last executing test programs:

9m18.623852414s ago: executing program 4 (id=5):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8e}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000040)=0x8)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
ioctl$TCXONC(0xffffffffffffffff, 0x540a, 0x2)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0xb2570000)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000280)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x2000000}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0xc, 0xe, &(0x7f00000008c0)=ANY=[@ANYBLOB="b702000023000000bfa30000000000000703000000feffff7a0af0ff0000000079a4f0ff00000000b7060000ffffffff2d6405000000000065040400010001010404000001007d60b7030000010000006a0a00fe00000000850000000d0000009700000001000000950000000000000075cdc4b57b0c65752a3ad50000007ddd0000000000639100000000000000000000ff7f0000292f17cee19d0001000000000000000000cb04fcbb0ba9918d37b056b9bbd11b6b9f6cf7db6d574620260000000000008062d77e84cef4a2ab938f65aac33c4d620de2c9b7dc10d7d313f9f57606b83b994fb484510bef2e4852f5c2fe6faaf75e5cc4051ade12f41deff6df6a936b4ec3827c739bb39aad16cc75fe369258673b5d053bdec75dca3772be2c9d2d29db3d36dd01797bd3f15aa6aadbeab2a01685108e61aa000000000000000000000000008b798b4f7458d1863cc67d4c6a06e828e5216f601b19db1af1b5d356d0f062137d866d11be4ba3f0151fdbbd4e97d62ecc645e143a60f1b1b71b5f7ec6edc76609073909826151e2b42bf0ed0c8cef3ba2a730a00c87c493db845b10e9468bda6f82881eb8c9cfa72b08eecc972a3fd2c46f3c1cde71a19d1a2982492aba0883783d2831210e00d2bfea3bf97ff8836d000000000000946bdb747e416b3064edb4f5aea06eba207ddab9f9baf98bc5192f23d95d33357fc55f92e5937e10995059f3348f69667b9260d504ba96446e1437af6fa875d9d32fdaaae01e6c74f192a23572ef582b7dd867c163c8cedaa2a2c5baceb37d4a40244c9bdca541cc7e65e20f5b5b735e2f33df9bd0614431d7dc5e47bb31c5b827d51733b64ddad4de1cdadce076d19d62e821b435619fb89fc07f81938200b4ebce83db57a6f5e9b1c2cf4b6ee90772d4865bf448d200e5c4e1e044d3587498128273b65670c02ff5c3c3ca633c41324fdc09e0b2621087db26bb0553612f2be27579ede2344a809e6b27d0044f2337895323357caddb54642dac82ae25deb08e111e0b9fa133c9da85dc50c3454ee0ff915331bd7f32f96fb55c7990334b1a1bc4d5d817b82f9fc278cc4858fbfa4d0f32a863c1ce050caddc5ca3b10c3e63daebba039e9f80fdef113a145ace522e8379474aa8849dcc2501df3ffcb02d29d55a1a2cbe00e836db0e6b0a7ffd680dbcf7b982a956998df3dce0e9091a4d736db69038061e"], &(0x7f0000000340)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x0, 0x10, &(0x7f0000000100), 0x237}, 0x48)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000240)={r3, 0x1f00, 0x18, 0x19, &(0x7f00000007c0)="9f44948721919580684010a40566", 0x0, 0x7ff, 0x0, 0xb1, 0x0, &(0x7f0000000700)="389ceff69d08b0af1cc71b6262d50660bbaf31a7f8cd6a6f911beb65d5fe6b54bf21a66489121f24fefd198059288c9b735e1898e77a7469489a249292c02a72bc193a3008ebdbf4e9dd4ee8fcceef55402c913c8dd0ebece1330aaa93ece835c5044a246a5967e3acd7c950b3b19f351830e545eb9bc3a9c6dd22ce97f1f857cfe8b68a2370b69ea336006b589368f92deb68f3dfc6f2bfee09f8342da437fce5dcdf658e453e3132bb42067575318c39", &(0x7f0000000380)="8c5911c525f5cf4c4ecf207ad2ec", 0x0, 0x0, 0xffffffff}, 0x23)

9m14.740292188s ago: executing program 4 (id=9):
pipe2$9p(0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r0, 0x2, &(0x7f0000000040)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs={0x0, 0x0, 0xfffffffc}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r3 = syz_open_procfs(0x0, &(0x7f00000003c0)='net/mcfilter6\x00')
preadv(r3, &(0x7f00000001c0)=[{&(0x7f0000000580)=""/105, 0x69}, {0x0}], 0x2, 0x5b, 0x100)
syz_genetlink_get_family_id$wireguard(&(0x7f0000000040), 0xffffffffffffffff)

9m12.936001039s ago: executing program 4 (id=14):
mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0xc0)
pipe2$9p(&(0x7f0000000240)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r1, &(0x7f0000000080)=ANY=[@ANYBLOB="1500000065ffff097b000008003950323030302e4c"], 0x15)
r2 = dup(r1)
write$FUSE_BMAP(r2, &(0x7f0000000100)={0x18}, 0x18)
write$FUSE_NOTIFY_RETRIEVE(r2, &(0x7f00000000c0)={0x14c}, 0x137)
mount$9p_fd(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f0000000b80), 0x0, &(0x7f0000000000)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r2])
statfs(&(0x7f0000000040)='./file0\x00', 0x0)
chdir(&(0x7f0000000240)='./file0\x00')
creat(&(0x7f0000000040)='./bus\x00', 0x0)

9m12.398512115s ago: executing program 4 (id=17):
r0 = socket$inet_udp(0x2, 0x2, 0x0)
setsockopt$IPT_SO_SET_REPLACE(r0, 0x4000000000000, 0x40, &(0x7f00000006c0)=@raw={'raw\x00', 0x4001, 0x3, 0x3e8, 0x158, 0x0, 0x148, 0x158, 0x148, 0x350, 0x240, 0x240, 0x350, 0x240, 0x7fffffe, 0x0, {[{{@ip={@private=0xa010102, @local, 0x0, 0x0, 'ip6gretap0\x00', 'nicvf0\x00', {}, {}, 0x88, 0x3, 0x10}, 0x0, 0xf8, 0x158, 0x0, {}, [@common=@inet=@hashlimit1={{0x58}, {'wg1\x00', {0x0, 0x0, 0x1ff, 0x100000, 0x0, 0xed, 0x10000007}}}, @common=@unspec=@connmark={{0x30}, {0xfffffff9, 0x8}}]}, @common=@CLUSTERIP={0x60, 'CLUSTERIP\x00', 0x0, {0x0, @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x2}, 0x85d, 0xb, [0x10, 0x31, 0x1e, 0x32, 0x2b, 0x25, 0x3f, 0x17, 0x19, 0x22, 0x2c, 0x3d, 0x7, 0x3f, 0x1e, 0x31], 0x0, 0x2, 0x2}}}, {{@ip={@rand_addr=0x64010101, @local, 0xff, 0x0, 'tunl0\x00', 'lo\x00', {0xff}, {}, 0x2e, 0x3, 0x4}, 0x0, 0x190, 0x1f8, 0x0, {}, [@common=@inet=@recent0={{0xf8}, {0x8, 0x9, 0x1, 0x1, 'syz1\x00', 0x2}}, @inet=@rpfilter={{0x28}, {0x8}}]}, @unspec=@CT2={0x68, 'CT\x00', 0x2, {0x0, 0xfff, 0x7e, 0x1c, 'netbios-ns\x00', 'syz0\x00', {0x3}}}}], {{'\x00', 0x0, 0x70, 0x98}, {0x28}}}}, 0x448)
syz_emit_ethernet(0x66, &(0x7f00000002c0)={@link_local, @dev={'\xaa\xaa\xaa\xaa\xaa', 0x12}, @void, {@ipv4={0x800, @gre={{0x5, 0x4, 0x0, 0x0, 0x58, 0x0, 0x0, 0x0, 0x2f, 0x0, @private, @multicast1}, {{0x0, 0x0, 0x1, 0x0, 0x2, 0x0, 0x0, 0x4, 0x6558}, {0x0, 0x0, 0x0, 0x0, 0x11}, {}, {0x8, 0x88be, 0x0, {{0x0, 0x1, 0xfd, 0x0, 0x0, 0x0, 0x0, 0xe}, 0x1, {0x1}}}}}}}}, 0x0)

8m50.314640867s ago: executing program 32 (id=17):
r0 = socket$inet_udp(0x2, 0x2, 0x0)
setsockopt$IPT_SO_SET_REPLACE(r0, 0x4000000000000, 0x40, &(0x7f00000006c0)=@raw={'raw\x00', 0x4001, 0x3, 0x3e8, 0x158, 0x0, 0x148, 0x158, 0x148, 0x350, 0x240, 0x240, 0x350, 0x240, 0x7fffffe, 0x0, {[{{@ip={@private=0xa010102, @local, 0x0, 0x0, 'ip6gretap0\x00', 'nicvf0\x00', {}, {}, 0x88, 0x3, 0x10}, 0x0, 0xf8, 0x158, 0x0, {}, [@common=@inet=@hashlimit1={{0x58}, {'wg1\x00', {0x0, 0x0, 0x1ff, 0x100000, 0x0, 0xed, 0x10000007}}}, @common=@unspec=@connmark={{0x30}, {0xfffffff9, 0x8}}]}, @common=@CLUSTERIP={0x60, 'CLUSTERIP\x00', 0x0, {0x0, @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x2}, 0x85d, 0xb, [0x10, 0x31, 0x1e, 0x32, 0x2b, 0x25, 0x3f, 0x17, 0x19, 0x22, 0x2c, 0x3d, 0x7, 0x3f, 0x1e, 0x31], 0x0, 0x2, 0x2}}}, {{@ip={@rand_addr=0x64010101, @local, 0xff, 0x0, 'tunl0\x00', 'lo\x00', {0xff}, {}, 0x2e, 0x3, 0x4}, 0x0, 0x190, 0x1f8, 0x0, {}, [@common=@inet=@recent0={{0xf8}, {0x8, 0x9, 0x1, 0x1, 'syz1\x00', 0x2}}, @inet=@rpfilter={{0x28}, {0x8}}]}, @unspec=@CT2={0x68, 'CT\x00', 0x2, {0x0, 0xfff, 0x7e, 0x1c, 'netbios-ns\x00', 'syz0\x00', {0x3}}}}], {{'\x00', 0x0, 0x70, 0x98}, {0x28}}}}, 0x448)
syz_emit_ethernet(0x66, &(0x7f00000002c0)={@link_local, @dev={'\xaa\xaa\xaa\xaa\xaa', 0x12}, @void, {@ipv4={0x800, @gre={{0x5, 0x4, 0x0, 0x0, 0x58, 0x0, 0x0, 0x0, 0x2f, 0x0, @private, @multicast1}, {{0x0, 0x0, 0x1, 0x0, 0x2, 0x0, 0x0, 0x4, 0x6558}, {0x0, 0x0, 0x0, 0x0, 0x11}, {}, {0x8, 0x88be, 0x0, {{0x0, 0x1, 0xfd, 0x0, 0x0, 0x0, 0x0, 0xe}, 0x1, {0x1}}}}}}}}, 0x0)

6m43.898869882s ago: executing program 5 (id=401):
sendmsg$MPTCP_PM_CMD_GET_LIMITS(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0xffffffffffffffb4, 0x0, 0x1, 0x0, 0x0, 0x41}, 0x809d)
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000300)='blkio.bfq.io_merged_recursive\x00', 0x275a, 0x0)
syz_emit_ethernet(0x36, &(0x7f0000000100)=ANY=[@ANYBLOB="000002f0d31209000000bc2e79e995"], 0x0)
write$binfmt_script(r2, &(0x7f0000000100), 0x208e24b)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, r2, 0x0)
preadv(r2, &(0x7f00000015c0)=[{&(0x7f0000000080)=""/124, 0xffffff23}], 0x3e, 0x0, 0x0)
r3 = openat$vcsa(0xffffffffffffff9c, &(0x7f0000000140), 0x40, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil})
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000499000/0x18000)=nil, &(0x7f0000000040)=[@text16={0x10, &(0x7f0000000180)="66b9800000c00f326635000800000f300f0f1c9a65660ff3b20618baa000ec672e660f38803d004000000f285473f61366b9800000c00f320f300f20e06635800000000f22e02b6aa6c8", 0x4a}], 0x1, 0x0, 0x0, 0x0)
r4 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x20004840}, 0x14)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r4, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000240)=[@text32={0x20, 0x0}], 0x1, 0x0, 0x0, 0x0)
bpf$BPF_GET_PROG_INFO(0xf, &(0x7f00000005c0)={r3, 0xe0, &(0x7f00000004c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, <r5=>0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000440), 0x8, 0x298087f6, 0x8, 0x8, &(0x7f0000000480)}}, 0x10)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000600)={0x11, 0x0, 0x0, &(0x7f0000000000)='GPL\x00', 0x2a7, 0x0, 0x0, 0x41100, 0x24, '\x00', r5, 0x0, r2, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x3ff}, 0x94)
ioctl$KVM_RUN(r4, 0xae80, 0x0)

6m42.113987093s ago: executing program 5 (id=404):
pipe(0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
r0 = getpid()
sched_setscheduler(r0, 0x1, &(0x7f0000000200)=0x7)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000040)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
rt_sigqueueinfo(0xffffffffffffffff, 0x0, 0x0)
sendmmsg$unix(r2, &(0x7f0000000000), 0x40000000000029a, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
fsmount(0xffffffffffffffff, 0x0, 0x0)
r3 = socket$inet_smc(0x2b, 0x1, 0x0)
setsockopt$inet_tcp_TCP_REPAIR(r3, 0x6, 0x13, &(0x7f0000000000)=0x1, 0x4)
setsockopt$inet_tcp_TCP_REPAIR_QUEUE(r3, 0x6, 0x14, &(0x7f0000000540)=0x2, 0x4)
connect$inet(r3, &(0x7f0000000040)={0x2, 0x4e23, @remote}, 0x10)
sendmmsg$inet(r3, 0x0, 0x0, 0x2404c845)

6m41.051712785s ago: executing program 5 (id=407):
r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f00000000c0)={0x73622a85, 0xa, 0x8000000000002})
r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000200)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000080)={0x8, 0x0, &(0x7f0000000400)=[@increfs], 0x0, 0x0, 0x0})
r2 = dup3(r1, r0, 0x0)
r3 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000000)='./binderfs/binder0\x00', 0x0, 0x0)
r4 = mmap$binder(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x1, 0x11, r3, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r3, 0x4018620d, &(0x7f0000000040)={0x73622a85, 0x10a})
ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f00000003c0)={0x8, 0x0, &(0x7f0000000340)=[@acquire], 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000001040)={0x4c, 0x0, &(0x7f0000000ec0)=[@transaction_sg={0x40486311, {0x1, 0x0, 0x0, 0x0, 0x41, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x1000}], 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f00000001c0)={0x4c, 0x0, &(0x7f0000000740)=[@transaction_sg={0x40486311, {0x1, 0x0, 0x0, 0x0, 0x11, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x400}], 0x0, 0x0, 0x0})
r5 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000440)='./binderfs2/custom1\x00', 0x802, 0x0)
ioctl$BINDER_FREEZE(r5, 0x400c620e, 0x0)
ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000c00)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
r6 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000500)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0)
read$FUSE(r6, &(0x7f0000007fc0)={0x2020}, 0x2020)
ioctl$BINDER_WRITE_READ(r3, 0xc0306201, &(0x7f0000000300)={0xc, 0x0, &(0x7f0000000240)=[@free_buffer={0x40086303, r4}], 0x0, 0x0, 0x0})

6m40.780620279s ago: executing program 5 (id=408):
bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0x6, 0xc, 0x0, 0x0, 0x6, 0x0, 0x0, 0x40f00, 0x62, '\x00', 0x0, @fallback=0x2e, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x8000}, 0x94)
openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x40040, 0x0)
r0 = syz_genetlink_get_family_id$ieee802154(&(0x7f0000000300), 0xffffffffffffffff)
sendmsg$IEEE802154_ASSOCIATE_REQ(0xffffffffffffffff, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000640)={&(0x7f0000000180)={0x14, r0, 0x1, 0x70bd28, 0x25dfdbff}, 0x14}, 0x1, 0x0, 0x0, 0x4044080}, 0x0)
ioctl$sock_SIOCETHTOOL(0xffffffffffffffff, 0x8946, &(0x7f0000000080)={'netdevsim0\x00', &(0x7f00000000c0)=@ethtool_sfeatures={0x17}})
sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x14)
r1 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r1, &(0x7f0000000380)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc-cast5-avx\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r1, 0x117, 0x1, &(0x7f00000004c0)="2c385a7af3", 0x5)
r2 = accept4(r1, 0x0, 0x0, 0x800)
sendmmsg$alg(r2, &(0x7f0000000040)=[{0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000080)="f78d9ca38fff48f3be52163448412ba8", 0x10}, {&(0x7f0000000140)="ebe3a0e9796cfd1647e299f4e376fdba128280b372219d205e81f4a7f71c1926aae1efd7e0054a863f3d5cfe6cb55b5bb9fa6935849e6098ed884e7cb51726b360fbb37b4fe035bbb095873048", 0x4d}], 0x2, &(0x7f0000000380)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18}], 0x1, 0x40800)
recvmsg(r2, &(0x7f00000005c0)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f00000000c0)=""/81, 0x7ffff000}, {&(0x7f0000000200)=""/83, 0x20000253}], 0x2}, 0x0)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
r4 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000580), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r3, 0x8933, &(0x7f00000013c0)={'wlan1\x00', <r5=>0x0})
sendmsg$NL80211_CMD_FRAME(r3, &(0x7f0000001380)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000dc0)=ANY=[@ANYBLOB="f4060000", @ANYRES16=r4, @ANYBLOB="01000000000000e14f003b00000008000300", @ANYRES32=r5, @ANYBLOB="d50633008000009effffffffffff080211000001"], 0x6f4}}, 0x0)

6m40.571392191s ago: executing program 5 (id=410):
bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0xc, 0xe, &(0x7f0000000b80)=ANY=[], 0x0}, 0x94)
bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0x6, 0xc, 0x0, 0x0, 0x6, 0x0, 0x0, 0x40f00, 0x62, '\x00', 0x0, @fallback=0x2e, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x8000}, 0x94)
openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x40040, 0x0)
ioctl$sock_SIOCETHTOOL(0xffffffffffffffff, 0x8946, &(0x7f0000000080)={'netdevsim0\x00', &(0x7f00000000c0)=@ethtool_sfeatures={0x17}})
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000080)=ANY=[@ANYBLOB="24000000120001fbffffff000200000007"], 0x24}, 0x1, 0x0, 0x0, 0x40014}, 0x14)
r0 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r0, &(0x7f0000000380)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc-cast5-avx\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, 0x0, 0x0)
r1 = accept4(r0, 0x0, 0x0, 0x800)
sendmmsg$alg(r1, &(0x7f0000000040)=[{0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000080)="f78d9ca38fff48f3be52163448412ba8", 0xfffffe3f}, {&(0x7f0000000140)="ebe3a0e9796cfd1647e299f4e376fdba128280b372219d205e81f4a7f71c1926aae1efd7e0054a863f3d5cfe6cb55b5bb9fa6935849e6098ed884e7cb51726b360fbb37b4fe035bbb095873048", 0xff31}, {&(0x7f00000003c0)="e8700e444d50a969ff67347cff6127e6ef12ee3819271482a4975a52c1ab9b8b4db3945d1032005eabe97b4dc33a47d3a158da988456d30026b433186f53cdcdb93a4722bf306a10470d50f5cb1ece9ead3459bab1cf1538cd0b157653c5e892962c80f158c443e9c6ad7d2a8103ef2f4b93766b9a21501f94c1568b13756b66f74f46cf801704d2da8b96c34070b233af0afcc436712e58ed25e721193af05a045ad3fdc928f02f3dbad19d3e66eebda2e63f3f46ef4511cee26d7b48241847bf9e343ef4674c45e2a085060f11"}], 0x1, &(0x7f0000000380)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18}], 0x1, 0x40800)
recvmsg(r1, &(0x7f00000005c0)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f00000000c0)=""/81, 0x7ffff000}, {&(0x7f0000000200)=""/83, 0x20000253}], 0x2}, 0x0)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
r3 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000580), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f00000013c0)={'wlan1\x00', <r4=>0x0})
sendmsg$NL80211_CMD_FRAME(r2, &(0x7f0000001380)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000dc0)=ANY=[@ANYBLOB="f4060000", @ANYRES16=r3, @ANYBLOB="01000000000000e14f003b00000008000300", @ANYRES32=r4, @ANYBLOB="d50633008000009effffffffffff080211000001"], 0x6f4}}, 0x0)

6m40.401855692s ago: executing program 5 (id=412):
r0 = socket$nl_route(0x10, 0x3, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
getpid()
openat$binfmt_format(0xffffffffffffff9c, &(0x7f00000001c0)='/proc/sys/fs/binfmt_misc/syz0\x00', 0x2, 0x0)
socketpair$unix(0x1, 0x2, 0x0, 0x0)
ioctl$sock_SIOCETHTOOL(r0, 0x8946, &(0x7f0000000340)={'veth0_to_team\x00', &(0x7f00000001c0)=@ethtool_ringparam={0x50, 0xfffffffd, 0xee, 0x1, 0x5, 0x0, 0x9, 0x2, 0x3}})
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0)
recvmmsg(r1, &(0x7f0000000040), 0x80002c1, 0x2, 0x0)
r3 = socket$inet6(0xa, 0x2, 0x0)
sendmsg$inet6(r3, &(0x7f0000000340)={&(0x7f0000000080)={0xa, 0x4e1e, 0x80000, @mcast2, 0x2}, 0x1c, 0x0}, 0xc4)
sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000240)=@newlink={0x44, 0x10, 0x439, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x10681, 0x20000}, [@IFLA_LINKINFO={0x24, 0x12, 0x0, 0x1, @gretap={{0xb}, {0x14, 0x2, 0x0, 0x1, [@IFLA_GRE_REMOTE={0x8, 0x7, @local}, @IFLA_GRE_IFLAGS={0x6, 0x2, 0x2}]}}}]}, 0x44}, 0x1, 0x0, 0x0, 0x40090}, 0x20044002)

6m25.022363239s ago: executing program 33 (id=412):
r0 = socket$nl_route(0x10, 0x3, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
getpid()
openat$binfmt_format(0xffffffffffffff9c, &(0x7f00000001c0)='/proc/sys/fs/binfmt_misc/syz0\x00', 0x2, 0x0)
socketpair$unix(0x1, 0x2, 0x0, 0x0)
ioctl$sock_SIOCETHTOOL(r0, 0x8946, &(0x7f0000000340)={'veth0_to_team\x00', &(0x7f00000001c0)=@ethtool_ringparam={0x50, 0xfffffffd, 0xee, 0x1, 0x5, 0x0, 0x9, 0x2, 0x3}})
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0)
recvmmsg(r1, &(0x7f0000000040), 0x80002c1, 0x2, 0x0)
r3 = socket$inet6(0xa, 0x2, 0x0)
sendmsg$inet6(r3, &(0x7f0000000340)={&(0x7f0000000080)={0xa, 0x4e1e, 0x80000, @mcast2, 0x2}, 0x1c, 0x0}, 0xc4)
sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000240)=@newlink={0x44, 0x10, 0x439, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x10681, 0x20000}, [@IFLA_LINKINFO={0x24, 0x12, 0x0, 0x1, @gretap={{0xb}, {0x14, 0x2, 0x0, 0x1, [@IFLA_GRE_REMOTE={0x8, 0x7, @local}, @IFLA_GRE_IFLAGS={0x6, 0x2, 0x2}]}}}]}, 0x44}, 0x1, 0x0, 0x0, 0x40090}, 0x20044002)

2m8.198079524s ago: executing program 6 (id=1342):
ioctl$VIDIOC_QUERYMENU(0xffffffffffffffff, 0xc02c5625, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000000)={0x8, 0x100008b}, 0x0)
r0 = getpgrp(0x0)
sched_setaffinity(r0, 0x8, &(0x7f0000000040)=0x5)
sched_setscheduler(0x0, 0x1, &(0x7f0000000300)=0x7)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000000)=0x3)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
r2 = syz_clone(0x8000, 0x0, 0xfffffffffffffe7e, 0x0, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, r2, 0x1, 0x0)
r3 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r3, &(0x7f0000032680)=""/102392, 0x18ff8)
r4 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
bind$bt_hci(r4, &(0x7f0000000040)={0x1f, 0x0, 0x1}, 0x6)
bind$bt_hci(0xffffffffffffffff, &(0x7f0000000000)={0x1f, 0xffffffffffffffff, 0x3}, 0x6)
write$bt_hci(0xffffffffffffffff, &(0x7f0000000040)=ANY=[], 0x6)
sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0xffba83)
ioctl$VHOST_SET_VRING_ADDR(0xffffffffffffffff, 0x4028af11, 0x0)
r5 = eventfd2(0x1, 0x1)
ioctl$VHOST_SET_VRING_ERR(0xffffffffffffffff, 0x4008af22, &(0x7f00000001c0)={0x0, r5})
add_key$user(&(0x7f0000000000), &(0x7f00000001c0)={'syz', 0x0}, &(0x7f0000000540)="bc3009bb66", 0x5, 0xfffffffffffffffe)
r6 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_NEW(r6, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000240)=ANY=[@ANYBLOB="0c0100000001010400000000000000000a0000003c0001802c00018014000300fe8000000000000000000000000000aa14000400fc0000000000000000000000000000000c00028005000100000000003c0002800c00028005000100000000002c000180140003000000000000000000000000000000000114000400fe8000000000000000000000000000aa08000740000000007800068014000500fc020000"], 0x10c}}, 0x0)
sendmsg$IPCTNL_MSG_CT_NEW(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f00000002c0)={0x98, 0x0, 0x1, 0x401, 0x0, 0x0, {0xa}, [@CTA_TUPLE_ORIG={0x3c, 0x1, 0x0, 0x1, [@CTA_TUPLE_IP={0x2c, 0x1, 0x0, 0x1, @ipv6={{0x14, 0x3, @local}, {0x14, 0x4, @mcast1}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TUPLE_REPLY={0x3c, 0x2, 0x0, 0x1, [@CTA_TUPLE_IP={0x2c, 0x1, 0x0, 0x1, @ipv6={{0x14, 0x3, @local}, {0x14, 0x4, @ipv4={'\x00', '\xff\xff', @empty}}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TIMEOUT={0x8}, @CTA_NAT_SRC={0x4}]}, 0x98}}, 0x0)
sendmsg$IPCTNL_MSG_CT_NEW(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000380)={0xac, 0x0, 0x1, 0x401, 0x0, 0x0, {0xa}, [@CTA_TUPLE_ORIG={0x3c, 0x1, 0x0, 0x1, [@CTA_TUPLE_IP={0x2c, 0x1, 0x0, 0x1, @ipv6={{0x14, 0x3, @empty}, {0x14, 0x4, @mcast1}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TUPLE_REPLY={0x3c, 0x2, 0x0, 0x1, [@CTA_TUPLE_IP={0x2c, 0x1, 0x0, 0x1, @ipv6={{0x14, 0x3, @local}, {0x14, 0x4, @local}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TIMEOUT={0x8, 0x7, 0x1, 0x0, 0x400}, @CTA_NAT_SRC={0x18, 0x6, 0x0, 0x1, [@CTA_NAT_V6_MINIP={0x14, 0x4, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01'}]}]}, 0xac}}, 0x0)

2m6.00399131s ago: executing program 6 (id=1343):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setaffinity(0x0, 0x0, 0x0)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000400)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setattr(0x0, 0x0, 0x0)
connect$unix(0xffffffffffffffff, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r3 = socket$inet_tcp(0x2, 0x1, 0x0)
connect$inet(r3, &(0x7f0000000180)={0x2, 0x4e22, @dev={0xac, 0x14, 0x14, 0x11}}, 0x10)
r4 = socket$nl_netfilter(0x10, 0x3, 0xc)
close(r4)
close(0xffffffffffffffff)
r5 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r5, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000240)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a28000000000a030000000000000000000a00000708000240000000020900010073797a31000000002c000000030a010100000000000000000a0000070900010073797a31000000000900030073797a320000000014000000110001"], 0x7c}, 0x1, 0x0, 0x0, 0x4000}, 0x0)
sendmsg$NFT_BATCH(r5, &(0x7f0000009b40)={0x0, 0x0, &(0x7f0000009b00)={&(0x7f0000000100)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a4c000000090a010400000000000000000a0000040900010073797a310000000008000540000000020900020073797a310000000008000a40fffffffc080003400000001408000c4000000e45400000000c0a010100000000000000000a0000060900020073797a31000000000900010073797a310000000014000380100000800c00018006000100d103000014000000110001"], 0xb4}, 0x1, 0x0, 0x0, 0x4000850}, 0x40)
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000009b40)={0x0, 0x0, &(0x7f0000009b00)={&(0x7f0000000740)=ANY=[@ANYBLOB="140000001000010000000000000000000a00000a480000000c0a010100000000000000000a0000060900020073797a31000000000900010073797a31000000001c000380180000800c0001800600010000000000080003400000000114000000110001"], 0x70}, 0x1, 0x0, 0x0, 0x4000851}, 0x40)
sendmsg$NFT_BATCH(r4, &(0x7f0000009b40)={0x0, 0x0, &(0x7f0000009b00)={&(0x7f0000000500)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a480000000c0a010100000000000000000a0000060900020073797a31000000000900010073797a31000000001c000380180000800c00018006000100bd0300000800034000000001"], 0x70}, 0x1, 0x0, 0x0, 0x4000850}, 0x40)

1m59.419134495s ago: executing program 6 (id=1362):
r0 = openat$adsp1(0xffffffffffffff9c, &(0x7f0000000040), 0xa0201, 0x0)
ioctl$SNDCTL_DSP_SETFRAGMENT(r0, 0xc004500a, &(0x7f0000001340))
setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x3, &(0x7f0000000000)=0x6, 0x4)
getsockopt$inet_sctp_SCTP_MAX_BURST(0xffffffffffffffff, 0x84, 0x14, &(0x7f0000000000)=@assoc_value, &(0x7f0000000040)=0x8)
io_uring_enter(0xffffffffffffffff, 0x2219, 0x7721, 0x16, 0x0, 0x0)
r1 = openat$dsp1(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
read$dsp(r1, &(0x7f00000002c0)=""/4096, 0x1000)
write$dsp(r0, &(0x7f00000012c0)="a52876830a602214f6b4e928d758f38a5a7cb4b31c4c09289e9ebb6286784ca3", 0x4000)

1m58.386170656s ago: executing program 6 (id=1367):
ioctl$VIDIOC_QUERYMENU(0xffffffffffffffff, 0xc02c5625, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000000)={0x8, 0x100008b}, 0x0)
r0 = getpgrp(0x0)
sched_setaffinity(r0, 0x8, &(0x7f0000000040)=0x5)
sched_setscheduler(0x0, 0x1, &(0x7f0000000300)=0x7)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000000)=0x3)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
r2 = syz_clone(0x8000, 0x0, 0xfffffffffffffe7e, 0x0, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, r2, 0x1, 0x0)
r3 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r3, &(0x7f0000032680)=""/102392, 0x18ff8)
r4 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
bind$bt_hci(r4, &(0x7f0000000040)={0x1f, 0x0, 0x1}, 0x6)
bind$bt_hci(0xffffffffffffffff, &(0x7f0000000000)={0x1f, 0xffffffffffffffff, 0x3}, 0x6)
write$bt_hci(0xffffffffffffffff, &(0x7f0000000040)=ANY=[], 0x6)
sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0xffba83)
ioctl$VHOST_SET_VRING_ADDR(0xffffffffffffffff, 0x4028af11, 0x0)
r5 = eventfd2(0x1, 0x1)
ioctl$VHOST_SET_VRING_ERR(0xffffffffffffffff, 0x4008af22, &(0x7f00000001c0)={0x0, r5})
add_key$user(&(0x7f0000000000), &(0x7f00000001c0)={'syz', 0x0}, &(0x7f0000000540)="bc3009bb66", 0x5, 0xfffffffffffffffe)
r6 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_NEW(r6, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000240)=ANY=[@ANYBLOB="0c0100000001010400000000000000000a0000003c0001802c00018014000300fe8000000000000000000000000000aa14000400fc0000000000000000000000000000000c00028005000100000000003c0002800c00028005000100000000002c000180140003000000000000000000000000000000000114000400fe8000000000000000000000000000aa08000740000000007800068014000500fc020000"], 0x10c}}, 0x0)
sendmsg$IPCTNL_MSG_CT_NEW(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f00000002c0)={0x98, 0x0, 0x1, 0x401, 0x0, 0x0, {0xa}, [@CTA_TUPLE_ORIG={0x3c, 0x1, 0x0, 0x1, [@CTA_TUPLE_IP={0x2c, 0x1, 0x0, 0x1, @ipv6={{0x14, 0x3, @local}, {0x14, 0x4, @mcast1}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TUPLE_REPLY={0x3c, 0x2, 0x0, 0x1, [@CTA_TUPLE_IP={0x2c, 0x1, 0x0, 0x1, @ipv6={{0x14, 0x3, @local}, {0x14, 0x4, @ipv4={'\x00', '\xff\xff', @empty}}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TIMEOUT={0x8}, @CTA_NAT_SRC={0x4}]}, 0x98}}, 0x0)
sendmsg$IPCTNL_MSG_CT_NEW(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000380)={0xac, 0x0, 0x1, 0x401, 0x0, 0x0, {0xa}, [@CTA_TUPLE_ORIG={0x3c, 0x1, 0x0, 0x1, [@CTA_TUPLE_IP={0x2c, 0x1, 0x0, 0x1, @ipv6={{0x14, 0x3, @empty}, {0x14, 0x4, @mcast1}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TUPLE_REPLY={0x3c, 0x2, 0x0, 0x1, [@CTA_TUPLE_IP={0x2c, 0x1, 0x0, 0x1, @ipv6={{0x14, 0x3, @local}, {0x14, 0x4, @local}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TIMEOUT={0x8, 0x7, 0x1, 0x0, 0x400}, @CTA_NAT_SRC={0x18, 0x6, 0x0, 0x1, [@CTA_NAT_V6_MINIP={0x14, 0x4, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01'}]}]}, 0xac}}, 0x0)

