last executing test programs:

1m6.787409216s ago: executing program 3 (id=1026):
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000440)={0x6, 0x3, &(0x7f00000001c0)=ANY=[@ANYRES64=r0], &(0x7f0000000180)='syzkaller\x00', 0x0, 0x0, 0x0, 0x41100, 0x8, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x3, @void, @value}, 0x94)
r2 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
socket$inet6(0xa, 0x0, 0x0)
connect$inet6(0xffffffffffffffff, 0x0, 0x0)
r3 = accept4$inet(0xffffffffffffffff, &(0x7f0000000040)={0x2, 0x0, @empty}, &(0x7f0000000300)=0x10, 0x0)
getsockopt$inet_IP_IPSEC_POLICY(r3, 0x0, 0x10, &(0x7f0000000780)={{{@in6=@mcast2, @in=@multicast2}}, {{@in6=@mcast2}, 0x0, @in6=@dev}}, &(0x7f0000000140)=0xe4)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
r4 = syz_open_dev$MSR(&(0x7f0000000280), 0x0, 0x0)
read$msr(r4, &(0x7f0000019680)=""/102392, 0x18ff8)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
socketpair$nbd(0x1, 0x1, 0x0, 0x0)
r5 = openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$SNDCTL_SEQ_OUTOFBAND(r5, 0x40085112, &(0x7f0000000080)=@e={0xff, 0xa, 0x0, 0x0, @SEQ_CONTROLLER=0xfe})
r6 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
r7 = io_uring_setup(0x4000177f, &(0x7f00000003c0)={0x0, 0x5a27})
r8 = syz_open_dev$swradio(&(0x7f00000000c0), 0x0, 0x2)
read$hiddev(r8, &(0x7f0000000740)=""/43, 0x2b)
close_range(r7, 0xffffffffffffffff, 0x0)
bind$bt_hci(r2, &(0x7f0000000080), 0x6)
write$RDMA_USER_CM_CMD_CREATE_ID(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x18, 0xfa00, {0x0, &(0x7f0000000540)={<r9=>0xffffffffffffffff}, 0x2}}, 0x20)
write$RDMA_USER_CM_CMD_LISTEN(0xffffffffffffffff, &(0x7f0000000080)={0x7, 0x8, 0xfa00, {r9}}, 0x10)
write$RDMA_USER_CM_CMD_SET_OPTION(0xffffffffffffffff, &(0x7f0000000240)={0xe, 0x18, 0xfa00, @id_resuseaddr={&(0x7f0000000200)=0x1, r9, 0x0, 0x1, 0x4}}, 0x20)
fchmod(r6, 0x0)
ioctl$sock_bt_hci(r2, 0x400448e6, &(0x7f0000000140))
socket$kcm(0x2, 0x0, 0x84)
r10 = socket$packet(0x11, 0x2, 0x300)
ioctl$sock_SIOCGIFINDEX(r10, 0x8933, &(0x7f0000000080)={'wg0\x00', <r11=>0x0})
bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f00000000c0)={r1, r11, 0x25, 0x0, @val=@netfilter}, 0x40)
sendmsg$nl_route_sched(r0, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000004c00)=@newtfilter={0x24, 0x11, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x74, r11, {0x0, 0xfff2}}}, 0x24}, 0x1, 0xf0ffffffffffff}, 0x0)

1m0.346531597s ago: executing program 3 (id=1042):
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000200)=@base={0x2, 0x4, 0xfff, 0x100000, 0x0, 0x1, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000140)={0x9, 0x4, &(0x7f0000000280)=ANY=[@ANYBLOB="180000000000000000000000000000027112190000000000951d0007000000006ab92d8dcb607a25d27f5a4c5baa2ba5d50b5a7f2cd17c04581b69ab8900e9"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0xc, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90)
r1 = syz_open_dev$evdev(&(0x7f0000000040), 0x0, 0x0)
