last executing test programs:

5m22.070093503s ago: executing program 3 (id=73):
prlimit64(0x0, 0xe, &(0x7f0000000600)={0x9, 0x20000008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000140)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e22}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000000)=0x7)
r3 = syz_io_uring_setup(0x47a8, &(0x7f00000002c0)={0x0, 0x46b4, 0x80, 0x80000, 0x200}, &(0x7f0000000180), &(0x7f0000000700))
r4 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_EXP_DELETE(r4, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000180)={0x20, 0x2, 0x2, 0x3, 0x0, 0x0, {0xa, 0x0, 0x6}, [@CTA_EXPECT_HELP_NAME={0xa, 0x6, 'H.245\x00'}]}, 0x20}, 0x1, 0x0, 0x0, 0x4}, 0x4040)
syz_io_uring_setup(0x7676, &(0x7f0000000100)={0x0, 0x22e7, 0x100, 0x1, 0x10f, 0x0, r3}, 0x0, 0x0)
syz_io_uring_setup(0x10278e, &(0x7f0000000000)={0x0, 0x4c1f, 0x10, 0x0, 0x200004}, &(0x7f0000000200), &(0x7f00000000c0))
io_uring_enter(r3, 0x369a, 0x0, 0x1, 0x0, 0x0)
io_uring_enter(r3, 0x1fee, 0x2fc25, 0xc, 0x0, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb, 0x4008032, 0xffffffffffffffff, 0x0)
r5 = socket$inet6_sctp(0xa, 0x1, 0x84)
r6 = dup(r5)
setsockopt$inet_sctp6_SCTP_SOCKOPT_BINDX_ADD(r6, 0x84, 0x64, &(0x7f0000000040)=[@in6={0xa, 0x4e24, 0x6, @empty, 0x3}], 0x1c)
sendmsg$inet6(r5, &(0x7f0000000800)={&(0x7f0000000000)={0xa, 0x4e24, 0x8, @loopback, 0x4}, 0x1c, &(0x7f0000000140)=[{&(0x7f0000000840)='{', 0x1}], 0x1}, 0x20048843)
setsockopt$inet_sctp_SCTP_PEER_ADDR_PARAMS(r6, 0x84, 0x9, &(0x7f00000001c0)={0x0, @in={{0x2, 0x4e20, @empty}}, 0x1000, 0x1ff, 0xffff18b6, 0x4, 0x384, 0x7fffffff, 0x1b}, 0x9c)
getsockopt$inet_sctp_SCTP_PEER_ADDR_PARAMS(r6, 0x84, 0x9, &(0x7f0000000340)={0x0, @in6={{0xa, 0x4e24, 0x3, @loopback, 0x2}}, 0xfffffffd, 0x4, 0x2, 0x7, 0x45, 0x2, 0x5}, 0x0)

5m19.791121352s ago: executing program 3 (id=76):
ioctl$VHOST_SET_VRING_BASE(0xffffffffffffffff, 0xaf01, 0x0)
epoll_create(0xffffffce)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x7, 0x100}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
mkdirat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x1c0)
r3 = socket$nl_netfilter(0x10, 0x3, 0xc)
r4 = socket$inet6_mptcp(0xa, 0x1, 0x106)
connect$inet6(r4, &(0x7f0000000000)={0xa, 0x4e29, 0x3, @mcast2}, 0x1c)
connect$unix(r4, &(0x7f000057eff8)=@file={0x1, './file0\x00'}, 0x6e)
keyctl$instantiate(0xc, 0x0, &(0x7f0000000100)=ANY=[@ANYBLOB='new user:syz 000800'], 0x2a, 0xfffffffffffffffc)
add_key(&(0x7f0000000140)='encrypted\x00', &(0x7f0000000180), &(0x7f0000000100), 0xca, 0xfffffffffffffffe)
sendmsg$NFT_BATCH(r3, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000003c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0)
sendmsg$NFT_BATCH(r3, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000680)={{0x14}, [@NFT_MSG_NEWFLOWTABLE={0x40, 0x16, 0xa, 0x5, 0x0, 0x0, {0x2}, [@NFTA_FLOWTABLE_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_FLOWTABLE_HOOK={0x14, 0x3, 0x0, 0x1, [@NFTA_FLOWTABLE_HOOK_NUM={0x8}, @NFTA_FLOWTABLE_HOOK_PRIORITY={0x8, 0x2, 0x1, 0x0, 0x3}]}, @NFTA_FLOWTABLE_NAME={0x9, 0x2, 'syz0\x00'}]}], {0x14}}, 0x68}}, 0x800)
sendmsg$NFT_BATCH(r3, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000004c0)=ANY=[@ANYBLOB="14001c001000010000000000000000000600000048000000160a0000000020000000000002fdffffff00010073797a31000000000900010073797ab0e9c5b1e8cafbfd4c76a6640e9256fba1000000001c000380180003801400010067656e65766530000000000000000000140000001100010000000000"], 0x70}}, 0x24040884)
mknodat(0xffffffffffffff9c, 0x0, 0x81c0, 0x0)
syz_open_dev$vim2m(&(0x7f0000000000), 0x2, 0x2)

5m18.663490775s ago: executing program 3 (id=79):
mkdir(&(0x7f0000000080)='./file0\x00', 0x10)
geteuid()
r0 = socket$packet(0x11, 0x3, 0x300)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000080)={'veth0\x00', <r1=>0x0})
socket$nl_route(0x10, 0x3, 0x0)
r2 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r2}, 0x10)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
bpf$BPF_BTF_LOAD(0x12, 0x0, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r3 = getpid()
sched_setscheduler(r3, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
connect$unix(r4, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r5, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r4, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
bpf$MAP_CREATE(0x0, 0x0, 0x0)
setsockopt$packet_int(r0, 0x107, 0x14, &(0x7f0000000180)=0x19ca, 0x4)
setsockopt$packet_int(r0, 0x107, 0xf, &(0x7f0000000000)=0xf3f, 0x4)
sendto$packet(r0, &(0x7f00000000c0)="3f03fe7fdce0140006001e0089e9aaa911d7c2290f0086dd1327c9167c643c4a1b7880610cc96655b1b141ab059b24d0fbc50df71548a3f6c5609063382a0c1511fdf9435e3ffe46", 0xe90c, 0x0, &(0x7f0000000540)={0xc9, 0x0, r1, 0x1, 0x0, 0x6, @multicast}, 0x14)
mount$9p_tcp(&(0x7f0000000500), &(0x7f0000000540)='./file0\x00', &(0x7f0000000580), 0x8c1, &(0x7f0000000700)={'trans=tcp,', {'port', 0x3d, 0x4e21}, 0x2c, {[{@cache_mmap}, {@noxattr}, {@ignoreqv}, {@debug={'debug', 0x3d, 0x8}}, {@cache_loose}, {@cachetag={'cachetag', 0x3d, '{]%!\xef\x83'}}, {@privport}, {@cache_none}]}})

5m17.572502385s ago: executing program 3 (id=82):
r0 = syz_open_dev$video4linux(&(0x7f0000000080), 0x0, 0x0)
ioctl$VIDIOC_SUBSCRIBE_EVENT(r0, 0x4020565a, &(0x7f00000000c0)={0x3, 0x980900})
syz_open_procfs(0x0, &(0x7f00000007c0)='net/udp\x00')
r1 = socket$nl_generic(0x10, 0x3, 0x10)
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000000)={&(0x7f00000002c0)=ANY=[], &(0x7f0000000200)=""/188, 0x96, 0xbc, 0x1, 0x1}, 0x28)
r2 = socket(0x10, 0x3, 0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, <r3=>0xffffffffffffffff})
r4 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r4, &(0x7f00000004c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc-serpent-avx\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r4, 0x117, 0x1, 0x0, 0x0)
r5 = accept4(r4, 0x0, 0x0, 0x800)
sendmmsg$alg(r5, &(0x7f0000000340)=[{0x0, 0x0, 0x0, 0x0, &(0x7f00000002c0)=[@op={0x10, 0x117, 0x3, 0x1}], 0x10, 0x40004}], 0x1, 0x4044840)
recvmsg(r5, 0x0, 0x0)
r6 = socket$inet(0x2, 0x4000000000000001, 0x0)
setsockopt$inet_tcp_int(r6, 0x6, 0x80000000000002, &(0x7f00000004c0)=0x79, 0x4)
setsockopt$inet_sctp_SCTP_SOCKOPT_CONNECTX(r6, 0x84, 0x6e, 0x0, 0x0)
bind$inet(r6, &(0x7f0000000080)={0x2, 0x4e23, @local}, 0x10)
setsockopt$inet_tcp_TCP_CONGESTION(r6, 0x6, 0xd, &(0x7f0000000140)='htcp', 0x53)
sendto$inet(r6, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10)
sendto$inet(r6, &(0x7f0000000580)="17", 0xfdef, 0x10008095, 0x0, 0x0)
ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000000)={'lo\x00', <r7=>0x0})
sendmsg$nl_route_sched(r2, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000780)={&(0x7f00000001c0)=@newqdisc={0x48, 0x24, 0xd0f, 0x0, 0x0, {0x60, 0x0, 0x0, r7, {0x0, 0x2}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_prio={{0x9}, {0x18, 0x2, {0x8}}}]}, 0x48}}, 0x0)
sendmsg$nl_generic(r1, 0x0, 0x200c0084)

5m16.697568463s ago: executing program 3 (id=83):
r0 = socket$nl_route(0x10, 0x3, 0x0)
write$cgroup_subtree(0xffffffffffffffff, 0x0, 0x8)
setsockopt$netlink_NETLINK_TX_RING(0xffffffffffffffff, 0x10e, 0xc, &(0x7f0000000040)={0x4802, 0x0, 0x7289, 0x1}, 0x10)
r1 = socket$inet6_mptcp(0xa, 0x1, 0x106)
setsockopt$inet6_IPV6_RTHDRDSTOPTS(r1, 0x29, 0x37, 0x0, 0x100)
syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0)
r2 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r2, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
r3 = openat$rdma_cm(0xffffffffffffff9c, 0x0, 0x2, 0x0)
write$RDMA_USER_CM_CMD_CREATE_ID(r3, 0x0, 0x0)
r4 = socket$inet_mptcp(0x2, 0x1, 0x106)
setsockopt$inet_tcp_int(r4, 0x6, 0x19, &(0x7f0000000040)=0xfffe, 0x4)
bind$inet(r4, &(0x7f0000003900)={0x2, 0x4e24, @multicast1}, 0x10)
connect$inet(r4, &(0x7f0000000480)={0x2, 0x4e24, @empty}, 0x10)
sendto$inet(r4, &(0x7f0000000100), 0x0, 0x4040004, 0x0, 0x0)
shutdown(r4, 0x1)
connect$unix(r1, &(0x7f00000001c0)=@file={0x0, './file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa'}, 0x6e)
sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000080)={0x0, 0x18}}, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f00000008c0)=ANY=[@ANYBLOB="6c0000001000010400d201000072f60000020000", @ANYRES32=0x0, @ANYBLOB="0524060000000000300012800b0001006272696467650000200002800c002e00fffff6ffffffffff050007001f000000020027000000000008000a00"], 0x6c}}, 0x0)

5m15.416501342s ago: executing program 3 (id=86):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
rt_sigaction(0xd, &(0x7f0000000180)={&(0x7f0000000000)="ca00d1c441ef196ec866400fe2de0fae4e0afaf2466ff00fc01ec422e10399c5c1202063df", 0x44000004, 0x0, {[0x2]}}, 0x0, 0x8, &(0x7f0000000300))
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='blkio.bfq.group_wait_time\x00', 0x275a, 0x0)
write$UHID_CREATE2(r1, &(0x7f0000000340)=ANY=[@ANYRES32, @ANYRES8, @ANYRES8=r1, @ANYRES64=r0], 0x118)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x88fd537e5c114b6e, 0x11, r1, 0x0)
ioctl$KVM_X86_SETUP_MCE(r1, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f25, 0x4})
sendmmsg$inet6(r0, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4)
r2 = socket$inet_tcp(0x2, 0x1, 0x0)
sendmmsg$inet(r2, &(0x7f0000000a40)=[{{0x0, 0x0, 0x0}}], 0x1, 0x40040)
r3 = socket$inet6_tcp(0xa, 0x1, 0x0)
ioctl$KVM_X86_SETUP_MCE(0xffffffffffffffff, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f26, 0x4})
sendmmsg$inet6(r3, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0)
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu/syz0\x00', 0x1ff)
r4 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0)
r5 = openat$cgroup_int(r4, &(0x7f00000003c0)='cpuset.mem_exclusive\x00', 0x2, 0x0)
sendfile(r5, r5, 0x0, 0x100000000)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r6=>0xffffffffffffffff, <r7=>0xffffffffffffffff})
connect$unix(r6, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r7, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r6, &(0x7f00000000c0), 0x10106, 0x2, 0x0)

5m0.142521189s ago: executing program 32 (id=86):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
rt_sigaction(0xd, &(0x7f0000000180)={&(0x7f0000000000)="ca00d1c441ef196ec866400fe2de0fae4e0afaf2466ff00fc01ec422e10399c5c1202063df", 0x44000004, 0x0, {[0x2]}}, 0x0, 0x8, &(0x7f0000000300))
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='blkio.bfq.group_wait_time\x00', 0x275a, 0x0)
write$UHID_CREATE2(r1, &(0x7f0000000340)=ANY=[@ANYRES32, @ANYRES8, @ANYRES8=r1, @ANYRES64=r0], 0x118)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x88fd537e5c114b6e, 0x11, r1, 0x0)
ioctl$KVM_X86_SETUP_MCE(r1, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f25, 0x4})
sendmmsg$inet6(r0, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4)
r2 = socket$inet_tcp(0x2, 0x1, 0x0)
sendmmsg$inet(r2, &(0x7f0000000a40)=[{{0x0, 0x0, 0x0}}], 0x1, 0x40040)
r3 = socket$inet6_tcp(0xa, 0x1, 0x0)
ioctl$KVM_X86_SETUP_MCE(0xffffffffffffffff, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f26, 0x4})
sendmmsg$inet6(r3, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0)
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu/syz0\x00', 0x1ff)
r4 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0)
r5 = openat$cgroup_int(r4, &(0x7f00000003c0)='cpuset.mem_exclusive\x00', 0x2, 0x0)
sendfile(r5, r5, 0x0, 0x100000000)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r6=>0xffffffffffffffff, <r7=>0xffffffffffffffff})
connect$unix(r6, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r7, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r6, &(0x7f00000000c0), 0x10106, 0x2, 0x0)

1m7.712832459s ago: executing program 2 (id=519):
rt_sigaction(0xd, &(0x7f0000000180)={&(0x7f0000000000)="ca00d1c441ef196ec866400fe2de0fae4e0afaf2466ff00fc01ec422e10399c5c1202063df", 0x44000004, 0x0, {[0x2]}}, 0x0, 0x8, &(0x7f0000000300))
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='blkio.bfq.group_wait_time\x00', 0x275a, 0x0)
write$UHID_CREATE2(r1, &(0x7f0000000340)=ANY=[@ANYRES32, @ANYRES8, @ANYRES8=r1, @ANYRES64=r0], 0x118)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x88fd537e5c114b6e, 0x11, r1, 0x0)
ioctl$KVM_X86_SETUP_MCE(r1, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f25, 0x4})
sendmmsg$inet6(r0, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4)
ioctl$KVM_X86_SETUP_MCE(0xffffffffffffffff, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f26, 0x4})
r2 = socket$inet_tcp(0x2, 0x1, 0x0)
sendto$inet(r2, 0x0, 0x0, 0x805, 0x0, 0x0)
sendto$inet(r2, 0x0, 0x0, 0x80, 0x0, 0x0)
r3 = socket$inet6_tcp(0xa, 0x1, 0x0)
ioctl$KVM_X86_SETUP_MCE(0xffffffffffffffff, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f27, 0x4})
sendmmsg$inet6(r3, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4)
r4 = socket$inet6_tcp(0xa, 0x1, 0x0)
write$UHID_CREATE2(0xffffffffffffffff, &(0x7f0000000340)=ANY=[], 0x118)
syz_open_procfs(0x0, &(0x7f0000000000)='fd/3\x00')
ioctl$KVM_X86_SETUP_MCE(0xffffffffffffffff, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f26, 0x4})
sendmmsg$inet6(r4, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4)
madvise(&(0x7f0000a93000/0x4000)=nil, 0x4000, 0xe)
mremap(&(0x7f0000a96000/0x1000)=nil, 0x1000, 0x800000, 0x3, &(0x7f0000130000/0x800000)=nil)
r5 = gettid()
process_vm_writev(r5, &(0x7f0000000000)=[{&(0x7f00008f9f09)=""/247, 0xf7}], 0x1, &(0x7f0000121000)=[{&(0x7f0000217f28)=""/231, 0xffffff4e}], 0x23a, 0x0)
madvise(&(0x7f000042f000/0x800000)=nil, 0x800000, 0x15)

1m4.131508489s ago: executing program 2 (id=528):
rt_sigaction(0xd, &(0x7f0000000180)={&(0x7f0000000000)="ca00d1c441ef196ec866400fe2de0fae4e0afaf2466ff00fc01ec422e10399c5c1202063df", 0x44000004, 0x0, {[0x2]}}, 0x0, 0x8, &(0x7f0000000300))
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='blkio.bfq.group_wait_time\x00', 0x275a, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x80000100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000300)=0x7)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
r2 = syz_clone(0x8000, 0x0, 0xfffffffffffffe7e, 0x0, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, r2, 0x1, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x400000bce)
r3 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r3, &(0x7f0000019680)=""/102392, 0x18ff8)
r4 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x5, 0x4, 0x8, 0xc}, 0x50)
r5 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000280)=@framed={{}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r4}, {}, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x3}}]}, &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0xfee2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000380)={r5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x60, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x37)
write$UHID_CREATE2(r1, &(0x7f0000000340)=ANY=[@ANYRES32, @ANYRES8, @ANYRES8=r1, @ANYRES64=r0], 0x118)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x88fd537e5c114b6e, 0x11, r1, 0x0)
r6 = socket$inet6_tcp(0xa, 0x1, 0x0)
ioctl$KVM_X86_SETUP_MCE(0xffffffffffffffff, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f26, 0x4})
sendmmsg$inet6(r6, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0)
write(r0, 0x0, 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)
openat$fuse(0xffffffffffffff9c, 0x0, 0x2, 0x0)
io_submit(0x0, 0x0, 0x0)

1m0.506012844s ago: executing program 2 (id=534):
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000280)=@base={0x7, 0x4, 0x8, 0x1}, 0x50)
socket$can_bcm(0x1d, 0x2, 0x2)
socket$can_bcm(0x1d, 0x2, 0x2)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r1 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x6)
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r4 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000100)={'bridge0\x00', <r5=>0x0})
sendmsg$nl_route(r4, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000340)={&(0x7f00000003c0)=@bridge_getneigh={0x28, 0x1e, 0x3c964e403b131b43, 0x0, 0x0, {}, [@IFLA_MASTER={0x8, 0xa, r5}]}, 0x28}}, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000100)={0x0}, 0x18)
sendmmsg$inet(0xffffffffffffffff, &(0x7f0000000cc0)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000000200)=[@ip_tos_int={{0x14, 0x0, 0x1, 0x4}}], 0x18}}], 0x1, 0x0)
r6 = socket$nl_generic(0x10, 0x3, 0x10)
bpf$BPF_BTF_LOAD(0x12, &(0x7f00000001c0)={&(0x7f0000000440)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x74, 0x74, 0x2, [@var, @func_proto={0x0, 0x5, 0x0, 0xd, 0x0, [{}, {}, {0x0, 0x4}, {0xa}, {}]}, @fwd, @volatile={0x10}, @typedef={0x4, 0x0, 0x0, 0x8, 0x3}, @func={0xb, 0x0, 0x0, 0xc, 0x3}]}}, 0x0, 0x8e}, 0x28)
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000140)={&(0x7f0000000000)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0xc, 0xc, 0x2, [@struct]}}, &(0x7f0000000040)=""/247, 0x26, 0xf7, 0x1}, 0x20)
bpf$PROG_LOAD_XDP(0x5, 0x0, 0x0)
ioctl$sock_SIOCBRDELBR(r6, 0x89a2, &(0x7f0000000200)='bridge0\x00')
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000180)={{r0}, &(0x7f0000000000), 0x0}, 0x20)

54.746037073s ago: executing program 2 (id=541):
setsockopt$inet_int(0xffffffffffffffff, 0x0, 0x2, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x800, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x7)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x48c00, 0x0)
r0 = syz_open_dev$sndmidi(&(0x7f0000000100), 0x2, 0x141102)
writev(r0, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, 0x0)
setrlimit(0x6, &(0x7f0000000080)={0x4, 0x9})
r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000013c0)={0x18, 0x3, &(0x7f0000000080)=@framed, &(0x7f0000000000)='syzkaller\x00'}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000040)='contention_end\x00', r1}, 0x10)
r2 = syz_open_dev$sndctrl(&(0x7f0000000100), 0x0, 0x800)
ioctl$SNDRV_CTL_IOCTL_HWDEP_INFO(r2, 0x80dc5521, &(0x7f00000001c0)=""/4096)
setsockopt$inet6_int(0xffffffffffffffff, 0x29, 0x1000000000021, 0x0, 0x0)
r3 = add_key$fscrypt_provisioning(&(0x7f0000000300), &(0x7f0000000340)={'syz', 0x2}, &(0x7f0000000380)={0x1, 0x0, @a}, 0x48, 0xffffffffffffffff)
keyctl$set_timeout(0xf, r3, 0x0)
keyctl$KEYCTL_WATCH_KEY(0x20, r3, 0xffffffffffffffff, 0xd)
socket(0x400000000010, 0x3, 0x200101)
bpf$MAP_CREATE(0x0, 0x0, 0x50)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1f00, 0xa, '\x00', 0x0, @fallback=0x8, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfeffffff}, 0x94)
r4 = bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000340)={0x0, r4}, 0x18)
r5 = syz_open_procfs(0x0, &(0x7f0000000200)='net/ipv6_route\x00')
pread64(r5, &(0x7f000001a240)=""/102400, 0x19000, 0x100008)

49.624956249s ago: executing program 2 (id=549):
syz_mount_image$udf(&(0x7f0000000180), &(0x7f00000000c0)='./file0\x00', 0xa00004, &(0x7f0000000400)={[{@gid_ignore}, {@umask={'umask', 0x3d, 0x69af6652}}, {@utf8}, {@uid}, {}, {@iocharset={'iocharset', 0x3d, 'cp1250'}}, {@mode={'mode', 0x3d, 0x8}}, {@dmode={'dmode', 0x3d, 0x4}}, {@adinicb}, {@iocharset={'iocharset', 0x3d, 'cp874'}}, {@lastblock={'lastblock', 0x3d, 0x7}}, {@gid_forget}, {@uid}], [{@context={'context', 0x3d, 'system_u'}}, {@seclabel}, {@mask={'mask', 0x3d, 'MAY_WRITE'}}]}, 0x1, 0xc67, &(0x7f0000001dc0)="$eJzs3U9sHNd9B/DfG5LiSm5rJk4VJ42DTVuksmK5+hdTtgp3VdNsA8iyEIq5BeBKpNSFKZIgqUY23JbppYceAhRFDzkRaIUCKRoYTRH0yLQukFx8KHLqiWhhIyh6YIsAAVoEW8zsW3FFkZYskiIlfz429d2deW/mvZnxjCzozQsAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIOJ3Xj13/ETaZEXfHjQGAHgoLox99fjJzZ7/AMBj69JW//8PAAAAAAAAAAAAAADsFymKeCpSzF1YSxPV947a+dbAjZvjI6ObVzuYqpp9Vfnyp3bi5KnTX35h+Ew3z7dmPqT+TvtsvD526Vz9ldnrc/NTCwtTk/XxmdaV2cmp+97CdutvdLQ6APXrb9yYvHp1oX7y+VN3rL459MHgE4eHzg4/e+yZbtnxkdHRsfUitd7y/Q/ckI6tRngciCKORYrnvvuT1IyIIrZ/LGoP99xvdLDqxNGqE+Mjo1VHplvNmcVy5cXugSgi6j2VGt1jtPm5iP6Bh9qHrTUilsrmlw0+WnZvbK4537w8PVW/2JxfbC22Zmcupk5ry/7Uo4gzKWI5IlYH797cQBTRHym+/eRaupzf+lEdhy9VA4O3bkexi328D2U76wMRy8UjcM72scEo4rVI8dN3j8SVfJ+p7jVfjHitzO9H3Crz5YhUXhinI97f5Dri0dQfRfxZef7PrqXJ6n7Qva+c/1r9KzNXZ3vKdu8rH/H5cNedYo+eDwc35MOxz+9NtSiiWd3x19KD/2YHAAAAAAAAAAAAAAAAgJ12MIr4TKR49V//oBpXHNW49CfPDv/u0C/2jhl/+h7bKcs+HxFLxf2NyT2QBwZeTBdT2uOxxB9ntSjiD/P4v2/udWMAAAAAAAAAAAAAAAAAAAA+1or4caR46b0jaTl65xRvzVyrX2penu7MCtud+7c7Z3q73W7XUycbOSdyLuVczrmSczVnFLl+zkbOiZxLOZdzruRczRl9uX7ORs6JnEs5l3Ou5FzNGf25fs5GzomcSzmXc67kXM0Z+2TuXgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACAx0kRRfw8UnzrG2spUkQ0IiaikyuDe906AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAKA0mIr4XqSo/17j9rL+iEjVvx1Hyl9OR+NAmZ+MxnCZL0fjXM5mlf2Nb+5B+9megVTEjyLFYO2d2yc8n/+Bzrfbl0Hcenv922f7O9nXXTn0weATh588Ozz6+ae3+pw2a8DR862ZGzfr4yOjo2M9i/vz3j/Zs2wo77fYma4TEQtvvvVGc3p6av7BP5SXwANW757Jbez9YX5I/Y9MU33YiQ/Rvy+asTd9v0NtL25O7Lry+f9+pPjN9/6t+8DvPP9r8Qudb7ef8PGzP1p//r+0cUP3+fzv31gvP//LJ8Fmz/+nepa9lH83MtAfUVu8PjdwOKK28OZbx1rXm9emrk3NnD5+/MXh4RdPHR84EFG72pqe6vm0I4cLAAAAAAAAAAAAAAAA4OFJRfx2pGj+aC3VI+JmNV5r6Ozws8ee6Yu+arzVHeO2Xx+7dK7+yuz1ufmphYWpyfr4TOvK7OTU/e6uVg33Gh8Z3ZXO3NPBXW7/wdors3Nvzreu/f7ipusP1c5dXlicb17ZfHUcjCKi0bvkaNXg8ZHRqtHTreZMVfXipoPpP7qBVMS/R4orp+vpC3lZHv+/cYR/3Hr7xdvXwtLGDe3g+P/PH1of//eJnqLlPlMq4meR4jf+/On4QtXOQ3HXMcvl/jpSHD3zuVwuDpTlum3ovFegMzKwLPvfkeLvf35n2e54yKfWy574SAf3EVCe/ycjxff+9Dvxq3nZne9/6D3/68fv0MYN7dL7Hz7Vs+zQHe8r2HbXyef/WKR4+al34teqJf/7oe//6L6x4Uin8Pr7OXbp/P9yz7KhvN9f36nOAwAAAAAAAAAAPMIGUhF/Eyl+MNqfXsjL7ufv/01u3NAu/f2vT/csm9yZ+Yru+WHbBxUAAAAA9omBVMSPI8W1xXduj6G+c/x3z/jP31of/zmSNqyt/pzvl6r3Buzkn//1Gsr7ndh+twEAAAAAAAAAAAAAAAAAAGBfSamIF/J86hPVeP7JLedTX4kUr/7nc7lcOlyW684DP1T9WrswO3Ps3PT0bC0Wm5enp+pjc80rU2XdT0WKtb/6XK5bVPOrd+eb78zxvj4X+3ykGP3bbtnOXOzduck784HX2u2IE2XZT0SK//i7O8vmqanz3NHVdk+WZf8yUnz9Hzcve3i97Kmy7HcixQ+/Xu+WPVSW7b4f9dPrZZ+/MlvswlkBAAAAAAAAAAAAAAAAAADg42YgFfEnkeK/ri/fHsuf5/8f6PlaufV2z3z/G9ys5vkfqub/3+rzg8z/X71XYGmrvQIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAwOMpRRFvRYq5C2tpZbD83lE735q5cXN8ZHTzagdTVbOvKl/+1E6cPHX6yy8Mn+nmh9ffaZ+J18cunau/Mnt9bn5qYWFqsj4+07oyOzl131vYbv2NjlYHoH79jRuTV68u1E8+f+qO1TeHPhh84vDQ2eFnjz3TLTs+Mjo61lOmf+CB936XtMXyA1HEX0SK5777k/SDwYgitn8s7nHt7LaDVSeOVp0YHxmtOjLdas4slisvdg9EEVHvqdToHqN7nov/a7fbD6srm2hELJXNLxt8tOze2Fxzvnl5eqp+sTm/2Fpszc5cTJ3Wlv2pRxFnUsRyRKwO3r25gSjijUjx7SfX0j8NRvR1j8OXLox99fjJrdtR7GIf70PZzvpAxHJxP+eMrQxGEf8QKX767pH458GI/uj8xBcjXivz+xG3onO+U3lhnI54f5PriEdTfxTxP+X5P7uW3h0s7wfd+8r5r9W/MnN1tqds976yzedDu93+4zL37vnwMO3ze1MtivhhdcdfS//iv2sAAAAAAAAAAAAAAACAfaSIX4kUL713JFXjg2+PKW7NXKtfal6e7gzr6479646Zbrfb7XrqZCPnRM6lnMs5V3Ku5owi18/ZKLPWbk/k70s5l3Ou5FzNGX25fl81XLHdyN8nci7lXM65knM1Z/Tn+jkbOSdyLuVczrmSczVn7JOxewAAAAAAAAAAAAAAAAAAwOOlqP5J8a1vrKX2YGd+6Yno5Ir5QB97/x8AAP//Jhb4VQ==")
syz_mount_image$vfat(&(0x7f0000000140), &(0x7f0000000040)='\x13\x13w\xc5\xfc5\xd4\x14T\xd5\xd4\x1d)\xad\x1a`)Y\x81F\xe6\xbe\x16nA\xad\r\xbd@T\x03<\x9f3\xbb\xda\x82$\xa2\xf3\xd7r\xe7cnH\xb3<\xbfp\x83r\xe8\xf1\xb9\x93>\xc5\x12wC\xbe\"\x06 \x9e\xf0-\xf9\xcb\xf2\xf6\xe8\x80\xd38/\x00', 0x20f0410, 0x0, 0xfc, 0x0, &(0x7f00000000c0))
mkdir(&(0x7f0000000300)='./bus\x00', 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0xa, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r0 = getpid()
sched_setaffinity(0x0, 0x0, 0x0)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f0000000180)=@abs, 0x6e)
r3 = socket$key(0xf, 0x3, 0x2)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
bpf$MAP_CREATE(0x0, 0x0, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r4 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r4, 0x0, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r5 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$TIPC_CMD_ENABLE_BEARER(r5, 0x0, 0x40000)
sendmsg$key(r3, &(0x7f0000000580)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f0000000380)={0x2, 0x7, 0x10, 0x8, 0x3, 0x0, 0x70bd25, 0x25dfdbfb, [@sadb_x_nat_t_type={0x1, 0x14, 0x80}]}, 0x18}}, 0x4085)
r6 = socket$vsock_stream(0x28, 0x1, 0x0)
connect$vsock_stream(r6, &(0x7f0000000140)={0x28, 0x0, 0x0, @host}, 0x10)

