last executing test programs:

9m13.704582909s ago: executing program 32 (id=38):
mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x0, 0x200000005c832, 0xffffffffffffffff, 0x0)
mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x2)
r0 = userfaultfd(0x801)
ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f00000000c0))
ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000000040)={{&(0x7f0000400000/0xc00000)=nil, 0xc00000}, 0x4})
ioctl$UFFDIO_COPY(r0, 0xc028aa03, &(0x7f0000000000)={&(0x7f0000800000/0x800000)=nil, &(0x7f0000199000/0x800000)=nil, 0x800000})
pipe2(&(0x7f0000000180)={0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x4000)
fcntl$setpipe(r1, 0x407, 0x0)
write$FUSE_INIT(r1, &(0x7f0000000340)={0x50, 0xfffffffffffffff5, 0x0, {0x7, 0x28, 0xd19e, 0x0, 0x0, 0x4, 0x8d, 0x40000000, 0x0, 0x0, 0x10, 0x2}}, 0x50)
vmsplice(r1, &(0x7f0000000140)=[{&(0x7f0000000100)="eb", 0x20000101}], 0x1, 0x0)
fcntl$setpipe(r1, 0x407, 0x2000000)

6m27.062876193s ago: executing program 33 (id=379):
getsockopt$inet_sctp6_SCTP_CONTEXT(0xffffffffffffffff, 0x84, 0x11, 0x0, 0x0)
openat$tun(0xffffffffffffff9c, 0x0, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000400)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r1, &(0x7f0000000000), 0x400000000000041, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
rseq(&(0x7f0000000400), 0x20, 0x0, 0x0)
execveat(0xffffffffffffffff, &(0x7f0000000000)='\x00', 0x0, 0x0, 0x1000)
landlock_create_ruleset(&(0x7f0000000100)={0x8000, 0x1}, 0x18, 0x0)

6m19.753018498s ago: executing program 6 (id=422):
io_cancel(0x0, 0xfffffffffffffffe, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0x3, &(0x7f0000000080)=@framed={{0x18, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7}}, &(0x7f0000000780)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0x12, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8000}, 0x94)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x5)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x80200, 0x0)
r0 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r0, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
r1 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080), 0x4000000004002, 0x0)
r2 = dup(r1)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb, 0x13, r2, 0x2000)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x17)

6m18.35187395s ago: executing program 6 (id=427):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x7, 0x100}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0xe9a8000)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
r3 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_CREATE(r3, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000044c0)={&(0x7f0000000480)=ANY=[@ANYBLOB="4c000000020601080000000000000000000000400500010006200000050005000a00000005000400000000000900020073797a310000000011000300686173683a69702c6d61726b"], 0x4c}}, 0x0)

6m16.56496484s ago: executing program 34 (id=427):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x7, 0x100}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0xe9a8000)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
r3 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_CREATE(r3, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000044c0)={&(0x7f0000000480)=ANY=[@ANYBLOB="4c000000020601080000000000000000000000400500010006200000050005000a00000005000400000000000900020073797a310000000011000300686173683a69702c6d61726b"], 0x4c}}, 0x0)

5m24.581175186s ago: executing program 4 (id=535):
bpf$PROG_LOAD(0x5, &(0x7f00000039c0)={0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x30, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="18000000000000000000000000000000850000000f00000018010000646c6c2500000000000000007b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x401}, 0x94)
r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000280)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000340)={&(0x7f0000000400)='virtio_transport_alloc_pkt\x00', r0}, 0x18)
r1 = socket$vsock_stream(0x28, 0x1, 0x0)
bind$vsock_stream(r1, &(0x7f0000000440), 0x10)
listen(r1, 0x0)
r2 = socket$vsock_stream(0x28, 0x1, 0x0)
connect$vsock_stream(r2, &(0x7f0000000100)={0x28, 0x0, 0x0, @local}, 0x10)
writev(r2, &(0x7f0000000080)=[{&(0x7f00000001c0)='?', 0x1}], 0x1)
r3 = accept4$unix(r1, 0x0, 0x0, 0x0)
recvmmsg(r3, &(0x7f0000001680)=[{{0x0, 0x0, &(0x7f0000003380)=[{&(0x7f0000000140)=""/120, 0x78}, {&(0x7f0000000040)=""/40, 0x28}, {&(0x7f0000003300)=""/107, 0x6b}], 0x3}}], 0x4000000000000a1, 0x2, 0x0)
recvmsg(r3, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000480)=""/68, 0x44}], 0x1}, 0x4c2103a0)

5m23.78254753s ago: executing program 4 (id=539):
r0 = socket$xdp(0x2c, 0x3, 0x0)
r1 = syz_io_uring_setup(0x110, &(0x7f00000000c0)={0x0, 0x10, 0x0, 0x3, 0x80}, &(0x7f0000000180)=<r2=>0x0, &(0x7f0000000280)=<r3=>0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8000}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000640)=0x2)
sched_setaffinity(0x0, 0x8, &(0x7f0000000280)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r4 = syz_open_dev$MSR(&(0x7f0000000080), 0x0, 0x0)
read$msr(r4, &(0x7f0000019680)=""/102392, 0x18ff8)
io_uring_register$IORING_REGISTER_FILES(r1, 0x2, &(0x7f0000000300)=[0xffffffffffffffff], 0x1)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4)
syz_io_uring_submit(r2, r3, &(0x7f00000002c0)=@IORING_OP_FILES_UPDATE={0x14, 0x0, 0x0, 0x0, 0xffffffffffffffff, &(0x7f0000000140)=[r0], 0x1})
io_uring_enter(r1, 0x47f6, 0x0, 0x20, 0x0, 0x0)

5m19.950487392s ago: executing program 4 (id=544):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x7, 0x100}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x1, &(0x7f00000000c0)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
set_mempolicy(0x4003, &(0x7f0000000200)=0x7, 0x3)
r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000300)='freezer.self_freezing\x00', 0x275a, 0x0)
write$binfmt_script(r3, &(0x7f0000000100), 0x208e24b)

5m18.741013524s ago: executing program 4 (id=548):
socket$nl_route(0x10, 0x3, 0x0)
connect$unix(0xffffffffffffffff, 0x0, 0x0)
sendmmsg$unix(0xffffffffffffffff, &(0x7f00000bd000), 0x318, 0x0)
pipe(&(0x7f00000000c0))
sendmsg(0xffffffffffffffff, &(0x7f0000000280)={0x0, 0x0, 0x0}, 0x0)
rt_sigaction(0x8, &(0x7f0000000080)={0x0, 0x88000007, 0x0}, 0x0, 0x8, &(0x7f0000000300))
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000040)={{0x14}, [@NFT_MSG_NEWFLOWTABLE={0x38, 0x16, 0xa, 0x1, 0x0, 0x0, {0x1}, [@NFTA_FLOWTABLE_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_FLOWTABLE_NAME={0x9, 0x2, 'syz0\x00'}, @NFTA_FLOWTABLE_HOOK={0xc, 0x3, 0x0, 0x1, [@NFTA_FLOWTABLE_HOOK_PRIORITY={0x8}]}]}], {0x14, 0x10}}, 0x60}}, 0x0)
openat$adsp1(0xffffffffffffff9c, 0x0, 0x2, 0x0)
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_CREATE(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000340)={0x54, 0x2, 0x6, 0x5, 0x0, 0x0, {0x0, 0x0, 0x3}, [@IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_DATA={0xc, 0x7, 0x0, 0x1, [@IPSET_ATTR_HASHSIZE={0x8}]}, @IPSET_ATTR_TYPENAME={0xd, 0x3, 'hash:net\x00'}, @IPSET_ATTR_FAMILY={0x5, 0x5, 0xa}, @IPSET_ATTR_REVISION={0x5, 0x4, 0x1}]}, 0x54}, 0x1, 0x0, 0x0, 0x4004000}, 0x40080)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_FLUSH(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000100)={0x1c, 0x4, 0x6, 0x101, 0x0, 0x0, {}, [@IPSET_ATTR_PROTOCOL={0x5}]}, 0x1c}}, 0x0)

5m16.137900205s ago: executing program 4 (id=551):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x1000008, 0x4000000000008b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = syz_open_dev$MSR(&(0x7f0000000240), 0x0, 0x0)
read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x18, 0xb, 0x0, 0x0, 0x4, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
mknodat$loop(0xffffffffffffff9c, &(0x7f0000000140)='./file0\x00', 0x1000, 0x1)
r1 = gettid()
timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r1}, &(0x7f0000bbdffc)=<r2=>0x0)
timer_settime(r2, 0x0, &(0x7f0000000000)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0)
name_to_handle_at(0xffffffffffffff9c, &(0x7f0000000080)='./file0\x00', &(0x7f00000000c0)=ANY=[], &(0x7f0000000180), 0x0)
open_by_handle_at(0xffffffffffffff9c, &(0x7f00000000c0)=ANY=[], 0x200000000000000)

5m13.911684382s ago: executing program 4 (id=556):
r0 = socket$xdp(0x2c, 0x3, 0x0)
setsockopt$XDP_RX_RING(r0, 0x11b, 0x2, &(0x7f0000001980)=0x100, 0x4)
setsockopt$XDP_UMEM_FILL_RING(r0, 0x11b, 0x5, &(0x7f0000000140)=0x1, 0x4)
r1 = socket$xdp(0x2c, 0x3, 0x0)
setsockopt$XDP_UMEM_REG(r1, 0x11b, 0x4, &(0x7f00000000c0)={&(0x7f0000000000)=""/74, 0x328000, 0x1000}, 0x1c)
setsockopt$XDP_UMEM_COMPLETION_RING(r1, 0x11b, 0x6, &(0x7f0000000200)=0x1, 0x4)
r2 = socket$inet6_udplite(0xa, 0x2, 0x88)
setsockopt$XDP_RX_RING(r1, 0x11b, 0x2, &(0x7f0000001980)=0x100, 0x4)
setsockopt$XDP_UMEM_FILL_RING(r1, 0x11b, 0x5, &(0x7f0000000140)=0x1, 0x4)
ioctl$ifreq_SIOCGIFINDEX_wireguard(r2, 0x8933, &(0x7f0000000400)={'wg2\x00', <r3=>0x0})
bind$xdp(r1, &(0x7f0000000100)={0x2c, 0xa, r3}, 0x10)
bind$xdp(r0, &(0x7f0000000980)={0x2c, 0x1, r3, 0x24, r1}, 0x10)

4m58.054988587s ago: executing program 35 (id=556):
r0 = socket$xdp(0x2c, 0x3, 0x0)
setsockopt$XDP_RX_RING(r0, 0x11b, 0x2, &(0x7f0000001980)=0x100, 0x4)
setsockopt$XDP_UMEM_FILL_RING(r0, 0x11b, 0x5, &(0x7f0000000140)=0x1, 0x4)
r1 = socket$xdp(0x2c, 0x3, 0x0)
setsockopt$XDP_UMEM_REG(r1, 0x11b, 0x4, &(0x7f00000000c0)={&(0x7f0000000000)=""/74, 0x328000, 0x1000}, 0x1c)
setsockopt$XDP_UMEM_COMPLETION_RING(r1, 0x11b, 0x6, &(0x7f0000000200)=0x1, 0x4)
r2 = socket$inet6_udplite(0xa, 0x2, 0x88)
setsockopt$XDP_RX_RING(r1, 0x11b, 0x2, &(0x7f0000001980)=0x100, 0x4)
setsockopt$XDP_UMEM_FILL_RING(r1, 0x11b, 0x5, &(0x7f0000000140)=0x1, 0x4)
ioctl$ifreq_SIOCGIFINDEX_wireguard(r2, 0x8933, &(0x7f0000000400)={'wg2\x00', <r3=>0x0})
bind$xdp(r1, &(0x7f0000000100)={0x2c, 0xa, r3}, 0x10)
bind$xdp(r0, &(0x7f0000000980)={0x2c, 0x1, r3, 0x24, r1}, 0x10)

3m30.086735802s ago: executing program 0 (id=700):
prlimit64(0x0, 0xe, &(0x7f0000000200)={0x8, 0x8a}, 0x0)
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
getsockopt$IP_VS_SO_GET_SERVICES(r0, 0x0, 0x482, &(0x7f0000001640)=""/139, &(0x7f0000000100)=0x8)

3m26.960650016s ago: executing program 0 (id=718):
syz_emit_vhci(&(0x7f0000000000)=@HCI_EVENT_PKT={0x4, @inquiry_info_with_rssi={{0x22, 0xf}, {0x1, [{@any, 0x1, 0x4, "95099c", 0x30a7, 0x6}]}}}, 0x12)
syz_emit_vhci(&(0x7f0000000140)=@HCI_EVENT_PKT={0x4, @hci_ev_num_comp_pkts={{0x13, 0x1}}}, 0x4)
pipe(0x0)
fsetxattr(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x3)
ioctl$ifreq_SIOCGIFINDEX_batadv_hard(0xffffffffffffffff, 0x8933, 0x0)
syz_emit_vhci(&(0x7f0000000840)=@HCI_EVENT_PKT={0x4, @extended_inquiry_info={{0x2f, 0xff}, {0x1, [{@any, 0x9, 0x6, 'z-h', 0x6, 0x4, "4bd56cc5fda5cae7cd5fd8cb7b7bc3aff97b67e1fff94c7a06f50c5087201b823ef07358d86878951af8b863de1124182e4a870dc3af5dc24aeeac8592fbac2d1933c9a7b237026edbd7e7b61b2e16cab8ee2b9e60f4982043b982c133004158cc90a2f1d1be07dd16a15d2b40f0306017bfbbb6355667ef83575cea55ab2d1964aa434b552f8d35c5a257310d7c8f261cad171e6b61ad0bdcd054991316f1f47ae58d20f137a523f35d55b9a2dc8547136919a682b2d01b549aa2ab7cb7405cbcd55623ca3b485a12ced5b3b88cd3b815f6c5806b2fa4cd4cb852d4ac4bd82f18637f6171e1ce2b9b381ef5839ccb60"}]}}}, 0x102)
socket(0x5, 0x4, 0xffffffff)
syz_emit_vhci(0x0, 0x0)
syz_emit_vhci(0x0, 0x0)
ioctl$ifreq_SIOCGIFINDEX_team(0xffffffffffffffff, 0x8933, &(0x7f00000011c0))
ioctl$sock_ipv6_tunnel_SIOCADDTUNNEL(0xffffffffffffffff, 0x89f1, 0x0)
sendmsg$TEAM_CMD_NOOP(0xffffffffffffffff, 0x0, 0x4000000)
socket$nl_xfrm(0x10, 0x3, 0x6)

3m23.727641466s ago: executing program 0 (id=712):
r0 = openat(0xffffffffffffff9c, &(0x7f0000000140)='./file1\x00', 0x601c2, 0x0)
ftruncate(r0, 0x8800000)
r1 = open(&(0x7f00000001c0)='./bus\x00', 0x4c27e, 0x53)
r2 = socket$vsock_stream(0x28, 0x1, 0x0)
bind$vsock_stream(r2, &(0x7f0000000040)={0x28, 0x0, 0x2710, @local}, 0x10)
listen(r2, 0x0)
r3 = socket$vsock_stream(0x28, 0x1, 0x0)
connect$vsock_stream(r3, &(0x7f0000000640)={0x28, 0x0, 0x2710}, 0x10)
close(r1)
accept(r2, 0x0, 0x0)
sendfile(r1, r0, 0x0, 0x578410ed)
r4 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000040)={0x1, &(0x7f00000000c0)=[{0x6, 0x0, 0x0, 0x7fff7ffc}]})
close_range(r4, 0xffffffffffffffff, 0x0)

3m21.362463072s ago: executing program 0 (id=719):
ioctl$VIDIOC_G_JPEGCOMP(0xffffffffffffffff, 0x808c563d, &(0x7f0000000240))
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
connect$llc(0xffffffffffffffff, &(0x7f0000000180)={0x1a, 0x0, 0xfc, 0x7, 0x8, 0x1, @dev={'\xaa\xaa\xaa\xaa\xaa', 0x2a}}, 0x10)
r3 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_GET(r3, &(0x7f00000004c0)={0x0, 0x0, &(0x7f0000000480)={&(0x7f00000003c0)={0x7c, 0x1, 0x1, 0x101, 0x0, 0x0, {0x2}, [@CTA_TUPLE_ORIG={0x5c, 0x1, 0x0, 0x1, [@CTA_TUPLE_IP={0x2c, 0x1, 0x0, 0x1, @ipv6={{0x14, 0x3, @mcast1}, {0x14, 0x4, @dev={0xfe, 0x80, '\x00', 0x36}}}}, @CTA_TUPLE_IP={0x2c, 0x1, 0x0, 0x1, @ipv6={{0x14, 0x3, @private1}, {0x14, 0x4, @loopback}}}]}, @CTA_FILTER={0xc, 0x19, 0x0, 0x1, [@CTA_FILTER_ORIG_FLAGS={0x8, 0x1, 0xd}]}]}, 0x7c}}, 0x0)

3m16.793987957s ago: executing program 0 (id=727):
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
madvise(&(0x7f0000bdc000/0x4000)=nil, 0x86ac726dff2f4713, 0xa)
syz_clone3(&(0x7f0000000740)={0x8180080, 0x0, 0x0, 0x0, {0x39}, 0x0, 0x0, 0x0, 0x0}, 0x58)

3m15.16246316s ago: executing program 2 (id=729):
r0 = socket$tipc(0x1e, 0x2, 0x0)
setsockopt$TIPC_GROUP_JOIN(r0, 0x10f, 0x87, &(0x7f0000000280)={0x41}, 0x10)
r1 = socket$tipc(0x1e, 0x5, 0x0)
setsockopt$TIPC_GROUP_JOIN(r1, 0x10f, 0x87, &(0x7f0000000900)={0x41, 0x4}, 0x10)
r2 = socket$tipc(0x1e, 0x2, 0x0)
setsockopt$TIPC_GROUP_JOIN(r2, 0x10f, 0x87, &(0x7f0000000040)={0x41}, 0x10)
r3 = socket$tipc(0x1e, 0x2, 0x0)
setsockopt$TIPC_GROUP_JOIN(r3, 0x10f, 0x87, &(0x7f0000000280)={0x41, 0x4, 0x2}, 0x10)
sendmsg$tipc(r3, &(0x7f0000000240)={&(0x7f0000000080), 0x10, 0x0}, 0x0)
r4 = socket$tipc(0x1e, 0x2, 0x0)
setsockopt$TIPC_GROUP_JOIN(r4, 0x10f, 0x87, &(0x7f0000000100)={0x41, 0x0, 0x2}, 0x1be)
sendmsg$tipc(r4, &(0x7f0000000180)={&(0x7f0000000080)=@nameseq={0x1e, 0x1, 0x0, {0x41}}, 0x10, 0x0}, 0x4000000)
sendmsg$tipc(r3, &(0x7f0000000240)={&(0x7f0000000080)=@nameseq={0x1e, 0x1, 0x0, {0x41}}, 0x10, 0x0, 0x0, 0x0, 0x0, 0x44010}, 0x0)

3m12.688533363s ago: executing program 0 (id=730):
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x20000008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r1 = getpid()
sched_setscheduler(r1, 0x1, &(0x7f0000000200)=0x7)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000000c0)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f0000000180)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
connect$unix(0xffffffffffffffff, 0x0, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
setsockopt$IP6T_SO_SET_REPLACE(r0, 0x29, 0x40, &(0x7f0000000f40)=@raw={'raw\x00', 0x8, 0x3, 0x478, 0x1c0, 0xffffffff, 0xffffffff, 0x1c0, 0xffffffff, 0x3a8, 0xffffffff, 0xffffffff, 0x3a8, 0xffffffff, 0x3, 0x0, {[{{@ipv6={@remote, @loopback, [0xff, 0x0, 0xff, 0xff], [0xffffffff, 0xff, 0xff], 'team_slave_0\x00', 'netdevsim0\x00', {}, {0xff}, 0x29, 0x3, 0x0, 0x60}, 0x0, 0x1a0, 0x1c0, 0x60030000, {0x0, 0xff000000}, [@common=@inet=@recent0={{0xf8}, {0x9, 0x2, 0x24, 0x0, 'syz0\x00'}}]}, @unspec=@TRACE={0x20}}, {{@uncond, 0x0, 0x1c8, 0x1e8, 0x0, {}, [@common=@inet=@recent0={{0xf8}, {0x0, 0x0, 0x1, 0x1, 'syz0\x00', 0xfe}}, @common=@mh={{0x28}, {"b11c", 0x1}}]}, @unspec=@NOTRACK={0x20}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x4d8)

3m10.926626163s ago: executing program 7 (id=733):
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000000)={0x8, 0x100008b}, 0x0)
sched_setaffinity(0x0, 0x11, &(0x7f0000000180)=0x1400200bce)
sched_setscheduler(0x0, 0x1, &(0x7f0000002200)=0x1)
r0 = syz_open_dev$MSR(&(0x7f0000000200), 0xa, 0x0)
sendmsg$NL80211_CMD_SET_POWER_SAVE(0xffffffffffffffff, &(0x7f0000000240)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x1000}, 0xc, 0x0, 0x1, 0x0, 0x0, 0x4c006}, 0x2000040)
read$msr(r0, &(0x7f000001b240)=""/102400, 0x19000)
geteuid()
r1 = fsopen(&(0x7f0000000280)='ceph\x00', 0x0)
fsconfig$FSCONFIG_SET_STRING(r1, 0x1, &(0x7f0000000b40)='source', 0x0, 0x0)
ioctl$KIOCSOUND(0xffffffffffffffff, 0x4b2f, 0x1)
ioctl$TCSETS(0xffffffffffffffff, 0x5402, 0x0)
msgsnd(0x0, 0x0, 0x8, 0x0)

3m10.215050057s ago: executing program 2 (id=734):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$tipc(&(0x7f0000000200), 0xffffffffffffffff)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x84}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000240)=0x7)
r2 = getpid()
sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbee2, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e21}, 0x6e)
sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
sendmsg$TIPC_CMD_SHOW_LINK_STATS(r0, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000280)={0x28, r1, 0x1, 0x70bd2a, 0x25dfdbfc, {{}, {}, {0x6, 0x14, 'syz0\x00'}}}, 0x28}, 0x1, 0x0, 0x0, 0x890}, 0x800)

3m8.892774177s ago: executing program 2 (id=736):
prlimit64(0x0, 0xe, &(0x7f0000000040)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
kcmp$KCMP_EPOLL_TFD(r0, r0, 0x7, 0xffffffffffffffff, 0x0)
socket$inet6_tcp(0xa, 0x1, 0x0)
r3 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r3, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000200)=ANY=[@ANYBLOB="140000003e00270225bd7000ffdbdf250a"], 0x14}, 0x1, 0x0, 0x0, 0x40010}, 0x0)

3m7.49317983s ago: executing program 7 (id=737):
syz_open_dev$evdev(&(0x7f0000000180), 0x200, 0xa2600)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000080)={0x8, 0x9}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000000)=0x7)
openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x40241, 0x0)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x80200, 0x0)
r0 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r0, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
syz_open_dev$sg(&(0x7f00000060c0), 0x0, 0x8002)
r1 = getpid()
syz_pidfd_open(r1, 0x0)
socket$xdp(0x2c, 0x3, 0x0)
pselect6(0x40, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, 0x0, 0x8}, 0x0, &(0x7f00000002c0)={0x3ff, 0x0, 0xc3ac}, 0x0, 0x0)

3m6.714057903s ago: executing program 2 (id=739):
syz_init_net_socket$bt_rfcomm(0x1f, 0x3, 0x3)
socket$phonet_pipe(0x23, 0x5, 0x2)
socket$netlink(0x10, 0x3, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000080)={0x8, 0x9}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000000)=0x7)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x80200, 0x0)
r0 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r0, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b703000000000000850000007000000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000080)='sched_switch\x00', r1}, 0x10)
pselect6(0x40, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, 0x0, 0x8}, 0x0, &(0x7f00000002c0)={0x3ff, 0x0, 0xc3ac}, &(0x7f0000000300)={0x0, 0x3938700}, 0x0)

3m3.21734477s ago: executing program 7 (id=742):
bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0xd, 0x3, &(0x7f0000000180)=@framed, 0x0, 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback=0x2d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0xa, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f00000000c0)=0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000380)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(r0, 0x1, &(0x7f0000000180)=0x3)
r3 = memfd_create(&(0x7f0000000080)='%\x00', 0x3)
flistxattr(r3, &(0x7f0000000040)=""/33, 0x21)

3m2.366745633s ago: executing program 2 (id=745):
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)
r0 = syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0)
mount$fuse(0x0, 0x0, 0x0, 0x8, &(0x7f0000000040)=ANY=[@ANYBLOB='fd=', @ANYRESDEC=0x0])
mount(0x0, &(0x7f0000000440)='./file0\x00', &(0x7f0000000280)='autofs\x00', 0x201000c, &(0x7f0000000040))
chdir(&(0x7f0000000080)='./file0\x00')
setpgid(r0, r0)
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x1c0)
openat$dir(0xffffffffffffff9c, &(0x7f0000000340)='./file1\x00', 0x220901, 0x0)
unlinkat(0xffffffffffffff9c, &(0x7f0000000380)='./file1\x00', 0x200)
mount$afs(0x0, &(0x7f0000002840)='./file0\x00', &(0x7f0000002880), 0x700, &(0x7f0000000200)=ANY=[@ANYBLOB='dyn'])
setpgid(0x0, r0)
statx(0xffffffffffffff9c, &(0x7f0000002040)='./file0/file0\x00', 0x4800, 0x100, 0x0)

3m1.175761514s ago: executing program 7 (id=746):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000002c0)=ANY=[@ANYBLOB="0b00000007000000010001000900000001"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x5, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b70800000d0000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2b, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000007c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000880)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kfree\x00', r1}, 0x10)
getsockopt$inet6_tcp_TCP_ZEROCOPY_RECEIVE(0xffffffffffffffff, 0x6, 0x23, &(0x7f0000000240)={&(0x7f00000ae000/0x3000)=nil, 0x3000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0)
syz_mount_image$ext4(&(0x7f0000000080)='ext3\x00', &(0x7f0000000480)='./file0\x00', 0x0, &(0x7f0000000280)={[{@noload}, {@max_dir_size_kb={'max_dir_size_kb', 0x3d, 0x5}}, {@bh}, {@noload}, {@data_err_ignore}, {@usrjquota}]}, 0xfe, 0x44d, &(0x7f0000000900)="$eJzs3MtvG8UfAPDvrp30/Ut+UB4tLQQKouKRNOnzwKUIJA4gIcGhiFNI0qrUbaAJEq0qKBzKEVXijjgi8RdwggsCTkhc4Y4qVaiXFiQko13vpsa107hx6rb+fKRNZrzjzHx3d+zZGTsBDKyx7EcSsTkifouIkUb2vwXGGr+uXTk389eVczNJ1Otv/Jnk5a5eOTdTFi2ft6mRqdeL/Lo29V54O2K6Vps7XeQnFk++N7Fw5uzzx09OH5s7Nndq6tChfXt3Dh+Y2t+TOLO4rm7/aH7HtlfeuvjazJGL7/z0TdbezcX+5jh6ZaxxdNt6qteV9dmWpnRS7WND6EolIrLTNZT3/5GoxIalfSPx8qd9bRywpur1er3d+3PhfB24hyXR7xYA/VG+0Wf3v+V2m4Yed4TLhyPeP9iI/1qxNfZUIy3KDLXc3/bSWEQcOf/3l9kWazQPAQDQ7LvDEfFcu/FfGg82lftfsYYyGhH/j4j7IuL+iNgaEQ9E5GUfioiHu6y/dYXkxvFPeumWAluhbPz3QrG2tTT++6eex18YrRS5LXn8Q8nR47W5PcUx2R1D67L85DJ1fP/Sr5932tc8/su2rP5yLNiQXqq2TNDNTi9OrzLsJZc/idhebYk/l0S5jJNExLaI2N7VX75+h3H8ma93dCp18/iX0YN1pvpXEU83zv/5aIm/lHRcn5w8eGBq/8T6qM3tmSivihv9/MuF1zvVv6r4eyA7/xtbr//cUvyjyfqIhTNnT+TrtQvd13Hh98863tPc6vU/nLyZp4eLxz6cXlw8PRkxnLx64+NT159b5svyWfy7d7WLP81f48oj8UhEZBfxzoh4NCIeK9r+eEQ8ERG7lon/xxeffLf7+JeZle+hLP7Zm53/aD7/3ScqJ374tvv4S9n535endhePrOT1b6UNXM2xAwAAgLtFmn8GPknHl9JpOj7e+Az/1tiY1uYXFp89Ov/BqdnGZ+VHYygtZ7pGmuZDJ4u54TI/1ZLfW8wbf1HZkOfHZ+Zrs/0OHgbcpg79P/NHpd+tA9ac72vB4NL/YXDp/zC49H8YXPo/DK52/f/jPrQDuP28/8Pg0v9hcOn/MLj0fxhIHb8bn67qK/8S93wi0u6fVY07pPF3U6K64n9mcYuJdW139fuVCQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAoDf+DQAA//9X4u4v")
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
ioctl$VHOST_SET_LOG_FD(0xffffffffffffffff, 0x4004af07, 0x0)
bpf$MAP_GET_NEXT_KEY(0x4, 0x0, 0x0)
syz_mount_image$fuse(0x0, &(0x7f0000000000)='./bus\x00', 0x40000, 0x0, 0x1, 0x0, 0x0)
mount$overlay(0x0, &(0x7f0000000100)='./bus\x00', &(0x7f0000000440), 0x8, &(0x7f0000000200)={[{@upperdir={'upperdir', 0x3d, './file0'}}, {@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, '.'}}]})
syz_mount_image$fuse(&(0x7f00000001c0), &(0x7f0000000380)='./bus\x00', 0x222020, &(0x7f0000000140)=ANY=[], 0x1, 0x0, 0x0)
unlinkat(0xffffffffffffff9c, &(0x7f0000000c40)='./file1\x00', 0x0)