1m55.641193558s ago: executing program 6 (id=1371):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setaffinity(0x0, 0x0, 0x0)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000400)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setattr(0x0, 0x0, 0x0)
connect$unix(0xffffffffffffffff, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r3 = socket$inet_tcp(0x2, 0x1, 0x0)
connect$inet(r3, &(0x7f0000000180)={0x2, 0x4e22, @dev={0xac, 0x14, 0x14, 0x11}}, 0x10)
close(0xffffffffffffffff)
r4 = socket$nl_netfilter(0x10, 0x3, 0xc)
close(r4)
r5 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r5, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000240)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a28000000000a030000000000000000000a00000708000240000000020900010073797a31000000002c000000030a010100000000000000000a0000070900010073797a31000000000900030073797a320000000014000000110001"], 0x7c}, 0x1, 0x0, 0x0, 0x4000}, 0x0)
sendmsg$NFT_BATCH(r5, &(0x7f0000009b40)={0x0, 0x0, &(0x7f0000009b00)={&(0x7f0000000100)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a4c000000090a010400000000000000000a0000040900010073797a310000000008000540000000020900020073797a310000000008000a40fffffffc080003400000001408000c4000000e45400000000c0a010100000000000000000a0000060900020073797a31000000000900010073797a310000000014000380100000800c00018006000100d103000014000000110001"], 0xb4}, 0x1, 0x0, 0x0, 0x4000850}, 0x40)
sendmsg$NFT_BATCH(r4, &(0x7f0000009b40)={0x0, 0x0, &(0x7f0000009b00)={&(0x7f0000000740)=ANY=[@ANYBLOB="140000001000010000000000000000000a00000a480000000c0a010100000000000000000a0000060900020073797a31000000000900010073797a31000000001c000380180000800c0001800600010000000000080003400000000114000000110001"], 0x70}, 0x1, 0x0, 0x0, 0x4000851}, 0x40)
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000009b40)={0x0, 0x0, &(0x7f0000009b00)={&(0x7f0000000500)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a480000000c0a010100000000000000000a0000060900020073797a31000000000900010073797a31000000001c000380180000800c00018006000100bd0300000800034000000001"], 0x70}, 0x1, 0x0, 0x0, 0x4000850}, 0x40)

1m52.543960793s ago: executing program 6 (id=1376):
r0 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000100), 0x2, 0x0)
write$RDMA_USER_CM_CMD_CREATE_ID(r0, &(0x7f0000000040)={0x0, 0x7, 0xfa00, {0x0, &(0x7f0000000000), 0x13f}}, 0x20)
write(0xffffffffffffffff, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e22}, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
syz_open_dev$video(0x0, 0x1002000000000003, 0x101002)
sendmsg$IPSET_CMD_CREATE(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={0x0, 0x64}, 0x1, 0x0, 0x0, 0x4001}, 0x0)
r4 = socket$kcm(0x23, 0x2, 0x0)
sendmsg$kcm(r4, &(0x7f0000000140)={0x0, 0x0, 0x0}, 0x0)
openat$comedi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/comedi0\x00', 0x2, 0x0)
sendmsg$ETHTOOL_MSG_LINKMODES_SET(0xffffffffffffffff, 0x0, 0x0)

1m37.466754426s ago: executing program 34 (id=1376):
r0 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000100), 0x2, 0x0)
write$RDMA_USER_CM_CMD_CREATE_ID(r0, &(0x7f0000000040)={0x0, 0x7, 0xfa00, {0x0, &(0x7f0000000000), 0x13f}}, 0x20)
write(0xffffffffffffffff, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e22}, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
syz_open_dev$video(0x0, 0x1002000000000003, 0x101002)
sendmsg$IPSET_CMD_CREATE(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={0x0, 0x64}, 0x1, 0x0, 0x0, 0x4001}, 0x0)
r4 = socket$kcm(0x23, 0x2, 0x0)
sendmsg$kcm(r4, &(0x7f0000000140)={0x0, 0x0, 0x0}, 0x0)
openat$comedi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/comedi0\x00', 0x2, 0x0)
sendmsg$ETHTOOL_MSG_LINKMODES_SET(0xffffffffffffffff, 0x0, 0x0)

14.757134381s ago: executing program 0 (id=1615):
r0 = socket(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, &(0x7f0000000040)={'wlan1\x00'})
socket$inet6(0xa, 0x1, 0x0)
ioctl$sock_SIOCETHTOOL(r0, 0x8946, &(0x7f0000000000)={'veth0_to_batadv\x00', &(0x7f0000000080)=@ethtool_cmd={0x4e, 0x40, 0x1ff, 0x3, 0x6, 0x4c, 0x4, 0xb, 0x6, 0x0, 0x9, 0x10001, 0xaff0, 0xa8, 0xac, 0x5, [0xb, 0x8]}})
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0)
r1 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r1, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
mlock(&(0x7f00007d8000/0x800000)=nil, 0x800000)

12.19643533s ago: executing program 2 (id=1621):
r0 = openat$sw_sync(0xffffffffffffff9c, &(0x7f0000000640), 0x0, 0x0)
ioctl$SNDRV_SEQ_IOCTL_DELETE_QUEUE(0xffffffffffffffff, 0x408c5333, &(0x7f0000000500)={0x20, 0xe, 0x1, 'queue0\x00'})
ioctl$SW_SYNC_IOC_CREATE_FENCE(r0, 0xc0285700, &(0x7f0000000180)={0x1000, "340b7832ceefd131b8e6498c25f58fad9987ffe93bbabd18cf503204de974a27", <r1=>0xffffffffffffffff})
ioctl$SYNC_IOC_FILE_INFO(r1, 0x40103e05, &(0x7f0000000000)={""/32, 0x0, 0x0, 0x0, 0x0, 0x0})
bpf$MAP_CREATE(0x100000000000000, &(0x7f0000000440)=ANY=[@ANYBLOB="14000000040000000800000006"], 0x48)
r2 = socket$inet6(0xa, 0x80002, 0x0)
setsockopt$sock_int(r2, 0x1, 0xf, &(0x7f0000000180)=0x80000004, 0x4)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x8)
r3 = getpid()
sched_setscheduler(r3, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f07ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
connect$unix(r4, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r5, &(0x7f0000000000), 0x651, 0x0)
r6 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{0x6, 0x0, 0x0, 0x7fff7ffc}]})
close_range(r6, 0xffffffffffffffff, 0x0)

12.122602962s ago: executing program 3 (id=1623):
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x5)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x80202, 0x0)
r0 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r0, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
r1 = socket$netlink(0x10, 0x3, 0x0)
socket$netlink(0x10, 0x3, 0x0)
sendmsg$nl_route(r1, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000280)=ANY=[], 0x44}}, 0x20004805)
openat(0xffffffffffffff9c, 0x0, 0x300000d, 0x3)
fsopen(0x0, 0x0)
socket$inet_tcp(0x2, 0x1, 0x0)
r2 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x121301, 0x0)
ioctl$TCSETS(r2, 0x40045431, &(0x7f0000000140)={0x0, 0x0, 0x0, 0x0, 0x0, "00009200000000000000000000000058b200"})
r3 = epoll_create(0x5)
epoll_ctl$EPOLL_CTL_ADD(r3, 0x1, r2, &(0x7f0000000040))
syz_open_pts(r2, 0x0)
r4 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000000)={0x1, &(0x7f0000000100)=[{0x6, 0x0, 0x0, 0x7fff0000}]})
close_range(r4, 0xffffffffffffffff, 0x0)
epoll_create1(0x80000)
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f00000000c0)={0x1, &(0x7f0000000380)=[{0x6, 0x0, 0x0, 0x7fffffff}]})
sendmsg$IPSET_CMD_SAVE(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000080)={0x1c, 0x8, 0x6, 0x201, 0x0, 0x0, {0x1, 0x0, 0xa}, [@IPSET_ATTR_PROTOCOL={0x5}]}, 0x1c}, 0x1, 0x0, 0x0, 0x4008000}, 0x20004044)

12.121737451s ago: executing program 0 (id=1624):
syz_mount_image$ext4(&(0x7f0000000140)='ext2\x00', &(0x7f0000000000)='./file1\x00', 0x3000044, &(0x7f00000003c0), 0x1, 0x55e, &(0x7f0000001bc0)="$eJzs3d9rW+UbAPDnpM1+f7/rYAwVkcIunMyla+uPCV7MS9HhQO9naM/KaLqMJh1rHbhduBtvZAgiDsR7vfdKhv+Af8VAB0NG0QtvKic9abs1adIuWzrz+cDZ3jfnJO95cs7z9n1zTkgAA2s0+6cQ8WJEfJVEHI6IJF83HPnK0dXtlh9en8qWJFZWPv4zaWyX1Zuv1XzewbzyQkT8+kXEycLmdmuLS7PlSiWdz+tj9bkrY7XFpVOX5soz6Ux6eWJy8sybkxPvvP1Wz2J97fzf33509/0zXx5f/uan+0duJ3E2DuXrNsbxBG5srIzGaP6eFOPsYxuOr/7XizZ3haTfO8CODOV5XoysDzgcQ3nWA/99n0fECjCgEvkPA6o5DmjO7Xs0D35uPHhvdQK0Of7h1c9GYl9jbnRgOXlkZpTNd0d60H7Wxs9/3LmdLdG7zyEAOrpxMyJODw9v7v+SvP/budNdbPN4G/o/eHbuZuOf11uNfwpr459oMf452CJ3d6Jz/hfu96CZtrLx37stx79rF61GhvLa/xpjvmJy8VIlzfq2/0fEiSjuzerjW7RxZvneSrt1G8d/2ZK13xwL5vtxf3jvo8+ZLtfLTxLzRg9uRrzUcvybrB3/pMXxz96P8122cSy980q7dZ3jf7pWfoh4teXxX7+ilWx9fXKscT6MNc+Kzf66dey3du33O/7s+B/YOv6RZOP12tr22/h+3z9pu3WPxB/dn/97kk8a5T35Y9fK9fr8eMSe5MPNj0+sP7dZb26fxX/i+Nb93/r5/8va6+yPiE+7jP/W0R9f3tdN/H06/tPbOv7bL9z74LPv2rXfXf/3RqN0In+km/6vw34VY8dnMwAAAAAAAOxehYg4FEmhtFYuFEql1fs7jsaBQqVaq5+8WF24PB2N78qORLHQvNJ9eMP9EOP5/bDN+sRj9cmIOBIRXw/tb9RLU9XKdL+DBwAAAAAAAAAAAAAAAAAAgF3iYJvv/2d+H+r33gFPnZ/8hsHVMf978UtPwK7k7z8MLvkPg0v+w+CS/zC45D8MLvkPg0v+w+CS/wAAAAAAAAAAAAAAAAAAAAAAAAAAANBT58+dy5aV5YfXp7L69NXFhdnq1VPTaW22NLcwVZqqzl8pzVSrM5W0NFWd6/R6lWr1yvhELFwbq6e1+lhtcenCXHXhcv3CpbnyTHohLT6TqAAAAAAAAAAAAAAAAAAAAOD5Ultcmi1XKum8gsKOCsO7YzcUelzod88EAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAOv+DQAA//8Kozfs")
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x8)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r0, 0x2, &(0x7f00000001c0)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f05ebbeee, 0x8031, 0xffffffffffffffff, 0xfffff000)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r2, 0x0, 0x0, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
lseek(0xffffffffffffffff, 0x7fffdfff, 0x2)
socket$inet6_tcp(0xa, 0x1, 0x0)
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000080)={0x0, 0x0, 0x42, 0x0, 0x1}, 0x28)
syz_open_procfs(0x0, 0x0)
fchmodat(0xffffffffffffff9c, 0x0, 0xfffffffb)
mkdirat(0xffffffffffffff9c, 0x0, 0x14e174135c0b87af)
creat(&(0x7f00000004c0)='./bus\x00', 0x20)
r3 = socket$igmp(0x2, 0x3, 0x2)
ioctl$sock_inet_SIOCSARP(r3, 0x8955, &(0x7f0000000a80)={{0x2, 0x4e23, @empty}, {0x0, @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x3}}, 0x4a, {0x2, 0x0, @rand_addr=0x64010101}, 'lo\x00'})
r4 = socket$netlink(0x10, 0x3, 0x0)
writev(r4, &(0x7f00000003c0)=[{&(0x7f0000000180)="390000001300034700bb65e1c3e4ffff01000000010000005600000025000000190004000400000007fd17e5ffff0800040000000000000000", 0x39}], 0x1)

10.45495767s ago: executing program 2 (id=1625):
bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0x6, 0xc, 0x0, 0x0, 0x6, 0x0, 0x0, 0x40f00, 0x62, '\x00', 0x0, @fallback=0x2e, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x8000}, 0x94)
openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x40040, 0x0)
r0 = syz_genetlink_get_family_id$ieee802154(&(0x7f0000000300), 0xffffffffffffffff)
sendmsg$IEEE802154_ASSOCIATE_REQ(0xffffffffffffffff, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000640)={&(0x7f0000000180)={0x14, r0, 0x1, 0x70bd28, 0x25dfdbff}, 0x14}, 0x1, 0x0, 0x0, 0x4044080}, 0x0)
ioctl$sock_SIOCETHTOOL(0xffffffffffffffff, 0x8946, &(0x7f0000000080)={'netdevsim0\x00', &(0x7f00000000c0)=@ethtool_sfeatures={0x17}})
sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x14)
r1 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r1, &(0x7f0000000380)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc-cast5-avx\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r1, 0x117, 0x1, &(0x7f00000004c0)="2c385a7af3", 0x5)
r2 = accept4(r1, 0x0, 0x0, 0x800)
sendmmsg$alg(r2, &(0x7f0000000040)=[{0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000080)="f78d9ca38fff48f3be52163448412ba8", 0xfffffe3f}, {&(0x7f0000000140)="ebe3a0e9796cfd1647e299f4e376fdba128280b372219d205e81f4a7f71c1926aae1efd7e0054a863f3d5cfe6cb55b5bb9fa6935849e6098ed884e7cb51726b360fbb37b4fe035bbb095873048", 0xff31}, {&(0x7f00000003c0)="e8700e444d50a969ff67347cff6127e6ef12ee3819271482a4975a52c1ab9b8b4db3945d1032005eabe97b4dc33a47d3a158da988456d30026b433186f53cdcdb93a4722bf306a10470d50f5cb1ece9ead3459bab1cf1538cd0b157653c5e892962c80f158c443e9c6ad7d2a8103ef2f4b93766b9a21501f94c1568b13756b66f74f46cf801704d2da8b96c34070b233af0afcc436712e58ed25e721193af05a045ad3fdc928f02f3dbad19d3e66eebda2e63f3f46ef4511cee26d7b48241847bf9e343ef4674c45e2a085060f11"}], 0x1, &(0x7f0000000380)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18}], 0x1, 0x40800)
recvmsg(r2, &(0x7f00000005c0)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f00000000c0)=""/81, 0x7ffff000}, {&(0x7f0000000200)=""/83, 0x20000253}], 0x2}, 0x0)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
r4 = syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r3, 0x8933, &(0x7f00000013c0)={'wlan1\x00', <r5=>0x0})
sendmsg$NL80211_CMD_FRAME(r3, &(0x7f0000001380)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000dc0)=ANY=[@ANYBLOB="f4060000", @ANYRES16=r4, @ANYBLOB="01000000000000e14f003b00000008000300", @ANYRES32=r5, @ANYBLOB="d50633008000009effffffffffff080211000001"], 0x6f4}}, 0x0)

10.431073071s ago: executing program 7 (id=1626):
r0 = socket$kcm(0x29, 0x2, 0x0)
r1 = memfd_create(&(0x7f0000000640)='\xcd\xff\xea\x1f\x02\x00E\x88-\xb0\xbc`(\xe8\x92\xe9\xf9\xd0\x803\x05\x00R\xac\x15\xfb\x8e\x7fx,\x9c\x00\x00\x00\x90\xc7\x11U\xdcd\\\xdc\x1b+\tq\xf4\xbe\x99\xd6\x11;\x9b\xc4\xad\xf73|J\x96\xf4L\xfb\xf2\xba\xe5\xdd0 }\x9bdq\xa9X\xed\xef\xf2\t\xafN\x80\xe2\x14\xbc\xc3Le\xe2p.&\x00\x10N\xe6\xd5\xfb]\xe4\x9a\x83FS\xc4&\xf3T\xa8\x8b\xb5L\xafx\x9cco&?\xb1\x95?z\xd3\xdb.7\xc1\xc8b\xe9|\xaaM\x04+*\x18\x86!:\x7fp\xf1\xacsPxx \xf3\x14w\xb6\x8e\xae\xa3\x11\x02\xd0N\xfcu\xc7\xb0\nr\x95l\xc7\xbc\x0e;\xcb\xfbn\x03\x935\xfb\xf8Z\xd0V-,\xf1\xea\r\xef\xfe_\xee\xb1\xc0\x06\xbegmU_*\xd7\x1f\x00'/219, 0x2)
openat$ptmx(0xffffffffffffff9c, &(0x7f0000000100), 0x240, 0x0)
openat$binderfs(0xffffffffffffff9c, 0x0, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x1000088}, 0x0)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x80200, 0x0)
r2 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x8081)
writev(r2, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
r3 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000340), 0x60405, 0x0)
ioctl$TIOCSETD(r3, 0x5423, &(0x7f0000000100)=0x1)
ioctl$TCSETS(r3, 0x89f2, &(0x7f00000011c0)={0x6, 0xffff, 0x0, 0xd, 0x0, "5dee000000594000"})
r4 = socket$inet6_sctp(0xa, 0x1, 0x84)
setsockopt$inet_sctp_SCTP_SOCKOPT_BINDX_ADD(r4, 0x84, 0x64, &(0x7f0000000280)=[@in6={0xa, 0x4e23, 0x0, @loopback}], 0x1c)
sendmmsg$inet6(r4, &(0x7f00000003c0)=[{{&(0x7f0000000080)={0xa, 0x4e23, 0x0, @loopback, 0x280020}, 0x1c, &(0x7f0000001640)=[{&(0x7f00000000c0)="d2", 0x1}], 0x1}}], 0x1, 0x8080)
epoll_create(0x7e)
pselect6(0x40, &(0x7f00000001c0)={0x0, 0x0, 0x20000000000, 0xffffffffffffffff, 0x0, 0xfffffffffffffffd, 0x1000001000, 0x46}, 0x0, &(0x7f0000000000)={0x3ff, 0x7, 0x0, 0x9, 0x0, 0xd, 0x80000002}, 0x0, 0x0)
pwritev(r1, &(0x7f0000000540)=[{&(0x7f0000000240)='\x00', 0x1}], 0x1, 0x3, 0x0)
sendmsg$inet(r0, &(0x7f00000009c0)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000001a00)="1b0ea417", 0x4}], 0x1}, 0x800)
sendfile(r0, r1, 0x0, 0x8000fb00)

10.356892082s ago: executing program 3 (id=1627):
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$inet_tcp_int(r0, 0x6, 0x8, &(0x7f00000000c0)=0x2, 0x4)
r1 = syz_io_uring_setup(0xd7, &(0x7f0000000280)={0x0, 0x0, 0x1000}, 0x0, 0x0, 0x0)
r2 = semget$private(0x0, 0x4000000009, 0x0)
semop(r2, &(0x7f0000000080)=[{0x0, 0xec7b, 0x1000}], 0x1)
r3 = socket(0xa, 0x801, 0x0)
r4 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r4, 0x0, 0x0)
sendmsg$NFT_BATCH(r4, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000940)={{0x14}, [@NFT_MSG_NEWRULE={0x14, 0x6, 0xa, 0x40b, 0x0, 0x0, {0x2}}], {0x14}}, 0x3c}}, 0x0)
getsockopt(r3, 0x0, 0x14, 0x0, &(0x7f0000001ffc))
semtimedop(r2, &(0x7f00000001c0)=[{0x3, 0x5903, 0x1000}, {0x3, 0x0, 0x1000}], 0x2, 0x0)
syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0)
lstat(&(0x7f0000000040)='./file0\x00', &(0x7f0000000300)={0x0, 0x0, 0x0, 0x0, <r5=>0x0})
fsetxattr$security_capability(r1, &(0x7f0000000000), &(0x7f0000000380)=@v3={0x3000000, [{0x80000001}, {0xff, 0xffffffd0}], r5}, 0x18, 0x0)
vmsplice(0xffffffffffffffff, &(0x7f0000e79000)=[{0x0}], 0x1, 0x0)
ioctl$VHOST_SET_OWNER(0xffffffffffffffff, 0xaf01, 0x0)
r6 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r7 = ioctl$KVM_CREATE_VM(r6, 0xae01, 0x0)
r8 = ioctl$KVM_CREATE_VCPU(r7, 0xae41, 0x0)
ioctl$KVM_SET_MSRS(r8, 0xc048aeca, &(0x7f0000000100)={0x8, 0x0, [{0x0, 0x0, 0x7}, {0x400000b3, 0x0, 0x1}, {0x9bd, 0x0, 0x66}, {0x9a7, 0x0, 0x2000000f0a}, {0x809, 0x0, 0x3}, {0x879, 0x0, 0x8}, {0xada}, {0x827}]})

10.259722533s ago: executing program 1 (id=1628):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000180), r0)
io_uring_enter(0xffffffffffffffff, 0x4c5f, 0x2915, 0x2, 0x0, 0x0)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000001c0)={'wlan0\x00'})
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
mkdirat(0xffffffffffffff9c, &(0x7f0000000240)='./file1\x00', 0x94)
mount$fuse(0x0, 0x0, 0x0, 0xfc5cd7921c2c19c4, &(0x7f0000000400)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=0x0])
mount(0x0, &(0x7f0000000380)='./file1\x00', &(0x7f0000000040)='autofs\x00', 0x0, &(0x7f0000000400))
chdir(&(0x7f0000000080)='./file1\x00')
mkdirat(0xffffffffffffff9c, &(0x7f0000000200)='./file0\x00', 0x220)
unlinkat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x200)

10.198894724s ago: executing program 0 (id=1629):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
socket$can_bcm(0x1d, 0x2, 0x2)
mprotect(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x1000002)
socket(0x10, 0x3, 0x0)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
r2 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f00000002c0)={'wlan0\x00', <r3=>0x0})
ioctl$DRM_IOCTL_MODE_CREATE_LEASE(0xffffffffffffffff, 0xc01864c6, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r4 = getpid()
sched_setscheduler(r4, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r5=>0xffffffffffffffff, <r6=>0xffffffffffffffff})
connect$unix(r5, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r6, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r5, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$NL80211_CMD_TRIGGER_SCAN(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000300)={&(0x7f00000000c0)={0x1c, r2, 0x1, 0x70bd2d, 0x25dfdbfe, {{}, {@val={0x8, 0x3, r3}, @void}}}, 0x1c}, 0x1, 0x0, 0x0, 0x14001}, 0x9590f6cc3ea35512)
r7 = syz_genetlink_get_family_id$ipvs(&(0x7f0000000f40), r0)
sendmsg$IPVS_CMD_NEW_SERVICE(r0, &(0x7f0000001100)={0x0, 0x0, &(0x7f00000010c0)={&(0x7f00000001c0)=ANY=[@ANYBLOB='p\x00\x00\x00', @ANYRES16=r7, @ANYBLOB="010067bd7000fbdbdf25010000005c00018014000300fe80000000000a0000000000000000bb060001000a00000008000600777272000c0007002e000000050000000800090027150000060002001100000008000b00736970000800080009000000060004"], 0x70}}, 0x20008800)

9.906780187s ago: executing program 2 (id=1630):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
close(r0)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
close(r1)
r2 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r2, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000240)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a28000000000a030000000000000000000a00000708000240000000020900010073797a31000000002c000000030a010100000000000000000a0000070900010073797a31000000000900030073797a320000000014000000110001"], 0x7c}, 0x1, 0x0, 0x0, 0x4000}, 0x0)
sendmsg$NFT_BATCH(r2, &(0x7f0000009b40)={0x0, 0x0, &(0x7f0000009b00)={&(0x7f0000000100)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a4c000000090a010400000000000000000a0000040900010073797a310000000008000540000000020900020073797a310000000008000a40fffffffc080003400000001408000c4000000e45400000000c0a010100000000000000000a0000060900020073797a31000000000900010073797a310000000014000380100000800c00018006000100d103000014000000110001"], 0xb4}, 0x1, 0x0, 0x0, 0x4000850}, 0x40)
sendmsg$NFT_BATCH(r1, &(0x7f0000009b40)={0x0, 0x0, &(0x7f0000009b00)={&(0x7f00000002c0)={{0x14, 0x10, 0x1, 0x0, 0x0, {0x5}}, [@NFT_MSG_NEWSETELEM={0x48, 0xc, 0xa, 0x101, 0x0, 0x0, {0xa, 0x0, 0x6}, [@NFTA_SET_ELEM_LIST_SET={0x9, 0x2, 'syz1\x00'}, @NFTA_SET_ELEM_LIST_TABLE={0x9, 0x1, 'syz1\x00'}, @NFTA_SET_ELEM_LIST_ELEMENTS={0x1c, 0x3, 0x0, 0x1, [{0x18, 0x0, 0x0, 0x1, [@NFTA_SET_ELEM_KEY={0xc, 0x1, 0x0, 0x1, [@NFTA_DATA_VALUE={0x6, 0x1, "12ad"}]}, @NFTA_SET_ELEM_FLAGS={0x8, 0x3, 0x1, 0x0, 0x1}]}]}]}], {0x14, 0x11, 0x1, 0x0, 0x0, {0x3}}}, 0x70}, 0x1, 0x0, 0x0, 0x4000850}, 0x40)
sendmsg$NFT_BATCH(r0, &(0x7f0000009b40)={0x0, 0x0, &(0x7f0000009b00)={&(0x7f00000002c0)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a400000000c0a010100000000000000000a0000060900020073797a31000000000900010073797a3100000000140003"], 0x68}, 0x1, 0x0, 0x0, 0x4000850}, 0x40)

9.229754865s ago: executing program 1 (id=1631):
r0 = syz_open_dev$MSR(0x0, 0xfffffffffffffff7, 0x0)
ioctl$vim2m_VIDIOC_ENUM_FMT(0xffffffffffffffff, 0xc0405602, 0x0)
syz_genetlink_get_family_id$ethtool(0x0, 0xffffffffffffffff)
socket(0x1e, 0x5, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r1 = creat(0x0, 0x0)
r2 = getpid()
sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x3, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
mmap$KVM_VCPU(&(0x7f0000ffb000/0x2000)=nil, 0x930, 0x0, 0x4018831, 0xffffffffffffffff, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$kcm(0xffffffffffffffff, &(0x7f00000016c0)={0x0, 0x0, &(0x7f0000000400)=[{&(0x7f0000000040)="d80000001e0081054e81f782db4cb9040a1d080006007c095dd2086518000a800000000003600e1208000f0000000406a80016c008", 0x35}], 0x1}, 0x85)
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000001c0)=ANY=[], 0xf8}, 0x1, 0x0, 0x0, 0x2000c814}, 0x4000)
dup2(r0, r1)
r5 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
write(r5, &(0x7f0000000440)="41000200010003", 0x7)

8.896187538s ago: executing program 2 (id=1632):
r0 = openat$sw_sync(0xffffffffffffff9c, &(0x7f0000000640), 0x0, 0x0)
ioctl$SNDRV_SEQ_IOCTL_DELETE_QUEUE(0xffffffffffffffff, 0x408c5333, 0x0)
ioctl$SW_SYNC_IOC_CREATE_FENCE(r0, 0xc0285700, &(0x7f0000000180)={0x1000, "340b7832ceefd131b8e6498c25f58fad9987ffe93bbabd18cf503204de974a27"})
r1 = bpf$MAP_CREATE(0x100000000000000, &(0x7f0000000440)=ANY=[@ANYBLOB="14000000040000000800000006"], 0x48)
r2 = socket$inet6(0xa, 0x80002, 0x0)
setsockopt$sock_int(r2, 0x1, 0xf, &(0x7f0000000180)=0x80000004, 0x4)
bind$inet6(r2, &(0x7f0000000040)={0xa, 0x0, 0x0, @empty}, 0x1c)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x8)
r3 = getpid()
sched_setscheduler(r3, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f07ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
connect$unix(r4, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r5, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r4, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000340)={r1, &(0x7f0000000280), &(0x7f0000001840)=@udp6=r2}, 0x20)
r6 = socket$nl_generic(0x10, 0x3, 0x10)
r7 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000040), r6)
sendmsg$TIPC_NL_PUBL_GET(r6, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)=ANY=[@ANYBLOB="18000000", @ANYRES16=r7, @ANYBLOB="130f000000000000f6ff06"], 0x18}}, 0x0)
r8 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{0x6, 0x0, 0x0, 0x7fff7ffc}]})
ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x2e)
close_range(r8, 0xffffffffffffffff, 0x0)