44.53801966s ago: executing program 2 (id=559):
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setattr(0x0, 0x0, 0x0)
fsetxattr$security_capability(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x1)
unshare(0x8000000)
madvise(&(0x7f0000a93000/0x4000)=nil, 0x4000, 0x80000000e)
mremap(&(0x7f0000a96000/0x1000)=nil, 0x1000, 0x800000, 0x3, &(0x7f0000130000/0x800000)=nil)
mlock(&(0x7f0000000000/0x800000)=nil, 0x800000)
mremap(&(0x7f000054e000/0x1000)=nil, 0x1000, 0x3000, 0x3, &(0x7f000022c000/0x3000)=nil)
r2 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r2, 0x0, 0x0)
sendmsg$NFT_BATCH(r2, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000240)=ANY=[@ANYBLOB], 0x9c}}, 0x0)
memfd_create(0x0, 0x3)
openat$qrtrtun(0xffffffffffffff9c, 0x0, 0x2)
bind$tipc(0xffffffffffffffff, &(0x7f0000000200)=@nameseq={0x1e, 0x1, 0x0, {0x42}}, 0x10)
r3 = open(0x0, 0x108843, 0x98)
fcntl$setlease(0xffffffffffffffff, 0x400, 0x1)
fcntl$setlease(0xffffffffffffffff, 0x400, 0x0)
rseq(&(0x7f00000004c0), 0x20, 0x0, 0x0)
fcntl$setlease(r3, 0x400, 0x0)
lseek(0xffffffffffffffff, 0x401, 0x0)

29.252956888s ago: executing program 33 (id=559):
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setattr(0x0, 0x0, 0x0)
fsetxattr$security_capability(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x1)
unshare(0x8000000)
madvise(&(0x7f0000a93000/0x4000)=nil, 0x4000, 0x80000000e)
mremap(&(0x7f0000a96000/0x1000)=nil, 0x1000, 0x800000, 0x3, &(0x7f0000130000/0x800000)=nil)
mlock(&(0x7f0000000000/0x800000)=nil, 0x800000)
mremap(&(0x7f000054e000/0x1000)=nil, 0x1000, 0x3000, 0x3, &(0x7f000022c000/0x3000)=nil)
r2 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r2, 0x0, 0x0)
sendmsg$NFT_BATCH(r2, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000240)=ANY=[@ANYBLOB], 0x9c}}, 0x0)
memfd_create(0x0, 0x3)
openat$qrtrtun(0xffffffffffffff9c, 0x0, 0x2)
bind$tipc(0xffffffffffffffff, &(0x7f0000000200)=@nameseq={0x1e, 0x1, 0x0, {0x42}}, 0x10)
r3 = open(0x0, 0x108843, 0x98)
fcntl$setlease(0xffffffffffffffff, 0x400, 0x1)
fcntl$setlease(0xffffffffffffffff, 0x400, 0x0)
rseq(&(0x7f00000004c0), 0x20, 0x0, 0x0)
fcntl$setlease(r3, 0x400, 0x0)
lseek(0xffffffffffffffff, 0x401, 0x0)

15.553928256s ago: executing program 5 (id=595):
rt_sigaction(0xd, &(0x7f0000000180)={&(0x7f0000000000)="ca00d1c441ef196ec866400fe2de0fae4e0afaf2466ff00fc01ec422e10399c5c1202063df", 0x44000004, 0x0, {[0x24000]}}, 0x0, 0x8, &(0x7f0000000300))
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='blkio.bfq.group_wait_time\x00', 0x275a, 0x0)
write$UHID_CREATE2(r1, &(0x7f0000000380)=ANY=[@ANYRES32, @ANYRES8, @ANYRES8=r1, @ANYRES64=r0], 0x118)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x88fd537e5c114b6e, 0x11, r1, 0x0)
r2 = socket$inet6_tcp(0xa, 0x1, 0x0)
ioctl$KVM_X86_SETUP_MCE(0xffffffffffffffff, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f26, 0x4})
sendmmsg$inet6(r2, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0)
write(r0, 0x0, 0x0)
r3 = socket$inet6_tcp(0xa, 0x1, 0x0)
sendmmsg$inet6(r3, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4)
r4 = socket$inet6_tcp(0xa, 0x1, 0x0)
sendmmsg$inet6(r4, &(0x7f0000000500)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4)
r5 = socket$inet6_tcp(0xa, 0x1, 0x0)
sendmmsg$inet6(r5, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4)
r6 = socket$inet6_tcp(0xa, 0x1, 0x0)
syz_open_procfs(0x0, &(0x7f0000000000)='fd/3\x00')
ioctl$KVM_X86_SETUP_MCE(0xffffffffffffffff, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f26, 0x4})
sendmmsg$inet6(r6, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0)
r7 = syz_clone(0x1102100, 0x0, 0x0, 0x0, 0x0, 0x0)
ptrace(0x10, r7)
r8 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='blkio.bfq.group_wait_time\x00', 0x275a, 0x0)
write$UHID_CREATE2(r8, 0x0, 0x118)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x88fd537e5c114b6e, 0x11, r8, 0x0)

15.21569923s ago: executing program 4 (id=597):
rt_sigaction(0xd, 0x0, 0x0, 0x0, 0x0)
rt_sigaction(0xd, &(0x7f0000000180)={&(0x7f0000000000)="ca00d1c441ef196ec866400fe2de0fae4e0afaf2466ff00fc01ec422e10399c5c1202063df", 0x44000004, 0x0, {[0x2]}}, 0x0, 0x8, &(0x7f0000000300))
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='blkio.bfq.group_wait_time\x00', 0x275a, 0x0)
write$UHID_CREATE2(r1, &(0x7f0000000340)=ANY=[@ANYRES32, @ANYRES8, @ANYRES8=r1, @ANYRES64=r0], 0x118)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x88fd537e5c114b6e, 0x11, r1, 0x0)
r2 = socket$inet6_tcp(0xa, 0x1, 0x0)
ioctl$KVM_X86_SETUP_MCE(0xffffffffffffffff, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f27, 0x4})
sendmmsg$inet6(r2, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4)
r3 = socket$inet6_tcp(0xa, 0x1, 0x0)
sendmmsg$inet6(r3, &(0x7f0000000500)=[{{0x0, 0x0, 0x0}}], 0x1, 0x40004)
socket(0xa, 0x3, 0x3a)
r4 = socket$inet6_tcp(0xa, 0x1, 0x0)
sendmsg$NFQNL_MSG_CONFIG(0xffffffffffffffff, 0x0, 0x814)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x88fd537e5c114b6e, 0x11, 0xffffffffffffffff, 0x0)
r5 = syz_open_procfs(0x0, &(0x7f0000000040)='fd/3\x00')
ioctl$KVM_X86_SETUP_MCE(0xffffffffffffffff, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f26, 0x4})
sendmsg$nl_netfilter(r5, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000680)={0x14, 0x11, 0x5, 0x801, 0x70bd2d, 0x25dfdbfd, {0x3, 0x0, 0x6}}, 0x14}, 0x1, 0x0, 0x0, 0x40040}, 0x4)
sendmmsg$inet6(r4, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4)
rt_sigaction(0xd, &(0x7f0000000180)={&(0x7f0000000000)="ca00d1c441ef196ec866400fe2de0fae4e0afaf2466ff00fc01ec422e10399c5c1202063df", 0xdc000006, 0x0, {[0x1]}}, 0x0, 0x8, &(0x7f0000000300))
r6 = socket$inet6_tcp(0xa, 0x1, 0x0)
write$UHID_CREATE2(0xffffffffffffffff, &(0x7f0000000340)=ANY=[@ANYRES32, @ANYRES8, @ANYRES8, @ANYRES64=r6], 0x118)
r7 = socket$inet_tcp(0x2, 0x1, 0x0)
ioctl$sock_inet_SIOCSIFADDR(r7, 0x8916, &(0x7f0000000080)={'veth0\x00', {0x2, 0x4e21, @broadcast}})

13.800822542s ago: executing program 4 (id=601):
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
openat$binderfs(0xffffffffffffff9c, 0x0, 0x802, 0x0)
openat$ptmx(0xffffffffffffff9c, 0x0, 0x2000, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r1, 0x0, 0x20004004)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x5)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x80200, 0x0)
r2 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r2, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
r3 = socket$inet6_sctp(0xa, 0x1, 0x84)
sendmsg$key(0xffffffffffffffff, 0x0, 0x4040004)
sendto$inet6(r3, &(0x7f00000001c0)='X', 0x1, 0x0, &(0x7f000005ffe4)={0xa, 0x0, 0x0, @loopback={0x0, 0x1c9ae7fffe9a6f34}}, 0x1c)
setsockopt$inet_sctp6_SCTP_EVENTS(r3, 0x84, 0xb, &(0x7f00000000c0)={0x0, 0x0, 0xfe, 0x2, 0x0, 0x8, 0x5, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x3}, 0xe)
ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, 0x0)
r4 = socket$can_j1939(0x1d, 0x2, 0x7)
connect$can_j1939(r4, &(0x7f0000000140)={0x1d, 0x0, 0x0, {0x1, 0xff}, 0x2}, 0x18)
shutdown(r3, 0x1)
pivot_root(&(0x7f0000000500)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', &(0x7f0000000000)='./file0\x00')
getsockopt$sock_cred(r4, 0x1, 0x11, &(0x7f0000000040)={<r5=>0x0}, &(0x7f0000000080)=0xc)
ptrace$peek(0x2, r5, &(0x7f0000000180))
recvmmsg(r3, &(0x7f0000000840)=[{{0x0, 0x0, 0x0}}], 0x414, 0x0, 0x0)
setsockopt$IP6T_SO_SET_REPLACE(r0, 0x29, 0x40, &(0x7f0000002840)=@raw={'raw\x00', 0x3c1, 0x3, 0x2b0, 0xd0, 0x111, 0x4b4, 0x0, 0xd4feffff, 0x1e0, 0x20a, 0x278, 0x1e0, 0x278, 0x3, 0x0, {[{{@ipv6={@private0, @empty, [0x0, 0xffffff00], [0x0, 0x0, 0x0, 0xffffffff], 'ipvlan0\x00', 'team_slave_0\x00', {}, {}, 0x6, 0xfe}, 0x0, 0xa8, 0xd0}, @common=@inet=@TCPMSS={0x28, 'TCPMSS\x00', 0x0, {0xffff}}}, {{@ipv6={@loopback, @mcast2, [], [], 'veth1_to_hsr\x00', 'pim6reg1\x00'}, 0x0, 0xa8, 0x110}, @unspec=@CT2={0x68, 'CT\x00', 0x2, {0x20, 0x0, 0x0, 0x0, 'snmp\x00', 'syz1\x00'}}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x310)

12.044538139s ago: executing program 5 (id=603):
rt_sigaction(0xd, 0x0, 0x0, 0x0, 0x0)
rt_sigaction(0xd, &(0x7f0000000180)={&(0x7f0000000000)="ca00d1c441ef196ec866400fe2de0fae4e0afaf2466ff00fc01ec422e10399c5c1202063df", 0x44000004, 0x0, {[0x2]}}, 0x0, 0x8, &(0x7f0000000140))
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='blkio.bfq.group_wait_time\x00', 0x275a, 0x0)
write$UHID_CREATE2(r1, &(0x7f0000000340)=ANY=[@ANYRES32, @ANYRES8, @ANYRES8=r1, @ANYRES64=r0], 0x118)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x88fd537e5c114b6e, 0x11, r1, 0x0)
ioctl$KVM_X86_SETUP_MCE(r1, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f25, 0x4})
sendmmsg$inet6(r0, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4)
r2 = socket$inet_tcp(0x2, 0x1, 0x0)
sendto$inet(r2, 0x0, 0x0, 0x805, 0x0, 0x0)
r3 = socket$inet6_tcp(0xa, 0x1, 0x0)
r4 = socket$inet6_tcp(0xa, 0x1, 0x0)
ioctl$KVM_X86_SETUP_MCE(0xffffffffffffffff, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f26, 0x4})
sendmmsg$inet6(r4, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0)
write(r3, 0x0, 0x0)
sendto$inet(r2, 0x0, 0x0, 0x80, 0x0, 0x0)
r5 = socket$inet6_tcp(0xa, 0x1, 0x0)
sendmmsg$inet6(r5, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4)
sendmsg$IPCTNL_MSG_CT_NEW(0xffffffffffffffff, &(0x7f0000000240)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x80000000}, 0xc, 0x0, 0x1, 0x0, 0x0, 0x50}, 0x8004000)
r6 = socket$inet6_tcp(0xa, 0x1, 0x0)
ioctl$KVM_X86_SETUP_MCE(0xffffffffffffffff, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f27, 0x4})
sendmmsg$inet6(r6, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4)
r7 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r7, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000000)=ANY=[@ANYBLOB="b8000000190001000000000000000000e000000200"/32], 0xb8}}, 0x0)
sendmsg$nl_xfrm(r7, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000000)=ANY=[@ANYBLOB="b800000015"], 0xb8}}, 0x0)

11.700743343s ago: executing program 0 (id=604):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x8)
add_key$keyring(0x0, 0x0, 0x0, 0x0, 0x0)
r0 = syz_open_dev$evdev(&(0x7f0000000000), 0x1ff, 0x0)
sendmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0)
r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r1}, 0x18)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r2 = getpid()
sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
r5 = socket$rds(0x15, 0x5, 0x0)
bind$rds(r5, &(0x7f0000000040)={0x2, 0x0, @loopback}, 0x10)
sendmsg$rds(r5, &(0x7f0000001d00)={&(0x7f00000017c0)={0x2, 0x0, @private=0x8a010101}, 0x10, 0x0, 0x0, &(0x7f0000000240)}, 0x0)
syz_open_procfs(0x0, &(0x7f0000000080)='fdinfo/3\x00')
ioctl$sock_ipv6_tunnel_SIOCGETTUNNEL(0xffffffffffffffff, 0x89f0, 0x0)
ioctl$EVIOCGKEY(r0, 0x80404518, 0x0)
socket$nl_crypto(0x10, 0x3, 0x15)
bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f00000003c0)={0x9, 0x4, 0x4, 0x2, 0x80, 0x1, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x1, 0x1}, 0x48)
ioctl$sock_ipv6_tunnel_SIOCCHGTUNNEL(0xffffffffffffffff, 0x89f3, &(0x7f0000000240)={'syztnl1\x00', 0x0})

10.065542148s ago: executing program 4 (id=605):
openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x5)
ioctl$sock_SIOCGPGRP(0xffffffffffffffff, 0x8904, 0x0)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000040), 0x20000, 0x0)
r0 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r0, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
epoll_create1(0x0)
r1 = socket$inet6_sctp(0xa, 0x1, 0x84)
sendto$inet6(r1, &(0x7f0000000640)='X', 0x1, 0x0, &(0x7f000005ffe4)={0xa, 0x0, 0x0, @loopback={0xfec0ffffffffffff, 0x1c9ae7fffe9a6f34}}, 0x1c)
setsockopt$inet_sctp6_SCTP_EVENTS(r1, 0x84, 0xb, &(0x7f0000000040)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x88, 0x1, 0x0, 0x3}, 0xe)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, &(0x7f0000000100))
shutdown(r1, 0x1)
setsockopt$SO_TIMESTAMPING(r1, 0x1, 0x25, &(0x7f0000000000)=0x41dc, 0x4)
recvmmsg(r1, &(0x7f0000000840), 0x0, 0x406, 0x0)
syz_io_uring_setup(0xc97, &(0x7f0000000700)={0x0, 0x6015, 0x800, 0xff7fffff, 0x11c}, &(0x7f00000003c0), &(0x7f0000000140))
r2 = socket(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000000)={'wg2\x00', <r3=>0x0})
r4 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
getsockopt$inet6_int(r4, 0x29, 0x3, 0x0, &(0x7f00000000c0))
sendmsg$nl_route_sched(r2, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000000180)=@newqdisc={0x74, 0x24, 0xd0f, 0x70bd2d, 0x0, {0x60, 0x0, 0x0, r3, {0x0, 0x1}, {0xffff, 0xffff}, {0x0, 0xffff}}, [@qdisc_kind_options=@q_tbf={{0x8}, {0x44, 0x2, [@TCA_TBF_PBURST={0x0, 0x7, 0xbb1}, @TCA_TBF_BURST={0x8, 0x6, 0x8057}]}}, @qdisc_kind_options=@q_multiq={{0xb}, {0x8, 0x2, {0xe000, 0x8000}}}]}, 0x74}, 0x1, 0x0, 0x0, 0x40000}, 0x44084)
r5 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080), 0x4000000004002, 0x0)
socket$inet6_udp(0xa, 0x2, 0x0)
dup(r5)

8.426242063s ago: executing program 1 (id=607):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000540), 0x0, 0x0)
r1 = syz_open_dev$vbi(&(0x7f0000000000), 0x1, 0x2)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x7, 0x100}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r2 = getpid()
r3 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
write(r3, &(0x7f0000000000), 0x0)
sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
connect$unix(r4, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r5, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r4, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000180)=@IORING_OP_SENDMSG={0x9, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0xe3d08660d3cd4684, 0x1})
r6 = add_key$user(&(0x7f0000000200), &(0x7f0000000300)={'syz', 0x2}, &(0x7f00000002c0)="f5", 0x30, 0xfffffffffffffffe)
r7 = add_key$user(&(0x7f00000003c0), &(0x7f0000000440), &(0x7f00000000c0), 0xc9, 0xfffffffffffffffd)
keyctl$dh_compute(0x17, &(0x7f0000000140)={r6, r7, r6}, &(0x7f00000000c0)=""/83, 0xfffffffffffffe4f, 0x0)
ioctl$AUTOFS_DEV_IOCTL_FAIL(0xffffffffffffffff, 0xc0189377, 0x0)
ioctl$VIDIOC_QBUF(r1, 0xc058565d, &(0x7f0000000200)=@fd={0x0, 0x5, 0x4, 0x10, 0x0, {}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, "230700dd"}, 0xffffffff, 0x2, {}, 0x1c000})
r8 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_DEVICE(r8, 0xc00caee0, &(0x7f0000000040)={0x4})
ioctl$KVM_CREATE_DEVICE(r8, 0xc00caee0, &(0x7f00000000c0)={0x4})
r9 = syz_open_dev$media(&(0x7f0000000000), 0xfa8f, 0x347402)
ioctl$MEDIA_IOC_REQUEST_ALLOC(r9, 0x80047c05, &(0x7f0000000940))

8.425737273s ago: executing program 5 (id=608):
socket$inet6_tcp(0xa, 0x1, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000440)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f0000000340)=@abs={0x0, 0x0, 0x4e27}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
inotify_add_watch(0xffffffffffffffff, 0x0, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x1c, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000380)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x3, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000080)='sched_switch\x00', r3}, 0x10)
socket$inet6_tcp(0xa, 0x1, 0x0)
syz_open_dev$tty1(0xc, 0x4, 0x1)
sched_setaffinity(0x0, 0x1, &(0x7f00000002c0)=0x2)
unshare(0x42000000)
syz_mount_image$vfat(&(0x7f0000000180), &(0x7f0000000080)='./file2\x00', 0x80040, &(0x7f0000000a00)=ANY=[@ANYBLOB="73686f72746e616d653d6d697865642c666d61736b3d30303030303030303030303030303030303030303036362c696f636861727365743d69736f383835392d312c6572726f72733d636f6e74696e75652c756e695f786c6174653d302c696f636861727365743d61736369692c726f6469722c73686f72746e616d653d6d697865642c756e695f786c6174653d302c757466383d302c757466383d302c756e695f786c6174653d312c64656275672c756e695f786c6174653d312c666d61736b3d30303030303030303030303030303030303030303030332c6e6f63617365aec489af6ba9723d4b17106f6d47b9ade1c253d4e3b08066427cae9f41fd1e1dd25a22ec22ad6e8bf6f67e052de91b544f2f4541f87a0c0b36e8d444150b35c110bda57fe7a9c06ba087cc975447082aaf95213301f3e04b70ea67a8aa0d582ca1a9525dba7116d80f126f782a78428b878fc79c0be9ad98cb6950995e6edba78e5301e8c8e69cc85beceb8b54f84a84787815ef9a18f1fe1c81b4c1830102f7e3236e2533e486ecb46ee53991c5bfe6289a474582b2e57741fd8de78f42097851bee74d4201c7767e0e0f4b34523150639b1291441ad01f2f72ed3679d7bca0e8b4e0689f883196af0d0dfe7344f276c1b4bd333882cf7879248ad423e3f21cd0cae2309519f9d40df23cf05d9c8d8f9d07da771ea1e3bcd8478fb989f770da00f700000000000000", @ANYRESOCT=r3, @ANYRESDEC, @ANYRES64=r1], 0x6, 0x2e5, &(0x7f0000000d00)="$eJzs3U9rHGUYAPBnNruzYz0kB08iOKAHT6Xt1csGaUEMCJYc1IMG24BkF6GFgFWc9uTViwc/gyD4Qbz4DQSvgjcrFEZmdjYzu9lOEuhW2vx+h+yTd95n3j8z7MwlTz5/Y3Z0J4/DR9/+EVmWxGASk3icxE4MYuFhLJn8EADAi+xxWcbf5dxF8pKIyDY3LQBgg873/B+24a/zj2TzUwMANuT2x598sLu3d/OjPM/i1uz74/3qyV59zo/vHsaXMY27cS2240lE/aIwivptoQpvlWVZDPPKTrw9K473q8zZZ78159/9q/OysFP/PHnbqPPf37t5PZ/r5BfVPK4040+q8W/Edrx2kryUf2NNfuyn8c5bnflfje34/Yv4KqZxp55Em//d9Tx/r/zxn28+raZX5SfF8f647tcqt57jZQEAAAAAAAAAAAAAAAAAAAAA4CV3tamdM466fk/V1NTf2XpS/TKKfGFnuT7PPP+kDmC3PlBZlkVdLmdeX+danudl07HNH8brw25hQQAAAAAAAAAAAAAAAAAAALi87n/94OhgOr1775kEi2oAw4j493ZET+dB9Jxn0ml5M/oHHTdjHkyngyZc7jPstsTWok8S0bucahHPaFvOCl45Necm+PmXi54wO7vP6Gk7v1Vfr6x/W9YFxWrL4u46OkhO72HVMo5FS9bcJD+lEW2fNM45evq0Q2X03n4rQbr20Pb50pNmXVlE+mrdUqztPKgXGEnfxN79c75zTUuyuoq03tW16aMm6KSv3BtL1+Lww+6Gt0G1jAdHB1dOf1cknWodycNNfBsBAAAAAAAAAAAAAAAAAMDl1v7175qDj3pTB+V4Y9MCAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgOeq/f//FwiKiBg1Jzijcxr37sfwf14kAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAL73/AgAA//+y+FB6")
r4 = openat(0xffffffffffffff9c, &(0x7f0000000040)='.\x00', 0x0, 0x0)
ioctl$FITRIM(r4, 0xc0185879, &(0x7f0000000080)={0x4, 0xb831, 0x3ffe})
r5 = open(&(0x7f0000000200)='./file0\x00', 0x108843, 0x98)
fcntl$setlease(r5, 0x400, 0x1)
openat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x0, 0x0)

8.416847804s ago: executing program 0 (id=616):
rt_sigaction(0xd, &(0x7f0000000180)={&(0x7f0000000000)="ca00d1c441ef196ec866400fe2de0fae4e0afaf2466ff00fc01ec422e10399c5c1202063df", 0x44000004, 0x0, {[0x2]}}, 0x0, 0x8, &(0x7f0000000300))
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='blkio.bfq.group_wait_time\x00', 0x275a, 0x0)
write$UHID_CREATE2(r1, &(0x7f0000000340)=ANY=[@ANYRES32, @ANYRES8, @ANYRES8=r1, @ANYRES64=r0], 0x118)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x88fd537e5c114b6e, 0x11, r1, 0x0)
ioctl$KVM_X86_SETUP_MCE(r1, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f25, 0x4})
sendmmsg$inet6(r0, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4)
r2 = socket$inet_tcp(0x2, 0x1, 0x0)
sendto$inet(r2, 0x0, 0x0, 0x805, 0x0, 0x0)
r3 = socket$inet6_tcp(0xa, 0x1, 0x0)
sendmmsg$inet6(r3, &(0x7f0000005800)=[{{0x0, 0x0, 0x0}}], 0x1, 0x8014)
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x1, &(0x7f0000000180)=[{0x200000000006, 0x0, 0x0, 0x7ffc0001}]})
socket$inet6_tcp(0xa, 0x1, 0x0)
r4 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000040)='cpuset.effective_mems\x00', 0x275a, 0x0)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x88fd537e5c114b6e, 0x11, r4, 0x0)
r5 = socket$inet6_tcp(0xa, 0x1, 0x0)
ioctl$KVM_X86_SETUP_MCE(0xffffffffffffffff, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f26, 0x4})
sendmmsg$inet6(r5, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0)
ioctl$KVM_X86_SETUP_MCE(0xffffffffffffffff, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f27, 0x4})
sendmmsg$inet6(0xffffffffffffffff, &(0x7f0000003c00), 0x0, 0x4)
r6 = socket$inet6_tcp(0xa, 0x1, 0x0)
sendmmsg$inet6(r6, &(0x7f0000000500)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4)
readv(0xffffffffffffffff, 0x0, 0x0)
syz_mount_image$ext4(&(0x7f0000000240)='ext4\x00', &(0x7f0000000a40)='./mnt\x00', 0x0, &(0x7f00000002c0), 0x0, 0x236, &(0x7f0000000300)="$eJzs3TFoM2UcBvDnLomf/b4gVRdBUEFEtFDqJrjURaEgpYgIKlREXJRWqC1urZOLg84qnVyKuFkdpUtxUQSnqh3qImhxsDjoELlcK9VGFFNz8t3vB5fcJe97//e4e95kOS5Aa00nmU/SSTKTpJekON/grnqZPt3cntpfTgaDx38shu3q7dpZv2tJtpI8mGSvLPJiN9nYffro54NH731jvXfPe7tPTU30IE8dHx0+dvLu4usfLjyw8fmX3y8WmU//D8d1+YoRn3WL5Jb/otj/RNFtegT8E0uvfvBVlftbk9w9zH8vZeqT9+baDXu93P/OX/V964cvbp/kWIHLNxj0qt/ArQHQOmWSfopyNkm9Xpazs/V/+K87V8uXVtdemXlhdX3l+aZnKuCy9JPDRz6+8tG1P+X/u06df+D6VeX/iaWdb6r1k07TowEmqcr/zLOb90X+oXXkH9pL/qG95B/aS/6hveQf2kv+ob3kH9pL/qG95B/a63z+AYB2GVxp+g5koClNzz8AAAAAAAAAAAAAAAAAAMBF21P7y2fLpGp++nZy/HCS7qj6neHziJMbh69XfyqqZr8r6m5jeebOMXcwpvcbvvv6pm+brf/ZHc3W31xJtl5LMtftXrz+itPr79+7+W++7z03ZoExPfRks/V/3Wm2/sJB8kk1/8yNmn/K3DZ8Hz3/9KvzN2b9l38ZcwcAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABMzG8BAAD//8n0bSk=")

