T5777] Bluetooth: hci2: command tx timeout
[   94.990815][   T51] Bluetooth: hci1: command tx timeout
[   95.048461][   T11] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   95.064371][ T5777] Bluetooth: hci3: command tx timeout
[   95.089670][ T2880] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   95.151419][   T11] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   95.164870][ T2880] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   95.259825][ T5842] loop1: detected capacity change from 0 to 40427
[   95.277577][ T5842] F2FS-fs (loop1): Invalid log_blocksize (268), supports only 12
[   95.289192][ T5842] F2FS-fs (loop1): Can't find valid F2FS filesystem in 1th superblock
[   95.315673][ T5842] F2FS-fs (loop1): invalid crc value
[   95.332200][ T5842] F2FS-fs (loop1): Found nat_bits in checkpoint
[   95.379736][   T40] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   95.466577][   T40] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   95.476351][ T5842] F2FS-fs (loop1): Try to recover 1th superblock, ret: 0
[   95.484611][ T5842] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e5
[   96.887394][ T5847] sched: RT throttling activated
[   97.184469][   T51] Bluetooth: hci2: command tx timeout
[   97.190180][ T5777] Bluetooth: hci0: command tx timeout
[   97.197079][ T5777] Bluetooth: hci1: command tx timeout
[   97.203781][   T51] Bluetooth: hci3: command tx timeout
[   97.914500][ T5856] xt_hashlimit: size too large, truncated to 1048576
[   98.058072][    T0] NOHZ tick-stop error: local softirq work is pending, handler #40!!!
[   99.799496][    T9] cfg80211: failed to load regulatory.db
[  100.288724][ T3442] F2FS-fs (loop1): f2fs_check_nid_range: out-of-range nid=1, run fsck to fix.
[  100.319208][ T3442] F2FS-fs (loop1): f2fs_check_nid_range: out-of-range nid=2, run fsck to fix.
[  104.266205][ T5890] loop3: detected capacity change from 0 to 512
[  104.302492][ T5890] EXT4-fs: Ignoring removed nobh option
[  104.400182][ T5890] EXT4-fs (loop3): orphan cleanup on readonly fs
[  104.475664][ T5890] EXT4-fs error (device loop3): ext4_do_update_inode:5255: inode #15: comm syz.3.10: corrupted inode contents
[  104.556643][ T5890] EXT4-fs error (device loop3) in ext4_orphan_del:303: Corrupt filesystem
[  104.586887][ T5890] EXT4-fs error (device loop3): ext4_do_update_inode:5255: inode #15: comm syz.3.10: corrupted inode contents
[  104.618784][ T5890] EXT4-fs error (device loop3): ext4_evict_inode:302: inode #15: comm syz.3.10: mark_inode_dirty error
[  104.664544][ T5890] EXT4-fs (loop3): 1 orphan inode deleted
[  104.689978][ T5890] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: none.
[  104.695848][ T5893] netlink: 12 bytes leftover after parsing attributes in process `syz.1.11'.
[  105.003464][ T5780] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  108.382425][ T5911] input: syz1 as /devices/virtual/input/input5
[  108.769982][ T5915] loop3: detected capacity change from 0 to 40427
[  108.781494][ T5915] F2FS-fs (loop3): Invalid log_blocksize (268), supports only 12
[  108.790939][ T5915] F2FS-fs (loop3): Can't find valid F2FS filesystem in 1th superblock
[  108.807695][ T5915] F2FS-fs (loop3): invalid crc value
[  108.849156][ T5915] F2FS-fs (loop3): Found nat_bits in checkpoint
[  108.917900][ T5915] F2FS-fs (loop3): Try to recover 1th superblock, ret: 0
[  108.927577][ T5915] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e5
[  109.254294][ T5915] syz.3.17: attempt to access beyond end of device
[  109.254294][ T5915] loop3: rw=2049, sector=77824, nr_sectors = 2080 limit=40427
[  109.291070][ T5915] syz.3.17: attempt to access beyond end of device
[  109.291070][ T5915] loop3: rw=2049, sector=79904, nr_sectors = 2016 limit=40427
[  109.452467][ T5915] syz.3.17: attempt to access beyond end of device
[  109.452467][ T5915] loop3: rw=2049, sector=73728, nr_sectors = 8 limit=40427
[  109.577144][ T5915] syz.3.17: attempt to access beyond end of device
[  109.577144][ T5915] loop3: rw=2049, sector=73736, nr_sectors = 424 limit=40427
[  109.635535][ T5918] loop1: detected capacity change from 0 to 40427
[  109.641535][ T2880] F2FS-fs (loop3): f2fs_check_nid_range: out-of-range nid=1, run fsck to fix.
[  109.660819][ T5918] F2FS-fs (loop1): Invalid log_blocksize (268), supports only 12
[  109.669763][ T2880] F2FS-fs (loop3): f2fs_check_nid_range: out-of-range nid=2, run fsck to fix.
[  109.742831][ T5930] netlink: 180 bytes leftover after parsing attributes in process `syz.0.20'.
[  109.757165][ T5930] overlayfs: missing 'workdir'
[  109.786393][ T5918] F2FS-fs (loop1): Can't find valid F2FS filesystem in 1th superblock
[  110.156575][ T5918] F2FS-fs (loop1): invalid crc value
[  110.197397][ T5918] F2FS-fs (loop1): Found nat_bits in checkpoint
[  110.383619][ T2880] kworker/u4:6: attempt to access beyond end of device
[  110.383619][ T2880] loop3: rw=1, sector=45096, nr_sectors = 8 limit=40427
[  110.492351][ T5936] kvm_intel: L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/l1tf.html for details.
