last executing test programs:

5.025316563s ago: executing program 0 (id=1):
madvise(&(0x7f0000000000/0x800000)=nil, 0x800000, 0xe)
r0 = syz_open_procfs(0x0, &(0x7f0000000240)='clear_refs\x00')
r1 = userfaultfd(0x801)
ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f00000001c0))
ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000000080)={{&(0x7f00000e2000/0xc00000)=nil, 0xc00000}, 0x2})
ioctl$UFFDIO_COPY(r1, 0xc028aa03, &(0x7f0000000000)={&(0x7f00002b9000/0x400000)=nil, &(0x7f0000779000/0x1000)=nil, 0x400000, 0x3, 0x2})
writev(r0, &(0x7f0000000200)=[{&(0x7f00000004c0)='4', 0x1}], 0x1)

4.001955232s ago: executing program 0 (id=6):
mkdir(&(0x7f0000000000)='./file1\x00', 0x0)
mount$fuse(0x0, 0x0, 0x0, 0x0, &(0x7f0000000400)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=0x0])
mount(0x0, &(0x7f0000000380)='./file1\x00', &(0x7f0000000040)='autofs\x00', 0x0, &(0x7f0000000400))
r0 = openat$autofs(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0)
r1 = open(&(0x7f0000000180)='./file1\x00', 0x0, 0x0)
mount(0x0, &(0x7f0000000440)='./file1\x00', &(0x7f0000000000)='tmpfs\x00', 0x0, 0x0)
ioctl$AUTOFS_DEV_IOCTL_ASKUMOUNT(r0, 0xc018937d, &(0x7f0000000680)={{0x1, 0x1, 0x18, r1}, './file0\x00'})

3.884219843s ago: executing program 2 (id=3):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = dup(r1)
r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r3, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000100)=[@textreal={0x8, &(0x7f0000000240)="f30fc7b60050360f000d0fc77af9f1440f20c066350e000000440f22c0f23e0f22e6baf80c66b86ce20a8a66efbafc0c66b80070000066ef360f22060f235d64660f38816500", 0x46}], 0x1, 0x54, 0x0, 0x0)
syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000200)=[@text64={0x40, 0x0}], 0x1, 0x0, 0x0, 0x0)
ioctl$KVM_RUN(r3, 0xae80, 0x0)

3.625660933s ago: executing program 1 (id=2):
mkdir(&(0x7f0000000300)='./file1\x00', 0x0)
mount$fuse(0x0, 0x0, 0x0, 0x0, &(0x7f0000000400)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=0x0])
mount(0x0, &(0x7f0000000380)='./file1\x00', &(0x7f0000000040)='autofs\x00', 0x0, &(0x7f0000000400))
chdir(&(0x7f0000000080)='./file1\x00')
symlink(&(0x7f00000049c0)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', &(0x7f00000059c0)='./file0\x00')
r0 = openat$autofs(0xffffffffffffff9c, &(0x7f00000003c0), 0x0, 0x0)
ioctl$AUTOFS_DEV_IOCTL_ISMOUNTPOINT(r0, 0xc0189374, &(0x7f0000000240)={{0x1, 0x1, 0x1018, 0xffffffffffffffff, {0x2}}, './file0\x00'})

3.478493289s ago: executing program 3 (id=4):
r0 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
r1 = syz_open_procfs(0x0, &(0x7f00000000c0)='task\x00')
fchdir(r1)
mount(0x0, &(0x7f0000000080)='.\x00', &(0x7f0000000000)='proc\x00', 0x0, 0x0)
r2 = syz_open_procfs(r0, &(0x7f0000000040)='coredump_filter\x00')
syz_usb_disconnect(0xffffffffffffffff)
write$sysctl(r2, &(0x7f0000000100)='0\x00', 0x2)

3.146052699s ago: executing program 0 (id=7):
syz_mount_image$vfat(&(0x7f0000000400), &(0x7f0000000100)='./file0\x00', 0x1000000, &(0x7f0000000000)=ANY=[@ANYBLOB="6e6f6e756d7461696c2c6e66732c73686f72746e616d653d6c6f7765722c757466383d312c64656275672c696f636861727365743d757466382c73686f72746e616d653d6d697865642c757466383d312c004845160000000000"], 0x1, 0x2bb, &(0x7f0000000440)="$eJzs3UFrE1sYxvGnTW+TprTJhcuFe0E96EY3oY0fQIO0IAaU2hR1IUztREPGpMyESkRsNuLWD+Gq6M6doC7ddCNu3LsrguCmC3HETNImbVrTNklj+/9BmTd5z8OcttPyptDJ2o1n9/NZL5G1ShqMGA1KFa1L8V9VzUDtOFith9WoonOj3z6duH7z1pVUOj01Y8x0avZ80hgzfurNg0cvTr8rjc69Gn8d1mr89trX5OfVf1f/W/sxey/nmZxnCsWSscx8sViy5h3bLOS8fMKYa45tebbJFTzbbepnneLiYtlYhYWx6KJre56xCmWTt8umVDQlt2ysu1auYBKJhBmL6ngbamNNZmVmxkrt2PZDHd0Rum6k1ZOum6q0bmZWerAnAADQZ3af/4NZf+f5Pz0XHNua/18+l9qb/6VOzv8DPf2C9rlK06PfzP84Elw3ZUVrP7/NmP8BAAAAAAAAAAAAAAAAAAAAAPgTrPt+zPf9WP1Y/whLikiqPz7sfaI79vn9v3BI20WHNfzjXkRyni5lljLBMeinssrJka0JxfS9ej3UBPX05fTUhKmK662zXMsvL2VCCtfzdfFW+ZN/TwZ505z/S9HG8ycV0z+tz59smR/W2TMN+YRi+nBHRTlaqF7Xm/nHk8Zcuprekh+prgMAAAAA4ChImA3bXr9X+9UFEW3vB/k9/H1gy+vrIf3fzi0qAQAAAADAgXnlh3nLcWx3H0VY0gHieyj8ga6fonNFSH2xjS3FRUl9sI1eFRFJwTNmP/EvG/G2Un4ba4YkHfTzivTw0jrs30wAAAAAOm1z6N9D6OOTLu4IAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIDjp937gdXXb2vVG7vEG04X0vuNtwcAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAjp2fAQAA//91iCZA")
r0 = open(&(0x7f00000005c0)='./bus\x00', 0x64842, 0x0)
r1 = open(&(0x7f0000000180)='./bus\x00', 0x14927e, 0x0)
ftruncate(r0, 0x296c)
write$cgroup_freezer_state(r0, &(0x7f0000000040)='FROZEN\x00', 0x7)
mmap(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x27fffff, 0x4002011, r1, 0x0)
write$eventfd(r0, &(0x7f0000000240)=0x7de, 0x8)

2.882045762s ago: executing program 2 (id=8):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0xb, 0x7, 0x8, 0x8, 0x5, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000100000000000000fe0018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000a40)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, &(0x7f0000000740)=[{0x5}], 0x10, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000300)={&(0x7f0000000000)='kfree\x00', r1}, 0x10)
bpf$PROG_LOAD(0x2, &(0x7f0000000680)={0x3, 0x3, &(0x7f0000000740)=ANY=[], &(0x7f0000000780)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sched_cls, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
r2 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
bpf$MAP_LOOKUP_ELEM(0x4, &(0x7f0000000500)={r2, 0x0, 0x0}, 0x20)

