last executing test programs:

27m21.734527674s ago: executing program 1 (id=544):
bpf$PROG_LOAD(0x5, &(0x7f0000000100)={0x20, 0x3, &(0x7f0000000340)=ANY=[@ANYBLOB="1800000000000000000000000000000095"], &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @netfilter=0x2d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
creat(&(0x7f0000000200)='./file0\x00', 0x18)
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="05000000010000000a00000008"], 0x48)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000000000000002000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f00000111c0)='ext4_sync_fs\x00', r1, 0x0, 0x5}, 0x18)
open(&(0x7f0000000a00)='./file0\x00', 0x381400, 0x20)
socket(0x10, 0x3, 0x0)
socket$packet(0x11, 0x3, 0x300)
r2 = socket$nl_route(0x10, 0x3, 0x0)
r3 = socket(0x10, 0x803, 0x0)
sendmsg$nl_route(r3, &(0x7f00000006c0)={0x0, 0x0, 0x0}, 0x0)
getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, <r4=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000240)=0x14)
sendmsg$nl_route(r2, &(0x7f0000000140)={0x0, 0xffffffffffffff6e, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="5000000010008105e9c51c000000000000000000", @ANYRES32=r4, @ANYBLOB="01000000000000002800128009000100766c616e000000001800028006000100000000000c0002000c0000000d00000008000500", @ANYRES64=r2], 0x50}, 0x1, 0x0, 0x0, 0x80}, 0x0)
r5 = socket$packet(0x11, 0x2, 0x300)
sendto$packet(r5, 0x0, 0x0, 0x44010, &(0x7f0000000040)={0x11, 0x8100, r4, 0x1, 0x7}, 0x14)

27m21.050491973s ago: executing program 1 (id=547):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="020000000400000006000000050000000010"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x1, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000001070000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000001900007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x1d, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0x11, 0xc, 0x0, &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0x21, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000400)='mm_migrate_pages\x00', r1, 0x0, 0x5}, 0x18)
mbind(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x0, 0x0, 0x0, 0x2)

27m20.911584652s ago: executing program 1 (id=549):
bpf$MAP_CREATE(0x0, &(0x7f0000000b00)=ANY=[], 0x50)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r0, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000340)={&(0x7f00000005c0)=ANY=[@ANYBLOB="a0000000210001002dbd700000000000fc020000000000000000000000000000ac1e000100000000000000000000000000000000000000000a0000000000", @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="0000000000000000500011"], 0xa0}}, 0x0)

27m20.586673158s ago: executing program 1 (id=552):
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x12b)
mount(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f0000000300)='configfs\x00', 0x0, 0x0)
mount$bind(0x0, &(0x7f00000005c0)='./file0\x00', 0x0, 0x100000, 0x0)
r0 = open_tree(0xffffffffffffff9c, &(0x7f0000000640)='\x00', 0x89901)
move_mount(r0, &(0x7f0000000140)='.\x00', 0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x0)
mount$bind(&(0x7f0000000000)='./file0/../file0\x00', &(0x7f0000000340)='./file0/file0\x00', 0x0, 0x89101a, 0x0)
mount$bind(&(0x7f0000000100)='./file0\x00', &(0x7f0000000280)='./file0/../file0\x00', 0x0, 0x1adc51, 0x0)
move_mount(r0, &(0x7f0000000080)='./file0/file0\x00', r0, &(0x7f0000000040)='./file0/../file0\x00', 0x0)

27m19.655652101s ago: executing program 1 (id=556):
bpf$MAP_CREATE(0x0, 0x0, 0x48)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000002c0)={<r0=>0xffffffffffffffff})
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r1, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000000c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x44800)
sendmsg$NFT_BATCH(r1, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000480)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a3c000000120a09000000000000000000020000000900020073797a310000000008000440000000000900010073797a3000000000080003400000000114000000110001"], 0x64}}, 0x0)
sendmsg$NFT_MSG_GETOBJ(r1, 0x0, 0x4040808)
close_range(r0, 0xffffffffffffffff, 0x0)

27m18.205785885s ago: executing program 1 (id=561):
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000600)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b703000000000000850000002d00000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000140)='kmem_cache_free\x00', r0}, 0x10)
r1 = socket$kcm(0xa, 0x1, 0x106)
bpf$MAP_CREATE(0x0, 0x0, 0x48)
r2 = socket$netlink(0x10, 0x3, 0x10)
bind$netlink(r2, &(0x7f0000514ff4)={0x10, 0x0, 0x0, 0x2ffffffff}, 0xc)
setsockopt$sock_int(r2, 0x1, 0x8, &(0x7f0000000000), 0x4)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
r4 = syz_genetlink_get_family_id$devlink(&(0x7f0000000140), r2)
sendmsg$DEVLINK_CMD_RELOAD(r3, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000080)={0x3c, r4, 0x1, 0x70bd26, 0x0, {}, [{@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, @DEVLINK_ATTR_NETNS_PID={0x8}}]}, 0x3c}, 0x1, 0x0, 0x0, 0x4040010}, 0x0)
setsockopt$netlink_NETLINK_BROADCAST_ERROR(r2, 0x10e, 0x4, &(0x7f0000000640)=0x1800, 0x4)
sendmsg$kcm(r1, &(0x7f00000019c0)={&(0x7f0000000080)=@l2tp6={0xa, 0x0, 0x0, @dev, 0x5}, 0x80, 0x0}, 0x24004059)

27m17.631524948s ago: executing program 32 (id=561):
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000600)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b703000000000000850000002d00000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000140)='kmem_cache_free\x00', r0}, 0x10)
r1 = socket$kcm(0xa, 0x1, 0x106)
bpf$MAP_CREATE(0x0, 0x0, 0x48)
r2 = socket$netlink(0x10, 0x3, 0x10)
bind$netlink(r2, &(0x7f0000514ff4)={0x10, 0x0, 0x0, 0x2ffffffff}, 0xc)
setsockopt$sock_int(r2, 0x1, 0x8, &(0x7f0000000000), 0x4)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
r4 = syz_genetlink_get_family_id$devlink(&(0x7f0000000140), r2)
sendmsg$DEVLINK_CMD_RELOAD(r3, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000080)={0x3c, r4, 0x1, 0x70bd26, 0x0, {}, [{@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, @DEVLINK_ATTR_NETNS_PID={0x8}}]}, 0x3c}, 0x1, 0x0, 0x0, 0x4040010}, 0x0)
setsockopt$netlink_NETLINK_BROADCAST_ERROR(r2, 0x10e, 0x4, &(0x7f0000000640)=0x1800, 0x4)
sendmsg$kcm(r1, &(0x7f00000019c0)={&(0x7f0000000080)=@l2tp6={0xa, 0x0, 0x0, @dev, 0x5}, 0x80, 0x0}, 0x24004059)

10m12.851826471s ago: executing program 0 (id=2922):
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
socket$kcm(0xa, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000200)={0x8, 0x8a}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x3)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8)
ioctl$KVM_SET_LAPIC(0xffffffffffffffff, 0x4400ae8f, &(0x7f0000000300)={"483991790b29e0b9f5c430a0c220cf40d86ed45e9ba5e288d72425d146da228f5cc106226b7ca3d9b3746bd63c144405b64f4f34b64d44431ab10f71257746980ce33ed6137343d54a02a014a94cf718fea30ea68334053651426279398458e376b4904c332d2e5028a403c5a3222184cef91cbba79b06f43aafea69ee77ba3497057ab60741d8c318fe29205fe798003633359b37f48c0ee7f473248602f31cc4497b2fb7c46a3b868c7c9c011db6cadf6d2fcee73273abab7a0e7b790f2889da75a46fc395c956459044d1d8babbb9a84383babd15724cf6c4967897732604d65953a88485eef756a9fb713a544acca595b9dbd2d74222455f3c7c05bec9e9f477fe76ad443c850af6cbd3b3cce59cfc786d66f9daf6267d6ec9b539ce582316fceddffa9fa887f6bf7a3f113b97856cba181fabebe83d695a2bbc8441cb654e7080289c4c0dc4b5e4af04e8e38434d93ee865f3a187bc2c3357a99d79641c59c8ac3071b22125a91a33fd5b1e997f85de90dbc6946304876117372689b25589e0a3a5c5aa18a65b0201a46e905c00bc0d48cea53b2c988a2aa30aaae63f0e40e343f4a921b3e631a9500493710513bd0bf653328c163851e23c751ec1a3a72507e847985cecc6ed3a19563cc14d1424b40dd66b67b800553d38e58b8866f3f1a6a244714c44d13904f491565ebaba65bc9f0b4d8999a37884de9b4910d3b6a1158263e69fd6e10503a4444df6ff7ef8aa02210d8af56f4fd4aeb619f37b4207e0759397277969857eafeb066534b24b0a430201d3b52ad644775146815ee03d95df00f9abd2b38e475e596d053ace34c9479cb213c2cad0e5273f817d29cc6d6bb8f38ed45b7d815cd319ca6cb93c8b2d2647d5533af949cfeb79d77eaef6418c01fc58696d1779f238544b6b8e69a5d81459f209ee33576b73271bb42969e4fae35c41e910779a2a3f4d57a1ff3eb14f8ac728af57042893228988eb547bc74e58298061dd3fdc54a8e097404571a042c390e29f502775d7a307cdf6f5e5199e6a1418442ad1ff7e5e98cc24899d272641da38fe5a2cc5ad297a934a7a7f04e1eb56d0b7c41f30f421e0b8ffdbb224d0e46a955a4b825c147f1e537680d9f49c1ac5b6d6e03bff94a68771d4ac24858b9b33a90974702e1cf7475f2c6a0b0c9eb2c787f0cb0cd3d2b6b1a6904e0376f770b1d73bce1713cac3641736ef2f45323ff5e0ee99cdc19cb8db0c66192545dad2b2cd85fbd8eb4a120ce82290d039790d21e77dda31b8c40efcb46e031ab059abace841a7d771a4aebc9617d1dcd92501b1a500cda317076f5c0b9fe802a8cc60d7fec9a53caaf2d4ddc6bbbe58065d7ffb7949d4011f5c917ea7216bd95a582a1fbde36664a0f48bcf694a96cf5244e8883afa45ac29777b12982af6b2f2626d104f45dcb5fca289087e0c32c9"})
r1 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000140)=ANY=[@ANYBLOB="1c000000340001002dbd7000fedbdb25010000000800070002f152"], 0x1c}, 0x1, 0x0, 0x0, 0x50}, 0x4000040)
r2 = fsopen(&(0x7f0000000280)='configfs\x00', 0x1)
r3 = fsmount(r2, 0x1, 0x89)
fchdir(r3)
openat(0xffffffffffffff9c, &(0x7f0000000640)='.\x00', 0x0, 0x0)
connect$inet(0xffffffffffffffff, 0x0, 0x0)
setsockopt$inet_int(0xffffffffffffffff, 0x0, 0x13, 0x0, 0x0)

10m10.578832659s ago: executing program 0 (id=2923):
syz_open_procfs(0xffffffffffffffff, 0x0)
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, 0x0)
madvise(&(0x7f0000569000/0x3000)=nil, 0x3000, 0x0)
ioctl$AUTOFS_DEV_IOCTL_REQUESTER(0xffffffffffffffff, 0xc018937b, 0x0)
ioctl$KVM_CHECK_EXTENSION(0xffffffffffffffff, 0xae03, 0x67)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0)
r0 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r0, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
r1 = syz_open_procfs(0x0, &(0x7f0000000080)='fd\x00')
lseek(r1, 0x1, 0x2)
getdents64(r1, 0x0, 0x25)
ioctl$TIOCPKT(r1, 0x5420, 0x0)
socket$inet_udplite(0x2, 0x2, 0x88)
timer_create(0x9, 0x0, &(0x7f00000000c0)=<r2=>0x0)
timer_settime(0x0, 0x1, &(0x7f0000000000)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0)
timer_gettime(r2, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f00000002c0)=@IORING_OP_LINKAT={0x27, 0x4, 0x0, 0xffffffffffffffff, &(0x7f0000000040)='./file0\x00', &(0x7f00000000c0)='./file0\x00', 0xffffffffffffffff, 0x400, 0x1})
r3 = openat$sysfs(0xffffffffffffff9c, &(0x7f00000002c0)='/sys/power/resume', 0x149a82, 0x240)
write$cgroup_int(r3, &(0x7f0000000000)=0xfe8e, 0x12)
accept4$rose(r3, &(0x7f0000000000)=@short={0xb, @dev, @netrom, 0x1, @netrom}, 0x0, 0x80800)

10m9.512917703s ago: executing program 0 (id=2926):
mkdir(&(0x7f0000000000)='./file0\x00', 0x0)
r0 = openat$dir(0xffffffffffffff9c, &(0x7f0000000000)='.\x00', 0x0, 0x0)
r1 = fanotify_init(0x8, 0x80000)
fanotify_mark(r1, 0x105, 0x4800003a, r0, 0x0)
mkdir(&(0x7f0000000100)='./file1\x00', 0x13b)
mkdir(&(0x7f0000000000)='./bus\x00', 0x0)
mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f0000000380)={[{@upperdir={'upperdir', 0x3d, './file1'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}]})
chdir(&(0x7f0000000140)='./bus\x00')
r2 = open(&(0x7f0000000580)='./file1\x00', 0x80342, 0x1df2a23c5997fa5f)
write$FUSE_CREATE_OPEN(r2, &(0x7f0000000180)={0xa0, 0xffffffffffffffda, 0x0, {{0x8, 0x3, 0x5, 0x8, 0x3, 0x1, {0x1, 0x17f, 0x20ff, 0x5, 0x89, 0xd615, 0xb, 0x7fffffff, 0xfffffffe, 0x8000, 0x0, 0x0, 0x0, 0x3ff, 0x1}}, {0x0, 0x13}}}, 0xa0)

10m8.783080319s ago: executing program 0 (id=2927):
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
socket$kcm(0xa, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000200)={0x8, 0x8a}, 0x0)
sched_setscheduler(0x0, 0x2, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8)
ioctl$KVM_SET_LAPIC(0xffffffffffffffff, 0x4400ae8f, &(0x7f0000000300)={"483991790b29e0b9f5c430a0c220cf40d86ed45e9ba5e288d72425d146da228f5cc106226b7ca3d9b3746bd63c144405b64f4f34b64d44431ab10f71257746980ce33ed6137343d54a02a014a94cf718fea30ea68334053651426279398458e376b4904c332d2e5028a403c5a3222184cef91cbba79b06f43aafea69ee77ba3497057ab60741d8c318fe29205fe798003633359b37f48c0ee7f473248602f31cc4497b2fb7c46a3b868c7c9c011db6cadf6d2fcee73273abab7a0e7b790f2889da75a46fc395c956459044d1d8babbb9a84383babd15724cf6c4967897732604d65953a88485eef756a9fb713a544acca595b9dbd2d74222455f3c7c05bec9e9f477fe76ad443c850af6cbd3b3cce59cfc786d66f9daf6267d6ec9b539ce582316fceddffa9fa887f6bf7a3f113b97856cba181fabebe83d695a2bbc8441cb654e7080289c4c0dc4b5e4af04e8e38434d93ee865f3a187bc2c3357a99d79641c59c8ac3071b22125a91a33fd5b1e997f85de90dbc6946304876117372689b25589e0a3a5c5aa18a65b0201a46e905c00bc0d48cea53b2c988a2aa30aaae63f0e40e343f4a921b3e631a9500493710513bd0bf653328c163851e23c751ec1a3a72507e847985cecc6ed3a19563cc14d1424b40dd66b67b800553d38e58b8866f3f1a6a244714c44d13904f491565ebaba65bc9f0b4d8999a37884de9b4910d3b6a1158263e69fd6e10503a4444df6ff7ef8aa02210d8af56f4fd4aeb619f37b4207e0759397277969857eafeb066534b24b0a430201d3b52ad644775146815ee03d95df00f9abd2b38e475e596d053ace34c9479cb213c2cad0e5273f817d29cc6d6bb8f38ed45b7d815cd319ca6cb93c8b2d2647d5533af949cfeb79d77eaef6418c01fc58696d1779f238544b6b8e69a5d81459f209ee33576b73271bb42969e4fae35c41e910779a2a3f4d57a1ff3eb14f8ac728af57042893228988eb547bc74e58298061dd3fdc54a8e097404571a042c390e29f502775d7a307cdf6f5e5199e6a1418442ad1ff7e5e98cc24899d272641da38fe5a2cc5ad297a934a7a7f04e1eb56d0b7c41f30f421e0b8ffdbb224d0e46a955a4b825c147f1e537680d9f49c1ac5b6d6e03bff94a68771d4ac24858b9b33a90974702e1cf7475f2c6a0b0c9eb2c787f0cb0cd3d2b6b1a6904e0376f770b1d73bce1713cac3641736ef2f45323ff5e0ee99cdc19cb8db0c66192545dad2b2cd85fbd8eb4a120ce82290d039790d21e77dda31b8c40efcb46e031ab059abace841a7d771a4aebc9617d1dcd92501b1a500cda317076f5c0b9fe802a8cc60d7fec9a53caaf2d4ddc6bbbe58065d7ffb7949d4011f5c917ea7216bd95a582a1fbde36664a0f48bcf694a96cf5244e8883afa45ac29777b12982af6b2f2626d104f45dcb5fca289087e0c32c9"})
r1 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000140)=ANY=[@ANYBLOB="1c000000340001002dbd7000fedbdb25010000000800070002f152"], 0x1c}, 0x1, 0x0, 0x0, 0x50}, 0x4000040)
r2 = fsopen(&(0x7f0000000280)='configfs\x00', 0x1)
fsconfig$FSCONFIG_CMD_CREATE(r2, 0x6, 0x0, 0x0, 0x0)
fchdir(0xffffffffffffffff)
openat(0xffffffffffffff9c, &(0x7f0000000640)='.\x00', 0x0, 0x0)
connect$inet(0xffffffffffffffff, 0x0, 0x0)
setsockopt$inet_int(0xffffffffffffffff, 0x0, 0x13, 0x0, 0x0)

9m55.699186967s ago: executing program 0 (id=2947):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
mount$cgroup2(0x0, 0x0, &(0x7f0000000080), 0x0, 0x0)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r3 = syz_open_dev$dri(&(0x7f0000000180), 0x0, 0x0)
r4 = syz_open_dev$dri(&(0x7f0000000180), 0x3ffffffffffffffd, 0x0)
r5 = syz_open_dev$dri(&(0x7f0000000040), 0xd21, 0x0)
ioctl$DRM_IOCTL_MODE_GETRESOURCES(r5, 0xc04064a0, &(0x7f00000004c0)={0x0, &(0x7f00000000c0)=[<r6=>0x0], 0x0, 0x0, 0x0, 0x1})
ioctl$DRM_IOCTL_MODE_GETCRTC(r5, 0xc06864a1, &(0x7f00000005c0)={0x0, 0x0, r6, <r7=>0x0})
ioctl$DRM_IOCTL_MODE_GETFB2(r4, 0xc06864ce, &(0x7f0000000440)={r7, 0x0, 0x0, 0x0, 0x0, [<r8=>0x0], [0x7, 0x0, 0x0, 0x7], [0x0, 0x0, 0x0, 0xfffffffc], [0x6, 0x4, 0x4]})
ioctl$DRM_IOCTL_PRIME_HANDLE_TO_FD(r4, 0xc00c642d, &(0x7f0000000200)={r8, 0x80000, <r9=>0xffffffffffffffff})
ioctl$DRM_IOCTL_PRIME_FD_TO_HANDLE(r3, 0xc00c642e, &(0x7f0000000000)={0x0, 0x0, r9})
close_range(r3, 0xffffffffffffffff, 0x0)
r10 = bpf$PROG_LOAD(0x5, 0x0, 0x0)
r11 = openat(0xffffffffffffff9c, &(0x7f0000000280)='./cgroup\x00', 0x0, 0x0)
write$tcp_congestion(0xffffffffffffffff, 0x0, 0x0)
bpf$BPF_PROG_DETACH(0x9, &(0x7f0000000340)={@cgroup=r11, r10, 0x12, 0x0, 0x0, @void, @value=0x0}, 0x20)
syz_emit_ethernet(0x56, &(0x7f0000000000)=ANY=[@ANYBLOB="aaaaaaaaaaaaaaaaaaaaaaaa88a800008100000086dd6076cd8a0018000020010000000000000000000000000000fe80000000000000000000000000000000020000000000000709"], 0x0)
writev(0xffffffffffffffff, &(0x7f0000000780)=[{&(0x7f0000000040)='\a', 0xfc19}, {0x0, 0x2}], 0x2)
write$tcp_congestion(0xffffffffffffffff, &(0x7f0000000380)='reno\x00', 0x5)

9m53.916429478s ago: executing program 0 (id=2949):
socket$alg(0x26, 0x5, 0x0)
mkdir(&(0x7f0000000440)='./file1\x00', 0x0)
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000009c0)=ANY=[], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r0}, 0x10)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000240)=0x7)
getpid()
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
bind$alg(0xffffffffffffffff, &(0x7f00000004c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb-camellia-aesni\x00'}, 0x58)
setsockopt$ALG_SET_KEY(0xffffffffffffffff, 0x117, 0x1, &(0x7f0000000280)="ad56b6c5820fae9d6dcd3292ea54", 0xe)
r3 = accept4(0xffffffffffffffff, 0x0, 0x0, 0x800)
r4 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r4, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000001c0)=@newtaction={0x64, 0x30, 0x1, 0x0, 0x0, {}, [{0x50, 0x1, [@m_vlan={0x4c, 0x1, 0x0, 0x0, {{0x9}, {0x20, 0x2, 0x0, 0x1, [@TCA_VLAN_PARMS={0x1c, 0x2, {{0x5, 0x0, 0x0, 0x80000008}, 0x4}}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0x64}}, 0x0)
r5 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$nl_route(r5, &(0x7f0000000240)={0x0, 0x0, &(0x7f00000000c0)={0x0}, 0x9}, 0x0)
sendmmsg$alg(r3, 0x0, 0x0, 0x20000001)
recvmsg(r3, 0x0, 0x1)
r6 = syz_init_net_socket$x25(0x9, 0x5, 0x0)
ioctl$SIOCX25SFACILITIES(r6, 0x89e3, 0x0)
r7 = syz_init_net_socket$bt_l2cap(0x1f, 0x5, 0x0)
connect$bt_l2cap(r7, &(0x7f0000000000)={0x1f, 0x8ef, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x10}}, 0xe)
r8 = io_uring_setup(0x23ed, &(0x7f0000000340)={0x0, 0x3e52, 0x2000, 0x1, 0x38c})
io_uring_enter(r8, 0x5406, 0xd588, 0x2, 0x0, 0x0)

9m38.543632356s ago: executing program 33 (id=2949):
socket$alg(0x26, 0x5, 0x0)
mkdir(&(0x7f0000000440)='./file1\x00', 0x0)
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000009c0)=ANY=[], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r0}, 0x10)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000240)=0x7)
getpid()
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
bind$alg(0xffffffffffffffff, &(0x7f00000004c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb-camellia-aesni\x00'}, 0x58)
setsockopt$ALG_SET_KEY(0xffffffffffffffff, 0x117, 0x1, &(0x7f0000000280)="ad56b6c5820fae9d6dcd3292ea54", 0xe)
r3 = accept4(0xffffffffffffffff, 0x0, 0x0, 0x800)
r4 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r4, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000001c0)=@newtaction={0x64, 0x30, 0x1, 0x0, 0x0, {}, [{0x50, 0x1, [@m_vlan={0x4c, 0x1, 0x0, 0x0, {{0x9}, {0x20, 0x2, 0x0, 0x1, [@TCA_VLAN_PARMS={0x1c, 0x2, {{0x5, 0x0, 0x0, 0x80000008}, 0x4}}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0x64}}, 0x0)
r5 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$nl_route(r5, &(0x7f0000000240)={0x0, 0x0, &(0x7f00000000c0)={0x0}, 0x9}, 0x0)
sendmmsg$alg(r3, 0x0, 0x0, 0x20000001)
recvmsg(r3, 0x0, 0x1)
r6 = syz_init_net_socket$x25(0x9, 0x5, 0x0)
ioctl$SIOCX25SFACILITIES(r6, 0x89e3, 0x0)
r7 = syz_init_net_socket$bt_l2cap(0x1f, 0x5, 0x0)
connect$bt_l2cap(r7, &(0x7f0000000000)={0x1f, 0x8ef, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x10}}, 0xe)
r8 = io_uring_setup(0x23ed, &(0x7f0000000340)={0x0, 0x3e52, 0x2000, 0x1, 0x38c})
io_uring_enter(r8, 0x5406, 0xd588, 0x2, 0x0, 0x0)

2m56.908563685s ago: executing program 6 (id=3537):
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000480)={&(0x7f0000000240)=ANY=[@ANYBLOB="e80000006c00010029bd7000fcdbdf2500000000", @ANYRES32, @ANYBLOB="001000008000000008000f002000000014003500726f7365300000000000000000000000a40034801400350070696d367265673000000020000000001400350076657468305f6d614176746170000000140035006d61637674617030020000000000000014003500677265300000000000000000000000001400350076657468305f746f5f626174616476001400350001657468315f6d6163767461700000001400350067726530000000000000000000000000140035006261746164765f736c6176655f31000008000f"], 0xe8}}, 0x0)

2m56.482013414s ago: executing program 6 (id=3539):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000100)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r0, 0x0, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r3 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r3, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000140)=@newtaction={0x6c, 0x32, 0x629, 0x0, 0x0, {}, [{0x58, 0x1, [@m_mpls={0x54, 0x1, 0x0, 0x0, {{0x9}, {0x28, 0x2, 0x0, 0x1, [@TCA_MPLS_PARMS={0x1c, 0x2, {{0xbcb, 0xc0, 0x1, 0x7fffffff}, 0x4}}, @TCA_MPLS_LABEL={0x8, 0x5, 0x4c116}]}, {0x4, 0x4}, {0xc}, {0xc, 0x8, {0x0, 0x2}}}}]}]}, 0x6c}, 0x1, 0x0, 0x0, 0x44000}, 0x0)
r4 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000040), 0x802, 0x0)
write$uinput_user_dev(r4, &(0x7f0000000ec0)={'syz0\x00', {}, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0xfffffffc], [0x0, 0x0, 0x2, 0xb16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1000, 0x0, 0xf, 0x0, 0x2, 0x0, 0x0, 0x0, 0xfffffffe, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0xfffffffd, 0x0, 0x8], [0x88000001, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0xe, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x4], [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80, 0x0, 0x3, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0xfffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5]}, 0x45c)
madvise(&(0x7f0000c00000/0x400000)=nil, 0x400000, 0xe)
madvise(&(0x7f0000ff9000/0x4000)=nil, 0x4000, 0x17)
r5 = userfaultfd(0x801)
r6 = socket$nl_generic(0x10, 0x3, 0x10)
r7 = syz_genetlink_get_family_id$devlink(0x0, 0xffffffffffffffff)
sendmsg$DEVLINK_CMD_TRAP_GET(r6, &(0x7f0000000640)={0x0, 0x0, &(0x7f0000000600)={&(0x7f0000000280)=ANY=[@ANYBLOB="5000352d45f5d65490a0fabe85f0900000", @ANYRES16=r7, @ANYBLOB="010000000000fbdbdf25270000000e0001006e657464657673696d0000000f0002006e657464657673696d3000001c005100736f757263655f6d61635f69735f6d756c74696361737400"], 0x50}, 0x1, 0x0, 0x0, 0x24040011}, 0x0)
ioctl$UFFDIO_API(r5, 0xc018aa3f, &(0x7f00000000c0))
ioctl$UFFDIO_REGISTER(r5, 0xc020aa00, &(0x7f0000000000)={{&(0x7f0000400000/0xc00000)=nil, 0xc00000}, 0x1})
ioctl$UFFDIO_CONTINUE(r5, 0xc020aa08, &(0x7f0000000080)={{&(0x7f0000edf000/0x2000)=nil, 0x2000}})
r8 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r9 = ioctl$KVM_CREATE_VM(r8, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r9, 0xae60)
r10 = ioctl$KVM_CREATE_VCPU(r9, 0xae41, 0x0)
ioctl$KVM_SET_LAPIC(r10, 0x4400ae8f, 0x0)
ioctl$UI_DEV_CREATE(r4, 0x5501)
ioctl$UI_DEV_DESTROY(r4, 0x5502)

2m54.975455461s ago: executing program 6 (id=3542):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000100)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r0, 0x0, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r3 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r3, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000140)=@newtaction={0x6c, 0x32, 0x629, 0x0, 0x0, {}, [{0x58, 0x1, [@m_mpls={0x54, 0x1, 0x0, 0x0, {{0x9}, {0x28, 0x2, 0x0, 0x1, [@TCA_MPLS_PARMS={0x1c, 0x2, {{0xbcb, 0xc0, 0x1, 0x7fffffff}, 0x4}}, @TCA_MPLS_LABEL={0x8, 0x5, 0x4c116}]}, {0x4, 0x4}, {0xc}, {0xc, 0x8, {0x0, 0x2}}}}]}]}, 0x6c}, 0x1, 0x0, 0x0, 0x44000}, 0x0)
r4 = openat$uinput(0xffffffffffffff9c, 0x0, 0x802, 0x0)
write$uinput_user_dev(r4, &(0x7f0000000ec0)={'syz0\x00', {}, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0xfffffffc], [0x0, 0x0, 0x2, 0xb16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1000, 0x0, 0xf, 0x0, 0x2, 0x0, 0x0, 0x0, 0xfffffffe, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0xfffffffd, 0x0, 0x8], [0x88000001, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0xe, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x4], [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80, 0x0, 0x3, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0xfffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5]}, 0x45c)
madvise(&(0x7f0000c00000/0x400000)=nil, 0x400000, 0xe)
madvise(&(0x7f0000ff9000/0x4000)=nil, 0x4000, 0x17)
r5 = userfaultfd(0x801)
r6 = socket$nl_generic(0x10, 0x3, 0x10)
r7 = syz_genetlink_get_family_id$devlink(&(0x7f0000000dc0), 0xffffffffffffffff)
sendmsg$DEVLINK_CMD_TRAP_GET(r6, &(0x7f0000000640)={0x0, 0x0, &(0x7f0000000600)={&(0x7f0000000280)=ANY=[@ANYBLOB="5000352d45f5d65490a0fabe85f0900000", @ANYRES16=r7, @ANYBLOB="010000000000fbdbdf25270000000e0001006e657464657673696d0000000f0002006e657464657673696d3000001c005100736f757263655f6d61635f69735f6d756c74696361737400"], 0x50}, 0x1, 0x0, 0x0, 0x24040011}, 0x0)
ioctl$UFFDIO_API(r5, 0xc018aa3f, &(0x7f00000000c0))
ioctl$UFFDIO_REGISTER(r5, 0xc020aa00, &(0x7f0000000000)={{&(0x7f0000400000/0xc00000)=nil, 0xc00000}, 0x1})
ioctl$UFFDIO_CONTINUE(r5, 0xc020aa08, &(0x7f0000000080)={{&(0x7f0000edf000/0x2000)=nil, 0x2000}})
r8 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r9 = ioctl$KVM_CREATE_VM(r8, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r9, 0xae60)
r10 = ioctl$KVM_CREATE_VCPU(r9, 0xae41, 0x0)
ioctl$KVM_SET_LAPIC(r10, 0x4400ae8f, 0x0)
ioctl$UI_DEV_CREATE(r4, 0x5501)
ioctl$UI_DEV_DESTROY(r4, 0x5502)