[  110.530770][ T5918] F2FS-fs (loop1): Try to recover 1th superblock, ret: 0
[  110.558613][ T5918] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e5
[  110.562449][ T5912] loop2: detected capacity change from 0 to 40427
[  110.580159][ T5912] F2FS-fs (loop2): Invalid log_blocksize (268), supports only 12
[  110.648562][ T5912] F2FS-fs (loop2): Can't find valid F2FS filesystem in 1th superblock
[  110.690729][ T5912] F2FS-fs (loop2): invalid crc value
[  110.772081][ T5912] F2FS-fs (loop2): Found nat_bits in checkpoint
[  110.884677][ T5916] netlink: 12 bytes leftover after parsing attributes in process `syz.1.16'.
[  111.018028][ T5912] F2FS-fs (loop2): Try to recover 1th superblock, ret: 0
[  111.065346][ T5912] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e5
[  111.112011][ T2951] F2FS-fs (loop1): f2fs_check_nid_range: out-of-range nid=1, run fsck to fix.
[  111.125385][ T2951] F2FS-fs (loop1): f2fs_check_nid_range: out-of-range nid=2, run fsck to fix.
[  111.145386][ T5948] FAULT_INJECTION: forcing a failure.
[  111.145386][ T5948] name fail_usercopy, interval 1, probability 0, space 0, times 1
[  111.168155][ T5948] CPU: 1 PID: 5948 Comm: syz.3.21 Not tainted syzkaller #0
[  111.177766][ T5948] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026
[  111.189446][ T5948] Call Trace:
[  111.193032][ T5948]  <TASK>
[  111.196173][ T5948]  dump_stack_lvl+0x18c/0x250
[  111.201846][ T5948]  ? show_regs_print_info+0x20/0x20
[  111.208652][ T5948]  ? load_image+0x420/0x420
[  111.215502][ T5948]  ? __lock_acquire+0x7d40/0x7d40
[  111.220875][ T5948]  ? snprintf+0xe9/0x140
[  111.225362][ T5948]  should_fail_ex+0x39d/0x4d0
[  111.230141][ T5948]  _copy_to_user+0x2f/0xa0
[  111.236932][ T5948]  simple_read_from_buffer+0xe7/0x150
[  111.245613][ T5948]  proc_fail_nth_read+0x1e8/0x260
[  111.251641][ T5948]  ? proc_fault_inject_write+0x360/0x360
[  111.260472][ T5948]  ? fsnotify_perm+0x271/0x5e0
[  111.266723][ T5948]  ? proc_fault_inject_write+0x360/0x360
[  111.274443][ T5948]  vfs_read+0x28b/0x970
[  111.279918][ T5948]  ? kernel_read+0x1e0/0x1e0
[  111.285697][ T5948]  ? __fget_files+0x28/0x4b0
[  111.290676][ T5948]  ? __fget_files+0x28/0x4b0
[  111.296172][ T5948]  ? __fget_files+0x43d/0x4b0
[  111.301190][ T5948]  ? __fdget_pos+0x2a3/0x330
[  111.306848][ T5948]  ? ksys_read+0x75/0x260
[  111.311864][ T5948]  ksys_read+0x150/0x260
[  111.316572][ T5948]  ? vfs_write+0x990/0x990
[  111.321809][ T5948]  ? lockdep_hardirqs_on+0x98/0x150
[  111.328093][ T5948]  do_syscall_64+0x55/0xb0
[  111.334832][ T5948]  ? clear_bhb_loop+0x40/0x90
[  111.341629][ T5948]  ? clear_bhb_loop+0x40/0x90
[  111.347224][ T5948]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[  111.355111][ T5948] RIP: 0033:0x7f3bbf15d68e
[  111.361253][ T5948] Code: 08 0f 85 a5 a8 ff ff 49 89 fb 48 89 f0 48 89 d7 48 89 ce 4c 89 c2 4d 89 ca 4c 8b 44 24 08 4c 8b 4c 24 10 4c 89 5c 24 08 0f 05 <c3> 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 80 00 00 00 00 48 83 ec 08
[  111.382624][ T5948] RSP: 002b:00007f3bbffa0fe8 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[  111.391980][ T5948] RAX: ffffffffffffffda RBX: 00007f3bbffa16c0 RCX: 00007f3bbf15d68e
[  111.401391][ T5948] RDX: 000000000000000f RSI: 00007f3bbffa10a0 RDI: 0000000000000003
[  111.413039][ T5948] RBP: 00007f3bbffa1090 R08: 0000000000000000 R09: 0000000000000000
[  111.422855][ T5948] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  111.431240][ T5948] R13: 00007f3bbf416038 R14: 00007f3bbf415fa0 R15: 00007ffe1cea8888
[  111.439866][ T5948]  </TASK>
[  111.444111][ T5949] netlink: 12 bytes leftover after parsing attributes in process `syz.2.15'.
[  111.692613][ T2880] F2FS-fs (loop2): f2fs_check_nid_range: out-of-range nid=1, run fsck to fix.
[  111.735564][ T2880] F2FS-fs (loop2): f2fs_check_nid_range: out-of-range nid=2, run fsck to fix.
[  113.418066][    T0] NOHZ tick-stop error: local softirq work is pending, handler #142!!!
[  113.927836][ T5960] loop1: detected capacity change from 0 to 256
[  114.028665][ T5960] =======================================================
[  114.028665][ T5960] WARNING: The mand mount option has been deprecated and
[  114.028665][ T5960]          and is ignored by this kernel. Remove the mand
[  114.028665][ T5960]          option from the mount to silence this warning.
