last executing test programs:

8m30.357862174s ago: executing program 32 (id=161):
syz_open_procfs$namespace(0xffffffffffffffff, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000000)={0x8, 0x100008b}, 0x0)
getpid()
sched_setscheduler(0x0, 0x2, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
r0 = syz_open_dev$MSR(&(0x7f0000000240), 0x0, 0x0)
read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8)
r1 = syz_open_dev$sg(&(0x7f00000060c0), 0x0, 0x8002)
r2 = fcntl$dupfd(r1, 0x0, r1)
write$sndseq(r2, &(0x7f0000000200)=[{0x0, 0x0, 0x43, 0x0, @tick=0x2f, {0x1}, {0x8}, @raw32}, {0x0, 0x2, 0x0, 0x0, @time, {}, {}, @ext={0x0, 0x0}}], 0x38)

7m47.131467012s ago: executing program 5 (id=342):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x1c1d00, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CAP_SPLIT_IRQCHIP(r1, 0x4068aea3, &(0x7f0000000380)={0x79, 0x0, 0x4})
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r2 = getpid()
sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
r5 = accept$alg(0xffffffffffffffff, 0x0, 0x0)
read$alg(r5, &(0x7f00000000c0)=""/126, 0x7e)
connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r3, 0x0, 0x0, 0x2, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
mbind(&(0x7f0000bdf000/0x4000)=nil, 0x4000, 0x1, &(0x7f0000000040)=0x1, 0x2, 0x0)
mbind(&(0x7f0000bde000/0x2000)=nil, 0x2000, 0x4001, &(0x7f0000000080)=0x85, 0x7, 0x0)
syz_open_dev$dri(&(0x7f0000000000), 0x1ff, 0x0)
bpf$BPF_PROG_TEST_RUN(0x1c, 0x0, 0x0)
r6 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x1)
ioctl$KVM_RUN(0xffffffffffffffff, 0xae80, 0x0)
ioctl$KVM_RUN(r6, 0xae80, 0x0)

7m43.953892018s ago: executing program 5 (id=350):
socket$alg(0x26, 0x5, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x20000008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f0000000180)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4)
r3 = openat$sndtimer(0xffffffffffffff9c, &(0x7f00000003c0), 0x0)
ioctl$SNDRV_TIMER_IOCTL_TREAD(r3, 0x40045402, &(0x7f0000000040)=0x1)

7m42.97319245s ago: executing program 5 (id=352):
r0 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r0, &(0x7f00000004c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc-camellia-asm\x00'}, 0x58)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4)
sched_setaffinity(0x0, 0x8, &(0x7f0000000080)=0x6)
sendmsg$nl_generic(0xffffffffffffffff, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8)
socket$nl_netfilter(0x10, 0x3, 0xc)
setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000c18000)="ad56b6c5820fae9d6dcd3292ea54c7beef915d564c90c200", 0x18)
r2 = accept4(r0, 0x0, 0x0, 0x0)
sendmmsg$alg(r2, &(0x7f0000000040)=[{0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000080)="f78d9ca38fff48f3be52163448412ba8", 0x10}, {&(0x7f0000000140)="ebe3a0e9796cfd1647e299f4e376fdba128280b372219d205e81f4a7f71c1926aae1efd7e0054a863f3d5cfe6cb55b5bb9fa6935849e6098ed884e7cb51726b360fbb37b4fe035bbb095873048", 0x4d}, {&(0x7f00000003c0)="e8700e444d50a969ff67347cff6127e6ef12ee3819271482a4975a52c1ab9b8b4db3945d1032005eabe97b4dc33a47d3a158da988456d30026b433186f53cdcdb93a4722bf306a10470d50f5cb1ece9ead3459bab1cf1538cd0b157653c5e892962c80f158c443e9c6ad7d2a8103ef2f4b93766b9a21501f94c1568b13756b66f74f46cf801704d2da8b96c34070b233af0afcc436712e58ed25e721193af05a045ad3fdc928f02f3dbad19d3e66eebda2e63f3f46ef4511cee26d7b48241847bf9e343ef4674c45e2a085060f", 0xcd}], 0x3, &(0x7f0000000380)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18}], 0x1, 0x40800)

7m40.456651801s ago: executing program 5 (id=361):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x1c1d00, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CAP_SPLIT_IRQCHIP(r1, 0x4068aea3, &(0x7f0000000380)={0x79, 0x0, 0x4})
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r2 = getpid()
sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
r5 = accept$alg(0xffffffffffffffff, 0x0, 0x0)
read$alg(r5, &(0x7f00000000c0)=""/126, 0x7e)
connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
mbind(&(0x7f0000bdf000/0x4000)=nil, 0x4000, 0x1, 0x0, 0x2, 0x0)
mbind(&(0x7f0000bde000/0x2000)=nil, 0x2000, 0x4001, &(0x7f0000000080)=0x85, 0x7, 0x0)
syz_open_dev$dri(&(0x7f0000000000), 0x1ff, 0x0)
bpf$BPF_PROG_TEST_RUN(0x1c, 0x0, 0x0)
r6 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x1)
ioctl$KVM_RUN(0xffffffffffffffff, 0xae80, 0x0)
ioctl$KVM_RUN(r6, 0xae80, 0x0)

7m38.75792303s ago: executing program 5 (id=364):
r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
r1 = openat$sw_sync(0xffffffffffffff9c, &(0x7f0000001700), 0x0, 0x0)
ioctl$SW_SYNC_IOC_CREATE_FENCE(r1, 0xc0285700, &(0x7f0000000080)={0x4, "d2c4924f5689213dc64c3b6e6ff82a75e5318fca4288c20600000072020bcd2c"})
ioctl$sock_SIOCSIFBR(r0, 0x8941, 0x0)
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000400)={0x1, &(0x7f0000000380)=[{0x6, 0x0, 0x0, 0x7fffffff}]})
openat$dma_heap(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$DMA_BUF_SET_NAME_A(0xffffffffffffffff, 0x40086203, &(0x7f00000001c0)='\x02\x00\x00\x00\x05\x00\x00\x00-control\x00')
ioctl$DMA_BUF_IOCTL_SYNC(0xffffffffffffffff, 0xc0086202, &(0x7f0000000540)=0x1)

7m38.672079681s ago: executing program 5 (id=366):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r1, 0x0, 0x0)
msgctl$IPC_RMID(0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x400000bce)
r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x140, 0x0)
modify_ldt$write2(0x11, 0x0, 0x0)
r3 = syz_open_dev$tty1(0xc, 0x4, 0x1)
ioctl$GIO_UNIMAP(r3, 0x4b66, 0x0)
read$msr(r2, &(0x7f0000019680)=""/102392, 0x18ff8)
socketpair$unix(0x1, 0x5, 0x0, 0x0)
msgsnd(0x0, &(0x7f0000000280)=ANY=[@ANYRESHEX], 0x0, 0x0)
sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000040)={0x34, 0x3d, 0x107, 0x0, 0x0, {0x4, 0x7c}, [@typed={0x4}, @nested={0x1c, 0x1, 0x0, 0x1, [@typed={0x6, 0x6, 0x0, 0x0, @str='\x80\n'}, @nested={0x10, 0x15, 0x0, 0x1, [@typed={0xc, 0x7a, 0x0, 0x0, @u64=0x1}]}]}]}, 0x34}}, 0x0)

7m31.510396375s ago: executing program 33 (id=341):
r0 = socket$nl_route(0x10, 0x3, 0x0)
openat$ttyS3(0xffffffffffffff9c, 0x0, 0x725580, 0x0)
r1 = socket$alg(0x26, 0x5, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x200002)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
openat$kvm(0xffffffffffffff9c, 0x0, 0x480040, 0x0)
dup(r1)
r2 = syz_open_dev$MSR(&(0x7f0000000240), 0x0, 0x0)
read$msr(r2, &(0x7f0000019680)=""/102392, 0x18ff8)
listen(r0, 0xc)
lseek(r0, 0x400006, 0x1)
ioctl$VIDIOC_S_HW_FREQ_SEEK(0xffffffffffffffff, 0x40305652, &(0x7f0000000200)={0x0, 0x1, 0x0, 0x0, 0x1, 0x2088, 0x6})
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)
ioctl$sock_ipv4_tunnel_SIOCCHGTUNNEL(0xffffffffffffffff, 0x89f3, &(0x7f0000000000)={'sit0\x00', &(0x7f0000000440)={'syztnl0\x00', 0x0, 0x80, 0x0, 0x400000, 0x0, {{0xa, 0x4, 0x0, 0x0, 0x28, 0x0, 0x0, 0x0, 0x0, 0x0, @remote, @multicast2, {[@ssrr={0x89, 0x7, 0x8a, [@private=0xa010100]}, @timestamp={0x44, 0x4, 0x34}, @noop, @rr={0x7, 0x7, 0xa, [@dev={0xac, 0x14, 0x14, 0x43}]}, @noop]}}}}})
r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
r4 = syz_open_dev$tty1(0xc, 0x4, 0x1)
r5 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r5, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000b40)=ANY=[@ANYBLOB="480100001a001307000000000000000000000000000000000000000000000001e000000200"/64, @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="fe8800000000000000000000000000010000000032000000e00000020000000000000000000000000000000000000000fcffffffffffffff000004000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000040000000a000100000000200000000048000200656362286369706865725f6e756c6c290000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000008001d000000000008001e0000000000"], 0x148}}, 0x0)
syz_emit_ethernet(0x33, &(0x7f0000000340)=ANY=[@ANYBLOB="0380c20000000180c200a605ade6dabf4eeb9600000011000000b33a216e05ddc7b38e776524aab0335c5ab4794453e3675606111c8c49ba9145e1d2b1deea9e5c9ec178761c8c2e509ec08849e83326b3b2"], 0x0)
ioctl$VT_RESIZEX(r4, 0x560a, &(0x7f0000000240)={0x0, 0x0, 0x8, 0x4, 0x3, 0x3f00})
r6 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0)
sendmsg$ETHTOOL_MSG_LINKMODES_GET(r2, &(0x7f00000001c0)={0x0, 0x8, &(0x7f0000000400)={&(0x7f0000000040)=ANY=[@ANYRESHEX=r6], 0x14}, 0x1, 0x0, 0x0, 0x40000}, 0x20044890)
r7 = socket$nl_route(0x10, 0x3, 0x0)
r8 = socket$packet(0x11, 0x3, 0x300)
ioctl$sock_SIOCGIFINDEX(r8, 0x8933, &(0x7f00000000c0)={'vlan1\x00', <r9=>0x0})
sendmsg$nl_route(r7, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000180)=ANY=[@ANYBLOB="d400000010000d0400"/20, @ANYRES32=r9, @ANYBLOB="0000000000000000b400128009000100766c616e00000000a4000280040003"], 0xd4}}, 0x0)
socket(0x400000000011, 0x3, 0x0)
socket$unix(0x1, 0x1, 0x0)

7m26.706396068s ago: executing program 34 (id=357):
mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x800008, 0x4000010, 0xffffffffffffffff, 0xa41f4000)
bpf$MAP_CREATE_TAIL_CALL(0x0, 0x0, 0x50)
bpf$MAP_CREATE(0x0, 0x0, 0x50)
openat$kvm(0xffffffffffffff9c, 0x0, 0x406000, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000040)=0x1)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x410000bce)
r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r0, &(0x7f0000003180)=""/102400, 0x19000)
mkdir(&(0x7f0000000000)='./file0\x00', 0x8)
r1 = syz_open_dev$dri(&(0x7f0000000080), 0x1, 0x0)
ioctl$DRM_IOCTL_MODE_GETPLANE(r1, 0xc02064b6, &(0x7f00000003c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
ioctl$DRM_IOCTL_MODE_GETRESOURCES(r1, 0xc04064a0, &(0x7f0000000500)={0x0, 0x0, &(0x7f0000000480)=[<r2=>0x0], 0x0, 0x0, 0x0, 0x1})
ioctl$DRM_IOCTL_MODE_GETCONNECTOR(r1, 0xc05064a7, &(0x7f0000000540)={0x0, 0x0, &(0x7f00000002c0)=[0x0, 0x0, 0x0, 0x0], &(0x7f0000000300), 0x1f00, 0x4, 0x0, 0x0, r2})
r3 = syz_open_procfs(0x0, &(0x7f0000000000)='task\x00')
getdents64(r3, &(0x7f0000000480)=""/4081, 0x103a)
r4 = socket$netlink(0x10, 0x3, 0x10)
sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, 0x0}, 0x0)
ioctl$sock_SIOCGIFINDEX_80211(r4, 0x8b18, &(0x7f0000000000)={'wlan0\x00'})

7m23.509902134s ago: executing program 35 (id=366):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r1, 0x0, 0x0)
msgctl$IPC_RMID(0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x400000bce)
r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x140, 0x0)
modify_ldt$write2(0x11, 0x0, 0x0)
r3 = syz_open_dev$tty1(0xc, 0x4, 0x1)
ioctl$GIO_UNIMAP(r3, 0x4b66, 0x0)
read$msr(r2, &(0x7f0000019680)=""/102392, 0x18ff8)
socketpair$unix(0x1, 0x5, 0x0, 0x0)
msgsnd(0x0, &(0x7f0000000280)=ANY=[@ANYRESHEX], 0x0, 0x0)
sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000040)={0x34, 0x3d, 0x107, 0x0, 0x0, {0x4, 0x7c}, [@typed={0x4}, @nested={0x1c, 0x1, 0x0, 0x1, [@typed={0x6, 0x6, 0x0, 0x0, @str='\x80\n'}, @nested={0x10, 0x15, 0x0, 0x1, [@typed={0xc, 0x7a, 0x0, 0x0, @u64=0x1}]}]}]}, 0x34}}, 0x0)

7m12.357821531s ago: executing program 4 (id=410):
syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000300)={0x8, 0x20000008c}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f0000000180)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
r3 = syz_io_uring_setup(0x204, &(0x7f0000000480)={0x0, 0xf67c, 0x8}, &(0x7f00000000c0)=<r4=>0x0, &(0x7f0000000080)=<r5=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r4, 0x4, &(0x7f0000000180)=0xfffffffc, 0x0, 0x4)
syz_io_uring_submit(r4, r5, &(0x7f0000000200)=@IORING_OP_WRITEV={0x2, 0x0, 0x0, @fd_index=0x4, 0x0, 0x0, 0x0, 0xa})
io_uring_enter(r3, 0x47ba, 0x0, 0x0, 0x0, 0x0)

7m11.392743298s ago: executing program 4 (id=411):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
ioctl$sock_netrom_SIOCADDRT(0xffffffffffffffff, 0x890b, &(0x7f00000003c0)={0x0, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @netrom={'nr', 0x0}, 0x3, 'syz0\x00', @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x2}, 0x0, 0x0, [@default, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x3}, @default, @default, @default, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x2}, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x2}, @bcast]})
getpid()
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000001480)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r2 = socket$kcm(0x29, 0x2, 0x0)
r3 = memfd_create(&(0x7f0000000000)='e\xf4E\x88-\x00', 0x0)
setsockopt$MRT6_ADD_MIF(0xffffffffffffffff, 0x29, 0xca, 0x0, 0x0)
r4 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000240)={0x18, 0x4, &(0x7f0000000000)=ANY=[@ANYBLOB="18010000202300800000000000000000850000007b00000095"], &(0x7f00000001c0)='GPL\x00', 0x4, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000080)='sched_switch\x00', r4}, 0x10)
ioctl$EXT4_IOC_GROUP_EXTEND(0xffffffffffffffff, 0x80004507, 0x0)
pwritev(r3, &(0x7f0000000040)=[{&(0x7f0000000480)="db", 0x1}], 0x1, 0x4000001, 0x0)
sendfile(r2, r3, 0x0, 0x8000fb00)

7m9.421035423s ago: executing program 4 (id=416):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_TIMEOUT_DEFAULT_SET(r0, &(0x7f0000000680)={0x0, 0x0, 0x0}, 0x0)

7m8.581690816s ago: executing program 4 (id=417):
r0 = socket$netlink(0x10, 0x3, 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x40000, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
ioctl$VIDIOC_ENUM_FREQ_BANDS(0xffffffffffffffff, 0xc0405665, 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000340)='./file1\x00', 0x0)
mkdir(&(0x7f00000004c0)='./bus\x00', 0x0)
mount$overlay(0x0, &(0x7f0000000140)='./bus\x00', &(0x7f0000000000), 0x0, &(0x7f0000000180)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@upperdir={'upperdir', 0x3d, './file1'}}]})
chdir(&(0x7f00000000c0)='./bus\x00')
r4 = open(&(0x7f00000000c0)='.\x00', 0x0, 0x0)
getdents(r4, 0x0, 0x0)
close_range(r0, 0xffffffffffffffff, 0x0)

7m7.505257929s ago: executing program 4 (id=419):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_GET_BYINDEX(r0, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f00000000c0)=ANY=[@ANYBLOB="240000000f0601030000000000000000020000000500"], 0x24}, 0x1, 0x0, 0x0, 0x40045}, 0xc0c4)

7m6.697960677s ago: executing program 4 (id=420):
creat(&(0x7f0000000240)='./file0\x00', 0x0)
pipe2$9p(&(0x7f0000001900)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r1, &(0x7f0000000500)=ANY=[@ANYBLOB="1500000065ffff048000000800395032303030"], 0x15)
r2 = dup(r1)
write$FUSE_BMAP(r2, &(0x7f0000000100)={0x18}, 0x18)
sendmmsg$inet6(0xffffffffffffffff, &(0x7f0000000800), 0x0, 0x0)
write$FUSE_NOTIFY_RETRIEVE(r2, &(0x7f00000000c0)={0x14c}, 0x137)
mount$9p_fd(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f00000004c0), 0x10400, &(0x7f0000000700)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r2, @ANYBLOB=',cache=mmap'])
chmod(&(0x7f0000000140)='./file0\x00', 0x0)
r3 = open$dir(&(0x7f0000000300)='./file0\x00', 0xa0141, 0x14)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4)
sched_setaffinity(0x0, 0x0, 0x0)
r4 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r4, &(0x7f0000019680)=""/102392, 0x18ff8)
r5 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='blkio.bfq.io_wait_time\x00', 0x275a, 0x0)
ftruncate(r5, 0x2000009)
sendfile(r3, r5, 0x0, 0x7ffff000)

6m51.338973025s ago: executing program 36 (id=420):
creat(&(0x7f0000000240)='./file0\x00', 0x0)
pipe2$9p(&(0x7f0000001900)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r1, &(0x7f0000000500)=ANY=[@ANYBLOB="1500000065ffff048000000800395032303030"], 0x15)
r2 = dup(r1)
write$FUSE_BMAP(r2, &(0x7f0000000100)={0x18}, 0x18)
sendmmsg$inet6(0xffffffffffffffff, &(0x7f0000000800), 0x0, 0x0)
write$FUSE_NOTIFY_RETRIEVE(r2, &(0x7f00000000c0)={0x14c}, 0x137)
mount$9p_fd(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f00000004c0), 0x10400, &(0x7f0000000700)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r2, @ANYBLOB=',cache=mmap'])
chmod(&(0x7f0000000140)='./file0\x00', 0x0)
r3 = open$dir(&(0x7f0000000300)='./file0\x00', 0xa0141, 0x14)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4)
sched_setaffinity(0x0, 0x0, 0x0)
r4 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r4, &(0x7f0000019680)=""/102392, 0x18ff8)
r5 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='blkio.bfq.io_wait_time\x00', 0x275a, 0x0)
ftruncate(r5, 0x2000009)
sendfile(r3, r5, 0x0, 0x7ffff000)

6m35.998691831s ago: executing program 2 (id=467):
socket$alg(0x26, 0x5, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x20000008b}, 0x0)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
bpf$MAP_CREATE(0x0, &(0x7f0000000400)=@base={0x3, 0x4, 0x4, 0x3, 0x804, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f0000000180)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4)
r3 = openat$sndtimer(0xffffffffffffff9c, &(0x7f00000003c0), 0x0)
ioctl$SNDRV_TIMER_IOCTL_TREAD(r3, 0x40045402, &(0x7f0000000040)=0x1)

6m35.101808719s ago: executing program 2 (id=468):
r0 = socket$inet6_mptcp(0xa, 0x1, 0x106)
setsockopt$inet6_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000080)='cdg\x00', 0x4)
bind$inet6(r0, 0x0, 0x0)
connect$inet6(r0, 0x0, 0x0)
r1 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000200)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x1, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x50)
r2 = epoll_create1(0x0)
epoll_ctl$EPOLL_CTL_ADD(r2, 0x1, 0xffffffffffffffff, 0x0)
openat$tun(0xffffffffffffff9c, 0x0, 0x40241, 0x0)
socket$vsock_stream(0x28, 0x1, 0x0)
openat$null(0xffffff9c, &(0x7f0000000300), 0x8400, 0x0)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000003c0)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x100000}, 0xc, &(0x7f0000000280)={&(0x7f0000000180)=@setneightbl={0x14, 0x43, 0x800, 0x70bd25, 0x25dfdbff, {0xa}}, 0x14}}, 0x20044881)
r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x11, 0xf, &(0x7f0000000340)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b702000014000000b7030000000000008500000083000000bf0900000000000055090100000000009500000800000000bf91000000000000b702000043e7b5538500000085000000b70000000000000095"], &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000140)='kmem_cache_free\x00', r3}, 0x10)
pselect6(0x40, &(0x7f00000001c0)={0x0, 0x300, 0x0, 0x0, 0x4}, 0x0, &(0x7f00000002c0)={0x3ff}, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r4 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r4, &(0x7f0000032680)=""/102392, 0x18ff8)
sendmmsg$inet6(r0, 0x0, 0x0, 0x40014)

6m33.976920814s ago: executing program 2 (id=471):
socket$inet_tcp(0x2, 0x1, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f0000000000)=0x6)
r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8)
mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x3, 0x200000005c832, 0xffffffffffffffff, 0x0)
r1 = getpid()
process_vm_readv(r1, &(0x7f0000008400)=[{&(0x7f0000000300)=""/54, 0x7ffff000}, {&(0x7f0000006180)=""/152, 0x98}], 0x2, &(0x7f0000008640)=[{&(0x7f0000008480)=""/95, 0x7ffff000}], 0x286, 0x0)

6m28.912721141s ago: executing program 2 (id=480):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x20000008b}, 0x0)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
sendmmsg$unix(0xffffffffffffffff, 0x0, 0x0, 0x0)
r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x80)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r1}, 0x10)
io_uring_setup(0x0, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0xc, 0xe, &(0x7f0000001700)=ANY=[@ANYBLOB="b702000000000000bfa300000000000007030000f0ffffff7a0af0ff0200000079a4f0ff00000000b706000000000081ad64020000000000450404000100ff0f1704000001130a00b7050000010000006a0af2fe000000008500000009000000b700000000000000950000000000000000e154cd8445974b26c933f7ffffffffe4fbffffff55bb2007ee51050512b5b42128aa090a79507df79f298129daa7a6b2f91af50342115e17392ac627c87881c000006146001e04aeacea799a22a2fa798b5adc43eb27d53319d0ad229e5752548300000000dbc2777df150b7cdd77b85b941092314fd085f028f2ed1a4535550614e09d6378198a6097a670838337af2abd55a87ac0394b2f92ffab7d153d62058d0a413b2173619ccf55520f22c9ca8b6712f3024b7041b1df65b3e1b9bf115646d14ce53d13d0ccacda1ef0900094fa737c28b99938512c816fdcceaede3faedc51d29a47fc813a2ec00f4c7a53ac271d6d7f4ea6bf97f2f33e2ea2e534300bcb3fdc4b4861004eefbda7f54f82a804da4f85db47a4a69bf9bc5fa96ee293fbd165a5a68488e40b030166565a097b1b44b451de736bb6d43db8db03d4b7745fef1d04ec633dee254a6d491b849a5a787e814c4fd21a18986252a70f8f92eb6f0e8c7db4bf23242a1f2c28159f09943b1b0452d1b72183aacf4a84f9130b775dd4e9e3070756f97ad791fa99dac06b57479321a0574fb30ff0000001989328c8ddc20ea011bf5742e0e0d4334db8b20ce3f9f16cb7fc20fb4791ec85821d0c48fb657c29b309c73f0977e7cde65a82b94c461d7962b0d2277a84af326f37f3e2c25a61ec45c3af97a8f17da954aff3fc8c108755f75ca13fb7c8bbd8b6e7dac1aba4b20dc7de058a4dfa7e85a8bdf1d41a2d8bda74d66f47cc180f82c5f573c6d294d3665016ab99dda0fde4745db06753a7ac74a2d32f7528751313694bf5700b20ef0c248ddd3da32396a614cacad4aff2066bb5d4045c958559b7dcb98a6273b8c651e24d9f679e4fbe948dfb4cc4a389469608241730459f0123fd39206000000000000eb55dad46de56ef907b059b90b8aa49afb9a79ae5498f6589880ed6eea7f9c670012be05e7de0940313c5870786554df26236ebced9390cb6941b8375d936a7d2120eca291963eb2d537d8ee4de5c183c960119451c31539b22809e1d7f0cda06a9fa87d64cb77872a2cd8a104e16bb1a2bacf13464ca03aff14a9aa4bd9539f5096412b92012e095b84c20243ff98df3347f0e399d1b9f27e3c33269c0e153b28b2d4410572bc45b9d3fa02208d304d455c36300000000022320178b00cc6ed7966130b547dbf8b497af002000000cd1d00000020000000ef19349ee7f31abc11c800000000000000000000000928ee53595a779d243a48cea769470424d28804c04b2c4324ab7f4a5c81921f0128dfd70b438af60b060000000000000056642b49b745f3bf2cf7908b6d7d748308eea09fc361b4735efbf3411718d6ee7aebf9ef679dbfae9fb4a79f8a836804ed3a1079b0282a12043408cd60b687dcff91af19010000000000000000456f7d2a42bd13da202274f20675eb781925441578e93046aaddea8ec4ca37f71c2710a7ea8ae0dc214e1cc275b26adfa892e6de92000000000000000000ddff004cff9ec7ffff35e62f4eeee50e5bafecea4d4134f9d006c8d6883eca5c9c58c9e93311ab5009c68c73de2f04f15d005387577f480000ea65559eb00e76e9d0ada201bcbb5c252b28a60ca770663da451790cc36000906d5a9fad98c308e39bd5ffb6151d79c1cee1cd102e3c8e63e9fba05e3633be3f00000015762e5f5a3a0bc33fdbe28a5ffc83f2b485185cc92fe7f791e8f6429309d6adab4b7e508e5bf024ed8f8a005f2bbf96c89739f5cf1e750d50517a59a3ad09e8802e8f4f535447cc0fc9d5f99a73145dfcedad69da9cd4375c624600e78f4458542b14f29611f95d4a31838eeb20c20bb82aa31771cd379ec83554cea5e6539db7384e1f58d81f2f2653c4d9818708e27c89b552d7fcd116bce9c764c714c9402c21d181aac59efb28d4f91652f6750b6ec962802c0320f8059195729d60c534ee8e8ff0755b67fe4c25edb85bcff24c757aa8090000000000008c420eb4304f66e3a37aaf000000c42a570f0e9dd5fd545470f862f8c3c14fa9ecd1e877b0d8ca84c044859e85e6158f9184bc61a9a284db80e4636c25b96174327d82761c26e329555f9290af4100000000000000749efd3763655500344bae34137f5ab0d534b8d63e4ca3b671f2de1cdf519192c6b59a601fd419adc16e2055b85058f793484305d7a1759782e4c571ee855a47bc00edf5e9020c41ab004321610b857e8717764b633b21cb32f0e03280e09758bd445ab91d20baca005452b79d7b574a247f1d2fe45b3c4e93da3d51de647c10dd49944dc87c92332af00f191b66b6a6f732a91f0e2e9120be61e58c79d497247d278888901d442ad7f8536605a644e9e3d769db497c3960dfde12182334caee994adc38a436367a54b9e182b78e9a0ceb9a2c4f63902c1ad1a7c5a08d0920a23c2a86abbdf357849a651733e57f31019876026888c8ccb85c86b4f8ffffff7f000000002c331fca0e541b7ca211c28ed61c525708a13d115b43f8b1894c8fa8a14dc4810f61ae96c18cc7130000000000002100000000000000000001000027c9a46157a3609b6fd9843ee19ec647249a9375de5858818f3c4a4fa6ce46f4d42b07199de8b99231ace58c77819ee214e49666c464d35ca9b5143ed3b3dc8c17a23692759ccf5a205311b7ab22532697b861dfb54609fd88e6043bd52ae84c1bb0c8a6c769f952283a1f4e3842edb3d42cea68bef67422ecc13968a27ef6a1296dfff4a979369b0e8ebc62887aa46e824d86869ec4ab392b0a74f91381dcc198e353047db70686d147357024eb3cb94f1e89cb5ba0a56aa046b4dc521a3d9356b4b8b5917c4c860495b240e80063bde261fd00000000007271e28ef6806bc8e139c49b91c76bea3858f78fbd8d31330d89069f9648a2ff93060ff073b3a113e47edf76f7d116d2b0976cf2ec447c030931651dd315003b7a6a5433a2bb3c035fc6846abe389b25c988f0bbb889560ae99ec4b227eda2e63a1c31a2c2bd48a822cbe92b6524e0cd8020ecaa34e19e7141d5e221509342bfe7d294d1eb3de6a50ca0301f89c2ee627e949c68b3a4a412a9b7d503a26e9a714ee5f72d8805dd1bfbd081f6a5d1f1289dfe14cb9194e26a44fac273461fc5c0e0a33db7f2d43ea8086cf059f40fa2640b6bfb74dd35f5a31059c01517cf4b6641fce9a24b96767b837ca037a1199735c375c705c798e0e208e4a5259d0bfa526b462af45a6eab34000000000000000000000000c4426344ec1a3366515dee221e747f55d7dd02534bc503b9b28277c253e410986bef2111a99cc448d652929f8a67a6a1d3f00dcad91aff428aade3f85714a1d3ef29acd4d49b62339c10c2ec0dac090000000000000084d8223edbccbf9258b7374e79a1f8bf3fb73c8c6dbb7bbdfc399847a11921f97eba0ea14c4fed9a71eedb97c02461792e3a49dac16c60c3fcaab222025d78963c3ac899fa8b63f58a30212c9b2d7fe751e2046b78f86e22861b6504c667350244dd6d9189a8b9c45f8aaff9db694811ca86ed978f23eed7459c0382074170cf1e25b0e9ba3d1cc309353eea4cd8ab96bafda393276bdd8d32ead8db9e1b54d2d3d50e2815268fc1a6ec566981bc8ca2a4583f3d40e817433d0f4f25cfe6cc1897449ba5f26a9d66ac73e6f5c401376f23a314e0b9ff997d22f381ba6e0363d0a4a8a813edaa626f0000000000000000004f9e02a3b51a97c4b1c1b411cc6bee2a56f29c55a6aac46a0cfc318fae02922a403431d4e5a4396cad2c8dd34037bc041a2ba1505ba2c4889122ca04e85881aad5f8bfc12e6741872aad21bf5301cd4c60"], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f00000001c0), 0xfffffedf, 0x10, &(0x7f0000000040), 0x0, 0x0, 0xffffffffffffffff, 0xd, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x48)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000140)={r2, 0x0, 0x10, 0x0, &(0x7f0000002580)="f0b9547ee7affa9daabd309a75d387db", 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}, 0x50)
r3 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
connect$unix(r4, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r5, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r4, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r6 = syz_io_uring_setup(0x11d, &(0x7f0000000140)={0x0, 0xf84c, 0x400, 0xffffffff, 0x3}, &(0x7f0000000240)=<r7=>0x0, &(0x7f0000000040)=<r8=>0x0)
r9 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r9, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000100)={{0x14, 0x10, 0x1, 0x0, 0x0, {0x1}}, [@NFT_MSG_NEWTABLE={0x20, 0x0, 0xa, 0x401, 0x0, 0x0, {0x1}, [@NFTA_TABLE_NAME={0x9, 0x1, 'syz0\x00'}]}, @NFT_MSG_NEWCHAIN={0x2c, 0x3, 0xa, 0x101, 0x0, 0x0, {0x1}, [@NFTA_CHAIN_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_CHAIN_NAME={0x9, 0x3, 'syz2\x00'}]}, @NFT_MSG_NEWRULE={0x84, 0x6, 0xa, 0x401, 0x0, 0x0, {0x1}, [@NFTA_RULE_CHAIN_ID={0x8}, @NFTA_RULE_EXPRESSIONS={0x5c, 0x4, 0x0, 0x1, [{0x34, 0x1, 0x0, 0x1, @exthdr={{0xb}, @val={0x24, 0x2, 0x0, 0x1, [@NFTA_EXTHDR_DREG={0x8, 0x1, 0x1, 0x0, 0xc}, @NFTA_EXTHDR_OFFSET={0x8}, @NFTA_EXTHDR_LEN={0x8, 0x4, 0x1, 0x0, 0x22}, @NFTA_EXTHDR_TYPE={0x5, 0x2, 0x7}]}}}, {0x24, 0x1, 0x0, 0x1, @redir={{0xa}, @val={0x14, 0x2, 0x0, 0x1, [@NFTA_REDIR_REG_PROTO_MAX={0x8, 0x2, 0x1, 0x0, 0xf}, @NFTA_REDIR_REG_PROTO_MIN={0x8, 0x1, 0x1, 0x0, 0x12}]}}}]}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}]}], {0x14}}, 0xf8}}, 0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r7, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4)
r10 = openat$vmci(0xffffffffffffff9c, &(0x7f0000000740), 0x2, 0x0)
ioctl$IOCTL_VMCI_VERSION2(r10, 0x7a7, &(0x7f0000000080)=0xb0000)
ioctl$IOCTL_VMCI_INIT_CONTEXT(r10, 0x7a0, &(0x7f0000000000)={@my=0x1})
ioctl$IOCTL_VMCI_QUEUEPAIR_ALLOC(r10, 0x7a8, 0x0)
syz_io_uring_submit(r7, r8, 0x0)
madvise(&(0x7f0000571000/0x2000)=nil, 0x2000, 0x64)
io_uring_enter(r6, 0x47f6, 0x0, 0x0, 0x0, 0x0)
ioctl$AUTOFS_DEV_IOCTL_CLOSEMOUNT(r3, 0xc0189375, 0x0)
write$FUSE_NOTIFY_RETRIEVE(0xffffffffffffffff, 0x0, 0x0)