2m51.834322139s ago: executing program 6 (id=3545):
bpf$PROG_LOAD(0x5, &(0x7f0000000040)={0x6, 0xc, &(0x7f0000000140)=ANY=[@ANYBLOB="18020000040000000000000000000000850000002c000000180100002020732500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000001700000095"], &(0x7f00000001c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @xdp, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
mkdirat(0xffffffffffffff9c, 0x0, 0x0)
r0 = openat$sysctl(0xffffffffffffff9c, &(0x7f0000000080)='/sys/kernel/mm/ksm/run\x00', 0x1, 0x0)
write$sysctl(r0, 0x0, 0x0)
r1 = syz_open_dev$evdev(&(0x7f00000000c0), 0x2, 0x862b01)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r2, &(0x7f0000019680)=""/102392, 0x18ff8)
syz_open_procfs(0xffffffffffffffff, &(0x7f00000042c0)='fdinfo/3\x00')
ioctl$EVIOCGRAB(r1, 0x40044590, 0x0)
write$sysctl(r0, 0x0, 0x0)
r3 = socket$inet(0x2, 0x1, 0x100)
setsockopt$inet_tcp_int(r3, 0x6, 0x80000000000002, 0x0, 0x0)
bind$inet(r3, &(0x7f0000000080)={0x2, 0x4e23, @local}, 0x10)
prlimit64(0x0, 0xe, 0x0, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
r4 = bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000400)={&(0x7f00000003c0)='sched_switch\x00', r4}, 0x10)
r5 = socket$nl_xfrm(0x10, 0x3, 0x6)
bind$netlink(r5, &(0x7f0000000080)={0x10, 0x0, 0x0, 0x1}, 0xc)
r6 = socket$inet6(0xa, 0x3, 0x7)
connect$inet6(r6, &(0x7f00000000c0)={0xa, 0x0, 0x0, @loopback}, 0x1c)
bpf$PROG_LOAD_XDP(0x5, 0x0, 0x0)
setsockopt$inet6_IPV6_XFRM_POLICY(r6, 0x29, 0x23, &(0x7f0000000340)={{{@in6=@dev, @in=@empty, 0x0, 0x0, 0x1, 0x4, 0xa}, {0xbd1, 0x0, 0x3}, {0x81, 0x2}, 0x2000000, 0x0, 0x1, 0x0, 0x0, 0x2}, {{@in=@local, 0x8000, 0x33}, 0x0, @in6=@empty, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x10000}}, 0xe8)
bpf$BPF_PROG_TEST_RUN(0xa, 0x0, 0x0)

2m49.669726378s ago: executing program 6 (id=3549):
syz_mount_image$ext4(0x0, &(0x7f0000000140)='./file0\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f0000000000))
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="18000000000000000000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000f6000000850000004300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
socket$can_bcm(0x1d, 0x2, 0x2)
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=ANY=[@ANYBLOB="160000000000000004000000fb"], 0x48)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b7040000000000008500000057"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x38, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
syz_mount_image$ext4(&(0x7f0000000280)='ext4\x00', &(0x7f0000000000)='./bus\x00', 0x21081e, &(0x7f00000002c0)={[{@grpquota}, {@inode_readahead_blks={'inode_readahead_blks', 0x3d, 0x800}}, {@nojournal_checksum}]}, 0x1, 0x503, &(0x7f0000000fc0)="$eJzs3c9vG1kdAPCvnThx0uwmu+wBEOyW3YWCqjqJuxut9gDLCSG0EmKPILUhcaModhzFTmlCD+mZKxKVOMGRP4BzT9y5IHrjUg5I/IhADRIHoxlPUje1m6hJ7Gz8+UijeW/e1N/vazrvxS+NXwBD62pE7EbEWETcjojp7HouO+KT9pHc93Tv/tL+3v2lXLRan/0zl7Yn16LjzySuZK9ZjIgffS/ip7kX4za2d9YWq9XKZlafbdY2ZhvbOzdWa4srlZXKerm8ML8w99HND8tn1td3amNZ6atP/rj7rZ8naU1lVzr7cZbaXS8cxkmMRsQPziPYAIxk/RkbdCK8knxEvBkR76bP/3SMpF9NAOAya7WmozXdWQcALrt8ugaWy5eytYCpyOdLpfYa3lsxma/WG83rd+pb68vttbKZKOTvrFYrc9la4UwUckl9Pi0/q5eP1G9GxBsR8cvxibReWqpXlwf5jQ8ADLErR+b//4y3538A4JIrDjoBAKDvzP8AMHzM/wAwfMz/ADB82vP/xKDTAAD6yPt/ABg+5n8AGCo//PTT5GjtZ59/vXx3e2utfvfGcqWxVqptLZWW6psbpZV6fSX9zJ7aca9Xrdc35j+IrXsz395oNGcb2zu3avWt9eat9HO9b1UK6V27fegZANDLG+88epxLZuSPJ9IjOvZyKAw0M+C85QedADAwI4NOABgYu33B8DrFe3zLA3BJdNmi9znFbr8g1Gq1WueXEnDOrn3J+j8Mq471f/8LGIaM9X8YXtb/YXi1WrmT7vkfJ70RALjYrPEDPX7+/2Z2/l32w4GfLB+94+F5ZgUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAX28H+v6VsL/CpyOdLpYjXImImCrk7q9XKXES8HhF/Hi+MJ/X5AecMAJxW/m+5bP+va9PvTz3X9PaVw+JYRPzs15/96t5is7n5p4ix3L/GD643H2bXy/3PHgA43sE8nZ473sg/3bu/dHD0M5+/fzciiu34+3tjsX8YfzRG03MxChEx+e9cVm/LdaxdnMbug4j4Yrf+52IqXQNp73x6NH4S+7W+xs8/Fz+ftrXPyd/FF84gFxg2j5Lx55Nuz18+rqbn7s9/MR2hTi8b/5KXWtpPx8Bn8Q/Gv5Ee49/Vk8b44A/fb5cmXmx7EPHl0YiD2Psd489B/FyP+O+fMP5fvvL2u73aWr+JuBbd43fGmm3WNmYb2zs3VmuLK5WVynq5vDC/MPfRzQ/Ls+ka9Wzv2eAfH19/vVdb0v/JHvGLx/T/6yfs/2//d/vHX3tJ/G++1y1+Pt56SfxkTvzGCeMvTv6+2Kstib/co//Hff2vnzD+k7/uvLBtOAAwOI3tnbXFarWy+TkqPE6+pxl8Ggr9LyT/ZC9AGl0L3+lXrLHo3vSL99rP9JGmVuuVYvUaMc5i1Q24CA4f+oj476CTAQAAAAAAAAAAAAAAuurHbywNuo8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABcXv8PAAD//+a4zis=")
r1 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x101042, 0x174)
ioctl$FS_IOC_SETFLAGS(r1, 0x40086602, &(0x7f0000000140))
r2 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x143041, 0x0)
pwritev2(r2, 0x0, 0x0, 0xe7b, 0x0, 0x0)
ioctl$EXT4_IOC_MIGRATE(r1, 0x6609)

2m47.142921179s ago: executing program 6 (id=3553):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000540)={0x11, 0x3, &(0x7f0000000600)=@framed={{0x18, 0x0, 0x0, 0x0, 0x8003, 0x0, 0x0, 0x0, 0x10}}, &(0x7f00000000c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x5df6, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000040)='contention_end\x00', r0}, 0x10)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
r2 = getpid()
sendmsg$nl_generic(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000640)={0x180, 0x140, 0x107, 0x8000, 0x8, {0x2, 0x7c}, [@nested={0x16a, 0xf3, 0x0, 0x1, [@nested={0xd0, 0x38, 0x0, 0x1, [@typed={0x8, 0xfe, 0x0, 0x0, @pid=0xffffffffffffffff}, @nested={0xa7, 0x98, 0x0, 0x1, [@typed={0x8, 0xaf, 0x0, 0x0, @ipv4=@multicast2}, @typed={0x8, 0x6d, 0x0, 0x0, @u32=0x62}, @generic="450cea13c37a228f9f400527ceaabd5a92030595c5f3ec54fd2eefe1eb09cc613330e217570c061bdec4ba907681013d267bd8d223417b012fa98dddd9c6132404714993e3e2bd7bcf15f84cda10e1384b3d0d27b12135b9c804b5bef1197c65a6b399be08976c744b934c247252ec43663e23a71c6e2484387dd1a0a3f75ba3ed4781b8d1f1c51737fde3", @typed={0x5, 0x13f, 0x0, 0x0, @str='\x00'}]}, @generic="86fd050d019f3cdd620ed8ca288f259c9472d4ab949ac70f4bdb09ec"]}, @typed={0x14, 0x139, 0x0, 0x0, @ipv6=@rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01'}, @typed={0x8, 0x2c, 0x0, 0x0, @pid=r2}, @typed={0x8, 0x76, 0x0, 0x0, @u32=0x1afe}, @generic="b517cf62cf2c0c5a5a2063ac2e5530bb1c689312a004788126517583fd45b711d623c225a43a981d17b99092bbd7de526c54c97c108c96046412b49a81510914915c198768815d89a8f8cca46640eadba458e77e14a2", @typed={0x8, 0x142, 0x0, 0x0, @ipv4=@empty}, @typed={0x14, 0xd9, 0x0, 0x0, @ipv6=@dev={0xfe, 0x80, '\x00', 0x30}}]}]}, 0x180}, 0x1, 0x0, 0x0, 0x4091}, 0xc000)
sched_setaffinity(0x0, 0x0, 0x0)
sched_setscheduler(0x0, 0x1, 0x0)
sendmsg$NFT_BATCH(0xffffffffffffffff, 0x0, 0x0)
syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10)
r3 = syz_open_dev$video4linux(&(0x7f0000000000), 0x5, 0x40c00)
ioctl$VIDIOC_G_EDID(r3, 0xc0285628, &(0x7f0000000140)={0x0, 0x10, 0x7, '\x00', &(0x7f0000000040)=0x5})
ioctl$TIOCSETD(0xffffffffffffffff, 0x5423, 0x0)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r4, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000000c0)=ANY=[@ANYBLOB="c0260000410007010000000007000000017c00000400fc80a7260180"], 0x26c0}}, 0x4010)
socket$nl_generic(0x10, 0x3, 0x10)
syz_usb_connect$hid(0x0, 0x36, 0x0, 0x0)
openat$sysfs(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/address_bits', 0x31d043, 0x43)
r5 = syz_open_dev$ndb(&(0x7f0000000500), 0x0, 0x0)
r6 = syz_clone3(&(0x7f0000000400)={0x172824a00, &(0x7f0000000100), &(0x7f0000000240)=<r7=>0x0, &(0x7f0000000280), {0x2b}, &(0x7f00000002c0)=""/137, 0x89, &(0x7f0000000380)=""/35, &(0x7f00000003c0)=[0x0, 0xffffffffffffffff, 0x0, 0xffffffffffffffff], 0x4}, 0x58)
syz_open_procfs(r7, &(0x7f0000000480)='cmdline\x00')
ioctl$NBD_SET_SIZE_BLOCKS(r5, 0xab07, 0x80000000)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000140)={<r8=>0xffffffffffffffff})
sched_setscheduler(r6, 0x1, &(0x7f00000001c0)=0xfffff000)
ioctl$NBD_SET_SOCK(r5, 0xab00, r8)
ioctl$NBD_DO_IT(r5, 0xab03)

2m31.650015138s ago: executing program 34 (id=3553):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000540)={0x11, 0x3, &(0x7f0000000600)=@framed={{0x18, 0x0, 0x0, 0x0, 0x8003, 0x0, 0x0, 0x0, 0x10}}, &(0x7f00000000c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x5df6, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000040)='contention_end\x00', r0}, 0x10)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
r2 = getpid()
sendmsg$nl_generic(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000640)={0x180, 0x140, 0x107, 0x8000, 0x8, {0x2, 0x7c}, [@nested={0x16a, 0xf3, 0x0, 0x1, [@nested={0xd0, 0x38, 0x0, 0x1, [@typed={0x8, 0xfe, 0x0, 0x0, @pid=0xffffffffffffffff}, @nested={0xa7, 0x98, 0x0, 0x1, [@typed={0x8, 0xaf, 0x0, 0x0, @ipv4=@multicast2}, @typed={0x8, 0x6d, 0x0, 0x0, @u32=0x62}, @generic="450cea13c37a228f9f400527ceaabd5a92030595c5f3ec54fd2eefe1eb09cc613330e217570c061bdec4ba907681013d267bd8d223417b012fa98dddd9c6132404714993e3e2bd7bcf15f84cda10e1384b3d0d27b12135b9c804b5bef1197c65a6b399be08976c744b934c247252ec43663e23a71c6e2484387dd1a0a3f75ba3ed4781b8d1f1c51737fde3", @typed={0x5, 0x13f, 0x0, 0x0, @str='\x00'}]}, @generic="86fd050d019f3cdd620ed8ca288f259c9472d4ab949ac70f4bdb09ec"]}, @typed={0x14, 0x139, 0x0, 0x0, @ipv6=@rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01'}, @typed={0x8, 0x2c, 0x0, 0x0, @pid=r2}, @typed={0x8, 0x76, 0x0, 0x0, @u32=0x1afe}, @generic="b517cf62cf2c0c5a5a2063ac2e5530bb1c689312a004788126517583fd45b711d623c225a43a981d17b99092bbd7de526c54c97c108c96046412b49a81510914915c198768815d89a8f8cca46640eadba458e77e14a2", @typed={0x8, 0x142, 0x0, 0x0, @ipv4=@empty}, @typed={0x14, 0xd9, 0x0, 0x0, @ipv6=@dev={0xfe, 0x80, '\x00', 0x30}}]}]}, 0x180}, 0x1, 0x0, 0x0, 0x4091}, 0xc000)
sched_setaffinity(0x0, 0x0, 0x0)
sched_setscheduler(0x0, 0x1, 0x0)
sendmsg$NFT_BATCH(0xffffffffffffffff, 0x0, 0x0)
syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10)
r3 = syz_open_dev$video4linux(&(0x7f0000000000), 0x5, 0x40c00)
ioctl$VIDIOC_G_EDID(r3, 0xc0285628, &(0x7f0000000140)={0x0, 0x10, 0x7, '\x00', &(0x7f0000000040)=0x5})
ioctl$TIOCSETD(0xffffffffffffffff, 0x5423, 0x0)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r4, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000000c0)=ANY=[@ANYBLOB="c0260000410007010000000007000000017c00000400fc80a7260180"], 0x26c0}}, 0x4010)
socket$nl_generic(0x10, 0x3, 0x10)
syz_usb_connect$hid(0x0, 0x36, 0x0, 0x0)
openat$sysfs(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/address_bits', 0x31d043, 0x43)
r5 = syz_open_dev$ndb(&(0x7f0000000500), 0x0, 0x0)
r6 = syz_clone3(&(0x7f0000000400)={0x172824a00, &(0x7f0000000100), &(0x7f0000000240)=<r7=>0x0, &(0x7f0000000280), {0x2b}, &(0x7f00000002c0)=""/137, 0x89, &(0x7f0000000380)=""/35, &(0x7f00000003c0)=[0x0, 0xffffffffffffffff, 0x0, 0xffffffffffffffff], 0x4}, 0x58)
syz_open_procfs(r7, &(0x7f0000000480)='cmdline\x00')
ioctl$NBD_SET_SIZE_BLOCKS(r5, 0xab07, 0x80000000)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000140)={<r8=>0xffffffffffffffff})
sched_setscheduler(r6, 0x1, &(0x7f00000001c0)=0xfffff000)
ioctl$NBD_SET_SOCK(r5, 0xab00, r8)
ioctl$NBD_DO_IT(r5, 0xab03)

52.072079165s ago: executing program 5 (id=3736):
getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, 0x0, 0x0)
r0 = socket$packet(0x11, 0x2, 0x300)
setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000180)={0xfbfb, 0x7}, 0x4)
sendmsg$NFNL_MSG_ACCT_GET(0xffffffffffffffff, 0x0, 0x8830)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f00000001c0)=0x8)
r1 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x6770c000)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000100)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
write(0xffffffffffffffff, 0x0, 0x0)
syz_genetlink_get_family_id$nfc(&(0x7f0000000000), 0xffffffffffffffff)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000100)={'netdevsim0\x00', <r5=>0x0})
r6 = bpf$MAP_CREATE(0x0, &(0x7f00000006c0)=ANY=[@ANYBLOB="0100000007800000612200000200000000000000", @ANYRES32, @ANYBLOB="83e500"/20, @ANYRES32=r5], 0x50)
bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000140)={r6, &(0x7f0000000000), 0x0}, 0x20)

50.033080576s ago: executing program 5 (id=3738):
r0 = socket$netlink(0x10, 0x3, 0x0)
r1 = socket$packet(0x11, 0x3, 0x300)
r2 = socket$inet_udplite(0x2, 0x2, 0x88)
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000100)={'batadv_slave_0\x00', <r3=>0x0})
setsockopt$packet_add_memb(r1, 0x107, 0x1, 0x0, 0x0)
setsockopt$packet_add_memb(r1, 0x107, 0x1, &(0x7f0000000000)={r3, 0x11, 0x6, @broadcast}, 0x10)
sendmsg$nl_route_sched(r0, &(0x7f00000003c0)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000280)=@getchain={0x24, 0x11, 0x1, 0x70bd27, 0x0, {0x0, 0x0, 0x0, r3}}, 0x24}, 0x1, 0x0, 0x0, 0x4000}, 0x20008050)

48.473387031s ago: executing program 5 (id=3741):
bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0x7, &(0x7f0000000540)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB='\x00\x00\x00\x00\x00\x00\x00'], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0xf, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r0, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f000000c280)={&(0x7f0000000000)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a01010000000000000000050000000900010073797a300000000078000000030a01030000000000000000050000000900010073797a300000000008000540000000001c0008800c00024000000000000000000c00014000000000000000000900030073797a3200000000280004800800024000000000140003007465616d5f736c6176655f3000000000080001"], 0xd4}}, 0x0)

47.884533333s ago: executing program 5 (id=3744):
bpf$PROG_LOAD(0x5, &(0x7f0000000240)={0x6, 0x5, &(0x7f0000000000)=ANY=[@ANYRES64=0x0], &(0x7f0000000200)='syzkaller\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @xdp, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x4, @void, @value}, 0x94)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r0 = getpid()
r1 = syz_open_procfs(0x0, &(0x7f0000000140)='net/ip6_flowlabel\x00')
pread64(r1, &(0x7f0000000a40)=""/4128, 0x58e, 0x299)
getsockopt$PNPIPE_HANDLE(r1, 0x113, 0x3, &(0x7f0000000100), &(0x7f0000000180)=0x4)
syz_io_uring_setup(0x4594, &(0x7f0000000480)={0x0, 0x81d4, 0x80, 0x3, 0x179, 0x0, r1}, &(0x7f0000000280), &(0x7f0000000680))
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r4 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r4, &(0x7f0000000540)={0x0, 0x0, &(0x7f0000000500)={&(0x7f0000000340)=ANY=[@ANYBLOB="380100001a00010000f70000fddbdf25fc02580000f4ffffffffffffff000000", @ANYRES32=0x0, @ANYRES32=0x0], 0x138}}, 0x20000000)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000780)={0x11, 0x5, &(0x7f00000002c0)=ANY=[@ANYBLOB="18050000000000fe000000004b64ffec850000007d00000004000000070000"], &(0x7f0000000080)='GPL\x00', 0x8, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)
mkdir(&(0x7f00000000c0)='./bus\x00', 0x0)
mount$bind(&(0x7f00000002c0)='.\x00', &(0x7f0000000200)='./file0/../file0\x00', 0x0, 0x101091, 0x0)
syz_open_dev$usbfs(&(0x7f0000000240), 0x8000000000000, 0x10000)
mkdir(&(0x7f0000000440)='./file1\x00', 0x0)
mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f0000000a00)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@upperdir={'upperdir', 0x3d, './file1'}}, {@nfs_export_on}]})
chdir(&(0x7f00000001c0)='./bus\x00')
utime(&(0x7f0000000000)='./file0\x00', 0x0)
rmdir(&(0x7f0000000380)='./file0/../file0\x00')

46.088376183s ago: executing program 5 (id=3746):
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000ed074479000000000000000018000000", @ANYRES32, @ANYBLOB="0000000000000000b70800000000396f7b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b70400000000000085"], 0x0, 0x0, 0x0, 0x0, 0x41100, 0x4, '\x00', 0x0, @fallback=0x33, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000640)={0x11, 0xc, &(0x7f0000000180)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f0000000000)='sys_enter\x00', r0}, 0x18)
getxattr(0x0, 0x0, 0x0, 0x0)

45.538350861s ago: executing program 5 (id=3747):
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000180)={0x1, &(0x7f0000000040)=[{0x200000000006, 0x0, 0xfe, 0x7ffc0002}]})
r0 = fsopen(&(0x7f00000018c0)='rpc_pipefs\x00', 0x1)
fsconfig$FSCONFIG_CMD_RECONFIGURE(r0, 0x6, 0x0, 0x0, 0x0)
r1 = socket$nl_sock_diag(0x10, 0x3, 0x4)
sendmsg$TCPDIAG_GETSOCK(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000003c0)={0x54, 0x12, 0x1, 0x0, 0x0, {0xa, 0x3, 0x0, 0x0, {0x0, 0x4e22, [0x0, 0xffffffff], [], 0x0, [0x1, 0x3]}}, [@INET_DIAG_REQ_BYTECODE={0x8, 0x3, "11000000"}]}, 0x54}}, 0x20004010)
r2 = bpf$MAP_CREATE(0x0, 0x0, 0x50)
r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xd, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000850000005000000018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000001b80)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000080)='kfree\x00', r3}, 0x10)
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x1, &(0x7f00000000c0)=[{0x200000000006, 0x0, 0x0, 0x7ffc1ffb}]})
r4 = bpf$MAP_CREATE(0x0, 0x0, 0x48)
bpf$MAP_UPDATE_CONST_STR(0x2, &(0x7f0000000180)={{r4}, 0x0, &(0x7f0000000080)='%+9llu \x00'}, 0x20)
bpf$PROG_LOAD(0x5, &(0x7f0000000700)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r4, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b70400000000000085000000c300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
r5 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x12, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000100)='kmem_cache_free\x00', r5}, 0x10)
iopl(0x3)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000040)={{r2}, &(0x7f0000000000), &(0x7f00000005c0)=r3}, 0x20)
unshare(0x2040400)
r6 = fsopen(&(0x7f0000000040)='cgroup2\x00', 0x0)
fsconfig$FSCONFIG_CMD_CREATE(r6, 0x6, 0x0, 0x0, 0x0)
unshare(0x2000400)
fsmount(r6, 0x0, 0x0)
r7 = syz_io_uring_setup(0x5c2, &(0x7f0000000140)={0x0, 0x0, 0x0, 0x4}, &(0x7f00000001c0)=<r8=>0x0, &(0x7f0000000580))
syz_memcpy_off$IO_URING_METADATA_GENERIC(r8, 0x4, &(0x7f0000000080)=0xfffffff8, 0x0, 0x4)
setsockopt$inet_sctp6_SCTP_AUTH_KEY(0xffffffffffffffff, 0x84, 0x17, &(0x7f0000000300)=ANY=[@ANYRES32=0x0, @ANYBLOB="01000000c5efa4455938d7ad539841e2e16b8a8c4816657ca461"], 0x8)
close(0xffffffffffffffff)
io_uring_enter(r7, 0x6e2, 0x3900, 0x1, 0x0, 0xe00)
rt_sigsuspend(&(0x7f00000002c0)={[0x20000000004]}, 0x8)

10.990473994s ago: executing program 3 (id=3827):
ioctl$USBDEVFS_GETDRIVER(0xffffffffffffffff, 0x8008550e, &(0x7f0000000180)={0x7, "be6f08e2b0cee13c9d6d792bbaa72e1296ea86bb25a5a802b4a3892e625957fc73ae85cae41d7e7e334f8e57bbc2a5b683077da4e3841d494dc145718c0c320ff9cde7b26a9aa196d0b68337d8593199c4a30534108bf6a9da33b56e5efbd79459a71f8584c6fed653bf0993080e2bfa4333ef42604fe8497b62758c88291e4858a44971a0448b5bd639687eb8d7d030e8aae4c257e8ef3584e0748f4a73cf4329fc711c88718beb7951f5001d2db3481bf064d71f83002ef121a5eca316c54c4a5fa72f542f0f54de8bb41a21e52f1015170a5aba32b8212399a22a721345e8714fbd91fc46d62a0a108eba2cd1f046dc1effb6198c2518d15baaa9a25a9f8f"})
bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
syz_mount_image$ext4(&(0x7f00000007c0)='ext4\x00', &(0x7f00000006c0)='./file1\x00', 0x40, &(0x7f00000000c0)={[{@user_xattr}, {@nodioread_nolock}]}, 0x1, 0x576, &(0x7f00000010c0)="$eJzs3T1sG2UfAPD/neO3X3nf9JXeVwLUoQKkIlV1kn5AYWpXRKVKHZBYIHLcqIoTV7EDTZQh3StEBwSoS9lgYAQxMCAWRlYWEDNSRSOQmg5g5K80TZzglDouud9POvuee87+P8+d/499pzs5gMw62nhII56OiItJxMi6uqFoVx5trbe6slS8v7JUTKJev/RLEklE3FtZKnbWT9rPhyJiOSKeiohv8hHH081xqwuL0xPlcmmuXR6tzVwdrS4snrgyMzFVmirNnnrp5TNnT58ZPzm+/mX36+tL+Z319caPN9+98d2rt29++tmR5eL7E0mci+F23fp+PE6tbZKPcxuWn+5HsAFKBt0AHkmuneeNVPp/jESunfXd1Ed2tWlAn9X3RdSBjErkP2RU53dA4/i3M+3m748751sHII24q+2pVTPUOjcR+5vHJgd/TR46Mmkcbx7ezYayJy1fj4ixoaHNn/+k/fl7dGOPo4H01dfnWztq8/5P18af6DL+DHfOnf5NnfFvddP49yB+bovx72KPMX5/46ePtox/PeKZrvGTtfhJl/hpRLzVY/xbr395dqu6+scRx6J7/I5k+/PDo5evlEtjrceuMb46duSV7fp/cIv4rXO2+5tfM922f5fT2l198e3nzy5vE/+F57bf/922/4GIeK/H+P+998lrW9XduZ7cbfwK2On+TyIft3uM/+K5oz/0uCoAAAAAAAAAALADafNatiQtrM2naaHQuof3f3EwLVeqteOXK/Ozk61r3g5HPu1caTXSKieN8nj7etxO+eSG8qlcO2DuQLNcKFbKkwPuOwAAAAAAAAAAAAAAAAAAADwpDm24//+3XPP+/41/Vw3sVVv/5Tew18l/yK6H8z8ZWDuA3ef7HzKrLv8hu+Q/ZJf8h+yS/5Bd8h+yS/5Ddsl/AAAAAAAAAAAAAAAAAAAAAAAAAADoi4sXLjSm+v2VpWKjPDm0MD9defvEZKk6XZiZLxaKlbmrhalKZapcKhQrM3/1fkmlcnUsZuevjdZK1dpodWHxzZnK/GznP0VL+b73CAAAAAAAAAAAAAAAAAAAAP55hptTkhYiIm3Op2mhEPHviDicRHL5Srk0FhH/iYjvc/l9jfL4oBsNAAAAAAAAAAAAAAAAAAAAe0x1YXF6olwuzWVkZmgnK0fE8uNtRuMdd/yqfHtfPSnb0EwWZgY8MAEAAAAAAAAAAAAAAAAAQAY9uOm311f80d8GAQAAAAAAAAAAAAAAAAAAQCalPycR0ZiOjTw/vLH2X8lqrvkcEe/cuvTBtYlabW68sfzu2vLah+3lJwfRfqBXnTzt5DEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADwQHVhcXqiXC7N9XFm0H0EAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAeBR/BgAA///eANcP")
r0 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000040), 0x400, 0x0)
ioctl$TIOCMBIC(r0, 0x5417, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x42, 0x0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x101042, 0x15)
pwrite64(r2, &(0x7f0000000140)='2', 0xfdef, 0xe7c)
mmap(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x27ffff7, 0x4012011, r1, 0x0)
bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f0000000200)={0x0, 0x0, 0x0, &(0x7f00000000c0), 0xff}, 0x38)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
io_setup(0xffff, &(0x7f0000001080))