3m0.620559145s ago: executing program 2 (id=748):
syz_open_procfs(0xffffffffffffffff, 0x0)
r0 = fsopen(&(0x7f0000000300)='befs\x00', 0x1)
fsconfig$FSCONFIG_SET_STRING(r0, 0x1, &(0x7f0000000000)='iocharset', &(0x7f0000000040)='-/\x00', 0x0)
fsconfig$FSCONFIG_SET_STRING(r0, 0x1, &(0x7f0000000080)='iocharset', &(0x7f00000000c0)='io#harset', 0x0)
r1 = syz_genetlink_get_family_id$ieee802154(&(0x7f0000000180), 0xffffffffffffffff)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x11, 0xc, &(0x7f0000000800)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d0000001801000020696c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000007000000095"], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x1, '\x00', 0x0, @fallback=0xc, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000004c0)={&(0x7f0000000500)='tlb_flush\x00', r2}, 0x10)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000140)={&(0x7f0000000040)='tlb_flush\x00', r2, 0x0, 0x10000000000000}, 0x18)
madvise(&(0x7f0000c00000/0x400000)=nil, 0x400000, 0xe)
mlock(&(0x7f0000c00000/0x400000)=nil, 0x400000)
mremap(&(0x7f0000ffc000/0x2000)=nil, 0x2000, 0x2000, 0x7, &(0x7f0000fff000/0x1000)=nil)
madvise(&(0x7f0000003000/0x1000)=nil, 0x7f7884acbfff, 0x14)
sendmsg$IEEE802154_LLSEC_GETPARAMS(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000000c0)={0x20, r1, 0x1, 0x70bd26, 0x25dfdbfc, {}, [@IEEE802154_ATTR_DEV_NAME={0xa, 0x1, 'wpan1\x00'}]}, 0x20}}, 0x40)

2m59.161248346s ago: executing program 7 (id=751):
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
sendmsg$inet(r1, &(0x7f0000001b00)={0x0, 0x0, 0x0, 0x0, &(0x7f0000001d80)=ANY=[@ANYBLOB="28010000000000000100000001"], 0x128}, 0x0)
recvmsg$unix(r0, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000080), 0x100}, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000100)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
sendmsg$inet(r3, &(0x7f0000001b00)={0x0, 0x0, 0x0, 0x0, &(0x7f0000001d80)=ANY=[], 0x128}, 0x0)
recvmsg$unix(r2, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000080), 0x100}, 0x0)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
sendmsg$inet(r5, &(0x7f0000001b00)={0x0, 0x0, 0x0, 0x0, &(0x7f0000001d80)=ANY=[], 0x128}, 0x24004000)
recvmsg$unix(r4, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000900), 0x100}, 0x0)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={<r6=>0xffffffffffffffff, <r7=>0xffffffffffffffff})
sendmsg$inet(r7, &(0x7f0000001b00)={0x0, 0x0, 0x0, 0x0, &(0x7f0000001d80)=ANY=[], 0x128}, 0x0)
recvmsg(r6, &(0x7f0000000340)={0x0, 0x0, 0x0, 0x0, &(0x7f0000001dc0)=""/4096, 0x1000}, 0x40000002)
bpf$ENABLE_STATS(0x20, 0x0, 0x0)

2m58.303911821s ago: executing program 7 (id=754):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000240)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x6)
r3 = syz_open_dev$swradio(&(0x7f0000000000), 0x1, 0x2)
ioctl$VIDIOC_S_CTRL(r3, 0xc008561c, &(0x7f00000002c0)={0xf0f045, 0x800})
poll(&(0x7f00000000c0)=[{r3, 0xe7d4c009da6c1985}], 0x1, 0x6)

2m56.704202447s ago: executing program 36 (id=754):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000240)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x6)
r3 = syz_open_dev$swradio(&(0x7f0000000000), 0x1, 0x2)
ioctl$VIDIOC_S_CTRL(r3, 0xc008561c, &(0x7f00000002c0)={0xf0f045, 0x800})
poll(&(0x7f00000000c0)=[{r3, 0xe7d4c009da6c1985}], 0x1, 0x6)

2m56.513148181s ago: executing program 37 (id=730):
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x20000008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r1 = getpid()
sched_setscheduler(r1, 0x1, &(0x7f0000000200)=0x7)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000000c0)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f0000000180)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
connect$unix(0xffffffffffffffff, 0x0, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
setsockopt$IP6T_SO_SET_REPLACE(r0, 0x29, 0x40, &(0x7f0000000f40)=@raw={'raw\x00', 0x8, 0x3, 0x478, 0x1c0, 0xffffffff, 0xffffffff, 0x1c0, 0xffffffff, 0x3a8, 0xffffffff, 0xffffffff, 0x3a8, 0xffffffff, 0x3, 0x0, {[{{@ipv6={@remote, @loopback, [0xff, 0x0, 0xff, 0xff], [0xffffffff, 0xff, 0xff], 'team_slave_0\x00', 'netdevsim0\x00', {}, {0xff}, 0x29, 0x3, 0x0, 0x60}, 0x0, 0x1a0, 0x1c0, 0x60030000, {0x0, 0xff000000}, [@common=@inet=@recent0={{0xf8}, {0x9, 0x2, 0x24, 0x0, 'syz0\x00'}}]}, @unspec=@TRACE={0x20}}, {{@uncond, 0x0, 0x1c8, 0x1e8, 0x0, {}, [@common=@inet=@recent0={{0xf8}, {0x0, 0x0, 0x1, 0x1, 'syz0\x00', 0xfe}}, @common=@mh={{0x28}, {"b11c", 0x1}}]}, @unspec=@NOTRACK={0x20}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x4d8)

2m45.071967745s ago: executing program 38 (id=748):
syz_open_procfs(0xffffffffffffffff, 0x0)
r0 = fsopen(&(0x7f0000000300)='befs\x00', 0x1)
fsconfig$FSCONFIG_SET_STRING(r0, 0x1, &(0x7f0000000000)='iocharset', &(0x7f0000000040)='-/\x00', 0x0)
fsconfig$FSCONFIG_SET_STRING(r0, 0x1, &(0x7f0000000080)='iocharset', &(0x7f00000000c0)='io#harset', 0x0)
r1 = syz_genetlink_get_family_id$ieee802154(&(0x7f0000000180), 0xffffffffffffffff)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x11, 0xc, &(0x7f0000000800)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d0000001801000020696c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000007000000095"], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x1, '\x00', 0x0, @fallback=0xc, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000004c0)={&(0x7f0000000500)='tlb_flush\x00', r2}, 0x10)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000140)={&(0x7f0000000040)='tlb_flush\x00', r2, 0x0, 0x10000000000000}, 0x18)
madvise(&(0x7f0000c00000/0x400000)=nil, 0x400000, 0xe)
mlock(&(0x7f0000c00000/0x400000)=nil, 0x400000)
mremap(&(0x7f0000ffc000/0x2000)=nil, 0x2000, 0x2000, 0x7, &(0x7f0000fff000/0x1000)=nil)
madvise(&(0x7f0000003000/0x1000)=nil, 0x7f7884acbfff, 0x14)
sendmsg$IEEE802154_LLSEC_GETPARAMS(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000000c0)={0x20, r1, 0x1, 0x70bd26, 0x25dfdbfc, {}, [@IEEE802154_ATTR_DEV_NAME={0xa, 0x1, 'wpan1\x00'}]}, 0x20}}, 0x40)

29.20619539s ago: executing program 3 (id=991):
bpf$MAP_CREATE(0x0, 0x0, 0x50)
sched_setaffinity(0x0, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = syz_open_dev$MSR(0x0, 0x0, 0x0)
read$msr(r0, &(0x7f0000002000)=""/102400, 0x19000)
r1 = syz_open_dev$vim2m(&(0x7f0000000300), 0x1b8, 0x2)
ioctl$vim2m_VIDIOC_REQBUFS(r1, 0xc0145608, &(0x7f00000000c0)={0x2, 0x1, 0x1, 0x0, 0x4})
ioctl$vim2m_VIDIOC_STREAMOFF(r1, 0x40045612, &(0x7f0000000000)=0x1)
close(r1)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000007c0)={0x0, 0x24}, 0x1, 0x0, 0x0, 0x24000050}, 0x20008040)
lchown(0x0, 0x0, 0x0)
gettid()
sendmsg$IPVS_CMD_NEW_SERVICE(0xffffffffffffffff, 0x0, 0x0)
mknodat(r0, 0x0, 0x80, 0x800)

27.158609104s ago: executing program 3 (id=993):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f0000000340)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a58000000160a0302000200000000000002000000090002"], 0x80}}, 0x0)
r3 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r3, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000040)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a01020000000000000000010000000900010073797a30000000006c000000160a01000000000000000000010000000900010073797a30000000000900020073797a3000000000400003800800014000000000080002400000fbff2b0003801400010067656e6576653000000000000000000014000100776732000000000000000000c6e49c0f5c000000180a0101000b000000000000010000000900020073797a30000000000900010073797a3000000000300003802c000380140001"], 0x110}}, 0x0)

25.838307888s ago: executing program 3 (id=996):
openat$ptmx(0xffffffffffffff9c, 0x0, 0x0, 0x0)
r0 = syz_io_uring_setup(0x1e1e, 0x0, &(0x7f0000002000), 0x0)
io_uring_enter(r0, 0x48e9, 0x0, 0x2, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
ioctl$VIDIOC_S_INPUT(0xffffffffffffffff, 0xc0045627, &(0x7f0000000100)=0x3)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r1, &(0x7f000001b700)=""/102392, 0x18ff8)
fsconfig$FSCONFIG_CMD_CREATE(0xffffffffffffffff, 0x6, 0x0, 0x0, 0x0)
r2 = add_key$user(&(0x7f0000000380), &(0x7f0000000000)={'syz', 0x0}, &(0x7f0000000140)='_', 0x1, 0xfffffffffffffffe)
r3 = add_key$user(&(0x7f0000000200), &(0x7f00000005c0), &(0x7f00000000c0), 0x390, 0xfffffffffffffffd)
keyctl$dh_compute(0x17, &(0x7f0000000100)={r2, r3, r3}, 0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000040)={'sha3-512-generic\x00'}})

22.501225019s ago: executing program 3 (id=1001):
openat$nullb(0xffffffffffffff9c, 0x0, 0x84042, 0x0)
socket(0x1d, 0x6, 0x9)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000100)={0x20, 0x3, &(0x7f0000000040)=ANY=[@ANYBLOB="1800000000000000000000000000000095"], &(0x7f0000000900)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @netfilter=0x2d, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r4 = bpf$BPF_LINK_CREATE(0x1c, &(0x7f0000000080)={r3, 0xffffffffffffffff, 0x2d, 0x0, @val=@netfilter={0xa, 0x0, 0x5, 0x1}}, 0x20)
close_range(r4, r4, 0x0)

20.943466494s ago: executing program 3 (id=1005):
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)
r0 = syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0)
mount$fuse(0x0, 0x0, 0x0, 0x8, &(0x7f0000000040)=ANY=[@ANYBLOB='fd=', @ANYRESDEC=0x0])
mount(0x0, &(0x7f0000000440)='./file0\x00', &(0x7f0000000280)='autofs\x00', 0x201000c, &(0x7f0000000040))
chdir(&(0x7f0000000080)='./file0\x00')
setpgid(r0, r0)
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x1c0)
openat$dir(0xffffffffffffff9c, &(0x7f0000000340)='./file1\x00', 0x220901, 0x0)
unlinkat(0xffffffffffffff9c, &(0x7f0000000380)='./file1\x00', 0x200)
mount$afs(0x0, &(0x7f0000002840)='./file0\x00', &(0x7f0000002880), 0x700, &(0x7f0000000200)=ANY=[@ANYBLOB='dyn'])
setpgid(0x0, r0)
statx(0xffffffffffffff9c, &(0x7f0000002040)='./file0/file0\x00', 0x4800, 0x100, 0x0)

20.684159874s ago: executing program 6 (id=783):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
fsetxattr$system_posix_acl(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x1)
r3 = socket$kcm(0x2d, 0x2, 0x0)
ioctl$sock_kcm_SIOCKCMCLONE(r3, 0x89e2, &(0x7f0000000100)={<r4=>r3})
bind$xdp(r4, &(0x7f0000000080)={0x2d, 0x0, 0x0, 0xc}, 0x10)
close(r3)

19.422344719s ago: executing program 8 (id=1008):
mkdirat(0xffffffffffffff9c, &(0x7f00000000c0)='./file0\x00', 0x15)
mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x1c0)
pipe2$9p(&(0x7f0000001900)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000000)={0xa, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000640)=0x2)
sched_setaffinity(0x0, 0x8, &(0x7f0000000280)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r2, &(0x7f0000019680)=""/102392, 0x18ff8)
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, 0x0)
setsockopt$packet_int(0xffffffffffffffff, 0x107, 0xf, 0x0, 0x0)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, 0x0, 0x0}, 0x94)
r3 = dup(r1)
mount$9p_fd(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000040), 0x0, &(0x7f0000000140)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r3}, 0x2c, {[], [], 0x6b}})

17.725028169s ago: executing program 3 (id=1013):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000002c0)=ANY=[@ANYBLOB="0b00000007000000010001000900000001"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x5, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b70800000d0000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2b, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000007c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000880)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kfree\x00', r1}, 0x10)
getsockopt$inet6_tcp_TCP_ZEROCOPY_RECEIVE(0xffffffffffffffff, 0x6, 0x23, &(0x7f0000000240)={&(0x7f00000ae000/0x3000)=nil, 0x3000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0)
syz_mount_image$ext4(&(0x7f0000000080)='ext3\x00', &(0x7f0000000480)='./file0\x00', 0x0, &(0x7f0000000280)={[{@noload}, {@max_dir_size_kb={'max_dir_size_kb', 0x3d, 0x5}}, {@bh}, {@noload}, {@data_err_ignore}, {@usrjquota}]}, 0xfe, 0x44d, &(0x7f0000000900)="$eJzs3MtvG8UfAPDvrp30/Ut+UB4tLQQKouKRNOnzwKUIJA4gIcGhiFNI0qrUbaAJEq0qKBzKEVXijjgi8RdwggsCTkhc4Y4qVaiXFiQko13vpsa107hx6rb+fKRNZrzjzHx3d+zZGTsBDKyx7EcSsTkifouIkUb2vwXGGr+uXTk389eVczNJ1Otv/Jnk5a5eOTdTFi2ft6mRqdeL/Lo29V54O2K6Vps7XeQnFk++N7Fw5uzzx09OH5s7Nndq6tChfXt3Dh+Y2t+TOLO4rm7/aH7HtlfeuvjazJGL7/z0TdbezcX+5jh6ZaxxdNt6qteV9dmWpnRS7WND6EolIrLTNZT3/5GoxIalfSPx8qd9bRywpur1er3d+3PhfB24hyXR7xYA/VG+0Wf3v+V2m4Yed4TLhyPeP9iI/1qxNfZUIy3KDLXc3/bSWEQcOf/3l9kWazQPAQDQ7LvDEfFcu/FfGg82lftfsYYyGhH/j4j7IuL+iNgaEQ9E5GUfioiHu6y/dYXkxvFPeumWAluhbPz3QrG2tTT++6eex18YrRS5LXn8Q8nR47W5PcUx2R1D67L85DJ1fP/Sr5932tc8/su2rP5yLNiQXqq2TNDNTi9OrzLsJZc/idhebYk/l0S5jJNExLaI2N7VX75+h3H8ma93dCp18/iX0YN1pvpXEU83zv/5aIm/lHRcn5w8eGBq/8T6qM3tmSivihv9/MuF1zvVv6r4eyA7/xtbr//cUvyjyfqIhTNnT+TrtQvd13Hh98863tPc6vU/nLyZp4eLxz6cXlw8PRkxnLx64+NT159b5svyWfy7d7WLP81f48oj8UhEZBfxzoh4NCIeK9r+eEQ8ERG7lon/xxeffLf7+JeZle+hLP7Zm53/aD7/3ScqJ374tvv4S9n535endhePrOT1b6UNXM2xAwAAgLtFmn8GPknHl9JpOj7e+Az/1tiY1uYXFp89Ov/BqdnGZ+VHYygtZ7pGmuZDJ4u54TI/1ZLfW8wbf1HZkOfHZ+Zrs/0OHgbcpg79P/NHpd+tA9ac72vB4NL/YXDp/zC49H8YXPo/DK52/f/jPrQDuP28/8Pg0v9hcOn/MLj0fxhIHb8bn67qK/8S93wi0u6fVY07pPF3U6K64n9mcYuJdW139fuVCQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAoDf+DQAA//9X4u4v")
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
ioctl$VHOST_SET_LOG_FD(0xffffffffffffffff, 0x4004af07, 0x0)
bpf$MAP_GET_NEXT_KEY(0x4, 0x0, 0x0)
syz_mount_image$fuse(0x0, &(0x7f0000000000)='./bus\x00', 0x40000, 0x0, 0x1, 0x0, 0x0)
mount$overlay(0x0, &(0x7f0000000100)='./bus\x00', &(0x7f0000000440), 0x8, &(0x7f0000000200)={[{@upperdir={'upperdir', 0x3d, './file0'}}, {@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, '.'}}]})
syz_mount_image$fuse(&(0x7f00000001c0), &(0x7f0000000380)='./bus\x00', 0x222020, &(0x7f0000000140)=ANY=[], 0x1, 0x0, 0x0)
unlinkat(0xffffffffffffff9c, &(0x7f0000000c40)='./file1\x00', 0x0)

16.511999888s ago: executing program 6 (id=1016):
r0 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f00000015c0), 0x2, 0x0)
ioctl$VHOST_SET_VRING_BASE(r0, 0xaf01, 0x0)
r1 = eventfd(0xc)
ioctl$VHOST_SET_LOG_FD(r0, 0x4004af07, &(0x7f0000000240)=r1)
ioctl$VHOST_SET_VRING_KICK(r0, 0x4008af20, &(0x7f0000000040)={0x1, r1})
ioctl$VHOST_SET_VRING_ADDR(r0, 0x4028af11, &(0x7f0000000140)={0x0, 0x0, 0x0, &(0x7f0000000500)=""/67, 0x0})
r2 = syz_io_uring_setup(0xbd9, &(0x7f0000000640)={0x0, 0xec25, 0x8, 0x3, 0x15f}, &(0x7f0000000140)=<r3=>0x0, &(0x7f00000001c0)=<r4=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r3, 0x4, &(0x7f0000000180)=0xfffffffc, 0x0, 0x4)
syz_io_uring_submit(r3, r4, &(0x7f0000000200)=@IORING_OP_READV=@pass_iovec={0x1, 0x0, 0x4000, @fd_index=0x4, 0x0, &(0x7f0000000600)=[{&(0x7f00000003c0)=""/216, 0xd8}], 0x1})
io_uring_enter(r2, 0x847ba, 0x0, 0xe, 0x0, 0x0)
ioctl$VHOST_SET_VRING_ADDR(r0, 0x4028af11, &(0x7f0000000280)={0x1, 0x1, 0x0, &(0x7f00000000c0)=""/87, 0x0})
ioctl$VHOST_SET_MEM_TABLE(r0, 0x4008af03, &(0x7f0000000e40))
ioctl$VHOST_SET_VRING_ERR(r0, 0x4008af22, &(0x7f00000002c0)={0x1, r1})
ioctl$VHOST_VSOCK_SET_RUNNING(r0, 0x4004af61, &(0x7f0000000000)=0x1)

16.147440937s ago: executing program 8 (id=1018):
r0 = getpid()
r1 = syz_pidfd_open(r0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r2 = getpid()
sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000100)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, 0x0)
pidfd_getfd(r1, r1, 0x0)
getsockopt$SO_J1939_PROMISC(0xffffffffffffffff, 0x6b, 0x2, 0x0, 0x0)

14.301312644s ago: executing program 8 (id=1019):
openat$ptmx(0xffffffffffffff9c, 0x0, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x5)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x80202, 0x0)
r0 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r0, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
madvise(&(0x7f0000000000/0x800000)=nil, 0x800000, 0xe)
userfaultfd(0x80801)
r1 = getpid()
process_vm_readv(r1, &(0x7f0000008400)=[{&(0x7f0000000300)=""/54, 0x7ffff000}, {&(0x7f0000006180)=""/152, 0x98}], 0x2, &(0x7f0000008640)=[{&(0x7f0000008480)=""/95, 0x7ffff000}], 0x286, 0x0)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x8)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600002, 0x15)

13.712032927s ago: executing program 5 (id=1020):
pipe(&(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
r2 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x107842, 0xa)
prctl$PR_SET_MM_MAP(0x23, 0xe, &(0x7f0000000080)={&(0x7f0000ff7000/0x1000)=nil, &(0x7f0000ff1000/0xf000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ff8000/0x4000)=nil, &(0x7f0000ff8000/0x3000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ff5000/0x1000)=nil, &(0x7f0000ffa000/0x1000)=nil, &(0x7f0000ffa000/0x2000)=nil, 0x0, 0xffffffffffffff2c}, 0x68)
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, 0x0}, 0x24004045)
r3 = io_uring_setup(0x1b7b, &(0x7f0000000040)={0x0, 0xc89f, 0xc000, 0xa, 0x20002f7})
socket(0x15, 0x5, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000093c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000000)=@deltfilter={0x24, 0x2d, 0x1, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, {}, {}, {0xe, 0xffff}}}, 0x24}}, 0x0)
setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x3, &(0x7f0000000000)=0x6, 0x4)
r4 = socket$inet_sctp(0x2, 0x1, 0x84)
getsockopt$inet_sctp_SCTP_MAX_BURST(r4, 0x84, 0x14, &(0x7f0000000000)=@assoc_value, &(0x7f0000000040)=0x8)
io_uring_enter(r3, 0x2219, 0x7721, 0x16, 0x0, 0x0)
write$binfmt_misc(r1, &(0x7f0000000000), 0xfffffecc)
splice(r0, 0x0, r2, 0x0, 0x33fe0, 0x0)