[  114.028665][ T5960] =======================================================
[  114.109771][ T5960] exfat: Deprecated parameter 'utf8'
[  114.186874][ T5960] exfat: Deprecated parameter 'namecase'
[  114.193477][ T5960] exfat: Deprecated parameter 'namecase'
[  114.228275][ T5960] exfat: Deprecated parameter 'utf8'
[  114.522899][ T5960] exFAT-fs (loop1): failed to load upcase table (idx : 0x00012153, chksum : 0xc9bffc20, utbl_chksum : 0xe619d30d)
[  114.761549][  T786] usb 4-1: new high-speed USB device number 2 using dummy_hcd
[  114.792977][ T5968] loop2: detected capacity change from 0 to 512
[  114.801661][ T5968] ext3: Bad value for 'debug_want_extra_isize'
[  114.890975][ T5764] I/O error, dev loop2, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2
[  115.008026][  T786] usb 4-1: Using ep0 maxpacket: 32
[  115.038883][  T786] usb 4-1: config index 0 descriptor too short (expected 35577, got 27)
[  115.081731][  T786] usb 4-1: config 1 has too many interfaces: 92, using maximum allowed: 32
[  115.119871][  T786] usb 4-1: config 1 has 1 interface, different from the descriptor's value: 92
[  115.172551][  T786] usb 4-1: config 1 has no interface number 0
[  115.211470][  T786] usb 4-1: config 1 interface 1 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7
[  115.264690][  T786] usb 4-1: config 1 interface 1 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 17
[  115.273741][ T5975] input: syz0 as /devices/virtual/input/input6
[  115.337381][  T786] usb 4-1: New USB device found, idVendor=0e41, idProduct=5051, bcdDevice=d5.e8
[  115.371064][  T786] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  115.439725][  T786] snd_usb_pod 4-1:1.1: Line 6 Pocket POD found
[  115.537625][ T5979] autofs4:pid:5979:autofs_fill_super: called with bogus options
[  116.261581][  T786] snd_usb_pod 4-1:1.1: Line 6 Pocket POD now attached
[  116.395858][ T5985] loop0: detected capacity change from 0 to 128
[  116.418474][ T5985] UDF-fs: error (device loop0): udf_read_tagged: read failed, block=256, location=256
[  116.444883][ T5985] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000)
[  117.314185][ T5816] usb 4-1: USB disconnect, device number 2
[  117.375802][ T5815] snd_usb_pod 4-1:1.1: line6_send_raw_message_async_part: usb_submit_urb failed (-22)
[  117.519133][ T5816] snd_usb_pod 4-1:1.1: Line 6 Pocket POD now disconnected
[  117.888119][    T9] usb 2-1: new high-speed USB device number 2 using dummy_hcd
[  118.091571][    T9] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  118.116608][    T9] usb 2-1: New USB device found, idVendor=0471, idProduct=0304, bcdDevice=e4.df
[  118.135513][    T9] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  118.144457][ T6015] netlink: 4 bytes leftover after parsing attributes in process `syz.3.46'.
[  118.156922][    T9] usb 2-1: config 0 descriptor??
[  118.173859][    T9] pwc: Askey VC010 type 2 USB webcam detected.
[  118.278030][ T5815] usb 3-1: new high-speed USB device number 2 using dummy_hcd
[  118.473814][ T5815] usb 3-1: config 1 has too many interfaces: 66, using maximum allowed: 32
[  118.483341][ T5815] usb 3-1: config 1 has an invalid descriptor of length 55, skipping remainder of the config
[  118.494377][ T5815] usb 3-1: config 1 has 1 interface, different from the descriptor's value: 66
[  118.528784][ T5815] usb 3-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 52, changing to 9
[  118.545026][ T5815] usb 3-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 8241, setting to 1024
[  118.561125][ T5815] usb 3-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40
[  118.574510][ T5815] usb 3-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0
[  118.583080][    T9] pwc: recv_control_msg error -32 req 02 val 2b00
[  118.588178][ T5815] usb 3-1: Product: syz
[  118.608125][ T5815] usb 3-1: Manufacturer: syz
[  118.613823][    T9] pwc: recv_control_msg error -32 req 02 val 2700
[  118.632923][ T5815] cdc_wdm 3-1:1.0: skipping garbage
[  118.653866][ T5815] cdc_wdm 3-1:1.0: skipping garbage
[  118.836869][    T9] pwc: recv_control_msg error -71 req 04 val 1000
[  118.868209][ T5815] cdc_wdm 3-1:1.0: cdc-wdm0: USB WDM device
[  118.868904][    T9] pwc: recv_control_msg error -71 req 04 val 1300
[  118.875860][ T5815] cdc_wdm 3-1:1.0: Unknown control protocol
[  118.899194][    T9] pwc: recv_control_msg error -71 req 04 val 1400
[  118.907262][    T9] pwc: recv_control_msg error -71 req 02 val 2000
[  119.711739][    C1] cdc_wdm 3-1:1.0: unknown notification 26 received: index 21323 len 6262
[  119.759331][ T5815] usb 3-1: USB disconnect, device number 2
[  119.779983][ T5778] Bluetooth: hci0: Controller not accepting commands anymore: ncmd = 0
[  119.791753][ T5778] Bluetooth: hci0: Injecting HCI hardware error event
[  119.801217][    T9] pwc: recv_control_msg error -71 req 02 val 2100
[  119.808659][    T9] pwc: recv_control_msg error -71 req 04 val 1500
[  119.816192][    T9] pwc: recv_control_msg error -71 req 02 val 2500
[  119.819970][ T5778] Bluetooth: hci0: hardware error 0x00
[  119.862568][    T9] pwc: recv_control_msg error -71 req 02 val 2400
[  119.894283][    T9] pwc: recv_control_msg error -71 req 02 val 2600
[  119.908407][    T9] pwc: recv_control_msg error -71 req 02 val 2900
[  119.922585][    T9] pwc: recv_control_msg error -71 req 02 val 2800
[  119.932452][    T9] pwc: recv_control_msg error -71 req 04 val 1100
[  119.941302][    T9] pwc: recv_control_msg error -71 req 04 val 1200
[  119.954959][    T9] pwc: Registered as video103.