8.367225584s ago: executing program 4 (id=3836):
prlimit64(0x0, 0xe, &(0x7f00000007c0)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0)
r0 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r0, &(0x7f0000000840)=[{0x0}, {0x0}], 0x2)
close(0x3)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x1, 0x7, 0x6, 0xc, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
syz_open_dev$sndmidi(0x0, 0x5, 0x101000)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
syz_open_dev$I2C(&(0x7f0000000800), 0x0, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000017c0)={0x1, 0xe, &(0x7f0000000200)=ANY=[@ANYBLOB="b700000081000000bfa30000000000000703000000feffff720a00fef8ffffff71a400fe0000000071101000000000001d300200000000004704000001ed030407030000020000001d440000000000006b0a20fe0000000072030000000a0000e500f9ff000000009500000000000000023bc065b58111c6dfa041b63af4a3912435f1a864a710aad58db6a693002e7f3be361917adef6ee1c8a2a4f8ef1e50becb19bc461e91a7168c50000000190f32050e436fe275daf51efd601b6bf01c8e8b1b526375ec4dd6fcd82e4fe51bef7af9aa0d7d600c095199fe3ff3128e599b0eaebbdbd732c9cc00eec363e4a8f6456e2cc21557c0afc646cb7798b3e6440c2fbdb00a3e35208b0bb0d2cd829e654400e2438ec649dc74a28610643a98d9ec21ead2ed51b104d4d91af25b845d8a7925c3109b151b8b9f75dd08d123deda88c658d42ecbf28bf7076c15b463bebc72f526d8e8afcb913466aaa7f6df70252e79166d858fcd0e06dd31af9612f2460d0b11008e59a5923906f88b53987ad1714e72ba7a54f0c33d39000d06a59ff616276fd9aa58f2477184b6a89adaf17b0a6041bdef728d236619074d6ebdfd1f5089048ddff6da40f9411fe722631cb467600ade70063e5291569b33d21dae356e1c51f03a801be8189679a16da18ec0ae564162a27afea62d84f3a10746443d6438e959532e0617d419c6bc6ea9f2bca4464f56e24e6d2105bd901204a1deeed4155617572652d950ad31928b0b0c3dc2869f478341d02d0f5ad94b081fcd507acb4b9c65fee9d5a17f48a7382f13d000000225d85ae49cee383dc5049076b989b40000000000000da60d2ae20cfb91d6a49964757cdf538f9ce2bdb1ab062cd54e67011d355d84ce97bb0c6b4a595e487efbb2d71cde2c140952f9a0f0bc6980fe78683ac5c0c31032599ddd71063be9261b2e1aab1675b34a26048ef8c126aeef5f510a8f1aded94a129e4aec6f8d9ab06faffc3a15d96c2ea3e2e04cfe031b2875353193f82ade69d0540059fe6c7fe7cd8697502c7596566d674e425da5e87e59602a9f6590521d31d3804b3e0a1053abdc31282dfb15eb6841bb64a1b304502dda787343ce3c953992e4a982f3c48153baae244e7bf37548c7f1a4cad2422ee965a38f7defbd2160242b104e20dc2d9b0c35608d402ccdd9069bd50b994fda7a9de44028d6112a0c2d21b2dc98816106dec28eaeb883418f562ae00003ea96d10f172c0374d6eed826416050000000bfe9b4a9c5a90ff59d54d1f92ecc4e95dd2d18383117c039862198899b212c55318294270a1ad10c80fef7c24d47afce829ba0f85da6d888f18ea40ab959f6074ab2a40d85d15017ab513cdc6c0e57fb1c1ca571380d7b4ead35a385e0b4a26b702396df7e0c1e02b6e4114f244a9bf93f04bf072f0861f7580e69db384ac7eeedcf2ba1a9508f9d6aba582a896a9f1ffa968eacea75caf822a7a63ba34015ea5aacb1188883ad2a3b1832371fe5bc621426d1ed0a4a99702cc1b6912a1e717d29135753208165b9cdbae2ed9dc7358f0ebadde0b727f27feeb744ddcc536cbae315c7d1fe1399562ba6824840bd2951680f6f2f9a6a8346962a350845ffa0d829e4f79adc287906943408e6df3c391e97ba48db0a5adbfd03aac93df8866fb010aec0e92bed1fe39af169d2a466f0db6f3d9436a7d55fc30511d00e10000c95265b2bd83d64a532869d701723fedcbada1ee7baa5b6a686b50f0937f778af083e055f6138a757ebd0ed91124a6b244f9acf41ac5d73a008364e0606a594817031fc2f52c8785fe0721719b3d654026c6ea08b83b5703dad844ceb201ddeb6dc5f6a903792283c42efc54fa84323afc4c10eff462c8843187f1dd48ef3fa293774d582956ff0f40b10ca94f6feeb2893c17888e1cdba94a6ea80c33ead5722c3293a493f1479531dd88261458f40d31fe8df15efaaeea831555877f9538d6ee6ba65893ff1f908ba7554ba583fef3ec7932f5954f31a878e2fae6691d1aee1da02ba516467df3e7d1daac43738012e4fee18a22da19fcdb4c2890cda1f96b952511e3a69d694d625e0b2f808890205f3a6da2819d2f9e77c7c64affa54fec0136cbafa5f6f096753b639a924599c1f69219927ea5301fff0a6063d427f0688430754c02180d61542c2571f983e9673560000000000000000005a7b57f03ca91a01ba2e30ca99e8ebc15ecb4d91675767999d146aef7799738b292fd640dfef6b04d086f737a159d7e0c6e4d81ad64a8bbca48568325b2969e2b15f36b788bce5ccdbaf75c94cb93499f6947a967a7bce14c6de4e7c0660d80010f5c653d22d490cba8c2a4ab595bf4238f18ca428dafc7ac96d404607a0000000051a2104f22e6db5a62b5089c1b45282d38864daa3ae81d6b0968d1d2867b91b7d120617d12d91db2633d6864da40b54783a17aaeb6737c323f9f98e354cc98dcfe23ad01bd1c61563e69ffe1c2c73e16e1461173f359e93d2c5e424c17998809ec8f0232b3955e052a4cecd89008f70314a0bdec86f9b1eb93d491ec86a4555d89fe0120f64c62e8e3ed8bcb45202c3d4bbec8d722824c0ebca8db1ea4a003d2fbdc1f9be78537756ab5bbe4fe9af5d785d0128171c90d9900ce2532b0f9d01c4b45294fbba468df3e1b583cb4e62e754598e47df6bd06431c94bc5d047899fd219f448bf9189c65c9d91eda6b52a373803a9efe44f86909bc90addb7b9aee813df534aac4b3093c91b8068cd84990453f806694d461b76a58d88cf0f520310a1e80dc18cde9ad662eee077515d0a8811922929e085392ab3d1311b8243266d87047f601fa88a0da36b9f302e8262395174328f2482d14008de83070744f143fdec90ba5a82668d5fac114c13955ad6dca5db2231d8ba14c54c47ed04a4b4ace17e357e1d6432399f87a7a14245bbd796a090f3b247b95d37ff40a404bdad74bd20000000000000000000099fef7cd7af3ce64a92f95d89d125b1e641240d7e5e27a3d1f7684448c3e3822d617e205061298b939a191be4b48e169bde2cae3accc5bd40a2968b59c93d35f8e42366fdef9a2abae1cf01ce68abff28861aac8302d268569dd42e194e330c7aaa54ebbcefd23f21ce8153b9926e12e925cb56119df72c7533a48d028ad0c74e2a9478fa3be18a1a2b65079cc1c00000000000000f59dd19e8d525206c0a728cfd42193abe8130bc01a2d69841f3d7799ac04bdc590bb1c89b9c695f163e57343c9bfb59909433c9001c5f8b23e38534a538fc933cac6c2a92d038df638a0f226df9fb857bd414c2cd69985e8053e3dfa41614d7c74d04d8c2471041d17c730fad28395f8d4688898cd58b9d600c851626529bb58aa364b55e73f053450665e7b94ed1012fd7a8139166fd5e59c84f4ab279b1b99c028db4cb9680c8035f967db18de738844da7e260a830c1ffa49f5af3c15423a0e315acb82a3e89218cb314e68fda4d94aa1d815babc13b9fd336d205c5913ef67cf0216e2d81e6127bd9d7fab28800eaab2355992f8ce4cd38add4b272c0bee4076ca4847ffa691cf78fb7ec212bad3bef29f577ea7159b7f3025b3d977ff7c91024cf71126233cb8791c3c"], &(0x7f00000001c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x0, 0x10, &(0x7f0000000000), 0xfffffffffffffd00, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x48)

8.059797636s ago: executing program 4 (id=3838):
r0 = socket(0x2a, 0x2, 0x0)
r1 = mq_open(0x0, 0x40, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000180)={0xc, 0x8b}, 0x0)
r2 = syz_usb_connect(0x0, 0x24, &(0x7f0000000440)=ANY=[@ANYBLOB="12011f00abbe6740e9174e8b089c000000010902120001000000000904000000ff"], 0x0)
syz_usb_control_io(r2, 0x0, 0x0)
sendmsg$netlink(0xffffffffffffffff, 0x0, 0x846)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r3 = getpid()
sched_setscheduler(r3, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
connect$unix(r4, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r5, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r4, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
r6 = socket(0x2, 0x80805, 0x0)
sendmmsg$inet_sctp(r6, &(0x7f00000032c0), 0x0, 0x0)
sendmmsg$inet_sctp(r6, &(0x7f00000032c0)=[{&(0x7f00000000c0)=@in={0x2, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}, 0x10, 0x0, 0x0, &(0x7f0000000000)=[@sndrcv={0x30, 0x84, 0x1, {0x0, 0x0, 0xc}}], 0x30}], 0x1, 0x0)
mq_unlink(&(0x7f0000000340)='eth0\x00')
close(r1)
getsockname$packet(r0, &(0x7f0000000200)={0x11, 0x0, <r7=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000001480)=0x14)
socket$can_bcm(0x1d, 0x2, 0x2)
sendmsg$nl_route_sched(r0, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000180)=@newqdisc={0x78, 0x24, 0xc0b, 0x70bd2a, 0x2001, {0x0, 0x0, 0x0, r7, {0x0, 0x1}, {0xffff, 0xffff}, {0x5, 0xfff1}}, [@qdisc_kind_options=@q_sfq={{0x8}, {0x4c, 0x2, {{0xff, 0xec2, 0x5, 0x0, 0x400}, 0x10000, 0x1, 0x7ff, 0x6, 0xe, 0x14, 0x1f, 0x1b, 0x6, 0x2, {0x6, 0x1, 0xa9, 0x8, 0x7743, 0xfd1}}}}]}, 0x78}}, 0x0)
sendmsg$IPCTNL_MSG_CT_NEW(0xffffffffffffffff, 0x0, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000340)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000500)=@newtfilter={0x24, 0x2c, 0xd27, 0x70bd25, 0x0, {0x0, 0x0, 0x0, r7, {}, {}, {0x8, 0xffff}}}, 0x24}}, 0x4000)
r8 = socket$netlink(0x10, 0x3, 0x0)
sendmmsg(r8, &(0x7f00000002c0), 0x40000000000009f, 0x0)

7.761782525s ago: executing program 7 (id=3840):
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000e80)=ANY=[@ANYBLOB], 0x50)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b70400000000000085000000c300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x60, '\x00', 0x0, @fallback=0x1e, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000007c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f00000005c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kfree\x00', r1}, 0x10)
syz_mount_image$ext4(&(0x7f00000002c0)='ext4\x00', &(0x7f00000001c0)='./file0\x00', 0x800700, &(0x7f0000000200)={[{@data_err_ignore}, {@bsdgroups}, {@debug_want_extra_isize={'debug_want_extra_isize', 0x3d, 0x5c}}, {@noauto_da_alloc}, {@bsdgroups}, {@oldalloc}, {@errors_continue}]}, 0x2, 0x44b, &(0x7f0000000a00)="$eJzs281vFOUfAPDvzLbl9+OtFfEFRK0SY+NLSwsqBy8aTTxgNNEDHuu2EMJCDa2JECLVGLyYGBI9G48m/gXevBj1ZOJV74aEKBfQU83MzsB22S0t3e5W9vNJBp5n5+k+z3efeWaemWc3gL41mv2TRGyPiN8iYrieXV5gtP7f9avnq39fPV9NYmnprT+TvNy1q+erZdHy77YVmbE0Iv0kKSpZbv7suZPTtdrsmSI/sXDqvYn5s+eePXFq+vjs8dnTU4cPHzo4+cLzU891JM4srmt7P5zbt+e1dy69Xj166d2fvs3au73Y3xhHp4xmgf+1lGve90SnK+uxHQ3pZKCHDWFNKhGRdddgPv6HoxI3O284Xv24p40DNlR2bdrSfvfiEnAXS6LXLQB6o7zQZ/e/5dalqcemcOWl+g1QFvf1YqvvGYi0KDPYdH/bSaMRcXTxn6+yLTboOQQAQKPPql8eiWdazf/SuL+h3M5iDWUkIu6JiF0RcW9E7I6I+yLysg9ExINrrL95aejW+U96+Y4CW6Vs/vdisba1fP5Xzv5ipFLkduTxDybHTtRmDxSfyVgMbsnykyvU8f0rv37ebl/j/C/bsvrLuWDRjssDTQ/oZqYXpvNJaQdc+Shi70Cr+JMbKwFJROyJiL1re+udZeLEU9/sa1fo9vGvoAPrTEtfRzxZ7//FaIq/lKy8Pjnxv6jNHpgoj4pb/fzLxTfb1b+u+Dsg6/+ty4//5iIjSeN67fza67j4+6dt72nu9PgfSt7Oz0dlR30wvbBwZjJiKDmSvzhUlM1fn7r5t2W+LJ/FP7a/9fjfFTcreCgisoP44Yh4JCIeLdr+WEQ8HhH7V4j/x5fb79sM/T/T8vx34/hv6v+1Jyonf/iuXf2r6/9DeWqseCU//93Gahu4ns8OAAAA/ivS/DvwSTp+I52m4+P17/Dvjq1pbW5+4eljc++fnql/V34kBtPySddww/PQyWSxeMd6fqp4VlzuP1g8N/6i8v88P16dq830OHbod9vajP/MH5Vetw7YcK3W0aaGetAQoOuax3+6PHvhjW42Bugqv9eG/nWb8Z92qx1A97n+Q/9qNf4vNOWtBcDdyfUf+pfxD/3L+If+ZfxDX1rP7/ol+jkR6aZohsQGJXp9ZgIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAOiMfwMAAP//d5Lu1w==")

6.998779553s ago: executing program 3 (id=3843):
r0 = socket$netlink(0x10, 0x3, 0x4)
close(0xffffffffffffffff)
openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000100)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0)
r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000100)={0x1f, 0x7, &(0x7f0000000040)=@framed={{0x18, 0x0, 0x0, 0x0, 0x5, 0x0, 0x0, 0x0, 0x82}, [@ringbuf_query]}, &(0x7f00000001c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x11, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x1b, 0xc, &(0x7f0000000140)=@framed={{}, [@printk={@i, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x71}}, @call={0x85, 0x0, 0x0, 0xe}]}, &(0x7f0000000100)='GPL\x00', 0x20000000, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
listen(0xffffffffffffffff, 0x0)
stat(&(0x7f0000000180)='./file0\x00', &(0x7f00000001c0))
ioctl$KVM_SET_USER_MEMORY_REGION(0xffffffffffffffff, 0x4020ae46, 0x0)
writev(r0, &(0x7f0000000140)=[{&(0x7f0000000080)="580000001400192340834b80040d8c560a067f0200ff000000000000000058000b4824ca945f64009400ff0325010ebc000000000000008000f0fffeffe809005300fff5dd00000010000100080c10000000000000000000", 0x58}], 0x1)

6.755076224s ago: executing program 2 (id=3845):
sendmsg$TIPC_NL_LINK_GET(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000280)={0x0, 0x24}}, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000380)=@newqdisc={0x24, 0x24, 0xf0b, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, {}, {0xffff, 0xffff}}}, 0x24}}, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000500)={&(0x7f0000000040)=@newtfilter={0x24, 0x2c, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, {0xfffa, 0xffe0}, {}, {0x1c, 0xfff9}}}, 0x24}, 0x1, 0x0, 0x0, 0x81}, 0x24004000)
r0 = socket$netlink(0x10, 0x3, 0x0)
sendmmsg(r0, &(0x7f00000002c0), 0x40000000000009f, 0x0)
creat(&(0x7f00000000c0)='./file0\x00', 0x48)
pipe2$9p(0x0, 0x0)
write$P9_RVERSION(0xffffffffffffffff, &(0x7f0000000300)=ANY=[@ANYBLOB="1500000065ffff018004000800395032303030"], 0x15)
r1 = dup(0xffffffffffffffff)
write$P9_RLERRORu(r1, &(0x7f0000000540)=ANY=[@ANYBLOB="8b"], 0x53)
write$RDMA_USER_CM_CMD_SET_OPTION(r1, &(0x7f0000000100)={0xe, 0x18, 0xfa00, @id_afonly={0x0}}, 0x20)
write$binfmt_elf64(r1, &(0x7f0000000340)=ANY=[@ANYBLOB="7f454c4600073f034b0b00000000000003003e00ffffffe93501"], 0x7c8)
mount$9p_fd(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f00000002c0), 0x0, &(0x7f0000000240)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX, @ANYBLOB=',wfdno=', @ANYRESHEX=r1])

6.017308815s ago: executing program 7 (id=3846):
prctl$PR_SET_NAME(0xf, &(0x7f0000000300)='\x04\x00\x00\x00\x00^\xf6jAc')
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x11, 0x8, &(0x7f00000009c0)=ANY=[@ANYBLOB="620af8ffa1dc0021bfa100000000000007010000f8ffffffb702000007000000bd120000000000008500000010000000b70000000000000095000000000000003faf4f2aa3d9b18ed812a2e2c49e8020a6f4e0e4a9446c7670568982b4e020f698393aa0f3881f9c24561f1b2607995daa56f151905ea23c22624c9f87f9793f3bbb546040677b0c5077da80fb982c1e9400e693146cea484a415b76966118b64b751a0f241b072e90080008002d75593a286cecc93e64c227c95aa0b784625704f07372c29184ff7f4a7c0000070000006056feb4cc664c0af9360a1f7a5e6b607130c89f18c0c1089d8b8588d72ec29c48b45e0000000000000401d01aa27ae8b09e00e79ab20b0b8ed8fb7a68000000000000000000006fa03c6468978089b302d7ff6023cdcedb5e0125ebbcebdde510cb2364149215108337719acd97cfa107d40224edc5465a932b77a74e802a0dc6bf25d8a242bc6099ad2300000480006ef6c1ff0900ff0000000010c63a949e8b7955394ffaff03000000000000ab87b1bfeda7be586602d985430cea080000000000000026abfb0767192361448279b05d96a703a660581eecdbf5bcd3de227a167ca17a0faf60fd6ad9b97aa5fa68480366c9c6fd6fa5043aa3926b81e3b59c9b081d6a08000000ea2b1a52496dfcaf99431412fd134a996382a1a04d5bb924cfe5f3185418d605ffff9c4d2ec7c32f2095e63c80af740b5b7632d5933a1c1fa5605bd7603f2ba2a790d62d6faec2fed44da4928b30142ba1fde5c5d50b83bae616b5054d1e7c13b1355d6f4a8245ffa4997da9c77af4c0cb97fca585ec6bf58351d578be00d952aab9c71764b0a8a7583c90b3433b809bdb9fbd48bc877505ebf6c9d13330ca006bce1a84521f14518c9b476fccbd6c712016219848624b87cec2dbe98223d8d9e86c5ea06d108d8f80a0eb4fa39f6b5c02e6d6d90756ff578f57000000009700cf0b4b8bc229413300000000000000000003000000000000000000000000001000000000559711e6e8fcffffffffffffffb2d02edc3e01dd271c896249ed85b980680b09000000000f0000169cdcacc413b48dafb7a2c8cb482bac0ac502d9ba96ffffffd897ef3b7cda42f93d53046da21b40216e14ba2d6af8656b01e17addaedab25b30002abbba7fa725f38400be7c1f001b2cd3170400000085be9e48dccf1f9f3282830689da6b53b263339863297771d74732d400003341bf4a00fc9fec2271ff01589646efd1cf870cd7bb2366fde4a594290c405ff870ce5dfd3467decb05cfd9fcb32c8ed1dbd9d30a64c108285e71b5565b1768ee58969c41595229df17bcad70fb4021428ce970275d13b78249788f11f761038b75d4fe32b561d46ea3abe0fa4d30dc94ef241875f3b4b6ab7929a57affe760e717a04becff0f719197724f4fce1093b62d7e8c7123d890cec55bf404e4e1f74b7eed82571be54c72d978cf906df08f11f1c4042e36acd37d7f9e109f2c06f815312e0cfe222a06f56dd022c074eb8a322fb0bf47c0a8d154b405c37feaf3dd95f6ef2acd1fe582786105c70600000000000000b7561301bb997316dbf17866fb84d4173731efe895ff2e1c5560926e90109b598502d3e959efc71f665c542c9062ece84c99a061887a20639b41c8c12ee86c50804042b3eac1f871b136345cf67ca3fb5aac518a75f9e7d7101da841735e186c489b3a06fb99e0347f23a054de2f4d92d6bd72ee2c9f0390a6f01e3e483b4ad05573af403269b4a39ce40293947d9a631bcbf3583784acbda216550d7aec6b79e30cbd128f91e358c3b377327ac9ecc34f24c9ae153ec60ac0694da85bff9f5f4df90400000000000000d6b2c5eaff07000000000000b99c9cc0ad1857216f000000009191ae954febb3df464bfe0f7f3ee9afe7befb89d2777399f5874c553aeb3729cffe86e669261192899d4562db0e22d564ae09bb6d163118e401e024fd452277c3887d6116c6cc9d8046c216c1f895778cb26e22a2a798de44aeadea2a40da8daccf080842a486721737390cbf3a74cb2003016f1514216bdf57d2a40d40b51ab63e96ec8485b3b8a8c9ae3d14f93100c2e0893862eef552fcde2981f48c482bde8a168c3f5db2fea6f26e4a4304e50c349f4f9ecee27defc93871c5f99a3594191e104d417e60fc3541a2c905a1a95e9571bf38ae1981c4238ecaee6f75cd0a6881bd1517a8250df98674152f94e32409e2a3bce109b6000000000000a1fec9000000d694210d7560eb92d6a97a27602b81f76386f1535bef1497f92186086e29c6bc5a1fad6ec9a31137ab79a404abde7750898b59270b939b81367ac91bd627e87306703be8672d70d1ab57075228a9f46ed9bd1f00fb8191bbab2dc591dda61f0868afc4294859323e7a45319f18101288a0268893373750d1a8fe64680b0a3fc22dd704e4214de5946912d6c98cd1a9fbe1e7d58c08acaf30065b928a31d2eca55f74a23641f61f2d5b308cf01cfaed9ef0ce21d69993e9960ff5f76015e6009756237badf4e7965bbe2777e808fcba821a00e8c5c39609ff854356cb490000000000c1fee30a3f7a85d1b29e58c77685efc0ceb1c8e5729c66018d169fc03aa188546bb2e51935ab9067ec3ad2a182068e1e3a0e2505bc7f41019645466ac96e0d0b3bc19faa5449209b085f3c334b47f067bbab40743b2a428f1da1f626602111b40e761fd21081920382f14d12ca3c471c7868e7da7eaa69eb7f7f80572fdd11bb1d070080fbc22bf73468788df51710eb0b428ee751c47d8e894f745a868404a0bf35f0121008b722b1eaa6aedfa1bf2e7ccb2d61d5d76331ff5e20fa26b8471d9e1cc9eb3d541e407cc2dae5e690cd628ab84875f2c50ba830d3f474b079b407000000deff000040430a537a395dc73bda367bf12cb7d81691a5fe8c47be395656a297e9df902aeec50e71b967ce7daac4be290159f6bcd75f0dda9de5532e66ae9e48b0ed1254a81faae79b6af6fbb869604d51de44c4e0973171ad47d6c00ebc7603093f000000fdec743af930cd6db49a47613808bad959719c0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000f15d6533f78a1f4e2df4ca23d867693fd42de9b49a1b36d48a44ba6a4530e59bec53e876dc660dd6d89f80a4377b1b1292a893a516dab183ee65744fb8fc4f9ce2242e0f000000000100000000d77480e0345effff6413258d1f6eb190aa28cbb4bafe3436b176c7ed4b132fb805d5edd9d188daf28d89c014c3ecca10ae55704544673e1fb03b84f63e022fe755f4007a4a899eaf52c4f491f1e97c862e29e4570600000091c691faee1e0c8fe056a07474e6e5490a7d3c3402000000b60600d837c6befc63ddf2f594ad7cbc56a1e44d218c956a5392a995f1fae8e9f206efbb33854dc70104d74dc07748f9745cb796da2dfb714a0500000000000000faed94fc39acfb3fd25dfa8116a154cd1226e1bb72b59fed817072a0da60160761fd3dffda0f7c592eabd8ab68334d2a1693cb187539049e331272bf5135044df8161400211b8012b6eb1ed5656e83f65509bb4b323c5bd61bff949d3bade2f6ffda1360c2786e16937ab61d6dcafed319c7167d0885f9c6d1f442954c167dd9b4acd9468ce3674c82bbb2e31389179b025dbe063b7f906217b2cf8410c7023aa3e5cc3ba1000000000000000000000000000000006ae6301a2da44394275c582a6516bb92ea1980a0a659f2f1811c8b281c209647c4241f292b20508b215dde27bb2487a6e2b5e4a8ccfab90c23827ef06cbe364073005f8a6d1456aaeb85ffb7858f24eced67a67ab825e863928ed64c83f62ffdaa997657335b63c6b4163aff094059e626766845fd779c9e6cdbbd64c2499ce3ffe2fef03f7cdd0d90f3a7579579a142c0f7b318264d5c13c31cf475829528267ead38523cab7e1664e8426cfce471fef821c8a02a7e7d954d05b68a9c28f79429b09e2bb3681ae2b831e27c735123361c193d66ed4d71f19b199d371ec6bfada7cd370e3fdd3cd980fa1e145fd3f3e96b1feb53c865e1ada08f5d16ed652ee0c7f45352222692fbd679212c225d097aa90f7e1fb1f983415f43e75a19ecf7fd21bfa150ef563aa72ba3c43c5f3d9be128ec26b691f31f9cab931631606a81622f120675c962be2d3b5e95f74f0b209e42e6bdd76e6e725295b1d78d928f6f63e4581d5cc41cbde2ba66adc1168070c8c6e18a6a234f5f9311ef0f78924b68dbb4712efdb6974667bdb54f16fd2061b9ba93638dd177227e94e4ebd0ec1d437db948062bf41742000000000000000000305f70dd02fa0c61d5fe6d8ff35389246037e18d34c1375ae04f44f0c2543c772c5ccb137be7dc1874c514b37c668554d77d4ea5ed144a648257f4a0301067bbcd9b91072659d872f26b796e2b81025edb5f45f785e2c2602b248ecdd80f019ca659be7e8ae953325a27564f33c9d458a60be3dab38baab7eb1a66ab1ffd6308f7fd51beb356fe75eb985b7581bb5584c53984ba9c3340f97e8d3825681c53de5f554e595b00000000000000006a8fa9f05d64c4be42f981f00051a39938613067dbd1427e01bfec016e51844cefa8a855bf23ac887b4a88eed6d9443857242f28e31a41d20105fbf3394ff910e734b4d9101265ff729c426e01c1ab13dda8c388b909006f19eecb87e39175e85e17000000000000000000009431807e43886903526074e6b40244c938a4c68a38c25ddd7c143b3f1400010000ec66815cf8d1f56aa1424bc9b5d58790298e5b310969e50c222563b54e60854e1b0100448aca8c5ccbf5546ce4c3cd5a733fec25fb94e1e0f966bcbd28a4d8fe4f556eaa1104a793006619700798354c6ae05025040965e3083562bfa20968c04007d21dc02c9fd1f75e1ff40f439bdde4e784012e52049b483d02f81b88f5f57816b3fecec79cfca8d37203e769759d6b6a56b7605ced8ee18475a77ff0963a565fb6021d216c01b1098e40550a1cfd80e918d685a7b099a4f8ed654cd76ca61fe5ad8a31ec558fdbfa706d5e738bceae81fe777c307d5bc72183a4c2d35732ab916a781b9912160a3fd2a2e74dd690c57bdfdc1f069f949170ef8cb9c13c12138116bca7a8c59363799be7005c51bc25a8bbe2cf5ddf6aa161693782b0e7feb8a768f391b49d4c978c96dbb52f21c122eba9f17c8bed10591958cf06321a248b5f76ceedfe0d080d6aeadc11b237b3326dd04b86ac37c0d131544888db9e128d059761ad9a393e96c3b41c13c5a381bff187a75de560ba6eb3faa5ff8d2bb3c88f8de5efc2fb2200cfda6d07ceae22577064334fbf76a23e62e6059211d995b879f6b7d3f7fcf03652b81e6b7cdeff947ad185d3c6269ca247b429c3b872a8f1ef60407d29a874f4ec31c9effed55543a65a6b4d778cebcd43b7905f3960140bd783540a7353014bda8e9c7a34a5f428fd1f8eb11e837dd9d586487fdebcb1ecd3a003ff0fda4be617fecf1ff0ef2c74664d60a4b9423f3297bc8eb91b4ee1d73272abbef3e7a828a7d7ab055a8eb58fe379de85338304e26e3620941b463e9049fd105c74c91cc4d71b0f76e2c2e4825106aa7ce2a3adbbc7a0443ece58e752b47e6f677eff7c5c568a89d6e36b165c39132a0f27080ece2a94c320b002c77f82662675a7713c7067081cac15994698c41ff4754268ae1676384ff799783f55d7e5a1a0920300000000000000d98440c355927629f2bcf9dc405a18ca0264400abf38e90000000000000000008faf2cddffbfa69bf32eb718e88ec75603ed7c7a8825ce0f27a114bd7a4ab74d0c7b8d90ccc1c3ca6620def782e24d75aed70eb676437f62677a69e0994cd82d72e95493c830fe9515329f40b7025326dec33a527c5d999298eaa3690fd0d38a02fc6e0bc16dbe19f353027edc014411e1138087221492f5d5e5cc9d0a1acd3f581eda9a807aa0e609f935f626d96351e0ff116686cbeb8939feecd5dac8cf45101942cc7cec21b7f337df5431bcf7e504b7c427f70a10e1cb8993a661306a0576b638a0171e6800b5b35589d676eb30ed1a72e8f7b057eb281c4504195635b6b285ebaba019913a2520e43ed790231f047f7d3789c10ae7d724929f77aec1d33d9587580268ee14396f71e7ef588cb2560d6bd0795a9b97281229eb16de086553469fad7214ffc3e416f8b8e442dce1d37f9b1c88a5d8a8d9f2fe45bd8df213ecb4194c8554aea13cadcd502e51f6fec80418e772b5bd8d0228949058038b185909ee542848680f9ad43f4057d676d5e21ae3d7e0e4a28c04f112a94707f032b35915e42993ff148291b8babe026646ee41905992db217561b90811c4702a14f312fe5d2ae7257db6be1034cc1c346b76a853ce274bf0435e18f7e86c660c18c80f30505dd4cf2ae2a1893b83c62d61bfeadc1f913e4cab2b897e096dd3fe3525090410cb23bab36cdf200a36014032cf6e5121803c5a0c4a273a19f340163fc6265425d513a1294b8439276394945d94a589708e32a1cb30f1fa4b2f08e01dc5e8c6732e6dc59b5c8cb400000000000000592c9b68f09c8f5ddb20b4ae08b4d9df548e5ed6cd47b91a4bea8b6aa52edf64576aef1e43f2958437fdc20fbbd0d4e13d8cce1193b2f9b4f107e25af178d056e1b1e40bd75b013f7484fae0bc447b1ffaf34819fe3ad1a634c94345e26e1e68dec08723a37b05d1594a66a4718a51d4d67fc880c9d640f4eacc509873f1a103c87f69"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x41)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000340)='kfree\x00', r0}, 0x10)
openat$sndseq(0xffffffffffffff9c, 0x0, 0x20002)
splice(0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0, 0x10, 0x8)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000180)=ANY=[], 0x1c}, 0x1, 0x0, 0x0, 0x4000005}, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
r2 = socket(0x1, 0x803, 0x0)
getsockname$packet(r2, &(0x7f0000000100)={0x11, 0x0, <r3=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14)
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f00000002c0)={'erspan0\x00', <r4=>0x0})
sendmsg$nl_route(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000900)=@newlink={0x48, 0x10, 0x401, 0x0, 0x4, {0x0, 0x0, 0x0, r3, 0x10886}, [@IFLA_LINKINFO={0x28, 0x12, 0x0, 0x1, @veth={{0x9}, {0x18, 0x2, 0x0, 0x1, @val=@VETH_INFO_PEER={0x14, 0x1, {{0x0, 0x0, 0x0, r4, 0x10820, 0x343}}}}}}]}, 0x48}}, 0x0)