6.714403115s ago: executing program 5 (id=609):
rt_sigaction(0xd, &(0x7f0000000180)={&(0x7f0000000000)="ca00d1c441ef196ec866400fe2de0fae4e0afaf2466ff00fc01ec422e10399c5c1202063df", 0x44000004, 0x0, {[0x2]}}, 0x0, 0x8, &(0x7f0000000140))
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='blkio.bfq.group_wait_time\x00', 0x275a, 0x0)
write$UHID_CREATE2(r1, &(0x7f0000000340)=ANY=[@ANYRES32, @ANYRES8, @ANYRES8=r1, @ANYRES64=r0], 0x118)
r2 = socket$inet6_tcp(0xa, 0x1, 0x0)
r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='blkio.bfq.group_wait_time\x00', 0x275a, 0x0)
write$UHID_CREATE2(r3, &(0x7f0000000340)=ANY=[], 0x118)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x88fd537e5c114b6e, 0x11, r3, 0x0)
r4 = socket$inet6_tcp(0xa, 0x1, 0x0)
ioctl$KVM_X86_SETUP_MCE(0xffffffffffffffff, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f26, 0x4})
sendmmsg$inet6(r4, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0)
write(r2, 0x0, 0x0)
ioctl$KVM_X86_SETUP_MCE(0xffffffffffffffff, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f27, 0x4})
r5 = socket$inet6_tcp(0xa, 0x1, 0x0)
sendmmsg$inet6(r5, &(0x7f0000000500)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4)
r6 = socket$inet6_tcp(0xa, 0x1, 0x0)
ioctl$KVM_X86_SETUP_MCE(0xffffffffffffffff, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f25, 0x4})
sendmmsg$inet6(r6, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4)
sendmmsg$inet6(r0, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4)
r7 = socket$inet6_tcp(0xa, 0x1, 0x0)
sendmmsg$inet6(r7, &(0x7f0000000600)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0)
r8 = socket$inet6_tcp(0xa, 0x1, 0x0)
sendmmsg$inet6(r8, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4)
openat$fuse(0xffffffffffffff9c, &(0x7f0000000180), 0x2, 0x0)

6.700428216s ago: executing program 4 (id=610):
syz_mount_image$hfs(&(0x7f0000000080), &(0x7f0000000000)='./file0\x00', 0x1, &(0x7f0000000280)={[{@uid}, {@iocharset={'iocharset', 0x3d, 'cp950'}}, {@gid}, {@umask={'umask', 0x3d, 0x5}}, {@codepage={'codepage', 0x3d, 'cp874'}}, {}, {@file_umask={'file_umask', 0x3d, 0x5}}, {@type={'type', 0x3d, "79ce36fb"}}, {@gid}]}, 0x1, 0x337, &(0x7f0000000540)="$eJzs3T1rFEEYB/D/7L2bENckErGMBqxCEgtFBEXS+QUsJBiTC4SsEUwEI4rRWsROECztrEW/gjbiF9AqRbDSJohkZWZn92YvM3t3ebm9I/8f5F7nmXlmb2d35uRcENGxdWP2x/uLW/JPlAAUAFwBPABVoAjgNMaqD1fXl9eD+mJWRQUVIf8Eokixp8zCat0WKuNUhObLZ0UMmq/R0QjDMPzZstTvruRC+RHR2N/DAyp6dKr3q13PbF822yhQ6U4qPcT4hMUOdvAIQ3mmQ0RE+dPnf0+fJQb1/N3zgAk9D++n83/MXEGk5jc7wJOT3c+nZyTnfy96Hgq5fdQWEY31nlrCyW3oxatEW13WfSJsbO4yoj3LSyXQalWpcvFqS8tBfXJTVfAC1zSj2Ki6XUzX7sq2HN2NW9amGbL6nm1A9aEk+1By5D/ScYuft/HG3tzc1zZyEl/ENzEnfLzFYjL/K4ZCbhy1fXygZgZE+U+5a1S99KNSqV42Rt8p1cjZ+BP49KHRy5pru1ZRkLnYyFpE8/zdj/N8XXZHYTh9UNC9m3b3TkWNWKNmkud/rVGjzVG1pVJQn1y4H2R+lXJorCs68UrcEuP4hY+YNeb/niw9AffITI1yoUrqPSOzP0VV0vE5pqgBfK+jkUnAvzDSYdhL3MVlDK1tPF6ZD4L6g/wfxEOlR/KJdkS9O8pX5L1RBlX5oATg0BrdDcPQ+lYRh9BEOU7VlXNJdfXSu6TL6jCrv0o5WOvYjLah8dZ1d+HGYVO+Eh8ROmxUhT9LouTZopPwP7r1tQ37DimMDMtHu0PGTc0HwZnkgyug0tZIqe2j0ZtPV+aD/RyLqN8Y42Xs9vbVvNOh7pPzLhGt/4z1ypQ66sgbP2M10nLWYdQ47VgBDavbE+2t4JJqnfPEgfhBUJ/JWnOduwCcb2rRQ9zi8+ZqfZ0nevFfJSu2tGpZEWIW33GH3/8TEREREREREREREREREREREREREfWbTn+N4P45wa7+HZL9lxgNW8fwP94gIiIiIiIiIiIiIiIiIiIiIiIiIiIiIjoY4/q/QEFdMaac+/V/C21c/1e0vMQnEbXwPwAA//9LoGV9")
socket$nl_route(0x10, 0x3, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000200)=@IORING_OP_RECVMSG={0xa, 0x34, 0x3, 0xffffffffffffffff, 0x0, &(0x7f00000010c0)={0x0, 0x0, &(0x7f0000000240)=[{0x0}, {0x0}], 0x2}, 0x0, 0x40000000})
openat$dsp(0xffffffffffffff9c, &(0x7f0000000000), 0x2002, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
getsockname$packet(0xffffffffffffffff, 0x0, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x40408c4)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0)
r0 = syz_open_dev$sndmidi(&(0x7f0000000000), 0x2, 0x101102)
writev(r0, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
ioctl$FS_IOC_GETFSLABEL(0xffffffffffffffff, 0x81009431, 0x0)
r1 = syz_open_procfs(0x0, &(0x7f0000000240)='mountinfo\x00')
ioctl$TIOCGPGRP(r1, 0x540f, &(0x7f0000000040))
syz_open_procfs(0x0, &(0x7f00000000c0)='fd/3\x00')
mount$9p_fd(0x0, 0x0, 0x0, 0x804000, 0x0)
r2 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000000)={0x1, &(0x7f0000000100)=[{0x6, 0x0, 0x0, 0x7fff0000}]})
close_range(r2, 0xffffffffffffffff, 0x0)
r3 = syz_io_uring_setup(0x74d, &(0x7f0000000100)={0x0, 0x59c4, 0x800, 0x1000, 0x5cc}, &(0x7f0000000300)=<r4=>0x0, &(0x7f0000000080)=<r5=>0x0)
io_uring_register$IORING_REGISTER_BUFFERS(r3, 0x0, &(0x7f0000000740)=[{&(0x7f00000003c0)=""/201, 0xc9}], 0x1)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000440)=@newlink={0x20, 0x10, 0x705}, 0x20}}, 0x0)
syz_io_uring_submit(r4, r5, &(0x7f0000000200)=@IORING_OP_EPOLL_CTL=@add={0x1d, 0x0, 0x0, 0xffffffffffffffff, 0x0, r3})
io_uring_enter(r3, 0x749f, 0x4, 0x0, 0x0, 0xfffffffffffffef5)

6.128147874s ago: executing program 0 (id=611):
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000700)={0x18, 0x0, 0x0, &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, 0x2}, 0x94)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x9}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f00000003c0)=@abs={0x0, 0x0, 0xfffffffe}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
syz_open_dev$ndb(0x0, 0x0, 0xc8040)
r3 = socket$can_raw(0x1d, 0x3, 0x1)
setsockopt$CAN_RAW_ERR_FILTER(r3, 0x65, 0x7, 0x0, 0x0)
ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000040)={'veth0_to_batadv\x00'})
sendmsg$can_raw(r3, &(0x7f0000000140)={0x0, 0x0, 0x0}, 0x0)
r4 = openat$ttyS3(0xffffffffffffff9c, 0x0, 0x48200, 0x0)
r5 = socket(0x2, 0x80805, 0x0)
getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r5, 0x84, 0x6f, 0x0, 0x0)
getsockopt$inet_sctp6_SCTP_MAX_BURST(r5, 0x84, 0x83, &(0x7f0000000000)=@assoc_value, &(0x7f0000000080)=0x8)
setsockopt$inet_sctp6_SCTP_DEFAULT_SNDINFO(r5, 0x84, 0x22, 0x0, 0x0)
ioctl$TIOCVHANGUP(r4, 0x5437, 0x0)
mlock(&(0x7f0000000000/0x800000)=nil, 0x800000)
bpf$MAP_CREATE_CONST_STR(0x0, 0x0, 0xffffffffffffffe3)

6.127027974s ago: executing program 1 (id=612):
r0 = openat$dsp(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
syz_open_dev$video4linux(0x0, 0x80000004, 0x800)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x3000007, 0x38011, 0xffffffffffffffff, 0x0)
ioctl$DRM_IOCTL_MODE_GETCONNECTOR(0xffffffffffffffff, 0xc05064a7, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x5)
r1 = syz_open_procfs(0x0, 0x0)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000440), 0x80383, 0x0)
r2 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r2, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
mknod$loop(&(0x7f0000000180)='./file0\x00', 0x2, 0x0)
ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f00000004c0)={'\x00', 0x7e, 0x1000, 0x5c8, 0xa, 0x6})
ioctl$BLKTRACETEARDOWN(0xffffffffffffffff, 0x1276, 0x0)
r3 = syz_open_dev$vim2m(&(0x7f0000000100), 0x0, 0x2)
ioctl$vim2m_VIDIOC_REQBUFS(r3, 0xc0145608, &(0x7f00000000c0)={0x1, 0x2, 0x1, 0x0, 0x2})
ioctl$vim2m_VIDIOC_QBUF(r3, 0xc058560f, &(0x7f0000000240)=@mmap={0x1, 0x2, 0x4, 0x800, 0x9, {}, {0x2, 0x2, 0x4, 0xc1, 0x0, 0xf0, "18a6fc23"}, 0x1, 0x1, {}, 0x1})
ioctl$SIOCAX25GETUID(r1, 0x89e0, &(0x7f0000000340)={0x3, @bcast})
r4 = syz_init_net_socket$rose(0xb, 0x5, 0x0)
bind$rose(r4, &(0x7f00000000c0)=@full={0xb, @dev={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, 0x4, [@null, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x1}, @default, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x3}, @bcast]}, 0x40)
connect$rose(r4, &(0x7f00000001c0)=@short={0xb, @dev={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @null, 0x1, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x1}}, 0x1c)
ioctl$vim2m_VIDIOC_STREAMOFF(r3, 0x40045612, &(0x7f0000000040)=0x1)
ioctl$vim2m_VIDIOC_STREAMOFF(r3, 0x40045612, &(0x7f0000000080)=0x2)
ioctl$SNDCTL_DSP_RESET(r0, 0x5000, 0x0)

4.718603146s ago: executing program 4 (id=613):
socket$kcm(0x10, 0x2, 0x4)
r0 = syz_open_dev$tty20(0xc, 0x4, 0x1)
r1 = memfd_create(&(0x7f0000000540)='y\x105\xfb\xf7u\x83%\x1f\xe09@:r\xc2\xb9x0\x90P\x03\x00\x00\x00\x00\x00\x00\x00\xfe,\x1c\xf1\xdd\xcf]\xac\xbc\t\xbb\xfc\xa4j\x9f\xceX\x8f5=\xaa\xd5\xe9n\xab s\xa5\x00\x8d\tV\t\x91\x18\x06O\xb0=D\xda\xb6F\x1a\xc82\x8b\xc0l\xd0\x89d\xe6\xb7\xd8\x97\xb8\xde\xa3\x89\"%/u\x17\xdam\x8d\x01Lh\x1e^\x9ej\x1c\xc5\xf0\xf6\x92\r\x9aH\x00\'\xd4\x94d[\v\xfc\xad\x0f\xa8\xc5\xad\x001\x8b%\xaa?\x00\x00\x00\x00\x00\x00\x00\nj\x8c\xef\x90\xc0Z\xfa\x1a\xb3\xf0wVq\xe9d\xf8N\x80\xd1g\xd8e\xc8\x16\xad1\x02\xab\xce3\xb2\xb0\xd1\x11\xf0\xc2Gj+kV', 0x6)
socket$alg(0x26, 0x5, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r2 = openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0)
r3 = syz_open_dev$sndmidi(&(0x7f0000000000), 0x2, 0x101102)
writev(r3, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
r4 = openat$qrtrtun(0xffffffffffffff9c, 0x0, 0x8000)
r5 = socket$qrtr(0x2a, 0x2, 0x0)
ioctl$SNDCTL_SYNTH_INFO(r2, 0xc08c5102, &(0x7f00000001c0)={"2e77ebb92575993c79c88e9db1118ddeaeee1a09c23b028803298a038530", 0x0, 0x2, 0x0, 0xff, 0x3, 0x1, 0xfffffff9, 0x1, [0x0, 0xf, 0x10000, 0x4, 0x1, 0x8001, 0x8001, 0x101, 0x6, 0x8, 0x9, 0x99, 0x401, 0xc72b, 0x8, 0x8001, 0x275b, 0x7, 0x3]})
ioctl$FS_IOC_GETFSLABEL(r5, 0x81009431, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f00000005c0)=ANY=[], 0x48)
sendmmsg$alg(0xffffffffffffffff, 0x0, 0x0, 0x40800)
recvmsg(0xffffffffffffffff, 0x0, 0x0)
ioctl$BTRFS_IOC_SUBVOL_CREATE(r1, 0x5000940e, &(0x7f0000001300)={{r4}, "9898f2c86b1794b977e01397b7795c15ce0824f77bab1cbc461860f5d5bf06a1fb631fe5845e871f0a47bb0a1ad04643274096e66c29ce8880c44cd8df5167b004bf9d27f6d51f78653c6d7f99a392ed08a4e160fdc8814106dbfa74bdf951b3d3e92226f4bd75b117660e0b59eea948b05b1442a5a2297603269ff782935bc692eebc7039b0395ea4a903b82797c8389a5866ad64374d383296e44f8f331a2552a2492f3eae2bf327fce836a1017530228c871c0e56fc56dc8e454712dde73a36eca6fdd6366c629e70db54ff04fa3c63c935d2ff78ecd93906749f26ab6c1ca4222139cda24dd0942a3fed36d4ff42f76f05742618fb819eae2ba876264b64449309536d6a42aed421806256eada54f75b722bc1e879c3dc83c8f830d7e701aa68626d81ff2d5381f2a7661a4690a3590a77eed7aebf0ecd4af298bf8fb28010a5ba0cabaec4327c37104407c0130e7747b85d56ac96392761f628c04a501f74ce155523bb9598bf7c43ac9be382ac0a2c9b359bd7beadb010020def67a90dd6074f62c631463887ecb207a28117446e69a230b952a08b16025a6454d8cd8398e194b4983d1168e89120a1014cf65869c6b24414450885967ec7409f2270975fb74ad30b0192b08d9386423bbba012526f50eb607d55e6479930e07dca4887dc3a34f152001279448462494d72db2da46a020badff0271af129024572630b14a8ce0245d5f98f7136d0855deff5e6c1e5b51b691f8a96c1653fa097167c1826b78d30c575fe44d3d3d28d2862a021795e1cb3df1275d5545b7b4d3a820201ef4cf80dead614e45c238c846b89b1408fe2d2ad0842331cc192e20050c3be5aca7690f2475ea650d193af8aea21d601e2899c591014077dbb01f72196ba1847e102a121f9323f7c8f46c1b1cde36aad14d6dedbc8c94b9c7fcd4c5925909311b030c919806d9ca06c78382f408e7c5d6277942917c1a7e1844e205dd9b5200ca418beda7028af620eca48a202f486b21f373f9f076347896d72d8b09d6968132000fdf899c99dbfa8f4b5157784602e3e042e899299f39441029d4f17c67982ed0ee9a41bad8f32a6d98493225cd56523ed1a8ef7a59b5758558b41a33c63a9458c55928ecfe5b48ddf2a8f90d6ca4244ba04ad38544391e54b2dc4f7df246a739b61a99e03ff7f28084a5eba7a763178df944a7f7a9e2ecf4eee03e6d03ff589c0880983bc7d105ee9a9076f0e78fdd081a95d00cefae4291e2332985891e0a878b0646912e94f9ce58858c5ffb44de898718eace5332c413e704daac91b6bb760879996a50c636fe0c18cc526c18a963bc69e7449c13f267bdac423e590739a43ccf654d12b23d94878fa0c11eff0af7dcc0897ec038a630efb27a88d955422943d6bf21bc6c008289352d8aeddbf09ba24099dc3c24f1fdeab0a62f46c99bc474f780d63a0721d530cbd53d73bf01f58232af86c35e89a835d8e8559664b60989a5b4f00d0943080c9bf0d6d3d88c03a9b1b9a542e5a2e10dd326c456f3815e80929dd497be7ea2b6fb2ac15920eb113cc2c799e2b0a60411a8fc11d859ada36e1ea10690a0f65afc44bf3dcb6f1eb4edbe1291e534e859e8a301deb269fb55db27ed30f13cec7fbab4ba5388a0b4eb53c8f86dee84d9b0832b2dad7f1a38ae0a66c54b1c98f4fddb2dbd76c199b5e9a1d9febd9c1de0641e1225073719c01373e0dfd2aaaa2c2d606b4e609f782fd369cdd0a6c5ed635d06a1fa42469c0f3409fc54ad76882d124c0b91b033aaa3af17ff6254db8368d4481b8e37bc09dffc2d3b4673a642ec757fdeb98df41df0150706739b54524b04db0e67273e3d018ce32a35397de34a2e33560830c1b8572903791be868a3e170931571875805d89be3334d52803d75ed33644b6cc639d4c44719bb3c0ddbcfa776a778915988f0d9ab7d7da08c0c1e3e4e43cec9682b977f4c5d99fbbc05264e0e177785775fc8e40d15ab11ec2d11db02e2b06e83d6b59ba0aeac32690f909e5c0932ad9a2fda6a06eda83764e0045e566fd3d41096a832f2b15d6f2e098ce2de199bc0751936bd693a14c68fa20b7af495020d971521dba944edce81ec3c0e6089f1d77faaffbbdaaf5eff3abebcbbe39200f6862525964cf4caa8df3a9c141726b82267ee21ab29b069b31a118275ed156efb50666c9b66157fe38698a9a921c21d12942ec12de46d53864d92e7d3937cd085274835dd4c6ca9f571231439e1addee28603e19a00c39bd85569266aa6c1a05e6249a17adc7d0f8977723a5f9dda93923662fe49bbc8eff6442fb100734ce5eb515a7d730c5a0441fe16b553173698652e1f352024004ea604ff0d32eafeed4b5d04637195c6bbedf68f0f1eae28a606620435352d3d8244f0e7b2469a86cb8bcd8540162dcd878ae80ae515065280ab2ebe3a165194b7ed10246389279d57663093ce247c7cccfafa77fbf41df673b476926bfc029774de0b6d6bf6c31add797833955383d21c4d83136e3fe710408010bfd330fd123fe640d4387742d49c79bc1cd7c384286d06d0fb75a187121ca6141179df7b45e82a8eb3c60a156f22bc8ac4012bfab5131874b1f0ee748ebe1622367c3fd9a1191f7e9e366045725e118c2ab3f99a6217765cbe3d6e8634f95c684146cfb622f0b5cc63e7b93d576788af2677054f2f63444990338d0eda74232952e6609e419481244944e8a92067591d8649389940e9b74ae570a1485b85465036a047a4e2193c2a6c7d4283fa956d4036c87d4fe97a9020c08f29ee12182413be5fec94aa6d139706493359d51ce9d7c53e8774ea8f74f3367372a09e23cfc6f977db3a278db8270b53fed7ce65f68b2c2e0cabafc9ddee9b0cc800f5c778a9529e9b412c0a812e8871c4aebae55117b8f2c6e15b816ef0cdb71791dd951293f2da41fd99eefda8dc756a368a20b4bb35ec232469146916cac126930647a2668a7fdcdb59b54dd6306dd3807584453b47cdc933a349f85a1ab34d87fe95c5ffaed5dca903163287de332a83f53049c3d5dcace43506764e760d087b5b69fcb671535c72a3b5b1d73163c60ade609b6b5e3033cd473605a5398326968702ee5dff2049fb35193e2070501762e8bae88ff2b17cc4b46c91ae64cb1b1d168dcbd03e7f84453fe0bebfd1c00275d3fe697f91316b4799ec6c2a4c59616af23a4b080ce66288c291947400695d708eea81d32a6a0da2f5148448372902277ed5c7fbc1625c492ef4bac5a1e2a64ecb8095fee969cb69c8b7f28c149e78172f66130f52cf435a994992935356deb4e844c6a6611656bdc993e874a4d09361aa3e96472632efba98481fd782c085417180bfd5fcde03aef8a63861457054e4c1f595050f77cadb728a8acd9291f522237751e2d7715a04170ae62dfd80bb3da09b445b3db558f2cc5f942a148022779e17f3c1b89c4e1286bc2963c81fd854c9f582d1e89d0ad5e667b4a4db99c999f4988f1810f8baac13ab75fd5ddfd74b5b452229d5c1679fb56939f5951e0972859e3cf24844cfb3a884294ef35fcedde9f727bc65f2d0addb1b10b56f350281d14b58d152447fa3717adb7ae4a1b1b9f6d43bb773710fefbc313ef0c57aadfdbcec15fdc43eb146c3bf147a54cad0b966ef94535dd6fe76d7dc4ef9d548f74e34193dd94dd9442eea0d3cc807c5f77cd8b70bbf1e3d507e4b82bbf3c8a2a861c6a1cac37532de9f837637bbe44ac07a09e9291274981f2fb979d5c0d30a1e0ec9120d4ef8d559265de17a5884a923d2b8360b43bd186ff3f214b2c2a268b6455d55567a4860d9c20736765eec3b1429be407d7e419478a7c7d49259d09ba04ed90f30ca9fb1d0ae1fdfc1cf572921c72eba983deeeca2bec2453354308863cc7ca508f70682a69da52cb8af029e9964db8155ad45a5b772685a5b5ab2b969ad3d846386ed99bf17e4e0c04a3995cb8a84c0a957f29b40b5bcb09a4bcafc049a73df642d68f036c35c4ddfa3bce097c38a88bc547d4883f026827ee53a573fa4b7d06e2685c91d976243069b5237b2e9897f2249bfb06107bf7e813c3164368666598b352a2be04592d0caf21dcac926368d9c8b25d27c0c933e3bd89d8b988cfa9ee7137b4001e7e6ac05e95f4b214e75dd215f1e3c30f26fef74ceaf625e0b177fdc6c5a14d63987da89569336c96184f49c7dac371a710a260ef81f717c85a97e167a5c4443704e0035d8c9257f61446e143f426a8d4338aaad54614c4c453e7f9d70af49f1b9c8a87231d4ebc60468c00146ac5f7573fd3956cd302515387ccf430d4a94b73d2e92bd24798b0e32a2bf564b24f76ea67e99859ce4022ebf2313d8b94fac47536032adf82ba2475fdf95083aefcf8feb2d954375c1c6531c62c77a05994cfc2c7450d071440934289bdf8dd4185576f8b273f976d055b88435e150748e3f54d3819bf866dee21e2d5ba210fea73a1b9c77d1c1906ccac886124c8b60c9d71840cba7b890a26d44ff7b8ff245e97ab6d9c335a5db3156995567b2b66f39626a1a00abb87b93a6df37c3223ffaaaaa9222bb42ce52f93b9790024eb812b08ad79ee741e1f242dfeb856fd3908a127b74fce923c108e2e834497351bd0d159b90ea25b30231fe841f057b4ac35a881e3ce3ce7b6b15998b302359bf3a49a685217ca973984209444ed478fa4d84a1c23b7f11c1eb8dbf19d9e741d389f5fdf5a58e864068ddc505c95c7abc50c7a6f16b0a989486dd818e6fc305e88d0fbc956c3418e64545135b2b2e9eb875c0aa50bf6586d0aa832baeb772adfe667a6ed86d5ad973bd320b9be03c44de38420fcef411831ce7c362e27c910cbfcf78eedefe77ea57757e70038e520ecfa008a94dc73ec24a8df3e7e112fcd0eab6780e0612191dcad0f812e43f22d58afb76209b692a9981e8e9e0ca2d46904e586a258af024f38635ec1dc262ce1d9edadde52d976adc231a7e7edb6ce62457e60cca14625ba9ef0d20540437a92694b0db49458effda9981b1935d90368457b61d6e5f57c4be58d2ff4c63ecb518f63ce781c0f72ca3b86cb7b386caf8528f74a9c9e433897f479ab5b23f7b1d555613cb608a38de383394c929124a08dc172cff1097ab34b30bc55ac94792d784062e3a6e3209696e6eb3756a2993a7fee1c5bf54618eeef743f4240e39e05a31034a8a72dd7fecf35f0fa1343a5b03501d9888ef5722554330151266aa425c2715f9bf487eca2c0c2dcc3644c320f11a88d43955a6793c8f93bcd2fd1c0aaddc5dbfcece85ffc58d1740a04ecb68750425fe8ab5746eeac692e8c6ccfef888e8a04d00a4402668f6b416a1b6e548751aa9ffa4b4fd6d631194b4bcecc3dbe876169cd08781ed26904fca3e76ee5a9e5bdd04e93db45f8eaa9215155872945359c45261c8008213068daacb3be3f3ee03d008ed72585ede6e84abaf979e0b3acbe31a86253de11dad40507c9ee688ee6e12632867f0755d923a64934d4917c552a072b51e4d7b7aaf1f215fe5fa6beb96bf4fd4bf90afb3dd06b1bcb9b9fd0ca14c6667828fe19fb0e3d0b43ee720222ebbf9487f186b052c5c3cd4a7fe97d5c0a0e43e7a5b62bbe9ca0e96a0d66e4745b424b655b5b2e2125173e09270f2bea98f487f8a150bff0d3a16e780b48eb8ac42d82da73bdfd9384b494c3b2e08ad533d670e58aa85f107ad564ba949900448b8193cdea3b811bf6b3287a545385745bbb1a9f17c3c30ae9e889b9efebfacd32c8fabd7999b0bf06147dd23b6"})
ioctl$TIOCSTI(r0, 0x5412, 0x0)
bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000001280)=ANY=[@ANYBLOB="0200000004000000080000000100000080000000", @ANYRES32, @ANYBLOB="000000000000000000006b7d541fdc8400000000", @ANYRES32=0x0, @ANYRES32], 0x48)
ioctl$TCSETSW2(r0, 0x402c542c, &(0x7f00000000c0)={0xfffffff8, 0x3, 0xfffbfffd, 0x3, 0x4f, "1c419208876b000000820b0000000000000d00", 0x6, 0x200})
ioctl$TUNGETVNETBE(0xffffffffffffffff, 0x800454df, &(0x7f0000000400)=0x1)
bpf$BPF_GET_PROG_INFO(0xf, &(0x7f00000003c0)={0xffffffffffffffff, 0xe0, &(0x7f00000002c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x44, 0x8, 0x0, 0x0}}, 0x10)
r6 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000340)=ANY=[@ANYBLOB="02000000040000000800000001"], 0x48)
bpf$MAP_GET_NEXT_KEY(0x4, &(0x7f0000000540)={r6, &(0x7f0000000400), 0x0}, 0x20)