2.805977966s ago: executing program 1 (id=9):
r0 = userfaultfd(0x80001)
ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f00000000c0))
ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000000080)={{&(0x7f00000e2000/0xc00000)=nil, 0xc00000}, 0x2})
r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000140)={0x18, 0x5, &(0x7f0000000200)=ANY=[@ANYBLOB="180000000000000000000000000000009700c0fffcffffffd50000000000000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x100, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='tlb_flush\x00', r1}, 0x10)
ioctl$UFFDIO_COPY(r0, 0xc028aa03, &(0x7f0000000000)={&(0x7f000067d000/0x2000)=nil, &(0x7f000053d000/0x1000)=nil, 0x2000})
ioctl$UFFDIO_COPY(r0, 0xc028aa05, &(0x7f0000000180)={&(0x7f00002b9000/0x400000)=nil, &(0x7f00003ab000/0x2000)=nil, 0x400000, 0x2, 0x2})

2.174611572s ago: executing program 0 (id=10):
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b7030000dd"], 0x0, 0x7ff, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
r0 = socket$kcm(0x2b, 0x1, 0x0)
close(r0)
r1 = socket$kcm(0x2, 0x1000000000000005, 0x0)
sendmsg$inet(r1, &(0x7f0000007940)={&(0x7f0000000100)={0x2, 0x0, @rand_addr=0x20}, 0x140, &(0x7f0000000140)=[{&(0x7f0000000380), 0xff7a}], 0x1, &(0x7f0000007880)=[@ip_tos_u8={{0x11, 0x34000, 0x11}}, @ip_pktinfo={{0x1c, 0xfd000f00, 0x7ffff, {0x0, @remote, @multicast1}}}, @ip_pktinfo={{0x1c, 0x28f0700, 0xc, {0x0, @empty=0xa0050000}}}, @ip_retopts={{0x24, 0x84, 0x7, {[@ra={0x94, 0x4}, @timestamp={0x44, 0x10, 0x0, 0x0, 0x0, [0x0, 0x0, 0x0]}]}}}, @ip_tos_u8={{0x11, 0x16010000}}], 0x98}, 0x4dc)
setsockopt$sock_attach_bpf(r0, 0x1, 0xd, &(0x7f00000001c0), 0x45)
close(r0)

2.155147041s ago: executing program 2 (id=11):
syz_mount_image$udf(&(0x7f0000000040), &(0x7f0000000000)='./file1\x00', 0x2000040, &(0x7f0000000500)=ANY=[], 0xfe, 0xc2d, &(0x7f0000000f40)="$eJzs3U9sHNd9B/DfGy3FldxWTOwoThoXm7ZIZcVy9S+mYhXuqqbZBpBlIhRzC8AVSakLUyRBUo1spAXTSw89BCiKHnIi0BoFUjQwmiLokWldILn4UOTUE9HCRlD0wBYBcgoYzOxbcUmRNi2KEmV9Pjb13Z19b+a9eesZWdCbFwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABAxB+8cun0mfSwWwEAPEhXRr96+qz7PwA8Vq76/38AAAAAAAAAAAAAADjoUhTxZKSYu7KWxqv3HfXL7b5bt8eGhrevdiRVNQ9V5cuf+pmz585/6YXBC9283J75gPr322fjtdGrlxovz96cm59aWJiabIzNtCdmJ6d2vYe91t/qZHUCGjdfvzV5/fpC4+zz5zZ9fHvg/f4njg9cHHz21DPdsmNDw8OjG0XqveVr99yQjp1meByOIk5Fiue+99PUiogi9n4u6g927Lc6UnXiZNWJsaHhqiPT7dbMYvnhSPdEFBGNnkrN7jnafiyi1vdA+7CzZsRS2fyywSfL7o3OteZb16anGiOt+cX2Ynt2ZiR1Wlv2pxFFXEgRyxGx2n/37vqiiFqk+M6xtXQtIg51z8MXq4nBO7ej2Mc+7kLZzkZfxHLxCIzZAdYfRbwaKX72zomYyNeZ6lrzhYhXy/xBxFtlvhSRyi/G+Yj3tvke8WiqRRF/WY7/xbU0WV0PuteVy19rfGXm+mxP2e515SPeH+66Ujyk+8ORLflgHPBrUz2KaFVX/LV077/ZAQAAAAAAAAAAAAAAAOB+OxJFfCZSvPIff1LNK45qXvqxi4N/OPCrvXPGn/6Q/ZRln4+IpWJ3c3IP54mBI2kkpYc8l/hxVo8i/jTP//vWw24MAAAAAAAAAAAAAAAAAADAY62In0SKF989kZajd03x9syNxtXWtenOqrDdtX+7a6avr6+vN1InmznHcy7lXM65knM1ZxS5fs5mzvGcSzmXc67kXM0Zh3L9nM2c4zmXci7nXMm5mjNquX7OZs7xnEs5l3Ou5FzNGQdk7V4AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgI+TIor4RaT49jfWUqSIaEaMRydX+h926wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACAUn8q4vuRovFHzTvbahGRqn87TpS/nI/m4TI/Gc3BMl+K5qWcrSprzW89hPazN32piB9Hiv7623cGPI9/X+fdna9BvPXNjXefrXXyUPfDgff7nzh+7OLg8G88vdPrtF0DTl5uz9y63RgbGh4e7dlcy0f/ZM+2gXzc4v50nYhYeOPN11vT01Pz9/6i/Arsofoj9CLVHpeeelG9iNqBaMbD6TuPgfL+/16k+N13/7N7w+/c/+vxK513d+7w8fM/27j/v7h1R7u8/9e21sv3//Kevt39/8mebS/m34301SLqizfn+o5H1BfeePNU+2brxtSNqZnzp09/eXDwy+dO9x2OqF9vT0/1vLovpwsAAAAAAAAAAAAAAADgwUlF/H6kaP14LTUi4nY1X2vg4uCzp545FIeq+Vab5m2/Nnr1UuPl2Ztz81MLC1OTjbGZ9sTs5NRuD1evpnuNDQ3vS2c+1JF9bv+R+suzc2/Mt2/88eK2nx+tX7q2sDjfmtj+4zgSRUSzd8vJqsFjQ8NVo6fbrZmq6si2k+k/ur5UxH9FionzjfT5vC3P/986w3/T/P+lrTvap/n/n+jZVh4zpSJ+Hil+56+ejs9X7Twad52zXO7vIsXJC5/L5eJwWa7bhs5zBTozA8uy/xcp/ukXm8t250M+uVH2zK5P7COiHP9jkeL7f/Hd+M28bfPzH7Yf/6Nbd7RP4/9Uz7ajm55XsOeuk8f/VKR46cm347fytg96/kf32RsncuE7z+fYp/H/VM+2gXzc374/XQcAAAAAAAAAAHik9aUi/j5S/HC4ll7I23bz9/8mt+5on/7+16d7tk3en/WKPvTFnk8qAAAAABwQfamIn0SKG4tv35lDvXn+d8/8z9/bmP85lLZ8Wv05369Vzw24n3/+12sgH3d8790GAAAAAAAAAAAAAAAAAACAAyWlIl7I66mPV/P5J3dcT30lUrzyP8/lcul4Wa67DvxA9Wv9yuzMqUvT07MTrcXWtempxuhca2KqrPtUpFj728/lukW1vnp3vfnOGu8ba7HPR4rhf+iW7azF3l2b/KmNsmfKsp+IFP/9j5vLdtex/tRG2bNl2b+JFF//l+3LHt8oe64s+91I8aOvN7plj5Zlu89H/fRG2ecnZot9GBUAAAAAAAAAAAAAAAAAAAAeN32piD+PFP97c/nOXP68/n9fz9vKW9/sWe9/i9vVOv8D1fr/O72+l/X/q+cKLO10VAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA+HhKUcSbkWLuylpa6S/fd9Qvt2du3R4bGt6+2pFU1TxUlS9/6mfOnjv/pRcGL3Tzg+vfb5+J10avXmq8PHtzbn5qYWFqsjE2056YnZza9R72Wn+rk9UJaNx8/dbk9esLjbPPn9v08e2B9/ufOD5wcfDZU890y44NDQ+P9pSp9d3z0e+Sdth+OIr460jx3Pd+mn7YH1HE3s/Fh3x39tuRqhMnq06MDQ1XHZlut2YWyw9HuieiiGj0VGp2z9EDGIs9aUYslc0vG3yy7N7oXGu+dW16qjHSml9sL7ZnZ0ZSp7VlfxpRxIUUsRwRq/13764ving9Unzn2Fr61/6IQ93z8MUro189fXbndhT72MddKNvZ6ItYLh6BMTvA+qOIf44UP3vnRPxbf0QtOj/xhYhXy/xBxFvRGe9UfjHOR7y3zfeIR1Mtivj/cvwvrqV3+svrQfe6cvlrja/MXJ/tKdu9rjzy94cH6YBfm+pRxI+qK/5a+nf/XQMAAAAAAAAAAAAAAAAcIEX8eqR48d0TqZoffGdOcXvmRuNq69p0Z1pfd+5fd870+vr6eiN1splzPOdSzuWcKzlXc0aR6+dslllfXx/P75dyLudcybmaMw7l+jmbOcdzLuVczrmSczVn1HL9nM2c4zmXci7nXMm5mjMOyNw9AAAAAAAAAAAAAAAAAADg46Wo/knx7W+spfX+zvrS49HJFeuBfuz9MgAA//8hX/ir")
creat(&(0x7f0000000e00)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x0)
creat(&(0x7f0000000000)='./bus\x00', 0x0)
mount(&(0x7f0000000380)=@loop={'/dev/loop', 0x0}, &(0x7f0000000140)='./bus\x00', 0x0, 0x1000, 0x0)
r0 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0)
ioctl$LOOP_SET_STATUS64(r0, 0x4c04, &(0x7f0000000540)={0x0, 0x0, 0x0, 0x0, 0x171c, 0x0, 0x0, 0x0, 0x8, "ef359f413bb93852f7d6d1ce5d29c3ee5e5ca9000f7c41499dc2aac63a4b78c660e677df701908b9aaa3f6a00400", "036c47c6780820d1cbf7896de1fdcf335263bdbcef549ba197fce47ddfdd753abd9501ce721b6ae9b49600002a00", "b7326736181c208220000000b9000010000000000000f0ffefffff5aff000001"})
rename(&(0x7f0000000c80)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', &(0x7f0000000b80)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00')