6m27.783975183s ago: executing program 2 (id=482):
recvmsg(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000140)=[{0x0}], 0x1}, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000280)=@deltclass={0x24, 0x29, 0x200, 0x70bd29, 0x25dfdbfc, {0x0, 0x0, 0x0, 0x0, {}, {0x4, 0xfff2}, {0x1e, 0xc}}}, 0x24}, 0x1, 0x0, 0x0, 0x811}, 0x0)
r0 = socket$netlink(0x10, 0x3, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000180)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000080)={'lo\x00', <r2=>0x0})
sendmsg$nl_route_sched(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)=@newqdisc={0x30, 0x24, 0xd0f, 0x70bd2b, 0x0, {0x60, 0x0, 0x0, r2, {0x0, 0x8}, {0xffff, 0xffff}, {0x0, 0xc}}, [@qdisc_kind_options=@q_pie={{0x8}, {0x4}}]}, 0x30}, 0x1, 0x0, 0x0, 0x4008000}, 0x3000c81c)
sendmmsg(r0, &(0x7f00000002c0), 0x40000000000009f, 0x0)

6m26.974528311s ago: executing program 2 (id=484):
socket$packet(0x11, 0x2, 0x300)
r0 = socket$inet_udp(0x2, 0x2, 0x0)
setsockopt$SO_TIMESTAMPING(r0, 0x1, 0x25, &(0x7f0000000080)=0x474c, 0x4)
bind$inet(r0, &(0x7f00000001c0)={0x2, 0x0, @local}, 0x10)
connect$inet(r0, &(0x7f0000000480)={0x2, 0x0, @multicast2}, 0x10)
sendmmsg(r0, &(0x7f0000007fc0), 0x800001d, 0x0)
setsockopt$inet_int(r0, 0x0, 0xc, &(0x7f0000000000)=0x8, 0x4)
recvmmsg(r0, &(0x7f0000001340)=[{{0x0, 0x0, 0x0}, 0x8000}], 0x1, 0x45833af92e4b39ff, 0x0)
r1 = socket$inet(0x2, 0x4000000000000001, 0x0)
setsockopt$inet_tcp_int(r1, 0x6, 0x80000000000002, &(0x7f00000000c0)=0x7a, 0x4)
bind$inet(r1, &(0x7f0000000080)={0x2, 0x4e23, @local}, 0x10)
setsockopt$SO_ATTACH_FILTER(r1, 0x1, 0x1a, &(0x7f0000000140)={0x1, &(0x7f0000000280)=[{0x6, 0x0, 0x0, 0xe4}]}, 0x10)
sendto$inet(r1, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10)
setsockopt$inet_tcp_TCP_CONGESTION(r1, 0x6, 0xd, &(0x7f0000000000)='bbr\x00', 0x4)
sendmmsg$inet(r1, &(0x7f0000000e00)=[{{0x0, 0x0, &(0x7f0000000540)=[{&(0x7f0000000180)="ae1d4b178f10911a2dab191193b809cf9294262aa07902937575ee00b79dde347c0e6b2970ac6c8aa4d76a09fbd96643ee0877b3d0badfdcef5d45ff3c02cbf632464c24039086f74548ccae132a1bafbfef8cc1860c4aad820da4977e44f7b489cfccac766c51391bfcdb9f5510c7770582516cb7d41772001624e5905bba54f08547a4485b5a2a98b5f5c690d0a825161e3d7e4b39365b43b2701c68b167bbdce33c013a9b89c9a7b823ec5ecd432f12dc063ddaa7431a3385e29d0c7ac17389308b450e1d06ab9388183e9828783f6a23183986257098262af4ba197ca5e4499ec85fd8c1f1c7a122ff", 0xeb}, {&(0x7f00000002c0)="7f2f58967d9a6924bf6fed7467470b436ce6b9060056d5096e3c4efeec82e9e3e6446a274bca12243a4965600d3e1843baccebbad5e427aeaff4e1431a4569bfdc0a70ca0e6c7bbd4dbaaae3af04662d606b229f3d36a44238f671", 0x5b}, {&(0x7f0000000340)="853fb58bbfe8dd0cc89d43d5d23b1300ed7e35f003657088996f21190dcb6b3f58c4056eeda3ad7e97ab52e04a101c55ad140ed006cb1a657170168fef29b9d66a7d877d1c71536b486b0ef40e14b84a970df872b1", 0x55}, {&(0x7f00000003c0)="e9623a2564f0dca65929e3dcaf93431db8a9e128b420d32a401394714e0352e456d446ac080b638c9d63fa92e935cebeb2273e06064c044da5b383b4a6222d0d6afb6612404566faeee57d678a63a91eea4242f87342c64a95ebfdc6ad6b0a72feab53b2d53d805f90cc578b2bafbdcfd62f2ef4861b76e32272e8c799fdffd209b1c8fc26d842bd31482458ef705a7ff7f14faa90a193977eb376443d524cbb7ec9c6b73d441c57d69e2389a1fed974289ad4ce97d971edd3d7d678ee9de3caeeefe4cfcb09bc11ca162e06e98a2ce596070d83081e8d4014d917145aeb224f2a4a530cf5bbf1021647b99cd5", 0xed}, {&(0x7f00000004c0)="73d4ee65bba261afcec94075e4f13fb157c1bc27e26547cde7ff7244ed31797dfb8df9b8695ca5667526d5594901cd5e1a944936387c97d9ac91804b46657552fa7bbad707c25f5412e40742ee435f6774a8edced6ae721b6ce231cfeedd7d71", 0x60}, {&(0x7f0000000100)="cfc4a70042dd2be7b7", 0x9}, {&(0x7f0000000640)="853ef8e048602d96b1098f1b1265a8315b5158ee6dc61dfe5be1063bac6eec0a9525fcfe6be179cbbd8c5cf9a7fc1ae037fba1f6fb5a060fd0ec2dfc4edf69fdc23a30e510d2fba92bd55ed7f4f893103b2772151cbdb17e", 0x58}], 0x7}}, {{0x0, 0x0, &(0x7f0000000c80)=[{&(0x7f00000007c0)="9b76f00d7896f57313214b00958aef52901a18ff216310ac27dfc6ab72d9613160c3fe223de4ef6e9dcd5966d72ac2fc4a746fc1e58398e50f7b08bba2b56220a751e01156a10aa2d92861404dfce53be69bfbf0faf3f853d5564407f0eff9eac60e1876ff775bdd17d67ca7b0826783e51e632396fa918cfe55adfeb1c5de1f5db782645a54057c205ce92ac4452f95ea214c24046862a0c7d172664efe5359850941e99a984a02579e6e76ed6a2d2d3e14457ef8fd37a65bd54fa0af9a14822a0b17efd93089f033a33419a6b1", 0xce}, {&(0x7f00000008c0)='\aT', 0x2}], 0x2}}], 0x2, 0x10)
setsockopt$sock_int(r1, 0x1, 0x8, &(0x7f0000000600)=0xdfa, 0x4)
ioctl$KVM_SET_MSRS(0xffffffffffffffff, 0x4008ae89, &(0x7f0000000100)=ANY=[@ANYBLOB="0100000000000000044d564b"])
r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f0000000200)=0x400000bce)
ioctl$F2FS_IOC_MOVE_RANGE(r2, 0xc020f509, &(0x7f0000000180)={r2, 0x8, 0xc, 0x8})
r3 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r3, &(0x7f0000019680)=""/102392, 0x18ff8)
r4 = syz_open_dev$tty1(0xc, 0x4, 0x1)
ioctl$PIO_SCRNMAP(r4, 0x4b41, &(0x7f00000016c0))
bind$inet6(0xffffffffffffffff, &(0x7f0000ed3fe4)={0xa, 0x4e20, 0x0, @loopback}, 0x1c)
sendto$inet(r1, &(0x7f00000012c0)="09268a927f1f6588b967481241ba7860fcfaf65ac618ded8974895abeaf4b4834ff922b3f1e0b02bd67aa03059bcecc7a95425a3a07e758044ab4ea6f7ae55d88fecf90b1a7511bf746bec66ba", 0x20c8, 0x11, 0x0, 0x27)

6m11.305000408s ago: executing program 37 (id=484):
socket$packet(0x11, 0x2, 0x300)
r0 = socket$inet_udp(0x2, 0x2, 0x0)
setsockopt$SO_TIMESTAMPING(r0, 0x1, 0x25, &(0x7f0000000080)=0x474c, 0x4)
bind$inet(r0, &(0x7f00000001c0)={0x2, 0x0, @local}, 0x10)
connect$inet(r0, &(0x7f0000000480)={0x2, 0x0, @multicast2}, 0x10)
sendmmsg(r0, &(0x7f0000007fc0), 0x800001d, 0x0)
setsockopt$inet_int(r0, 0x0, 0xc, &(0x7f0000000000)=0x8, 0x4)
recvmmsg(r0, &(0x7f0000001340)=[{{0x0, 0x0, 0x0}, 0x8000}], 0x1, 0x45833af92e4b39ff, 0x0)
r1 = socket$inet(0x2, 0x4000000000000001, 0x0)
setsockopt$inet_tcp_int(r1, 0x6, 0x80000000000002, &(0x7f00000000c0)=0x7a, 0x4)
bind$inet(r1, &(0x7f0000000080)={0x2, 0x4e23, @local}, 0x10)
setsockopt$SO_ATTACH_FILTER(r1, 0x1, 0x1a, &(0x7f0000000140)={0x1, &(0x7f0000000280)=[{0x6, 0x0, 0x0, 0xe4}]}, 0x10)
sendto$inet(r1, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10)
setsockopt$inet_tcp_TCP_CONGESTION(r1, 0x6, 0xd, &(0x7f0000000000)='bbr\x00', 0x4)
sendmmsg$inet(r1, &(0x7f0000000e00)=[{{0x0, 0x0, &(0x7f0000000540)=[{&(0x7f0000000180)="ae1d4b178f10911a2dab191193b809cf9294262aa07902937575ee00b79dde347c0e6b2970ac6c8aa4d76a09fbd96643ee0877b3d0badfdcef5d45ff3c02cbf632464c24039086f74548ccae132a1bafbfef8cc1860c4aad820da4977e44f7b489cfccac766c51391bfcdb9f5510c7770582516cb7d41772001624e5905bba54f08547a4485b5a2a98b5f5c690d0a825161e3d7e4b39365b43b2701c68b167bbdce33c013a9b89c9a7b823ec5ecd432f12dc063ddaa7431a3385e29d0c7ac17389308b450e1d06ab9388183e9828783f6a23183986257098262af4ba197ca5e4499ec85fd8c1f1c7a122ff", 0xeb}, {&(0x7f00000002c0)="7f2f58967d9a6924bf6fed7467470b436ce6b9060056d5096e3c4efeec82e9e3e6446a274bca12243a4965600d3e1843baccebbad5e427aeaff4e1431a4569bfdc0a70ca0e6c7bbd4dbaaae3af04662d606b229f3d36a44238f671", 0x5b}, {&(0x7f0000000340)="853fb58bbfe8dd0cc89d43d5d23b1300ed7e35f003657088996f21190dcb6b3f58c4056eeda3ad7e97ab52e04a101c55ad140ed006cb1a657170168fef29b9d66a7d877d1c71536b486b0ef40e14b84a970df872b1", 0x55}, {&(0x7f00000003c0)="e9623a2564f0dca65929e3dcaf93431db8a9e128b420d32a401394714e0352e456d446ac080b638c9d63fa92e935cebeb2273e06064c044da5b383b4a6222d0d6afb6612404566faeee57d678a63a91eea4242f87342c64a95ebfdc6ad6b0a72feab53b2d53d805f90cc578b2bafbdcfd62f2ef4861b76e32272e8c799fdffd209b1c8fc26d842bd31482458ef705a7ff7f14faa90a193977eb376443d524cbb7ec9c6b73d441c57d69e2389a1fed974289ad4ce97d971edd3d7d678ee9de3caeeefe4cfcb09bc11ca162e06e98a2ce596070d83081e8d4014d917145aeb224f2a4a530cf5bbf1021647b99cd5", 0xed}, {&(0x7f00000004c0)="73d4ee65bba261afcec94075e4f13fb157c1bc27e26547cde7ff7244ed31797dfb8df9b8695ca5667526d5594901cd5e1a944936387c97d9ac91804b46657552fa7bbad707c25f5412e40742ee435f6774a8edced6ae721b6ce231cfeedd7d71", 0x60}, {&(0x7f0000000100)="cfc4a70042dd2be7b7", 0x9}, {&(0x7f0000000640)="853ef8e048602d96b1098f1b1265a8315b5158ee6dc61dfe5be1063bac6eec0a9525fcfe6be179cbbd8c5cf9a7fc1ae037fba1f6fb5a060fd0ec2dfc4edf69fdc23a30e510d2fba92bd55ed7f4f893103b2772151cbdb17e", 0x58}], 0x7}}, {{0x0, 0x0, &(0x7f0000000c80)=[{&(0x7f00000007c0)="9b76f00d7896f57313214b00958aef52901a18ff216310ac27dfc6ab72d9613160c3fe223de4ef6e9dcd5966d72ac2fc4a746fc1e58398e50f7b08bba2b56220a751e01156a10aa2d92861404dfce53be69bfbf0faf3f853d5564407f0eff9eac60e1876ff775bdd17d67ca7b0826783e51e632396fa918cfe55adfeb1c5de1f5db782645a54057c205ce92ac4452f95ea214c24046862a0c7d172664efe5359850941e99a984a02579e6e76ed6a2d2d3e14457ef8fd37a65bd54fa0af9a14822a0b17efd93089f033a33419a6b1", 0xce}, {&(0x7f00000008c0)='\aT', 0x2}], 0x2}}], 0x2, 0x10)
setsockopt$sock_int(r1, 0x1, 0x8, &(0x7f0000000600)=0xdfa, 0x4)
ioctl$KVM_SET_MSRS(0xffffffffffffffff, 0x4008ae89, &(0x7f0000000100)=ANY=[@ANYBLOB="0100000000000000044d564b"])
r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f0000000200)=0x400000bce)
ioctl$F2FS_IOC_MOVE_RANGE(r2, 0xc020f509, &(0x7f0000000180)={r2, 0x8, 0xc, 0x8})
r3 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r3, &(0x7f0000019680)=""/102392, 0x18ff8)
r4 = syz_open_dev$tty1(0xc, 0x4, 0x1)
ioctl$PIO_SCRNMAP(r4, 0x4b41, &(0x7f00000016c0))
bind$inet6(0xffffffffffffffff, &(0x7f0000ed3fe4)={0xa, 0x4e20, 0x0, @loopback}, 0x1c)
sendto$inet(r1, &(0x7f00000012c0)="09268a927f1f6588b967481241ba7860fcfaf65ac618ded8974895abeaf4b4834ff922b3f1e0b02bd67aa03059bcecc7a95425a3a07e758044ab4ea6f7ae55d88fecf90b1a7511bf746bec66ba", 0x20c8, 0x11, 0x0, 0x27)

2m38.975842939s ago: executing program 7 (id=1097):
r0 = memfd_secret(0x0)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0xa, 0x11, r0, 0x0)
ftruncate(r0, 0x51a9497)
socket$nl_route(0x10, 0x3, 0x0)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000000c0)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
splice(r2, 0x0, 0xffffffffffffffff, 0x0, 0x8000f28, 0x0)
vmsplice(0xffffffffffffffff, &(0x7f0000000780)=[{&(0x7f0000000200)="94", 0x1}], 0x1, 0xa)
ioctl$sock_inet_udp_SIOCINQ(0xffffffffffffffff, 0x541b, 0x0)
write(r1, 0x0, 0x0)

2m38.503345733s ago: executing program 7 (id=1098):
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=@newtaction={0xa4, 0x30, 0x1, 0x0, 0x0, {}, [{0x90, 0x1, [@m_ct={0x44, 0x2, 0x0, 0x0, {{0x7}, {0x1c, 0x2, 0x0, 0x1, [@TCA_CT_PARMS={0x18, 0x1, {0x9d, 0x11e41e7a, 0x20000000, 0x0, 0xf}}]}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x3, 0x1}}}}, @m_ife={0x48, 0x1, 0x0, 0x0, {{0x8}, {0x20, 0x2, 0x0, 0x1, [@TCA_IFE_PARMS={0x1c}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0xa4}, 0x1, 0x0, 0x0, 0x804}, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r0, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10)
ioctl$DRM_IOCTL_MODE_ATOMIC(0xffffffffffffffff, 0xc03864bc, &(0x7f00000001c0)={0x400, 0x0, 0x0, 0x0, 0x0, 0x0})
r3 = syz_open_dev$usbmon(&(0x7f00000001c0), 0x0, 0x0)
ioctl$MON_IOCG_STATS(r3, 0x80089203, &(0x7f0000000080))
bind$tipc(0xffffffffffffffff, &(0x7f0000000000)=@nameseq={0x1e, 0x1, 0x0, {0x42, 0x0, 0x2}}, 0x10)
r4 = socket$tipc(0x1e, 0x5, 0x0)
bind$tipc(r4, &(0x7f00000000c0)=@nameseq={0x1e, 0x1, 0x0, {0x42}}, 0x10)
bind$tipc(0xffffffffffffffff, &(0x7f0000000080)=@nameseq={0x1e, 0x1, 0x0, {0x42, 0x1, 0x3}}, 0x10)
bind$tipc(r4, &(0x7f00000001c0)=@name={0x1e, 0x2, 0x0, {{0x42, 0x2}}}, 0x10)

2m35.529864187s ago: executing program 7 (id=1107):
r0 = epoll_create1(0x0)
r1 = socket(0x1, 0x80802, 0x0)
r2 = epoll_create1(0x0)
epoll_ctl$EPOLL_CTL_ADD(r0, 0x1, r2, &(0x7f0000000100)={0xa000000d})
epoll_ctl$EPOLL_CTL_ADD(r0, 0x1, r1, &(0x7f0000000000))
r3 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000040)='fdinfo/3\x00')
read$FUSE(r3, 0x0, 0x0)

2m34.849407091s ago: executing program 7 (id=1109):
syz_usb_control_io$hid(0xffffffffffffffff, 0x0, 0x0)
sched_setscheduler(0x0, 0x1, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0xd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
r0 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0x5)
ioctl$TIOCSTI(r0, 0x5412, &(0x7f0000000200)=0xdc)
ioctl$DRM_IOCTL_MODE_GETPLANERESOURCES(0xffffffffffffffff, 0xc01064b5, &(0x7f0000000140)={&(0x7f0000000100)})
ioctl$DRM_IOCTL_MODE_GETPLANE(0xffffffffffffffff, 0xc02064b6, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
r1 = syz_open_dev$dri(&(0x7f0000000080), 0x1, 0x0)
r2 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
recvmmsg(r2, &(0x7f00000003c0)=[{{0x0, 0x0, 0x0}, 0x5}], 0x1, 0x40000000, 0x0)
bind$bt_hci(r2, &(0x7f0000000080)={0x1f, 0xffff, 0x3}, 0x6)
write$binfmt_misc(r2, &(0x7f0000001280), 0x6)
ioctl$DRM_IOCTL_MODE_GETPLANE(r1, 0xc02064b6, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
ioctl$USBDEVFS_BULK(0xffffffffffffffff, 0xc0185502, &(0x7f0000000240)={{{0x1, 0x1}}, 0x28, 0xfffffffc, 0x0})

2m33.712422207s ago: executing program 7 (id=1112):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000600)={0x11, 0x3, &(0x7f0000000200)=@framed, &(0x7f00000003c0)='GPL\x00', 0xffffffff, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
r1 = socket(0x10, 0x3, 0x0)
setsockopt$netlink_NETLINK_TX_RING(r1, 0x10e, 0xc, &(0x7f0000000000)={0x4001, 0x0, 0x100000, 0x7}, 0x10)
sendmsg$nl_route(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000040)=ANY=[@ANYRESDEC=r0], 0x1c}}, 0x40000)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f00000000c0)='contention_end\x00', r0}, 0x18)
r2 = socket$netlink(0x10, 0x3, 0x8000000004)
writev(r2, &(0x7f0000000140)=[{&(0x7f0000000080)="580000001400192340834b80040d8c560a067f0200ff000000000000000058000b4824ca945f64009400ff0325010ebc000000000000008000f0fffeffe809005300fff5dd00000010000200040010000800014004000000", 0x58}], 0x1)
r3 = socket$kcm(0x10, 0x2, 0x0)
sendmsg$kcm(r3, &(0x7f0000000600), 0x0)
semget$private(0x0, 0x4, 0x210)

2m33.155960308s ago: executing program 7 (id=1115):
r0 = syz_open_procfs(0x0, 0x0)
pread64(r0, &(0x7f0000000080)=""/102356, 0x18fd4, 0x80)
sync()
sync()
sync()
sync()
sync()
sync()
sync()
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x80000100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000300)=0x7)
getpid()
mmap(&(0x7f0000ff2000/0xe000)=nil, 0xe000, 0x0, 0x50, r0, 0xfffff000)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x400000bce)
r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8)
sync()

2m17.72592337s ago: executing program 38 (id=1115):
r0 = syz_open_procfs(0x0, 0x0)
pread64(r0, &(0x7f0000000080)=""/102356, 0x18fd4, 0x80)
sync()
sync()
sync()
sync()
sync()
sync()
sync()
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x80000100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000300)=0x7)
getpid()
mmap(&(0x7f0000ff2000/0xe000)=nil, 0xe000, 0x0, 0x50, r0, 0xfffff000)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x400000bce)
r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8)
sync()

1m30.618317777s ago: executing program 8 (id=1275):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000600)={0x11, 0x3, &(0x7f0000000200)=@framed, &(0x7f00000003c0)='GPL\x00', 0xffffffff, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
r1 = socket(0x10, 0x3, 0x0)
setsockopt$netlink_NETLINK_TX_RING(r1, 0x10e, 0xc, &(0x7f0000000000)={0x4001, 0x0, 0x100000, 0x7}, 0x10)
sendmsg$nl_route(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000040)=ANY=[@ANYRESDEC=r0], 0x1c}}, 0x40000)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f00000000c0)='contention_end\x00', r0}, 0x18)
r2 = socket$netlink(0x10, 0x3, 0x8000000004)
writev(r2, &(0x7f0000000140)=[{&(0x7f0000000080)="580000001400192340834b80040d8c560a067f0200ff000000000000000058000b4824ca945f64009400ff0325010ebc000000000000008000f0fffeffe809005300fff5dd00000010000200040010000800014004000000", 0x58}], 0x1)
r3 = socket$kcm(0x10, 0x2, 0x0)
sendmsg$kcm(r3, &(0x7f0000000600)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000080)="2e00000010008188e6b62aa73772cc9f1ba1f848480000005e140602000000000e000a", 0x23}], 0x1}, 0x0)
semget$private(0x0, 0x4, 0x210)

1m28.791429377s ago: executing program 8 (id=1276):
r0 = syz_open_dev$vbi(&(0x7f0000000000), 0x0, 0x2)
ioctl$VIDIOC_S_INPUT(r0, 0xc0045627, &(0x7f0000000100)=0x3)
ioctl$VIDIOC_SUBDEV_S_DV_TIMINGS(r0, 0xc0845657, &(0x7f0000000200)={0x0, @bt={0xe8c, 0x258, 0x1, 0x1, 0xd59f80, 0x19f2, 0x3f, 0x19ef, 0x3, 0x7, 0x2800, 0x9, 0x440, 0xd1, 0xc, 0x30, {0x8, 0xffffffff}, 0xd0, 0x9}})

1m27.69307545s ago: executing program 8 (id=1280):
r0 = socket$inet(0x2, 0x2000000080005, 0xffffffd2)
setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000240)=@broute={'broute\x00', 0x20, 0x0, 0x90, [0x0, 0x0, 0x0, 0x0, 0x0, 0x20000180], 0x0, 0x0, 0x0}, 0x108)
shmctl$SHM_LOCK(0x0, 0xb)
shmctl$SHM_LOCK(0x0, 0xb)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x100000000004, 0x0)
read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8)
r2 = socket$inet6(0xa, 0x3, 0x7)
setsockopt$inet6_IPV6_FLOWLABEL_MGR(r2, 0x29, 0x20, &(0x7f0000000100)={@mcast2, 0x800, 0x0, 0x3, 0x1, 0x0, 0x3}, 0x20)

1m25.064003473s ago: executing program 8 (id=1288):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
inotify_init()
creat(&(0x7f0000000140)='./file0\x00', 0x330e470bd789f8d8)
r1 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={0x0, r0}, 0x18)
ioctl$FS_IOC_GETVERSION(r1, 0x80087601, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r2 = getpid()
sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
setsockopt(0xffffffffffffffff, 0x84, 0x7d, 0x0, 0x0)
socket$kcm(0x10, 0x2, 0x0)
r5 = syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10)
sendmsg$netlink(r5, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000500)={0x18, 0x2c, 0x1, 0x0, 0x0, "", [@nested={0x4}, @nested={0x4, 0x8d}]}, 0x18}], 0x1}, 0x0)

1m23.420995408s ago: executing program 8 (id=1290):
socket$nl_generic(0x10, 0x3, 0x10)
r0 = syz_open_dev$sndctrl(&(0x7f0000000000), 0x2, 0xa0c80)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r1 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000040)='fdinfo/3\x00')
read$FUSE(r1, &(0x7f0000006140)={0x2020}, 0x2020)
ioctl$NS_GET_OWNER_UID(0xffffffffffffffff, 0xb704, &(0x7f0000000280))
stat(&(0x7f00000002c0)='./file0\x00', &(0x7f00000006c0))
r2 = getpid()
sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r5 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000240), 0x2, 0x0)
mount$fuse(0x0, 0x0, &(0x7f0000002100), 0x0, &(0x7f0000002140)={{'fd', 0x3d, r5}, 0x2c, {'rootmode', 0x3d, 0x4000}})
ioctl$FUSE_DEV_IOC_CLONE(r5, 0x8004e500, &(0x7f0000000040)=r5)
r6 = syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0)
ioctl$SNDRV_CTL_IOCTL_ELEM_ADD(r0, 0xc1105517, &(0x7f0000000840)={{0x400007b, 0x4, 0x4, 0x4, 'syz0\x00', 0x4}, 0x1, 0x30000024, 0x7b, r6, 0xfffffffffffffd8a, 0x4, 'syz1\x00', 0x0})

1m20.467600525s ago: executing program 8 (id=1294):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f0000000200)=0x400000bce)
r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8)
r1 = dup2(0xffffffffffffffff, 0xffffffffffffffff)
socket$kcm(0x29, 0x5, 0x0)
openat$zero(0xffffffffffffff9c, &(0x7f0000001040), 0x60000, 0x0)
setsockopt$kcm_KCM_RECV_DISABLE(r1, 0x119, 0x1, 0x0, 0x4f)
ioctl$BLKTRACESTOP(r1, 0x1275, 0x0)
r2 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x0)
ioctl$SCSI_IOCTL_SEND_COMMAND(r2, 0x1, &(0x7f0000000140)={0x0, 0xff, 0x8})
msync(&(0x7f0000952000/0x2000)=nil, 0x87abbe8d1cc6ad9, 0x4)
ioctl$BLKTRACESETUP(r1, 0x1276, 0x0)
openat$ttyprintk(0xffffffffffffff9c, &(0x7f0000000000), 0x8801, 0x0)
ioctl$DRM_IOCTL_GET_CAP(0xffffffffffffffff, 0xc010640c, 0x0)
sendmsg$NFT_BATCH(0xffffffffffffffff, 0x0, 0x0)

1m4.947696827s ago: executing program 39 (id=1294):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f0000000200)=0x400000bce)
r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8)
r1 = dup2(0xffffffffffffffff, 0xffffffffffffffff)
socket$kcm(0x29, 0x5, 0x0)
openat$zero(0xffffffffffffff9c, &(0x7f0000001040), 0x60000, 0x0)
setsockopt$kcm_KCM_RECV_DISABLE(r1, 0x119, 0x1, 0x0, 0x4f)
ioctl$BLKTRACESTOP(r1, 0x1275, 0x0)
r2 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x0)
ioctl$SCSI_IOCTL_SEND_COMMAND(r2, 0x1, &(0x7f0000000140)={0x0, 0xff, 0x8})
msync(&(0x7f0000952000/0x2000)=nil, 0x87abbe8d1cc6ad9, 0x4)
ioctl$BLKTRACESETUP(r1, 0x1276, 0x0)
openat$ttyprintk(0xffffffffffffff9c, &(0x7f0000000000), 0x8801, 0x0)
ioctl$DRM_IOCTL_GET_CAP(0xffffffffffffffff, 0xc010640c, 0x0)
sendmsg$NFT_BATCH(0xffffffffffffffff, 0x0, 0x0)

13.142349478s ago: executing program 9 (id=1425):
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x804}, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setaffinity(0x0, 0x0, 0x0)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r0, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10)
ioctl$DRM_IOCTL_MODE_ATOMIC(0xffffffffffffffff, 0xc03864bc, &(0x7f00000001c0)={0x400, 0x0, 0x0, 0x0, 0x0, 0x0})
r3 = syz_open_dev$usbmon(&(0x7f00000001c0), 0x0, 0x0)
ioctl$MON_IOCG_STATS(r3, 0x80089203, &(0x7f0000000080))
bind$tipc(0xffffffffffffffff, &(0x7f0000000000)=@nameseq={0x1e, 0x1, 0x0, {0x42, 0x0, 0x2}}, 0x10)
r4 = socket$tipc(0x1e, 0x5, 0x0)
bind$tipc(r4, &(0x7f00000000c0)=@nameseq={0x1e, 0x1, 0x0, {0x42}}, 0x10)
bind$tipc(0xffffffffffffffff, &(0x7f0000000080)=@nameseq={0x1e, 0x1, 0x0, {0x42, 0x1, 0x3}}, 0x10)
bind$tipc(r4, &(0x7f00000001c0)=@name={0x1e, 0x2, 0x0, {{0x42, 0x2}}}, 0x10)