syz_mount_image$vfat(&(0x7f0000000180), &(0x7f0000000300)='./file0\x00', 0x0, &(0x7f00000007c0)=ANY=[@ANYBLOB='nonumtail=0,iocharset=cp950,umask=00000000000000000000000,uni_xlate=1,uni_xlate=1,shortname=win95,utf8=0,shortname=win95,utf8=1,uid=', @ANYRESHEX=r1, @ANYBLOB="2c73686f72746e616d653d77696e6e742c756e695f786c6174653d312c696f636861727365743d6d616363726f617469616e2c696f636861727365743d63703433372c757365667265652c726f6469722c7569643e74353a7bd912f41b207e4bc4478b479f5a21373fd412d72f65702b57308921a665e19ef4cc41aac5e7c09d211fd4c1fbf43833c769c6b16297c14d0d92df4f0371acd1b184d6", @ANYRES16, @ANYRESHEX=0x0], 0x6, 0x2c0, &(0x7f0000000940)="$eJzs3T9rJGUYAPBndjezqxabwkoEB7SwOi7X2myQHBxupWyhFnp4dyDZRUgg4B8cU9naWPoJBMHOL2HjJ1CwFe1MERiZ2Rl3s+4fV7NGvd+vyZN33uf9lzcJKebJ289Ojh9k8ej8ox+i10uiNYhBXCSxH61ofBJXDD4LAOC/7KIo4pdiapu8JCJ6u1sWALBDW//+/3rnSwIAduy119945XA4PHo1y3pxd/Lp2aj8y778OH1++CjejXE8jNvRj8uI4nfT+G5RFHknK+3HC5P8bFRmTt76th7/8KeIKv8g+rFfNV3Nvzc8OqjSszQimvy8XMeT9fyDMv9O9OPpJfPfGx7dmeZnc/PnMUrjxefn1n8r+vHdO/FejONBtYhZ/scHWfZy8fmvH75ZLq/MT/KzUbfqN1O0F8+uu/svDwAAAAAAAAAAAAAAAAAAAAAA/1O36to53ajq95RNdf2d9mX5yV5kjfn6PnlTHyhpBpqrD5RGUeRFfNHU17mdZVlRd5zld+KZTnRuZtcAAAAAAAAAAAAAAAAAAADw73L6/gfH98fjhyfXEjTVAJrX+v/qOIO5ludifefubK5WHa4ZOdpNnyRi1TKS8ljKTVzTsWwKnli15i+/2nbA3uY+e+vOZxp04u/tq7ldx/eT5WfYjaal11ySb+b7pFEF3/+8aa501aNiyfW7WDlOWgatxUf9q53bm/eePlUF+Zo+kaz7vnjpx+nJ1S3J4i7S6lSXpu/VwVz6wt3Y6j7/8WdFoloHAAAAAAAAAAAAAAAAAADs1Oyl3yUPz9emtoruzpYFAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAP+o2f//3yLI6+Q/0TmNk9Mb3iIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACPgd8CAAD//1pUXmc=")
mount$bind(&(0x7f0000000000)='.\x00', &(0x7f0000000200)='./file0/../file0\x00', 0x0, 0x101091, 0x0)
mount$bind(0x0, &(0x7f00000005c0)='./file0\x00', 0x0, 0x100000, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000005c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0xffffffff, 0x21, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
syz_emit_ethernet(0x1f, &(0x7f0000000400)={@multicast, @broadcast, @void, {@llc_tr={0x11, {@snap={0xaa, 0x0, "0f", "861e2a", 0x0, "5aeeab3180f382f279"}}}}}, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
r2 = getpid()
sched_setscheduler(r2, 0x1, &(0x7f0000000100)=0x5)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000001480)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r4, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000240)=ANY=[], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
r5 = open_tree(0xffffffffffffff9c, &(0x7f0000000640)='\x00', 0x89901)
execveat(r5, &(0x7f00000001c0)='./file1\x00', &(0x7f0000000540), &(0x7f0000000c00), 0x1000)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000000)={0xf, 0x7, &(0x7f0000000380)=@framed={{}, [@ringbuf_query={{0x18, 0x1, 0x1, 0x0, r0}, {}, {0x85, 0x0, 0x0, 0x51}}]}, &(0x7f0000000180)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90)
r6 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='memory.events\x00', 0x275a, 0x0)
write$binfmt_script(r6, &(0x7f0000000100), 0xfecc)
socket$inet6_udplite(0xa, 0x2, 0x88)
r7 = socket$nl_xfrm(0x10, 0x3, 0x6)