4.716506106s ago: executing program 5 (id=614):
ioctl$KVM_SET_USER_MEMORY_REGION(0xffffffffffffffff, 0x4020ae46, &(0x7f0000000400)={0x10002, 0x4, 0x2000, 0x2000, &(0x7f0000012000/0x2000)=nil})
rt_sigaction(0xd, &(0x7f0000000180)={&(0x7f0000000000)="ca00d1c441ef196ec866400fe2de0fae4e0afaf2466ff00fc01ec422e10399c5c1202063df", 0x44000004, 0x0, {[0x2]}}, 0x0, 0x8, &(0x7f0000000300))
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='blkio.bfq.group_wait_time\x00', 0x275a, 0x0)
write$UHID_CREATE2(r1, &(0x7f0000000340)=ANY=[@ANYRES32, @ANYRES8, @ANYRES8=r1, @ANYRES64=r0], 0x118)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x88fd537e5c114b6e, 0x11, r1, 0x0)
r2 = socket$inet6_tcp(0xa, 0x1, 0x0)
ioctl$KVM_X86_SETUP_MCE(0xffffffffffffffff, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f26, 0x4})
sendmmsg$inet6(r2, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0)
r3 = socket$inet6_tcp(0xa, 0x1, 0x0)
ioctl$KVM_X86_SETUP_MCE(0xffffffffffffffff, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f25, 0x4})
sendmmsg$inet6(r3, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4)
openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
r4 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200), 0x28100, 0x0)
setsockopt$inet_mreqn(0xffffffffffffffff, 0x0, 0x0, &(0x7f0000000000)={@multicast1, @local}, 0xc)
r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000040)={0x0, 0x3c}}, 0x0)
r6 = ioctl$KVM_CREATE_VCPU(r5, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r5, 0x4020ae46, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
ioctl$KVM_NMI(r6, 0xae9a)
ioctl$KVM_SET_REGS(r6, 0x4090ae82, &(0x7f0000000440)={[0x0, 0x100000000, 0x0, 0x81, 0x100000, 0x0, 0x2004c8, 0x8000000, 0x0, 0x0, 0x7, 0x0, 0x5, 0x0, 0x2, 0xffffffffffffffff], 0x0, 0x200})
ioctl$KVM_RUN(r6, 0xae80, 0x0)
ioctl$KVM_SET_REGS(r6, 0x4090ae82, &(0x7f00000002c0)={[0x4, 0x5, 0x6, 0x4004, 0x2, 0x4, 0xefffffffffffffff, 0x0, 0x0, 0x2000000, 0x0, 0x1c, 0x0, 0xffffffffffffffff, 0x6], 0x0, 0x41901})
ioctl$KVM_RUN(r6, 0xae80, 0x0)

3.885006839s ago: executing program 0 (id=615):
r0 = openat$comedi(0xffffff9c, &(0x7f0000000440)='/dev/comedi0\x00', 0x101001, 0x0)
r1 = socket$inet6_sctp(0xa, 0x1, 0x84)
r2 = dup(r1)
sendmsg$inet6(r1, &(0x7f0000000800)={&(0x7f0000000080)={0xa, 0x4e24, 0x9, @loopback, 0x4}, 0x1c, &(0x7f0000000380)}, 0x4048043)
bpf$BPF_PROG_TEST_RUN(0xa, 0x0, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000840)={0x18, 0x3, &(0x7f00000000c0)=ANY=[], &(0x7f0000000000)='GPL\x00', 0x2, 0xba, &(0x7f0000000140)=""/186, 0x41100, 0x7f, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x39}, 0x94)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r3 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r3, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
connect$unix(r4, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r5, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r3, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r4, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
ioctl$sock_SIOCSIFVLAN_ADD_VLAN_CMD(r4, 0x8983, 0x0)
read$FUSE(r2, 0x0, 0x0)
timer_create(0x0, 0x0, 0x0)
timer_create(0x0, &(0x7f0000000080)={0x0, 0x11, 0x0, @thr={0x0, 0x0}}, 0x0)
r6 = syz_open_dev$dri(&(0x7f00000000c0), 0x1b980c37, 0x121000)
ioctl$DRM_IOCTL_MODE_GETRESOURCES(r6, 0xc04064a0, &(0x7f00000003c0)={0x0, &(0x7f0000000300)=[0x0], &(0x7f0000000340)=[<r7=>0x0], 0x0, 0x0, 0x1, 0x1})
ioctl$DRM_IOCTL_MODE_GETCONNECTOR(r6, 0xc05064a7, &(0x7f0000000500)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, r7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3000000})
ioctl$COMEDI_DEVCONFIG(r0, 0x40946400, &(0x7f0000000140)={'comedi_bond\x00', [0x3, 0x3, 0x3, 0x5, 0x2f, 0x7, 0x7, 0x5, 0xffe, 0x1, 0x0, 0x1, 0x1003, 0x6, 0xffff, 0xffff, 0xffffffa8, 0x7ffffffd, 0x1ff, 0x3, 0x10, 0x0, 0x8, 0xe2df, 0x746f, 0x8, 0x5, 0x3, 0x1, 0x4, 0x8049]})

3.834159724s ago: executing program 1 (id=617):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r0}, 0x10)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x102}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
setrlimit(0xc, 0x0)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7)
write$uinput_user_dev(0xffffffffffffffff, 0x0, 0x0)
recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x40000000, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs={0x0, 0x0, 0xfffffffe}, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
epoll_create(0x7)
r4 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r4, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000380)={0x0}}, 0x0)
r5 = bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f0000000740)=ANY=[@ANYBLOB="0300000004000000040000000a00000000000000", @ANYBLOB='\x00\x00\x00\x00\x00\x00\x00', @ANYRES32=0x0, @ANYRES32=0x0], 0x48)
r6 = socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$nl80211(&(0x7f00000000c0), r6)
ioctl$sock_SIOCGIFINDEX_80211(r6, 0x8933, &(0x7f0000000100)={'wlan0\x00'})
sendmsg$NL80211_CMD_SET_TX_BITRATE_MASK(r6, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000240)={0x0, 0x28}}, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000600)={0x10, 0x8, &(0x7f0000001340)=@framed={{0xbe, 0xa, 0xa, 0x0, 0x0, 0x79, 0x10, 0x8}, [@tail_call={{0x18, 0x2, 0x1, 0x0, r5}}]}, &(0x7f0000000480)='syzkaller\x00'}, 0x90)

1.562886933s ago: executing program 0 (id=618):
syz_mount_image$ext4(&(0x7f0000000380)='ext4\x00', &(0x7f0000000000)='./file1\x00', 0x3000046, &(0x7f0000000240)={[{@noload}, {@data_err_ignore}, {@barrier_val={'barrier', 0x3d, 0x2}}, {@dioread_lock}, {@data_err_ignore}, {@resgid}, {@abort}, {@journal_dev={'journal_dev', 0x3d, 0x800}}, {@nobh}, {@inlinecrypt}, {@grpquota}, {@journal_checksum}], [{@appraise_type}, {@obj_role={'obj_role', 0x3d, '\xabZY2\x8c:\xc8\xa9i\xf7,d%l\x1d\x00\b\xdd\xd2ms\x8dF['}}, {@obj_type={'obj_type', 0x3d, 'inlinecrypt'}}]}, 0x1, 0x56c, &(0x7f0000000940)="$eJzs3d1rW+UfAPDvSd/29vutgzFURAq7cDKXrq0vE7yYl6LDgd7P0J6V0XQZTTrWOnC7cDfeyBBEHIj3eu/l8B/wrxjoYMgoeqEXlZOcrNmatFmXrZn5fOCU5znnJM/55pzv0+fkSUgAA2si+1OIeDEivkoiDkZEkm8bjnzjRGO/tftXZ7MlifX1j/9I6vtl9eZzNR+3P6+8EBG/fBFxvLC53erK6kKpXE6X8vpkbfHSZHVl9cSFxdJ8Op9enJ6ZOfXmzPQ7b7/Vs1hfO/vXtx/dfv/Ul0fXvvnp7qGbSZyOA/mxtcbxBK61ViZiIn9NRuL0IztO9aCxfpLs9gGwI0N5no9E1gccjKE864H/vs8jYh0YUIn8hwHVHAc07+17dB/83Lj3XuMGaHP8w433RmJP/d5o31ry0J1Rdr873oP2szZ+/v3WzWyJ3r0PAbCta9cj4uTw8Ob+L8n7v5072cU+j7ah/4Nn53Y2/nm93fin8GD8E23GP2Ntcncnts//wt0eNNNRNv57t934dyPY8aHGLFj8rz7mG0nOXyinWd/2/4g4FiNjWX2r+ZxTa3fWO21rHf9lS9Z+cyzYULg7PPbwY+ZKtdKTxNzq3vWIl9qOf5MH5z9pnP9/Ws9/9nqc7bKNI+mtVzpt2z7+p2v9h4hX297/bMxoJVvPT07Wr4fJ5lWx2Z83jvzaqf1O8V8eewrBtpGd/31bxz+etM7XVh+/je/3/J122vZQ/NH99T+afFIvj+brrpRqtaWpiNHkw83rpzce26w398/iP3Z06/7vQJv+b29EfNpl/DcO//hyV/HvwvWfxT/3WOf/8Qt3Pvjsu07td9f/vVEvHcvXdNP/dXuAT/LaAQAAAAAAQL8pRMSBSArFB+VCoVhsfIf3cOwrlCvV2vHzleWLc1GfBx2PkUJzpvtgy+chpvLPwzbr04/UZyLiUER8PbS3Xi/OVspzux08AAAAAAAAAAAAAAAAAAAA9In9Hb7/n/ltaLePDnjq/OQ3DK5t878Xv/QE9CX//2FwyX8YXPIfBpf8h8El/2FwyX8YXPIfBpf8BwAAAAAAAAAAAAAAAAAAAAAAAAAAgJ46e+ZMtqyv3b86m9XnLq8sL1Qun5hLqwvFxeXZYhJLl4rzlcp8OS3OVha3e75ypXJpajqWr0zW0mptsrqyem6xsnyxdu7CYmk+PZeOPJOoAAAAAAAAAAAAAAAAAAAA4PlSXVldKJXL6ZKCwo4Kw/1xGLtZGI2NNeN9cDw9Kex2zwQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAG/4NAAD///x1NyI=")
openat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x42, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000600)={0x9, 0x20000008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = socket$nl_route(0x10, 0x3, 0x0)
setsockopt$netlink_NETLINK_NO_ENOBUFS(r0, 0x10e, 0xc, &(0x7f0000000040)=0x7f, 0x4)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x6)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x0, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000140)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e24}, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_GET_TID_ADDRESS(0x28, 0x0)
r4 = socket$inet6_udplite(0xa, 0x2, 0x88)
connect$inet6(r4, &(0x7f00000000c0)={0xa, 0x4e21, 0x679, @dev={0xfe, 0x80, '\x00', 0x3a}, 0x1}, 0x1c)
sendmmsg$inet6(r4, &(0x7f0000005400)=[{{&(0x7f0000000040)={0xa, 0x4e27, 0xfff, @remote, 0x2}, 0x1c, 0x0}}], 0x40000000000016d, 0x1000)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, 0x0, 0x0, 0xffffffff, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x30, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffd213}, 0x94)
unshare(0x2c020400)
r5 = userfaultfd(0x801)
mprotect(&(0x7f0000000000/0x4000)=nil, 0x4000, 0x1)
ioctl$UFFDIO_WRITEPROTECT(r5, 0xc018aa06, &(0x7f0000000140)={{&(0x7f0000400000/0xc00000)=nil, 0xc00000}, 0x1})
bpf$BPF_PROG_QUERY(0x10, 0x0, 0x0)

1.562512793s ago: executing program 1 (id=619):
rt_sigaction(0xd, &(0x7f0000000180)={&(0x7f0000000000)="ca00d1c441ef196ec866400fe2de0fae4e0afaf2466ff00fc01ec422e10399c5c1202063df", 0x44000004, 0x0, {[0x2]}}, 0x0, 0x8, &(0x7f0000000300))
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='blkio.bfq.group_wait_time\x00', 0x275a, 0x0)
write$UHID_CREATE2(r1, &(0x7f0000000340)=ANY=[@ANYRES32, @ANYRES8, @ANYRES8=r1, @ANYRES64=r0], 0x118)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x88fd537e5c114b6f, 0x11, r1, 0x0)
r2 = socket$inet6_tcp(0xa, 0x1, 0x0)
ioctl$KVM_X86_SETUP_MCE(r1, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f26, 0x4})
sendmmsg$inet6(r2, &(0x7f0000000040)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0)
syz_open_procfs(0x0, &(0x7f0000000000)='fd/3\x00')
r3 = socket$inet6_tcp(0xa, 0x1, 0x0)
ioctl$KVM_X86_SETUP_MCE(0xffffffffffffffff, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f27, 0x4})
sendmmsg$inet6(r3, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4)
r4 = socket$inet6_tcp(0xa, 0x1, 0x0)
r5 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='blkio.bfq.io_queued\x00', 0x275a, 0x0)
ioctl$KVM_X86_SETUP_MCE(r5, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f26, 0x4})
sendmmsg$inet6(r4, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0)
r6 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX(r6, 0x8933, &(0x7f0000000000)={'lo\x00', <r7=>0x0})
r8 = socket$packet(0x11, 0x2, 0x300)
bind$packet(r8, &(0x7f0000000d00)={0x11, 0x1a, r7, 0x1, 0x0, 0x6, @multicast}, 0x14)
setsockopt$packet_fanout(r8, 0x107, 0x12, &(0x7f0000000140)={0x2, 0x4}, 0x4)
r9 = socket$netlink(0x10, 0x3, 0x0)
writev(r9, &(0x7f00000001c0)=[{&(0x7f0000000400)="390000001300034700bb5be1c3e4feff06000000010000004500000025000000190004000400ad000200000000000006040000000000f93132", 0x39}], 0x1)

1.19812804s ago: executing program 5 (id=620):
rt_sigaction(0xd, &(0x7f0000000180)={&(0x7f0000000000)="ca00d1c441ef196ec866400fe2de0fae4e0afaf2466ff00fc01ec422e10399c5c1202063df", 0x44000004, 0x0, {[0x2]}}, 0x0, 0x8, &(0x7f0000000300))
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='blkio.bfq.group_wait_time\x00', 0x275a, 0x0)
write$UHID_CREATE2(r1, &(0x7f0000000340)=ANY=[@ANYRES32, @ANYRES8, @ANYRES8=r1, @ANYRES64=r0], 0x118)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x88fd537e5c114b6f, 0x11, r1, 0x0)
r2 = socket$inet6_tcp(0xa, 0x1, 0x0)
ioctl$KVM_X86_SETUP_MCE(r1, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f26, 0x4})
sendmmsg$inet6(r2, &(0x7f0000000040)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0)
syz_open_procfs(0x0, &(0x7f0000000000)='fd/3\x00')
r3 = socket$inet6_tcp(0xa, 0x1, 0x0)
ioctl$KVM_X86_SETUP_MCE(0xffffffffffffffff, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f27, 0x4})
sendmmsg$inet6(r3, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4)
r4 = socket$inet6_tcp(0xa, 0x1, 0x0)
r5 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='blkio.bfq.io_queued\x00', 0x275a, 0x0)
ioctl$KVM_X86_SETUP_MCE(r5, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f26, 0x4})
sendmmsg$inet6(r4, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0)
r6 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX(r6, 0x8933, &(0x7f0000000000)={'lo\x00'})
socket$packet(0x11, 0x2, 0x300)
r7 = socket$netlink(0x10, 0x3, 0x0)
writev(r7, &(0x7f00000003c0)=[{&(0x7f0000000380)="390000001300034700bb65e1c3e4ffff01000000010000005600000025000000190004000400000007fdd411efc40800040000000000000000", 0x39}], 0x1)
writev(r7, &(0x7f00000001c0)=[{&(0x7f0000000400)="390000001300034700bb5be1c3e4feff06000000010000004500000025000000190004000400ad000200000000000006040000000000f93132", 0x39}], 0x1)

193.970101ms ago: executing program 0 (id=621):
rt_sigaction(0xd, &(0x7f0000000180)={0x0, 0xdc000006, 0x0, {[0x1]}}, 0x0, 0x0, 0x0)
rt_sigaction(0xd, &(0x7f0000000180)={&(0x7f0000000000)="ca00d1c441ef196ec866400fe2de0fae4e0afaf2466ff00fc01ec422e10399c5c1202063df", 0x44000004, 0x0, {[0x2]}}, 0x0, 0x8, &(0x7f0000000140))
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='blkio.bfq.group_wait_time\x00', 0x275a, 0x0)
write$UHID_CREATE2(r1, &(0x7f0000000340)=ANY=[@ANYRES32, @ANYRES8, @ANYRES8=r1, @ANYRES64=r0], 0x118)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x88fd537e5c114b6e, 0x11, r1, 0x0)
ioctl$KVM_X86_SETUP_MCE(r1, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f25, 0x4})
sendmmsg$inet6(r0, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4)
r2 = socket$inet_tcp(0x2, 0x1, 0x0)
sendto$inet(r2, 0x0, 0x0, 0x805, 0x0, 0x0)
r3 = socket$inet6_tcp(0xa, 0x1, 0x0)
r4 = socket$inet6_tcp(0xa, 0x1, 0x0)
sendmmsg$inet6(r4, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0)
write(r3, 0x0, 0x0)
sendto$inet(r2, 0x0, 0x0, 0x80, 0x0, 0x0)
r5 = socket$inet6_tcp(0xa, 0x1, 0x0)
sendmmsg$inet6(r5, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4)
r6 = socket$inet6_tcp(0xa, 0x1, 0x0)
sendmmsg$inet6(r6, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4)
r7 = socket$inet6_tcp(0xa, 0x1, 0x0)
syz_open_procfs(0x0, &(0x7f0000000000)='fd/3\x00')
ioctl$KVM_X86_SETUP_MCE(0xffffffffffffffff, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f26, 0x4})
sendmmsg$inet6(r7, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xf, 0x4008032, 0xffffffffffffffff, 0x0)

125.784527ms ago: executing program 1 (id=622):
rt_sigaction(0xd, &(0x7f0000000180)={&(0x7f0000000000)="ca00d1c441ef196ec866400fe2de0fae4e0afaf2466ff00fc01ec422e10399c5c1202063df", 0x44000004, 0x0, {[0x2]}}, 0x0, 0x8, &(0x7f0000000140))
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='blkio.bfq.group_wait_time\x00', 0x275a, 0x0)
write$UHID_CREATE2(r1, &(0x7f0000000340)=ANY=[@ANYRES32, @ANYRES8, @ANYRES8=r1, @ANYRES64=r0], 0x118)
r2 = socket$inet6_tcp(0xa, 0x1, 0x0)
r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='blkio.bfq.group_wait_time\x00', 0x275a, 0x0)
write$UHID_CREATE2(r3, &(0x7f0000000340)=ANY=[], 0x118)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x88fd537e5c114b6e, 0x11, r3, 0x0)
r4 = socket$inet6_tcp(0xa, 0x1, 0x0)
ioctl$KVM_X86_SETUP_MCE(0xffffffffffffffff, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f26, 0x4})
sendmmsg$inet6(r4, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0)
write(r2, 0x0, 0x0)
ioctl$KVM_X86_SETUP_MCE(0xffffffffffffffff, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f27, 0x4})
r5 = socket$inet6_tcp(0xa, 0x1, 0x0)
sendmmsg$inet6(r5, &(0x7f0000000500)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4)
r6 = socket$inet6_tcp(0xa, 0x1, 0x0)
ioctl$KVM_X86_SETUP_MCE(0xffffffffffffffff, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f25, 0x4})
sendmmsg$inet6(r6, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4)
sendmmsg$inet6(r0, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4)
r7 = socket$inet6_tcp(0xa, 0x1, 0x0)
sendmmsg$inet6(r7, &(0x7f0000000600)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0)
r8 = socket$inet6_tcp(0xa, 0x1, 0x0)
sendmmsg$inet6(r8, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4)
mount$fuseblk(0x0, &(0x7f0000000100)='./cgroup\x00', &(0x7f0000000140), 0x3818000, &(0x7f00000001c0)=ANY=[])

125.415938ms ago: executing program 4 (id=623):
setsockopt$inet_int(0xffffffffffffffff, 0x0, 0x17, &(0x7f0000000300)=0x2, 0x4)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x7, 0x20000008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x1, &(0x7f0000000200)=0x7)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f0000000180)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4)
r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0xb, &(0x7f0000000380)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020000000000000000000007b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000300)='rcu_utilization\x00', r3}, 0x10)
mkdir(&(0x7f0000000540)='./file0\x00', 0x108)
mount$cgroup(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000040), 0x0, 0x0)
r4 = openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
sendfile(r4, 0xffffffffffffffff, 0x0, 0x4)
r5 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0)
ioctl$TIOCSETD(r5, 0x5423, &(0x7f00000000c0)=0xe)
ioctl$TIOCGPGRP(r5, 0x5437, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
pipe(0x0)
socket$nl_rdma(0x10, 0x3, 0x14)
socket$inet6_tcp(0xa, 0x1, 0x0)

0s ago: executing program 1 (id=624):
r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
setsockopt$MRT_INIT(0xffffffffffffffff, 0x0, 0xc8, 0x0, 0x0)
setsockopt$MRT_ADD_VIF(0xffffffffffffffff, 0x0, 0xca, 0x0, 0x0)
socket$inet_icmp_raw(0x2, 0x3, 0x1)
socket$nl_rdma(0x10, 0x3, 0x14)
pipe2$watch_queue(0x0, 0x80)
prlimit64(0x0, 0xe, &(0x7f00000004c0)={0x7, 0x800000000000008a}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x2)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
mkdir(&(0x7f0000000400)='./file0\x00', 0x0)
mkdir(&(0x7f0000000300)='./bus\x00', 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8)
r2 = syz_open_procfs(0x0, &(0x7f0000000100)='net/ip_vs\x00')
preadv(r2, &(0x7f0000000000)=[{&(0x7f0000000140)=""/181, 0xb5}], 0x1, 0x6, 0x1)
getgroups(0x7, &(0x7f0000002bc0)=[0xee00, 0x0, 0xffffffffffffffff, 0xee01, 0xee00, 0x0, 0xee00])
getresgid(&(0x7f0000003080), &(0x7f00000030c0), &(0x7f0000003100))
r3 = syz_open_procfs(0x0, &(0x7f0000002400)='net/netstat\x00')
read$FUSE(r3, &(0x7f0000002500)={0x2020}, 0x2020)
r4 = socket$inet_udp(0x2, 0x2, 0x0)
ioctl$sock_inet_SIOCADDRT(r4, 0x890b, &(0x7f0000000380)={0x0, {0x2, 0x10, @remote}, {0x2, 0x4e22, @remote}, {0x2, 0x0, @empty}, 0x7c, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x26})
sendmsg$NL802154_CMD_DEL_SEC_KEY(r0, &(0x7f0000008c40)={0x0, 0x0, &(0x7f0000008c00)={&(0x7f0000000000)=ANY=[@ANYBLOB='L\x00\x00', @ANYRES16, @ANYBLOB="13742bbd700002dcdf251800000008000300", @ANYRES32, @ANYBLOB="300030802c000180200003800c0e04007786979e7204660d060001000300000008000200030000000800010000000000"], 0x4c}, 0x1, 0x0, 0x0, 0x4000}, 0x20)

kernel console output (not intermixed with test programs):