1.945222121s ago: executing program 1 (id=12):
r0 = syz_open_dev$sndctrl(&(0x7f0000000000), 0x0, 0x0)
ioctl$SNDRV_CTL_IOCTL_SUBSCRIBE_EVENTS(r0, 0xc0045516, &(0x7f0000000b00)=0x6)
io_setup(0x7, &(0x7f0000000280)=<r1=>0x0)
io_submit(r1, 0x1, &(0x7f0000000080)=[&(0x7f0000000000)={0x0, 0x0, 0x0, 0x5, 0x0, r0, 0x0}])
r2 = syz_open_dev$sndctrl(&(0x7f0000000000), 0x0, 0x0)
ioctl$SNDRV_CTL_IOCTL_ELEM_WRITE(r2, 0xc4c85513, &(0x7f0000000540)={{0x1, 0x0, 0x0, 0x0, 'syz0\x00'}, 0x0, [0xfffffffffffffe00]})
ioctl$SNDRV_CTL_IOCTL_ELEM_WRITE(r2, 0xc4c85513, &(0x7f0000000040)={{0x1, 0x0, 0x0, 0x0, 'syz0\x00'}})

1.734079243s ago: executing program 3 (id=13):
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000001c40)={0x0, 0x3, &(0x7f0000001300)=ANY=[@ANYBLOB="1800000001000000000000000000000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90)
r0 = openat(0xffffffffffffff9c, &(0x7f0000000200)='./cgroup\x00', 0x0, 0x0)
r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000001c40)={0x8, 0x3, &(0x7f0000001300)=ANY=[], &(0x7f0000000240)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90)
bpf$BPF_LINK_CREATE(0x1c, &(0x7f0000000180)={r1, r0, 0x16, 0x0, @val=@tcx={@void, @value}}, 0x40)
r2 = socket$vsock_stream(0x28, 0x1, 0x0)
connect$vsock_stream(r2, &(0x7f0000000000)={0x28, 0x0, 0x0, @hyper}, 0x10)
setsockopt$sock_int(r2, 0x1, 0x3c, &(0x7f0000000040), 0x4)

1.628102921s ago: executing program 4 (id=5):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f00000002c0)=ANY=[@ANYBLOB="180000001800ff0f0000000000000000850000006d000000850000000800000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x80)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000080)='sched_switch\x00', r0}, 0x10)
r1 = epoll_create1(0x0)
r2 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000040)='/sys/power/wakeup_count', 0x0, 0x0)
epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, r2, &(0x7f00000000c0)={0xe000001a})
read$char_usb(r2, &(0x7f0000001980)=""/179, 0xb3)
epoll_ctl$EPOLL_CTL_MOD(r1, 0x3, r2, &(0x7f0000000000))

1.292329637s ago: executing program 0 (id=14):
r0 = open(&(0x7f0000000280)='.\x00', 0x0, 0x0)
fcntl$notify(r0, 0x402, 0x8000003d)
r1 = open(&(0x7f0000000000)='.\x00', 0x0, 0x0)
fcntl$notify(r1, 0x402, 0x34)
r2 = open(&(0x7f0000000280)='.\x00', 0x0, 0x0)
fcntl$notify(r2, 0x402, 0x36)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='memory.events\x00', 0x26e1, 0x0)

1.234631906s ago: executing program 1 (id=15):
r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000de0000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000007200000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000100)={&(0x7f00000000c0)='netlink_extack\x00', r0}, 0x10)
pipe(0x0)
socket$netlink(0x10, 0x3, 0x0)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
r2 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000100), 0xffffffffffffffff)
sendmsg$TIPC_NL_KEY_SET(r1, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000280)=ANY=[@ANYBLOB='\\\x00\x00\x00', @ANYRES16=r2, @ANYBLOB="0100000000000000000017000000480006803c00040067aa01280200732900000000000000000000000000000000000000000000000014000000e3de3d7b4cd07ec3ee777de774fc7987cca41989080006"], 0x5c}}, 0x0)