r8 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r8, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000000)=@updpolicy={0xb8, 0x13, 0xcb23c9c9931e99e9, 0x0, 0x0, {{@in6=@private0, @in=@initdev={0xac, 0x1e, 0x0, 0x0}, 0x0, 0x0, 0x0, 0x0, 0xa, 0x30, 0x80, 0x0, 0x0, 0xee01}}}, 0xb8}}, 0x0)
sendmsg$nl_xfrm(r7, &(0x7f0000000480)={0x0, 0x2500, &(0x7f0000000440)={&(0x7f0000000000)=ANY=[@ANYBLOB="6501000014"], 0x188}}, 0x0)

58.082725951s ago: executing program 1 (id=1057):
r0 = getpid()
bpf$MAP_CREATE(0x0, 0x0, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x1)
ptrace$peek(0x2, 0x0, &(0x7f0000000380))
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x3, &(0x7f0000000240)=ANY=[@ANYBLOB="180000000000000000000000000000049500"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
syz_emit_ethernet(0x6a, &(0x7f0000000980)={@local, @link_local, @void, {@ipv4={0x800, @udp={{0x5, 0x4, 0x0, 0x0, 0x5c, 0x0, 0x0, 0x0, 0x11, 0x0, @empty, @empty}, {0x0, 0x4e23, 0x48, 0x0, @wg=@cookie={0x3, 0x0, "955aec9ef39911c4e608778212119fd3d90397a2d165de62", "580c5119fb37bf4a8be03c1f77f40bafce6ab79eb3b71dc477351f542ce9232f"}}}}}}, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000740)={&(0x7f00000006c0)='sched_switch\x00', r4}, 0x10)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000002c0)='memory.events\x00', 0x7a05, 0x1700)
acct(&(0x7f00000001c0)='./file0\x00')
ioctl$FS_IOC_SETFLAGS(0xffffffffffffffff, 0x40086602, &(0x7f0000000000))
setfsgid(0xee00)
setresgid(0xffffffffffffffff, 0x0, 0x0)
r5 = socket$inet_udp(0x2, 0x2, 0x0)
setsockopt$EBT_SO_SET_ENTRIES(r5, 0x0, 0x80, &(0x7f0000000000)=@filter={'filter\x00', 0xe, 0x2, 0x250, [0x0, 0x20000100, 0x20000130, 0x20000280], 0x0, 0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="000000000000000000000000000000000000001000000000fd750000000000000000002000000000ffffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ffffffff0100000003000000000000000000697036677265300000000000000000007465616d30000000000000000000000076000068305f746f5f626f6e6400000076657468305f746f5f626f6e64000000aaaaaaaaaa0000000000000024ffffffffff0000000000000000f0000000f0000000200100006c696d697400000000000000000000000000000000000000000000000000000020000000000900000000000000000000000000000000000000000000000000000000000000000000636c75737465720000000000000000000000000000000000000000003062000010000000000000000000000000000000000000000000000041554449540000000000000000000000000000000000000000000000000000000800000000000000004493000000000000000000000000000000000000000000000000000000000000000000000000000000000001000000feffffff0100000011000000000000000000766c616e3000000000000000000000006c6f0000000000000000000000000000726f736530000000000000000000000062726964676530000000000000000000ffffffffffff000000000000aaaaaaaaaa0000000000000000007000000070000000a000000041554449540000000000000000000000000000000000000004000000000000000800"/592]}, 0x2c8)
r6 = io_uring_setup(0x1de0, &(0x7f0000000440))
io_uring_register$IORING_REGISTER_FILES(r6, 0x2, &(0x7f00000001c0)=[0xffffffffffffffff], 0x1)
io_uring_register$IORING_REGISTER_FILES(r6, 0x2, &(0x7f0000000040), 0x0)
r7 = socket$inet_udp(0x2, 0x2, 0x0)