e_1: link becomes ready
[   80.276884][   T11] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[   80.284889][   T11] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[   80.293259][   T11] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[   80.333945][ T4267] 8021q: adding VLAN 0 to HW filter on device team0
[   80.359587][   T46] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[   80.369948][   T46] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[   80.379979][   T46] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[   80.389571][   T46] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[   80.402195][   T46] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[   80.413882][   T46] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[   80.421962][ T4284] Bluetooth: hci4: command 0x041b tx timeout
[   80.430791][   T46] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[   80.436140][ T4286] Bluetooth: hci1: command 0x041b tx timeout
[   80.441995][   T46] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[   80.445352][ T4284] Bluetooth: hci3: command 0x041b tx timeout
[   80.452485][ T4287] Bluetooth: hci2: command 0x041b tx timeout
[   80.458388][ T4284] Bluetooth: hci0: command 0x041b tx timeout
[   80.473070][   T46] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[   80.482626][   T46] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[   80.491560][   T46] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[   80.501200][   T46] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[   80.510451][   T46] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[   80.519066][   T46] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[   80.527783][   T46] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[   80.536457][   T46] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[   80.558375][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[   80.567576][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[   80.596497][ T4273] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[   80.613724][ T4269] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[   80.632118][ T4269] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[   80.645650][   T11] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[   80.656296][   T11] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[   80.674085][   T11] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[   80.686977][   T11] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[   80.698050][   T11] bridge0: port 1(bridge_slave_0) entered blocking state
[   80.705290][   T11] bridge0: port 1(bridge_slave_0) entered forwarding state
[   80.720415][   T11] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[   80.734147][   T11] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[   80.761212][   T11] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[   80.781822][   T11] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[   80.801589][ T4278] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[   80.845747][   T11] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[   80.861059][   T11] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[   80.874459][   T11] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[   80.883255][   T11] bridge0: port 2(bridge_slave_1) entered blocking state
[   80.890438][   T11] bridge0: port 2(bridge_slave_1) entered forwarding state
[   80.898545][   T11] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[   80.939869][   T56] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[   80.955762][   T56] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[   80.988946][   T56] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[   81.010811][   T56] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[   81.055374][ T4280] 8021q: adding VLAN 0 to HW filter on device batadv0
[   81.086361][   T56] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready
[   81.100118][   T56] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready
[   81.107700][   T56] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[   81.118434][   T56] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[   81.135753][ T4267] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network
[   81.154278][ T4267] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[   81.180126][   T56] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[   81.188806][   T56] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[   81.206868][   T56] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[   81.217266][   T56] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[   81.228317][   T56] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[   81.249589][ T4368] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready
[   81.270150][ T4368] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[   81.314370][ T4368] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready
[   81.340683][ T4368] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[   81.372206][ T4368] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[   81.395887][ T4368] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[   81.424769][ T4280] device veth0_vlan entered promiscuous mode
[   81.465060][   T56] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready
[   81.473220][   T56] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready
[   81.521157][ T4273] 8021q: adding VLAN 0 to HW filter on device batadv0
[   81.531398][ T4280] device veth1_vlan entered promiscuous mode
[   81.616795][   T56] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready
[   81.632331][   T56] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready
[   81.645571][   T56] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready
[   81.656585][   T56] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[   81.712542][ T4273] device veth0_vlan entered promiscuous mode
[   81.741191][ T4280] device veth0_macvtap entered promiscuous mode
[   81.755771][   T56] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready
[   81.771940][   T56] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[   81.790818][   T56] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready
[   81.804678][   T56] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[   81.815161][   T56] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready
[   81.827859][   T56] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready
[   81.843353][ T4273] device veth1_vlan entered promiscuous mode
[   81.861440][ T4269] 8021q: adding VLAN 0 to HW filter on device batadv0
[   81.875240][   T56] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[   81.883916][   T56] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[   81.898006][   T56] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready
[   81.907862][   T56] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready
[   81.923467][   T56] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready
[   81.934034][   T56] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready
[   81.952749][ T4278] 8021q: adding VLAN 0 to HW filter on device batadv0
[   81.991695][ T4280] device veth1_macvtap entered promiscuous mode
[   82.020134][   T56] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready
[   82.028928][   T56] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[   82.055018][ T4280] batman_adv: batadv0: Interface activated: batadv_slave_0
[   82.079431][ T4361] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready
[   82.088277][ T4361] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[   82.107052][ T4280] batman_adv: batadv0: Interface activated: batadv_slave_1
[   82.124046][ T4269] device veth0_vlan entered promiscuous mode
[   82.139776][ T4361] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready
[   82.150162][ T4361] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[   82.159022][ T4361] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
[   82.169665][ T4361] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[   82.178590][ T4361] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready
[   82.191226][ T4361] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[   82.200424][ T4361] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready
[   82.207931][ T4361] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready
[   82.224844][ T4361] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[   82.235883][ T4361] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[   82.253036][ T4280] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   82.268405][ T4280] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   82.277775][ T4280] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   82.293239][ T4280] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   82.314133][ T4269] device veth1_vlan entered promiscuous mode
[   82.336275][ T4273] device veth0_macvtap entered promiscuous mode
[   82.360109][ T4267] 8021q: adding VLAN 0 to HW filter on device batadv0
[   82.374805][ T4278] device veth0_vlan entered promiscuous mode
[   82.414726][   T11] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready
[   82.430216][   T11] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready
[   82.455423][   T11] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready
[   82.475051][   T11] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[   82.494924][   T11] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready
[   82.502769][ T4284] Bluetooth: hci2: command 0x040f tx timeout
[   82.502808][ T4284] Bluetooth: hci3: command 0x040f tx timeout
[   82.509966][ T4284] Bluetooth: hci0: command 0x040f tx timeout
[   82.515373][ T4287] Bluetooth: hci1: command 0x040f tx timeout
[   82.521240][ T4286] Bluetooth: hci4: command 0x040f tx timeout
[   82.563872][   T11] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[   82.575213][ T4273] device veth1_macvtap entered promiscuous mode
[   82.590010][ T4278] device veth1_vlan entered promiscuous mode
[   82.626209][   T11] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready
[   82.648161][   T11] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready
[   82.677315][   T11] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[   82.692842][   T11] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[   82.704509][   T11] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready
[   82.752528][ T4273] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[   82.765400][ T4273] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   82.777537][ T4273] batman_adv: batadv0: Interface activated: batadv_slave_0
[   82.804095][   T11] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready
[   82.814035][   T11] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready
[   82.823382][   T11] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[   82.832016][   T11] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready
[   82.841274][   T11] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[   82.853476][ T4269] device veth0_macvtap entered promiscuous mode
[   82.894436][ T4278] device veth0_macvtap entered promiscuous mode
[   82.913702][ T4273] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[   82.925310][ T4273] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   82.937134][ T4273] batman_adv: batadv0: Interface activated: batadv_slave_1
[   82.945081][   T11] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready
[   82.959826][   T11] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready
[   82.968852][   T11] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[   82.987119][   T11] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
[   82.997827][   T11] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[   83.013362][   T11] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready
[   83.035723][ T4269] device veth1_macvtap entered promiscuous mode
[   83.046550][ T4273] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   83.056918][   T11] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   83.059909][ T4273] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   83.077652][   T11] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   83.082884][ T4273] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   83.094903][ T4273] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   83.125354][ T4278] device veth1_macvtap entered promiscuous mode
[   83.145077][   T46] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready
[   83.192486][ T4269] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[   83.205214][ T4269] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   83.215581][ T4269] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[   83.228252][ T4269] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   83.240412][ T4269] batman_adv: batadv0: Interface activated: batadv_slave_0
[   83.256427][ T4269] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[   83.267155][ T4269] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   83.278253][ T4269] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[   83.288888][ T4269] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   83.302088][ T4269] batman_adv: batadv0: Interface activated: batadv_slave_1
[   83.318813][   T46] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready
[   83.332633][   T46] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[   83.345343][   T46] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready
[   83.355460][   T46] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[   83.364837][   T46] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
[   83.374398][   T46] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[   83.391015][ T4269] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   83.400916][ T4269] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   83.401456][   T46] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   83.410169][ T4269] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   83.423627][   T46] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   83.428250][ T4269] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   83.467924][ T4278] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[   83.478888][ T4278] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   83.489212][ T4278] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[   83.500614][ T4278] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   83.510934][ T4278] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[   83.522171][ T4278] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   83.534391][ T4278] batman_adv: batadv0: Interface activated: batadv_slave_0
[   83.544600][   T32] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready
[   83.553207][   T32] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready
[   83.562288][   T32] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[   83.622170][ T4278] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[   83.634578][   T46] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   83.646696][ T4278] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   83.651642][   T46] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   83.656871][ T4278] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[   83.674869][ T4278] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   83.684794][ T4278] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[   83.695371][ T4278] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   83.708753][ T4278] batman_adv: batadv0: Interface activated: batadv_slave_1
[   83.725207][ T4361] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready
[   83.734388][ T4361] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready
[   83.748653][ T4361] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[   83.758178][ T4361] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
[   83.767219][ T4361] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[   83.776254][ T4267] device veth0_vlan entered promiscuous mode
[   83.787074][   T46] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   83.794465][ T4267] device veth1_vlan entered promiscuous mode
[   83.804850][   T46] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   83.816097][ T4278] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   83.826313][ T4278] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   83.835801][ T4278] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   83.844698][ T4278] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   83.855427][ T4361] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[   83.866064][ T4361] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[   83.876451][ T4361] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready
[   83.887788][ T4361] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready
[   83.983502][   T46] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready
[   84.047232][ T4361] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   84.076864][ T4361] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   84.091443][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready
[   84.126200][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[   84.143056][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready
[   84.216395][ T4267] device veth0_macvtap entered promiscuous mode
[   84.234084][ T4267] device veth1_macvtap entered promiscuous mode
[   84.656776][ T4286] Bluetooth: hci0: command 0x0419 tx timeout
[   84.663564][ T4284] Bluetooth: hci4: command 0x0419 tx timeout
[   84.671322][ T4284] Bluetooth: hci3: command 0x0419 tx timeout
[   84.671854][ T4286] Bluetooth: hci2: command 0x0419 tx timeout
[   84.749314][ T4287] Bluetooth: hci1: command 0x0419 tx timeout
[   85.166330][   T46] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready
[   85.194966][   T46] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready
[   85.217828][ T4267] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[   85.235846][ T4267] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   85.247072][ T4267] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[   85.264387][ T4267] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   85.276223][ T4267] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[   85.287262][ T4267] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   85.297499][ T4267] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[   85.309348][ T4267] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   85.321406][ T4267] batman_adv: batadv0: Interface activated: batadv_slave_0
[   85.332534][   T46] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   85.350301][   T11] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready
[   85.370084][   T11] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[   85.378767][   T46] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   85.403538][   T11] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready
[   85.581143][ T4267] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[   85.591764][ T4267] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   85.602112][ T4267] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[   85.612780][ T4267] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   85.622704][ T4267] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[   85.633365][ T4267] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   85.643308][ T4267] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[   85.654053][ T4267] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   85.676395][ T4267] batman_adv: batadv0: Interface activated: batadv_slave_1
[   86.387465][ T4368] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   86.411066][   T11] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
[   86.419574][   T56] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   86.427641][   T56] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   86.428505][   T11] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[   86.456297][ T4368] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   86.473725][ T4267] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   86.488976][ T4267] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   86.498334][ T4267] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   86.508963][ T4267] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   86.672999][   T41] cfg80211: failed to load regulatory.db
[   86.687271][   T11] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready
[   86.703359][   T11] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready
[   87.565420][ T4413] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   87.577611][ T4413] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   87.594734][   T11] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready
[   87.687200][ T4413] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   87.728828][ T4413] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   87.786928][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready
[   87.934308][ T4426] capability: warning: `syz.0.12' uses deprecated v2 capabilities in a way that may be insecure
[   89.198971][ T4445] loop2: detected capacity change from 0 to 1024
[   90.805214][ T4450] netlink: 20 bytes leftover after parsing attributes in process `syz.0.16'.
[   91.504396][ T4456] L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/l1tf.html for details.
[   92.143035][ T4467] loop1: detected capacity change from 0 to 2048
[   92.265958][   T32] hfsplus: b-tree write err: -5, ino 4
[   92.750482][ T4482] NILFS (loop1): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
[   92.905440][ T4388] libceph: connect (1)[c::]:6789 error -101
[   93.133231][ T4388] libceph: mon0 (1)[c::]:6789 connect error
[   93.402469][ T4388] libceph: connect (1)[c::]:6789 error -101
[   93.407780][ T4471] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready
[   93.408975][ T4388] libceph: mon0 (1)[c::]:6789 connect error
[   93.415872][ T4471] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready
[   93.433851][ T4471] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready
[   93.442300][ T4471] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready
[   93.449973][ T4471] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready
[   93.457405][ T4471] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready
[   93.523271][ T4492] fuseblk: Bad value for 'fd'
[   93.587311][ T4477] ceph: No mds server is up or the cluster is laggy
[   94.929452][    T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!!
[   94.937988][    T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!!
[   94.946327][    T0] NOHZ tick-stop error: local softirq work is pending, handler #202!!!
[   94.954711][    T0] NOHZ tick-stop error: local softirq work is pending, handler #202!!!
[   94.963068][    T0] NOHZ tick-stop error: local softirq work is pending, handler #202!!!
[   94.971391][    T0] NOHZ tick-stop error: local softirq work is pending, handler #202!!!
[   94.986526][    T0] NOHZ tick-stop error: local softirq work is pending, handler #248!!!
[   94.996724][    T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!!
[   95.005096][    T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!!
[   95.013454][    T0] NOHZ tick-stop error: local softirq work is pending, handler #202!!!
[   96.127503][ T4496] loop2: detected capacity change from 0 to 4096
[   98.909962][ T4482] NILFS (loop1): vblocknr = 23 has abnormal lifetime: start cno (= 4294967298) > current cno (= 3)
[   98.973167][ T4482] NILFS error (device loop1): nilfs_bmap_propagate: broken bmap (inode number=4)
[   98.989120][    C0] sched: RT throttling activated
[   99.080317][ T4482] Remounting filesystem read-only
[  100.703265][ T4522] loop0: detected capacity change from 0 to 32768
[  100.723449][ T4522] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop0 scanned by syz.0.30 (4522)
[  100.744027][ T4521] loop2: detected capacity change from 0 to 164
[  100.751805][ T4522] BTRFS info (device loop0): first mount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d
[  100.763487][ T4522] BTRFS info (device loop0): using sha256 (sha256-avx2) checksum algorithm
[  100.772263][ T4522] BTRFS info (device loop0): using free space tree
[  100.852958][ T4269] NILFS (loop1): disposed unprocessed dirty file(s) when stopping log writer
[  102.629363][ T4522] BTRFS info (device loop0): enabling ssd optimizations
[  103.795777][ T4565] x_tables: ip6_tables: TCPOPTSTRIP target: only valid in mangle table, not raw
[  103.836924][ T4273] BTRFS info (device loop0): last unmount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d
[  104.691826][ T4572] tty tty4: ldisc open failed (-12), clearing slot 3
[  107.351095][ T4401] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 9 /dev/loop0 scanned by udevd (4401)
[  108.451478][ T4284] Bluetooth: hci3: Controller not accepting commands anymore: ncmd = 0
[  108.461557][ T4284] Bluetooth: hci3: Injecting HCI hardware error event
[  108.489837][ T4287] Bluetooth: hci3: hardware error 0x00
[  110.866676][ T4287] Bluetooth: hci3: Opcode 0x0c03 failed: -110
[  114.955685][ T4659] Zero length message leads to an empty skb
[  115.987691][ T4666] hub 9-0:1.0: USB hub found
[  116.005340][ T4666] hub 9-0:1.0: 1 port detected
[  116.442082][ T4287] Bluetooth: hci0: unexpected cc 0x2039 length: 9 > 1
[  117.671304][ T4685] Invalid ELF header type: 3 != 1
[  120.454713][ T4698] loop2: detected capacity change from 0 to 4096
[  120.478494][ T4703] NILFS (loop2): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
[  120.509609][ T4287] Bluetooth: hci0: Controller not accepting commands anymore: ncmd = 0
[  120.518197][ T4287] Bluetooth: hci0: Injecting HCI hardware error event
[  120.549826][ T4284] Bluetooth: hci0: hardware error 0x00
[  120.616074][ T4701] binder: 4690:4701 ioctl 0 200000000040 returned -22
[  122.011261][ T4698] syz.2.74 (4698) used greatest stack depth: 19848 bytes left
[  122.739258][ T4284] Bluetooth: hci0: Opcode 0x0c03 failed: -110
[  122.768804][ T4720] =======================================================
[  122.768804][ T4720] WARNING: The mand mount option has been deprecated and
[  122.768804][ T4720]          and is ignored by this kernel. Remove the mand
[  122.768804][ T4720]          option from the mount to silence this warning.
[  122.768804][ T4720] =======================================================
[  122.807375][ T4720] 9pnet_fd: p9_fd_create_tcp (4720): problem connecting socket to 127.0.0.1
[  123.129356][   T22] usb 2-1: new high-speed USB device number 2 using dummy_hcd
[  123.172912][ T4728] loop4: detected capacity change from 0 to 256
[  123.319219][   T22] usb 2-1: Using ep0 maxpacket: 8
[  123.334211][   T22] usb 2-1: config 179 has an invalid interface number: 65 but max is 0
[  123.334303][   T22] usb 2-1: config 179 has no interface number 0
[  123.334338][   T22] usb 2-1: config 179 interface 65 altsetting 0 endpoint 0xF has an invalid bInterval 0, changing to 7
[  123.334365][   T22] usb 2-1: config 179 interface 65 altsetting 0 endpoint 0xF has invalid maxpacket 1025, setting to 1024
[  123.334391][   T22] usb 2-1: config 179 interface 65 altsetting 0 has an invalid endpoint with address 0x0, skipping
[  123.334414][   T22] usb 2-1: config 179 interface 65 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 23
[  123.334463][   T22] usb 2-1: New USB device found, idVendor=12ab, idProduct=90a3, bcdDevice=1e.eb
[  123.334485][   T22] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  123.341117][   T26] audit: type=1800 audit(1763334013.644:2): pid=4719 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.4.75" name="file1" dev="loop4" ino=1048601 res=0 errno=0
[  123.358770][ T4723] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22
[  124.197353][ T4747] netlink: 20 bytes leftover after parsing attributes in process `syz.3.83'.
[  124.206580][ T4747] netlink: 8 bytes leftover after parsing attributes in process `syz.3.83'.
[  125.072499][   T22] usb 2-1: USB disconnect, device number 2
[  125.441948][ T4757] loop4: detected capacity change from 0 to 128
[  126.982792][   T26] audit: type=1400 audit(1763334017.284:3): apparmor="DENIED" operation="change_onexec" info="label not found" error=-22 profile="unconfined" name="&" pid=4761 comm="syz.0.89"
[  129.608837][ T4797] SET target dimension over the limit!
[  133.274718][ T1276] ieee802154 phy0 wpan0: encryption failed: -22
[  133.296080][ T1276] ieee802154 phy1 wpan1: encryption failed: -22
[  135.039576][ T4840] device sit0 entered promiscuous mode
[  135.113537][ T4840] netlink: 'syz.0.104': attribute type 1 has an invalid length.
[  135.159164][ T4840] netlink: 1 bytes leftover after parsing attributes in process `syz.0.104'.
[  135.574050][ T4847] loop2: detected capacity change from 0 to 40427
[  135.968876][ T4847] F2FS-fs (loop2): build fault injection attr: rate: 690, type: 0x3ffff
[  135.978922][ T4847] F2FS-fs (loop2): build fault injection attr: rate: 0, type: 0x4
[  136.007787][ T4847] F2FS-fs (loop2): invalid crc value
[  136.079249][ T4847] F2FS-fs (loop2): Found nat_bits in checkpoint
[  136.156412][ T4847] F2FS-fs (loop2): Start checkpoint disabled!
[  136.230115][ T4847] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e6
[  138.798553][ T4866] Bluetooth: MGMT ver 1.22
[  140.762887][ T4880] loop2: detected capacity change from 0 to 512
[  142.707265][ T4902] loop4: detected capacity change from 0 to 256
[  142.767202][ T4902] netlink: 56 bytes leftover after parsing attributes in process `syz.4.118'.
[  143.615224][ T4907] loop4: detected capacity change from 0 to 128
[  143.652917][ T4907] FAT-fs (loop4): utf8 is not a recommended IO charset for FAT filesystems, filesystem will be case sensitive!
[  143.684626][ T4899] loop5: detected capacity change from 0 to 7
[  143.701130][ T4287] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1
[  143.710907][ T4287] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9
[  143.748231][ T4899] Dev loop5: unable to read RDB block 7
[  143.757474][ T4287] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9
[  143.768643][ T4907] FAT-fs (loop4): Invalid FSINFO signature: 0x41615252, 0x80417272 (sector = 1)
[  143.781495][ T4287] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4
[  143.789471][ T4287] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3
[  143.796766][ T4287] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2
[  143.797935][ T4899]  loop5: unable to read partition table
[  143.843726][ T4899] loop5: partition table beyond EOD, truncated
[  143.859213][ T4899] loop_reread_partitions: partition scan of loop5 (��) failed (rc=-5)
[  143.982432][ T4915] fuseblk: Unknown parameter '0xffffffffffffffff'
[  144.438890][ T4924] binder: 4923:4924 ioctl 400c620e 200000000040 returned -22
[  144.452655][ T4413] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  145.855956][ T4413] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  145.866877][ T4284] Bluetooth: hci3: command 0x0409 tx timeout
[  146.817247][ T4413] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  146.840188][ T4940] hugetlbfs: syz.4.129 (4940): Using mlock ulimits for SHM_HUGETLB is obsolete
[  147.102750][ T4413] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  147.343025][ T4910] chnl_net:caif_netlink_parms(): no params data found
[  147.355006][ T4953] loop4: detected capacity change from 0 to 512
[  147.534432][ T4958] syz.1.134 sent an empty control message without MSG_MORE.
[  147.786786][ T4953] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: none.
[  147.949950][ T4284] Bluetooth: hci3: command 0x041b tx timeout