8.119497797s ago: executing program 3 (id=1633):
sendmsg$inet(0xffffffffffffffff, &(0x7f0000003c00)={0x0, 0x0, &(0x7f00000039c0)=[{&(0x7f0000000600)="447df50ce4033a7b5ad00b83244c00b711803e7cca2504a2600da98efff9e7d67f87b17ffd582b04d632ebd866f28678899ae0d6306cd39420b7b7f78dea", 0x3e}, {&(0x7f00000006c0)="080c0434", 0x4}, {&(0x7f0000000780)="4274aa814c8f6ea8d8db43178dd2f41ef596a3ca465412910e05cba0f5d97e67886d55be18cac95a1aa093479596c3613670aaf2a3b1edc465bedfdb5156035719c0baa8bb8bf2a825ec04f424dda801fea000f41edc43511e9c8bf89656071e91ae4c356d6a9ca608af6b83cc9f3d9ae37c2bfab2e5708062c659e4", 0x7c}], 0x3, &(0x7f00000008c0)=ANY=[@ANYBLOB="ac1414bb0000000000000000140000000000000000000000020000000600000000000000d8000000000000000000000007000000072b52000000000a0101020a010100ac14141b640101020a010102ac1414bbac14143ee000000200000000071731ac14143cac1e0101e0000002ac1414aaffffffff442cdf11ac1e010100000005ffffffff"], 0x1a0}, 0x41)
r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000280)='blkio.bfq.io_serviced_recursive\x00', 0x0, 0x0)
pwritev2(r0, &(0x7f0000000fc0)=[{&(0x7f0000000980)}, {&(0x7f0000000b40)="63c8759628d8e9ed614413e247d386b3096fed276d332309d68986d3f7af05943ab75c034167c6a07aa6ee89716d07346fd52cf6dcd247fac2c219747ba584e50d2aeff39014e715dc321d1ed2de88714dab5f067a57ea0df617acc735ec0eb66689602f2cb3bebaa0cd78e47967a505e68b4afbbe8e76e8f394bffc6de487be94f4914a4fd4a1e7683c4c6040c0ed2fe7d607bebe1d366397de7ee0acb7c32294ff870ec8027d59c7d95b", 0xab}, {&(0x7f0000000c40)="e2b95701f4fec49beae0fb2a8854201e807aa612fa70329347e64f01351a1c3b2bfd01c7d046dea576cd758d6f2047fed8cdc3d22410b3833fd90703d03d2845f4865b59db3650a8b42f740eb436fd7d8344eec55eec9c2623d86853471d429182b046d4240ab3352026200792849ba97be338b279bb0132e93c6c491b2f9555644c7597be81", 0x86}, {0x0}, {&(0x7f0000000d40)="52d51bbbf61822978f30974c2fe603d82c8af1451ae6146edc6a19b8b57d245e42cf0d24b12866bb4ef591015ffab441dae4418f908983227cb890d9a92aa47a80c4f2608781cedaba44d59f547690c62454385a79360f4e7768f713", 0x5c}, {&(0x7f0000000e00)="30ceabe93a5c632f420ed95afc616e63cee2ebe833276a46d5782dd3c9f0ffe05bbe0f4ec820db268536744353119298e683897c5e2d45255690ca", 0x3b}, {&(0x7f0000000e40)="ab55d7618fa466ee4e1463e3ba5004661251354ae8ca2414e188099e6580688c14c7898bbb2243c00aa838d72acb524979451966aacd9c650af7e613897a9798e89bb6306a6d890bbff61afa4c42b43c592a94b74e539e2cedd3498f6e862e85be45d165dfbbf2f9384bdb4789c32b87f7c3860c69942aa8c6f2a00597c9fff43e5ecffb2da0ca5a567c61a1ebac2275121b5570e8ec6cf0cbeea1192d9e46ef0d83ace4449763ca72f3643e5a058c685a25b60264153c6a248521c21ce238cb03dfc2b8ccb47b724494cf3b2d483d20d13efaeeebe14cd23a", 0xd9}, {&(0x7f0000000f40)="96e56842fa01c6c71c61eaa252d367d91c10ef622b1a519d49c0db8ccc3639d2ac66d648f7e71af811684308b8c4b2ced4c820d192dd2bbab3562c82495289caacc66fadde6be27c0762016b49883f50deacd9a3be661ca3a809bd1239987a7a3483e5f89966d2c82cf22ff1640d750ad778", 0x72}], 0x8, 0x2, 0xd, 0x5)
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000540), 0x82, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
r3 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r3, &(0x7f0000000380)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc-cast5-avx\x00'}, 0x58)
syz_emit_vhci(&(0x7f0000000340)=ANY=[@ANYBLOB="040e33"], 0xd)
setsockopt$ALG_SET_KEY(r3, 0x117, 0x1, &(0x7f00000004c0)="2c385a7af3", 0x5)
ioctl$I2C_SMBUS(0xffffffffffffffff, 0x720, &(0x7f00000002c0)={0x1, 0x7, 0x8, &(0x7f0000000180)={0x5, "1d27f0db2e1f25eff995475188afe0ebe9bab69516a5e88a718dca33021b22b650"}})
r4 = accept4(r3, 0x0, 0x0, 0x800)
sendmmsg$alg(r4, &(0x7f0000000040)=[{0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000080)="f78d9ca38fff48f3be52163448412ba8", 0xfffffe3f}, {&(0x7f0000000140)="ebe3a0e9796cfd1647e299f4e376fdba128280b372219d205e81f4a7f71c1926aae1efd7e0054a863f3d5cfe6cb55b5bb9fa6935849e6098ed884e7cb51726b360fbb37b4fe035bbb095873048", 0xff31}, {&(0x7f00000003c0)="e8700e444d50a969ff67347cff6127e6ef12ee3819271482a4975a52c1ab9b8b4db3945d1032005eabe97b4dc33a47d3a158da988456d30026b433186f53cdcdb93a4722bf306a10470d50f5cb1ece9ead3459bab1cf1538cd0b157653c5e892962c80f158c443e9c6ad7d2a8103ef2f4b93766b9a21501f94c1568b13756b66f74f46cf801704d2da8b96c34070b233af0afcc436712e58ed25e721193af05a045ad3fdc928f02f3dbad19d3e66eebda2e63f3f46ef4511cee26d7b48241847bf9e343ef4674c45e2a085060f11"}], 0x1, &(0x7f0000000380)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18}], 0x1, 0x40800)
recvmsg(r4, &(0x7f00000005c0)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f00000000c0)=""/81, 0x7ffff000}, {&(0x7f0000000200)=""/83, 0x20000253}], 0x2}, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000840)={0x1, 0x2, 0x3000, 0x2000, &(0x7f0000003000/0x2000)=nil})
r5 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x2)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r5, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000100)=[@text32={0x20, &(0x7f00000000c0)="650f340f3566b842000f00d8b805000000b9a00000000f01c13e0f070fde460b0f0130670f01c2f2360f217a0f07", 0x2e}], 0x1, 0x11, 0x0, 0x0)
pwritev(0xffffffffffffffff, &(0x7f0000000b00)=[{&(0x7f0000001880)="ea7c5828b87d70214008724bcae1ce6577c01031b19698ecb8a7f5183947918ce2cc9dc778dbfff9e28e1a6df7d8f95c3e45768a6786d6325bc0fe4ed394c8ed0edcbb9f917074251a7f5b6b24c52516a68f181592262dfd12b5af7386658c5fb6c36d86d5084624a302a155c0463b6c36e9fc88338b0f66e2713728a21d19d9a33da93d419df63d8a87fa100381ec74de8b7409f4977d3cd7a9f2fb03cec91c4277b39b2c9f227a9b74926a11960d085e2aaf98673d2a67fa95b8d9dcc72ca6181f6b9b2d1c402267e6cfef5599e1520077d9bc472fb5a5db42b1befd498ec7b8d519b12f065323b15280a2540bc7a4ffe508fc12f93707064caf4111e893142f9867b432b1e6258caa2ae081b8b646c25de7f5366a21f9dd257b84546cd316e17b79d22c4bcaf70e8a96d1e502b53c581c75482d1d63f0d5f3fb5bdbb714583f0798e0c4d6c9d99513e91a68a26612053290f15f5a2e06acfa229356e37b4d57697224e9561c0430a67fcb5dea72acc91e60751a5b07eb603548a646f082ce213347b4ee908bd95cc56775330aa09d4f19f48a8cb5d7f6346d82bab8ff019309684bd01eb4d90febe2269cd2a1100130c242a2995ce38638a3bbc9008ac0e820a1e0b9a9511af47aa7f3e30a69589985423f3b4ea98152433bf1aa53a0981f783f11c4cc50f70fe63b2043b74b9cb7da59caedadc1fa1f662831a353969893d4f93b919cda52a1ce2200a0a7895abb293c29d6d197cce98a4df8fc90c582014742a00b4bd09f1fcc5ff5753320d2b5593e657c0fb87a4cfa323ce59111eea806a6e020fb0c4fdd601087811e33e793975b5e9e936c16d243bdea757e0ee4508f5d5b496ed07b6f0f1f46ed752448f30d679b23ba8142d4ab25beb913ee77547866e5d9501a55e9797ba3407f3f4cc11398bdaf3ac4c2e79a5b133a09fcf8ae790bb985fa01daf2758fd8a77fde15a822227dddf64bb2ebc49a56ad025e01c6c59e4818abdf808789d9f87c103cf7f7d21d2a1345b9b7fd66b1cf96002343fbd62f8080d945e70bd93d4bf42b401477abed49065b4a8ccfb9d93724118168de2e8df4f78ccf3b9593f993423a619ef6bd8392a2cfc6424d3687fcdc67d33073db95d856f312b934d05a3c4e967217837920fee73b00757b617d1ef3bfc2e88a8a72f0948263db2c9e7bd491f059b6ee8d0ea3f2193314562910529869b248172bfe0f914f7a91a27c6e9e6c2e3455a7ae765392b48fc959958aa39a5a483b2a6e873ac76f8579515e42f7a3bbc82bcf71edaf12f7b40a2adc74d67ef793988cc8ac788185049e57fb84757bdc700ffde10afc19df290787ed98222f8afb2b6d11944666331350e2914466b398750acae526146373b2cbe1bdd1803e6c920a182a1ad118a3d09313c2ce2703a0a1c09215cab90c35b03b1c795cf704f42dd31ddff6be67bb355977b2e07609c5228299a170308e54705674384fc294cdfa4abf989d3c3bf3eabbbcf52a6a0646bf6db5b61ad027007464fd6fc10490ee2e9190c28ae5cb3733105cb782c0d53e5c79c3e455609d557d824154d01e282788ec8ae7c8a03fcd6cd4e37829b0f921c46d715454d5e1281c641cf0756a2f31b0369ce94e819e6254af95b88bffd7bb2cfe9469d303497fead174839b2789b5aa703176510eab1f46916b3b63f6f5b2df262fe7274a0cee9bd6e115e5f9f48ac1c09e5b3c546ae95b9916a633869854d3ee39d4acb800e876e7fc084ffd79a20fca8331caff657ec89b445c6012ff7eb9531eb1e8c90cdc66b82d6fd608310099503a9dcf50b40d10a3b1ab520477e20ad5f6405cd4b5b36d201e12088d7868c6e94737ea88db6ed5f7df4d31cbd2d0c4f21cdcc3b181f5aae7216dc4c06b2989bb44e5369ba96ce87f3e3abbb530d103a53d7e0b914115c302c935eea7d256a73aa851d84dec6d9112163be8135889c67fa90e796a6f050fba0a6a740618cd513748072daac9f3e25034772cc400a14834afbde835bc9fd7cf1113d67ebe99a3b78907596886ad5a1670ef572c18e26c98fe40194428de339cba7b8efc5fa7faf7512ef6b89a877f3e534fb4512729df686e14aece08fab3b42ea14acde0e18ffe5dc00e74288661c7463e00f3b942cddf3b71e1dcf71989f378b933df099316451cca296a4e117bbeb3b1e552e5a10f9731449ae830de14989049ce818f720e77e78a86c307c80450b26278bc25ee7390ce6d4c4dfc8d39b6b4b1ce6f3865dbdd1d37aedb555288bea9ef95c8600dea1cd10e9e42d15aa804f99a31bfaa5ea52185333d734c766e3bb4a9abf86cf4d840dc188167a25cc3054b65fd7ce053d38518474ab55e59c1ccaf34d57b4cd73b07ed63d754ab3d57dfc0f67bbdb22e33d9f63aa2b36cf0af338794d4acbd1b13669bde67f7bd032f9c6b400e8054a0cff77fc6e0591195b21715e42c881e23156b4ba504d7e1b6eb9c2ec9b9e382d85f7c52bd964d305da9496dbaa022880ddf236730c458f31258d64ae2668aa863b3fe558c7f8cfb3dabf42edcaf2891e9b9462c44153658eae85cd499abd9dca762adf26d9904d28b772b3fc3d066d56261474c944387ac7eb00059025ff25e34b8f7c2986db1ccc4297e1315c3ceeef1b8f98e0500bbb8bb0ab52d80f8c6c8fa5d24b9a05f5350e2fd59af4b9fa9a2b4339b61e208f227ba968d4dbd36246133de2078c6a15dd57754a3537c31d04da545f062dbf9cbaa0840e23974f441a4d5937fec23ff81c193bd951a7bacac8eb6d4705702cbe3c930f27869753ba6026455bbb7742c53644f1646d7545467091a207905f831505f214fbd818aea4455705b5e727850cdcac40620135b8dba85cb0c0f393af252ec082cba5c43385fbc2cc5682bc1994b064e29c8c5a20e7e6d15fbb13e6fd1a86b2fda666fbcd80fd08be00a7423fcafbdd8283bac88ead203bc10d1c1a13ca2fe853fa6cc8991b0476561be085b086b0d0e45f73e59f519342c13f368a37464cb55b8a13846f4cd610536d5c4b8704fcd347abe6712d3de67d7918e6954898f31647a8ea37ecc2e1bb02b1b26e7a60fbb2b0a48efc5795c12d5c4ac8dc4149dea0f2e085422ec69352882622711b74e1e32c7ead2cf3c554e8ff1648e8b66d0dc6997b6304b3b560a33d75aa49476175a386ca721156ea79bdba432d439dbceb0285561abd5d134badd9f38c04fae8fa920edfff15705371c907848c14acdfb0b22a4c7168e1840e8b8a50349dcee5f429b3cb34e30f0f67acf93604792b8574f36ea9409d422621f3c0c7b781fc8e23d1d46f04a9b44f633e5f72cb079fbde66a9745705666c6dab6238628e57ee6cffa8cfad616dac1abe2789c9efccb4fc7e65e490d9a4e49e7ce72a6980e72f70a17649e67de86f86b61a4b6219daefc939b5904e5712ecaf85c98484fc02585b1aa990b95173e4a2907cf877af696e528e6b2b634a4fb7d791cacc8644fa76e062148d411e18f0da5aed22116828cd700a28e8f46bca950550acb4ab05eddeb6b2dac24702cff4de0a3ece393cac879ed2f0c5b9645839cfdb79fb1df87596b14504cba9dddda51edaffcd0214b91b5898ea022774e699aa0caf0f646cc0cb8e8fc8b8be43c23aa7f6bd29fd0615c0b78f3514a52989d7f35ad08a4bd473e61da6657cc2e85d3b2b7d3fb51174a96f27038ddbc87a35e09a668e436aa40146c6a26dca87b39220f139b772719d80aadb752c622bf09acd6846838fb48a8817ba4aa72eaa32e82251b3789969d8518f9aa07cdcb9a355f73f119725c086168aaca262f13cd742e5f06c969a462638a557e15a4f5d43e3242c08f23b00d2b8d57c60d3636abd4068ec03a4be3429b95e41351ab5c58812e552df90c3e6c9d8779aa484e74f073ea9fcdce13b1dff8e7c101b2c6865c5cefe108e3559f520e2bc42c9dc39b57fddb44ca49f2689e10c1381c0740d20cbca46da475c62f513cb08398a5fd5d4f6b13ce839fe149df0d291a8f7267fe90a7e1845dace17cd927c2d1aeffbdc36bb983172ceff025e84b0419645fcc72897b992f5081c78756122391947f08ccd20806cfc2bded705b472fc52e84734e016cbd309aadebbbb4e8bdfed77b1e0b15ce0904838d9e4d64643df66f0353c377e554b428dc0f31189a134cdb8e66d2755e84c2b2409c3d63a81f5f05616baf6a243b09153a4f8289e15a5a4ffb007b0cbeffde25391bb2acd86b453e245643c0fa1dfe5d42e0e3f1c592a00b77f0133adf7989c6c2bf3ddc0b8a2b14f35d33f62f4ee2fc56166372058e997b9abe6bad8aa718f8d87ad095e8f354aaef540840437b5451771266a8358ed75954db52b38bca4a1c8696dca1de03b12627254409f8bb68c94eeaa1a8bcf894482b96e81b9ff5c2383a907537a191aff0bb5b5418ef5670cecca1cfbd41b61879b11a5a5053cd86cf5d61f8c2f7d7ad2034a1801b3b92a79ac3b4343c680008b1ba10577a35173cac6d4dbc1d00e436f238b57093b34d4ea19c225b84a2d6086cc6cf72595b980c88142d268bbf9c8375a93afe75c3583b3b9687368d78147985d209e6d89c335e948c51696a948f01ad062dcf84a99584466e24646b2e441fefb10ef962432f2925d6d98e790acf4ca7d9339a589a537aa3392ec79f34a6544144072ab8248e45ac560a78c70c5afcbf10909299dfcd67981c88780c1340c951e115ffec56d23b9ead6a55024e199238f4b133e3e1e0e84318b5037a3947ae09749c25c7e4887936ecf0ba9a807dfa471ea1f3350b70feb58dc9e2836365ce4db456a341e43410cac1253fe08e79c21fca932716f4c171fc957cb325737b70532d81f0eb2f0a16478c0d934165728f7b29a8a0ff6bc964e99dea26d3efd28336b00c112a26da7a2ea1c21a9688cc3a68293958edf27ae89e5f9b8348af4121028e760cf68c931af92906d27dad4d330df9201b5395ccce0c803806422883667ccb11438d9dbe1901d4ab98d89914b313338486deb6f748053517e2188c479adb1eabb8e8ed5d05bb3f66826fae83bbc5bce3615ee32d937ffbe8846a1156aaf7bf9b9d4189bdf290b3df254077688eeda824d6ea0a452f7e7f915c1a94ee250a3907ec035d7ba7bb0256811f04646ca156b8925506c774df4d4072c02929e985057a5f7ddc1469c7306e6fdb86b810ada1cc96f6bd389597dd27dd656f55c316fb2d56b2d13eddf893722e813934a19778719be99697c365222db64039f9caab1201c430e53df1af8a0321c8759fc33e8204150080979936d0717f6c4c9145fb828389acbb894a4600485e8b105c7165a40e814889343deead6d434a8da60eed1e50aa507ac2793b4a4c5517265f859f223bb4f6cadc6fb53430304baea18189e2b5ddd266c38f5c325ba391a50fcd34060d217c4118889c4275e40a8428099ddfa3cc0d8241c22fc1554318e922f3b1257f2046d70df460c5283a539487583ffca1972a19237b06480e0a56d9e185fe4dc3607666d81ed0d9d9f5c5c568a5a0a87160b6d35c73dae9c6177f2b25d90a2598042f4b43bc765fa86a831c401a01c391a8fdc8f8c742f2322a1b8ef18ec7d82f013893c981f6bd96ec57d8e73e1633ae3970721fcea055ecc836ce3", 0xf91}], 0x1, 0x1, 0x5)
syz_kvm_setup_cpu$x86(r2, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000180)=[@text64={0x40, 0x0}], 0x1, 0x18, 0x0, 0x0)
ioctl$KVM_RUN(r5, 0xae80, 0x0)

7.173810178s ago: executing program 0 (id=1634):
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000840)={0x18, 0x3, &(0x7f0000000040)=ANY=[], &(0x7f0000000300)='GPL\x00', 0x2, 0x0, 0x0, 0x41100, 0x7b, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x38}, 0x94)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000240)={0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x4c)
ioperm(0x1, 0x9b1, 0xfff)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r0, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r1, &(0x7f0000000040), 0x80002c1, 0x2, 0x0)
prctl$PR_SET_VMA(0x53564d41, 0x0, &(0x7f0000ffa000/0x2000)=nil, 0x2000, &(0x7f0000000000))
prctl$PR_SET_VMA(0x53564d41, 0x0, &(0x7f0000ffa000/0x3000)=nil, 0x3000, 0x0)
r3 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r4 = syz_genetlink_get_family_id$ieee802154(&(0x7f0000000100), r3)
sendmsg$IEEE802154_LLSEC_ADD_DEV(r3, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000140)={0x54, r4, 0x852dd6c070cd7e4d, 0x0, 0x25dfdbfe, {}, [@IEEE802154_ATTR_LLSEC_FRAME_COUNTER={0x8}, @IEEE802154_ATTR_LLSEC_DEV_KEY_MODE={0x5, 0x37, 0x1}, @IEEE802154_ATTR_HW_ADDR={0xc, 0x5, {0xaaaaaaaaaaaa0202}}, @IEEE802154_ATTR_LLSEC_DEV_OVERRIDE={0x5, 0x36, 0x7e}, @IEEE802154_ATTR_DEV_NAME={0xa, 0x1, 'wpan0\x00'}, @IEEE802154_ATTR_SHORT_ADDR={0x6, 0x4, 0x2}, @IEEE802154_ATTR_PAN_ID={0x6, 0x6, 0x3}]}, 0x54}, 0x4, 0x700000000000000, 0x0, 0x2004c020}, 0x4004)
mount$9p_virtio(0x0, 0x0, 0x0, 0x20000cc, 0x0)
sendmsg$RDMA_NLDEV_CMD_NEWLINK(0xffffffffffffffff, 0x0, 0x20000000)
socket(0x2, 0x2, 0x1)
socket$inet6_mptcp(0xa, 0x1, 0x106)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000200)={0x6, 0x0, 0x0, &(0x7f0000000040)='GPL\x00', 0x5, 0x0, 0x0, 0x40f00, 0x40, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0xff}, 0x94)
r5 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080), 0x4000000004002, 0x0)
r6 = dup(r5)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xa, 0x13, r6, 0x2000)
madvise(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x17)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x15)

6.884950731s ago: executing program 1 (id=1635):
socket$packet(0x11, 0x3, 0x300)
r0 = openat$full(0xffffff9c, &(0x7f00000003c0), 0x8002, 0x0)
membarrier(0x2, 0x0)
r1 = io_uring_setup(0x30ab, &(0x7f00000007c0)={0x0, 0x768, 0x1000, 0x1, 0x14c, 0x0, r0})
openat$dsp1(0xffffffffffffff9c, &(0x7f00000000c0), 0x88a01, 0x0)
preadv2(r1, &(0x7f0000001980)=[{&(0x7f00000005c0)=""/230, 0xe6}, {&(0x7f00000006c0)=""/6, 0x6}, {&(0x7f0000000880)=""/4096, 0x1000}, {&(0x7f0000001880)=""/85, 0x55}, {&(0x7f0000001900)=""/44, 0x2c}, {0x0}], 0x6, 0x6b3, 0x5, 0x41a6988b36f563b0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000000)=0x7)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x80200, 0x0)
r2 = syz_open_dev$sndmidi(&(0x7f0000000240), 0x2, 0x40102)
syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
writev(r2, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2f)
r3 = syz_open_dev$dvb_frontend(&(0x7f0000000080), 0x0, 0x2)
ioctl$FE_SET_PROPERTY(r3, 0x40106f52, &(0x7f0000000100)={0x3, &(0x7f0000000340)=[{0x2b, '\x00', @buffer={"010d1de90c6171360aaf4716308a633fda925d1085c6b9f70f72ad6cc5f48537", 0x20}, 0xfffffff9}, {0xa, '\x00', @data, 0x7ff}, {0x26, '\x00', @st={0x4, [{0x3, @svalue=0x4}, {0x2, @svalue=0x775a}, {0x3, @svalue=0xd2}, {0x1, @svalue=0xfffffffffffffff8}]}, 0x7fe}]})
ftruncate(0xffffffffffffffff, 0xffffffffffffffff)
mount(&(0x7f0000000480)=@nullb, &(0x7f0000000040)='./cgroup\x00', &(0x7f00000004c0)='cramfs\x00', 0x208000, 0x0)
r4 = bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[@ANYBLOB="9feb01001800000000000000180000001800000004000000020000000100000c02000000000000000000000d0000000000005f"], 0x0, 0x34}, 0x20)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x3, &(0x7f0000000100)=ANY=[@ANYBLOB="180000000100000000000000801800009500000000000000"], &(0x7f0000000000)='GPL\x00', 0xc, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, r4, 0x8, &(0x7f00000000c0)={0x0, 0x1}, 0x1}, 0x94)
write$RDMA_USER_CM_CMD_RESOLVE_ADDR(0xffffffffffffffff, &(0x7f0000000340)={0x15, 0x110, 0xfa08, {0xffffffffffffffff, 0x0, 0x10, 0x10, 0x0, @in={0x2, 0x4, @loopback}, @in={0x2, 0x4000, @broadcast}}}, 0x118)
write$cgroup_int(0xffffffffffffffff, &(0x7f0000000180)=0xfe5f, 0x12)

6.586361045s ago: executing program 7 (id=1636):
r0 = openat$sw_sync(0xffffffffffffff9c, &(0x7f0000000640), 0x0, 0x0)
ioctl$SNDRV_SEQ_IOCTL_DELETE_QUEUE(0xffffffffffffffff, 0x408c5333, &(0x7f0000000500)={0x20, 0xe, 0x1, 'queue0\x00'})
ioctl$SW_SYNC_IOC_CREATE_FENCE(r0, 0xc0285700, &(0x7f0000000180)={0x1000, "340b7832ceefd131b8e6498c25f58fad9987ffe93bbabd18cf503204de974a27", <r1=>0xffffffffffffffff})
ioctl$SYNC_IOC_FILE_INFO(r1, 0x40103e05, &(0x7f0000000000)={""/32, 0x0, 0x0, 0x0, 0x0, 0x0})
bpf$MAP_CREATE(0x100000000000000, &(0x7f0000000440)=ANY=[@ANYBLOB="14000000040000000800000006"], 0x48)
socket$inet6(0xa, 0x80002, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x8)
r2 = getpid()
sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f07ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0)
r5 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{0x6, 0x0, 0x0, 0x7fff7ffc}]})
close_range(r5, 0xffffffffffffffff, 0x0)

4.696188027s ago: executing program 2 (id=1637):
socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000001c0)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
setsockopt$SO_ATTACH_FILTER(r0, 0x1, 0x1a, &(0x7f0000000040)={0x3, &(0x7f00000000c0)=[{0x20, 0x0, 0x8, 0xfffff038}, {0x20, 0x0, 0x0, 0x3}, {0x6}]}, 0x10)
clock_adjtime(0x0, &(0x7f0000000040)={0xd54})
syz_init_net_socket$bt_l2cap(0x1f, 0x2, 0x0)
r1 = openat$sndtimer(0xffffffffffffff9c, &(0x7f0000000040), 0x3580)
ioctl$SNDRV_TIMER_IOCTL_NEXT_DEVICE(r1, 0xc0145401, &(0x7f00000000c0)={0xffffffffffffffff, 0x1, 0x1, 0x0, 0x4})
ioctl$COMEDI_DEVCONFIG(0xffffffffffffffff, 0x40946400, &(0x7f00000001c0)={'s526\x00', [0xcf7, 0x20, 0xfffffffd, 0x4000, 0x7, 0x5, 0x8, 0xd287, 0xa, 0xfd, 0xffeffffa, 0x7, 0x4, 0x1, 0x8, 0x101, 0xf7fffffe, 0x1ff, 0x2, 0x0, 0x10000008, 0x927, 0xeb96, 0x8401, 0x40d, 0xe69, 0x81, 0x10008, 0x3, 0x1cdc, 0xfbfffffa]})
socket$nl_route(0x10, 0x3, 0x0)
syz_io_uring_setup(0xf00, 0x0, &(0x7f0000000440), &(0x7f00000003c0), &(0x7f0000000140))
socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(0xffffffffffffffff, 0x0, 0x0)
openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000080), 0x200, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000000)=0x7)
r2 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x4a102)
writev(r2, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
r3 = socket$inet6_mptcp(0xa, 0x1, 0x106)
bind$inet6(r3, &(0x7f0000000040)={0xa, 0x4e22, 0x0, @empty, 0x7}, 0x1c)
listen(r3, 0xfffffffc)
accept4$alg(r3, 0x0, 0x0, 0x80000)
sendmsg$IPSET_CMD_CREATE(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000000c0)=ANY=[], 0x70}}, 0x40)
ioctl$sock_inet_SIOCADDRT(0xffffffffffffffff, 0x890b, &(0x7f0000000300)={0x0, {0x2, 0x4e20, @private=0xa010100}, {0x2, 0x4e26, @remote}, {0x2, 0x4e21, @broadcast}, 0x4, 0x0, 0x0, 0x0, 0x3ff, 0x0, 0x4, 0xe8e, 0x7})

4.41432832s ago: executing program 0 (id=1638):
bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x1, 0xe, &(0x7f0000001100)=ANY=[@ANYBLOB="b7020000b96871dfbfa30000000000000703000000feffff7a0af0fff8ffff1971a4f0ff00000000b7060000080000001e6400000000000045040400010000001704000001000a00b7040000000100006a0af2fe0000004f850000001a000000b7000000000000009500000000000000455781a5feee5e1ce784909b849d5550adf200000000000000b61d69f2ffdaa10350e11cb97c8ad51bcda0c4ee6d9674c77404ceb9971e43405d62de53a9a53608c10556e5734eb84049761451ce2e2d9f8004e26f7fcc059c06220002595f6dba87b81d1106fb026cce67a66afd9ac3d09e29a9d542ca9d85a5c9c88474895c679838def0a83a733dc6a39b63a5ed69d32394c53361d7480884bd6fee53f5b2e7b91c61ced1ebad000000000000e8122a793c080a882add4e1179bd4a44f2fcb6d753a78845d8363e0401861abebe428ba953df4aece69311687f4122073a236c3ad198e3f3a532efa04137d452ff47d2638da3261c8362bb7c7824be6195a66d2e17e122040e11e3bd4a69fc6e8d9f7043e09b9e10dc7777bfae5884e4ba1e9cc4a2bbe99e30810400000000000000d63d716c0975e1ce4a655362e7062ff6ab3934555c01840219829472adefa06d3482c7b2711b98eabdca89b77efd13e6dba4a431ce47911834118093b6cabaa17a57727474e1785ee234835088445aa4a9b677d3d342640e328504aea02a2d727e62b7f097a02dbf8fe1d704765de7482040b2fc3000000000000000008947baeaaf954aff687deaa2f804924600273ee26d8115cbca081a14cba24788779291745083fccdddc90d7af35c048d46362ea0d8d79c79ddca066da478c197d4a550470557bc99cca336bd88cd28a5ee651627e3a6fbf6ea53b95ddb64c69c7d8d2f4baddc239828760459564124bad68209d2a1d16ad085886c017679cfcda8b10700ac1e2bcc5ede5b5687aa418abfa29acd7339e73b2cd185c9eb5fb34fccd20ffa155b16c0c309ed6f6663677df37de0ec0d0f548b273940be5d1fe0bae14d1a76bf741330dacd9cc19c0163bcc93059e8d2d120ea257bba458ecd989cb3581a3f270ad48255ac0dad4923e3e357e4e90583ce8d43ec65ed491d87a51d7c13f665dcf772e3ead71112008b16b0ea821f70aee1ccbd71c5a1c21e87d5b7b73d356337dbcf3456ff6cd0d6b98a258e3509a7d15b9dcae4d0d750ffa07909c955e718585b2456308beda2fa03bb9bcf03cdff31ee4b1665b987829c0f0872c006c6e4ed666fe23b343aae943923eedbdb0e7abee90e3da7b98b7d07d2d4816201ad1737798635b0a3ebd3aed120e4500c16e6c9dc729f009db49c6b8b19613e4d792cb4ff5106419291d4222980b49ddb9527ce785822d8f4e2bc30a96767f500b9e26e3b12854da63083320d8bfe49d85e0842803dc59d6375bce2b8a93caf39c0ba767880bbb9bf9407e6a6c0f9a43d1ab51dabf9423b482e848fbe1653ff0c6161fa43543546ce17a42e6cddadaf0767d84407478ffe2d0b567d81201efc81e800d4c0874235ff5cd7f5f0ee71cc2b0193bfc9290627ceaeb0b02931a817688f3a51fa2861e70cbab50a5d434ed8d8841694dba46f3d5a95ae86e4d471684ccf427b2ba53a157b2a7cf7a4c10051bb77822190a14c2ab1f271a7cf9c240b99"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x0, 0x10, &(0x7f0000000340), 0xfffffffffffffe19, 0x0, 0xffffffffffffffff, 0x54}, 0x42)
bpf$MAP_UPDATE_CONST_STR(0x2, &(0x7f0000000340)={{0x1}, &(0x7f0000000200), 0x0}, 0x20)
bind$alg(0xffffffffffffffff, &(0x7f00000001c0)={0x26, 'aead\x00', 0x11, 0x0, 'aegis256-generic\x00'}, 0x58)
bind$inet6(0xffffffffffffffff, &(0x7f0000000300)={0xa, 0x4e23, 0x0, @loopback, 0x3}, 0x7e)
sendto$inet6(0xffffffffffffffff, 0x0, 0x0, 0x48000, &(0x7f0000000200)={0xa, 0x4e23, 0x3ff, @loopback, 0x10001}, 0x1c)
getsockopt$inet_sctp6_SCTP_SOCKOPT_PEELOFF(0xffffffffffffffff, 0x84, 0x66, &(0x7f0000000080)={0x0, 0x7f}, &(0x7f0000000100)=0x8)
getsockopt$inet_sctp6_SCTP_GET_LOCAL_ADDRS(0xffffffffffffffff, 0x84, 0x6d, &(0x7f0000000240)={0x0, 0x81, "7bf8ec152fa16d39e4553d9607191c01003f4f261459314625abafbae09b2f3f5bd1d92f8a3b28f86ac6911e26622113c1d519b46c2b1bb9b76cf8008d37a06e88b31100ae16fcb20ca3c5e2bc78d0014278c1e4c7fb4ab35e2c3ae32abc7bf205fd325765be5684ece2933f3325ec9cb8b4725605bf2722d1ded87089430c8a35"}, 0x0)
sendmsg$NFULNL_MSG_CONFIG(0xffffffffffffffff, &(0x7f0000000400)={0x0, 0x0, 0x0}, 0x40040)
r0 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r0, &(0x7f0000000380)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc-cast5-avx\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000280)="2c385a7af3", 0x5)
getsockopt$inet_sctp6_SCTP_STATUS(0xffffffffffffffff, 0x84, 0xe, &(0x7f0000000280)={0x0, 0x99, 0x7, 0x0, 0x1, 0x5392, 0xc, 0x9, {0x0, @in6={{0xa, 0x4e20, 0x6, @private2={0xfc, 0x2, '\x00', 0x1}, 0x10}}, 0x81, 0x3, 0xc, 0x4b, 0x9}}, 0x0)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000240)=ANY=[@ANYBLOB="6400000010000305160000001dc76dcd00000000", @ANYRES32=0x0, @ANYBLOB="00000000000000004400128009000100626f6e6400000000340002800500010004000000050016000000000008001c000000000005000c00000000000a001a"], 0xc3}, 0x1, 0x100000000000000}, 0x0)
r1 = accept4(r0, 0x0, 0x0, 0x800)
sendmmsg$alg(r1, &(0x7f0000000040)=[{0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000080)="f78d9ca38fff48f3be52163448412ba8", 0xfffffe3f}, {&(0x7f0000000140)="ebe3a0e9796cfd1647e299f4e376fdba128280b372219d205e81f4a7f71c1926aae1efd7e0054a863f3d5cfe6cb55b5bb9fa6935849e6098ed884e7cb51726b360fbb37b4fe035bbb095873048"}, {&(0x7f00000003c0)="e8700e444d50a969ff67347cff6127e6ef12ee3819271482a4975a52c1ab9b8b4db3945d1032005eabe97b4dc33a47d3a158da988456d30026b433186f53cdcdb93a4722bf306a10470d50f5cb1ece9ead3459bab1cf1538cd0b157653c5e892962c80f158c443e9c6ad7d2a8103ef2f4b93766b9a21501f94c1568b13756b66f74f46cf801704d2da8b96c34070b233af0afcc436712e58ed25e721193af05a045ad3fdc928f02f3dbad19d3e66eebda2e63f3f46ef4511cee26d7b48241847bf9e343ef4674c45e2a085060f11"}], 0x1, &(0x7f0000000380)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18}], 0x1, 0x40800)
recvmsg(r1, &(0x7f00000005c0)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f00000000c0)=""/81, 0x7ffff000}, {&(0x7f0000000200)=""/83, 0x20000253}], 0x2}, 0x0)
sendmsg$NLBL_UNLABEL_C_STATICADDDEF(0xffffffffffffffff, &(0x7f0000000640)={0x0, 0x0, &(0x7f0000000280)={&(0x7f00000004c0)=ANY=[@ANYRES8, @ANYBLOB="010026bd7000fddbdf2506000000140002002001000000000000000000000000000114000300fe88000000000000000000000000010108000400ac1414bb2b00070073797374656d5f753a6f626a6563745f723a7373685f"], 0x70}, 0x1, 0x0, 0x0, 0x4}, 0xc8a0)
bpf$PROG_LOAD(0x5, &(0x7f0000000140)={0x3, 0x16, &(0x7f0000000280)=ANY=[@ANYBLOB="7912b8000000000061138c0000000000bf2000000000000015000000080063033d030100000000009500003a000000006916000000000000bf6700000000000066060500fcff03006706000002000000760300000ee60060bf050000000000003c6500bf000000006507f9ff01000000070700004cdfffff1e75040000000000bf54000000000000070400000400f9ffad43010000000000d5000000000000000500000000000000950000000000000032410000000000000054bb12dc8c27df8ecfc7bdd2d17f2f1754558f22dd399703d6c4f6f3be0b369289aa6812b8e007e733a9a4f16d0a3e1282ee45a010fb94fe9de56c9d8a814261bdb94a05000000c6c60bf7a13ba1fcf1111ce4fc0d742a81762bab8395fa64810b5b40d893ea8fe0ffffff7f1b546cad3f1d5af65706fd4f68795cce6cf16ab689b555202da2e0ec2871a51445dc8da39e5b0ab71ca9b901627b562ed84b026002d4519af619e3cca4d69e0dee080006774a8f3e691700ec88158f02001b0000c81c8b297dff0445a13d0045fb3cda32a673a6bb55d8c80800dce431e56723888fb126a1403d2b63f16fb2ad9bc117aba7cbebe174aba210d739a018f9bbec63222d20cedbc4d03723f1c932b3a6aa57f1ad2e99e0e67a993716d20000009f0f53acbb40b401e3738270b3156268784f2af9e4bcf8b07a10d6735154be1602f9dd1d7d4301e00000000000460bcc5989ec85e3cbcb6bcfaf0000000000000000bc00f674629709e7e78f4ddc211bc3ebf0bd9d42ca019dd5d0861cd64722cf74686ebfbe2562671cd47840f81d2a8f8f9be3bcd19dc6840aa7afaab43176e65ec1118d50d1e827f3472f4445d253887a5ad103649afa17690884f800031e03a651bb96589a7eab049b1bd47287cd31cc43ea0ffb567b40407d000000000000"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sched_cls}, 0x94)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
r3 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000100), 0xffffffffffffffff)
sendmsg$TIPC_NL_KEY_SET(r2, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000700)={&(0x7f00000004c0)=ANY=[@ANYBLOB='h\x00\x00\x00', @ANYRES16=r3, @ANYBLOB="0100000000000000000017000000540006803c00040067636d286165732900000000000000000000000000000000000000000000000014000000e3de3d7b4cd07ec3ee777de774fc7987cca41989140003"], 0x68}, 0x1, 0x0, 0x0, 0x4}, 0x4008014)