12.640587049s ago: executing program 1 (id=1021):
syz_mount_image$exfat(&(0x7f0000000100), &(0x7f0000000240)='./file0\x00', 0x800000, &(0x7f0000000600)=ANY=[], 0x2, 0x14fe, &(0x7f0000002180)="$eJzs3Au0ztXWMPA511p/NklPkvuaa/55kssiSXJJSCRJkiS5JSRJkoTEJrckJCH3JPeQ3GIn9/st9yQ5kiQJCUnWN3Q6n/e8nfftnO+c7/V9Z8/fGGvsNff/mfNZa889nv9ljL2/7Ti4av1qlesyM/xT8M9fUgEgBQD6AcA1ABABQKlspbIBDoNMGlP/uTcR/1oPTbvSKxBXkvQ/fZP+p2/S//RN+p++Sf/TN+l/+ib9T9+k/0KkZ1un575WRvod/3PP/0Ge//8/R87//0YOFxvz5fpi13f6B1Kk/+mb9D99k/6nb9L/9E36n75J///NRQCV/pvD0v/0TfovRHp2pZ8/y7iy40r//gkhhBBCCCGEEEIIIYQQQgghhBBCCCGEEEIIIYQQQgghhBBCCCGEEEIIIYQQQgghhBBCCCGEEEIIIYQQQgghhBBCCCGEEEIIIYQQQgghhBBCCCGEEEIIIYQQQgghhBBCCCGEEEIIIYQQQgghhBBCCCGEEEIIIYQQQgghhBBCCCGESB/OhcsMAPxlfqXXJYQQQgghhBBCiH+dkPFKr0AIIYQQQgghhBD/9yEo0GAgggyQEVIgE2SGqyALXA1Z4RpIwLWQDa6D7HA95ICckAtyQx7IC/nAAoEDhhjyQwFIwg1QEG6EQlAYikBR8FAMisNNUAJuhpJwC5SCW6E03AZloCyUg/JwO1SAO6AiVILKcCdUgbugKlSDu6E63AM14F6oCfdBLbgfasMDUAcehLrwENSDh6E+PAIN4FFoCI2gMTSBpv9H+S9CV3gJukF3SIUe0BNehl7QG/pAX+gHr0B/eBUGwGswEAbBYHgdhsAbMBTehGEwHEbAWzASRsFoGANjYRyMh7dhArwDE+FdmASTYQpMhWkwHWbAezATZsFseB/mwAcwF+bBfFgAC+FDWASLIQ0+giXwMSyFZbAcVsBKWAWrYQ2shXWwHjbARtgEm2ELbIVPYBtshx2wE3bBbtgDn8Je+Az2weewH774B/PP/qf8TggIqFChQYMZMAOmYApmxsyYBbNgVsyKCUxgNsyG2TE75sAcmAtzYR7Mg/kwHxISMjLmx/yYxCQWxIJYCAthESyCHj0Wx+JYAm/GklgSS2EpLI2lsQyWxbJYHstjBayAFbEiVsbKWAWrYFWsinfj3XgP1sAaWBNrYi2shbWxNtbBOlgX62I9rIf1sT42wAbYEBtiY2yMTbEpNsNm2BybY0tsia2wFbbG1tgG22BbbIvtsB22x/bYATtgR+yInbAzdsYX8UV8CV/C7lhF9cCe2BN7YS/sg32xL76C/fFVfBVfw4E4CAfj6/g6voFD8QwOw+E4AkdgBTUKR+MYZDUOx+N4nIATcCJOxEk4GSfjVJyG03EGzsCZOAtn4fs4Bz/AD3AezsMFuBAX4iJcjGmYhkvwLC7FZbgcV+BKXIUrcQ2uxTW4HjfgetyEm3ALbsFP8BPcjttxJ+7E3bgbP8VP8TP8DAfiftyPB/AAHsSDeAgP4WE8jEfwCB7Fo3gMj+FxPI4n8CSewpN4Gk/jGTyL5/AcnsfzeAGfz/N1vd2F1w0EdYlRRmVQGVSKSlGZVWaVRWVRWVVWlVAJlU1lU9lVdpVD5VC5VC6VR+VR+VQ+RYoUq1jlV/lVUiVVQVVQFVKFVBFVRHnlVXFVXJVQJVRJVVKVUreq0uo2VUaVVS18eVVeVVAtfUVVSVVWlVUVdZeqqqqpaqq6qq5qqBqqpqqpaqlaqrZ6QNVRPbAPPqQudaa+GoQN1GBsqBqpxqqJegMfU83UUGyuWqiW6gk1HIdha9XMt1FPq7ZqNLZTz6ox+JzqoMZhR/WC6qQ6qy7qRdVVNffdMvz2EaimYi/VW/VRfdVMvEtd6lhV9ZoaqAapwep1tQDfUEPVm2qYGq5GqLfUSDVKjVZj1Fg1To1Xb6sJ6h01Ub2rJqnJaoqaqqap6WqGek/NVLPUbPW+mqM+UHPVPDVfLVAL1YdqkVqs0tRHaon6WC1Vy9RytUKtVKvUarVGrVXr1Hq1QW1Um9RmtUVtVZ+obWq72qF2ql1qt9qjPlV71Wdqn/pc7VdfqAPqT+qg+lIdUl+pw+prdUR9o46qb9Ux9Z06rr5XJ9RJdUr9oE6rH9UZdVadUz+p8+pndUH9oi6qoECjVlproyOdQWfUKTqTzqyv0ln01TqrvkYn9LU6m75OZ9fX6xw6p86lc+s8Oq/Op60m7TTrWOfXBXRS36AL6ht1IV1YF9FFtdfFdHF9ky6hb9Yl9S26lL5Vl9a36TK6rC6ny+vbdQV9h66oK+nK+k5dRd+lq+pq+m5dXd+ja+h7dU19n66l79e19QO6jn5Q19UP6Xr6YV1fP6Ib6Ed1Q91IN9ZNdFP9mG6mH9fNdQvdUj+hW+kndWv9lG6jn9Zt9TO6nX5Wt9fP6Q76ed1Rv6A76c66i/5FX9RBd9PddaruoXvql3Uv3Vv30X11P/2K7q9f1QP0a3qgHqQH69f1EP2GHqrf1MP0cD1Cv6VH6lF6tB6jx+pxerx+W0/Q7+iJ+l09SU/WU/RUPU1P131+qzT778h/52/kD/j13bforfoTvU1v1zv0Tr1L79Z79B69V+/V+/Q+vV/v1wf0AX1QH9SH9CF9WB/WR/QRfVQf1cf0MX1cH9cn9En9k/5Bn9Y/6jP6rD6rf9Ln9Xl94befARg0ymhjTGQymIwmxWQymc1VJou52mQ115iEudZkM9eZ7OZ6k8PkNLlMbpPH5DX5jDVknGETm/ymgEmaG0xBc6MpZAqbIqao8aaYKW5u+qfz/2h9TU1T08w0M81Nc9PStDStTCvT2rQ2bUwb09a0Ne1MO9PetDcdTAfT0XQ0nUwn08V0MV1NV9PNdDOpJtX0NC+bXqa36WP6mn7mFdPf9DcDzAAz0Aw0g81gM8QMMUPNUDPMDDMjzAgz0ow0o81oM9aMNePNeDPBTDATzUQzyUwyU8wUM81MMzPMDDPTzDSzzWwzx8wxc81cM9/MNwvNQrPILDJpJs0sMUvMUrPMLDMrzAqzyqwya8was86sMxvMBrPJbDJLzVaz1Wwz28wOs8PsMrvMHrPH7DV7zT6zz+w3+80Bc8AcNAfNIXPIHDaHzRFzxBw1R80xc8wcN8fNCXPCnDKnzGlz2pwxZ8w5c86cN+fNBXPBXDQXL132RSpSkYlMlCHKEKVEKVHmKHOUJcoSZY2yRokoEWWLskXZo+ujHFHOKFeUO8oT5Y1SwUYUuYijOMofFYiS0Q1RwejGqFBUOCoSFY18VCwqHt0UlYhujkpGt0Sloluj0tFtUZmobFQuKh/dHlWI7ogqRpWiytGdUZXorqhqVC26O6oe3RPViO6Nakb3RbWi+6Pa0QNRnejBqG70UFQvejiqHz0SNYgejRpGjaLGUZOo6b+0fghncj7uu9nuNtX2sD3ty7aX7W372L62n33F9rev2gH2NTvQDrKD7et2iH3DDrVv2mF2uB1h37Ij7Sg72o6xY+04O96+bSfYd+xE+66dZCfbKXaqnWan2xn2PTvTzrKz7ft2jv3AzrXz7Hy7wC60H9pFdrFNsx/ZJfZju9Qus8vtCrvSrrKr7Rq71q6z6+0Gu9FuspvtFrvVfmK32e12h91pd9nddo/91O61n9l99nO7335hD9g/2YP2S3vIfmUP26/tEfuNPWq/tcfsd/a4/d6esCftKfuDPW1/tGfsWXvO/mTP25/tBfuLvWjDpYv7S6d3MmQoA2WgFEqhzJSZslAWykpZKUEJykbZKDtlpxyUg3JRLspDeSgf5aNLmJjyU35KUpIKUkEqRIWoCBUhT56KU3EqQSWoJJWkUlSKSlNpKkNlqByVo9vpdrqD7qBKVInupDvpLrqLqlE1qk7VqQbVoJpUk2pRLapNtakO1aG6VJfqUT2qT/WpATWghtSQGlNjakpNqRk1o+bUnFpSS2pFrag1taY21IbaUltqR+2oPbWnDtSBOlJH6kSdqAt1oa7UlbpRN0qlVOpJPakX9aI+1If6UT/qT/1pAA2ggTSQBtNgGkJDaCgNpWE0nEbQWzSSRtFoGkNjaRyNp/E0gSbQRJpIk2gSTaEpNI2m0QyaQTNpJs2m2TSH5tBcmkvzaT4tpIW0iBZRGqXRElpCS2kpLafltJJW0mpaTWtpLa2n9bSRNtJm2kxbaStto220g3bQLtpFe2gP7aW9tI/20X7aTwfoAB2kg3SIDtFhOkxH6AgdpaN0jI7RcTpOJ+gEnaJTdJpO0xk6Q+foHJ2nn+kC/UIXKVCKU5DZXeWyuKtdVneNS3GZ3KU4AoBLcS6X2+VxeV0+Z10Ol/OvYnLOFXKFXRFX1HlXzBV3N/0uLuPKunKuvLvdVXB3uIq/i6u7e1wNd6+r6e5z1dzdfxXXcve72u4RV8c96uq6Rq6ea+Lqu0dcA/eoa+gaucauiWvlnnSt3VOujXvatXXP/C5e5Ba7tW6dW+82uL3uM3fO/eSOum/defez6+a6u37uFdffveoGuNfcQDfod/EI95Yb6Ua50W6MG+vG/S6e4qa6aW66m+HeczPdrN/FC92Hbo5Lc3PdPDffLfg1vrSmNPeRW+I+dkvdMrfcrXAr3Sq32q3532td4Ta5zW6L2+M+ddvcdrfD7XS73O5f40v72Oc+d/vdF+6I+8YddF+6Q+6YO+y+/jW+tL9j7jt33H3vTriT7pT7wZ12P7oz7uyv+7+09x/cL+6iCw4YWbFmwxFn4Iycwpk4M1/FWfhqzsrXcIKv5Wx8HWfn6zkH5+RcnJvzcF7Ox5aJHTPHnJ8LcJJv4IJ8IxfiwlyEi7LnYlycb+ISfDOX5Fu4FN/Kpfk2LsNluRyX59u5At/BFbkSV+Y7uUoIXJWr8d1cne/hGnwv1+T7uBbfz7X5Aa7DD3Jdfojr8cNcnx/hBvwoN+RG3JibcFN+jJvx49ycW3BLfoJb8ZPcmp/iNvw0t+VnuB0/y+35Oe7Az3NHfoE7cWfuwi9yV36Ju3F3TuUe3JNf5l7cm/twX+7Hr3B/fpUH8Gs8kAfxYH6dh/AbPJTf5GE8nEfwWzySR/FoHsNjeRyP57d5Ar/DE/ldnsSTeQpP5Wk8nWfwezyTZ/Fsfp/n8Ac8l+fxfF7AC/lDXsSLOY0/4iX8MS/lZbycV/BKXsWreQ2v5XW8njfwRt7Em3kLb+VPeBtv5x28k3fxbt7Dn/Je/oz38ee8n7/gA/wnPshf8iH+ig/z13yEv+Gj/C0f4+/4OH/PJ/gkn+If+DT/yGf4LJ/jn/g8/8wX+Be+yIEhxljFOjZxFGeIM8YpcaY4c3xVnCW+Os4aXxMn4mvjbPF1cfb4+jhHnDPOFeeO88R543yxjSl2McdxnD8uECfjG+KC8Y1xobhwXCQuGvu4WFw8vikuEd8cl4xviUvFt8al49viMnHZ+JH7yse3xxXiO+KKcaW4cnxnXCW+K64aV4vvjqvH98Q14nvjmvF9ccn4/rh2/EBcJ34wrhs/FNeLH47rx4/EDeJH44Zxo7hx3CRuGj8WN4sfj5vHLeKW8RNxq/jJuHX8VNwmfjpuGz/zh8dT4x5xz/jl+OU4hHv1/OSC5MLkh8lFycXJtORHySXJj5NLk8uSy5MrkiuTq5Krk2uSa5PrkuuTG5Ibk5uSm5NbkiFUywgevfLaGx/5DD6jT/GZfGZ/lc/ir/ZZ/TU+4a/12fx1Pru/3ufwOX0un9vn8Xl9Pm89eefZxz6/L+CT/gZf0N/oC/nCvogv6r0v5ov7Jr6pb+qb+cd9c9/Ct/RP+Cf8k/5J/5R/yj/t2/pnfDv/rG/vn/Md/PP+ef+C7+Q7+y7+Rd/Vv+S7+e4+1af6nr6n7+V7+T6+j+/n+/n+vr8f4Af4gX6gH+wH+yF+iB/qh/phfpgf4Uf4kX6kH+1H+7F+rB/vx/sJfoKf6Cf6SX6Sn+Kn+Gl+mp/hZ/iZfqaf7Wf7OYXm+Ll+rp/v5/uFfqFf5Bf5NJ/ml/glfqlf6pf75X6lX+lX+9V+rV/r1/v1fqPf6Df7zX6r3+q3+W1+h9/hd/ldfo/f4/f6vX6f3+f3+/3+gD/gD/qD/pD/yh/2X/sj/ht/1H/rj/nv/HH/vT/hT/pT/gd/2v/oz/iz/pz/yZ/3P/sL/hd/0Qc/PvF2YkLincTExLuJSYnJiSmJqYlpiemJGYn3EjMTsxKzE+8n5iQ+SMxNzEvMTyxILEx8mFiUWJxIS3yUWJL4OLE0sSyxPLEisTKxKhFC3m1xyB8KhGS4IRQMN4ZCoXAoEooGH4qF4uGmUCLcHEqGW0KpcGsoHW4LZULZUC48GhqGRqFxaBKahsdCs/B4aB5ahJbhidAqPBlah6dCm/B0aBueCe3Cs6F9eC50CM+HjuGF0Cl0Dl3Ci6FreCl0C91DaugReoaXQ6/QO/QJfUO/8EroH14NA8JrYWAYFAaH18OQ8EYYGt4Mw8LwMCK8FUaGUWF0GBPGhnFhfHg7TAjvhInh3TApTA5TwtQwLUwPM8J7YWaYFWaH98Oc8EGYG+aF+WFBWBg+DIvC4pAWPgpLwsdhaVgWlocVYWVYFVaHNWFtWBfWhw1hY9gUNoctYWv4JGwL28OOsDPsCrvDnvBp2Bs+C/vC52F/+CIcCH8KB8OX4VD4KhwOX4cj4ZtwNHwbjoXvwvHwfTgRToZT4YdwOvwYzoSz4Vz4KZwPP4cL4ZdwUf5mTQghhBDi76L/4HiPv/G9DACgfpv3BICrt+c+/J9rbszx53lvladVAgCe7t7xob+MKlVSU1N/e+1SDVGBeQCQ+Ov6f4mXQUt4EtpACyjxN9fXW3U+z39QP3krQOb/kJMCl+PL9W/+L+o/9sSIRaXjc9n+m/rzAAoVuJyTCS7Hl+uX/C/q52z2B+vP9OV4gOb/IScLXI4v1y8Oj8Mz0OavXimEEEIIIYQQQvxZb1Wu/R/dP1+6P89jLudkhMvxH92fCyGEEEIIIYQQ4sp7rnOXpx5r06ZF+79vgr89F/jHsmQiE5n8fza50p9MQgghhBBCiH+1yxf9V3olQgghhBBCCCGEEEIIIYQQQgghhBBCCCGEEEIIIYQQQgghhBBCCCFE+vU/8e/ErvQehRBCCCGEEEIIIYQQQgghhBBCCCGEEEIIIYQQQgghhBBCCCGEEEIIIYQQQgghhBBCiCvtfwUAAP//luw5aQ==")
prlimit64(0x0, 0xe, &(0x7f0000000140)={0xa, 0x400000000008d}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f0000000180)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
ioctl$F2FS_IOC_GET_COMPRESS_BLOCKS(r1, 0x8008f511, 0xfffffffffffffffc)
bpf$PROG_LOAD(0x5, &(0x7f0000000300)={0x11, 0xb, &(0x7f0000000840)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000007100000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x9, '\x00', 0x0, @fallback=0xf, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
madvise(&(0x7f0000bdc000/0x4000)=nil, 0x86ac726dff2f4713, 0x12)

10.619539899s ago: executing program 9 (id=1023):
socket$phonet(0x23, 0x2, 0x1)
r0 = syz_io_uring_setup(0x10d, &(0x7f0000000980)={0x0, 0x45885, 0x80, 0x0, 0x8}, &(0x7f0000000340)=<r1=>0x0, &(0x7f0000000280)=<r2=>0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r3 = getpid()
sched_setscheduler(r3, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000380)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
connect$unix(r4, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r5, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r4, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4)
syz_io_uring_submit(r1, r2, &(0x7f00000002c0)=@IORING_OP_WRITEV={0x2, 0x0, 0x4004, @fd_index=0x3, 0x0, 0x0})
io_uring_enter(r0, 0x3b6d, 0x86f1, 0x0, 0x0, 0x0)

10.401429409s ago: executing program 5 (id=1024):
prlimit64(0x0, 0xe, &(0x7f00000001c0)={0x8, 0x8b}, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, 0x0, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0)
r0 = syz_open_dev$sndmidi(&(0x7f0000000000), 0x2, 0x101102)
writev(r0, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff)
execveat(0xffffffffffffff9c, 0x0, 0x0, 0x0, 0x0)
r1 = getpgrp(0x0)
get_robust_list(r1, 0x0, 0x0)
r2 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080), 0x14d802, 0x0)
r3 = dup(r2)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x1000002, 0x28011, r3, 0x2c93a000)

9.036066568s ago: executing program 9 (id=1025):
openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000000)=0x7)
socket$inet_udp(0x2, 0x2, 0x0)
r0 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x143102)
writev(r0, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
r1 = syz_io_uring_setup(0x4d5, &(0x7f0000000480)={0x0, 0x404525, 0x80, 0x2, 0x12d}, &(0x7f0000000100)=<r2=>0x0, &(0x7f0000000640)=<r3=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x4, &(0x7f0000000180)=0xfffffff8, 0x0, 0x4)
setsockopt$SO_ATTACH_FILTER(0xffffffffffffffff, 0x1, 0x1a, &(0x7f0000000400)={0x1, &(0x7f0000000200)=[{0x2f, 0x28, 0x0, 0x4}]}, 0x10)
mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x5)
syz_io_uring_submit(r2, r3, &(0x7f0000000200)=@IORING_OP_TEE={0x21, 0xda1a0b6210925d15, 0x0, @fd_index, 0x0, 0x0, 0x1, 0x1})
io_uring_enter(r1, 0x22d0, 0x20, 0x0, 0x0, 0x0)

9.035217561s ago: executing program 1 (id=1037):
socket$inet6_udp(0xa, 0x2, 0x0)
socket$kcm(0xa, 0x1, 0x106)
r0 = socket$packet(0x11, 0x3, 0x300)
r1 = dup(r0)
r2 = openat$vnet(0xffffffffffffff9c, &(0x7f0000000180), 0x2, 0x0)
ioctl$int_in(r2, 0x40000000af01, 0x0)
ioctl$VHOST_SET_VRING_ADDR(r2, 0x4028af11, &(0x7f0000000200)={0x1, 0x1, 0x0, &(0x7f0000000740)=""/51, 0x0})
r3 = socket$packet(0x11, 0x3, 0x300)
ioctl$VHOST_SET_MEM_TABLE(r2, 0x4008af03, &(0x7f0000000340))
r4 = dup(r3)
ioctl$VHOST_NET_SET_BACKEND(r2, 0x4008af30, &(0x7f0000000000)={0x1, r4})
pselect6(0x40, &(0x7f00000001c0)={0x0, 0x0, 0x3, 0xfffffffffffffffd}, 0x0, &(0x7f00000002c0)={0x3ff, 0x0, 0x0, 0x9, 0x0, 0x0, 0x7fffffff}, 0x0, 0x0)
ioctl$VHOST_SET_FEATURES(r2, 0x4008af00, &(0x7f00000001c0)=0x304008000)
ioctl$VHOST_NET_SET_BACKEND(r2, 0x4008af30, &(0x7f00000003c0)={0x1, r1})

9.029800199s ago: executing program 6 (id=1026):
syz_clone(0x21000011, 0x0, 0x0, 0x0, 0x0, 0x0)
openat$snapshot(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0)
mknodat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x8000, 0xfffffffa)
socket(0xa, 0x80002, 0x10006)
prlimit64(0x0, 0xe, &(0x7f0000000000)={0xa, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000640)=0x2)
sched_setaffinity(0x0, 0x8, &(0x7f0000000280)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000200)=@ipv4_newrule={0x24, 0x20, 0x301, 0x70bd2c, 0x25dfdbff, {0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1}, [@FRA_GENERIC_POLICY=@FRA_SPORT_RANGE={0x8, 0x17, {0x4e24, 0x4e24}}]}, 0x24}, 0x1, 0x0, 0x0, 0x240480d4}, 0x0)
syz_emit_vhci(&(0x7f0000000280)=ANY=[@ANYBLOB="043e1f0a00c9000201"], 0x22)

8.724432272s ago: executing program 8 (id=1027):
bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x6, 0x4, 0x8, 0x8}, 0x48)
r1 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="040000000400000004"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b70800000000e7057b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000001600000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0xc, 0x14, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000000000000000000000018150000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000001000000850000001500000018010000716c6c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000001000000850000000600000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000180)='sched_switch\x00', r3}, 0x10)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000600)={r2, 0x0, 0xe, 0x0, &(0x7f0000000100)="e0857f9f582f0300000000001000", 0x0, 0x2e00, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50)
bpf$ENABLE_STATS(0x20, 0x0, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0xc, 0xe, 0x0, 0x0}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, 0x0, 0x0)
socket$netlink(0x10, 0x3, 0x0)

8.521092968s ago: executing program 5 (id=1028):
prlimit64(0x0, 0xe, &(0x7f0000000600)={0x9, 0x20000008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
getpid()
recvmmsg(0xffffffffffffffff, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000000)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb, 0x4008032, 0xffffffffffffffff, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
pipe2(&(0x7f0000000080), 0x0)
syz_mount_image$fuse(0x0, 0x0, 0x1000002, &(0x7f00000004c0)={{}, 0x2c, {'rootmode', 0x3d, 0xa000}}, 0x0, 0x0, 0x0)
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000340)=@newtaction={0xcc, 0x30, 0xffff, 0x70bd27, 0x0, {}, [{0xb8, 0x1, [@m_police={0x6c, 0x1, 0x0, 0x0, {{0xb}, {0x40, 0x2, 0x0, 0x1, [[@TCA_POLICE_TBF={0x3c, 0x1, {0x10000, 0x0, 0x0, 0x0, 0x0, {0x0, 0x2, 0x0, 0x0, 0xfffe}, {0x0, 0x0, 0x0, 0x0, 0xfffd}}}]]}, {0x4}, {0xc}, {0xc, 0x8, {0x0, 0x2}}}}, @m_gact={0x48, 0x2, 0x0, 0x0, {{0x9}, {0x1c, 0x2, 0x0, 0x1, [@TCA_GACT_PARMS={0x18, 0x2, {0x0, 0x0, 0x1}}]}, {0x4}, {0xc, 0x3}, {0xc}}}]}]}, 0xcc}}, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r1, &(0x7f0000000700)={0x0, 0x1e5, &(0x7f00000006c0)={&(0x7f0000000440)=@deltaction={0x28, 0x32, 0x101, 0x0, 0x0, {}, [@TCA_ACT_TAB={0x14, 0x1, [{0x10, 0x1, 0x0, 0x0, @TCA_ACT_KIND={0x9, 0x1, 'gact\x00'}}]}]}, 0x28}}, 0x0)

7.33929642s ago: executing program 9 (id=1029):
bpf$MAP_CREATE(0x0, 0x0, 0x50)
r0 = openat$vmci(0xffffffffffffff9c, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000000)={0xa, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000640)=0x2)
sched_setaffinity(0x0, 0x8, &(0x7f0000000280)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8)
ioctl$IOCTL_VMCI_QUEUEPAIR_ALLOC(r0, 0x7a8, 0x0)
ioprio_set$uid(0x3, 0x0, 0x6000)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
kexec_load(0x4, 0xa, 0x0, 0x0)
openat$vmci(0xffffffffffffff9c, 0x0, 0x2, 0x0)
ioctl$sock_SIOCSIFBR(0xffffffffffffffff, 0x890c, 0x0)

7.236253304s ago: executing program 8 (id=1030):
socket$nl_generic(0x10, 0x3, 0x10)
socket$nl_generic(0x10, 0x3, 0x10)
socket(0xa, 0x3, 0x3a)
socket$nl_netfilter(0x10, 0x3, 0xc)
syz_usb_connect(0x5, 0x24, &(0x7f0000000000)={{0x12, 0x1, 0x0, 0x5f, 0x82, 0x10, 0x20, 0xae6f, 0x79f4, 0x8f99, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x12, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x0, 0x58, 0x42}}]}}]}}, 0x0)
socket$inet6_tcp(0xa, 0x1, 0x0)
openat$pfkey(0xffffffffffffff9c, &(0x7f0000000000), 0x8000, 0x0)
socket$inet6_tcp(0xa, 0x1, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
socketpair$tipc(0x1e, 0x2, 0x0, &(0x7f0000000140))
r0 = socket$can_bcm(0x1d, 0x2, 0x2)
r1 = socket$nl_route(0x10, 0x3, 0x0)
pipe(&(0x7f0000000080)={0xffffffffffffffff, <r2=>0xffffffffffffffff})
sendmsg$nl_route(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000000)=ANY=[@ANYBLOB="540000001000010400000000000000ffff000000", @ANYRES32=0x0, @ANYBLOB="0380000000000000240012800c0001006d6163766c616e00140002800800010008000000062102000100000008000500", @ANYRES32=r2, @ANYBLOB='\b\x00\n\x00', @ANYRES16=r0], 0x54}}, 0x20000000)

7.173965606s ago: executing program 1 (id=1031):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0x11, 0x6, &(0x7f0000000cc0)=ANY=[@ANYBLOB="050000000000000061110c00000000008510000002000000850000000500000095000000000000009500a5050000000077d8f3b423cdac8d80000000000000002be16ad10a48b243ccc42606d25dfd73a015e0ca7fc2506a0f7535f7866907dc0200000000000000ae669e17fd6587d452d6453559c3421eed73d56615fe6c54c3b3ffe1b4ce25d7c983c044c03bf3a48dfe47ec9dd6c091c30b93bfae76d9ebacd3ed3e26e7a23129d6606fd28a69989d552af6bda9df2c3af36effff9af2551ce896165127cb3f011a7d06602e2fc40848228567ffb400000000003ed38ae89d24e1cebfba2f87925bfacba83109751fe6c05405d027edd68149ee99eef6a6992308a4fc0b7c70bc677d6dd4aed4af7500d7900a820b6347184e9a217b5614cd50cbe43a1ed2526814bc0000e9e086ce48e90defb6670c3df2624f56da648d28ad0a97aec7291c25447c106a99893e10db21901eb397b2f5fd71400fa7a050fbbef9e326ea27e513e96068fd1e8a43e89f9c85c822a961546ed5363c17ff1432d08806bc376e3e49ee52b59d13182e1f24ed200ada10eb1affb87ba55b2d72078e9f40b4ae7d01000000d11cd22c35d32940000088dde499000000fdffffff00000000000f000000ef0000000000000000000000000c52f4ebd2c893bb97a068bd10734a83584898eccb26f7b789cfc4cd995fa3e11a5c74c85404e2df3ad37b729ac83b0dcb4f48f3c3356b9997fc455a17690b6f7f9ccbe4b1701941b18aba6b16455a66c3b84b138efc20a546d3d5227e23b03f2a834391ade2ff3e93ee296c4082ee73e7c353312c9d75711ce1623e9c54bdff59d2a69dcb7d84c235b23a4480c2461b405cfd1a38992f295ad3adc94cd07c850d1ce6d0b2fea02c24e9280333152fb794e4ddea02017a6c139b50101caecaf2abc0847a1ff2f7fc3c2b99a96fc4275ad107274e2934a87a4ddcdb112754ca5bdec0ead14b6c0f19a43a2f05c7f0be31491eb8c9ff68236c8600040000000000000000000066e034c81c3cab64e4fc8dc55ce0ada18dcbf31c6e82893add3bee3e10fc873d1d922b0877cbcd95b839d3059d5140a1f742f6e75741e39e5cb6a193e06a1043375b0f61b5d4e17c81baa31b924d84f224baf1221c15fa12313ffbfa7c2730309f66705b71e6205e7cbf3643561eabb9a63fcd604d5cc27e1317ad94cf438d71873e540be16b6ca205081173bd03c4754fc4674812daab482fd390a1c903b5d28a1eb247b5837d7603b92495d5c569f6433c3fca5206cb0000003fdbbd3892c52c2e7612e05de32322e980a3d69931e2c9312dd517c96f2ee90362476ed853c4c9b7d4ebf13cbaa795860e92a3d7d004f2c491db38eb769f094d5d48b262cc35c40682138cf13a49aa9f27abec00002f01ba1251aaf2385416ca719300"], &(0x7f0000000080)='GPL\x00', 0x5, 0x29e, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x6}, 0x70)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000080)='sched_switch\x00', r3}, 0x10)
r4 = add_key$keyring(&(0x7f0000000540), &(0x7f0000000180)={'syz', 0x2}, 0x0, 0x0, 0xffffffffffffffff)
keyctl$KEYCTL_MOVE(0x1e, r4, 0xffffffffffffffff, r4, 0x0)

4.814353927s ago: executing program 1 (id=1032):
bpf$PROG_LOAD(0x5, 0x0, 0x0)
ioctl$VIDIOC_CREATE_BUFS(0xffffffffffffffff, 0xc100565c, 0x0)
prlimit64(0x0, 0xe, &(0x7f00000007c0)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0)
r0 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r0, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
r1 = creat(&(0x7f0000000400)='./bus\x00', 0x0)
r2 = open(&(0x7f0000000100)='./bus\x00', 0x0, 0x0)
truncate(&(0x7f0000000040)='./bus\x00', 0x9472)
lsetxattr$security_ima(&(0x7f00000002c0)='./bus\x00', &(0x7f0000000180), &(0x7f0000000240)=@ng={0x4, 0x12}, 0x2, 0x0)
dup3(r2, r1, 0x0)
finit_module(r2, 0x0, 0x0)

4.77049647s ago: executing program 9 (id=1033):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
r3 = socket$inet_sctp(0x2, 0x1, 0x84)
setsockopt$IP_VS_SO_SET_ADD(r3, 0x0, 0x482, &(0x7f0000000040)={0x84, @initdev={0xac, 0x1e, 0x1, 0x0}, 0x4e23, 0x8000003, 'dh\x00', 0x1, 0x7, 0x49}, 0x2c)
setsockopt$IP_VS_SO_SET_FLUSH(r3, 0x0, 0x485, 0x0, 0x0)

3.411600915s ago: executing program 5 (id=1034):
r0 = socket$inet6(0xa, 0x80002, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
bind$inet6(0xffffffffffffffff, &(0x7f0000000140)={0xa, 0x4e20, 0x0, @ipv4={'\x00', '\xff\xff', @empty}}, 0x1c)
fchown(0xffffffffffffffff, 0xee01, 0x0)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
setsockopt$sock_linger(r0, 0x1, 0x3c, &(0x7f0000000100)={0x200000000000001}, 0x8)
connect$inet6(r0, &(0x7f0000000000)={0xa, 0x0, 0x0, @loopback={0xff00000000000000}, 0x400}, 0x1c)
sendmmsg$inet6(r0, &(0x7f0000003cc0)=[{{0x0, 0x0, &(0x7f0000003980), 0x171}}], 0x400000000000172, 0x4000000)

1.774472404s ago: executing program 39 (id=1013):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000002c0)=ANY=[@ANYBLOB="0b00000007000000010001000900000001"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x5, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b70800000d0000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2b, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000007c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000880)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kfree\x00', r1}, 0x10)
getsockopt$inet6_tcp_TCP_ZEROCOPY_RECEIVE(0xffffffffffffffff, 0x6, 0x23, &(0x7f0000000240)={&(0x7f00000ae000/0x3000)=nil, 0x3000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0)
syz_mount_image$ext4(&(0x7f0000000080)='ext3\x00', &(0x7f0000000480)='./file0\x00', 0x0, &(0x7f0000000280)={[{@noload}, {@max_dir_size_kb={'max_dir_size_kb', 0x3d, 0x5}}, {@bh}, {@noload}, {@data_err_ignore}, {@usrjquota}]}, 0xfe, 0x44d, &(0x7f0000000900)="$eJzs3MtvG8UfAPDvrp30/Ut+UB4tLQQKouKRNOnzwKUIJA4gIcGhiFNI0qrUbaAJEq0qKBzKEVXijjgi8RdwggsCTkhc4Y4qVaiXFiQko13vpsa107hx6rb+fKRNZrzjzHx3d+zZGTsBDKyx7EcSsTkifouIkUb2vwXGGr+uXTk389eVczNJ1Otv/Jnk5a5eOTdTFi2ft6mRqdeL/Lo29V54O2K6Vps7XeQnFk++N7Fw5uzzx09OH5s7Nndq6tChfXt3Dh+Y2t+TOLO4rm7/aH7HtlfeuvjazJGL7/z0TdbezcX+5jh6ZaxxdNt6qteV9dmWpnRS7WND6EolIrLTNZT3/5GoxIalfSPx8qd9bRywpur1er3d+3PhfB24hyXR7xYA/VG+0Wf3v+V2m4Yed4TLhyPeP9iI/1qxNfZUIy3KDLXc3/bSWEQcOf/3l9kWazQPAQDQ7LvDEfFcu/FfGg82lftfsYYyGhH/j4j7IuL+iNgaEQ9E5GUfioiHu6y/dYXkxvFPeumWAluhbPz3QrG2tTT++6eex18YrRS5LXn8Q8nR47W5PcUx2R1D67L85DJ1fP/Sr5932tc8/su2rP5yLNiQXqq2TNDNTi9OrzLsJZc/idhebYk/l0S5jJNExLaI2N7VX75+h3H8ma93dCp18/iX0YN1pvpXEU83zv/5aIm/lHRcn5w8eGBq/8T6qM3tmSivihv9/MuF1zvVv6r4eyA7/xtbr//cUvyjyfqIhTNnT+TrtQvd13Hh98863tPc6vU/nLyZp4eLxz6cXlw8PRkxnLx64+NT159b5svyWfy7d7WLP81f48oj8UhEZBfxzoh4NCIeK9r+eEQ8ERG7lon/xxeffLf7+JeZle+hLP7Zm53/aD7/3ScqJ374tvv4S9n535endhePrOT1b6UNXM2xAwAAgLtFmn8GPknHl9JpOj7e+Az/1tiY1uYXFp89Ov/BqdnGZ+VHYygtZ7pGmuZDJ4u54TI/1ZLfW8wbf1HZkOfHZ+Zrs/0OHgbcpg79P/NHpd+tA9ac72vB4NL/YXDp/zC49H8YXPo/DK52/f/jPrQDuP28/8Pg0v9hcOn/MLj0fxhIHb8bn67qK/8S93wi0u6fVY07pPF3U6K64n9mcYuJdW139fuVCQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAoDf+DQAA//9X4u4v")
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
ioctl$VHOST_SET_LOG_FD(0xffffffffffffffff, 0x4004af07, 0x0)
bpf$MAP_GET_NEXT_KEY(0x4, 0x0, 0x0)
syz_mount_image$fuse(0x0, &(0x7f0000000000)='./bus\x00', 0x40000, 0x0, 0x1, 0x0, 0x0)
mount$overlay(0x0, &(0x7f0000000100)='./bus\x00', &(0x7f0000000440), 0x8, &(0x7f0000000200)={[{@upperdir={'upperdir', 0x3d, './file0'}}, {@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, '.'}}]})
syz_mount_image$fuse(&(0x7f00000001c0), &(0x7f0000000380)='./bus\x00', 0x222020, &(0x7f0000000140)=ANY=[], 0x1, 0x0, 0x0)
unlinkat(0xffffffffffffff9c, &(0x7f0000000c40)='./file1\x00', 0x0)

