last executing test programs:

7.150018629s ago: executing program 1 (id=42):
r0 = msgget$private(0x0, 0x193)
msgsnd(r0, &(0x7f0000000040)=ANY=[@ANYBLOB="01"], 0x8, 0x0)
msgrcv(r0, 0x0, 0x0, 0x1, 0x2800)

6.90437573s ago: executing program 1 (id=43):
r0 = syz_open_dev$loop(&(0x7f0000000180), 0x6, 0x4000)
ioctl$BLKBSZSET(r0, 0x40081271, &(0x7f00000001c0)=0x400)

6.647908975s ago: executing program 1 (id=45):
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0x2, 0x4, 0x1, 0xbf22}, 0x48)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000500)={{r0, <r1=>0xffffffffffffffff}, &(0x7f00000001c0), &(0x7f0000000400)}, 0x20)
bpf$MAP_LOOKUP_BATCH(0x18, &(0x7f0000000640)={0x0, 0x0, 0x0, 0x0, 0xffffd6c4, r1, 0x4, 0x20}, 0x38)

6.122516535s ago: executing program 1 (id=51):
syz_mount_image$hfsplus(&(0x7f0000001140), &(0x7f00000004c0)='./file1\x00', 0x804c10, &(0x7f0000000180)=ANY=[], 0xfe, 0x66b, &(0x7f0000001180)="$eJzs3c1vHGcdB/DvbDZ2Ni3BTZM2oEq1GgkQFolf5IK5YBBCPlSoKgfOVuI0VjZpsV3kVog6vF576B9QDr4gTkjcIxUOXODWG/KxEhKXXjCnRTuetdfrl66TxrtpP59o93lmnplnfs/vmZl9saIN8IW1MJH6gxRZmHhlvb28tTnT3NqcudupJxlNspHUk9SSFP9ttVofJvNJsdtN0VMe8P7y3GsffbL18c5SvXqU29eO269Htd1Gz+qNzrrxJGeq8hHs6+/GI/dX7EY+n+RqVcLAnU3S2udnf396t6VL47C9z51KjMDjVey8bh4wlpyvLvT2+4DOK2/tdKPr32if2/W+gwAAAIAnTT+fgb+8ne2sFxdOIRwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAD4XNjY+/3/onrUOvXxFJ3f/x+p1qWqD5cXT7b5g8cVBwAAAAAAAACcohe3s531XOgst4ryb/4vlQuXyuen8lZWs5SVXMt6FrOWtaxkKslYV0cj64traytTfew5feie058S6GhVNj6bcQMAAAAAAADA58yvsrD3938AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABgGRXJmp0hxv2v1WGr1JOeSjLRXbCT/7NSfZA8GHQAAAACcgtFkO+u50FluFbmU5LnyO4BzeSv3spblrKWZpdwsvxfY+dRf29qcaW5tztxtPw72+/3/nCiMssfsfPdw+JGvlFs0civL5ZpruZE30szN1Mo9265U8XR67Ynrfjum4nuVPiO7WZXtkb9XlQe8e6LBHuWEX6aMlRk5u5uRySq2djae6czM4TN0wtnpPdJUarvBXuo50sj+wTxUzs9XZXs8vzsq5wPRm4nprrPvueNznnz9L3/66WRVH54h9edMVbbK58bBTMx0ZeL5fjJxu3nvzu1bqxNPWiYOmCwzcXl3eSE/yk8ykfG8mpUs5+dZzFqWMp4flrXFavKLrkv+iEzN71t69dMiGanO0J3JOllML5X7Xshyfpw3cjNLebn8N52pfDuzmc1c1wxfPn6Gy6u+tu+q35vm1pcODf7qN6pKI8nvq3I4tPP6TFdeu++5Y2Vb95q9LF3sI0snvDfWv1pV2sf4dVUOh95MTHVl4tnjM/GH8ray2rx3Z+X24pv9He7ie1WlfWb9NhkfnhtJ+3y52J6scmn/2dFue/bQtqmy7dJuW+1A2+Xdtp0rdePIK3Wkeg93sKfpsu35Q9tmyrYrXW2Hvd8CYOid/+b5kca/G/9ofND4TeN245VzPxj9zugLIzn717PfrU+e+VrtheLP+SC/3Pv8DwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPLzVt9+5s9hsLq30VFqt1rtHNPVZqVdHeMjdH6GS8X891T7yIU2dnzM7xXi+8nRyemMf1sr/Wq1WtaY4Yps//m1oEtWqDEXqBlQZ3D0JOB3X1+6+eX317Xe+tXx38fWl15fuzc3Ozk3Ozb48c/3WcnNpcud50FECj8Pei/6gIwEAAAAAAAAAAAD6dRr/nWDQYwQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACebAsTqT9IkanJa5Pt5a3NmWb70anvbVlPUktS/CIpPkzmi6phrKu74qjjvL8899pHn2x9vNdXvbN97bj9+rNRPTKe5MxOef+z6u9GVR6rOG4Ixe4I55NcrUoYuP8HAAD//xokBkA=")
ioperm(0x0, 0x2, 0x7e)
mknod$loop(&(0x7f0000000000)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x20, 0x1)
r0 = syz_open_dev$tty1(0xc, 0x4, 0x1)
ioctl$KDSIGACCEPT(r0, 0x5607, 0x4)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x2a, 0xa9}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000240)=0x7)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
preadv2(0xffffffffffffffff, 0x0, 0x0, 0x7, 0x1, 0x20)
ioctl$KDSKBLED(r0, 0x4b65, 0x200)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
r4 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000080)='io.stat\x00', 0x0, 0x0)
ioctl$SIOCSIFHWADDR(r4, 0x8924, 0x0)
r5 = syz_open_dev$usbfs(&(0x7f0000000100), 0x77, 0x101301)
ioctl$USBDEVFS_CONTROL(r5, 0xc0105500, &(0x7f0000000040)={0x0, 0x1, 0x1, 0x957, 0x0, 0x5, 0x0})
io_uring_setup(0xcb5, &(0x7f0000000000)={0x0, 0x24bb, 0x8, 0x3, 0x142})
epoll_create1(0x80000)
ioctl$VT_ACTIVATE(r0, 0x5606, 0x4)
syz_emit_vhci(&(0x7f0000000000)=ANY=[@ANYBLOB="040e05405a0c"], 0x8)
creat(&(0x7f0000000000)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x182)
rename(&(0x7f0000000580)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', &(0x7f00000002c0)='./file1\x00')

5.433091991s ago: executing program 2 (id=56):
ioctl$SIOCSIFHWADDR(0xffffffffffffffff, 0x8b34, &(0x7f0000000000)={'wlan1\x00', @random="000300000020"})
syz_open_procfs(0x0, 0x0)
keyctl$session_to_parent(0x12)
keyctl$session_to_parent(0x12)
mount(0x0, 0x0, 0x0, 0x5000, 0x0)
add_key$fscrypt_provisioning(&(0x7f0000032180), 0x0, 0x0, 0x0, 0xfffffffffffffffd)
keyctl$session_to_parent(0x12)

5.328110819s ago: executing program 3 (id=58):
r0 = syz_open_dev$sndpcmp(&(0x7f0000000b00), 0x0, 0x0)
ioctl$SNDRV_PCM_IOCTL_HW_REFINE(r0, 0xc2604110, &(0x7f0000000700)={0x7, [[0x9ef8], [0x10000, 0x6, 0xffffffff, 0x0, 0x0, 0x0, 0x0, 0xffffffff], [0x7, 0x0, 0x0, 0x0, 0xca, 0x0, 0x0, 0x60000]], '\x00', [{0x3}, {0x2, 0xfffffffe}, {0x0, 0x1}, {0x0, 0x80000000}, {0x3, 0x9, 0x0, 0x1, 0x1}, {0x18, 0x7f}, {}, {0x2, 0x6}, {0x0, 0x100}, {0x0, 0xfffffffe}, {0xd, 0x12}, {0x3}], '\x00', 0x1000})

4.701427926s ago: executing program 3 (id=60):
fanotify_mark(0xffffffffffffffff, 0x39, 0x1a, 0xffffffffffffffff, 0x0)
syz_mount_image$ext4(&(0x7f0000000640)='ext4\x00', &(0x7f0000000680)='./file0\x00', 0x0, &(0x7f00000006c0), 0x1, 0x603, &(0x7f0000000700)="$eJzs3V1oXGkZAOD3TH5q29hUEcFepVgwaJ00P5YGFFuvhFqpraCoWGMy+SGTTEwm0ASkahEKCu2FqCAWcqGCKAQU7wT1yp8L/9iLdpdCFxZ2C6FLt7AXe5HlTGbS6WaaNJs0Z+k8D5z2+76Zk+898/Y9nfP1dCaAptWV/pKL+EhE3EgiOusea43qg11rz1vqXx5PtyRWVy/eTyJJ9+lfHq89P6n+frC6W3dE/O2HEWfbN847t7A4OVQsFmar/Z7y1EzP3MLiJyemhsYKY4XpvoETg4ODA/2DJ3btWH/2u1+//vGvfO5/V39w9vcr/7j6zSROR0f1sfrj2C1d0VV9TdridP0DScTJ3Z4sY7msA2DbTvYcO95SrfO2SM8BndFSrfrSL7/xoDP+eftJ+y6/efO1vYwV2H1XImIVaFKJ+ocmVXsfkF7/1ra9eu/xmx/v1Uw8ycqZtQvAG9W1naX1/LeurQ3F+yrXhgfeSKpXhmuS2trRDtzKpz/j/gf/k//zn9ItntE6DO9Nyy9nHQFZah/IOgKydORLWUdAlv59LesIyNL/V7KOgCxduJh1BGTpi8/bP4KzLb+4n3UE/OVMRBxvtP6XW1//iQbrPwcjYqd35vzxSERXvPDz+rGN6z+5ezuchk2snIn4dN29XUt1+a863FLtvT/tRFsyOlEspLk/FBHd0bYv7fduMseLx/7++UbjX72b5v/mhdr6X7ql89fWAqtx3Gvd9/h+I0PloZ0eN2tWvh9xpLVR/pP1+k8a1H/65+H8U85Rul663mj80K00/7+6unn+eZZWlyI+1rD+k/XnJJvfn9lTOR/01M4KG1347ytzjcZPHU3z/+BT8p+dtP4PbJ7/yvl//X7dhpnc3GfHOm80Gr/7ozT/b3373Zz/25MvVwKs3Vp8eahcnu2NaE++sHG8b/sxP69qr0ft9Urz3/3Rxn//b3b+3x8R33rKOf/63buvNhr/2mSa/399Xf1nJ83/yBb1nzxW/9tvnP/M0SuN5v7waJr/U/u3rv+BSjDd1RHv/7b2tAnKOk4AAAAAAAAAAAAAAAAAAAAAAIBmk4uIjkhy+fV2LpfPr32+74fiQK5Ymit/YrQ0Pz0Sle/KPhxtudonPXbWfR5sb6X9qN/3jn5/RHwgIq617K/088Ol4kjWBw9NqiPizh++M9zgm/kBAAAAAAAAAAAAAAAAAICsHHzC//9PvdSSdXTAs9ARcWf0Jy3fS9sP1Tk0lbT+f/tw6myof2g66h+al/qH5qX+oXmpf2he6h+al/qH5qX+oXmpf2he9fUPAAAAADyfzp87l26rS/3L42l/ujQ2MTk+M9h3Ij81P5wfLs3O5MdKpbHKN/ZPbf3ziqXSTG9fzF/uKRfmyj1zC4uXpkrz0+VLE1NDY4VLhbY9OCZga7d/OjCedQwAAAAAAAAAAAAAAAAAAMAjcwuLk0PFYmFWQ0NDY72R9ZkJAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB55OwAA//8t2VDh")
bpf$MAP_CREATE(0x0, &(0x7f00000008c0)=ANY=[@ANYBLOB='\n\x00\x00'], 0x48)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$BPF_LINK_CREATE_XDP(0x1c, 0x0, 0x0)
r0 = openat(0xffffffffffffff9c, &(0x7f00000000c0)='./file1\x00', 0x8042, 0x108)
fcntl$setlease(r0, 0x400, 0x0)
link(&(0x7f0000000200)='./file1\x00', &(0x7f0000000300)='./bus\x00')