[  119.965282][    T9] input: PWC snapshot button as /devices/platform/dummy_hcd.1/usb2/2-1/input/input7
[  120.050501][    T9] usb 2-1: USB disconnect, device number 2
[  120.209433][ T5816] usb 1-1: new high-speed USB device number 2 using dummy_hcd
[  120.344192][ T6033] Zero length message leads to an empty skb
[  120.437939][ T5816] usb 1-1: Using ep0 maxpacket: 16
[  120.444124][ T6032] loop2: detected capacity change from 0 to 4096
[  120.446699][ T5816] usb 1-1: config 0 interface 0 altsetting 0 has an invalid endpoint with address 0xF3, skipping
[  120.476914][ T5816] usb 1-1: New USB device found, idVendor=2040, idProduct=0264, bcdDevice=4e.d1
[  120.507501][ T5816] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  120.526358][ T5816] usb 1-1: Product: syz
[  120.534659][ T5816] usb 1-1: Manufacturer: syz
[  120.608193][ T5816] usb 1-1: SerialNumber: syz
[  120.631591][ T5816] usb 1-1: config 0 descriptor??
[  121.079448][ T5816] usb 3-1: new high-speed USB device number 3 using dummy_hcd
[  121.278240][ T5816] usb 3-1: Using ep0 maxpacket: 16
[  121.295844][ T5816] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  121.318744][ T5816] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7
[  121.335286][ T5816] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x2 has invalid wMaxPacketSize 0
[  121.353382][ T5816] usb 3-1: config 0 interface 0 altsetting 0 bulk endpoint 0x2 has invalid maxpacket 0
[  121.367019][ T5816] usb 3-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  121.389391][ T5816] usb 3-1: New USB device found, idVendor=2040, idProduct=b138, bcdDevice= 1.42
[  121.401585][ T5816] usb 3-1: New USB device strings: Mfr=4, Product=0, SerialNumber=0
[  121.419981][ T5816] usb 3-1: Manufacturer: syz
[  121.451588][ T5816] usb 3-1: config 0 descriptor??
[  121.773049][ T5816] rc_core: IR keymap rc-hauppauge not found
[  121.781467][ T5816] Registered IR keymap rc-empty
[  121.790387][ T5816] mceusb 3-1:0.0: Error: mce write submit urb error = -90
[  121.838073][ T5816] mceusb 3-1:0.0: Error: mce write submit urb error = -90
[  121.889347][ T5816] rc rc0: Conexant Hybrid TV (cx231xx) MCE IR no TX (2040:b138) as /devices/platform/dummy_hcd.2/usb3/3-1/3-1:0.0/rc/rc0
[  121.912922][ T5816] input: Conexant Hybrid TV (cx231xx) MCE IR no TX (2040:b138) as /devices/platform/dummy_hcd.2/usb3/3-1/3-1:0.0/rc/rc0/input8
[  121.947411][ T5778] Bluetooth: hci0: Opcode 0x0c03 failed: -110
[  121.992150][ T5816] mceusb 3-1:0.0: Error: mce write submit urb error = -90
[  122.039743][ T5816] mceusb 3-1:0.0: Error: mce write submit urb error = -90
[  122.084214][ T5816] mceusb 3-1:0.0: Error: mce write submit urb error = -90
[  122.118296][ T5816] mceusb 3-1:0.0: Error: mce write submit urb error = -90
[  122.169504][ T5816] mceusb 3-1:0.0: Error: mce write submit urb error = -90
[  122.233923][ T5816] mceusb 3-1:0.0: Error: mce write submit urb error = -90
[  122.271581][ T5816] mceusb 3-1:0.0: Error: mce write submit urb error = -90
[  122.321094][ T5816] mceusb 3-1:0.0: Error: mce write submit urb error = -90
[  122.381493][ T5816] mceusb 3-1:0.0: Error: mce write submit urb error = -90
[  122.428072][ T5816] mceusb 3-1:0.0: Error: mce write submit urb error = -90
[  122.487834][ T5816] mceusb 3-1:0.0: Registered ࠀT with mce emulator interface version 1
[  122.502568][ T5816] mceusb 3-1:0.0: 2 tx ports (0x0 cabled) and 2 rx sensors (0x0 active)
[  122.538451][ T5816] usb 3-1: USB disconnect, device number 3
[  122.963317][  T786] usb 1-1: USB disconnect, device number 2
[  123.105639][   T28] audit: type=1804 audit(1780873152.766:2): pid=6066 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.0.64" name="bus" dev="ramfs" ino=7797 res=1 errno=0
[  123.168683][   T28] audit: type=1804 audit(1780873152.766:3): pid=6066 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz.0.64" name="bus" dev="ramfs" ino=7797 res=1 errno=0
[  123.478167][  T786] usb 3-1: new high-speed USB device number 4 using dummy_hcd
[  123.667966][  T786] usb 3-1: Using ep0 maxpacket: 16
[  123.686725][  T786] usb 3-1: config 0 has an invalid interface number: 1 but max is 0
[  123.715892][  T786] usb 3-1: config 0 has no interface number 0
[  123.740408][  T786] usb 3-1: config 0 interface 1 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  123.754149][  T786] usb 3-1: config 0 interface 1 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  123.779551][  T786] usb 3-1: New USB device found, idVendor=28bd, idProduct=0071, bcdDevice= 0.00
[  123.796704][  T786] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  123.816466][  T786] usb 3-1: config 0 descriptor??