1.732140618s ago: executing program 5 (id=1036):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f0000000340)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a58000000160a0302000200000000000002000000090002"], 0x80}}, 0x0)
r3 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r3, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000040)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a01020000000000000000010000000900010073797a30000000006c000000160a01000000000000000000010000000900010073797a30000000000900020073797a3000000000400003800800014000000000080002400000fbff2b0003801400010067656e6576653000000000000000000014000100776732000000000000000000c6e49c0f5c000000180a0101000b000000000000010000000900020073797a30000000000900010073797a3000000000300003802c000380140001"], 0x110}}, 0x0)

1.73197866s ago: executing program 1 (id=1038):
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
sendmsg$inet(r1, &(0x7f0000001b00)={0x0, 0x0, 0x0, 0x0, &(0x7f0000001d80)=ANY=[@ANYBLOB="28010000000000000100000001"], 0x128}, 0x0)
recvmsg$unix(r0, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000080), 0x100}, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000100)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
sendmsg$inet(r3, &(0x7f0000001b00)={0x0, 0x0, 0x0, 0x0, &(0x7f0000001d80)=ANY=[], 0x128}, 0x0)
recvmsg$unix(r2, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000080), 0x100}, 0x0)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
sendmsg$inet(r5, &(0x7f0000001b00)={0x0, 0x0, 0x0, 0x0, &(0x7f0000001d80)=ANY=[], 0x128}, 0x24004000)
recvmsg$unix(r4, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000900), 0x100}, 0x0)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={<r6=>0xffffffffffffffff, <r7=>0xffffffffffffffff})
sendmsg$inet(r7, &(0x7f0000001b00)={0x0, 0x0, 0x0, 0x0, &(0x7f0000001d80)=ANY=[], 0x128}, 0x0)
recvmsg(r6, &(0x7f0000000340)={0x0, 0x0, 0x0, 0x0, &(0x7f0000001dc0)=""/4096, 0x1000}, 0x40000002)
bpf$ENABLE_STATS(0x20, 0x0, 0x0)

1.731852442s ago: executing program 9 (id=1039):
setsockopt$sock_timeval(0xffffffffffffffff, 0x1, 0x14, 0x0, 0x0)
recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0)
quotactl$Q_GETNEXTQUOTA(0xffffffff80000900, 0x0, 0xee01, 0x0)
setsockopt$inet_sctp6_SCTP_CONTEXT(0xffffffffffffffff, 0x84, 0x11, 0x0, 0x0)
r0 = socket$pppoe(0x18, 0x1, 0x0)
connect$pppoe(r0, &(0x7f0000000400)={0x18, 0x0, {0x2, @dev={'\xaa\xaa\xaa\xaa\xaa', 0xa}, 'lo\x00'}}, 0x1e)
ioctl$PPPIOCGCHAN(r0, 0x80047437, &(0x7f0000001f00))
r1 = socket$pppoe(0x18, 0x1, 0x0)
pipe2(&(0x7f0000000640), 0x80)
connect$pppoe(r1, &(0x7f0000000300)={0x18, 0x0, {0x15, @remote, 'gre0\x00'}}, 0x1e)
r2 = openat$ppp(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0)
ioctl$PPPIOCATTCHAN(r2, 0x40047438, &(0x7f0000000040)=0x2)
ioctl$PPPIOCBRIDGECHAN(r2, 0x40047435, &(0x7f0000000200)=0x1)
sendmmsg(r0, &(0x7f00000008c0)=[{{0x0, 0x0, 0x0}}], 0x34000, 0x0)

1.421003051s ago: executing program 1 (id=1040):
r0 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f00000015c0), 0x2, 0x0)
ioctl$VHOST_SET_VRING_BASE(r0, 0xaf01, 0x0)
r1 = eventfd(0xc)
ioctl$VHOST_SET_LOG_FD(r0, 0x4004af07, &(0x7f0000000240)=r1)
ioctl$VHOST_SET_VRING_KICK(r0, 0x4008af20, &(0x7f0000000040)={0x1, r1})
ioctl$VHOST_SET_VRING_ADDR(r0, 0x4028af11, &(0x7f0000000140)={0x0, 0x0, 0x0, &(0x7f0000000500)=""/67, 0x0})
r2 = syz_io_uring_setup(0xbd9, &(0x7f0000000640)={0x0, 0xec25, 0x8, 0x3, 0x15f}, &(0x7f0000000140)=<r3=>0x0, &(0x7f00000001c0)=<r4=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r3, 0x4, &(0x7f0000000180)=0xfffffffc, 0x0, 0x4)
syz_io_uring_submit(r3, r4, &(0x7f0000000200)=@IORING_OP_READV=@pass_iovec={0x1, 0x0, 0x4000, @fd_index=0x4, 0x0, &(0x7f0000000600)=[{&(0x7f00000003c0)=""/216, 0xd8}], 0x1})
io_uring_enter(r2, 0x847ba, 0x0, 0xe, 0x0, 0x0)
ioctl$VHOST_SET_VRING_ADDR(r0, 0x4028af11, &(0x7f0000000280)={0x1, 0x1, 0x0, &(0x7f00000000c0)=""/87, 0x0})
ioctl$VHOST_SET_MEM_TABLE(r0, 0x4008af03, &(0x7f0000000e40))
ioctl$VHOST_SET_VRING_ERR(r0, 0x4008af22, &(0x7f00000002c0)={0x1, r1})
ioctl$VHOST_VSOCK_SET_RUNNING(r0, 0x4004af61, &(0x7f0000000000)=0x1)

276.076849ms ago: executing program 5 (id=1041):
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
madvise(&(0x7f0000bdc000/0x4000)=nil, 0x86ac726dff2f4713, 0xa)
syz_clone3(&(0x7f0000000740)={0x8180080, 0x0, 0x0, 0x0, {0x39}, 0x0, 0x0, 0x0, 0x0}, 0x58)

255.685808ms ago: executing program 8 (id=1052):
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
sendmsg$inet(r1, &(0x7f0000001b00)={0x0, 0x0, 0x0, 0x0, &(0x7f0000001d80)=ANY=[@ANYBLOB="28010000000000000100000001"], 0x128}, 0x0)
recvmsg$unix(r0, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000080), 0x100}, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000100)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
sendmsg$inet(r3, &(0x7f0000001b00)={0x0, 0x0, 0x0, 0x0, &(0x7f0000001d80)=ANY=[], 0x128}, 0x0)
recvmsg$unix(r2, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000080), 0x100}, 0x0)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
sendmsg$inet(r5, &(0x7f0000001b00)={0x0, 0x0, 0x0, 0x0, &(0x7f0000001d80)=ANY=[], 0x128}, 0x24004000)
recvmsg$unix(r4, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000900), 0x100}, 0x0)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={<r6=>0xffffffffffffffff, <r7=>0xffffffffffffffff})
sendmsg$inet(r7, &(0x7f0000001b00)={0x0, 0x0, 0x0, 0x0, &(0x7f0000001d80)=ANY=[], 0x128}, 0x0)
recvmsg(r6, &(0x7f0000000340)={0x0, 0x0, 0x0, 0x0, &(0x7f0000001dc0)=""/4096, 0x1000}, 0x40000002)
bpf$ENABLE_STATS(0x20, 0x0, 0x0)

253.558295ms ago: executing program 6 (id=1042):
openat$ptmx(0xffffffffffffff9c, 0x0, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x5)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x80202, 0x0)
r0 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r0, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
madvise(&(0x7f0000000000/0x800000)=nil, 0x800000, 0xe)
userfaultfd(0x80801)
r1 = getpid()
process_vm_readv(r1, &(0x7f0000008400)=[{&(0x7f0000000300)=""/54, 0x7ffff000}, {&(0x7f0000006180)=""/152, 0x98}], 0x2, &(0x7f0000008640)=[{&(0x7f0000008480)=""/95, 0x7ffff000}], 0x286, 0x0)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x8)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600002, 0x15)

0s ago: executing program 9 (id=1043):
bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x6, 0x4, 0x8, 0x8}, 0x48)
r1 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="040000000400000004"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b70800000000e7057b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000001600000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0xc, 0x14, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000000000000000000000018150000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000001000000850000001500000018010000716c6c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000001000000850000000600000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000180)='sched_switch\x00', r3}, 0x10)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000600)={r2, 0x0, 0xe, 0x0, &(0x7f0000000100)="e0857f9f582f0300000000001000", 0x0, 0x2e00, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50)
bpf$ENABLE_STATS(0x20, 0x0, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0xc, 0xe, 0x0, 0x0}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, 0x0, 0x0)
socket$netlink(0x10, 0x3, 0x0)

kernel console output (not intermixed with test programs):