4.323677571s ago: executing program 3 (id=1639):
bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0xc, 0xe, 0x0, 0x0}, 0x94)
openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x40040, 0x0)
r0 = syz_genetlink_get_family_id$ieee802154(&(0x7f0000000300), 0xffffffffffffffff)
sendmsg$IEEE802154_ASSOCIATE_REQ(0xffffffffffffffff, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000640)={&(0x7f0000000180)={0x14, r0, 0x1, 0x70bd28, 0x25dfdbff}, 0x14}, 0x1, 0x0, 0x0, 0x4044080}, 0x0)
sendmmsg$sock(0xffffffffffffffff, &(0x7f0000003b40)=[{{0x0, 0x0, &(0x7f00000009c0)=[{0x0}, {0x0}, {&(0x7f0000000900)}], 0x3}}], 0x1, 0x20000044)
ioctl$sock_SIOCETHTOOL(0xffffffffffffffff, 0x8946, &(0x7f0000000080)={'netdevsim0\x00', &(0x7f00000000c0)=@ethtool_sfeatures={0x17}})
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000080)=ANY=[@ANYBLOB="24000000120001fbffffff000200000007"], 0x24}, 0x1, 0x0, 0x0, 0x40014}, 0x14)
r1 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r1, &(0x7f0000000380)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc-cast5-avx\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r1, 0x117, 0x1, &(0x7f00000004c0)="2c385a7af3", 0x5)
r2 = accept4(r1, 0x0, 0x0, 0x800)
sendmmsg$alg(r2, &(0x7f0000000040)=[{0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000080)="f78d9ca38fff48f3be52163448412ba8", 0xfffffe3f}, {&(0x7f0000000140)="ebe3a0e9796cfd1647e299f4e376fdba128280b372219d205e81f4a7f71c1926aae1efd7e0054a863f3d5cfe6cb55b5bb9fa6935849e6098ed884e7cb51726b360fbb37b4fe035bbb095873048", 0xff31}, {&(0x7f00000003c0)="e8700e444d50a969ff67347cff6127e6ef12ee3819271482a4975a52c1ab9b8b4db3945d1032005eabe97b4dc33a47d3a158da988456d30026b433186f53cdcdb93a4722bf306a10470d50f5cb1ece9ead3459bab1cf1538cd0b157653c5e892962c80f158c443e9c6ad7d2a8103ef2f4b93766b9a21501f94c1568b13756b66f74f46cf801704d2da8b96c34070b233af0afcc436712e58ed25e721193af05a045ad3fdc928f02f3dbad19d3e66eebda2e63f3f46ef4511cee26d7b48241847bf9e343ef4674c45e2a085060f11"}], 0x1, &(0x7f0000000380)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18}], 0x1, 0x40800)
recvmsg(r2, &(0x7f00000005c0)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f00000000c0)=""/81, 0x7ffff000}, {&(0x7f0000000200)=""/83, 0x20000253}], 0x2}, 0x0)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000580), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r3, 0x8933, &(0x7f00000013c0)={'wlan1\x00'})
sendmsg$NL80211_CMD_FRAME(r3, 0x0, 0x0)

4.286727501s ago: executing program 7 (id=1640):
bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0x6, 0xc, 0x0, 0x0, 0x6, 0x0, 0x0, 0x40f00, 0x62, '\x00', 0x0, @fallback=0x2e, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x8000}, 0x94)
openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x40040, 0x0)
r0 = syz_genetlink_get_family_id$ieee802154(&(0x7f0000000300), 0xffffffffffffffff)
sendmsg$IEEE802154_ASSOCIATE_REQ(0xffffffffffffffff, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000640)={&(0x7f0000000180)={0x14, r0, 0x1, 0x70bd28, 0x25dfdbff}, 0x14}, 0x1, 0x0, 0x0, 0x4044080}, 0x0)
ioctl$sock_SIOCETHTOOL(0xffffffffffffffff, 0x8946, &(0x7f0000000080)={'netdevsim0\x00', &(0x7f00000000c0)=@ethtool_sfeatures={0x17}})
sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x14)
r1 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r1, &(0x7f0000000380)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc-cast5-avx\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r1, 0x117, 0x1, &(0x7f00000004c0)="2c385a7af3", 0x5)
r2 = accept4(r1, 0x0, 0x0, 0x800)
sendmmsg$alg(r2, &(0x7f0000000040)=[{0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000080)="f78d9ca38fff48f3be52163448412ba8", 0xfffffe3f}, {&(0x7f0000000140)="ebe3a0e9796cfd1647e299f4e376fdba128280b372219d205e81f4a7f71c1926aae1efd7e0054a863f3d5cfe6cb55b5bb9fa6935849e6098ed884e7cb51726b360fbb37b4fe035bbb095873048", 0xff31}, {&(0x7f00000003c0)="e8700e444d50a969ff67347cff6127e6ef12ee3819271482a4975a52c1ab9b8b4db3945d1032005eabe97b4dc33a47d3a158da988456d30026b433186f53cdcdb93a4722bf306a10470d50f5cb1ece9ead3459bab1cf1538cd0b157653c5e892962c80f158c443e9c6ad7d2a8103ef2f4b93766b9a21501f94c1568b13756b66f74f46cf801704d2da8b96c34070b233af0afcc436712e58ed25e721193af05a045ad3fdc928f02f3dbad19d3e66eebda2e63f3f46ef4511cee26d7b48241847bf9e343ef4674c45e2a085060f11"}], 0x1, &(0x7f0000000380)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18}], 0x1, 0x40800)
recvmsg(r2, &(0x7f00000005c0)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f00000000c0)=""/81, 0x7ffff000}, {&(0x7f0000000200)=""/83, 0x20000253}], 0x2}, 0x0)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
r4 = syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r3, 0x8933, &(0x7f00000013c0)={'wlan1\x00', <r5=>0x0})
sendmsg$NL80211_CMD_FRAME(r3, &(0x7f0000001380)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000dc0)=ANY=[@ANYBLOB="f4060000", @ANYRES16=r4, @ANYBLOB="01000000000000e14f003b00000008000300", @ANYRES32=r5, @ANYBLOB="d50633008000009effffffffffff080211000001"], 0x6f4}}, 0x0)

4.246204182s ago: executing program 1 (id=1641):
r0 = socket(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, &(0x7f0000000040)={'wlan1\x00'})
socket$inet6(0xa, 0x1, 0x0)
ioctl$sock_SIOCETHTOOL(r0, 0x8946, &(0x7f0000000000)={'veth0_to_batadv\x00', &(0x7f0000000080)=@ethtool_cmd={0x4e, 0x40, 0x1ff, 0x3, 0x6, 0x4c, 0x4, 0xb, 0x6, 0x0, 0x9, 0x10001, 0xaff0, 0xa8, 0xac, 0x5, [0xb, 0x8]}})
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0)
r1 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r1, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
mmap$IORING_OFF_SQ_RING(&(0x7f0000400000/0xc00000)=nil, 0xc00000, 0x4000003, 0x50032, 0xffffffffffffffff, 0x0)
r2 = socket$kcm(0x2, 0x1, 0x0)
setsockopt$sock_attach_bpf(r2, 0x1, 0x7, &(0x7f0000000000), 0x4)
mlock(&(0x7f00007d8000/0x800000)=nil, 0x800000)

3.967676105s ago: executing program 7 (id=1642):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000180), r0)
io_uring_enter(0xffffffffffffffff, 0x4c5f, 0x2915, 0x2, 0x0, 0x0)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000001c0)={'wlan0\x00'})
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
mkdirat(0xffffffffffffff9c, &(0x7f0000000240)='./file1\x00', 0x94)
mount$fuse(0x0, 0x0, 0x0, 0xfc5cd7921c2c19c4, &(0x7f0000000400)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=0x0])
mount(0x0, &(0x7f0000000380)='./file1\x00', &(0x7f0000000040)='autofs\x00', 0x0, &(0x7f0000000400))
chdir(&(0x7f0000000080)='./file1\x00')
mkdirat(0xffffffffffffff9c, &(0x7f0000000200)='./file0\x00', 0x220)
unlinkat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x200)

2.916755037s ago: executing program 0 (id=1643):
r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000340), 0x802, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0x1, 0x4, &(0x7f0000000080)=ANY=[@ANYBLOB="ec0500000000000061106c000000000000009500000000008000000000000000"], &(0x7f0000003ff6)='GPL\x00', 0xa, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f00000000c0), 0x8, 0x10, &(0x7f0000000000), 0x10}, 0x94)
syz_io_uring_setup(0x49f, &(0x7f0000000400)={0x0, 0xf97f, 0x400, 0x1, 0x9}, 0x0, 0x0, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x8800)
prctl$PR_SET_MM_MAP(0x23, 0xe, &(0x7f0000000080)={&(0x7f0000ff7000/0x1000)=nil, &(0x7f0000ff1000/0xf000)=nil, &(0x7f0000ff1000/0x2000)=nil, &(0x7f0000ff5000/0x3000)=nil, &(0x7f0000ff8000/0x4000)=nil, &(0x7f0000ff8000/0x3000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ff5000/0x1000)=nil, &(0x7f0000ffa000/0x1000)=nil, &(0x7f0000ffa000/0x2000)=nil, 0x0}, 0x68)
sendmsg$NFT_BATCH(0xffffffffffffffff, 0x0, 0x24004045)
syz_genetlink_get_family_id$team(&(0x7f0000000300), 0xffffffffffffffff)
ioctl$sock_ipv6_tunnel_SIOCCHGTUNNEL(0xffffffffffffffff, 0x89f3, 0x0)
ioctl$ifreq_SIOCGIFINDEX_team(0xffffffffffffffff, 0x8933, 0x0)
sendmsg$TEAM_CMD_OPTIONS_SET(0xffffffffffffffff, &(0x7f0000000740)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x4044040}, 0x24008040)
r1 = openat$binfmt_register(0xffffffffffffff9c, &(0x7f00000002c0), 0x1, 0x0)
write$binfmt_register(r1, &(0x7f0000000040)={0x3a, 'syz3', 0x3a, 'E', 0x3a, 0xffffffffffffffff, 0x3a, 'allow_other', 0x3a, '', 0x3a, './cgroup.cpu/cpuset.cpus', 0x3a, [0x46, 0x46]}, 0x45)
syz_usb_connect(0x0, 0x34, &(0x7f0000000040)=ANY=[@ANYBLOB="120100009bbd8b08e80430ffd1a601220301090222000100000000090400000129fddd000905e2ffbe"], 0x0)
r2 = syz_open_dev$evdev(&(0x7f0000003880), 0x4, 0x2)
ioctl$EVIOCSKEYCODE_V2(r2, 0x40284504, &(0x7f0000004e40)={0xff, 0x8, 0xfffc, 0x0, "4d512c91002a495067614268710cdcd3f82acf5a890400000000000000fbf29c"})
ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x3)

2.915940347s ago: executing program 2 (id=1644):
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000040)={0x1, &(0x7f0000000480)=[{0x6, 0xfc, 0x1, 0x7fff8000}]})
r2 = open(&(0x7f0000000280)='.\x00', 0x0, 0x0)
mprotect(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1)
fcntl$lock(r2, 0x410, &(0x7f00000000c0)={0x1, 0x1, 0x1, 0xfffe})
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeea, 0x8031, 0xffffffffffffffff, 0xc369d000)
fcntl$lock(0xffffffffffffffff, 0x24, &(0x7f0000000040)={0x0, 0x0, 0x10001, 0x5})
timer_settime(0x0, 0x1, &(0x7f0000000040)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0)
mmap(&(0x7f0000000000/0x200000)=nil, 0x200000, 0x300000b, 0x204031, 0xffffffffffffffff, 0xec776000)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000240), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f00000001c0)={'wlan0\x00'})
connect$inet6(r0, &(0x7f0000000180)={0xa, 0x4001, 0x0, @dev={0xfe, 0x80, '\x00', 0x1b}, 0xd}, 0x1c)
setsockopt$inet6_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000000)='cdg', 0x3)
write$binfmt_script(r0, &(0x7f0000000200), 0xfffffd9d)
r3 = fsmount(0xffffffffffffffff, 0x1, 0x5)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
r5 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000200), 0xffffffffffffffff)
sendmsg$TIPC_NL_PEER_REMOVE(r4, &(0x7f0000000840)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000b80)=ANY=[@ANYBLOB=' \x00\x00\x00', @ANYRES16=r5, @ANYBLOB="01002abd7000fddbdf25140000000c0007800800020000ea"], 0x20}}, 0x80)
sendmsg$TIPC_NL_MON_GET(r3, &(0x7f00000001c0)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x100000}, 0xc, &(0x7f0000000140)={&(0x7f0000000080)={0xa4, r5, 0x4, 0x70bd2b, 0x25dfdbfc, {}, [@TIPC_NLA_MEDIA={0x6c, 0x5, 0x0, 0x1, [@TIPC_NLA_MEDIA_NAME={0x8, 0x1, 'udp\x00'}, @TIPC_NLA_MEDIA_PROP={0x1c, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0xc}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x2}]}, @TIPC_NLA_MEDIA_PROP={0x3c, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_MTU={0x8, 0x4, 0x45b81976}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x6}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0xa}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x7}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x14}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x4}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x5}]}, @TIPC_NLA_MEDIA_NAME={0x8, 0x1, 'eth\x00'}]}, @TIPC_NLA_MON={0x14, 0x9, 0x0, 0x1, [@TIPC_NLA_MON_REF={0x8, 0x2, 0xca}, @TIPC_NLA_MON_REF={0x8, 0x2, 0x5}]}, @TIPC_NLA_LINK={0x10, 0x4, 0x0, 0x1, [@TIPC_NLA_LINK_PROP={0xc, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_MTU={0x8, 0x4, 0x2de21be}]}]}]}, 0xa4}, 0x1, 0x0, 0x0, 0x4800}, 0x850)

2.915632637s ago: executing program 3 (id=1645):
r0 = syz_open_dev$MSR(0x0, 0xfffffffffffffff7, 0x0)
ioctl$vim2m_VIDIOC_ENUM_FMT(0xffffffffffffffff, 0xc0405602, 0x0)
syz_genetlink_get_family_id$ethtool(0x0, 0xffffffffffffffff)
socket(0x1e, 0x5, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r1 = creat(0x0, 0x0)
r2 = getpid()
sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x3, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
mmap$KVM_VCPU(&(0x7f0000ffb000/0x2000)=nil, 0x930, 0x0, 0x4018831, 0xffffffffffffffff, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$kcm(0xffffffffffffffff, &(0x7f00000016c0)={0x0, 0x0, &(0x7f0000000400)=[{&(0x7f0000000040)="d80000001e0081054e81f782db4cb9040a1d080006007c095dd2086518000a800000000003600e1208000f0000000406a80016c008", 0x35}], 0x1}, 0x85)
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000001c0)=ANY=[], 0xf8}, 0x1, 0x0, 0x0, 0x2000c814}, 0x4000)
dup2(r0, r1)
r5 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
write(r5, &(0x7f0000000440)="41000200010003", 0x7)

2.904379987s ago: executing program 7 (id=1646):
bpf$MAP_CREATE_CONST_STR(0x0, 0x0, 0x50)
fsconfig$FSCONFIG_SET_STRING(0xffffffffffffffff, 0x1, 0x0, &(0x7f0000000240)='//\xf2/\x06\b\xa30\\\x00\x00\xea\x95\x9a\x82\x10\x97W\x8f7\x98\x9b\\/\\\xf9\rmD\x94)U\xdb\x15X.I\n}\xf3\x9d\xe4_\x05\x9cqf4I^#b?9\xde\xafu\'\x83L\xe0\x97\xe1n_\xa4%\xb1\x97\x93\xafv\xce/\\\xb4L\xf2_\xa7\xfb\xf4\x84\x1fA\xeas\x9d\x14\xe3\v\xa3!\xfb\x93\xd7R\xab2\x1eW\xe9h\x9b\xf7Gl\xf9D\xd4\x82X5\x13\xaa\x87\xf9\xba\xa9m\x14\x14R_\x9a\\>4\xce\x8e_#\xf8D\xb1\xdep\x01\xcc:\xa6\xc5n\xeb\xab\xf70\x99\xef\x8b<M\n\xc0`[\x82\xf6$\xa4\xbe\x1e\xd3\xe4\xd9L\x14\xed\xcfK\xcc\xeb,\x1a1\xa6\xf3e\xc2F\xc3\x00\xaa\xd5\xfc\x1bR\xa9\x8c\xb4&\x9f\xa2$\x06\x1a\xb0W#\xf4\xde6\x04c\xc0\xeec\xa0l\xd5d\xe5\xcd\xb2\xc10\x97w\x87\xe5\x06\x91W\rr\xf5\x97%\xe8pO\xeb]\xc2\x98C\xffK\xa0\xb3\\\x99{\xcdR\x92\x94\xf7\x1d\x01Q\x1a\xbd\x15b\x15h\xe2!\x00\xb9z)\x19\x00\xee\xd2)[p`\xb3\x03\xa7p\'X\xec\xcdoX\x05\xff\xff/o\xb2\xad\xb8\x89i@\f\xffS&\x8a\xc9\xfez\xc2\x90\xe7F\xa6\xdb\r\x03j,N\xe1lw\n\xad\xe8\xf0\xbd\xa1\x98\xce\xf9\x1eR\x9cc\xc5ke_\xa7\x11\"\x04\xd8.\xa0\x15\x83\xf1\x92{\x0f\x00\x00@.\xc1g\xc6\fc\xa26\xd8\xdf\xef\xf7\x9c\x1a\xcc\x8am\x8b7\xcf\xc5\xa6\xf4\f\xabj%Y\xa9\xdd\x0e9e\xb5\xec\x99@\xd2\t\n\xb1o', 0x0)
syz_emit_vhci(&(0x7f00000002c0)=ANY=[], 0x7)
socket$inet6_udp(0xa, 0x2, 0x0)
read$FUSE(0xffffffffffffffff, &(0x7f00000005c0)={0x2020}, 0x2020)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x101000, 0x0)
r0 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r0, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
r1 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$RTC_WKALM_RD(0xffffffffffffffff, 0x80287010, &(0x7f0000000200))
r2 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r2, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x4008000}, 0x4000004)
ioctl$sock_SIOCETHTOOL(r1, 0x8946, &(0x7f00000001c0)={'netdevsim0\x00', &(0x7f0000000700)=@ethtool_flash={0x33, 0xea6, '.\x00'}})
unshare(0x2a020480)
eventfd2(0x6, 0x1)
openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
io_setup(0x81, &(0x7f0000000400)=<r3=>0x0)
io_submit(r3, 0x0, &(0x7f00000006c0))
madvise(&(0x7f0000bdc000/0x4000)=nil, 0x86ac726dff2f4713, 0xa)
ioctl$F2FS_IOC_SET_COMPRESS_OPTION(r0, 0x4002f516, &(0x7f0000000180)={0x97, 0x7})
syz_clone(0x1000, 0x0, 0x0, 0x0, 0x0, 0x0)
syz_open_dev$MSR(&(0x7f00000000c0), 0x64a9, 0x0)
r4 = add_key$fscrypt_v1(&(0x7f0000000000), 0x0, 0x0, 0x0, 0xffffffffffffffff)
keyctl$setperm(0x5, r4, 0x20004)
sendmsg$DEVLINK_CMD_RATE_NEW(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000700)={&(0x7f0000000300)=ANY=[@ANYBLOB="14000000", @ANYRES16=0x0, @ANYBLOB="010500000003001c002525000000"], 0x14}}, 0x6048800)
r5 = syz_open_dev$usbfs(&(0x7f0000000100), 0x76, 0x101701)
ioctl$USBDEVFS_DISCONNECT_CLAIM(r5, 0x8108551b, &(0x7f0000000380)={0x20000000, 0x1, "5a77bd318786aeb879ca62cdab2a0000000086d85b25a5665a3247e500f61681905db88235f8a5447dd2a2ed6e91626f06888102006853772b21a100efb76cba37ff3111d6847e8b9398a646717af75fc008daefba68e6222103472bc55704cdb72b4b996ed831f3b802549db3a8ffff7d34171113d806726615380fe65a6a0af2205c4cdfb146f1fd8bb6363d10f70da60fd53ded22c87eb2be01004a460573c33424b437bb192c1d06ea6ed04983fe5c5ca033dfce0a82575ef14eee686be0fc58e384f93a13f4e8bbf599394baea3a9ca1864f0a35d6cc38fca32ad6b39905a9727d2001457df7be7e1aefe363590d1f6000100000282806d15a000df00"})

2.676066119s ago: executing program 1 (id=1647):
ioctl$VIDIOC_QUERYMENU(0xffffffffffffffff, 0xc02c5625, &(0x7f0000000180)={0x10001, 0xc5fb, @value=0x3})
prlimit64(0x0, 0xe, &(0x7f0000000000)={0x8, 0x100008b}, 0x0)
r0 = getpgrp(0x0)
sched_setaffinity(r0, 0x8, &(0x7f0000000040)=0x5)
sched_setscheduler(0x0, 0x1, &(0x7f0000000300)=0x7)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000000)=0x3)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
r2 = syz_clone(0x8000, 0x0, 0xfffffffffffffe7e, 0x0, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, r2, 0x1, 0x0)
r3 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r3, &(0x7f0000032680)=""/102392, 0x18ff8)
r4 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
bind$bt_hci(r4, &(0x7f0000000040)={0x1f, 0x0, 0x1}, 0x6)
r5 = bpf$ITER_CREATE(0x21, &(0x7f0000000040), 0x8)
r6 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
ioctl$TUNATTACHFILTER(r5, 0x401054d5, &(0x7f0000000040)={0x36, &(0x7f0000000180)=[{0x7, 0x4, 0x20, 0x1000}]})
bind$bt_hci(r6, 0x0, 0x0)
write$bt_hci(r6, &(0x7f0000000040)=ANY=[], 0x6)
sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0xffba83)
ioctl$VHOST_SET_VRING_ADDR(0xffffffffffffffff, 0x4028af11, 0x0)
r7 = eventfd2(0x1, 0x1)
ioctl$VHOST_SET_VRING_ERR(0xffffffffffffffff, 0x4008af22, &(0x7f00000001c0)={0x0, r7})
add_key$user(&(0x7f0000000000), &(0x7f00000001c0)={'syz', 0x0}, &(0x7f0000000540)="bc3009bb66", 0x5, 0xfffffffffffffffe)
r8 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_NEW(r8, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000240)=ANY=[@ANYBLOB="0c0100000001010400000000000000000a0000003c0001802c00018014000300fe8000000000000000000000000000aa14000400fc0000000000000000000000000000000c00028005000100000000003c0002800c00028005000100000000002c000180140003000000000000000000000000000000000114000400fe8000000000000000000000000000aa08000740000000007800068014000500fc020000"], 0x10c}}, 0x0)
r9 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_NEW(r9, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000380)={0xac, 0x0, 0x1, 0x401, 0x0, 0x0, {0xa}, [@CTA_TUPLE_ORIG={0x3c, 0x1, 0x0, 0x1, [@CTA_TUPLE_IP={0x2c, 0x1, 0x0, 0x1, @ipv6={{0x14, 0x3, @empty}, {0x14, 0x4, @mcast1}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TUPLE_REPLY={0x3c, 0x2, 0x0, 0x1, [@CTA_TUPLE_IP={0x2c, 0x1, 0x0, 0x1, @ipv6={{0x14, 0x3, @local}, {0x14, 0x4, @local}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TIMEOUT={0x8, 0x7, 0x1, 0x0, 0x400}, @CTA_NAT_SRC={0x18, 0x6, 0x0, 0x1, [@CTA_NAT_V6_MINIP={0x14, 0x4, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01'}]}]}, 0xac}}, 0x0)

633.842993ms ago: executing program 3 (id=1648):
write$uinput_user_dev(0xffffffffffffffff, &(0x7f0000000cc0)={'syz1\x00', {0xfff9, 0x2, 0x248, 0x9b99}, 0x37, [0xfffffff8, 0x8, 0x5, 0x9, 0x8, 0x155f, 0x6, 0x4, 0x25cd, 0x1, 0xb4, 0xa, 0xa2b9, 0x6, 0x7, 0xe4, 0x6, 0xfc000000, 0x3, 0xbbf, 0x4a732f64, 0x1, 0x8, 0xd, 0x0, 0x12a3, 0x6, 0x1, 0x2, 0x6, 0x7, 0x81, 0x8a, 0x79, 0x2, 0x10000, 0x0, 0x91, 0x4, 0x4, 0x16, 0x8, 0x5, 0x401, 0xfffffff5, 0x405, 0xa7, 0x81, 0x9, 0xf9a2, 0x80000001, 0xff, 0x0, 0x2, 0x2, 0x2, 0x7, 0x1, 0x7ff, 0x4, 0x4007f, 0xffffffff, 0x9, 0x4], [0x9, 0x3, 0x6, 0x9, 0x4, 0xc66, 0xa8a9, 0x20000073, 0x8e, 0xd50, 0x7, 0x5, 0x2, 0x809, 0x4, 0xa7, 0x1000, 0x0, 0x200b398, 0x400080, 0x1, 0x4, 0x1c, 0x7, 0x1, 0x2, 0x3, 0x8, 0xffffff7f, 0x400, 0x6, 0x4c2336d3, 0x4, 0x0, 0xfffffff8, 0x401, 0x46, 0xf1, 0x4, 0xab00060, 0x5, 0x6, 0x2, 0x1, 0x3ff, 0x1ff, 0x1, 0x7fff, 0x1, 0x1cb, 0x1, 0x80000004, 0x6, 0x438, 0x2, 0x9, 0x95, 0x7fffffff, 0x4, 0xfffffff9, 0x1, 0x1000, 0xfffff801, 0x5], [0x2, 0xfffffffe, 0xffff, 0xc, 0x2, 0x2e6bf783, 0x80000001, 0x5, 0x5, 0x491, 0x8d3, 0x200006, 0x8, 0x400, 0x2, 0x400, 0x41, 0x6, 0xee4b, 0x2000004, 0x1, 0x8000003, 0x4e, 0x9, 0x3, 0x3, 0x9, 0x3, 0xc7, 0xfff, 0x10000a, 0x2, 0x400, 0x3e55, 0x5, 0xd3, 0x8, 0x97f7, 0x3, 0xd, 0x7, 0x601, 0x101, 0xdd80, 0x60a0, 0x7f, 0x9d26, 0x10000, 0x1, 0x2, 0x2, 0x6, 0x8000, 0xf45, 0x3, 0xd500, 0x8, 0x77, 0x9, 0x6, 0x10000, 0xfffffffd, 0x5, 0x1], [0xa772, 0x6, 0x5, 0x1afa, 0xbfc, 0x8, 0x5, 0x7f, 0x55, 0x40, 0xff, 0x1005, 0x1, 0x7, 0x1e, 0x9, 0x81, 0x3, 0x9d82, 0xd, 0xfffffff7, 0x8, 0x140f2, 0x5396, 0x3, 0x6, 0x80008001, 0x7777, 0x1, 0x2, 0x100, 0xd8ce, 0x7fffffff, 0x100009, 0xc, 0xffffffff, 0x3, 0x1ff, 0x2000803, 0xffffffff, 0x10000, 0x0, 0x8004, 0x7fff, 0x3, 0x6, 0xf, 0xe, 0x1, 0x26d, 0x6, 0xfffffff9, 0x4, 0xfffffff9, 0x9, 0x4, 0x463f, 0x4, 0xdab, 0x6, 0x8, 0x14000, 0x1, 0x9]}, 0x45c)
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
sendmsg$ETHTOOL_MSG_PAUSE_SET(0xffffffffffffffff, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000140)=ANY=[], 0x14}, 0x1, 0x0, 0x0, 0x4044020}, 0x4000000)
ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000340)=ANY=[@ANYBLOB="02000000040000000800"], 0x48)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000400)={0x1, 0x10, &(0x7f0000000000)=ANY=[], &(0x7f0000005d80)='GPL\x00', 0xb, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0xffffffff}, 0x94)
ioctl$KVM_SET_REGS(0xffffffffffffffff, 0x4090ae82, &(0x7f0000000000)={[0x35, 0xfff, 0xfffffffffffffffe, 0x40000000000180, 0x2, 0x6, 0xf2, 0xd, 0x7fffffffffffe, 0x7, 0x5, 0x7, 0x4, 0x5, 0x4, 0x8], 0x25000, 0x304})
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, 0x0}, 0x0)
openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$KVM_RUN(0xffffffffffffffff, 0xae80, 0x0)
r3 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r4 = dup(r3)
ioctl$KVM_SET_USER_MEMORY_REGION(r3, 0x4020ae46, &(0x7f0000000840)={0x1fe, 0x2, 0x3000, 0x2000, &(0x7f0000003000/0x2000)=nil})
r5 = ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r5, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000040)=[@text32={0x20, &(0x7f00000000c0)="c20000361e0f01c3660fd2eff30f10f1b961020000b80e000000ba000000000f30b98d0200000f320b99f3530000660f6af7c4e2f91d20", 0x37}], 0x1, 0x11, 0x0, 0x0)
syz_kvm_setup_cpu$x86(r3, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000200)=[@text32={0x20, 0x0}], 0x1, 0x50, 0x0, 0x0)
ioctl$KVM_RUN(r5, 0xae80, 0x0)

347.520196ms ago: executing program 1 (id=1649):
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000840)={0x18, 0x3, &(0x7f0000000040)=ANY=[], &(0x7f0000000300)='GPL\x00', 0x2, 0x0, 0x0, 0x41100, 0x7b, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x38}, 0x94)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000240)={0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x4c)
ioperm(0x1, 0x9b1, 0xfff)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r0, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r1, &(0x7f0000000040), 0x80002c1, 0x2, 0x0)
prctl$PR_SET_VMA(0x53564d41, 0x0, &(0x7f0000ffa000/0x2000)=nil, 0x2000, &(0x7f0000000000))
prctl$PR_SET_VMA(0x53564d41, 0x0, &(0x7f0000ffa000/0x3000)=nil, 0x3000, 0x0)
r3 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r4 = syz_genetlink_get_family_id$ieee802154(&(0x7f0000000100), r3)
sendmsg$IEEE802154_LLSEC_ADD_DEV(r3, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000140)={0x54, r4, 0x852dd6c070cd7e4d, 0x0, 0x25dfdbfe, {}, [@IEEE802154_ATTR_LLSEC_FRAME_COUNTER={0x8}, @IEEE802154_ATTR_LLSEC_DEV_KEY_MODE={0x5, 0x37, 0x1}, @IEEE802154_ATTR_HW_ADDR={0xc, 0x5, {0xaaaaaaaaaaaa0202}}, @IEEE802154_ATTR_LLSEC_DEV_OVERRIDE={0x5, 0x36, 0x7e}, @IEEE802154_ATTR_DEV_NAME={0xa, 0x1, 'wpan0\x00'}, @IEEE802154_ATTR_SHORT_ADDR={0x6, 0x4, 0x2}, @IEEE802154_ATTR_PAN_ID={0x6, 0x6, 0x3}]}, 0x54}, 0x4, 0x700000000000000, 0x0, 0x2004c020}, 0x4004)
mount$9p_virtio(0x0, 0x0, 0x0, 0x20000cc, 0x0)
sendmsg$RDMA_NLDEV_CMD_NEWLINK(0xffffffffffffffff, 0x0, 0x20000000)
r5 = socket(0x2, 0x2, 0x1)
ioctl$sock_SIOCGIFINDEX(r5, 0x8933, 0x0)
socket$inet6_mptcp(0xa, 0x1, 0x106)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000200)={0x6, 0x0, 0x0, &(0x7f0000000040)='GPL\x00', 0x5, 0x0, 0x0, 0x40f00, 0x40, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0xff}, 0x94)
r6 = dup(0xffffffffffffffff)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xa, 0x13, r6, 0x2000)
madvise(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x17)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x15)

0s ago: executing program 7 (id=1650):
socket$packet(0x11, 0x3, 0x300)
r0 = openat$full(0xffffff9c, &(0x7f00000003c0), 0x8002, 0x0)
membarrier(0x2, 0x0)
r1 = io_uring_setup(0x30ab, &(0x7f00000007c0)={0x0, 0x768, 0x1000, 0x1, 0x14c, 0x0, r0})
openat$dsp1(0xffffffffffffff9c, &(0x7f00000000c0), 0x88a01, 0x0)
preadv2(r1, &(0x7f0000001980)=[{&(0x7f00000005c0)=""/230, 0xe6}, {&(0x7f00000006c0)=""/6, 0x6}, {&(0x7f0000000880)=""/4096, 0x1000}, {&(0x7f0000001880)=""/85, 0x55}, {&(0x7f0000001900)=""/44, 0x2c}, {0x0}], 0x6, 0x6b3, 0x5, 0x41a6988b36f563b0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000000)=0x7)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x80200, 0x0)
r2 = syz_open_dev$sndmidi(&(0x7f0000000240), 0x2, 0x40102)
syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
writev(r2, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2f)
r3 = syz_open_dev$dvb_frontend(&(0x7f0000000080), 0x0, 0x2)
ioctl$FE_SET_PROPERTY(r3, 0x40106f52, &(0x7f0000000100)={0x3, &(0x7f0000000340)=[{0x2b, '\x00', @buffer={"010d1de90c6171360aaf4716308a633fda925d1085c6b9f70f72ad6cc5f48537", 0x20}, 0xfffffff9}, {0xa, '\x00', @data, 0x7ff}, {0x26, '\x00', @st={0x4, [{0x3, @svalue=0x4}, {0x2, @svalue=0x775a}, {0x3, @svalue=0xd2}, {0x1, @svalue=0xfffffffffffffff8}]}, 0x7fe}]})
ftruncate(0xffffffffffffffff, 0xffffffffffffffff)
mount(&(0x7f0000000480)=@nullb, &(0x7f0000000040)='./cgroup\x00', &(0x7f00000004c0)='cramfs\x00', 0x208000, 0x0)
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[@ANYBLOB="9feb01001800000000000000180000001800000004000000020000000100000c02000000000000000000000d0000000000005f"], 0x0, 0x34}, 0x20)
write$RDMA_USER_CM_CMD_RESOLVE_ADDR(0xffffffffffffffff, &(0x7f0000000340)={0x15, 0x110, 0xfa08, {0xffffffffffffffff, 0x0, 0x10, 0x10, 0x0, @in={0x2, 0x4, @loopback}, @in={0x2, 0x4000, @broadcast}}}, 0x118)
write$cgroup_int(0xffffffffffffffff, &(0x7f0000000180)=0xfe5f, 0x12)

kernel console output (not intermixed with test programs):