4.648012464s ago: executing program 2 (id=61):
r0 = io_uring_setup(0x2c93, &(0x7f0000000100)={0x0, 0xf0ce, 0x3480, 0xfffffffc, 0x14})
ppoll(0x0, 0x0, 0x0, 0x0, 0x0)
io_uring_enter(r0, 0xffffffff, 0xcb, 0xf, 0x0, 0x0)

4.618073917s ago: executing program 0 (id=62):
r0 = openat$udambuf(0xffffffffffffff9c, &(0x7f0000000040), 0x2)
r1 = memfd_create(&(0x7f0000000140)='y\x105\xfb\xf7u\x83%:r\xc2\xb9x\xa4q\xc1\xea_\x8cZ7\xcda\x9b\x11X\x0e\xa1\xcf\x1a\x98S7\xc9\x00'/47, 0x2)
ftruncate(r1, 0x6)
fcntl$addseals(r1, 0x409, 0x7)
ioctl$UDMABUF_CREATE(r0, 0x40187542, &(0x7f0000000000)={r1, 0x0, 0x0, 0x8000})

4.440974309s ago: executing program 0 (id=63):
r0 = syz_init_net_socket$bt_hidp(0x1f, 0x3, 0x6)
ioctl$sock_bt_hidp_HIDPGETCONNINFO(r0, 0x800448d3, &(0x7f0000000c40)={@any, 0x1, 0x6, 0x8, 0x6, 0x1c1, "4c7798043c9b1c1353c0fe0979cec9065b40cb6f2227854c78aeeef95ae2aceb7836997b64da363159248529b6ed58bde28d3b3f312a0d4509433367b9e8c9602789535df28af3766864b891e006908dc0dc22571a38d336f702d36dd6dd82cc129b5b74078dcff03bf378b53b1bdf017b85730b3a72688622b621e352301fb8"})

4.36430468s ago: executing program 4 (id=64):
pipe2(&(0x7f0000000040)={0xffffffffffffffff, <r0=>0xffffffffffffffff}, 0x84000)
tee(r0, r0, 0x9, 0x0)

4.290332402s ago: executing program 0 (id=65):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r0}, 0x10)
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000340)={&(0x7f0000000440)=ANY=[@ANYBLOB], &(0x7f0000001f40)=""/4089, 0x3e, 0xff9, 0xa, 0x5}, 0x28)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x7, 0x100}, 0x0)
syz_mount_image$ext4(&(0x7f0000000140)='ext4\x00', &(0x7f0000000100)='./file1\x00', 0x1000c1f, &(0x7f0000000200)={[{@mblk_io_submit}, {@norecovery}, {@orlov}, {@test_dummy_encryption}, {@sysvgroups}, {@nouid32}, {@debug_want_extra_isize={'debug_want_extra_isize', 0x3d, 0x8}}, {@data_ordered}, {@barrier_val={'barrier', 0x3d, 0x80000001}}]}, 0x4, 0x5cd, &(0x7f0000001400)="$eJzs3c9PHFUcAPDvDAsUUMHGROvBEI22iRYKbU39cWjvTVN/3LyIhTa1tCUFo1QTaVI9mBgvHpp48mD9L7TRqycTDx68eDJNqjG9aIxZM/sDlmUXFsoylfl8kum+N2/gvSl8mTdv3tsNoLBGs3/SiH0RMZdEDDeUlaJWOFo97u6fH5zJtiTK5df+SOKZ2r768Untdaj2xf8OR/z4XRJ7e9bWO7949cLU7OzMlVp+fOHi3Pj84tWD5y9OnZs5N3Np8vnJY0ePHD02ceiezi9tSJ+8/va7w5+ceuOrL/5JJr7+5VQSx+P3s9WyxvPYLqMxGn+Vyx8278/+X49td2U56Vn+PVmRNO/g/pVUY6Q3Ih6N4ehp+GkOx0ev5No2oKvKSUQZKKhE/ENB1fsB9Xv7zu6D0y73SoCdcOdEVO7+18Z/qTo2GCOVsYHBu8mqcZ4WQ3pbktXxw/enrmdbdGkcDmht6Vp/LdUc/0klNkdiTyU3eDddFf9ZD+B07TXb/+oW6x9tyot/2DlL1yLisVb9/43j/82G+H9ri/WLfwAAAAAAANg+t05ExHOtnv+ltWdze+LJxvk/P62sEDy+DfVv/Pwvvb0N1QAt3DkR8fLq+b9J0yEjPbXn/A9WZwMmZ8/PzhyKiIci4kD09mf5iXXqOPjp3hvtyhrn/2Vb1ob6XMCq9Hapf/XXTE8tTG31fIEVd65FPF5qP/8n5kqVdf3N83+zvwdzHdax9+mbp9uVbRz/QLeUv4zY33L9z0o3IFn//TnGK/2B8XqvYK0n3v/sm3b1i3/IT3b9H1w//keSxvfrmd/c9++LiMOLpXK78rbxv9zZaN3/70te76l//8x7UwsLVyYi+pKTa/dPbq7NsFvV46EeL1n8H3hq/fG/5f5/QxwORMRSh3UOxNCv7cpc/yE/WfxPb+r6v/nE5M2Rb9vV39n435HKNf1AbY/xP1hfpwGadzsBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA4P8ojYgHIknHltNpOjYWMRQRj8RgOnt5fuHZs5ffuTSdlVU+/z+tf9LvcDWf1D//f6QhP9mUPxwRD0fE5z0DlfzYmcuz03mfPAAAAAAAAAAAAAAAAAAAANwnhtqs/8/81pN364CuK9VexTsUTynvBgC5Ef9QXOIfikv8Q3GJfyiuLca/xwWwC7j+Q1H1dnbYnm63A8hDp9f/gS63AwAAAAAA2Ba3XnrhRhIRSy8OVLZMX61s+cGgcX/YldK8GwDkxhxeKC5Tf6G4Opz8C+xiyXLq73Kr8vaz/5PuNAgAAAAAAAAAAAAAWGP/vls/b7j+H9iVrP+H4lq1/r8/v3YAO8/6fygu9/jARqv4rf8HAAAAAAAAAAAAgPzNL169MDU7O3OlIIn6esf7pT0S6yR6I6LdMfVf4Huv6/DHrYqSXAOkL//w3Pm/RQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAQGv/BQAA//9qrhqf")
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000940))
openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180))
prctl$PR_SET_MM_MAP(0x23, 0xe, &(0x7f0000000080)={&(0x7f0000ff7000/0x1000)=nil, &(0x7f0000ff1000/0xf000)=nil, &(0x7f0000ff1000/0x2000)=nil, &(0x7f0000ff5000/0x3000)=nil, &(0x7f0000ff8000/0x4000)=nil, &(0x7f0000ff8000/0x3000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ff5000/0x1000)=nil, &(0x7f0000ffa000/0x1000)=nil, &(0x7f0000ffa000/0x2000)=nil, 0x0}, 0x68)
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, 0x0}, 0x24004045)
syz_mount_image$exfat(0x0, &(0x7f0000000100)='./bus\x00', 0x4800, 0x0, 0x0, 0x0, &(0x7f0000000240))
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000000)={0x1, &(0x7f0000000140)=[{0x200, 0x77, 0x4, 0x8f}]})
prctl$PR_SET_MM_MAP(0x23, 0xe, &(0x7f0000000080)={&(0x7f0000ff0000/0x1000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ff8000/0x4000)=nil, &(0x7f0000ff8000/0x3000)=nil, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffd000/0x1000)=nil, &(0x7f0000ffa000/0x1000)=nil, &(0x7f0000ffa000/0x2000)=nil, 0x0}, 0x68)
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, 0x0}, 0x0)
r4 = io_uring_setup(0xd, 0x0)
io_uring_enter(r4, 0x2219, 0x7721, 0x16, 0x0, 0x0)
r5 = io_uring_setup(0x899, &(0x7f0000000040)={0x0, 0x5ba6, 0x1c080, 0xa, 0x20002f7})
io_uring_enter(r5, 0x2219, 0x7721, 0x16, 0x0, 0x0)