5.05170283s ago: executing program 2 (id=3847):
ioctl$sock_SIOCGPGRP(0xffffffffffffffff, 0x8904, &(0x7f0000000040)=<r0=>0x0)
sched_setscheduler(r0, 0x3, &(0x7f0000000080)=0x5)
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000380)={0x0, 0x0, 0x0}, 0x0)
socket(0x10, 0x3, 0x0)
r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000440)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000580)={&(0x7f0000000000)='sched_switch\x00', r1, 0x0, 0xfffffffbffffffff}, 0x18)
sched_setscheduler(0x0, 0x2, &(0x7f0000000240)=0x7)
getpid()
sendmmsg$unix(0xffffffffffffffff, 0x0, 0x0, 0x0)
syz_open_dev$evdev(0x0, 0x0, 0x101040)
r2 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x4)
r3 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r3, &(0x7f0000019680)=""/102392, 0x18ff8)
r4 = openat$sw_sync_info(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0)
close(r4)
r5 = syz_open_dev$dri(&(0x7f0000000000), 0x1ff, 0x0)
ioctl$DRM_IOCTL_MODE_GETRESOURCES(r5, 0xc04064a0, &(0x7f0000000200)={0x0, &(0x7f0000000100)=[<r6=>0x0], 0x0, 0x0, 0x0, 0x1})
ioctl$DRM_IOCTL_WAIT_VBLANK(r5, 0xc018643a, &(0x7f0000000240)={0x1, 0x101})
ioctl$DRM_IOCTL_MODE_SETCRTC(r4, 0xc06864a2, &(0x7f0000000740)={0x0, 0x0, r6, 0x0, 0x0, 0x0, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, "65366a50432b7ee2c7feddd91df868e7cfc6fa7272f3bf0a71b5d0c19323a260"}})

4.910109113s ago: executing program 3 (id=3848):
r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000040)=ANY=[@ANYBLOB="180000000000000000000000000000001801000020786c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000095"], &(0x7f0000000700)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
syz_open_dev$vim2m(&(0x7f0000000040), 0x5, 0x2)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000240)={&(0x7f0000000200)='sched_switch\x00', r0}, 0x10)
openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x7, 0x100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000000)=0x7)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x80200, 0x0)
r1 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r1, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
socket(0x15, 0x5, 0x0)
r2 = openat$zero(0xffffffffffffff9c, &(0x7f0000000180), 0x2, 0x0)
read(r2, &(0x7f0000000040)=""/148, 0xffffff96)
r3 = syz_open_dev$tty1(0xc, 0x4, 0x1)
dup(r3)
r4 = socket$kcm(0x10, 0x2, 0x0)
sendmsg$kcm(r4, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000240)=[{&(0x7f00000000c0)="d800000018008103e00312ba0d8105040a600300ff0f040b067c55a1bc000900b80006990700000015000500fef32702d3001500030001400200000901ac040098007f6f94007100a007a290457f0189b316277ce06bbace8017cbec4c2ee5a7cef4090000001fb791643a5e", 0x6c}], 0x1}, 0x48002)
r5 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x80000, 0x0)
ioctl$TIOCSETD(r5, 0x5423, &(0x7f0000000080)=0x7)
ioctl$TIOCSTI(r5, 0x5412, &(0x7f0000000300)=0x4f)

4.761630368s ago: executing program 4 (id=3849):
socket$nl_generic(0x10, 0x3, 0x10)
r0 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r0, 0x8933, &(0x7f0000000200)={'batadv_slave_0\x00'})
socket$nl_route(0x10, 0x3, 0x0)
socket$inet6_udp(0xa, 0x2, 0x0)
sendmsg$key(0xffffffffffffffff, 0x0, 0x18)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000080))
r1 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
setsockopt$ax25_SO_BINDTODEVICE(0xffffffffffffffff, 0x101, 0x19, &(0x7f0000000000)=@bpq0, 0xfffffffffffffe1d)
ioctl$sock_netdev_private(r1, 0x8914, &(0x7f0000000000))
syz_init_net_socket$x25(0x9, 0x5, 0x0)
socket$nl_netfilter(0x10, 0x3, 0xc)
ioctl$sock_bt_hci(0xffffffffffffffff, 0x400448e4, 0x0)
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, 0x0)
r2 = syz_init_net_socket$ax25(0x3, 0x5, 0xcb)
bind$ax25(r2, &(0x7f0000000540)={{0x3, @bcast, 0x1}, [@default, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @default, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @default, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @null, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}]}, 0x48)
ioctl$EVIOCGABS0(0xffffffffffffffff, 0x80184540, 0x0)
connect$ax25(r2, &(0x7f00000001c0)={{0x3, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, 0x5}, [@rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x1}, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @default, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x1}, @null]}, 0x48)
r3 = socket(0x2, 0x80805, 0x0)
getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r3, 0x84, 0x6f, &(0x7f0000000000)={0x0, 0x10, &(0x7f0000000380)=[@in={0x2, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}]}, &(0x7f0000000180)=0x10)
getsockopt$inet_sctp_SCTP_MAX_BURST(r3, 0x84, 0x14, &(0x7f0000000000)=@assoc_value, &(0x7f0000001080)=0x8)
bpf$MAP_CREATE(0x0, &(0x7f00000004c0)=@base={0x1, 0x3, 0x261, 0x2, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)

3.203168061s ago: executing program 7 (id=3850):
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f0000000600)=ANY=[], &(0x7f00000005c0)='syzkaller\x00', 0x1, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
r0 = syz_io_uring_setup(0x121d, &(0x7f0000000500)={0x0, 0x7d10, 0x80, 0x3, 0x1000034e}, &(0x7f0000000040)=<r1=>0x0, &(0x7f0000000580)=<r2=>0x0)
syz_open_dev$loop(&(0x7f0000000000), 0x827, 0xa00)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x4, &(0x7f0000000180)=0xfffffffc, 0x0, 0x4)
socket(0x2a, 0x2, 0x0)
mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x5)
syz_io_uring_submit(r1, r2, &(0x7f0000000200)=@IORING_OP_POLL_REMOVE={0x7, 0x50, 0x0, 0x0, 0x0, 0x23457})
io_uring_enter(r0, 0x47bc, 0x0, 0x0, 0x0, 0x0)

3.119572336s ago: executing program 2 (id=3851):
r0 = openat$6lowpan_control(0xffffffffffffff9c, 0x0, 0x2, 0x0)
write$6lowpan_control(r0, 0x0, 0x0)

2.860494989s ago: executing program 3 (id=3852):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000100)=0x8)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000180)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f0000000880)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(0xffffffffffffffff, 0x8933, 0x0)
sendmsg$BATADV_CMD_GET_DAT_CACHE(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000380)=ANY=[@ANYRES16=0x0, @ANYBLOB="03030000000000000015c251a009080003001aebb3ad69529f0ee9fab05e12319775fe7c252374e5164eb13c5cef027afc6b4e2c74af52fad8564576fefcb234c54f8035c170d826bfb9e50cb35200fcbe3aa91a9cb001322b54c9251f310f16e972622c11bd1571905a8a6d3ad0a685d213d6c489a9934b8059d96284da585ad20febd1a3d56a4495c5c59cbb6db716b06ecaa502c3317d0d731dd1dfc470560a68", @ANYBLOB], 0x1c}}, 0x2000c0c0)
syz_genetlink_get_family_id$ethtool(0x0, 0xffffffffffffffff)
sendmsg$ETHTOOL_MSG_WOL_GET(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, 0x0}, 0x0)
semop(0x0, &(0x7f0000000000)=[{0x3, 0xfff7, 0x1000}], 0x1)
semop(0x0, &(0x7f0000000340)=[{0x2, 0x2, 0x1000}], 0x1)
r3 = openat$uinput(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0)
write$uinput_user_dev(r3, 0x0, 0x0)
ioctl$UI_DEV_CREATE(r3, 0x5501)
readv(r3, &(0x7f0000001900)=[{0x0, 0xea}], 0x1)
write$input_event(r3, 0x0, 0x0)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX_80211(r4, 0x8933, 0x0)
mount(0x0, 0x0, &(0x7f0000000100)='ext2\x00', 0x8080, &(0x7f00000001c0)='discard')
syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff)
ioctl$BLKGETSIZE(0xffffffffffffffff, 0x1260, &(0x7f0000000200))
sendmsg$NL80211_CMD_SET_CQM(r4, 0x0, 0x4000080)

2.789704902s ago: executing program 2 (id=3853):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0e000000040000000800000008"], 0x48)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0xc, &(0x7f0000000a00)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b70800000000396f7b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x3, '\x00', 0x0, @fallback=0x37, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2000000, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000080)='sched_switch\x00', r1}, 0x18)
r2 = io_uring_setup(0x177d, &(0x7f00000003c0)={0x0, 0x800698c, 0x40, 0x2, 0xfffffffe})
close_range(r2, 0xffffffffffffffff, 0x200000000000000)
r3 = socket$kcm(0x21, 0x2, 0x2)
sendmsg$kcm(r3, &(0x7f0000000000)={&(0x7f0000000080)=@rxrpc=@in4={0x21, 0x3, 0x2, 0x10, {0x2, 0x4e22, @empty}}, 0x80, &(0x7f0000000140)=[{&(0x7f0000000ac0)="ee", 0xfffffe5e}], 0x1, &(0x7f0000001a00)=ANY=[@ANYBLOB="180000000000000010010000010000007d95df16a39b1a6c900000000000000001000000040500002b24ec10064b6f2f000000fb718aef932f3889d1fdda5b57000000860f5878c37ffe36e1165814d435be5b317c6c8189587d2f97879f07a515bb7c169f46933d9338f4ab04834e6f618988ab013f40afe403041323110f62055394412158e7a3adb148d641aa40d4ab077fe34232aa8b31851466d0998a61d7da0c86d70000001010"], 0x10b8}, 0x8000)

2.746874525s ago: executing program 4 (id=3854):
r0 = fsopen(&(0x7f0000000400)='autofs\x00', 0x0)
fsconfig$FSCONFIG_SET_STRING(r0, 0x1, &(0x7f0000000240)=',-\x10*\x00', &(0x7f0000000380)='$\x00', 0x0)
fsconfig$FSCONFIG_SET_BINARY(r0, 0x2, &(0x7f0000000540)='\x00', &(0x7f0000001c80)="6ed4", 0x2)
fsconfig$FSCONFIG_SET_FD(r0, 0x5, &(0x7f00000005c0)='\x00H\xeb', 0x0, r0)
fsconfig$FSCONFIG_SET_STRING(r0, 0x1, &(0x7f0000000040)='syzkaller\x00', &(0x7f0000001140)='\xf1\x95\xb3>-\x8c\xd4\r\x01\xfa\xe2{eED\x0e\xaaPV\x11\xff\xb6j\xd4~6\x82^\x9b b', 0x0)
close(r0)

2.556459327s ago: executing program 4 (id=3855):
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000180)={0x1, &(0x7f0000000040)=[{0x200000000006, 0x0, 0xfe, 0x7ffc0002}]})
r0 = fsopen(&(0x7f00000018c0)='rpc_pipefs\x00', 0x1)
fsconfig$FSCONFIG_CMD_RECONFIGURE(r0, 0x6, 0x0, 0x0, 0x0)
r1 = socket$nl_sock_diag(0x10, 0x3, 0x4)
sendmsg$TCPDIAG_GETSOCK(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000003c0)={0x54, 0x12, 0x1, 0x0, 0x0, {0xa, 0x3, 0x0, 0x0, {0x0, 0x4e22, [0x0, 0xffffffff], [], 0x0, [0x1, 0x3]}}, [@INET_DIAG_REQ_BYTECODE={0x8, 0x3, "11000000"}]}, 0x54}}, 0x20004010)
bpf$MAP_CREATE(0x0, 0x0, 0x50)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000080)='kfree\x00'}, 0x10)
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x1, &(0x7f00000000c0)=[{0x200000000006, 0x0, 0x0, 0x7ffc1ffb}]})
bpf$PROG_LOAD(0x5, &(0x7f0000000700)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b70400000000000085000000c300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x12, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000100)='kmem_cache_free\x00', r2}, 0x10)
iopl(0x3)
unshare(0x2040400)
r3 = fsopen(&(0x7f0000000040)='cgroup2\x00', 0x0)
fsconfig$FSCONFIG_CMD_CREATE(r3, 0x6, 0x0, 0x0, 0x0)
unshare(0x2000400)
fsmount(r3, 0x0, 0x0)
openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000200), 0x8002, 0x0)
r4 = syz_io_uring_setup(0x5c2, &(0x7f0000000140)={0x0, 0x0, 0x0, 0x4}, &(0x7f00000001c0)=<r5=>0x0, &(0x7f0000000580))
syz_memcpy_off$IO_URING_METADATA_GENERIC(r5, 0x4, &(0x7f0000000080)=0xfffffff8, 0x0, 0x4)
setsockopt$inet_sctp6_SCTP_AUTH_KEY(0xffffffffffffffff, 0x84, 0x17, &(0x7f0000000300)=ANY=[@ANYRES32=0x0, @ANYBLOB="01000000c5efa4455938d7ad539841e2e16b8a8c4816657ca461"], 0x8)
close(0xffffffffffffffff)
io_uring_enter(r4, 0x6e2, 0x3900, 0x1, 0x0, 0xe00)
rt_sigsuspend(&(0x7f00000002c0)={[0x20000000004]}, 0x8)

1.576292864s ago: executing program 2 (id=3856):
r0 = syz_genetlink_get_family_id$ipvs(&(0x7f00000001c0), 0xffffffffffffffff)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
sendmsg$IPVS_CMD_NEW_DAEMON(r1, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f00000000c0)=ANY=[@ANYBLOB='X\x00\x00\x00', @ANYRES16=r0, @ANYBLOB="0100000000000000000009000000440003800800010002000000140002007663616e300000000000000000000000080003000000000014000600ff"], 0x58}}, 0x0)

1.565566398s ago: executing program 3 (id=3857):
r0 = socket$inet_udp(0x2, 0x2, 0x0)
bind$inet(r0, 0x0, 0x0)
connect$inet(r0, 0x0, 0x0)
r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, 0x0, &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r1}, 0x10)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x7, 0x100}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r2 = getpid()
sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
openat$nullb(0xffffffffffffff9c, 0x0, 0x4000, 0x0)
sendto$inet6(0xffffffffffffffff, &(0x7f00000009c0)="c7cfcaaa22e10542fca5c0195350f15147657e0bfc59d383a47190db88690e6fedc3040ab5809ae02a54cd429cc3338c5afa0c9dce3f91950d1f567f358ac21154159130e88cbb6c43197813b2f23f3e442f80877490b393408142ebcfea6821f543e5ee9e27032e2b75d78f1b79f5a6bb6f0645e267770ef7e8f3a92148091217450ce8581e54223eeb6486205a209bf1fe854d211c03f8c3140fc3979d824082990d119473d20e94f253c9621fac339560ae46cb24b88bf2d01559bb658e343257b90f233b81bc5c398be3bbddb23a", 0xd0, 0xc001, 0x0, 0x0)
sendmmsg(r0, &(0x7f0000007fc0), 0x800001d, 0x0)
bpf$PROG_LOAD_XDP(0x5, &(0x7f00000001c0)={0xd, 0x4, &(0x7f0000001300)=@framed={{}, [@ldst={0x1, 0x0, 0x3, 0x9, 0x0, 0x9c}]}, &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0xb, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)

1.51672772s ago: executing program 7 (id=3858):
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000040)='./cgroup.net/syz0\x00', 0x1ff)
r0 = openat$cgroup_devices(0xffffffffffffffff, &(0x7f0000000300)='devices.allow\x00', 0x2, 0x0)
write$cgroup_devices(r0, &(0x7f0000000200)=ANY=[@ANYBLOB='b 122'], 0xa)

1.016207963s ago: executing program 7 (id=3859):
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='net_prio.prioidx\x00', 0x275a, 0x0)
r1 = syz_open_dev$sg(0x0, 0x0, 0x0)
dup2(r1, r0)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x200000b, 0x12, r0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000d80)={&(0x7f0000000180)='kfree\x00'}, 0x18)
move_pages(0x0, 0x2064, &(0x7f0000000040)=[&(0x7f0000ff9000/0x2000)=nil], &(0x7f0000001180), &(0x7f0000000000), 0x0)

501.463754ms ago: executing program 2 (id=3860):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000100)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r1, &(0x7f0000000000), 0x400000000000041, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r2 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r2, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000140)=@newtaction={0x6c, 0x32, 0x629, 0x0, 0x0, {}, [{0x58, 0x1, [@m_mpls={0x54, 0x1, 0x0, 0x0, {{0x9}, {0x28, 0x2, 0x0, 0x1, [@TCA_MPLS_PARMS={0x1c, 0x2, {{0xbcb, 0xc0, 0x1, 0x7fffffff}, 0x4}}, @TCA_MPLS_LABEL={0x8, 0x5, 0x4c116}]}, {0x4, 0x4}, {0xc}, {0xc, 0x8, {0x0, 0x2}}}}]}]}, 0x6c}, 0x1, 0x0, 0x0, 0x44000}, 0x0)
r3 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000040), 0x802, 0x0)
write$uinput_user_dev(r3, &(0x7f0000000ec0)={'syz0\x00', {}, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0xfffffffc], [0x0, 0x0, 0x2, 0xb16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1000, 0x0, 0xf, 0x0, 0x2, 0x0, 0x0, 0x0, 0xfffffffe, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0xfffffffd, 0x0, 0x8], [0x88000001, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0xe, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x4], [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80, 0x0, 0x3, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0xfffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5]}, 0x45c)
madvise(&(0x7f0000ff9000/0x4000)=nil, 0x4000, 0x17)
r4 = userfaultfd(0x801)
r5 = socket$nl_generic(0x10, 0x3, 0x10)
r6 = syz_genetlink_get_family_id$devlink(&(0x7f0000000dc0), 0xffffffffffffffff)
sendmsg$DEVLINK_CMD_TRAP_GET(r5, &(0x7f0000000640)={0x0, 0x0, &(0x7f0000000600)={&(0x7f0000000280)=ANY=[@ANYBLOB="5000352d45f5d65490a0fabe85f0900000", @ANYRES16=r6, @ANYBLOB="010000000000fbdbdf25270000000e0001006e657464657673696d0000000f0002006e657464657673696d3000001c005100736f757263655f6d61635f69735f6d756c74696361737400"], 0x50}, 0x1, 0x0, 0x0, 0x24040011}, 0x0)
ioctl$UFFDIO_API(r4, 0xc018aa3f, &(0x7f00000000c0))
ioctl$UFFDIO_REGISTER(r4, 0xc020aa00, &(0x7f0000000000)={{&(0x7f0000400000/0xc00000)=nil, 0xc00000}, 0x1})
openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$KVM_CREATE_IRQCHIP(0xffffffffffffffff, 0xae60)
ioctl$KVM_SET_LAPIC(0xffffffffffffffff, 0x4400ae8f, 0x0)
ioctl$UI_DEV_CREATE(r3, 0x5501)
ioctl$UI_DEV_DESTROY(r3, 0x5502)

186.365544ms ago: executing program 3 (id=3861):
pipe(&(0x7f00000001c0)={<r0=>0xffffffffffffffff})
read(r0, &(0x7f0000032440)=""/102364, 0x18fdc)

36.276742ms ago: executing program 4 (id=3862):
r0 = openat$6lowpan_control(0xffffffffffffff9c, 0x0, 0x2, 0x0)
write$6lowpan_control(r0, 0x0, 0x0)

0s ago: executing program 7 (id=3863):
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000020b70400000000000085000000c300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='sched_switch\x00'}, 0x10)
r0 = gettid()
timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r0}, &(0x7f0000bbdffc))
pipe(&(0x7f00000001c0)={<r1=>0xffffffffffffffff})
read(r1, &(0x7f0000032440)=""/102364, 0x18fdc)
timer_settime(0x0, 0x0, &(0x7f0000000400)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0)

kernel console output (not intermixed with test programs):