1.096152276s ago: executing program 3 (id=16):
prlimit64(0x0, 0xe, &(0x7f0000000280)={0x7, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000000)={'\x00', 0x5})
ioctl$TUNSETPERSIST(r0, 0x400454c9, 0x1)
ioctl$TUNSETPERSIST(r0, 0x400454cb, 0x1)
ioctl$TUNSETPERSIST(r0, 0x400454cb, 0xffffdffffffffffd)

834.862744ms ago: executing program 4 (id=17):
mkdirat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000340)='./file1\x00', 0x0)
mkdir(&(0x7f0000000300)='./bus\x00', 0x0)
mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f0000000180)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@upperdir={'upperdir', 0x3d, './file1'}}, {@volatile}]})
chdir(&(0x7f0000000140)='./bus\x00')
r0 = creat(&(0x7f0000000040)='./bus\x00', 0x0)
fsync(r0)

553.823417ms ago: executing program 3 (id=18):
bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="18090000000000000000000000000000850000006d0000001801000020696c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000007100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, @void, @value}, 0x94)
r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='sched_switch\x00', r0}, 0x10)
io_setup(0x8, &(0x7f0000000000)=<r1=>0x0)
r2 = eventfd2(0x0, 0x80001)
io_submit(r1, 0x1, &(0x7f0000000300)=[&(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x0, r2, &(0x7f0000000280)="d1f7624a6b0e53c3", 0x8, 0x2}])
writev(r2, &(0x7f00000010c0)=[{&(0x7f0000000000)="894a2fca7a0d8541", 0x8}], 0x1)

458.64239ms ago: executing program 0 (id=19):
r0 = socket$inet_udp(0x2, 0x2, 0x0)
r1 = socket$key(0xf, 0x3, 0x2)
sendmsg$key(r1, &(0x7f0000000000)={0x40000000, 0x0, &(0x7f0000000040)={&(0x7f00000002c0)=ANY=[@ANYBLOB="0207a20802"], 0x10}}, 0x0)
bind$inet(r0, &(0x7f00000001c0)={0x2, 0x0, @local}, 0x10)
connect$inet(r0, &(0x7f0000000480)={0x2, 0x0, @multicast1}, 0x10)
setsockopt$inet_IP_XFRM_POLICY(r0, 0x0, 0x11, &(0x7f0000000080)={{{@in=@multicast2, @in6=@private0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0xee00}, {}, {}, 0x0, 0x0, 0x1}, {{@in, 0x10000, 0x32}, 0x0, @in=@multicast1, 0x0, 0x0, 0x0, 0xb7, 0x1fb, 0xffffffff}}, 0xe8)
sendmmsg(r0, &(0x7f0000000180), 0x400000000000077, 0x0)

321.093412ms ago: executing program 2 (id=20):
mmap(&(0x7f0000000000/0xe7e000)=nil, 0xe7e000, 0xfffffffffefffff6, 0x20031, 0xffffffffffffffff, 0x0)
r0 = userfaultfd(0x80001)
ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f0000000000))
ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000000040)={{&(0x7f0000439000/0x3000)=nil, 0x3000}, 0x4})
r1 = userfaultfd(0x80001)
ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000000000))
ioctl$UFFDIO_REGISTER(r1, 0x8010aa01, &(0x7f0000000140)={{&(0x7f00000e2000/0xc00000)=nil, 0xc00000}})

311.505275ms ago: executing program 1 (id=21):
ioctl$sock_SIOCSIFVLAN_ADD_VLAN_CMD(0xffffffffffffffff, 0x8983, &(0x7f0000000200)={0x0, 'pimreg0\x00', {0x3}, 0x43})
r0 = syz_io_uring_setup(0x24fa, &(0x7f0000000080)={0x0, 0x0, 0x10100}, &(0x7f0000000100)=<r1=>0x0, &(0x7f0000000140)=<r2=>0x0)
r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cpu.stat\x00', 0x275a, 0x0)
write$UHID_CREATE2(r3, &(0x7f00000001c0)=ANY=[], 0x118)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x5, 0x12, r3, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000040)=@IORING_OP_RECVMSG={0xa, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0})
io_uring_enter(r0, 0x2d3e, 0x0, 0x0, 0x0, 0x0)

0s ago: executing program 4 (id=22):
r0 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r0, &(0x7f0000000280)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb(cipher_null)\x00'}, 0x58)
r1 = accept4(r0, 0x0, 0x0, 0x0)
r2 = syz_io_uring_setup(0x1f87, &(0x7f0000000080)={0x0, 0x8444, 0x13580}, &(0x7f0000000100)=<r3=>0x0, &(0x7f0000000140)=<r4=>0x0)
sendmsg$IPCTNL_MSG_TIMEOUT_DEFAULT_GET(r1, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f00000001c0)={0x14, 0x4, 0x8, 0x401, 0x0, 0x0, {0x3}}, 0x14}, 0x1, 0x0, 0x0, 0x4000080}, 0x3400c844)
syz_io_uring_submit(r3, r4, &(0x7f0000000000)=@IORING_OP_RECV=@use_registered_buffer={0x1b, 0x20, 0x3, r1, 0x0, 0x0, 0x0, 0x2001, 0x1, {0x1}})
io_uring_enter(r2, 0xe85, 0x0, 0x0, 0x0, 0x0)

kernel console output (not intermixed with test programs):