[  148.296612][ T4910] bridge0: port 1(bridge_slave_0) entered blocking state
[  148.320433][ T4910] bridge0: port 1(bridge_slave_0) entered disabled state
[  148.538449][ T4910] device bridge_slave_0 entered promiscuous mode
[  149.355470][   T26] audit: type=1326 audit(1763334039.644:4): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4949 comm="syz.4.133" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f072bf8f6c9 code=0x7ffc0000
[  149.377765][   T26] audit: type=1326 audit(1763334039.654:5): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4949 comm="syz.4.133" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f072bf8f6c9 code=0x7ffc0000
[  149.461098][   T26] audit: type=1326 audit(1763334039.714:6): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4949 comm="syz.4.133" exe="/root/syz-executor" sig=0 arch=c000003e syscall=213 compat=0 ip=0x7f072bf8f6c9 code=0x7ffc0000
[  149.872974][   T26] audit: type=1326 audit(1763334039.724:7): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4949 comm="syz.4.133" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f072bf8f6c9 code=0x7ffc0000
[  149.981081][ T4910] bridge0: port 2(bridge_slave_1) entered blocking state
[  149.988237][ T4910] bridge0: port 2(bridge_slave_1) entered disabled state
[  150.019872][ T4286] Bluetooth: hci3: command 0x040f tx timeout
[  150.061047][ T4910] device bridge_slave_1 entered promiscuous mode
[  150.176284][   T26] audit: type=1326 audit(1763334039.734:8): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4949 comm="syz.4.133" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f072bf8f6c9 code=0x7ffc0000
[  150.214232][   T26] audit: type=1326 audit(1763334039.734:9): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4949 comm="syz.4.133" exe="/root/syz-executor" sig=0 arch=c000003e syscall=319 compat=0 ip=0x7f072bf8f6c9 code=0x7ffc0000
[  150.263280][ T4267] EXT4-fs (loop4): unmounting filesystem.
[  150.278146][   T26] audit: type=1326 audit(1763334039.734:10): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4949 comm="syz.4.133" exe="/root/syz-executor" sig=0 arch=c000003e syscall=9 compat=0 ip=0x7f072bf8f703 code=0x7ffc0000
[  150.411619][ T4910] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  150.592595][   T26] audit: type=1326 audit(1763334039.734:11): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4949 comm="syz.4.133" exe="/root/syz-executor" sig=0 arch=c000003e syscall=1 compat=0 ip=0x7f072bf8e17f code=0x7ffc0000
[  150.759328][   T26] audit: type=1326 audit(1763334039.734:12): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4949 comm="syz.4.133" exe="/root/syz-executor" sig=0 arch=c000003e syscall=11 compat=0 ip=0x7f072bf8f757 code=0x7ffc0000
[  150.760793][ T4910] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  150.790009][   T26] audit: type=1326 audit(1763334040.104:13): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4949 comm="syz.4.133" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7f072bf8df10 code=0x7ffc0000
[  151.164913][ T4982] netlink: 4 bytes leftover after parsing attributes in process `syz.2.139'.
[  151.271098][ T4983] loop4: detected capacity change from 0 to 64
[  151.282093][ T4976] loop1: detected capacity change from 0 to 512
[  151.463850][ T4976] EXT4-fs: Quota format mount options ignored when QUOTA feature is enabled
[  151.743071][ T4976] [EXT4 FS bs=4096, gc=1, bpg=32768, ipg=32, mo=a842c018, mo2=00c2]
[  151.761381][ T4976] System zones: 0-2, 18-18, 34-34
[  151.767344][ T4976] EXT4-fs (loop1): orphan cleanup on readonly fs
[  151.944134][ T4976] EXT4-fs error (device loop1): ext4_quota_enable:7017: inode #15: comm syz.1.137: iget: bad i_size value: 360287970189639690
[  151.970192][ T4910] team0: Port device team_slave_0 added
[  151.978278][ T4910] team0: Port device team_slave_1 added
[  151.991146][ T4976] EXT4-fs error (device loop1): ext4_quota_enable:7020: comm syz.1.137: Bad quota inode: 15, type: 2
[  152.109395][ T4286] Bluetooth: hci3: command 0x0419 tx timeout
[  152.213733][ T4976] EXT4-fs warning (device loop1): ext4_enable_quotas:7061: Failed to enable quota tracking (type=2, err=-117, ino=15). Please run e2fsck to fix.
[  152.236371][ T4976] EXT4-fs (loop1): Cannot turn on quotas: error -117
[  152.803258][ T4976] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: writeback.
[  152.959161][ T4910] batman_adv: batadv0: Adding interface: batadv_slave_0
[  152.981016][ T4910] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  153.061290][ T4910] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  153.141981][ T4269] EXT4-fs (loop1): unmounting filesystem.
[  153.180439][ T4910] batman_adv: batadv0: Adding interface: batadv_slave_1
[  153.199369][ T4910] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  153.279904][ T5002] loop2: detected capacity change from 0 to 1024
[  153.286258][ T4910] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  153.960722][ T5013] loop4: detected capacity change from 0 to 128
[  153.969885][ T5013] hpfs: bad mount options.
[  155.345861][ T4549] I/O error, dev loop4, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2
[  155.356856][ T4474] hfsplus: b-tree write err: -5, ino 4
[  155.433391][ T5015] netlink: 8 bytes leftover after parsing attributes in process `syz.1.143'.
[  155.442430][ T5015] netlink: 8 bytes leftover after parsing attributes in process `syz.1.143'.
[  155.452162][ T5015] netlink: 8 bytes leftover after parsing attributes in process `syz.1.143'.
[  155.461045][ T5015] netlink: 8 bytes leftover after parsing attributes in process `syz.1.143'.
[  155.469916][ T5015] netlink: 8 bytes leftover after parsing attributes in process `syz.1.143'.
[  155.479727][ T5015] netlink: 8 bytes leftover after parsing attributes in process `syz.1.143'.
[  155.488593][ T5015] netlink: 8 bytes leftover after parsing attributes in process `syz.1.143'.
[  155.498418][ T5015] netlink: 8 bytes leftover after parsing attributes in process `syz.1.143'.
[  155.507287][ T5015] netlink: 8 bytes leftover after parsing attributes in process `syz.1.143'.
[  155.955591][ T4910] device hsr_slave_0 entered promiscuous mode
[  156.008757][ T4910] device hsr_slave_1 entered promiscuous mode
[  156.037478][ T4910] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  156.060154][ T4910] Cannot create hsr debugfs directory
[  156.327439][ T5025] loop1: detected capacity change from 0 to 32768
[  156.474665][ T5025] XFS (loop1): Mounting V5 Filesystem
[  156.622516][ T5025] XFS (loop1): Ending clean mount
[  157.514888][ T4269] XFS (loop1): Unmounting Filesystem
[  159.165916][ T5051] process 'syz.2.146' launched './file0' with NULL argv: empty string added
[  159.386559][ T4413] device hsr_slave_0 left promiscuous mode
[  159.410515][ T4413] device hsr_slave_1 left promiscuous mode
[  159.620358][ T4413] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  159.627933][ T4413] batman_adv: batadv0: Removing interface: batadv_slave_0
[  159.708130][ T5063] xt_recent: hitcount (16385) is larger than allowed maximum (255)
[  160.474555][ T4413] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  160.508084][ T4413] batman_adv: batadv0: Removing interface: batadv_slave_1
[  160.559742][ T4413] device bridge_slave_1 left promiscuous mode
[  160.636863][ T4413] bridge0: port 2(bridge_slave_1) entered disabled state
[  160.865511][ T4413] device bridge_slave_0 left promiscuous mode
[  160.878774][ T4413] bridge0: port 1(bridge_slave_0) entered disabled state
[  161.791201][ T4413] device veth1_macvtap left promiscuous mode
[  161.812144][ T4413] device veth0_macvtap left promiscuous mode
[  161.818373][ T4413] device veth1_vlan left promiscuous mode
[  161.855386][ T4413] device veth0_vlan left promiscuous mode
[  162.292803][ T5079] delete_channel: no stack
[  164.694965][ T5089] loop4: detected capacity change from 0 to 1024
[  164.908190][   T46] hfsplus: b-tree write err: -5, ino 4
[  165.081871][ T5105] loop2: detected capacity change from 0 to 16
[  165.168105][ T5105] erofs: (device loop2): mounted with root inode @ nid 36.
[  165.275080][ T5107] x_tables: duplicate underflow at hook 1
[  165.957846][ T5108] loop4: detected capacity change from 0 to 1764
[  166.026032][ T5108] isofs_fill_super: get root inode failed
[  167.282228][ T5128] __nla_validate_parse: 45 callbacks suppressed
[  167.282245][ T5128] netlink: 64 bytes leftover after parsing attributes in process `syz.4.167'.
[  167.352023][ T5125] netlink: 68 bytes leftover after parsing attributes in process `syz.0.166'.
[  169.582433][ T4413] team0 (unregistering): Port device team_slave_1 removed
[  169.720028][ T4413] team0 (unregistering): Port device team_slave_0 removed
[  170.082676][ T5151] loop1: detected capacity change from 0 to 128
[  170.457375][ T5151] UDF-fs: error (device loop1): udf_read_tagged: read failed, block=256, location=256
[  170.520705][ T5151] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000)
[  170.614222][ T4413] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  170.845757][ T4413] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  172.936901][ T4413] bond0 (unregistering): Released all slaves
[  173.058771][ T5175] binder: 5173:5175 ioctl 4018620d 0 returned -22
[  174.152364][ T4910] netdevsim netdevsim5 netdevsim0: renamed from eth0
[  174.196699][ T4910] netdevsim netdevsim5 netdevsim1: renamed from eth1
[  174.246232][ T4910] netdevsim netdevsim5 netdevsim2: renamed from eth2
[  174.299840][ T4910] netdevsim netdevsim5 netdevsim3: renamed from eth3
[  174.848633][ T5198] overlayfs: missing 'lowerdir'
[  175.875577][ T5200] overlayfs: "xino" feature enabled using 2 upper inode bits.
[  179.719217][ T4910] 8021q: adding VLAN 0 to HW filter on device bond0
[  180.909206][ T5229] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready
[  180.916720][ T5229] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready
[  180.989617][ T5229] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.
[  181.017365][ T4499] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[  181.030709][ T4499] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[  181.073792][ T4910] 8021q: adding VLAN 0 to HW filter on device team0
[  181.149981][ T4499] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[  181.178854][ T4499] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[  181.217718][ T5236] loop2: detected capacity change from 0 to 512
[  181.257426][ T4499] bridge0: port 1(bridge_slave_0) entered blocking state
[  181.265612][ T4499] bridge0: port 1(bridge_slave_0) entered forwarding state
[  181.464059][ T4499] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[  181.472763][ T4499] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[  181.546295][ T4499] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[  181.555148][ T4499] bridge0: port 2(bridge_slave_1) entered blocking state
[  181.562348][ T4499] bridge0: port 2(bridge_slave_1) entered forwarding state
[  181.568248][ T5247] xt_CT: You must specify a L4 protocol and not use inversions on it
[  181.692883][ T4910] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network
[  181.743332][ T5236] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: writeback.
[  181.763802][ T4910] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[  181.829592][ T5236] ext4 filesystem being mounted at /46/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  181.966805][ T4501] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[  181.996786][ T4501] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[  182.461978][ T4501] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[  182.473500][ T4501] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[  182.711101][ T4501] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[  183.319856][ T4501] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[  183.435148][ T4501] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[  183.450653][ T4501] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[  183.503247][ T4501] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[  183.536992][ T4284] Bluetooth: hci4: Invalid connection link type handle 0x00c9
[  183.597042][ T4501] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[  183.650190][ T4501] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[  183.658872][ T4501] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[  183.768570][ T5270] fuseblk: Unknown parameter 'ro��mode'
[  183.861553][ T4280] EXT4-fs (loop2): unmounting filesystem.
[  184.285971][ T5275] loop4: detected capacity change from 0 to 4096
[  184.366042][ T5281] wlan0 speed is unknown, defaulting to 1000
[  184.373276][ T5281] wlan0 speed is unknown, defaulting to 1000
[  184.382467][ T5281] wlan0 speed is unknown, defaulting to 1000
[  184.394698][ T5281] iwpm_register_pid: Unable to send a nlmsg (client = 2)
[  184.409949][ T5281] infiniband syz0: RDMA CMA: cma_listen_on_dev, error -98
[  184.497062][ T5281] wlan0 speed is unknown, defaulting to 1000
[  184.508791][ T5281] wlan0 speed is unknown, defaulting to 1000
[  184.519599][ T5281] wlan0 speed is unknown, defaulting to 1000
[  184.530400][ T5281] wlan0 speed is unknown, defaulting to 1000
[  184.541338][ T5281] wlan0 speed is unknown, defaulting to 1000
[  184.552110][ T5281] wlan0 speed is unknown, defaulting to 1000
[  185.359815][ T5285] mmap: syz.4.195 (5285) uses deprecated remap_file_pages() syscall. See Documentation/mm/remap_file_pages.rst.
[  186.779482][   T26] kauditd_printk_skb: 8 callbacks suppressed
[  186.779774][   T26] audit: type=1800 audit(1763334076.746:22): pid=5285 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.4.195" name="file1" dev="loop4" ino=33 res=0 errno=0
[  186.991222][ T4501] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready
[  187.007421][ T4501] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready
[  187.056820][ T4910] 8021q: adding VLAN 0 to HW filter on device batadv0
[  189.716336][ T5291] netlink: 16 bytes leftover after parsing attributes in process `syz.4.197'.
[  189.740313][ T5291] device ip6gre0 entered promiscuous mode
[  190.898375][ T5328] delete_channel: no stack
[  191.449591][ T5330] xt_CT: You must specify a L4 protocol and not use inversions on it
[  192.671175][ T5342] loop4: detected capacity change from 0 to 512
[  192.997451][ T5345] wlan0 speed is unknown, defaulting to 1000
[  194.138581][ T5350] fuseblk: Unknown parameter 'ro��mode'
[  194.150214][ T5342] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: writeback.
[  194.189604][ T1276] ieee802154 phy0 wpan0: encryption failed: -22
[  194.196065][ T1276] ieee802154 phy1 wpan1: encryption failed: -22
[  194.219591][ T5342] ext4 filesystem being mounted at /44/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  195.221067][   T56] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready
[  195.251281][   T56] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[  195.907416][   T56] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready
[  196.266903][   T56] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[  196.368426][ T5369] loop0: detected capacity change from 0 to 256
[  196.379982][ T5369] exfat: Deprecated parameter 'namecase'
[  196.426670][ T5369] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0xb5fb52fc, utbl_chksum : 0xe619d30d)
[  197.096462][ T4910] device veth0_vlan entered promiscuous mode
[  197.117719][ T4970] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[  197.133073][ T4970] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[  197.152176][ T4267] EXT4-fs (loop4): unmounting filesystem.
[  197.209886][ T2120] usb 1-1: new full-speed USB device number 2 using dummy_hcd
[  197.257887][ T4910] device veth1_vlan entered promiscuous mode
[  197.435870][ T2120] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  197.446661][ T2120] usb 1-1: config 0 has 0 interfaces, different from the descriptor's value: 1
[  197.572415][ T2120] usb 1-1: New USB device found, idVendor=0c72, idProduct=0012, bcdDevice=22.96
[  197.582464][ T2120] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  197.592521][ T2120] usb 1-1: Product: syz
[  197.596747][ T2120] usb 1-1: Manufacturer: syz
[  197.626858][ T2120] usb 1-1: SerialNumber: syz
[  197.659425][ T2120] usb 1-1: config 0 descriptor??
[  198.079605][ T4970] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready
[  198.094956][ T4970] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[  198.925177][ T4910] device veth0_macvtap entered promiscuous mode
[  199.107161][ T4414] usb 1-1: USB disconnect, device number 2
[  199.121769][ T4910] device veth1_macvtap entered promiscuous mode
[  199.225864][ T4910] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  199.255275][ T4910] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  199.276292][ T4910] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  199.297401][ T4910] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  199.456085][ T4910] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  199.467414][ T4910] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  200.138268][ T4910] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  200.249467][ T4910] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  200.278342][ T4910] batman_adv: batadv0: Interface activated: batadv_slave_0
[  200.287801][ T5392] netdevsim netdevsim1 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0
[  200.309356][ T4970] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready
[  200.390455][ T4970] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[  200.560301][ T5402] loop1: detected capacity change from 0 to 4096
[  200.812254][ T4910] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  200.851815][ T4910] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  201.379955][ T4284] Bluetooth: hci2: command 0x0406 tx timeout
[  201.386356][ T4286] Bluetooth: hci1: command 0x0406 tx timeout
[  201.634082][ T4910] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  201.863925][ T4910] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  202.058702][ T4910] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  202.202084][   T26] audit: type=1800 audit(1763334092.996:23): pid=5406 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.1.218" name="file1" dev="loop1" ino=33 res=0 errno=0
[  202.249278][ T4910] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  202.286727][ T4910] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  202.364140][ T4910] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  202.455231][ T4910] batman_adv: batadv0: Interface activated: batadv_slave_1
[  202.671292][   T11] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
[  202.683940][   T11] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[  203.300704][ T4286] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1
[  203.326899][ T4286] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9
[  203.336477][ T4286] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9
[  203.344577][ T4286] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4
[  203.355946][ T4286] Bluetooth: hci5: unexpected cc 0x0c25 length: 249 > 3
[  203.363588][ T4286] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2
[  203.531070][ T5422] wlan0 speed is unknown, defaulting to 1000
[  203.544567][ T5429] loop0: detected capacity change from 0 to 64
[  203.621338][ T5429] hfs: filesystem was not cleanly unmounted, running fsck.hfs is recommended.  mounting read-only.
[  204.097815][ T5434] loop4: detected capacity change from 0 to 256
[  204.109461][ T5434] exfat: Deprecated parameter 'namecase'
[  204.563416][ T5434] exFAT-fs (loop4): failed to load upcase table (idx : 0x00010000, chksum : 0xb5fb52fc, utbl_chksum : 0xe619d30d)
[  205.119320][  T127] usb 5-1: new full-speed USB device number 2 using dummy_hcd
[  205.731884][ T4287] Bluetooth: hci5: command 0x0409 tx timeout
[  205.921401][  T127] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  205.998176][  T127] usb 5-1: config 0 has 0 interfaces, different from the descriptor's value: 1
[  206.035796][  T127] usb 5-1: New USB device found, idVendor=0c72, idProduct=0012, bcdDevice=22.96
[  206.065579][  T127] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  206.096064][  T127] usb 5-1: Product: syz
[  206.126452][  T127] usb 5-1: Manufacturer: syz
[  206.146718][  T127] usb 5-1: SerialNumber: syz
[  206.163106][ T5449] loop1: detected capacity change from 0 to 4096
[  206.236975][  T127] usb 5-1: config 0 descriptor??
[  206.286976][ T5449] ntfs3: Unknown parameter 'hide_dot_files'
[  206.568281][ T5456] xt_CT: You must specify a L4 protocol and not use inversions on it
[  206.795191][ T5456] netlink: 16 bytes leftover after parsing attributes in process `syz.0.229'.
[  206.806996][ T5457] netlink: 'syz.0.229': attribute type 4 has an invalid length.
[  206.994770][ T5422] chnl_net:caif_netlink_parms(): no params data found
[  207.244945][ T4284] Bluetooth: Unexpected continuation frame (len 10)
[  207.665685][   T22] usb 5-1: USB disconnect, device number 2
[  207.779905][ T4284] Bluetooth: hci5: command 0x041b tx timeout
[  209.062443][ T5422] bridge0: port 1(bridge_slave_0) entered blocking state
[  209.078413][ T5422] bridge0: port 1(bridge_slave_0) entered disabled state
[  209.096908][ T5422] device bridge_slave_0 entered promiscuous mode
[  209.168582][ T5422] bridge0: port 2(bridge_slave_1) entered blocking state
[  209.190726][ T5422] bridge0: port 2(bridge_slave_1) entered disabled state
[  209.200071][ T5422] device bridge_slave_1 entered promiscuous mode
[  209.548179][ T5422] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  209.617031][ T5422] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  209.682266][ T5501] loop0: detected capacity change from 0 to 256
[  209.826599][ T5422] team0: Port device team_slave_0 added
[  209.856411][   T26] audit: type=1800 audit(1763334101.146:24): pid=5501 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.237" name="file1" dev="loop0" ino=1048636 res=0 errno=0
[  209.864450][ T5422] team0: Port device team_slave_1 added
[  209.883847][ T4284] Bluetooth: hci5: command 0x040f tx timeout
[  210.609791][ T5422] batman_adv: batadv0: Adding interface: batadv_slave_0
[  210.662929][ T5422] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  210.766722][ T5422] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  210.780395][ T5422] batman_adv: batadv0: Adding interface: batadv_slave_1
[  210.787460][ T5422] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  210.825704][ T5422] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  211.455280][ T5422] device hsr_slave_0 entered promiscuous mode
[  211.494283][ T5422] device hsr_slave_1 entered promiscuous mode
[  211.595357][ T5529] trusted_key: encrypted_key: keylen parameter is missing
[  211.939092][ T5531] loop1: detected capacity change from 0 to 256
[  211.949546][ T5531] exfat: Deprecated parameter 'namecase'
[  211.957772][ T4284] Bluetooth: hci5: command 0x0419 tx timeout
[  212.106285][ T5531] exFAT-fs (loop1): failed to load upcase table (idx : 0x00010000, chksum : 0xb5fb52fc, utbl_chksum : 0xe619d30d)
[  212.153016][ T5422] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  212.194131][ T5422] Cannot create hsr debugfs directory
[  212.499240][   T22] usb 2-1: new full-speed USB device number 3 using dummy_hcd
[  212.500446][ T5535] netlink: 104 bytes leftover after parsing attributes in process `syz.2.243'.
[  212.520456][ T5537] /dev/loop0: Can't open blockdev
[  213.441622][   T22] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  213.454779][   T22] usb 2-1: config 0 has 0 interfaces, different from the descriptor's value: 1
[  215.688112][   T22] usb 2-1: New USB device found, idVendor=0c72, idProduct=0012, bcdDevice=22.96
[  215.727584][   T22] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  215.761293][   T22] usb 2-1: Product: syz
[  215.810796][   T22] usb 2-1: config 0 descriptor??
[  215.816762][   T22] usb 2-1: can't set config #0, error -71
[  215.839409][   T22] usb 2-1: USB disconnect, device number 3
[  216.368646][ T4361] device hsr_slave_0 left promiscuous mode
[  216.399454][ T4361] device hsr_slave_1 left promiscuous mode
[  217.544243][ T4361] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  217.580276][ T5556] loop2: detected capacity change from 0 to 128
[  217.586723][ T4361] batman_adv: batadv0: Removing interface: batadv_slave_0
[  217.617775][ T4361] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  217.637747][ T4361] batman_adv: batadv0: Removing interface: batadv_slave_1
[  217.650791][ T5556] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: none.
[  217.660231][ T4361] device bridge_slave_1 left promiscuous mode
[  217.667497][ T4361] bridge0: port 2(bridge_slave_1) entered disabled state
[  218.410866][ T5556] ext4 filesystem being mounted at /63/mnt supports timestamps until 2038-01-19 (0x7fffffff)
[  218.434771][ T4361] device bridge_slave_0 left promiscuous mode
[  218.441606][ T4361] bridge0: port 1(bridge_slave_0) entered disabled state
[  219.096239][ T4361] device veth1_macvtap left promiscuous mode
[  219.105771][ T4361] device veth0_macvtap left promiscuous mode
[  219.113173][ T4361] device veth1_vlan left promiscuous mode
[  219.119348][ T4361] device veth0_vlan left promiscuous mode
[  219.137106][ T4280] EXT4-fs (loop2): unmounting filesystem.
[  219.201345][ T5574] binder: 5573:5574 ioctl c0306201 2000000001c0 returned -14
[  219.299570][ T5578] loop2: detected capacity change from 0 to 256
[  219.347105][   T26] audit: type=1800 audit(1763334110.636:25): pid=5578 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.2.256" name="file1" dev="loop2" ino=1048641 res=0 errno=0
[  220.038198][ T4361] team0 (unregistering): Port device team_slave_1 removed
[  220.088321][ T4361] team0 (unregistering): Port device team_slave_0 removed
[  220.134662][ T4361] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  220.182078][ T4361] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  220.625413][ T4361] bond0 (unregistering): Released all slaves
[  220.777737][ T5580] netlink: 20 bytes leftover after parsing attributes in process `syz.0.254'.
[  221.973207][ T5422] netdevsim netdevsim5 netdevsim0: renamed from eth0
[  222.041637][ T5422] netdevsim netdevsim5 netdevsim1: renamed from eth1
[  222.056505][ T5422] netdevsim netdevsim5 netdevsim2: renamed from eth2
[  222.247244][ T5609] loop2: detected capacity change from 0 to 64
[  222.278355][ T5422] netdevsim netdevsim5 netdevsim3: renamed from eth3
[  222.346406][ T5609] hfs: filesystem was not cleanly unmounted, running fsck.hfs is recommended.  mounting read-only.
[  222.471841][   T26] audit: type=1326 audit(1763334113.736:26): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5604 comm="syz.0.271" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb19d58f6c9 code=0x7ffc0000
[  223.052671][   T26] audit: type=1326 audit(1763334113.736:27): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5604 comm="syz.0.271" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb19d58f6c9 code=0x7ffc0000
[  223.088540][   T26] audit: type=1326 audit(1763334113.736:28): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5604 comm="syz.0.271" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7fb19d58f6c9 code=0x7ffc0000
[  223.119139][   T26] audit: type=1326 audit(1763334113.746:29): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5604 comm="syz.0.271" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb19d58f6c9 code=0x7ffc0000
[  223.260257][   T26] audit: type=1326 audit(1763334113.746:30): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5604 comm="syz.0.271" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb19d58f6c9 code=0x7ffc0000
[  223.289343][   T26] audit: type=1326 audit(1763334113.746:31): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5604 comm="syz.0.271" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7fb19d58f6c9 code=0x7ffc0000
[  223.728887][   T26] audit: type=1326 audit(1763334113.746:32): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5604 comm="syz.0.271" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb19d58f6c9 code=0x7ffc0000
[  223.896589][   T26] audit: type=1326 audit(1763334113.746:33): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5604 comm="syz.0.271" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb19d58f6c9 code=0x7ffc0000
[  223.929147][   T26] audit: type=1326 audit(1763334113.756:34): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5604 comm="syz.0.271" exe="/root/syz-executor" sig=0 arch=c000003e syscall=290 compat=0 ip=0x7fb19d58f6c9 code=0x7ffc0000
[  224.035762][ T5422] 8021q: adding VLAN 0 to HW filter on device bond0
[  224.608335][   T56] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[  224.618455][   T56] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[  225.249000][ T5422] 8021q: adding VLAN 0 to HW filter on device team0
[  225.310114][ T5155] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[  225.336150][ T5155] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[  225.396031][ T5155] bridge0: port 1(bridge_slave_0) entered blocking state
[  225.403475][ T5155] bridge0: port 1(bridge_slave_0) entered forwarding state
[  225.448887][ T5640] loop0: detected capacity change from 0 to 1024
[  225.511475][ T5155] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[  225.569709][ T5640] EXT4-fs (loop0): ext4_check_descriptors: Checksum for group 0 failed (62631!=20869)
[  225.590424][ T5155] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[  226.669384][ T5640] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: writeback.
[  226.690134][ T5155] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[  226.715654][ T5650] loop1: detected capacity change from 0 to 1024
[  226.773464][ T5155] bridge0: port 2(bridge_slave_1) entered blocking state
[  226.780801][ T5155] bridge0: port 2(bridge_slave_1) entered forwarding state
[  227.442827][ T4273] EXT4-fs (loop0): unmounting filesystem.
[  227.451588][ T5650] EXT4-fs: Ignoring removed nobh option
[  227.458453][ T5650] EXT4-fs: inline encryption not supported
[  227.544651][ T5649] loop4: detected capacity change from 0 to 8192
[  227.640847][ T5650] ext4: Unknown parameter 'appraise_type'
[  228.015626][ T5649] REISERFS warning:  read_super_block: reiserfs filesystem is deprecated and scheduled to be removed from the kernel in 2025
[  228.029462][ T5649] REISERFS (device loop4): found reiserfs format "3.5" with non-standard journal
[  228.039503][ T5649] REISERFS (device loop4): using ordered data mode
[  228.171837][ T5649] reiserfs: using flush barriers
[  228.186590][ T5649] REISERFS (device loop4): journal params: device loop4, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30
[  228.303185][ T5155] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[  228.315910][ T5662] loop2: detected capacity change from 0 to 512
[  228.340901][ T5649] REISERFS (device loop4): checking transaction log (loop4)
[  228.366825][ T5649] REISERFS (device loop4): Using r5 hash to sort names
[  228.384516][ T5649] REISERFS (device loop4): Created .reiserfs_priv - reserved for xattr storage.
[  228.644305][ T5155] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[  228.804843][ T5155] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[  228.817436][ T5155] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[  228.827093][ T5155] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[  228.836949][ T5155] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[  228.846207][ T5155] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[  228.854957][ T5155] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[  228.868621][ T5422] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[  228.880971][ T5422] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[  228.889830][ T5155] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[  228.898598][ T5155] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[  228.907634][ T5155] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[  232.252249][   T46] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready
[  232.275875][   T46] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready
[  232.335372][ T5422] 8021q: adding VLAN 0 to HW filter on device batadv0
[  236.241775][ T4483] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready
[  236.251403][ T4483] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[  236.288326][   T46] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready
[  236.297775][   T46] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[  236.316285][ T5422] device veth0_vlan entered promiscuous mode
[  236.332511][   T46] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[  236.343379][   T46] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[  236.361250][ T5422] device veth1_vlan entered promiscuous mode
[  236.393508][   T56] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready
[  236.402669][   T56] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready
[  236.414369][   T56] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready
[  236.426148][   T56] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[  236.444573][ T5422] device veth0_macvtap entered promiscuous mode
[  236.456105][ T5422] device veth1_macvtap entered promiscuous mode
[  236.475216][ T5422] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  236.487361][ T5422] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  236.498575][ T5422] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  236.509715][ T5422] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  236.519595][ T5422] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  236.530119][ T5422] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  236.540996][ T5422] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  236.551595][ T5422] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  236.563049][ T5422] batman_adv: batadv0: Interface activated: batadv_slave_0
[  236.574266][ T5422] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  236.584982][ T5422] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  236.596157][ T5422] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  236.606740][ T5422] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  236.616617][ T5422] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  236.627072][ T5422] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  236.636946][ T5422] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  236.647415][ T5422] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  236.658998][ T5422] batman_adv: batadv0: Interface activated: batadv_slave_1
[  236.667188][   T56] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready
[  236.675858][   T56] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready
[  236.686821][   T56] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready
[  236.701825][   T56] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[  236.711221][   T56] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
[  236.720626][   T56] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[  236.732064][ T5422] netdevsim netdevsim5 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  236.741794][ T5422] netdevsim netdevsim5 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  236.750877][ T5422] netdevsim netdevsim5 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  236.760086][ T5422] netdevsim netdevsim5 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  236.855282][   T56] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  236.870174][   T56] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  236.898109][ T4970] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready
[  236.912334][ T5155] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  236.920969][ T5155] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  236.936731][   T46] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready
[  239.397598][ T5742] random: crng reseeded on system resumption
[  240.587550][ T5759] loop2: detected capacity change from 0 to 512
[  240.824140][ T5759] EXT4-fs (loop2): Test dummy encryption mode enabled
[  241.585158][ T5759] EXT4-fs (loop2): ext4_check_descriptors: Checksum for group 0 failed (17031!=33349)
[  242.088272][ T5759] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=8802e01c, mo2=0102]
[  242.103206][ T5759] EXT4-fs (loop2): orphan cleanup on readonly fs
[  242.116806][ T5759] EXT4-fs error (device loop2): ext4_validate_block_bitmap:438: comm syz.2.295: bg 0: block 361: padding at end of block bitmap is not set
[  242.157069][ T5759] EXT4-fs error (device loop2) in ext4_mb_clear_bb:6165: Corrupt filesystem
[  242.168485][ T5759] EXT4-fs error (device loop2): ext4_clear_blocks:883: inode #11: comm syz.2.295: attempt to clear invalid blocks 33619980 len 1
[  242.189794][ T5759] EXT4-fs error (device loop2): ext4_free_branches:1030: inode #11: comm syz.2.295: invalid indirect mapped block 1811939328 (level 0)
[  242.205521][ T5759] EXT4-fs error (device loop2): ext4_free_branches:1030: inode #11: comm syz.2.295: invalid indirect mapped block 2185560079 (level 1)
[  242.235523][ T5759] EXT4-fs (loop2): 1 truncate cleaned up
[  242.241486][ T5759] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: none.
[  243.219518][ T5771] loop4: detected capacity change from 0 to 512
[  243.731369][ T4280] EXT4-fs (loop2): unmounting filesystem.
[  243.924272][ T5771] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: none.
[  245.830751][ T4267] EXT4-fs (loop4): unmounting filesystem.
[  246.351723][ T5801] wlan0 speed is unknown, defaulting to 1000
[  247.460957][ T5814] netlink: 4 bytes leftover after parsing attributes in process `syz.0.294'.
[  247.480217][ T4284] Bluetooth: hci4: command 0x0406 tx timeout
[  247.604832][ T5818] loop2: detected capacity change from 0 to 64
[  247.658123][   T26] kauditd_printk_skb: 8 callbacks suppressed
[  247.658137][   T26] audit: type=1800 audit(1763334138.946:43): pid=5818 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.2.298" name="file1" dev="loop2" ino=5 res=0 errno=0
[  249.562798][ T5833] loop4: detected capacity change from 0 to 32768
[  249.909384][ T5833] XFS (loop4): Mounting V5 Filesystem
[  250.042646][ T5833] XFS (loop4): Ending clean mount
[  250.058870][ T5833] XFS (loop4): Quotacheck needed: Please wait.
[  250.456799][ T5829] wlan0 speed is unknown, defaulting to 1000
[  250.571630][ T5833] XFS (loop4): Quotacheck: Done.
[  251.502502][ T5861] netlink: 48 bytes leftover after parsing attributes in process `syz.5.305'.
[  251.526147][ T4267] XFS (loop4): Unmounting Filesystem
[  252.464971][ T5868] loop0: detected capacity change from 0 to 512
[  252.656757][ T5868] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: none.
[  253.698963][ T4273] EXT4-fs (loop0): unmounting filesystem.
[  254.537933][ T5899] loop5: detected capacity change from 0 to 8
[  254.923918][   T26] audit: type=1107 audit(2000000007.160:44): pid=5895 uid=0 auid=4294967295 ses=4294967295 subj=unconfined msg='�_`�W�J��'
[  255.410360][ T5907] xt_TCPMSS: Only works on TCP SYN packets
[  255.623781][ T1276] ieee802154 phy0 wpan0: encryption failed: -22
[  255.630993][ T1276] ieee802154 phy1 wpan1: encryption failed: -22
[  256.166444][ T5898] SQUASHFS error: Failed to read block 0xdfa: -5
[  256.173121][ T5898] SQUASHFS error: Unable to read metadata cache entry [dfa]
[  256.188667][ T5898] SQUASHFS error: Failed to read block 0x4e8: -5
[  256.205907][ T5898] SQUASHFS error: Failed to read block 0xed04f1: -5
[  256.212720][ T5898] SQUASHFS error: Failed to read block 0x4de: -5
[  256.219226][ T5898] SQUASHFS error: Failed to read block 0x4de: -5
[  256.225659][ T5898] SQUASHFS error: Failed to read block 0x4de: -5
[  256.232152][ T5898] SQUASHFS error: Failed to read block 0x4de: -5
[  256.238563][ T5898] SQUASHFS error: Failed to read block 0x4de: -5
[  256.245002][ T5898] SQUASHFS error: Failed to read block 0x4de: -5
[  256.251603][ T5898] SQUASHFS error: Failed to read block 0x4e8: -5
[  256.258566][   T26] audit: type=1800 audit(2000000008.490:45): pid=5898 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.5.312" name="file1" dev="loop5" ino=5 res=0 errno=0
[  257.818475][ T5929] random: crng reseeded on system resumption
[  259.123252][ T4284] Bluetooth: hci5: link tx timeout
[  259.130022][ T4284] Bluetooth: hci5: killing stalled connection 11:aa:aa:aa:aa:aa
[  259.141252][ T4284] Bluetooth: hci5: link tx timeout
[  259.146793][ T4284] Bluetooth: hci5: killing stalled connection 11:aa:aa:aa:aa:aa
[  259.156709][ T4284] Bluetooth: hci5: link tx timeout
[  259.162307][ T4284] Bluetooth: hci5: killing stalled connection 11:aa:aa:aa:aa:aa
[  259.170126][ T4284] Bluetooth: hci5: link tx timeout
[  259.175397][ T4284] Bluetooth: hci5: killing stalled connection 11:aa:aa:aa:aa:aa
[  259.183192][ T4284] Bluetooth: hci5: link tx timeout
[  259.188455][ T4284] Bluetooth: hci5: killing stalled connection 11:aa:aa:aa:aa:aa
[  259.196632][ T4284] Bluetooth: hci5: link tx timeout
[  259.201852][ T4284] Bluetooth: hci5: killing stalled connection 11:aa:aa:aa:aa:aa
[  259.209750][ T4284] Bluetooth: hci5: link tx timeout
[  259.215025][ T4284] Bluetooth: hci5: killing stalled connection 11:aa:aa:aa:aa:aa
[  259.222906][ T4284] Bluetooth: hci5: link tx timeout
[  259.228647][ T4284] Bluetooth: hci5: killing stalled connection 11:aa:aa:aa:aa:aa
[  259.236621][ T4284] Bluetooth: hci5: link tx timeout
[  259.241817][ T4284] Bluetooth: hci5: killing stalled connection 11:aa:aa:aa:aa:aa
[  259.250184][ T4284] Bluetooth: hci5: link tx timeout
[  259.255551][ T4284] Bluetooth: hci5: killing stalled connection 11:aa:aa:aa:aa:aa
[  259.263715][ T4284] Bluetooth: hci5: link tx timeout
[  259.269058][ T4284] Bluetooth: hci5: killing stalled connection 11:aa:aa:aa:aa:aa
[  259.277021][ T4284] Bluetooth: hci5: link tx timeout
[  259.282359][ T4284] Bluetooth: hci5: killing stalled connection 11:aa:aa:aa:aa:aa
[  259.290428][ T4284] Bluetooth: hci5: link tx timeout
[  259.295881][ T4284] Bluetooth: hci5: killing stalled connection 11:aa:aa:aa:aa:aa
[  259.304299][ T4284] Bluetooth: hci5: link tx timeout
[  259.309665][ T4284] Bluetooth: hci5: killing stalled connection 11:aa:aa:aa:aa:aa
[  259.317767][ T4284] Bluetooth: hci5: link tx timeout
[  259.323131][ T4284] Bluetooth: hci5: killing stalled connection 11:aa:aa:aa:aa:aa
[  259.332108][ T4284] Bluetooth: hci5: link tx timeout
[  259.337416][ T4284] Bluetooth: hci5: killing stalled connection 11:aa:aa:aa:aa:aa
[  259.345632][ T4284] Bluetooth: hci5: link tx timeout
[  259.351326][ T4284] Bluetooth: hci5: killing stalled connection 11:aa:aa:aa:aa:aa
[  259.360343][ T4284] Bluetooth: hci5: link tx timeout
[  259.365796][ T4284] Bluetooth: hci5: killing stalled connection 11:aa:aa:aa:aa:aa
[  259.375549][ T4284] Bluetooth: hci5: link tx timeout
[  259.381213][ T4284] Bluetooth: hci5: killing stalled connection 11:aa:aa:aa:aa:aa
[  259.389726][ T4284] Bluetooth: hci5: link tx timeout
[  259.395258][ T4284] Bluetooth: hci5: killing stalled connection 11:aa:aa:aa:aa:aa
[  259.404485][ T4284] Bluetooth: hci5: link tx timeout
[  259.410648][ T4284] Bluetooth: hci5: killing stalled connection 11:aa:aa:aa:aa:aa
[  259.418940][ T4284] Bluetooth: hci5: link tx timeout
[  259.424498][ T4284] Bluetooth: hci5: killing stalled connection 11:aa:aa:aa:aa:aa
[  259.433724][ T4284] Bluetooth: hci5: link tx timeout
[  259.439348][ T4284] Bluetooth: hci5: killing stalled connection 11:aa:aa:aa:aa:aa
[  259.447613][ T4284] Bluetooth: hci5: link tx timeout
[  259.453762][ T4284] Bluetooth: hci5: killing stalled connection 11:aa:aa:aa:aa:aa
[  259.464162][ T4284] Bluetooth: hci5: link tx timeout
[  259.470148][ T4284] Bluetooth: hci5: killing stalled connection 11:aa:aa:aa:aa:aa
[  259.478412][ T4284] Bluetooth: hci5: link tx timeout
[  259.484363][ T4284] Bluetooth: hci5: killing stalled connection 11:aa:aa:aa:aa:aa
[  259.502809][ T4284] Bluetooth: hci5: link tx timeout
[  259.508731][ T4284] Bluetooth: hci5: killing stalled connection 11:aa:aa:aa:aa:aa
[  259.517581][ T4284] Bluetooth: hci5: link tx timeout
[  259.524175][ T4284] Bluetooth: hci5: killing stalled connection 11:aa:aa:aa:aa:aa
[  259.537304][ T4284] Bluetooth: hci5: link tx timeout
[  259.543213][ T4284] Bluetooth: hci5: killing stalled connection 11:aa:aa:aa:aa:aa
[  259.552491][ T4284] Bluetooth: hci5: link tx timeout
[  259.559584][ T4284] Bluetooth: hci5: killing stalled connection 11:aa:aa:aa:aa:aa
[  259.568803][ T4284] Bluetooth: hci5: link tx timeout
[  259.574762][ T4284] Bluetooth: hci5: killing stalled connection 11:aa:aa:aa:aa:aa
[  259.583966][ T4284] Bluetooth: hci5: link tx timeout
[  259.590397][ T4284] Bluetooth: hci5: killing stalled connection 11:aa:aa:aa:aa:aa
[  259.601124][ T4284] Bluetooth: hci5: link tx timeout
[  259.607065][ T4284] Bluetooth: hci5: killing stalled connection 11:aa:aa:aa:aa:aa
[  259.616232][ T4284] Bluetooth: hci5: link tx timeout
[  259.624780][ T4284] Bluetooth: hci5: killing stalled connection 11:aa:aa:aa:aa:aa
[  259.634443][ T4284] Bluetooth: hci5: link tx timeout
[  259.640547][ T4284] Bluetooth: hci5: killing stalled connection 11:aa:aa:aa:aa:aa
[  260.360868][ T5948] netlink: 755 bytes leftover after parsing attributes in process `syz.2.322'.
[  261.229366][ T4284] Bluetooth: hci5: command 0x0406 tx timeout
[  261.404477][ T5951] netlink: 104 bytes leftover after parsing attributes in process `syz.2.324'.
[  262.266138][ T5964] loop4: detected capacity change from 0 to 64
[  265.783518][ T5998] netlink: 48 bytes leftover after parsing attributes in process `syz.4.332'.
[  267.577773][ T6007] netlink: 104 bytes leftover after parsing attributes in process `syz.5.334'.
[  267.954893][ T6021] loop5: detected capacity change from 0 to 512
[  267.986821][ T6021] EXT4-fs: Ignoring removed i_version option
[  268.049847][ T6021] ext4: Bad value for 'debug_want_extra_isize'
[  269.870668][ T6033] loop0: detected capacity change from 0 to 128
[  270.269810][ T4401] I/O error, dev loop0, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2
[  271.455503][ T6047] loop4: detected capacity change from 0 to 512
[  271.502233][   T26] audit: type=1326 audit(2000000023.740:46): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6048 comm="syz.0.352" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb19d58f6c9 code=0x7ffc0000
[  271.541151][ T6047] EXT4-fs: Warning: mounting with data=journal disables delayed allocation, dioread_nolock, O_DIRECT and fast_commit support!
[  271.586153][ T6049] loop0: detected capacity change from 0 to 128
[  271.649977][   T26] audit: type=1326 audit(2000000023.740:47): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6048 comm="syz.0.352" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb19d58f6c9 code=0x7ffc0000
[  271.794409][ T6049] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: none.
[  271.984708][ T6049] ext4 filesystem being mounted at /71/mnt supports timestamps until 2038-01-19 (0x7fffffff)
[  272.051435][   T26] audit: type=1326 audit(2000000023.750:48): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6048 comm="syz.0.352" exe="/root/syz-executor" sig=0 arch=c000003e syscall=1 compat=0 ip=0x7fb19d58f6c9 code=0x7ffc0000
[  272.183646][ T4970] Quota error (device loop4): do_check_range: Getting dqdh_entries 15 out of range 0-14
[  272.207532][ T6047] EXT4-fs (loop4): 1 orphan inode deleted
[  272.314573][ T4970] EXT4-fs error (device loop4): ext4_release_dquot:6845: comm kworker/u4:19: Failed to release dquot type 1
[  272.373288][   T26] audit: type=1326 audit(2000000023.750:49): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6048 comm="syz.0.352" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb19d58f6c9 code=0x7ffc0000
[  272.489291][ T6047] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: writeback.
[  272.530333][   T26] audit: type=1326 audit(2000000023.750:50): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6048 comm="syz.0.352" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb19d58f6c9 code=0x7ffc0000
[  272.565404][ T6047] ext4 filesystem being mounted at /73/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  272.819435][   T26] audit: type=1326 audit(2000000023.750:51): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6048 comm="syz.0.352" exe="/root/syz-executor" sig=0 arch=c000003e syscall=9 compat=0 ip=0x7fb19d58f6c9 code=0x7ffc0000
[  272.851975][ T4273] EXT4-fs (loop0): unmounting filesystem.
[  272.998649][   T26] audit: type=1326 audit(2000000023.750:52): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6048 comm="syz.0.352" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb19d58f6c9 code=0x7ffc0000
[  273.313330][   T26] audit: type=1326 audit(2000000023.750:53): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6048 comm="syz.0.352" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb19d58f6c9 code=0x7ffc0000
[  273.407470][ T4970] Quota error (device loop4): do_check_range: Getting dqdh_entries 15 out of range 0-14
[  273.443307][ T4970] EXT4-fs error (device loop4): ext4_release_dquot:6845: comm kworker/u4:19: Failed to release dquot type 1
[  273.481300][ T4267] EXT4-fs (loop4): unmounting filesystem.
[  276.050928][ T6085] netlink: 104 bytes leftover after parsing attributes in process `syz.4.348'.
[  276.168280][ T6087] wlan0 speed is unknown, defaulting to 1000
[  278.627806][ T6111] loop0: detected capacity change from 0 to 256
[  278.716292][ T6111] FAT-fs (loop0): bogus number of FAT sectors
[  278.722611][ T6111] FAT-fs (loop0): Can't find a valid FAT filesystem
[  279.155245][ T6105] loop2: detected capacity change from 0 to 2048
[  279.275225][ T6105] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: none.
[  282.304852][ T4483] EXT4-fs error (device loop2): ext4_mb_generate_buddy:1097: group 0, block bitmap and bg descriptor inconsistent: 0 vs 150994969 free clusters
[  282.865684][ T4483] EXT4-fs (loop2): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 2048 with error 28
[  282.935806][ T6141] random: crng reseeded on system resumption
[  283.140427][ T4483] EXT4-fs (loop2): This should not happen!! Data will be lost
[  283.140427][ T4483] 
[  283.375645][ T4483] EXT4-fs (loop2): Total free blocks count 0
[  283.528383][ T4483] EXT4-fs (loop2): Free/Dirty block details
[  283.653056][ T4483] EXT4-fs (loop2): free_blocks=2415919504
[  283.814734][ T4483] EXT4-fs (loop2): dirty_blocks=8192
[  284.030240][ T6148] wlan0 speed is unknown, defaulting to 1000
[  284.151750][ T6147] loop1: detected capacity change from 0 to 256
[  285.572249][ T4483] EXT4-fs (loop2): Block reservation details
[  285.587577][ T4483] EXT4-fs (loop2): i_reserved_data_blocks=512
[  286.018446][ T4483] EXT4-fs (loop2): Delayed block allocation failed for inode 18 at logical offset 2050 with max blocks 2048 with error 28
[  286.074965][ T4483] EXT4-fs (loop2): This should not happen!! Data will be lost
[  286.074965][ T4483] 
[  286.138642][ T4483] EXT4-fs (loop2): Total free blocks count 0
[  286.293018][ T4483] EXT4-fs (loop2): Free/Dirty block details
[  286.422843][ T4483] EXT4-fs (loop2): free_blocks=2415919504
[  286.548626][ T4483] EXT4-fs (loop2): dirty_blocks=6144
[  286.636569][ T4483] EXT4-fs (loop2): Block reservation details
[  286.748406][ T4483] EXT4-fs (loop2): i_reserved_data_blocks=384
[  286.797967][ T6155] netlink: 104 bytes leftover after parsing attributes in process `syz.1.362'.
[  288.766153][ T6160] wlan0 speed is unknown, defaulting to 1000
[  289.607686][ T6166] netlink: 755 bytes leftover after parsing attributes in process `syz.1.365'.
[  290.773373][ T6178] xt_NFQUEUE: number of queues (65535) out of range (got 65541)
[  291.979137][ T4584] usb 6-1: new high-speed USB device number 2 using dummy_hcd
[  293.313884][   T26] kauditd_printk_skb: 38 callbacks suppressed
[  293.313900][   T26] audit: type=1326 audit(2000000045.550:92): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6183 comm="syz.4.369" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f072bf8f6c9 code=0x7ffc0000
[  293.346906][ T4584] usb 6-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  293.373394][ T4584] usb 6-1: config 1 has 0 interfaces, different from the descriptor's value: 1
[  293.388874][ T6184] loop4: detected capacity change from 0 to 128
[  293.406180][ T4584] usb 6-1: New USB device found, idVendor=0525, idProduct=a481, bcdDevice= 0.40
[  293.426081][   T26] audit: type=1326 audit(2000000045.550:93): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6183 comm="syz.4.369" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f072bf8f6c9 code=0x7ffc0000
[  293.449400][ T4584] usb 6-1: New USB device strings: Mfr=2, Product=0, SerialNumber=1
[  293.466233][ T4584] usb 6-1: Manufacturer: syz
[  293.475563][ T4584] usb 6-1: SerialNumber: syz
[  293.488141][   T26] audit: type=1326 audit(2000000045.550:94): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6183 comm="syz.4.369" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7f072bf8f6c9 code=0x7ffc0000
[  293.569734][   T26] audit: type=1326 audit(2000000045.550:95): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6183 comm="syz.4.369" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f072bf8f6c9 code=0x7ffc0000
[  293.595238][ T6184] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: none.
[  293.603944][ T4584] usb 6-1: can't set config #1, error -71
[  293.659116][   T26] audit: type=1326 audit(2000000045.550:96): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6183 comm="syz.4.369" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f072bf8f6c9 code=0x7ffc0000
[  293.682448][ T4584] usb 6-1: USB disconnect, device number 2
[  293.699284][ T6184] ext4 filesystem being mounted at /78/mnt supports timestamps until 2038-01-19 (0x7fffffff)
[  293.724884][ T4280] EXT4-fs (loop2): unmounting filesystem.
[  293.884869][   T26] audit: type=1326 audit(2000000045.550:97): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6183 comm="syz.4.369" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7f072bf8f6c9 code=0x7ffc0000
[  293.924254][ T4267] EXT4-fs (loop4): unmounting filesystem.
[  293.960357][ T6197] futex_wake_op: syz.2.359 tries to shift op by -1; fix this program
[  293.974163][   T26] audit: type=1326 audit(2000000045.550:98): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6183 comm="syz.4.369" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f072bf8f6c9 code=0x7ffc0000
[  294.027417][   T26] audit: type=1326 audit(2000000045.550:99): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6183 comm="syz.4.369" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f072bf8f6c9 code=0x7ffc0000
[  294.057181][   T26] audit: type=1326 audit(2000000045.550:100): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6183 comm="syz.4.369" exe="/root/syz-executor" sig=0 arch=c000003e syscall=9 compat=0 ip=0x7f072bf8f6c9 code=0x7ffc0000
[  294.114521][   T26] audit: type=1326 audit(2000000045.550:101): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6183 comm="syz.4.369" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f072bf8f6c9 code=0x7ffc0000
[  295.734007][ T6208] netlink: 8 bytes leftover after parsing attributes in process `syz.0.380'.
[  296.813845][ T6232] loop5: detected capacity change from 0 to 64
[  298.111318][ T4401] I/O error, dev loop5, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2
[  298.671917][ T6232] wlan0 speed is unknown, defaulting to 1000
[  298.847532][ T6251] loop0: detected capacity change from 0 to 256
[  299.058456][   T26] kauditd_printk_skb: 38 callbacks suppressed
[  299.065374][   T26] audit: type=1800 audit(2000000051.270:140): pid=6251 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.379" name="file1" dev="loop0" ino=1048645 res=0 errno=0
[  299.119426][ T6251] FAT-fs (loop0): error, fat_get_cluster: invalid start cluster (i_pos 196, start 00000001)
[  299.180501][ T6251] FAT-fs (loop0): error, fat_get_cluster: invalid start cluster (i_pos 196, start 00000001)
[  299.211249][ T6251] FAT-fs (loop0): error, fat_get_cluster: invalid start cluster (i_pos 196, start 00000001)
[  299.605614][ T6256] ubi31: attaching mtd0
[  300.665660][ T6256] ubi31: scanning is finished
[  300.715814][ T6256] ubi31: empty MTD device detected
[  300.966185][ T6266] loop5: detected capacity change from 0 to 256
[  301.179224][   T26] audit: type=1800 audit(2000000053.400:141): pid=6266 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.5.384" name="file1" dev="loop5" ino=1048647 res=0 errno=0
[  302.273982][ T6256] ubi31 error: ubi_attach_mtd_dev: cannot spawn "ubi_bgt31d", error -4
[  302.322703][ T6283] loop2: detected capacity change from 0 to 1024
[  302.588226][ T6283] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: none.
[  304.201310][ T4280] EXT4-fs (loop2): unmounting filesystem.
[  304.325656][ T6305] loop0: detected capacity change from 0 to 512
[  304.380815][ T6305] journal_path: Lookup failure for './file0'
[  304.387350][ T6305] EXT4-fs: error: could not find journal device path
[  307.379373][ T4284] Bluetooth: hci4: Controller not accepting commands anymore: ncmd = 0
[  307.388514][ T4284] Bluetooth: hci4: Injecting HCI hardware error event
[  307.398198][ T4287] Bluetooth: hci4: hardware error 0x00
[  307.542220][ T6327] binder: 6323:6327 ioctl c0306201 2000000001c0 returned -14
[  308.581178][ T6341] xt_TPROXY: Can be used only with -p tcp or -p udp
[  310.037900][ T4287] Bluetooth: hci4: Opcode 0x0c03 failed: -110
[  310.630218][  T127] usb 6-1: new high-speed USB device number 3 using dummy_hcd
[  311.779472][  T127] usb 6-1: Using ep0 maxpacket: 8
[  311.787417][  T127] usb 6-1: config 0 has no interfaces?
[  311.805069][  T127] usb 6-1: New USB device found, idVendor=0225, idProduct=0000, bcdDevice= 0.00
[  311.834297][  T127] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  311.865556][  T127] usb 6-1: config 0 descriptor??
[  312.010653][ T6372] loop2: detected capacity change from 0 to 128
[  312.666475][ T6381] o2cb: This node has not been configured.
[  312.672885][ T6381] o2cb: Cluster check failed. Fix errors before retrying.
[  312.680468][ T6381] (syz.5.404,6381,1):user_dlm_register:674 ERROR: status = -22
[  312.688291][ T6381] (syz.5.404,6381,1):dlmfs_mkdir:438 ERROR: Error -22 could not register domain "file1"
[  313.084588][ T6378] netlink: 104 bytes leftover after parsing attributes in process `syz.0.405'.
[  313.977881][ T4287] Bluetooth: hci5: link tx timeout
[  313.983508][ T4287] Bluetooth: hci5: killing stalled connection 10:aa:aa:aa:aa:aa
[  313.991815][ T4287] Bluetooth: hci5: link tx timeout
[  313.997331][ T4287] Bluetooth: hci5: killing stalled connection 11:aa:aa:aa:aa:aa
[  314.005931][ T4287] Bluetooth: hci5: link tx timeout
[  314.011551][ T4287] Bluetooth: hci5: killing stalled connection 10:aa:aa:aa:aa:aa
[  314.019600][ T4287] Bluetooth: hci5: link tx timeout
[  314.025456][ T4287] Bluetooth: hci5: killing stalled connection 11:aa:aa:aa:aa:aa
[  314.033824][ T4287] Bluetooth: hci5: link tx timeout
[  314.039205][ T4287] Bluetooth: hci5: killing stalled connection 10:aa:aa:aa:aa:aa
[  314.047561][ T4287] Bluetooth: hci5: link tx timeout
[  314.053059][ T4287] Bluetooth: hci5: killing stalled connection 11:aa:aa:aa:aa:aa
[  314.138945][ T4354] usb 6-1: USB disconnect, device number 3
[  314.533565][ T6389] netlink: 76 bytes leftover after parsing attributes in process `syz.2.410'.
[  316.461745][ T4287] Bluetooth: hci5: command 0x0406 tx timeout
[  317.072990][ T1276] ieee802154 phy0 wpan0: encryption failed: -22
[  317.080635][ T1276] ieee802154 phy1 wpan1: encryption failed: -22
[  317.946479][ T6395] loop5: detected capacity change from 0 to 4096
[  318.005206][ T6395] NILFS (loop5): unrecognized mount option "00000000000000000003"
[  318.418464][ T6395] loop5: detected capacity change from 0 to 256
[  318.442735][ T6395] MINIX-fs: file system does not have enough imap blocks allocated.  Refusing to mount.
[  318.489881][ T6395] MINIX-fs: bad superblock or unable to read bitmaps
[  319.902343][ T6449] loop0: detected capacity change from 0 to 128
[  320.133012][ T6449] FAT-fs (loop0): Unrecognized mount option "ut" or missing value
[  320.179491][ T4354] Process accounting resumed
[  321.023166][ T6454] loop2: detected capacity change from 0 to 256
[  321.613972][   T26] audit: type=1800 audit(2000000073.850:142): pid=6454 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.2.422" name="file1" dev="loop2" ino=1048648 res=0 errno=0
[  324.317207][ T6484] netlink: 'syz.4.427': attribute type 4 has an invalid length.
[  324.389116][ T6489] UHID_CREATE from different security context by process 353 (syz.0.430), this is not allowed.
[  324.408606][ T6487] netlink: 'syz.4.427': attribute type 4 has an invalid length.
[  325.029497][ T4354] usb 1-1: new full-speed USB device number 3 using dummy_hcd
[  325.317633][ T4354] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  325.440571][ T4354] usb 1-1: config 0 has 1 interface, different from the descriptor's value: 2
[  325.629228][ T4354] usb 1-1: New USB device found, idVendor=05d8, idProduct=810a, bcdDevice=92.b8
[  325.654062][ T6503] netlink: 8 bytes leftover after parsing attributes in process `syz.2.434'.
[  325.735101][ T4354] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  325.805387][ T4354] usb 1-1: config 0 descriptor??
[  325.915378][ T4354] dvb-usb: found a 'Artec T1 USB2.0' in warm state.
[  325.931291][ T4354] dvb-usb: bulk message failed: -22 (3/0)
[  325.994155][ T4354] dvb-usb: will use the device's hardware PID filter (table count: 16).
[  326.006816][ T4354] dvbdev: DVB: registering new adapter (Artec T1 USB2.0)
[  326.014688][ T4354] usb 1-1: media controller created
[  326.023925][ T4354] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered.
[  326.478130][ T6493] dvb-usb: bulk message failed: -22 (2/0)
[  326.649302][ T4354] dvb-usb: bulk message failed: -22 (6/0)
[  326.656410][ T4354] dvb-usb: no frontend was attached by 'Artec T1 USB2.0'
[  326.690422][ T4354] input: IR-receiver inside an USB DVB receiver as /devices/platform/dummy_hcd.0/usb1/1-1/input/input9
[  327.026847][ T4354] dvb-usb: schedule remote query interval to 150 msecs.
[  327.034066][ T4354] dvb-usb: Artec T1 USB2.0 successfully initialized and connected.
[  327.192500][ T4354] dvb-usb: bulk message failed: -22 (1/0)
[  327.202062][ T4354] dvb-usb: error while querying for an remote control event.
[  327.275712][ T6516] netlink: 36 bytes leftover after parsing attributes in process `syz.1.437'.
[  328.575220][ T4414] dvb-usb: bulk message failed: -22 (1/0)
[  328.601776][ T4414] dvb-usb: error while querying for an remote control event.
[  328.652625][ T4582] usb 1-1: USB disconnect, device number 3
[  329.772565][ T4582] dvb-usb: Artec T1 USB2.0 successfully deinitialized and disconnected.
[  329.807318][ T6538] netlink: 'syz.0.441': attribute type 33 has an invalid length.
[  329.999047][ T6538] netlink: 152 bytes leftover after parsing attributes in process `syz.0.441'.
[  334.000554][ T6573] xt_physdev: --physdev-out and --physdev-is-out only supported in the FORWARD and POSTROUTING chains with bridged traffic
[  337.099190][ T4413] Bluetooth: hci3: Frame reassembly failed (-84)
[  337.107020][ T4413] Bluetooth: hci3: Frame reassembly failed (-84)
[  338.289857][ T6613] trusted_key: encrypted_key: insufficient parameters specified