setsockopt$EBT_SO_SET_ENTRIES(r7, 0x0, 0x80, &(0x7f0000000240)=@filter={'filter\x00', 0xe, 0x1, 0x130, [0x0, 0x20000100, 0x20000130, 0x20000160], 0x0, 0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="0000000000002a7b000000000000000000000000030000000023b500000000000100000000000000feffffff0000000000000000000000000012c31aa8b556307b0000160900000000000000000000000000000000000000ffffffff00000000000000000000000000000000000000000000000000ffffff7f000000000000000000000000000000feffffff010000001100000009000000000000000000106cf4aa4ac99e8d000000006c6f0000000000000000000000000001000000000002000001000000100000fa6215e1c90fed90ac00000010a85f001a4b000000000000000580000000aaaaaabd0000020000000000007000000070000000a000000041554449540000000000000000000000000000000000000000000000000000000800000000000d000000000000000000"]}, 0x1a8)
setsockopt$EBT_SO_SET_COUNTERS(r7, 0x0, 0x81, &(0x7f0000000040)={'filter\x00', 0x0, 0x0, 0x0, [], 0x1, 0x0, 0x0, [{}]}, 0x88)
waitid(0x3, r0, 0x0, 0x2, 0x0)

55.98474836s ago: executing program 1 (id=1050):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x7, &(0x7f0000000240)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b702000001000000850000008600000095"], &(0x7f0000000180)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000740)={&(0x7f00000006c0)='sched_switch\x00', r1}, 0x10)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r2 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x4)
syz_emit_ethernet(0xa3, 0x0, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x7, &(0x7f00000003c0)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRESOCT=r1, @ANYBLOB="0000000000000000b702000003000000850000008600000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bind$inet6(0xffffffffffffffff, &(0x7f0000000840)={0xa, 0x0, 0x0, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}}, 0x1c)
connect$inet6(0xffffffffffffffff, &(0x7f0000000280)={0xa, 0x0, 0x0, @ipv4={'\x00', '\xff\xff', @loopback}}, 0x1c)
socket$inet6_tcp(0xa, 0x1, 0x0)
r5 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000040), 0x802, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000140)={&(0x7f0000000380)='mm_page_alloc\x00'}, 0x10)
r6 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=@framed={{}, [@printk={@i, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x2d}}]}, &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000280)={&(0x7f0000000000)='kfree\x00', r6}, 0x10)
unshare(0x2040400)
r7 = fsopen(&(0x7f0000000040)='cgroup2\x00', 0x0)
fsconfig$FSCONFIG_CMD_CREATE(r7, 0x6, 0x0, 0x0, 0x0)
unshare(0x2000400)
fsmount(r7, 0x0, 0x0)
write$uinput_user_dev(r5, 0x0, 0x0)

54.780674793s ago: executing program 1 (id=1051):
syz_mount_image$reiserfs(&(0x7f0000000540), &(0x7f0000000140)='./file0\x00', 0x10, &(0x7f00000001c0), 0xfa, 0x1119, &(0x7f0000003600)="$eJzs2b9qFUEUB+Df7F5NupW1XwJaWEhIuD6AKRRua6uNSEAwVS4Iiq/hG/gWvoKmsg/ptQhYCis3e9f8IaCSG0H4Ptids2dn9uyUMxMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABYmCRfS3K7StoxVyUpSdcdzI6SdGP+1qe6SsmT3dn80f708TxJfdK9PE02TrqUJO32nfV22k7b7fbBw527n+dv3r56vre3u7/8TEmXw+OVzqKMt/psrqy0BgAAAPy3+itr8v71n1S6eU31AQAAgN9Z9X4CAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAwN/qm9O4HYMqSUm67mB2lKS7ZNyNf/R/AAAAwNWVVHnWXJYftgFO3c+XpvzKL9rvZRFv5UNzYSAAAABwzsuP5x77tWVw9nz9Rz9YrLvvZTKsy9eHdxuZZHNziJdNvu0kdZKtC7UOj9+9GK/S18na9cwJAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAfrIDByQAAAAAgv6/bkegAAAAAAAAAAAAAAAAAAAAAAAAAAAXBQAA//+XOeFM")