netlink: 8 bytes leftover after parsing attributes in process `syz.5.3291'.
[ 1474.362949][T18166] hsr_slave_0: entered promiscuous mode
[ 1474.376518][T18166] hsr_slave_1: entered promiscuous mode
[ 1474.384329][T18166] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[ 1474.392094][T18166] Cannot create hsr debugfs directory
[ 1474.793691][ T6174] bridge_slave_1: left allmulticast mode
[ 1474.799561][ T6174] bridge_slave_1: left promiscuous mode
[ 1474.816271][ T6174] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1474.849609][T18371] siw: device registration error -23
[ 1475.831629][T18374] netlink: 'syz.2.3294': attribute type 10 has an invalid length.
[ 1476.356134][T18375] loop2: detected capacity change from 0 to 4096
[ 1476.546849][T18375] ntfs3(loop2): Different NTFS sector size (2048) and media sector size (512).
[ 1476.594088][ T6174] bridge_slave_0: left allmulticast mode
[ 1476.601907][ T6174] bridge_slave_0: left promiscuous mode
[ 1476.610689][ T6174] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1478.209236][T18386] input: syz1 as /devices/virtual/input/input33
[ 1478.867317][ T6174] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[ 1478.880584][ T6174] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[ 1478.896958][ T6174] bond0 (unregistering): Released all slaves
[ 1480.080272][T18404] IPv6: Can't replace route, no match found
[ 1480.357294][T18406] kvm: requested 4190 ns i8254 timer period limited to 200000 ns
[ 1481.441907][ T6174] hsr_slave_0: left promiscuous mode
[ 1481.497266][ T6174] hsr_slave_1: left promiscuous mode
[ 1481.512764][ T6174] batman_adv: batadv0: Removing interface: batadv_slave_0
[ 1481.543687][ T6174] batman_adv: batadv0: Removing interface: batadv_slave_1
[ 1484.522194][ T1302] ieee802154 phy0 wpan0: encryption failed: -22
[ 1484.528754][ T1302] ieee802154 phy1 wpan1: encryption failed: -22
[ 1485.660135][T18425] ptrace attach of "./syz-executor exec"[5837] was attempted by "./syz-executor exec"[18425]
[ 1485.780151][ T6174] team0 (unregistering): Port device team_slave_1 removed
[ 1486.073107][T18433] netlink: 'syz.5.3307': attribute type 10 has an invalid length.
[ 1486.414196][T18435] loop5: detected capacity change from 0 to 4096
[ 1486.723953][T18435] ntfs3(loop5): Different NTFS sector size (2048) and media sector size (512).
[ 1487.190029][ T6174] team0 (unregistering): Port device team_slave_0 removed
[ 1489.051521][T18426] sch_tbf: peakrate 8 is lower than or equals to rate 12 !
[ 1489.647418][T18112] 8021q: adding VLAN 0 to HW filter on device bond0
[ 1493.507176][T18472] syz.5.3316: attempt to access beyond end of device
[ 1493.507176][T18472] nbd5: rw=0, sector=0, nr_sectors = 1 limit=0
[ 1493.521452][T18472] hpfs: hpfs_map_sector(): read error
[ 1494.468372][T18485] netlink: 'syz.2.3318': attribute type 10 has an invalid length.
[ 1494.480129][T17230] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1
[ 1494.517108][T17230] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9
[ 1494.699562][T18486] loop2: detected capacity change from 0 to 4096
[ 1495.171864][T17230] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9
[ 1495.185409][T18486] ntfs3(loop2): Different NTFS sector size (2048) and media sector size (512).
[ 1495.205195][T17230] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4
[ 1495.230799][T17230] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2
[ 1495.892653][T18491] netlink: 8 bytes leftover after parsing attributes in process `syz.2.3319'.
[ 1495.994099][T18497] netlink: 8 bytes leftover after parsing attributes in process `syz.3.3320'.
[ 1496.600952][T18476] lo speed is unknown, defaulting to 1000
[ 1496.611687][T18166] netdevsim netdevsim4 netdevsim0: renamed from eth0
[ 1496.680459][T18166] netdevsim netdevsim4 netdevsim1: renamed from eth1
[ 1497.243269][T18476] lo speed is unknown, defaulting to 1000
[ 1497.274723][T18166] netdevsim netdevsim4 netdevsim2: renamed from eth2
[ 1497.311630][ T5851] Bluetooth: hci3: command tx timeout
[ 1498.579063][T18166] netdevsim netdevsim4 netdevsim3: renamed from eth3
[ 1499.082980][T18507] Falling back ldisc for ptm1.
[ 1499.391699][ T5851] Bluetooth: hci3: command tx timeout
[ 1499.761966][ T6174] bridge_slave_1: left allmulticast mode
[ 1499.882797][ T6174] bridge_slave_1: left promiscuous mode
[ 1499.893345][ T6174] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1500.402738][ T6174] bridge_slave_0: left allmulticast mode
[ 1500.408427][ T6174] bridge_slave_0: left promiscuous mode
[ 1500.466016][ T6174] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1501.479189][ T5851] Bluetooth: hci3: command tx timeout
[ 1501.752379][T17230] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1
[ 1501.852042][T18539] netlink: 'syz.3.3327': attribute type 10 has an invalid length.
[ 1502.187967][T18540] loop3: detected capacity change from 0 to 4096
[ 1502.500695][T17230] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9
[ 1502.511684][T17230] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9
[ 1502.518894][T18540] ntfs3(loop3): Different NTFS sector size (2048) and media sector size (512).
[ 1502.532152][T17230] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4
[ 1502.542342][T17230] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2
[ 1503.701591][ T5851] Bluetooth: hci3: command tx timeout
[ 1504.036805][ T6174] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[ 1504.049011][ T6174] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[ 1504.059860][ T6174] bond0 (unregistering): Released all slaves
[ 1504.318669][T18476] chnl_net:caif_netlink_parms(): no params data found
[ 1504.514602][T18536] lo speed is unknown, defaulting to 1000
[ 1504.691029][ T5851] Bluetooth: hci2: command tx timeout
[ 1504.837470][ T6174] hsr_slave_0: left promiscuous mode
[ 1504.844180][ T6174] hsr_slave_1: left promiscuous mode
[ 1504.850295][ T6174] batman_adv: batadv0: Removing interface: batadv_slave_0
[ 1504.858465][ T6174] batman_adv: batadv0: Removing interface: batadv_slave_1
[ 1506.317898][ T6174] team0 (unregistering): Port device team_slave_1 removed
[ 1506.367709][ T6174] team0 (unregistering): Port device team_slave_0 removed
[ 1506.709857][T18536] lo speed is unknown, defaulting to 1000
[ 1506.831703][ T5851] Bluetooth: hci2: command tx timeout
[ 1507.658634][T18578] netlink: 8 bytes leftover after parsing attributes in process `syz.2.3333'.
[ 1508.912284][ T5851] Bluetooth: hci2: command tx timeout
[ 1510.111697][T18476] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1510.118976][T18476] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1510.151729][T18476] bridge_slave_0: entered allmulticast mode
[ 1510.185964][T18476] bridge_slave_0: entered promiscuous mode
[ 1510.216581][T18476] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1510.238628][T18476] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1510.259641][T18476] bridge_slave_1: entered allmulticast mode
[ 1510.275964][T18476] bridge_slave_1: entered promiscuous mode
[ 1511.002061][ T5851] Bluetooth: hci2: command tx timeout
[ 1511.039954][T18476] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 1511.115696][T18476] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 1511.205915][T18536] chnl_net:caif_netlink_parms(): no params data found
[ 1511.479664][T18476] team0: Port device team_slave_0 added
[ 1512.224331][T18619] netlink: 8 bytes leftover after parsing attributes in process `syz.5.3340'.
[ 1513.662819][T18620] ptrace attach of "./syz-executor exec"[5838] was attempted by "./syz-executor exec"[18620]
[ 1513.759424][T18476] team0: Port device team_slave_1 added
[ 1515.316283][T18620] sch_tbf: peakrate 8 is lower than or equals to rate 12 !
[ 1515.549737][T18639] ptrace attach of "./syz-executor exec"[5837] was attempted by "./syz-executor exec"[18639]
[ 1516.095111][T18476] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 1516.103283][T18476] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 1516.149740][T18476] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 1516.386210][T18639] sch_tbf: peakrate 8 is lower than or equals to rate 12 !
[ 1516.463597][T18648] netlink: 8 bytes leftover after parsing attributes in process `syz.2.3344'.
[ 1516.678411][T18649] kvm: requested 4190 ns i8254 timer period limited to 200000 ns
[ 1517.602663][T18476] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 1517.609683][T18476] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 1517.855798][T18476] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 1517.985087][T18536] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1517.996716][T18536] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1518.008438][T18536] bridge_slave_0: entered allmulticast mode
[ 1518.034802][T18536] bridge_slave_0: entered promiscuous mode
[ 1518.047981][T18536] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1518.057395][T18536] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1518.068299][T18536] bridge_slave_1: entered allmulticast mode
[ 1518.088427][T18536] bridge_slave_1: entered promiscuous mode
[ 1518.519877][T18667] sd 0:0:1:0: device reset
[ 1518.572498][T18536] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 1518.623180][T18476] hsr_slave_0: entered promiscuous mode
[ 1518.630073][T18476] hsr_slave_1: entered promiscuous mode
[ 1518.662515][T18476] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[ 1518.670144][T18476] Cannot create hsr debugfs directory
[ 1518.921721][T18536] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 1519.879895][T18536] team0: Port device team_slave_0 added
[ 1520.532425][T18536] team0: Port device team_slave_1 added
[ 1521.418744][T18536] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 1521.496100][T18536] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 1521.611988][T18691] netlink: 72 bytes leftover after parsing attributes in process `syz.5.3352'.
[ 1521.694522][T18692] syz.5.3352: attempt to access beyond end of device
[ 1521.694522][T18692] nbd5: rw=0, sector=0, nr_sectors = 1 limit=0
[ 1521.709441][T18692] hpfs: hpfs_map_sector(): read error
[ 1521.721992][T18536] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 1521.982892][T18536] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 1522.001515][T18536] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 1522.045598][T18536] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 1522.348071][ T6176] bridge_slave_1: left allmulticast mode
[ 1522.366622][ T6176] bridge_slave_1: left promiscuous mode
[ 1522.421232][ T6176] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1522.506773][T18699] IPv6: Can't replace route, no match found
[ 1523.542855][ T6176] bridge_slave_0: left allmulticast mode
[ 1523.548601][ T6176] bridge_slave_0: left promiscuous mode
[ 1523.623037][ T6176] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1524.007834][T18713] input: syz1 as /devices/virtual/input/input35
[ 1524.670016][   T69] Bluetooth: hci5: Frame reassembly failed (-84)
[ 1524.771979][T18059] usb 6-1: new high-speed USB device number 22 using dummy_hcd
[ 1524.982165][T18059] usb 6-1: Using ep0 maxpacket: 8
[ 1525.042479][T18059] usb 6-1: config 0 has an invalid interface number: 186 but max is 0
[ 1525.051561][ T6176] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[ 1525.069945][T18059] usb 6-1: config 0 has no interface number 0
[ 1525.087513][ T6176] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[ 1525.166506][T18059] usb 6-1: config 0 interface 186 altsetting 0 has an invalid descriptor for endpoint zero, skipping
[ 1525.274128][T18059] usb 6-1: config 0 interface 186 altsetting 0 has an endpoint descriptor with address 0x9A, changing to 0x8A
[ 1525.474180][T18059] usb 6-1: config 0 interface 186 altsetting 0 endpoint 0x8A has an invalid bInterval 0, changing to 7
[ 1525.492081][T18059] usb 6-1: config 0 interface 186 altsetting 0 has 4 endpoint descriptors, different from the interface descriptor's value: 3
[ 1525.530685][ T6176] bond0 (unregistering): Released all slaves
[ 1525.689859][T18059] usb 6-1: New USB device found, idVendor=07c0, idProduct=1505, bcdDevice=b8.c5
[ 1525.720807][T18059] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1525.775318][T18059] usb 6-1: Product: syz
[ 1525.779578][T18059] usb 6-1: Manufacturer: syz
[ 1525.797356][T18059] usb 6-1: SerialNumber: syz
[ 1525.818834][T18059] usb 6-1: config 0 descriptor??
[ 1526.216191][T18059] iowarrior 6-1:0.186: IOWarrior product=0x1505, serial=42424242 interface=186 now attached to iowarrior0
[ 1526.300106][T18536] hsr_slave_0: entered promiscuous mode
[ 1526.362582][ T5851] Bluetooth: hci5: Opcode 0x1003 failed: -110
[ 1526.372537][T18536] hsr_slave_1: entered promiscuous mode
[ 1526.456530][T18536] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[ 1526.523732][T18536] Cannot create hsr debugfs directory
[ 1526.901453][T18712] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 1526.993775][T18712] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 1527.582507][T18712] Bluetooth: hci5: Frame reassembly failed (-84)
[ 1527.592230][ T6176] hsr_slave_0: left promiscuous mode
[ 1527.599574][ T6176] hsr_slave_1: left promiscuous mode
[ 1527.619796][ T6176] batman_adv: batadv0: Removing interface: batadv_slave_0
[ 1527.687196][ T6176] batman_adv: batadv0: Removing interface: batadv_slave_1
[ 1527.865701][T18059] usb 6-1: USB disconnect, device number 22
[ 1529.030983][T18752] binder: 18751:18752 ioctl 4018620d 0 returned -22
[ 1529.080186][ T6176] team0 (unregistering): Port device team_slave_1 removed
[ 1529.696507][ T6176] team0 (unregistering): Port device team_slave_0 removed
[ 1531.327696][T18754] lo speed is unknown, defaulting to 1000
[ 1531.336075][T18754] lo speed is unknown, defaulting to 1000
[ 1531.563524][T18775] siw: device registration error -23
[ 1533.449088][T18476] netdevsim netdevsim6 netdevsim0: renamed from eth0
[ 1533.497133][T18476] netdevsim netdevsim6 netdevsim1: renamed from eth1
[ 1534.114525][T18476] netdevsim netdevsim6 netdevsim2: renamed from eth2
[ 1534.424101][T18791] ptrace attach of "./syz-executor exec"[5837] was attempted by "./syz-executor exec"[18791]
[ 1534.582274][T18791] sch_tbf: peakrate 8 is lower than or equals to rate 12 !
[ 1534.601348][T18476] netdevsim netdevsim6 netdevsim3: renamed from eth3
[ 1535.026332][T18802] ptrace attach of "./syz-executor exec"[5837] was attempted by "./syz-executor exec"[18802]
[ 1535.449833][T18798] netlink: 4 bytes leftover after parsing attributes in process `syz.5.3367'.
[ 1535.541844][T18806] sch_tbf: peakrate 8 is lower than or equals to rate 12 !
[ 1536.030035][T18810] netlink: 72 bytes leftover after parsing attributes in process `syz.5.3370'.
[ 1536.131469][T18811] syz.5.3370: attempt to access beyond end of device
[ 1536.131469][T18811] nbd5: rw=0, sector=0, nr_sectors = 1 limit=0
[ 1536.149274][T18811] hpfs: hpfs_map_sector(): read error
[ 1536.539887][T18815] netlink: 'syz.3.3371': attribute type 4 has an invalid length.
[ 1537.357480][ T5893] lo speed is unknown, defaulting to 1000
[ 1537.412569][ T5893] syz0: Port: 1 Link DOWN
[ 1537.544097][T18476] 8021q: adding VLAN 0 to HW filter on device bond0
[ 1538.557431][T18476] 8021q: adding VLAN 0 to HW filter on device team0
[ 1539.204005][T13247] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1539.211185][T13247] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 1539.887947][ T6176] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1539.895188][ T6176] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 1540.594426][T17230] Bluetooth: hci2: command 0x0405 tx timeout
[ 1540.689522][T18536] netdevsim netdevsim4 netdevsim0: renamed from eth0
[ 1540.726091][T18536] netdevsim netdevsim4 netdevsim1: renamed from eth1
[ 1540.871573][T18845] ptrace attach of "./syz-executor exec"[5838] was attempted by "./syz-executor exec"[18845]
[ 1540.925979][T18536] netdevsim netdevsim4 netdevsim2: renamed from eth2
[ 1541.360125][T18536] netdevsim netdevsim4 netdevsim3: renamed from eth3
[ 1541.459074][T18850] netlink: 'syz.5.3377': attribute type 4 has an invalid length.
[ 1542.430339][T18845] sch_tbf: peakrate 8 is lower than or equals to rate 12 !
[ 1543.818995][T18863] netlink: 8 bytes leftover after parsing attributes in process `syz.3.3380'.
[ 1543.830825][T18476] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 1543.910826][T18869] netlink: 'syz.2.3381': attribute type 4 has an invalid length.
[ 1544.733906][ T5893] lo speed is unknown, defaulting to 1000
[ 1544.786516][ T5893] syz2: Port: 1 Link DOWN
[ 1544.887010][T18536] 8021q: adding VLAN 0 to HW filter on device bond0
[ 1545.096591][T18536] 8021q: adding VLAN 0 to HW filter on device team0
[ 1545.194741][T18877] netlink: 8 bytes leftover after parsing attributes in process `syz.2.3382'.
[ 1545.933517][   T69] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1545.940732][   T69] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 1545.999782][ T1302] ieee802154 phy0 wpan0: encryption failed: -22
[ 1546.009929][ T1302] ieee802154 phy1 wpan1: encryption failed: -22
[ 1546.039388][T18884] netlink: 'syz.2.3385': attribute type 21 has an invalid length.
[ 1546.506377][   T69] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1546.513568][   T69] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 1548.320854][T18901] binder: BINDER_SET_CONTEXT_MGR already set
[ 1548.327646][T18901] binder: 18900:18901 ioctl 4018620d 200000000040 returned -16
[ 1549.503222][T18908] IPv6: Can't replace route, no match found
[ 1552.000540][T18929] netlink: 'syz.3.3392': attribute type 10 has an invalid length.
[ 1552.346943][T18930] loop3: detected capacity change from 0 to 4096
[ 1552.415992][T18930] ntfs3(loop3): Different NTFS sector size (2048) and media sector size (512).
[ 1553.073345][T18536] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 1554.654295][T18959] netlink: 'syz.3.3395': attribute type 21 has an invalid length.
[ 1555.573121][T18963] netlink: 20 bytes leftover after parsing attributes in process `syz.5.3396'.
[ 1556.112743][T17230] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1
[ 1556.951318][T17230] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9
[ 1556.964192][T18962] syz.5.3396: attempt to access beyond end of device
[ 1556.964192][T18962] nbd5: rw=0, sector=0, nr_sectors = 1 limit=0
[ 1556.977137][T18962] hpfs: hpfs_map_sector(): read error
[ 1556.983501][T17230] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9
[ 1557.011744][T17230] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4
[ 1557.020068][T17230] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2
[ 1557.237145][T18977] binder: 18976:18977 ioctl c0306201 0 returned -14
[ 1557.438854][T18979] input: syz0 as /devices/virtual/input/input36
[ 1559.256110][T17230] Bluetooth: hci3: command tx timeout
[ 1559.465761][T19000] input: syz1 as /devices/virtual/input/input37
[ 1560.234388][T18969] lo speed is unknown, defaulting to 1000
[ 1561.098578][T19002] IPv6: Can't replace route, no match found
[ 1561.246753][T18969] lo speed is unknown, defaulting to 1000
[ 1561.318629][T17230] Bluetooth: hci3: command tx timeout
[ 1561.888621][   T69] Bluetooth: hci2: Frame reassembly failed (-84)
[ 1562.040040][T19015] netlink: 'syz.3.3405': attribute type 21 has an invalid length.
[ 1563.139628][ T6174] bridge_slave_1: left allmulticast mode
[ 1563.147805][ T6174] bridge_slave_1: left promiscuous mode
[ 1563.158922][ T6174] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1563.215522][ T6174] bridge_slave_0: left allmulticast mode
[ 1563.221257][ T6174] bridge_slave_0: left promiscuous mode
[ 1563.255696][ T6174] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1563.391643][ T5851] Bluetooth: hci3: command tx timeout
[ 1563.503783][T19023] ptrace attach of "./syz-executor exec"[7605] was attempted by "./syz-executor exec"[19023]
[ 1563.733030][ T5854] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1
[ 1563.745740][ T5854] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9
[ 1563.761966][ T5854] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9
[ 1563.774162][ T5854] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4
[ 1563.782193][ T5854] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2
[ 1563.961153][ T5854] Bluetooth: hci2: command 0x1003 tx timeout
[ 1563.983682][T17230] Bluetooth: hci2: Opcode 0x1003 failed: -110
[ 1565.471557][T17230] Bluetooth: hci3: command tx timeout
[ 1565.923631][T17230] Bluetooth: hci5: command tx timeout
[ 1566.457654][T19047] input: syz0 as /devices/virtual/input/input38
[ 1566.900455][T19050] overlayfs: missing 'lowerdir'
[ 1567.917386][ T6174] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[ 1567.940794][ T6174] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[ 1567.952491][T17230] Bluetooth: hci5: command tx timeout
[ 1567.969131][ T6174] bond0 (unregistering): Released all slaves
[ 1568.004589][T19023] sch_tbf: peakrate 8 is lower than or equals to rate 12 !
[ 1568.169885][T18969] chnl_net:caif_netlink_parms(): no params data found
[ 1568.383416][ T6174] hsr_slave_0: left promiscuous mode
[ 1568.390563][ T6174] hsr_slave_1: left promiscuous mode
[ 1568.401714][ T6174] batman_adv: batadv0: Removing interface: batadv_slave_0
[ 1568.416424][ T6174] batman_adv: batadv0: Removing interface: batadv_slave_1
[ 1568.631202][T19072] IPv6: Can't replace route, no match found
[ 1569.540465][T19072] Falling back ldisc for ptm1.
[ 1570.091825][T17230] Bluetooth: hci5: command tx timeout
[ 1570.963522][ T6174] team0 (unregistering): Port device team_slave_1 removed
[ 1571.036533][ T6174] team0 (unregistering): Port device team_slave_0 removed
[ 1571.832925][T19076] bond0: (slave rose0): Error: Device is in use and cannot be enslaved
[ 1571.854573][T19085] netlink: 4 bytes leftover after parsing attributes in process `syz.2.3419'.
[ 1571.903674][T19029] lo speed is unknown, defaulting to 1000
[ 1571.938529][T19029] lo speed is unknown, defaulting to 1000
[ 1572.141175][T19093] overlayfs: missing 'workdir'
[ 1572.362697][T17230] Bluetooth: hci5: command tx timeout
[ 1572.686485][T19100] input: syz0 as /devices/virtual/input/input39
[ 1573.364849][T19102] netlink: 'syz.3.3421': attribute type 21 has an invalid length.
[ 1573.816673][T18969] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1573.920206][T18969] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1573.963511][T18969] bridge_slave_0: entered allmulticast mode
[ 1574.151158][T18969] bridge_slave_0: entered promiscuous mode
[ 1574.168575][T18969] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1574.176996][T18969] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1574.188261][T18969] bridge_slave_1: entered allmulticast mode
[ 1574.225456][T18969] bridge_slave_1: entered promiscuous mode
[ 1574.517742][T19115] input: syz1 as /devices/virtual/input/input40
[ 1575.440370][T19122] IPv6: Can't replace route, no match found
[ 1576.548176][T18969] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 1576.592101][T18969] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 1576.666755][T19131] netlink: 4 bytes leftover after parsing attributes in process `syz.3.3427'.
[ 1576.729186][ T6182] Bluetooth: hci2: Frame reassembly failed (-84)
[ 1576.830236][T18969] team0: Port device team_slave_0 added
[ 1576.870726][T18969] team0: Port device team_slave_1 added
[ 1576.976285][T18969] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 1576.984200][T18969] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 1577.014303][T18969] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 1577.027904][T18969] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 1577.035209][T18969] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 1577.061817][T18969] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 1578.751583][ T5854] Bluetooth: hci2: command 0x1003 tx timeout
[ 1578.775168][T17230] Bluetooth: hci2: Opcode 0x1003 failed: -110
[ 1578.780607][ T5903] usb 6-1: new high-speed USB device number 23 using dummy_hcd
[ 1578.851999][T19029] chnl_net:caif_netlink_parms(): no params data found
[ 1578.986195][ T5903] usb 6-1: Using ep0 maxpacket: 16
[ 1579.008651][T18969] hsr_slave_0: entered promiscuous mode
[ 1579.094997][ T5903] usb 6-1: config 64 has an invalid interface number: 176 but max is 0
[ 1579.149534][ T5903] usb 6-1: config 64 has no interface number 0
[ 1579.152283][T19170] overlayfs: missing 'workdir'
[ 1579.156205][ T5903] usb 6-1: config 64 interface 176 has no altsetting 0
[ 1579.163615][T18969] hsr_slave_1: entered promiscuous mode
[ 1579.170674][ T5903] usb 6-1: New USB device found, idVendor=0c72, idProduct=0014, bcdDevice=14.8d
[ 1579.190653][ T5903] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1579.199807][ T5903] usb 6-1: Product: syz
[ 1579.209769][ T5903] usb 6-1: Manufacturer: syz
[ 1579.224495][ T5903] usb 6-1: SerialNumber: syz
[ 1579.224582][T18969] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[ 1579.247172][T18969] Cannot create hsr debugfs directory
[ 1580.425227][T19182] input: syz0 as /devices/virtual/input/input41
[ 1580.552403][ T5903] peak_usb 6-1:64.176 can0: unable to request usb[type=0 value=1] err=-71
[ 1580.592645][ T5903] peak_usb 6-1:64.176: unable to read PCAN-USB X6 firmware info (err -71)
[ 1581.116716][T19190] input: syz1 as /devices/virtual/input/input42
[ 1582.413408][T19029] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1582.433440][T19029] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1582.450066][T19029] bridge_slave_0: entered allmulticast mode
[ 1582.461676][ T5903] peak_usb 6-1:64.176: probe with driver peak_usb failed with error -71
[ 1582.618951][ T5903] usb 6-1: USB disconnect, device number 23
[ 1582.683893][T19029] bridge_slave_0: entered promiscuous mode
[ 1583.987302][T19029] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1584.002685][T19029] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1584.022039][T19029] bridge_slave_1: entered allmulticast mode
[ 1584.030348][T19029] bridge_slave_1: entered promiscuous mode
[ 1585.428548][T19029] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 1585.578124][T19231] overlayfs: missing 'workdir'
[ 1585.878989][T19226] lo speed is unknown, defaulting to 1000
[ 1585.886826][T19226] lo speed is unknown, defaulting to 1000
[ 1585.963988][T19029] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 1586.161218][T19237] netlink: zone id is out of range
[ 1586.191716][T19237] netlink: zone id is out of range
[ 1586.196912][T19237] netlink: zone id is out of range
[ 1586.207509][T19237] netlink: zone id is out of range
[ 1586.216875][T19237] netlink: zone id is out of range
[ 1586.241655][T19237] netlink: zone id is out of range
[ 1586.248255][T19237] netlink: zone id is out of range
[ 1586.259721][T19237] netlink: zone id is out of range
[ 1586.265173][T19237] netlink: zone id is out of range
[ 1586.270520][T19237] netlink: zone id is out of range
[ 1586.350668][T19238] nbd2: detected capacity change from 0 to 4294967296
[ 1586.380017][T19240] block nbd2: shutting down sockets
[ 1586.400699][T10392] I/O error, dev nbd2, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[ 1586.458113][T10392] Buffer I/O error on dev nbd2, logical block 0, async page read
[ 1586.535954][T13962] I/O error, dev nbd2, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[ 1586.547401][T13962] Buffer I/O error on dev nbd2, logical block 0, async page read
[ 1586.558143][T10392] I/O error, dev nbd2, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[ 1586.571216][T10392] Buffer I/O error on dev nbd2, logical block 0, async page read
[ 1586.580036][T10392] I/O error, dev nbd2, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[ 1586.590930][T10392] Buffer I/O error on dev nbd2, logical block 0, async page read
[ 1586.600530][T10392] I/O error, dev nbd2, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[ 1586.607578][T19029] team0: Port device team_slave_0 added
[ 1586.619510][T10392] Buffer I/O error on dev nbd2, logical block 0, async page read
[ 1586.629003][T10392] I/O error, dev nbd2, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[ 1586.638473][T10392] Buffer I/O error on dev nbd2, logical block 0, async page read
[ 1586.646902][T10392] I/O error, dev nbd2, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[ 1586.656562][T10392] Buffer I/O error on dev nbd2, logical block 0, async page read
[ 1586.664918][T10392] I/O error, dev nbd2, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[ 1586.674226][T10392] Buffer I/O error on dev nbd2, logical block 0, async page read
[ 1586.682270][T10392] ldm_validate_partition_table(): Disk read failed.
[ 1586.689461][T10392] I/O error, dev nbd2, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[ 1586.689982][T19029] team0: Port device team_slave_1 added
[ 1586.698881][T10392] Buffer I/O error on dev nbd2, logical block 0, async page read
[ 1586.719067][T10392] I/O error, dev nbd2, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[ 1586.729729][T10392] Buffer I/O error on dev nbd2, logical block 0, async page read
[ 1586.744177][T10392] Dev nbd2: unable to read RDB block 0
[ 1586.750655][T10392]  nbd2: unable to read partition table
[ 1586.777989][T10392] ldm_validate_partition_table(): Disk read failed.
[ 1586.796411][T10392] Dev nbd2: unable to read RDB block 0
[ 1586.813087][T10392]  nbd2: unable to read partition table
[ 1586.978541][T19247] binder: 19246:19247 ioctl 4018620d 0 returned -22
[ 1588.482519][ T6174] bridge_slave_1: left allmulticast mode
[ 1588.488385][ T6174] bridge_slave_1: left promiscuous mode
[ 1588.494704][ T6174] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1588.516676][ T6174] bridge_slave_0: left allmulticast mode
[ 1588.528339][ T6174] bridge_slave_0: left promiscuous mode
[ 1588.541153][ T6174] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1588.579243][T19259] input: syz1 as /devices/virtual/input/input43
[ 1588.694752][T19262] input: syz0 as /devices/virtual/input/input44
[ 1589.835058][ T6174] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[ 1589.848494][ T6174] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[ 1589.858904][ T6174] bond0 (unregistering): Released all slaves
[ 1589.900662][T19029] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 1589.910932][T19029] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 1589.938277][T19029] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 1590.078362][T19029] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 1590.101474][T19029] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 1590.138206][T19029] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 1590.341004][T19029] hsr_slave_0: entered promiscuous mode
[ 1590.347344][T19274] netlink: 'syz.2.3446': attribute type 21 has an invalid length.
[ 1590.362896][T19029] hsr_slave_1: entered promiscuous mode
[ 1590.379904][T19029] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[ 1590.393836][T19029] Cannot create hsr debugfs directory
[ 1590.506351][ T6174] hsr_slave_0: left promiscuous mode
[ 1590.517628][ T6174] hsr_slave_1: left promiscuous mode
[ 1590.529043][ T6174] batman_adv: batadv0: Removing interface: batadv_slave_0
[ 1590.538423][ T6174] batman_adv: batadv0: Removing interface: batadv_slave_1
[ 1591.287924][ T6174] team0 (unregistering): Port device team_slave_1 removed
[ 1591.396995][ T6174] team0 (unregistering): Port device team_slave_0 removed
[ 1594.244005][ T6172] Bluetooth: hci2: Frame reassembly failed (-84)
[ 1594.442276][T18059] usb 4-1: new high-speed USB device number 22 using dummy_hcd
[ 1594.564229][T18969] netdevsim netdevsim6 netdevsim0: renamed from eth0
[ 1594.611615][T18059] usb 4-1: Using ep0 maxpacket: 8
[ 1594.643077][T18059] usb 4-1: config 0 has an invalid interface number: 186 but max is 0
[ 1594.651330][T18059] usb 4-1: config 0 has no interface number 0
[ 1594.678212][T18059] usb 4-1: config 0 interface 186 altsetting 0 has an invalid descriptor for endpoint zero, skipping
[ 1594.711745][T18059] usb 4-1: config 0 interface 186 altsetting 0 has an endpoint descriptor with address 0x9A, changing to 0x8A
[ 1594.761446][T18059] usb 4-1: config 0 interface 186 altsetting 0 endpoint 0x8A has an invalid bInterval 0, changing to 7
[ 1594.811823][T18059] usb 4-1: config 0 interface 186 altsetting 0 endpoint 0x8A has invalid wMaxPacketSize 0
[ 1594.835542][T18969] netdevsim netdevsim6 netdevsim1: renamed from eth1
[ 1594.851662][T18059] usb 4-1: config 0 interface 186 altsetting 0 has 4 endpoint descriptors, different from the interface descriptor's value: 3
[ 1594.895359][T18969] netdevsim netdevsim6 netdevsim2: renamed from eth2
[ 1594.916924][T18059] usb 4-1: New USB device found, idVendor=07c0, idProduct=1505, bcdDevice=b8.c5