   T30] audit: type=1800 audit(1761163010.245:12): pid=8614 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.2.621" name="file1" dev="loop2" ino=10 res=0 errno=0
[  415.860335][ T8625] syz.2.621: attempt to access beyond end of device
[  415.860335][ T8625] loop2: rw=2049, sector=45096, nr_sectors = 2568 limit=40427
[  416.225160][   T30] audit: type=1800 audit(1761163010.605:13): pid=8625 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.2.621" name="file1" dev="loop2" ino=10 res=0 errno=0
[  416.396920][ T5833] syz-executor: attempt to access beyond end of device
[  416.396920][ T5833] loop2: rw=2049, sector=47664, nr_sectors = 8 limit=40427
[  416.438296][ T5833] CPU: 0 UID: 0 PID: 5833 Comm: syz-executor Not tainted syzkaller #0 PREEMPT(full) 
[  416.438342][ T5833] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[  416.438364][ T5833] Call Trace:
[  416.438375][ T5833]  <TASK>
[  416.438389][ T5833]  dump_stack_lvl+0x16c/0x1f0
[  416.438436][ T5833]  f2fs_handle_critical_error+0x624/0x9f0
[  416.438478][ T5833]  ? srso_alias_return_thunk+0x5/0xfbef5
[  416.438524][ T5833]  ? f2fs_build_fault_attr+0x53/0x1f0
[  416.438594][ T5833]  f2fs_write_end_io+0x958/0xcf0
[  416.438642][ T5833]  ? __pfx_f2fs_write_end_io+0x10/0x10
[  416.438690][ T5833]  ? srso_alias_return_thunk+0x5/0xfbef5
[  416.438745][ T5833]  ? __pfx_f2fs_write_end_io+0x10/0x10
[  416.438786][ T5833]  bio_endio+0x713/0x860
[  416.438840][ T5833]  submit_bio_noacct+0x306/0x1f60
[  416.438889][ T5833]  __submit_merged_bio+0x33c/0x770
[  416.438938][ T5833]  __submit_merged_write_cond+0x319/0x3f0
[  416.439001][ T5833]  f2fs_write_cache_pages+0x2067/0x2570
[  416.439081][ T5833]  ? __pfx_f2fs_write_cache_pages+0x10/0x10
[  416.439137][ T5833]  ? srso_alias_return_thunk+0x5/0xfbef5
[  416.439197][ T5833]  ? srso_alias_return_thunk+0x5/0xfbef5
[  416.439242][ T5833]  ? __lock_acquire+0x622/0x1c90
[  416.439347][ T5833]  ? check_irq_usage+0xcb/0x920
[  416.439454][ T5833]  ? check_path.constprop.0+0x24/0x50
[  416.439512][ T5833]  ? srso_alias_return_thunk+0x5/0xfbef5
[  416.439564][ T5833]  f2fs_write_data_pages+0x4ad/0xd90
[  416.439622][ T5833]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[  416.439688][ T5833]  ? srso_alias_return_thunk+0x5/0xfbef5
[  416.439732][ T5833]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[  416.439786][ T5833]  do_writepages+0x27a/0x600
[  416.439831][ T5833]  ? __pfx_do_writepages+0x10/0x10
[  416.439865][ T5833]  ? do_raw_spin_unlock+0x172/0x230
[  416.439908][ T5833]  ? srso_alias_return_thunk+0x5/0xfbef5
[  416.439952][ T5833]  ? _raw_spin_unlock+0x28/0x50
[  416.440000][ T5833]  filemap_fdatawrite_wbc+0x104/0x160
[  416.440038][ T5833]  ? __pfx_stack_trace_save+0x10/0x10
[  416.440094][ T5833]  __filemap_fdatawrite_range+0xb9/0x100
[  416.440147][ T5833]  ? __pfx___filemap_fdatawrite_range+0x10/0x10
[  416.440198][ T5833]  ? check_path.constprop.0+0x24/0x50
[  416.440308][ T5833]  ? find_held_lock+0x2b/0x80
[  416.440357][ T5833]  ? srso_alias_return_thunk+0x5/0xfbef5
[  416.440403][ T5833]  ? do_raw_spin_unlock+0x172/0x230
[  416.440446][ T5833]  ? srso_alias_return_thunk+0x5/0xfbef5
[  416.440498][ T5833]  f2fs_sync_dirty_inodes+0x2a2/0x980
[  416.440572][ T5833]  block_operations+0x2b0/0xfe0
[  416.440627][ T5833]  ? srso_alias_return_thunk+0x5/0xfbef5
[  416.440686][ T5833]  ? __pfx_block_operations+0x10/0x10
[  416.440736][ T5833]  ? check_path.constprop.0+0x24/0x50
[  416.440848][ T5833]  ? srso_alias_return_thunk+0x5/0xfbef5
[  416.440898][ T5833]  ? ktime_get+0x200/0x310
[  416.440954][ T5833]  ? srso_alias_return_thunk+0x5/0xfbef5
[  416.441005][ T5833]  ? lockdep_hardirqs_on+0x7c/0x110
[  416.441047][ T5833]  ? srso_alias_return_thunk+0x5/0xfbef5
[  416.441092][ T5833]  ? rcu_is_watching+0x12/0xc0
[  416.441147][ T5833]  f2fs_write_checkpoint+0x32b/0x5300
[  416.441212][ T5833]  ? kfree+0x2b8/0x6d0
[  416.441253][ T5833]  ? f2fs_stop_gc_thread+0x79/0xd0
[  416.441315][ T5833]  ? srso_alias_return_thunk+0x5/0xfbef5
[  416.441360][ T5833]  ? rcu_is_watching+0x12/0xc0
[  416.441408][ T5833]  ? srso_alias_return_thunk+0x5/0xfbef5
[  416.441452][ T5833]  ? kthread_stop+0x272/0x630
[  416.441491][ T5833]  kill_f2fs_super+0x3d6/0x490
[  416.441546][ T5833]  ? __pfx_kill_f2fs_super+0x10/0x10
[  416.441618][ T5833]  ? srso_alias_return_thunk+0x5/0xfbef5
[  416.441680][ T5833]  deactivate_locked_super+0xc1/0x1a0
[  416.441735][ T5833]  deactivate_super+0xde/0x100
[  416.441790][ T5833]  cleanup_mnt+0x225/0x450
[  416.441848][ T5833]  task_work_run+0x150/0x240
[  416.441891][ T5833]  ? __pfx_task_work_run+0x10/0x10
[  416.441929][ T5833]  ? srso_alias_return_thunk+0x5/0xfbef5
[  416.441984][ T5833]  ? __pfx___x64_sys_umount+0x10/0x10
[  416.442054][ T5833]  exit_to_user_mode_loop+0xec/0x130
[  416.442097][ T5833]  do_syscall_64+0x426/0xfa0
[  416.442144][ T5833]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  416.442181][ T5833] RIP: 0033:0x7fa80a3902f7
[  416.442209][ T5833] Code: a8 ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 0f 1f 44 00 00 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 a8 ff ff ff f7 d8 64 89 02 b8
[  416.442245][ T5833] RSP: 002b:00007ffd81631f48 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6
[  416.442278][ T5833] RAX: 0000000000000000 RBX: 00007fa80a411d7d RCX: 00007fa80a3902f7
[  416.442301][ T5833] RDX: 0000000000000000 RSI: 0000000000000009 RDI: 00007ffd81632000
[  416.442325][ T5833] RBP: 00007ffd81632000 R08: 0000000000000000 R09: 0000000000000000
[  416.442348][ T5833] R10: 00000000ffffffff R11: 0000000000000246 R12: 00007ffd81633090
[  416.442372][ T5833] R13: 00007fa80a411d7d R14: 00000000000656ef R15: 00007ffd816330d0
[  416.442425][ T5833]  </TASK>
[  416.968506][ T5833] F2FS-fs (loop2): Stopped filesystem due to reason: 3
[  416.994454][ T8307] batman_adv: batadv0: Adding interface: batadv_slave_0
[  417.269497][ T8307] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  419.750502][ T8307] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  419.852019][ T8398] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  419.902014][ T8398] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  419.981720][ T8307] batman_adv: batadv0: Adding interface: batadv_slave_1
[  419.988713][ T8307] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  420.059422][ T8307] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  421.069812][ T8647] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1
[  421.081721][ T8647] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9
[  421.092331][ T8647] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9
[  421.112538][ T8647] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4
[  421.126694][ T8647] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2
[  421.657285][ T8307] hsr_slave_0: entered promiscuous mode
[  422.352784][ T8307] hsr_slave_1: entered promiscuous mode
[  422.359212][ T8307] debugfs: 'hsr0' already exists in 'hsr'
[  422.366759][ T8307] Cannot create hsr debugfs directory
[  422.757910][ T8398] team0: Port device team_slave_0 added
[  422.772928][ T8398] team0: Port device team_slave_1 added
[  423.251595][ T8647] Bluetooth: hci5: command tx timeout
[  424.722428][ T8398] batman_adv: batadv0: Adding interface: batadv_slave_0
[  424.755373][ T8398] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  424.823029][ T8398] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  424.920851][ T8398] batman_adv: batadv0: Adding interface: batadv_slave_1
[  424.927823][ T8398] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  425.010818][ T8398] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  425.382962][ T8647] Bluetooth: hci5: command tx timeout
[  427.457046][ T8647] Bluetooth: hci5: command tx timeout
[  428.423135][ T8398] hsr_slave_0: entered promiscuous mode
[  428.450235][ T8398] hsr_slave_1: entered promiscuous mode
[  428.453402][ T8714] netlink: 'syz.0.639': attribute type 1 has an invalid length.
[  428.456747][ T8398] debugfs: 'hsr0' already exists in 'hsr'
[  428.501565][ T8398] Cannot create hsr debugfs directory
[  428.834913][ T8714] 8021q: adding VLAN 0 to HW filter on device bond1
[  428.843180][ T8646] chnl_net:caif_netlink_parms(): no params data found
[  428.897410][ T8718] gretap1: entered promiscuous mode
[  428.946594][ T8718] bond1: (slave gretap1): making interface the new active one
[  428.997216][ T8718] bond1: (slave gretap1): Enslaving as an active interface with an up link
[  429.207097][ T5846] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1
[  429.217238][ T5846] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9
[  429.225181][ T5846] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9
[  429.234091][ T5846] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4
[  429.254222][ T5846] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2
[  430.228782][ T5846] Bluetooth: hci5: command tx timeout
[  430.647841][ T2952] macvlan1: left allmulticast mode
[  430.673896][ T2952] veth1_vlan: left allmulticast mode
[  431.097900][ T2952] macvlan1: left promiscuous mode
[  431.229445][ T2952] bridge0: port 3(macvlan1) entered disabled state
[  431.370173][ T2952] bridge_slave_1: left allmulticast mode
[  431.379491][ T5846] Bluetooth: hci2: command tx timeout
[  431.399598][ T2952] bridge_slave_1: left promiscuous mode
[  431.405412][ T2952] bridge0: port 2(bridge_slave_1) entered disabled state
[  431.464732][ T2952] bridge_slave_0: left allmulticast mode
[  431.472353][ T2952] bridge_slave_0: left promiscuous mode
[  431.489697][ T2952] bridge0: port 1(bridge_slave_0) entered disabled state
[  431.830432][ T2952] bridge_slave_1: left allmulticast mode
[  431.836127][ T2952] bridge_slave_1: left promiscuous mode
[  431.871123][ T2952] bridge0: port 2(bridge_slave_1) entered disabled state
[  432.081061][ T2952] bridge_slave_0: left allmulticast mode
[  432.144914][ T2952] bridge_slave_0: left promiscuous mode
[  432.202633][ T2952] bridge0: port 1(bridge_slave_0) entered disabled state
[  433.063121][ T2952] bridge_slave_1: left allmulticast mode
[  433.068812][ T2952] bridge_slave_1: left promiscuous mode
[  433.129804][ T2952] bridge0: port 2(bridge_slave_1) entered disabled state
[  433.173098][ T2952] bridge_slave_0: left allmulticast mode
[  433.178757][ T2952] bridge_slave_0: left promiscuous mode
[  433.192646][ T2952] bridge0: port 1(bridge_slave_0) entered disabled state
[  433.412426][ T5846] Bluetooth: hci2: command tx timeout
[  434.295148][ T2952] dvmrp1 (unregistering): left allmulticast mode
[  435.579549][ T5846] Bluetooth: hci2: command tx timeout
[  435.630935][ T8769] nvme_fabrics: missing parameter 'transport=%s'
[  435.637315][ T8769] nvme_fabrics: missing parameter 'nqn=%s'
[  435.817980][ T2952] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  435.851999][ T2952] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  435.937584][ T2952] bond0 (unregistering): Released all slaves
[  436.123600][ T2952] bond1 (unregistering): (slave bond2): Releasing backup interface
[  436.151377][ T2952] bond1 (unregistering): Released all slaves
[  437.803648][ T8785] ptrace attach of "./syz-executor exec"[5833] was attempted by "                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              
[  438.091352][ T2952] bond2 (unregistering): Released all slaves
[  438.102591][ T5846] Bluetooth: hci2: command tx timeout
[  439.757850][ T2952] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  439.984958][ T2952] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  440.148353][ T2952] bond0 (unregistering): Released all slaves
[  441.793995][ T2952] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  441.978065][ T2952] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  442.097265][ T2952] bond0 (unregistering): Released all slaves
[  442.427402][ T8753] warning: `syz.0.646' uses wireless extensions which will stop working for Wi-Fi 7 hardware; use nl80211
[  446.887709][ T8646] bridge0: port 1(bridge_slave_0) entered blocking state
[  446.915020][ T8646] bridge0: port 1(bridge_slave_0) entered disabled state
[  446.929675][ T8646] bridge_slave_0: entered allmulticast mode
[  447.498687][ T8646] bridge_slave_0: entered promiscuous mode
[  447.642389][ T8646] bridge0: port 2(bridge_slave_1) entered blocking state
[  447.719043][ T8646] bridge0: port 2(bridge_slave_1) entered disabled state
[  447.779840][ T8646] bridge_slave_1: entered allmulticast mode
[  447.888375][ T8646] bridge_slave_1: entered promiscuous mode
[  448.324743][ T8647] Bluetooth: hci6: unexpected cc 0x0c03 length: 249 > 1
[  448.335345][ T8647] Bluetooth: hci6: unexpected cc 0x1003 length: 249 > 9
[  448.351547][ T8647] Bluetooth: hci6: unexpected cc 0x1001 length: 249 > 9
[  449.576101][ T1296] ieee802154 phy0 wpan0: encryption failed: -22
[  449.582458][ T1296] ieee802154 phy1 wpan1: encryption failed: -22
[  449.606719][ T8646] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  449.676730][ T8858] xt_socket: unknown flags 0x4c
[  449.763962][ T8647] Bluetooth: hci6: unexpected cc 0x0c23 length: 249 > 4
[  450.367386][ T8647] Bluetooth: hci6: unexpected cc 0x0c38 length: 249 > 2
[  452.466030][ T5846] Bluetooth: hci6: command tx timeout
[  453.771951][ T8884] ptrace attach of "./syz-executor exec"[5827] was attempted by "                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              
[  454.155353][ T8888] loop2: detected capacity change from 0 to 512
[  454.299118][ T8646] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  454.423532][ T8888] EXT4-fs error (device loop2): ext4_orphan_get:1392: inode #15: comm syz.2.677: inode has both inline data and extents flags
[  454.529505][ T5846] Bluetooth: hci6: command tx timeout
[  454.562716][ T8888] EXT4-fs error (device loop2): ext4_orphan_get:1395: comm syz.2.677: couldn't read orphan inode 15 (err -117)
[  454.594479][ T8888] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  454.671312][ T2952] hsr_slave_0: left promiscuous mode
[  454.789416][   T30] audit: type=1804 audit(1761163049.765:14): pid=8901 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz.1.679" name="/newroot/147/file1" dev="fuse" ino=1 res=1 errno=0
[  454.848135][   T30] audit: type=1800 audit(1761163049.765:15): pid=8901 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.1.679" name="/" dev="fuse" ino=1 res=0 errno=0
[  454.903493][   T30] audit: type=1800 audit(1761163049.765:16): pid=8897 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.1.679" name="/" dev="fuse" ino=1 res=0 errno=0
[  455.205878][ T5833] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  455.359529][ T2952] hsr_slave_1: left promiscuous mode
[  455.377731][ T2952] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  455.415155][ T2952] batman_adv: batadv0: Removing interface: batadv_slave_0
[  455.464762][ T2952] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  455.499482][ T2952] batman_adv: batadv0: Removing interface: batadv_slave_1
[  455.587185][ T2952] hsr_slave_0: left promiscuous mode
[  455.728683][ T8911] overlayfs: failed to clone upperpath
[  456.420791][ T2952] hsr_slave_1: left promiscuous mode
[  456.489254][ T2952] batman_adv: batadv0: Removing interface: batadv_slave_0
[  456.791694][ T2952] batman_adv: batadv0: Removing interface: batadv_slave_1
[  456.809904][ T5846] Bluetooth: hci6: command tx timeout
[  457.040367][ T2952] hsr_slave_0: left promiscuous mode
[  457.076248][ T2952] hsr_slave_1: left promiscuous mode
[  457.096084][ T2952] batman_adv: batadv0: Removing interface: batadv_slave_0
[  457.119960][ T2952] batman_adv: batadv0: Removing interface: batadv_slave_1
[  457.157273][ T2952] veth1_macvtap: left promiscuous mode
[  457.164609][ T2952] veth0_macvtap: left promiscuous mode
[  457.172283][ T2952] veth1_vlan: left promiscuous mode
[  457.177755][ T2952] veth0_vlan: left promiscuous mode
[  457.580200][ T2952] team0 (unregistering): Port device team_slave_1 removed
[  457.606833][ T2952] team0 (unregistering): Port device team_slave_0 removed
[  458.004441][ T2952] team0 (unregistering): Port device team_slave_1 removed
[  458.029147][ T2952] team0 (unregistering): Port device team_slave_0 removed
[  458.311506][ T2952] team0 (unregistering): Port device team_slave_1 removed
[  458.345773][ T2952] team0 (unregistering): Port device team_slave_0 removed
[  458.525049][ T8646] team0: Port device team_slave_0 added
[  458.539568][ T8646] team0: Port device team_slave_1 added
[  458.684884][ T8646] batman_adv: batadv0: Adding interface: batadv_slave_0
[  458.695649][ T8646] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  458.724735][ T8646] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  458.745150][ T8722] chnl_net:caif_netlink_parms(): no params data found
[  458.786415][ T8646] batman_adv: batadv0: Adding interface: batadv_slave_1
[  458.797239][ T8646] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  458.823587][ T8646] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  458.860355][ T5846] Bluetooth: hci6: command tx timeout
[  459.091225][ T8646] hsr_slave_0: entered promiscuous mode
[  459.098074][ T8646] hsr_slave_1: entered promiscuous mode
[  459.107243][ T8646] debugfs: 'hsr0' already exists in 'hsr'
[  459.113371][ T8646] Cannot create hsr debugfs directory
[  459.221852][ T8722] bridge0: port 1(bridge_slave_0) entered blocking state
[  459.229030][ T8722] bridge0: port 1(bridge_slave_0) entered disabled state
[  459.248105][ T8722] bridge_slave_0: entered allmulticast mode
[  459.257045][ T8722] bridge_slave_0: entered promiscuous mode
[  459.312095][ T8722] bridge0: port 2(bridge_slave_1) entered blocking state
[  459.319946][ T8722] bridge0: port 2(bridge_slave_1) entered disabled state
[  459.327389][ T8722] bridge_slave_1: entered allmulticast mode
[  459.337104][ T8722] bridge_slave_1: entered promiscuous mode
[  459.467550][ T8722] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  459.511834][ T8722] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  459.583397][ T8722] team0: Port device team_slave_0 added
[  459.641423][ T8722] team0: Port device team_slave_1 added
[  459.725099][ T8722] batman_adv: batadv0: Adding interface: batadv_slave_0
[  459.732473][ T8722] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  459.758500][ T8722] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  459.780251][ T8844] chnl_net:caif_netlink_parms(): no params data found
[  459.793517][ T8722] batman_adv: batadv0: Adding interface: batadv_slave_1
[  459.800553][ T8722] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  459.826520][ T8722] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  459.998459][ T8722] hsr_slave_0: entered promiscuous mode
[  460.011737][ T8722] hsr_slave_1: entered promiscuous mode
[  460.018228][ T8722] debugfs: 'hsr0' already exists in 'hsr'
[  460.025214][ T8722] Cannot create hsr debugfs directory
[  460.221185][ T8844] bridge0: port 1(bridge_slave_0) entered blocking state
[  460.228478][ T8844] bridge0: port 1(bridge_slave_0) entered disabled state
[  460.237784][ T8844] bridge_slave_0: entered allmulticast mode
[  460.246113][ T8844] bridge_slave_0: entered promiscuous mode
[  460.300022][ T8844] bridge0: port 2(bridge_slave_1) entered blocking state
[  460.307168][ T8844] bridge0: port 2(bridge_slave_1) entered disabled state
[  460.316638][ T8844] bridge_slave_1: entered allmulticast mode
[  460.325073][ T8844] bridge_slave_1: entered promiscuous mode
[  460.415250][ T8844] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  460.429348][ T8844] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  460.575403][ T8844] team0: Port device team_slave_0 added
[  460.585137][ T8844] team0: Port device team_slave_1 added
[  460.715620][ T8844] batman_adv: batadv0: Adding interface: batadv_slave_0
[  460.722772][ T8844] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  460.749804][ T8844] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  460.764130][ T8844] batman_adv: batadv0: Adding interface: batadv_slave_1
[  460.771266][ T8844] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  460.797745][ T8844] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  460.866996][ T8646] netdevsim netdevsim7 netdevsim0: renamed from eth0
[  460.907539][ T8646] netdevsim netdevsim7 netdevsim1: renamed from eth1
[  460.919656][ T8646] netdevsim netdevsim7 netdevsim2: renamed from eth2
[  460.935623][ T8646] netdevsim netdevsim7 netdevsim3: renamed from eth3
[  460.953351][ T8844] hsr_slave_0: entered promiscuous mode
[  460.959958][ T8844] hsr_slave_1: entered promiscuous mode
[  460.966166][ T8844] debugfs: 'hsr0' already exists in 'hsr'
[  460.972737][ T8844] Cannot create hsr debugfs directory
[  461.221027][ T2952] bridge_slave_1: left allmulticast mode
[  461.226716][ T2952] bridge_slave_1: left promiscuous mode
[  461.232781][ T2952] bridge0: port 2(bridge_slave_1) entered disabled state
[  461.242863][ T2952] bridge_slave_0: left allmulticast mode
[  461.248494][ T2952] bridge_slave_0: left promiscuous mode
[  461.254513][ T2952] bridge0: port 1(bridge_slave_0) entered disabled state
[  461.268218][ T2952] bridge_slave_1: left allmulticast mode
[  461.274114][ T2952] bridge_slave_1: left promiscuous mode
[  461.280695][ T2952] bridge0: port 2(bridge_slave_1) entered disabled state
[  461.289824][ T2952] bridge_slave_0: left allmulticast mode
[  461.295452][ T2952] bridge_slave_0: left promiscuous mode
[  461.303269][ T2952] bridge0: port 1(bridge_slave_0) entered disabled state
[  461.316554][ T2952] bridge_slave_1: left allmulticast mode
[  461.322296][ T2952] bridge_slave_1: left promiscuous mode
[  461.327996][ T2952] bridge0: port 2(bridge_slave_1) entered disabled state
[  461.337579][ T2952] bridge_slave_0: left allmulticast mode
[  461.343274][ T2952] bridge_slave_0: left promiscuous mode
[  461.348963][ T2952] bridge0: port 1(bridge_slave_0) entered disabled state
[  461.479052][ T2952] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  461.491229][ T2952] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  461.501990][ T2952] bond0 (unregistering): Released all slaves
[  461.623428][ T2952] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  461.634736][ T2952] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  461.645286][ T2952] bond0 (unregistering): Released all slaves
[  461.750176][ T2952] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  461.761391][ T2952] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  461.774009][ T2952] bond0 (unregistering): Released all slaves
[  461.815573][ T8722] netdevsim netdevsim8 netdevsim0: renamed from eth0
[  461.828281][ T8722] netdevsim netdevsim8 netdevsim1: renamed from eth1
[  461.919898][ T8722] netdevsim netdevsim8 netdevsim2: renamed from eth2
[  461.935947][ T8722] netdevsim netdevsim8 netdevsim3: renamed from eth3
[  461.959547][ T2952] hsr_slave_0: left promiscuous mode
[  461.965551][ T2952] hsr_slave_1: left promiscuous mode
[  461.972522][ T2952] batman_adv: batadv0: Removing interface: batadv_slave_0
[  461.986784][ T2952] batman_adv: batadv0: Removing interface: batadv_slave_1
[  462.001918][ T2952] hsr_slave_0: left promiscuous mode
[  462.007837][ T2952] hsr_slave_1: left promiscuous mode
[  462.015052][ T2952] batman_adv: batadv0: Removing interface: batadv_slave_0
[  462.023334][ T2952] batman_adv: batadv0: Removing interface: batadv_slave_1
[  462.036756][ T2952] hsr_slave_0: left promiscuous mode
[  462.042906][ T2952] hsr_slave_1: left promiscuous mode
[  462.048831][ T2952] batman_adv: batadv0: Removing interface: batadv_slave_0
[  462.060328][ T2952] batman_adv: batadv0: Removing interface: batadv_slave_1
[  462.225250][ T2952] team0 (unregistering): Port device team_slave_1 removed
[  462.261826][ T2952] team0 (unregistering): Port device team_slave_0 removed
[  462.528160][ T2952] team0 (unregistering): Port device team_slave_1 removed
[  462.554450][ T2952] team0 (unregistering): Port device team_slave_0 removed
[  462.858554][ T2952] team0 (unregistering): Port device team_slave_1 removed
[  462.882339][ T2952] team0 (unregistering): Port device team_slave_0 removed
[  463.236863][ T8646] 8021q: adding VLAN 0 to HW filter on device bond0
[  463.290821][ T8646] 8021q: adding VLAN 0 to HW filter on device team0
[  463.326822][ T2999] bridge0: port 1(bridge_slave_0) entered blocking state
[  463.333996][ T2999] bridge0: port 1(bridge_slave_0) entered forwarding state
[  463.392114][ T2999] bridge0: port 2(bridge_slave_1) entered blocking state
[  463.399265][ T2999] bridge0: port 2(bridge_slave_1) entered forwarding state
[  463.512648][ T8722] 8021q: adding VLAN 0 to HW filter on device bond0
[  463.568334][ T8844] netdevsim netdevsim9 netdevsim0: renamed from eth0
[  463.598272][ T8722] 8021q: adding VLAN 0 to HW filter on device team0
[  463.608739][ T8844] netdevsim netdevsim9 netdevsim1: renamed from eth1
[  463.637292][ T8646] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[  463.682628][ T8844] netdevsim netdevsim9 netdevsim2: renamed from eth2
[  463.715622][ T8014] bridge0: port 1(bridge_slave_0) entered blocking state
[  463.722811][ T8014] bridge0: port 1(bridge_slave_0) entered forwarding state
[  463.762309][ T8014] bridge0: port 2(bridge_slave_1) entered blocking state
[  463.769485][ T8014] bridge0: port 2(bridge_slave_1) entered forwarding state
[  463.782494][ T8844] netdevsim netdevsim9 netdevsim3: renamed from eth3
[  464.243905][ T8844] 8021q: adding VLAN 0 to HW filter on device bond0
[  464.314270][ T8844] 8021q: adding VLAN 0 to HW filter on device team0
[  464.342597][ T6127] bridge0: port 1(bridge_slave_0) entered blocking state
[  464.349767][ T6127] bridge0: port 1(bridge_slave_0) entered forwarding state
[  464.404267][ T6127] bridge0: port 2(bridge_slave_1) entered blocking state
[  464.411418][ T6127] bridge0: port 2(bridge_slave_1) entered forwarding state
[  464.444308][ T8646] 8021q: adding VLAN 0 to HW filter on device batadv0
[  464.546625][ T8722] 8021q: adding VLAN 0 to HW filter on device batadv0
[  465.294973][ T8844] 8021q: adding VLAN 0 to HW filter on device batadv0
[  465.333277][ T8646] veth0_vlan: entered promiscuous mode
[  465.377057][ T8646] veth1_vlan: entered promiscuous mode
[  465.542167][ T8646] veth0_macvtap: entered promiscuous mode
[  465.582052][ T8646] veth1_macvtap: entered promiscuous mode
[  465.630400][ T8722] veth0_vlan: entered promiscuous mode
[  465.668092][ T8722] veth1_vlan: entered promiscuous mode
[  465.735630][ T8646] batman_adv: batadv0: Interface activated: batadv_slave_0
[  465.782589][ T8646] batman_adv: batadv0: Interface activated: batadv_slave_1
[  465.823037][ T8722] veth0_macvtap: entered promiscuous mode
[  465.847498][ T8020] netdevsim netdevsim7 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  465.860056][ T8020] netdevsim netdevsim7 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  465.868796][ T8020] netdevsim netdevsim7 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  465.882853][ T8722] veth1_macvtap: entered promiscuous mode
[  465.918309][ T8020] netdevsim netdevsim7 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  465.952879][ T8722] batman_adv: batadv0: Interface activated: batadv_slave_0
[  466.007989][ T8722] batman_adv: batadv0: Interface activated: batadv_slave_1
[  466.067450][   T64] netdevsim netdevsim8 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  466.079508][   T64] netdevsim netdevsim8 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  466.088243][   T64] netdevsim netdevsim8 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  466.138278][   T64] netdevsim netdevsim8 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  466.293369][ T2952] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  466.322121][ T2952] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  466.378088][   T64] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  466.416467][   T64] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  466.476143][ T8844] veth0_vlan: entered promiscuous mode
[  466.515959][   T64] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  466.524918][   T64] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  466.527363][ T8844] veth1_vlan: entered promiscuous mode
[  466.545813][   T64] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  466.562218][   T64] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  466.628820][ T8844] veth0_macvtap: entered promiscuous mode
[  466.653340][ T8844] veth1_macvtap: entered promiscuous mode
[  466.790974][ T8844] batman_adv: batadv0: Interface activated: batadv_slave_0
[  466.901555][ T9054] netlink: 28 bytes leftover after parsing attributes in process `syz.2.696'.
[  466.912342][ T8844] batman_adv: batadv0: Interface activated: batadv_slave_1
[  467.144082][   T30] audit: type=1326 audit(1761163062.155:17): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9047 comm="syz.1.695" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fcbe778efc9 code=0x7fc00000
[  467.185778][   T30] audit: type=1326 audit(1761163062.155:18): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9047 comm="syz.1.695" exe="/root/syz-executor" sig=0 arch=c000003e syscall=39 compat=0 ip=0x7fcbe778efc9 code=0x7fc00000
[  467.244606][   T64] netdevsim netdevsim9 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  467.676148][   T30] audit: type=1326 audit(1761163062.675:19): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9047 comm="syz.1.695" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fcbe778efc9 code=0x7fc00000
[  467.859436][   T64] netdevsim netdevsim9 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  467.888605][   T30] audit: type=1326 audit(1761163062.785:20): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9047 comm="syz.1.695" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fcbe778efc9 code=0x7fc00000
[  467.929488][   T64] netdevsim netdevsim9 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  467.981728][   T30] audit: type=1326 audit(1761163062.785:21): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9047 comm="syz.1.695" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fcbe778efc9 code=0x7fc00000
[  468.003971][   T30] audit: type=1326 audit(1761163062.785:22): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9047 comm="syz.1.695" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fcbe778efc9 code=0x7fc00000
[  468.034908][ T8020] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  468.044972][   T64] netdevsim netdevsim9 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  468.069759][   T30] audit: type=1326 audit(1761163062.785:23): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9047 comm="syz.1.695" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fcbe778efc9 code=0x7fc00000
[  468.078220][ T8020] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  468.186891][   T30] audit: type=1326 audit(1761163062.785:24): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9047 comm="syz.1.695" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fcbe778efc9 code=0x7fc00000
[  468.291712][   T30] audit: type=1326 audit(1761163062.785:25): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9047 comm="syz.1.695" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fcbe778efc9 code=0x7fc00000
[  468.364744][   T30] audit: type=1326 audit(1761163062.785:26): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9047 comm="syz.1.695" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fcbe778efc9 code=0x7fc00000
[  469.794016][ T8020] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  469.870753][ T8020] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  469.951218][ T9084] loop8: detected capacity change from 0 to 2048
[  469.985208][ T9084] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000)
[  472.452268][ T9115] program syz.1.709 is using a deprecated SCSI ioctl, please convert it to SG_IO
[  472.589448][   T30] kauditd_printk_skb: 30 callbacks suppressed