socket(0x10, 0x0, 0x0)
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$devlink(&(0x7f0000000380), 0xffffffffffffffff)
close(0xffffffffffffffff)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r2 = getpid()
sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4)
sendmsg$DEVLINK_CMD_RATE_NEW(r0, &(0x7f00000004c0)={0x0, 0x0, &(0x7f0000000480)={&(0x7f00000000c0)=ANY=[@ANYBLOB="cbdbd864d7df0b8bad0c42570442897f8b70", @ANYRES16=r1, @ANYBLOB="05090000000000000000240000000e0001006e657464657673696d0000000f0002006e657464657673696d300000"], 0x34}}, 0x0)
r5 = syz_open_dev$video(&(0x7f00000000c0), 0x17b4b522, 0x0)
ioctl$VIDIOC_G_CROP(r5, 0xc014563b, &(0x7f0000000080))
r6 = syz_open_dev$vim2m(&(0x7f0000000200), 0x7, 0x2)
ioctl$vim2m_VIDIOC_S_FMT(r6, 0xc0d05605, 0x0)
r7 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cpu.stat\x00', 0x275a, 0x0)
write$UHID_CREATE2(r7, &(0x7f00000001c0)=ANY=[], 0x118)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x5, 0x12, r7, 0x0)
ioctl$vim2m_VIDIOC_TRY_FMT(r6, 0xc0d05640, &(0x7f0000000080)={0x0, @pix_mp})
getrlimit(0x6, &(0x7f0000000040))
sendmsg$DEVLINK_CMD_RATE_NEW(r7, &(0x7f0000000440)={&(0x7f0000000340)={0x10, 0x0, 0x0, 0x100000}, 0xc, &(0x7f00000003c0)={&(0x7f0000000580)={0x88, r1, 0x0, 0x70bd27, 0x25dfdbfe, {}, [@DEVLINK_ATTR_PORT_INDEX={0x8}, @DEVLINK_ATTR_RATE_PARENT_NODE_NAME={0xe}, @handle=@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, @handle=@pci={{0x8}, {0x11}}, @handle=@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}]}, 0x88}, 0x1, 0x0, 0x0, 0x885}, 0x10)
syz_mount_image$fuse(0x0, &(0x7f0000000180)='./file2\x00', 0x0, 0x0, 0x0, 0x0, 0x0)
mount$overlay(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000000), 0x0, &(0x7f0000000140)={[{@workdir={'workdir', 0x3d, './file0'}}, {@lowerdir={'lowerdir', 0x3d, '.'}}, {@upperdir={'upperdir', 0x3d, './file2'}}], [], 0x2c})

52.928354942s ago: executing program 1 (id=1056):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x4)
read$FUSE(0xffffffffffffffff, 0x0, 0x0)
getsockopt$bt_BT_VOICE(0xffffffffffffffff, 0x112, 0xb, &(0x7f00000007c0)=0x1, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f0000000040))
openat$hwrng(0xffffffffffffff9c, 0x0, 0x400, 0x0)
add_key$fscrypt_v1(0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffe)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f0000000200)=0x400000bce)
r1 = syz_open_dev$MSR(&(0x7f0000000240), 0x0, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
socket$nl_generic(0x10, 0x3, 0x10)
read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8)
r2 = creat(&(0x7f0000000100)='./file0\x00', 0xd931d3864d39dcca)
r3 = openat$dir(0xffffffffffffff9c, &(0x7f0000000000)='.\x00', 0x0, 0x0)
r4 = fanotify_init(0x200, 0x0)
fanotify_mark(r4, 0x1, 0x4800003e, r3, 0x0)