.623266][ T4188] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[   68.635748][ T4188] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   68.645833][ T4188] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[   68.658056][ T4188] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   68.667906][ T4188] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[   68.678367][ T4188] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   68.689989][ T4188] batman_adv: batadv0: Interface activated: batadv_slave_0
[   68.712593][ T4246] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   68.725757][ T4246] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   68.735037][  T144] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready
[   68.746763][  T144] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[   68.755498][  T144] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready
[   68.768048][  T144] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   68.769756][ T4188] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[   68.786497][  T144] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   68.793701][ T4188] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   68.804396][ T4188] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[   68.815089][ T4188] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   68.825144][ T4188] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[   68.835797][ T4188] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   68.846671][ T4188] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[   68.857330][ T4188] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   68.869565][ T4188] batman_adv: batadv0: Interface activated: batadv_slave_1
[   68.887056][  T144] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready
[   68.897018][  T144] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
[   68.905865][  T144] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[   68.940750][ T4188] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   68.963797][ T4188] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   68.973324][ T4188] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   68.990948][ T4188] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   69.016114][  T144] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   69.038867][  T144] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   69.090212][  T145] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   69.103775][ T3072] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready
[   69.122334][ T4242] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   69.138263][  T145] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   69.173150][ T4242] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   69.178155][ T4273] L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/l1tf.html for details.
[   69.213571][ T4246] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   69.222236][  T145] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready
[   69.244400][ T4246] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   69.256274][  T145] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready
[   69.270471][  T145] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready
[   69.318583][  T145] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   69.336760][  T145] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   69.378578][ T4242] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready
[   69.448744][ T4242] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   69.455159][ T4281] process 'syz.2.3' launched '/dev/fd/5' with NULL argv: empty string added
[   69.466905][ T4242] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   69.596600][ T3072] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready
[   72.781096][ T1431] ieee802154 phy0 wpan0: encryption failed: -22
[   72.787658][ T1431] ieee802154 phy1 wpan1: encryption failed: -22
[   73.299117][ T4236] Bluetooth: hci2: command 0x0419 tx timeout
[   73.322610][ T4236] Bluetooth: hci4: command 0x0419 tx timeout
[   73.338292][ T4236] Bluetooth: hci1: command 0x0419 tx timeout
[   73.357734][ T4236] Bluetooth: hci3: command 0x0419 tx timeout
[   73.540284][ T4236] Bluetooth: hci0: command 0x0419 tx timeout
[   75.855694][ T4329] nf_conntrack: default automatic helper assignment has been turned off for security reasons and CT-based firewall rule not found. Use the iptables CT target to attach helpers instead.
[   76.106582][ T4333] ipt_CLUSTERIP: Please specify destination IP
[   78.469176][    C0] sched: RT throttling activated
[   81.603376][ T4360] loop0: detected capacity change from 0 to 256
[   83.125838][ T4366] loop3: detected capacity change from 0 to 16
[   83.572627][ T4366] erofs: (device loop3): mounted with root inode @ nid 36.
[   84.600970][ T4371] device bridge0 entered promiscuous mode
[   84.607025][ T4371] device macsec1 entered promiscuous mode
[   84.632018][ T4371] bridge0: port 3(macsec1) entered blocking state
[   84.668806][ T4371] bridge0: port 3(macsec1) entered disabled state
[   85.846902][ T4371] device bridge0 left promiscuous mode
[   86.259578][ T4384] nf_conntrack: default automatic helper assignment has been turned off for security reasons and CT-based firewall rule not found. Use the iptables CT target to attach helpers instead.
[   86.448292][ T4266] usb 1-1: new high-speed USB device number 2 using dummy_hcd
[   86.859961][ T4266] usb 1-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[   87.060369][ T1324] cfg80211: failed to load regulatory.db
[   87.189429][ T4266] usb 1-1: config 1 has 1 interface, different from the descriptor's value: 3
[   87.279455][ T4266] usb 1-1: New USB device found, idVendor=08b7, idProduct=0000, bcdDevice= 0.00
[   87.288558][ T4266] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3
[   87.417261][ T4393] netlink: 'syz.1.35': attribute type 1 has an invalid length.
[   87.464645][ T4266] usb 1-1: SerialNumber: syz
[   87.536735][ T4398] loop3: detected capacity change from 0 to 128
[   88.579994][ T4398] EXT4-fs (loop3): Test dummy encryption mode enabled
[   88.594354][ T4266] usb 1-1: 0:2 : does not exist
[   88.603372][ T4398] EXT4-fs (loop3): Test dummy encryption mode enabled
[   88.649733][ T4398] EXT4-fs (loop3): Ignoring removed nomblk_io_submit option
[   88.680543][ T4266] usb 1-1: USB disconnect, device number 2
[   88.713719][ T4398] EXT4-fs (loop3): mounted filesystem without journal. Opts: test_dummy_encryption=v1,test_dummy_encryption=v1,nomblk_io_submit,commit=0x0000000000000000,,errors=continue. Quota mode: none.
[   88.799678][ T4405] syz.2.39 uses obsolete (PF_INET,SOCK_PACKET)
[   88.925482][ T4398] ext4 filesystem being mounted at /10/mnt supports timestamps until 2038-01-19 (0x7fffffff)
[   89.756264][ T4178] udevd[4178]: error opening ATTR{/sys/devices/platform/dummy_hcd.0/usb1/1-1/1-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[   90.221362][ T4417] loop2: detected capacity change from 0 to 8192
[   97.056504][ T4418] binder: 4411:4418 ioctl 89e0 200000000000 returned -22
[   97.855619][ T4433] loop0: detected capacity change from 0 to 1024
[   98.043883][ T4433] EXT4-fs (loop0): inline encryption not supported
[   98.060734][ T4433] EXT4-fs (loop0): Mount option "noacl" will be removed by 3.5
[   98.060734][ T4433] Contact linux-ext4@vger.kernel.org if you think we should keep it.
[   98.060734][ T4433] 
[   98.159277][ T4433] EXT4-fs (loop0): Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE
[   98.224304][ T4433] EXT4-fs (loop0): bad geometry: bigalloc file system with non-zero first_data_block
[   98.224304][ T4433] 
[   98.490664][ T4443] loop1: detected capacity change from 0 to 256
[   98.793528][ T4443] block device autoloading is deprecated and will be removed.
[   99.716992][ T4444] loop2: detected capacity change from 0 to 512
[   99.735100][ T4433] loop0: detected capacity change from 0 to 4096
[   99.820363][ T4444] =======================================================
[   99.820363][ T4444] WARNING: The mand mount option has been deprecated and
[   99.820363][ T4444]          and is ignored by this kernel. Remove the mand
[   99.820363][ T4444]          option from the mount to silence this warning.
[   99.820363][ T4444] =======================================================
[   99.897109][ T4433] EXT4-fs (loop0): Ignoring removed bh option
[  100.046031][ T4433] [EXT4 FS bs=4096, gc=1, bpg=524288, ipg=32, mo=a842c018, mo2=0003]
[  100.062242][ T4433] System zones: 0-5
[  100.134761][ T4433] EXT4-fs (loop0): mounted filesystem without journal. Opts: debug,dioread_nolock,block_validity,errors=continue,grpjquota=,bh,delalloc,noquota,,errors=continue. Quota mode: writeback.
[  103.170276][ T4451] chnl_net:caif_netlink_parms(): no params data found
[  103.289464][ T1324] usb 2-1: new high-speed USB device number 2 using dummy_hcd
[  103.444574][ T4451] bridge0: port 1(bridge_slave_0) entered blocking state
[  103.515280][ T4451] bridge0: port 1(bridge_slave_0) entered disabled state
[  103.556122][ T4451] device bridge_slave_0 entered promiscuous mode
[  103.589762][   T13] Bluetooth: hci5: command 0x0409 tx timeout
[  103.641212][ T4451] bridge0: port 2(bridge_slave_1) entered blocking state
[  103.846547][ T4451] bridge0: port 2(bridge_slave_1) entered disabled state
[  103.986016][ T4451] device bridge_slave_1 entered promiscuous mode
[  104.438128][ T4451] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  104.469264][ T1324] usb 2-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  104.490321][ T4451] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  104.509479][ T1324] usb 2-1: config 1 has 1 interface, different from the descriptor's value: 3
[  104.619599][ T1324] usb 2-1: New USB device found, idVendor=08b7, idProduct=0000, bcdDevice= 0.00
[  104.628701][ T1324] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3
[  104.634056][ T4468] loop0: detected capacity change from 0 to 40427
[  104.646072][ T1324] usb 2-1: SerialNumber: syz
[  104.778566][ T4468] F2FS-fs (loop0): Invalid SB checksum offset: 0
[  104.819854][ T4468] F2FS-fs (loop0): Can't find valid F2FS filesystem in 2th superblock
[  104.871554][ T4468] F2FS-fs (loop0): invalid crc value
[  104.889618][ T4451] team0: Port device team_slave_0 added
[  104.898984][ T4451] team0: Port device team_slave_1 added
[  104.960897][ T4468] F2FS-fs (loop0): Disable nat_bits due to incorrect cp_ver (10241045589465957861, 585327988383614437)
[  105.308405][ T4491] loop3: detected capacity change from 0 to 8192
[  106.471246][   T13] Bluetooth: hci5: command 0x041b tx timeout
[  106.493907][  T240] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  106.971132][ T4499] loop1: detected capacity change from 0 to 512
[  106.982848][ T4494] netlink: 'syz.2.55': attribute type 1 has an invalid length.
[  107.054294][ T4499] EXT4-fs (loop1): Ignoring removed orlov option
[  107.069970][ T4451] batman_adv: batadv0: Adding interface: batadv_slave_0
[  107.077057][ T4451] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  107.129680][ T4499] EXT4-fs (loop1): Test dummy encryption mode enabled
[  107.170450][ T4499] EXT4-fs: Warning: mounting with data=journal disables delayed allocation, dioread_nolock, O_DIRECT and fast_commit support!
[  107.245211][ T4499] EXT4-fs (loop1): encrypted files will use data=ordered instead of data journaling mode
[  107.276660][ T4451] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  107.348666][ T4451] batman_adv: batadv0: Adding interface: batadv_slave_1
[  107.367362][ T4499] EXT4-fs (loop1): 1 truncate cleaned up
[  107.399315][ T4499] EXT4-fs (loop1): mounted filesystem without journal. Opts: dioread_lock,quota,barrier=0x0000000000000003,orlov,test_dummy_encryption=v1,jqfmt=vfsv1,data_err=ignore,nogrpid,,errors=continue. Quota mode: writeback.
[  107.420770][ T4451] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  107.463066][ T4451] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  107.481930][ T1324] usb 2-1: 0:2 : does not exist
[  107.551888][  T240] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  107.664619][ T1324] usb 2-1: USB disconnect, device number 2
[  107.705992][  T240] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  107.803511][ T4451] device hsr_slave_0 entered promiscuous mode
[  107.837566][ T4451] device hsr_slave_1 entered promiscuous mode
[  107.893041][ T4505] loop3: detected capacity change from 0 to 1024
[  107.919876][ T4178] udevd[4178]: error opening ATTR{/sys/devices/platform/dummy_hcd.1/usb2/2-1/2-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  108.120656][ T4451] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  108.128265][ T4451] Cannot create hsr debugfs directory
[  108.169457][ T4505] EXT4-fs (loop3): couldn't mount as ext2 due to feature incompatibilities
[  108.288718][  T240] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  109.002985][   T13] Bluetooth: hci5: command 0x040f tx timeout
[  109.559569][ T4518] netlink: 'syz.3.57': attribute type 4 has an invalid length.
[  110.695359][ T4451] netdevsim netdevsim5 netdevsim0: renamed from eth0
[  110.788075][ T4451] netdevsim netdevsim5 netdevsim1: renamed from eth1
[  110.798036][ T4451] netdevsim netdevsim5 netdevsim2: renamed from eth2
[  110.815461][ T4451] netdevsim netdevsim5 netdevsim3: renamed from eth3
[  111.029369][   T13] Bluetooth: hci5: command 0x0419 tx timeout
[  111.039984][ T4451] 8021q: adding VLAN 0 to HW filter on device bond0
[  111.097040][ T4451] 8021q: adding VLAN 0 to HW filter on device team0
[  111.121561][ T4497] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[  111.135581][ T4497] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[  111.165407][ T4497] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[  111.194656][ T4497] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[  111.214759][ T4497] bridge0: port 1(bridge_slave_0) entered blocking state
[  111.221917][ T4497] bridge0: port 1(bridge_slave_0) entered forwarding state
[  111.281970][ T4497] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[  111.308698][ T4497] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[  111.337928][ T4497] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[  111.355193][ T4497] bridge0: port 2(bridge_slave_1) entered blocking state
[  111.362317][ T4497] bridge0: port 2(bridge_slave_1) entered forwarding state
[  111.419067][ T4497] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[  111.451439][ T4497] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[  111.490777][ T4497] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[  112.895868][ T4565] binder: 4559:4565 ioctl 89e0 200000000000 returned -22
[  114.009924][ T4563] overlayfs: option "workdir=./bus" is useless in a non-upper mount, ignore
[  114.019280][ T4563] overlayfs: at least 2 lowerdir are needed while upperdir nonexistent
[  114.145017][ T4201] Bluetooth: hci0: Controller not accepting commands anymore: ncmd = 0
[  114.159391][ T4201] Bluetooth: hci0: Injecting HCI hardware error event
[  114.171862][ T4207] Bluetooth: hci0: hardware error 0x00
[  114.205522][ T4497] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[  114.369375][ T4497] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[  114.401660][ T4293] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[  114.422770][ T4293] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[  115.415126][ T4451] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network
[  115.427927][ T1324] Bluetooth: hci1: Controller not accepting commands anymore: ncmd = 0
[  115.436348][ T1324] Bluetooth: hci1: Injecting HCI hardware error event
[  115.444299][ T4200] Bluetooth: hci1: hardware error 0x00
[  115.453300][ T4451] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[  115.587985][ T4431] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[  115.972047][ T4584] loop0: detected capacity change from 0 to 8192
[  117.497676][ T4431] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[  117.559183][    T0] NOHZ tick-stop error: Non-RCU local softirq work is pending, handler #282!!!
[  117.579180][    T0] NOHZ tick-stop error: Non-RCU local softirq work is pending, handler #282!!!
[  117.589180][    T0] NOHZ tick-stop error: Non-RCU local softirq work is pending, handler #282!!!
[  117.599181][    T0] NOHZ tick-stop error: Non-RCU local softirq work is pending, handler #282!!!
[  117.609181][    T0] NOHZ tick-stop error: Non-RCU local softirq work is pending, handler #282!!!
[  117.619180][    T0] NOHZ tick-stop error: Non-RCU local softirq work is pending, handler #382!!!
[  117.629180][    T0] NOHZ tick-stop error: Non-RCU local softirq work is pending, handler #382!!!
[  117.649183][    T0] NOHZ tick-stop error: Non-RCU local softirq work is pending, handler #382!!!
[  117.659183][    T0] NOHZ tick-stop error: Non-RCU local softirq work is pending, handler #382!!!
[  117.669180][    T0] NOHZ tick-stop error: Non-RCU local softirq work is pending, handler #382!!!
[  117.956193][ T4431] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[  117.964783][ T4431] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[  117.979947][ T4431] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[  119.338061][ T4606] netlink: 'syz.0.72': attribute type 4 has an invalid length.
[  120.091017][ T4615] netlink: 96 bytes leftover after parsing attributes in process `syz.0.78'.
[  121.254937][  T144] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready
[  121.279681][  T144] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready
[  121.341799][ T4451] 8021q: adding VLAN 0 to HW filter on device batadv0
[  121.419512][  T240] device hsr_slave_0 left promiscuous mode
[  121.447492][  T240] device hsr_slave_1 left promiscuous mode
[  121.499763][  T240] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  121.507893][  T240] batman_adv: batadv0: Removing interface: batadv_slave_0
[  121.661374][  T240] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  121.677709][  T240] batman_adv: batadv0: Removing interface: batadv_slave_1
[  121.768935][  T240] device bridge_slave_1 left promiscuous mode
[  121.786911][  T240] bridge0: port 2(bridge_slave_1) entered disabled state
[  121.821024][  T240] device bridge_slave_0 left promiscuous mode
[  121.827279][  T240] bridge0: port 1(bridge_slave_0) entered disabled state
[  121.860338][  T240] device veth1_macvtap left promiscuous mode
[  121.866671][  T240] device veth0_macvtap left promiscuous mode
[  121.889953][  T240] device veth1_vlan left promiscuous mode
[  121.895910][  T240] device veth0_vlan left promiscuous mode
[  122.019549][ T1324] usb 2-1: new high-speed USB device number 3 using dummy_hcd
[  122.269275][ T1324] usb 2-1: Using ep0 maxpacket: 16
[  122.385357][  T240] team0 (unregistering): Port device team_slave_1 removed
[  122.399300][ T1324] usb 2-1: config 0 interface 0 altsetting 16 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  122.446125][ T4640] overlayfs: option "workdir=./bus" is useless in a non-upper mount, ignore
[  122.455057][ T4640] overlayfs: at least 2 lowerdir are needed while upperdir nonexistent
[  122.723912][  T240] team0 (unregistering): Port device team_slave_0 removed
[  123.002603][  T240] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  123.279651][  T240] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  123.280458][ T1324] usb 2-1: config 0 interface 0 altsetting 16 endpoint 0x81 has invalid wMaxPacketSize 0
[  123.315927][ T1324] usb 2-1: config 0 interface 0 altsetting 16 has 1 endpoint descriptor, different from the interface descriptor's value: 28
[  123.329058][ T1324] usb 2-1: config 0 interface 0 has no altsetting 0
[  123.335885][ T1324] usb 2-1: New USB device found, idVendor=056a, idProduct=0331, bcdDevice= 0.00
[  123.358162][ T1324] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  123.369918][ T4206] Bluetooth: hci0: unexpected event for opcode 0x0000
[  123.394361][ T1324] usb 2-1: config 0 descriptor??
[  123.400947][ T2299] Bluetooth: hci3: Controller not accepting commands anymore: ncmd = 0
[  123.409368][ T2299] Bluetooth: hci3: Injecting HCI hardware error event
[  123.417011][ T4206] Bluetooth: hci3: hardware error 0x00
[  123.596711][  T240] bond0 (unregistering): Released all slaves
[  123.703457][ T4652] netlink: 36 bytes leftover after parsing attributes in process `syz.2.88'.
[  124.073790][ T4495] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready
[  124.103877][ T4495] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[  124.210092][  T145] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready
[  124.251442][  T145] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[  124.297330][ T4451] device veth0_vlan entered promiscuous mode
[  124.321124][ T4266] usb 2-1: USB disconnect, device number 3
[  125.035520][  T145] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[  125.062654][  T145] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[  125.076895][ T4451] device veth1_vlan entered promiscuous mode
[  125.159615][ T4266] usb 2-1: new high-speed USB device number 4 using dummy_hcd
[  125.263537][  T144] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready
[  125.285796][  T144] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[  125.467308][ T4692] overlayfs: missing 'lowerdir'
[  125.586103][ T4451] device veth0_macvtap entered promiscuous mode
[  125.660934][ T4451] device veth1_macvtap entered promiscuous mode
[  125.828105][ T4451] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  125.921847][ T4451] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  125.986246][ T4451] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  126.003240][ T4451] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  126.014934][ T4703] loop0: detected capacity change from 0 to 1024
[  126.026625][ T4451] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  126.041640][ T4451] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  126.058503][ T4266] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  126.079186][ T4451] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  126.089809][ T4266] usb 2-1: New USB device found, idVendor=0926, idProduct=3333, bcdDevice= 0.40
[  126.105170][ T4451] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  126.115591][ T4266] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  126.135388][ T4451] batman_adv: batadv0: Interface activated: batadv_slave_0
[  126.146812][ T4266] usb 2-1: config 0 descriptor??
[  126.183488][ T4703] EXT4-fs (loop0): inline encryption not supported
[  126.210159][ T4705] netlink: 36 bytes leftover after parsing attributes in process `syz.2.98'.
[  126.212742][ T4703] EXT4-fs (loop0): Mount option "noacl" will be removed by 3.5
[  126.212742][ T4703] Contact linux-ext4@vger.kernel.org if you think we should keep it.
[  126.212742][ T4703] 
[  126.224933][ T3072] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready
[  126.261146][ T4703] EXT4-fs (loop0): Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE
[  126.316557][ T3072] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready
[  126.344042][ T4703] EXT4-fs (loop0): bad geometry: bigalloc file system with non-zero first_data_block
[  126.344042][ T4703] 
[  126.350012][ T3072] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready
[  126.390839][ T3072] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[  126.440684][ T4451] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  126.466319][ T4451] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  126.483081][ T4451] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  126.496301][ T4451] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  126.521223][ T4451] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  126.543987][ T4451] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  126.573648][ T4451] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  126.587476][ T4451] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  126.608025][ T4451] batman_adv: batadv0: Interface activated: batadv_slave_1
[  126.626764][  T144] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
[  126.640952][ T4266] keytouch 0003:0926:3333.0002: fixing up Keytouch IEC report descriptor
[  126.679847][  T144] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[  126.688007][ T4266] input: HID 0926:3333 as /devices/platform/dummy_hcd.1/usb2/2-1/2-1:0.0/0003:0926:3333.0002/input/input5
[  126.708676][ T4451] netdevsim netdevsim5 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  126.751264][ T4451] netdevsim netdevsim5 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  126.769236][ T4451] netdevsim netdevsim5 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  126.775553][ T4703] loop0: detected capacity change from 0 to 4096
[  126.777958][ T4451] netdevsim netdevsim5 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  126.825911][ T4703] EXT4-fs (loop0): Ignoring removed bh option
[  126.914173][ T4703] [EXT4 FS bs=4096, gc=1, bpg=524288, ipg=32, mo=a842c018, mo2=0003]
[  126.925967][ T4266] keytouch 0003:0926:3333.0002: input,hidraw0: USB HID v0.00 Keyboard [HID 0926:3333] on usb-dummy_hcd.1-1/input0
[  126.939116][ T4703] System zones: 0-5
[  127.049701][ T4703] EXT4-fs (loop0): mounted filesystem without journal. Opts: debug,dioread_nolock,block_validity,errors=continue,grpjquota=,bh,delalloc,noquota,,errors=continue. Quota mode: writeback.
[  127.177778][  T145] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  127.231481][ T4682] udc-core: couldn't find an available UDC or it's busy
[  127.293299][  T145] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  127.303013][ T4682] misc raw-gadget: fail, usb_gadget_probe_driver returned -16
[  127.314551][ T3072] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready
[  127.316355][ T1108] usb 2-1: USB disconnect, device number 4
[  127.335010][ T4200] Bluetooth: hci3: unexpected event for opcode 0x0000
[  127.505042][ T4724] fido_id[4724]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.1/usb2/2-1/report_descriptor': No such file or directory
[  127.780348][  T144] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  127.788375][  T144] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  127.877074][ T4431] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready
[  128.239973][ T4717] loop3: detected capacity change from 0 to 32768
[  128.427431][ T4757] overlayfs: missing 'lowerdir'
[  129.261530][ T4717] XFS (loop3): Mounting V5 Filesystem
[  129.521421][ T4717] XFS (loop3): Ending clean mount
[  129.614434][ T4189] XFS (loop3): Unmounting Filesystem
[  130.933657][ T4795] loop3: detected capacity change from 0 to 1024
[  131.410927][ T4795] EXT4-fs (loop3): inline encryption not supported
[  131.596072][ T4795] EXT4-fs (loop3): Mount option "noacl" will be removed by 3.5
[  131.596072][ T4795] Contact linux-ext4@vger.kernel.org if you think we should keep it.
[  131.596072][ T4795] 
[  132.138885][ T4795] EXT4-fs (loop3): Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE
[  132.531216][ T4795] EXT4-fs (loop3): bad geometry: bigalloc file system with non-zero first_data_block
[  132.531216][ T4795] 
[  132.759272][ T4804] nf_conntrack: default automatic helper assignment has been turned off for security reasons and CT-based firewall rule not found. Use the iptables CT target to attach helpers instead.
[  133.434890][ T1324] Bluetooth: hci2: Controller not accepting commands anymore: ncmd = 0
[  133.525029][ T1324] Bluetooth: hci2: Injecting HCI hardware error event
[  133.599401][ T4200] Bluetooth: hci2: hardware error 0x00
[  133.670104][    T7] Bluetooth: hci5: Controller not accepting commands anymore: ncmd = 0
[  133.686886][ T4795] loop3: detected capacity change from 0 to 4096
[  133.694096][    T7] Bluetooth: hci5: Injecting HCI hardware error event
[  133.701788][ T4207] Bluetooth: hci5: hardware error 0x00
[  133.967060][ T4828] overlayfs: missing 'lowerdir'
[  134.852349][ T4829] loop1: detected capacity change from 0 to 512
[  135.022279][ T4795] EXT4-fs (loop3): Ignoring removed bh option
[  135.042063][ T4829] EXT4-fs (loop1): Ignoring removed nomblk_io_submit option
[  135.083404][ T4829] EXT4-fs (loop1): encrypted files will use data=ordered instead of data journaling mode
[  135.115115][ T4795] EXT4-fs: failed to create workqueue
[  135.139185][ T4795] EXT4-fs (loop3): mount failed
[  135.200114][ T4829] EXT4-fs error (device loop1): ext4_orphan_get:1432: comm syz.1.122: bad orphan inode 131083
[  135.274284][ T4829] EXT4-fs (loop1): mounted filesystem without journal. Opts: nomblk_io_submit,journal_dev=0x00000000000003f2,noload,,errors=continue. Quota mode: none.
[  135.317090][ T4850] netlink: 24 bytes leftover after parsing attributes in process `syz.5.128'.
[  136.469764][ T4869] netlink: 96 bytes leftover after parsing attributes in process `syz.5.131'.
[  137.675429][ T4881] overlayfs: missing 'workdir'
[  137.962654][ T1431] ieee802154 phy0 wpan0: encryption failed: -22
[  137.968990][ T1431] ieee802154 phy1 wpan1: encryption failed: -22
[  139.754587][ T4206] Bluetooth: hci2: unexpected event for opcode 0x0000
[  140.481761][ T4921] binder: BINDER_SET_CONTEXT_MGR already set
[  140.504502][ T4921] binder: 4920:4921 ioctl 4018620d 2000000002c0 returned -16
[  141.195862][ T4929] netlink: 96 bytes leftover after parsing attributes in process `syz.3.143'.
[  142.188130][ T4206] Bluetooth: hci2: unexpected event for opcode 0x0000
[  142.332707][ T4939] loop0: detected capacity change from 0 to 512
[  142.389119][ T4939] EXT4-fs (loop0): Ignoring removed nomblk_io_submit option
[  142.438929][ T4939] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode
[  142.610749][ T4945] overlayfs: missing 'workdir'
[  143.396484][ T4939] EXT4-fs error (device loop0): ext4_orphan_get:1432: comm syz.0.147: bad orphan inode 131083
[  143.495834][ T4939] EXT4-fs (loop0): mounted filesystem without journal. Opts: nomblk_io_submit,journal_dev=0x00000000000003f2,noload,,errors=continue. Quota mode: none.
[  145.571559][ T4952] netlink: 24 bytes leftover after parsing attributes in process `syz.5.150'.
[  145.656769][ T4964] binder: BINDER_SET_CONTEXT_MGR already set
[  145.695498][ T4964] binder: 4963:4964 ioctl 4018620d 2000000002c0 returned -16
[  148.638720][ T4994] overlayfs: missing 'workdir'
[  149.518568][ T5005] loop1: detected capacity change from 0 to 512
[  149.604410][ T5005] EXT4-fs (loop1): Ignoring removed nomblk_io_submit option
[  149.664476][ T5005] EXT4-fs (loop1): encrypted files will use data=ordered instead of data journaling mode
[  149.830135][ T5005] EXT4-fs error (device loop1): ext4_orphan_get:1432: comm syz.1.163: bad orphan inode 131083
[  149.900389][ T5005] EXT4-fs (loop1): mounted filesystem without journal. Opts: nomblk_io_submit,journal_dev=0x00000000000003f2,noload,,errors=continue. Quota mode: none.
[  150.054565][ T5019] netlink: 24 bytes leftover after parsing attributes in process `syz.0.166'.
[  150.770196][ T5031] nf_conntrack: default automatic helper assignment has been turned off for security reasons and CT-based firewall rule not found. Use the iptables CT target to attach helpers instead.
[  152.455024][ T5010] loop5: detected capacity change from 0 to 32768
[  153.367339][ T5075] netlink: 96 bytes leftover after parsing attributes in process `syz.1.180'.
[  154.287986][ T5078] loop0: detected capacity change from 0 to 512
[  154.358395][ T5078] EXT4-fs (loop0): Ignoring removed nomblk_io_submit option
[  154.922237][ T5078] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode
[  155.377785][ T5078] EXT4-fs error (device loop0): ext4_orphan_get:1432: comm syz.0.179: bad orphan inode 131083
[  155.485949][ T5078] EXT4-fs (loop0): mounted filesystem without journal. Opts: nomblk_io_submit,journal_dev=0x00000000000003f2,noload,,errors=continue. Quota mode: none.
[  159.835013][ T5198] loop0: detected capacity change from 0 to 128
[  161.378934][ T5198] UDF-fs: error (device loop0): udf_read_tagged: read failed, block=256, location=256
[  161.756001][ T5203] binder: 5202:5203 ioctl c0306201 200000000240 returned -11
[  161.927584][ T5218] binder: 5216:5218 ioctl c0306201 200000000240 returned -11
[  168.777085][ T5359] loop1: detected capacity change from 0 to 1024
[  168.856289][ T5359] EXT4-fs (loop1): inline encryption not supported
[  168.880195][ T5286] usb 4-1: new full-speed USB device number 2 using dummy_hcd
[  168.914650][ T5359] EXT4-fs (loop1): Mount option "noacl" will be removed by 3.5
[  168.914650][ T5359] Contact linux-ext4@vger.kernel.org if you think we should keep it.
[  168.914650][ T5359] 
[  169.015948][ T5359] EXT4-fs (loop1): Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE
[  169.081892][ T5359] EXT4-fs (loop1): bad geometry: bigalloc file system with non-zero first_data_block
[  169.081892][ T5359] 
[  169.408015][ T5286] usb 4-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  169.418783][ T5286] usb 4-1: config 1 has 1 interface, different from the descriptor's value: 3
[  169.527155][ T5359] loop1: detected capacity change from 0 to 4096
[  169.574723][ T5359] EXT4-fs (loop1): Ignoring removed bh option