Warning: Permanently added '10.128.1.117' (ED25519) to the list of known hosts.
[  171.741559][ T5785] cgroup: Unknown subsys name 'net'
[  171.912717][ T5785] cgroup: Unknown subsys name 'cpuset'
[  171.927125][ T5785] cgroup: Unknown subsys name 'rlimit'
Setting up swapspace version 1, size = 127995904 bytes
[  217.046580][ T5785] Adding 124996k swap on ./swap-file.  Priority:0 extents:1 across:124996k 
[  219.046344][ T1275] ieee802154 phy0 wpan0: encryption failed: -22
[  219.052963][ T1275] ieee802154 phy1 wpan1: encryption failed: -22
[  220.908685][ T5802] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[  220.917498][ T5802] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1
[  220.929754][ T5812] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1
[  220.938314][ T5812] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[  220.947931][ T5812] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1
[  220.957089][ T5812] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9
[  220.965356][ T5813] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9
[  220.974200][ T5813] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[  220.983395][ T5812] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9
[  220.995980][ T5817] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1
[  221.003221][ T5813] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9
[  221.009492][ T5817] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[  221.017024][ T5813] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4
[  221.018734][ T5817] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9
[  221.028641][ T5813] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3
[  221.037497][ T5817] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9
[  221.040718][ T5813] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2
[  221.047795][ T5817] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3
[  221.062598][ T5817] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9
[  221.070147][ T5813] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4
[  221.078897][ T5817] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[  221.080611][   T51] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4
[  221.093089][ T5817] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9
[  221.104421][ T5813] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4
[  221.104433][   T51] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3
[  221.109540][   T51] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2
[  221.123366][ T5813] Bluetooth: hci4: unexpected cc 0x0c25 length: 249 > 3
[  221.138089][ T5813] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2
[  221.160742][   T51] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3
[  221.194187][   T51] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2
[  222.287068][ T5809] chnl_net:caif_netlink_parms(): no params data found
[  222.803776][ T5807] chnl_net:caif_netlink_parms(): no params data found
[  222.962748][ T5815] chnl_net:caif_netlink_parms(): no params data found
[  223.134525][ T5810] Bluetooth: hci1: command tx timeout
[  223.205433][ T5810] Bluetooth: hci2: command tx timeout
[  223.205641][   T51] Bluetooth: hci4: command tx timeout
[  223.229696][ T5803] chnl_net:caif_netlink_parms(): no params data found
[  223.279156][   T51] Bluetooth: hci0: command tx timeout
[  223.287756][ T5809] bridge0: port 1(bridge_slave_0) entered blocking state
[  223.295655][ T5809] bridge0: port 1(bridge_slave_0) entered disabled state
[  223.303390][ T5809] bridge_slave_0: entered allmulticast mode
[  223.315451][ T5809] bridge_slave_0: entered promiscuous mode
[  223.363599][   T51] Bluetooth: hci3: command tx timeout
[  223.371496][ T5801] chnl_net:caif_netlink_parms(): no params data found
[  223.516462][ T5809] bridge0: port 2(bridge_slave_1) entered blocking state
[  223.524346][ T5809] bridge0: port 2(bridge_slave_1) entered disabled state
[  223.532265][ T5809] bridge_slave_1: entered allmulticast mode
[  223.541157][ T5809] bridge_slave_1: entered promiscuous mode
[  223.834087][ T5807] bridge0: port 1(bridge_slave_0) entered blocking state
[  223.841758][ T5807] bridge0: port 1(bridge_slave_0) entered disabled state
[  223.849713][ T5807] bridge_slave_0: entered allmulticast mode
[  223.858843][ T5807] bridge_slave_0: entered promiscuous mode
[  223.880040][ T5809] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  223.929003][ T5807] bridge0: port 2(bridge_slave_1) entered blocking state
[  223.936984][ T5807] bridge0: port 2(bridge_slave_1) entered disabled state
[  223.944901][ T5807] bridge_slave_1: entered allmulticast mode
[  223.953841][ T5807] bridge_slave_1: entered promiscuous mode
[  223.970955][ T5809] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  224.188110][ T5807] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  224.274406][ T5809] team0: Port device team_slave_0 added
[  224.292104][ T5807] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  224.336309][ T5815] bridge0: port 1(bridge_slave_0) entered blocking state
[  224.344164][ T5815] bridge0: port 1(bridge_slave_0) entered disabled state
[  224.351988][ T5815] bridge_slave_0: entered allmulticast mode
[  224.360950][ T5815] bridge_slave_0: entered promiscuous mode
[  224.383523][ T5809] team0: Port device team_slave_1 added
[  224.445169][ T5815] bridge0: port 2(bridge_slave_1) entered blocking state
[  224.452929][ T5815] bridge0: port 2(bridge_slave_1) entered disabled state
[  224.460593][ T5815] bridge_slave_1: entered allmulticast mode
[  224.469635][ T5815] bridge_slave_1: entered promiscuous mode
[  224.813183][ T5807] team0: Port device team_slave_0 added
[  224.821176][ T5801] bridge0: port 1(bridge_slave_0) entered blocking state
[  224.829427][ T5801] bridge0: port 1(bridge_slave_0) entered disabled state
[  224.838098][ T5801] bridge_slave_0: entered allmulticast mode
[  224.847028][ T5801] bridge_slave_0: entered promiscuous mode
[  224.865896][ T5815] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  224.875775][ T5801] bridge0: port 2(bridge_slave_1) entered blocking state
[  224.883747][ T5801] bridge0: port 2(bridge_slave_1) entered disabled state
[  224.891455][ T5801] bridge_slave_1: entered allmulticast mode
[  224.900503][ T5801] bridge_slave_1: entered promiscuous mode
[  224.910498][ T5803] bridge0: port 1(bridge_slave_0) entered blocking state
[  224.918442][ T5803] bridge0: port 1(bridge_slave_0) entered disabled state
[  224.926303][ T5803] bridge_slave_0: entered allmulticast mode
[  224.934875][ T5803] bridge_slave_0: entered promiscuous mode
[  224.948170][ T5809] batman_adv: batadv0: Adding interface: batadv_slave_0
[  224.955555][ T5809] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  224.982116][ T5809] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  225.000227][ T5807] team0: Port device team_slave_1 added
[  225.016920][ T5815] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  225.082569][ T5803] bridge0: port 2(bridge_slave_1) entered blocking state
[  225.090240][ T5803] bridge0: port 2(bridge_slave_1) entered disabled state
[  225.098130][ T5803] bridge_slave_1: entered allmulticast mode
[  225.108228][ T5803] bridge_slave_1: entered promiscuous mode
[  225.119020][ T5809] batman_adv: batadv0: Adding interface: batadv_slave_1
[  225.126361][ T5809] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  225.152832][ T5809] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  225.192272][   T51] Bluetooth: hci1: command tx timeout
[  225.278304][   T51] Bluetooth: hci4: command tx timeout
[  225.285311][   T51] Bluetooth: hci2: command tx timeout
[  225.345722][ T5807] batman_adv: batadv0: Adding interface: batadv_slave_0
[  225.353218][ T5807] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  225.359215][ T5810] Bluetooth: hci0: command tx timeout
[  225.379661][ T5807] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  225.403862][ T5815] team0: Port device team_slave_0 added
[  225.413106][ T5807] batman_adv: batadv0: Adding interface: batadv_slave_1