12.137780276s ago: executing program 9 (id=1428):
bpf$PROG_LOAD(0x5, 0x0, 0x0)
socket$inet_sctp(0x2, 0x1, 0x84)
r0 = socket$inet6_sctp(0xa, 0x5, 0x84)
openat(0xffffffffffffff9c, &(0x7f0000000580)='./file0\x00', 0x2c41, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000780)={0x8, 0x248}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r1 = getpid()
sched_setaffinity(0x0, 0x0, 0x0)
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x6)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000001c0)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f00000004c0)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x3fffffffffffeda, 0x2, 0x0)
r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x3, &(0x7f00000002c0)=@framed, &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000080)='sched_switch\x00', r4}, 0x10)
socket$inet_udp(0x2, 0x2, 0x0)
openat$fuse(0xffffffffffffff9c, &(0x7f0000000040), 0x42, 0x0)
listxattr(&(0x7f0000000040)='./file1\x00', &(0x7f0000000140)=""/64, 0x40)
getsockopt$inet_sctp6_SCTP_MAX_BURST(r0, 0x84, 0xc, &(0x7f0000000000)=@assoc_value, &(0x7f0000000040)=0x8)
msgsnd(0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="01000000"], 0x8, 0x0)
msgrcv(0x0, &(0x7f00000001c0)={0x0, ""/187}, 0xc3, 0xa783166cb8bfc237, 0x800)

10.002806813s ago: executing program 9 (id=1431):
creat(0x0, 0x0)
pipe2$9p(&(0x7f0000001900)={0xffffffffffffffff, <r0=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r0, 0x0, 0x15)
r1 = dup(r0)
write$FUSE_BMAP(r1, &(0x7f0000000100)={0x18}, 0x18)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0)
r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000180)=0x2)
sched_setaffinity(0x0, 0x8, &(0x7f0000000340)=0x2)
read$msr(r2, &(0x7f0000019680)=""/102392, 0x18ff8)
ioctl$DRM_IOCTL_SET_CLIENT_CAP(0xffffffffffffffff, 0x4010640d, 0x0)
r3 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_tcp_int(r3, 0x6, 0x13, &(0x7f0000000040)=0x100000001, 0x4)
setsockopt$inet6_tcp_TCP_REPAIR_QUEUE(r3, 0x6, 0x14, &(0x7f0000000280)=0x1, 0x4)
connect$inet6(r3, &(0x7f0000000080)={0xa, 0x0, 0x0, @ipv4={'\x00', '\xff\xff', @remote}}, 0x1c)
sendto$inet6(r3, &(0x7f00000001c0)="a6e2976b5c4383036d32dadd2e144d8645ca8d1b230e105614396838da83c754887e7bea2f35d4ea667817d90d532af065f2e398dd9081ea16f8b371a202a6f9e505bbc964a0d3880bf0104a0a0a2f0d311efee1637e85a0125b38f961918f99bf9c2c146e42327f178dc2b3d4936e7f7f0a79f74ba464d83ab41742d1186776dc1779b5c50ac82d0fa8f9e42074b5b6079207fb21e718080907964669be539791e3e98687ee059853", 0xfffffffffffffcc1, 0x840, 0x0, 0x56)
mmap(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x0, 0x12, r3, 0x0)
getsockopt$inet6_tcp_TCP_ZEROCOPY_RECEIVE(r3, 0x6, 0x23, &(0x7f0000000140)={&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x0, 0x0, 0x0, &(0x7f0000001380)=""/4080, 0xfffffffffffffdcc, 0x0, 0x0, 0xffffffffffffff29}, &(0x7f0000000000)=0x40)
getsockopt$inet6_tcp_TCP_ZEROCOPY_RECEIVE(r3, 0x6, 0x23, &(0x7f00000000c0)={&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x0, 0x0, 0x0, 0x0, 0x23, 0x1, 0x0}, &(0x7f00000002c0)=0x40)

9.939908805s ago: executing program 0 (id=1432):
socket$inet6_udp(0xa, 0x2, 0x0)
socket$pppl2tp(0x18, 0x1, 0x1)
r0 = syz_init_net_socket$netrom(0x6, 0x5, 0x0)
socket$alg(0x26, 0x5, 0x0)
r1 = syz_init_net_socket$netrom(0x6, 0x5, 0x0)
connect$netrom(r1, &(0x7f0000000300)={{0x6, @rose, 0xffffffff}, [@remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x2}, @default, @default, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @bcast, @bcast, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x0}, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x0}]}, 0x48)
listen(r0, 0x1ad72f7)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x0, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="180100001c00000000000000120000f1850000006d00000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90)
r2 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x4, &(0x7f00000002c0)=ANY=[], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x80)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000980)='sys_exit\x00', r2}, 0x10)
accept4$netrom(r0, 0x0, 0x0, 0x80000)
syz_init_net_socket$x25(0x9, 0x5, 0x0)

8.8815693s ago: executing program 6 (id=1434):
r0 = gettid()
capget(&(0x7f0000004600)={0x20071026, r0}, &(0x7f0000004640)={0x4, 0x3, 0xd5, 0x4, 0x0, 0xffff})

8.255848113s ago: executing program 3 (id=1435):
bpf$PROG_LOAD(0x5, &(0x7f00000003c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0xf, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
prlimit64(0x0, 0xb, 0x0, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
getrlimit(0xd, &(0x7f0000000300))
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f00000001c0)=0x8)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x6770c000)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
r3 = socket$inet6(0xa, 0x2, 0x0)
bind$inet6(r3, &(0x7f0000002c80)={0xa, 0x14e24}, 0x1c)
r4 = syz_open_dev$vbi(&(0x7f0000000000), 0x0, 0x2)
ioctl$VIDIOC_SUBDEV_S_DV_TIMINGS(r4, 0xc0845657, &(0x7f0000000200)={0x0, @bt={0xe8c, 0x258, 0x1, 0x1, 0xd59f80, 0x19f2, 0x3f, 0x19ef, 0x3, 0x7, 0x2800, 0x9, 0x440, 0xd1, 0xc, 0x30, {0x8, 0xffffffff}, 0xd0, 0x9}})

8.236726124s ago: executing program 1 (id=1436):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000440)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r0}, 0x10)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r1 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x4)
r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r2, &(0x7f0000019680)=""/102392, 0x18ff8)
sched_setaffinity(0x0, 0xfffffef7, &(0x7f0000000740)=0x410000002)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
r4 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000480), 0xffffffffffffffff)
sendmsg$ETHTOOL_MSG_TSINFO_GET(r3, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000004c0)=ANY=[@ANYBLOB=' \x00\x00\x00', @ANYRES16=r4, @ANYBLOB="31830000000000000000190000000c0001800800030005"], 0x20}, 0x1, 0x0, 0x0, 0xffffff21}, 0x0)

8.19229349s ago: executing program 9 (id=1437):
syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
ioctl$int_in(0xffffffffffffffff, 0x5452, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
capset(0x0, 0x0)
sched_setscheduler(0x0, 0x2, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000580))
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
listen(r0, 0x0)
r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000680)={0x10, 0x4, &(0x7f0000000380)=ANY=[@ANYBLOB="1802000000c400000000000000000000850000003e00000095"], &(0x7f00000000c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90)
r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000240)=ANY=[@ANYBLOB="1200000004000000080000000b"], 0x48)
bpf$BPF_PROG_DETACH(0x8, &(0x7f0000000180)=ANY=[@ANYRES32=r2, @ANYRES32=r1, @ANYRES64=r1], 0x10)
sendmmsg$inet6(r0, &(0x7f0000002180)=[{{0x0, 0x0, &(0x7f0000000980)=[{&(0x7f0000000740)="03", 0x1}], 0x1}}], 0x1, 0x0)
sendmmsg$inet6(r0, &(0x7f0000002000)=[{{0x0, 0x0, &(0x7f0000000180), 0x1}}, {{0x0, 0x0, &(0x7f0000000640)=[{&(0x7f00000009c0)='.', 0xc400}], 0x7}}], 0x44, 0x0)

8.169979684s ago: executing program 6 (id=1438):
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x804}, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r0, 0x2, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r0, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10)
ioctl$DRM_IOCTL_MODE_ATOMIC(0xffffffffffffffff, 0xc03864bc, &(0x7f00000001c0)={0x400, 0x0, 0x0, 0x0, 0x0, 0x0})
r3 = syz_open_dev$usbmon(&(0x7f00000001c0), 0x0, 0x0)
ioctl$MON_IOCG_STATS(r3, 0x80089203, &(0x7f0000000080))
bind$tipc(0xffffffffffffffff, &(0x7f0000000000)=@nameseq={0x1e, 0x1, 0x0, {0x42, 0x0, 0x2}}, 0x10)
r4 = socket$tipc(0x1e, 0x5, 0x0)
bind$tipc(r4, &(0x7f00000000c0)=@nameseq={0x1e, 0x1, 0x0, {0x42}}, 0x10)
bind$tipc(0xffffffffffffffff, &(0x7f0000000080)=@nameseq={0x1e, 0x1, 0x0, {0x42, 0x1, 0x3}}, 0x10)
bind$tipc(r4, &(0x7f00000001c0)=@name={0x1e, 0x2, 0x0, {{0x42, 0x2}}}, 0x10)

7.887506487s ago: executing program 0 (id=1439):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
getpid()
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f0000000000)=0x6)
r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8)
mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x3, 0x200000005c832, 0xffffffffffffffff, 0x0)
rseq(0x0, 0x0, 0x0, 0x0)
r1 = getpid()
process_vm_readv(r1, &(0x7f0000008400)=[{&(0x7f0000000300)=""/54, 0x7ffff000}, {&(0x7f0000006180)=""/152, 0x98}], 0x2, &(0x7f0000008640)=[{&(0x7f0000008480)=""/95, 0x7ffff000}], 0x286, 0x0)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000280)={0x0, 0x0, 0x0}, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
mknod(&(0x7f0000000540)='./file1\x00', 0x0, 0x0)
mount(&(0x7f0000000140)=@nbd={'/dev/nbd', 0x0}, &(0x7f0000000640)='./file1\x00', &(0x7f00000002c0)='qnx6\x00', 0x2008000, 0x0)
r2 = socket(0x25, 0x5, 0x3)
setsockopt$inet_dccp_buf(r2, 0x21, 0x80, 0x0, 0x0)
openat$uhid(0xffffffffffffff9c, &(0x7f0000000000), 0x802, 0x0)

7.156104143s ago: executing program 3 (id=1440):
r0 = socket(0x10, 0x3, 0x0)
setitimer(0x1, &(0x7f0000000580)={{0x0, 0xea60}, {0x0, 0x2710}}, 0x0)
connect$inet6(r0, &(0x7f0000000080)={0xa, 0x4e23, 0x387, @empty, 0x3f}, 0x1c)
sendmsg$nl_generic(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000300)=ANY=[@ANYBLOB="140000001200010a001800000000000080"], 0x14}}, 0x0)
r1 = openat2$dir(0xffffffffffffff9c, &(0x7f0000000140)='./file0\x00', &(0x7f0000000180)={0x200000, 0x50, 0xb0df988d1f2d1bba}, 0x18)
clock_gettime(0x0, &(0x7f0000000200))
clock_gettime(0x0, &(0x7f0000000240))
syz_open_dev$vim2m(&(0x7f0000000000), 0x47b, 0x2)
ioctl$FS_IOC_GET_ENCRYPTION_KEY_STATUS(r1, 0xc080661a, 0x0)
socket(0x1e, 0x5, 0x0)
ioctl$IOCTL_VMCI_VERSION2(0xffffffffffffffff, 0x7a7, &(0x7f0000000080)=0xb0000)
ioctl$IOCTL_VMCI_INIT_CONTEXT(0xffffffffffffffff, 0x7a0, &(0x7f0000000280)={@local})
mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1)
ioctl$IOCTL_VMCI_NOTIFICATIONS_RECEIVE(0xffffffffffffffff, 0x7a6, &(0x7f00000000c0)={0x80000001, 0x9, 0x800, 0x2, 0x67, 0x261b})

7.155179431s ago: executing program 1 (id=1441):
mkdir(&(0x7f00000003c0)='./file0\x00', 0x21)
mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x0)
mount(0x0, &(0x7f0000000180)='./file0\x00', &(0x7f0000000080)='sysfs\x00', 0x1214040, 0x0)
mount$overlay(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000180), 0x0, &(0x7f0000000300)={[{@lowerdir={'lowerdir', 0x3d, './file0'}, 0x3a}], [], 0x2f})
mkdir(&(0x7f0000000200)='./bus\x00', 0x10)
mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f0000000100)={[{@lowerdir={'lowerdir', 0x3d, './file0'}}, {@upperdir={'upperdir', 0x3d, './file1'}}]})
chroot(&(0x7f0000000000)='./bus\x00')
syz_open_dev$tty1(0xc, 0x4, 0x1)

6.667814169s ago: executing program 3 (id=1442):
bpf$PROG_LOAD(0x5, 0x0, 0x0)
socket$inet_sctp(0x2, 0x1, 0x84)
socket$inet6_sctp(0xa, 0x5, 0x84)
openat(0xffffffffffffff9c, &(0x7f0000000580)='./file0\x00', 0x2c41, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000780)={0x8, 0x248}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setaffinity(0x0, 0x0, 0x0)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000001c0)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f00000004c0)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x3fffffffffffeda, 0x2, 0x0)
r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x3, &(0x7f00000002c0)=@framed, &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000080)='sched_switch\x00', r3}, 0x10)
socket$inet_udp(0x2, 0x2, 0x0)
openat$fuse(0xffffffffffffff9c, &(0x7f0000000040), 0x42, 0x0)
listxattr(&(0x7f0000000040)='./file1\x00', &(0x7f0000000140)=""/64, 0x40)
msgsnd(0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="01000000"], 0x8, 0x0)
msgrcv(0x0, &(0x7f00000001c0)={0x0, ""/187}, 0xc3, 0xa783166cb8bfc237, 0x800)

6.652912216s ago: executing program 0 (id=1443):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000200), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000700)={'wlan1\x00', <r2=>0x0})
sendmsg$NL80211_CMD_TRIGGER_SCAN(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000380)=ANY=[@ANYBLOB='0\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="050000000000000000002100000008000300", @ANYRES32=r2, @ANYBLOB="14002c80080000000900000005"], 0x30}}, 0x0)

6.591120197s ago: executing program 1 (id=1444):
setsockopt$SO_BINDTODEVICE(0xffffffffffffffff, 0x1, 0x19, 0x0, 0x0)
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000380)={0x18, 0x3, &(0x7f0000000480)=ANY=[@ANYRESDEC=0x0], &(0x7f0000000340)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x17, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={0x0, r0}, 0x18)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
syz_open_procfs$userns(r1, &(0x7f0000000300))
fstat(0xffffffffffffffff, 0x0)
r4 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r4, &(0x7f0000000000)={0x26, 'aead\x00', 0x0, 0x0, 'aegis128-generic\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r4, 0x117, 0x1, &(0x7f0000000140)="2c385aa3d49100dc6626c8", 0xb)
r5 = accept4(r4, 0x0, 0x0, 0x0)
recvmmsg(r5, &(0x7f0000000180)=[{{0x0, 0x0, 0x0}}, {{0x0, 0x0, &(0x7f0000002940)}, 0x2000}], 0x2, 0x0, 0x0)

5.426839184s ago: executing program 6 (id=1445):
creat(0x0, 0x0)
pipe2$9p(&(0x7f0000001900)={0xffffffffffffffff, <r0=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r0, 0x0, 0x15)
r1 = dup(r0)
write$FUSE_BMAP(r1, &(0x7f0000000100)={0x18}, 0x18)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0)
r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000180)=0x2)
sched_setaffinity(0x0, 0x8, &(0x7f0000000340)=0x2)
read$msr(r2, &(0x7f0000019680)=""/102392, 0x18ff8)
mount$9p_fd(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f00000004c0), 0x10400, &(0x7f0000000700)=ANY=[@ANYBLOB, @ANYRESHEX=r1, @ANYBLOB])
r3 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_tcp_int(r3, 0x6, 0x13, &(0x7f0000000040)=0x100000001, 0x4)
setsockopt$inet6_tcp_TCP_REPAIR_QUEUE(r3, 0x6, 0x14, &(0x7f0000000280)=0x1, 0x4)
connect$inet6(r3, &(0x7f0000000080)={0xa, 0x0, 0x0, @ipv4={'\x00', '\xff\xff', @remote}}, 0x1c)
sendto$inet6(r3, &(0x7f00000001c0)="a6e2976b5c4383036d32dadd2e144d8645ca8d1b230e105614396838da83c754887e7bea2f35d4ea667817d90d532af065f2e398dd9081ea16f8b371a202a6f9e505bbc964a0d3880bf0104a0a0a2f0d311efee1637e85a0125b38f961918f99bf9c2c146e42327f178dc2b3d4936e7f7f0a79f74ba464d83ab41742d1186776dc1779b5c50ac82d0fa8f9e42074b5b6079207fb21e718080907964669be539791e3e98687ee059853", 0xfffffffffffffcc1, 0x840, 0x0, 0x56)
mmap(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x0, 0x12, r3, 0x0)
getsockopt$inet6_tcp_TCP_ZEROCOPY_RECEIVE(r3, 0x6, 0x23, &(0x7f0000000140)={&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x0, 0x0, 0x0, &(0x7f0000001380)=""/4080, 0xfffffffffffffdcc, 0x0, 0x0, 0xffffffffffffff29}, &(0x7f0000000000)=0x40)

5.426163505s ago: executing program 0 (id=1446):
mkdir(&(0x7f0000000000)='./file0\x00', 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000400)='./file1\x00', 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f00000000c0)='./bus\x00', 0x0)
mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', 0x0, 0x0, &(0x7f0000000400)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@upperdir={'upperdir', 0x3d, './file1'}}]})
chdir(&(0x7f0000001180)='./bus\x00')
r0 = creat(&(0x7f00000001c0)='./file0\x00', 0x0)
write$P9_RVERSION(r0, &(0x7f0000000200)=ANY=[], 0x15)
r1 = openat(0xffffffffffffff9c, &(0x7f000000c380)='./file0\x00', 0x40080, 0x0)
io_setup(0x4, &(0x7f0000010440)=<r2=>0x0)
io_submit(r2, 0x1, &(0x7f00000019c0)=[&(0x7f0000000280)={0x0, 0x0, 0x0, 0x0, 0x0, r1, 0x0, 0xfdfe}])

4.748390018s ago: executing program 3 (id=1447):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000340)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r0}, 0x10)
syz_open_dev$vim2m(&(0x7f0000000100), 0xb8, 0x2)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r1 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x4)
r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r2, &(0x7f0000019680)=""/102392, 0x18ff8)
socket$alg(0x26, 0x5, 0x0)
socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
r3 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$nl_route(r3, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000040)=ANY=[@ANYBLOB="300000001000070100dd21200100005b91325b38", @ANYRES32=0x0, @ANYBLOB="000000000080000008001b00000000000500100005"], 0x30}}, 0x0)

4.747831333s ago: executing program 9 (id=1448):
creat(0x0, 0x0)
pipe2$9p(&(0x7f0000001900)={0xffffffffffffffff, <r0=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r0, 0x0, 0x15)
r1 = dup(r0)
write$FUSE_BMAP(r1, &(0x7f0000000100)={0x18}, 0x18)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0)
r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000180)=0x2)
sched_setaffinity(0x0, 0x8, &(0x7f0000000340)=0x2)
read$msr(r2, &(0x7f0000019680)=""/102392, 0x18ff8)
r3 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_tcp_int(r3, 0x6, 0x13, &(0x7f0000000040)=0x100000001, 0x4)
setsockopt$inet6_tcp_TCP_REPAIR_QUEUE(r3, 0x6, 0x14, &(0x7f0000000280)=0x1, 0x4)
connect$inet6(r3, &(0x7f0000000080)={0xa, 0x0, 0x0, @ipv4={'\x00', '\xff\xff', @remote}}, 0x1c)
sendto$inet6(r3, &(0x7f00000001c0)="a6e2976b5c4383036d32dadd2e144d8645ca8d1b230e105614396838da83c754887e7bea2f35d4ea667817d90d532af065f2e398dd9081ea16f8b371a202a6f9e505bbc964a0d3880bf0104a0a0a2f0d311efee1637e85a0125b38f961918f99bf9c2c146e42327f178dc2b3d4936e7f7f0a79f74ba464d83ab41742d1186776dc1779b5c50ac82d0fa8f9e42074b5b6079207fb21e718080907964669be539791e3e98687ee059853", 0xfffffffffffffcc1, 0x840, 0x0, 0x56)
mmap(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x0, 0x12, r3, 0x0)
getsockopt$inet6_tcp_TCP_ZEROCOPY_RECEIVE(r3, 0x6, 0x23, &(0x7f0000000140)={&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x0, 0x0, 0x0, &(0x7f0000001380)=""/4080, 0xfffffffffffffdcc, 0x0, 0x0, 0xffffffffffffff29}, &(0x7f0000000000)=0x40)
getsockopt$inet6_tcp_TCP_ZEROCOPY_RECEIVE(r3, 0x6, 0x23, &(0x7f00000000c0)={&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x0, 0x0, 0x0, 0x0, 0x23, 0x1, 0x0}, &(0x7f00000002c0)=0x40)

3.62488633s ago: executing program 3 (id=1449):
socket$inet6_udp(0xa, 0x2, 0x0)
socket$pppl2tp(0x18, 0x1, 0x1)
r0 = syz_init_net_socket$netrom(0x6, 0x5, 0x0)
socket$alg(0x26, 0x5, 0x0)
r1 = syz_init_net_socket$netrom(0x6, 0x5, 0x0)
connect$netrom(r1, &(0x7f0000000300)={{0x6, @rose, 0xffffffff}, [@remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x2}, @default, @default, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @bcast, @bcast, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x0}, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x0}]}, 0x48)
listen(r0, 0x1ad72f7)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x0, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="180100001c00000000000000120000f1850000006d00000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90)
r2 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x4, &(0x7f00000002c0)=ANY=[], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x80)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000980)='sys_exit\x00', r2}, 0x10)
accept4$netrom(r0, 0x0, 0x0, 0x80000)
syz_init_net_socket$x25(0x9, 0x5, 0x0)

3.275757778s ago: executing program 6 (id=1450):
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000001400)={0x3, 0x4, &(0x7f0000000140)=@framed={{0x18, 0x2, 0x0, 0x0, 0xfffffffe}, [@call={0x85, 0x0, 0x0, 0x11}]}, &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0xa, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r3 = bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000080)='sched_switch\x00', r3}, 0x10)
mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x0)
bpf$BPF_PROG_DETACH(0x9, &(0x7f0000000000)={@map, 0xffffffffffffffff, 0x35, 0x10, 0x0, @void, @value}, 0x20)
mount(0x0, &(0x7f0000000380)='./file1\x00', &(0x7f0000000180)='hugetlbfs\x00', 0x0, 0x0)
chdir(&(0x7f00000000c0)='./file1\x00')
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)
r4 = socket$packet(0x11, 0x2, 0x300)
ioctl$sock_SIOCGIFINDEX(r4, 0x8933, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000000380)=@newqdisc={0x34, 0x24, 0xf0b, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_gred={{0x9}, {0x4}}]}, 0x34}}, 0x0)
setsockopt$MRT6_ADD_MIF(0xffffffffffffffff, 0x29, 0xca, &(0x7f00000001c0)={0x1, 0x0, 0x5, 0x0, 0x8001}, 0xc)
mkdir(&(0x7f00000004c0)='./bus\x00', 0x0)
mount$overlay(0x0, &(0x7f0000000140)='./bus\x00', &(0x7f0000000000), 0x0, &(0x7f0000000180))

3.275643153s ago: executing program 1 (id=1451):
ioctl$AUTOFS_DEV_IOCTL_TIMEOUT(0xffffffffffffffff, 0xc018937a, 0x0)
r0 = socket$nl_rdma(0x10, 0x3, 0x14)
sendmsg$RDMA_NLDEV_CMD_RES_GET(r0, &(0x7f0000002500)={0x0, 0x0, &(0x7f00000024c0)={&(0x7f0000002480)={0x18, 0x1409, 0x407, 0x70bd2b, 0x25dfdbff, "", [@RDMA_NLDEV_ATTR_DEV_INDEX={0x8}]}, 0x18}}, 0x24048010)

2.981201117s ago: executing program 0 (id=1452):
bpf$PROG_LOAD(0x5, &(0x7f00000003c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0xf, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
prlimit64(0x0, 0xb, 0x0, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
getrlimit(0xd, &(0x7f0000000300))
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f00000001c0)=0x8)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x6770c000)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
r3 = socket$inet6(0xa, 0x2, 0x0)
bind$inet6(r3, &(0x7f0000002c80)={0xa, 0x14e24}, 0x1c)
r4 = syz_open_dev$vbi(&(0x7f0000000000), 0x0, 0x2)
ioctl$VIDIOC_SUBDEV_S_DV_TIMINGS(r4, 0xc0845657, &(0x7f0000000200)={0x0, @bt={0xe8c, 0x258, 0x1, 0x1, 0xd59f80, 0x19f2, 0x3f, 0x19ef, 0x3, 0x7, 0x2800, 0x9, 0x440, 0xd1, 0xc, 0x30, {0x8, 0xffffffff}, 0xd0, 0x9}})

1.927434018s ago: executing program 6 (id=1453):
r0 = socket(0x10, 0x3, 0x0)
setitimer(0x1, &(0x7f0000000580)={{0x0, 0xea60}, {0x0, 0x2710}}, 0x0)
connect$inet6(r0, &(0x7f0000000080)={0xa, 0x4e23, 0x387, @empty, 0x3f}, 0x1c)
sendmsg$nl_generic(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000300)=ANY=[@ANYBLOB="140000001200010a001800000000000080"], 0x14}}, 0x0)
r1 = openat2$dir(0xffffffffffffff9c, &(0x7f0000000140)='./file0\x00', &(0x7f0000000180)={0x200000, 0x50, 0xb0df988d1f2d1bba}, 0x18)
clock_gettime(0x0, &(0x7f0000000200))
clock_gettime(0x0, &(0x7f0000000240))
syz_open_dev$vim2m(&(0x7f0000000000), 0x47b, 0x2)
ioctl$FS_IOC_GET_ENCRYPTION_KEY_STATUS(r1, 0xc080661a, 0x0)
socket(0x1e, 0x5, 0x0)
ioctl$IOCTL_VMCI_VERSION2(0xffffffffffffffff, 0x7a7, &(0x7f0000000080)=0xb0000)
ioctl$IOCTL_VMCI_INIT_CONTEXT(0xffffffffffffffff, 0x7a0, &(0x7f0000000280)={@local})
mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1)
ioctl$IOCTL_VMCI_NOTIFICATIONS_RECEIVE(0xffffffffffffffff, 0x7a6, &(0x7f00000000c0)={0x80000001, 0x9, 0x800, 0x2, 0x67, 0x261b})

1.627399458s ago: executing program 9 (id=1454):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
getpid()
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f0000000000)=0x6)
r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8)
mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x3, 0x200000005c832, 0xffffffffffffffff, 0x0)
rseq(0x0, 0x0, 0x0, 0x0)
r1 = getpid()
process_vm_readv(r1, &(0x7f0000008400)=[{&(0x7f0000000300)=""/54, 0x7ffff000}, {&(0x7f0000006180)=""/152, 0x98}], 0x2, &(0x7f0000008640)=[{&(0x7f0000008480)=""/95, 0x7ffff000}], 0x286, 0x0)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000280)={0x0, 0x0, 0x0}, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
mknod(&(0x7f0000000540)='./file1\x00', 0x0, 0x0)
mount(&(0x7f0000000140)=@nbd={'/dev/nbd', 0x0}, &(0x7f0000000640)='./file1\x00', &(0x7f00000002c0)='qnx6\x00', 0x2008000, 0x0)
r2 = socket(0x25, 0x5, 0x3)
setsockopt$inet_dccp_buf(r2, 0x21, 0x80, 0x0, 0x0)
openat$uhid(0xffffffffffffff9c, &(0x7f0000000000), 0x802, 0x0)

1.579893982s ago: executing program 1 (id=1455):
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, 0x0, 0x0)
bpf$MAP_UPDATE_CONST_STR(0x2, &(0x7f0000000100)={{r0}, &(0x7f0000000000), &(0x7f0000000080)='%+9llu \x00'}, 0x20)
bpf$MAP_CREATE(0x0, 0x0, 0x50)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setaffinity(0x0, 0xffffffffffffffc0, &(0x7f0000000380)=0x6)
ioctl$FBIOBLANK(0xffffffffffffffff, 0x4611, 0x1)
r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8)
mkdirat(0xffffffffffffff9c, &(0x7f0000000340)='./file1\x00', 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x0)
mkdir(&(0x7f0000000300)='./bus\x00', 0x0)
mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f0000000380)={[{@upperdir={'upperdir', 0x3d, './file1'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@workdir={'workdir', 0x3d, './bus'}}, {@nfs_export_on}]})
chdir(&(0x7f00000000c0)='./bus\x00')
r2 = creat(&(0x7f0000000440)='./bus\x00', 0x0)
open_by_handle_at(r2, &(0x7f00000003c0)=ANY=[@ANYBLOB="18000000f80000000000c5c8236c"], 0x30000)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
r3 = openat$iommufd(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$IOMMU_IOAS_ALLOC(r3, 0x3b81, 0x0)
sched_setparam(0x0, 0x0)
ioctl$IOMMU_TEST_OP_CREATE_ACCESS(r3, 0x3ba0, &(0x7f0000000500)={0x48})
ioctl$sock_ipv6_tunnel_SIOCCHGTUNNEL(0xffffffffffffffff, 0x89f3, &(0x7f0000000200)={'syztnl2\x00', &(0x7f0000000180)={'ip6tnl0\x00', 0x0, 0x2f, 0x4, 0xe0, 0x9, 0x50, @dev={0xfe, 0x80, '\x00', 0x37}, @rand_addr=' \x01\x00', 0x8788, 0x1, 0x62dc, 0x1ff}})
ioctl$SIOCGIFMTU(0xffffffffffffffff, 0x8921, &(0x7f0000000300)={'veth1_to_batadv\x00'})
r4 = syz_open_procfs(0x0, &(0x7f0000000000)='ns\x00')
getdents(r4, &(0x7f0000000ec0)=""/4096, 0x1000)
syz_open_procfs(0x0, &(0x7f0000000000)='ns\x00')

1.039392646s ago: executing program 3 (id=1456):
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x804}, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r0, 0x2, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r0, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10)
ioctl$DRM_IOCTL_MODE_ATOMIC(0xffffffffffffffff, 0xc03864bc, &(0x7f00000001c0)={0x400, 0x0, 0x0, 0x0, 0x0, 0x0})
r3 = syz_open_dev$usbmon(&(0x7f00000001c0), 0x0, 0x0)
ioctl$MON_IOCG_STATS(r3, 0x80089203, &(0x7f0000000080))
bind$tipc(0xffffffffffffffff, &(0x7f0000000000)=@nameseq={0x1e, 0x1, 0x0, {0x42, 0x0, 0x2}}, 0x10)
r4 = socket$tipc(0x1e, 0x5, 0x0)
bind$tipc(r4, &(0x7f00000000c0)=@nameseq={0x1e, 0x1, 0x0, {0x42}}, 0x10)
bind$tipc(0xffffffffffffffff, &(0x7f0000000080)=@nameseq={0x1e, 0x1, 0x0, {0x42, 0x1, 0x3}}, 0x10)
bind$tipc(r4, &(0x7f00000001c0)=@name={0x1e, 0x2, 0x0, {{0x42, 0x2}}}, 0x10)

471.684779ms ago: executing program 0 (id=1457):
r0 = memfd_secret(0x0)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0xa, 0x11, r0, 0x0)
ftruncate(r0, 0x51a9497)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000000c0)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
pipe(&(0x7f0000000080)={0xffffffffffffffff, <r3=>0xffffffffffffffff})
splice(r2, 0x0, r3, 0x0, 0x8000f28, 0x0)
vmsplice(r3, &(0x7f0000000780)=[{&(0x7f0000000200)}], 0x1, 0xa)
ioctl$sock_inet_udp_SIOCINQ(r3, 0x541b, 0x0)
write(r1, 0x0, 0x0)

468.559728ms ago: executing program 1 (id=1458):
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000540)={0xf, 0x3, &(0x7f0000000600)=ANY=[@ANYBLOB="1800000000000000000000000000000095"], &(0x7f00000002c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x4c, '\x00', 0x0, @cgroup_device, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0xc34d, @void, @value}, 0x94)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000200)='./cgroup\x00', 0x0, 0x0)
r2 = bpf$BPF_LINK_CREATE(0x1c, &(0x7f0000000180)={r0, r1, 0x6, 0x0, @val=@tracing}, 0x20)
r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000001280)={0x11, 0x3, &(0x7f0000000940)=ANY=[@ANYBLOB="1800000008000000000000000000000095"], &(0x7f0000000440)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000007c0)={&(0x7f0000000780)='contention_end\x00', r3}, 0x10)
bpf$LINK_DETACH(0x22, &(0x7f0000000040)=r2, 0x4)