sendmsg$TIPC_NL_NET_GET(0xffffffffffffffff, &(0x7f0000000340)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x1000}, 0xc, 0x0}, 0x0)
write$binfmt_elf32(r2, &(0x7f0000000040)=ANY=[@ANYBLOB="7f454c46000000000000000000000000030006000000000000000000380000000000000000191bda0000200001000000000280000000000003"], 0x69)
close(r2)
getrlimit(0x3, &(0x7f0000000140))
execve(&(0x7f0000000180)='./file0\x00', 0x0, 0x0)
process_vm_readv(0x0, &(0x7f0000008400)=[{&(0x7f0000000300)=""/54, 0x36}, {&(0x7f0000006180)=""/152, 0x98}], 0x2, 0x0, 0x0, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
r5 = syz_open_dev$usbfs(&(0x7f0000000100), 0x76, 0x101301)
mmap$binder(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x1, 0x11, 0xffffffffffffffff, 0x0)
ioctl$USBDEVFS_SUBMITURB(r5, 0x802c550a, &(0x7f00000003c0)=@urb_type_iso={0x2, {0x1, 0x1}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, 0xe, 0x0, 0x0, 0x0, [{0x3, 0xfffffff8, 0x8e5}, {0x2, 0x8, 0x6}, {0xeb, 0x40, 0x7}, {0xf1, 0x126, 0x9ac}, {0x5, 0x1ff, 0x3}, {0x1000, 0xc3b1, 0xb46c}, {0xd, 0x8, 0xde52}, {0x5, 0x1, 0xf9}, {0x25f, 0xde, 0x1}, {0x40, 0xffffffff, 0xc}, {0xcd, 0x3, 0x9331}, {0x6, 0x0, 0x7}, {0x4, 0x6, 0xffff}, {0x10000, 0x7, 0x5}]})

52.301546745s ago: executing program 1 (id=1058):
r0 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r0, &(0x7f0000000280)={0x26, 'hash\x00', 0x0, 0x0, 'sha224-avx\x00'}, 0x58)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000080)='sched_switch\x00'}, 0x10)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r4 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000640)={0x3, 0x4, &(0x7f0000000040)=@framed={{}, [@ldst={0x0, 0x0, 0x3, 0x0, 0x1}]}, &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x24, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x80)
waitid(0x1, r4, 0x0, 0x60000007, 0x0)
r5 = socket$inet6_udp(0xa, 0x2, 0x0)
setsockopt$IP6T_SO_SET_REPLACE(r5, 0x29, 0x40, &(0x7f0000000980)=@raw={'raw\x00', 0x3c1, 0x3, 0x350, 0x0, 0x268, 0x33a, 0x0, 0x268, 0x280, 0x460, 0x460, 0x280, 0x460, 0xc, 0x0, {[{{@uncond, 0x0, 0x108, 0x148, 0xd8000000, {0x9402}, [@common=@unspec=@addrtype1={{0x28}, {0x0, 0x228}}, @common=@unspec=@statistic={{0x38}}]}, @common=@inet=@TCPOPTSTRIP={0x40}}, {{@ipv6={@private1, @empty, [], [], 'pim6reg0\x00', 'vxcan1\x00'}, 0x0, 0xd0, 0x138, 0x0, {}, [@inet=@rpfilter={{0x28, 'rpfilter\x00', 0x2}}]}, @unspec=@CT1={0x68, 'CT\x00', 0x1, {0x0, 0x0, 0x0, 0x0, 'snmp_trap\x00', 'syz0\x00'}}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x3b0)
r6 = socket$alg(0x26, 0x5, 0x0)
setrlimit(0xe, &(0x7f0000000100)={0x7, 0x1})
bind$alg(r6, &(0x7f0000000000)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc(aes-aesni)\x00'}, 0x58)
r7 = accept4(r6, 0x0, 0x0, 0x0)
r8 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0)
mkdirat(r8, &(0x7f0000000300)='./file0\x00', 0x100)
fcntl$getownex(r5, 0x10, &(0x7f0000000340))
mmap(&(0x7f0000221000/0x1000)=nil, 0x1000, 0x3000004, 0x30, r6, 0x42ac5000)
preadv(r8, &(0x7f0000000240)=[{&(0x7f0000033a80)=""/102386, 0xfffffd6e}], 0x1, 0x0, 0x0)