[  225.420259][ T5807] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  225.447031][ T5807] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  225.453356][ T5810] Bluetooth: hci3: command tx timeout
[  225.473658][ T5801] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  225.530296][ T5803] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  225.546137][ T5815] team0: Port device team_slave_1 added
[  225.605772][ T5801] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  225.680992][ T5803] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  225.758534][ T5815] batman_adv: batadv0: Adding interface: batadv_slave_0
[  225.765901][ T5815] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  225.792304][ T5815] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  225.847695][ T5809] hsr_slave_0: entered promiscuous mode
[  225.857537][ T5809] hsr_slave_1: entered promiscuous mode
[  225.911398][ T5803] team0: Port device team_slave_0 added
[  225.920632][ T5815] batman_adv: batadv0: Adding interface: batadv_slave_1
[  225.928098][ T5815] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  225.954544][ T5815] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  226.033144][ T5803] team0: Port device team_slave_1 added
[  226.057768][ T5801] team0: Port device team_slave_0 added
[  226.196420][ T5801] team0: Port device team_slave_1 added
[  226.205625][ T5803] batman_adv: batadv0: Adding interface: batadv_slave_0
[  226.212859][ T5803] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  226.239249][ T5803] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  226.275122][ T5807] hsr_slave_0: entered promiscuous mode
[  226.284678][ T5807] hsr_slave_1: entered promiscuous mode
[  226.293493][ T5807] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  226.301178][ T5807] Cannot create hsr debugfs directory
[  226.314330][ T5803] batman_adv: batadv0: Adding interface: batadv_slave_1
[  226.321491][ T5803] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  226.347893][ T5803] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  226.598319][ T5815] hsr_slave_0: entered promiscuous mode
[  226.608328][ T5815] hsr_slave_1: entered promiscuous mode
[  226.620148][ T5815] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  226.628039][ T5815] Cannot create hsr debugfs directory
[  226.637233][ T5801] batman_adv: batadv0: Adding interface: batadv_slave_0
[  226.644705][ T5801] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  226.671384][ T5801] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  226.797439][ T5801] batman_adv: batadv0: Adding interface: batadv_slave_1
[  226.804706][ T5801] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  226.831398][ T5801] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  227.170419][ T5803] hsr_slave_0: entered promiscuous mode
[  227.179438][ T5803] hsr_slave_1: entered promiscuous mode
[  227.188295][ T5803] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  227.196178][ T5803] Cannot create hsr debugfs directory
[  227.278668][ T5810] Bluetooth: hci1: command tx timeout
[  227.292414][ T5801] hsr_slave_0: entered promiscuous mode
[  227.301279][ T5801] hsr_slave_1: entered promiscuous mode
[  227.312206][ T5801] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  227.319953][ T5801] Cannot create hsr debugfs directory
[  227.352315][ T5810] Bluetooth: hci2: command tx timeout
[  227.352479][   T51] Bluetooth: hci4: command tx timeout
[  227.448048][   T51] Bluetooth: hci0: command tx timeout
[  227.516835][   T51] Bluetooth: hci3: command tx timeout
[  228.016971][ T5809] netdevsim netdevsim0 netdevsim0: renamed from eth0
[  228.035239][ T5809] netdevsim netdevsim0 netdevsim1: renamed from eth1
[  228.092863][ T5809] netdevsim netdevsim0 netdevsim2: renamed from eth2
[  228.197994][ T5809] netdevsim netdevsim0 netdevsim3: renamed from eth3
[  228.216759][ T5815] netdevsim netdevsim3 netdevsim0: renamed from eth0
[  228.318634][ T5815] netdevsim netdevsim3 netdevsim1: renamed from eth1
[  228.422754][ T5815] netdevsim netdevsim3 netdevsim2: renamed from eth2
[  228.445053][ T5807] netdevsim netdevsim4 netdevsim0: renamed from eth0
[  228.497833][ T5815] netdevsim netdevsim3 netdevsim3: renamed from eth3
[  228.515134][ T5807] netdevsim netdevsim4 netdevsim1: renamed from eth1
[  228.611191][ T5807] netdevsim netdevsim4 netdevsim2: renamed from eth2
[  228.669355][ T5807] netdevsim netdevsim4 netdevsim3: renamed from eth3
[  228.717115][ T5803] netdevsim netdevsim2 netdevsim0: renamed from eth0
[  228.810536][ T5803] netdevsim netdevsim2 netdevsim1: renamed from eth1
[  228.915670][ T5803] netdevsim netdevsim2 netdevsim2: renamed from eth2
[  228.945046][ T5801] netdevsim netdevsim1 netdevsim0: renamed from eth0
[  228.968524][ T5801] netdevsim netdevsim1 netdevsim1: renamed from eth1
[  228.995349][ T5801] netdevsim netdevsim1 netdevsim2: renamed from eth2
[  229.015226][ T5803] netdevsim netdevsim2 netdevsim3: renamed from eth3
[  229.060230][ T5801] netdevsim netdevsim1 netdevsim3: renamed from eth3
[  229.353746][   T51] Bluetooth: hci1: command tx timeout
[  229.432174][   T51] Bluetooth: hci4: command tx timeout
[  229.437845][   T51] Bluetooth: hci2: command tx timeout
[  229.513209][   T51] Bluetooth: hci0: command tx timeout
[  229.593494][   T51] Bluetooth: hci3: command tx timeout
[  229.622509][ T5809] 8021q: adding VLAN 0 to HW filter on device bond0
[  229.847512][ T5809] 8021q: adding VLAN 0 to HW filter on device team0
[  229.923408][   T60] bridge0: port 1(bridge_slave_0) entered blocking state
[  229.931068][   T60] bridge0: port 1(bridge_slave_0) entered forwarding state
[  229.968936][ T5815] 8021q: adding VLAN 0 to HW filter on device bond0
[  230.087796][  T143] bridge0: port 2(bridge_slave_1) entered blocking state
[  230.095538][  T143] bridge0: port 2(bridge_slave_1) entered forwarding state
[  230.250353][ T5815] 8021q: adding VLAN 0 to HW filter on device team0
[  230.340105][ T5807] 8021q: adding VLAN 0 to HW filter on device bond0
[  230.389112][ T5803] 8021q: adding VLAN 0 to HW filter on device bond0
[  230.426349][ T5801] 8021q: adding VLAN 0 to HW filter on device bond0
[  230.467455][ T3800] bridge0: port 1(bridge_slave_0) entered blocking state
[  230.475271][ T3800] bridge0: port 1(bridge_slave_0) entered forwarding state
[  230.541477][ T4006] bridge0: port 2(bridge_slave_1) entered blocking state
[  230.549362][ T4006] bridge0: port 2(bridge_slave_1) entered forwarding state
[  230.657375][ T5803] 8021q: adding VLAN 0 to HW filter on device team0
[  230.670874][ T5807] 8021q: adding VLAN 0 to HW filter on device team0
[  230.751824][   T60] bridge0: port 1(bridge_slave_0) entered blocking state
[  230.760027][   T60] bridge0: port 1(bridge_slave_0) entered forwarding state
[  230.811235][ T5801] 8021q: adding VLAN 0 to HW filter on device team0
[  230.877019][   T60] bridge0: port 1(bridge_slave_0) entered blocking state
[  230.884788][   T60] bridge0: port 1(bridge_slave_0) entered forwarding state
[  230.910773][   T60] bridge0: port 2(bridge_slave_1) entered blocking state
[  230.918539][   T60] bridge0: port 2(bridge_slave_1) entered forwarding state
[  230.933889][   T60] bridge0: port 2(bridge_slave_1) entered blocking state
[  230.941528][   T60] bridge0: port 2(bridge_slave_1) entered forwarding state
[  231.019921][ T4006] bridge0: port 1(bridge_slave_0) entered blocking state
[  231.027700][ T4006] bridge0: port 1(bridge_slave_0) entered forwarding state
[  231.095773][   T60] bridge0: port 2(bridge_slave_1) entered blocking state
[  231.103548][   T60] bridge0: port 2(bridge_slave_1) entered forwarding state
[  231.390639][ T5803] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[  231.482331][ T5807] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network
[  231.493233][ T5807] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[  231.619233][ T5801] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[  232.455305][ T5809] 8021q: adding VLAN 0 to HW filter on device batadv0
[  232.994760][ T5809] veth0_vlan: entered promiscuous mode