0s ago: executing program 6 (id=1459):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000340)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r0}, 0x10)
syz_open_dev$vim2m(&(0x7f0000000100), 0xb8, 0x2)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r1 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x4)
r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r2, &(0x7f0000019680)=""/102392, 0x18ff8)
socket$alg(0x26, 0x5, 0x0)
socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
r3 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$nl_route(r3, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000040)=ANY=[@ANYBLOB="300000001000070100dd21200100005b91325b38", @ANYRES32=0x0, @ANYBLOB="000000000080000008001b00000000000500100005"], 0x30}}, 0x0)

kernel console output (not intermixed with test programs):

e with an up link
[  117.394952][ T6363] netlink: 'syz.0.135': attribute type 10 has an invalid length.
[  117.648740][ T6366] netlink: 156 bytes leftover after parsing attributes in process `syz.2.129'.
[  119.432582][ T6379] openvswitch: netlink: Unexpected mask (mask=200040, allowed=10048)
[  121.420479][ T6399] sg_write: data in/out 11/14 bytes for SCSI command 0x0-- guessing data in;
[  121.420479][ T6399]    program syz.1.140 not setting count and/or reply_len properly
[  121.461247][ T6403] netlink: 'syz.3.147': attribute type 10 has an invalid length.
[  122.108230][ T6412] netlink: 'syz.4.148': attribute type 10 has an invalid length.
[  123.464211][ T6412] team0: Port device netdevsim0 added
[  125.166675][ T6428] syz.1.153 uses obsolete (PF_INET,SOCK_PACKET)
[  125.433449][ T6429] netlink: 156 bytes leftover after parsing attributes in process `syz.4.152'.
[  127.876307][ T6458] sg_write: data in/out 11/14 bytes for SCSI command 0x0-- guessing data in;
[  127.876307][ T6458]    program syz.1.161 not setting count and/or reply_len properly
[  129.293522][ T6473] netlink: 'syz.2.163': attribute type 10 has an invalid length.
[  129.747059][ T6473] team0: Port device netdevsim0 added
[  131.937104][ T6495] netlink: 156 bytes leftover after parsing attributes in process `syz.4.170'.
[  133.222327][ T1298] ieee802154 phy0 wpan0: encryption failed: -22
[  133.229991][ T1298] ieee802154 phy1 wpan1: encryption failed: -22
[  135.235842][ T6525] fuse: Bad value for 'group_id'
[  135.273351][ T6525] fuse: Bad value for 'group_id'
[  135.543427][ T6527] openvswitch: netlink: Unexpected mask (mask=200040, allowed=10048)
[  139.680031][ T6566] netlink: 156 bytes leftover after parsing attributes in process `syz.0.205'.
[  140.622327][ T6577] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  143.435317][ T6606] netlink: 'syz.4.206': attribute type 10 has an invalid length.
[  144.179316][ T6614] xt_bpf: check failed: parse error
[  145.377026][ T6619] syz.4.210: attempt to access beyond end of device
[  145.377026][ T6619] nbd4: rw=0, sector=16, nr_sectors = 1 limit=0
[  145.391778][ T6619] qnx6: unable to read the first superblock
[  145.399269][ T6619] syz.4.210: attempt to access beyond end of device
[  145.399269][ T6619] nbd4: rw=0, sector=0, nr_sectors = 1 limit=0
[  145.417304][ T6619] qnx6: unable to read the first superblock
[  145.424269][ T6619] qnx6: unable to read the first superblock
[  145.761606][ T5834] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1
[  145.770523][ T5834] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9
[  146.028124][ T5834] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9
[  146.043628][ T5834] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4
[  146.051806][ T5834] Bluetooth: hci5: unexpected cc 0x0c25 length: 249 > 3
[  146.059207][ T5834] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2
[  147.810743][ T6621] chnl_net:caif_netlink_parms(): no params data found
[  147.965946][ T6657] netlink: 'syz.0.219': attribute type 10 has an invalid length.
[  147.992726][  T150] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  148.054426][ T6621] bridge0: port 1(bridge_slave_0) entered blocking state
[  148.063066][ T6621] bridge0: port 1(bridge_slave_0) entered disabled state
[  148.074538][ T6621] bridge_slave_0: entered allmulticast mode
[  148.133170][ T6621] bridge_slave_0: entered promiscuous mode
[  148.204177][  T150] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  148.338656][ T6621] bridge0: port 2(bridge_slave_1) entered blocking state
[  148.512186][ T5834] Bluetooth: hci5: command tx timeout
[  148.590724][ T6621] bridge0: port 2(bridge_slave_1) entered disabled state
[  148.601446][ T6621] bridge_slave_1: entered allmulticast mode
[  149.302874][ T6621] bridge_slave_1: entered promiscuous mode
[  149.443112][ T6673] syz.3.224 (6673): /proc/6672/oom_adj is deprecated, please use /proc/6672/oom_score_adj instead.
[  149.488366][  T150] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  150.314580][ T6621] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  150.329609][ T6621] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  150.618219][ T5834] Bluetooth: hci5: command tx timeout
[  150.643591][ T6675] syz.0.225: attempt to access beyond end of device
[  150.643591][ T6675] nbd0: rw=0, sector=16, nr_sectors = 1 limit=0
[  150.656455][ T6675] qnx6: unable to read the first superblock
[  150.662648][ T6675] syz.0.225: attempt to access beyond end of device
[  150.662648][ T6675] nbd0: rw=0, sector=0, nr_sectors = 1 limit=0
[  150.675390][ T6675] qnx6: unable to read the first superblock
[  150.681333][ T6675] qnx6: unable to read the first superblock
[  150.846317][ T6687] netlink: 'syz.2.229': attribute type 10 has an invalid length.
[  150.874624][  T150] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  150.919016][ T6621] team0: Port device team_slave_0 added
[  150.927817][ T6621] team0: Port device team_slave_1 added
[  150.972298][ T6687] bond0: (slave wlan1): Enslaving as an active interface with an up link
[  151.442641][ T6621] batman_adv: batadv0: Adding interface: batadv_slave_0
[  151.613889][ T6621] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  151.867410][ T6621] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  151.883268][ T6621] batman_adv: batadv0: Adding interface: batadv_slave_1
[  151.890463][ T6621] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  151.916449][    C1] vkms_vblank_simulate: vblank timer overrun
[  151.923188][ T6621] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  152.672639][ T5834] Bluetooth: hci5: command tx timeout
[  153.257135][ T6621] hsr_slave_0: entered promiscuous mode
[  153.393528][ T6621] hsr_slave_1: entered promiscuous mode
[  153.484643][ T6621] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  153.588258][ T6726] =======================================================
[  153.588258][ T6726] WARNING: The mand mount option has been deprecated and
[  153.588258][ T6726]          and is ignored by this kernel. Remove the mand
[  153.588258][ T6726]          option from the mount to silence this warning.
[  153.588258][ T6726] =======================================================
[  153.623125][    C1] vkms_vblank_simulate: vblank timer overrun
[  153.676414][ T6726] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off.
[  154.254527][ T6621] Cannot create hsr debugfs directory
[  154.544542][ T6730] syz.3.238: attempt to access beyond end of device
[  154.544542][ T6730] nbd3: rw=0, sector=16, nr_sectors = 1 limit=0
[  154.558857][ T6730] qnx6: unable to read the first superblock
[  154.566661][ T6730] syz.3.238: attempt to access beyond end of device
[  154.566661][ T6730] nbd3: rw=0, sector=0, nr_sectors = 1 limit=0
[  154.580070][ T6730] qnx6: unable to read the first superblock
[  154.586136][ T6730] qnx6: unable to read the first superblock
[  154.755894][ T5834] Bluetooth: hci5: command tx timeout
[  154.820584][  T150] bridge_slave_1: left allmulticast mode
[  154.837644][  T150] bridge_slave_1: left promiscuous mode
[  154.890317][  T150] bridge0: port 2(bridge_slave_1) entered disabled state
[  155.023885][  T150] bridge_slave_0: left allmulticast mode
[  155.057809][  T150] bridge_slave_0: left promiscuous mode
[  155.067149][  T150] bridge0: port 1(bridge_slave_0) entered disabled state
[  156.059983][ T6743] netlink: 'syz.0.242': attribute type 10 has an invalid length.
[  156.746929][  T150] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  156.772934][  T150] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  156.784337][  T150] bond0 (unregistering): (slave wlan1): Releasing backup interface
[  156.837831][  T150] bond0 (unregistering): Released all slaves
[  160.487295][ T6782] syz.4.252: attempt to access beyond end of device
[  160.487295][ T6782] nbd4: rw=0, sector=16, nr_sectors = 1 limit=0
[  160.500105][ T6782] qnx6: unable to read the first superblock
[  160.506088][ T6782] syz.4.252: attempt to access beyond end of device
[  160.506088][ T6782] nbd4: rw=0, sector=0, nr_sectors = 1 limit=0
[  160.518978][ T6782] qnx6: unable to read the first superblock
[  160.524864][ T6782] qnx6: unable to read the first superblock
[  160.688307][  T150] hsr_slave_0: left promiscuous mode
[  160.904466][  T150] hsr_slave_1: left promiscuous mode
[  161.088668][  T150] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  161.106206][  T150] batman_adv: batadv0: Removing interface: batadv_slave_0
[  161.242159][  T150] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  161.423238][  T150] batman_adv: batadv0: Removing interface: batadv_slave_1
[  161.515011][  T150] veth1_macvtap: left promiscuous mode
[  161.545873][  T150] veth0_macvtap: left promiscuous mode
[  161.551751][  T150] veth1_vlan: left promiscuous mode
[  161.557341][  T150] veth0_vlan: left promiscuous mode
[  161.671793][ T6809] netlink: 'syz.3.258': attribute type 10 has an invalid length.
[  163.197972][  T150] team0 (unregistering): Port device team_slave_1 removed
[  164.154105][ T6830] syz.4.266: attempt to access beyond end of device
[  164.154105][ T6830] nbd4: rw=0, sector=16, nr_sectors = 1 limit=0
[  164.167157][ T6830] qnx6: unable to read the first superblock
[  164.173298][ T6830] syz.4.266: attempt to access beyond end of device
[  164.173298][ T6830] nbd4: rw=0, sector=0, nr_sectors = 1 limit=0
[  164.185952][ T6830] qnx6: unable to read the first superblock
[  164.191896][ T6830] qnx6: unable to read the first superblock
[  164.223925][  T150] team0 (unregistering): Port device team_slave_0 removed
[  166.932958][ T6621] netdevsim netdevsim5 netdevsim0: renamed from eth0
[  166.964802][ T6873] xt_bpf: check failed: parse error
[  166.970255][ T6621] netdevsim netdevsim5 netdevsim1: renamed from eth1
[  167.147161][ T6621] netdevsim netdevsim5 netdevsim2: renamed from eth2
[  167.171993][ T6621] netdevsim netdevsim5 netdevsim3: renamed from eth3
[  168.702111][ T6621] 8021q: adding VLAN 0 to HW filter on device bond0
[  168.729734][ T6621] 8021q: adding VLAN 0 to HW filter on device team0
[  169.252491][   T12] bridge0: port 1(bridge_slave_0) entered blocking state
[  169.259680][   T12] bridge0: port 1(bridge_slave_0) entered forwarding state
[  169.269495][   T12] bridge0: port 2(bridge_slave_1) entered blocking state
[  169.276575][   T12] bridge0: port 2(bridge_slave_1) entered forwarding state
[  169.465049][ T6621] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network
[  169.475583][ T6621] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[  170.988702][ T6924] netlink: 'syz.2.286': attribute type 10 has an invalid length.
[  171.014741][ T6621] 8021q: adding VLAN 0 to HW filter on device batadv0
[  172.709203][ T6621] veth0_vlan: entered promiscuous mode
[  172.821100][ T6621] veth1_vlan: entered promiscuous mode
[  172.940038][ T6621] veth0_macvtap: entered promiscuous mode
[  172.974500][ T6621] veth1_macvtap: entered promiscuous mode
[  173.265782][ T6621] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  173.284795][ T6621] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  173.295525][ T6621] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  173.508662][ T6969] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off.
[  174.284543][ T6621] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  174.627002][ T6621] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  174.658064][ T6621] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  174.668922][ T6621] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  174.679718][ T6621] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  174.820875][ T6621] batman_adv: batadv0: Interface activated: batadv_slave_0
[  174.839396][ T6621] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  174.850161][ T6621] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  174.908113][ T6621] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  174.968572][ T6621] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  174.987365][ T6621] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  174.998803][ T6621] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  175.008764][ T6621] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  175.019439][ T6621] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  175.033417][ T6988] xt_bpf: check failed: parse error
[  175.138504][ T6621] batman_adv: batadv0: Interface activated: batadv_slave_1
[  175.202699][ T6982] syz.3.306: attempt to access beyond end of device
[  175.202699][ T6982] nbd3: rw=0, sector=16, nr_sectors = 1 limit=0
[  175.216046][ T6982] qnx6: unable to read the first superblock
[  175.222580][ T6982] syz.3.306: attempt to access beyond end of device
[  175.222580][ T6982] nbd3: rw=0, sector=0, nr_sectors = 1 limit=0
[  175.237228][ T6982] qnx6: unable to read the first superblock
[  175.243370][ T6982] qnx6: unable to read the first superblock
[  175.747138][ T6621] netdevsim netdevsim5 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  175.756135][ T6621] netdevsim netdevsim5 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  175.768170][ T6621] netdevsim netdevsim5 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  175.777906][ T6621] netdevsim netdevsim5 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  175.865485][ T6997] openvswitch: netlink: Unexpected mask (mask=200040, allowed=10048)
[  176.443738][ T5891] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  176.464346][   T12] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  176.479808][ T5891] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  176.527445][   T12] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  176.720067][ T7000] netlink: 16 bytes leftover after parsing attributes in process `syz.2.301'.
[  180.348150][ T7054] openvswitch: netlink: Unexpected mask (mask=200040, allowed=10048)
[  180.774644][ T7059] netlink: 16 bytes leftover after parsing attributes in process `syz.5.318'.
[  184.471193][ T7107] netlink: 16 bytes leftover after parsing attributes in process `syz.5.330'.
[  186.673403][ T7108] Bluetooth: hci4: command 0x0405 tx timeout
[  186.679728][ T7108] Bluetooth: hci2: command 0x0406 tx timeout
[  186.685967][ T7108] Bluetooth: hci3: command 0x0406 tx timeout
[  186.692244][ T7108] Bluetooth: hci1: command 0x0406 tx timeout
[  187.706323][ T7154] netlink: 16 bytes leftover after parsing attributes in process `syz.4.345'.
[  188.676557][ T7165] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off.
[  189.362586][ T7166] netlink: 156 bytes leftover after parsing attributes in process `syz.0.341'.
[  189.365628][ T7171] 9pnet_fd: Insufficient options for proto=fd
[  193.060868][ T7221] warning: `syz.3.357' uses wireless extensions which will stop working for Wi-Fi 7 hardware; use nl80211
[  194.704695][ T1298] ieee802154 phy0 wpan0: encryption failed: -22
[  194.711523][ T1298] ieee802154 phy1 wpan1: encryption failed: -22
[  196.129208][ T7249] openvswitch: netlink: Unexpected mask (mask=200040, allowed=10048)
[  196.221849][ T7263] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off.
[  202.635480][ T5834] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[  202.644139][ T5834] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[  202.651896][ T5834] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[  202.659393][ T5834] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[  202.667824][ T5834] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3
[  202.675373][ T5834] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[  203.810671][ T7326] chnl_net:caif_netlink_parms(): no params data found
[  203.907477][ T7326] bridge0: port 1(bridge_slave_0) entered blocking state
[  203.914796][ T7326] bridge0: port 1(bridge_slave_0) entered disabled state
[  203.922389][ T7326] bridge_slave_0: entered allmulticast mode
[  203.929243][ T7326] bridge_slave_0: entered promiscuous mode
[  203.937206][ T7326] bridge0: port 2(bridge_slave_1) entered blocking state
[  203.944944][ T7326] bridge0: port 2(bridge_slave_1) entered disabled state
[  203.952557][ T7326] bridge_slave_1: entered allmulticast mode
[  203.959360][ T7326] bridge_slave_1: entered promiscuous mode
[  203.977606][ T7326] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  203.988882][ T7326] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  204.011224][ T7326] team0: Port device team_slave_0 added
[  204.019114][ T7326] team0: Port device team_slave_1 added
[  204.052297][ T7326] batman_adv: batadv0: Adding interface: batadv_slave_0
[  204.068045][ T7326] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  204.113522][ T7326] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  204.135120][ T7326] batman_adv: batadv0: Adding interface: batadv_slave_1
[  204.168431][ T7326] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  204.623813][ T7326] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  205.174252][ T5835] Bluetooth: hci0: command tx timeout
[  205.287440][    T9] IPVS: starting estimator thread 0...
[  205.403836][ T7326] hsr_slave_0: entered promiscuous mode
[  205.418895][ T7353] IPVS: using max 38 ests per chain, 91200 per kthread
[  205.444742][ T7326] hsr_slave_1: entered promiscuous mode
[  205.459732][ T7326] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  205.471180][ T7326] Cannot create hsr debugfs directory
[  205.748546][ T7326] netdevsim netdevsim6 netdevsim0: renamed from eth0
[  205.773202][ T7326] netdevsim netdevsim6 netdevsim1: renamed from eth1
[  205.793213][ T7326] netdevsim netdevsim6 netdevsim2: renamed from eth2
[  205.804229][ T7326] netdevsim netdevsim6 netdevsim3: renamed from eth3
[  205.936868][ T7326] 8021q: adding VLAN 0 to HW filter on device bond0
[  205.993390][ T7326] 8021q: adding VLAN 0 to HW filter on device team0
[  206.026976][   T12] bridge0: port 1(bridge_slave_0) entered blocking state
[  206.034890][   T12] bridge0: port 1(bridge_slave_0) entered forwarding state
[  206.079570][   T12] bridge0: port 2(bridge_slave_1) entered blocking state
[  206.086714][   T12] bridge0: port 2(bridge_slave_1) entered forwarding state
[  206.494329][ T7326] 8021q: adding VLAN 0 to HW filter on device batadv0
[  207.014219][ T7326] veth0_vlan: entered promiscuous mode
[  207.047835][ T7326] veth1_vlan: entered promiscuous mode
[  207.110500][ T7326] veth0_macvtap: entered promiscuous mode
[  207.156306][ T7326] veth1_macvtap: entered promiscuous mode
[  207.196205][ T7326] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  207.298064][ T7326] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  207.307885][ T7326] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  207.730267][ T7326] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  207.758529][ T7326] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  207.796710][ T7326] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  207.807779][ T7326] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  207.821943][ T5834] Bluetooth: hci0: command tx timeout
[  207.833017][ T5835] Bluetooth: hci6: unexpected cc 0x0c03 length: 249 > 1
[  207.845380][ T5835] Bluetooth: hci6: unexpected cc 0x1003 length: 249 > 9
[  207.853796][ T5835] Bluetooth: hci6: unexpected cc 0x1001 length: 249 > 9
[  207.862366][ T5835] Bluetooth: hci6: unexpected cc 0x0c23 length: 249 > 4
[  207.869963][ T5835] Bluetooth: hci6: unexpected cc 0x0c25 length: 249 > 3
[  207.878438][ T5835] Bluetooth: hci6: unexpected cc 0x0c38 length: 249 > 2
[  207.886404][ T7326] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  207.898059][ T7326] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  207.920305][ T7326] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  207.946586][ T7326] batman_adv: batadv0: Interface activated: batadv_slave_0
[  207.970219][ T7326] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  207.993404][ T7326] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  208.003662][ T7326] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  208.020518][ T7326] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  208.041260][ T7326] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  208.058196][ T7326] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  208.090697][ T7326] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  208.117293][ T7326] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  208.129628][ T7326] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  208.140533][ T7326] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  208.172616][ T7326] batman_adv: batadv0: Interface activated: batadv_slave_1
[  208.225531][ T7326] netdevsim netdevsim6 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  208.264679][ T7326] netdevsim netdevsim6 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  208.300381][ T7326] netdevsim netdevsim6 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  208.335323][ T7326] netdevsim netdevsim6 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  209.877974][ T5835] Bluetooth: hci0: command tx timeout
[  209.930150][ T6856] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  209.944239][ T6856] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  210.028606][ T5835] Bluetooth: hci6: command tx timeout
[  210.040839][ T5891] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  210.178137][ T5891] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  210.301381][ T7396] chnl_net:caif_netlink_parms(): no params data found
[  211.352236][ T7427] netlink: 16 bytes leftover after parsing attributes in process `syz.6.376'.
[  212.128189][ T5835] Bluetooth: hci0: command tx timeout
[  212.133665][ T5835] Bluetooth: hci6: command tx timeout
[  212.625663][ T5835] Bluetooth: hci7: unexpected cc 0x0c03 length: 249 > 1
[  212.634740][ T5835] Bluetooth: hci7: unexpected cc 0x1003 length: 249 > 9
[  212.644091][ T5835] Bluetooth: hci7: unexpected cc 0x1001 length: 249 > 9
[  212.662939][ T5835] Bluetooth: hci7: unexpected cc 0x0c23 length: 249 > 4
[  212.670971][ T5835] Bluetooth: hci7: unexpected cc 0x0c25 length: 249 > 3
[  212.678552][ T5835] Bluetooth: hci7: unexpected cc 0x0c38 length: 249 > 2
[  212.829943][ T7396] bridge0: port 1(bridge_slave_0) entered blocking state
[  212.837097][ T7396] bridge0: port 1(bridge_slave_0) entered disabled state
[  212.858403][ T7396] bridge_slave_0: entered allmulticast mode
[  212.865076][ T7396] bridge_slave_0: entered promiscuous mode
[  213.313892][ T7396] bridge0: port 2(bridge_slave_1) entered blocking state
[  213.329692][ T7396] bridge0: port 2(bridge_slave_1) entered disabled state
[  213.336886][ T7396] bridge_slave_1: entered allmulticast mode
[  213.379349][ T7396] bridge_slave_1: entered promiscuous mode
[  214.653678][ T5835] Bluetooth: hci6: command tx timeout
[  214.661316][ T7396] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  214.769739][ T7396] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  214.974922][ T5835] Bluetooth: hci7: command tx timeout
[  216.904695][ T5835] Bluetooth: hci6: command tx timeout
[  216.988871][ T5835] Bluetooth: hci7: command tx timeout
[  217.295173][ T7396] team0: Port device team_slave_0 added
[  217.745337][ T7396] team0: Port device team_slave_1 added
[  217.951859][ T7396] batman_adv: batadv0: Adding interface: batadv_slave_0
[  217.958996][ T7396] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  217.987274][ T7396] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  218.004990][ T7396] batman_adv: batadv0: Adding interface: batadv_slave_1
[  218.013107][ T7396] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  218.045509][ T7396] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  219.079647][ T5835] Bluetooth: hci7: command tx timeout
[  219.540127][ T7396] hsr_slave_0: entered promiscuous mode
[  219.601716][ T7396] hsr_slave_1: entered promiscuous mode
[  219.858225][ T7396] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  219.865945][ T7396] Cannot create hsr debugfs directory
[  220.509610][ T7437] chnl_net:caif_netlink_parms(): no params data found
[  220.925220][ T7515] syz.6.409: attempt to access beyond end of device
[  220.925220][ T7515] nbd6: rw=0, sector=16, nr_sectors = 1 limit=0
[  220.938430][ T7515] qnx6: unable to read the first superblock
[  220.945627][ T7515] syz.6.409: attempt to access beyond end of device
[  220.945627][ T7515] nbd6: rw=0, sector=0, nr_sectors = 1 limit=0
[  220.959328][ T7515] qnx6: unable to read the first superblock
[  220.965416][ T7515] qnx6: unable to read the first superblock
[  222.166930][ T5834] Bluetooth: hci7: command tx timeout
[  226.168822][ T7437] bridge0: port 1(bridge_slave_0) entered blocking state
[  226.175982][ T7437] bridge0: port 1(bridge_slave_0) entered disabled state
[  226.219999][ T7437] bridge_slave_0: entered allmulticast mode
[  226.226750][ T7437] bridge_slave_0: entered promiscuous mode
[  226.248744][ T7564] netlink: 8 bytes leftover after parsing attributes in process `syz.4.419'.
[  226.317558][ T5885] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  228.111920][ T7437] bridge0: port 2(bridge_slave_1) entered blocking state
[  228.123825][ T7437] bridge0: port 2(bridge_slave_1) entered disabled state
[  228.148158][ T7437] bridge_slave_1: entered allmulticast mode
[  228.175101][ T7437] bridge_slave_1: entered promiscuous mode
[  228.353150][ T5885] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  228.813840][ T5885] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  228.838432][    T8] usb 7-1: new high-speed USB device number 2 using dummy_hcd
[  228.885501][ T7437] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  228.919263][ T7437] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  229.011049][ T5885] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  229.028040][    T8] usb 7-1: Using ep0 maxpacket: 32
[  229.040224][    T8] usb 7-1: unable to get BOS descriptor or descriptor too short
[  229.049355][    T8] usb 7-1: config 1 interface 0 altsetting 2 bulk endpoint 0x82 has invalid maxpacket 32
[  229.068218][    T8] usb 7-1: config 1 interface 0 has no altsetting 0
[  229.096467][    T8] usb 7-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[  229.114733][    T8] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  229.133260][    T8] usb 7-1: Product: syz
[  229.137473][    T8] usb 7-1: Manufacturer: syz
[  229.146030][    T8] usb 7-1: SerialNumber: syz
[  229.154975][ T7437] team0: Port device team_slave_0 added
[  229.162919][ T7586] raw-gadget.0 gadget.6: fail, usb_ep_enable returned -22
[  229.324504][ T7437] team0: Port device team_slave_1 added
[  229.417077][    T8] cdc_ether 7-1:1.0: probe with driver cdc_ether failed with error -71
[  229.492588][    T8] usb 7-1: USB disconnect, device number 2
[  229.596071][ T7437] batman_adv: batadv0: Adding interface: batadv_slave_0
[  229.637095][ T7437] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  229.718149][ T7437] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  229.736326][ T7437] batman_adv: batadv0: Adding interface: batadv_slave_1
[  229.743428][ T7437] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  229.824082][ T7437] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  230.296315][ T7396] netdevsim netdevsim7 netdevsim0: renamed from eth0
[  230.415530][ T7396] netdevsim netdevsim7 netdevsim1: renamed from eth1
[  230.549562][ T7396] netdevsim netdevsim7 netdevsim2: renamed from eth2
[  230.736268][ T7396] netdevsim netdevsim7 netdevsim3: renamed from eth3
[  230.779835][ T7437] hsr_slave_0: entered promiscuous mode
[  230.808605][ T7437] hsr_slave_1: entered promiscuous mode
[  231.072217][ T7437] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  231.088240][ T7437] Cannot create hsr debugfs directory
[  231.411494][ T5885] bridge_slave_1: left allmulticast mode
[  231.417193][ T5885] bridge_slave_1: left promiscuous mode
[  231.455320][ T5885] bridge0: port 2(bridge_slave_1) entered disabled state
[  231.471241][ T5885] bridge_slave_0: left allmulticast mode
[  231.487415][ T5885] bridge_slave_0: left promiscuous mode
[  231.498165][ T5885] bridge0: port 1(bridge_slave_0) entered disabled state
[  231.633272][ T7629] netlink: 8 bytes leftover after parsing attributes in process `syz.2.428'.
[  233.991648][ T5885] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  234.013429][ T5885] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  234.040122][ T5885] bond0 (unregistering): (slave wlan1): Releasing backup interface
[  234.055905][ T5885] bond0 (unregistering): Released all slaves
[  235.017205][ T5885] hsr_slave_0: left promiscuous mode
[  235.027852][ T5885] hsr_slave_1: left promiscuous mode
[  235.039945][ T5885] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  235.053496][ T5885] batman_adv: batadv0: Removing interface: batadv_slave_0
[  235.066180][ T5885] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  235.074442][ T5885] batman_adv: batadv0: Removing interface: batadv_slave_1
[  235.094377][ T5885] veth1_macvtap: left promiscuous mode
[  235.103479][ T5885] veth0_macvtap: left promiscuous mode
[  235.113564][ T5885] veth1_vlan: left promiscuous mode
[  235.119215][ T5885] veth0_vlan: left promiscuous mode
[  238.036289][ T5885] team0 (unregistering): Port device team_slave_1 removed
[  238.082044][ T5885] team0 (unregistering): Port device team_slave_0 removed
[  238.213634][ T7681] netlink: 'syz.6.439': attribute type 10 has an invalid length.
[  238.679314][ T7681] bond0: (slave wlan1): Enslaving as an active interface with an up link
[  238.814951][ T7396] 8021q: adding VLAN 0 to HW filter on device bond0
[  238.912321][ T7396] 8021q: adding VLAN 0 to HW filter on device team0
[  238.927290][ T7437] netdevsim netdevsim8 netdevsim0: renamed from eth0
[  238.982515][ T7437] netdevsim netdevsim8 netdevsim1: renamed from eth1
[  239.039495][   T11] bridge0: port 1(bridge_slave_0) entered blocking state
[  239.046796][   T11] bridge0: port 1(bridge_slave_0) entered forwarding state