sendmmsg$inet6(r7, &(0x7f0000003b80)=[{{0x0, 0x0, 0x0}, 0xff03}, {{0x0, 0x0, &(0x7f0000000740)=[{&(0x7f0000000440)='&', 0x1}], 0x1}}], 0x2, 0x8000)
recvmmsg(r7, &(0x7f00000018c0)=[{{0x0, 0x0, &(0x7f0000001780)=[{&(0x7f0000000400)=""/34, 0x22}, {&(0x7f0000000480)=""/160, 0xa0}], 0x2}}, {{&(0x7f0000000540)=@pppol2tp={0x18, 0x1, {0x0, 0xffffffffffffffff, {0x2, 0x0, @multicast2}}}, 0x80, &(0x7f0000000c80)=[{&(0x7f0000000380)=""/8, 0x8}, {&(0x7f0000000ec0)=""/253, 0xfd}, {&(0x7f0000000840)=""/209, 0xd1}, {0x0}, {&(0x7f0000000a00)=""/79, 0x4f}, {&(0x7f0000000a80)=""/196, 0xc4}], 0x6}}, {{0x0, 0x0, &(0x7f0000000700)=[{&(0x7f0000000d40)=""/129, 0x81}], 0x1}}, {{&(0x7f00000005c0)=@caif=@rfm, 0x80, &(0x7f0000000640)}}, {{0x0, 0x0, &(0x7f0000001540)=[{&(0x7f0000001140)=""/206, 0xce}, {0x0}, {&(0x7f0000001300)=""/161, 0xa1}, {&(0x7f00000013c0)=""/65, 0x41}, {0x0}], 0x5, &(0x7f00000015c0)=""/246, 0xf6}}, {{0x0, 0x0, &(0x7f00000016c0)=[{&(0x7f00000017c0)=""/202, 0xca}], 0x1}}], 0x6, 0x10020, 0x0)

51.264216904s ago: executing program 1 (id=1061):
socket$inet(0x2, 0x1, 0x0)
ioctl$BTRFS_IOC_TREE_SEARCH(0xffffffffffffffff, 0xd0009411, 0x0)
r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
socket$inet6(0xa, 0x0, 0x0)
connect$inet6(0xffffffffffffffff, &(0x7f0000000000)={0xa, 0x0, 0x0, @empty}, 0x1c)
ioctl$TIOCGPGRP(0xffffffffffffffff, 0x540f, &(0x7f0000000040))
getsockopt$inet_IP_IPSEC_POLICY(0xffffffffffffffff, 0x0, 0x10, &(0x7f0000000500)={{{@in6=@mcast2, @in=@multicast2}}, {{@in6=@mcast2}, 0x0, @in6=@dev}}, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
r1 = syz_open_dev$MSR(&(0x7f0000000280), 0x0, 0x0)
read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
socketpair$nbd(0x1, 0x1, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
r2 = io_uring_setup(0x77f, &(0x7f0000000340)={0x0, 0x198d})
r3 = syz_open_dev$swradio(&(0x7f00000000c0), 0x0, 0x2)
read$hiddev(r3, &(0x7f0000000740)=""/43, 0x2b)
close_range(r2, 0xffffffffffffffff, 0x0)
bind$bt_hci(r0, &(0x7f0000000080), 0x6)
r4 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000180), 0x2, 0x0)
write$RDMA_USER_CM_CMD_CREATE_ID(r4, &(0x7f0000000100)={0x0, 0x18, 0xfa00, {0x0, &(0x7f0000000540)={<r5=>0xffffffffffffffff}, 0x2}}, 0x20)
write$RDMA_USER_CM_CMD_LISTEN(r4, &(0x7f0000000080)={0x7, 0x8, 0xfa00, {r5}}, 0x10)
write$RDMA_USER_CM_CMD_SET_OPTION(r4, &(0x7f0000000240)={0xe, 0x18, 0xfa00, @id_resuseaddr={0x0, r5}}, 0x20)
r6 = syz_io_uring_setup(0x95, &(0x7f0000000140), &(0x7f0000000300)=<r7=>0x0, &(0x7f0000000100)=<r8=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r7, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4)
syz_io_uring_submit(r7, r8, &(0x7f00000004c0)=@IORING_OP_FILES_UPDATE={0x14, 0x40, 0x0, 0x0, 0x0, &(0x7f0000000640)=[0xffffffffffffffff], 0x1})
io_uring_enter(r6, 0x47f6, 0x0, 0x0, 0x0, 0x0)
ioctl$sock_bt_hci(r0, 0x400448e6, &(0x7f0000000140))
r9 = socket$kcm(0x2, 0x0, 0x84)
syz_genetlink_get_family_id$devlink(&(0x7f0000000000), 0xffffffffffffffff)
sendmsg$inet(r9, &(0x7f0000000a00)={0x0, 0x0, 0x0}, 0x0)

24.846130514s ago: executing program 4 (id=1111):