[  472.589473][   T30] audit: type=1804 audit(1761163067.575:57): pid=9114 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz.8.692" name="/newroot/3/file1" dev="fuse" ino=1 res=1 errno=0
[  472.718171][   T30] audit: type=1800 audit(1761163067.575:58): pid=9114 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.8.692" name="/" dev="fuse" ino=1 res=0 errno=0
[  472.995270][   T30] audit: type=1800 audit(1761163067.585:59): pid=9114 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.8.692" name="/" dev="fuse" ino=1 res=0 errno=0
[  477.032644][ T9149] ptrace attach of "./syz-executor exec"[8646] was attempted by "                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              
[  481.504337][ T9194] loop1: detected capacity change from 0 to 1024
[  481.811845][ T9194] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  484.385863][ T5832] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  484.458782][ T9221] loop7: detected capacity change from 0 to 512
[  486.076826][ T9221] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled
[  487.210514][ T9221] EXT4-fs (loop7): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  488.742977][ T9221] ext4 filesystem being mounted at /9/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  489.826007][ T9248] sd 0:0:1:0: device reset
[  491.673808][ T8646] EXT4-fs (loop7): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  494.739671][ T9275] loop8: detected capacity change from 0 to 40427
[  495.046936][ T9275] F2FS-fs (loop8): invalid crc value
[  496.242051][ T9275] F2FS-fs (loop8): f2fs_recover_fsync_data: recovery fsync data, check_only: 1
[  496.391012][ T9275] F2FS-fs (loop8): Mounted with checkpoint version = 48b305e5
[  497.495578][ T8722] syz-executor: attempt to access beyond end of device
[  497.495578][ T8722] loop8: rw=2049, sector=45096, nr_sectors = 8 limit=40427
[  497.585721][ T8722] CPU: 1 UID: 0 PID: 8722 Comm: syz-executor Not tainted syzkaller #0 PREEMPT(full) 
[  497.585774][ T8722] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[  497.585797][ T8722] Call Trace:
[  497.585810][ T8722]  <TASK>
[  497.585824][ T8722]  dump_stack_lvl+0x16c/0x1f0
[  497.585872][ T8722]  f2fs_handle_critical_error+0x624/0x9f0
[  497.585914][ T8722]  ? srso_alias_return_thunk+0x5/0xfbef5
[  497.585960][ T8722]  ? f2fs_build_fault_attr+0x53/0x1f0
[  497.586032][ T8722]  f2fs_write_end_io+0x958/0xcf0
[  497.586083][ T8722]  ? __pfx_f2fs_write_end_io+0x10/0x10
[  497.586134][ T8722]  ? srso_alias_return_thunk+0x5/0xfbef5
[  497.586191][ T8722]  ? __pfx_f2fs_write_end_io+0x10/0x10
[  497.586234][ T8722]  bio_endio+0x713/0x860
[  497.586290][ T8722]  submit_bio_noacct+0x306/0x1f60
[  497.586344][ T8722]  __submit_merged_bio+0x33c/0x770
[  497.586395][ T8722]  __submit_merged_write_cond+0x319/0x3f0
[  497.586458][ T8722]  f2fs_write_cache_pages+0x2067/0x2570
[  497.586543][ T8722]  ? __pfx_f2fs_write_cache_pages+0x10/0x10
[  497.586592][ T8722]  ? srso_alias_return_thunk+0x5/0xfbef5
[  497.586647][ T8722]  ? srso_alias_return_thunk+0x5/0xfbef5
[  497.586691][ T8722]  ? __lock_acquire+0xb8a/0x1c90
[  497.586770][ T8722]  ? srso_alias_return_thunk+0x5/0xfbef5
[  497.586814][ T8722]  ? rcu_is_watching+0x12/0xc0
[  497.586910][ T8722]  ? srso_alias_return_thunk+0x5/0xfbef5
[  497.586955][ T8722]  ? find_held_lock+0x2b/0x80
[  497.587050][ T8722]  ? lockdep_hardirqs_on+0x7c/0x110
[  497.587101][ T8722]  ? srso_alias_return_thunk+0x5/0xfbef5
[  497.587156][ T8722]  f2fs_write_data_pages+0x4ad/0xd90
[  497.587218][ T8722]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[  497.587266][ T8722]  ? srso_alias_return_thunk+0x5/0xfbef5
[  497.587325][ T8722]  ? srso_alias_return_thunk+0x5/0xfbef5
[  497.587376][ T8722]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[  497.587432][ T8722]  do_writepages+0x27a/0x600
[  497.587478][ T8722]  ? __pfx_do_writepages+0x10/0x10
[  497.587519][ T8722]  ? srso_alias_return_thunk+0x5/0xfbef5
[  497.587563][ T8722]  ? _raw_spin_unlock+0x3e/0x50
[  497.587606][ T8722]  filemap_fdatawrite_wbc+0x104/0x160
[  497.587649][ T8722]  __filemap_fdatawrite_range+0xb9/0x100
[  497.587703][ T8722]  ? __pfx___filemap_fdatawrite_range+0x10/0x10
[  497.587830][ T8722]  ? find_held_lock+0x2b/0x80
[  497.587879][ T8722]  ? srso_alias_return_thunk+0x5/0xfbef5
[  497.587926][ T8722]  ? do_raw_spin_unlock+0x172/0x230
[  497.587969][ T8722]  ? srso_alias_return_thunk+0x5/0xfbef5
[  497.588023][ T8722]  f2fs_sync_dirty_inodes+0x2a2/0x980
[  497.588101][ T8722]  block_operations+0x2b0/0xfe0
[  497.588152][ T8722]  ? __pfx_stack_trace_save+0x10/0x10
[  497.588220][ T8722]  ? __pfx_block_operations+0x10/0x10
[  497.588339][ T8722]  ? ktime_get+0x212/0x310
[  497.588396][ T8722]  ? ktime_get+0x221/0x310
[  497.588452][ T8722]  ? ktime_get+0xad/0x310
[  497.588509][ T8722]  ? srso_alias_return_thunk+0x5/0xfbef5
[  497.588554][ T8722]  ? rcu_is_watching+0x12/0xc0
[  497.588610][ T8722]  f2fs_write_checkpoint+0x32b/0x5300
[  497.588666][ T8722]  ? srso_alias_return_thunk+0x5/0xfbef5
[  497.588719][ T8722]  ? kfree+0x2b8/0x6d0
[  497.588767][ T8722]  ? f2fs_stop_gc_thread+0x79/0xd0
[  497.588827][ T8722]  ? _raw_spin_unlock_irqrestore+0x3b/0x80
[  497.588882][ T8722]  kill_f2fs_super+0x3d6/0x490
[  497.588936][ T8722]  ? __pfx_kill_f2fs_super+0x10/0x10
[  497.589011][ T8722]  ? srso_alias_return_thunk+0x5/0xfbef5
[  497.589076][ T8722]  deactivate_locked_super+0xc1/0x1a0
[  497.589132][ T8722]  deactivate_super+0xde/0x100
[  497.589188][ T8722]  cleanup_mnt+0x225/0x450
[  497.589247][ T8722]  task_work_run+0x150/0x240
[  497.589292][ T8722]  ? __pfx_task_work_run+0x10/0x10
[  497.589330][ T8722]  ? srso_alias_return_thunk+0x5/0xfbef5
[  497.589380][ T8722]  ? __pfx___x64_sys_umount+0x10/0x10
[  497.589452][ T8722]  exit_to_user_mode_loop+0xec/0x130
[  497.589495][ T8722]  do_syscall_64+0x426/0xfa0
[  497.589543][ T8722]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  497.589580][ T8722] RIP: 0033:0x7f1f26f902f7
[  497.589610][ T8722] Code: a8 ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 0f 1f 44 00 00 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 a8 ff ff ff f7 d8 64 89 02 b8
[  497.589646][ T8722] RSP: 002b:00007ffe29450268 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6
[  497.589681][ T8722] RAX: 0000000000000000 RBX: 00007f1f27011d7d RCX: 00007f1f26f902f7
[  497.589706][ T8722] RDX: 0000000000000000 RSI: 0000000000000009 RDI: 00007ffe29450320
[  497.589735][ T8722] RBP: 00007ffe29450320 R08: 0000000000000000 R09: 0000000000000000
[  497.589758][ T8722] R10: 00000000ffffffff R11: 0000000000000246 R12: 00007ffe294513b0
[  497.589781][ T8722] R13: 00007f1f27011d7d R14: 000000000007930e R15: 00007ffe294513f0
[  497.589838][ T8722]  </TASK>
[  498.672399][ T8722] F2FS-fs (loop8): Stopped filesystem due to reason: 3
[  500.131802][ T9270] IPVS: starting estimator thread 0...
[  500.239516][ T9301] IPVS: using max 21 ests per chain, 50400 per kthread
[  501.616485][ T9315] loop7: detected capacity change from 0 to 512
[  501.682642][ T9315] EXT4-fs: Ignoring removed bh option
[  501.763413][ T9315] EXT4-fs (loop7): mounting ext3 file system using the ext4 subsystem
[  501.855799][ T9315] EXT4-fs (loop7): 1 truncate cleaned up
[  502.911698][ T9315] EXT4-fs (loop7): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  503.003112][ T9315] overlayfs: upper fs needs to support d_type.
[  503.094276][ T9315] EXT4-fs error (device loop7): ext4_lookup:1787: inode #14: comm syz.7.746: invalid fast symlink length 39
[  503.208903][ T9321] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  503.216389][ T9321] batman_adv: batadv0: Removing interface: batadv_slave_0
[  503.269128][ T9321] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  503.276833][ T9321] batman_adv: batadv0: Removing interface: batadv_slave_1
[  503.382558][ T8646] EXT4-fs error (device loop7): ext4_lookup:1787: inode #14: comm syz-executor: invalid fast symlink length 39
[  503.429877][ T8646] EXT4-fs error (device loop7): ext4_lookup:1787: inode #14: comm syz-executor: invalid fast symlink length 39
[  503.852040][ T9323] netlink: 'syz.8.741': attribute type 3 has an invalid length.
[  503.863114][ T9323] netlink: 'syz.8.741': attribute type 3 has an invalid length.
[  504.101962][ T8646] EXT4-fs (loop7): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  504.267737][ T9330] x_tables: ip6_tables: mh match: only valid for protocol 135
[  505.120539][ T6023] netdevsim netdevsim7 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  505.981513][ T6023] netdevsim netdevsim7 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  506.655585][ T6023] netdevsim netdevsim7 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  506.865236][ T6023] netdevsim netdevsim7 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  507.512440][ T5846] sysfs: cannot create duplicate filename '/devices/virtual/bluetooth/hci2/hci2:201'
[  507.523761][ T5846] CPU: 0 UID: 0 PID: 5846 Comm: kworker/u9:7 Not tainted syzkaller #0 PREEMPT(full) 
[  507.523806][ T5846] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[  507.523832][ T5846] Workqueue: hci2 hci_rx_work
[  507.523878][ T5846] Call Trace:
[  507.523889][ T5846]  <TASK>
[  507.523902][ T5846]  dump_stack_lvl+0x16c/0x1f0
[  507.523947][ T5846]  sysfs_warn_dup+0x7f/0xa0
[  507.523990][ T5846]  sysfs_create_dir_ns+0x24b/0x2b0
[  507.524033][ T5846]  ? __pfx_sysfs_create_dir_ns+0x10/0x10
[  507.524074][ T5846]  ? find_held_lock+0x2b/0x80
[  507.524131][ T5846]  ? srso_alias_return_thunk+0x5/0xfbef5
[  507.524177][ T5846]  ? do_raw_spin_unlock+0x172/0x230
[  507.524224][ T5846]  kobject_add_internal+0x2c4/0x9b0
[  507.524283][ T5846]  kobject_add+0x16e/0x240
[  507.524332][ T5846]  ? __pfx_kobject_add+0x10/0x10
[  507.524385][ T5846]  ? srso_alias_return_thunk+0x5/0xfbef5
[  507.524430][ T5846]  ? do_raw_spin_unlock+0x172/0x230
[  507.524474][ T5846]  ? srso_alias_return_thunk+0x5/0xfbef5
[  507.524519][ T5846]  ? kobject_put+0xab/0x5a0
[  507.524568][ T5846]  ? srso_alias_return_thunk+0x5/0xfbef5
[  507.524625][ T5846]  device_add+0x288/0x1aa0
[  507.524685][ T5846]  ? __pfx_dev_set_name+0x10/0x10
[  507.524721][ T5846]  ? __pfx_device_add+0x10/0x10
[  507.524785][ T5846]  ? srso_alias_return_thunk+0x5/0xfbef5
[  507.524830][ T5846]  ? mgmt_send_event_skb+0x2fb/0x460
[  507.524883][ T5846]  hci_conn_add_sysfs+0x17e/0x230
[  507.524932][ T5846]  le_conn_complete_evt+0x1260/0x2150
[  507.524984][ T5846]  ? __pfx_le_conn_complete_evt+0x10/0x10
[  507.525023][ T5846]  ? srso_alias_return_thunk+0x5/0xfbef5
[  507.525087][ T5846]  hci_le_enh_conn_complete_evt+0x23d/0x380
[  507.525130][ T5846]  ? skb_pull_data+0x166/0x210
[  507.525193][ T5846]  hci_le_meta_evt+0x357/0x5e0
[  507.525236][ T5846]  ? __pfx_hci_le_enh_conn_complete_evt+0x10/0x10
[  507.525284][ T5846]  hci_event_packet+0x685/0x11c0
[  507.525324][ T5846]  ? __pfx_hci_le_meta_evt+0x10/0x10
[  507.525372][ T5846]  ? __pfx_hci_event_packet+0x10/0x10
[  507.525412][ T5846]  ? srso_alias_return_thunk+0x5/0xfbef5
[  507.525461][ T5846]  ? kcov_remote_start+0x3c9/0x6d0
[  507.525510][ T5846]  ? lockdep_hardirqs_on+0x7c/0x110
[  507.525552][ T5846]  ? srso_alias_return_thunk+0x5/0xfbef5
[  507.525610][ T5846]  hci_rx_work+0x2c5/0x16b0
[  507.525655][ T5846]  ? rcu_is_watching+0x12/0xc0
[  507.525713][ T5846]  process_one_work+0x9cf/0x1b70
[  507.525780][ T5846]  ? __pfx_process_one_work+0x10/0x10
[  507.525822][ T5846]  ? srso_alias_return_thunk+0x5/0xfbef5
[  507.525880][ T5846]  ? srso_alias_return_thunk+0x5/0xfbef5
[  507.525925][ T5846]  ? assign_work+0x1a0/0x250
[  507.525968][ T5846]  worker_thread+0x6c8/0xf10
[  507.526032][ T5846]  ? __pfx_worker_thread+0x10/0x10
[  507.526074][ T5846]  kthread+0x3c5/0x780
[  507.526112][ T5846]  ? __pfx_kthread+0x10/0x10
[  507.526152][ T5846]  ? srso_alias_return_thunk+0x5/0xfbef5
[  507.526196][ T5846]  ? rcu_is_watching+0x12/0xc0
[  507.526246][ T5846]  ? __pfx_kthread+0x10/0x10
[  507.526286][ T5846]  ret_from_fork+0x675/0x7d0
[  507.526346][ T5846]  ? __pfx_kthread+0x10/0x10
[  507.526384][ T5846]  ret_from_fork_asm+0x1a/0x30
[  507.526465][ T5846]  </TASK>
[  507.526498][ T5846] kobject: kobject_add_internal failed for hci2:201 with -EEXIST, don't try to register things with the same name in the same directory.
[  507.847326][ T5846] Bluetooth: hci2: failed to register connection device
[  507.868180][ T9355] Bluetooth: hci0: Opcode 0x0c1a failed: -4
[  507.890691][ T9355] Bluetooth: hci4: Opcode 0x0c1a failed: -4
[  507.943352][ T9355] Bluetooth: hci2: Opcode 0x0c1a failed: -4
[  507.972693][ T9355] Bluetooth: hci2: Opcode 0x0406 failed: -4
[  508.013814][ T9355] Bluetooth: hci2: Opcode 0x0406 failed: -4
[  508.096389][ T9355] Bluetooth: hci2: Opcode 0x0406 failed: -4
[  508.159722][ T9355] Bluetooth: hci6: Opcode 0x0c1a failed: -4
[  508.179148][ T9355] Bluetooth: hci6: Opcode 0x0406 failed: -4
[  508.185531][ T6023] bridge_slave_1: left allmulticast mode
[  508.201674][ T9355] Bluetooth: hci6: Opcode 0x0406 failed: -4
[  508.218828][ T6023] bridge_slave_1: left promiscuous mode
[  508.249672][ T6023] bridge0: port 2(bridge_slave_1) entered disabled state
[  508.290011][ T5846] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1
[  508.299280][ T5846] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9
[  508.307382][ T5846] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9
[  508.317986][ T5846] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4
[  508.325928][ T5846] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2
[  508.357795][ T5846] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1
[  508.392018][ T5841] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9
[  508.411261][ T5841] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9
[  508.431501][ T5841] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4
[  508.449701][ T5841] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2
[  508.471001][ T6023] bridge_slave_0: left allmulticast mode
[  508.476741][ T6023] bridge_slave_0: left promiscuous mode
[  508.519678][ T6023] bridge0: port 1(bridge_slave_0) entered disabled state
[  509.969814][ T5841] Bluetooth: hci4: command 0x0c1a tx timeout
[  509.972966][ T8647] Bluetooth: hci2: command 0x0c1a tx timeout
[  510.252397][ T8647] Bluetooth: hci6: command 0x0c1a tx timeout
[  510.378008][ T8647] Bluetooth: hci1: command tx timeout
[  510.786885][ T8647] Bluetooth: hci5: command tx timeout
[  510.833637][ T9389] loop1: detected capacity change from 0 to 256
[  510.844789][ T9389] exFAT-fs (loop1): Volume was not properly unmounted. Some data may be corrupt. Please run fsck.
[  510.855802][ T9389] exFAT-fs (loop1): Medium has reported failures. Some data may be lost.
[  511.016073][ T1296] ieee802154 phy0 wpan0: encryption failed: -22
[  511.022797][ T1296] ieee802154 phy1 wpan1: encryption failed: -22
[  511.217946][ T9389] exFAT-fs (loop1): failed to load upcase table (idx : 0x00010000, chksum : 0xe62de5da, utbl_chksum : 0xe619d30d)
[  511.419466][ T9389] exFAT-fs (loop1): failed to load alloc-bitmap
[  511.469465][ T9389] exFAT-fs (loop1): failed to recognize exfat type
[  512.050164][ T8647] Bluetooth: hci2: command 0x0c1a tx timeout
[  512.161169][ T6023] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  512.199423][ T6023] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  512.254838][ T6023] bond0 (unregistering): Released all slaves
[  512.290190][ T8647] Bluetooth: hci6: command 0x0c1a tx timeout
[  512.449606][ T5841] Bluetooth: hci1: command tx timeout
[  512.850255][ T5841] Bluetooth: hci5: command tx timeout
[  514.139712][ T5841] Bluetooth: hci2: command 0x0c1a tx timeout
[  514.239180][ T6023] hsr_slave_0: left promiscuous mode
[  514.409775][ T5841] Bluetooth: hci6: command 0x0c1a tx timeout
[  514.549413][ T5841] Bluetooth: hci1: command tx timeout
[  514.939683][ T5841] Bluetooth: hci5: command tx timeout
[  515.060676][ T6023] hsr_slave_1: left promiscuous mode
[  515.067287][ T6023] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  515.075530][ T6023] batman_adv: batadv0: Removing interface: batadv_slave_0
[  515.232100][ T6023] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  515.263330][ T6023] batman_adv: batadv0: Removing interface: batadv_slave_1
[  515.363493][ T6023] veth1_macvtap: left promiscuous mode
[  515.369162][ T6023] veth0_macvtap: left promiscuous mode
[  515.375805][ T6023] veth1_vlan: left promiscuous mode
[  515.383542][ T6023] veth0_vlan: left promiscuous mode
[  515.669465][   T30] audit: type=1804 audit(1761163110.675:60): pid=9423 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.1.778" name="/newroot/173/file0" dev="fuse" ino=1 res=1 errno=0
[  515.973706][   T30] audit: type=1804 audit(1761163110.935:61): pid=9423 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz.1.778" name="/newroot/173/file0" dev="fuse" ino=1 res=1 errno=0
[  516.209521][ T5841] Bluetooth: hci2: command 0x0c1a tx timeout
[  516.233551][ T9270] IPVS: starting estimator thread 0...
[  516.321231][ T9429] IPVS: using max 21 ests per chain, 50400 per kthread
[  516.610637][ T5841] Bluetooth: hci1: command tx timeout
[  517.010482][ T5841] Bluetooth: hci5: command tx timeout
[  517.554157][ T6023] team0 (unregistering): Port device team_slave_1 removed
[  517.873298][ T9442] loop8: detected capacity change from 0 to 40427
[  517.980977][ T9442] F2FS-fs (loop8): invalid crc value
[  518.074159][ T9442] F2FS-fs (loop8): f2fs_recover_fsync_data: recovery fsync data, check_only: 1
[  518.088131][ T9442] F2FS-fs (loop8): Mounted with checkpoint version = 48b305e5
[  519.020026][ T8722] syz-executor: attempt to access beyond end of device
[  519.020026][ T8722] loop8: rw=2049, sector=45096, nr_sectors = 8 limit=40427
[  519.074508][ T8722] CPU: 0 UID: 0 PID: 8722 Comm: syz-executor Not tainted syzkaller #0 PREEMPT(full) 
[  519.074556][ T8722] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[  519.074579][ T8722] Call Trace:
[  519.074591][ T8722]  <TASK>
[  519.074604][ T8722]  dump_stack_lvl+0x16c/0x1f0
[  519.074652][ T8722]  f2fs_handle_critical_error+0x624/0x9f0
[  519.074695][ T8722]  ? srso_alias_return_thunk+0x5/0xfbef5
[  519.074747][ T8722]  ? f2fs_build_fault_attr+0x53/0x1f0
[  519.074816][ T8722]  f2fs_write_end_io+0x958/0xcf0
[  519.074863][ T8722]  ? __pfx_f2fs_write_end_io+0x10/0x10
[  519.074911][ T8722]  ? srso_alias_return_thunk+0x5/0xfbef5
[  519.074965][ T8722]  ? __pfx_f2fs_write_end_io+0x10/0x10
[  519.075006][ T8722]  bio_endio+0x713/0x860
[  519.075060][ T8722]  submit_bio_noacct+0x306/0x1f60
[  519.075109][ T8722]  __submit_merged_bio+0x33c/0x770
[  519.075158][ T8722]  __submit_merged_write_cond+0x319/0x3f0
[  519.075212][ T8722]  f2fs_write_cache_pages+0x2067/0x2570
[  519.075291][ T8722]  ? __pfx_f2fs_write_cache_pages+0x10/0x10
[  519.075347][ T8722]  ? srso_alias_return_thunk+0x5/0xfbef5
[  519.075407][ T8722]  ? srso_alias_return_thunk+0x5/0xfbef5
[  519.075451][ T8722]  ? __lock_acquire+0x622/0x1c90
[  519.075553][ T8722]  ? srso_alias_return_thunk+0x5/0xfbef5
[  519.075598][ T8722]  ? find_held_lock+0x2b/0x80
[  519.075681][ T8722]  ? srso_alias_return_thunk+0x5/0xfbef5
[  519.075726][ T8722]  ? mod_memcg_lruvec_state+0x389/0x5f0
[  519.075793][ T8722]  ? srso_alias_return_thunk+0x5/0xfbef5
[  519.075847][ T8722]  f2fs_write_data_pages+0x4ad/0xd90
[  519.075906][ T8722]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[  519.075955][ T8722]  ? srso_alias_return_thunk+0x5/0xfbef5
[  519.076052][ T8722]  ? srso_alias_return_thunk+0x5/0xfbef5
[  519.076113][ T8722]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[  519.076175][ T8722]  do_writepages+0x27a/0x600
[  519.076228][ T8722]  ? __pfx_do_writepages+0x10/0x10
[  519.076271][ T8722]  ? do_raw_spin_unlock+0x172/0x230
[  519.076323][ T8722]  ? srso_alias_return_thunk+0x5/0xfbef5
[  519.076374][ T8722]  ? _raw_spin_unlock+0x28/0x50
[  519.076421][ T8722]  filemap_fdatawrite_wbc+0x104/0x160
[  519.076473][ T8722]  __filemap_fdatawrite_range+0xb9/0x100
[  519.076536][ T8722]  ? __pfx___filemap_fdatawrite_range+0x10/0x10
[  519.076651][ T8722]  ? find_held_lock+0x2b/0x80
[  519.076702][ T8722]  ? srso_alias_return_thunk+0x5/0xfbef5
[  519.076763][ T8722]  ? do_raw_spin_unlock+0x172/0x230
[  519.076809][ T8722]  ? srso_alias_return_thunk+0x5/0xfbef5
[  519.076863][ T8722]  f2fs_sync_dirty_inodes+0x2a2/0x980
[  519.076940][ T8722]  block_operations+0x2b0/0xfe0
[  519.076992][ T8722]  ? __pfx_stack_trace_save+0x10/0x10
[  519.077085][ T8722]  ? __pfx_block_operations+0x10/0x10
[  519.077136][ T8722]  ? srso_alias_return_thunk+0x5/0xfbef5
[  519.077238][ T8722]  ? srso_alias_return_thunk+0x5/0xfbef5
[  519.077286][ T8722]  ? ktime_get+0x200/0x310
[  519.077340][ T8722]  ? srso_alias_return_thunk+0x5/0xfbef5
[  519.077385][ T8722]  ? lockdep_hardirqs_on+0x7c/0x110
[  519.077428][ T8722]  ? srso_alias_return_thunk+0x5/0xfbef5
[  519.077472][ T8722]  ? rcu_is_watching+0x12/0xc0
[  519.077529][ T8722]  f2fs_write_checkpoint+0x32b/0x5300
[  519.077586][ T8722]  ? srso_alias_return_thunk+0x5/0xfbef5
[  519.077638][ T8722]  ? kfree+0x2b8/0x6d0
[  519.077693][ T8722]  ? f2fs_stop_gc_thread+0x79/0xd0
[  519.077754][ T8722]  ? _raw_spin_unlock_irqrestore+0x3b/0x80
[  519.077806][ T8722]  kill_f2fs_super+0x3d6/0x490
[  519.077861][ T8722]  ? __pfx_kill_f2fs_super+0x10/0x10
[  519.077933][ T8722]  ? srso_alias_return_thunk+0x5/0xfbef5
[  519.078001][ T8722]  deactivate_locked_super+0xc1/0x1a0
[  519.078056][ T8722]  deactivate_super+0xde/0x100
[  519.078111][ T8722]  cleanup_mnt+0x225/0x450
[  519.078169][ T8722]  task_work_run+0x150/0x240
[  519.078212][ T8722]  ? __pfx_task_work_run+0x10/0x10
[  519.078251][ T8722]  ? srso_alias_return_thunk+0x5/0xfbef5
[  519.078300][ T8722]  ? __pfx___x64_sys_umount+0x10/0x10
[  519.078371][ T8722]  exit_to_user_mode_loop+0xec/0x130
[  519.078414][ T8722]  do_syscall_64+0x426/0xfa0
[  519.078461][ T8722]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  519.078498][ T8722] RIP: 0033:0x7f1f26f902f7
[  519.078527][ T8722] Code: a8 ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 0f 1f 44 00 00 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 a8 ff ff ff f7 d8 64 89 02 b8
[  519.078565][ T8722] RSP: 002b:00007ffe29450268 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6
[  519.078599][ T8722] RAX: 0000000000000000 RBX: 00007f1f27011d7d RCX: 00007f1f26f902f7
[  519.078624][ T8722] RDX: 0000000000000000 RSI: 0000000000000009 RDI: 00007ffe29450320
[  519.078648][ T8722] RBP: 00007ffe29450320 R08: 0000000000000000 R09: 0000000000000000
[  519.078671][ T8722] R10: 00000000ffffffff R11: 0000000000000246 R12: 00007ffe294513b0
[  519.078695][ T8722] R13: 00007f1f27011d7d R14: 000000000007e8b0 R15: 00007ffe294513f0
[  519.078748][ T8722]  </TASK>
[  519.078761][ T8722] F2FS-fs (loop8): Stopped filesystem due to reason: 3
[  519.674922][ T6023] team0 (unregistering): Port device team_slave_0 removed
[  519.864254][ T8647] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[  519.874055][ T8647] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[  519.886409][ T8647] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[  519.895775][ T8647] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[  519.904169][ T8647] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[  520.882973][ T9459] loop9: detected capacity change from 0 to 512
[  520.921528][ T9459] EXT4-fs: Ignoring removed orlov option
[  520.949072][ T9459] EXT4-fs (loop9): mounting ext3 file system using the ext4 subsystem
[  520.970716][ T9459] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=8042c119, mo2=0002]
[  520.987145][ T9459] EXT4-fs error (device loop9): ext4_iget_extra_inode:5074: inode #15: comm syz.9.789: corrupted in-inode xattr: e_value size too large
[  521.028831][ T9459] EXT4-fs error (device loop9): ext4_orphan_get:1395: comm syz.9.789: couldn't read orphan inode 15 (err -117)
[  521.548154][ T9459] EXT4-fs (loop9): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  521.677431][ T9365] chnl_net:caif_netlink_parms(): no params data found
[  521.874238][ T8844] EXT4-fs (loop9): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  522.291005][ T8647] Bluetooth: hci0: command tx timeout
[  524.907007][ T8647] Bluetooth: hci0: command tx timeout
[  525.855012][ T9360] chnl_net:caif_netlink_parms(): no params data found
[  525.904901][ T9365] bridge0: port 1(bridge_slave_0) entered blocking state
[  525.950357][ T9365] bridge0: port 1(bridge_slave_0) entered disabled state
[  525.958225][ T9365] bridge_slave_0: entered allmulticast mode
[  526.016711][ T9365] bridge_slave_0: entered promiscuous mode
[  526.025511][ T9502] loop1: detected capacity change from 0 to 256
[  526.033685][ T9365] bridge0: port 2(bridge_slave_1) entered blocking state
[  526.050525][ T9365] bridge0: port 2(bridge_slave_1) entered disabled state
[  526.070357][ T9365] bridge_slave_1: entered allmulticast mode
[  526.096884][ T9365] bridge_slave_1: entered promiscuous mode
[  526.160601][ T9502] FAT-fs (loop1): Directory bread(block 64) failed
[  526.414201][ T9508] ptrace attach of "./syz-executor exec"[8722] was attempted by "./syz-executor exec"[9508]
[  526.929491][ T8647] Bluetooth: hci0: command tx timeout
[  527.127577][ T9502] FAT-fs (loop1): Directory bread(block 65) failed
[  527.137295][ T9502] FAT-fs (loop1): Directory bread(block 66) failed
[  527.155656][ T9502] FAT-fs (loop1): Directory bread(block 67) failed
[  527.170883][ T9502] FAT-fs (loop1): Directory bread(block 68) failed
[  527.177424][ T9502] FAT-fs (loop1): Directory bread(block 69) failed
[  527.240571][ T9502] FAT-fs (loop1): Directory bread(block 70) failed
[  527.251008][ T9502] FAT-fs (loop1): Directory bread(block 71) failed
[  527.269633][ T9502] FAT-fs (loop1): Directory bread(block 72) failed
[  527.280008][ T9502] FAT-fs (loop1): Directory bread(block 73) failed
[  528.988996][ T9365] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  529.010285][ T8647] Bluetooth: hci0: command tx timeout
[  529.394268][ T9365] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  529.861078][ T9451] chnl_net:caif_netlink_parms(): no params data found
[  530.793921][ T9360] bridge0: port 1(bridge_slave_0) entered blocking state
[  530.809469][ T9360] bridge0: port 1(bridge_slave_0) entered disabled state
[  530.818375][ T9360] bridge_slave_0: entered allmulticast mode
[  530.837043][ T9360] bridge_slave_0: entered promiscuous mode
[  530.840825][ T9529] Set syz0 is full, maxelem 0 reached
[  530.848629][ T9360] bridge0: port 2(bridge_slave_1) entered blocking state
[  530.860247][ T9360] bridge0: port 2(bridge_slave_1) entered disabled state
[  530.875436][ T9360] bridge_slave_1: entered allmulticast mode
[  530.883910][ T9360] bridge_slave_1: entered promiscuous mode
[  530.901508][ T9365] team0: Port device team_slave_0 added
[  530.914858][ T9365] team0: Port device team_slave_1 added
[  531.114945][ T9537] loop8: detected capacity change from 0 to 64
[  531.364384][   T30] audit: type=1800 audit(1761163126.355:62): pid=9537 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.8.804" name="file7" dev="loop8" ino=31 res=0 errno=0
[  531.506332][ T9531] syzkaller0: entered promiscuous mode
[  531.511915][ T9531] syzkaller0: entered allmulticast mode
[  531.533470][ T9360] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  531.550131][ T9365] batman_adv: batadv0: Adding interface: batadv_slave_0
[  531.560909][ T9365] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  531.599661][ T9365] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  531.631935][ T9365] batman_adv: batadv0: Adding interface: batadv_slave_1
[  531.638886][ T9365] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  531.858900][ T9365] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  532.629851][ T9360] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  532.884458][ T9451] bridge0: port 1(bridge_slave_0) entered blocking state
[  532.911474][ T9451] bridge0: port 1(bridge_slave_0) entered disabled state
[  532.919098][ T9451] bridge_slave_0: entered allmulticast mode
[  532.958467][ T9451] bridge_slave_0: entered promiscuous mode
[  533.023224][ T9360] team0: Port device team_slave_0 added
[  533.055283][ T9451] bridge0: port 2(bridge_slave_1) entered blocking state
[  533.080258][ T9451] bridge0: port 2(bridge_slave_1) entered disabled state
[  533.095216][ T9451] bridge_slave_1: entered allmulticast mode
[  533.104643][ T9451] bridge_slave_1: entered promiscuous mode
[  533.184944][ T9451] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  533.236938][ T9451] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  533.407074][ T9360] team0: Port device team_slave_1 added
[  533.429082][ T9451] team0: Port device team_slave_0 added
[  533.525936][ T9565] loop9: detected capacity change from 0 to 8
[  533.546447][ T9565] MTD: Attempt to mount non-MTD device "/dev/loop9"
[  533.679706][ T9565] cramfs: Error -5 while decompressing!
[  533.685352][ T9565] cramfs: ffffffff9abdf7a8(26)->ffff88806d1c4000(4096)
[  533.692496][ T9565] cramfs: Error -3 while decompressing!
[  533.698114][ T9565] cramfs: ffffffff9abdf7c2(26)->ffff88806d1c5000(4096)
[  533.705118][ T9565] cramfs: Error -3 while decompressing!
[  533.711897][ T9565] cramfs: ffffffff9abdf7dc(16)->ffff888047b60000(4096)
[  533.719103][ T9565] cramfs: Error -5 while decompressing!
[  533.725459][ T9565] cramfs: ffffffff9abdf7a8(26)->ffff88806d1c4000(4096)
[  533.813628][   T30] audit: type=1800 audit(1761163128.745:63): pid=9565 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.9.811" name="file2" dev="loop9" ino=348 res=0 errno=0
[  534.219427][ T8602] udevd[8602]: incorrect cramfs checksum on /dev/loop9
[  534.292528][ T9365] hsr_slave_0: entered promiscuous mode
[  534.299311][ T9365] hsr_slave_1: entered promiscuous mode
[  534.307391][ T9365] debugfs: 'hsr0' already exists in 'hsr'
[  534.313994][ T9365] Cannot create hsr debugfs directory
[  534.317405][ T8602] udevd[8602]: incorrect cramfs checksum on /dev/loop9
[  537.687009][ T9451] team0: Port device team_slave_1 added
[  539.600289][ T9586] loop1: detected capacity change from 0 to 40427
[  539.608106][ T9586] F2FS-fs (loop1): Invalid log_blocksize (268), supports only 12
[  539.616163][ T9586] F2FS-fs (loop1): Can't find valid F2FS filesystem in 1th superblock
[  539.626856][ T9586] F2FS-fs (loop1): invalid crc value
[  539.726281][ T9590] ip6t_REJECT: TCP_RESET illegal for non-tcp
[  539.748011][ T9586] F2FS-fs (loop1): f2fs_recover_fsync_data: recovery fsync data, check_only: 0
[  539.780423][ T9586] F2FS-fs (loop1): Try to recover 1th superblock, ret: 0
[  539.787474][ T9586] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e5
[  540.715347][ T9360] batman_adv: batadv0: Adding interface: batadv_slave_0
[  540.723930][ T9360] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  540.756886][ T9360] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  540.776363][ T9360] batman_adv: batadv0: Adding interface: batadv_slave_1
[  540.783626][ T9360] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  540.810432][ T9360] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  540.854957][ T9451] batman_adv: batadv0: Adding interface: batadv_slave_0
[  540.868919][ T9451] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  540.949573][ T9451] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  541.006568][ T9602] loop8: detected capacity change from 0 to 256
[  541.058064][ T9602] exFAT-fs (loop8): invalid fs_name
[  541.092157][ T9602] exFAT-fs (loop8): failed to read boot sector
[  541.098336][ T9602] exFAT-fs (loop8): failed to recognize exfat type
[  541.211249][ T9451] batman_adv: batadv0: Adding interface: batadv_slave_1
[  541.218232][ T9451] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  541.245598][ T9451] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  541.299277][ T9605] loop9: detected capacity change from 0 to 16
[  541.304736][ T9360] hsr_slave_0: entered promiscuous mode
[  541.312762][ T9360] hsr_slave_1: entered promiscuous mode
[  541.319177][ T9360] debugfs: 'hsr0' already exists in 'hsr'