[ 1594.931470][T18059] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1594.939537][T18059] usb 4-1: Product: syz
[ 1594.981461][T18059] usb 4-1: Manufacturer: syz
[ 1594.986141][T18059] usb 4-1: SerialNumber: syz
[ 1595.008078][T18059] usb 4-1: config 0 descriptor??
[ 1595.048790][T18969] netdevsim netdevsim6 netdevsim3: renamed from eth3
[ 1595.283788][T18059] iowarrior 4-1:0.186: IOWarrior product=0x1505, serial=42424242 interface=186 now attached to iowarrior0
[ 1595.603531][T19302] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 1595.640521][T19302] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 1595.701806][T19302] Bluetooth: hci2: Frame reassembly failed (-84)
[ 1595.743248][T18969] 8021q: adding VLAN 0 to HW filter on device bond0
[ 1595.807758][T18059] usb 4-1: USB disconnect, device number 22
[ 1596.283126][T19341] input: syz0 as /devices/virtual/input/input45
[ 1596.323515][ T5854] Bluetooth: hci2: command 0x1003 tx timeout
[ 1596.330170][T17230] Bluetooth: hci2: Opcode 0x1003 failed: -110
[ 1596.900026][T18969] 8021q: adding VLAN 0 to HW filter on device team0
[ 1596.954766][ T6180] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1596.962067][ T6180] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 1597.288839][ T6180] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1597.296034][ T6180] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 1597.563794][T19350] netlink: 'syz.2.3457': attribute type 21 has an invalid length.
[ 1598.405398][T19029] netdevsim netdevsim4 netdevsim0: renamed from eth0
[ 1598.446270][T19029] netdevsim netdevsim4 netdevsim1: renamed from eth1
[ 1598.508931][T19029] netdevsim netdevsim4 netdevsim2: renamed from eth2
[ 1598.546993][T19029] netdevsim netdevsim4 netdevsim3: renamed from eth3
[ 1598.852730][T19358] binder: 19357:19358 ioctl c0306201 0 returned -14
[ 1599.927565][T19029] 8021q: adding VLAN 0 to HW filter on device bond0
[ 1600.292412][T19029] 8021q: adding VLAN 0 to HW filter on device team0
[ 1600.347307][ T6174] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1600.354613][ T6174] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 1600.524741][ T6174] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1600.532090][ T6174] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 1601.385275][T18969] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 1603.379497][T19029] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 1604.009838][T19405] netlink: 'syz.3.3466': attribute type 21 has an invalid length.
[ 1604.298444][T19407] kvm: requested 4190 ns i8254 timer period limited to 200000 ns
[ 1604.551937][T18969] veth0_vlan: entered promiscuous mode
[ 1604.598801][T18969] veth1_vlan: entered promiscuous mode
[ 1604.901189][T18969] veth0_macvtap: entered promiscuous mode
[ 1604.972624][T18969] veth1_macvtap: entered promiscuous mode
[ 1605.103211][T18969] batman_adv: batadv0: Interface activated: batadv_slave_0
[ 1605.393523][T18969] batman_adv: batadv0: Interface activated: batadv_slave_1
[ 1605.710584][T18969] netdevsim netdevsim6 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 1605.729930][T18969] netdevsim netdevsim6 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 1605.739675][T18969] netdevsim netdevsim6 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 1605.755699][T18969] netdevsim netdevsim6 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[ 1605.963664][T19029] veth0_vlan: entered promiscuous mode
[ 1606.569720][T19029] veth1_vlan: entered promiscuous mode
[ 1607.059941][ T6186] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 1607.082855][ T6186] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 1607.288980][T19438] netlink: 'syz.5.3471': attribute type 21 has an invalid length.
[ 1607.447893][ T1302] ieee802154 phy0 wpan0: encryption failed: -22
[ 1607.471092][ T1302] ieee802154 phy1 wpan1: encryption failed: -22
[ 1607.790551][ T6174] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 1607.795890][T19029] veth0_macvtap: entered promiscuous mode
[ 1607.825571][ T6174] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 1607.833669][T19442] netlink: 8 bytes leftover after parsing attributes in process `syz.2.3472'.
[ 1607.860098][T19029] veth1_macvtap: entered promiscuous mode
[ 1607.955324][T19029] batman_adv: batadv0: Interface activated: batadv_slave_0
[ 1608.015574][T19029] batman_adv: batadv0: Interface activated: batadv_slave_1
[ 1608.103312][T19029] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 1608.142893][T19029] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 1608.187186][T19029] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 1608.445831][T19029] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[ 1611.238710][ T6178] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 1611.307546][ T6178] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 1611.985619][ T6182] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 1611.990110][T19483] net_ratelimit: 18 callbacks suppressed
[ 1611.990136][T19483] netlink: zone id is out of range
[ 1612.012063][ T6182] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 1612.070235][T19483] netlink: zone id is out of range
[ 1612.092763][T19483] netlink: zone id is out of range
[ 1612.110724][T19483] netlink: zone id is out of range
[ 1612.139290][T19483] netlink: zone id is out of range
[ 1612.178568][T19483] netlink: zone id is out of range
[ 1612.200620][T19483] netlink: zone id is out of range
[ 1612.249238][T19483] netlink: zone id is out of range
[ 1612.291695][T19483] netlink: zone id is out of range
[ 1612.328303][T19483] netlink: zone id is out of range
[ 1613.137922][T19495] overlayfs: failed to resolve './file1': -2
[ 1613.381507][ T5903] usb 7-1: new high-speed USB device number 2 using dummy_hcd
[ 1613.559022][ T5903] usb 7-1: New USB device found, idVendor=17e9, idProduct=8b4e, bcdDevice=9c.08
[ 1613.581558][ T5903] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1613.626662][ T5903] usb 7-1: config 0 descriptor??
[ 1614.082271][ T5903] udl 7-1:0.0: [drm] Unrecognized vendor firmware descriptor
[ 1616.273232][T17230] Bluetooth: hci5: link tx timeout
[ 1616.279610][T17230] Bluetooth: hci5: killing stalled connection 11:aa:aa:aa:aa:aa
[ 1616.655664][ T5903] [drm:udl_init] *ERROR* Selecting channel failed
[ 1616.692458][ T5903] [drm] Initialized udl 0.0.1 for 7-1:0.0 on minor 2
[ 1616.699242][ T5903] [drm] Initialized udl on minor 2
[ 1616.792549][ T5903] udl 7-1:0.0: [drm] *ERROR* Read EDID byte 0 failed err ffffffb9
[ 1616.824209][ T5903] udl 7-1:0.0: [drm] Cannot find any crtc or sizes
[ 1616.908189][ T5827] udl 7-1:0.0: [drm] *ERROR* Read EDID byte 0 failed err ffffffb9
[ 1616.945008][ T5903] usb 7-1: USB disconnect, device number 2
[ 1616.961456][ T5827] udl 7-1:0.0: [drm] Cannot find any crtc or sizes
[ 1617.919288][ T5851] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1
[ 1617.933052][ T5851] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9
[ 1617.947530][ T5851] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9
[ 1617.961479][ T5851] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4
[ 1617.974896][ T5851] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2
[ 1618.114123][T19530] lo speed is unknown, defaulting to 1000
[ 1618.123255][T19530] lo speed is unknown, defaulting to 1000
[ 1618.181734][T19524] binder: 19522:19524 ioctl c0306201 0 returned -14
[ 1618.355396][ T5851] Bluetooth: hci5: command 0x0406 tx timeout
[ 1620.390019][T17230] Bluetooth: hci2: command tx timeout
[ 1622.511579][T17230] Bluetooth: hci2: command tx timeout
[ 1622.599717][ T6182] netdevsim netdevsim3 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1622.671062][T19562] loop5: detected capacity change from 0 to 512
[ 1622.838593][T19527] lo speed is unknown, defaulting to 1000
[ 1622.863779][T19527] lo speed is unknown, defaulting to 1000
[ 1623.874588][T19562] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[ 1623.925616][T19562] ext4 filesystem being mounted at /623/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[ 1624.210474][ T6182] netdevsim netdevsim3 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1624.591905][T17230] Bluetooth: hci2: command tx timeout
[ 1625.555113][ T7605] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[ 1625.679011][ T6182] netdevsim netdevsim3 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1626.701542][T17230] Bluetooth: hci2: command tx timeout
[ 1627.027792][ T6182] netdevsim netdevsim3 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1628.186924][T19599] lo speed is unknown, defaulting to 1000
[ 1628.194060][T19599] lo speed is unknown, defaulting to 1000
[ 1629.351655][T11746] usb 6-1: new high-speed USB device number 24 using dummy_hcd
[ 1629.522845][T18059] IPVS: starting estimator thread 0...
[ 1629.621487][T11746] usb 6-1: Using ep0 maxpacket: 16
[ 1629.773074][T19615] IPVS: using max 24 ests per chain, 57600 per kthread
[ 1629.891483][T11746] usb 6-1: config 64 has an invalid interface number: 176 but max is 0
[ 1630.002640][T11746] usb 6-1: config 64 has no interface number 0
[ 1630.029325][T11746] usb 6-1: config 64 interface 176 has no altsetting 0
[ 1630.065041][T11746] usb 6-1: string descriptor 0 read error: -71
[ 1630.191732][T11746] usb 6-1: New USB device found, idVendor=0c72, idProduct=0014, bcdDevice=14.8d
[ 1630.215040][T11746] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1630.296821][T11746] usb 6-1: can't set config #64, error -71
[ 1630.321740][T11746] usb 6-1: USB disconnect, device number 24
[ 1630.477912][T19527] chnl_net:caif_netlink_parms(): no params data found
[ 1632.837839][ T6182] dummy0: left allmulticast mode
[ 1632.876967][ T6182] bridge0: port 3(dummy0) entered disabled state
[ 1635.180693][ T6182] bridge_slave_1: left allmulticast mode
[ 1635.211457][ T6182] bridge_slave_1: left promiscuous mode
[ 1635.218802][ T6182] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1635.272943][ T6182] bridge_slave_0: left allmulticast mode
[ 1635.278703][ T6182] bridge_slave_0: left promiscuous mode
[ 1635.623911][ T6182] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1637.482375][   T30] kauditd_printk_skb: 13 callbacks suppressed
[ 1637.482394][   T30] audit: type=1326 audit(1748380167.579:919): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=19649 comm="syz.6.3514" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd58778e969 code=0x7ffc0000
[ 1637.640365][   T30] audit: type=1326 audit(1748380167.599:920): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=19649 comm="syz.6.3514" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd58778e969 code=0x7ffc0000
[ 1638.234259][   T30] audit: type=1326 audit(1748380167.719:921): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=19649 comm="syz.6.3514" exe="/root/syz-executor" sig=0 arch=c000003e syscall=294 compat=0 ip=0x7fd58778e969 code=0x7ffc0000
[ 1638.338947][   T30] audit: type=1326 audit(1748380167.719:922): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=19649 comm="syz.6.3514" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd58778e969 code=0x7ffc0000
[ 1638.415008][   T30] audit: type=1326 audit(1748380167.719:923): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=19649 comm="syz.6.3514" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd58778e969 code=0x7ffc0000
[ 1638.466106][   T30] audit: type=1326 audit(1748380167.719:924): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=19649 comm="syz.6.3514" exe="/root/syz-executor" sig=0 arch=c000003e syscall=254 compat=0 ip=0x7fd58778e969 code=0x7ffc0000
[ 1638.510792][   T30] audit: type=1326 audit(1748380167.719:925): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=19649 comm="syz.6.3514" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd58778e969 code=0x7ffc0000
[ 1638.556822][   T30] audit: type=1326 audit(1748380167.719:926): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=19649 comm="syz.6.3514" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd58778e969 code=0x7ffc0000
[ 1638.592469][   T30] audit: type=1326 audit(1748380167.719:927): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=19649 comm="syz.6.3514" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd58778e969 code=0x7ffc0000
[ 1638.686208][   T30] audit: type=1326 audit(1748380167.719:928): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=19649 comm="syz.6.3514" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd58778e969 code=0x7ffc0000
[ 1640.119959][ T6182] bond0 (unregistering): (slave bridge0): Releasing backup interface
[ 1641.213006][ T6182] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[ 1641.224566][ T6182] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[ 1641.234982][ T6182] bond0 (unregistering): Released all slaves
[ 1641.265464][T19656] sit0: entered promiscuous mode
[ 1641.280506][T19656] netlink: 1 bytes leftover after parsing attributes in process `syz.6.3514'.
[ 1641.438172][T19679] lo speed is unknown, defaulting to 1000
[ 1641.446297][T19679] lo speed is unknown, defaulting to 1000
[ 1641.543570][ T6182] tipc: Left network mode
[ 1641.847621][T19691] net_ratelimit: 18 callbacks suppressed
[ 1641.847646][T19691] netlink: zone id is out of range
[ 1642.521523][T19691] netlink: zone id is out of range
[ 1642.527242][T19691] netlink: zone id is out of range
[ 1642.558942][T19691] netlink: zone id is out of range
[ 1642.572866][T19691] netlink: zone id is out of range
[ 1642.596300][T19691] netlink: zone id is out of range
[ 1642.658042][T19702] loop6: detected capacity change from 0 to 512
[ 1642.667026][T19691] netlink: zone id is out of range
[ 1642.674273][T19702] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled
[ 1642.681469][T19691] netlink: zone id is out of range
[ 1642.689634][T19527] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1642.702479][T19697] block nbd5: shutting down sockets
[ 1642.720579][T19691] netlink: zone id is out of range
[ 1642.737257][T19527] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1642.754642][T19702] EXT4-fs (loop6): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[ 1642.757361][T19691] netlink: zone id is out of range
[ 1642.783266][T19527] bridge_slave_0: entered allmulticast mode
[ 1642.808751][T19527] bridge_slave_0: entered promiscuous mode
[ 1642.851627][T19702] ext4 filesystem being mounted at /12/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[ 1642.864774][T19527] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1642.889173][T19527] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1642.924272][T19527] bridge_slave_1: entered allmulticast mode
[ 1642.948638][T19527] bridge_slave_1: entered promiscuous mode
[ 1642.951807][T19702] EXT4-fs error (device loop6): ext4_xattr_block_get:593: inode #15: comm syz.6.3524: corrupted xattr block 19: overlapping e_value 
[ 1643.080598][T18969] EXT4-fs (loop6): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[ 1643.559190][T19711] bond0: (slave rose0): Error: Device is in use and cannot be enslaved
[ 1644.065916][T19725] input: syz0 as /devices/virtual/input/input46
[ 1644.551219][T19527] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 1644.710922][T19527] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 1646.739567][T19527] team0: Port device team_slave_0 added
[ 1646.796367][ T6182] hsr_slave_0: left promiscuous mode
[ 1646.814639][ T6182] hsr_slave_1: left promiscuous mode
[ 1646.829296][ T6182] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[ 1646.857859][ T6182] batman_adv: batadv0: Removing interface: batadv_slave_0
[ 1646.879349][ T6182] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[ 1646.905534][ T6182] batman_adv: batadv0: Removing interface: batadv_slave_1
[ 1646.917551][   T30] kauditd_printk_skb: 3 callbacks suppressed
[ 1646.917571][   T30] audit: type=1326 audit(1748380177.009:932): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=19753 comm="syz.5.3530" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2d1dd8e969 code=0x7ffc0000
[ 1647.001125][   T30] audit: type=1326 audit(1748380177.009:933): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=19753 comm="syz.5.3530" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2d1dd8e969 code=0x7ffc0000
[ 1647.049331][   T30] audit: type=1326 audit(1748380177.009:934): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=19753 comm="syz.5.3530" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7f2d1dd8e969 code=0x7ffc0000
[ 1647.069993][ T6182] veth1_macvtap: left promiscuous mode
[ 1647.078005][   T30] audit: type=1326 audit(1748380177.009:935): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=19753 comm="syz.5.3530" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2d1dd8e969 code=0x7ffc0000
[ 1647.104931][   T30] audit: type=1326 audit(1748380177.009:936): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=19753 comm="syz.5.3530" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2d1dd8e969 code=0x7ffc0000
[ 1647.110747][ T6182] veth0_macvtap: left promiscuous mode
[ 1647.128275][   T30] audit: type=1326 audit(1748380177.009:937): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=19753 comm="syz.5.3530" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7f2d1dd8e969 code=0x7ffc0000
[ 1647.158045][   T30] audit: type=1326 audit(1748380177.009:938): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=19753 comm="syz.5.3530" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2d1dd8e969 code=0x7ffc0000
[ 1647.180999][   T30] audit: type=1326 audit(1748380177.009:939): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=19753 comm="syz.5.3530" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2d1dd8e969 code=0x7ffc0000
[ 1647.191806][ T6182] veth1_vlan: left promiscuous mode
[ 1647.204525][   T30] audit: type=1326 audit(1748380177.009:940): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=19753 comm="syz.5.3530" exe="/root/syz-executor" sig=0 arch=c000003e syscall=46 compat=0 ip=0x7f2d1dd8e969 code=0x7ffc0000
[ 1647.239638][ T6182] veth0_vlan: left promiscuous mode
[ 1648.072265][ T6182] team0 (unregistering): Port device team_slave_1 removed
[ 1648.283870][ T6182] team0 (unregistering): Port device team_slave_0 removed
[ 1651.276605][T19527] team0: Port device team_slave_1 added
[ 1651.543087][T19755] netlink: 1 bytes leftover after parsing attributes in process `syz.5.3530'.
[ 1651.659996][T19779] sd 0:0:1:0: device reset
[ 1651.779050][T19527] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 1651.802244][T19527] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 1651.907928][T19785] loop5: detected capacity change from 0 to 512
[ 1651.924805][T19527] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 1651.982029][T19527] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 1652.017373][T19785] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[ 1652.019773][T19527] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 1652.056030][T19527] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 1652.108620][T19785] ext4 filesystem being mounted at /631/bus supports timestamps until 2038-01-19 (0x7fffffff)
[ 1652.536476][T19527] hsr_slave_0: entered promiscuous mode
[ 1652.593016][T19527] hsr_slave_1: entered promiscuous mode
[ 1652.902925][T19803] input: syz0 as /devices/virtual/input/input47
[ 1653.092463][T19527] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[ 1653.387773][T19527] Cannot create hsr debugfs directory
[ 1653.437900][ T7605] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[ 1653.802314][T19808] input: syz1 as /devices/virtual/input/input48
[ 1654.485257][T19818] bond0: (slave rose0): Error: Device is in use and cannot be enslaved
[ 1656.789892][T19824] lo speed is unknown, defaulting to 1000
[ 1658.474019][ T6182] IPVS: stop unused estimator thread 0...
[ 1658.726478][T19848] sit0: entered promiscuous mode
[ 1658.776142][   T30] audit: type=1326 audit(1748380188.869:941): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=19846 comm="syz.4.3547" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9035d8e969 code=0x7ffc0000
[ 1658.790725][T19848] netlink: 1 bytes leftover after parsing attributes in process `syz.4.3547'.
[ 1658.927795][   T30] audit: type=1326 audit(1748380188.869:942): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=19846 comm="syz.4.3547" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7f9035d8e969 code=0x7ffc0000
[ 1659.197165][T19856] loop6: detected capacity change from 0 to 512
[ 1660.114923][   T30] audit: type=1326 audit(1748380188.869:943): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=19846 comm="syz.4.3547" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9035d8e969 code=0x7ffc0000
[ 1660.137459][   T30] audit: type=1326 audit(1748380188.869:944): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=19846 comm="syz.4.3547" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7f9035d8e969 code=0x7ffc0000
[ 1660.159889][   T30] audit: type=1326 audit(1748380188.869:945): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=19846 comm="syz.4.3547" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9035d8e969 code=0x7ffc0000
[ 1660.242938][   T30] audit: type=1326 audit(1748380188.899:946): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=19846 comm="syz.4.3547" exe="/root/syz-executor" sig=0 arch=c000003e syscall=46 compat=0 ip=0x7f9035d8e969 code=0x7ffc0000
[ 1660.346252][T19856] EXT4-fs (loop6): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[ 1660.394845][T19856] ext4 filesystem being mounted at /19/bus supports timestamps until 2038-01-19 (0x7fffffff)
[ 1660.403520][   T30] audit: type=1326 audit(1748380189.019:947): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=19846 comm="syz.4.3547" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9035d8e969 code=0x7ffc0000
[ 1660.685828][   T30] audit: type=1326 audit(1748380189.019:948): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=19846 comm="syz.4.3547" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9035d8e969 code=0x7ffc0000
[ 1660.807197][T19867] netlink: 'syz.2.3550': attribute type 21 has an invalid length.
[ 1661.465565][T18969] EXT4-fs (loop6): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[ 1662.723114][T19882] net_ratelimit: 18 callbacks suppressed
[ 1662.723134][T19882] netlink: zone id is out of range
[ 1662.787586][T19882] netlink: zone id is out of range
[ 1662.824048][T19882] netlink: zone id is out of range
[ 1662.974662][T19889] nbd6: detected capacity change from 0 to 4294967296
[ 1662.981821][T19882] netlink: zone id is out of range
[ 1662.986945][T19882] netlink: zone id is out of range
[ 1663.024929][T19882] netlink: zone id is out of range
[ 1663.058891][T19882] netlink: zone id is out of range
[ 1663.071114][T19882] netlink: zone id is out of range
[ 1663.079150][T19882] netlink: zone id is out of range
[ 1663.088386][T19882] netlink: zone id is out of range
[ 1664.250155][T19897] netlink: 12 bytes leftover after parsing attributes in process `syz.2.3556'.
[ 1666.157228][T17230] block nbd6: Receive control failed (result -104)
[ 1666.538560][T19527] netdevsim netdevsim3 netdevsim0: renamed from eth0
[ 1666.584452][T19527] netdevsim netdevsim3 netdevsim1: renamed from eth1
[ 1666.621190][T19527] netdevsim netdevsim3 netdevsim2: renamed from eth2
[ 1666.663879][T19527] netdevsim netdevsim3 netdevsim3: renamed from eth3
[ 1667.167457][T19930] ptrace attach of "./syz-executor exec"[19029] was attempted by "./syz-executor exec"[19930]
[ 1667.536436][T19934] loop5: detected capacity change from 0 to 512
[ 1667.688249][T19527] 8021q: adding VLAN 0 to HW filter on device bond0
[ 1667.802134][T19934] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[ 1668.469305][T19934] ext4 filesystem being mounted at /639/bus supports timestamps until 2038-01-19 (0x7fffffff)
[ 1668.635023][T19527] 8021q: adding VLAN 0 to HW filter on device team0
[ 1668.676829][ T6182] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1668.684070][ T6182] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 1668.789643][ T2962] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1668.796881][ T2962] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 1668.839064][ T1302] ieee802154 phy0 wpan0: encryption failed: -22
[ 1668.848320][ T1302] ieee802154 phy1 wpan1: encryption failed: -22
[ 1668.875153][ T7605] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[ 1672.165773][T19974] netlink: 'syz.4.3568': attribute type 21 has an invalid length.
[ 1672.173856][T19974] IPv6: NLM_F_CREATE should be specified when creating new route
[ 1672.876264][T19986] net_ratelimit: 46 callbacks suppressed
[ 1672.876289][T19986] netlink: zone id is out of range
[ 1672.941519][T19986] netlink: zone id is out of range
[ 1672.946730][T19986] netlink: zone id is out of range
[ 1672.975311][T19986] netlink: zone id is out of range
[ 1672.980520][T19986] netlink: zone id is out of range
[ 1673.021583][T19986] netlink: zone id is out of range
[ 1673.095755][T19986] netlink: zone id is out of range
[ 1673.133046][T19986] netlink: zone id is out of range
[ 1673.161676][T19986] netlink: zone id is out of range
[ 1673.188062][T19986] netlink: zone id is out of range
[ 1674.214876][ T5854] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[ 1674.229285][ T5854] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[ 1674.243670][ T5854] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[ 1674.255105][ T5854] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[ 1674.263147][ T5854] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[ 1674.407842][T19999] lo speed is unknown, defaulting to 1000
[ 1674.439823][T20003] netlink: 'syz.2.3573': attribute type 21 has an invalid length.
[ 1675.097049][T20004] input: syz1 as /devices/virtual/input/input49
[ 1676.521602][T17230] Bluetooth: hci0: command tx timeout
[ 1677.310122][T20026] netlink: 'syz.2.3577': attribute type 21 has an invalid length.
[ 1678.592462][T17230] Bluetooth: hci0: command tx timeout
[ 1679.017714][T19999] chnl_net:caif_netlink_parms(): no params data found
[ 1680.282690][ T5851] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1
[ 1680.376377][ T5851] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9
[ 1680.388110][ T5851] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9
[ 1680.397053][ T5851] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4
[ 1680.407552][ T5851] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2
[ 1680.776983][ T5851] Bluetooth: hci0: command tx timeout
[ 1681.399535][ T5851] Bluetooth: hci3: command 0x0406 tx timeout
[ 1681.653966][T20044] lo speed is unknown, defaulting to 1000
[ 1682.688882][ T5854] Bluetooth: hci2: command tx timeout
[ 1682.789121][T20066] input: syz1 as /devices/virtual/input/input50
[ 1682.841460][ T5854] Bluetooth: hci0: command tx timeout
[ 1683.001729][T19999] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1683.008973][T19999] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1683.037606][T20073] net_ratelimit: 18 callbacks suppressed
[ 1683.037629][T20073] IPVS: rr: UDP 224.0.0.2:0 - no destination available
[ 1683.052557][T19999] bridge_slave_0: entered allmulticast mode
[ 1683.108872][T19999] bridge_slave_0: entered promiscuous mode
[ 1683.263978][T19999] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1683.293334][T19999] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1683.316728][T19999] bridge_slave_1: entered allmulticast mode
[ 1683.341067][T19999] bridge_slave_1: entered promiscuous mode
[ 1684.751547][ T5854] Bluetooth: hci2: command tx timeout
[ 1685.148593][T19999] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 1685.833331][T19999] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 1687.070743][ T5854] Bluetooth: hci2: command tx timeout
[ 1687.307295][T19999] team0: Port device team_slave_0 added
[ 1687.393677][T19999] team0: Port device team_slave_1 added
[ 1687.450655][ T6178] bridge_slave_1: left allmulticast mode
[ 1687.471001][ T6178] bridge_slave_1: left promiscuous mode
[ 1687.491780][ T6178] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1687.528476][ T6178] bridge_slave_0: left allmulticast mode
[ 1687.545270][ T6178] bridge_slave_0: left promiscuous mode
[ 1687.561842][ T6178] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1688.620780][T20112] netlink: 72 bytes leftover after parsing attributes in process `syz.5.3592'.
[ 1689.281485][ T5854] Bluetooth: hci2: command tx timeout
[ 1692.517552][T15043] usb 6-1: new high-speed USB device number 25 using dummy_hcd
[ 1692.869213][T15043] usb 6-1: device descriptor read/64, error -71
[ 1693.217347][T20147] IPVS: rr: UDP 224.0.0.2:0 - no destination available
[ 1693.872621][T13962] block nbd6: Possible stuck request ffff8880254c7000: control (read@0,4096B). Runtime 30 seconds
[ 1694.131228][T15043] usb 6-1: new high-speed USB device number 26 using dummy_hcd
[ 1695.457288][T11746] usb 5-1: new high-speed USB device number 9 using dummy_hcd
[ 1695.793687][T11746] usb 5-1: Using ep0 maxpacket: 16
[ 1695.825942][T11746] usb 5-1: New USB device found, idVendor=0471, idProduct=0327, bcdDevice=61.a4
[ 1695.835276][T11746] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1695.849096][ T6178] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[ 1695.863270][T11746] usb 5-1: config 0 descriptor??
[ 1695.882945][T11746] gspca_main: sonixj-2.14.0 probing 0471:0327
[ 1695.890023][ T6178] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[ 1695.891104][T20165] netlink: zone id is out of range
[ 1695.930104][ T6178] bond0 (unregistering): Released all slaves
[ 1695.943528][T20165] netlink: zone id is out of range
[ 1695.951930][T20165] netlink: zone id is out of range
[ 1695.957113][T20165] netlink: zone id is out of range
[ 1695.962414][T20165] netlink: zone id is out of range
[ 1695.967697][T20165] netlink: zone id is out of range
[ 1695.986726][T20165] netlink: zone id is out of range
[ 1695.996767][T20165] netlink: zone id is out of range
[ 1696.002923][T20165] netlink: zone id is out of range
[ 1697.384538][T19999] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 1697.396187][T19999] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 1697.427453][T19999] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 1698.261902][T19999] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 1698.268947][T19999] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 1698.315857][ T5903] usb 5-1: USB disconnect, device number 9
[ 1698.386904][T19999] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 1699.194281][T20197] IPv6: Can't replace route, no match found
[ 1699.949341][ T6178] hsr_slave_0: left promiscuous mode
[ 1699.958061][T20197] Falling back ldisc for ptm1.
[ 1699.964480][ T6178] hsr_slave_1: left promiscuous mode
[ 1699.972083][ T6178] batman_adv: batadv0: Removing interface: batadv_slave_0
[ 1699.983619][ T6178] batman_adv: batadv0: Removing interface: batadv_slave_1
[ 1700.428179][T20206] loop2: detected capacity change from 0 to 1024
[ 1700.522375][T20206] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[ 1700.586174][T20206] ext4 filesystem being mounted at /833/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[ 1700.613022][T20214] EXT4-fs error (device loop2): ext4_mb_generate_buddy:1220: group 0, block bitmap and bg descriptor inconsistent: 21 vs 268369941 free clusters
[ 1700.688324][T20206] EXT4-fs error (device loop2): ext4_map_blocks:816: inode #15: block 3: comm syz.2.3614: lblock 3 mapped to illegal pblock 3 (length 13)
[ 1700.741072][T20206] EXT4-fs (loop2): Delayed block allocation failed for inode 15 at logical offset 3 with max blocks 13 with error 117
[ 1700.754121][T20206] EXT4-fs (loop2): This should not happen!! Data will be lost
[ 1700.754121][T20206] 
[ 1700.770034][T20217] EXT4-fs error (device loop2): ext4_map_blocks:780: inode #15: block 3: comm syz.2.3614: lblock 3 mapped to illegal pblock 3 (length 1)
[ 1700.800959][T20217] EXT4-fs error (device loop2): ext4_map_blocks:780: inode #15: block 3: comm syz.2.3614: lblock 3 mapped to illegal pblock 3 (length 1)
[ 1700.820211][T20205] EXT4-fs error (device loop2): ext4_map_blocks:780: inode #15: block 3: comm syz.2.3614: lblock 3 mapped to illegal pblock 3 (length 1)
[ 1700.858426][T20205] EXT4-fs error (device loop2): ext4_map_blocks:780: inode #15: block 3: comm syz.2.3614: lblock 3 mapped to illegal pblock 3 (length 1)
[ 1700.901131][T20217] EXT4-fs error (device loop2): ext4_map_blocks:780: inode #15: block 3: comm syz.2.3614: lblock 3 mapped to illegal pblock 3 (length 1)
[ 1700.924553][T20205] EXT4-fs error (device loop2): ext4_map_blocks:780: inode #15: block 3: comm syz.2.3614: lblock 3 mapped to illegal pblock 3 (length 1)
[ 1700.967085][T20205] EXT4-fs error (device loop2): ext4_map_blocks:780: inode #15: block 3: comm syz.2.3614: lblock 3 mapped to illegal pblock 3 (length 1)