[  124.550680][  T786] uclogic 0003:28BD:0071.0001: failed retrieving string descriptor #100: -71
[  124.587346][  T786] uclogic 0003:28BD:0071.0001: failed retrieving pen parameters: -71
[  124.623121][  T786] uclogic 0003:28BD:0071.0001: pen probing failed: -71
[  124.648298][  T786] uclogic 0003:28BD:0071.0001: failed probing parameters: -71
[  124.683293][  T786] uclogic: probe of 0003:28BD:0071.0001 failed with error -71
[  124.684965][ T6091] random: crng reseeded on system resumption
[  125.422435][  T786] usb 3-1: USB disconnect, device number 4
[  125.955739][ T6112] loop5: detected capacity change from 0 to 524287936
[  126.278260][   T23] usb 2-1: new high-speed USB device number 3 using dummy_hcd
[  126.558207][   T23] usb 2-1: Using ep0 maxpacket: 32
[  126.697167][   T23] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  126.889013][   T23] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  127.006164][   T23] usb 2-1: New USB device found, idVendor=046d, idProduct=c31c, bcdDevice= 0.40
[  127.088711][   T23] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  127.125253][   T23] usb 2-1: config 0 descriptor??
[  127.155602][   T23] hub 2-1:0.0: USB hub found
[  127.349556][   T23] hub 2-1:0.0: 1 port detected
[  127.508627][ T6133] loop3: detected capacity change from 0 to 64
[  127.880509][ T5780] hfs: node 4:3 still has 1 user(s)!
[  128.306684][   T23] hub 2-1:0.0: hub_hub_status failed (err = -71)
[  128.328079][   T23] hub 2-1:0.0: config failed, can't get hub status (err -71)
[  128.339536][ T5816] usb 4-1: new high-speed USB device number 3 using dummy_hcd
[  128.358197][ T6161] loop0: detected capacity change from 0 to 8
[  128.379857][   T23] usbhid 2-1:0.0: can't add hid device: -71
[  128.394206][   T23] usbhid: probe of 2-1:0.0 failed with error -71
[  128.458581][   T23] usb 2-1: USB disconnect, device number 3
[  128.498186][ T5785] usb 3-1: new high-speed USB device number 5 using dummy_hcd
[  128.538055][ T5816] usb 4-1: Using ep0 maxpacket: 16
[  128.551804][ T5816] usb 4-1: config 0 has an invalid interface number: 34 but max is 0
[  128.586300][ T5816] usb 4-1: config 0 has no interface number 0
[  128.615896][ T5816] usb 4-1: config 0 interface 34 altsetting 0 bulk endpoint 0xA has invalid maxpacket 1023
[  128.654791][ T5816] usb 4-1: config 0 interface 34 altsetting 0 bulk endpoint 0x82 has invalid maxpacket 80
[  128.696734][ T5816] usb 4-1: New USB device found, idVendor=0b95, idProduct=772a, bcdDevice=82.73
[  128.710481][ T5785] usb 3-1: Using ep0 maxpacket: 16
[  128.725085][ T6166] binder: 6165:6166 unknown command 0
[  128.733946][ T6166] binder: 6165:6166 ioctl c0306201 200000000480 returned -22
[  128.745691][ T5785] usb 3-1: config 0 has no interfaces?
[  128.755932][ T5816] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  128.772716][ T5816] usb 4-1: Product: syz
[  128.785788][ T5816] usb 4-1: Manufacturer: syz
[  128.792194][ T5785] usb 3-1: New USB device found, idVendor=050d, idProduct=0002, bcdDevice=23.27
[  128.807959][ T5816] usb 4-1: SerialNumber: syz
[  128.816182][ T5785] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  128.830864][ T5816] usb 4-1: config 0 descriptor??
[  128.848354][ T6151] raw-gadget.1 gadget.3: fail, usb_ep_enable returned -22
[  128.857337][ T6151] raw-gadget.1 gadget.3: fail, usb_ep_enable returned -22
[  128.884308][ T5785] usb 3-1: Product: syz
[  128.896077][ T5785] usb 3-1: Manufacturer: syz
[  128.907315][ T5785] usb 3-1: SerialNumber: syz
[  128.936845][ T5785] usb 3-1: config 0 descriptor??