[  541.325597][ T9360] Cannot create hsr debugfs directory
[  541.326429][ T9605] MTD: Attempt to mount non-MTD device "/dev/loop9"
[  541.528193][ T9451] hsr_slave_0: entered promiscuous mode
[  541.545730][ T9451] hsr_slave_1: entered promiscuous mode
[  541.560519][ T9451] debugfs: 'hsr0' already exists in 'hsr'
[  541.576663][ T9451] Cannot create hsr debugfs directory
[  541.906879][ T9607] loop8: detected capacity change from 0 to 128
[  542.095291][ T9607] EXT4-fs (loop8): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: writeback.
[  542.115081][ T9607] ext4 filesystem being mounted at /36/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  543.002893][ T8722] EXT4-fs (loop8): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09.
[  543.470287][ T9627] input: syz0 as /devices/virtual/input/input6
[  544.700481][ T9037] usb 9-1: new full-speed USB device number 2 using dummy_hcd
[  544.769547][  T975] usb 10-1: new high-speed USB device number 2 using dummy_hcd
[  545.049130][ T9365] netdevsim netdevsim5 netdevsim0: renamed from eth0
[  545.112749][ T9037] usb 9-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 10
[  545.124674][ T9037] usb 9-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  545.134659][ T9037] usb 9-1: New USB device found, idVendor=1e7d, idProduct=2c2e, bcdDevice= 0.00
[  545.143850][ T9037] usb 9-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  545.170645][  T975] usb 10-1: Using ep0 maxpacket: 32
[  545.184867][ T9037] usb 9-1: config 0 descriptor??
[  546.189444][  T975] usb 10-1: config 0 interface 0 altsetting 0 bulk endpoint 0x85 has invalid maxpacket 1024
[  546.216561][ T9365] netdevsim netdevsim5 netdevsim1: renamed from eth1
[  546.221016][  T975] usb 10-1: New USB device found, idVendor=12d8, idProduct=0001, bcdDevice=de.79
[  546.249441][  T975] usb 10-1: New USB device strings: Mfr=1, Product=236, SerialNumber=2
[  547.199793][  T975] usb 10-1: Product: syz
[  547.204216][  T975] usb 10-1: Manufacturer: syz
[  547.208940][  T975] usb 10-1: SerialNumber: syz
[  547.216961][  T975] usb 10-1: config 0 descriptor??
[  547.227566][ T9637] raw-gadget.1 gadget.9: fail, usb_ep_enable returned -22
[  547.263138][ T9365] netdevsim netdevsim5 netdevsim2: renamed from eth2
[  547.439131][ T9365] netdevsim netdevsim5 netdevsim3: renamed from eth3
[  547.700060][  T975] usb 10-1: USB disconnect, device number 2
[  548.901135][ T9037] usbhid 9-1:0.0: can't add hid device: -71
[  548.907195][ T9037] usbhid 9-1:0.0: probe with driver usbhid failed with error -71
[  548.929157][ T9037] usb 9-1: USB disconnect, device number 2
[  550.720317][ T9365] 8021q: adding VLAN 0 to HW filter on device bond0
[  550.799873][   T30] audit: type=1326 audit(1761163145.815:64): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9673 comm="syz.1.841" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7fcbe778efc9 code=0x0
[  551.162237][ T9365] 8021q: adding VLAN 0 to HW filter on device team0
[  552.562518][ T8014] bridge0: port 1(bridge_slave_0) entered blocking state
[  552.569749][ T8014] bridge0: port 1(bridge_slave_0) entered forwarding state
[  553.192318][   T36] bridge0: port 2(bridge_slave_1) entered blocking state
[  553.199693][   T36] bridge0: port 2(bridge_slave_1) entered forwarding state
[  553.518550][ T9365] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network
[  553.529526][ T9365] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[  553.772384][ T9360] netdevsim netdevsim3 netdevsim0: renamed from eth0
[  554.055687][ T9360] netdevsim netdevsim3 netdevsim1: renamed from eth1
[  554.127774][ T9360] netdevsim netdevsim3 netdevsim2: renamed from eth2
[  555.058517][ T9360] netdevsim netdevsim3 netdevsim3: renamed from eth3
[  555.499290][ T9717] loop1: detected capacity change from 0 to 128
[  555.527826][ T9717] FAT-fs (loop1): utf8 is not a recommended IO charset for FAT filesystems, filesystem will be case sensitive!
[  556.441178][ T9717] FAT-fs (loop1): Invalid FSINFO signature: 0x41615252, 0x80417272 (sector = 1)
[  557.276472][ T9726] loop9: detected capacity change from 0 to 512
[  557.292079][ T9451] netdevsim netdevsim6 netdevsim0: renamed from eth0
[  557.320488][ T8012] FAT-fs (loop1): Invalid FSINFO signature: 0x41615252, 0x80417272 (sector = 1)
[  557.354758][ T9726] EXT4-fs error (device loop9): ext4_orphan_get:1392: inode #15: comm syz.9.852: inode has both inline data and extents flags
[  557.380028][ T9726] EXT4-fs error (device loop9): ext4_orphan_get:1395: comm syz.9.852: couldn't read orphan inode 15 (err -117)
[  557.402792][ T9451] netdevsim netdevsim6 netdevsim1: renamed from eth1
[  557.685213][ T9726] EXT4-fs (loop9): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  557.756424][ T9451] netdevsim netdevsim6 netdevsim2: renamed from eth2
[  559.050960][ T9451] netdevsim netdevsim6 netdevsim3: renamed from eth3
[  559.532334][ T9365] 8021q: adding VLAN 0 to HW filter on device batadv0
[  559.615967][ T9360] 8021q: adding VLAN 0 to HW filter on device bond0
[  559.628432][ T8844] EXT4-fs (loop9): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  559.751184][ T9360] 8021q: adding VLAN 0 to HW filter on device team0
[  559.786301][ T9748] loop8: detected capacity change from 0 to 4096
[  559.821072][   T36] bridge0: port 1(bridge_slave_0) entered blocking state
[  559.828256][   T36] bridge0: port 1(bridge_slave_0) entered forwarding state
[  559.856870][   T36] bridge0: port 2(bridge_slave_1) entered blocking state
[  559.864068][   T36] bridge0: port 2(bridge_slave_1) entered forwarding state
[  560.513343][ T9754] NILFS (loop8): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
[  560.601169][   T30] audit: type=1800 audit(1761163155.605:65): pid=9748 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.8.856" name="file1" dev="loop8" ino=15 res=0 errno=0
[  560.772554][ T9451] 8021q: adding VLAN 0 to HW filter on device bond0
[  560.905310][ T9451] 8021q: adding VLAN 0 to HW filter on device team0
[  561.037072][ T8020] bridge0: port 1(bridge_slave_0) entered blocking state
[  561.040743][ T9760] loop9: detected capacity change from 0 to 2048
[  561.044307][ T8020] bridge0: port 1(bridge_slave_0) entered forwarding state
[  561.089234][ T9760] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000)
[  561.112871][ T8020] bridge0: port 2(bridge_slave_1) entered blocking state
[  561.120074][ T8020] bridge0: port 2(bridge_slave_1) entered forwarding state
[  562.608246][ T9365] veth0_vlan: entered promiscuous mode
[  562.947085][ T9365] veth1_vlan: entered promiscuous mode
[  564.235061][ T9365] veth0_macvtap: entered promiscuous mode
[  564.384696][ T9786] loop9: detected capacity change from 0 to 8
[  564.403931][ T9365] veth1_macvtap: entered promiscuous mode
[  564.467560][ T9786] SQUASHFS error: zlib decompression failed, data probably corrupt
[  564.545938][ T9786] SQUASHFS error: Failed to read block 0x9b: -5
[  564.552920][ T9786] SQUASHFS error: Unable to read metadata cache entry [99]
[  564.560234][ T9786] SQUASHFS error: Unable to read inode 0x127
[  564.622433][ T9786] loop9: detected capacity change from 0 to 1024
[  564.624580][ T9360] 8021q: adding VLAN 0 to HW filter on device batadv0
[  565.155091][ T9786] EXT4-fs (loop9): mounted filesystem 00000000-0000-0000-0000-001000000000 r/w without journal. Quota mode: writeback.
[  565.176172][ T9451] 8021q: adding VLAN 0 to HW filter on device batadv0
[  565.433932][ T9365] batman_adv: batadv0: Interface activated: batadv_slave_0
[  565.478990][ T9360] veth0_vlan: entered promiscuous mode
[  565.500606][ T8844] EXT4-fs (loop9): unmounting filesystem 00000000-0000-0000-0000-001000000000.
[  565.533281][ T9365] batman_adv: batadv0: Interface activated: batadv_slave_1
[  565.601997][ T9360] veth1_vlan: entered promiscuous mode
[  565.662956][   T64] netdevsim netdevsim5 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  565.687840][   T64] netdevsim netdevsim5 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  565.718742][ T9804] loop9: detected capacity change from 0 to 1024
[  565.761417][   T64] netdevsim netdevsim5 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  565.790822][ T2999] netdevsim netdevsim5 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  567.140099][ T6127] hfsplus: b-tree write err: -5, ino 4
[  567.243047][ T9360] veth0_macvtap: entered promiscuous mode
[  570.490682][ T9451] veth0_vlan: entered promiscuous mode
[  570.627666][ T9451] veth1_vlan: entered promiscuous mode
[  572.010497][ T9451] veth0_macvtap: entered promiscuous mode
[  572.026712][ T5841] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1
[  572.108584][ T9451] veth1_macvtap: entered promiscuous mode
[  572.143323][ T5841] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9
[  572.275277][ T5841] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9
[  572.345024][ T5841] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4
[  572.358939][ T5841] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2
[  572.379914][ T9451] batman_adv: batadv0: Interface activated: batadv_slave_0
[  572.443788][ T9451] batman_adv: batadv0: Interface activated: batadv_slave_1
[  572.479873][ T1296] ieee802154 phy0 wpan0: encryption failed: -22
[  572.486187][ T1296] ieee802154 phy1 wpan1: encryption failed: -22
[  572.600020][ T8647] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1
[  572.609545][ T8647] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9
[  572.617834][ T8647] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9
[  572.649497][ T8647] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4
[  572.941863][ T8647] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2
[  574.202448][ T9868] netlink: 12 bytes leftover after parsing attributes in process `syz.9.878'.
[  574.288132][ T6023] netdevsim netdevsim6 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  574.307654][ T6023] netdevsim netdevsim6 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  574.529428][ T5841] Bluetooth: hci4: command tx timeout
[  574.592578][ T9869] bridge1: port 1(ip6gretap1) entered blocking state
[  574.600285][ T9869] bridge1: port 1(ip6gretap1) entered disabled state
[  574.611404][ T9869] ip6gretap1: entered allmulticast mode
[  574.638537][ T9869] ip6gretap1: entered promiscuous mode
[  575.039487][ T5841] Bluetooth: hci5: command tx timeout
[  575.812380][ T6023] netdevsim netdevsim6 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  575.839918][ T6023] netdevsim netdevsim6 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  576.009103][ T2999] netdevsim netdevsim5 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  576.180618][ T9876] F2FS-fs (loop3): Magic Mismatch, valid(0xf2f52010) - read(0x0)
[  576.209567][ T9876] F2FS-fs (loop3): Can't find valid F2FS filesystem in 1th superblock
[  576.270383][ T9876] F2FS-fs (loop3): Magic Mismatch, valid(0xf2f52010) - read(0x0)
[  576.368479][ T9876] F2FS-fs (loop3): Can't find valid F2FS filesystem in 2th superblock
[  576.624839][ T5841] Bluetooth: hci4: command tx timeout
[  577.098994][ T5841] Bluetooth: hci5: command tx timeout
[  577.125771][ T9880] mac80211_hwsim hwsim17 wlan0: entered promiscuous mode
[  577.152218][ T9880] A link change request failed with some changes committed already. Interface wlan0 may have been left with an inconsistent configuration, please check.
[  577.273406][ T2999] netdevsim netdevsim5 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  577.458037][ T6127] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  577.474275][ T6127] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  577.655960][ T9895] syz.1.887 calls setitimer() with new_value NULL pointer. Misfeature support will be removed
[  577.839423][ T2999] netdevsim netdevsim5 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  578.896143][ T5841] Bluetooth: hci4: command tx timeout
[  578.902872][ T9895] netlink: 8 bytes leftover after parsing attributes in process `syz.1.887'.
[  579.179701][ T5841] Bluetooth: hci5: command tx timeout
[  580.929670][ T5841] Bluetooth: hci4: command tx timeout
[  580.984578][ T2999] netdevsim netdevsim5 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  581.263551][ T5841] Bluetooth: hci5: command tx timeout
[  583.162746][ T9926] loop8: detected capacity change from 0 to 16
[  583.172075][ T8647] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1
[  583.195870][ T8647] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9
[  583.206154][ T8647] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9
[  583.217839][ T8647] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4
[  583.230352][ T8647] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2
[  583.238888][ T9926] erofs (device loop8): mounted with root inode @ nid 36.
[  586.831901][ T5841] Bluetooth: hci1: command tx timeout
[  587.233003][ T9848] chnl_net:caif_netlink_parms(): no params data found
[  587.737885][ T2999] bridge_slave_1: left allmulticast mode
[  587.768370][ T2999] bridge_slave_1: left promiscuous mode
[  587.791363][ T2999] bridge0: port 2(bridge_slave_1) entered disabled state
[  587.907546][ T2999] bridge_slave_0: left allmulticast mode
[  587.923071][ T2999] bridge_slave_0: left promiscuous mode
[  587.928818][ T2999] bridge0: port 1(bridge_slave_0) entered disabled state
[  588.889392][ T5841] Bluetooth: hci1: command tx timeout
[  591.095920][ T5841] Bluetooth: hci1: command tx timeout
[  593.169674][ T5841] Bluetooth: hci1: command tx timeout
[  595.062254][ T2999] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  595.073925][ T2999] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  595.089876][ T2999] bond0 (unregistering): Released all slaves
[  595.167836][T10010] No such timeout policy "syz0"
[  595.798162][ T9851] chnl_net:caif_netlink_parms(): no params data found
[  597.463749][ T2999] hsr_slave_0: left promiscuous mode
[  597.530857][ T2999] hsr_slave_1: left promiscuous mode
[  597.581342][ T2999] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  597.588745][ T2999] batman_adv: batadv0: Removing interface: batadv_slave_0
[  597.624012][ T2999] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  597.649083][ T2999] batman_adv: batadv0: Removing interface: batadv_slave_1
[  598.090463][T10026] netlink: 24 bytes leftover after parsing attributes in process `syz.1.915'.
[  601.406900][ T2999] veth1_macvtap: left promiscuous mode
[  601.414093][ T2999] veth0_macvtap: left promiscuous mode
[  601.430866][ T2999] veth1_vlan: left promiscuous mode
[  601.436241][ T2999] veth0_vlan: left promiscuous mode
[  602.567310][T10039] netlink: 24 bytes leftover after parsing attributes in process `syz.1.918'.
[  603.014962][T10050] loop8: detected capacity change from 0 to 128
[  603.022994][T10050] FAT-fs (loop8): utf8 is not a recommended IO charset for FAT filesystems, filesystem will be case sensitive!
[  603.059981][T10050] FAT-fs (loop8): Invalid FSINFO signature: 0x41615252, 0x80417272 (sector = 1)
[  603.300966][T10050] vfat filesystem being mounted at /71/bus supports timestamps until 2107-12-31 (0x10391447e)
[  604.149212][ T8020] FAT-fs (loop8): Invalid FSINFO signature: 0x41615252, 0x80417272 (sector = 1)
[  604.357331][ T2999] team0 (unregistering): Port device team_slave_1 removed
[  604.418788][ T2999] team0 (unregistering): Port device team_slave_0 removed
[  607.486651][T10063] mac80211_hwsim hwsim20 wlan0: entered promiscuous mode
[  607.494551][T10063] A link change request failed with some changes committed already. Interface wlan0 may have been left with an inconsistent configuration, please check.
[  608.482970][T10085] netlink: 16 bytes leftover after parsing attributes in process `syz.8.932'.
[  611.852007][ T9848] bridge0: port 1(bridge_slave_0) entered blocking state
[  611.934575][ T9848] bridge0: port 1(bridge_slave_0) entered disabled state
[  612.884145][ T9848] bridge_slave_0: entered allmulticast mode
[  612.892683][ T9848] bridge_slave_0: entered promiscuous mode
[  612.955809][T10108] vhci_hcd vhci_hcd.0: pdev(8) rhport(0) sockfd(4)
[  612.962535][T10108] vhci_hcd vhci_hcd.0: devid(0) speed(4) speed_str(wireless)
[  612.988272][T10113] vhci_hcd: Failed attach request for unsupported USB speed: UNKNOWN
[  613.037617][T10108] vhci_hcd vhci_hcd.0: Device attached
[  613.056711][T10117] vhci_hcd: Failed attach request for unsupported USB speed: UNKNOWN
[  613.081107][T10108] vhci_hcd: Failed attach request for unsupported USB speed: UNKNOWN
[  613.091454][T10108] vhci_hcd: Failed attach request for unsupported USB speed: UNKNOWN
[  613.103713][T10108] vhci_hcd: Failed attach request for unsupported USB speed: UNKNOWN
[  613.117931][T10108] vhci_hcd: Failed attach request for unsupported USB speed: UNKNOWN
[  613.132924][T10108] vhci_hcd: Failed attach request for unsupported USB speed: UNKNOWN
[  613.171531][T10109] vhci_hcd: connection closed
[  613.199696][ T8012] vhci_hcd: stop threads
[  613.209274][ T8012] vhci_hcd: release socket
[  613.216604][ T8012] vhci_hcd: disconnect device
[  613.221939][ T9036] vhci_hcd: vhci_device speed not set
[  613.365754][ T9848] bridge0: port 2(bridge_slave_1) entered blocking state
[  613.373636][ T9848] bridge0: port 2(bridge_slave_1) entered disabled state
[  613.381408][ T9848] bridge_slave_1: entered allmulticast mode
[  613.389640][ T9848] bridge_slave_1: entered promiscuous mode
[  614.337665][ T9851] bridge0: port 1(bridge_slave_0) entered blocking state
[  614.365941][ T9851] bridge0: port 1(bridge_slave_0) entered disabled state
[  614.367375][T10114] loop9: detected capacity change from 0 to 40427
[  614.384348][ T9851] bridge_slave_0: entered allmulticast mode
[  614.391186][T10114] F2FS-fs (loop9): Invalid log_blocksize (268), supports only 12
[  614.399284][T10114] F2FS-fs (loop9): Can't find valid F2FS filesystem in 1th superblock
[  614.403878][ T9851] bridge_slave_0: entered promiscuous mode
[  614.420727][T10114] F2FS-fs (loop9): invalid crc value
[  614.432652][ T9848] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  614.464210][ T9851] bridge0: port 2(bridge_slave_1) entered blocking state
[  614.472079][ T9851] bridge0: port 2(bridge_slave_1) entered disabled state
[  614.517293][ T9851] bridge_slave_1: entered allmulticast mode
[  614.584959][ T9851] bridge_slave_1: entered promiscuous mode
[  614.619234][T10127] overlayfs: option "volatile" is meaningless in a non-upper mount, ignoring it.
[  614.628677][T10127] overlayfs: missing 'lowerdir'
[  615.198185][T10114] F2FS-fs (loop9): f2fs_recover_fsync_data: recovery fsync data, check_only: 0
[  615.314853][ T9848] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  615.338270][T10114] F2FS-fs (loop9): Try to recover 1th superblock, ret: 0
[  616.150779][T10114] F2FS-fs (loop9): Mounted with checkpoint version = 48b305e5
[  616.387043][T10135] netlink: 8 bytes leftover after parsing attributes in process `syz.8.945'.
[  616.938426][ T9851] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  616.974158][T10139] Cannot find set identified by id 0 to match
[  617.765005][ T9851] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  618.847879][ T9848] team0: Port device team_slave_0 added
[  619.071829][ T9848] team0: Port device team_slave_1 added
[  619.303255][ T9927] chnl_net:caif_netlink_parms(): no params data found
[  619.347501][ T9851] team0: Port device team_slave_0 added
[  620.249910][ T9848] batman_adv: batadv0: Adding interface: batadv_slave_0
[  620.256895][ T9848] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  620.324807][ T9848] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  620.358188][ T9851] team0: Port device team_slave_1 added
[  620.391377][ T2999] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  620.414252][T10161] input: syz1 as /devices/virtual/input/input7
[  620.446863][ T9848] batman_adv: batadv0: Adding interface: batadv_slave_1
[  620.485582][ T9848] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  620.606932][ T9848] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  624.022657][ T2999] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  624.704365][ T9851] batman_adv: batadv0: Adding interface: batadv_slave_0
[  625.469673][ T9851] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  625.519408][ T9851] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  625.541868][ T9851] batman_adv: batadv0: Adding interface: batadv_slave_1
[  625.548814][ T9851] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  625.619410][ T9851] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  625.691714][ T9848] hsr_slave_0: entered promiscuous mode
[  625.700267][ T9848] hsr_slave_1: entered promiscuous mode
[  625.707270][ T9848] debugfs: 'hsr0' already exists in 'hsr'
[  625.731637][ T9848] Cannot create hsr debugfs directory
[  626.001319][ T2999] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  627.053734][T10201] netlink: 8 bytes leftover after parsing attributes in process `syz.9.960'.
[  627.267895][   T30] audit: type=1326 audit(3908646870.275:66): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10204 comm="syz.1.963" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fcbe778efc9 code=0x7ffc0000
[  627.311276][ T9927] bridge0: port 1(bridge_slave_0) entered blocking state
[  627.318501][ T9927] bridge0: port 1(bridge_slave_0) entered disabled state
[  627.325478][T10207] netlink: 4 bytes leftover after parsing attributes in process `syz.8.962'.
[  627.327772][ T9927] bridge_slave_0: entered allmulticast mode
[  627.348828][   T30] audit: type=1326 audit(3908646870.305:67): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10204 comm="syz.1.963" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fcbe778efc9 code=0x7ffc0000
[  627.374580][ T9927] bridge_slave_0: entered promiscuous mode
[  627.393637][   T30] audit: type=1326 audit(3908646870.305:68): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10204 comm="syz.1.963" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7fcbe778efc9 code=0x7ffc0000
[  627.419012][   T30] audit: type=1326 audit(3908646870.305:69): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10204 comm="syz.1.963" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fcbe778efc9 code=0x7ffc0000
[  627.425776][T10209] netlink: 12 bytes leftover after parsing attributes in process `syz.8.962'.
[  627.443865][   T30] audit: type=1326 audit(3908646870.305:70): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10204 comm="syz.1.963" exe="/root/syz-executor" sig=0 arch=c000003e syscall=186 compat=0 ip=0x7fcbe778efc9 code=0x7ffc0000
[  627.495941][   T30] audit: type=1326 audit(3908646870.305:71): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10204 comm="syz.1.963" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fcbe778efc9 code=0x7ffc0000
[  627.525286][ T2999] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  627.541104][   T30] audit: type=1326 audit(3908646870.305:72): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10204 comm="syz.1.963" exe="/root/syz-executor" sig=0 arch=c000003e syscall=222 compat=0 ip=0x7fcbe778efc9 code=0x7ffc0000
[  627.630571][   T30] audit: type=1326 audit(3908646870.305:73): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10204 comm="syz.1.963" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fcbe778efc9 code=0x7ffc0000
[  627.697978][ T9851] hsr_slave_0: entered promiscuous mode
[  627.707057][ T9851] hsr_slave_1: entered promiscuous mode
[  627.716608][   T30] audit: type=1326 audit(3908646870.305:74): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10204 comm="syz.1.963" exe="/root/syz-executor" sig=0 arch=c000003e syscall=223 compat=0 ip=0x7fcbe778efc9 code=0x7ffc0000
[  627.750303][ T9851] debugfs: 'hsr0' already exists in 'hsr'
[  627.756414][ T9851] Cannot create hsr debugfs directory
[  627.782742][ T9927] bridge0: port 2(bridge_slave_1) entered blocking state
[  627.792722][   T30] audit: type=1326 audit(3908646870.305:75): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10204 comm="syz.1.963" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fcbe778efc9 code=0x7ffc0000
[  627.827806][ T9927] bridge0: port 2(bridge_slave_1) entered disabled state
[  627.860824][ T9927] bridge_slave_1: entered allmulticast mode
[  627.880924][ T9927] bridge_slave_1: entered promiscuous mode
[  628.123336][T10210] bond1 (unregistering): Released all slaves
[  629.365893][T10211] bridge1: port 1(gretap1) entered blocking state
[  629.383867][T10211] bridge1: port 1(gretap1) entered disabled state
[  629.699046][T10211] gretap1: entered allmulticast mode
[  629.999476][T10211] gretap1: entered promiscuous mode
[  630.590260][ T8647] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[  630.601255][ T8647] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[  631.603224][ T8647] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[  631.620813][ T8647] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[  631.628646][ T8647] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[  632.605371][ T9927] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  632.671798][ T9927] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  632.900375][ T8647] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1
[  632.909815][ T8647] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9
[  632.926857][ T8647] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9
[  632.936655][ T8647] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4
[  632.944615][ T8647] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2
[  633.440698][T10258] No such timeout policy "syz0"
[  633.741585][ T5841] Bluetooth: hci0: command tx timeout
[  634.169037][ T1296] ieee802154 phy0 wpan0: encryption failed: -22
[  634.179479][ T1296] ieee802154 phy1 wpan1: encryption failed: -22
[  634.253267][T10265] loop8: detected capacity change from 0 to 128
[  634.362913][T10265] hpfs: filesystem error: invalid number of hotfixes: 2066844986, used: 2066844985; already mounted read-only
[  634.391173][ T9927] team0: Port device team_slave_0 added
[  634.397608][T10265] hpfs: filesystem error: improperly stopped
[  634.410267][ T9927] team0: Port device team_slave_1 added
[  634.414277][T10265] hpfs: filesystem error: warning: spare dnodes used, try chkdsk
[  634.451380][T10265] hpfs: You really don't want any checks? You are crazy...
[  634.484240][T10265] hpfs: hpfs_map_sector(): read error
[  634.490418][T10265] hpfs: code page support is disabled
[  634.501483][T10265] hpfs: hpfs_map_4sectors(): unaligned read
[  634.513155][ T2999] netdevsim netdevsim6 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  634.524914][T10265] hpfs: hpfs_map_4sectors(): unaligned read
[  634.531907][T10265] hpfs: filesystem error: unable to find root dir
[  634.670540][ T2999] netdevsim netdevsim6 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  634.717958][ T9927] batman_adv: batadv0: Adding interface: batadv_slave_0
[  634.725077][ T9927] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  634.751147][ T9927] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  634.786458][ T9927] batman_adv: batadv0: Adding interface: batadv_slave_1
[  634.793457][ T9927] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  634.819768][ T9927] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  634.852986][ T2999] netdevsim netdevsim6 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  634.935377][ T2999] netdevsim netdevsim6 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  634.985272][ T9927] hsr_slave_0: entered promiscuous mode
[  634.991849][ T9927] hsr_slave_1: entered promiscuous mode
[  634.998069][ T9927] debugfs: 'hsr0' already exists in 'hsr'
[  635.004741][ T9927] Cannot create hsr debugfs directory
[  635.025432][ T5841] Bluetooth: hci4: command tx timeout
[  635.377032][T10227] chnl_net:caif_netlink_parms(): no params data found
[  635.406049][T10252] chnl_net:caif_netlink_parms(): no params data found
[  635.668594][T10227] bridge0: port 1(bridge_slave_0) entered blocking state
[  635.676334][T10227] bridge0: port 1(bridge_slave_0) entered disabled state
[  635.683629][T10227] bridge_slave_0: entered allmulticast mode
[  635.691971][T10227] bridge_slave_0: entered promiscuous mode
[  635.748847][T10227] bridge0: port 2(bridge_slave_1) entered blocking state
[  635.756062][T10227] bridge0: port 2(bridge_slave_1) entered disabled state
[  635.764781][T10227] bridge_slave_1: entered allmulticast mode
[  635.773650][T10227] bridge_slave_1: entered promiscuous mode
[  635.812907][T10252] bridge0: port 1(bridge_slave_0) entered blocking state
[  635.820288][ T5841] Bluetooth: hci0: command tx timeout
[  635.831463][T10252] bridge0: port 1(bridge_slave_0) entered disabled state
[  635.838695][T10252] bridge_slave_0: entered allmulticast mode
[  635.846300][T10252] bridge_slave_0: entered promiscuous mode
[  635.891967][T10227] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  635.905864][T10252] bridge0: port 2(bridge_slave_1) entered blocking state
[  635.913967][T10252] bridge0: port 2(bridge_slave_1) entered disabled state
[  635.922165][T10252] bridge_slave_1: entered allmulticast mode
[  635.930132][T10252] bridge_slave_1: entered promiscuous mode
[  635.970670][T10227] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  636.014944][T10252] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  636.028517][T10252] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  636.058685][T10227] team0: Port device team_slave_0 added
[  636.115816][T10227] team0: Port device team_slave_1 added
[  636.163185][T10252] team0: Port device team_slave_0 added
[  636.173194][T10227] batman_adv: batadv0: Adding interface: batadv_slave_0
[  636.180933][T10227] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  636.207827][T10227] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  636.221999][T10227] batman_adv: batadv0: Adding interface: batadv_slave_1
[  636.228942][T10227] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  636.255065][T10227] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  636.269240][T10252] team0: Port device team_slave_1 added
[  636.403479][ T2999] bridge_slave_1: left allmulticast mode
[  636.409144][ T2999] bridge_slave_1: left promiscuous mode
[  636.415590][ T2999] bridge0: port 2(bridge_slave_1) entered disabled state
[  636.425324][ T2999] bridge_slave_0: left allmulticast mode
[  636.431233][ T2999] bridge_slave_0: left promiscuous mode
[  636.438280][ T2999] bridge0: port 1(bridge_slave_0) entered disabled state
[  636.456651][ T2999] bridge_slave_1: left allmulticast mode
[  636.462432][ T2999] bridge_slave_1: left promiscuous mode
[  636.468123][ T2999] bridge0: port 2(bridge_slave_1) entered disabled state
[  636.478475][ T2999] bridge_slave_0: left allmulticast mode
[  636.485276][ T2999] bridge_slave_0: left promiscuous mode
[  636.491808][ T2999] bridge0: port 1(bridge_slave_0) entered disabled state
[  636.503184][ T2999] bridge_slave_1: left allmulticast mode
[  636.508837][ T2999] bridge_slave_1: left promiscuous mode
[  636.514880][ T2999] bridge0: port 2(bridge_slave_1) entered disabled state
[  636.524994][ T2999] bridge_slave_0: left allmulticast mode
[  636.531037][ T2999] bridge_slave_0: left promiscuous mode
[  636.536739][ T2999] bridge0: port 1(bridge_slave_0) entered disabled state
[  636.786021][ T2999] dvmrp1 (unregistering): left allmulticast mode
[  636.957204][ T2999] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  636.968296][ T2999] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  636.978673][ T2999] bond0 (unregistering): Released all slaves
[  637.090093][ T8647] Bluetooth: hci4: command tx timeout
[  637.186773][ T2999] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  637.198066][ T2999] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  637.208249][ T2999] bond0 (unregistering): Released all slaves
[  637.442907][ T2999] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  637.456724][ T2999] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  637.467076][ T2999] bond0 (unregistering): Released all slaves