[  169.619631][ T5286] usb 4-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[  169.636994][ T5286] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  169.637791][ T5359] [EXT4 FS bs=4096, gc=1, bpg=524288, ipg=32, mo=a842c018, mo2=0003]
[  169.654602][ T5286] usb 4-1: Product: syz
[  169.663071][ T5286] usb 4-1: Manufacturer: syz
[  169.671136][ T5286] usb 4-1: SerialNumber: syz
[  169.689879][ T5359] System zones: 0-5
[  169.716640][ T5359] EXT4-fs (loop1): mounted filesystem without journal. Opts: debug,dioread_nolock,block_validity,errors=continue,grpjquota=,bh,delalloc,noquota,,errors=continue. Quota mode: writeback.
[  170.739394][ T5286] usb 4-1: 0:2 : does not exist
[  170.744377][ T5286] usb 4-1: unit 9 not found!
[  170.839736][ T5286] usb 4-1: USB disconnect, device number 2
[  171.173116][ T4727] udevd[4727]: error opening ATTR{/sys/devices/platform/dummy_hcd.3/usb4/4-1/4-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  173.730262][ T5432] loop5: detected capacity change from 0 to 1024
[  173.766161][ T5434] binder: 5433:5434 ioctl c0306201 200000000240 returned -11
[  173.879421][ T5432] EXT4-fs (loop5): inline encryption not supported
[  173.888373][ T5432] EXT4-fs (loop5): Mount option "noacl" will be removed by 3.5
[  173.888373][ T5432] Contact linux-ext4@vger.kernel.org if you think we should keep it.
[  173.888373][ T5432] 
[  174.930526][ T5432] EXT4-fs (loop5): Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE
[  175.636757][ T5432] EXT4-fs (loop5): bad geometry: bigalloc file system with non-zero first_data_block
[  175.636757][ T5432] 
[  175.800711][ T5460] pit: kvm: requested 1676 ns i8254 timer period limited to 200000 ns
[  175.886387][ T5432] loop5: detected capacity change from 0 to 4096
[  175.971318][ T5432] EXT4-fs (loop5): Ignoring removed bh option
[  175.993973][ T5432] [EXT4 FS bs=4096, gc=1, bpg=524288, ipg=32, mo=a842c018, mo2=0003]
[  176.021132][ T5432] System zones: 0-5
[  176.047209][ T5432] EXT4-fs (loop5): mounted filesystem without journal. Opts: debug,dioread_nolock,block_validity,errors=continue,grpjquota=,bh,delalloc,noquota,,errors=continue. Quota mode: writeback.
[  176.099364][ T5284] usb 4-1: new full-speed USB device number 3 using dummy_hcd
[  176.649952][ T5284] usb 4-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  176.953009][ T5284] usb 4-1: config 1 has 1 interface, different from the descriptor's value: 3
[  177.269334][ T4200] Bluetooth: hci4: Entering manufacturer mode failed (-110)
[  177.770414][ T5284] usb 4-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[  177.971016][ T5284] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  178.307572][ T5284] usb 4-1: Product: syz
[  178.361568][ T5284] usb 4-1: Manufacturer: syz
[  178.419374][ T5284] usb 4-1: SerialNumber: syz
[  178.738210][ T5509] netlink: 96 bytes leftover after parsing attributes in process `syz.5.279'.
[  179.119683][ T5284] usb 4-1: can't set config #1, error -71
[  179.130791][ T5284] usb 4-1: USB disconnect, device number 3
[  179.915803][ T5534] loop1: detected capacity change from 0 to 1024
[  180.014851][ T5534] EXT4-fs (loop1): inline encryption not supported
[  180.124976][ T5531] kvm [5528]: vcpu0, guest rIP: 0x18e disabled perfctr wrmsr: 0xc1 data 0x166
[  180.140048][ T5534] EXT4-fs (loop1): Mount option "noacl" will be removed by 3.5
[  180.140048][ T5534] Contact linux-ext4@vger.kernel.org if you think we should keep it.
[  180.140048][ T5534] 
[  180.268633][ T5531] kvm [5528]: vcpu0, guest rIP: 0x1b8 disabled perfctr wrmsr: 0xc1 data 0x0
[  180.383266][ T5534] EXT4-fs (loop1): Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE
[  180.496521][ T5534] EXT4-fs (loop1): bad geometry: bigalloc file system with non-zero first_data_block
[  180.496521][ T5534] 
[  180.948308][ T5534] loop1: detected capacity change from 0 to 4096
[  181.038008][ T5534] EXT4-fs (loop1): Ignoring removed bh option
[  181.103791][ T5534] [EXT4 FS bs=4096, gc=1, bpg=524288, ipg=32, mo=a842c018, mo2=0003]
[  181.169506][ T5534] System zones: 0-5
[  181.266044][ T5534] EXT4-fs (loop1): mounted filesystem without journal. Opts: debug,dioread_nolock,block_validity,errors=continue,grpjquota=,bh,delalloc,noquota,,errors=continue. Quota mode: writeback.
[  183.097531][ T5558] loop3: detected capacity change from 0 to 128
[  183.263176][ T5566] netlink: 36 bytes leftover after parsing attributes in process `syz.1.295'.
[  183.360158][ T5558] UDF-fs: error (device loop3): udf_read_tagged: read failed, block=256, location=256
[  186.038570][ T5596] netlink: 96 bytes leftover after parsing attributes in process `syz.3.301'.
[  188.013651][ T5602] netlink: 96 bytes leftover after parsing attributes in process `syz.1.304'.
[  188.183332][ T5608] netlink: 36 bytes leftover after parsing attributes in process `syz.0.306'.
[  188.563590][ T5618] loop5: detected capacity change from 0 to 128
[  188.644601][ T5618] UDF-fs: error (device loop5): udf_read_tagged: read failed, block=256, location=256
[  191.734296][ T5638] netlink: 96 bytes leftover after parsing attributes in process `syz.5.312'.
[  192.905665][ T5649] netlink: 36 bytes leftover after parsing attributes in process `syz.0.318'.
[  195.563239][ T5686] loop5: detected capacity change from 0 to 128
[  197.122569][ T5686] UDF-fs: error (device loop5): udf_read_tagged: read failed, block=256, location=256
[  198.793859][ T5710] pit: kvm: requested 1676 ns i8254 timer period limited to 200000 ns
[  198.803414][ T5712] netlink: 36 bytes leftover after parsing attributes in process `syz.3.329'.
[  199.276435][ T1431] ieee802154 phy0 wpan0: encryption failed: -22
[  199.286040][ T1431] ieee802154 phy1 wpan1: encryption failed: -22
[  199.362983][ T5727] loop3: detected capacity change from 0 to 1024
[  200.499053][ T5727] EXT4-fs (loop3): inline encryption not supported
[  200.529984][ T5727] EXT4-fs (loop3): Mount option "noacl" will be removed by 3.5
[  200.529984][ T5727] Contact linux-ext4@vger.kernel.org if you think we should keep it.
[  200.529984][ T5727] 
[  200.589226][ T5727] EXT4-fs (loop3): Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE
[  200.622125][ T5727] EXT4-fs (loop3): bad geometry: bigalloc file system with non-zero first_data_block
[  200.622125][ T5727] 
[  200.970421][ T5747] loop1: detected capacity change from 0 to 128
[  201.340047][ T5747] UDF-fs: error (device loop1): udf_read_tagged: read failed, block=256, location=256
[  201.763680][ T5727] loop3: detected capacity change from 0 to 4096
[  201.844757][ T5756] netlink: 36 bytes leftover after parsing attributes in process `syz.1.341'.
[  201.854001][ T5727] EXT4-fs (loop3): Ignoring removed bh option
[  201.925130][ T5727] [EXT4 FS bs=4096, gc=1, bpg=524288, ipg=32, mo=a842c018, mo2=0003]
[  201.939317][ T5727] System zones: 0-5
[  201.985547][ T5727] EXT4-fs (loop3): mounted filesystem without journal. Opts: debug,dioread_nolock,block_validity,errors=continue,grpjquota=,bh,delalloc,noquota,,errors=continue. Quota mode: writeback.
[  202.077320][ T5760] device gre0 entered promiscuous mode
[  202.106427][ T5767] device gre0 entered promiscuous mode
[  203.862214][ T5804] loop1: detected capacity change from 0 to 128
[  204.020195][ T5804] UDF-fs: error (device loop1): udf_read_tagged: read failed, block=256, location=256
[  204.447653][ T5803] netlink: 36 bytes leftover after parsing attributes in process `syz.2.354'.
[  204.647849][ T5822] netlink: 36 bytes leftover after parsing attributes in process `syz.1.357'.
[  209.189441][ T5860] netlink: 96 bytes leftover after parsing attributes in process `syz.2.368'.
[  209.419575][ T5866] loop5: detected capacity change from 0 to 128
[  210.876464][ T5870] netlink: 96 bytes leftover after parsing attributes in process `syz.3.367'.
[  213.331850][ T5901] netlink: 96 bytes leftover after parsing attributes in process `syz.5.379'.
[  214.175482][ T5903] netlink: 36 bytes leftover after parsing attributes in process `syz.0.378'.
[  216.676396][ T5924] loop1: detected capacity change from 0 to 128
[  218.107541][ T5924] UDF-fs: error (device loop1): udf_read_tagged: read failed, block=256, location=256
[  219.738491][ T5935] device gre0 entered promiscuous mode
[  221.640261][ T5956] netlink: 96 bytes leftover after parsing attributes in process `syz.0.390'.
[  222.561406][ T5966] binder: 5962:5966 ioctl 4018620d 0 returned -22
[  223.067786][ T5977] netlink: 188 bytes leftover after parsing attributes in process `syz.2.395'.
[  223.943334][ T5985] netlink: 96 bytes leftover after parsing attributes in process `syz.2.396'.
[  224.863977][ T6001] netlink: 96 bytes leftover after parsing attributes in process `syz.1.402'.
[  227.120909][ T6011] binder: BINDER_SET_CONTEXT_MGR already set
[  227.126947][ T6011] binder: 6008:6011 ioctl 4018620d 200000000040 returned -16
[  227.596185][ T6023] binder: BINDER_SET_CONTEXT_MGR already set
[  227.625180][ T6023] binder: 6021:6023 ioctl 4018620d 2000000002c0 returned -16
[  227.666794][ T6025] binder: 6021:6025 ioctl c0306201 0 returned -14
[  228.558977][ T6032] netlink: 96 bytes leftover after parsing attributes in process `syz.0.413'.
[  229.753977][ T6036] kvm [6035]: vcpu0, guest rIP: 0x1b8 disabled perfctr wrmsr: 0xc1 data 0x0
[  233.433528][ T6060] netlink: 128 bytes leftover after parsing attributes in process `syz.1.403'.
[  233.463117][ T6060] netlink: 20 bytes leftover after parsing attributes in process `syz.1.403'.
[  233.490538][ T6060] netlink: 20 bytes leftover after parsing attributes in process `syz.1.403'.
[  234.753396][ T6066] netlink: 96 bytes leftover after parsing attributes in process `syz.0.414'.
[  235.003114][ T6075] binder: 6074:6075 ioctl c0306201 0 returned -14
[  235.114052][ T6079] device gre0 entered promiscuous mode
[  237.725245][ T6119] netlink: 96 bytes leftover after parsing attributes in process `syz.0.424'.
[  241.299295][ T6166] netlink: 96 bytes leftover after parsing attributes in process `syz.0.446'.
[  245.280568][ T6195] netlink: 96 bytes leftover after parsing attributes in process `syz.3.457'.
[  245.919448][ T6202] chnl_net:caif_netlink_parms(): no params data found
[  246.147753][ T6202] bridge0: port 1(bridge_slave_0) entered blocking state
[  246.156108][ T6202] bridge0: port 1(bridge_slave_0) entered disabled state
[  246.170318][ T6202] device bridge_slave_0 entered promiscuous mode
[  246.180755][ T6202] bridge0: port 2(bridge_slave_1) entered blocking state
[  246.187994][ T6202] bridge0: port 2(bridge_slave_1) entered disabled state
[  246.236495][ T6202] device bridge_slave_1 entered promiscuous mode
[  246.378506][ T6202] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  246.449674][ T6202] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  247.261995][ T6236] netlink: 96 bytes leftover after parsing attributes in process `syz.1.470'.
[  247.363798][ T6202] team0: Port device team_slave_0 added
[  247.384554][ T6202] team0: Port device team_slave_1 added
[  247.429381][    T7] Bluetooth: hci4: command 0x0409 tx timeout
[  247.541288][ T6202] batman_adv: batadv0: Adding interface: batadv_slave_0
[  247.548284][ T6202] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  247.735320][ T6202] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  247.950630][ T6202] batman_adv: batadv0: Adding interface: batadv_slave_1
[  247.957620][ T6202] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  248.401951][ T6202] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  248.577300][ T6255] kvm [6254]: vcpu0, guest rIP: 0x1b8 disabled perfctr wrmsr: 0xc1 data 0x0
[  248.645547][ T6202] device hsr_slave_0 entered promiscuous mode
[  248.654813][ T6255] kvm [6254]: vcpu0, guest rIP: 0x1b8 disabled perfctr wrmsr: 0xc1 data 0x0
[  248.681957][ T6202] device hsr_slave_1 entered promiscuous mode
[  249.351085][ T6264] netlink: 96 bytes leftover after parsing attributes in process `syz.2.480'.
[  249.431140][ T6202] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  249.439984][ T6202] Cannot create hsr debugfs directory
[  249.526654][ T4236] Bluetooth: hci4: command 0x041b tx timeout
[  250.096479][ T6202] netdevsim netdevsim6 netdevsim0: renamed from eth0
[  250.151476][ T6202] netdevsim netdevsim6 netdevsim1: renamed from eth1
[  250.199306][ T6202] netdevsim netdevsim6 netdevsim2: renamed from eth2
[  250.239887][ T6202] netdevsim netdevsim6 netdevsim3: renamed from eth3
[  250.726094][ T5950] netdevsim netdevsim5 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  251.091653][ T6202] 8021q: adding VLAN 0 to HW filter on device bond0
[  251.180873][ T4246] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[  251.230539][ T4246] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[  251.279592][ T6202] 8021q: adding VLAN 0 to HW filter on device team0
[  251.369696][ T6091] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[  251.379006][    C0] vcan0: j1939_simple_recv: Received already invalidated message
[  251.404700][ T6091] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[  251.432035][ T6091] bridge0: port 1(bridge_slave_0) entered blocking state
[  251.439193][ T6091] bridge0: port 1(bridge_slave_0) entered forwarding state
[  251.476100][ T5950] netdevsim netdevsim5 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  251.528053][ T6091] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[  251.545878][ T6091] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[  252.268902][ T6297] netlink: 96 bytes leftover after parsing attributes in process `syz.3.490'.
[  252.339354][ T4266] Bluetooth: hci4: command 0x040f tx timeout
[  252.347906][ T6091] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[  252.374482][ T6091] bridge0: port 2(bridge_slave_1) entered blocking state
[  252.381631][ T6091] bridge0: port 2(bridge_slave_1) entered forwarding state
[  252.424488][ T6091] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[  252.451298][ T6091] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[  252.494300][ T5950] netdevsim netdevsim5 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  252.609383][ T6091] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[  252.641685][ T6091] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[  252.690113][ T6091] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[  252.720599][ T6091] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[  252.758372][ T6202] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network
[  252.829322][ T6202] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[  252.926622][ T6091] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[  252.947495][ T6091] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[  252.992271][ T6091] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[  253.030218][ T6091] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[  253.059351][ T6091] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[  253.081297][ T6091] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[  253.114159][ T5950] netdevsim netdevsim5 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  254.002750][ T6346] binder_alloc: 6343: pid 6343 spamming oneway? 2 buffers allocated for a total size of 5120
[  254.210828][ T4492] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready
[  254.244502][ T4492] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready
[  254.244607][ T6355] binder: BINDER_SET_CONTEXT_MGR already set
[  254.265849][ T6355] binder: 6354:6355 ioctl 4018620d 200000000100 returned -16
[  254.345280][ T6202] 8021q: adding VLAN 0 to HW filter on device batadv0
[  254.389321][ T5624] Bluetooth: hci4: command 0x0419 tx timeout
[  256.062235][ T5950] device hsr_slave_0 left promiscuous mode
[  256.090785][ T5950] device hsr_slave_1 left promiscuous mode
[  256.118700][ T5950] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  256.348617][ T5950] batman_adv: batadv0: Removing interface: batadv_slave_0
[  256.430291][ T5950] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  256.438702][ T5950] batman_adv: batadv0: Removing interface: batadv_slave_1
[  256.446901][ T5950] device bridge_slave_1 left promiscuous mode
[  256.642296][ T5950] bridge0: port 2(bridge_slave_1) entered disabled state
[  256.697456][ T5950] device bridge_slave_0 left promiscuous mode
[  256.712217][ T6400] binder_alloc: 6399: pid 6399 spamming oneway? 2 buffers allocated for a total size of 5120
[  256.729372][ T5950] bridge0: port 1(bridge_slave_0) entered disabled state
[  256.773754][ T5950] device veth1_macvtap left promiscuous mode
[  256.826633][ T5950] device veth0_macvtap left promiscuous mode
[  256.839570][ T5950] device veth1_vlan left promiscuous mode
[  256.851422][ T5950] device veth0_vlan left promiscuous mode
[  257.242103][ T5950] team0 (unregistering): Port device team_slave_1 removed
[  257.258433][ T5950] team0 (unregistering): Port device team_slave_0 removed
[  257.274243][ T5950] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  257.292588][ T5950] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  257.367984][ T5950] bond0 (unregistering): Released all slaves
[  257.446688][ T4492] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready
[  257.490845][ T4492] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[  257.555414][ T5951] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready
[  257.569807][ T5951] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[  257.616342][ T5951] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[  257.657244][ T5951] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[  257.745132][ T6202] device veth0_vlan entered promiscuous mode
[  257.858385][ T6202] device veth1_vlan entered promiscuous mode
[  258.231026][ T6202] device veth0_macvtap entered promiscuous mode
[  258.331450][ T6202] device veth1_macvtap entered promiscuous mode
[  258.378370][ T6202] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  258.389048][ T6202] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  258.399333][ T6202] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  258.410011][ T6202] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  258.421267][ T6202] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  258.432602][ T6202] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  258.445836][ T6202] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  258.508428][ T6202] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  258.555422][ T6448] binder_alloc: 6447: pid 6447 spamming oneway? 2 buffers allocated for a total size of 5120
[  258.584786][ T6202] batman_adv: batadv0: Interface activated: batadv_slave_0
[  258.600814][ T4492] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready
[  258.628913][ T4492] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready
[  258.669990][ T4492] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready
[  258.722155][ T4492] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[  258.751015][ T4492] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready
[  258.778121][ T4492] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready
[  258.830817][ T4492] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[  258.873860][ T4492] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready
[  258.888551][ T6442] netlink: 24 bytes leftover after parsing attributes in process `syz.2.523'.
[  258.942472][ T6202] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  259.008425][ T6202] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  259.186902][ T6202] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  259.392139][ T6202] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  259.858054][ T6202] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  259.871944][ T6202] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  259.886395][ T6202] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  259.917594][ T6202] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  260.091320][ T6202] batman_adv: batadv0: Interface activated: batadv_slave_1
[  260.341738][ T4492] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
[  260.372396][ T4492] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[  260.444968][ T6202] netdevsim netdevsim6 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  260.488157][ T6202] netdevsim netdevsim6 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  260.505491][ T6202] netdevsim netdevsim6 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  260.515916][ T6202] netdevsim netdevsim6 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  261.181460][ T6477] netlink: 96 bytes leftover after parsing attributes in process `syz.2.535'.
[  261.236291][ T1431] ieee802154 phy0 wpan0: encryption failed: -22
[  261.259151][ T1431] ieee802154 phy1 wpan1: encryption failed: -22
[  261.736528][ T6481] netlink: 96 bytes leftover after parsing attributes in process `syz.0.536'.
[  262.804499][ T4492] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  262.889200][ T4492] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  263.213593][ T4492] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready
[  263.241074][ T4492] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  263.347789][ T4492] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  263.408833][  T240] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready
[  266.132230][ T6545] netlink: 96 bytes leftover after parsing attributes in process `syz.1.547'.
[  266.685916][ T6570] binder: 6568:6570 ioctl c0306201 0 returned -14
[  268.384976][ T6598] binder: BINDER_SET_CONTEXT_MGR already set
[  268.399123][ T6598] binder: 6597:6598 ioctl 4018620d 200000000040 returned -16
[  269.320223][ T6617] netlink: 96 bytes leftover after parsing attributes in process `syz.0.556'.
[  271.030382][    T7] Bluetooth: hci4: Controller not accepting commands anymore: ncmd = 0
[  271.053856][    T7] Bluetooth: hci4: Injecting HCI hardware error event
[  271.093072][ T4206] Bluetooth: hci4: hardware error 0x00
[  272.642981][ T6673] binder: BINDER_SET_CONTEXT_MGR already set
[  272.731462][ T6675] binder: 6668:6675 ioctl c0306201 0 returned -14
[  272.740743][ T6673] binder: 6668:6673 ioctl 4018620d 200000000040 returned -16
[  272.926179][ T6680] binder: 6679:6680 ioctl c0306201 200000000240 returned -11
[  272.959326][ T4200] Bluetooth: hci4: unexpected event for opcode 0x0000
[  274.006261][ T4200] Bluetooth: hci4: unexpected event for opcode 0x0000
[  275.893495][ T6737] netlink: 96 bytes leftover after parsing attributes in process `syz.3.588'.
[  276.935218][ T6748] binder: 6744:6748 ioctl c0306201 200000000240 returned -11
[  277.146230][ T4200] Bluetooth: hci4: unexpected event for opcode 0x0000
[  277.699156][ T6772] nf_conntrack: default automatic helper assignment has been turned off for security reasons and CT-based firewall rule not found. Use the iptables CT target to attach helpers instead.
[  279.362807][ T6785] netlink: 96 bytes leftover after parsing attributes in process `syz.0.602'.
[  280.617736][ T4200] Bluetooth: hci4: unexpected event for opcode 0x0000
[  284.444452][ T6865] pit: kvm: requested 1676 ns i8254 timer period limited to 200000 ns
[  284.571758][ T6872] pit: kvm: requested 838 ns i8254 timer period limited to 200000 ns
[  284.629845][ T6872] pit: kvm: requested 100571 ns i8254 timer period limited to 200000 ns
[  284.802295][ T6872] pit: kvm: requested 160914 ns i8254 timer period limited to 200000 ns
[  284.926996][ T6872] pit: kvm: requested 164266 ns i8254 timer period limited to 200000 ns
[  285.061372][ T6872] pit: kvm: requested 13409 ns i8254 timer period limited to 200000 ns
[  285.124936][ T6872] pit: kvm: requested 53638 ns i8254 timer period limited to 200000 ns
[  285.145631][ T6872] pit: kvm: requested 41904 ns i8254 timer period limited to 200000 ns
[  285.164919][ T6872] pit: kvm: requested 838 ns i8254 timer period limited to 200000 ns
[  285.194125][ T6872] pit: kvm: requested 2514 ns i8254 timer period limited to 200000 ns
[  285.195738][ T6881] device syzkaller0 entered promiscuous mode
[  290.373275][ T6941] netlink: 96 bytes leftover after parsing attributes in process `syz.2.631'.
[  290.925536][ T6980] binder: BINDER_SET_CONTEXT_MGR already set
[  290.942373][ T6980] binder: 6965:6980 ioctl 4018620d 200000000100 returned -16
[  291.331709][ T6966] binder: BINDER_SET_CONTEXT_MGR already set
[  291.339044][ T6966] binder: 6965:6966 ioctl 4018620d 200000004a80 returned -16
[  293.401439][ T7017] netlink: 96 bytes leftover after parsing attributes in process `syz.0.657'.
[  295.686361][ T7046] binder: BINDER_SET_CONTEXT_MGR already set
[  295.711864][ T7046] binder: 7044:7046 ioctl 4018620d 200000000040 returned -16
[  295.736735][ T7046] binder: 7044:7046 ioctl c0306201 200000000240 returned -11
[  298.677257][ T7109] binder: BINDER_SET_CONTEXT_MGR already set
[  298.687211][ T7109] binder: 7102:7109 ioctl 4018620d 200000000100 returned -16
[  299.534536][ T7105] binder: BINDER_SET_CONTEXT_MGR already set
[  299.547129][ T7105] binder: 7102:7105 ioctl 4018620d 200000004a80 returned -16
[  300.759258][ T7169] binder: BINDER_SET_CONTEXT_MGR already set
[  301.432542][ T7172] netlink: 96 bytes leftover after parsing attributes in process `syz.2.674'.
[  301.514412][ T7169] binder: 7163:7169 ioctl 4018620d 200000000040 returned -16
[  301.808426][ T7187] netlink: 12 bytes leftover after parsing attributes in process `syz.6.684'.
[  303.163422][ T7234] device syzkaller0 entered promiscuous mode
[  303.379183][ T7241] binder: BINDER_SET_CONTEXT_MGR already set
[  303.387058][ T7241] binder: 7239:7241 ioctl 4018620d 2000000000c0 returned -16
[  303.418861][ T7241] binder: BINDER_SET_CONTEXT_MGR already set
[  303.437272][ T7241] binder: 7239:7241 ioctl 4018620d 200000000040 returned -16
[  303.457246][ T7241] binder: 7239:7241 ioctl c0306201 200000000240 returned -11
[  307.538482][ T7320] binder: BINDER_SET_CONTEXT_MGR already set
[  307.546782][ T7320] binder: 7303:7320 ioctl 4018620d 200000000100 returned -16
[  308.420746][ T7346] netlink: 'syz.0.722': attribute type 8 has an invalid length.
[  308.428445][ T7346] netlink: 8 bytes leftover after parsing attributes in process `syz.0.722'.
[  308.443674][ T7305] binder: BINDER_SET_CONTEXT_MGR already set
[  308.453177][ T7305] binder: 7303:7305 ioctl 4018620d 200000004a80 returned -16
[  308.821863][ T7357] binder: BINDER_SET_CONTEXT_MGR already set
[  308.850100][ T7357] binder: 7356:7357 ioctl 4018620d 200000000100 returned -16
[  308.902071][ T7357] binder: BINDER_SET_CONTEXT_MGR already set
[  308.928494][ T7357] binder: 7356:7357 ioctl 4018620d 2000000002c0 returned -16
[  309.577161][ T7373] netlink: 'syz.1.728': attribute type 1 has an invalid length.
[  309.612291][ T7373] 8021q: adding VLAN 0 to HW filter on device bond1
[  309.741073][ T7373] bond1 (unregistering): Released all slaves
[  311.366547][ T7402] binder: BINDER_SET_CONTEXT_MGR already set
[  311.379157][ T7402] binder: 7383:7402 ioctl 4018620d 200000000100 returned -16
[  312.462673][ T7425] netlink: 96 bytes leftover after parsing attributes in process `syz.2.744'.
[  312.618485][ T7385] binder: BINDER_SET_CONTEXT_MGR already set
[  312.626004][ T7385] binder: 7383:7385 ioctl 4018620d 200000004a80 returned -16
[  312.777074][ T7432] netlink: 'syz.6.747': attribute type 1 has an invalid length.
[  312.839999][ T7432] 8021q: adding VLAN 0 to HW filter on device bond1
[  312.905970][ T7434] bond1 (unregistering): Released all slaves
[  313.042769][ T7437] netlink: 'syz.0.748': attribute type 1 has an invalid length.
[  313.124449][ T7437] 8021q: adding VLAN 0 to HW filter on device bond1
[  313.217449][ T7442] bond1 (unregistering): Released all slaves
[  313.264700][ T7441] loop1: detected capacity change from 0 to 1024
[  313.315415][ T7441] EXT4-fs (loop1): inline encryption not supported
[  313.352019][ T7441] EXT4-fs (loop1): Mount option "noacl" will be removed by 3.5
[  313.352019][ T7441] Contact linux-ext4@vger.kernel.org if you think we should keep it.
[  313.352019][ T7441] 
[  313.461185][ T7441] EXT4-fs (loop1): Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE
[  313.486907][ T7446] netlink: 'syz.0.751': attribute type 1 has an invalid length.
[  313.505105][ T7441] EXT4-fs (loop1): bad geometry: bigalloc file system with non-zero first_data_block
[  313.505105][ T7441] 
[  313.577519][ T7446] 8021q: adding VLAN 0 to HW filter on device bond1
[  313.652597][ T7452] bond1 (unregistering): Released all slaves
[  313.788260][ T7441] loop1: detected capacity change from 0 to 4096
[  313.830184][ T7441] EXT4-fs (loop1): Ignoring removed bh option
[  313.895134][ T7441] [EXT4 FS bs=4096, gc=1, bpg=524288, ipg=32, mo=a842c018, mo2=0003]
[  313.980640][ T7441] System zones: 0-5
[  314.061314][ T7441] EXT4-fs (loop1): mounted filesystem without journal. Opts: debug,dioread_nolock,block_validity,errors=continue,grpjquota=,bh,delalloc,noquota,,errors=continue. Quota mode: writeback.
[  314.216922][ T7467] netlink: 'syz.3.756': attribute type 1 has an invalid length.
[  314.741143][ T7467] 8021q: adding VLAN 0 to HW filter on device bond1
[  315.571007][ T7502] binder: BINDER_SET_CONTEXT_MGR already set
[  315.578445][ T7502] binder: 7485:7502 ioctl 4018620d 200000000100 returned -16
[  316.133247][ T7510] netlink: 96 bytes leftover after parsing attributes in process `syz.0.769'.
[  316.251849][ T7487] binder: BINDER_SET_CONTEXT_MGR already set
[  316.257997][ T7487] binder: 7485:7487 ioctl 4018620d 200000004a80 returned -16
[  316.293516][ T7513] loop0: detected capacity change from 0 to 1024
[  316.333504][ T7515] netlink: 12 bytes leftover after parsing attributes in process `syz.6.771'.
[  316.442149][ T7513] EXT4-fs (loop0): inline encryption not supported
[  316.498251][ T7513] EXT4-fs (loop0): Mount option "noacl" will be removed by 3.5
[  316.498251][ T7513] Contact linux-ext4@vger.kernel.org if you think we should keep it.
[  316.498251][ T7513] 
[  316.626690][ T7513] EXT4-fs (loop0): Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE
[  316.807404][ T7513] EXT4-fs (loop0): bad geometry: bigalloc file system with non-zero first_data_block
[  316.807404][ T7513] 
[  317.831926][ T7513] loop0: detected capacity change from 0 to 4096
[  317.950359][ T7513] EXT4-fs (loop0): Ignoring removed bh option
[  318.041064][ T7513] [EXT4 FS bs=4096, gc=1, bpg=524288, ipg=32, mo=a842c018, mo2=0003]
[  318.108563][ T7513] System zones: 0-5
[  318.220797][ T7513] EXT4-fs (loop0): mounted filesystem without journal. Opts: debug,dioread_nolock,block_validity,errors=continue,grpjquota=,bh,delalloc,noquota,,errors=continue. Quota mode: writeback.
[  318.669926][ T7537] binder: BINDER_SET_CONTEXT_MGR already set
[  318.675959][ T7537] binder: 7528:7537 ioctl 4018620d 200000000100 returned -16
[  318.806146][ T7545] netlink: 96 bytes leftover after parsing attributes in process `syz.1.780'.
[  321.083477][ T7576] netlink: 96 bytes leftover after parsing attributes in process `syz.6.786'.
[  322.123878][ T7579] netlink: 96 bytes leftover after parsing attributes in process `syz.1.788'.
[  322.155552][ T1431] ieee802154 phy0 wpan0: encryption failed: -22
[  322.162076][ T1431] ieee802154 phy1 wpan1: encryption failed: -22
[  322.479939][ T7585] loop3: detected capacity change from 0 to 1024
[  323.447415][ T7585] EXT4-fs (loop3): couldn't mount as ext2 due to feature incompatibilities
[  323.736513][ T7605] netlink: 'syz.3.791': attribute type 4 has an invalid length.
[  324.773263][ T7617] binder: BINDER_SET_CONTEXT_MGR already set
[  324.809169][ T7617] binder: 7616:7617 ioctl 4018620d 2000000000c0 returned -16
[  324.849531][ T7618] binder: BINDER_SET_CONTEXT_MGR already set
[  324.941958][ T7618] binder: 7616:7618 ioctl 4018620d 200000000040 returned -16
[  325.549363][ T7634] binder: BINDER_SET_CONTEXT_MGR already set
[  325.576732][ T7634] binder: 7633:7634 ioctl 4018620d 2000000000c0 returned -16
[  325.614298][ T7635] binder: BINDER_SET_CONTEXT_MGR already set
[  325.673975][ T7635] binder: 7633:7635 ioctl 4018620d 200000000040 returned -16
[  326.942522][ T7645] netlink: 96 bytes leftover after parsing attributes in process `syz.6.787'.
[  328.423165][ T7655] loop3: detected capacity change from 0 to 1024
[  328.517152][ T7655] EXT4-fs (loop3): couldn't mount as ext2 due to feature incompatibilities
[  328.736002][ T7655] netlink: 'syz.3.808': attribute type 4 has an invalid length.
[  331.299041][ T7690] create_pit_timer: 16 callbacks suppressed
[  331.389349][ T7690] pit: kvm: requested 1676 ns i8254 timer period limited to 200000 ns
[  331.465099][ T7699] pit: kvm: requested 838 ns i8254 timer period limited to 200000 ns
[  331.525923][ T7699] pit: kvm: requested 100571 ns i8254 timer period limited to 200000 ns
[  331.572456][ T7701] netlink: 96 bytes leftover after parsing attributes in process `syz.1.819'.
[  331.619006][ T7699] pit: kvm: requested 160914 ns i8254 timer period limited to 200000 ns
[  331.829361][ T7699] pit: kvm: requested 164266 ns i8254 timer period limited to 200000 ns
[  331.838374][ T7699] pit: kvm: requested 15085 ns i8254 timer period limited to 200000 ns
[  331.889362][ T5623] usb 7-1: new full-speed USB device number 2 using dummy_hcd
[  333.471720][ T7699] pit: kvm: requested 3352 ns i8254 timer period limited to 200000 ns
[  333.480543][ T7699] pit: kvm: requested 7542 ns i8254 timer period limited to 200000 ns