[  239.154216][ T7437] netdevsim netdevsim8 netdevsim2: renamed from eth2
[  239.180372][ T7437] netdevsim netdevsim8 netdevsim3: renamed from eth3
[  239.231737][   T11] bridge0: port 2(bridge_slave_1) entered blocking state
[  239.238903][   T11] bridge0: port 2(bridge_slave_1) entered forwarding state
[  240.391258][ T5885] netdevsim netdevsim5 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  240.466744][ T7437] 8021q: adding VLAN 0 to HW filter on device bond0
[  240.659641][ T5885] netdevsim netdevsim5 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  240.838982][ T7437] 8021q: adding VLAN 0 to HW filter on device team0
[  242.008005][ T5885] netdevsim netdevsim5 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  242.293991][ T1111] bridge0: port 1(bridge_slave_0) entered blocking state
[  242.301192][ T1111] bridge0: port 1(bridge_slave_0) entered forwarding state
[  242.502492][   T35] bridge0: port 2(bridge_slave_1) entered blocking state
[  242.509734][   T35] bridge0: port 2(bridge_slave_1) entered forwarding state
[  242.671337][ T7737] netlink: 8 bytes leftover after parsing attributes in process `syz.6.445'.
[  243.448655][ T5835] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1
[  243.469318][ T5835] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9
[  243.478240][ T5835] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9
[  243.511625][ T5835] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4
[  243.532144][ T5835] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3
[  243.542186][ T5835] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2
[  243.691953][ T5885] netdevsim netdevsim5 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  243.825333][ T7737] netlink: 'syz.6.445': attribute type 1 has an invalid length.
[  243.833122][ T7737] netlink: 'syz.6.445': attribute type 2 has an invalid length.
[  243.846690][ T7437] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[  243.865966][ T7396] 8021q: adding VLAN 0 to HW filter on device batadv0
[  244.346032][ T5885] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  244.393578][ T7739] chnl_net:caif_netlink_parms(): no params data found
[  244.565290][ T5885] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  244.781614][ T7779] syz.2.449: attempt to access beyond end of device
[  244.781614][ T7779] nbd2: rw=0, sector=16, nr_sectors = 1 limit=0
[  244.794804][ T7779] qnx6: unable to read the first superblock
[  244.804593][ T7779] syz.2.449: attempt to access beyond end of device
[  244.804593][ T7779] nbd2: rw=0, sector=0, nr_sectors = 1 limit=0
[  244.817542][ T7779] qnx6: unable to read the first superblock
[  244.823763][ T7779] qnx6: unable to read the first superblock
[  245.208808][ T5885] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  245.269616][ T7437] 8021q: adding VLAN 0 to HW filter on device batadv0
[  245.361379][ T5885] team0: Port device netdevsim0 removed
[  245.385666][ T5885] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  245.512425][ T7739] bridge0: port 1(bridge_slave_0) entered blocking state
[  245.530638][ T7739] bridge0: port 1(bridge_slave_0) entered disabled state
[  245.547186][ T7739] bridge_slave_0: entered allmulticast mode
[  245.575374][ T7739] bridge_slave_0: entered promiscuous mode
[  245.596858][ T7739] bridge0: port 2(bridge_slave_1) entered blocking state
[  245.618872][ T7739] bridge0: port 2(bridge_slave_1) entered disabled state
[  245.628729][ T5834] Bluetooth: hci2: command tx timeout
[  245.661101][ T7739] bridge_slave_1: entered allmulticast mode
[  245.717654][ T7739] bridge_slave_1: entered promiscuous mode
[  245.956148][ T7739] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  246.070352][ T7739] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  246.175610][ T7396] veth0_vlan: entered promiscuous mode
[  246.229886][ T5885] bridge_slave_1: left allmulticast mode
[  246.239623][ T5885] bridge_slave_1: left promiscuous mode
[  246.245884][ T5885] bridge0: port 2(bridge_slave_1) entered disabled state
[  246.751946][ T5885] bridge_slave_0: left allmulticast mode
[  246.766689][ T5885] bridge_slave_0: left promiscuous mode
[  246.781438][ T5885] bridge0: port 1(bridge_slave_0) entered disabled state
[  246.804111][ T5885] bridge_slave_1: left allmulticast mode
[  246.819504][ T5885] bridge_slave_1: left promiscuous mode
[  246.826149][ T5885] bridge0: port 2(bridge_slave_1) entered disabled state
[  246.856122][ T5885] bridge_slave_0: left allmulticast mode
[  246.862049][ T5885] bridge_slave_0: left promiscuous mode
[  246.869901][ T5885] bridge0: port 1(bridge_slave_0) entered disabled state
[  247.708256][ T5834] Bluetooth: hci2: command tx timeout
[  248.337503][ T5885] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  248.361396][ T5885] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  248.383074][ T5885] bond0 (unregistering): Released all slaves
[  248.847527][ T5885] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  248.949584][ T5885] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  249.069129][ T5885] bond0 (unregistering): (slave wlan1): Releasing backup interface
[  249.112713][ T5885] bond0 (unregistering): Released all slaves
[  249.172569][ T7739] team0: Port device team_slave_0 added
[  249.195454][ T7739] team0: Port device team_slave_1 added
[  249.777596][ T7396] veth1_vlan: entered promiscuous mode
[  249.826629][ T5834] Bluetooth: hci2: command tx timeout
[  249.945404][ T7739] batman_adv: batadv0: Adding interface: batadv_slave_0
[  249.976958][ T7739] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  250.004461][ T7739] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  250.112456][ T7739] batman_adv: batadv0: Adding interface: batadv_slave_1
[  250.128208][ T7739] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  250.185012][ T7739] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  250.237292][ T7396] veth0_macvtap: entered promiscuous mode
[  250.304811][ T7396] veth1_macvtap: entered promiscuous mode
[  250.351054][ T7831] syz.2.455 (7831): drop_caches: 2
[  250.460320][ T7437] veth0_vlan: entered promiscuous mode
[  250.562042][ T7739] hsr_slave_0: entered promiscuous mode
[  250.629006][ T7739] hsr_slave_1: entered promiscuous mode
[  250.650584][ T7739] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  250.670859][ T7739] Cannot create hsr debugfs directory
[  250.684348][ T7396] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  250.715991][ T7396] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  250.738281][ T7396] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  250.765553][ T7396] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  250.818259][ T7396] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  250.866114][ T7396] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  250.913233][ T7396] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  250.982200][ T7396] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  250.992622][ T7396] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  251.003635][ T7396] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  251.019214][ T7396] batman_adv: batadv0: Interface activated: batadv_slave_0
[  251.037825][ T7437] veth1_vlan: entered promiscuous mode
[  251.257159][ T7396] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  251.267723][ T7396] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  251.278062][ T7396] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  251.288752][ T7396] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  251.298793][ T7396] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  251.309311][ T7396] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  251.319692][ T7396] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  251.330204][ T7396] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  251.340202][ T7396] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  251.350855][ T7396] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  251.361515][ T7396] batman_adv: batadv0: Interface activated: batadv_slave_1
[  251.453060][ T7396] netdevsim netdevsim7 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  251.462258][ T7396] netdevsim netdevsim7 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  251.501809][ T7396] netdevsim netdevsim7 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  251.548429][ T7396] netdevsim netdevsim7 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  251.596525][ T7437] veth0_macvtap: entered promiscuous mode
[  251.650717][ T7437] veth1_macvtap: entered promiscuous mode
[  251.834831][ T5885] hsr_slave_0: left promiscuous mode
[  251.879368][ T5834] Bluetooth: hci2: command tx timeout
[  251.899050][ T5885] hsr_slave_1: left promiscuous mode
[  251.904933][ T5885] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  251.912680][ T5885] batman_adv: batadv0: Removing interface: batadv_slave_0
[  251.923507][ T5885] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  251.931084][ T5885] batman_adv: batadv0: Removing interface: batadv_slave_1
[  251.942221][ T5885] hsr_slave_0: left promiscuous mode
[  251.961557][ T5885] hsr_slave_1: left promiscuous mode
[  252.004289][ T5885] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  252.021867][ T5885] batman_adv: batadv0: Removing interface: batadv_slave_0
[  252.055587][ T5885] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  252.068368][ T5885] batman_adv: batadv0: Removing interface: batadv_slave_1
[  252.230342][ T5885] veth1_macvtap: left promiscuous mode
[  252.236168][ T5885] veth0_macvtap: left promiscuous mode
[  252.314796][ T7862] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off.
[  252.428417][ T5885] veth1_vlan: left promiscuous mode
[  252.434091][ T5885] veth0_vlan: left promiscuous mode
[  252.461442][ T5885] veth1_macvtap: left promiscuous mode
[  252.467468][ T5885] veth0_macvtap: left promiscuous mode
[  252.953954][ T5885] veth1_vlan: left promiscuous mode
[  252.985298][ T5885] veth0_vlan: left promiscuous mode
[  254.165727][ T5885] team0 (unregistering): Port device team_slave_1 removed
[  254.236440][ T5885] team0 (unregistering): Port device team_slave_0 removed
[  256.125095][ T1298] ieee802154 phy0 wpan0: encryption failed: -22
[  256.133256][ T1298] ieee802154 phy1 wpan1: encryption failed: -22
[  256.892625][ T5885] team0 (unregistering): Port device team_slave_1 removed
[  256.939206][ T5885] team0 (unregistering): Port device team_slave_0 removed
[  257.142139][ T7880] netlink: 'syz.6.465': attribute type 10 has an invalid length.
[  257.461983][ T7437] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  257.490368][ T7437] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  257.521050][ T7437] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  257.546978][ T7437] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  257.599234][ T7437] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  257.609872][ T7437] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  257.621477][ T7437] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  257.632921][ T7437] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  257.902193][ T7437] batman_adv: batadv0: Interface activated: batadv_slave_0
[  257.962927][ T7437] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  257.988054][ T7437] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  258.031440][ T7437] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  258.054242][ T7437] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  258.069669][ T7437] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  258.111538][ T7437] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  258.152529][ T7437] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  258.179992][ T7437] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  258.214095][ T7437] batman_adv: batadv0: Interface activated: batadv_slave_1
[  258.294138][ T7437] netdevsim netdevsim8 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  258.317141][ T7437] netdevsim netdevsim8 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  258.355234][ T7437] netdevsim netdevsim8 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  258.403332][ T7437] netdevsim netdevsim8 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  258.661613][ T7634] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  258.688717][ T7634] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  258.836430][  T150] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  258.846140][ T7739] netdevsim netdevsim9 netdevsim0: renamed from eth0
[  258.938246][  T150] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  259.062255][ T7739] netdevsim netdevsim9 netdevsim1: renamed from eth1
[  259.093785][ T7739] netdevsim netdevsim9 netdevsim2: renamed from eth2
[  259.222107][   T35] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  259.238186][ T7739] netdevsim netdevsim9 netdevsim3: renamed from eth3
[  259.249807][   T35] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  259.478554][ T5891] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  259.486428][ T5891] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  260.227085][ T7739] 8021q: adding VLAN 0 to HW filter on device bond0
[  260.341570][ T7739] 8021q: adding VLAN 0 to HW filter on device team0
[  260.369965][ T7634] bridge0: port 1(bridge_slave_0) entered blocking state
[  260.377111][ T7634] bridge0: port 1(bridge_slave_0) entered forwarding state
[  260.457166][ T6559] bridge0: port 2(bridge_slave_1) entered blocking state
[  260.464386][ T6559] bridge0: port 2(bridge_slave_1) entered forwarding state
[  262.086222][ T7949] netlink: 'syz.7.474': attribute type 10 has an invalid length.
[  262.192891][ T7949] bond0: (slave wlan1): Enslaving as an active interface with an up link
[  262.581160][ T7739] 8021q: adding VLAN 0 to HW filter on device batadv0
[  263.656623][ T7739] veth0_vlan: entered promiscuous mode
[  263.753430][ T7739] veth1_vlan: entered promiscuous mode
[  263.884450][ T7739] veth0_macvtap: entered promiscuous mode
[  264.115658][ T7739] veth1_macvtap: entered promiscuous mode
[  264.202736][ T7739] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  264.218914][ T7739] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  264.228819][ T7739] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  264.241431][ T7739] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  264.251811][ T7739] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  264.262353][ T7739] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  264.272473][ T7739] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  264.282985][ T7739] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  264.292826][ T7739] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  264.303406][ T7739] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  264.315035][ T7739] batman_adv: batadv0: Interface activated: batadv_slave_0
[  264.326549][ T7739] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  264.337237][ T7739] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  264.347201][ T7739] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  264.358265][ T7739] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  264.368139][ T7739] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  264.378643][ T7739] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  264.388594][ T7739] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  264.399074][ T7739] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  264.408932][ T7739] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  264.419581][ T7739] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  264.431190][ T7739] batman_adv: batadv0: Interface activated: batadv_slave_1
[  264.545669][ T7739] netdevsim netdevsim9 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  264.556482][ T7739] netdevsim netdevsim9 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  264.565472][ T7739] netdevsim netdevsim9 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  264.574537][ T7739] netdevsim netdevsim9 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  264.959283][ T6559] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  265.013542][ T6559] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  266.315247][   T12] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  266.342903][   T12] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  266.753106][ T8008] new mount options do not match the existing superblock, will be ignored
[  268.991215][ T8031] netlink: 'syz.9.488': attribute type 10 has an invalid length.
[  269.015960][ T8031] bond0: (slave wlan1): Enslaving as an active interface with an up link
[  269.622147][ T8047] syz.9.491: attempt to access beyond end of device
[  269.622147][ T8047] nbd9: rw=0, sector=16, nr_sectors = 1 limit=0
[  269.635513][ T8047] qnx6: unable to read the first superblock
[  269.643071][ T8047] syz.9.491: attempt to access beyond end of device
[  269.643071][ T8047] nbd9: rw=0, sector=0, nr_sectors = 1 limit=0
[  269.656693][ T8047] qnx6: unable to read the first superblock
[  269.663010][ T8047] qnx6: unable to read the first superblock
[  274.036533][ T8099] netlink: 'syz.6.502': attribute type 10 has an invalid length.
[  275.312839][ T8120] syz.6.509: attempt to access beyond end of device
[  275.312839][ T8120] nbd6: rw=0, sector=16, nr_sectors = 1 limit=0
[  275.326255][ T8120] qnx6: unable to read the first superblock
[  275.333773][ T8120] syz.6.509: attempt to access beyond end of device
[  275.333773][ T8120] nbd6: rw=0, sector=0, nr_sectors = 1 limit=0
[  275.347005][ T8120] qnx6: unable to read the first superblock
[  275.353121][ T8120] qnx6: unable to read the first superblock
[  277.542082][ T8138] netlink: 'syz.7.515': attribute type 10 has an invalid length.
[  277.570148][   T25] usb 10-1: new full-speed USB device number 2 using dummy_hcd
[  279.614188][   T25] usb 10-1: config 127 has an invalid interface number: 218 but max is 0
[  279.629777][   T25] usb 10-1: config 127 has no interface number 0
[  279.636262][   T25] usb 10-1: config 127 interface 218 has no altsetting 0
[  280.818234][   T25] usb 10-1: New USB device found, idVendor=108c, idProduct=0159, bcdDevice= 3.5c
[  280.827448][   T25] usb 10-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  280.835679][   T25] usb 10-1: Product: syz
[  280.840063][   T25] usb 10-1: Manufacturer: syz
[  280.844769][   T25] usb 10-1: SerialNumber: syz
[  281.068335][   T25] usb 10-1: can't set config #127, error -71
[  281.107170][   T25] usb 10-1: USB disconnect, device number 2
[  283.743044][ T8189] overlayfs: failed to resolve './file1': -2
[  284.109840][ T8192] syz.8.525: attempt to access beyond end of device
[  284.109840][ T8192] nbd8: rw=0, sector=16, nr_sectors = 1 limit=0
[  284.124215][ T8192] qnx6: unable to read the first superblock
[  284.137139][ T8192] syz.8.525: attempt to access beyond end of device
[  284.137139][ T8192] nbd8: rw=0, sector=0, nr_sectors = 1 limit=0
[  284.151268][ T8192] qnx6: unable to read the first superblock
[  284.157392][ T8192] qnx6: unable to read the first superblock
[  285.111228][ T8210] overlayfs: failed to resolve './file1': -2
[  286.095951][ T5835] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1
[  286.108915][ T5835] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9
[  286.118310][ T5835] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9
[  287.253905][ T5835] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4
[  287.261899][ T5835] Bluetooth: hci4: unexpected cc 0x0c25 length: 249 > 3
[  287.270532][ T5835] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2
[  287.896556][ T8232] netlink: 'syz.7.533': attribute type 10 has an invalid length.
[  289.548184][ T5834] Bluetooth: hci4: command tx timeout
[  289.623299][ T8257] overlayfs: failed to resolve './file1': -2
[  291.998015][ T5834] Bluetooth: hci4: command tx timeout
[  292.914219][ T8213] chnl_net:caif_netlink_parms(): no params data found
[  293.496701][ T8295] netlink: 'syz.6.548': attribute type 10 has an invalid length.
[  293.656879][ T6856] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  294.212423][ T5834] Bluetooth: hci4: command tx timeout
[  294.734945][ T6856] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  294.884448][ T8213] bridge0: port 1(bridge_slave_0) entered blocking state
[  295.128116][ T8213] bridge0: port 1(bridge_slave_0) entered disabled state
[  295.135405][ T8213] bridge_slave_0: entered allmulticast mode
[  295.150809][ T8213] bridge_slave_0: entered promiscuous mode
[  295.211399][ T8213] bridge0: port 2(bridge_slave_1) entered blocking state
[  295.219158][ T8213] bridge0: port 2(bridge_slave_1) entered disabled state
[  295.227440][ T8213] bridge_slave_1: entered allmulticast mode
[  295.240022][ T8213] bridge_slave_1: entered promiscuous mode
[  296.636388][ T5834] Bluetooth: hci4: command tx timeout
[  296.706892][ T8213] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  296.962000][ T6856] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  297.371465][ T8213] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  297.598183][    T9] usb 10-1: new high-speed USB device number 3 using dummy_hcd
[  298.500722][ T6856] team0: Port device netdevsim0 removed
[  298.515933][ T6856] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  298.701736][    T9] usb 10-1: config 0 has no interfaces?
[  298.764491][ T8213] team0: Port device team_slave_0 added
[  298.798705][ T8213] team0: Port device team_slave_1 added
[  298.960138][    T9] usb 10-1: New USB device found, idVendor=091e, idProduct=0003, bcdDevice=d7.3b
[  298.969350][    T9] usb 10-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  298.977408][    T9] usb 10-1: Product: syz
[  298.981716][    T9] usb 10-1: Manufacturer: syz
[  298.986403][    T9] usb 10-1: SerialNumber: syz
[  298.998938][    T9] usb 10-1: config 0 descriptor??
[  299.064259][ T8357] netlink: 'syz.6.563': attribute type 10 has an invalid length.
[  299.135377][ T8365] overlayfs: failed to resolve './file0': -2
[  299.145231][ T8213] batman_adv: batadv0: Adding interface: batadv_slave_0
[  299.165917][ T8213] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  299.286362][ T8213] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  299.828775][ T8213] batman_adv: batadv0: Adding interface: batadv_slave_1
[  299.857290][ T8213] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  299.883253][    C1] vkms_vblank_simulate: vblank timer overrun
[  299.920225][ T8213] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  302.455174][ T8213] hsr_slave_0: entered promiscuous mode
[  302.582331][ T8213] hsr_slave_1: entered promiscuous mode
[  303.765258][ T6856] bridge_slave_1: left allmulticast mode
[  303.908090][ T6856] bridge_slave_1: left promiscuous mode
[  303.914609][ T6856] bridge0: port 2(bridge_slave_1) entered disabled state
[  304.451746][ T6856] bridge_slave_0: left allmulticast mode
[  304.457452][ T6856] bridge_slave_0: left promiscuous mode
[  304.545395][ T6856] bridge0: port 1(bridge_slave_0) entered disabled state
[  304.709850][ T8408] netlink: 'syz.9.578': attribute type 10 has an invalid length.
[  304.711919][ T8406] overlayfs: failed to resolve './file0': -2
[  304.761931][ T5865] usb 10-1: USB disconnect, device number 3
[  305.205801][ T8415] overlayfs: failed to resolve './file0': -2
[  305.212275][ T5908] usb 7-1: new high-speed USB device number 3 using dummy_hcd
[  305.387452][ T5908] usb 7-1: Using ep0 maxpacket: 8
[  305.427715][ T5908] usb 7-1: New USB device found, idVendor=0ccd, idProduct=00b3, bcdDevice=2d.ea
[  305.467455][ T5908] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  305.530914][ T5908] usb 7-1: Product: syz
[  305.582909][ T5908] usb 7-1: Manufacturer: syz
[  305.620052][ T5908] usb 7-1: SerialNumber: syz
[  305.704180][ T5908] usb 7-1: config 0 descriptor??
[  305.775780][ T6856] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  305.798908][ T6856] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  305.834312][ T6856] bond0 (unregistering): (slave wlan1): Releasing backup interface
[  305.856148][ T6856] bond0 (unregistering): Released all slaves
[  306.137353][ T5908] usb 7-1: dvb_usb_v2: found a 'TerraTec NOXON DAB Stick' in warm state
[  308.139504][ T5908] dvb_usb_rtl28xxu 7-1:0.0: probe with driver dvb_usb_rtl28xxu failed with error -71
[  308.330943][ T5908] usb 7-1: USB disconnect, device number 3
[  310.153695][ T8456] overlayfs: failed to resolve './file0': -2
[  310.788875][ T8454] overlayfs: failed to resolve './file0': -2
[  310.966123][ T8461] netlink: 'syz.6.594': attribute type 10 has an invalid length.
[  311.966600][ T6856] hsr_slave_0: left promiscuous mode
[  312.018183][ T6856] hsr_slave_1: left promiscuous mode
[  312.024108][ T6856] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  312.056071][ T6856] batman_adv: batadv0: Removing interface: batadv_slave_0
[  312.097146][ T6856] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  312.116096][ T6856] batman_adv: batadv0: Removing interface: batadv_slave_1
[  312.210535][ T6856] veth1_macvtap: left promiscuous mode
[  312.216109][ T6856] veth0_macvtap: left promiscuous mode
[  312.246024][ T6856] veth1_vlan: left promiscuous mode
[  312.260212][ T6856] veth0_vlan: left promiscuous mode
[  314.026520][ T8493] input: syz1 as /devices/virtual/input/input5
[  314.723856][ T6856] team0 (unregistering): Port device team_slave_1 removed
[  314.860789][ T6856] team0 (unregistering): Port device team_slave_0 removed
[  314.981468][ T8499] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off.
[  316.505559][   T29] kauditd_printk_skb: 35 callbacks suppressed
[  316.505598][   T29] audit: type=1804 audit(1736311941.636:47): pid=8507 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.7.605" name="/newroot/33/bus/file0" dev="overlay" ino=222 res=1 errno=0
[  316.791924][ T8503] UDPLite6: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list
[  317.012928][ T8510] netlink: 'syz.8.607': attribute type 10 has an invalid length.
[  317.482772][ T1298] ieee802154 phy0 wpan0: encryption failed: -22
[  317.489681][ T1298] ieee802154 phy1 wpan1: encryption failed: -22
[  317.927227][ T8518] syz.9.608: attempt to access beyond end of device
[  317.927227][ T8518] nbd9: rw=0, sector=16, nr_sectors = 1 limit=0
[  317.941051][ T8518] qnx6: unable to read the first superblock
[  317.947984][ T8518] syz.9.608: attempt to access beyond end of device
[  317.947984][ T8518] nbd9: rw=0, sector=0, nr_sectors = 1 limit=0
[  317.961163][ T8518] qnx6: unable to read the first superblock
[  317.967175][ T8518] qnx6: unable to read the first superblock
[  318.641297][ T8510] bond0: (slave wlan1): Enslaving as an active interface with an up link
[  321.141180][ T8213] netdevsim netdevsim1 netdevsim0: renamed from eth0
[  321.330597][ T8536] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off.
[  322.116543][ T8213] netdevsim netdevsim1 netdevsim1: renamed from eth1
[  322.142314][ T8213] netdevsim netdevsim1 netdevsim2: renamed from eth2
[  322.749983][ T8213] netdevsim netdevsim1 netdevsim3: renamed from eth3
[  324.013791][ T8213] 8021q: adding VLAN 0 to HW filter on device bond0
[  324.230497][ T8213] 8021q: adding VLAN 0 to HW filter on device team0
[  324.250365][ T8558] netlink: 'syz.8.619': attribute type 10 has an invalid length.
[  324.305618][ T8213] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network
[  324.337933][ T8213] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[  324.532283][   T35] bridge0: port 1(bridge_slave_0) entered blocking state
[  324.546037][   T35] bridge0: port 1(bridge_slave_0) entered forwarding state
[  324.661531][   T35] bridge0: port 2(bridge_slave_1) entered blocking state
[  324.672031][   T35] bridge0: port 2(bridge_slave_1) entered forwarding state
[  324.961423][ T8565] overlayfs: failed to resolve './file0': -2
[  326.415558][ T8213] 8021q: adding VLAN 0 to HW filter on device batadv0
[  327.239735][ T8586] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off.
[  328.325009][ T8213] veth0_vlan: entered promiscuous mode
[  328.418002][   T29] audit: type=1804 audit(1736311953.776:48): pid=8591 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.8.624" name="/newroot/43/bus/file0" dev="overlay" ino=263 res=1 errno=0
[  329.043428][ T8213] veth1_vlan: entered promiscuous mode
[  329.814189][ T8213] veth0_macvtap: entered promiscuous mode
[  329.833659][ T8213] veth1_macvtap: entered promiscuous mode
[  329.868973][ T8213] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  329.887905][ T8213] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  329.908040][ T8213] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  329.937958][ T8213] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  329.947827][ T8213] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  329.958396][ T8213] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  329.968456][ T8213] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  329.978994][ T8213] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  329.988979][ T8213] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  329.999508][ T8213] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  330.010581][ T8213] batman_adv: batadv0: Interface activated: batadv_slave_0
[  330.030050][ T8213] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  330.048134][ T8213] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  330.058079][ T8213] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  330.077943][ T8213] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  330.087806][ T8213] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  330.098561][ T8213] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  330.108709][ T8213] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  330.119436][ T8213] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  330.129635][ T8213] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  330.140350][ T8213] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  330.151581][ T8213] batman_adv: batadv0: Interface activated: batadv_slave_1
[  330.161322][ T8213] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  330.170318][ T8213] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  330.179083][ T8213] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  330.187786][ T8213] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  330.351202][ T5828] Bluetooth: hci7: command 0x0406 tx timeout