4.280153079s ago: executing program 3 (id=66):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000340)={0x11, 0x3, &(0x7f0000001680)=ANY=[@ANYBLOB="1800000000030000000000000000000095"], &(0x7f0000001700)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00}, 0x94)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000240)='./file0\x00', 0x40042, 0x1)
close(r1)
socket$inet_tcp(0x2, 0x1, 0x0)
mount$9p_fd(0x0, &(0x7f0000000440)='./file0\x00', &(0x7f0000000480), 0x4898, &(0x7f00000004c0)={'trans=fd,', {'rfdno', 0x3d, r1}, 0x2c, {'wfdno', 0x3d, r0}})

4.215175678s ago: executing program 4 (id=67):
syz_mount_image$hfsplus(&(0x7f0000001140), &(0x7f00000004c0)='./file1\x00', 0x804c10, &(0x7f0000000180)=ANY=[], 0xfe, 0x66b, &(0x7f0000001180)="$eJzs3c1vHGcdB/DvbDZ2Ni3BTZM2oEq1GgkQFolf5IK5YBBCPlSoKgfOVuI0VjZpsV3kVog6vF576B9QDr4gTkjcIxUOXODWG/KxEhKXXjCnRTuetdfrl66TxrtpP59o93lmnplnfs/vmZl9saIN8IW1MJH6gxRZmHhlvb28tTnT3NqcudupJxlNspHUk9SSFP9ttVofJvNJsdtN0VMe8P7y3GsffbL18c5SvXqU29eO269Htd1Gz+qNzrrxJGeq8hHs6+/GI/dX7EY+n+RqVcLAnU3S2udnf396t6VL47C9z51KjMDjVey8bh4wlpyvLvT2+4DOK2/tdKPr32if2/W+gwAAAIAnTT+fgb+8ne2sFxdOIRwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAD4XNjY+/3/onrUOvXxFJ3f/x+p1qWqD5cXT7b5g8cVBwAAAAAAAACcohe3s531XOgst4ryb/4vlQuXyuen8lZWs5SVXMt6FrOWtaxkKslYV0cj64traytTfew5feie058S6GhVNj6bcQMAAAAAAADA58yvsrD3938AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABgGRXJmp0hxv2v1WGr1JOeSjLRXbCT/7NSfZA8GHQAAAACcgtFkO+u50FluFbmU5LnyO4BzeSv3spblrKWZpdwsvxfY+dRf29qcaW5tztxtPw72+/3/nCiMssfsfPdw+JGvlFs0civL5ZpruZE30szN1Mo9265U8XR67Ynrfjum4nuVPiO7WZXtkb9XlQe8e6LBHuWEX6aMlRk5u5uRySq2djae6czM4TN0wtnpPdJUarvBXuo50sj+wTxUzs9XZXs8vzsq5wPRm4nprrPvueNznnz9L3/66WRVH54h9edMVbbK58bBTMx0ZeL5fjJxu3nvzu1bqxNPWiYOmCwzcXl3eSE/yk8ykfG8mpUs5+dZzFqWMp4flrXFavKLrkv+iEzN71t69dMiGanO0J3JOllML5X7Xshyfpw3cjNLebn8N52pfDuzmc1c1wxfPn6Gy6u+tu+q35vm1pcODf7qN6pKI8nvq3I4tPP6TFdeu++5Y2Vb95q9LF3sI0snvDfWv1pV2sf4dVUOh95MTHVl4tnjM/GH8ray2rx3Z+X24pv9He7ie1WlfWb9NhkfnhtJ+3y52J6scmn/2dFue/bQtqmy7dJuW+1A2+Xdtp0rdePIK3Wkeg93sKfpsu35Q9tmyrYrXW2Hvd8CYOid/+b5kca/G/9ofND4TeN245VzPxj9zugLIzn717PfrU+e+VrtheLP+SC/3Pv8DwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPLzVt9+5s9hsLq30VFqt1rtHNPVZqVdHeMjdH6GS8X891T7yIU2dnzM7xXi+8nRyemMf1sr/Wq1WtaY4Yps//m1oEtWqDEXqBlQZ3D0JOB3X1+6+eX317Xe+tXx38fWl15fuzc3Ozk3Ozb48c/3WcnNpcud50FECj8Pei/6gIwEAAAAAAAAAAAD6dRr/nWDQYwQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACebAsTqT9IkanJa5Pt5a3NmWb70anvbVlPUktS/CIpPkzmi6phrKu74qjjvL8899pHn2x9vNdXvbN97bj9+rNRPTKe5MxOef+z6u9GVR6rOG4Ixe4I55NcrUoYuP8HAAD//xokBkA=")
r0 = fanotify_init(0x4, 0x80000)
r1 = openat$dir(0xffffffffffffff9c, &(0x7f0000000000)='./file1\x00', 0x28080, 0x18)
fanotify_mark(r0, 0x445, 0x800002a, r1, 0x0)

4.084980773s ago: executing program 3 (id=68):
r0 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
r1 = dup(r0)
setsockopt$inet_IP_IPSEC_POLICY(r1, 0x0, 0x10, &(0x7f0000000180)={{{@in6=@private0, @in6=@dev={0xfe, 0x80, '\x00', 0x21}, 0x4e22, 0x0, 0x4e21, 0x10, 0x2, 0xa0, 0x0, 0x70}, {0x2, 0x7fd, 0x0, 0x9, 0x10000000004, 0xc, 0x3, 0x100000001}, {0x9, 0x2, 0x5, 0x86c}, 0x1ff, 0x6e2bb0, 0x1, 0x1, 0x3}, {{@in6=@remote, 0x4d2, 0xff}, 0x14, @in6=@mcast1, 0x0, 0x3, 0x3, 0x6, 0x10, 0x5, 0x4}}, 0xe8)

4.049390856s ago: executing program 1 (id=69):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000000c0)={'wlan1\x00', <r1=>0x0})
r2 = socket$nl_generic(0x10, 0x3, 0x10)
r3 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
sendmsg$NL80211_CMD_TDLS_OPER(r2, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000780)=ANY=[@ANYBLOB='0\x00\x00\x00', @ANYRES16=r3, @ANYBLOB="3b1625bd7040fddbdf255100000008000300", @ANYRES32=r1, @ANYBLOB="05008a00"], 0x30}, 0x1, 0x0, 0x0, 0x20000010}, 0x50)

3.888217994s ago: executing program 3 (id=70):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r0}, 0x10)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x7, 0x100}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
ptrace$getenv(0x4201, 0x0, 0x7f, &(0x7f0000000040))
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
syz_open_pts(0xffffffffffffffff, 0x83)
r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="180000000000000000000000000000001801000020207025000000002dba513d7b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000008fd8850000000400000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x7, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000180)='kfree\x00', r4}, 0x10)
r5 = openat(0xffffffffffffff9c, &(0x7f0000000480)='./cgroup.cpu/cgroup.procs\x00', 0x2, 0x0)
sendfile(r5, r5, 0x0, 0x6)

3.665799932s ago: executing program 4 (id=71):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
r3 = socket$inet6(0xa, 0x2, 0x3a)
connect$inet6(r3, &(0x7f00000005c0)={0xa, 0x4e22, 0x430, @dev={0xfe, 0x80, '\x00', 0x17}, 0x9}, 0x1c)
sendto$inet6(r3, &(0x7f0000000080)="800037bbfa9ba1ce", 0xffd8, 0x0, 0x0, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x3, 0xc, &(0x7f00000003c0)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sched_cls, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)

3.632092779s ago: executing program 2 (id=72):
r0 = fanotify_init(0x4, 0x1000)
fanotify_mark(r0, 0x1, 0x4000001b, 0xffffffffffffffff, 0x0)
r1 = socket(0x10, 0x803, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000100)='kfree\x00'}, 0x10)
sendmsg$nl_route(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000580)={&(0x7f0000000080)=ANY=[@ANYBLOB="540000001400b59500000000000000000a000000", @ANYRES32=r1, @ANYBLOB="140001000040000000000000000000000000000014000200fe8000000000000000000000000000aa140006"], 0x54}, 0x1, 0x0, 0x0, 0x800}, 0x80)

2.787914656s ago: executing program 3 (id=73):
r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
bind$bt_hci(r0, 0x0, 0x0)
syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
syz_usb_connect(0x0, 0x3f, &(0x7f00000002c0)=ANY=[@ANYBLOB="12010000d0918108ac051582588f0000000109022d00010000000009040000030b08000009058d67c8002a000009050502000000000009058b6e"], 0x0)

2.71620269s ago: executing program 0 (id=74):
socket$inet6_tcp(0xa, 0x1, 0x0)
syz_open_dev$sndctrl(0x0, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8000, 0x20000000019}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000040)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x3)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f04ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
r1 = syz_clone(0x8000, 0x0, 0xfffffffffffffe7e, 0x0, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, r1, 0x1, 0x0)
r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r2, &(0x7f00000010c0)=""/102400, 0x19000)
mmap(&(0x7f0000000000/0x200000)=nil, 0x200000, 0x300000b, 0x204031, 0xffffffffffffffff, 0xec776000)
preadv(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0)
openat(0xffffffffffffffff, 0x0, 0x42, 0xa4)
socketpair$unix(0x1, 0x5, 0x0, 0x0)
r3 = syz_open_procfs(0x0, &(0x7f0000000240)='net/fib_trie\x00')
pread64(r3, &(0x7f00000000c0)=""/189, 0xbd, 0xe5d)

2.658999714s ago: executing program 1 (id=75):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x200000)=nil, 0x200000, 0x300000b, 0x204031, 0xffffffffffffffff, 0xec776000)
madvise(&(0x7f0000000000/0xc00000)=nil, 0xc00304, 0x17)
mmap(&(0x7f0000000000/0xa000)=nil, 0xa000, 0xd3283d0368e269b3, 0x8031, 0xffffffffffffffff, 0x0)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x15)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600002, 0x9)
ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, 0x0)
r2 = dup3(0xffffffffffffffff, r1, 0x0)
r3 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000000)='./binderfs/binder0\x00', 0x802, 0x0)
mmap$binder(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x1, 0x11, r3, 0x10000000000)
syz_emit_vhci(0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r3, 0x4018620d, &(0x7f0000000040)={0x73622a85, 0x10a})
ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000180)={0x4c, 0x0, &(0x7f0000000100)=[@transaction_sg={0x40486311, {0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x58, 0x18, &(0x7f0000000540)={@fd={0x66642a85, 0x0, r2}, @ptr={0x70742a85, 0x0, 0x0, 0x0, 0x1, 0x29}, @fd={0x66642a85, 0x0, r0}}, &(0x7f0000000600)={0x0, 0x18, 0x40}}, 0x1000}], 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(r3, 0xc0306201, &(0x7f0000000300)={0x0, 0x0, 0x0, 0x0, 0x1048, 0x0})