[  129.123150][ T6151] raw-gadget.1 gadget.3: fail, usb_ep_enable returned -22
[  129.158653][ T6151] raw-gadget.1 gadget.3: fail, usb_ep_enable returned -22
[  129.309106][ T6174] binder: 6172:6174 ioctl c0306201 200000000180 returned -14
[  129.404549][ T5816] asix 4-1:0.34 (unnamed net_device) (uninitialized): invalid hw address, using random
[  129.725179][ T6187] loop1: detected capacity change from 0 to 256
[  129.749104][ T6187] exfat: Bad value for 'uid'
[  129.820185][ T5766] I/O error, dev loop1, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2
[  129.939355][   T23] usb 1-1: new high-speed USB device number 3 using dummy_hcd
[  130.158763][   T23] usb 1-1: Using ep0 maxpacket: 16
[  130.171040][   T23] usb 1-1: New USB device found, idVendor=0d8c, idProduct=0102, bcdDevice= 0.40
[  130.187091][   T23] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  130.199328][   T23] usb 1-1: Product: syz
[  130.205586][   T23] usb 1-1: Manufacturer: syz
[  130.213687][   T23] usb 1-1: SerialNumber: syz
[  130.214162][ T5785] usb 3-1: USB disconnect, device number 5
[  130.426986][ T6183] Bluetooth: hci0: Opcode 0x0c03 failed: -4
[  130.654514][   T23] snd-usb-audio: probe of 1-1:1.0 failed with error -71
[  130.664291][ T6205] netlink: 8 bytes leftover after parsing attributes in process `syz.1.106'.
[  130.666393][   T23] usb 1-1: USB disconnect, device number 3
[  130.818738][ T6207] capability: warning: `syz.1.107' uses deprecated v2 capabilities in a way that may be insecure
[  131.014523][ T5816] asix 4-1:0.34 (unnamed net_device) (uninitialized): Failed to write reg index 0x0000: -71
[  131.036780][ T5816] asix 4-1:0.34 (unnamed net_device) (uninitialized): Failed to write RX_CTL mode to 0x0088: ffffffb9
[  131.076693][ T5816] asix: probe of 4-1:0.34 failed with error -71
[  131.107072][ T5816] usb 4-1: USB disconnect, device number 3
[  131.122901][ T6215] overlayfs: failed to create directory ./bus/work (errno: 22); mounting read-only
[  131.245720][ T6217] loop1: detected capacity change from 0 to 256
[  131.344254][ T6217] exFAT-fs (loop1): failed to load upcase table (idx : 0x00010000, chksum : 0x0f68ff13, utbl_chksum : 0xe619d30d)
[  131.369059][ T6221] netlink: 4 bytes leftover after parsing attributes in process `syz.0.114'.
[  131.499533][ T6224] binder_alloc: 6222: binder_alloc_buf, no vma
[  132.358066][ T6230] loop3: detected capacity change from 0 to 2048
[  132.431078][ T6232] NILFS (loop3): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
[  132.493714][ T6230] syz.3.118: attempt to access beyond end of device
[  132.493714][ T6230] loop3: rw=0, sector=18441677524128759844, nr_sectors = 2 limit=2048
[  132.758002][  T786] usb 1-1: new high-speed USB device number 4 using dummy_hcd
[  132.831601][   T28] audit: type=1326 audit(1780873162.496:4): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6235 comm="syz.2.119" exe="/root/ci2-linux-6-6-kasan/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f519eb9ce59 code=0x0
[  132.957932][  T786] usb 1-1: Using ep0 maxpacket: 32
[  132.966506][  T786] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x9 has an invalid bInterval 128, changing to 11
[  132.988223][  T786] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x9 has invalid wMaxPacketSize 0
[  133.000887][  T786] usb 1-1: config 0 interface 0 altsetting 0 has an invalid endpoint with address 0xB7, skipping
[  133.017572][  T786] usb 1-1: New USB device found, idVendor=0e6f, idProduct=582c, bcdDevice=31.68
[  133.034394][  T786] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  133.046343][  T786] usb 1-1: Product: syz
[  133.049305][ T6253] loop1: detected capacity change from 0 to 2048
[  133.056181][  T786] usb 1-1: Manufacturer: syz
[  133.066504][  T786] usb 1-1: SerialNumber: syz
[  133.093355][  T786] usb 1-1: config 0 descriptor??
[  133.156236][ T6253] [EXT4 FS bs=2048, gc=1, bpg=262144, ipg=32, mo=a802c028, mo2=0002]
[  133.188517][ T6253] System zones: 0-7
[  133.213177][ T6253] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  133.278629][ T6253] EXT4-fs (loop1): shut down requested (2)
[  133.364115][  T786] usb 1-1: USB disconnect, device number 4
[  133.409335][ T5773] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  134.010413][ T6270] loop2: detected capacity change from 0 to 64
[  134.128624][ T1290] ieee802154 phy0 wpan0: encryption failed: -22
[  134.142012][ T1290] ieee802154 phy1 wpan1: encryption failed: -22
[  134.143158][ T6285] process 'syz.1.135' launched '/dev/fd/4' with NULL argv: empty string added
[  134.269402][ T6288] loop3: detected capacity change from 0 to 4096
[  134.384399][ T6288] ntfs3: loop3: Mark volume as dirty due to NTFS errors
[  134.484054][ T6293] loop2: detected capacity change from 0 to 4096
[  134.491037][   T28] audit: type=1800 audit(1780873164.146:5): pid=6288 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.3.136" name="file1" dev="loop3" ino=30 res=0 errno=0
[  134.573319][ T6295] NILFS (loop2): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
[  134.620670][   T28] audit: type=1800 audit(1780873164.276:6): pid=6293 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.2.138" name="file1" dev="loop2" ino=15 res=0 errno=0
[  134.647739][  T786] usb 1-1: new high-speed USB device number 5 using dummy_hcd
[  134.678149][   T23] usb 2-1: new high-speed USB device number 4 using dummy_hcd
[  134.839124][  T786] usb 1-1: Using ep0 maxpacket: 16
[  134.851649][  T786] usb 1-1: config 0 has no interfaces?