[  333.500612][ T7699] pit: kvm: requested 7542 ns i8254 timer period limited to 200000 ns
[  333.509368][ T7699] pit: kvm: requested 838 ns i8254 timer period limited to 200000 ns
[  333.819263][ T5623] usb 7-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  333.891023][ T5623] usb 7-1: config 1 has 1 interface, different from the descriptor's value: 3
[  334.090221][ T5623] usb 7-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[  334.749107][ T5623] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  334.900508][ T5623] usb 7-1: Product: syz
[  334.909651][ T5623] usb 7-1: Manufacturer: syz
[  334.915204][ T5623] usb 7-1: SerialNumber: syz
[  335.779326][ T5623] usb 7-1: can't set config #1, error -71
[  335.789520][ T7734] netlink: 'syz.2.827': attribute type 1 has an invalid length.
[  335.827409][ T5623] usb 7-1: USB disconnect, device number 2
[  335.925838][ T7734] 8021q: adding VLAN 0 to HW filter on device bond1
[  336.618322][ T7737] bond1 (unregistering): Released all slaves
[  336.759805][ T7744] tipc: Started in network mode
[  336.764948][ T7744] tipc: Node identity 52ecf5db4883, cluster identity 4711
[  336.792747][ T7744] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  337.117889][ T7744] tipc: Disabling bearer <eth:syzkaller0>
[  337.734269][ T7782] netlink: 'syz.6.836': attribute type 1 has an invalid length.
[  337.889936][ T7782] 8021q: adding VLAN 0 to HW filter on device bond1
[  337.953494][ T7785] bond1 (unregistering): Released all slaves
[  340.693733][ T7783] netlink: 96 bytes leftover after parsing attributes in process `syz.1.837'.
[  342.787941][ T7816] binder: BINDER_SET_CONTEXT_MGR already set
[  342.805105][ T7816] binder: 7815:7816 ioctl 4018620d 200000004a80 returned -16
[  344.083671][ T7846] tipc: Enabling of bearer <eth:syzkaller0> rejected, failed to enable media
[  344.581079][ T7863] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  344.654562][ T7865] device syzkaller0 entered promiscuous mode
[  344.729981][ T7863] tipc: Resetting bearer <eth:syzkaller0>
[  344.778439][ T7862] tipc: Resetting bearer <eth:syzkaller0>
[  344.810301][ T7862] tipc: Disabling bearer <eth:syzkaller0>
[  346.042240][ T7889] device syzkaller0 entered promiscuous mode
[  346.513241][ T7898] netlink: 12 bytes leftover after parsing attributes in process `syz.3.868'.
[  348.637165][ T7929] binder: BINDER_SET_CONTEXT_MGR already set
[  348.643492][ T7929] binder: 7928:7929 ioctl 4018620d 200000000100 returned -16
[  348.654135][ T7929] binder: BINDER_SET_CONTEXT_MGR already set
[  348.661160][ T7929] binder: 7928:7929 ioctl 4018620d 200000004a80 returned -16
[  348.948581][ T7926] binder: BINDER_SET_CONTEXT_MGR already set
[  348.977924][ T7926] binder: 7924:7926 ioctl 4018620d 200000004a80 returned -16
[  349.937208][ T7956] netlink: 96 bytes leftover after parsing attributes in process `syz.1.885'.
[  354.543111][ T8014] create_pit_timer: 21 callbacks suppressed
[  354.543127][ T8014] pit: kvm: requested 1676 ns i8254 timer period limited to 200000 ns
[  354.619545][ T8014] pit: kvm: requested 838 ns i8254 timer period limited to 200000 ns
[  354.658691][ T8014] pit: kvm: requested 100571 ns i8254 timer period limited to 200000 ns
[  354.702178][ T8014] pit: kvm: requested 160914 ns i8254 timer period limited to 200000 ns
[  354.727667][ T8014] pit: kvm: requested 164266 ns i8254 timer period limited to 200000 ns
[  354.755968][ T8014] pit: kvm: requested 15085 ns i8254 timer period limited to 200000 ns
[  354.803714][ T8014] pit: kvm: requested 3352 ns i8254 timer period limited to 200000 ns
[  354.847384][ T8014] pit: kvm: requested 7542 ns i8254 timer period limited to 200000 ns
[  354.886419][ T8014] pit: kvm: requested 7542 ns i8254 timer period limited to 200000 ns
[  354.916776][ T8014] pit: kvm: requested 838 ns i8254 timer period limited to 200000 ns
[  354.999145][   T13] usb 7-1: new full-speed USB device number 3 using dummy_hcd
[  355.411517][   T13] usb 7-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  355.437620][   T13] usb 7-1: config 1 has 1 interface, different from the descriptor's value: 3
[  355.669941][   T13] usb 7-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[  355.688880][   T13] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  355.727867][   T13] usb 7-1: Product: syz
[  355.738417][   T13] usb 7-1: Manufacturer: syz
[  355.755580][   T13] usb 7-1: SerialNumber: syz
[  356.728696][ T8048] netlink: 96 bytes leftover after parsing attributes in process `syz.1.914'.
[  357.679711][   T13] usb 7-1: 0:2 : does not exist
[  357.684690][   T13] usb 7-1: unit 9 not found!
[  357.795639][   T13] usb 7-1: USB disconnect, device number 3
[  357.811367][ T8064] device syzkaller0 entered promiscuous mode
[  358.479229][   T13] usb 7-1: new full-speed USB device number 4 using dummy_hcd
[  358.879466][   T13] usb 7-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  358.919700][   T13] usb 7-1: config 1 has 1 interface, different from the descriptor's value: 3
[  359.109458][   T13] usb 7-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[  359.127464][   T13] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  359.151395][   T13] usb 7-1: Product: syz
[  359.165781][   T13] usb 7-1: Manufacturer: syz
[  359.178337][   T13] usb 7-1: SerialNumber: syz
[  359.709583][   T13] usb 7-1: 0:2 : does not exist
[  359.730038][   T13] usb 7-1: unit 9 not found!
[  359.808165][   T13] usb 7-1: USB disconnect, device number 4
[  360.648259][ T8105] netlink: 96 bytes leftover after parsing attributes in process `syz.2.931'.
[  360.801672][ T4727] udevd[4727]: error opening ATTR{/sys/devices/platform/dummy_hcd.6/usb7/7-1/7-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  361.040787][ T8115] device syzkaller0 entered promiscuous mode
[  361.474267][ T8124] create_pit_timer: 48 callbacks suppressed
[  361.474283][ T8124] pit: kvm: requested 1676 ns i8254 timer period limited to 200000 ns
[  361.522620][ T8124] pit: kvm: requested 838 ns i8254 timer period limited to 200000 ns
[  361.573744][ T8124] pit: kvm: requested 100571 ns i8254 timer period limited to 200000 ns
[  361.621857][ T8124] pit: kvm: requested 160914 ns i8254 timer period limited to 200000 ns
[  361.641988][ T8124] pit: kvm: requested 164266 ns i8254 timer period limited to 200000 ns
[  361.673219][ T8124] pit: kvm: requested 15085 ns i8254 timer period limited to 200000 ns
[  361.698666][ T8124] pit: kvm: requested 3352 ns i8254 timer period limited to 200000 ns
[  361.726652][ T8124] pit: kvm: requested 7542 ns i8254 timer period limited to 200000 ns
[  361.745040][ T8124] pit: kvm: requested 7542 ns i8254 timer period limited to 200000 ns
[  361.779926][ T8124] pit: kvm: requested 838 ns i8254 timer period limited to 200000 ns
[  361.919207][    T7] usb 2-1: new full-speed USB device number 5 using dummy_hcd
[  362.017322][ T8135] device syzkaller0 entered promiscuous mode
[  362.379389][    T7] usb 2-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  362.409097][    T7] usb 2-1: config 1 has 1 interface, different from the descriptor's value: 3
[  363.109620][ T8153] netlink: 188 bytes leftover after parsing attributes in process `syz.0.944'.
[  363.919363][    T7] usb 2-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[  363.938743][    T7] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  363.950134][    T7] usb 2-1: Product: syz
[  363.957662][    T7] usb 2-1: Manufacturer: syz
[  363.981971][    T7] usb 2-1: SerialNumber: syz
[  364.313131][ T4236] usb 4-1: new full-speed USB device number 4 using dummy_hcd
[  364.469577][    T7] usb 2-1: 0:2 : does not exist
[  364.474554][    T7] usb 2-1: unit 9 not found!
[  364.502940][    T7] usb 2-1: USB disconnect, device number 5
[  364.706022][ T4236] usb 4-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  364.745536][ T4236] usb 4-1: config 1 has 1 interface, different from the descriptor's value: 3
[  364.783795][ T4727] udevd[4727]: error opening ATTR{/sys/devices/platform/dummy_hcd.1/usb2/2-1/2-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  364.939543][ T4236] usb 4-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[  364.953837][ T4236] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  364.995781][ T4236] usb 4-1: Product: syz
[  365.020872][ T4236] usb 4-1: Manufacturer: syz
[  365.129972][ T4236] usb 4-1: SerialNumber: syz
[  365.629577][ T4236] usb 4-1: 0:2 : does not exist
[  365.634651][ T4236] usb 4-1: unit 9 not found!
[  365.685920][ T4236] usb 4-1: USB disconnect, device number 4
[  366.728187][ T4727] udevd[4727]: error opening ATTR{/sys/devices/platform/dummy_hcd.3/usb4/4-1/4-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  367.136707][ T8208] create_pit_timer: 48 callbacks suppressed
[  367.136802][ T8208] pit: kvm: requested 1676 ns i8254 timer period limited to 200000 ns
[  367.222090][ T8208] pit: kvm: requested 838 ns i8254 timer period limited to 200000 ns
[  367.277256][ T8208] pit: kvm: requested 100571 ns i8254 timer period limited to 200000 ns
[  367.310706][ T8208] pit: kvm: requested 160914 ns i8254 timer period limited to 200000 ns
[  367.330854][ T8208] pit: kvm: requested 164266 ns i8254 timer period limited to 200000 ns
[  367.350392][ T8208] pit: kvm: requested 15085 ns i8254 timer period limited to 200000 ns
[  367.384401][ T8208] pit: kvm: requested 3352 ns i8254 timer period limited to 200000 ns
[  367.420332][ T8208] pit: kvm: requested 7542 ns i8254 timer period limited to 200000 ns
[  367.477411][ T8208] pit: kvm: requested 7542 ns i8254 timer period limited to 200000 ns
[  367.506687][ T8208] pit: kvm: requested 838 ns i8254 timer period limited to 200000 ns
[  367.549275][ T4236] usb 4-1: new full-speed USB device number 5 using dummy_hcd
[  367.919400][ T4236] usb 4-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  367.939024][ T4236] usb 4-1: config 1 has 1 interface, different from the descriptor's value: 3
[  368.139434][ T4236] usb 4-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[  368.163118][ T4236] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  368.194852][ T4236] usb 4-1: Product: syz
[  368.209213][ T4236] usb 4-1: Manufacturer: syz
[  368.223915][ T4236] usb 4-1: SerialNumber: syz
[  368.769389][ T4236] usb 4-1: 0:2 : does not exist
[  368.774633][ T4236] usb 4-1: unit 9 not found!
[  368.878798][ T4236] usb 4-1: USB disconnect, device number 5
[  368.947711][ T4727] udevd[4727]: error opening ATTR{/sys/devices/platform/dummy_hcd.3/usb4/4-1/4-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  369.239215][ T4266] usb 7-1: new full-speed USB device number 5 using dummy_hcd
[  369.599415][ T4266] usb 7-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  369.621003][ T4266] usb 7-1: config 1 has 1 interface, different from the descriptor's value: 3
[  369.799396][ T4266] usb 7-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[  369.818963][ T4266] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  369.859450][ T4266] usb 7-1: Product: syz
[  369.884173][ T4266] usb 7-1: Manufacturer: syz
[  369.888829][ T4266] usb 7-1: SerialNumber: syz
[  370.684329][ T8252] netlink: 96 bytes leftover after parsing attributes in process `syz.3.968'.
[  371.149570][ T4266] usb 7-1: 0:2 : does not exist
[  371.157381][ T4266] usb 7-1: unit 9 not found!
[  371.213645][ T4266] usb 7-1: USB disconnect, device number 5
[  371.389197][ T4234] usb 1-1: new full-speed USB device number 3 using dummy_hcd
[  371.484841][ T4727] udevd[4727]: error opening ATTR{/sys/devices/platform/dummy_hcd.6/usb7/7-1/7-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  371.759324][ T4234] usb 1-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  371.805935][ T4234] usb 1-1: config 1 has 1 interface, different from the descriptor's value: 3
[  371.999565][ T4234] usb 1-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[  372.008844][ T4234] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  372.048434][ T4234] usb 1-1: Product: syz
[  372.068755][ T4234] usb 1-1: Manufacturer: syz
[  372.078913][ T4234] usb 1-1: SerialNumber: syz
[  372.314447][ T8281] create_pit_timer: 74 callbacks suppressed
[  372.314464][ T8281] pit: kvm: requested 1676 ns i8254 timer period limited to 200000 ns
[  372.350598][ T8281] pit: kvm: requested 838 ns i8254 timer period limited to 200000 ns
[  373.081489][ T8285] netlink: 96 bytes leftover after parsing attributes in process `syz.2.977'.
[  373.192974][ T8281] pit: kvm: requested 100571 ns i8254 timer period limited to 200000 ns
[  373.243293][ T8281] pit: kvm: requested 160914 ns i8254 timer period limited to 200000 ns
[  373.282723][ T8281] pit: kvm: requested 164266 ns i8254 timer period limited to 200000 ns
[  373.315154][ T8281] pit: kvm: requested 15085 ns i8254 timer period limited to 200000 ns
[  373.354530][ T8281] pit: kvm: requested 3352 ns i8254 timer period limited to 200000 ns
[  373.386705][ T8281] pit: kvm: requested 7542 ns i8254 timer period limited to 200000 ns
[  373.395556][ T4234] usb 1-1: 0:2 : does not exist
[  373.401202][ T4234] usb 1-1: unit 9 not found!
[  373.426456][ T8281] pit: kvm: requested 7542 ns i8254 timer period limited to 200000 ns
[  373.449228][   T13] usb 4-1: new full-speed USB device number 6 using dummy_hcd
[  373.465316][ T4234] usb 1-1: USB disconnect, device number 3
[  373.489911][ T8281] pit: kvm: requested 838 ns i8254 timer period limited to 200000 ns
[  373.522194][ T4727] udevd[4727]: error opening ATTR{/sys/devices/platform/dummy_hcd.0/usb1/1-1/1-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  373.909405][   T13] usb 4-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  373.925224][   T13] usb 4-1: config 1 has 1 interface, different from the descriptor's value: 3
[  374.750406][ T8308] netlink: 96 bytes leftover after parsing attributes in process `syz.1.983'.
[  374.850248][   T13] usb 4-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[  374.869363][   T13] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  374.877397][   T13] usb 4-1: Product: syz
[  374.929156][   T13] usb 4-1: Manufacturer: syz
[  374.939552][   T13] usb 4-1: SerialNumber: syz
[  374.945318][ T8319] netlink: 20 bytes leftover after parsing attributes in process `syz.0.986'.
[  375.105178][ T8321] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  375.133805][ T8321] device syzkaller0 entered promiscuous mode
[  375.194602][ T8321] tipc: Resetting bearer <eth:syzkaller0>
[  375.239690][ T8320] tipc: Resetting bearer <eth:syzkaller0>
[  375.276654][ T8320] tipc: Disabling bearer <eth:syzkaller0>
[  375.349245][   T13] usb 4-1: 0:2 : does not exist
[  375.356330][   T13] usb 4-1: unit 9 not found!
[  375.449513][   T13] usb 4-1: USB disconnect, device number 6
[  375.549600][ T4727] udevd[4727]: error opening ATTR{/sys/devices/platform/dummy_hcd.3/usb4/4-1/4-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  376.510413][ T8332] netlink: 96 bytes leftover after parsing attributes in process `syz.2.978'.
[  377.460845][ T8351] loop6: detected capacity change from 0 to 512
[  377.514533][ T8351] EXT4-fs (loop6): encrypted files will use data=ordered instead of data journaling mode
[  377.565964][ T8351] EXT4-fs (loop6): 1 truncate cleaned up
[  377.574081][ T8351] EXT4-fs (loop6): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none.
[  378.328786][ T8362] tipc: Started in network mode
[  378.334011][ T8362] tipc: Node identity f68bed074422, cluster identity 4711
[  378.369303][ T8362] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  378.409446][ T8362] device syzkaller0 entered promiscuous mode
[  378.446749][ T8362] tipc: Resetting bearer <eth:syzkaller0>
[  378.482008][ T8361] tipc: Resetting bearer <eth:syzkaller0>
[  378.533256][ T8361] tipc: Disabling bearer <eth:syzkaller0>
[  378.695171][ T8371] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1003'.
[  379.729227][ T8371] 8021q: adding VLAN 0 to HW filter on device bond1
[  382.335490][ T8409] netlink: 96 bytes leftover after parsing attributes in process `syz.0.1011'.
[  383.593401][ T1431] ieee802154 phy0 wpan0: encryption failed: -22
[  383.599803][ T1431] ieee802154 phy1 wpan1: encryption failed: -22
[  383.898426][ T8429] netdevsim netdevsim3: loading /lib/firmware/. failed with error -22
[  383.935015][ T8429] netdevsim netdevsim3: Direct firmware load for . failed with error -22
[  383.943743][ T8429] netdevsim netdevsim3: Falling back to sysfs fallback for: .
[  385.271347][ T8436] netlink: 96 bytes leftover after parsing attributes in process `syz.6.1019'.
[  386.262322][ T8429] syz.3.1016 (8429) used greatest stack depth: 20432 bytes left
[  388.397063][ T8464] Error parsing options; rc = [-22]
[  389.491524][ T8468] netlink: 96 bytes leftover after parsing attributes in process `syz.3.1028'.
[  390.167918][ T8476] netdevsim netdevsim1: loading /lib/firmware/. failed with error -22
[  390.176405][ T8476] netdevsim netdevsim1: Direct firmware load for . failed with error -22
[  390.184985][ T8476] netdevsim netdevsim1: Falling back to sysfs fallback for: .
[  392.540095][ T8495] tipc: Enabling of bearer <eth:syzkaller0> rejected, failed to enable media
[  395.576782][ T8518] netlink: 96 bytes leftover after parsing attributes in process `syz.6.1043'.
[  399.360290][ T8564] netlink: 96 bytes leftover after parsing attributes in process `syz.1.1054'.
[  401.083724][ T8598] netlink: 12 bytes leftover after parsing attributes in process `syz.6.1064'.
[  401.598272][ T8598] 8021q: adding VLAN 0 to HW filter on device bond1
[  401.946478][ T8598] bond1 (unregistering): Released all slaves
[  404.223823][ T8615] netlink: 96 bytes leftover after parsing attributes in process `syz.3.1069'.
[  404.460793][ T8633] netdevsim netdevsim2: loading /lib/firmware/. failed with error -22
[  404.469005][ T8633] netdevsim netdevsim2: Direct firmware load for . failed with error -22
[  404.477485][ T8633] netdevsim netdevsim2: Falling back to sysfs fallback for: .
[  406.589371][ T4236] usb 2-1: new full-speed USB device number 6 using dummy_hcd
[  406.989287][ T4236] usb 2-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  407.050515][ T4236] usb 2-1: config 1 has 1 interface, different from the descriptor's value: 3
[  407.239439][ T4236] usb 2-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[  407.262276][ T4236] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  407.327376][ T4236] usb 2-1: Product: syz
[  407.356203][ T4236] usb 2-1: Manufacturer: syz
[  407.379983][ T4236] usb 2-1: SerialNumber: syz
[  408.112841][ T8668] netlink: 96 bytes leftover after parsing attributes in process `syz.6.1083'.
[  408.149285][ T4236] usb 2-1: 0:2 : does not exist
[  408.154256][ T4236] usb 2-1: unit 9 not found!
[  408.291872][ T4236] usb 2-1: USB disconnect, device number 6
[  408.493566][ T4727] udevd[4727]: error opening ATTR{/sys/devices/platform/dummy_hcd.1/usb2/2-1/2-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  410.794593][ T8714] netlink: 96 bytes leftover after parsing attributes in process `syz.2.1097'.
[  413.926550][ T8738] netdevsim netdevsim6: loading /lib/firmware/. failed with error -22
[  413.935008][ T8738] netdevsim netdevsim6: Direct firmware load for . failed with error -22
[  413.943641][ T8738] netdevsim netdevsim6: Falling back to sysfs fallback for: .
[  416.304761][ T8757] netlink: 96 bytes leftover after parsing attributes in process `syz.1.1109'.
[  416.839289][ T5623] usb 1-1: new full-speed USB device number 4 using dummy_hcd
[  417.173776][ T8776] netdevsim netdevsim2: loading /lib/firmware/. failed with error -22
[  417.182074][ T8776] netdevsim netdevsim2: Direct firmware load for . failed with error -22
[  417.190583][ T8776] netdevsim netdevsim2: Falling back to sysfs fallback for: .
[  417.229407][ T5623] usb 1-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  417.249721][ T5623] usb 1-1: config 1 has 1 interface, different from the descriptor's value: 3
[  417.439155][ T5623] usb 1-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[  417.456733][ T5623] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  417.495483][ T5623] usb 1-1: Product: syz
[  417.499950][ T5623] usb 1-1: Manufacturer: syz
[  417.504675][ T5623] usb 1-1: SerialNumber: syz
[  417.979318][ T5623] usb 1-1: 0:2 : does not exist
[  417.984505][ T5623] usb 1-1: unit 9 not found!
[  418.012650][ T5623] usb 1-1: USB disconnect, device number 4
[  418.435448][ T8798] netlink: 96 bytes leftover after parsing attributes in process `syz.2.1121'.
[  419.354175][ T8808] device syzkaller0 entered promiscuous mode
[  420.007862][ T8815] Error parsing options; rc = [-22]
[  421.976692][ T8824] Error parsing options; rc = [-22]
[  425.073303][ T8858] netlink: 68 bytes leftover after parsing attributes in process `syz.1.1140'.
[  425.199915][ T8861] input: syz1 as /devices/virtual/input/input6
[  425.957804][ T8890] create_pit_timer: 21 callbacks suppressed
[  425.957817][ T8890] pit: kvm: requested 1676 ns i8254 timer period limited to 200000 ns
[  426.026649][ T8890] pit: kvm: requested 838 ns i8254 timer period limited to 200000 ns
[  426.045890][ T8890] pit: kvm: requested 100571 ns i8254 timer period limited to 200000 ns
[  426.086438][ T8890] pit: kvm: requested 160914 ns i8254 timer period limited to 200000 ns
[  426.110523][ T8897] pit: kvm: requested 1676 ns i8254 timer period limited to 200000 ns
[  426.126460][ T8890] pit: kvm: requested 87161 ns i8254 timer period limited to 200000 ns
[  426.157337][ T8897] pit: kvm: requested 838 ns i8254 timer period limited to 200000 ns
[  426.166317][ T8890] pit: kvm: requested 15085 ns i8254 timer period limited to 200000 ns
[  426.175807][ T8897] pit: kvm: requested 100571 ns i8254 timer period limited to 200000 ns
[  426.189481][ T8890] pit: kvm: requested 3352 ns i8254 timer period limited to 200000 ns
[  426.839621][ T8904] netlink: 96 bytes leftover after parsing attributes in process `syz.6.1152'.
[  427.839137][ T4234] usb 2-1: new full-speed USB device number 7 using dummy_hcd
[  428.623336][ T8908] netlink: 96 bytes leftover after parsing attributes in process `syz.2.1155'.
[  428.702572][ T8906] device syzkaller0 entered promiscuous mode
[  428.726826][ T8906] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  428.749113][ T4354] usb 1-1: new full-speed USB device number 5 using dummy_hcd
[  428.758505][ T8903] tipc: Resetting bearer <eth:syzkaller0>
[  428.809914][ T8903] tipc: Disabling bearer <eth:syzkaller0>
[  428.881311][ T4234] usb 2-1: device descriptor read/all, error -71
[  429.189515][ T4354] usb 1-1: device not accepting address 5, error -71
[  429.889563][ T8921] loop0: detected capacity change from 0 to 1024
[  429.987310][ T8921] EXT4-fs (loop0): inline encryption not supported
[  430.020636][ T8921] EXT4-fs (loop0): Mount option "noacl" will be removed by 3.5
[  430.020636][ T8921] Contact linux-ext4@vger.kernel.org if you think we should keep it.
[  430.020636][ T8921] 
[  430.189647][ T8921] EXT4-fs (loop0): Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE
[  430.242751][ T8921] EXT4-fs (loop0): bad geometry: bigalloc file system with non-zero first_data_block
[  430.242751][ T8921] 
[  430.462134][ T8921] loop0: detected capacity change from 0 to 4096
[  430.506787][ T8921] EXT4-fs (loop0): Ignoring removed bh option
[  430.538945][ T8921] [EXT4 FS bs=4096, gc=1, bpg=524288, ipg=32, mo=a842c018, mo2=0003]
[  430.587354][ T8921] System zones: 0-5
[  430.642545][ T8921] EXT4-fs (loop0): mounted filesystem without journal. Opts: debug,dioread_nolock,block_validity,errors=continue,grpjquota=,bh,delalloc,noquota,,errors=continue. Quota mode: writeback.
[  431.772187][ T8942] netlink: 96 bytes leftover after parsing attributes in process `syz.3.1162'.
[  432.527083][ T8948] netdevsim netdevsim2: loading /lib/firmware/. failed with error -22
[  432.535699][ T8948] netdevsim netdevsim2: Direct firmware load for . failed with error -22
[  432.544173][ T8948] netdevsim netdevsim2: Falling back to sysfs fallback for: .
[  434.267276][ T8962] netlink: 96 bytes leftover after parsing attributes in process `syz.1.1168'.
[  436.646285][ T8973] netdevsim netdevsim0: loading /lib/firmware/. failed with error -22
[  436.654646][ T8973] netdevsim netdevsim0: Direct firmware load for . failed with error -22
[  436.663260][ T8973] netdevsim netdevsim0: Falling back to sysfs fallback for: .
[  437.628996][ T8982] netlink: 96 bytes leftover after parsing attributes in process `syz.6.1175'.
[  439.362550][ T8999] Zero length message leads to an empty skb
[  439.563817][ T9009] tipc: Enabling of bearer <eth:syzkaller0> rejected, failed to enable media
[  439.804802][ T9017] device syzkaller0 entered promiscuous mode
[  440.387651][ T9041] netdevsim netdevsim1: loading /lib/firmware/. failed with error -22
[  440.396431][ T9041] netdevsim netdevsim1: Direct firmware load for . failed with error -22
[  440.405249][ T9041] netdevsim netdevsim1: Falling back to sysfs fallback for: .
[  441.976407][ T9052] Error parsing options; rc = [-22]
[  442.924439][ T9054] netdevsim netdevsim6: loading /lib/firmware/. failed with error -22
[  442.932806][ T9054] netdevsim netdevsim6: Direct firmware load for . failed with error -22
[  442.941663][ T9054] netdevsim netdevsim6: Falling back to sysfs fallback for: .
[  445.032304][ T1431] ieee802154 phy0 wpan0: encryption failed: -22
[  445.038875][ T1431] ieee802154 phy1 wpan1: encryption failed: -22
[  446.290191][ T9101] netlink: 96 bytes leftover after parsing attributes in process `syz.6.1209'.
[  447.887167][ T9129] netdevsim netdevsim3: loading /lib/firmware/. failed with error -22
[  447.895578][ T9129] netdevsim netdevsim3: Direct firmware load for . failed with error -22
[  447.904165][ T9129] netdevsim netdevsim3: Falling back to sysfs fallback for: .
[  449.527840][ T9140] Error parsing options; rc = [-22]
[  451.039341][ T9152] netdevsim netdevsim1: loading /lib/firmware/. failed with error -22
[  451.047767][ T9152] netdevsim netdevsim1: Direct firmware load for . failed with error -22
[  451.056359][ T9152] netdevsim netdevsim1: Falling back to sysfs fallback for: .
[  453.040750][ T9164] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  453.148472][ T9161] tipc: Disabling bearer <eth:syzkaller0>
[  454.795219][ T9187] netdevsim netdevsim2: loading /lib/firmware/. failed with error -22
[  454.803504][ T9187] netdevsim netdevsim2: Direct firmware load for . failed with error -22
[  454.811942][ T9187] netdevsim netdevsim2: Falling back to sysfs fallback for: .
[  460.034873][ T9243] netdevsim netdevsim6: loading /lib/firmware/. failed with error -22
[  460.043796][ T9243] netdevsim netdevsim6: Direct firmware load for . failed with error -22
[  460.052507][ T9243] netdevsim netdevsim6: Falling back to sysfs fallback for: .
[  460.638165][ T9267] create_pit_timer: 48 callbacks suppressed
[  460.638178][ T9267] pit: kvm: requested 1676 ns i8254 timer period limited to 200000 ns
[  460.736477][ T9271] pit: kvm: requested 838 ns i8254 timer period limited to 200000 ns
[  460.760455][ T9271] pit: kvm: requested 100571 ns i8254 timer period limited to 200000 ns
[  460.809481][ T9271] pit: kvm: requested 160914 ns i8254 timer period limited to 200000 ns
[  460.857820][ T9271] pit: kvm: requested 87161 ns i8254 timer period limited to 200000 ns
[  460.903334][ T9271] pit: kvm: requested 15085 ns i8254 timer period limited to 200000 ns
[  460.938663][ T9271] pit: kvm: requested 3352 ns i8254 timer period limited to 200000 ns
[  460.969959][ T9271] pit: kvm: requested 7542 ns i8254 timer period limited to 200000 ns
[  461.022190][ T9271] pit: kvm: requested 7542 ns i8254 timer period limited to 200000 ns
[  461.609553][ T9283] netlink: 96 bytes leftover after parsing attributes in process `syz.3.1256'.
[  462.347375][ T5933] usb 2-1: new full-speed USB device number 9 using dummy_hcd
[  462.446842][ T9271] pit: kvm: requested 838 ns i8254 timer period limited to 200000 ns
[  462.709253][ T5933] usb 2-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  462.739159][ T5933] usb 2-1: config 1 has 1 interface, different from the descriptor's value: 3
[  462.783007][ T9295] netdevsim netdevsim2: loading /lib/firmware/. failed with error -22
[  462.791271][ T9295] netdevsim netdevsim2: Direct firmware load for . failed with error -22
[  462.799748][ T9295] netdevsim netdevsim2: Falling back to sysfs fallback for: .
[  463.040731][ T5933] usb 2-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[  463.086438][ T5933] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  463.379805][ T5933] usb 2-1: can't set config #1, error -71
[  463.541630][ T5933] usb 2-1: USB disconnect, device number 9
[  464.197877][ T9303] device syzkaller0 entered promiscuous mode
[  465.703390][ T9318] device syzkaller0 entered promiscuous mode
[  465.734166][ T9318] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  465.755003][ T9317] tipc: Resetting bearer <eth:syzkaller0>
[  465.803414][ T9317] tipc: Disabling bearer <eth:syzkaller0>
[  465.814867][ T9323] loop6: detected capacity change from 0 to 1024
[  465.843630][ T9325] device syzkaller0 entered promiscuous mode
[  465.865883][ T9323] EXT4-fs (loop6): inline encryption not supported
[  465.893668][ T9325] tipc: Started in network mode
[  465.898579][ T9325] tipc: Node identity f2ca639e585e, cluster identity 4711
[  465.906919][ T9323] EXT4-fs (loop6): Mount option "noacl" will be removed by 3.5
[  465.906919][ T9323] Contact linux-ext4@vger.kernel.org if you think we should keep it.
[  465.906919][ T9323] 
[  465.941149][ T9325] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  465.961831][ T9330] netdevsim netdevsim2: loading /lib/firmware/. failed with error -22
[  465.970144][ T9330] netdevsim netdevsim2: Direct firmware load for . failed with error -22
[  465.979125][ T9330] netdevsim netdevsim2: Falling back to sysfs fallback for: .
[  465.992304][ T9323] EXT4-fs (loop6): Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE
[  466.008812][ T9324] tipc: Resetting bearer <eth:syzkaller0>
[  466.032123][ T9324] tipc: Disabling bearer <eth:syzkaller0>
[  466.038532][ T9323] EXT4-fs (loop6): bad geometry: bigalloc file system with non-zero first_data_block
[  466.038532][ T9323] 
[  466.061514][ T9332] device syzkaller0 entered promiscuous mode
[  468.186650][ T9323] loop6: detected capacity change from 0 to 4096
[  468.993442][ T9346] netlink: 96 bytes leftover after parsing attributes in process `syz.2.1278'.
[  469.057043][ T9323] EXT4-fs (loop6): Ignoring removed bh option
[  469.136702][ T9323] EXT4-fs: failed to create workqueue
[  469.151931][ T9323] EXT4-fs (loop6): mount failed
[  469.225421][ T9355] netdevsim netdevsim1: loading /lib/firmware/. failed with error -22
[  469.233839][ T9355] netdevsim netdevsim1: Direct firmware load for . failed with error -22
[  469.242434][ T9355] netdevsim netdevsim1: Falling back to sysfs fallback for: .
[  475.656953][ T9405] netdevsim netdevsim0: loading /lib/firmware/. failed with error -22
[  475.665393][ T9405] netdevsim netdevsim0: Direct firmware load for . failed with error -22
[  475.673951][ T9405] netdevsim netdevsim0: Falling back to sysfs fallback for: .
[  476.844416][ T9412] netdevsim netdevsim6: loading /lib/firmware/. failed with error -22
[  476.852945][ T9412] netdevsim netdevsim6: Direct firmware load for . failed with error -22
[  476.861539][ T9412] netdevsim netdevsim6: Falling back to sysfs fallback for: .
[  477.055196][ T9410] loop3: detected capacity change from 0 to 1024
[  477.909938][ T9410] EXT4-fs (loop3): inline encryption not supported
[  478.219190][ T9410] EXT4-fs (loop3): Mount option "noacl" will be removed by 3.5
[  478.219190][ T9410] Contact linux-ext4@vger.kernel.org if you think we should keep it.
[  478.219190][ T9410] 
[  478.266817][ T9410] EXT4-fs (loop3): Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE
[  478.279521][ T9410] EXT4-fs (loop3): bad geometry: bigalloc file system with non-zero first_data_block
[  478.279521][ T9410] 
[  479.458072][ T9423] Error parsing options; rc = [-22]
[  479.616092][ T9410] loop3: detected capacity change from 0 to 4096
[  480.717865][ T9434] netdevsim netdevsim6: loading /lib/firmware/. failed with error -22
[  480.726747][ T9434] netdevsim netdevsim6: Direct firmware load for . failed with error -22
[  480.735345][ T9434] netdevsim netdevsim6: Falling back to sysfs fallback for: .
[  483.202509][ T9450] netdevsim netdevsim2: loading /lib/firmware/. failed with error -22
[  483.210856][ T9450] netdevsim netdevsim2: Direct firmware load for . failed with error -22
[  483.219348][ T9450] netdevsim netdevsim2: Falling back to sysfs fallback for: .
[  489.155622][ T9491] netdevsim netdevsim6: loading /lib/firmware/. failed with error -22
[  489.163927][ T9491] netdevsim netdevsim6: Direct firmware load for . failed with error -22
[  489.172500][ T9491] netdevsim netdevsim6: Falling back to sysfs fallback for: .
[  491.344572][ T9517] autofs4:pid:9517:autofs_fill_super: called with bogus options
[  492.839644][ T9531] loop3: detected capacity change from 0 to 1024
[  492.915224][ T9531] EXT4-fs (loop3): inline encryption not supported
[  492.925463][ T9531] EXT4-fs (loop3): Mount option "noacl" will be removed by 3.5
[  492.925463][ T9531] Contact linux-ext4@vger.kernel.org if you think we should keep it.