1.659232881s ago: executing program 0 (id=76):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_NEW(r0, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000100)=ANY=[@ANYBLOB="640000000001010400000000141a000002000000240001801400018008000100e000000108000200e00000010c00028005"], 0x64}}, 0x0)

925.799917ms ago: executing program 2 (id=77):
r0 = socket$igmp6(0xa, 0x3, 0x2)
setsockopt$IP6T_SO_SET_REPLACE(r0, 0x29, 0x40, &(0x7f0000000440)=@raw={'raw\x00', 0x8, 0x3, 0x4c8, 0x170, 0xffffffff, 0xffffffff, 0x170, 0xffffffff, 0x3f8, 0xffffffff, 0xffffffff, 0x3f8, 0xffffffff, 0x3, 0x0, {[{{@ipv6={@private0, @mcast2, [], [], 'veth0_macvtap\x00', 'dvmrp1\x00'}, 0x0, 0x148, 0x170, 0x0, {}, [@common=@unspec=@helper={{0x48}}, @common=@inet=@hashlimit1={{0x58}, {'bond_slave_1\x00', {0x41, 0x1ff, 0x6, 0xb0e2, 0x10001, 0x84e, 0xfffffffb, 0x18, 0x8}, {0x1}}}]}, @common=@unspec=@NFQUEUE0={0x28}}, {{@ipv6={@remote, @ipv4={'\x00', '\xff\xff', @dev}, [], [], 'erspan0\x00', 'gre0\x00'}, 0x0, 0x258, 0x288, 0x0, {}, [@common=@inet=@hashlimit1={{0x58}, {'pim6reg\x00', {0x0, 0x0, 0x5, 0x0, 0x0, 0x7, 0x3ff}}}, @common=@inet=@hashlimit3={{0x158}, {'vcan0\x00', {0x3, 0x0, 0x41, 0x0, 0x2, 0x1000, 0x6, 0x3}}}]}, @common=@unspec=@CONNMARK={0x30}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28, '\x00', 0x7}}}}, 0x528)
syz_emit_ethernet(0x4b, &(0x7f0000000000)=ANY=[@ANYBLOB="aaaaaaaaaaaaaaaaaaaaaabb86dd699e000000150600fe800000000000000000000000000039fe8000000000000000000000000000aa4e224e24", @ANYRES32=0x41424344, @ANYRES32=0x41424344, @ANYBLOB="5100ff"], 0x0)

291.509862ms ago: executing program 4 (id=78):
r0 = syz_open_dev$usbfs(&(0x7f00000001c0), 0x800000001fe, 0x2)
r1 = dup(r0)
ioctl$USBDEVFS_CONTROL(r1, 0xc0185500, &(0x7f0000000040)={0x20, 0x3, 0x12, 0x5, 0x0, 0xffffffff, 0x0})

206.647568ms ago: executing program 2 (id=79):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x9, 0x5, 0x8, 0x40, 0x42}, 0x50)
bpf$MAP_LOOKUP_ELEM(0x1, &(0x7f00000002c0)={r0, &(0x7f0000000180), 0x0}, 0x20)

206.462865ms ago: executing program 4 (id=80):
r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000280), 0x802, 0x0)
ioctl$UI_END_FF_UPLOAD(r0, 0x406855c9, &(0x7f00000006c0)={0x10, 0x2, {0x57, 0x4, 0x2, {0x6, 0x8000}, {0x9, 0xddf}, @period={0x5b, 0xa, 0x401, 0x2, 0x6f, {0x3, 0x400, 0x5, 0x3}, 0x0, 0x0}}, {0x51, 0x618, 0x5, {0x5, 0xa9}, {0x8, 0x7}, @cond=[{0xfffc, 0x0, 0x5, 0xfff9, 0x8000, 0xf}, {0x8, 0xff, 0x0, 0x0, 0xfa, 0x101}]}})

152.311582ms ago: executing program 0 (id=81):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000380)={0x18, 0xb, &(0x7f00000005c0)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000730000007b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000040)='contention_begin\x00', r0}, 0x18)
syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000040)='./bus\x00', 0x2000000, &(0x7f0000000240)=ANY=[@ANYBLOB="747a3d5554432c756e695f786c6174653d312c646973636172642c757466383d302c756e695f786c6174653d312c726f6469722c757466383d312c00ee284a015f4d897833fb742704c70630c7e3804afc5fe645f66ca614e17a7c3e5fcafc620b6af31b1896c6c50b36c73b7ad41b37f80916dee79d4e30902beed2"], 0x1, 0x247, &(0x7f0000000840)="$eJzs2s9rXFUUB/DzaiUxNZ2Iv2hBvOhC3TyauHXRIC2IAUUboQrSV/OiQ54zIW8IjIidlW79E1yLS3eCdOkmG/8CF+4CkmUF8YmZMc0MI6H4Y0L7+WzmMOd+Z87lzgx3MfuvfPnx1madbxa9OJNlkV2OQdzJYinOxF8G8dIL13945u3r776+urZ25a2Urq5eW15JKZ1/9vv3Pv3mudu9c+98e/67udhben//YOXnvaf2Luz/fu2jdp3adep0e6lIN7vdXnGzKtNGu97KU3qzKou6TO1OXe6M9Ter7vZ2PxWdjcWF7Z2yrlPR6aetsp963dTb6afiw6LdSXmep8WF4J9Y//pO08RB8/CNaJrmka/i3O1Y/ClakT2WsscvZ0/eyJ4eZBcOmqY161H5Tzj/B9uxH/X5iOqL3fXd9eHjsL+6Ge2oooxL0Yrf4s+Pyciwvvra2pVL6dBSfF7dGuVv7a4/NJ5fjlYsTc8vD/NpPD8XC8fzK9GKJyIbjT2WX5man48Xnz+Wz6MVP34Q3ahi4/AF7uY/W07p1TfWJvIXD9cBANxv8nRk6v0tz/+uP8zfw/1w4n51Ni6ene3eiaj7n2wVVVXunFTMx8lrFIqTivmIOAVjHBW/jL4IE625f+MtYhBx9MzLj56WLU8UvzZNM214HgB3D33WkwAAAAAAAAAAAHAv/o8/GM56jwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAwOn2RwAAAP//lu3JvA==")
r1 = openat(0xffffffffffffff9c, &(0x7f00000002c0)='./file2\x00', 0x42, 0x0)
pwrite64(r1, &(0x7f00000000c0)='a', 0x200000c1, 0x9000)

42.07677ms ago: executing program 4 (id=82):
syz_mount_image$erofs(&(0x7f00000000c0), &(0x7f0000000140)='./file1\x00', 0x3000801, &(0x7f0000000840)=ANY=[], 0x2, 0x1ea, &(0x7f00000003c0)="$eJzsmb2r01AYxp9zmuZeL6K4OLg4eMEretMkVenSoYKjIFRRx2JjqaattBHagmBxcXF0EFxdHB0cnBz8C1x1UEFwsKObcOScnCSn6Qdq/ULfH/Tkyfl4z3nf0ifQgCCI/5b37z6/vX+mcuEEBPZiGxu6/2Mhvor9s/PfPLx1/EH17KOnrx+/7O67/Twfj8k14tv3twG8qBUQgVl6x5nV21nYROMiOI5pfQkMTiy/CEV8E4Dhip5z3dC9PVqEgXO1FzavtcPAlY0nG182ZXN/eajphKEJYFOdTghmjA9G4xuNMAz6eVEUyT5zQ98rVtVPna/GUUVSPSE4gMv37k7kva4NXPC0fh44PK3LYKhrXcEGHMfJSmLkf8jK4gvjK1o3t18knihxYPd3bQoel+NvyP0fFsWfEofle+QPOu05OE080Jzz4Y/n/uNCGReAuaFXW2F4bo3I9oJCpSLzJ+nsRw1/smCl/lGKOjdLg9F4t91ptIJW0PX98mn3pOue8kvKiOJ2hf9tKn/aMuIXl8y1mY1hI4r63hCI+l5678et4bj1Z71Pag1X/sexcySOwfQzK31Q5mD6w9VVqp3C4pl3luZEEARBEARBEARBEARBEASxmMNgyVsalr2wmcM/r/6h/BoAAP//1aFq9g==")
r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='.\x00', 0x0, 0x1a4)
bpf$MAP_UPDATE_CONST_STR(0x2, 0x0, 0x0)
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f00000003c0), 0x40080, 0x0)
ioctl$KVM_CHECK_EXTENSION(r1, 0xae03, 0xa7)
fadvise64(r0, 0xe0ffff, 0x9, 0x3)

0s ago: executing program 2 (id=83):
r0 = io_uring_setup(0x54d1, &(0x7f00000001c0)={0x0, 0xf04d, 0x1, 0xfffffffc, 0x211})
readv(r0, 0x0, 0x0)

kernel console output (not intermixed with test programs):