[  233.156294][ T5809] veth1_vlan: entered promiscuous mode
[  233.281767][ T5807] 8021q: adding VLAN 0 to HW filter on device batadv0
[  233.319763][ T5815] 8021q: adding VLAN 0 to HW filter on device batadv0
[  233.396365][ T5801] 8021q: adding VLAN 0 to HW filter on device batadv0
[  233.445293][ T5803] 8021q: adding VLAN 0 to HW filter on device batadv0
[  233.555586][ T5809] veth0_macvtap: entered promiscuous mode
[  233.650809][ T5809] veth1_macvtap: entered promiscuous mode
[  233.899749][ T5815] veth0_vlan: entered promiscuous mode
[  233.936438][ T5801] veth0_vlan: entered promiscuous mode
[  233.979427][ T5809] batman_adv: batadv0: Interface activated: batadv_slave_0
[  234.026468][ T5815] veth1_vlan: entered promiscuous mode
[  234.071701][ T5801] veth1_vlan: entered promiscuous mode
[  234.096590][ T5809] batman_adv: batadv0: Interface activated: batadv_slave_1
[  234.111153][ T5803] veth0_vlan: entered promiscuous mode
[  234.200774][ T5809] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  234.210127][ T5809] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  234.220803][ T5809] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  234.230148][ T5809] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  234.307742][ T5803] veth1_vlan: entered promiscuous mode
[  234.374930][ T5801] veth0_macvtap: entered promiscuous mode
[  234.488875][ T5801] veth1_macvtap: entered promiscuous mode
[  234.548962][ T5815] veth0_macvtap: entered promiscuous mode
[  234.620037][ T5815] veth1_macvtap: entered promiscuous mode
[  234.758542][ T5803] veth0_macvtap: entered promiscuous mode
[  234.775214][ T5801] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  234.787245][ T5801] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  234.801795][ T5801] batman_adv: batadv0: Interface activated: batadv_slave_0
[  234.858660][ T5803] veth1_macvtap: entered promiscuous mode
[  234.877267][ T5815] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  234.888291][ T5815] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  234.898530][ T5815] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  234.909348][ T5815] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  234.926054][ T5815] batman_adv: batadv0: Interface activated: batadv_slave_0
[  234.967742][ T5801] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  234.978553][ T5801] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  234.992911][ T5801] batman_adv: batadv0: Interface activated: batadv_slave_1
[  235.136431][ T5803] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  235.148588][ T5803] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  235.160184][ T5803] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  235.171043][ T5803] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  235.181164][ T5803] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  235.192958][ T5803] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  235.207115][ T5803] batman_adv: batadv0: Interface activated: batadv_slave_0
[  235.231531][ T5801] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  235.240849][ T5801] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  235.250163][ T5801] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  235.259351][ T5801] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  235.295816][ T5815] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  235.306709][ T5815] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  235.316957][ T5815] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  235.327799][ T5815] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  235.342216][ T5815] batman_adv: batadv0: Interface activated: batadv_slave_1
[  235.544044][ T5803] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  235.555024][ T5803] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  235.565323][ T5803] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  235.576059][ T5803] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  235.586321][ T5803] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  235.597067][ T5803] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  235.611351][ T5803] batman_adv: batadv0: Interface activated: batadv_slave_1
[  235.670050][ T5815] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  235.679510][ T5815] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  235.690707][ T5815] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  235.701228][ T5815] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  235.888837][ T5803] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  235.898079][ T5803] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  235.907263][ T5803] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  235.918559][ T5803] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  236.397447][ T5807] veth0_vlan: entered promiscuous mode
[  236.546717][ T5807] veth1_vlan: entered promiscuous mode
[  236.896309][ T5807] veth0_macvtap: entered promiscuous mode
[  237.006328][ T5807] veth1_macvtap: entered promiscuous mode
[  237.156327][ T5807] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  237.167317][ T5807] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  237.177502][ T5807] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  237.188289][ T5807] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  237.202899][ T5807] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  237.217719][ T5807] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  237.227836][ T5807] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  237.238579][ T5807] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  237.255277][ T5807] batman_adv: batadv0: Interface activated: batadv_slave_0
[  237.441109][ T5807] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  237.454764][ T5807] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  237.465800][ T5807] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  237.476568][ T5807] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  237.486802][ T5807] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  237.497584][ T5807] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  237.507794][ T5807] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  237.520827][ T5807] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  237.535727][ T5807] batman_adv: batadv0: Interface activated: batadv_slave_1
[  237.656775][ T5807] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  237.667657][ T5807] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  237.678477][ T5807] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  237.688433][ T5807] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  241.143994][ T3800] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  241.152192][ T3800] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  241.325886][ T3744] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  241.334534][ T3744] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  241.655982][ T5809] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality.
[  242.050900][ T3631] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  242.060028][ T3631] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  242.397589][ T3631] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  242.406630][ T3631] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  242.532077][ T4006] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  242.540283][ T4006] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  242.671215][  T143] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  242.679645][  T143] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  242.786198][ T4095] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  242.796112][ T4095] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  242.869685][ T3707] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  242.887822][ T3707] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  243.304427][ T5989] kvm_intel: L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/l1tf.html for details.