[  637.505072][T10227] hsr_slave_0: entered promiscuous mode
[  637.511930][T10227] hsr_slave_1: entered promiscuous mode
[  637.518405][T10227] debugfs: 'hsr0' already exists in 'hsr'
[  637.533431][T10227] Cannot create hsr debugfs directory
[  637.547429][T10252] batman_adv: batadv0: Adding interface: batadv_slave_0
[  637.556633][T10252] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  637.585290][T10252] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  637.600002][T10252] batman_adv: batadv0: Adding interface: batadv_slave_1
[  637.606976][T10252] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  637.639568][T10252] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  637.805878][ T9927] netdevsim netdevsim6 netdevsim0: renamed from eth0
[  637.890359][ T5841] Bluetooth: hci0: command tx timeout
[  637.995744][T10252] hsr_slave_0: entered promiscuous mode
[  638.020546][T10252] hsr_slave_1: entered promiscuous mode
[  638.027012][T10252] debugfs: 'hsr0' already exists in 'hsr'
[  638.049433][T10252] Cannot create hsr debugfs directory
[  638.267044][ T8647] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1
[  638.279563][ T8647] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9
[  638.289204][ T8647] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9
[  638.297983][ T8647] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4
[  638.306674][ T8647] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2
[  638.546439][ T2999] hsr_slave_0: left promiscuous mode
[  638.553783][ T2999] hsr_slave_1: left promiscuous mode
[  638.560605][ T2999] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  638.568283][ T2999] batman_adv: batadv0: Removing interface: batadv_slave_0
[  638.582859][ T2999] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  638.591256][ T2999] batman_adv: batadv0: Removing interface: batadv_slave_1
[  638.603425][ T2999] hsr_slave_0: left promiscuous mode
[  638.609912][ T2999] hsr_slave_1: left promiscuous mode
[  638.615847][ T2999] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  638.623437][ T2999] batman_adv: batadv0: Removing interface: batadv_slave_0
[  638.632576][ T2999] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  638.640157][ T2999] batman_adv: batadv0: Removing interface: batadv_slave_1
[  638.652148][ T2999] hsr_slave_0: left promiscuous mode
[  638.658128][ T2999] hsr_slave_1: left promiscuous mode
[  638.664464][ T2999] batman_adv: batadv0: Removing interface: batadv_slave_0
[  638.673235][ T2999] batman_adv: batadv0: Removing interface: batadv_slave_1
[  638.721884][ T2999] veth1_macvtap: left promiscuous mode
[  638.727440][ T2999] veth0_macvtap: left promiscuous mode
[  638.733479][ T2999] veth0_vlan: left promiscuous mode
[  638.740210][ T2999] veth1_macvtap: left promiscuous mode
[  638.745728][ T2999] veth0_macvtap: left promiscuous mode
[  638.751470][ T2999] veth1_vlan: left promiscuous mode
[  638.756793][ T2999] veth0_vlan: left promiscuous mode
[  638.763400][ T2999] veth0_macvtap: left promiscuous mode
[  638.769000][ T2999] veth1_vlan: left promiscuous mode
[  638.774972][ T2999] veth0_vlan: left promiscuous mode
[  639.169529][ T5841] Bluetooth: hci4: command tx timeout
[  639.346498][ T2999] team0 (unregistering): Port device team_slave_1 removed
[  639.378078][ T2999] team0 (unregistering): Port device team_slave_0 removed
[  639.916381][ T2999] team0 (unregistering): Port device team_slave_1 removed
[  639.948781][ T2999] team0 (unregistering): Port device team_slave_0 removed
[  639.969484][ T5841] Bluetooth: hci0: command tx timeout
[  640.369882][ T5841] Bluetooth: hci5: command tx timeout
[  640.457919][ T2999] team0 (unregistering): Port device team_slave_1 removed
[  640.505737][ T2999] team0 (unregistering): Port device team_slave_0 removed
[  641.113819][T10279] chnl_net:caif_netlink_parms(): no params data found
[  641.249529][ T5841] Bluetooth: hci4: command tx timeout
[  641.264533][T10279] bridge0: port 1(bridge_slave_0) entered blocking state
[  641.272602][T10279] bridge0: port 1(bridge_slave_0) entered disabled state
[  641.281264][T10279] bridge_slave_0: entered allmulticast mode
[  641.288858][T10279] bridge_slave_0: entered promiscuous mode
[  641.298388][T10279] bridge0: port 2(bridge_slave_1) entered blocking state
[  641.307543][T10279] bridge0: port 2(bridge_slave_1) entered disabled state
[  641.315242][T10279] bridge_slave_1: entered allmulticast mode
[  641.323125][T10279] bridge_slave_1: entered promiscuous mode
[  641.381001][T10279] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  641.394978][T10279] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  641.444732][T10279] team0: Port device team_slave_0 added
[  641.454392][T10279] team0: Port device team_slave_1 added
[  641.508282][T10279] batman_adv: batadv0: Adding interface: batadv_slave_0
[  641.515375][T10279] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  641.542405][T10279] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  641.556196][T10279] batman_adv: batadv0: Adding interface: batadv_slave_1
[  641.563371][T10279] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  641.590258][T10279] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  641.704009][T10279] hsr_slave_0: entered promiscuous mode
[  641.712013][T10279] hsr_slave_1: entered promiscuous mode
[  641.718280][T10279] debugfs: 'hsr0' already exists in 'hsr'
[  641.724919][T10279] Cannot create hsr debugfs directory
[  641.781239][T10227] netdevsim netdevsim5 netdevsim0: renamed from eth0
[  641.793019][T10227] netdevsim netdevsim5 netdevsim1: renamed from eth1
[  641.806143][T10227] netdevsim netdevsim5 netdevsim2: renamed from eth2
[  641.851466][T10227] netdevsim netdevsim5 netdevsim3: renamed from eth3
[  641.937582][ T2999] IPVS: stop unused estimator thread 0...
[  642.022421][T10252] netdevsim netdevsim3 netdevsim0: renamed from eth0
[  642.045989][T10252] netdevsim netdevsim3 netdevsim1: renamed from eth1
[  642.092054][T10252] netdevsim netdevsim3 netdevsim2: renamed from eth2
[  642.103592][T10252] netdevsim netdevsim3 netdevsim3: renamed from eth3
[  642.238422][T10227] 8021q: adding VLAN 0 to HW filter on device bond0
[  642.300188][T10227] 8021q: adding VLAN 0 to HW filter on device team0
[  642.321811][   T36] bridge0: port 1(bridge_slave_0) entered blocking state
[  642.328943][   T36] bridge0: port 1(bridge_slave_0) entered forwarding state
[  642.348856][T10252] 8021q: adding VLAN 0 to HW filter on device bond0
[  642.365861][   T36] bridge0: port 2(bridge_slave_1) entered blocking state
[  642.372981][   T36] bridge0: port 2(bridge_slave_1) entered forwarding state
[  642.435481][T10252] 8021q: adding VLAN 0 to HW filter on device team0
[  642.450242][ T5841] Bluetooth: hci5: command tx timeout
[  642.476702][ T6023] bridge0: port 1(bridge_slave_0) entered blocking state
[  642.483867][ T6023] bridge0: port 1(bridge_slave_0) entered forwarding state
[  642.536060][ T6023] bridge0: port 2(bridge_slave_1) entered blocking state
[  642.543231][ T6023] bridge0: port 2(bridge_slave_1) entered forwarding state
[  642.565018][ T2999] bridge_slave_1: left allmulticast mode
[  642.572090][ T2999] bridge_slave_1: left promiscuous mode
[  642.577850][ T2999] bridge0: port 2(bridge_slave_1) entered disabled state
[  642.587300][ T2999] bridge_slave_0: left allmulticast mode
[  642.593454][ T2999] bridge_slave_0: left promiscuous mode
[  642.599160][ T2999] bridge0: port 1(bridge_slave_0) entered disabled state
[  642.617657][ T2999] bridge_slave_1: left allmulticast mode
[  642.623485][ T2999] bridge_slave_1: left promiscuous mode
[  642.629178][ T2999] bridge0: port 2(bridge_slave_1) entered disabled state
[  642.638641][ T2999] bridge_slave_0: left allmulticast mode
[  642.644954][ T2999] bridge_slave_0: left promiscuous mode
[  642.651230][ T2999] bridge0: port 1(bridge_slave_0) entered disabled state
[  642.663617][ T2999] bridge_slave_1: left allmulticast mode
[  642.669248][ T2999] bridge_slave_1: left promiscuous mode
[  642.675255][ T2999] bridge0: port 2(bridge_slave_1) entered disabled state
[  642.684612][ T2999] bridge_slave_0: left allmulticast mode
[  642.691365][ T2999] bridge_slave_0: left promiscuous mode
[  642.697102][ T2999] bridge0: port 1(bridge_slave_0) entered disabled state
[  642.806413][ T2999] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  642.818038][ T2999] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  642.828504][ T2999] bond0 (unregistering): Released all slaves
[  642.956484][ T2999] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  642.968797][ T2999] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  642.982380][ T2999] bond0 (unregistering): Released all slaves
[  643.087466][ T2999] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  643.101845][ T2999] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  643.113443][ T2999] bond0 (unregistering): Released all slaves
[  643.409030][ T2999] hsr_slave_0: left promiscuous mode
[  643.417301][ T2999] hsr_slave_1: left promiscuous mode
[  643.426009][ T2999] batman_adv: batadv0: Removing interface: batadv_slave_0
[  643.438299][ T2999] batman_adv: batadv0: Removing interface: batadv_slave_1
[  643.446563][ T2999] hsr_slave_0: left promiscuous mode
[  643.452827][ T2999] hsr_slave_1: left promiscuous mode
[  643.458781][ T2999] batman_adv: batadv0: Removing interface: batadv_slave_0
[  643.466965][ T2999] batman_adv: batadv0: Removing interface: batadv_slave_1
[  643.476940][ T2999] hsr_slave_0: left promiscuous mode
[  643.483577][ T2999] hsr_slave_1: left promiscuous mode
[  643.489572][ T2999] batman_adv: batadv0: Removing interface: batadv_slave_0
[  643.497279][ T2999] batman_adv: batadv0: Removing interface: batadv_slave_1
[  643.662614][ T2999] team0 (unregistering): Port device team_slave_1 removed
[  643.693481][ T2999] team0 (unregistering): Port device team_slave_0 removed
[  643.903448][ T2999] team0 (unregistering): Port device team_slave_1 removed
[  643.925430][ T2999] team0 (unregistering): Port device team_slave_0 removed
[  644.148051][ T2999] team0 (unregistering): Port device team_slave_1 removed
[  644.174187][ T2999] team0 (unregistering): Port device team_slave_0 removed
[  644.529898][ T5841] Bluetooth: hci5: command tx timeout
[  644.555117][T10227] 8021q: adding VLAN 0 to HW filter on device batadv0
[  644.661884][T10252] 8021q: adding VLAN 0 to HW filter on device batadv0
[  644.675548][T10279] netdevsim netdevsim6 netdevsim0: renamed from eth0
[  644.718862][T10279] netdevsim netdevsim6 netdevsim1: renamed from eth1
[  644.741325][T10279] netdevsim netdevsim6 netdevsim2: renamed from eth2
[  644.763715][T10279] netdevsim netdevsim6 netdevsim3: renamed from eth3
[  644.865130][T10252] veth0_vlan: entered promiscuous mode
[  644.900700][T10252] veth1_vlan: entered promiscuous mode
[  644.988118][T10252] veth0_macvtap: entered promiscuous mode
[  645.020885][T10252] veth1_macvtap: entered promiscuous mode
[  645.051835][T10279] 8021q: adding VLAN 0 to HW filter on device bond0
[  645.084208][T10252] batman_adv: batadv0: Interface activated: batadv_slave_0
[  645.108875][T10252] batman_adv: batadv0: Interface activated: batadv_slave_1
[  645.135541][T10279] 8021q: adding VLAN 0 to HW filter on device team0
[  645.143154][   T50] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  645.152312][   T50] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  645.166317][   T50] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  645.175487][   T50] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  645.226710][ T8022] bridge0: port 1(bridge_slave_0) entered blocking state
[  645.234437][ T8022] bridge0: port 1(bridge_slave_0) entered forwarding state
[  645.245108][ T8022] bridge0: port 2(bridge_slave_1) entered blocking state
[  645.252246][ T8022] bridge0: port 2(bridge_slave_1) entered forwarding state
[  645.394136][T10227] veth0_vlan: entered promiscuous mode
[  645.405840][ T6023] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  645.434912][ T6023] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  645.473457][T10227] veth1_vlan: entered promiscuous mode
[  645.481835][   T36] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  645.492278][   T36] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  645.598696][T10227] veth0_macvtap: entered promiscuous mode
[  645.663763][T10227] veth1_macvtap: entered promiscuous mode
[  645.725157][T10227] batman_adv: batadv0: Interface activated: batadv_slave_0
[  646.083199][T10227] batman_adv: batadv0: Interface activated: batadv_slave_1
[  647.045353][ T5841] Bluetooth: hci5: command tx timeout
[  647.423903][ T8012] netdevsim netdevsim5 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  647.444371][ T8012] netdevsim netdevsim5 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  647.515153][ T8012] netdevsim netdevsim5 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  647.629418][ T8012] netdevsim netdevsim5 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  647.670466][T10279] 8021q: adding VLAN 0 to HW filter on device batadv0
[  647.876562][T10343] netlink: 8 bytes leftover after parsing attributes in process `syz.3.976'.
[  648.785095][ T8014] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  648.873697][ T8014] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  649.268742][ T8012] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  649.299471][ T8012] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  649.476226][T10352] loop9: detected capacity change from 0 to 24
[  649.541052][T10352] MTD: Attempt to mount non-MTD device "/dev/loop9"
[  649.601166][T10352] romfs: bad initial checksum on dev loop9.
[  649.894856][ T8861] udevd[8861]: incorrect romfs checksum on /dev/loop9
[  652.283373][T10378] loop9: detected capacity change from 0 to 512
[  653.705399][T10279] veth0_vlan: entered promiscuous mode
[  653.755654][T10279] veth1_vlan: entered promiscuous mode
[  653.871354][T10279] veth0_macvtap: entered promiscuous mode
[  653.916062][T10279] veth1_macvtap: entered promiscuous mode
[  654.162049][T10279] batman_adv: batadv0: Interface activated: batadv_slave_0
[  654.288617][T10393] hugetlbfs: syz.1.992 (10393): Using mlock ulimits for SHM_HUGETLB is obsolete
[  655.145216][T10279] batman_adv: batadv0: Interface activated: batadv_slave_1
[  655.296567][ T8020] netdevsim netdevsim6 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  655.342312][ T8020] netdevsim netdevsim6 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  655.438964][ T8020] netdevsim netdevsim6 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  655.485430][ T8020] netdevsim netdevsim6 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  659.019463][ T6023] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  659.060155][ T6023] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  659.093108][ T6127] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  659.113070][ T6127] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  659.207682][T10418] Invalid ELF header magic: != ELF
[  664.761485][T10444] netlink: 'syz.9.1009': attribute type 3 has an invalid length.
[  664.769697][T10444] netlink: 'syz.9.1009': attribute type 3 has an invalid length.
[  675.127529][T10508] netlink: 'syz.5.1028': attribute type 3 has an invalid length.
[  675.139521][T10508] netlink: 'syz.5.1028': attribute type 3 has an invalid length.
[  677.569394][ T5841] Bluetooth: hci2: command 0x0c1a tx timeout
[  677.722295][T10517] Bluetooth: hci2: Opcode 0x0c1a failed: -110
[  677.729210][ T5841] sysfs: cannot create duplicate filename '/devices/virtual/bluetooth/hci5/hci5:201'
[  677.740675][ T5841] CPU: 0 UID: 0 PID: 5841 Comm: kworker/u9:4 Not tainted syzkaller #0 PREEMPT(full) 
[  677.740724][ T5841] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[  677.740749][ T5841] Workqueue: hci5 hci_rx_work
[  677.740788][ T5841] Call Trace:
[  677.740799][ T5841]  <TASK>
[  677.740810][ T5841]  dump_stack_lvl+0x16c/0x1f0
[  677.740850][ T5841]  sysfs_warn_dup+0x7f/0xa0
[  677.740890][ T5841]  sysfs_create_dir_ns+0x24b/0x2b0
[  677.740929][ T5841]  ? __pfx_sysfs_create_dir_ns+0x10/0x10
[  677.740963][ T5841]  ? find_held_lock+0x2b/0x80
[  677.741015][ T5841]  ? srso_alias_return_thunk+0x5/0xfbef5
[  677.741057][ T5841]  ? do_raw_spin_unlock+0x172/0x230
[  677.741105][ T5841]  kobject_add_internal+0x2c4/0x9b0
[  677.741158][ T5841]  kobject_add+0x16e/0x240
[  677.741201][ T5841]  ? __pfx_kobject_add+0x10/0x10
[  677.741248][ T5841]  ? srso_alias_return_thunk+0x5/0xfbef5
[  677.741294][ T5841]  ? do_raw_spin_unlock+0x172/0x230
[  677.741339][ T5841]  ? srso_alias_return_thunk+0x5/0xfbef5
[  677.741384][ T5841]  ? kobject_put+0xab/0x5a0
[  677.741433][ T5841]  ? srso_alias_return_thunk+0x5/0xfbef5
[  677.741490][ T5841]  device_add+0x288/0x1aa0
[  677.741551][ T5841]  ? __pfx_dev_set_name+0x10/0x10
[  677.741588][ T5841]  ? __pfx_device_add+0x10/0x10
[  677.741647][ T5841]  ? srso_alias_return_thunk+0x5/0xfbef5
[  677.741694][ T5841]  ? mgmt_send_event_skb+0x2fb/0x460
[  677.741749][ T5841]  hci_conn_add_sysfs+0x17e/0x230
[  677.741800][ T5841]  le_conn_complete_evt+0x1260/0x2150
[  677.741854][ T5841]  ? __pfx_le_conn_complete_evt+0x10/0x10
[  677.741893][ T5841]  ? srso_alias_return_thunk+0x5/0xfbef5
[  677.741959][ T5841]  hci_le_enh_conn_complete_evt+0x23d/0x380
[  677.742005][ T5841]  ? skb_pull_data+0x166/0x210
[  677.742077][ T5841]  hci_le_meta_evt+0x357/0x5e0
[  677.742121][ T5841]  ? __pfx_hci_le_enh_conn_complete_evt+0x10/0x10
[  677.742171][ T5841]  hci_event_packet+0x685/0x11c0
[  677.742211][ T5841]  ? __pfx_hci_le_meta_evt+0x10/0x10
[  677.742259][ T5841]  ? __pfx_hci_event_packet+0x10/0x10
[  677.742299][ T5841]  ? srso_alias_return_thunk+0x5/0xfbef5
[  677.742353][ T5841]  ? kcov_remote_start+0x3c9/0x6d0
[  677.742402][ T5841]  ? lockdep_hardirqs_on+0x7c/0x110
[  677.742445][ T5841]  ? srso_alias_return_thunk+0x5/0xfbef5
[  677.742504][ T5841]  hci_rx_work+0x2c5/0x16b0
[  677.742551][ T5841]  ? rcu_is_watching+0x12/0xc0
[  677.742610][ T5841]  process_one_work+0x9cf/0x1b70
[  677.742673][ T5841]  ? __pfx_process_one_work+0x10/0x10
[  677.742716][ T5841]  ? srso_alias_return_thunk+0x5/0xfbef5
[  677.742774][ T5841]  ? srso_alias_return_thunk+0x5/0xfbef5
[  677.742820][ T5841]  ? assign_work+0x1a0/0x250
[  677.742863][ T5841]  worker_thread+0x6c8/0xf10
[  677.742928][ T5841]  ? __pfx_worker_thread+0x10/0x10
[  677.742971][ T5841]  kthread+0x3c5/0x780
[  677.743009][ T5841]  ? __pfx_kthread+0x10/0x10
[  677.743049][ T5841]  ? srso_alias_return_thunk+0x5/0xfbef5
[  677.743100][ T5841]  ? rcu_is_watching+0x12/0xc0
[  677.743151][ T5841]  ? __pfx_kthread+0x10/0x10
[  677.743192][ T5841]  ret_from_fork+0x675/0x7d0
[  677.743252][ T5841]  ? __pfx_kthread+0x10/0x10
[  677.743292][ T5841]  ret_from_fork_asm+0x1a/0x30
[  677.743374][ T5841]  </TASK>
[  677.743813][ T5841] kobject: kobject_add_internal failed for hci5:201 with -EEXIST, don't try to register things with the same name in the same directory.
[  678.064228][ T5841] Bluetooth: hci5: failed to register connection device
[  678.223383][T10530] Invalid ELF header magic: != ELF
[  679.094034][T10517] Bluetooth: hci6: Opcode 0x0c1a failed: -4
[  679.111831][T10517] Bluetooth: hci0: Opcode 0x0c1a failed: -4
[  679.133415][T10517] Bluetooth: hci0: Opcode 0x0406 failed: -4
[  680.165353][ T8647] Bluetooth: hci6: command 0x0c1a tx timeout
[  680.626623][T10517] Bluetooth: hci0: Opcode 0x0406 failed: -4
[  680.671466][T10517] Bluetooth: hci4: Opcode 0x0c1a failed: -4
[  680.706057][T10517] Bluetooth: hci4: Opcode 0x0406 failed: -4
[  680.715737][T10517] Bluetooth: hci4: Opcode 0x0406 failed: -4
[  680.734789][T10517] Bluetooth: hci5: Opcode 0x0c1a failed: -4
[  680.779574][T10517] Bluetooth: hci5: Opcode 0x0406 failed: -4
[  680.814174][T10517] Bluetooth: hci5: Opcode 0x0406 failed: -4
[  680.918948][T10517] Bluetooth: hci5: Opcode 0x0406 failed: -4
[  681.199339][ T5841] Bluetooth: hci0: command 0x0c1a tx timeout
[  682.689300][    C1] ------------[ cut here ]------------
[  682.695020][    C1] workqueue: cannot queue hci_cmd_timeout on wq hci4
[  682.701823][    C1] WARNING: CPU: 1 PID: 8022 at kernel/workqueue.c:2257 __queue_work+0xd03/0x1160
[  682.710976][    C1] Modules linked in:
[  682.715064][    C1] CPU: 1 UID: 0 PID: 8022 Comm: kworker/u8:20 Not tainted syzkaller #0 PREEMPT(full) 
[  682.724637][    C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[  682.734702][    C1] Workqueue: events_unbound toggle_allocation_gate
[  682.741255][    C1] RIP: 0010:__queue_work+0xd03/0x1160
[  682.746655][    C1] Code: 00 00 fc ff df 48 89 fa 48 c1 ea 03 80 3c 02 00 0f 85 4b 04 00 00 48 8b 75 18 4c 89 fa 48 c7 c7 20 27 8c 8b e8 1e 15 f7 ff 90 <0f> 0b 90 90 e9 2f f7 ff ff e8 bf e1 38 00 90 0f 0b 90 e9 b4 f5 ff
[  682.766285][    C1] RSP: 0018:ffffc90000a08be8 EFLAGS: 00010082
[  682.772369][    C1] RAX: 0000000000000000 RBX: 0000000000000000 RCX: ffffffff817b2ee8
[  682.780357][    C1] RDX: ffff888077135ac0 RSI: ffffffff817b2ef5 RDI: 0000000000000001
[  682.788341][    C1] RBP: ffff888058fa4978 R08: 0000000000000001 R09: 0000000000000000
[  682.796323][    C1] R10: 0000000000000000 R11: 0000000000000001 R12: 1ffff9200014118f
[  682.804304][    C1] R13: 0000000080000101 R14: ffffffff81842990 R15: ffff888031576978
[  682.812292][    C1] FS:  0000000000000000(0000) GS:ffff888124b0c000(0000) knlGS:0000000000000000
[  682.821237][    C1] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  682.827834][    C1] CR2: 0000001b3321cff8 CR3: 000000000e182000 CR4: 0000000000350ef0
[  682.835819][    C1] Call Trace:
[  682.839104][    C1]  <IRQ>
[  682.841959][    C1]  ? srso_alias_return_thunk+0x5/0xfbef5
[  682.847626][    C1]  ? __pfx_delayed_work_timer_fn+0x10/0x10
[  682.853461][    C1]  call_timer_fn+0x19a/0x620
[  682.858103][    C1]  ? __pfx_call_timer_fn+0x10/0x10
[  682.863271][    C1]  ? srso_alias_return_thunk+0x5/0xfbef5
[  682.868939][    C1]  ? __pfx_delayed_work_timer_fn+0x10/0x10
[  682.874778][    C1]  __run_timers+0x569/0x960
[  682.879337][    C1]  ? __pfx___run_timers+0x10/0x10
[  682.884411][    C1]  ? srso_alias_return_thunk+0x5/0xfbef5
[  682.890102][    C1]  run_timer_base+0x114/0x190
[  682.894797][    C1]  ? __pfx_run_timer_base+0x10/0x10
[  682.900038][    C1]  ? srso_alias_return_thunk+0x5/0xfbef5
[  682.905712][    C1]  run_timer_softirq+0x1a/0x40
[  682.910493][    C1]  handle_softirqs+0x219/0x8e0
[  682.915295][    C1]  ? __pfx_handle_softirqs+0x10/0x10
[  682.920610][    C1]  ? srso_alias_return_thunk+0x5/0xfbef5
[  682.926276][    C1]  __irq_exit_rcu+0x109/0x170
[  682.930981][    C1]  irq_exit_rcu+0x9/0x30
[  682.935251][    C1]  sysvec_apic_timer_interrupt+0xa4/0xc0
[  682.940908][    C1]  </IRQ>
[  682.943842][    C1]  <TASK>
[  682.946777][    C1]  asm_sysvec_apic_timer_interrupt+0x1a/0x20
[  682.952782][    C1] RIP: 0010:__text_poke+0x4bc/0xb70
[  682.958003][    C1] Code: 00 48 85 db 0f 85 d2 02 00 00 e8 6f 9d 5c 00 9c 5b 81 e3 00 02 00 00 31 ff 48 89 de e8 cd 98 5c 00 48 85 db 0f 85 a3 05 00 00 <e8> 4f 9d 5c 00 48 8b bc 24 80 00 00 00 e8 b2 ac 00 0a e8 7d fa fd
[  682.977630][    C1] RSP: 0018:ffffc900045e7920 EFLAGS: 00000293
[  682.983712][    C1] RAX: 0000000000000000 RBX: 0000000000000000 RCX: ffffffff81605f7a
[  682.991692][    C1] RDX: ffff888077135ac0 RSI: ffffffff81605f88 RDI: 0000000000000007
[  682.999679][    C1] RBP: ffffffff8219cca5 R08: 0000000000000007 R09: 0000000000000000
[  683.007663][    C1] R10: 0000000000000000 R11: 0000000000000001 R12: 0000000000000ca9
[  683.015645][    C1] R13: ffffffff8e56af80 R14: 0000000000000001 R15: 8000000000000063
[  683.023632][    C1]  ? __kmalloc_node_track_caller_noprof+0xf5/0x8a0
[  683.030183][    C1]  ? __text_poke+0x78a/0xb70
[  683.034794][    C1]  ? __text_poke+0x798/0xb70
[  683.039413][    C1]  ? __pfx_text_poke_memcpy+0x10/0x10
[  683.044838][    C1]  ? __pfx___text_poke+0x10/0x10
[  683.049819][    C1]  ? __kmalloc_node_track_caller_noprof+0xf5/0x8a0
[  683.056378][    C1]  smp_text_poke_batch_finish+0x4f1/0xdb0
[  683.062115][    C1]  ? __pfx_smp_text_poke_batch_finish+0x10/0x10
[  683.068370][    C1]  ? srso_alias_return_thunk+0x5/0xfbef5
[  683.074008][    C1]  ? arch_jump_label_transform_queue+0xc0/0x120
[  683.080270][    C1]  arch_jump_label_transform_apply+0x1c/0x30
[  683.086258][    C1]  jump_label_update+0x376/0x550
[  683.091202][    C1]  static_key_enable_cpuslocked+0x1b7/0x270
[  683.097100][    C1]  static_key_enable+0x1a/0x20
[  683.101871][    C1]  toggle_allocation_gate+0xfa/0x280
[  683.107202][    C1]  ? __pfx_toggle_allocation_gate+0x10/0x10
[  683.113143][    C1]  ? srso_alias_return_thunk+0x5/0xfbef5
[  683.118812][    C1]  ? srso_alias_return_thunk+0x5/0xfbef5
[  683.124481][    C1]  ? rcu_is_watching+0x12/0xc0
[  683.129281][    C1]  ? srso_alias_return_thunk+0x5/0xfbef5
[  683.134947][    C1]  process_one_work+0x9cf/0x1b70
[  683.139939][    C1]  ? __pfx_bond_mii_monitor+0x10/0x10
[  683.145346][    C1]  ? __pfx_process_one_work+0x10/0x10
[  683.150742][    C1]  ? srso_alias_return_thunk+0x5/0xfbef5
[  683.156420][    C1]  ? srso_alias_return_thunk+0x5/0xfbef5
[  683.162079][    C1]  ? assign_work+0x1a0/0x250
[  683.166696][    C1]  worker_thread+0x6c8/0xf10
[  683.171330][    C1]  ? __pfx_worker_thread+0x10/0x10
[  683.176468][    C1]  kthread+0x3c5/0x780
[  683.180564][    C1]  ? __pfx_kthread+0x10/0x10
[  683.185177][    C1]  ? srso_alias_return_thunk+0x5/0xfbef5
[  683.190837][    C1]  ? rcu_is_watching+0x12/0xc0
[  683.195638][    C1]  ? __pfx_kthread+0x10/0x10
[  683.200251][    C1]  ret_from_fork+0x675/0x7d0
[  683.204888][    C1]  ? __pfx_kthread+0x10/0x10
[  683.209500][    C1]  ret_from_fork_asm+0x1a/0x30
[  683.214328][    C1]  </TASK>
[  683.217355][    C1] Kernel panic - not syncing: kernel: panic_on_warn set ...
[  683.224643][    C1] CPU: 1 UID: 0 PID: 8022 Comm: kworker/u8:20 Not tainted syzkaller #0 PREEMPT(full) 
[  683.234206][    C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[  683.244272][    C1] Workqueue: events_unbound toggle_allocation_gate
[  683.250823][    C1] Call Trace:
[  683.254106][    C1]  <IRQ>
[  683.256958][    C1]  dump_stack_lvl+0x3d/0x1f0
[  683.261577][    C1]  vpanic+0x640/0x6f0
[  683.265600][    C1]  ? __queue_work+0xd03/0x1160
[  683.270378][    C1]  panic+0xca/0xd0
[  683.274139][    C1]  ? __pfx_panic+0x10/0x10
[  683.278614][    C1]  ? check_panic_on_warn+0x1f/0xb0
[  683.283772][    C1]  check_panic_on_warn+0xab/0xb0
[  683.288755][    C1]  __warn+0xf6/0x3c0
[  683.292666][    C1]  ? __queue_work+0xd03/0x1160
[  683.297456][    C1]  report_bug+0x3c3/0x580
[  683.301808][    C1]  ? __queue_work+0xd03/0x1160
[  683.306598][    C1]  handle_bug+0x184/0x210
[  683.310960][    C1]  exc_invalid_op+0x17/0x50
[  683.315498][    C1]  asm_exc_invalid_op+0x1a/0x20
[  683.320367][    C1] RIP: 0010:__queue_work+0xd03/0x1160
[  683.325764][    C1] Code: 00 00 fc ff df 48 89 fa 48 c1 ea 03 80 3c 02 00 0f 85 4b 04 00 00 48 8b 75 18 4c 89 fa 48 c7 c7 20 27 8c 8b e8 1e 15 f7 ff 90 <0f> 0b 90 90 e9 2f f7 ff ff e8 bf e1 38 00 90 0f 0b 90 e9 b4 f5 ff
[  683.345390][    C1] RSP: 0018:ffffc90000a08be8 EFLAGS: 00010082
[  683.351478][    C1] RAX: 0000000000000000 RBX: 0000000000000000 RCX: ffffffff817b2ee8
[  683.359459][    C1] RDX: ffff888077135ac0 RSI: ffffffff817b2ef5 RDI: 0000000000000001
[  683.367442][    C1] RBP: ffff888058fa4978 R08: 0000000000000001 R09: 0000000000000000
[  683.375427][    C1] R10: 0000000000000000 R11: 0000000000000001 R12: 1ffff9200014118f
[  683.383407][    C1] R13: 0000000080000101 R14: ffffffff81842990 R15: ffff888031576978
[  683.391391][    C1]  ? __pfx_delayed_work_timer_fn+0x10/0x10
[  683.397235][    C1]  ? __warn_printk+0x198/0x350
[  683.402040][    C1]  ? __warn_printk+0x1a5/0x350
[  683.406853][    C1]  ? __queue_work+0xd02/0x1160
[  683.411647][    C1]  ? srso_alias_return_thunk+0x5/0xfbef5
[  683.417314][    C1]  ? __pfx_delayed_work_timer_fn+0x10/0x10
[  683.423152][    C1]  call_timer_fn+0x19a/0x620
[  683.427791][    C1]  ? __pfx_call_timer_fn+0x10/0x10
[  683.432962][    C1]  ? srso_alias_return_thunk+0x5/0xfbef5
[  683.438629][    C1]  ? __pfx_delayed_work_timer_fn+0x10/0x10
[  683.444468][    C1]  __run_timers+0x569/0x960
[  683.449032][    C1]  ? __pfx___run_timers+0x10/0x10
[  683.454117][    C1]  ? srso_alias_return_thunk+0x5/0xfbef5
[  683.459805][    C1]  run_timer_base+0x114/0x190
[  683.464499][    C1]  ? __pfx_run_timer_base+0x10/0x10
[  683.469738][    C1]  ? srso_alias_return_thunk+0x5/0xfbef5
[  683.475407][    C1]  run_timer_softirq+0x1a/0x40
[  683.480187][    C1]  handle_softirqs+0x219/0x8e0
[  683.484991][    C1]  ? __pfx_handle_softirqs+0x10/0x10
[  683.490312][    C1]  ? srso_alias_return_thunk+0x5/0xfbef5
[  683.495980][    C1]  __irq_exit_rcu+0x109/0x170
[  683.500686][    C1]  irq_exit_rcu+0x9/0x30
[  683.504960][    C1]  sysvec_apic_timer_interrupt+0xa4/0xc0
[  683.510615][    C1]  </IRQ>
[  683.513547][    C1]  <TASK>
[  683.516483][    C1]  asm_sysvec_apic_timer_interrupt+0x1a/0x20
[  683.522487][    C1] RIP: 0010:__text_poke+0x4bc/0xb70
[  683.527711][    C1] Code: 00 48 85 db 0f 85 d2 02 00 00 e8 6f 9d 5c 00 9c 5b 81 e3 00 02 00 00 31 ff 48 89 de e8 cd 98 5c 00 48 85 db 0f 85 a3 05 00 00 <e8> 4f 9d 5c 00 48 8b bc 24 80 00 00 00 e8 b2 ac 00 0a e8 7d fa fd
[  683.547339][    C1] RSP: 0018:ffffc900045e7920 EFLAGS: 00000293
[  683.553424][    C1] RAX: 0000000000000000 RBX: 0000000000000000 RCX: ffffffff81605f7a
[  683.561405][    C1] RDX: ffff888077135ac0 RSI: ffffffff81605f88 RDI: 0000000000000007
[  683.569387][    C1] RBP: ffffffff8219cca5 R08: 0000000000000007 R09: 0000000000000000
[  683.577368][    C1] R10: 0000000000000000 R11: 0000000000000001 R12: 0000000000000ca9
[  683.585350][    C1] R13: ffffffff8e56af80 R14: 0000000000000001 R15: 8000000000000063
[  683.593339][    C1]  ? __kmalloc_node_track_caller_noprof+0xf5/0x8a0
[  683.599892][    C1]  ? __text_poke+0x78a/0xb70
[  683.604508][    C1]  ? __text_poke+0x798/0xb70
[  683.609128][    C1]  ? __pfx_text_poke_memcpy+0x10/0x10
[  683.614541][    C1]  ? __pfx___text_poke+0x10/0x10
[  683.619506][    C1]  ? __kmalloc_node_track_caller_noprof+0xf5/0x8a0
[  683.626060][    C1]  smp_text_poke_batch_finish+0x4f1/0xdb0
[  683.631832][    C1]  ? __pfx_smp_text_poke_batch_finish+0x10/0x10
[  683.638115][    C1]  ? srso_alias_return_thunk+0x5/0xfbef5
[  683.643776][    C1]  ? arch_jump_label_transform_queue+0xc0/0x120
[  683.650072][    C1]  arch_jump_label_transform_apply+0x1c/0x30
[  683.656088][    C1]  jump_label_update+0x376/0x550
[  683.661054][    C1]  static_key_enable_cpuslocked+0x1b7/0x270
[  683.666982][    C1]  static_key_enable+0x1a/0x20
[  683.671770][    C1]  toggle_allocation_gate+0xfa/0x280
[  683.677100][    C1]  ? __pfx_toggle_allocation_gate+0x10/0x10
[  683.683044][    C1]  ? srso_alias_return_thunk+0x5/0xfbef5
[  683.688722][    C1]  ? srso_alias_return_thunk+0x5/0xfbef5
[  683.694385][    C1]  ? rcu_is_watching+0x12/0xc0
[  683.699186][    C1]  ? srso_alias_return_thunk+0x5/0xfbef5
[  683.704858][    C1]  process_one_work+0x9cf/0x1b70
[  683.709837][    C1]  ? __pfx_bond_mii_monitor+0x10/0x10
[  683.715244][    C1]  ? __pfx_process_one_work+0x10/0x10
[  683.720641][    C1]  ? srso_alias_return_thunk+0x5/0xfbef5
[  683.726314][    C1]  ? srso_alias_return_thunk+0x5/0xfbef5
[  683.731982][    C1]  ? assign_work+0x1a0/0x250
[  683.736598][    C1]  worker_thread+0x6c8/0xf10
[  683.741236][    C1]  ? __pfx_worker_thread+0x10/0x10
[  683.746372][    C1]  kthread+0x3c5/0x780
[  683.750464][    C1]  ? __pfx_kthread+0x10/0x10
[  683.755082][    C1]  ? srso_alias_return_thunk+0x5/0xfbef5
[  683.760742][    C1]  ? rcu_is_watching+0x12/0xc0
[  683.765542][    C1]  ? __pfx_kthread+0x10/0x10
[  683.770156][    C1]  ret_from_fork+0x675/0x7d0
[  683.774788][    C1]  ? __pfx_kthread+0x10/0x10
[  683.779403][    C1]  ret_from_fork_asm+0x1a/0x30
[  683.784232][    C1]  </TASK>
[  683.788258][    C1] Kernel Offset: disabled
[  683.792576][    C1] Rebooting in 86400 seconds..