[  134.860051][  T786] usb 1-1: New USB device found, idVendor=045e, idProduct=07da, bcdDevice= 0.00
[  134.871996][   T23] usb 2-1: Using ep0 maxpacket: 32
[  134.881567][  T786] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  134.895562][   T23] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  134.909655][   T23] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  134.926797][  T786] usb 1-1: config 0 descriptor??
[  134.932158][ T5778] Bluetooth: hci3: link tx timeout
[  134.941146][ T5778] Bluetooth: hci3: killing stalled connection 11:aa:aa:aa:aa:aa
[  134.970267][   T23] usb 2-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 5
[  134.994927][   T23] usb 2-1: New USB device found, idVendor=0458, idProduct=5011, bcdDevice= 0.00
[  135.006512][   T23] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  135.027546][   T23] usb 2-1: config 0 descriptor??
[  135.041462][ T5780] ntfs3: loop3: ino=9, ntfs_sync_fs failed, -22.
[  135.217085][ T6290] Bluetooth: MGMT ver 1.22
[  135.252193][ T6290] Bluetooth: hci0: invalid length 0, exp 2 for type 12
[  135.274660][   T51] Bluetooth: hci3: link tx timeout
[  135.282095][ T5817] usb 1-1: USB disconnect, device number 5
[  135.285167][   T51] Bluetooth: hci3: killing stalled connection 11:aa:aa:aa:aa:aa
[  135.346473][   T51] Bluetooth: hci3: link tx timeout
[  135.354926][   T51] Bluetooth: hci3: killing stalled connection 11:aa:aa:aa:aa:aa
[  135.673709][ T6320] netlink: 8 bytes leftover after parsing attributes in process `syz.2.149'.
[  135.732746][ T6322] loop3: detected capacity change from 0 to 512
[  135.775364][ T6322] EXT4-fs: Ignoring removed nomblk_io_submit option
[  135.923484][ T6322] EXT4-fs (loop3): mounting ext3 file system using the ext4 subsystem
[  136.561858][   T23] usbhid 2-1:0.0: can't add hid device: -71
[  136.574610][   T23] usbhid: probe of 2-1:0.0 failed with error -71
[  136.598598][   T23] usb 2-1: USB disconnect, device number 4
[  136.819461][   T51] Bluetooth: hci3: link tx timeout
[  136.825574][   T51] Bluetooth: hci3: killing stalled connection 11:aa:aa:aa:aa:aa
[  136.855072][ T6322] EXT4-fs (loop3): failed to open journal device unknown-block(0,0) -6
[  137.051917][ T6340] hub 8-0:1.0: USB hub found
[  137.061939][ T6340] hub 8-0:1.0: 1 port detected
[  137.936695][ T6346] loop1: detected capacity change from 0 to 512
[  138.514433][ T6346] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  138.808132][ T6346] ext4 filesystem being mounted at /36/bus supports timestamps until 2038-01-19 (0x7fffffff)
[  138.871132][ T6346] EXT4-fs error (device loop1): ext4_do_update_inode:5255: inode #2: comm syz.1.158: corrupted inode contents
[  138.936112][ T6346] EXT4-fs error (device loop1): ext4_dirty_inode:6143: inode #2: comm syz.1.158: mark_inode_dirty error
[  138.980994][ T6346] EXT4-fs error (device loop1): ext4_do_update_inode:5255: inode #2: comm syz.1.158: corrupted inode contents
[  139.007126][ T6346] EXT4-fs error (device loop1): __ext4_ext_dirty:206: inode #2: comm syz.1.158: mark_inode_dirty error
[  139.026864][ T6346] BUG: unable to handle page fault for address: ffffffffffffff93
[  139.034838][ T6346] #PF: supervisor read access in kernel mode
[  139.042572][ T6346] #PF: error_code(0x0000) - not-present page
[  139.050922][ T6346] PGD cf35067 P4D cf35067 PUD cf37067 PMD 0 
[  139.057806][ T6346] Oops: 0000 [#1] PREEMPT SMP KASAN
[  139.063686][ T6346] CPU: 1 PID: 6346 Comm: syz.1.158 Not tainted syzkaller #0
[  139.072772][ T6346] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026
[  139.083652][ T6346] RIP: 0010:ext4_ext_map_blocks+0x2d11/0x6800
[  139.093075][ T6346] Code: 8b 7c 24 10 4d 85 ff 0f 84 bd 00 00 00 e8 77 d5 58 ff 49 8d 7f 08 48 89 f8 48 c1 e8 03 42 0f b6 04 30 84 c0 0f 85 3d 1e 00 00 <41> 0f b7 47 08 c1 e0 04 48 8d 04 40 48 89 44 24 08 4d 89 fc 49 8d
[  139.115734][ T6346] RSP: 0018:ffffc90003437480 EFLAGS: 00010246
[  139.122639][ T6346] RAX: 0000000000000000 RBX: ffffffffffffff8b RCX: 0000000000080000
[  139.132049][ T6346] RDX: ffffc9000d12b000 RSI: 000000000002a46e RDI: ffffffffffffff93
[  139.140850][ T6346] RBP: ffffc90003437730 R08: ffff88807e3d3c00 R09: 0000000000000002