Warning: Permanently added '10.128.0.239' (ED25519) to the list of known hosts.
[   64.870081][ T5806] cgroup: Unknown subsys name 'net'
[   65.015609][ T5806] cgroup: Unknown subsys name 'cpuset'
[   65.024100][ T5806] cgroup: Unknown subsys name 'rlimit'
Setting up swapspace version 1, size = 127995904 bytes
[   66.436608][ T5806] Adding 124996k swap on ./swap-file.  Priority:0 extents:1 across:124996k 
[   68.719297][ T5833] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[   68.721708][ T5834] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1
[   68.727742][ T5833] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1
[   68.735150][ T5834] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1
[   68.741981][ T5833] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1
[   68.749815][ T5834] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[   68.757230][ T5833] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9
[   68.770943][ T5833] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9
[   68.771925][ T5835] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9
[   68.778544][ T5833] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9
[   68.786658][ T5834] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9
[   68.793987][ T5833] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[   68.801175][ T5834] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9
[   68.807266][ T5833] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9
[   68.813744][ T5834] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9
[   68.822249][ T5833] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4
[   68.829242][ T5834] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4
[   68.842787][ T5835] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[   68.843025][ T5837] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4
[   68.850512][ T5835] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4
[   68.856795][ T5833] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2
[   68.866015][ T5835] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[   68.881590][ T5837] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2
[   68.889277][ T5834] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2
[   68.901124][ T5834] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2
[   69.450201][ T5819] chnl_net:caif_netlink_parms(): no params data found
[   69.618719][ T5816] chnl_net:caif_netlink_parms(): no params data found
[   69.688112][ T5817] chnl_net:caif_netlink_parms(): no params data found
[   69.809428][ T5818] chnl_net:caif_netlink_parms(): no params data found
[   69.822663][ T5819] bridge0: port 1(bridge_slave_0) entered blocking state
[   69.829877][ T5819] bridge0: port 1(bridge_slave_0) entered disabled state
[   69.837859][ T5819] bridge_slave_0: entered allmulticast mode
[   69.845163][ T5819] bridge_slave_0: entered promiscuous mode
[   69.861625][ T5821] chnl_net:caif_netlink_parms(): no params data found
[   69.886190][ T5819] bridge0: port 2(bridge_slave_1) entered blocking state
[   69.893360][ T5819] bridge0: port 2(bridge_slave_1) entered disabled state
[   69.900576][ T5819] bridge_slave_1: entered allmulticast mode
[   69.908078][ T5819] bridge_slave_1: entered promiscuous mode
[   70.031165][ T5819] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   70.072951][ T5819] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   70.082592][ T5816] bridge0: port 1(bridge_slave_0) entered blocking state
[   70.089792][ T5816] bridge0: port 1(bridge_slave_0) entered disabled state
[   70.097112][ T5816] bridge_slave_0: entered allmulticast mode
[   70.104595][ T5816] bridge_slave_0: entered promiscuous mode
[   70.111694][ T5817] bridge0: port 1(bridge_slave_0) entered blocking state
[   70.118960][ T5817] bridge0: port 1(bridge_slave_0) entered disabled state
[   70.126446][ T5817] bridge_slave_0: entered allmulticast mode
[   70.133484][ T5817] bridge_slave_0: entered promiscuous mode
[   70.182947][ T5816] bridge0: port 2(bridge_slave_1) entered blocking state
[   70.190118][ T5816] bridge0: port 2(bridge_slave_1) entered disabled state
[   70.197314][ T5816] bridge_slave_1: entered allmulticast mode
[   70.204445][ T5816] bridge_slave_1: entered promiscuous mode
[   70.211519][ T5817] bridge0: port 2(bridge_slave_1) entered blocking state
[   70.219083][ T5817] bridge0: port 2(bridge_slave_1) entered disabled state
[   70.226256][ T5817] bridge_slave_1: entered allmulticast mode
[   70.233440][ T5817] bridge_slave_1: entered promiscuous mode
[   70.265996][ T5819] team0: Port device team_slave_0 added
[   70.271728][ T5818] bridge0: port 1(bridge_slave_0) entered blocking state
[   70.278975][ T5818] bridge0: port 1(bridge_slave_0) entered disabled state
[   70.286153][ T5818] bridge_slave_0: entered allmulticast mode
[   70.293841][ T5818] bridge_slave_0: entered promiscuous mode
[   70.339940][ T5819] team0: Port device team_slave_1 added
[   70.357988][ T5818] bridge0: port 2(bridge_slave_1) entered blocking state
[   70.365539][ T5818] bridge0: port 2(bridge_slave_1) entered disabled state
[   70.372762][ T5818] bridge_slave_1: entered allmulticast mode
[   70.379705][ T5818] bridge_slave_1: entered promiscuous mode
[   70.409466][ T5821] bridge0: port 1(bridge_slave_0) entered blocking state
[   70.416746][ T5821] bridge0: port 1(bridge_slave_0) entered disabled state
[   70.423986][ T5821] bridge_slave_0: entered allmulticast mode
[   70.430913][ T5821] bridge_slave_0: entered promiscuous mode
[   70.454785][ T5819] batman_adv: batadv0: Adding interface: batadv_slave_0
[   70.461714][ T5819] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[   70.487789][ T5819] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   70.512582][ T5816] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   70.528078][ T5817] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   70.537528][ T5821] bridge0: port 2(bridge_slave_1) entered blocking state
[   70.545114][ T5821] bridge0: port 2(bridge_slave_1) entered disabled state
[   70.552374][ T5821] bridge_slave_1: entered allmulticast mode
[   70.559349][ T5821] bridge_slave_1: entered promiscuous mode
[   70.567106][ T5819] batman_adv: batadv0: Adding interface: batadv_slave_1
[   70.574175][ T5819] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[   70.600131][ T5819] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   70.626652][ T5816] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   70.638429][ T5817] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   70.679674][ T5818] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   70.729205][ T5821] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   70.740671][ T5818] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   70.764188][ T5817] team0: Port device team_slave_0 added
[   70.773834][ T5816] team0: Port device team_slave_0 added
[   70.782650][ T5816] team0: Port device team_slave_1 added
[   70.790143][ T5821] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   70.811476][ T5817] team0: Port device team_slave_1 added
[   70.911566][ T5818] team0: Port device team_slave_0 added
[   70.935858][ T5819] hsr_slave_0: entered promiscuous mode
[   70.942698][ T5819] hsr_slave_1: entered promiscuous mode
[   70.949823][ T5816] batman_adv: batadv0: Adding interface: batadv_slave_0
[   70.956907][ T5816] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[   70.963215][ T5822] Bluetooth: hci3: command tx timeout
[   70.983039][ T5834] Bluetooth: hci0: command tx timeout
[   70.988505][ T5832] Bluetooth: hci1: command tx timeout
[   70.994008][ T5834] Bluetooth: hci4: command tx timeout
[   70.999514][   T52] Bluetooth: hci2: command tx timeout
[   71.005088][ T5816] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   71.024063][ T5821] team0: Port device team_slave_0 added
[   71.033244][ T5818] team0: Port device team_slave_1 added
[   71.039584][ T5817] batman_adv: batadv0: Adding interface: batadv_slave_0
[   71.046816][ T5817] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[   71.072799][ T5817] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   71.085351][ T5817] batman_adv: batadv0: Adding interface: batadv_slave_1
[   71.092349][ T5817] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[   71.118274][ T5817] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   71.130078][ T5816] batman_adv: batadv0: Adding interface: batadv_slave_1
[   71.137249][ T5816] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[   71.163399][ T5816] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   71.176654][ T5821] team0: Port device team_slave_1 added
[   71.260441][ T5818] batman_adv: batadv0: Adding interface: batadv_slave_0
[   71.267803][ T5818] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[   71.297954][ T5818] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   71.298660][ T1298] ieee802154 phy0 wpan0: encryption failed: -22
[   71.311062][ T5818] batman_adv: batadv0: Adding interface: batadv_slave_1
[   71.321779][ T5818] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[   71.322011][ T1298] ieee802154 phy1 wpan1: encryption failed: -22
[   71.348328][ T5818] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   71.368810][ T5821] batman_adv: batadv0: Adding interface: batadv_slave_0
[   71.376146][ T5821] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[   71.402272][ T5821] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   71.452516][ T5821] batman_adv: batadv0: Adding interface: batadv_slave_1
[   71.459475][ T5821] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[   71.485733][ T5821] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   71.553989][ T5817] hsr_slave_0: entered promiscuous mode