[  492.925463][ T9531] 
[  492.959130][ T9531] EXT4-fs (loop3): Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE
[  492.979862][ T9531] EXT4-fs (loop3): bad geometry: bigalloc file system with non-zero first_data_block
[  492.979862][ T9531] 
[  494.011609][ T9531] loop3: detected capacity change from 0 to 4096
[  494.279380][ T9531] EXT4-fs (loop3): Ignoring removed bh option
[  494.306043][ T9531] [EXT4 FS bs=4096, gc=1, bpg=524288, ipg=32, mo=a842c018, mo2=0003]
[  494.364798][ T9531] System zones: 0-5
[  494.389977][ T9531] EXT4-fs (loop3): mounted filesystem without journal. Opts: debug,dioread_nolock,block_validity,errors=continue,grpjquota=,bh,delalloc,noquota,,errors=continue. Quota mode: writeback.
[  495.992166][ T9583] autofs4:pid:9583:autofs_fill_super: called with bogus options
[  501.272875][ T9610] netlink: 96 bytes leftover after parsing attributes in process `syz.6.1342'.
[  502.205547][ T9615] loop1: detected capacity change from 0 to 1024
[  502.566060][ T9615] EXT4-fs (loop1): inline encryption not supported
[  502.646254][ T9615] EXT4-fs (loop1): Mount option "noacl" will be removed by 3.5
[  502.646254][ T9615] Contact linux-ext4@vger.kernel.org if you think we should keep it.
[  502.646254][ T9615] 
[  502.727289][ T9615] EXT4-fs (loop1): Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE
[  502.901729][ T9615] EXT4-fs (loop1): bad geometry: bigalloc file system with non-zero first_data_block
[  502.901729][ T9615] 
[  505.612228][ T9662] netlink: 96 bytes leftover after parsing attributes in process `syz.0.1354'.
[  506.482682][ T1431] ieee802154 phy0 wpan0: encryption failed: -22
[  506.489068][ T1431] ieee802154 phy1 wpan1: encryption failed: -22
[  508.868478][ T9706] create_pit_timer: 19 callbacks suppressed
[  508.868496][ T9706] pit: kvm: requested 1676 ns i8254 timer period limited to 200000 ns
[  508.963853][ T9706] pit: kvm: requested 838 ns i8254 timer period limited to 200000 ns
[  508.992327][ T9706] pit: kvm: requested 100571 ns i8254 timer period limited to 200000 ns
[  509.026661][ T9706] pit: kvm: requested 160914 ns i8254 timer period limited to 200000 ns
[  509.059259][ T9706] pit: kvm: requested 87161 ns i8254 timer period limited to 200000 ns
[  509.095300][ T9706] pit: kvm: requested 15085 ns i8254 timer period limited to 200000 ns
[  509.119969][ T9706] pit: kvm: requested 3352 ns i8254 timer period limited to 200000 ns
[  509.147161][ T9706] pit: kvm: requested 7542 ns i8254 timer period limited to 200000 ns
[  509.166775][ T9706] pit: kvm: requested 7542 ns i8254 timer period limited to 200000 ns
[  509.195516][ T9706] pit: kvm: requested 838 ns i8254 timer period limited to 200000 ns
[  509.289207][ T4236] usb 2-1: new full-speed USB device number 10 using dummy_hcd
[  511.829357][ T4236] usb 2-1: unable to read config index 0 descriptor/all
[  511.837044][ T4236] usb 2-1: can't read configurations, error -71
[  511.883317][ T9732] netlink: 96 bytes leftover after parsing attributes in process `syz.6.1367'.
[  518.089913][ T9760] loop0: detected capacity change from 0 to 1024
[  518.350399][ T9760] EXT4-fs (loop0): inline encryption not supported
[  518.437302][ T9760] EXT4-fs (loop0): Mount option "noacl" will be removed by 3.5
[  518.437302][ T9760] Contact linux-ext4@vger.kernel.org if you think we should keep it.
[  518.437302][ T9760] 
[  518.681317][ T9760] EXT4-fs (loop0): Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE
[  519.711548][ T9760] EXT4-fs (loop0): bad geometry: bigalloc file system with non-zero first_data_block
[  519.711548][ T9760] 
[  535.688204][ T4354] Bluetooth: hci4: command 0x0409 tx timeout
[  535.719405][ T9876] chnl_net:caif_netlink_parms(): no params data found
[  535.748694][ T9906] netlink: 96 bytes leftover after parsing attributes in process `syz.3.1407'.
[  536.684740][ T9876] bridge0: port 1(bridge_slave_0) entered blocking state
[  536.726411][ T9876] bridge0: port 1(bridge_slave_0) entered disabled state
[  536.764695][ T9876] device bridge_slave_0 entered promiscuous mode
[  536.808391][ T9876] bridge0: port 2(bridge_slave_1) entered blocking state
[  536.829747][ T9876] bridge0: port 2(bridge_slave_1) entered disabled state
[  536.897059][ T9876] device bridge_slave_1 entered promiscuous mode
[  537.049813][ T9876] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  537.114921][ T9876] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  537.254093][ T9876] team0: Port device team_slave_0 added
[  537.360617][ T9876] team0: Port device team_slave_1 added
[  537.470319][ T9876] batman_adv: batadv0: Adding interface: batadv_slave_0
[  537.478477][ T9876] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  537.569199][ T9876] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  537.666848][ T9876] batman_adv: batadv0: Adding interface: batadv_slave_1
[  537.691223][ T9876] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  537.749495][ T4235] Bluetooth: hci4: command 0x041b tx timeout
[  537.836271][ T9876] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  538.112343][ T9876] device hsr_slave_0 entered promiscuous mode
[  538.157145][ T9876] device hsr_slave_1 entered promiscuous mode
[  538.165024][ T9876] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  538.174450][ T9876] Cannot create hsr debugfs directory
[  538.509284][ T9946] autofs4:pid:9946:autofs_fill_super: called with bogus options
[  539.500510][ T9876] netdevsim netdevsim7 netdevsim0: renamed from eth0
[  539.533116][ T9876] netdevsim netdevsim7 netdevsim1: renamed from eth1
[  539.572729][ T9876] netdevsim netdevsim7 netdevsim2: renamed from eth2
[  539.634083][ T9876] netdevsim netdevsim7 netdevsim3: renamed from eth3
[  539.810910][ T9958] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  539.829286][ T4236] Bluetooth: hci4: command 0x040f tx timeout
[  539.849907][ T9958] device syzkaller0 entered promiscuous mode
[  539.907138][ T9958] tipc: Resetting bearer <eth:syzkaller0>
[  539.961699][ T9957] tipc: Resetting bearer <eth:syzkaller0>
[  539.998046][ T9957] tipc: Disabling bearer <eth:syzkaller0>
[  540.055289][ T9876] 8021q: adding VLAN 0 to HW filter on device bond0
[  540.141194][ T6082] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[  540.164616][ T6082] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[  540.187324][ T9876] 8021q: adding VLAN 0 to HW filter on device team0
[  540.218005][ T7098] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[  540.259295][ T7098] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[  540.293272][ T7098] bridge0: port 1(bridge_slave_0) entered blocking state
[  540.300451][ T7098] bridge0: port 1(bridge_slave_0) entered forwarding state
[  540.399846][ T7098] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[  540.501626][ T7098] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[  540.535169][ T7098] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[  540.597621][ T7098] bridge0: port 2(bridge_slave_1) entered blocking state
[  540.604802][ T7098] bridge0: port 2(bridge_slave_1) entered forwarding state
[  540.616628][ T9970] loop3: detected capacity change from 0 to 1024
[  540.689836][ T4406] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[  540.710586][ T4406] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[  540.733902][ T9970] EXT4-fs (loop3): couldn't mount as ext2 due to feature incompatibilities
[  540.815785][ T4406] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[  540.830479][ T4406] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[  540.839975][ T4406] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[  541.019161][ T5951] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[  541.470958][ T5951] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[  541.513149][ T5951] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[  541.580135][ T5951] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[  541.691220][ T9876] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[  541.739680][ T4406] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[  541.776776][ T4406] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[  541.981125][ T4234] Bluetooth: hci4: command 0x0419 tx timeout
[  542.091107][ T9985] autofs4:pid:9985:autofs_fill_super: called with bogus options
[  542.994831][ T9876] 8021q: adding VLAN 0 to HW filter on device batadv0
[  543.007927][ T7098] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready
[  543.036222][ T7098] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready
[  543.434617][T10010] netlink: 96 bytes leftover after parsing attributes in process `syz.1.1435'.
[  543.788298][T10021] loop3: detected capacity change from 0 to 1024
[  543.858109][T10021] EXT4-fs (loop3): couldn't mount as ext2 due to feature incompatibilities
[  544.091485][ T4406] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready
[  544.328501][ T4406] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[  544.698227][ T9876] device veth0_vlan entered promiscuous mode
[  544.760331][ T6085] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready
[  544.797741][ T6085] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[  544.887352][ T6085] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[  544.914040][T10024] Error parsing options; rc = [-22]
[  544.984756][ T6085] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[  545.097933][ T9876] device veth1_vlan entered promiscuous mode
[  545.154072][ T6085] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready
[  545.403659][ T6085] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready
[  545.412706][ T6085] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[  545.427913][ T9876] device veth0_macvtap entered promiscuous mode
[  545.442231][ T9876] device veth1_macvtap entered promiscuous mode
[  545.481044][ T9876] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  545.660026][ T9876] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  545.700323][ T9876] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  545.782257][ T9876] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  545.863249][ T9876] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  545.922771][ T9876] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  545.957316][ T9876] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  545.998627][ T9876] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  546.033210][ T9876] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  546.083585][ T9876] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  546.141886][ T9876] batman_adv: batadv0: Interface activated: batadv_slave_0
[  546.164500][ T6082] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready
[  546.211947][ T6082] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready
[  546.233553][ T6082] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready
[  546.266235][ T6082] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[  546.298237][ T9876] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  546.400670][ T9876] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  546.433764][ T9876] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  546.469685][ T9876] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  546.529152][ T9876] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  546.592217][ T9876] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  546.605104][T10058] __sock_release: fasync list not empty!
[  546.621049][ T9876] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  546.677927][ T9876] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  546.751350][ T9876] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  546.783323][ T9876] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  546.814947][ T9876] batman_adv: batadv0: Interface activated: batadv_slave_1
[  546.928848][ T4406] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
[  546.964004][ T4406] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[  547.045610][ T9876] netdevsim netdevsim7 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  547.078392][ T9876] netdevsim netdevsim7 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  547.107761][ T9876] netdevsim netdevsim7 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  547.128055][ T9876] netdevsim netdevsim7 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  549.387189][ T4406] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  549.427096][ T4406] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  549.485982][ T6085] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready
[  550.782758][ T6085] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  550.842193][ T6085] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  550.933720][ T4406] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready
[  551.873172][T10116] netlink: 96 bytes leftover after parsing attributes in process `syz.1.1470'.
[  553.906190][T10128] create_pit_timer: 17 callbacks suppressed
[  553.906210][T10128] pit: kvm: requested 1676 ns i8254 timer period limited to 200000 ns
[  554.154255][T10128] pit: kvm: requested 838 ns i8254 timer period limited to 200000 ns
[  554.269632][T10128] pit: kvm: requested 100571 ns i8254 timer period limited to 200000 ns
[  554.556969][T10128] pit: kvm: requested 160914 ns i8254 timer period limited to 200000 ns
[  554.607398][T10128] pit: kvm: requested 87161 ns i8254 timer period limited to 200000 ns
[  554.659396][T10128] pit: kvm: requested 15085 ns i8254 timer period limited to 200000 ns
[  554.741209][T10128] pit: kvm: requested 3352 ns i8254 timer period limited to 200000 ns
[  554.777627][T10128] pit: kvm: requested 20114 ns i8254 timer period limited to 200000 ns
[  554.839107][ T4194] usb 4-1: new full-speed USB device number 7 using dummy_hcd
[  554.849198][T10128] pit: kvm: requested 838 ns i8254 timer period limited to 200000 ns
[  554.858085][T10128] pit: kvm: requested 2514 ns i8254 timer period limited to 200000 ns
[  555.043553][T10137] netlink: 96 bytes leftover after parsing attributes in process `syz.7.1476'.
[  556.099382][ T4194] usb 4-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  556.232779][ T4194] usb 4-1: config 1 has 1 interface, different from the descriptor's value: 3
[  556.460067][ T4194] usb 4-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[  557.089103][ T4194] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  557.129255][ T4194] usb 4-1: Product: syz
[  557.133489][ T4194] usb 4-1: Manufacturer: syz
[  557.138118][ T4194] usb 4-1: SerialNumber: syz
[  557.259253][ T4194] usb 4-1: can't set config #1, error -71
[  557.266266][ T4194] usb 4-1: USB disconnect, device number 7
[  557.989678][T10160] netlink: 96 bytes leftover after parsing attributes in process `syz.2.1482'.
[  558.343231][T10168] binfmt_misc: register: failed to install interpreter file ./cgroup.cpu/cpuset.cpus
[  558.695327][T10173] netlink: 96 bytes leftover after parsing attributes in process `syz.1.1487'.
[  559.575164][T10181] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  559.597655][T10181] device syzkaller0 entered promiscuous mode
[  559.647290][T10181] tipc: Resetting bearer <eth:syzkaller0>
[  559.675465][T10179] tipc: Resetting bearer <eth:syzkaller0>
[  559.710616][T10179] tipc: Disabling bearer <eth:syzkaller0>
[  561.449537][T10205] netlink: 96 bytes leftover after parsing attributes in process `syz.3.1495'.
[  565.873377][T10228] i2c i2c-0: dvb_frontend_start: failed to start kthread (-4)
[  567.969651][ T1431] ieee802154 phy0 wpan0: encryption failed: -22
[  567.975983][ T1431] ieee802154 phy1 wpan1: encryption failed: -22
[  569.070472][T10254] netdevsim netdevsim7: loading /lib/firmware/. failed with error -22
[  569.078861][T10254] netdevsim netdevsim7: Direct firmware load for . failed with error -22
[  569.087564][T10254] netdevsim netdevsim7: Falling back to sysfs fallback for: .
[  570.296785][T10269] netlink: 16 bytes leftover after parsing attributes in process `syz.1.1513'.
[  570.870319][T10284] netdevsim netdevsim7: loading /lib/firmware/. failed with error -22
[  570.878752][T10284] netdevsim netdevsim7: Direct firmware load for . failed with error -22
[  570.887500][T10284] netdevsim netdevsim7: Falling back to sysfs fallback for: .
[  581.479134][ T4406] netdevsim netdevsim6 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  582.136506][ T4406] netdevsim netdevsim6 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  583.397918][ T4406] netdevsim netdevsim6 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  583.765427][T10372] netdevsim netdevsim0: loading /lib/firmware/. failed with error -22
[  583.774080][T10372] netdevsim netdevsim0: Direct firmware load for . failed with error -22
[  583.782652][T10372] netdevsim netdevsim0: Falling back to sysfs fallback for: .
[  585.011581][ T4406] netdevsim netdevsim6 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  585.569097][T10400] autofs4:pid:10400:autofs_fill_super: called with bogus options
[  586.542750][T10369] netlink: 96 bytes leftover after parsing attributes in process `syz.7.1537'.
[  596.303492][T10464] binfmt_misc: register: failed to install interpreter file ./cgroup.cpu/cpuset.cpus
[  597.356446][ T4406] device hsr_slave_0 left promiscuous mode
[  597.424367][ T4406] device hsr_slave_1 left promiscuous mode
[  597.453950][ T4406] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  597.508696][ T4406] batman_adv: batadv0: Removing interface: batadv_slave_0
[  597.631011][ T4406] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  597.721079][ T4406] batman_adv: batadv0: Removing interface: batadv_slave_1
[  598.246001][ T4406] device bridge_slave_1 left promiscuous mode
[  598.272730][ T4406] bridge0: port 2(bridge_slave_1) entered disabled state
[  598.520763][ T4406] device bridge_slave_0 left promiscuous mode
[  598.527035][ T4406] bridge0: port 1(bridge_slave_0) entered disabled state
[  598.539088][T10450] usb 1-1: new high-speed USB device number 7 using dummy_hcd
[  598.608016][ T4406] device veth1_macvtap left promiscuous mode
[  598.626692][ T4406] device veth0_macvtap left promiscuous mode
[  598.652239][ T4406] device veth1_vlan left promiscuous mode
[  598.658094][ T4406] device veth0_vlan left promiscuous mode
[  598.809199][T10450] usb 1-1: Using ep0 maxpacket: 8
[  598.959336][T10450] usb 1-1: config 0 has an invalid descriptor of length 103, skipping remainder of the config
[  598.972996][T10450] usb 1-1: config 0 interface 0 altsetting 0 has an invalid endpoint with address 0xE2, skipping
[  599.169553][T10450] usb 1-1: New USB device found, idVendor=04e8, idProduct=ff30, bcdDevice=a6.d1
[  599.188725][T10450] usb 1-1: New USB device strings: Mfr=1, Product=34, SerialNumber=3
[  599.223488][T10450] usb 1-1: Product: syz
[  599.239123][T10450] usb 1-1: Manufacturer: syz
[  599.274471][T10450] usb 1-1: SerialNumber: syz
[  599.339559][T10450] usb 1-1: config 0 descriptor??
[  599.379626][T10450] usb 1-1: can't set config #0, error -71
[  599.413748][T10450] usb 1-1: USB disconnect, device number 7
[  599.448688][ T4406] team0 (unregistering): Port device team_slave_1 removed
[  599.646851][ T4406] team0 (unregistering): Port device team_slave_0 removed
[  599.819831][ T4406] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  600.593916][ T4406] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  600.893754][ T4406] bond0 (unregistering): Released all slaves
[  601.013174][T10518] tipc: Enabling of bearer <eth:syzkaller0> rejected, failed to enable media
[  607.946398][T10602] netlink: 'syz.2.1592': attribute type 4 has an invalid length.
[  609.399459][T10614] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  609.413210][T10614] device syzkaller0 entered promiscuous mode
[  609.491107][T10614] tipc: Resetting bearer <eth:syzkaller0>
[  609.537845][T10612] tipc: Resetting bearer <eth:syzkaller0>
[  609.578426][T10612] tipc: Disabling bearer <eth:syzkaller0>
[  611.386524][T10642] device syzkaller0 entered promiscuous mode
[  611.461289][T10644] loop7: detected capacity change from 0 to 1024
[  611.731331][T10644] EXT4-fs (loop7): couldn't mount as ext2 due to feature incompatibilities
[  611.967422][T10655] netlink: 'syz.7.1607': attribute type 4 has an invalid length.
[  614.332331][ T4237] Bluetooth: hci4: Controller not accepting commands anymore: ncmd = 0
[  614.430787][ T4237] Bluetooth: hci4: Injecting HCI hardware error event
[  614.438047][ T4207] Bluetooth: hci4: hardware error 0x00
[  616.037968][T10705] netdevsim netdevsim7: loading /lib/firmware/. failed with error -22
[  616.046606][T10705] netdevsim netdevsim7: Direct firmware load for . failed with error -22
[  616.055269][T10705] netdevsim netdevsim7: Falling back to sysfs fallback for: .
[  616.964904][T10712] loop0: detected capacity change from 0 to 1024
[  617.251648][T10712] EXT4-fs (loop0): couldn't mount as ext2 due to feature incompatibilities
[  617.652600][T10717] netlink: 'syz.0.1624': attribute type 4 has an invalid length.
[  621.808561][T10766] i2c i2c-0: dvb_frontend_start: failed to start kthread (-4)
[  625.152780][T10799] binfmt_misc: register: failed to install interpreter file ./cgroup.cpu/cpuset.cpus
[  625.519748][ T4266] usb 1-1: new high-speed USB device number 8 using dummy_hcd
[  626.611936][T10813] netlink: 96 bytes leftover after parsing attributes in process `syz.1.1647'.
[  627.478900][T10816] netdevsim netdevsim7: loading /lib/firmware/. failed with error -22
[  627.487794][T10816] netdevsim netdevsim7: Direct firmware load for . failed with error -22
[  627.496420][T10816] netdevsim netdevsim7: Falling back to sysfs fallback for: .
[  627.969036][ T4266] usb 1-1: Using ep0 maxpacket: 8
[  628.099212][ T4266] usb 1-1: config 0 has an invalid descriptor of length 103, skipping remainder of the config
[  628.119027][ T4266] usb 1-1: config 0 interface 0 altsetting 0 has an invalid endpoint with address 0xE2, skipping
[  628.187812][T10827] ==================================================================
[  628.196462][T10827] BUG: KASAN: use-after-free in dvb_device_open+0xc6/0x370
[  628.203799][T10827] Read of size 8 at addr ffff88802936bc18 by task syz.7.1650/10827
[  628.211732][T10827] 
[  628.214089][T10827] CPU: 0 PID: 10827 Comm: syz.7.1650 Not tainted syzkaller #0
[  628.221678][T10827] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026
[  628.231872][T10827] Call Trace:
[  628.235187][T10827]  <TASK>
[  628.238234][T10827]  dump_stack_lvl+0x188/0x250
[  628.243270][T10827]  ? show_regs_print_info+0x20/0x20
[  628.248512][T10827]  ? _printk+0xda/0x130
[  628.252700][T10827]  ? dvb_device_open+0xc6/0x370
[  628.257714][T10827]  ? load_image+0x400/0x400
[  628.262274][T10827]  ? _raw_spin_lock_irqsave+0xbc/0x100
[  628.267821][T10827]  print_address_description+0x60/0x2d0
[  628.273698][T10827]  ? dvb_device_open+0xc6/0x370
[  628.278591][T10827]  kasan_report+0xdf/0x130
[  628.283053][T10827]  ? dvb_device_open+0xc6/0x370
[  628.287968][T10827]  dvb_device_open+0xc6/0x370
[  628.292673][T10827]  ? do_raw_spin_unlock+0x11d/0x230
[  628.297917][T10827]  chrdev_open+0x5c5/0x6a0
[  628.302369][T10827]  ? cd_forget+0x160/0x160
[  628.306887][T10827]  ? fsnotify_perm+0x3a7/0x560
[  628.311785][T10827]  ? cd_forget+0x160/0x160
[  628.316226][T10827]  do_dentry_open+0x7ff/0xf80
[  628.320952][T10827]  path_openat+0x26f5/0x2fa0
[  628.325625][T10827]  ? verify_lock_unused+0x140/0x140
[  628.330940][T10827]  ? slab_post_alloc_hook+0x4c/0x380
[  628.336460][T10827]  ? do_filp_open+0x410/0x410
[  628.341386][T10827]  do_filp_open+0x1e2/0x410
[  628.346037][T10827]  ? vfs_tmpfile+0x300/0x300
[  628.350772][T10827]  ? _raw_spin_unlock+0x24/0x40
[  628.355867][T10827]  ? alloc_fd+0x598/0x630
[  628.360340][T10827]  do_sys_openat2+0x150/0x4b0
[  628.365055][T10827]  ? __lock_acquire+0x7d10/0x7d10
[  628.370127][T10827]  ? do_sys_open+0xe0/0xe0
[  628.374592][T10827]  ? lockdep_hardirqs_on_prepare+0x409/0x770
[  628.380616][T10827]  ? lock_chain_count+0x20/0x20
[  628.385683][T10827]  ? vtime_user_exit+0x2c8/0x3e0
[  628.390662][T10827]  __x64_sys_openat+0x135/0x160
[  628.395550][T10827]  do_syscall_64+0x4c/0xa0
[  628.400109][T10827]  ? clear_bhb_loop+0x30/0x80
[  628.404816][T10827]  ? clear_bhb_loop+0x30/0x80
[  628.409519][T10827]  entry_SYSCALL_64_after_hwframe+0x66/0xd0
[  628.415440][T10827] RIP: 0033:0x7f96cb9e560e
[  628.419881][T10827] Code: 08 0f 85 a5 a8 ff ff 49 89 fb 48 89 f0 48 89 d7 48 89 ce 4c 89 c2 4d 89 ca 4c 8b 44 24 08 4c 8b 4c 24 10 4c 89 5c 24 08 0f 05 <c3> 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 80 00 00 00 00 48 83 ec 08
[  628.439622][T10827] RSP: 002b:00007f96c9c5cb28 EFLAGS: 00000246 ORIG_RAX: 0000000000000101
[  628.448081][T10827] RAX: ffffffffffffffda RBX: 00007f96c9c5d6c0 RCX: 00007f96cb9e560e
[  628.456177][T10827] RDX: 0000000000000002 RSI: 00007f96c9c5cc00 RDI: ffffffffffffff9c
[  628.464605][T10827] RBP: 00007f96c9c5cc00 R08: 0000000000000000 R09: 0000000000000000
[  628.472599][T10827] R10: 0000000000000000 R11: 0000000000000246 R12: cccccccccccccccd
[  628.480595][T10827] R13: 00007f96cbc9e128 R14: 00007f96cbc9e090 R15: 00007fff07061fc8
[  628.488615][T10827]  </TASK>
[  628.491676][T10827] 
[  628.494019][T10827] Allocated by task 1:
[  628.498104][T10827]  __kasan_kmalloc+0xb5/0xf0
[  628.502728][T10827]  dvb_register_device+0x311/0x2170
[  628.507949][T10827]  dvb_register_frontend+0x645/0x920
[  628.513346][T10827]  vidtv_bridge_probe+0x9a1/0xf70
[  628.518402][T10827]  platform_probe+0x137/0x1c0
[  628.523106][T10827]  really_probe+0x284/0xc80
[  628.527737][T10827]  __driver_probe_device+0x18c/0x330
[  628.533062][T10827]  driver_probe_device+0x4f/0x420
[  628.538116][T10827]  __driver_attach+0x46b/0x670
[  628.542917][T10827]  bus_for_each_dev+0x182/0x1f0
[  628.547795][T10827]  bus_add_driver+0x30a/0x5a0
[  628.552496][T10827]  driver_register+0x32d/0x430
[  628.557285][T10827]  vidtv_bridge_init+0x39/0x70
[  628.562071][T10827]  do_one_initcall+0x272/0x730
[  628.566861][T10827]  do_initcall_level+0x137/0x1f0
[  628.572084][T10827]  do_initcalls+0x4b/0x90
[  628.576437][T10827]  kernel_init_freeable+0x3e9/0x570
[  628.581665][T10827]  kernel_init+0x19/0x1b0
[  628.586020][T10827]  ret_from_fork+0x1f/0x30
[  628.590467][T10827] 
[  628.592807][T10827] Freed by task 10766:
[  628.596896][T10827]  kasan_set_track+0x4b/0x70
[  628.601596][T10827]  kasan_set_free_info+0x1f/0x40
[  628.606590][T10827]  ____kasan_slab_free+0xd5/0x110
[  628.611644][T10827]  slab_free_freelist_hook+0xea/0x170
[  628.617061][T10827]  kfree+0xef/0x2a0
[  628.620894][T10827]  dvb_device_open+0x2e7/0x370
[  628.625688][T10827]  chrdev_open+0x5c5/0x6a0
[  628.630128][T10827]  do_dentry_open+0x7ff/0xf80
[  628.634832][T10827]  path_openat+0x26f5/0x2fa0
[  628.639449][T10827]  do_filp_open+0x1e2/0x410
[  628.643974][T10827]  do_sys_openat2+0x150/0x4b0
[  628.648674][T10827]  __x64_sys_openat+0x135/0x160
[  628.653547][T10827]  do_syscall_64+0x4c/0xa0
[  628.657996][T10827]  entry_SYSCALL_64_after_hwframe+0x66/0xd0
[  628.663918][T10827] 
[  628.666258][T10827] The buggy address belongs to the object at ffff88802936bc00
[  628.666258][T10827]  which belongs to the cache kmalloc-256 of size 256
[  628.680335][T10827] The buggy address is located 24 bytes inside of
[  628.680335][T10827]  256-byte region [ffff88802936bc00, ffff88802936bd00)
[  628.693546][T10827] The buggy address belongs to the page:
[  628.699205][T10827] page:ffffea0000a4da80 refcount:1 mapcount:0 mapping:0000000000000000 index:0xffff88802936ae00 pfn:0x2936a
[  628.710776][T10827] head:ffffea0000a4da80 order:1 compound_mapcount:0
[  628.717382][T10827] flags: 0xfff00000010200(slab|head|node=0|zone=1|lastcpupid=0x7ff)
[  628.725405][T10827] raw: 00fff00000010200 ffffea0001d6c088 ffffea0001827388 ffff888016c41b40
[  628.734018][T10827] raw: ffff88802936ae00 0000000000100009 00000001ffffffff 0000000000000000
[  628.742620][T10827] page dumped because: kasan: bad access detected
[  628.749055][T10827] page_owner tracks the page as allocated
[  628.754782][T10827] page last allocated via order 1, migratetype Unmovable, gfp_mask 0xd20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 1, ts 18997900771, free_ts 0
[  628.772842][T10827]  get_page_from_freelist+0x1bbd/0x1ca0
[  628.778422][T10827]  __alloc_pages+0x1ee/0x480
[  628.783044][T10827]  alloc_page_interleave+0x24/0x1e0
[  628.788262][T10827]  new_slab+0xc0/0x4b0
[  628.792353][T10827]  ___slab_alloc+0x80a/0xdd0
[  628.797049][T10827]  __kmalloc_node+0x200/0x3b0
[  628.801753][T10827]  kvmalloc_node+0x84/0x130
[  628.806310][T10827]  v4l2_ctrl_new+0x70f/0x1310
[  628.811961][T10827]  v4l2_ctrl_new_std+0x247/0x300
[  628.816917][T10827]  handler_new_ref+0x14a/0x950
[  628.821698][T10827]  v4l2_ctrl_add_handler+0x197/0x280
[  628.827003][T10827]  vivid_create_controls+0x262d/0x3460
[  628.832594][T10827]  vivid_probe+0x3c47/0x67a0
[  628.837230][T10827]  platform_probe+0x137/0x1c0
[  628.841937][T10827]  really_probe+0x284/0xc80
[  628.846482][T10827]  __driver_probe_device+0x18c/0x330
[  628.851818][T10827] page_owner free stack trace missing
[  628.857209][T10827] 
[  628.859561][T10827] Memory state around the buggy address:
[  628.865210][T10827]  ffff88802936bb00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[  628.873306][T10827]  ffff88802936bb80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[  628.881511][T10827] >ffff88802936bc00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  628.889602][T10827]                             ^
[  628.894480][T10827]  ffff88802936bc80: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  628.902577][T10827]  ffff88802936bd00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[  628.910672][T10827] ==================================================================
[  628.918767][T10827] Disabling lock debugging due to kernel taint
[  628.931458][T10827] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[  628.938716][T10827] CPU: 0 PID: 10827 Comm: syz.7.1650 Tainted: G    B             syzkaller #0
[  628.947797][T10827] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026
[  628.957993][T10827] Call Trace:
[  628.961301][T10827]  <TASK>
[  628.964251][T10827]  dump_stack_lvl+0x188/0x250
[  628.968952][T10827]  ? show_regs_print_info+0x20/0x20
[  628.974170][T10827]  ? load_image+0x400/0x400
[  628.978876][T10827]  panic+0x2e5/0x810
[  628.982807][T10827]  ? asm_sysvec_apic_timer_interrupt+0x16/0x20
[  628.988982][T10827]  ? bpf_jit_dump+0xd0/0xd0
[  628.993538][T10827]  ? _raw_spin_unlock_irqrestore+0x10d/0x120
[  628.999542][T10827]  ? _raw_spin_unlock+0x40/0x40
[  629.005367][T10827]  ? dvb_device_open+0xc6/0x370
[  629.010255][T10827]  check_panic_on_warn+0x80/0xa0
[  629.015215][T10827]  ? dvb_device_open+0xc6/0x370
[  629.020085][T10827]  end_report+0x6d/0xf0
[  629.024270][T10827]  kasan_report+0x102/0x130
[  629.028797][T10827]  ? dvb_device_open+0xc6/0x370
[  629.033676][T10827]  dvb_device_open+0xc6/0x370
[  629.038381][T10827]  ? do_raw_spin_unlock+0x11d/0x230
[  629.043600][T10827]  chrdev_open+0x5c5/0x6a0
[  629.048040][T10827]  ? cd_forget+0x160/0x160
[  629.052485][T10827]  ? fsnotify_perm+0x3a7/0x560
[  629.057268][T10827]  ? cd_forget+0x160/0x160
[  629.061715][T10827]  do_dentry_open+0x7ff/0xf80
[  629.066620][T10827]  path_openat+0x26f5/0x2fa0
[  629.071257][T10827]  ? verify_lock_unused+0x140/0x140
[  629.076579][T10827]  ? slab_post_alloc_hook+0x4c/0x380
[  629.081890][T10827]  ? do_filp_open+0x410/0x410
[  629.086608][T10827]  do_filp_open+0x1e2/0x410
[  629.091148][T10827]  ? vfs_tmpfile+0x300/0x300
[  629.095770][T10827]  ? _raw_spin_unlock+0x24/0x40
[  629.100642][T10827]  ? alloc_fd+0x598/0x630
[  629.105120][T10827]  do_sys_openat2+0x150/0x4b0
[  629.109822][T10827]  ? __lock_acquire+0x7d10/0x7d10
[  629.114871][T10827]  ? do_sys_open+0xe0/0xe0
[  629.119420][T10827]  ? lockdep_hardirqs_on_prepare+0x409/0x770
[  629.125427][T10827]  ? lock_chain_count+0x20/0x20
[  629.130305][T10827]  ? vtime_user_exit+0x2c8/0x3e0
[  629.135309][T10827]  __x64_sys_openat+0x135/0x160
[  629.140184][T10827]  do_syscall_64+0x4c/0xa0
[  629.144647][T10827]  ? clear_bhb_loop+0x30/0x80
[  629.149355][T10827]  ? clear_bhb_loop+0x30/0x80
[  629.154050][T10827]  entry_SYSCALL_64_after_hwframe+0x66/0xd0
[  629.160051][T10827] RIP: 0033:0x7f96cb9e560e
[  629.164516][T10827] Code: 08 0f 85 a5 a8 ff ff 49 89 fb 48 89 f0 48 89 d7 48 89 ce 4c 89 c2 4d 89 ca 4c 8b 44 24 08 4c 8b 4c 24 10 4c 89 5c 24 08 0f 05 <c3> 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 80 00 00 00 00 48 83 ec 08
[  629.184145][T10827] RSP: 002b:00007f96c9c5cb28 EFLAGS: 00000246 ORIG_RAX: 0000000000000101
[  629.192579][T10827] RAX: ffffffffffffffda RBX: 00007f96c9c5d6c0 RCX: 00007f96cb9e560e
[  629.200576][T10827] RDX: 0000000000000002 RSI: 00007f96c9c5cc00 RDI: ffffffffffffff9c
[  629.208652][T10827] RBP: 00007f96c9c5cc00 R08: 0000000000000000 R09: 0000000000000000
[  629.216661][T10827] R10: 0000000000000000 R11: 0000000000000246 R12: cccccccccccccccd
[  629.224671][T10827] R13: 00007f96cbc9e128 R14: 00007f96cbc9e090 R15: 00007fff07061fc8
[  629.232681][T10827]  </TASK>
[  629.235826][T10827] Kernel Offset: disabled
[  629.240152][T10827] Rebooting in 86400 seconds..