[  139.149717][ T6346] R10: 00000000ffffffe4 R11: 0000000000000002 R12: 0000000000000001
[  139.158676][ T6346] R13: 1ffff92000686ebc R14: dffffc0000000000 R15: ffffffffffffff8b
[  139.168122][ T6346] FS:  00007f6da166c6c0(0000) GS:ffff8880b8f00000(0000) knlGS:0000000000000000
[  139.177389][ T6346] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  139.184354][ T6346] CR2: ffffffffffffff93 CR3: 000000002db51000 CR4: 00000000003506e0
[  139.192609][ T6346] Call Trace:
[  139.196228][ T6346]  <TASK>
[  139.199378][ T6346]  ? __might_sleep+0xe0/0xe0
[  139.204969][ T6346]  ? ext4_ext_release+0x10/0x10
[  139.210273][ T6346]  ? __lock_acquire+0x7d40/0x7d40
[  139.215952][ T6346]  ? ext4_es_lookup_extent+0x60e/0xa00
[  139.221547][ T6346]  ext4_map_blocks+0x9e2/0x1b80
[  139.226798][ T6346]  ? ext4_issue_zeroout+0x250/0x250
[  139.232353][ T6346]  ext4_getblk+0x1d0/0x6f0
[  139.237420][ T6346]  ? ext4_get_block_unwritten+0x100/0x100
[  139.244387][ T6346]  ? ext4_mark_iloc_dirty+0x1a65/0x1ca0
[  139.250513][ T6346]  ? __asan_memset+0x22/0x40
[  139.255230][ T6346]  ext4_bread+0x2a/0x170
[  139.260045][ T6346]  ext4_append+0x2c2/0x560
[  139.264667][ T6346]  ? ext4_init_new_dir+0x570/0x570
[  139.270504][ T6346]  ext4_add_entry+0x9eb/0xd90
[  139.275898][ T6346]  ? ext4_inc_count+0x1b0/0x1b0
[  139.281912][ T6346]  ? dquot_initialize+0x20/0x20
[  139.287141][ T6346]  ext4_add_nondir+0x93/0x270
[  139.296545][ T6346]  ext4_mknod+0x303/0x4b0
[  139.301372][ T6346]  ? ext4_rmdir+0xad0/0xad0
[  139.306108][ T6346]  ? bpf_lsm_inode_mknod+0x9/0x10
[  139.312743][ T6346]  ? security_inode_mknod+0xc7/0x110
[  139.320146][ T6346]  vfs_mknod+0x32b/0x360
[  139.325290][ T6346]  do_mknodat+0x386/0x500
[  139.330766][ T6346]  ? __check_object_size+0x506/0xa20
[  139.338434][ T6346]  ? do_o_path+0x200/0x200
[  139.343300][ T6346]  ? getname_flags+0x20a/0x500
[  139.349879][ T6346]  __x64_sys_mknodat+0xa9/0xc0
[  139.356777][ T6346]  do_syscall_64+0x55/0xb0
[  139.363009][ T6346]  ? clear_bhb_loop+0x40/0x90
[  139.368236][ T6346]  ? clear_bhb_loop+0x40/0x90
[  139.374351][ T6346]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[  139.381421][ T6346] RIP: 0033:0x7f6da079ce59
[  139.386217][ T6346] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  139.411615][ T6346] RSP: 002b:00007f6da166c028 EFLAGS: 00000246 ORIG_RAX: 0000000000000103
[  139.421741][ T6346] RAX: ffffffffffffffda RBX: 00007f6da0a15fa0 RCX: 00007f6da079ce59
[  139.430984][ T6346] RDX: 0000000000001000 RSI: 0000200000000080 RDI: ffffffffffffff9c
[  139.441000][ T6346] RBP: 00007f6da0832d6f R08: 0000000000000000 R09: 0000000000000000
[  139.451271][ T6346] R10: 0000000000000702 R11: 0000000000000246 R12: 0000000000000000
[  139.461120][ T6346] R13: 00007f6da0a16038 R14: 00007f6da0a15fa0 R15: 00007ffdf4b79078
[  139.471126][ T6346]  </TASK>
[  139.474435][ T6346] Modules linked in:
[  139.478923][ T6346] CR2: ffffffffffffff93
[  139.484448][ T6346] ---[ end trace 0000000000000000 ]---
[  139.490798][ T6346] RIP: 0010:ext4_ext_map_blocks+0x2d11/0x6800
[  139.497729][ T6346] Code: 8b 7c 24 10 4d 85 ff 0f 84 bd 00 00 00 e8 77 d5 58 ff 49 8d 7f 08 48 89 f8 48 c1 e8 03 42 0f b6 04 30 84 c0 0f 85 3d 1e 00 00 <41> 0f b7 47 08 c1 e0 04 48 8d 04 40 48 89 44 24 08 4d 89 fc 49 8d
[  139.523786][ T6346] RSP: 0018:ffffc90003437480 EFLAGS: 00010246
[  139.530191][ T6346] RAX: 0000000000000000 RBX: ffffffffffffff8b RCX: 0000000000080000
[  139.539671][ T6346] RDX: ffffc9000d12b000 RSI: 000000000002a46e RDI: ffffffffffffff93
[  139.550533][ T6346] RBP: ffffc90003437730 R08: ffff88807e3d3c00 R09: 0000000000000002
[  139.561750][ T6346] R10: 00000000ffffffe4 R11: 0000000000000002 R12: 0000000000000001
[  139.571501][ T6346] R13: 1ffff92000686ebc R14: dffffc0000000000 R15: ffffffffffffff8b
[  139.579964][ T6346] FS:  00007f6da166c6c0(0000) GS:ffff8880b8f00000(0000) knlGS:0000000000000000
[  139.590144][ T6346] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  139.598506][ T6346] CR2: ffffffffffffff93 CR3: 000000002db51000 CR4: 00000000003506e0
[  139.608101][ T6346] Kernel panic - not syncing: Fatal exception
[  139.618405][ T6346] Kernel Offset: disabled
[  139.623176][ T6346] Rebooting in 86400 seconds..