[  330.552499][   T35] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  330.573625][   T35] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  330.670369][ T6856] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  330.730137][ T6856] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  331.338311][ T8616] netlink: 'syz.9.634': attribute type 10 has an invalid length.
[  332.524201][ T8629] syz.6.638: attempt to access beyond end of device
[  332.524201][ T8629] nbd6: rw=0, sector=16, nr_sectors = 1 limit=0
[  332.537153][ T8629] qnx6: unable to read the first superblock
[  332.543397][ T8629] syz.6.638: attempt to access beyond end of device
[  332.543397][ T8629] nbd6: rw=0, sector=0, nr_sectors = 1 limit=0
[  332.556274][ T8629] qnx6: unable to read the first superblock
[  332.562190][ T8629] qnx6: unable to read the first superblock
[  334.525962][ T8653] netlink: 104 bytes leftover after parsing attributes in process `syz.1.642'.
[  335.267667][ T8656] overlayfs: failed to resolve './file1': -2
[  335.288074][   T54] Bluetooth: hci6: command 0x0406 tx timeout
[  335.294476][   T54] Bluetooth: hci7: command 0x0406 tx timeout
[  335.955181][ T8661] netlink: 'syz.1.646': attribute type 10 has an invalid length.
[  336.131041][ T8661] bond0: (slave wlan1): Enslaving as an active interface with an up link
[  340.389914][   T29] audit: type=1804 audit(1736311965.766:49): pid=8721 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.9.657" name="/newroot/37/bus/file0" dev="overlay" ino=243 res=1 errno=0
[  341.069792][ T8725] netlink: 'syz.8.660': attribute type 10 has an invalid length.
[  342.838115][ T5876] usb 9-1: new high-speed USB device number 2 using dummy_hcd
[  343.124715][ T5876] usb 9-1: New USB device found, idVendor=0403, idProduct=6010, bcdDevice=c6.98
[  343.280422][ T5876] usb 9-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  343.606631][ T5876] usb 9-1: config 0 descriptor??
[  343.636432][ T5876] ftdi_sio 9-1:0.0: FTDI USB Serial Device converter detected
[  343.647427][ T5876] ftdi_sio ttyUSB0: unknown device type: 0xc698
[  344.706778][ T8777] netlink: 'syz.6.674': attribute type 10 has an invalid length.
[  345.244261][ T5876] usb 9-1: USB disconnect, device number 2
[  345.251957][ T5876] ftdi_sio 9-1:0.0: device disconnected
[  345.475873][   T29] audit: type=1804 audit(1736311970.836:50): pid=8786 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.1.673" name="/newroot/13/bus/file0" dev="overlay" ino=112 res=1 errno=0
[  348.205752][ T8831] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off.
[  348.959973][ T8847] netlink: 'syz.9.687': attribute type 10 has an invalid length.
[  349.076599][ T5834] Bluetooth: hci6: command 0x0406 tx timeout
[  353.209263][ T8896] new mount options do not match the existing superblock, will be ignored
[  354.120615][ T8899] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off.
[  357.758013][ T5876] usb 2-1: new high-speed USB device number 2 using dummy_hcd
[  358.147559][ T5876] usb 2-1: New USB device found, idVendor=0403, idProduct=6010, bcdDevice=c6.98
[  358.259188][ T5876] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  358.345117][ T5876] usb 2-1: config 0 descriptor??
[  358.458955][ T5876] ftdi_sio 2-1:0.0: FTDI USB Serial Device converter detected
[  358.488360][ T5876] ftdi_sio ttyUSB0: unknown device type: 0xc698
[  358.830399][ T8969] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off.
[  359.611973][ T8977] new mount options do not match the existing superblock, will be ignored
[  360.263250][  T976] usb 2-1: USB disconnect, device number 2
[  360.270406][  T976] ftdi_sio 2-1:0.0: device disconnected
[  361.636796][ T9008] overlay: Unknown parameter 'smackfstransmute'
[  363.055088][ T9031] new mount options do not match the existing superblock, will be ignored
[  364.737982][  T976] usb 8-1: new high-speed USB device number 2 using dummy_hcd
[  364.999511][  T976] usb 8-1: New USB device found, idVendor=0403, idProduct=6010, bcdDevice=c6.98
[  365.024907][  T976] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  365.310236][  T976] usb 8-1: config 0 descriptor??
[  365.394893][  T976] ftdi_sio 8-1:0.0: FTDI USB Serial Device converter detected
[  365.403582][  T976] ftdi_sio ttyUSB0: unknown device type: 0xc698
[  367.678247][ T5834] Bluetooth: hci4: command 0x0405 tx timeout
[  368.151874][  T976] usb 8-1: USB disconnect, device number 2
[  368.158829][  T976] ftdi_sio 8-1:0.0: device disconnected
[  369.329133][ T9101] new mount options do not match the existing superblock, will be ignored
[  371.029089][ T5834] Bluetooth: hci2: command 0x0406 tx timeout
[  372.021547][ T9116] syz.9.746: attempt to access beyond end of device
[  372.021547][ T9116] nbd9: rw=0, sector=16, nr_sectors = 1 limit=0
[  372.034702][ T9116] qnx6: unable to read the first superblock
[  372.041010][ T9116] syz.9.746: attempt to access beyond end of device
[  372.041010][ T9116] nbd9: rw=0, sector=0, nr_sectors = 1 limit=0
[  372.054045][ T9116] qnx6: unable to read the first superblock
[  372.060039][ T9116] qnx6: unable to read the first superblock
[  373.951022][ T9152] overlay: Unknown parameter 'smackfstransmute'
[  375.222895][ T5834] Bluetooth: hci4: command 0x0405 tx timeout
[  375.758236][ T9170] new mount options do not match the existing superblock, will be ignored
[  378.914602][ T1298] ieee802154 phy0 wpan0: encryption failed: -22
[  378.945024][ T1298] ieee802154 phy1 wpan1: encryption failed: -22
[  379.430681][ T9199] syz.7.765: attempt to access beyond end of device
[  379.430681][ T9199] nbd7: rw=0, sector=16, nr_sectors = 1 limit=0
[  379.443911][ T9199] qnx6: unable to read the first superblock
[  379.450217][ T9199] syz.7.765: attempt to access beyond end of device
[  379.450217][ T9199] nbd7: rw=0, sector=0, nr_sectors = 1 limit=0
[  379.462974][ T9199] qnx6: unable to read the first superblock
[  379.469186][ T9199] qnx6: unable to read the first superblock
[  381.844671][ T9239] overlay: Unknown parameter 'smackfstransmute'
[  383.943317][ T9252] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off.
[  385.480360][ T9276] syz.9.781: attempt to access beyond end of device
[  385.480360][ T9276] nbd9: rw=0, sector=16, nr_sectors = 1 limit=0
[  385.493330][ T9276] qnx6: unable to read the first superblock
[  385.499482][ T9276] syz.9.781: attempt to access beyond end of device
[  385.499482][ T9276] nbd9: rw=0, sector=0, nr_sectors = 1 limit=0
[  385.512257][ T9276] qnx6: unable to read the first superblock
[  385.518219][ T9276] qnx6: unable to read the first superblock
[  387.082531][ T9310] Unsupported ieee802154 address type: 0
[  387.568503][    T9] usb 9-1: new high-speed USB device number 3 using dummy_hcd
[  387.809532][    T9] usb 9-1: New USB device found, idVendor=0403, idProduct=6010, bcdDevice=c6.98
[  387.821277][    T9] usb 9-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  387.845292][    T9] usb 9-1: config 0 descriptor??
[  387.858502][    T9] ftdi_sio 9-1:0.0: FTDI USB Serial Device converter detected
[  387.867098][    T9] ftdi_sio ttyUSB0: unknown device type: 0xc698
[  387.958068][ T5834] Bluetooth: hci4: command 0x0405 tx timeout
[  388.619208][    T9] usb 9-1: USB disconnect, device number 3
[  388.626104][    T9] ftdi_sio 9-1:0.0: device disconnected
[  388.801857][ T9334] overlayfs: missing 'lowerdir'
[  392.772380][ T9358] syz.1.797: attempt to access beyond end of device
[  392.772380][ T9358] nbd1: rw=0, sector=16, nr_sectors = 1 limit=0
[  392.802860][ T9358] qnx6: unable to read the first superblock
[  392.969490][ T9358] syz.1.797: attempt to access beyond end of device
[  392.969490][ T9358] nbd1: rw=0, sector=0, nr_sectors = 1 limit=0
[  393.942983][ T9358] qnx6: unable to read the first superblock
[  393.973580][ T9358] qnx6: unable to read the first superblock
[  394.082237][ T9390] overlayfs: missing 'lowerdir'
[  396.163500][ T9404] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off.
[  396.178011][ T5834] Bluetooth: hci4: command 0x0405 tx timeout
[  396.557662][   T25] usb 10-1: new high-speed USB device number 4 using dummy_hcd
[  397.048967][ T9427] Unsupported ieee802154 address type: 0
[  397.175702][   T25] usb 10-1: New USB device found, idVendor=0403, idProduct=6010, bcdDevice=c6.98
[  397.193603][   T25] usb 10-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  397.221371][ T9436] netlink: 'syz.8.813': attribute type 10 has an invalid length.
[  397.259317][   T25] usb 10-1: config 0 descriptor??
[  397.284705][   T25] ftdi_sio 10-1:0.0: FTDI USB Serial Device converter detected
[  397.363003][   T25] ftdi_sio ttyUSB0: unknown device type: 0xc698
[  398.449367][ T5908] usb 10-1: USB disconnect, device number 4
[  398.467705][ T5908] ftdi_sio 10-1:0.0: device disconnected
[  399.543527][ T9465] overlayfs: missing 'lowerdir'
[  400.018282][ T9473] overlayfs: failed to resolve './file1': -2
[  401.339301][ T9480] syz.7.818: attempt to access beyond end of device
[  401.339301][ T9480] nbd7: rw=0, sector=16, nr_sectors = 1 limit=0
[  401.355232][ T9480] qnx6: unable to read the first superblock
[  401.366106][ T9480] syz.7.818: attempt to access beyond end of device
[  401.366106][ T9480] nbd7: rw=0, sector=0, nr_sectors = 1 limit=0
[  401.381961][ T9480] qnx6: unable to read the first superblock
[  401.388398][ T9480] qnx6: unable to read the first superblock
[  401.623036][ T9487] netlink: 'syz.9.826': attribute type 10 has an invalid length.
[  403.078942][    T9] usb 2-1: new high-speed USB device number 3 using dummy_hcd
[  403.108718][ T9518] overlayfs: missing 'lowerdir'
[  403.250783][    T9] usb 2-1: New USB device found, idVendor=0403, idProduct=6010, bcdDevice=c6.98
[  403.475633][    T9] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  403.506860][ T9505] program syz.9.828 is using a deprecated SCSI ioctl, please convert it to SG_IO
[  403.527442][    T9] usb 2-1: config 0 descriptor??
[  403.610594][    T9] ftdi_sio 2-1:0.0: FTDI USB Serial Device converter detected
[  403.751426][    T9] ftdi_sio ttyUSB0: unknown device type: 0xc698
[  405.494376][ T9538] overlayfs: failed to resolve './file1': -2
[  406.172901][    T9] usb 2-1: USB disconnect, device number 3
[  406.180237][    T9] ftdi_sio 2-1:0.0: device disconnected
[  406.960259][ T9550] netlink: 'syz.6.839': attribute type 10 has an invalid length.
[  408.044132][ T9556] syz.7.841: attempt to access beyond end of device
[  408.044132][ T9556] nbd7: rw=0, sector=16, nr_sectors = 1 limit=0
[  408.057124][ T9556] qnx6: unable to read the first superblock
[  408.063568][ T9556] syz.7.841: attempt to access beyond end of device
[  408.063568][ T9556] nbd7: rw=0, sector=0, nr_sectors = 1 limit=0
[  408.076277][ T9556] qnx6: unable to read the first superblock
[  408.082390][ T9556] qnx6: unable to read the first superblock
[  408.883415][ T9575] overlayfs: missing 'lowerdir'
[  411.659126][   T29] audit: type=1804 audit(1736312037.026:51): pid=9594 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.8.849" name="/newroot/83/bus/file0" dev="overlay" ino=507 res=1 errno=0
[  412.033003][ T5834] Bluetooth: hci4: command 0x0405 tx timeout
[  413.356584][ T9628] syz.7.856: attempt to access beyond end of device
[  413.356584][ T9628] nbd7: rw=0, sector=16, nr_sectors = 1 limit=0
[  413.373105][ T9628] qnx6: unable to read the first superblock
[  413.380477][ T9628] syz.7.856: attempt to access beyond end of device
[  413.380477][ T9628] nbd7: rw=0, sector=0, nr_sectors = 1 limit=0
[  413.393797][ T9628] qnx6: unable to read the first superblock
[  413.399968][ T9628] qnx6: unable to read the first superblock
[  413.823519][ T9635] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off.
[  413.878883][ T9634] overlayfs: missing 'lowerdir'
[  416.153997][    T8] usb 2-1: new high-speed USB device number 4 using dummy_hcd
[  416.905967][ T9677] overlayfs: option "workdir=./bus" is useless in a non-upper mount, ignore
[  416.914887][ T9677] overlayfs: at least 2 lowerdir are needed while upperdir nonexistent
[  416.958238][ T9668] syz.9.870: attempt to access beyond end of device
[  416.958238][ T9668] nbd9: rw=0, sector=16, nr_sectors = 1 limit=0
[  416.971170][ T9668] qnx6: unable to read the first superblock
[  416.977196][ T9668] syz.9.870: attempt to access beyond end of device
[  416.977196][ T9668] nbd9: rw=0, sector=0, nr_sectors = 1 limit=0
[  416.990035][ T9668] qnx6: unable to read the first superblock
[  416.995908][ T9668] qnx6: unable to read the first superblock
[  417.037905][    T8] usb 2-1: New USB device found, idVendor=0403, idProduct=6010, bcdDevice=c6.98
[  417.060537][    T8] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  417.088844][    T8] usb 2-1: config 0 descriptor??
[  417.116308][    T8] ftdi_sio 2-1:0.0: FTDI USB Serial Device converter detected
[  417.141385][    T8] ftdi_sio ttyUSB0: unknown device type: 0xc698
[  417.298326][ T9684] overlayfs: failed to resolve './file0': -2
[  419.072215][  T976] usb 2-1: USB disconnect, device number 4
[  419.338818][  T976] ftdi_sio 2-1:0.0: device disconnected
[  420.003049][ T9729] new mount options do not match the existing superblock, will be ignored
[  420.822930][ T9734] overlayfs: option "workdir=./bus" is useless in a non-upper mount, ignore
[  420.822958][ T9734] overlayfs: at least 2 lowerdir are needed while upperdir nonexistent
[  421.126171][ T9728] tty tty37: ldisc open failed (-12), clearing slot 36
[  421.240560][ T9720] program syz.6.879 is using a deprecated SCSI ioctl, please convert it to SG_IO
[  421.660173][ T9748] syz.8.886: attempt to access beyond end of device
[  421.660173][ T9748] nbd8: rw=0, sector=16, nr_sectors = 1 limit=0
[  421.673426][ T9748] qnx6: unable to read the first superblock
[  421.680912][ T9748] syz.8.886: attempt to access beyond end of device
[  421.680912][ T9748] nbd8: rw=0, sector=0, nr_sectors = 1 limit=0
[  421.694212][ T9748] qnx6: unable to read the first superblock
[  421.700299][ T9748] qnx6: unable to read the first superblock
[  423.274497][ T9767] overlayfs: failed to resolve './file0': -2
[  424.472937][ T9790] overlayfs: option "workdir=./bus" is useless in a non-upper mount, ignore
[  424.543562][ T9790] overlayfs: at least 2 lowerdir are needed while upperdir nonexistent
[  426.217233][ T9814] overlayfs: failed to resolve './file0': -2
[  427.248832][ T9831] syz.7.909: attempt to access beyond end of device
[  427.248832][ T9831] nbd7: rw=0, sector=16, nr_sectors = 1 limit=0
[  427.262047][ T9831] qnx6: unable to read the first superblock
[  427.269490][ T9831] syz.7.909: attempt to access beyond end of device
[  427.269490][ T9831] nbd7: rw=0, sector=0, nr_sectors = 1 limit=0
[  427.282770][ T9831] qnx6: unable to read the first superblock
[  427.313294][ T9831] qnx6: unable to read the first superblock
[  429.738934][ T9869] overlayfs: missing 'lowerdir'
[  430.718177][ T9881] overlayfs: failed to resolve './file1': -2
[  430.887758][ T9891] netlink: 'syz.6.923': attribute type 10 has an invalid length.
[  431.698799][ T9907] new mount options do not match the existing superblock, will be ignored
[  434.526822][ T9940] overlayfs: missing 'lowerdir'
[  435.076749][ T9957] netlink: 'syz.7.936': attribute type 10 has an invalid length.
[  435.198853][ T9955] overlayfs: failed to resolve './file1': -2
[  438.530431][ T9988] new mount options do not match the existing superblock, will be ignored
[  440.523662][ T1298] ieee802154 phy0 wpan0: encryption failed: -22
[  440.530424][ T1298] ieee802154 phy1 wpan1: encryption failed: -22
[  441.301065][T10008] syz.1.944: attempt to access beyond end of device
[  441.301065][T10008] nbd1: rw=0, sector=16, nr_sectors = 1 limit=0
[  441.401612][T10008] qnx6: unable to read the first superblock
[  441.464980][T10011] netlink: 'syz.6.948': attribute type 10 has an invalid length.
[  441.525195][T10015] overlayfs: failed to resolve './file1': -2
[  441.528417][T10008] syz.1.944: attempt to access beyond end of device
[  441.528417][T10008] nbd1: rw=0, sector=0, nr_sectors = 1 limit=0
[  442.657014][T10008] qnx6: unable to read the first superblock
[  442.663199][T10008] qnx6: unable to read the first superblock
[  442.686409][T10027] No buffer was provided with the request
[  442.697089][T10027] No buffer was provided with the request
[  443.630744][T10023] capability: warning: `syz.7.951' uses deprecated v2 capabilities in a way that may be insecure
[  445.524439][T10058] overlayfs: missing 'workdir'
[  446.788149][T10071] new mount options do not match the existing superblock, will be ignored
[  448.181140][T10082] netlink: 'syz.7.962': attribute type 10 has an invalid length.
[  448.646590][ T5907] usb 10-1: new high-speed USB device number 5 using dummy_hcd
[  449.422717][ T5907] usb 10-1: New USB device found, idVendor=0403, idProduct=6010, bcdDevice=c6.98
[  449.630219][ T5907] usb 10-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  450.065070][ T5907] usb 10-1: config 0 descriptor??
[  450.102349][ T5907] ftdi_sio 10-1:0.0: FTDI USB Serial Device converter detected
[  450.115516][ T5907] ftdi_sio ttyUSB0: unknown device type: 0xc698
[  450.358467][T10108] netlink: 'syz.7.968': attribute type 1 has an invalid length.
[  450.988323][ T5907] usb 10-1: USB disconnect, device number 5
[  450.994831][ T5907] ftdi_sio 10-1:0.0: device disconnected
[  451.477066][T10124] overlayfs: missing 'workdir'
[  452.099222][T10132] netlink: 'syz.8.975': attribute type 10 has an invalid length.
[  452.384759][T10140] new mount options do not match the existing superblock, will be ignored
[  460.264955][T10203] syz.7.986: attempt to access beyond end of device
[  460.264955][T10203] nbd7: rw=0, sector=16, nr_sectors = 1 limit=0
[  460.399082][T10203] qnx6: unable to read the first superblock
[  460.473242][T10203] syz.7.986: attempt to access beyond end of device
[  460.473242][T10203] nbd7: rw=0, sector=0, nr_sectors = 1 limit=0
[  460.488858][T10203] qnx6: unable to read the first superblock
[  460.641501][T10203] qnx6: unable to read the first superblock
[  462.308196][T10233] netlink: 'syz.1.997': attribute type 10 has an invalid length.
[  462.599224][T10242] new mount options do not match the existing superblock, will be ignored
[  466.019706][T10268] syz.9.1006: attempt to access beyond end of device
[  466.019706][T10268] loop9: rw=4096, sector=0, nr_sectors = 1 limit=0
[  466.048578][T10268] XFS (loop9): SB validate failed with error -5.
[  467.144621][T10303] netlink: 'syz.1.1012': attribute type 10 has an invalid length.
[  467.387262][T10316] new mount options do not match the existing superblock, will be ignored
[  469.699441][T10345] netlink: 20 bytes leftover after parsing attributes in process `syz.8.1021'.
[  471.796237][T10390] new mount options do not match the existing superblock, will be ignored
[  472.577092][T10382] syz.1.1028: attempt to access beyond end of device
[  472.577092][T10382] nbd1: rw=0, sector=16, nr_sectors = 1 limit=0
[  472.615001][T10382] qnx6: unable to read the first superblock
[  473.174707][T10382] syz.1.1028: attempt to access beyond end of device
[  473.174707][T10382] nbd1: rw=0, sector=0, nr_sectors = 1 limit=0
[  473.191774][T10382] qnx6: unable to read the first superblock
[  473.207497][T10382] qnx6: unable to read the first superblock
[  477.014105][T10456] overlayfs: overlapping lowerdir path
[  481.165520][T10518] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off.
[  483.511899][T10556] program syz.9.1060 is using a deprecated SCSI ioctl, please convert it to SG_IO
[  483.869592][T10559] overlayfs: failed to resolve './file1': -2
[  487.936122][   T25] usb 7-1: new high-speed USB device number 4 using dummy_hcd
[  488.147992][   T25] usb 7-1: device descriptor read/64, error -71
[  488.388116][   T25] usb 7-1: new high-speed USB device number 5 using dummy_hcd
[  488.547913][   T25] usb 7-1: device descriptor read/64, error -71
[  488.678514][   T25] usb usb7-port1: attempt power cycle
[  488.905101][T10642] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off.
[  489.118096][   T25] usb 7-1: new high-speed USB device number 6 using dummy_hcd
[  489.198482][   T25] usb 7-1: device descriptor read/8, error -71
[  489.301136][T10653] program syz.9.1079 is using a deprecated SCSI ioctl, please convert it to SG_IO
[  489.468000][   T25] usb 7-1: new high-speed USB device number 7 using dummy_hcd
[  489.514294][   T25] usb 7-1: device descriptor read/8, error -71
[  489.802808][   T25] usb usb7-port1: unable to enumerate USB device
[  489.877479][T10612] delete_channel: no stack
[  491.758964][T10681] uprobe: syz.7.1083:10681 failed to unregister, leaking uprobe
[  492.421319][T10691] mkiss: ax0: crc mode is auto.
[  492.571751][T10698] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off.
[  493.049000][T10707] syz.1.1091: attempt to access beyond end of device
[  493.049000][T10707] nbd1: rw=0, sector=16, nr_sectors = 1 limit=0
[  493.064213][T10707] qnx6: unable to read the first superblock
[  493.222823][T10707] syz.1.1091: attempt to access beyond end of device
[  493.222823][T10707] nbd1: rw=0, sector=0, nr_sectors = 1 limit=0
[  493.275521][T10707] qnx6: unable to read the first superblock
[  493.349647][T10707] qnx6: unable to read the first superblock
[  498.767604][T10814] mkiss: ax0: crc mode is auto.
[  499.517527][ T5907] usb 9-1: new high-speed USB device number 4 using dummy_hcd
[  499.681073][ T5907] usb 9-1: New USB device found, idVendor=0403, idProduct=6010, bcdDevice=c6.98
[  499.693526][ T5907] usb 9-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  499.754448][ T5907] usb 9-1: config 0 descriptor??
[  499.783191][ T5907] ftdi_sio 9-1:0.0: FTDI USB Serial Device converter detected
[  499.805659][ T5907] ftdi_sio ttyUSB0: unknown device type: 0xc698
[  499.986735][  T911] usb 9-1: USB disconnect, device number 4
[  499.993693][  T911] ftdi_sio 9-1:0.0: device disconnected
[  500.630559][T10865] overlayfs: missing 'lowerdir'
[  501.795948][ T1298] ieee802154 phy0 wpan0: encryption failed: -22
[  501.804723][ T1298] ieee802154 phy1 wpan1: encryption failed: -22
[  502.278704][T10890] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off.
[  505.249466][T10905] uprobe: syz.1.1122:10905 failed to unregister, leaking uprobe
[  505.285331][T10910] mkiss: ax0: crc mode is auto.
[  506.319021][T10930] netlink: 'syz.8.1128': attribute type 1 has an invalid length.
[  506.367704][T10930] netlink: 224 bytes leftover after parsing attributes in process `syz.8.1128'.
[  506.508652][T10939] overlayfs: missing 'lowerdir'
[  507.273038][  T976] usb 7-1: new high-speed USB device number 8 using dummy_hcd
[  507.462961][  T976] usb 7-1: New USB device found, idVendor=0403, idProduct=6010, bcdDevice=c6.98
[  507.475963][  T976] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  507.509529][  T976] usb 7-1: config 0 descriptor??
[  507.530865][  T976] ftdi_sio 7-1:0.0: FTDI USB Serial Device converter detected
[  507.564149][  T976] ftdi_sio ttyUSB0: unknown device type: 0xc698
[  508.533600][  T911] usb 7-1: USB disconnect, device number 8
[  508.552484][  T911] ftdi_sio 7-1:0.0: device disconnected
[  508.652909][T10958] overlayfs: missing 'lowerdir'
[  508.686310][T10956] syz.1.1133: attempt to access beyond end of device
[  508.686310][T10956] nbd1: rw=0, sector=16, nr_sectors = 1 limit=0
[  508.706414][T10958] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off.
[  508.720006][T10956] qnx6: unable to read the first superblock
[  508.726277][T10956] syz.1.1133: attempt to access beyond end of device
[  508.726277][T10956] nbd1: rw=0, sector=0, nr_sectors = 1 limit=0
[  508.740734][T10956] qnx6: unable to read the first superblock
[  508.794515][T10956] qnx6: unable to read the first superblock
[  510.722185][ T5840] usb 10-1: new high-speed USB device number 6 using dummy_hcd
[  510.917967][ T5840] usb 10-1: device descriptor read/64, error -71
[  511.298341][ T5840] usb 10-1: new high-speed USB device number 7 using dummy_hcd
[  511.447927][ T5840] usb 10-1: device descriptor read/64, error -71
[  511.489802][T10983] new mount options do not match the existing superblock, will be ignored
[  511.621762][ T5840] usb usb10-port1: attempt power cycle
[  511.739965][T10985] overlayfs: missing 'lowerdir'
[  512.136719][T10966] delete_channel: no stack
[  512.617682][T10993] netlink: 'syz.6.1144': attribute type 1 has an invalid length.
[  512.633735][T10993] netlink: 224 bytes leftover after parsing attributes in process `syz.6.1144'.
[  512.898417][T10998] overlayfs: missing 'lowerdir'
[  512.911797][T10998] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off.
[  514.059331][ T5828] Bluetooth: hci7: unexpected event for opcode 0x2005
[  515.246489][  T976] usb 9-1: new high-speed USB device number 5 using dummy_hcd
[  515.760677][  T976] usb 9-1: New USB device found, idVendor=0403, idProduct=6010, bcdDevice=c6.98
[  515.775138][  T976] usb 9-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  515.798270][  T976] usb 9-1: config 0 descriptor??
[  515.810195][  T976] ftdi_sio 9-1:0.0: FTDI USB Serial Device converter detected
[  515.819582][  T976] ftdi_sio ttyUSB0: unknown device type: 0xc698
[  516.082593][  T976] usb 9-1: USB disconnect, device number 5
[  516.174625][T11044] overlayfs: missing 'workdir'
[  516.183940][  T976] ftdi_sio 9-1:0.0: device disconnected
[  517.004507][ T5834] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1
[  517.019704][ T5834] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9
[  517.029785][ T5834] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9
[  517.040851][ T5834] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4
[  517.055327][ T5834] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3
[  517.064068][ T5834] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2
[  517.088174][T11055] Bluetooth: hci3: Opcode 0x0c1a failed: -4
[  519.184633][ T5834] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1
[  519.227238][ T5834] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9
[  519.240897][ T5834] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9
[  519.328986][ T5834] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4
[  519.336388][ T5834] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3
[  519.343609][ T5834] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2
[  521.199856][T11094] chnl_net:caif_netlink_parms(): no params data found
[  521.608012][ T5828] Bluetooth: hci3: command tx timeout
[  521.668185][T11117] syz.9.1164: attempt to access beyond end of device
[  521.668185][T11117] nbd9: rw=0, sector=16, nr_sectors = 1 limit=0
[  521.681587][T11117] qnx6: unable to read the first superblock
[  521.687617][T11117] syz.9.1164: attempt to access beyond end of device
[  521.687617][T11117] nbd9: rw=0, sector=0, nr_sectors = 1 limit=0
[  521.700429][T11117] qnx6: unable to read the first superblock
[  521.706339][T11117] qnx6: unable to read the first superblock
[  521.747869][   T29] audit: type=1804 audit(1736312147.116:52): pid=11130 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.8.1167" name="/newroot/165/bus/file0" dev="overlay" ino=1012 res=1 errno=0
[  521.932788][T11094] bridge0: port 1(bridge_slave_0) entered blocking state
[  522.064985][T11094] bridge0: port 1(bridge_slave_0) entered disabled state
[  522.169633][T11094] bridge_slave_0: entered allmulticast mode
[  522.208686][T11094] bridge_slave_0: entered promiscuous mode
[  522.243946][T11094] bridge0: port 2(bridge_slave_1) entered blocking state
[  522.293761][T11094] bridge0: port 2(bridge_slave_1) entered disabled state
[  522.351160][T11094] bridge_slave_1: entered allmulticast mode
[  522.378140][T11094] bridge_slave_1: entered promiscuous mode
[  522.547946][  T976] usb 10-1: new high-speed USB device number 9 using dummy_hcd
[  522.560012][T11094] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  523.076203][T11094] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  523.322490][  T976] usb 10-1: New USB device found, idVendor=0403, idProduct=6010, bcdDevice=c6.98
[  523.343002][  T976] usb 10-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  523.384138][  T976] usb 10-1: config 0 descriptor??
[  523.410461][  T976] ftdi_sio 10-1:0.0: FTDI USB Serial Device converter detected
[  523.420637][  T976] ftdi_sio ttyUSB0: unknown device type: 0xc698
[  523.473987][T11094] team0: Port device team_slave_0 added
[  523.534741][T11094] team0: Port device team_slave_1 added
[  523.617081][  T976] usb 10-1: USB disconnect, device number 9
[  523.624125][  T976] ftdi_sio 10-1:0.0: device disconnected
[  523.630300][ T5828] Bluetooth: hci3: command tx timeout
[  523.743676][T11094] batman_adv: batadv0: Adding interface: batadv_slave_0
[  523.767699][T11094] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  524.257942][T11094] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  524.789038][T11094] batman_adv: batadv0: Adding interface: batadv_slave_1
[  524.796097][T11094] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  524.875940][T11094] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  525.458963][T11094] hsr_slave_0: entered promiscuous mode
[  525.498669][T11094] hsr_slave_1: entered promiscuous mode
[  525.544249][T11094] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  525.552398][T11094] Cannot create hsr debugfs directory
[  525.747919][ T5828] Bluetooth: hci3: command tx timeout
[  526.487450][T11191] overlayfs: missing 'workdir'
[  527.075467][T11204] pim6reg: entered allmulticast mode
[  527.111129][T11204] pim6reg: left allmulticast mode
[  528.500265][ T5828] Bluetooth: hci3: command tx timeout
[  528.958112][  T911] usb 2-1: new high-speed USB device number 5 using dummy_hcd
[  529.210970][  T911] usb 2-1: New USB device found, idVendor=0403, idProduct=6010, bcdDevice=c6.98
[  529.221628][  T911] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  529.234665][  T911] usb 2-1: config 0 descriptor??
[  529.246028][  T911] ftdi_sio 2-1:0.0: FTDI USB Serial Device converter detected
[  529.274572][  T911] ftdi_sio ttyUSB0: unknown device type: 0xc698
[  529.812863][  T911] usb 2-1: USB disconnect, device number 5
[  529.861278][  T911] ftdi_sio 2-1:0.0: device disconnected
[  529.909664][T11244] overlay: Unknown parameter '/'
[  529.942218][T11244] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off.
[  532.053522][   T29] audit: type=1804 audit(1736312157.436:53): pid=11270 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.9.1195" name="/newroot/144/bus/file0" dev="overlay" ino=893 res=1 errno=0
[  533.464516][T11094] netdevsim netdevsim0 netdevsim0: renamed from eth0
[  533.542974][T11094] netdevsim netdevsim0 netdevsim1: renamed from eth1
[  533.812139][T11094] netdevsim netdevsim0 netdevsim2: renamed from eth2
[  533.853305][T11094] netdevsim netdevsim0 netdevsim3: renamed from eth3
[  534.541435][T11094] 8021q: adding VLAN 0 to HW filter on device bond0
[  534.565734][T11094] 8021q: adding VLAN 0 to HW filter on device team0