[  339.060527][ T4287] Bluetooth: hci3: Opcode 0x1003 failed: -110
[  342.469214][   T26] audit: type=1800 audit(2000000094.680:143): pid=6642 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.0.456" name="cpuacct.usage_percpu" dev="overlay" ino=609 res=0 errno=0
[  345.664053][ T6686] loop0: detected capacity change from 0 to 512
[  345.912760][ T6689] loop1: detected capacity change from 0 to 2048
[  346.310031][ T6686] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: writeback.
[  346.407563][ T6689] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000)
[  346.505176][ T6686] ext4 filesystem being mounted at /102/bus supports timestamps until 2038-01-19 (0x7fffffff)
[  349.125285][ T4273] EXT4-fs (loop0): unmounting filesystem.
[  349.277869][ T6709] loop4: detected capacity change from 0 to 512
[  349.292939][ T6709] EXT4-fs: Ignoring removed nobh option
[  349.347083][ T6709] EXT4-fs (loop4): feature flags set on rev 0 fs, running e2fsck is recommended
[  349.636121][ T6709] EXT4-fs (loop4): orphan cleanup on readonly fs
[  349.664020][ T6709] Quota error (device loop4): v2_read_file_info: Free block number 1 out of range (1, 6).
[  349.676915][ T6709] EXT4-fs warning (device loop4): ext4_enable_quotas:7061: Failed to enable quota tracking (type=1, err=-117, ino=4). Please run e2fsck to fix.
[  349.692623][ T6709] EXT4-fs (loop4): Cannot turn on quotas: error -117
[  349.707585][ T6709] EXT4-fs (loop4): 1 truncate cleaned up
[  349.713552][ T6709] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: writeback.
[  352.174133][ T4267] EXT4-fs (loop4): unmounting filesystem.
[  352.202395][ T6718] loop0: detected capacity change from 0 to 1024
[  353.098903][ T6724] loop5: detected capacity change from 0 to 32768
[  353.108101][ T6724] (syz.5.487,6724,1):ocfs2_parse_options:1446 ERROR: Unrecognized mount option "p*/���suser_xattr" or missing value
[  353.121011][ T6724] (syz.5.487,6724,1):ocfs2_fill_super:1176 ERROR: status = -22
[  354.269111][ T4500] I/O error, dev loop0, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2
[  357.020258][ T6745] wlan0 speed is unknown, defaulting to 1000
[  358.433760][ T6757] random: crng reseeded on system resumption
[  359.297279][ T6763] loop4: detected capacity change from 0 to 128
[  359.446856][ T6758] loop5: detected capacity change from 0 to 1024
[  359.524063][ T6763] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: none.
[  359.602669][ T6758] EXT4-fs (loop5): mounted filesystem without journal. Quota mode: none.
[  359.640088][ T6763] ext4 filesystem being mounted at /109/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa supports timestamps until 2038-01-19 (0x7fffffff)
[  359.671867][    C0] vkms_vblank_simulate: vblank timer overrun
[  360.077425][ T6776] loop0: detected capacity change from 0 to 256
[  360.096195][ T6776] exfat: Deprecated parameter 'utf8'
[  360.107827][ T6776] exfat: Deprecated parameter 'namecase'
[  360.877394][ T4267] EXT4-fs (loop4): unmounting filesystem.
[  360.970040][ T6776] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0x11bbdf60, utbl_chksum : 0xe619d30d)
[  361.332217][ T6784] syz.4.502 uses obsolete (PF_INET,SOCK_PACKET)
[  362.277122][ T6787] overlayfs: missing 'lowerdir'
[  362.924023][ T5422] EXT4-fs (loop5): unmounting filesystem.
[  368.253085][ T6822] random: crng reseeded on system resumption
[  369.935319][ T6829] sp0: Synchronizing with TNC
[  371.386244][ T6845] loop2: detected capacity change from 0 to 64
[  371.454821][ T6846] loop0: detected capacity change from 0 to 1024
[  372.198268][ T6846] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: none.
[  373.215699][ T6862] sctp: failed to load transform for md5: -2
[  374.210228][ T4273] EXT4-fs (loop0): unmounting filesystem.
[  374.710994][ T6887] random: crng reseeded on system resumption
[  377.611076][ T6892] loop4: detected capacity change from 0 to 4096
[  378.802279][ T1276] ieee802154 phy0 wpan0: encryption failed: -22
[  378.808606][ T1276] ieee802154 phy1 wpan1: encryption failed: -22
[  378.910834][ T6892] ntfs3: loop4: Mark volume as dirty due to NTFS errors
[  379.780089][ T6906] netlink: 104 bytes leftover after parsing attributes in process `syz.0.530'.
[  381.018407][ T6910] loop4: detected capacity change from 0 to 4096
[  381.054700][ T6910] overlayfs: missing 'lowerdir'
[  381.431344][ T6928] bridge0: port 3(gretap0) entered blocking state
[  381.438842][ T6928] bridge0: port 3(gretap0) entered disabled state
[  381.458858][ T6928] device gretap0 entered promiscuous mode
[  381.472723][ T6928] bridge0: port 3(gretap0) entered blocking state
[  381.479984][ T6928] bridge0: port 3(gretap0) entered forwarding state
[  381.548494][ T6930] snd_dummy snd_dummy.0: control 0:0:0:syz0:0 is already present
[  385.942975][ T6947] netlink: 'syz.5.538': attribute type 4 has an invalid length.
[  387.589139][ T6956] netlink: 12 bytes leftover after parsing attributes in process `syz.0.539'.
[  388.043579][ T6969] netlink: 4 bytes leftover after parsing attributes in process `syz.1.543'.
[  390.897161][ T6979] loop0: detected capacity change from 0 to 2048
[  391.518629][ T6979] NILFS (loop0): broken superblock, retrying with spare superblock (blocksize = 1024)
[  391.549220][ T6984] loop1: detected capacity change from 0 to 4096
[  391.620096][ T6979] syz.0.548: attempt to access beyond end of device
[  391.620096][ T6979] loop0: rw=524288, sector=65534, nr_sectors = 2 limit=2048
[  391.637243][ T6984] ntfs3: loop1: Failed to load $LogFile.
[  391.645428][ T6989] NILFS (loop0): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
[  391.702395][ T4401] udevd[4401]: incorrect nilfs2 checksum on /dev/loop0
[  392.280375][ T6995] netlink: 4 bytes leftover after parsing attributes in process `syz.0.548'.
[  393.074550][ T6999] loop5: detected capacity change from 0 to 8
[  393.083889][ T6991] loop2: detected capacity change from 0 to 2048
[  393.165795][ T6991] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000)
[  393.686767][ T7010] tipc: Started in network mode
[  393.692285][ T7010] tipc: Node identity fe80000000000000000000000000001, cluster identity 4711
[  393.706307][ T7010] tipc: Enabled bearer <udp:syz0>, priority 10
[  394.293177][ T7012] xt_physdev: --physdev-out and --physdev-is-out only supported in the FORWARD and POSTROUTING chains with bridged traffic
[  395.498422][ T2120] tipc: Node number set to 4269801488
[  396.586646][ T7029] netlink: 755 bytes leftover after parsing attributes in process `syz.0.558'.
[  397.597914][ T7037] loop1: detected capacity change from 0 to 1024
[  397.634690][ T7037] EXT4-fs: Ignoring removed bh option
[  397.696134][ T7037] EXT4-fs: Ignoring removed nobh option
[  398.063302][ T7037] EXT4-fs: Ignoring removed bh option
[  398.217833][ T7037] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE
[  398.711211][ T4287] sysfs: cannot create duplicate filename '/devices/virtual/bluetooth/hci5/hci5:201'
[  398.722415][ T4287] CPU: 1 PID: 4287 Comm: kworker/u5:9 Not tainted syzkaller #0
[  398.729977][ T4287] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[  398.740031][ T4287] Workqueue: hci5 hci_rx_work
[  398.744826][ T4287] Call Trace:
[  398.748138][ T4287]  <TASK>
[  398.751071][ T4287]  dump_stack_lvl+0x168/0x22e
[  398.755757][ T4287]  ? show_regs_print_info+0x12/0x12
[  398.760990][ T4287]  ? load_image+0x3b0/0x3b0
[  398.765512][ T4287]  sysfs_create_dir_ns+0x252/0x280
[  398.770632][ T4287]  ? hci_rx_work+0x3eb/0xd40
[  398.775239][ T4287]  ? sysfs_warn_dup+0xa0/0xa0
[  398.779937][ T4287]  ? do_raw_spin_unlock+0x11d/0x230
[  398.785179][ T4287]  kobject_add_internal+0x6b8/0xc80
[  398.790434][ T4287]  kobject_add+0x152/0x210
[  398.794884][ T4287]  ? kobject_init+0x1d0/0x1d0
[  398.799594][ T4287]  ? klist_children_get+0x50/0x50
[  398.804627][ T4287]  ? get_device_parent+0x121/0x3f0
[  398.809741][ T4287]  device_add+0x483/0xfb0
[  398.814099][ T4287]  ? kmem_cache_free+0xf7/0x290
[  398.818958][ T4287]  hci_conn_add_sysfs+0xd1/0x1e0
[  398.823922][ T4287]  le_conn_complete_evt+0xfec/0x15d0
[  398.829238][ T4287]  ? hci_le_big_info_adv_report_evt+0x310/0x310
[  398.835508][ T4287]  ? __mutex_unlock_slowpath+0x19e/0x6a0
[  398.841152][ T4287]  ? skb_pull_data+0xf7/0x200
[  398.845840][ T4287]  hci_le_enh_conn_complete_evt+0x185/0x460
[  398.851740][ T4287]  ? hci_le_remote_conn_param_req_evt+0xcc0/0xcc0
[  398.858156][ T4287]  ? hci_remote_host_features_evt+0x270/0x270
[  398.864230][ T4287]  hci_event_packet+0x791/0x1210
[  398.869179][ T4287]  ? bis_list+0x280/0x280
[  398.873509][ T4287]  ? _raw_spin_unlock_irqrestore+0xaa/0x100
[  398.879417][ T4287]  ? kcov_remote_start+0x4c7/0x7e0
[  398.884535][ T4287]  ? nf_l4proto_log_invalid+0x1f9/0x26e
[  398.890085][ T4287]  ? hci_send_to_monitor+0x9c/0x4a0
[  398.895286][ T4287]  hci_rx_work+0x3eb/0xd40
[  398.899733][ T4287]  ? _raw_spin_unlock+0x40/0x40
[  398.904603][ T4287]  ? process_one_work+0x7a1/0x1160
[  398.909721][ T4287]  process_one_work+0x898/0x1160
[  398.914677][ T4287]  ? worker_detach_from_pool+0x240/0x240
[  398.920336][ T4287]  ? _raw_spin_lock_irq+0xab/0xe0
[  398.925368][ T4287]  ? _raw_spin_lock_irqsave+0xf0/0xf0
[  398.930751][ T4287]  ? kthread_data+0x4b/0xc0
[  398.935267][ T4287]  worker_thread+0xaa2/0x1250
[  398.939960][ T4287]  ? __kthread_parkme+0x162/0x1c0
[  398.944996][ T4287]  kthread+0x29d/0x330
[  398.949073][ T4287]  ? worker_clr_flags+0x1a0/0x1a0
[  398.954105][ T4287]  ? kthread_blkcg+0xd0/0xd0
[  398.958703][ T4287]  ret_from_fork+0x1f/0x30
[  398.963140][ T4287]  </TASK>
[  398.966198][    C1] vkms_vblank_simulate: vblank timer overrun
[  398.994810][ T4287] kobject_add_internal failed for hci5:201 with -EEXIST, don't try to register things with the same name in the same directory.
[  399.014646][ T4287] Bluetooth: hci5: failed to register connection device
[  399.045124][ T7037] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: writeback.
[  399.283674][ T7042] Bluetooth: hci1: Opcode 0x0c1a failed: -4
[  399.290093][ T7042] Bluetooth: hci1: Opcode 0x0406 failed: -4
[  399.314532][ T7042] Bluetooth: hci1: Suspend notifier action (1) failed: -4
[  399.323711][ T7042] Bluetooth: hci2: Opcode 0x0c1a failed: -4
[  399.330376][ T7042] Bluetooth: hci2: Opcode 0x0406 failed: -4
[  399.574106][ T7057] EXT4-fs error (device loop1): ext4_mb_mark_diskspace_used:3836: comm syz.1.560: Allocating blocks 497-513 which overlap fs metadata
[  399.643028][ T7057] EXT4-fs (loop1): pa ffff888074bfcb60: logic 256, phys. 385, len 8
[  399.651595][ T7057] EXT4-fs error (device loop1): ext4_mb_release_inode_pa:4876: group 0, free 0, pa_free 1
[  399.983077][ T7053] loop0: detected capacity change from 0 to 1024
[  400.219822][ T7042] Bluetooth: hci2: Suspend notifier action (1) failed: -4
[  400.227127][ T7042] Bluetooth: hci5: Opcode 0x0c1a failed: -4
[  400.233445][ T7042] Bluetooth: hci5: Opcode 0x0406 failed: -4
[  400.260776][ T7053] EXT4-fs: Ignoring removed bh option
[  400.266876][ T7053] EXT4-fs: Ignoring removed nobh option
[  400.698476][ T7053] EXT4-fs: Ignoring removed bh option
[  400.711715][ T7053] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE
[  400.737340][ T7042] Bluetooth: hci5: Suspend notifier action (1) failed: -4
[  400.870228][ T7053] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: writeback.
[  401.009767][ T7062] loop4: detected capacity change from 0 to 512
[  401.717821][ T4287] Bluetooth: hci2: command 0x0c1a tx timeout
[  401.730291][ T4284] Bluetooth: hci1: command 0x0c1a tx timeout
[  402.063804][ T4269] EXT4-fs (loop1): unmounting filesystem.
[  402.988585][ T7072] snd_dummy snd_dummy.0: control 0:0:0:syz0:0 is already present
[  403.332110][ T7071] EXT4-fs error (device loop0): ext4_mb_mark_diskspace_used:3836: comm syz.0.563: Allocating blocks 497-513 which overlap fs metadata
[  403.348095][ T4287] Bluetooth: hci5: command 0x0c1a tx timeout
[  403.367464][ T7071] EXT4-fs (loop0): pa ffff8880718280e0: logic 256, phys. 385, len 8
[  403.375681][ T7071] EXT4-fs error (device loop0): ext4_mb_release_inode_pa:4876: group 0, free 0, pa_free 1
[  403.789100][ T4284] Bluetooth: hci2: command 0x0406 tx timeout
[  403.795224][ T4287] Bluetooth: hci1: command 0x0406 tx timeout
[  405.245960][   T26] audit: type=1107 audit(2000000157.220:144): pid=7075 uid=0 auid=4294967295 ses=4294967295 subj=unconfined msg='�_`�W�J��'
[  405.379294][ T4287] Bluetooth: hci5: command 0x0406 tx timeout
[  407.782239][ T4287] Bluetooth: hci5: command 0x0405 tx timeout
[  408.386536][ T7100] xt_TCPMSS: Only works on TCP SYN packets
[  409.429649][   T26] audit: type=1326 audit(2000000161.670:145): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7106 comm="syz.5.576" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f96ddb8f6c9 code=0x7ffc0000
[  409.507971][ T7107] loop5: detected capacity change from 0 to 128
[  409.529261][   T26] audit: type=1326 audit(2000000161.690:146): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7106 comm="syz.5.576" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f96ddb8f6c9 code=0x7ffc0000
[  410.591415][   T26] audit: type=1326 audit(2000000161.690:147): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7106 comm="syz.5.576" exe="/root/syz-executor" sig=0 arch=c000003e syscall=1 compat=0 ip=0x7f96ddb8f6c9 code=0x7ffc0000
[  410.613836][   T26] audit: type=1326 audit(2000000161.690:148): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7106 comm="syz.5.576" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f96ddb8f6c9 code=0x7ffc0000
[  411.031493][   T26] audit: type=1326 audit(2000000161.690:149): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7106 comm="syz.5.576" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f96ddb8f6c9 code=0x7ffc0000
[  411.040162][ T7107] EXT4-fs (loop5): mounted filesystem without journal. Quota mode: none.
[  411.077631][ T4273] EXT4-fs (loop0): unmounting filesystem.
[  411.118032][   T26] audit: type=1326 audit(2000000161.690:150): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7106 comm="syz.5.576" exe="/root/syz-executor" sig=0 arch=c000003e syscall=9 compat=0 ip=0x7f96ddb8f6c9 code=0x7ffc0000
[  411.235200][ T7107] ext4 filesystem being mounted at /63/mnt supports timestamps until 2038-01-19 (0x7fffffff)
[  411.372981][   T26] audit: type=1326 audit(2000000161.690:151): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7106 comm="syz.5.576" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f96ddb8f6c9 code=0x7ffc0000
[  413.034975][   T26] audit: type=1326 audit(2000000161.690:152): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7106 comm="syz.5.576" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f96ddb8f6c9 code=0x7ffc0000
[  413.648487][   T26] audit: type=1326 audit(2000000161.690:153): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7106 comm="syz.5.576" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7f96ddb8f6c9 code=0x7ffc0000
[  413.676418][ T5422] EXT4-fs (loop5): unmounting filesystem.
[  413.730094][ T7130] netlink: 'syz.1.580': attribute type 4 has an invalid length.
[  413.852155][   T26] audit: type=1326 audit(2000000161.690:154): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7106 comm="syz.5.576" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f96ddb8f6c9 code=0x7ffc0000
[  414.002998][   T26] audit: type=1326 audit(2000000161.690:155): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7106 comm="syz.5.576" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f96ddb8f6c9 code=0x7ffc0000
[  414.135994][   T26] audit: type=1326 audit(2000000161.690:156): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7106 comm="syz.5.576" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7f96ddb8f6c9 code=0x7ffc0000
[  415.364601][ T4284] Bluetooth: hci5: command 0x0405 tx timeout
[  416.374997][ T7144] netlink: 4 bytes leftover after parsing attributes in process `syz.4.582'.
[  420.451562][ T4284] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1
[  420.546713][ T7170] loop0: detected capacity change from 0 to 512
[  420.561649][ T7170] EXT4-fs: Ignoring removed nobh option
[  420.651445][ T4284] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9
[  420.661618][ T4286] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9
[  420.678044][ T7170] EXT4-fs (loop0): feature flags set on rev 0 fs, running e2fsck is recommended
[  421.750798][ T7170] EXT4-fs: failed to create workqueue
[  421.756290][ T7170] EXT4-fs (loop0): mount failed
[  421.793383][ T4284] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4
[  421.801444][ T4284] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3
[  421.808907][ T4284] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2
[  423.378302][ T7159] netlink: 755 bytes leftover after parsing attributes in process `syz.5.587'.
[  423.536241][ T7163] wlan0 speed is unknown, defaulting to 1000
[  423.637159][ T7184] netlink: 104 bytes leftover after parsing attributes in process `syz.1.590'.
[  423.752263][ T4502] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  423.779556][ T4286] Bluetooth: hci4: Opcode 0x1003 failed: -110
[  423.999291][ T4286] Bluetooth: hci3: command 0x0409 tx timeout
[  425.000396][ T4502] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  425.021654][ T7199] netlink: 'syz.4.593': attribute type 4 has an invalid length.
[  425.180074][ T4502] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  426.183463][ T7173] Bluetooth: hci3: command 0x041b tx timeout
[  426.464155][ T4502] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  428.476493][ T7215] loop0: detected capacity change from 0 to 32768
[  428.483786][ T7215] (syz.0.599,7215,0):ocfs2_parse_options:1446 ERROR: Unrecognized mount option "p*/���suser_xattr" or missing value
[  428.496109][ T7215] (syz.0.599,7215,0):ocfs2_fill_super:1176 ERROR: status = -22
[  428.504868][ T7173] Bluetooth: hci3: command 0x040f tx timeout
[  428.599193][ T4401] I/O error, dev loop0, sector 32640 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2
[  428.978656][ T7226] xt_TCPMSS: Only works on TCP SYN packets
[  430.579245][ T7173] Bluetooth: hci3: command 0x0419 tx timeout
[  431.982749][ T7163] chnl_net:caif_netlink_parms(): no params data found
[  432.036377][ T7237] netlink: 4 bytes leftover after parsing attributes in process `syz.4.605'.
[  432.051153][ T7240] netlink: 'syz.1.606': attribute type 4 has an invalid length.
[  432.484450][ T7256] loop5: detected capacity change from 0 to 256
[  433.351641][ T7255] wlan0 speed is unknown, defaulting to 1000
[  433.427318][ T7163] bridge0: port 1(bridge_slave_0) entered blocking state
[  433.436850][ T7163] bridge0: port 1(bridge_slave_0) entered disabled state
[  433.465349][ T7163] device bridge_slave_0 entered promiscuous mode
[  433.476966][   T26] kauditd_printk_skb: 35 callbacks suppressed
[  433.476982][   T26] audit: type=1326 audit(2000000017.030:192): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7252 comm="syz.0.616" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb19d58f6c9 code=0x7ffc0000
[  433.517148][ T4401] I/O error, dev loop5, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2
[  433.530502][ T7253] loop0: detected capacity change from 0 to 128
[  434.065014][ T7253] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: none.
[  434.129538][ T7253] ext4 filesystem being mounted at /128/mnt supports timestamps until 2038-01-19 (0x7fffffff)
[  434.166970][ T7269] loop4: detected capacity change from 0 to 64
[  434.180275][   T26] audit: type=1326 audit(2000000017.070:193): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7252 comm="syz.0.616" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb19d58f6c9 code=0x7ffc0000
[  434.217984][ T7163] bridge0: port 2(bridge_slave_1) entered blocking state
[  434.234361][ T7163] bridge0: port 2(bridge_slave_1) entered disabled state
[  434.257880][ T7269] hfs: found bad thread record in catalog
[  434.266548][ T7163] device bridge_slave_1 entered promiscuous mode
[  434.313242][ T7269] hfs: get root inode failed
[  434.323038][   T26] audit: type=1326 audit(2000000017.070:194): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7252 comm="syz.0.616" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7fb19d58f6c9 code=0x7ffc0000
[  434.480988][   T26] audit: type=1326 audit(2000000017.070:195): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7252 comm="syz.0.616" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb19d58f6c9 code=0x7ffc0000
[  434.506120][   T26] audit: type=1326 audit(2000000017.070:196): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7252 comm="syz.0.616" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb19d58f6c9 code=0x7ffc0000
[  434.546411][   T26] audit: type=1326 audit(2000000017.070:197): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7252 comm="syz.0.616" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7fb19d58f6c9 code=0x7ffc0000
[  434.580817][ T4273] EXT4-fs (loop0): unmounting filesystem.
[  434.592908][   T26] audit: type=1326 audit(2000000017.070:198): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7252 comm="syz.0.616" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb19d58f6c9 code=0x7ffc0000
[  435.410419][   T26] audit: type=1326 audit(2000000017.070:199): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7252 comm="syz.0.616" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb19d58f6c9 code=0x7ffc0000
[  435.670864][   T26] audit: type=1326 audit(2000000017.070:200): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7252 comm="syz.0.616" exe="/root/syz-executor" sig=0 arch=c000003e syscall=9 compat=0 ip=0x7fb19d58f6c9 code=0x7ffc0000
[  435.693683][   T26] audit: type=1326 audit(2000000017.070:201): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7252 comm="syz.0.616" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb19d58f6c9 code=0x7ffc0000
[  435.841299][ T7163] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  435.855426][ T7163] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  436.724035][ T4502] bridge0: port 3(gretap0) entered disabled state
[  437.134797][ T4502] device gretap0 left promiscuous mode
[  437.237303][ T4502] bridge0: port 3(gretap0) entered disabled state
[  437.690354][ T7297] comedi comedi0: Minor 3 specified more than once!
[  439.061378][ T7163] team0: Port device team_slave_0 added
[  439.091647][ T7163] team0: Port device team_slave_1 added
[  439.125825][ T7302] loop0: detected capacity change from 0 to 1024
[  439.164798][ T7302] EXT4-fs: Ignoring removed nobh option
[  439.201069][ T7302] EXT4-fs: inline encryption not supported
[  439.225051][ T7302] ext4: Unknown parameter 'appraise_type'
[  439.411065][ T7303] netlink: 'syz.1.619': attribute type 4 has an invalid length.
[  440.265026][ T7163] batman_adv: batadv0: Adding interface: batadv_slave_0
[  440.372457][ T1276] ieee802154 phy0 wpan0: encryption failed: -22
[  440.380565][ T1276] ieee802154 phy1 wpan1: encryption failed: -22
[  440.406112][ T7163] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  440.511626][ T7163] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  440.552572][ T7308] netlink: 'syz.5.620': attribute type 4 has an invalid length.
[  441.704082][ T7311] netlink: 'syz.5.620': attribute type 4 has an invalid length.
[  441.761235][ T7163] batman_adv: batadv0: Adding interface: batadv_slave_1
[  441.889503][ T7163] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  441.915468][    C1] vkms_vblank_simulate: vblank timer overrun
[  441.951830][ T7163] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  442.253339][ T7163] device hsr_slave_0 entered promiscuous mode
[  442.267815][ T7163] device hsr_slave_1 entered promiscuous mode
[  442.275438][ T7163] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  442.290108][ T7163] Cannot create hsr debugfs directory
[  442.295789][ T5204] wlan0 speed is unknown, defaulting to 1000
[  442.312507][ T5204] ==================================================================
[  442.320636][ T5204] BUG: KASAN: use-after-free in siw_query_port+0x358/0x450
[  442.327868][ T5204] Read of size 4 at addr ffff8880545cc0e0 by task kworker/1:8/5204
[  442.335789][ T5204] 
[  442.338135][ T5204] CPU: 1 PID: 5204 Comm: kworker/1:8 Not tainted syzkaller #0
[  442.345617][ T5204] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[  442.355703][ T5204] Workqueue: infiniband ib_cache_event_task
[  442.361640][ T5204] Call Trace:
[  442.364947][ T5204]  <TASK>
[  442.367923][ T5204]  dump_stack_lvl+0x168/0x22e
[  442.372636][ T5204]  ? __lock_acquire+0x7c50/0x7c50
[  442.377704][ T5204]  ? show_regs_print_info+0x12/0x12
[  442.382947][ T5204]  ? load_image+0x3b0/0x3b0
[  442.387499][ T5204]  ? __virt_addr_valid+0x465/0x540
[  442.392666][ T5204]  ? siw_query_port+0x358/0x450
[  442.397557][ T5204]  print_report+0xa8/0x210
[  442.402000][ T5204]  kasan_report+0x10b/0x140
[  442.406557][ T5204]  ? siw_query_port+0x358/0x450
[  442.411449][ T5204]  siw_query_port+0x358/0x450
[  442.416168][ T5204]  ib_cache_update+0x1bb/0x980
[  442.420979][ T5204]  ? ib_cache_setup_one+0x5d0/0x5d0
[  442.426221][ T5204]  ? lockdep_hardirqs_on_prepare+0x3fc/0x760
[  442.432344][ T5204]  ? read_lock_is_recursive+0x10/0x10
[  442.437771][ T5204]  ? _raw_spin_unlock_irqrestore+0xaa/0x100
[  442.443721][ T5204]  ? _raw_spin_unlock+0x40/0x40
[  442.448641][ T5204]  ib_cache_event_task+0xd4/0x1c0
[  442.453716][ T5204]  ? process_one_work+0x7a1/0x1160
[  442.458868][ T5204]  process_one_work+0x898/0x1160
[  442.463858][ T5204]  ? worker_detach_from_pool+0x240/0x240
[  442.469544][ T5204]  ? _raw_spin_lock_irq+0xab/0xe0
[  442.474620][ T5204]  ? _raw_spin_lock_irqsave+0xf0/0xf0
[  442.480041][ T5204]  ? kthread_data+0x4b/0xc0
[  442.484590][ T5204]  worker_thread+0xaa2/0x1250
[  442.489310][ T5204]  ? _raw_spin_unlock_irqrestore+0xa5/0x100
[  442.495257][ T5204]  ? __kthread_parkme+0x162/0x1c0
[  442.500340][ T5204]  kthread+0x29d/0x330
[  442.504445][ T5204]  ? worker_clr_flags+0x1a0/0x1a0
[  442.509501][ T5204]  ? kthread_blkcg+0xd0/0xd0
[  442.514138][ T5204]  ret_from_fork+0x1f/0x30
[  442.518596][ T5204]  </TASK>
[  442.521637][ T5204] 
[  442.523983][ T5204] The buggy address belongs to the physical page:
[  442.530427][ T5204] page:ffffea0001517300 refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x545cc
[  442.540605][ T5204] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff)
[  442.547767][ T5204] raw: 00fff00000000000 ffffea00014f6708 ffff8880b8f412f0 0000000000000000
[  442.556388][ T5204] raw: 0000000000000000 0000000000000000 00000000ffffffff 0000000000000000
[  442.564994][ T5204] page dumped because: kasan: bad access detected
[  442.571446][ T5204] page_owner tracks the page as freed
[  442.576844][ T5204] page last allocated via order 2, migratetype Unmovable, gfp_mask 0x446dc0(GFP_KERNEL_ACCOUNT|__GFP_NOWARN|__GFP_RETRY_MAYFAIL|__GFP_COMP|__GFP_ZERO), pid 4280, tgid 4280 (syz-executor), ts 82863481012, free_ts 442309822912
[  442.598501][ T5204]  post_alloc_hook+0x173/0x1a0
[  442.603305][ T5204]  get_page_from_freelist+0x1a26/0x1ac0
[  442.608889][ T5204]  __alloc_pages+0x1df/0x4e0
[  442.613512][ T5204]  __kmalloc_large_node+0x8c/0x1e0
[  442.618666][ T5204]  __kmalloc_node+0x10e/0x240
[  442.623390][ T5204]  kvmalloc_node+0x6c/0x180
[  442.627931][ T5204]  alloc_netdev_mqs+0x84/0xf00
[  442.632732][ T5204]  ieee80211_if_add+0xc08/0x1590
[  442.637706][ T5204]  ieee80211_register_hw+0x2e39/0x39e0
[  442.643201][ T5204]  mac80211_hwsim_new_radio+0x28c2/0x4c40
[  442.648969][ T5204]  hwsim_new_radio_nl+0xafa/0xce0
[  442.654031][ T5204]  genl_family_rcv_msg_doit+0x22e/0x320
[  442.659629][ T5204]  genl_rcv_msg+0x5f2/0x780
[  442.664165][ T5204]  netlink_rcv_skb+0x1de/0x420
[  442.668959][ T5204]  genl_rcv+0x24/0x40
[  442.672974][ T5204]  netlink_unicast+0x74d/0x8d0
[  442.677764][ T5204] page last free stack trace:
[  442.682459][ T5204]  free_unref_page_prepare+0x8b4/0x9a0
[  442.687955][ T5204]  free_unref_page+0x2e/0x3f0
[  442.692668][ T5204]  free_large_kmalloc+0xfd/0x190
[  442.697640][ T5204]  device_release+0x92/0x1c0
[  442.702258][ T5204]  kobject_put+0x21d/0x460
[  442.706709][ T5204]  netdev_run_todo+0xc8f/0xd80
[  442.711517][ T5204]  ieee80211_unregister_hw+0xfc/0x290
[  442.716915][ T5204]  mac80211_hwsim_del_radio+0x270/0x450
[  442.722481][ T5204]  hwsim_exit_net+0x581/0x640
[  442.727183][ T5204]  cleanup_net+0x6f0/0xb80
[  442.731623][ T5204]  process_one_work+0x898/0x1160
[  442.736575][ T5204]  worker_thread+0xaa2/0x1250
[  442.741269][ T5204]  kthread+0x29d/0x330
[  442.745368][ T5204]  ret_from_fork+0x1f/0x30
[  442.749807][ T5204] 
[  442.752140][ T5204] Memory state around the buggy address:
[  442.757783][ T5204]  ffff8880545cbf80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[  442.765868][ T5204]  ffff8880545cc000: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[  442.773949][ T5204] >ffff8880545cc080: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[  442.782027][ T5204]                                                        ^
[  442.789248][ T5204]  ffff8880545cc100: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[  442.797331][ T5204]  ffff8880545cc180: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[  442.805409][ T5204] ==================================================================
[  442.813530][    C1] vkms_vblank_simulate: vblank timer overrun
[  442.834729][ T5204] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[  442.841981][ T5204] CPU: 1 PID: 5204 Comm: kworker/1:8 Not tainted syzkaller #0
[  442.849472][ T5204] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[  442.859559][ T5204] Workqueue: infiniband ib_cache_event_task
[  442.865577][ T5204] Call Trace:
[  442.868961][ T5204]  <TASK>
[  442.871908][ T5204]  dump_stack_lvl+0x168/0x22e
[  442.876613][ T5204]  ? memcpy+0x3c/0x60
[  442.880629][ T5204]  ? show_regs_print_info+0x12/0x12
[  442.885865][ T5204]  ? load_image+0x3b0/0x3b0
[  442.890418][ T5204]  panic+0x2c9/0x710
[  442.894346][ T5204]  ? bpf_jit_dump+0xd0/0xd0
[  442.898883][ T5204]  ? _raw_spin_unlock_irqrestore+0xf6/0x100
[  442.904815][ T5204]  ? _raw_spin_unlock+0x40/0x40
[  442.909705][ T5204]  ? print_memory_metadata+0x314/0x400
[  442.915193][ T5204]  check_panic_on_warn+0x80/0xa0
[  442.920243][ T5204]  ? siw_query_port+0x358/0x450
[  442.925118][ T5204]  end_report+0x66/0x110
[  442.929391][ T5204]  kasan_report+0x118/0x140
[  442.933923][ T5204]  ? siw_query_port+0x358/0x450
[  442.938801][ T5204]  siw_query_port+0x358/0x450
[  442.943502][ T5204]  ib_cache_update+0x1bb/0x980
[  442.948280][ T5204]  ? ib_cache_setup_one+0x5d0/0x5d0
[  442.953487][ T5204]  ? lockdep_hardirqs_on_prepare+0x3fc/0x760
[  442.959477][ T5204]  ? read_lock_is_recursive+0x10/0x10
[  442.964857][ T5204]  ? _raw_spin_unlock_irqrestore+0xaa/0x100
[  442.970785][ T5204]  ? _raw_spin_unlock+0x40/0x40
[  442.975651][ T5204]  ib_cache_event_task+0xd4/0x1c0
[  442.980701][ T5204]  ? process_one_work+0x7a1/0x1160
[  442.985818][ T5204]  process_one_work+0x898/0x1160
[  442.990767][ T5204]  ? worker_detach_from_pool+0x240/0x240
[  442.996406][ T5204]  ? _raw_spin_lock_irq+0xab/0xe0
[  443.001443][ T5204]  ? _raw_spin_lock_irqsave+0xf0/0xf0
[  443.006839][ T5204]  ? kthread_data+0x4b/0xc0
[  443.011359][ T5204]  worker_thread+0xaa2/0x1250
[  443.016053][ T5204]  ? _raw_spin_unlock_irqrestore+0xa5/0x100
[  443.021960][ T5204]  ? __kthread_parkme+0x162/0x1c0
[  443.026996][ T5204]  kthread+0x29d/0x330
[  443.031080][ T5204]  ? worker_clr_flags+0x1a0/0x1a0
[  443.036113][ T5204]  ? kthread_blkcg+0xd0/0xd0
[  443.040720][ T5204]  ret_from_fork+0x1f/0x30
[  443.045157][ T5204]  </TASK>
[  443.048549][ T5204] Kernel Offset: disabled
[  443.052884][ T5204] Rebooting in 86400 seconds..