[ 1700.983488][T20205] EXT4-fs error (device loop2): ext4_map_blocks:780: inode #15: block 3: comm syz.2.3614: lblock 3 mapped to illegal pblock 3 (length 1)
[ 1701.182396][ T6178] team0 (unregistering): Port device team_slave_1 removed
[ 1701.287225][ T6178] team0 (unregistering): Port device team_slave_0 removed
[ 1701.420407][ T5838] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[ 1702.158404][T20226] net_ratelimit: 19 callbacks suppressed
[ 1702.158427][T20226] netlink: zone id is out of range
[ 1702.170385][T20226] netlink: zone id is out of range
[ 1702.178168][T20226] netlink: zone id is out of range
[ 1702.183611][T20226] netlink: zone id is out of range
[ 1702.188892][T20226] netlink: zone id is out of range
[ 1702.201911][T20226] netlink: zone id is out of range
[ 1702.208680][T20226] netlink: zone id is out of range
[ 1702.214046][T20226] netlink: zone id is out of range
[ 1702.219417][T20226] netlink: zone id is out of range
[ 1702.228585][T20226] netlink: zone id is out of range
[ 1702.696758][T20044] chnl_net:caif_netlink_parms(): no params data found
[ 1703.966239][T19999] hsr_slave_0: entered promiscuous mode
[ 1703.974354][T19999] hsr_slave_1: entered promiscuous mode
[ 1703.980805][T19999] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[ 1703.988725][T19999] Cannot create hsr debugfs directory
[ 1706.532882][T20044] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1706.572572][T20044] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1706.611687][T20044] bridge_slave_0: entered allmulticast mode
[ 1706.619753][T20044] bridge_slave_0: entered promiscuous mode
[ 1706.805364][T20267] fuse: Bad value for 'fd'
[ 1706.988660][T20044] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1707.817787][T20274] block nbd4: shutting down sockets
[ 1707.858325][T20044] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1707.879504][T20044] bridge_slave_1: entered allmulticast mode
[ 1707.888288][T20044] bridge_slave_1: entered promiscuous mode
[ 1708.265396][T20044] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 1709.296998][T20044] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 1710.409091][T20044] team0: Port device team_slave_0 added
[ 1710.629897][T20044] team0: Port device team_slave_1 added
[ 1711.816771][T20309] input: syz0 as /devices/virtual/input/input51
[ 1712.705936][T20044] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 1712.813467][T20044] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 1712.909279][T20044] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 1712.980018][T20044] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 1713.150223][T20044] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 1713.262690][T20044] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 1715.107714][T20044] hsr_slave_0: entered promiscuous mode
[ 1715.132590][T20044] hsr_slave_1: entered promiscuous mode
[ 1715.149953][T20044] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[ 1715.163508][T20044] Cannot create hsr debugfs directory
[ 1715.796586][T20335] IPv6: Can't replace route, no match found
[ 1716.477723][T19999] netdevsim netdevsim3 netdevsim0: renamed from eth0
[ 1716.486148][T20335] Falling back ldisc for ptm1.
[ 1716.495800][T19999] netdevsim netdevsim3 netdevsim1: renamed from eth1
[ 1716.996414][ T5851] Bluetooth: hci2: command 0x0405 tx timeout
[ 1717.174567][T19999] netdevsim netdevsim3 netdevsim2: renamed from eth2
[ 1717.252129][T19999] netdevsim netdevsim3 netdevsim3: renamed from eth3
[ 1717.371810][T20345] loop2: detected capacity change from 0 to 1024
[ 1717.506081][T20345] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[ 1717.590721][T20345] ext4 filesystem being mounted at /843/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[ 1720.664128][ T5838] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[ 1720.763413][T19999] 8021q: adding VLAN 0 to HW filter on device bond0
[ 1720.797731][T19999] 8021q: adding VLAN 0 to HW filter on device team0
[ 1720.879804][T19999] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network
[ 1720.895378][T19999] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[ 1720.944116][T20044] netdevsim netdevsim7 netdevsim0: renamed from eth0
[ 1720.966553][ T2993] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1720.973865][ T2993] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 1721.042872][ T2993] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1721.050104][ T2993] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 1721.245838][T20377] input: syz1 as /devices/virtual/input/input52
[ 1721.909241][T20044] netdevsim netdevsim7 netdevsim1: renamed from eth1
[ 1721.978678][T20044] netdevsim netdevsim7 netdevsim2: renamed from eth2
[ 1722.008855][T20384] netlink: 8 bytes leftover after parsing attributes in process `syz.4.3645'.
[ 1722.154280][T20044] netdevsim netdevsim7 netdevsim3: renamed from eth3
[ 1722.450798][T20390] loop4: detected capacity change from 0 to 1024
[ 1723.361208][T20390] EXT4-fs (loop4): ext4_check_descriptors: Checksum for group 0 failed (32298!=35945)
[ 1723.401516][T20393] x_tables: ip_tables: TCPOPTSTRIP target: only valid in mangle table, not raw
[ 1723.412812][T20390] EXT4-fs (loop4): stripe (65535) is not aligned with cluster size (4096), stripe is disabled
[ 1723.459210][T20390] EXT4-fs (loop4): revision level too high, forcing read-only mode
[ 1723.492188][T20390] EXT4-fs (loop4): orphan cleanup on readonly fs
[ 1723.518436][T20390] EXT4-fs error (device loop4): ext4_read_inode_bitmap:167: comm syz.4.3647: Inode bitmap for bg 0 marked uninitialized
[ 1723.565963][T19999] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 1723.586749][T20390] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback.
[ 1723.756486][T19029] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[ 1724.169950][T20044] 8021q: adding VLAN 0 to HW filter on device bond0
[ 1724.200471][T19999] veth0_vlan: entered promiscuous mode
[ 1724.265680][T19999] veth1_vlan: entered promiscuous mode
[ 1724.290959][T20044] 8021q: adding VLAN 0 to HW filter on device team0
[ 1724.379758][T13247] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1724.387057][T13247] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 1724.427075][T13247] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1724.434354][T13247] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 1724.512771][T13962] block nbd6: Possible stuck request ffff8880254c7000: control (read@0,4096B). Runtime 60 seconds
[ 1724.563810][T19999] veth0_macvtap: entered promiscuous mode
[ 1724.764684][T19999] veth1_macvtap: entered promiscuous mode
[ 1724.781611][ T5827] usb 5-1: new high-speed USB device number 10 using dummy_hcd
[ 1724.907532][T19999] batman_adv: batadv0: Interface activated: batadv_slave_0
[ 1724.981023][ T5827] usb 5-1: New USB device found, idVendor=17e9, idProduct=8b4e, bcdDevice=9c.08
[ 1724.986835][T19999] batman_adv: batadv0: Interface activated: batadv_slave_1
[ 1725.021703][ T5827] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1725.049012][ T5827] usb 5-1: config 0 descriptor??
[ 1725.067931][T19999] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 1725.127005][T19999] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 1725.158331][T19999] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 1725.175249][T19999] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[ 1725.582415][ T2993] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 1725.622995][ T2993] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 1725.708954][ T6180] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 1725.725486][ T6180] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 1725.728379][T20044] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 1727.680772][T20044] veth0_vlan: entered promiscuous mode
[ 1727.741060][T20044] veth1_vlan: entered promiscuous mode
[ 1727.790513][T20430] loop5: detected capacity change from 0 to 512
[ 1727.938950][T20430] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[ 1727.995146][T20430] ext4 filesystem being mounted at /660/bus supports timestamps until 2038-01-19 (0x7fffffff)
[ 1728.064615][T20044] veth0_macvtap: entered promiscuous mode
[ 1728.207649][T20044] veth1_macvtap: entered promiscuous mode
[ 1728.226677][T10756] usb 5-1: USB disconnect, device number 10
[ 1728.426855][T20044] batman_adv: batadv0: Interface activated: batadv_slave_0
[ 1728.825768][T20442] input: syz0 as /devices/virtual/input/input53
[ 1729.244019][T20044] batman_adv: batadv0: Interface activated: batadv_slave_1
[ 1729.369534][ T7605] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[ 1729.422179][T20044] netdevsim netdevsim7 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 1729.501522][T20044] netdevsim netdevsim7 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 1729.510316][T20044] netdevsim netdevsim7 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 1729.597149][T20044] netdevsim netdevsim7 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[ 1730.275484][ T1302] ieee802154 phy0 wpan0: encryption failed: -22
[ 1730.289782][ T1302] ieee802154 phy1 wpan1: encryption failed: -22
[ 1732.274573][ T6174] Bluetooth: hci6: Frame reassembly failed (-84)
[ 1732.564801][T18059] usb 6-1: new high-speed USB device number 27 using dummy_hcd
[ 1732.851821][T18059] usb 6-1: Using ep0 maxpacket: 8
[ 1733.071636][T18059] usb 6-1: config 0 has an invalid interface number: 186 but max is 0
[ 1733.155977][T18059] usb 6-1: config 0 has no interface number 0
[ 1733.201542][T18059] usb 6-1: config 0 interface 186 altsetting 0 has an invalid descriptor for endpoint zero, skipping
[ 1733.301454][T18059] usb 6-1: config 0 interface 186 altsetting 0 has an endpoint descriptor with address 0x9A, changing to 0x8A
[ 1733.352391][ T6176] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 1733.360271][ T6176] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 1733.385577][T18059] usb 6-1: config 0 interface 186 altsetting 0 endpoint 0x8A has an invalid bInterval 0, changing to 7
[ 1733.419305][T18059] usb 6-1: config 0 interface 186 altsetting 0 has 4 endpoint descriptors, different from the interface descriptor's value: 3
[ 1733.482391][T18059] usb 6-1: New USB device found, idVendor=07c0, idProduct=1505, bcdDevice=b8.c5
[ 1733.524712][T18059] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1733.538586][ T2936] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 1733.570097][ T2936] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 1733.780340][T18059] usb 6-1: Product: syz
[ 1733.785552][T18059] usb 6-1: Manufacturer: syz
[ 1733.790230][T18059] usb 6-1: SerialNumber: syz
[ 1733.800170][T18059] usb 6-1: config 0 descriptor??
[ 1734.035818][T18059] iowarrior 6-1:0.186: IOWarrior product=0x1505, serial=42424242 interface=186 now attached to iowarrior0
[ 1734.323407][ T5854] Bluetooth: hci6: Opcode 0x1003 failed: -110
[ 1735.898977][ T5893] usb 6-1: USB disconnect, device number 27
[ 1736.216394][T20506] input: syz1 as /devices/virtual/input/input54
[ 1737.691670][T20518] netlink: 72 bytes leftover after parsing attributes in process `syz.5.3670'.
[ 1739.459853][T20520] loop4: detected capacity change from 0 to 1024
[ 1739.510633][T20520] EXT4-fs (loop4): ext4_check_descriptors: Checksum for group 0 failed (32298!=35945)
[ 1739.549859][T20520] EXT4-fs (loop4): stripe (65535) is not aligned with cluster size (4096), stripe is disabled
[ 1739.620253][T20523] loop5: detected capacity change from 0 to 1024
[ 1739.629074][T20520] EXT4-fs (loop4): revision level too high, forcing read-only mode
[ 1739.703821][T20520] EXT4-fs (loop4): orphan cleanup on readonly fs
[ 1739.778187][T20520] EXT4-fs error (device loop4): ext4_read_inode_bitmap:167: comm syz.4.3672: Inode bitmap for bg 0 marked uninitialized
[ 1739.833825][T20523] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[ 1739.894600][T20520] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback.
[ 1739.914472][T20523] ext4 filesystem being mounted at /664/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[ 1740.020757][T20520] EXT4-fs (loop4): ext4_remount: Checksum for group 0 failed (32298!=35945)
[ 1740.035955][T20523] EXT4-fs error (device loop5): ext4_map_blocks:816: inode #15: block 3: comm syz.5.3673: lblock 3 mapped to illegal pblock 3 (length 13)
[ 1740.072626][T20523] EXT4-fs (loop5): Delayed block allocation failed for inode 15 at logical offset 3 with max blocks 13 with error 117
[ 1740.107900][T20523] EXT4-fs (loop5): This should not happen!! Data will be lost
[ 1740.107900][T20523] 
[ 1740.119326][ T5851] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1
[ 1740.134213][ T5851] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9
[ 1740.155122][ T5851] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9
[ 1740.162433][T20533] EXT4-fs error (device loop5): ext4_map_blocks:780: inode #15: block 3: comm syz.5.3673: lblock 3 mapped to illegal pblock 3 (length 1)
[ 1740.193842][T19029] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[ 1740.205532][ T5851] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4
[ 1740.234389][ T5851] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2
[ 1740.239815][T20533] EXT4-fs error (device loop5): ext4_map_blocks:780: inode #15: block 3: comm syz.5.3673: lblock 3 mapped to illegal pblock 3 (length 1)
[ 1740.298181][ T2936] netdevsim netdevsim2 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1740.302174][T20533] EXT4-fs error (device loop5): ext4_map_blocks:780: inode #15: block 3: comm syz.5.3673: lblock 3 mapped to illegal pblock 3 (length 1)
[ 1740.369733][T20522] EXT4-fs error (device loop5): ext4_map_blocks:780: inode #15: block 3: comm syz.5.3673: lblock 3 mapped to illegal pblock 3 (length 1)
[ 1740.445609][T20533] EXT4-fs error (device loop5): ext4_map_blocks:780: inode #15: block 3: comm syz.5.3673: lblock 3 mapped to illegal pblock 3 (length 1)
[ 1740.502560][T20533] EXT4-fs error (device loop5): ext4_map_blocks:780: inode #15: block 3: comm syz.5.3673: lblock 3 mapped to illegal pblock 3 (length 1)
[ 1740.529187][T20533] EXT4-fs error (device loop5): ext4_map_blocks:780: inode #15: block 3: comm syz.5.3673: lblock 3 mapped to illegal pblock 3 (length 1)
[ 1740.538455][ T2936] netdevsim netdevsim2 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1740.571978][T20533] EXT4-fs error (device loop5): ext4_map_blocks:780: inode #15: block 3: comm syz.5.3673: lblock 3 mapped to illegal pblock 3 (length 1)
[ 1740.606219][T20522] EXT4-fs error (device loop5): ext4_map_blocks:780: inode #15: block 3: comm syz.5.3673: lblock 3 mapped to illegal pblock 3 (length 1)
[ 1740.626143][T20532] lo speed is unknown, defaulting to 1000
[ 1741.047659][ T2936] netdevsim netdevsim2 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1741.371685][ T2936] netdevsim netdevsim2 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1742.362300][ T5854] Bluetooth: hci1: command tx timeout
[ 1742.591846][ T5854] Bluetooth: hci5: command 0x0406 tx timeout
[ 1743.025014][T20550] netlink: 12 bytes leftover after parsing attributes in process `syz.4.3679'.
[ 1743.042361][T20550] netlink: 28 bytes leftover after parsing attributes in process `syz.4.3679'.
[ 1743.055835][T20550] netlink: 12 bytes leftover after parsing attributes in process `syz.4.3679'.
[ 1743.059847][ T7605] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[ 1743.070452][T20550] netlink: 28 bytes leftover after parsing attributes in process `syz.4.3679'.
[ 1743.137733][T20561] netlink: 72 bytes leftover after parsing attributes in process `syz.3.3681'.
[ 1743.375872][T20560] loop7: detected capacity change from 0 to 1024
[ 1743.801463][T20550] netlink: 'syz.4.3679': attribute type 6 has an invalid length.
[ 1743.960087][T20560] EXT4-fs (loop7): ext4_check_descriptors: Checksum for group 0 failed (32298!=35945)
[ 1744.016045][T20560] EXT4-fs (loop7): stripe (65535) is not aligned with cluster size (4096), stripe is disabled
[ 1744.103556][T20560] EXT4-fs (loop7): revision level too high, forcing read-only mode
[ 1744.161637][ T2936] dummy0: left allmulticast mode
[ 1744.166910][ T2936] bridge0: port 3(dummy0) entered disabled state
[ 1744.181728][T20560] EXT4-fs (loop7): orphan cleanup on readonly fs
[ 1744.258854][T20560] EXT4-fs error (device loop7): ext4_read_inode_bitmap:167: comm syz.7.3682: Inode bitmap for bg 0 marked uninitialized
[ 1744.337124][T20560] EXT4-fs (loop7): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback.
[ 1744.432146][ T5851] Bluetooth: hci1: command tx timeout
[ 1744.571030][T20560] EXT4-fs (loop7): ext4_remount: Checksum for group 0 failed (32298!=35945)
[ 1744.608620][ T2936] bridge_slave_1: left allmulticast mode
[ 1744.649263][ T2936] bridge_slave_1: left promiscuous mode
[ 1744.686874][ T2936] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1744.742608][ T2936] bridge_slave_0: left allmulticast mode
[ 1744.748390][ T2936] bridge_slave_0: left promiscuous mode
[ 1744.761601][ T2936] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1744.766765][T20044] EXT4-fs (loop7): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[ 1745.375513][T20581] input: syz0 as /devices/virtual/input/input55
[ 1746.136399][T20594] netlink: 4 bytes leftover after parsing attributes in process `syz.3.3691'.
[ 1746.154738][T20593] loop4: detected capacity change from 0 to 1024
[ 1746.198887][T20593] EXT4-fs (loop4): ext4_check_descriptors: Checksum for group 0 failed (32298!=35945)
[ 1746.270587][T20593] EXT4-fs (loop4): stripe (65535) is not aligned with cluster size (4096), stripe is disabled
[ 1746.338947][T20593] EXT4-fs (loop4): revision level too high, forcing read-only mode
[ 1746.365047][T20593] EXT4-fs (loop4): orphan cleanup on readonly fs
[ 1746.383935][T20593] EXT4-fs error (device loop4): ext4_read_inode_bitmap:167: comm syz.4.3690: Inode bitmap for bg 0 marked uninitialized
[ 1746.409524][T20593] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback.
[ 1746.499529][T20593] EXT4-fs (loop4): ext4_remount: Checksum for group 0 failed (32298!=35945)
[ 1746.534250][ T5851] Bluetooth: hci1: command tx timeout
[ 1746.729022][T19029] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[ 1747.693224][T20619] input: syz0 as /devices/virtual/input/input56
[ 1748.083778][ T2936] bond0 (unregistering): (slave bridge0): Releasing backup interface
[ 1748.107633][ T2936] bridge0 (unregistering): left allmulticast mode
[ 1748.601679][ T5851] Bluetooth: hci1: command tx timeout
[ 1748.615417][ T2936] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[ 1748.624743][ T2936] bond_slave_0: left allmulticast mode
[ 1748.634891][ T2936] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[ 1748.645669][ T2936] bond_slave_1: left allmulticast mode
[ 1748.652919][ T2936] bond0 (unregistering): Released all slaves
[ 1748.667400][T20594] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[ 1748.749575][T20594] batman_adv: batadv0: Removing interface: batadv_slave_0
[ 1748.961743][ T2936] tipc: Left network mode
[ 1748.962068][T20532] chnl_net:caif_netlink_parms(): no params data found
[ 1749.495133][T20632] loop4: detected capacity change from 0 to 1024
[ 1749.570795][T20632] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[ 1749.597473][T20632] ext4 filesystem being mounted at /64/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[ 1750.701857][T20635] EXT4-fs error (device loop4): ext4_mb_generate_buddy:1220: group 0, block bitmap and bg descriptor inconsistent: 21 vs 268369941 free clusters
[ 1750.725241][T20632] EXT4-fs error (device loop4): ext4_map_blocks:816: inode #15: block 3: comm syz.4.3696: lblock 3 mapped to illegal pblock 3 (length 13)
[ 1751.754987][T20632] EXT4-fs (loop4): Delayed block allocation failed for inode 15 at logical offset 3 with max blocks 13 with error 117
[ 1751.807356][T20632] EXT4-fs (loop4): This should not happen!! Data will be lost
[ 1751.807356][T20632] 
[ 1751.831838][T20646] EXT4-fs error (device loop4): ext4_map_blocks:780: inode #15: block 3: comm syz.4.3696: lblock 3 mapped to illegal pblock 3 (length 1)
[ 1751.917885][T20646] EXT4-fs error (device loop4): ext4_map_blocks:780: inode #15: block 3: comm syz.4.3696: lblock 3 mapped to illegal pblock 3 (length 1)
[ 1751.942361][T20646] EXT4-fs error (device loop4): ext4_map_blocks:780: inode #15: block 3: comm syz.4.3696: lblock 3 mapped to illegal pblock 3 (length 1)
[ 1751.993014][T20631] EXT4-fs error (device loop4): ext4_map_blocks:780: inode #15: block 3: comm syz.4.3696: lblock 3 mapped to illegal pblock 3 (length 1)
[ 1752.016339][T20646] EXT4-fs error (device loop4): ext4_map_blocks:780: inode #15: block 3: comm syz.4.3696: lblock 3 mapped to illegal pblock 3 (length 1)
[ 1752.100979][T20631] EXT4-fs error (device loop4): ext4_map_blocks:780: inode #15: block 3: comm syz.4.3696: lblock 3 mapped to illegal pblock 3 (length 1)
[ 1752.126064][T20646] EXT4-fs error (device loop4): ext4_map_blocks:780: inode #15: block 3: comm syz.4.3696: lblock 3 mapped to illegal pblock 3 (length 1)
[ 1752.147121][T20631] EXT4-fs error (device loop4): ext4_map_blocks:780: inode #15: block 3: comm syz.4.3696: lblock 3 mapped to illegal pblock 3 (length 1)
[ 1752.474859][T20639] lo speed is unknown, defaulting to 1000
[ 1752.914736][T20664] netlink: 72 bytes leftover after parsing attributes in process `syz.5.3699'.
[ 1753.964239][T19029] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[ 1754.129673][T20671] batadv_slave_0: entered promiscuous mode
[ 1754.223309][T20673] netlink: 4 bytes leftover after parsing attributes in process `syz.5.3701'.
[ 1754.293301][T20532] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1754.330823][T20532] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1754.371077][   T30] audit: type=1326 audit(1748380284.459:949): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=20674 comm="syz.4.3702" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9035d8e969 code=0x7ffc0000
[ 1754.378935][T20532] bridge_slave_0: entered allmulticast mode
[ 1754.467119][T20532] bridge_slave_0: entered promiscuous mode
[ 1754.546942][   T30] audit: type=1326 audit(1748380284.459:950): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=20674 comm="syz.4.3702" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9035d8e969 code=0x7ffc0000
[ 1754.623502][T13962] block nbd6: Possible stuck request ffff8880254c7000: control (read@0,4096B). Runtime 90 seconds
[ 1754.653664][   T30] audit: type=1326 audit(1748380284.469:951): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=20674 comm="syz.4.3702" exe="/root/syz-executor" sig=0 arch=c000003e syscall=13 compat=0 ip=0x7f9035d8e969 code=0x7ffc0000
[ 1754.700510][   T30] audit: type=1326 audit(1748380284.469:952): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=20674 comm="syz.4.3702" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9035d8e969 code=0x7ffc0000
[ 1754.758675][ T2936] hsr_slave_0: left promiscuous mode
[ 1754.776722][ T2936] hsr_slave_1: left promiscuous mode
[ 1754.786323][ T2936] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[ 1754.791768][   T30] audit: type=1326 audit(1748380284.469:953): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=20674 comm="syz.4.3702" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9035d8e969 code=0x7ffc0000
[ 1754.987702][   T30] audit: type=1326 audit(1748380284.499:954): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=20674 comm="syz.4.3702" exe="/root/syz-executor" sig=0 arch=c000003e syscall=319 compat=0 ip=0x7f9035d8e969 code=0x7ffc0000
[ 1755.011049][   T30] audit: type=1326 audit(1748380284.499:955): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=20674 comm="syz.4.3702" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9035d8e969 code=0x7ffc0000
[ 1755.036621][ T2936] batman_adv: batadv0: Removing interface: batadv_slave_0
[ 1755.044131][   T30] audit: type=1326 audit(1748380284.499:956): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=20674 comm="syz.4.3702" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9035d8e969 code=0x7ffc0000
[ 1755.067629][   T30] audit: type=1326 audit(1748380284.509:957): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=20674 comm="syz.4.3702" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f9035d8e969 code=0x7ffc0000
[ 1755.091134][   T30] audit: type=1326 audit(1748380284.509:958): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=20674 comm="syz.4.3702" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9035d8e969 code=0x7ffc0000
[ 1755.143159][ T2936] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[ 1755.151210][ T2936] batman_adv: batadv0: Removing interface: batadv_slave_1
[ 1755.470129][T20684] input: syz0 as /devices/virtual/input/input57
[ 1756.036535][ T2936] veth1_macvtap: left promiscuous mode
[ 1756.060917][ T2936] veth0_macvtap: left promiscuous mode
[ 1756.078295][ T2936] veth1_vlan: left promiscuous mode
[ 1756.090841][ T2936] veth0_vlan: left promiscuous mode
[ 1756.437919][ T5854] Bluetooth: hci1: command 0x0405 tx timeout
[ 1756.989789][ T2936] team0 (unregistering): Port device team_slave_1 removed
[ 1757.057245][ T2936] team0 (unregistering): Port device team_slave_0 removed
[ 1757.916883][T20673] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[ 1757.983100][T20673] batman_adv: batadv0: Removing interface: batadv_slave_0
[ 1758.127970][T20532] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1758.151826][T20532] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1758.159191][T20532] bridge_slave_1: entered allmulticast mode
[ 1758.196383][T20532] bridge_slave_1: entered promiscuous mode
[ 1760.117077][T20532] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 1760.550737][T20532] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 1761.603975][T20708] netlink: 8 bytes leftover after parsing attributes in process `syz.5.3711'.
[ 1761.648870][T20532] team0: Port device team_slave_0 added
[ 1761.735327][T20532] team0: Port device team_slave_1 added
[ 1762.141737][T20532] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 1762.174773][T20532] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 1762.501504][T20532] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 1762.644351][T20727] netlink: 72 bytes leftover after parsing attributes in process `syz.3.3715'.
[ 1764.016177][T20532] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 1764.040711][T20532] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 1764.146131][T20532] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 1764.312674][ T2936] IPVS: stop unused estimator thread 0...
[ 1764.623746][T20532] hsr_slave_0: entered promiscuous mode
[ 1764.650984][T20532] hsr_slave_1: entered promiscuous mode
[ 1764.686367][T20532] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[ 1764.714383][T20532] Cannot create hsr debugfs directory
[ 1765.965165][T20752] IPv6: Can't replace route, no match found
[ 1766.987786][T20752] Falling back ldisc for ptm1.
[ 1767.107041][T20755] loop7: detected capacity change from 0 to 1024
[ 1767.289182][T20755] EXT4-fs (loop7): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[ 1767.361630][T20755] ext4 filesystem being mounted at /11/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[ 1767.457984][T20755] EXT4-fs error (device loop7): ext4_map_blocks:816: inode #15: block 3: comm syz.7.3719: lblock 3 mapped to illegal pblock 3 (length 13)
[ 1767.507951][T20755] EXT4-fs (loop7): Delayed block allocation failed for inode 15 at logical offset 3 with max blocks 13 with error 117
[ 1767.546202][T20755] EXT4-fs (loop7): This should not happen!! Data will be lost
[ 1767.546202][T20755] 
[ 1767.577422][T20762] EXT4-fs error (device loop7): ext4_map_blocks:780: inode #15: block 3: comm syz.7.3719: lblock 3 mapped to illegal pblock 3 (length 1)
[ 1767.701868][T20762] EXT4-fs error (device loop7): ext4_map_blocks:780: inode #15: block 3: comm syz.7.3719: lblock 3 mapped to illegal pblock 3 (length 1)
[ 1767.766575][T20762] EXT4-fs error (device loop7): ext4_map_blocks:780: inode #15: block 3: comm syz.7.3719: lblock 3 mapped to illegal pblock 3 (length 1)
[ 1767.856692][T20762] EXT4-fs error (device loop7): ext4_map_blocks:780: inode #15: block 3: comm syz.7.3719: lblock 3 mapped to illegal pblock 3 (length 1)
[ 1767.957127][T20754] EXT4-fs error (device loop7): ext4_map_blocks:780: inode #15: block 3: comm syz.7.3719: lblock 3 mapped to illegal pblock 3 (length 1)
[ 1767.987064][T20754] EXT4-fs error (device loop7): ext4_map_blocks:780: inode #15: block 3: comm syz.7.3719: lblock 3 mapped to illegal pblock 3 (length 1)
[ 1768.070074][T20762] EXT4-fs error (device loop7): ext4_map_blocks:780: inode #15: block 3: comm syz.7.3719: lblock 3 mapped to illegal pblock 3 (length 1)
[ 1768.089988][T20754] EXT4-fs error (device loop7): ext4_map_blocks:780: inode #15: block 3: comm syz.7.3719: lblock 3 mapped to illegal pblock 3 (length 1)
[ 1768.119399][T20762] EXT4-fs error (device loop7): ext4_map_blocks:780: inode #15: block 3: comm syz.7.3719: lblock 3 mapped to illegal pblock 3 (length 1)
[ 1768.373929][T20773] netlink: 72 bytes leftover after parsing attributes in process `syz.4.3721'.
[ 1769.349157][T20766] netlink: 200 bytes leftover after parsing attributes in process `syz.3.3720'.
[ 1770.767793][T20044] EXT4-fs (loop7): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[ 1771.381172][T20804] loop4: detected capacity change from 0 to 164
[ 1771.409912][T20804] process 'syz.4.3728' launched '/dev/fd/3' with NULL argv: empty string added
[ 1771.442746][T20804] syz.4.3728: attempt to access beyond end of device
[ 1771.442746][T20804] loop4: rw=524288, sector=263328, nr_sectors = 4 limit=164
[ 1771.486620][T20804] syz.4.3728: attempt to access beyond end of device
[ 1771.486620][T20804] loop4: rw=0, sector=263328, nr_sectors = 4 limit=164
[ 1772.256356][T20532] netdevsim netdevsim2 netdevsim0: renamed from eth0
[ 1772.677868][T20532] netdevsim netdevsim2 netdevsim1: renamed from eth1
[ 1772.774321][T20815] netlink: 72 bytes leftover after parsing attributes in process `syz.4.3730'.
[ 1773.487538][T20532] netdevsim netdevsim2 netdevsim2: renamed from eth2
[ 1773.519531][T20532] netdevsim netdevsim2 netdevsim3: renamed from eth3
[ 1774.345233][T20532] 8021q: adding VLAN 0 to HW filter on device bond0
[ 1774.645649][T20826] input: syz1 as /devices/virtual/input/input58
[ 1776.147808][T20532] 8021q: adding VLAN 0 to HW filter on device team0
[ 1776.241973][T20832] IPv6: Can't replace route, no match found
[ 1776.340899][ T2993] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1776.348356][ T2993] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 1776.566338][ T2993] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1776.573606][ T2993] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 1776.727429][T20838] lo speed is unknown, defaulting to 1000
[ 1776.734864][T20838] lo speed is unknown, defaulting to 1000
[ 1777.026478][T20832] sp0: Synchronizing with TNC
[ 1777.608508][T20838] lo speed is unknown, defaulting to 1000
[ 1777.626942][T20532] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network
[ 1778.395534][T20532] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[ 1778.409849][T20838] infiniband syz2: RDMA CMA: cma_listen_on_dev, error -98
[ 1778.681184][T20838] lo speed is unknown, defaulting to 1000
[ 1778.713669][T20838] lo speed is unknown, defaulting to 1000
[ 1778.755204][T20838] lo speed is unknown, defaulting to 1000
[ 1778.795445][T20851] netlink: 4 bytes leftover after parsing attributes in process `syz.5.3738'.
[ 1778.840617][T20838] lo speed is unknown, defaulting to 1000
[ 1779.106151][T20838] lo speed is unknown, defaulting to 1000
[ 1779.229001][T20858] netlink: 4 bytes leftover after parsing attributes in process `syz.7.3739'.
[ 1780.001543][T20838] lo speed is unknown, defaulting to 1000
[ 1781.049838][T20532] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 1781.417584][T20532] veth0_vlan: entered promiscuous mode
[ 1781.532491][T20882] netlink: 72 bytes leftover after parsing attributes in process `syz.5.3744'.
[ 1782.241234][T20532] veth1_vlan: entered promiscuous mode
[ 1782.338725][T20532] veth0_macvtap: entered promiscuous mode
[ 1782.378165][T20532] veth1_macvtap: entered promiscuous mode
[ 1782.587505][T20532] batman_adv: batadv0: Interface activated: batadv_slave_0
[ 1782.712250][T20532] batman_adv: batadv0: Interface activated: batadv_slave_1
[ 1782.760414][T20532] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 1782.769524][T20532] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 1782.786940][T20532] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 1782.796903][T20532] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[ 1783.154575][   T69] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 1783.218317][   T69] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 1783.273116][   T30] kauditd_printk_skb: 20 callbacks suppressed