[  534.602827][ T5885] bridge0: port 1(bridge_slave_0) entered blocking state
[  534.610038][ T5885] bridge0: port 1(bridge_slave_0) entered forwarding state
[  534.657153][ T6559] bridge0: port 2(bridge_slave_1) entered blocking state
[  534.664341][ T6559] bridge0: port 2(bridge_slave_1) entered forwarding state
[  534.748012][T10666] usb 10-1: new high-speed USB device number 10 using dummy_hcd
[  534.931085][T10666] usb 10-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F
[  534.955120][T10666] usb 10-1: config 0 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 255, changing to 11
[  534.982613][T10666] usb 10-1: config 0 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 59391, setting to 1024
[  535.199819][T10666] usb 10-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21
[  535.213861][T10666] usb 10-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[  535.223533][T10666] usb 10-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  535.249587][T10666] usb 10-1: config 0 descriptor??
[  535.255827][T11297] raw-gadget.0 gadget.9: fail, usb_ep_enable returned -22
[  536.019475][T11094] 8021q: adding VLAN 0 to HW filter on device batadv0
[  536.345077][T10666] plantronics 0003:047F:FFFF.0001: unknown main item tag 0x0
[  536.362347][T10666] plantronics 0003:047F:FFFF.0001: unknown main item tag 0x0
[  536.371497][T11094] veth0_vlan: entered promiscuous mode
[  536.415057][T10666] plantronics 0003:047F:FFFF.0001: unknown main item tag 0x0
[  536.462548][T11094] veth1_vlan: entered promiscuous mode
[  536.464385][T10666] plantronics 0003:047F:FFFF.0001: unknown main item tag 0x0
[  536.475806][T10666] plantronics 0003:047F:FFFF.0001: unknown main item tag 0x0
[  536.483550][T10666] plantronics 0003:047F:FFFF.0001: unknown main item tag 0x0
[  536.491287][T10666] plantronics 0003:047F:FFFF.0001: unknown main item tag 0x0
[  536.498966][T10666] plantronics 0003:047F:FFFF.0001: unknown main item tag 0x0
[  536.507047][T10666] plantronics 0003:047F:FFFF.0001: unknown main item tag 0x0
[  536.514949][T10666] plantronics 0003:047F:FFFF.0001: unknown main item tag 0x0
[  536.522571][T10666] plantronics 0003:047F:FFFF.0001: unknown main item tag 0x0
[  536.530172][T10666] plantronics 0003:047F:FFFF.0001: unknown main item tag 0x0
[  536.552481][T10666] plantronics 0003:047F:FFFF.0001: unknown main item tag 0x0
[  536.560184][T10666] plantronics 0003:047F:FFFF.0001: unknown main item tag 0x0
[  536.567731][T10666] plantronics 0003:047F:FFFF.0001: unknown main item tag 0x0
[  536.582011][T10666] plantronics 0003:047F:FFFF.0001: No inputs registered, leaving
[  536.940517][T11094] veth0_macvtap: entered promiscuous mode
[  536.952121][T11094] veth1_macvtap: entered promiscuous mode
[  536.966522][T11094] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  536.977164][T11094] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  536.987030][T11094] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  536.997616][T11094] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  537.007480][T11094] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  537.018466][T11094] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  537.028469][T11094] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  537.039001][T11094] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  537.048955][T11094] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  537.059493][T11094] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  537.069772][T11094] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  537.080330][T11094] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  537.091451][T11094] batman_adv: batadv0: Interface activated: batadv_slave_0
[  537.101548][T11094] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  537.112395][T11094] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  537.122790][T11094] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  537.133829][T11094] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  537.144016][T11094] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  537.154851][T11094] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  537.164838][T11094] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  537.175379][T11094] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  537.185358][T11094] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  537.195897][T11094] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  537.206013][T11094] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  537.216617][T11094] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  537.229094][T11094] batman_adv: batadv0: Interface activated: batadv_slave_1
[  537.250524][T10666] plantronics 0003:047F:FFFF.0001: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.9-1/input0
[  537.288078][T10666] usb 10-1: USB disconnect, device number 10
[  537.325708][T11094] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  537.334625][T11094] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  537.343703][T11094] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  537.352891][T11094] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  537.522776][   T11] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  537.533594][   T11] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  537.549933][ T5885] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  537.599442][ T5885] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  538.140821][   T25] usb 9-1: new high-speed USB device number 6 using dummy_hcd
[  538.323024][T11340] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=1812281087 (231971979136 ns) > initial count (128 ns). Using initial count to start timer.
[  538.389377][   T25] usb 9-1: New USB device found, idVendor=0403, idProduct=6010, bcdDevice=c6.98
[  538.428068][   T25] usb 9-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  538.460315][   T25] usb 9-1: config 0 descriptor??
[  538.489106][  T976] usb 10-1: new high-speed USB device number 11 using dummy_hcd
[  538.518031][   T25] ftdi_sio 9-1:0.0: FTDI USB Serial Device converter detected
[  538.526315][   T25] ftdi_sio ttyUSB0: unknown device type: 0xc698
[  538.572076][T11358] new mount options do not match the existing superblock, will be ignored
[  538.667088][T11361] overlayfs: failed to resolve './file1': -2
[  538.689982][  T976] usb 10-1: device descriptor read/64, error -71
[  539.257553][    T8] usb 9-1: USB disconnect, device number 6
[  539.270729][    T8] ftdi_sio 9-1:0.0: device disconnected
[  539.312121][  T976] usb 10-1: new high-speed USB device number 12 using dummy_hcd
[  539.551567][  T976] usb 10-1: device descriptor read/64, error -71
[  540.018481][  T976] usb usb10-port1: attempt power cycle
[  540.387870][  T976] usb 10-1: new high-speed USB device number 13 using dummy_hcd
[  540.408745][  T976] usb 10-1: device descriptor read/8, error -71
[  541.148285][  T976] usb 10-1: new high-speed USB device number 14 using dummy_hcd
[  541.228145][  T976] usb 10-1: device descriptor read/8, error -71
[  541.372766][  T976] usb usb10-port1: unable to enumerate USB device
[  542.531065][T11420] program syz.1.1221 is using a deprecated SCSI ioctl, please convert it to SG_IO
[  542.540846][T11417] overlayfs: failed to resolve './file1': -2
[  542.636542][T11429] new mount options do not match the existing superblock, will be ignored
[  543.798145][  T911] usb 7-1: new high-speed USB device number 9 using dummy_hcd
[  544.168847][  T911] usb 7-1: New USB device found, idVendor=0403, idProduct=6010, bcdDevice=c6.98
[  544.178314][  T911] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  544.203059][  T911] usb 7-1: config 0 descriptor??
[  544.219646][  T911] ftdi_sio 7-1:0.0: FTDI USB Serial Device converter detected
[  544.228419][  T911] ftdi_sio ttyUSB0: unknown device type: 0xc698
[  545.024806][ T5907] usb 7-1: USB disconnect, device number 9
[  545.031733][ T5907] ftdi_sio 7-1:0.0: device disconnected
[  548.005384][T11493] overlayfs: failed to resolve './file1': -2
[  549.776213][T11506] new mount options do not match the existing superblock, will be ignored
[  550.179094][T11519] bridge0: port 1(bridge_slave_0) entered disabled state
[  550.209584][T11519] bridge0: port 2(bridge_slave_1) entered disabled state
[  555.480146][T11585] bridge0: port 1(bridge_slave_0) entered disabled state
[  555.490509][T11585] bridge0: port 2(bridge_slave_1) entered disabled state
[  557.293814][T11604] fuse: Bad value for 'group_id'
[  557.298974][T11604] fuse: Bad value for 'group_id'
[  558.205996][   T25] IPVS: starting estimator thread 0...
[  558.395192][T11617] new mount options do not match the existing superblock, will be ignored
[  558.519160][T11608] IPVS: using max 20 ests per chain, 48000 per kthread
[  560.103069][T11628] overlayfs: failed to resolve './file0': -2
[  562.540219][T11651] bridge0: port 1(bridge_slave_0) entered disabled state
[  562.565919][T11651] bridge0: port 2(bridge_slave_1) entered disabled state
[  563.658483][ T1298] ieee802154 phy0 wpan0: encryption failed: -22
[  565.181676][T11674] fuse: Bad value for 'group_id'
[  565.186717][T11674] fuse: Bad value for 'group_id'
[  565.214315][T10666] IPVS: starting estimator thread 0...
[  565.308492][T11675] IPVS: using max 19 ests per chain, 45600 per kthread
[  567.250961][T11692] overlayfs: failed to resolve './file0': -2
[  569.523443][T11718] new mount options do not match the existing superblock, will be ignored
[  574.790925][T11754] program syz.8.1294 is using a deprecated SCSI ioctl, please convert it to SG_IO
[  576.656131][T11766] overlayfs: failed to resolve './file0': -2
[  576.896971][T11772] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1300'.
[  581.308635][T11803] new mount options do not match the existing superblock, will be ignored
[  588.324124][T11869] overlayfs: failed to resolve './file0': -2
[  588.566968][T11877] new mount options do not match the existing superblock, will be ignored
[  592.115036][ T5834] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1
[  592.137999][ T5834] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9
[  592.157296][ T5834] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9
[  592.170487][ T5834] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4
[  592.179203][ T5834] Bluetooth: hci5: unexpected cc 0x0c25 length: 249 > 3
[  592.188308][ T5834] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2
[  592.558838][T11927] netlink: 72 bytes leftover after parsing attributes in process `syz.6.1329'.
[  593.376198][T11931] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1328'.
[  594.458594][ T5828] Bluetooth: hci5: command tx timeout
[  596.868765][T11972] new mount options do not match the existing superblock, will be ignored
[  597.232830][ T5828] Bluetooth: hci5: command tx timeout
[  597.491384][   T11] netdevsim netdevsim8 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  597.639030][T11942] Cannot find add_set index 0 as target
[  597.754067][   T11] netdevsim netdevsim8 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  597.796843][T11913] chnl_net:caif_netlink_parms(): no params data found
[  598.110356][   T11] netdevsim netdevsim8 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  598.983871][T11997] overlayfs: failed to resolve './file1': -2
[  599.580183][ T5828] Bluetooth: hci5: command tx timeout
[  600.748827][   T11] netdevsim netdevsim8 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  601.917424][ T5828] Bluetooth: hci5: command tx timeout
[  602.361031][T11913] bridge0: port 1(bridge_slave_0) entered blocking state
[  602.386846][T11913] bridge0: port 1(bridge_slave_0) entered disabled state
[  602.394925][T11913] bridge_slave_0: entered allmulticast mode
[  602.409016][T11913] bridge_slave_0: entered promiscuous mode
[  602.525861][T11913] bridge0: port 2(bridge_slave_1) entered blocking state
[  602.596866][T11913] bridge0: port 2(bridge_slave_1) entered disabled state
[  602.615673][T11913] bridge_slave_1: entered allmulticast mode
[  602.626760][T11913] bridge_slave_1: entered promiscuous mode
[  603.506411][T12028] new mount options do not match the existing superblock, will be ignored
[  604.603415][T11913] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  604.673182][   T11] bridge_slave_1: left allmulticast mode
[  604.693301][   T11] bridge_slave_1: left promiscuous mode
[  604.724827][   T11] bridge0: port 2(bridge_slave_1) entered disabled state
[  605.256120][   T11] bridge_slave_0: left allmulticast mode
[  605.704992][   T11] bridge_slave_0: left promiscuous mode
[  605.723247][   T11] bridge0: port 1(bridge_slave_0) entered disabled state
[  607.409553][   T11] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  607.434965][   T11] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  607.456772][   T11] bond0 (unregistering): (slave wlan1): Releasing backup interface
[  607.480006][   T11] bond0 (unregistering): Released all slaves
[  607.494834][T11913] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  608.733233][T12071] netlink: 72 bytes leftover after parsing attributes in process `syz.0.1361'.
[  609.930957][T11913] team0: Port device team_slave_0 added
[  610.251039][T12085] new mount options do not match the existing superblock, will be ignored
[  610.955883][T11913] team0: Port device team_slave_1 added
[  611.872436][T11913] batman_adv: batadv0: Adding interface: batadv_slave_0
[  611.891806][T11913] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  611.960637][T11913] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  612.446620][T11913] batman_adv: batadv0: Adding interface: batadv_slave_1
[  612.457621][T11913] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  612.550921][T11913] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  613.197260][T12104] random: crng reseeded on system resumption
[  613.289850][   T11] hsr_slave_0: left promiscuous mode
[  613.335763][   T11] hsr_slave_1: left promiscuous mode
[  613.641722][   T11] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  613.654206][   T11] batman_adv: batadv0: Removing interface: batadv_slave_0
[  613.689937][   T11] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  613.771512][   T11] batman_adv: batadv0: Removing interface: batadv_slave_1
[  613.879257][   T11] veth1_macvtap: left promiscuous mode
[  613.885073][   T11] veth0_macvtap: left promiscuous mode
[  613.897122][   T11] veth1_vlan: left promiscuous mode
[  613.904947][   T11] veth0_vlan: left promiscuous mode
[  614.437464][   T11] team0 (unregistering): Port device team_slave_1 removed
[  614.482257][   T11] team0 (unregistering): Port device team_slave_0 removed
[  616.950824][T12127] netlink: 1608 bytes leftover after parsing attributes in process `syz.1.1376'.
[  617.406183][T12127] tty tty22: ldisc open failed (-12), clearing slot 21
[  617.576602][T11913] hsr_slave_0: entered promiscuous mode
[  617.634196][T11913] hsr_slave_1: entered promiscuous mode
[  617.740345][T11913] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  617.780969][T11913] Cannot create hsr debugfs directory
[  617.818859][T12126] netlink: 20 bytes leftover after parsing attributes in process `syz.1.1376'.
[  618.285571][T12139] netlink: 72 bytes leftover after parsing attributes in process `syz.1.1378'.
[  619.274416][T12149] overlayfs: option "workdir=./bus" is useless in a non-upper mount, ignore
[  619.286496][   T11] IPVS: stop unused estimator thread 0...
[  619.319382][T12149] overlayfs: at least 2 lowerdir are needed while upperdir nonexistent
[  619.683809][T12155] new mount options do not match the existing superblock, will be ignored
[  621.154289][   T29] audit: type=1800 audit(1736312246.526:54): pid=12165 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.9.1385" name="SYSV00000000" dev="hugetlbfs" ino=0 res=0 errno=0
[  621.359283][T12169] syz.1.1387: attempt to access beyond end of device
[  621.359283][T12169] nbd1: rw=0, sector=16, nr_sectors = 1 limit=0
[  621.372146][T12169] qnx6: unable to read the first superblock
[  621.378238][T12169] syz.1.1387: attempt to access beyond end of device
[  621.378238][T12169] nbd1: rw=0, sector=0, nr_sectors = 1 limit=0
[  621.391458][T12169] qnx6: unable to read the first superblock
[  621.397363][T12169] qnx6: unable to read the first superblock
[  624.129572][T12191] overlayfs: option "workdir=./bus" is useless in a non-upper mount, ignore
[  624.138588][T12191] overlayfs: at least 2 lowerdir are needed while upperdir nonexistent
[  625.348762][ T1298] ieee802154 phy0 wpan0: encryption failed: -22
[  626.398230][T12203] syz.0.1399: attempt to access beyond end of device
[  626.398230][T12203] nbd0: rw=0, sector=16, nr_sectors = 1 limit=0
[  626.411633][T12203] qnx6: unable to read the first superblock
[  626.417685][T12203] syz.0.1399: attempt to access beyond end of device
[  626.417685][T12203] nbd0: rw=0, sector=0, nr_sectors = 1 limit=0
[  626.430915][T12203] qnx6: unable to read the first superblock
[  626.436814][T12203] qnx6: unable to read the first superblock
[  627.638061][T10102] usb 2-1: new high-speed USB device number 6 using dummy_hcd
[  627.824645][T10102] usb 2-1: config 1 has too many interfaces: 66, using maximum allowed: 32
[  628.130349][T10102] usb 2-1: config 1 has an invalid descriptor of length 52, skipping remainder of the config
[  628.143709][T10102] usb 2-1: config 1 has 1 interface, different from the descriptor's value: 66
[  628.153214][T10102] usb 2-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 52, changing to 7
[  628.164532][T10102] usb 2-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 9272, setting to 1024
[  628.444294][T10102] usb 2-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40
[  628.454182][T10102] usb 2-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0
[  628.487873][T10102] usb 2-1: Product: syz
[  628.492104][T10102] usb 2-1: Manufacturer: syz
[  628.725241][T10102] cdc_wdm 2-1:1.0: skipping garbage
[  629.223278][T10102] cdc_wdm 2-1:1.0: skipping garbage
[  629.308897][T10102] cdc_wdm 2-1:1.0: probe with driver cdc_wdm failed with error -22
[  629.346082][T10102] usb 2-1: USB disconnect, device number 6
[  629.568583][T12229] new mount options do not match the existing superblock, will be ignored
[  630.076103][T11913] netdevsim netdevsim3 netdevsim0: renamed from eth0
[  630.104962][T11913] netdevsim netdevsim3 netdevsim1: renamed from eth1
[  630.172116][T11913] netdevsim netdevsim3 netdevsim2: renamed from eth2
[  630.203545][T12233] overlayfs: option "workdir=./bus" is useless in a non-upper mount, ignore
[  630.222226][T11913] netdevsim netdevsim3 netdevsim3: renamed from eth3
[  630.229339][T12233] overlayfs: at least 2 lowerdir are needed while upperdir nonexistent
[  631.234499][T11913] 8021q: adding VLAN 0 to HW filter on device bond0
[  631.270677][T11913] 8021q: adding VLAN 0 to HW filter on device team0
[  631.980744][T12246] overlayfs: missing 'lowerdir'
[  632.387440][T11913] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network
[  632.398137][T11913] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[  632.668274][ T6559] bridge0: port 1(bridge_slave_0) entered blocking state
[  632.675407][ T6559] bridge0: port 1(bridge_slave_0) entered forwarding state
[  632.806835][ T6559] bridge0: port 2(bridge_slave_1) entered blocking state
[  632.813960][ T6559] bridge0: port 2(bridge_slave_1) entered forwarding state
[  635.250407][T11913] 8021q: adding VLAN 0 to HW filter on device batadv0
[  635.356307][T11913] veth0_vlan: entered promiscuous mode
[  635.366514][T12271] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1415'.
[  635.381149][T11913] veth1_vlan: entered promiscuous mode
[  635.482532][T11913] veth0_macvtap: entered promiscuous mode
[  635.519876][T11913] veth1_macvtap: entered promiscuous mode
[  635.547153][T11913] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  635.618328][T11913] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  635.712969][T12277] random: crng reseeded on system resumption
[  635.733945][T11913] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  635.791701][T11913] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  635.858040][T11913] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  635.967542][T11913] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  636.026853][T11913] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  636.143806][T11913] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  636.185812][T11913] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  636.289718][T11913] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  636.320010][T11913] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  636.375589][T11913] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  636.478925][T11913] batman_adv: batadv0: Interface activated: batadv_slave_0
[  636.547282][T11913] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  636.613572][T11913] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  636.648984][T11913] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  636.667406][T11913] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  636.680774][T11913] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  636.703876][T11913] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  636.720247][T11913] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  636.731864][T11913] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  636.742620][T11913] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  636.764124][T11913] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  636.777928][T11913] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  636.799976][T11913] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  636.811952][T11913] batman_adv: batadv0: Interface activated: batadv_slave_1
[  636.832357][T11913] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  636.853690][T11913] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  636.875784][T11913] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  636.904397][T11913] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  638.209919][   T29] audit: type=1800 audit(1736312263.596:55): pid=12301 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=set_data cause=unavailable-hash-algorithm comm="syz.9.1419" name="/newroot/196/cpuset.effective_cpus" dev="tmpfs" ino=1185 res=0 errno=0
[  638.310300][   T52] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  638.337826][   T52] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  639.227544][  T150] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  639.261888][  T150] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  639.641246][T12331] overlayfs: missing 'lowerdir'
[  642.352694][T12332] Bluetooth: hci3: command 0x0406 tx timeout
[  646.416046][T12398] syz.0.1439: attempt to access beyond end of device
[  646.416046][T12398] nbd0: rw=0, sector=16, nr_sectors = 1 limit=0
[  646.430742][T12398] qnx6: unable to read the first superblock
[  646.437212][T12398] syz.0.1439: attempt to access beyond end of device
[  646.437212][T12398] nbd0: rw=0, sector=0, nr_sectors = 1 limit=0
[  646.450818][T12398] qnx6: unable to read the first superblock
[  646.456801][T12398] qnx6: unable to read the first superblock
[  646.783750][T12402] overlayfs: missing 'workdir'
[  649.655228][T12435] bridge0: port 1(bridge_slave_0) entered disabled state
[  649.664102][T12435] bridge0: port 2(bridge_slave_1) entered disabled state
[  650.652861][T12448] overlayfs: missing 'lowerdir'
[  653.013005][T12457] overlayfs: failed to decode file handle (len=6, type=248, flags=0, err=-22)
[  653.274230][T12467] syz.9.1454: attempt to access beyond end of device
[  653.274230][T12467] nbd9: rw=0, sector=16, nr_sectors = 1 limit=0
[  653.287609][T12467] qnx6: unable to read the first superblock
[  653.309367][T12467] syz.9.1454: attempt to access beyond end of device
[  653.309367][T12467] nbd9: rw=0, sector=0, nr_sectors = 1 limit=0
[  653.324055][T12467] qnx6: unable to read the first superblock
[  653.330459][T12467] qnx6: unable to read the first superblock
[  653.519474][   T30] INFO: task kworker/u8:12:8666 blocked for more than 145 seconds.
[  653.576274][   T30]       Not tainted 6.13.0-rc6-next-20250107-syzkaller #0
[  653.620952][   T30] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
[  653.697938][T12478] bridge0: port 1(bridge_slave_0) entered disabled state
[  653.755289][T12478] bridge0: port 2(bridge_slave_1) entered disabled state
[  653.996292][   T30] task:kworker/u8:12   state:D stack:21560 pid:8666  tgid:8666  ppid:2      flags:0x00004000
[  654.097818][   T30] Workqueue: writeback wb_workfn (flush-9p-2)
[  654.127817][   T30] Call Trace:
[  654.131149][   T30]  <TASK>
[  654.134096][   T30]  __schedule+0x18f6/0x4cd0
[  654.151430][   T30]  ? __pfx___schedule+0x10/0x10
[  654.156362][   T30]  ? __blk_flush_plug+0x449/0x500
[  654.170430][   T30]  ? __pfx_lock_release+0x10/0x10
[  654.185711][   T30]  ? kthread_data+0x52/0xd0
[  654.190404][   T30]  ? schedule+0x90/0x320
[  654.194773][   T30]  ? wq_worker_sleeping+0x66/0x240
[  654.210131][   T30]  ? schedule+0x90/0x320
[  654.214442][   T30]  schedule+0x14b/0x320
[  654.227922][   T30]  schedule_preempt_disabled+0x13/0x30
[  654.237786][   T30]  __mutex_lock+0x817/0x1010
[  654.242431][   T30]  ? __mutex_lock+0x602/0x1010
[  654.267820][   T30]  ? netfs_writepages+0x12b/0x9e0
[  654.272916][   T30]  ? __pfx___mutex_lock+0x10/0x10
[  654.288343][   T30]  netfs_writepages+0x12b/0x9e0
[  654.293262][   T30]  ? __pfx_netfs_writepages+0x10/0x10
[  654.317852][   T30]  ? __pfx_netfs_writepages+0x10/0x10
[  654.323349][   T30]  do_writepages+0x35f/0x880
[  654.328216][   T30]  ? __pfx_do_writepages+0x10/0x10
[  654.333380][   T30]  ? __pfx_lock_acquire+0x10/0x10
[  654.338564][   T30]  ? writeback_sb_inodes+0x595/0x1360
[  654.343970][   T30]  ? __pfx_lock_release+0x10/0x10
[  654.349142][   T30]  ? do_raw_spin_lock+0x14f/0x370
[  654.354193][   T30]  __writeback_single_inode+0x14f/0x10d0
[  654.359927][   T30]  ? wbc_attach_and_unlock_inode+0x561/0x580
[  654.366507][   T30]  writeback_sb_inodes+0x820/0x1360
[  654.377832][   T30]  ? __pfx_lock_acquire+0x10/0x10
[  654.382921][   T30]  ? __pfx_lock_release+0x10/0x10
[  654.388190][   T30]  ? __pfx_writeback_sb_inodes+0x10/0x10
[  654.393936][   T30]  ? rcu_is_watching+0x15/0xb0
[  654.398799][   T30]  ? queue_io+0x3d9/0x5a0
[  654.403165][   T30]  wb_writeback+0x413/0xb80
[  654.407850][   T30]  ? queue_io+0x381/0x5a0
[  654.412295][   T30]  ? __pfx_wb_writeback+0x10/0x10
[  654.417350][   T30]  wb_workfn+0x410/0x1080
[  654.422602][   T30]  ? __pfx_wb_workfn+0x10/0x10
[  654.427412][   T30]  ? __pfx_lock_acquire+0x10/0x10
[  654.432542][   T30]  ? lockdep_hardirqs_on_prepare+0x43d/0x780
[  654.438732][   T30]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[  654.445116][   T30]  ? process_scheduled_works+0x976/0x1840
[  654.451056][   T30]  process_scheduled_works+0xa66/0x1840
[  654.456779][   T30]  ? __pfx_process_scheduled_works+0x10/0x10
[  654.462890][   T30]  ? assign_work+0x364/0x3d0
[  654.468086][   T30]  worker_thread+0x870/0xd30
[  654.472737][   T30]  ? _raw_spin_unlock_irqrestore+0xdd/0x140
[  654.479186][   T30]  ? __kthread_parkme+0x169/0x1d0
[  654.484345][   T30]  ? __pfx_worker_thread+0x10/0x10
[  654.489606][   T30]  kthread+0x7a9/0x920
[  654.493716][   T30]  ? __pfx_kthread+0x10/0x10
[  654.498433][   T30]  ? __pfx_worker_thread+0x10/0x10
[  654.503578][   T30]  ? __pfx_kthread+0x10/0x10
[  654.508653][   T30]  ? __pfx_kthread+0x10/0x10
[  654.513345][   T30]  ? __pfx_kthread+0x10/0x10
[  654.518116][   T30]  ? _raw_spin_unlock_irq+0x23/0x50
[  654.523409][   T30]  ? lockdep_hardirqs_on+0x99/0x150
[  654.528796][   T30]  ? __pfx_kthread+0x10/0x10
[  654.533444][   T30]  ret_from_fork+0x4b/0x80
[  654.537999][   T30]  ? __pfx_kthread+0x10/0x10
[  654.542627][   T30]  ret_from_fork_asm+0x1a/0x30
[  654.547437][   T30]  </TASK>
[  654.550629][   T30] INFO: task syz.7.1115:10858 blocked for more than 147 seconds.
[  654.560942][   T30]       Not tainted 6.13.0-rc6-next-20250107-syzkaller #0
[  654.568516][   T30] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
[  654.577208][   T30] task:syz.7.1115      state:D stack:27480 pid:10858 tgid:10857 ppid:7396   flags:0x00004004
[  654.588141][   T30] Call Trace:
[  654.591513][   T30]  <TASK>
[  654.594477][   T30]  __schedule+0x18f6/0x4cd0
[  654.599183][   T30]  ? __pfx___schedule+0x10/0x10
[  654.604124][   T30]  ? __pfx_lock_release+0x10/0x10
[  654.609257][   T30]  ? _raw_spin_unlock_irqrestore+0xdd/0x140
[  654.615193][   T30]  ? schedule+0x90/0x320
[  654.619614][   T30]  schedule+0x14b/0x320
[  654.623812][   T30]  wb_wait_for_completion+0x166/0x290
[  654.629869][   T30]  ? __pfx_wb_wait_for_completion+0x10/0x10
[  654.635990][   T30]  ? __pfx_autoremove_wake_function+0x10/0x10
[  654.642173][   T30]  ? __pfx_down_read+0x10/0x10
[  654.646974][   T30]  sync_inodes_sb+0x28e/0xbd0
[  654.651924][   T30]  ? __pfx_sync_inodes_sb+0x10/0x10
[  654.657199][   T30]  ? super_lock+0x2d6/0x400
[  654.661869][   T30]  ? __pfx_lock_release+0x10/0x10
[  654.666950][   T30]  ? __pfx_super_lock+0x10/0x10
[  654.674131][   T30]  ? do_raw_spin_unlock+0x13c/0x8b0
[  654.679669][   T30]  iterate_supers+0xc6/0x190
[  654.684294][   T30]  ? __pfx_sync_inodes_one_sb+0x10/0x10
[  654.690067][   T30]  ksys_sync+0xbd/0x1c0
[  654.694265][   T30]  ? __pfx_ksys_sync+0x10/0x10
[  654.699152][   T30]  ? do_syscall_64+0x100/0x230
[  654.703947][   T30]  ? do_syscall_64+0xb6/0x230
[  654.708682][   T30]  __do_sys_sync+0xe/0x20
[  654.713030][   T30]  do_syscall_64+0xf3/0x230
[  654.717563][   T30]  ? clear_bhb_loop+0x35/0x90
[  654.722353][   T30]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  654.728391][   T30] RIP: 0033:0x7f26ef785d29
[  654.732834][   T30] RSP: 002b:00007f26f0559038 EFLAGS: 00000246 ORIG_RAX: 00000000000000a2
[  654.741335][   T30] RAX: ffffffffffffffda RBX: 00007f26ef975fa0 RCX: 00007f26ef785d29
[  654.749395][   T30] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[  654.757391][   T30] RBP: 00007f26ef975fa0 R08: 0000000000000000 R09: 0000000000000000
[  654.766152][   T30] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  654.774565][   T30] R13: 0000000000000000 R14: 00007f26ef975fa0 R15: 00007ffdef87f8a8
[  654.782906][   T30]  </TASK>
[  654.785987][   T30] INFO: task syz.7.1115:10859 blocked for more than 147 seconds.
[  654.794389][   T30]       Not tainted 6.13.0-rc6-next-20250107-syzkaller #0
[  654.801593][   T30] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
[  654.810333][   T30] task:syz.7.1115      state:D stack:27280 pid:10859 tgid:10857 ppid:7396   flags:0x00004004
[  654.820620][   T30] Call Trace:
[  654.823914][   T30]  <TASK>