[   71.560718][ T5817] hsr_slave_1: entered promiscuous mode
[   71.568723][ T5817] debugfs: 'hsr0' already exists in 'hsr'
[   71.574769][ T5817] Cannot create hsr debugfs directory
[   71.606737][ T5816] hsr_slave_0: entered promiscuous mode
[   71.613581][ T5816] hsr_slave_1: entered promiscuous mode
[   71.619609][ T5816] debugfs: 'hsr0' already exists in 'hsr'
[   71.625595][ T5816] Cannot create hsr debugfs directory
[   71.702463][ T5821] hsr_slave_0: entered promiscuous mode
[   71.709226][ T5821] hsr_slave_1: entered promiscuous mode
[   71.716062][ T5821] debugfs: 'hsr0' already exists in 'hsr'
[   71.721798][ T5821] Cannot create hsr debugfs directory
[   71.731226][ T5818] hsr_slave_0: entered promiscuous mode
[   71.737621][ T5818] hsr_slave_1: entered promiscuous mode
[   71.744081][ T5818] debugfs: 'hsr0' already exists in 'hsr'
[   71.749809][ T5818] Cannot create hsr debugfs directory
[   72.252482][ T5819] netdevsim netdevsim1 netdevsim0: renamed from eth0
[   72.265873][ T5819] netdevsim netdevsim1 netdevsim1: renamed from eth1
[   72.275510][ T5819] netdevsim netdevsim1 netdevsim2: renamed from eth2
[   72.294603][ T5819] netdevsim netdevsim1 netdevsim3: renamed from eth3
[   72.357827][ T5817] netdevsim netdevsim4 netdevsim0: renamed from eth0
[   72.377567][ T5817] netdevsim netdevsim4 netdevsim1: renamed from eth1
[   72.389201][ T5817] netdevsim netdevsim4 netdevsim2: renamed from eth2
[   72.400818][ T5817] netdevsim netdevsim4 netdevsim3: renamed from eth3
[   72.488766][ T5816] netdevsim netdevsim3 netdevsim0: renamed from eth0
[   72.501201][ T5816] netdevsim netdevsim3 netdevsim1: renamed from eth1
[   72.511379][ T5816] netdevsim netdevsim3 netdevsim2: renamed from eth2
[   72.529090][ T5816] netdevsim netdevsim3 netdevsim3: renamed from eth3
[   72.625893][ T5818] netdevsim netdevsim0 netdevsim0: renamed from eth0
[   72.644127][ T5818] netdevsim netdevsim0 netdevsim1: renamed from eth1
[   72.657077][ T5819] 8021q: adding VLAN 0 to HW filter on device bond0
[   72.678226][ T5818] netdevsim netdevsim0 netdevsim2: renamed from eth2
[   72.689587][ T5818] netdevsim netdevsim0 netdevsim3: renamed from eth3
[   72.769448][ T5819] 8021q: adding VLAN 0 to HW filter on device team0
[   72.781834][ T5821] netdevsim netdevsim2 netdevsim0: renamed from eth0
[   72.794067][ T5821] netdevsim netdevsim2 netdevsim1: renamed from eth1
[   72.804708][ T5821] netdevsim netdevsim2 netdevsim2: renamed from eth2
[   72.820828][ T5821] netdevsim netdevsim2 netdevsim3: renamed from eth3
[   72.860696][   T13] bridge0: port 1(bridge_slave_0) entered blocking state
[   72.867977][   T13] bridge0: port 1(bridge_slave_0) entered forwarding state
[   72.890526][   T13] bridge0: port 2(bridge_slave_1) entered blocking state
[   72.897644][   T13] bridge0: port 2(bridge_slave_1) entered forwarding state
[   72.917213][ T5817] 8021q: adding VLAN 0 to HW filter on device bond0
[   72.963322][ T5817] 8021q: adding VLAN 0 to HW filter on device team0
[   73.026559][  T153] bridge0: port 1(bridge_slave_0) entered blocking state
[   73.033822][  T153] bridge0: port 1(bridge_slave_0) entered forwarding state
[   73.043938][   T52] Bluetooth: hci2: command tx timeout
[   73.049357][   T52] Bluetooth: hci4: command tx timeout
[   73.055809][ T5832] Bluetooth: hci1: command tx timeout
[   73.061221][ T5832] Bluetooth: hci0: command tx timeout
[   73.067185][ T5822] Bluetooth: hci3: command tx timeout
[   73.096522][  T153] bridge0: port 2(bridge_slave_1) entered blocking state
[   73.103652][  T153] bridge0: port 2(bridge_slave_1) entered forwarding state
[   73.119869][ T5819] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[   73.140295][ T5816] 8021q: adding VLAN 0 to HW filter on device bond0
[   73.220082][ T5816] 8021q: adding VLAN 0 to HW filter on device team0
[   73.261680][ T5818] 8021q: adding VLAN 0 to HW filter on device bond0
[   73.281290][ T5817] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[   73.308554][   T60] bridge0: port 1(bridge_slave_0) entered blocking state
[   73.315766][   T60] bridge0: port 1(bridge_slave_0) entered forwarding state
[   73.329612][   T60] bridge0: port 2(bridge_slave_1) entered blocking state
[   73.336839][   T60] bridge0: port 2(bridge_slave_1) entered forwarding state
[   73.356899][ T5821] 8021q: adding VLAN 0 to HW filter on device bond0
[   73.435251][ T5818] 8021q: adding VLAN 0 to HW filter on device team0
[   73.474784][   T13] bridge0: port 1(bridge_slave_0) entered blocking state
[   73.482092][   T13] bridge0: port 1(bridge_slave_0) entered forwarding state
[   73.513937][   T13] bridge0: port 2(bridge_slave_1) entered blocking state
[   73.521113][   T13] bridge0: port 2(bridge_slave_1) entered forwarding state
[   73.534987][ T5821] 8021q: adding VLAN 0 to HW filter on device team0
[   73.573822][ T5819] 8021q: adding VLAN 0 to HW filter on device batadv0
[   73.591120][   T12] bridge0: port 1(bridge_slave_0) entered blocking state
[   73.598307][   T12] bridge0: port 1(bridge_slave_0) entered forwarding state
[   73.608190][   T12] bridge0: port 2(bridge_slave_1) entered blocking state
[   73.615286][   T12] bridge0: port 2(bridge_slave_1) entered forwarding state
[   73.730406][ T5817] 8021q: adding VLAN 0 to HW filter on device batadv0
[   73.789275][ T5819] veth0_vlan: entered promiscuous mode
[   73.821455][ T5819] veth1_vlan: entered promiscuous mode
[   73.929936][ T5819] veth0_macvtap: entered promiscuous mode
[   73.976480][ T5819] veth1_macvtap: entered promiscuous mode
[   74.018879][ T5819] batman_adv: batadv0: Interface activated: batadv_slave_0
[   74.072532][ T5819] batman_adv: batadv0: Interface activated: batadv_slave_1
[   74.152315][   T37] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   74.227058][   T37] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   74.239340][  T753] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   74.275465][ T5816] 8021q: adding VLAN 0 to HW filter on device batadv0
[   74.283882][  T753] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   74.359115][ T5818] 8021q: adding VLAN 0 to HW filter on device batadv0
[   74.400192][ T5821] 8021q: adding VLAN 0 to HW filter on device batadv0
[   74.423984][   T37] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   74.431920][   T37] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   74.438559][ T5816] veth0_vlan: entered promiscuous mode
[   74.480968][ T5816] veth1_vlan: entered promiscuous mode
[   74.544491][  T753] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   74.552774][  T753] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   74.611457][ T5821] veth0_vlan: entered promiscuous mode
[   74.620200][ T5818] veth0_vlan: entered promiscuous mode
[   74.645876][ T5818] veth1_vlan: entered promiscuous mode
[   74.668117][ T5817] veth0_vlan: entered promiscuous mode
[   74.682799][ T5821] veth1_vlan: entered promiscuous mode
[   74.701030][ T5816] veth0_macvtap: entered promiscuous mode
[   74.704099][ T5819] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality.
[   74.728185][ T5816] veth1_macvtap: entered promiscuous mode
[   74.739632][ T5817] veth1_vlan: entered promiscuous mode
[   74.806956][ T5818] veth0_macvtap: entered promiscuous mode
[   74.842463][ T5821] veth0_macvtap: entered promiscuous mode
[   74.863923][ T5818] veth1_macvtap: entered promiscuous mode
[   74.890847][ T5816] batman_adv: batadv0: Interface activated: batadv_slave_0
[   74.899247][ T5821] veth1_macvtap: entered promiscuous mode
[   74.927092][ T5817] veth0_macvtap: entered promiscuous mode
[   74.951490][ T5821] batman_adv: batadv0: Interface activated: batadv_slave_0
[   74.985780][ T5817] veth1_macvtap: entered promiscuous mode
[   75.000349][ T5816] batman_adv: batadv0: Interface activated: batadv_slave_1
[   75.010726][ T5821] batman_adv: batadv0: Interface activated: batadv_slave_1
[   75.028840][ T5818] batman_adv: batadv0: Interface activated: batadv_slave_0
[   75.050419][   T12] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   75.061162][   T12] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   75.061661][ T5832] sysfs: cannot create duplicate filename '/devices/virtual/bluetooth/hci2/hci2:201'
[   75.081223][ T5832] CPU: 1 UID: 0 PID: 5832 Comm: kworker/u9:4 Not tainted syzkaller #0 PREEMPT(full) 
[   75.081246][ T5832] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[   75.081257][ T5832] Workqueue: hci2 hci_rx_work
[   75.081285][ T5832] Call Trace:
[   75.081296][ T5832]  <TASK>
[   75.081304][ T5832]  dump_stack_lvl+0x189/0x250
[   75.081336][ T5832]  ? __pfx_dump_stack_lvl+0x10/0x10
[   75.081361][ T5832]  ? __pfx__printk+0x10/0x10
[   75.081388][ T5832]  ? kernfs_path_from_node+0x250/0x290
[   75.081407][ T5832]  ? kernfs_path_from_node+0x2f/0x290
[   75.081432][ T5832]  sysfs_create_dir_ns+0x259/0x280
[   75.081455][ T5832]  ? __pfx_sysfs_create_dir_ns+0x10/0x10
[   75.081478][ T5832]  ? do_raw_spin_unlock+0x122/0x240
[   75.081500][ T5832]  kobject_add_internal+0x59f/0xb70
[   75.081527][ T5832]  kobject_add+0x155/0x220
[   75.081550][ T5832]  ? __pfx_kobject_add+0x10/0x10
[   75.081570][ T5832]  ? _raw_spin_unlock+0x28/0x50
[   75.081596][ T5832]  ? get_device_parent+0x366/0x3a0
[   75.081618][ T5832]  device_add+0x408/0xb80
[   75.081641][ T5832]  hci_conn_add_sysfs+0xd5/0x210
[   75.081671][ T5832]  le_conn_complete_evt+0xf26/0x14d0
[   75.081704][ T5832]  ? hci_event_packet+0x4ab/0x1260
[   75.081722][ T5832]  ? __pfx_le_conn_complete_evt+0x10/0x10
[   75.081746][ T5832]  ? __mutex_unlock_slowpath+0x1a1/0x740
[   75.081769][ T5832]  ? __asan_memcpy+0x40/0x70
[   75.081799][ T5832]  ? __pfx___mutex_unlock_slowpath+0x10/0x10
[   75.081822][ T5832]  ? skb_pull_data+0xfb/0x200
[   75.081845][ T5832]  hci_le_conn_complete_evt+0x187/0x480