[ 1783.273136][   T30] audit: type=1326 audit(1748380313.369:979): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=20898 comm="syz.5.3747" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2d1dd8e969 code=0x7ffc0000
[ 1783.344491][ T2962] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 1783.389256][ T2962] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 1783.466878][   T30] audit: type=1326 audit(1748380313.399:980): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=20898 comm="syz.5.3747" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2d1dd8e969 code=0x7ffc0000
[ 1783.595818][   T30] audit: type=1326 audit(1748380313.409:981): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=20898 comm="syz.5.3747" exe="/root/syz-executor" sig=0 arch=c000003e syscall=430 compat=0 ip=0x7f2d1dd8e969 code=0x7ffc0000
[ 1783.695147][   T30] audit: type=1326 audit(1748380313.409:982): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=20898 comm="syz.5.3747" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2d1dd8e969 code=0x7ffc0000
[ 1783.784908][   T30] audit: type=1326 audit(1748380313.409:983): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=20898 comm="syz.5.3747" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2d1dd8e969 code=0x7ffc0000
[ 1783.819254][   T30] audit: type=1326 audit(1748380313.419:984): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=20898 comm="syz.5.3747" exe="/root/syz-executor" sig=0 arch=c000003e syscall=431 compat=0 ip=0x7f2d1dd8e969 code=0x7ffc0000
[ 1784.031967][T20909] input: syz1 as /devices/virtual/input/input59
[ 1784.594698][   T30] audit: type=1326 audit(1748380313.429:985): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=20898 comm="syz.5.3747" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2d1dd8e969 code=0x7ffc0000
[ 1784.617598][   T30] audit: type=1326 audit(1748380313.449:986): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=20898 comm="syz.5.3747" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7f2d1dd8e969 code=0x7ffc0000
[ 1784.672187][T13962] block nbd6: Possible stuck request ffff8880254c7000: control (read@0,4096B). Runtime 120 seconds
[ 1784.703908][   T30] audit: type=1326 audit(1748380313.449:987): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=20898 comm="syz.5.3747" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2d1dd8e969 code=0x7ffc0000
[ 1784.739968][   T30] audit: type=1326 audit(1748380313.449:988): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=20898 comm="syz.5.3747" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2d1dd8e969 code=0x7ffc0000
[ 1785.362908][T20914] loop7: detected capacity change from 0 to 1024
[ 1785.500507][T20920] netlink: 12 bytes leftover after parsing attributes in process `syz.2.3669'.
[ 1785.995865][T20914] EXT4-fs (loop7): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[ 1786.117446][T20914] ext4 filesystem being mounted at /20/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[ 1786.752414][T20936] netlink: 72 bytes leftover after parsing attributes in process `syz.2.3753'.
[ 1787.016952][T20044] EXT4-fs (loop7): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[ 1788.339126][   T30] kauditd_printk_skb: 58 callbacks suppressed
[ 1788.339153][   T30] audit: type=1326 audit(1748380318.419:1047): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=20941 comm="syz.2.3756" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff9af98e969 code=0x7ffc0000
[ 1788.459072][   T30] audit: type=1326 audit(1748380318.419:1048): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=20941 comm="syz.2.3756" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff9af98e969 code=0x7ffc0000
[ 1788.594816][   T30] audit: type=1326 audit(1748380318.419:1049): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=20941 comm="syz.2.3756" exe="/root/syz-executor" sig=0 arch=c000003e syscall=430 compat=0 ip=0x7ff9af98e969 code=0x7ffc0000
[ 1788.952346][   T30] audit: type=1326 audit(1748380318.419:1050): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=20941 comm="syz.2.3756" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff9af98e969 code=0x7ffc0000
[ 1789.056238][ T5854] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1
[ 1789.081105][T20957] xt_nat: multiple ranges no longer supported
[ 1789.093680][T20957] rdma_rxe: rxe_newlink: failed to add ipvlan1
[ 1789.101903][T20957] netlink: 12 bytes leftover after parsing attributes in process `syz.7.3757'.
[ 1789.110955][T20957] net_ratelimit: 18 callbacks suppressed
[ 1789.111031][T20957] openvswitch: netlink: Flow get message rejected, Key attribute missing.
[ 1789.209640][   T30] audit: type=1326 audit(1748380318.419:1051): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=20941 comm="syz.2.3756" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff9af98e969 code=0x7ffc0000
[ 1789.258585][ T5854] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9
[ 1789.289420][ T5854] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9
[ 1789.329919][ T5854] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4
[ 1789.368977][ T5854] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2
[ 1789.504253][   T30] audit: type=1326 audit(1748380318.419:1052): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=20941 comm="syz.2.3756" exe="/root/syz-executor" sig=0 arch=c000003e syscall=431 compat=0 ip=0x7ff9af98e969 code=0x7ffc0000
[ 1789.681578][   T30] audit: type=1326 audit(1748380318.429:1053): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=20941 comm="syz.2.3756" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff9af98e969 code=0x7ffc0000
[ 1789.758492][   T30] audit: type=1326 audit(1748380318.429:1054): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=20941 comm="syz.2.3756" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff9af98e969 code=0x7ffc0000
[ 1789.783419][   T30] audit: type=1326 audit(1748380318.429:1055): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=20941 comm="syz.2.3756" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7ff9af98e969 code=0x7ffc0000
[ 1789.814034][   T30] audit: type=1326 audit(1748380318.429:1056): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=20941 comm="syz.2.3756" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff9af98e969 code=0x7ffc0000
[ 1791.087173][T20971] input: syz1 as /devices/virtual/input/input60
[ 1791.421130][T20973] input: syz0 as /devices/virtual/input/input61
[ 1791.477106][ T5854] Bluetooth: hci4: command tx timeout
[ 1791.943092][ T1302] ieee802154 phy0 wpan0: encryption failed: -22
[ 1791.949750][ T1302] ieee802154 phy1 wpan1: encryption failed: -22
[ 1792.460351][T20980] loop4: detected capacity change from 0 to 1024
[ 1792.712220][T20985] siw: device registration error -23
[ 1793.016346][T20980] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[ 1793.104751][T20980] ext4 filesystem being mounted at /81/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[ 1793.156304][ T6182] netdevsim netdevsim5 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1793.396350][T20976] tipc: Started in network mode
[ 1793.405008][T20976] tipc: Node identity 42056848db16, cluster identity 4711
[ 1793.415295][T20976] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[ 1793.481082][T19029] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[ 1793.493745][T20987] tipc: Disabling bearer <eth:syzkaller0>
[ 1793.515723][T20954] lo speed is unknown, defaulting to 1000
[ 1793.565566][ T5854] Bluetooth: hci4: command tx timeout
[ 1793.740957][ T6182] netdevsim netdevsim5 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1793.863544][T21001] loop3: detected capacity change from 0 to 1024
[ 1793.947521][T21008] netlink: 24 bytes leftover after parsing attributes in process `syz.4.3767'.
[ 1793.964356][T21001] EXT4-fs: Ignoring removed nomblk_io_submit option
[ 1794.057696][T21001] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[ 1794.356123][ T6182] netdevsim netdevsim5 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1794.513765][T19999] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[ 1794.767338][ T6182] netdevsim netdevsim5 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1795.959209][ T5854] Bluetooth: hci6: Opcode 0x1003 failed: -110
[ 1795.997587][ T5851] Bluetooth: hci4: command tx timeout
[ 1796.265936][T21038] loop3: detected capacity change from 0 to 1024
[ 1796.358284][T21038] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[ 1796.451119][T21038] ext4 filesystem being mounted at /32/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[ 1796.922197][T21044] EXT4-fs error (device loop3): ext4_mb_generate_buddy:1220: group 0, block bitmap and bg descriptor inconsistent: 21 vs 268369941 free clusters
[ 1797.370159][T19999] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[ 1797.384066][T21049] netlink: 12 bytes leftover after parsing attributes in process `syz.4.3777'.
[ 1797.661784][T21057] siw: device registration error -23
[ 1798.031597][ T5851] Bluetooth: hci4: command 0x0419 tx timeout
[ 1798.224417][ T6182] dummy0: left allmulticast mode
[ 1798.229802][ T6182] bridge0: port 3(dummy0) entered disabled state
[ 1798.632804][ T6182] bridge_slave_1: left allmulticast mode
[ 1798.638694][ T6182] bridge_slave_1: left promiscuous mode
[ 1798.803433][T21069] input: syz1 as /devices/virtual/input/input62
[ 1799.041020][ T5851] Bluetooth: hci0: command 0x0406 tx timeout
[ 1799.491761][ T6182] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1800.668708][ T5851] Bluetooth: hci4: command 0x0419 tx timeout
[ 1800.796910][ T6182] bridge_slave_0: left allmulticast mode
[ 1800.848125][ T6182] bridge_slave_0: left promiscuous mode
[ 1800.868448][ T6182] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1804.062015][ T6182] bond0 (unregistering): (slave bridge0): Releasing backup interface
[ 1804.111981][ T5851] Bluetooth: hci2: command 0x0405 tx timeout
[ 1804.784580][T21122] netlink: 4 bytes leftover after parsing attributes in process `syz.7.3786'.
[ 1805.066920][ T6182] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[ 1805.096251][ T6182] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[ 1805.125628][ T6182] bond0 (unregistering): Released all slaves
[ 1805.196327][T21094] platform regulatory.0: loading /lib/firmware/regulatory.db failed with error -12
[ 1805.205998][T21094] platform regulatory.0: Direct firmware load for regulatory.db failed with error -12
[ 1805.217558][T21094] platform regulatory.0: Falling back to sysfs fallback for: regulatory.db
[ 1805.441452][T20954] chnl_net:caif_netlink_parms(): no params data found
[ 1805.631564][ T6182] tipc: Left network mode
[ 1806.956656][T21151] rdma_rxe: rxe_newlink: failed to add ipvlan1
[ 1806.965166][T21151] netlink: 12 bytes leftover after parsing attributes in process `syz.3.3793'.
[ 1806.974312][T21151] openvswitch: netlink: Flow get message rejected, Key attribute missing.
[ 1808.100482][T21158] netlink: 8 bytes leftover after parsing attributes in process `syz.4.3796'.
[ 1810.948823][T21188] loop7: detected capacity change from 0 to 2048
[ 1811.182356][T21192] netlink: 4 bytes leftover after parsing attributes in process `syz.2.3801'.
[ 1811.814233][T21188]  loop7: p1 < > p4
[ 1811.844045][T21180] platform regulatory.0: loading /lib/firmware/regulatory.db failed with error -12
[ 1811.859127][T21180] platform regulatory.0: Direct firmware load for regulatory.db failed with error -12
[ 1811.872184][T21180] platform regulatory.0: Falling back to sysfs fallback for: regulatory.db
[ 1811.901569][T20954] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1811.959825][T21188] loop7: p4 size 8388608 extends beyond EOD, truncated
[ 1811.983614][T20954] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1812.012478][T20954] bridge_slave_0: entered allmulticast mode
[ 1812.047326][T20954] bridge_slave_0: entered promiscuous mode
[ 1812.072134][ T5205]  loop7: p1 < > p4
[ 1812.099667][ T5205] loop7: p4 size 8388608 extends beyond EOD, truncated
[ 1812.123011][T20954] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1812.130212][T20954] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1812.183447][T20954] bridge_slave_1: entered allmulticast mode
[ 1812.370160][T21201] siw: device registration error -23
[ 1812.406190][T20954] bridge_slave_1: entered promiscuous mode
[ 1813.304412][ T5858] udevd[5858]: inotify_add_watch(7, /dev/loop7p1, 10) failed: No such file or directory
[ 1813.337332][T10393] udevd[10393]: inotify_add_watch(7, /dev/loop7p4, 10) failed: No such file or directory
[ 1813.984829][ T5858] udevd[5858]: inotify_add_watch(7, /dev/loop7p1, 10) failed: No such file or directory
[ 1814.008186][T10393] udevd[10393]: inotify_add_watch(7, /dev/loop7p4, 10) failed: No such file or directory
[ 1814.051397][ T6182] hsr_slave_0: left promiscuous mode
[ 1814.058731][ T6182] hsr_slave_1: left promiscuous mode
[ 1814.086167][ T6182] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[ 1814.141888][ T6182] batman_adv: batadv0: Removing interface: batadv_slave_1
[ 1814.201149][ T6182] veth1_macvtap: left promiscuous mode
[ 1814.203217][T21219] netlink: 12 bytes leftover after parsing attributes in process `syz.4.3813'.
[ 1814.207333][ T6182] veth0_macvtap: left promiscuous mode
[ 1814.223237][ T6182] veth1_vlan: left promiscuous mode
[ 1814.228857][ T6182] veth0_vlan: left promiscuous mode
[ 1814.249610][T21219] netlink: 84 bytes leftover after parsing attributes in process `syz.4.3813'.
[ 1814.497514][T21226] blktrace: Concurrent blktraces are not allowed on loop7
[ 1814.754079][T13962] block nbd6: Possible stuck request ffff8880254c7000: control (read@0,4096B). Runtime 150 seconds
[ 1815.470624][ T6182] team0 (unregistering): Port device team_slave_1 removed
[ 1815.599629][ T6182] team0 (unregistering): Port device team_slave_0 removed
[ 1816.869688][T21248] loop2: detected capacity change from 0 to 512
[ 1816.913145][T21248] EXT4-fs: Ignoring removed oldalloc option
[ 1817.001235][T21248] EXT4-fs error (device loop2): ext4_xattr_inode_iget:433: comm syz.2.3825: Parent and EA inode have the same ino 15
[ 1817.158883][T21248] EXT4-fs error (device loop2): ext4_xattr_inode_iget:433: comm syz.2.3825: Parent and EA inode have the same ino 15
[ 1817.226121][T21248] EXT4-fs (loop2): 1 orphan inode deleted
[ 1817.255840][T21248] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[ 1817.390070][T20532] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[ 1817.470726][T21205] netlink: 8 bytes leftover after parsing attributes in process `syz.3.3807'.
[ 1817.500647][T20954] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 1817.536880][T20954] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 1817.650396][T21252] blktrace: Concurrent blktraces are not allowed on loop7
[ 1818.042734][T21257] loop3: detected capacity change from 0 to 1024
[ 1818.293991][T21266] input: syz1 as /devices/virtual/input/input63
[ 1818.944662][T21257] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[ 1819.070654][T21257] ext4 filesystem being mounted at /42/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[ 1819.120365][T20954] team0: Port device team_slave_0 added
[ 1819.178824][T20954] team0: Port device team_slave_1 added
[ 1819.194400][T21257] EXT4-fs error (device loop3): ext4_map_blocks:816: inode #15: block 3: comm syz.3.3827: lblock 3 mapped to illegal pblock 3 (length 13)
[ 1819.331780][T21257] EXT4-fs (loop3): Delayed block allocation failed for inode 15 at logical offset 3 with max blocks 13 with error 117
[ 1819.424925][T21257] EXT4-fs (loop3): This should not happen!! Data will be lost
[ 1819.424925][T21257] 
[ 1819.514652][T21276] EXT4-fs error (device loop3): ext4_map_blocks:780: inode #15: block 3: comm syz.3.3827: lblock 3 mapped to illegal pblock 3 (length 1)
[ 1819.640637][T20954] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 1819.706673][T21276] EXT4-fs error (device loop3): ext4_map_blocks:780: inode #15: block 3: comm syz.3.3827: lblock 3 mapped to illegal pblock 3 (length 1)
[ 1819.721605][T20954] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 1819.783515][T21276] EXT4-fs error (device loop3): ext4_map_blocks:780: inode #15: block 3: comm syz.3.3827: lblock 3 mapped to illegal pblock 3 (length 1)
[ 1819.803561][T21255] EXT4-fs error (device loop3): ext4_map_blocks:780: inode #15: block 3: comm syz.3.3827: lblock 3 mapped to illegal pblock 3 (length 1)
[ 1819.816810][T20954] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 1819.847486][T21276] EXT4-fs error (device loop3): ext4_map_blocks:780: inode #15: block 3: comm syz.3.3827: lblock 3 mapped to illegal pblock 3 (length 1)
[ 1819.853469][T20954] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 1819.887308][T20954] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 1819.924799][T20954] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 1819.926089][T21276] EXT4-fs error (device loop3): ext4_map_blocks:780: inode #15: block 3: comm syz.3.3827: lblock 3 mapped to illegal pblock 3 (length 1)
[ 1819.977910][T21255] EXT4-fs error (device loop3): ext4_map_blocks:780: inode #15: block 3: comm syz.3.3827: lblock 3 mapped to illegal pblock 3 (length 1)
[ 1820.020270][T21255] EXT4-fs error (device loop3): ext4_map_blocks:780: inode #15: block 3: comm syz.3.3827: lblock 3 mapped to illegal pblock 3 (length 1)
[ 1820.075915][T21276] EXT4-fs error (device loop3): ext4_map_blocks:780: inode #15: block 3: comm syz.3.3827: lblock 3 mapped to illegal pblock 3 (length 1)
[ 1820.387400][ T6182] IPVS: stop unused estimator thread 0...
[ 1820.461669][T20954] hsr_slave_0: entered promiscuous mode
[ 1820.470608][T20954] hsr_slave_1: entered promiscuous mode
[ 1820.789593][T21305] blktrace: Concurrent blktraces are not allowed on loop7
[ 1820.908478][T21307] loop7: detected capacity change from 0 to 512
[ 1820.922794][T21307] EXT4-fs: Ignoring removed oldalloc option
[ 1820.931373][ T5827] usb 5-1: new high-speed USB device number 11 using dummy_hcd
[ 1821.118499][ T5827] usb 5-1: New USB device found, idVendor=17e9, idProduct=8b4e, bcdDevice=9c.08
[ 1821.130088][T21307] EXT4-fs error (device loop7): ext4_xattr_inode_iget:433: comm syz.7.3840: Parent and EA inode have the same ino 15
[ 1821.150051][ T5827] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1821.175316][ T5827] usb 5-1: config 0 descriptor??
[ 1821.699480][T21307] EXT4-fs error (device loop7): ext4_xattr_inode_iget:433: comm syz.7.3840: Parent and EA inode have the same ino 15
[ 1821.728222][T21307] EXT4-fs (loop7): 1 orphan inode deleted
[ 1821.743784][T21307] EXT4-fs (loop7): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[ 1821.747705][T19999] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[ 1822.604124][T20044] EXT4-fs (loop7): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[ 1822.793314][T21324] 9pnet_fd: Insufficient options for proto=fd
[ 1823.700030][ T5827] udl 5-1:0.0: [drm] Unrecognized vendor firmware descriptor
[ 1823.733131][ T5827] [drm:udl_init] *ERROR* Selecting channel failed
[ 1823.914839][ T5827] [drm] Initialized udl 0.0.1 for 5-1:0.0 on minor 2
[ 1825.281097][ T5827] [drm] Initialized udl on minor 2
[ 1825.287251][ T5827] udl 5-1:0.0: [drm] *ERROR* Read EDID byte 0 failed err ffffffb9
[ 1825.299153][ T5827] udl 5-1:0.0: [drm] Cannot find any crtc or sizes
[ 1825.311793][   T10] udl 5-1:0.0: [drm] *ERROR* Read EDID byte 0 failed err ffffffb9
[ 1825.319971][   T10] udl 5-1:0.0: [drm] Cannot find any crtc or sizes
[ 1825.331611][T21346] Falling back ldisc for ptm1.
[ 1825.335898][ T5827] usb 5-1: USB disconnect, device number 11
[ 1826.961670][   T30] kauditd_printk_skb: 57 callbacks suppressed
[ 1826.961691][   T30] audit: type=1326 audit(1748380357.049:1114): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=21363 comm="syz.4.3855" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9035d8e969 code=0x7ffc0000
[ 1827.048956][   T30] audit: type=1326 audit(1748380357.059:1115): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=21363 comm="syz.4.3855" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9035d8e969 code=0x7ffc0000
[ 1827.174568][   T30] audit: type=1326 audit(1748380357.139:1116): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=21363 comm="syz.4.3855" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f9035d8e969 code=0x7ffc0000
[ 1827.215680][   T30] audit: type=1326 audit(1748380357.139:1117): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=21363 comm="syz.4.3855" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9035d8e969 code=0x7ffc0000
[ 1827.261687][T21371] netlink: 8 bytes leftover after parsing attributes in process `syz.2.3856'.
[ 1827.510396][   T30] audit: type=1326 audit(1748380357.139:1118): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=21363 comm="syz.4.3855" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9035d8e969 code=0x7ffc0000
[ 1827.516431][T21371] IPVS: Error joining to the multicast group
[ 1827.535252][   T30] audit: type=1326 audit(1748380357.259:1119): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=21363 comm="syz.4.3855" exe="/root/syz-executor" sig=0 arch=c000003e syscall=130 compat=0 ip=0x7f9035d8e969 code=0x7ffc0000
[ 1827.703347][T20954] netdevsim netdevsim5 netdevsim0: renamed from eth0
[ 1828.388598][T20954] netdevsim netdevsim5 netdevsim1: renamed from eth1
[ 1828.501090][T20954] netdevsim netdevsim5 netdevsim2: renamed from eth2
[ 1828.602675][T20954] netdevsim netdevsim5 netdevsim3: renamed from eth3
[ 1828.645494][T21386] input: syz0 as /devices/virtual/input/input65
[ 1828.832112][   T31] INFO: task syz.6.3553:19889 blocked for more than 144 seconds.
[ 1828.849613][   T31]       Not tainted 6.15.0-next-20250527-syzkaller #0
[ 1828.912736][   T31] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
[ 1828.950427][   T31] task:syz.6.3553      state:D stack:28112 pid:19889 tgid:19881 ppid:18969  task_flags:0x400140 flags:0x00004004
[ 1829.003429][   T31] Call Trace:
[ 1829.006822][   T31]  <TASK>
[ 1829.009808][   T31]  __schedule+0x16f5/0x4d00
[ 1829.048619][   T31]  ? __lock_acquire+0xa91/0xd20
[ 1829.069476][   T31]  ? schedule+0x165/0x360
[ 1829.107615][   T31]  ? __pfx___schedule+0x10/0x10
[ 1829.131422][   T31]  ? schedule+0x91/0x360
[ 1829.156133][   T31]  schedule+0x165/0x360
[ 1829.160409][   T31]  schedule_preempt_disabled+0x13/0x30
[ 1829.208166][   T31]  __mutex_lock+0x724/0xe80
[ 1829.214559][T20954] 8021q: adding VLAN 0 to HW filter on device bond0
[ 1829.223843][   T31]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1829.236991][   T31]  ? __mutex_lock+0x51b/0xe80
[ 1829.247846][   T31]  ? bdev_release+0x1a9/0x650
[ 1829.258742][   T31]  ? __pfx___mutex_lock+0x10/0x10
[ 1829.280135][   T31]  ? __asan_memset+0x22/0x50
[ 1829.294507][   T31]  ? __pfx___fsnotify_parent+0x10/0x10
[ 1829.307281][   T31]  ? do_raw_spin_lock+0x121/0x290
[ 1829.319557][   T31]  bdev_release+0x1a9/0x650
[ 1829.330306][   T31]  ? __pfx_blkdev_release+0x10/0x10
[ 1829.342750][   T31]  blkdev_release+0x15/0x20
[ 1829.353404][   T31]  __fput+0x449/0xa70
[ 1829.364537][   T31]  task_work_run+0x1d4/0x260
[ 1829.381021][   T31]  ? __pfx_task_work_run+0x10/0x10
[ 1829.387700][T20954] 8021q: adding VLAN 0 to HW filter on device team0
[ 1829.418953][   T31]  ? exit_to_user_mode_loop+0x40/0x110
[ 1829.441310][ T2936] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1829.448916][ T2936] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 1829.469440][   T31]  exit_to_user_mode_loop+0xec/0x110
[ 1829.491401][   T31]  do_syscall_64+0x2bd/0x3b0
[ 1829.511523][   T31]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1829.535595][   T31]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1829.561436][   T31]  ? clear_bhb_loop+0x60/0xb0
[ 1829.575363][   T31]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1829.576362][   T69] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1829.588588][   T69] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 1829.598924][   T31] RIP: 0033:0x7fd58778e969
[ 1829.609551][   T31] RSP: 002b:00007fd58854e038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 1829.650867][   T31] RAX: 0000000000000000 RBX: 00007fd5879b6160 RCX: 00007fd58778e969
[ 1829.672869][   T31] RDX: 0000000000000000 RSI: 000000000000ab03 RDI: 000000000000000a
[ 1829.697048][   T31] RBP: 00007fd587810ab1 R08: 0000000000000000 R09: 0000000000000000
[ 1829.723512][   T31] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[ 1829.732045][   T31] R13: 0000000000000001 R14: 00007fd5879b6160 R15: 00007ffe67a99f18
[ 1829.748188][   T31]  </TASK>
[ 1829.759940][   T31] 
[ 1829.759940][   T31] Showing all locks held in the system:
[ 1829.932133][   T31] 1 lock held by khungtaskd/31:
[ 1829.937122][   T31]  #0: ffffffff8e13f080 (rcu_read_lock){....}-{1:3}, at: debug_show_all_locks+0x2e/0x180
[ 1829.965271][   T31] 5 locks held by kworker/u8:5/69:
[ 1829.970612][   T31]  #0: ffff88801a489148 ((wq_completion)events_unbound){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0
[ 1829.982600][   T31]  #1: ffffc9000211fbc0 ((work_completion)(&sub_info->work)){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0
[ 1829.996607][   T31]  #2: ffff8880b863b918 (&rq->__lock){-.-.}-{2:2}, at: raw_spin_rq_lock_nested+0x2a/0x140
[ 1830.007119][   T31]  #3: ffff8880b8623f08 (&per_cpu_ptr(group->pcpu, cpu)->seq){-.-.}-{0:0}, at: psi_task_switch+0x39a/0x6d0
[ 1830.019046][   T31]  #4: ffff8880b8623f08 (&per_cpu_ptr(group->pcpu, cpu)->seq){-.-.}-{0:0}, at: psi_task_change+0xe5/0x250
[ 1830.030962][   T31] 2 locks held by getty/5594:
[ 1830.054938][   T31]  #0: ffff88814db300a0 (&tty->ldisc_sem){++++}-{0:0}, at: tty_ldisc_ref_wait+0x25/0x70
[ 1830.072994][   T31]  #1: ffffc9000332b2f0 (&ldata->atomic_read_lock){+.+.}-{4:4}, at: n_tty_read+0x43e/0x1400
[ 1830.088019][   T31] 3 locks held by kworker/1:5/5893:
[ 1830.099046][   T31]  #0: ffff88801a480d48 ((wq_completion)events){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0
[ 1830.118849][   T31]  #1: ffffc90004e7fbc0 ((work_completion)(&data->fib_event_work)){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0
[ 1830.137129][   T31]  #2: ffff8880568e3240 (&data->fib_lock){+.+.}-{4:4}, at: nsim_fib_event_work+0x26b/0x3180
[ 1830.162568][   T31] 1 lock held by udevd/10392:
[ 1830.167365][   T31]  #0: ffff88802534f358 (&disk->open_mutex){+.+.}-{4:4}, at: bdev_open+0xe0/0xd30
[ 1830.204962][   T31] 1 lock held by syz.6.3553/19889:
[ 1830.223760][   T31]  #0: ffff88802534f358 (&disk->open_mutex){+.+.}-{4:4}, at: bdev_release+0x1a9/0x650
[ 1830.251400][   T31] 1 lock held by syz.2.3860/21384:
[ 1830.269427][   T31] 2 locks held by modprobe/21406:
[ 1830.287057][   T31] 3 locks held by dhcpcd-run-hook/21408:
[ 1830.304573][   T31] 
[ 1830.310445][   T31] =============================================
[ 1830.310445][   T31] 
[ 1830.370824][   T31] NMI backtrace for cpu 0
[ 1830.370855][   T31] CPU: 0 UID: 0 PID: 31 Comm: khungtaskd Not tainted 6.15.0-next-20250527-syzkaller #0 PREEMPT(full) 
[ 1830.370884][   T31] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[ 1830.370898][   T31] Call Trace:
[ 1830.370909][   T31]  <TASK>
[ 1830.370920][   T31]  dump_stack_lvl+0x189/0x250
[ 1830.370948][   T31]  ? __wake_up_klogd+0xd9/0x110
[ 1830.370980][   T31]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 1830.371001][   T31]  ? __pfx__printk+0x10/0x10
[ 1830.371042][   T31]  nmi_cpu_backtrace+0x39e/0x3d0
[ 1830.371072][   T31]  ? __pfx_nmi_cpu_backtrace+0x10/0x10
[ 1830.371092][   T31]  ? _printk+0xcf/0x120
[ 1830.371123][   T31]  ? __pfx__printk+0x10/0x10
[ 1830.371151][   T31]  ? __pfx_nmi_raise_cpu_backtrace+0x10/0x10
[ 1830.371185][   T31]  nmi_trigger_cpumask_backtrace+0x17a/0x300
[ 1830.371212][   T31]  watchdog+0xfee/0x1030
[ 1830.371251][   T31]  ? watchdog+0x1de/0x1030
[ 1830.371288][   T31]  kthread+0x711/0x8a0
[ 1830.371317][   T31]  ? __pfx_watchdog+0x10/0x10
[ 1830.371347][   T31]  ? __pfx_kthread+0x10/0x10
[ 1830.371375][   T31]  ? _raw_spin_unlock_irq+0x23/0x50
[ 1830.371401][   T31]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1830.371428][   T31]  ? __pfx_kthread+0x10/0x10
[ 1830.371469][   T31]  ret_from_fork+0x3fc/0x770
[ 1830.371505][   T31]  ? __pfx_ret_from_fork+0x10/0x10
[ 1830.371545][   T31]  ? __switch_to_asm+0x39/0x70
[ 1830.371567][   T31]  ? __switch_to_asm+0x33/0x70
[ 1830.371590][   T31]  ? __pfx_kthread+0x10/0x10
[ 1830.371614][   T31]  ret_from_fork_asm+0x1a/0x30
[ 1830.371655][   T31]  </TASK>
[ 1830.524962][   T31] Sending NMI from CPU 0 to CPUs 1:
[ 1830.530283][    C1] NMI backtrace for cpu 1
[ 1830.530310][    C1] CPU: 1 UID: 0 PID: 69 Comm: kworker/u8:5 Not tainted 6.15.0-next-20250527-syzkaller #0 PREEMPT(full) 
[ 1830.530332][    C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[ 1830.530346][    C1] Workqueue:  0x0 (events_unbound)
[ 1830.530376][    C1] RIP: 0010:__list_del_entry_valid_or_report+0xbe/0x190
[ 1830.530414][    C1] Code: 1f 0f 85 92 00 00 00 4d 8d 7e 08 4d 89 fc 49 c1 ec 03 43 80 3c 2c 00 74 08 4c 89 ff e8 8b 27 5d fd 49 39 1f 0f 85 9e 00 00 00 <b0> 01 5b 41 5c 41 5d 41 5e 41 5f c3 cc cc cc cc cc 48 c7 c7 20 99
[ 1830.530431][    C1] RSP: 0018:ffffc9000211fbf8 EFLAGS: 00000046
[ 1830.530447][    C1] RAX: 1ffff1100b5af381 RBX: ffff88805ad79c08 RCX: ffff88801af5da00
[ 1830.530462][    C1] RDX: 0000000000000000 RSI: 0000000000000001 RDI: ffff88805ad79c10
[ 1830.530474][    C1] RBP: ffff88805ad79c08 R08: ffff888140403087 R09: 1ffff11028080610
[ 1830.530488][    C1] R10: dffffc0000000000 R11: ffffed1028080611 R12: 1ffffffff1ea2ab6
[ 1830.530508][    C1] R13: dffffc0000000000 R14: ffffffff8f5155a8 R15: ffffffff8f5155b0
[ 1830.530523][    C1] FS:  0000000000000000(0000) GS:ffff888125d55000(0000) knlGS:0000000000000000
[ 1830.530538][    C1] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 1830.530551][    C1] CR2: 00007f1ba5fba6b0 CR3: 000000000df38000 CR4: 00000000003526f0
[ 1830.530568][    C1] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[ 1830.530579][    C1] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[ 1830.530591][    C1] Call Trace:
[ 1830.530598][    C1]  <TASK>
[ 1830.530609][    C1]  assign_work+0x1fb/0x410
[ 1830.530641][    C1]  worker_thread+0x88f/0xda0
[ 1830.530674][    C1]  kthread+0x711/0x8a0
[ 1830.530698][    C1]  ? __pfx_worker_thread+0x10/0x10
[ 1830.530714][    C1]  ? __pfx_kthread+0x10/0x10
[ 1830.530736][    C1]  ? _raw_spin_unlock_irq+0x23/0x50
[ 1830.530759][    C1]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1830.530781][    C1]  ? __pfx_kthread+0x10/0x10
[ 1830.530802][    C1]  ret_from_fork+0x3fc/0x770
[ 1830.530831][    C1]  ? __pfx_ret_from_fork+0x10/0x10
[ 1830.530860][    C1]  ? __switch_to_asm+0x39/0x70
[ 1830.530880][    C1]  ? __switch_to_asm+0x33/0x70
[ 1830.530898][    C1]  ? __pfx_kthread+0x10/0x10
[ 1830.530919][    C1]  ret_from_fork_asm+0x1a/0x30
[ 1830.530948][    C1]  </TASK>
[ 1830.613066][   T31] Kernel panic - not syncing: hung_task: blocked tasks
[ 1830.613103][   T31] CPU: 0 UID: 0 PID: 31 Comm: khungtaskd Not tainted 6.15.0-next-20250527-syzkaller #0 PREEMPT(full) 
[ 1830.613135][   T31] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[ 1830.613154][   T31] Call Trace:
[ 1830.613168][   T31]  <TASK>
[ 1830.613182][   T31]  dump_stack_lvl+0x99/0x250
[ 1830.613217][   T31]  ? __asan_memcpy+0x40/0x70
[ 1830.613258][   T31]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 1830.613283][   T31]  ? __pfx__printk+0x10/0x10
[ 1830.613330][   T31]  panic+0x2db/0x790
[ 1830.613377][   T31]  ? __pfx_panic+0x10/0x10
[ 1830.613414][   T31]  ? __pfx_delay_tsc+0x10/0x10
[ 1830.613440][   T31]  ? nmi_backtrace_stall_check+0x433/0x440
[ 1830.613488][   T31]  ? preempt_schedule_thunk+0x16/0x30
[ 1830.613524][   T31]  ? nmi_trigger_cpumask_backtrace+0x2b6/0x300
[ 1830.613561][   T31]  watchdog+0x102d/0x1030
[ 1830.613603][   T31]  ? watchdog+0x1de/0x1030
[ 1830.613648][   T31]  kthread+0x711/0x8a0
[ 1830.613684][   T31]  ? __pfx_watchdog+0x10/0x10
[ 1830.613718][   T31]  ? __pfx_kthread+0x10/0x10
[ 1830.613758][   T31]  ? _raw_spin_unlock_irq+0x23/0x50
[ 1830.613790][   T31]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1830.613819][   T31]  ? __pfx_kthread+0x10/0x10
[ 1830.613850][   T31]  ret_from_fork+0x3fc/0x770
[ 1830.613891][   T31]  ? __pfx_ret_from_fork+0x10/0x10
[ 1830.613934][   T31]  ? __switch_to_asm+0x39/0x70
[ 1830.613960][   T31]  ? __switch_to_asm+0x33/0x70
[ 1830.613986][   T31]  ? __pfx_kthread+0x10/0x10
[ 1830.614017][   T31]  ret_from_fork_asm+0x1a/0x30
[ 1830.614070][   T31]  </TASK>
[ 1830.904761][   T31] Kernel Offset: disabled
[ 1830.909099][   T31] Rebooting in 86400 seconds..