[  243.920317][ T6002] loop0: detected capacity change from 0 to 128
[  244.007157][ T6002] FAT-fs (loop0): utf8 is not a recommended IO charset for FAT filesystems, filesystem will be case sensitive!
[  244.105802][ T6002] FAT-fs (loop0): Invalid FSINFO signature: 0x41615252, 0x80417272 (sector = 1)
[  244.252129][   T29] audit: type=1800 audit(1732681346.943:2): pid=6002 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.7" name="bus" dev="loop0" ino=1048596 res=0 errno=0
[  244.416056][ T3473] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  244.424612][ T3473] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  244.682792][   T34] FAT-fs (loop0): Invalid FSINFO signature: 0x41615252, 0x80417272 (sector = 1)
[  244.760471][   T34] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  244.769490][   T34] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  245.255652][ T6011] loop2: detected capacity change from 0 to 2048
[  245.318175][ T6011] =======================================================
[  245.318175][ T6011] WARNING: The mand mount option has been deprecated and
[  245.318175][ T6011]          and is ignored by this kernel. Remove the mand
[  245.318175][ T6011]          option from the mount to silence this warning.
[  245.318175][ T6011] =======================================================
[  245.545620][ T6011] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000)
[  245.812346][ T6011] loop2: detected capacity change from 2048 to 11
[  245.849809][ T6020] syz.2.11: attempt to access beyond end of device
[  245.849809][ T6020] loop2: rw=0, sector=1409, nr_sectors = 1 limit=11
[  245.930656][ T6011] Dev loop2: unable to read RDB block 11
[  245.936917][ T6011]  loop2: unable to read partition table
[  245.946686][ T6011] loop2: partition table beyond EOD, truncated
[  245.955729][ T6011] loop_reread_partitions: partition scan of loop2 (�5�A;�8R����])��^\�) failed (rc=-5)
[  246.143747][ T6027] tun0: tun_chr_ioctl cmd 1074025675
[  246.149325][ T6027] tun0: persist enabled
[  246.160834][ T6027] tun0: tun_chr_ioctl cmd 1074025675
[  246.166615][ T6027] tun0: persist enabled
[  246.477065][ T5803] syz-executor: attempt to access beyond end of device
[  246.477065][ T5803] loop2: rw=0, sector=1409, nr_sectors = 1 limit=11
[  246.512535][ T5803] UDF-fs: error (device loop2): udf_read_tagged: read failed, block=1345, location=33
[  246.526035][ T5803] UDF-fs: error (device loop2): udf_read_inode: (ino 1345) failed !bh
[  246.549734][ T5803] UDF-fs: error (device loop2): udf_read_tagged: read failed, block=1345, location=33
[  246.574082][ T5803] UDF-fs: error (device loop2): udf_read_inode: (ino 1345) failed !bh
[  246.990198][ T6035] =====================================================
[  246.999881][ T6035] BUG: KMSAN: uninit-value in io_nop+0x549/0x8a0
[  247.007451][ T6035]  io_nop+0x549/0x8a0
[  247.011609][ T6035]  io_issue_sqe+0x420/0x2130
[  247.017398][ T6035]  io_submit_sqes+0x11bc/0x2f80
[  247.023551][ T6035]  __se_sys_io_uring_enter+0x423/0x4aa0
[  247.033390][ T6035]  __x64_sys_io_uring_enter+0x11f/0x1a0
[  247.039155][ T6035]  x64_sys_call+0xce5/0x3c30
[  247.046170][ T6035]  do_syscall_64+0xcd/0x1e0
[  247.050902][ T6035]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  247.058524][ T6035] 
[  247.060960][ T6035] Uninit was created at:
[  247.066693][ T6035]  __alloc_pages_noprof+0x9a7/0xe00
[  247.073020][ T6035]  alloc_pages_mpol_noprof+0x299/0x990
[  247.078690][ T6035]  alloc_pages_noprof+0x1bf/0x1e0
[  247.084239][ T6035]  allocate_slab+0x320/0x12e0
[  247.089095][ T6035]  ___slab_alloc+0x12ef/0x35e0
[  247.094229][ T6035]  kmem_cache_alloc_bulk_noprof+0x486/0x1330
[  247.100438][ T6035]  __io_alloc_req_refill+0x84/0x5b0
[  247.107694][ T6035]  io_submit_sqes+0x9a2/0x2f80
[  247.112968][ T6035]  __se_sys_io_uring_enter+0x423/0x4aa0
[  247.118723][ T6035]  __x64_sys_io_uring_enter+0x11f/0x1a0
[  247.124729][ T6035]  x64_sys_call+0xce5/0x3c30
[  247.133025][ T6035]  do_syscall_64+0xcd/0x1e0
[  247.137794][ T6035]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  247.145498][ T6035] 
[  247.147978][ T6035] CPU: 0 UID: 0 PID: 6035 Comm: syz.1.21 Not tainted 6.12.0-syzkaller-09567-g7eef7e306d3c #0
[  247.158585][ T6035] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
[  247.169015][ T6035] =====================================================
[  247.176362][ T6035] Disabling lock debugging due to kernel taint
[  247.182795][ T6035] Kernel panic - not syncing: kmsan.panic set ...
[  247.189367][ T6035] CPU: 0 UID: 0 PID: 6035 Comm: syz.1.21 Tainted: G    B              6.12.0-syzkaller-09567-g7eef7e306d3c #0
[  247.201246][ T6035] Tainted: [B]=BAD_PAGE
[  247.205560][ T6035] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
[  247.215819][ T6035] Call Trace:
[  247.219242][ T6035]  <TASK>
[  247.222317][ T6035]  dump_stack_lvl+0x216/0x2d0
[  247.227322][ T6035]  ? kmsan_get_shadow_origin_ptr+0x4d/0xb0
[  247.233415][ T6035]  dump_stack+0x1e/0x30
[  247.237803][ T6035]  panic+0x4e2/0xcf0
[  247.241933][ T6035]  ? kmsan_get_metadata+0x51/0x1c0
[  247.247317][ T6035]  kmsan_report+0x2c7/0x2d0
[  247.252047][ T6035]  ? kmsan_get_metadata+0x13e/0x1c0
[  247.257501][ T6035]  ? kmsan_get_metadata+0x13e/0x1c0
[  247.262925][ T6035]  ? __msan_warning+0x95/0x120
[  247.267899][ T6035]  ? io_nop+0x549/0x8a0
[  247.272210][ T6035]  ? io_issue_sqe+0x420/0x2130
[  247.277136][ T6035]  ? io_submit_sqes+0x11bc/0x2f80
[  247.282344][ T6035]  ? __se_sys_io_uring_enter+0x423/0x4aa0
[  247.288244][ T6035]  ? __x64_sys_io_uring_enter+0x11f/0x1a0
[  247.294146][ T6035]  ? x64_sys_call+0xce5/0x3c30
[  247.299144][ T6035]  ? do_syscall_64+0xcd/0x1e0
[  247.304452][ T6035]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  247.310718][ T6035]  ? mod_objcg_state+0x6ee/0xe00
[  247.315830][ T6035]  ? kmsan_get_metadata+0x13e/0x1c0
[  247.321246][ T6035]  ? kmsan_get_shadow_origin_ptr+0x4d/0xb0
[  247.327274][ T6035]  ? __memcg_slab_post_alloc_hook+0xbdd/0x1540
[  247.333644][ T6035]  ? kmsan_get_metadata+0x13e/0x1c0
[  247.339068][ T6035]  ? kmsan_get_shadow_origin_ptr+0x4d/0xb0
[  247.345109][ T6035]  __msan_warning+0x95/0x120
[  247.349901][ T6035]  io_nop+0x549/0x8a0
[  247.354050][ T6035]  ? __pfx_io_nop+0x10/0x10
[  247.358704][ T6035]  io_issue_sqe+0x420/0x2130
[  247.363457][ T6035]  ? kmsan_get_metadata+0x13e/0x1c0
[  247.368911][ T6035]  ? kmsan_get_shadow_origin_ptr+0x4d/0xb0
[  247.374992][ T6035]  io_submit_sqes+0x11bc/0x2f80
[  247.380089][ T6035]  ? kmsan_internal_set_shadow_origin+0x69/0x100
[  247.386669][ T6035]  __se_sys_io_uring_enter+0x423/0x4aa0
[  247.392450][ T6035]  ? futex_wait+0x2bf/0x360
[  247.397155][ T6035]  ? kmsan_internal_set_shadow_origin+0x69/0x100
[  247.403709][ T6035]  ? kmsan_get_metadata+0x13e/0x1c0
[  247.409138][ T6035]  ? do_futex+0x341/0x4a0
[  247.413624][ T6035]  ? kmsan_get_metadata+0x13e/0x1c0
[  247.419046][ T6035]  ? kmsan_get_shadow_origin_ptr+0x4d/0xb0
[  247.425088][ T6035]  ? kmsan_get_shadow_origin_ptr+0x4d/0xb0
[  247.431120][ T6035]  __x64_sys_io_uring_enter+0x11f/0x1a0
[  247.436876][ T6035]  x64_sys_call+0xce5/0x3c30
[  247.441707][ T6035]  do_syscall_64+0xcd/0x1e0
[  247.446425][ T6035]  ? clear_bhb_loop+0x25/0x80
[  247.451345][ T6035]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  247.457455][ T6035] RIP: 0033:0x7f8a50d80809
[  247.462021][ T6035] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  247.481836][ T6035] RSP: 002b:00007f8a51b9f058 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa
[  247.490442][ T6035] RAX: ffffffffffffffda RBX: 00007f8a50f45fa0 RCX: 00007f8a50d80809
[  247.498569][ T6035] RDX: 0000000000000000 RSI: 0000000000002d3e RDI: 0000000000000003
[  247.506710][ T6035] RBP: 00007f8a50df393e R08: 0000000000000000 R09: 0000000000000000
[  247.514831][ T6035] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  247.522941][ T6035] R13: 0000000000000000 R14: 00007f8a50f45fa0 R15: 00007ffee1df17d8
[  247.531088][ T6035]  </TASK>
[  247.534508][ T6035] Kernel Offset: disabled
[  247.538928][ T6035] Rebooting in 86400 seconds..