[   75.081875][ T5832]  hci_event_packet+0x78f/0x1260
[   75.081898][ T5832]  ? __pfx_hci_le_meta_evt+0x10/0x10
[   75.081929][ T5832]  ? __pfx_hci_event_packet+0x10/0x10
[   75.081952][ T5832]  ? lockdep_hardirqs_on+0x9c/0x150
[   75.081979][ T5832]  ? hci_send_to_monitor+0xe2/0x590
[   75.082006][ T5832]  hci_rx_work+0x45d/0xfc0
[   75.082038][ T5832]  ? process_one_work+0x868/0x15d0
[   75.082062][ T5832]  process_one_work+0x94a/0x15d0
[   75.082081][ T5832]  ? __lock_acquire+0xab9/0xd20
[   75.082122][ T5832]  ? __pfx_process_one_work+0x10/0x10
[   75.082152][ T5832]  ? assign_work+0x3a1/0x410
[   75.082175][ T5832]  worker_thread+0x9b0/0xee0
[   75.082222][ T5832]  kthread+0x711/0x8a0
[   75.082243][ T5832]  ? __pfx_worker_thread+0x10/0x10
[   75.082265][ T5832]  ? __pfx_kthread+0x10/0x10
[   75.082284][ T5832]  ? _raw_spin_unlock_irq+0x23/0x50
[   75.082307][ T5832]  ? lockdep_hardirqs_on+0x9c/0x150
[   75.082329][ T5832]  ? __pfx_kthread+0x10/0x10
[   75.082347][ T5832]  ret_from_fork+0x599/0xb30
[   75.082368][ T5832]  ? __pfx_ret_from_fork+0x10/0x10
[   75.082398][ T5832]  ? __switch_to_asm+0x39/0x70
[   75.082414][ T5832]  ? __switch_to_asm+0x33/0x70
[   75.082429][ T5832]  ? __pfx_kthread+0x10/0x10
[   75.082446][ T5832]  ret_from_fork_asm+0x1a/0x30
[   75.082481][ T5832]  </TASK>
[   75.086423][   T12] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   75.092315][ T5832] kobject: kobject_add_internal failed for hci2:201 with -EEXIST, don't try to register things with the same name in the same directory.
[   75.125137][ T5818] batman_adv: batadv0: Interface activated: batadv_slave_1
[   75.129101][ T5822] Bluetooth: hci0: command tx timeout
[   75.135677][   T52] Bluetooth: hci3: command tx timeout
[   75.139980][ T5832] Bluetooth: hci2: failed to register connection device
[   75.147152][ T5834] Bluetooth: hci4: command tx timeout
[   75.150895][ T5822] Bluetooth: hci1: command tx timeout
[   75.168936][   T12] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   75.172813][ T5832] Bluetooth: hci2: command tx timeout
[   75.190272][ T5817] batman_adv: batadv0: Interface activated: batadv_slave_0
[   75.455729][   T12] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   75.464627][   T12] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   75.478262][ T5817] batman_adv: batadv0: Interface activated: batadv_slave_1
[   75.489452][   T12] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   75.498331][   T12] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   75.521872][   T37] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   75.534510][   T37] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   75.551633][   T37] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   75.565643][   T37] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   75.608762][   T37] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   75.617929][   T37] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   75.649517][   T37] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   75.658799][   T37] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   75.678473][   T37] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   75.686831][   T37] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   75.754721][   T37] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   75.769348][   T37] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   75.799034][   T37] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   75.811356][   T37] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   75.861475][   T37] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   75.876271][   T37] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   75.938228][  T153] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   75.983399][  T153] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   75.990926][  T753] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   76.005365][  T753] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   76.031164][ T5945] mmap: syz.1.7 (5945) uses deprecated remap_file_pages() syscall. See Documentation/mm/remap_file_pages.rst.
[   76.120941][   T13] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   76.159085][   T13] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   76.220957][  T153] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   76.253519][  T153] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   76.407459][ T5952] loop2: detected capacity change from 0 to 128
[   76.451845][ T5952] =======================================================
[   76.451845][ T5952] WARNING: The mand mount option has been deprecated and
[   76.451845][ T5952]          and is ignored by this kernel. Remove the mand
[   76.451845][ T5952]          option from the mount to silence this warning.
[   76.451845][ T5952] =======================================================
[   76.561617][ T5952] EXT4-fs (loop2): Test dummy encryption mode enabled
[   76.601621][ T5952] EXT4-fs (loop2): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none.
[   76.641725][ T5952] ext4 filesystem being mounted at /1/bus supports timestamps until 2038-01-19 (0x7fffffff)
[   76.658151][ T5954] fuse: Bad value for 'fd'
[   76.676212][ T5952] fscrypt: AES-256-CBC-CTS using implementation "cts-cbc-aes-aesni"
[   76.697742][ T5952] fscrypt: AES-256-XTS using implementation "xts-aes-aesni-avx"
[   77.195747][ T5962] netlink: 8 bytes leftover after parsing attributes in process `syz.4.5'.
[   77.213359][ T5832] Bluetooth: hci2: command tx timeout
[   77.219401][ T5822] Bluetooth: hci1: command tx timeout
[   77.219423][ T5837] Bluetooth: hci3: command tx timeout
[   77.224874][ T5822] Bluetooth: hci4: command tx timeout
[   77.230167][   T52] Bluetooth: hci0: command tx timeout
[   77.241545][ T5962] netlink: 24 bytes leftover after parsing attributes in process `syz.4.5'.
[   77.961049][ T5980] netlink: 40 bytes leftover after parsing attributes in process `syz.0.14'.
[   78.227678][ T5821] EXT4-fs (loop2): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09.
[   78.328922][ T5968] isofs_fill_super: bread failed, dev=loop1, iso_blknum=16, block=32
[   78.672438][    T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!!
[   78.803176][    T0] NOHZ tick-stop error: local softirq work is pending, handler #08!!!
[   78.986518][    T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!!
[   79.282344][ T5837] Bluetooth: hci2: command tx timeout
[   79.515360][    T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!!
[   79.532612][    T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!!
[   79.554883][ T6006] kvm_intel: L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/l1tf.html for details.
[   79.825129][    T0] NOHZ tick-stop error: local softirq work is pending, handler #180!!!
[   79.825620][    T0] NOHZ tick-stop error: local softirq work is pending, handler #140!!!
[   79.843002][    T0] NOHZ tick-stop error: local softirq work is pending, handler #08!!!
[   80.002412][    T0] NOHZ tick-stop error: local softirq work is pending, handler #08!!!
[   80.007422][    T0] NOHZ tick-stop error: local softirq work is pending, handler #82!!!
[   80.010640][    T0] NOHZ tick-stop error: local softirq work is pending, handler #08!!!
[   81.031502][ T6012] loop1: detected capacity change from 0 to 128
[   81.672367][ T5932] usb 1-1: new high-speed USB device number 2 using dummy_hcd
[   81.889181][ T5932] usb 1-1: config 220 has an invalid interface number: 76 but max is 2
[   81.922265][ T5932] usb 1-1: config 220 contains an unexpected descriptor of type 0x2, skipping
[   81.934931][ T5932] usb 1-1: config 220 has an invalid descriptor of length 157, skipping remainder of the config
[   81.957295][ T5837] Bluetooth: Wrong link type (-71)
[   81.977518][ T5932] usb 1-1: config 220 has no interface number 2
[   82.002830][ T5932] usb 1-1: config 220 interface 1 altsetting 5 has 0 endpoint descriptors, different from the interface descriptor's value: 12
[   82.028841][ T5932] usb 1-1: config 220 interface 0 has no altsetting 0
[   82.047486][ T5932] usb 1-1: config 220 interface 76 has no altsetting 0
[   82.072410][ T5932] usb 1-1: config 220 interface 1 has no altsetting 0
[   82.095742][ T5932] usb 1-1: New USB device found, idVendor=8086, idProduct=0b07, bcdDevice=6c.b9
[   82.122126][ T5932] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[   82.138356][ T5932] usb 1-1: Product: syz
[   82.156009][ T5932] usb 1-1: Manufacturer: syz
[   82.160599][ T5932] usb 1-1: SerialNumber: syz
[   82.319967][ T6041] loop2: detected capacity change from 0 to 512
[   82.375365][ T6041] EXT4-fs (loop2): Test dummy encryption mode enabled
[   82.392199][ T6041] EXT4-fs: Warning: mounting with data=journal disables delayed allocation, dioread_nolock, O_DIRECT and fast_commit support!
[   82.439293][ T5932] uvcvideo 1-1:220.0: Found UVC 7.01 device syz (8086:0b07)
[   82.462251][ T6041] EXT4-fs (loop2): encrypted files will use data=ordered instead of data journaling mode
[   82.473341][ T5932] uvcvideo 1-1:220.0: No valid video chain found.
[   82.490886][ T5932] usb 1-1: selecting invalid altsetting 0
[   82.526701][ T5932] usb 1-1: selecting invalid altsetting 0
[   82.557188][ T5932] usbtest 1-1:220.1: probe with driver usbtest failed with error -22
[   82.577236][ T5932] usb 1-1: USB disconnect, device number 2
[   82.584871][ T6041] EXT4-fs error (device loop2): ext4_orphan_get:1418: comm syz.2.41: bad orphan inode 131083
[   82.689013][ T6041] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[   82.790910][ T6049] loop3: detected capacity change from 0 to 1024