[  654.826852][   T30]  __schedule+0x18f6/0x4cd0
[  654.831449][   T30]  ? __pfx___schedule+0x10/0x10
[  654.836435][   T30]  ? __pfx_lock_release+0x10/0x10
[  654.841655][   T30]  ? lockdep_hardirqs_on_prepare+0x43d/0x780
[  654.847725][   T30]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[  654.854070][   T30]  ? _raw_spin_lock_irq+0xdf/0x120
[  654.859867][   T30]  ? schedule+0x90/0x320
[  654.864138][   T30]  schedule+0x14b/0x320
[  654.868413][   T30]  schedule_preempt_disabled+0x13/0x30
[  654.873907][   T30]  rwsem_down_write_slowpath+0xeee/0x13b0
[  654.880433][   T30]  ? rwsem_down_write_slowpath+0xa09/0x13b0
[  654.886395][   T30]  ? __pfx_rwsem_down_write_slowpath+0x10/0x10
[  654.892665][   T30]  ? __pfx_lock_acquire+0x10/0x10
[  654.897911][   T30]  ? down_read+0x82b/0xa40
[  654.902380][   T30]  down_write+0x1d7/0x220
[  654.906783][   T30]  ? __pfx_down_write+0x10/0x10
[  654.911796][   T30]  ? __pfx_down_read+0x10/0x10
[  654.916611][   T30]  sync_inodes_sb+0x26f/0xbd0
[  654.924162][   T30]  ? __pfx_sync_inodes_sb+0x10/0x10
[  654.929484][   T30]  ? super_lock+0x2d6/0x400
[  654.934030][   T30]  ? __pfx_lock_release+0x10/0x10
[  654.939154][   T30]  ? __pfx_super_lock+0x10/0x10
[  654.944055][   T30]  ? do_raw_spin_unlock+0x13c/0x8b0
[  654.949432][   T30]  iterate_supers+0xc6/0x190
[  654.954064][   T30]  ? __pfx_sync_inodes_one_sb+0x10/0x10
[  654.960019][   T30]  ksys_sync+0xbd/0x1c0
[  654.964212][   T30]  ? __pfx_ksys_sync+0x10/0x10
[  654.969100][   T30]  ? do_syscall_64+0xb6/0x230
[  654.973807][   T30]  __do_sys_sync+0xe/0x20
[  654.978593][   T30]  do_syscall_64+0xf3/0x230
[  654.983126][   T30]  ? clear_bhb_loop+0x35/0x90
[  654.988054][   T30]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  654.994063][   T30] RIP: 0033:0x7f26ef785d29
[  654.998544][   T30] RSP: 002b:00007f26f0538038 EFLAGS: 00000246 ORIG_RAX: 00000000000000a2
[  655.006983][   T30] RAX: ffffffffffffffda RBX: 00007f26ef976080 RCX: 00007f26ef785d29
[  655.015255][   T30] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[  655.023335][   T30] RBP: 00007f26ef976080 R08: 0000000000000000 R09: 0000000000000000
[  655.031411][   T30] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  655.039493][   T30] R13: 0000000000000001 R14: 00007f26ef976080 R15: 00007ffdef87f8a8
[  655.047509][   T30]  </TASK>
[  655.050675][   T30] INFO: task syz.7.1115:10864 blocked for more than 147 seconds.
[  655.058779][   T30]       Not tainted 6.13.0-rc6-next-20250107-syzkaller #0
[  655.065901][   T30] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
[  655.074841][   T30] task:syz.7.1115      state:D stack:27488 pid:10864 tgid:10857 ppid:7396   flags:0x00004004
[  655.085243][   T30] Call Trace:
[  655.089184][   T30]  <TASK>
[  655.092228][   T30]  __schedule+0x18f6/0x4cd0
[  655.096755][   T30]  ? __pfx___schedule+0x10/0x10
[  655.103727][   T30]  ? __pfx_lock_release+0x10/0x10
[  655.108887][   T30]  ? lockdep_hardirqs_on_prepare+0x43d/0x780
[  655.114901][   T30]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[  655.121377][   T30]  ? _raw_spin_lock_irq+0xdf/0x120
[  655.126524][   T30]  ? schedule+0x90/0x320
[  655.130848][   T30]  schedule+0x14b/0x320
[  655.135039][   T30]  schedule_preempt_disabled+0x13/0x30
[  655.147948][   T30]  rwsem_down_write_slowpath+0xeee/0x13b0
[  655.153721][   T30]  ? rwsem_down_write_slowpath+0xa09/0x13b0
[  655.159921][   T30]  ? __pfx_rwsem_down_write_slowpath+0x10/0x10
[  655.166115][   T30]  ? __pfx_lock_acquire+0x10/0x10
[  655.171702][   T30]  ? down_read+0x82b/0xa40
[  655.176165][   T30]  down_write+0x1d7/0x220
[  655.180647][   T30]  ? __pfx_down_write+0x10/0x10
[  655.186098][   T30]  ? __pfx_down_read+0x10/0x10
[  655.190977][   T30]  sync_inodes_sb+0x26f/0xbd0
[  655.195699][   T30]  ? __pfx_sync_inodes_sb+0x10/0x10
[  655.200984][   T30]  ? super_lock+0x2d6/0x400
[  655.205512][   T30]  ? __pfx_lock_release+0x10/0x10
[  655.210657][   T30]  ? __pfx_super_lock+0x10/0x10
[  655.215547][   T30]  ? do_raw_spin_unlock+0x13c/0x8b0
[  655.220838][   T30]  iterate_supers+0xc6/0x190
[  655.225454][   T30]  ? __pfx_sync_inodes_one_sb+0x10/0x10
[  655.231407][   T30]  ksys_sync+0xbd/0x1c0
[  655.235596][   T30]  ? __pfx_ksys_sync+0x10/0x10
[  655.240449][   T30]  ? do_syscall_64+0xb6/0x230
[  655.245152][   T30]  __do_sys_sync+0xe/0x20
[  655.249593][   T30]  do_syscall_64+0xf3/0x230
[  655.254121][   T30]  ? clear_bhb_loop+0x35/0x90
[  655.258889][   T30]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  655.264804][   T30] RIP: 0033:0x7f26ef785d29
[  655.269530][   T30] RSP: 002b:00007f26f0517038 EFLAGS: 00000246 ORIG_RAX: 00000000000000a2
[  655.278005][   T30] RAX: ffffffffffffffda RBX: 00007f26ef976160 RCX: 00007f26ef785d29
[  655.286534][   T30] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[  655.294593][   T30] RBP: 00007f26ef976160 R08: 0000000000000000 R09: 0000000000000000
[  655.302723][   T30] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  655.310884][   T30] R13: 0000000000000001 R14: 00007f26ef976160 R15: 00007ffdef87f8a8
[  655.319002][   T30]  </TASK>
[  655.322075][   T30] INFO: task syz.7.1115:10867 blocked for more than 147 seconds.
[  655.329967][   T30]       Not tainted 6.13.0-rc6-next-20250107-syzkaller #0
[  655.337093][   T30] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
[  655.345852][   T30] task:syz.7.1115      state:D stack:27488 pid:10867 tgid:10857 ppid:7396   flags:0x00004004
[  655.356118][   T30] Call Trace:
[  655.359512][   T30]  <TASK>
[  655.362466][   T30]  __schedule+0x18f6/0x4cd0
[  655.367022][   T30]  ? __pfx___schedule+0x10/0x10
[  655.371990][   T30]  ? __pfx_lock_release+0x10/0x10
[  655.377056][   T30]  ? lockdep_hardirqs_on_prepare+0x43d/0x780
[  655.383147][   T30]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[  655.390179][   T30]  ? _raw_spin_lock_irq+0xdf/0x120
[  655.395702][   T30]  ? schedule+0x90/0x320
[  655.400036][   T30]  schedule+0x14b/0x320
[  655.404226][   T30]  schedule_preempt_disabled+0x13/0x30
[  655.409848][   T30]  rwsem_down_write_slowpath+0xeee/0x13b0
[  655.415600][   T30]  ? rwsem_down_write_slowpath+0xa09/0x13b0
[  655.421847][   T30]  ? __pfx_rwsem_down_write_slowpath+0x10/0x10
[  655.428139][   T30]  ? __pfx_lock_acquire+0x10/0x10
[  655.433274][   T30]  ? down_read+0x82b/0xa40
[  655.437798][   T30]  down_write+0x1d7/0x220
[  655.442155][   T30]  ? __pfx_down_write+0x10/0x10
[  655.447033][   T30]  ? __pfx_down_read+0x10/0x10
[  655.451907][   T30]  sync_inodes_sb+0x26f/0xbd0
[  655.456615][   T30]  ? __pfx_sync_inodes_sb+0x10/0x10
[  655.465021][   T30]  ? super_lock+0x2d6/0x400
[  655.477796][   T30]  ? __pfx_lock_release+0x10/0x10
[  655.482869][   T30]  ? __pfx_super_lock+0x10/0x10
[  655.496762][   T30]  ? do_raw_spin_unlock+0x13c/0x8b0
[  655.502080][   T30]  iterate_supers+0xc6/0x190
[  655.506695][   T30]  ? __pfx_sync_inodes_one_sb+0x10/0x10
[  655.512342][   T30]  ksys_sync+0xbd/0x1c0
[  655.516535][   T30]  ? __pfx_ksys_sync+0x10/0x10
[  655.521457][   T30]  ? do_syscall_64+0xb6/0x230
[  655.526163][   T30]  __do_sys_sync+0xe/0x20
[  655.530575][   T30]  do_syscall_64+0xf3/0x230
[  655.535102][   T30]  ? clear_bhb_loop+0x35/0x90
[  655.539929][   T30]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  655.545836][   T30] RIP: 0033:0x7f26ef785d29
[  655.550333][   T30] RSP: 002b:00007f26f04f6038 EFLAGS: 00000246 ORIG_RAX: 00000000000000a2
[  655.559267][   T30] RAX: ffffffffffffffda RBX: 00007f26ef976240 RCX: 00007f26ef785d29
[  655.567270][   T30] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[  655.575450][   T30] RBP: 00007f26ef976240 R08: 0000000000000000 R09: 0000000000000000
[  655.583620][   T30] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  655.592027][   T30] R13: 0000000000000001 R14: 00007f26ef976240 R15: 00007ffdef87f8a8
[  655.600286][   T30]  </TASK>
[  655.603458][   T30] INFO: task syz.7.1115:10878 blocked for more than 148 seconds.
[  655.611330][   T30]       Not tainted 6.13.0-rc6-next-20250107-syzkaller #0
[  655.618509][   T30] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
[  655.627187][   T30] task:syz.7.1115      state:D stack:27488 pid:10878 tgid:10857 ppid:7396   flags:0x00000004
[  655.637793][   T30] Call Trace:
[  655.641106][   T30]  <TASK>
[  655.644063][   T30]  __schedule+0x18f6/0x4cd0
[  655.648668][   T30]  ? __pfx___schedule+0x10/0x10
[  655.653559][   T30]  ? __pfx_lock_release+0x10/0x10
[  655.658674][   T30]  ? lockdep_hardirqs_on_prepare+0x43d/0x780
[  655.664684][   T30]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[  655.671075][   T30]  ? _raw_spin_lock_irq+0xdf/0x120
[  655.676225][   T30]  ? schedule+0x90/0x320
[  655.680547][   T30]  schedule+0x14b/0x320
[  655.684734][   T30]  schedule_preempt_disabled+0x13/0x30
[  655.691274][   T30]  rwsem_down_write_slowpath+0xeee/0x13b0
[  655.697590][   T30]  ? rwsem_down_write_slowpath+0xa09/0x13b0
[  655.703642][   T30]  ? __pfx_rwsem_down_write_slowpath+0x10/0x10
[  655.709875][   T30]  ? __pfx_lock_acquire+0x10/0x10
[  655.714939][   T30]  ? down_read+0x82b/0xa40
[  655.719451][   T30]  down_write+0x1d7/0x220
[  655.723804][   T30]  ? __pfx_down_write+0x10/0x10
[  655.728762][   T30]  ? __pfx_down_read+0x10/0x10
[  655.733559][   T30]  sync_inodes_sb+0x26f/0xbd0
[  655.738334][   T30]  ? __pfx_sync_inodes_sb+0x10/0x10
[  655.743552][   T30]  ? super_lock+0x2d6/0x400
[  655.748110][   T30]  ? __pfx_lock_release+0x10/0x10
[  655.753164][   T30]  ? __pfx_super_lock+0x10/0x10
[  655.758133][   T30]  ? do_raw_spin_unlock+0x13c/0x8b0
[  655.763365][   T30]  iterate_supers+0xc6/0x190
[  655.768049][   T30]  ? __pfx_sync_inodes_one_sb+0x10/0x10
[  655.773622][   T30]  ksys_sync+0xbd/0x1c0
[  655.777857][   T30]  ? __pfx_ksys_sync+0x10/0x10
[  655.782650][   T30]  ? do_syscall_64+0xb6/0x230
[  655.787359][   T30]  __do_sys_sync+0xe/0x20
[  655.791746][   T30]  do_syscall_64+0xf3/0x230
[  655.796786][   T30]  ? clear_bhb_loop+0x35/0x90
[  655.801634][   T30]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  655.807555][   T30] RIP: 0033:0x7f26ef785d29
[  655.812026][   T30] RSP: 002b:00007f26f04d5038 EFLAGS: 00000246 ORIG_RAX: 00000000000000a2
[  655.820546][   T30] RAX: ffffffffffffffda RBX: 00007f26ef976320 RCX: 00007f26ef785d29
[  655.828577][   T30] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[  655.836568][   T30] RBP: 00007f26ef976320 R08: 0000000000000000 R09: 0000000000000000
[  655.845607][   T30] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  655.853671][   T30] R13: 0000000000000001 R14: 00007f26ef976320 R15: 00007ffdef87f8a8
[  655.861743][   T30]  </TASK>
[  655.864789][   T30] INFO: task syz.7.1115:10882 blocked for more than 148 seconds.
[  655.872764][   T30]       Not tainted 6.13.0-rc6-next-20250107-syzkaller #0
[  655.879948][   T30] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
[  655.888663][   T30] task:syz.7.1115      state:D stack:27488 pid:10882 tgid:10857 ppid:7396   flags:0x00004004
[  655.899271][   T30] Call Trace:
[  655.902584][   T30]  <TASK>
[  655.905539][   T30]  __schedule+0x18f6/0x4cd0
[  655.910457][   T30]  ? __pfx___schedule+0x10/0x10
[  655.915390][   T30]  ? __pfx_lock_release+0x10/0x10
[  655.920504][   T30]  ? lockdep_hardirqs_on_prepare+0x43d/0x780
[  655.926516][   T30]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[  655.932906][   T30]  ? _raw_spin_lock_irq+0xdf/0x120
[  655.938133][   T30]  ? schedule+0x90/0x320
[  655.942404][   T30]  schedule+0x14b/0x320
[  655.946673][   T30]  schedule_preempt_disabled+0x13/0x30
[  655.953117][   T30]  rwsem_down_write_slowpath+0xeee/0x13b0
[  655.958978][   T30]  ? rwsem_down_write_slowpath+0xa09/0x13b0
[  655.964939][   T30]  ? __pfx_rwsem_down_write_slowpath+0x10/0x10
[  655.971190][   T30]  ? __pfx_lock_acquire+0x10/0x10
[  655.976254][   T30]  ? down_read+0x82b/0xa40
[  655.980782][   T30]  down_write+0x1d7/0x220
[  655.985134][   T30]  ? __pfx_down_write+0x10/0x10
[  655.990075][   T30]  ? __pfx_down_read+0x10/0x10
[  655.994871][   T30]  sync_inodes_sb+0x26f/0xbd0
[  655.999650][   T30]  ? __pfx_sync_inodes_sb+0x10/0x10
[  656.005521][   T30]  ? super_lock+0x2d6/0x400
[  656.010107][   T30]  ? __pfx_lock_release+0x10/0x10
[  656.015168][   T30]  ? __pfx_super_lock+0x10/0x10
[  656.020225][   T30]  ? do_raw_spin_unlock+0x13c/0x8b0
[  656.025469][   T30]  iterate_supers+0xc6/0x190
[  656.030204][   T30]  ? __pfx_sync_inodes_one_sb+0x10/0x10
[  656.035792][   T30]  ksys_sync+0xbd/0x1c0
[  656.040050][   T30]  ? __pfx_ksys_sync+0x10/0x10
[  656.044857][   T30]  ? do_syscall_64+0xb6/0x230
[  656.049612][   T30]  __do_sys_sync+0xe/0x20
[  656.053989][   T30]  do_syscall_64+0xf3/0x230
[  656.059575][   T30]  ? clear_bhb_loop+0x35/0x90
[  656.064308][   T30]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  656.070321][   T30] RIP: 0033:0x7f26ef785d29
[  656.074776][   T30] RSP: 002b:00007f26ec9f0038 EFLAGS: 00000246 ORIG_RAX: 00000000000000a2
[  656.083305][   T30] RAX: ffffffffffffffda RBX: 00007f26ef976400 RCX: 00007f26ef785d29
[  656.091366][   T30] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[  656.099484][   T30] RBP: 00007f26ef976400 R08: 0000000000000000 R09: 0000000000000000
[  656.107914][   T30] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  656.115926][   T30] R13: 0000000000000001 R14: 00007f26ef976400 R15: 00007ffdef87f8a8
[  656.124650][   T30]  </TASK>
[  656.127778][   T30] INFO: task syz.7.1115:10885 blocked for more than 148 seconds.
[  656.135514][   T30]       Not tainted 6.13.0-rc6-next-20250107-syzkaller #0
[  656.142999][   T30] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
[  656.152131][   T30] task:syz.7.1115      state:D stack:27488 pid:10885 tgid:10857 ppid:7396   flags:0x00004004
[  656.163156][   T30] Call Trace:
[  656.166462][   T30]  <TASK>
[  656.170473][   T30]  __schedule+0x18f6/0x4cd0
[  656.175039][   T30]  ? __pfx___schedule+0x10/0x10
[  656.179975][   T30]  ? __pfx_lock_release+0x10/0x10
[  656.185028][   T30]  ? lockdep_hardirqs_on_prepare+0x43d/0x780
[  656.191122][   T30]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[  656.197475][   T30]  ? _raw_spin_lock_irq+0xdf/0x120
[  656.202684][   T30]  ? schedule+0x90/0x320
[  656.207522][   T30]  schedule+0x14b/0x320
[  656.211769][   T30]  schedule_preempt_disabled+0x13/0x30
[  656.217259][   T30]  rwsem_down_write_slowpath+0xeee/0x13b0
[  656.223764][   T30]  ? rwsem_down_write_slowpath+0xa09/0x13b0
[  656.229930][   T30]  ? __pfx_rwsem_down_write_slowpath+0x10/0x10
[  656.236111][   T30]  ? __pfx_lock_acquire+0x10/0x10
[  656.241270][   T30]  ? down_read+0x82b/0xa40
[  656.245722][   T30]  down_write+0x1d7/0x220
[  656.250241][   T30]  ? __pfx_down_write+0x10/0x10
[  656.255117][   T30]  ? __pfx_down_read+0x10/0x10
[  656.259994][   T30]  sync_inodes_sb+0x26f/0xbd0
[  656.264714][   T30]  ? __pfx_sync_inodes_sb+0x10/0x10
[  656.270055][   T30]  ? super_lock+0x2d6/0x400
[  656.274597][   T30]  ? __pfx_lock_release+0x10/0x10
[  656.279710][   T30]  ? __pfx_super_lock+0x10/0x10
[  656.284594][   T30]  ? do_raw_spin_unlock+0x13c/0x8b0
[  656.289866][   T30]  iterate_supers+0xc6/0x190
[  656.294485][   T30]  ? __pfx_sync_inodes_one_sb+0x10/0x10
[  656.300110][   T30]  ksys_sync+0xbd/0x1c0
[  656.304292][   T30]  ? __pfx_ksys_sync+0x10/0x10
[  656.310141][   T30]  ? do_syscall_64+0xb6/0x230
[  656.314859][   T30]  __do_sys_sync+0xe/0x20
[  656.319520][   T30]  do_syscall_64+0xf3/0x230
[  656.324054][   T30]  ? clear_bhb_loop+0x35/0x90
[  656.328841][   T30]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  656.334763][   T30] RIP: 0033:0x7f26ef785d29
[  656.339257][   T30] RSP: 002b:00007f26ec5cd038 EFLAGS: 00000246 ORIG_RAX: 00000000000000a2
[  656.347760][   T30] RAX: ffffffffffffffda RBX: 00007f26ef9764e0 RCX: 00007f26ef785d29
[  656.355762][   T30] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[  656.363830][   T30] RBP: 00007f26ef9764e0 R08: 0000000000000000 R09: 0000000000000000
[  656.371999][   T30] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  656.380139][   T30] R13: 0000000000000001 R14: 00007f26ef9764e0 R15: 00007ffdef87f8a8
[  656.388765][   T30]  </TASK>
[  656.391867][   T30] 
[  656.391867][   T30] Showing all locks held in the system:
[  656.399947][   T30] 1 lock held by khungtaskd/30:
[  656.405429][   T30]  #0: ffffffff8e937ee0 (rcu_read_lock){....}-{1:3}, at: debug_show_all_locks+0x55/0x2a0
[  656.415770][   T30] 3 locks held by kworker/u8:3/52:
[  656.421334][   T30] 2 locks held by getty/5586:
[  656.426030][   T30]  #0: ffff8880358220a0 (&tty->ldisc_sem){++++}-{0:0}, at: tty_ldisc_ref_wait+0x25/0x70
[  656.435952][   T30]  #1: ffffc90002fde2f0 (&ldata->atomic_read_lock){+.+.}-{4:4}, at: n_tty_read+0x6a6/0x1e00
[  656.446202][   T30] 1 lock held by syz.4.420/7571:
[  656.451219][   T30]  #0: ffff88805e738500 (&ctx->wb_lock){+.+.}-{4:4}, at: netfs_writepages+0xcf/0x9e0
[  656.460853][   T30] 3 locks held by kworker/u8:12/8666:
[  656.466254][   T30]  #0: ffff888020afe948 ((wq_completion)writeback){+.+.}-{0:0}, at: process_scheduled_works+0x93b/0x1840
[  656.477737][   T30]  #1: ffffc90003bcfc60 ((work_completion)(&(&wb->dwork)->work)){+.+.}-{0:0}, at: process_scheduled_works+0x976/0x1840
[  656.490300][   T30]  #2: ffff88805e738500 (&ctx->wb_lock){+.+.}-{4:4}, at: netfs_writepages+0x12b/0x9e0
[  656.500011][   T30] 2 locks held by syz.7.1115/10858:
[  656.505227][   T30]  #0: ffff8880249c60e0 (&type->s_umount_key#54){++++}-{4:4}, at: super_lock+0x27c/0x400
[  656.515807][   T30]  #1: ffff88801d3927d0 (&bdi->wb_switch_rwsem){+.+.}-{4:4}, at: sync_inodes_sb+0x26f/0xbd0
[  656.535644][   T30] 2 locks held by syz.7.1115/10859:
[  656.541033][   T30]  #0: ffff8880249c60e0 (&type->s_umount_key#54){++++}-{4:4}, at: super_lock+0x27c/0x400
[  656.551639][   T30]  #1: ffff88801d3927d0 (&bdi->wb_switch_rwsem){+.+.}-{4:4}, at: sync_inodes_sb+0x26f/0xbd0
[  656.561984][   T30] 2 locks held by syz.7.1115/10864:
[  656.567210][   T30]  #0: ffff8880249c60e0 (&type->s_umount_key#54){++++}-{4:4}, at: super_lock+0x27c/0x400
[  656.577209][   T30]  #1: ffff88801d3927d0 (&bdi->wb_switch_rwsem){+.+.}-{4:4}, at: sync_inodes_sb+0x26f/0xbd0
[  656.587560][   T30] 2 locks held by syz.7.1115/10867:
[  656.592881][   T30]  #0: ffff8880249c60e0 (&type->s_umount_key#54){++++}-{4:4}, at: super_lock+0x27c/0x400
[  656.602966][   T30]  #1: ffff88801d3927d0 (&bdi->wb_switch_rwsem){+.+.}-{4:4}, at: sync_inodes_sb+0x26f/0xbd0
[  656.613221][   T30] 2 locks held by syz.7.1115/10878:
[  656.618885][   T30]  #0: ffff8880249c60e0 (&type->s_umount_key#54){++++}-{4:4}, at: super_lock+0x27c/0x400
[  656.630916][   T30]  #1: ffff88801d3927d0 (&bdi->wb_switch_rwsem){+.+.}-{4:4}, at: sync_inodes_sb+0x26f/0xbd0
[  656.641275][   T30] 2 locks held by syz.7.1115/10882:
[  656.646585][   T30]  #0: ffff8880249c60e0 (&type->s_umount_key#54){++++}-{4:4}, at: super_lock+0x27c/0x400
[  656.656592][   T30]  #1: ffff88801d3927d0 (&bdi->wb_switch_rwsem){+.+.}-{4:4}, at: sync_inodes_sb+0x26f/0xbd0
[  656.666871][   T30] 2 locks held by syz.7.1115/10885:
[  656.672259][   T30]  #0: ffff8880249c60e0 (&type->s_umount_key#54){++++}-{4:4}, at: super_lock+0x27c/0x400
[  656.682257][   T30]  #1: ffff88801d3927d0 (&bdi->wb_switch_rwsem){+.+.}-{4:4}, at: sync_inodes_sb+0x26f/0xbd0
[  656.692660][   T30] 2 locks held by dhcpcd/10927:
[  656.697623][   T30]  #0: ffff88807ac40e08 (&sb->s_type->i_mutex_key#10){+.+.}-{4:4}, at: sock_close+0x90/0x240
[  656.708207][   T30]  #1: ffffffff8e93d3b8 (rcu_state.exp_mutex){+.+.}-{4:4}, at: synchronize_rcu_expedited+0x381/0x830
[  656.719595][   T30] 2 locks held by dhcpcd/11016:
[  656.724482][   T30]  #0: ffff88805e4cac08 (&sb->s_type->i_mutex_key#10){+.+.}-{4:4}, at: sock_close+0x90/0x240
[  656.735113][   T30]  #1: ffffffff8e93d3b8 (rcu_state.exp_mutex){+.+.}-{4:4}, at: synchronize_rcu_expedited+0x451/0x830
[  656.746176][   T30] 5 locks held by dhcpcd-run-hook/12521:
[  656.752316][   T30] 
[  656.754669][   T30] =============================================
[  656.754669][   T30] 
[  656.763246][   T30] NMI backtrace for cpu 1
[  656.763271][   T30] CPU: 1 UID: 0 PID: 30 Comm: khungtaskd Not tainted 6.13.0-rc6-next-20250107-syzkaller #0
[  656.763287][   T30] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
[  656.763296][   T30] Call Trace:
[  656.763302][   T30]  <TASK>
[  656.763308][   T30]  dump_stack_lvl+0x241/0x360
[  656.763329][   T30]  ? __pfx_dump_stack_lvl+0x10/0x10
[  656.763344][   T30]  ? __pfx__printk+0x10/0x10
[  656.763374][   T30]  nmi_cpu_backtrace+0x49c/0x4d0
[  656.763402][   T30]  ? __pfx_nmi_cpu_backtrace+0x10/0x10
[  656.763420][   T30]  ? _printk+0xd5/0x120
[  656.763438][   T30]  ? __pfx__printk+0x10/0x10
[  656.763458][   T30]  ? __wake_up_klogd+0xcc/0x110
[  656.763477][   T30]  ? __pfx__printk+0x10/0x10
[  656.763500][   T30]  ? __rcu_read_unlock+0xa1/0x110
[  656.763520][   T30]  ? __pfx_nmi_raise_cpu_backtrace+0x10/0x10
[  656.763539][   T30]  nmi_trigger_cpumask_backtrace+0x198/0x320
[  656.763564][   T30]  watchdog+0xff6/0x1040
[  656.763583][   T30]  ? watchdog+0x1ea/0x1040
[  656.763604][   T30]  ? __pfx_watchdog+0x10/0x10
[  656.763621][   T30]  kthread+0x7a9/0x920
[  656.763638][   T30]  ? __pfx_kthread+0x10/0x10
[  656.763659][   T30]  ? __pfx_watchdog+0x10/0x10
[  656.763677][   T30]  ? __pfx_kthread+0x10/0x10
[  656.763696][   T30]  ? __pfx_kthread+0x10/0x10
[  656.763718][   T30]  ? __pfx_kthread+0x10/0x10
[  656.763736][   T30]  ? _raw_spin_unlock_irq+0x23/0x50
[  656.763758][   T30]  ? lockdep_hardirqs_on+0x99/0x150
[  656.763774][   T30]  ? __pfx_kthread+0x10/0x10
[  656.763795][   T30]  ret_from_fork+0x4b/0x80
[  656.763813][   T30]  ? __pfx_kthread+0x10/0x10
[  656.763833][   T30]  ret_from_fork_asm+0x1a/0x30
[  656.763864][   T30]  </TASK>
[  656.763870][   T30] Sending NMI from CPU 1 to CPUs 0:
[  656.935099][    C0] NMI backtrace for cpu 0
[  656.935114][    C0] CPU: 0 UID: 0 PID: 12523 Comm: sed Not tainted 6.13.0-rc6-next-20250107-syzkaller #0
[  656.935131][    C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
[  656.935140][    C0] RIP: 0010:mab_mas_cp+0x3a0/0x800
[  656.935164][    C0] Code: f5 49 89 ee 48 8b 44 24 20 49 8d 7c 05 08 48 89 f8 48 c1 e8 03 48 b9 00 00 00 00 00 fc ff df 80 3c 08 00 74 05 e8 20 c8 39 f6 <49> 83 7c dd 08 00 74 59 e8 43 78 d3 f5 4c 8b 74 24 20 49 83 c6 08
[  656.935177][    C0] RSP: 0018:ffffc9000c8ee4c8 EFLAGS: 00000246
[  656.935191][    C0] RAX: 1ffff9200191dda7 RBX: 0000000000000000 RCX: dffffc0000000000
[  656.935206][    C0] RDX: 0000000000000000 RSI: 000000000000000a RDI: ffffc9000c8eed38
[  656.935215][    C0] RBP: ffffc9000c8eed30 R08: ffffffff8bebc0dc R09: ffffffff8bebbdda
[  656.935234][    C0] R10: 0000000000000004 R11: ffff88802ce79e00 R12: 000000000000000a
[  656.935243][    C0] R13: ffffc9000c8eed30 R14: ffffc9000c8eed30 R15: 1ffff9200191dda6
[  656.935254][    C0] FS:  0000000000000000(0000) GS:ffff8880b8600000(0000) knlGS:0000000000000000
[  656.935267][    C0] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  656.935277][    C0] CR2: 00007f783f13f108 CR3: 00000000202c6000 CR4: 00000000003526f0
[  656.935290][    C0] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[  656.935299][    C0] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[  656.935308][    C0] Call Trace:
[  656.935313][    C0]  <NMI>
[  656.935319][    C0]  ? nmi_cpu_backtrace+0x3c2/0x4d0
[  656.935341][    C0]  ? __pfx_lock_acquire+0x10/0x10
[  656.935362][    C0]  ? __pfx_nmi_cpu_backtrace+0x10/0x10
[  656.935382][    C0]  ? nmi_handle+0x2a/0x5a0
[  656.935408][    C0]  ? nmi_cpu_backtrace_handler+0xc/0x20
[  656.935426][    C0]  ? nmi_handle+0x14f/0x5a0
[  656.935446][    C0]  ? nmi_handle+0x2a/0x5a0
[  656.935466][    C0]  ? mab_mas_cp+0x3a0/0x800
[  656.935483][    C0]  ? default_do_nmi+0x63/0x160
[  656.935503][    C0]  ? exc_nmi+0x123/0x1f0
[  656.935522][    C0]  ? end_repeat_nmi+0xf/0x53
[  656.935544][    C0]  ? mab_mas_cp+0x6a/0x800
[  656.935560][    C0]  ? mab_mas_cp+0x36c/0x800
[  656.935578][    C0]  ? mab_mas_cp+0x3a0/0x800
[  656.935595][    C0]  ? mab_mas_cp+0x3a0/0x800
[  656.935613][    C0]  ? mab_mas_cp+0x3a0/0x800
[  656.935630][    C0]  </NMI>
[  656.935635][    C0]  <TASK>
[  656.935645][    C0]  mast_split_data+0x1e3/0x7c0
[  656.935669][    C0]  mas_push_data+0xb18/0x1020
[  656.935692][    C0]  ? __pfx_mas_push_data+0x10/0x10
[  656.935715][    C0]  ? __asan_memset+0x23/0x50
[  656.935733][    C0]  ? mas_pop_node+0x34c/0x480
[  656.935751][    C0]  mas_commit_b_node+0xdb7/0x1a80
[  656.935775][    C0]  ? __pfx_mas_commit_b_node+0x10/0x10
[  656.935802][    C0]  ? __pfx_validate_chain+0x10/0x10
[  656.935835][    C0]  ? __lock_acquire+0x1397/0x2100
[  656.935855][    C0]  ? mas_mab_cp+0x5a3/0x7f0
[  656.935872][    C0]  ? __asan_memcpy+0x40/0x70
[  656.935889][    C0]  ? mas_mab_cp+0x5bb/0x7f0
[  656.935911][    C0]  ? mas_store_b_node+0xc4a/0xfc0
[  656.935933][    C0]  mas_wr_store_entry+0x4f4/0x2520
[  656.935962][    C0]  ? preempt_count_add+0x93/0x190
[  656.935978][    C0]  ? __pfx_mas_wr_store_entry+0x10/0x10
[  656.935999][    C0]  ? 0xffffffffa00038c0
[  656.936034][    C0]  ? mas_preallocate+0x575/0x8d0
[  656.936047][    C0]  ? __split_vma+0x2f4/0xb10
[  656.936060][    C0]  ? vms_gather_munmap_vmas+0x4df/0x13d0
[  656.936081][    C0]  ? mmap_region+0xa32/0x2e40
[  656.936093][    C0]  ? do_mmap+0xecc/0x13a0
[  656.936107][    C0]  ? vm_mmap_pgoff+0x214/0x430
[  656.936123][    C0]  ? ksys_mmap_pgoff+0x4eb/0x720
[  656.936138][    C0]  ? do_syscall_64+0xf3/0x230
[  656.936153][    C0]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  656.936180][    C0]  ? mark_lock+0x9a/0x360
[  656.936201][    C0]  ? __lock_acquire+0x1397/0x2100
[  656.936229][    C0]  ? trace_ma_write+0x96/0x210
[  656.936251][    C0]  mas_store_prealloc+0xcbb/0x1390
[  656.936270][    C0]  ? __pfx_mas_store_prealloc+0x10/0x10
[  656.936288][    C0]  ? __mas_set_range+0x133/0x3c0
[  656.936304][    C0]  vma_iter_store+0x322/0x910
[  656.936328][    C0]  vma_complete+0x216/0x9a0
[  656.936349][    C0]  ? vma_adjust_trans_huge+0x346/0x3d0
[  656.936366][    C0]  __split_vma+0x9ac/0xb10
[  656.936383][    C0]  ? __pfx___split_vma+0x10/0x10
[  656.936400][    C0]  ? mas_find+0x950/0xbb0
[  656.936413][    C0]  ? __lock_acquire+0x1397/0x2100
[  656.936433][    C0]  vms_gather_munmap_vmas+0x4df/0x13d0
[  656.936454][    C0]  ? mark_lock+0x9a/0x360
[  656.936480][    C0]  ? __pfx_vms_gather_munmap_vmas+0x10/0x10
[  656.936506][    C0]  ? mas_find+0x8c0/0xbb0
[  656.936522][    C0]  mmap_region+0xa32/0x2e40
[  656.936541][    C0]  ? validate_chain+0x11e/0x5920
[  656.936569][    C0]  ? __pfx_mmap_region+0x10/0x10
[  656.936586][    C0]  ? process_measurement+0x1a33/0x1fb0
[  656.936622][    C0]  ? __pfx_arch_get_unmapped_area_topdown+0x10/0x10
[  656.936648][    C0]  ? mm_get_unmapped_area_vmflags+0xb9/0xf0
[  656.936668][    C0]  ? thp_get_unmapped_area_vmflags+0x269/0x380
[  656.936691][    C0]  ? cap_mmap_addr+0xaa/0xf0
[  656.936707][    C0]  ? bpf_lsm_mmap_addr+0x9/0x10
[  656.936721][    C0]  ? security_mmap_addr+0x6f/0x250
[  656.936736][    C0]  ? shmem_mapping+0xd/0x50
[  656.936754][    C0]  do_mmap+0xecc/0x13a0
[  656.936773][    C0]  ? __pfx_do_mmap+0x10/0x10
[  656.936787][    C0]  ? down_write_killable+0x19e/0x260
[  656.936805][    C0]  ? vm_mmap_pgoff+0x182/0x430
[  656.936821][    C0]  ? __pfx_down_write_killable+0x10/0x10
[  656.936839][    C0]  ? common_file_perm+0x1a6/0x210
[  656.936858][    C0]  vm_mmap_pgoff+0x214/0x430
[  656.936879][    C0]  ? __pfx_vm_mmap_pgoff+0x10/0x10
[  656.936897][    C0]  ? __fget_files+0x2a/0x410
[  656.936912][    C0]  ? __fget_files+0x395/0x410
[  656.936925][    C0]  ? __fget_files+0x2a/0x410
[  656.936941][    C0]  ksys_mmap_pgoff+0x4eb/0x720
[  656.936957][    C0]  ? __x64_sys_mmap+0x7f/0x140
[  656.936977][    C0]  do_syscall_64+0xf3/0x230
[  656.936993][    C0]  ? clear_bhb_loop+0x35/0x90
[  656.937014][    C0]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  656.937033][    C0] RIP: 0033:0x7f783f167b74
[  656.937044][    C0] Code: 63 08 44 89 e8 5b 41 5c 41 5d c3 41 89 ca 41 f7 c1 ff 0f 00 00 74 0c c7 05 f5 46 01 00 16 00 00 00 eb 17 b8 09 00 00 00 0f 05 <48> 3d 00 f0 ff ff 76 0c f7 d8 89 05 dc 46 01 00 48 83 c8 ff c3 0f
[  656.937055][    C0] RSP: 002b:00007fff7464e578 EFLAGS: 00000246 ORIG_RAX: 0000000000000009
[  656.937069][    C0] RAX: ffffffffffffffda RBX: 00007fff7464e5b8 RCX: 00007f783f167b74
[  656.937080][    C0] RDX: 0000000000000005 RSI: 0000000000123000 RDI: 00007f783eef8000
[  656.937090][    C0] RBP: 00007fff7464ed10 R08: 0000000000000003 R09: 0000000000028000
[  656.937100][    C0] R10: 0000000000000812 R11: 0000000000000246 R12: 00007f783f1445c0
[  656.937109][    C0] R13: 00007fff7464ed98 R14: 0000000000027f38 R15: 0000000000000000
[  656.937125][    C0]  </TASK>
[  656.939283][   T30] Kernel panic - not syncing: hung_task: blocked tasks
[  656.939299][   T30] CPU: 1 UID: 0 PID: 30 Comm: khungtaskd Not tainted 6.13.0-rc6-next-20250107-syzkaller #0
[  656.939318][   T30] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
[  656.939329][   T30] Call Trace:
[  656.939336][   T30]  <TASK>
[  656.939343][   T30]  dump_stack_lvl+0x241/0x360
[  656.939366][   T30]  ? __pfx_dump_stack_lvl+0x10/0x10
[  656.939384][   T30]  ? __pfx__printk+0x10/0x10
[  656.939405][   T30]  ? lockdep_hardirqs_on_prepare+0x43d/0x780
[  656.939432][   T30]  ? vscnprintf+0x5d/0x90
[  656.939456][   T30]  panic+0x349/0x880
[  656.939488][   T30]  ? nmi_trigger_cpumask_backtrace+0x244/0x320
[  656.939512][   T30]  ? __pfx_panic+0x10/0x10
[  656.939533][   T30]  ? tick_nohz_tick_stopped+0x82/0xb0
[  656.939550][   T30]  ? __irq_work_queue_local+0x137/0x410
[  656.939571][   T30]  ? preempt_schedule_thunk+0x1a/0x30
[  656.939593][   T30]  ? nmi_trigger_cpumask_backtrace+0x244/0x320
[  656.939614][   T30]  ? nmi_trigger_cpumask_backtrace+0x2d4/0x320
[  656.939638][   T30]  ? nmi_trigger_cpumask_backtrace+0x2d9/0x320
[  656.939663][   T30]  watchdog+0x1035/0x1040
[  656.939684][   T30]  ? watchdog+0x1ea/0x1040
[  656.939708][   T30]  ? __pfx_watchdog+0x10/0x10
[  656.939728][   T30]  kthread+0x7a9/0x920
[  656.939747][   T30]  ? __pfx_kthread+0x10/0x10
[  656.939769][   T30]  ? __pfx_watchdog+0x10/0x10
[  656.939789][   T30]  ? __pfx_kthread+0x10/0x10
[  656.939808][   T30]  ? __pfx_kthread+0x10/0x10
[  656.939831][   T30]  ? __pfx_kthread+0x10/0x10
[  656.939849][   T30]  ? _raw_spin_unlock_irq+0x23/0x50
[  656.939871][   T30]  ? lockdep_hardirqs_on+0x99/0x150
[  656.939888][   T30]  ? __pfx_kthread+0x10/0x10
[  656.939909][   T30]  ret_from_fork+0x4b/0x80
[  656.939928][   T30]  ? __pfx_kthread+0x10/0x10
[  656.939948][   T30]  ret_from_fork_asm+0x1a/0x30
[  656.939978][   T30]  </TASK>
[  657.755523][   T30] Kernel Offset: disabled
[  657.760043][   T30] Rebooting in 86400 seconds..