[   82.923426][ T6049] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[   83.092762][ T5821] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   83.149063][ T5816] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   83.211254][ T6060] __vm_enough_memory: pid: 6060, comm: syz.0.48, bytes: 21200483307520 not enough memory for the allocation
[   83.413141][ T6064] usb usb6: Requested nonsensical USBDEVFS_URB_ZERO_PACKET.
[   83.589708][ T6068] loop1: detected capacity change from 0 to 1024
[   83.709927][ T6077] trusted_key: encrypted_key: insufficient parameters specified
[   84.858825][ T6089] loop4: detected capacity change from 0 to 256
[   84.921617][ T6091] loop3: detected capacity change from 0 to 1024
[   85.001087][ T6091] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[   85.267773][ T5816] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   85.341532][ T6104] loop0: detected capacity change from 0 to 1024
[   85.371156][ T6104] EXT4-fs: Ignoring removed mblk_io_submit option
[   85.390950][ T6104] EXT4-fs: Ignoring removed orlov option
[   85.425378][ T6104] EXT4-fs (loop0): Test dummy encryption mode enabled
[   85.479454][ T6104] EXT4-fs (loop0): ext4_check_descriptors: Inode bitmap for group 0 overlaps block group descriptors
[   85.511767][ T6108] loop4: detected capacity change from 0 to 1024
[   85.539234][ T6104] EXT4-fs (loop0): ext4_check_descriptors: Checksum for group 0 failed (12914!=20869)
[   85.619563][ T6104] EXT4-fs (loop0): can't mount with data=, fs mounted w/o journal
[   85.830103][ T6115] netlink: 12 bytes leftover after parsing attributes in process `syz.1.69'.
[   86.684426][   T44] cfg80211: failed to load regulatory.db
[   88.726128][ T6135] netlink: 44 bytes leftover after parsing attributes in process `syz.0.76'.
[   89.160139][  T796] usb 4-1: new high-speed USB device number 2 using dummy_hcd
[   89.352144][  T796] usb 4-1: Using ep0 maxpacket: 8
[   89.361446][  T796] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x8D has an invalid bInterval 42, changing to 9
[   89.389195][  T796] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[   89.449922][  T796] usb 4-1: config 0 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0
[   89.472413][  T796] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x8B has invalid wMaxPacketSize 0
[   89.493367][ T6148] loop0: detected capacity change from 0 to 128
[   89.506669][  T796] usb 4-1: config 0 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 0
[   89.518942][ T6150] loop4: detected capacity change from 0 to 16
[   89.545105][  T796] usb 4-1: New USB device found, idVendor=05ac, idProduct=8215, bcdDevice=8f.58
[   89.562836][ T6150] erofs (device loop4): mounted with root inode @ nid 36.
[   89.575646][ T6148] Oops: general protection fault, probably for non-canonical address 0xdffffc0000000000: 0000 [#1] SMP KASAN PTI
[   89.581902][  T796] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[   89.587544][ T6148] KASAN: null-ptr-deref in range [0x0000000000000000-0x0000000000000007]
[   89.587564][ T6148] CPU: 0 UID: 0 PID: 6148 Comm: syz.0.81 Not tainted syzkaller #0 PREEMPT(full) 
[   89.587589][ T6148] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[   89.587600][ T6148] RIP: 0010:bio_seg_gap+0x1c6/0x7d0
[   89.587621][ T6148] Code: fd 48 ba 00 00 00 00 00 fc ff df 49 8b 06 48 89 5c 24 20 49 89 de 49 c1 e6 04 48 89 44 24 08 4a 8d 2c 30 48 89 e8 48 c1 e8 03 <80> 3c 10 00 74 12 48 89 ef e8 0c 33 b9 fd 48 ba 00 00 00 00 00 fc
[   89.587635][ T6148] RSP: 0018:ffffc9000b856e00 EFLAGS: 00010246
[   89.587651][ T6148] RAX: 0000000000000000 RBX: 0000000000000000 RCX: 0000000000080000
[   89.613155][ T6150] erofs (device loop4): readahead error at folio 3600 @ nid 36
[   89.623121][ T6148] RDX: dffffc0000000000 RSI: 000000000000e25e RDI: ffff88807bdd63f0
[   89.623141][ T6148] RBP: 0000000000000000 R08: ffff888024ed9d97 R09: 1ffff110049db3b2
[   89.623153][ T6148] R10: dffffc0000000000 R11: ffffed10049db3b3 R12: 0000000000000600
[   89.623166][ T6148] R13: 0000000000000000 R14: 0000000000000000 R15: ffff88807bdd63c0
[   89.623177][ T6148] FS:  00007f70267f66c0(0000) GS:ffff888125ecd000(0000) knlGS:0000000000000000
[   89.623192][ T6148] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[   89.623202][ T6148] CR2: 0000000000000000 CR3: 000000002985c000 CR4: 00000000003526f0
[   89.623216][ T6148] Call Trace:
[   89.623223][ T6148]  <TASK>
[   89.623235][ T6148]  bio_attempt_back_merge+0x4ba/0x920
[   89.623259][ T6148]  ? blk_attempt_bio_merge+0x273/0x4c0
[   89.623277][ T6148]  blk_attempt_plug_merge+0x145/0x1d0
[   89.623294][ T6148]  blk_mq_submit_bio+0x1abd/0x26d0
[   89.623313][ T6148]  ? blk_mq_submit_bio+0x46a/0x26d0
[   89.623330][ T6148]  ? __pfx_blk_mq_submit_bio+0x10/0x10
[   89.639620][  T796] usb 4-1: config 0 descriptor??
[   89.648122][ T6148]  ? blk_mq_submit_bio+0xd6b/0x26d0
[   89.648149][ T6148]  ? blk_mq_submit_bio+0x46a/0x26d0
[   89.648168][ T6148]  __submit_bio+0x207/0x5a0
[   89.657038][ T6150] erofs (device loop4): readahead error at folio 3599 @ nid 36
[   89.662157][ T6148]  ? __pfx___submit_bio+0x10/0x10
[   89.662181][ T6148]  ? blk_cgroup_bio_start+0x59d/0x640
[   89.662202][ T6148]  ? __submit_bio+0x22e/0x5a0
[   89.662220][ T6148]  submit_bio_noacct_nocheck+0x2fb/0xa50
[   89.662238][ T6148]  ? __pfx_submit_bio_noacct_nocheck+0x10/0x10
[   89.662257][ T6148]  ? submit_bio_noacct+0xe0c/0x1b80
[   89.662277][ T6148]  submit_bio_wait+0x104/0x200
[   89.826661][ T6148]  ? __pfx_submit_bio_wait+0x10/0x10
[   89.831942][ T6148]  ? blk_alloc_discard_bio+0x243/0x2c0
[   89.837385][ T6148]  blkdev_issue_discard+0x113/0x1b0
[   89.842581][ T6148]  ? __pfx_blkdev_issue_discard+0x10/0x10
[   89.848303][ T6148]  ? fat_collect_bhs+0x3a1/0x3e0
[   89.853234][ T6148]  fat_free_clusters+0x405/0xb80
[   89.858177][ T6148]  ? __pfx_fat_free_clusters+0x10/0x10
[   89.863623][ T6148]  ? mark_buffer_dirty_inode+0xf7/0x2f0
[   89.869152][ T6148]  ? fat_mirror_bhs+0x524/0x580
[   89.873994][ T6148]  fat_truncate_blocks+0x7d7/0xaf0
[   89.879090][ T6148]  ? __pfx_fat_truncate_blocks+0x10/0x10
[   89.884706][ T6148]  ? __pfx_unmap_mapping_range+0x10/0x10
[   89.890322][ T6148]  ? generic_write_end+0x211/0x2c0
[   89.895417][ T6148]  fat_write_end+0x108/0x1f0
[   89.899988][ T6148]  generic_perform_write+0x62a/0x900
[   89.905263][ T6148]  ? __pfx_generic_perform_write+0x10/0x10
[   89.911048][ T6148]  ? __pfx_fat_update_time+0x10/0x10
[   89.916317][ T6148]  ? file_update_time+0x416/0x490
[   89.921323][ T6148]  ? __generic_file_write_iter+0xf9/0x230
[   89.927022][ T6148]  ? generic_file_write_iter+0x103/0x550
[   89.932635][ T6148]  generic_file_write_iter+0x117/0x550
[   89.938079][ T6148]  ? __pfx_generic_file_write_iter+0x10/0x10
[   89.944039][ T6148]  ? _raw_spin_unlock_irqrestore+0xad/0x110
[   89.949914][ T6148]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[   89.956221][ T6148]  ? __pfx_aa_file_perm+0x10/0x10
[   89.961227][ T6148]  ? __lock_acquire+0xab9/0xd20
[   89.966064][ T6148]  ? rcu_read_lock_any_held+0xb3/0x120
[   89.971510][ T6148]  ? __pfx_rcu_read_lock_any_held+0x10/0x10
[   89.977396][ T6148]  vfs_write+0x5c9/0xb30
[   89.981622][ T6148]  ? __pfx_generic_file_write_iter+0x10/0x10
[   89.987582][ T6148]  ? __pfx_vfs_write+0x10/0x10
[   89.992329][ T6148]  ? __fget_files+0x2a/0x420
[   89.996906][ T6148]  __x64_sys_pwrite64+0x193/0x220
[   90.001912][ T6148]  ? __pfx___x64_sys_pwrite64+0x10/0x10
[   90.007452][ T6148]  ? do_syscall_64+0xbe/0xfa0
[   90.012138][ T6148]  do_syscall_64+0xfa/0xfa0
[   90.016636][ T6148]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   90.022691][ T6148]  ? clear_bhb_loop+0x60/0xb0
[   90.027354][ T6148]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   90.033226][ T6148] RIP: 0033:0x7f702858f6c9
[   90.037636][ T6148] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   90.057220][ T6148] RSP: 002b:00007f70267f6038 EFLAGS: 00000246 ORIG_RAX: 0000000000000012
[   90.065623][ T6148] RAX: ffffffffffffffda RBX: 00007f70287e5fa0 RCX: 00007f702858f6c9
[   90.073589][ T6148] RDX: 00000000200000c1 RSI: 00002000000000c0 RDI: 0000000000000006
[   90.081548][ T6148] RBP: 00007f7028611f91 R08: 0000000000000000 R09: 0000000000000000
[   90.089508][ T6148] R10: 0000000000009000 R11: 0000000000000246 R12: 0000000000000000
[   90.097465][ T6148] R13: 00007f70287e6038 R14: 00007f70287e5fa0 R15: 00007ffd503b6cc8
[   90.105431][ T6148]  </TASK>
[   90.108438][ T6148] Modules linked in:
[   90.115767][ T6148] ---[ end trace 0000000000000000 ]---
[   90.121380][ T5837] Bluetooth: hci5: urb ffff88801e6c5000 submission failed (90)
[   90.160762][  T796] usb 4-1: USB disconnect, device number 2
[   90.362991][ T6148] RIP: 0010:bio_seg_gap+0x1c6/0x7d0
[   90.374604][ T6148] Code: fd 48 ba 00 00 00 00 00 fc ff df 49 8b 06 48 89 5c 24 20 49 89 de 49 c1 e6 04 48 89 44 24 08 4a 8d 2c 30 48 89 e8 48 c1 e8 03 <80> 3c 10 00 74 12 48 89 ef e8 0c 33 b9 fd 48 ba 00 00 00 00 00 fc
[   90.403606][ T6148] RSP: 0018:ffffc9000b856e00 EFLAGS: 00010246
[   90.411949][ T6148] RAX: 0000000000000000 RBX: 0000000000000000 RCX: 0000000000080000
[   90.443440][ T6148] RDX: dffffc0000000000 RSI: 000000000000e25e RDI: ffff88807bdd63f0
[   90.451504][ T6148] RBP: 0000000000000000 R08: ffff888024ed9d97 R09: 1ffff110049db3b2
[   90.460887][ T6148] R10: dffffc0000000000 R11: ffffed10049db3b3 R12: 0000000000000600
[   90.472665][ T6148] R13: 0000000000000000 R14: 0000000000000000 R15: ffff88807bdd63c0
[   90.502826][ T6148] FS:  00007f70267f66c0(0000) GS:ffff888125fcd000(0000) knlGS:0000000000000000
[   90.532519][ T6148] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[   90.541434][ T6148] CR2: 0000000000000000 CR3: 000000002985c000 CR4: 00000000003526f0
[   90.552473][ T6148] Kernel panic - not syncing: Fatal exception
[   90.558803][ T6148] Kernel Offset: disabled
[   90.563109][ T6148] Rebooting in 86400 seconds..