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000240)={0x11, 0x3, &(0x7f0000000040)=ANY=[@ANYBLOB="180000000000000000000000000000009500000300000000"], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90)
syz_emit_ethernet(0x0, 0x0, 0x0)
r0 = socket$netlink(0x10, 0x3, 0x0)
setsockopt$netlink_NETLINK_PKTINFO(r0, 0x10e, 0xc, &(0x7f0000000040)=0x8, 0x4)
sendmsg$nl_route(r0, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000380)={&(0x7f0000000400)=ANY=[@ANYBLOB="2800000012000100"/20, @ANYRES32=0x0, @ANYBLOB="0000000000000000080003"], 0x28}}, 0x0)
fsetxattr(0xffffffffffffffff, &(0x7f0000000000)=@known='security.selinux\x00', 0x0, 0x0, 0x0)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000380)=@newlink={0x3c, 0x10, 0x439, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, 0x0, 0x1, @bridge={{0xb}, {0xc, 0x2, 0x0, 0x1, [@IFLA_BR_HELLO_TIME={0x8}]}}}]}, 0x3c}}, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@bloom_filter={0x1e, 0x0, 0x7fefd, 0x8, 0x0, 0x1, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000540)='rcu_utilization\x00'}, 0x10)
mount$fuse(0x0, &(0x7f00000001c0)='./file0\x00', &(0x7f0000002100), 0x0, &(0x7f0000000200)=ANY=[@ANYRESHEX, @ANYBLOB=',rootmode=00000000000000000100000,use', @ANYRESDEC=0x0, @ANYBLOB=',grou', @ANYRESDEC=0x0])
write$FUSE_INIT(0xffffffffffffffff, &(0x7f0000000040)={0x50, 0x0, 0x0, {0x7, 0x1f}}, 0x50)
syz_fuse_handle_req(0xffffffffffffffff, &(0x7f00000042c0)="0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000008000", 0x2000, &(0x7f00000062c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000006340)={0x20}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
syz_emit_vhci(&(0x7f0000000040)=@HCI_EVENT_PKT={0x4, @hci_ev_cmd_complete={{0xe, 0x8}, @hci_rp_read_stored_link_key}}, 0xb)
socketpair$nbd(0x1, 0x1, 0x0, 0x0)
openat(0xffffffffffffff9c, &(0x7f000000c380)='./file0\x00', 0x0, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x0, 0x0, 0x0, 0x8000, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
r1 = socket$inet6(0xa, 0x2, 0x0)
setsockopt$inet6_int(r1, 0x29, 0x33, &(0x7f0000000040)=0x200007b, 0x4)
syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
mkdirat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0)

24.497758704s ago: executing program 4 (id=1113):
r0 = bpf$PROG_LOAD(0x5, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
r1 = getpid()
sched_setscheduler(r1, 0x1, &(0x7f0000000100)=0x5)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000200)='rxrpc_tx_packet\x00', r0}, 0x10)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
syz_mount_image$fuse(0x0, &(0x7f0000002080)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0)
mount$tmpfs(0x0, 0x0, 0x0, 0x0, &(0x7f0000000100)=ANY=[@ANYBLOB='gid=', @ANYRESHEX])
mount(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f0000000080)='debugfs\x00', 0x0, &(0x7f0000000100))
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000001480)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
write$P9_RVERSION(0xffffffffffffffff, &(0x7f0000000080)=ANY=[@ANYBLOB="1500000065ffff097b000008003950323030302e4c"], 0x15)
write$FUSE_BMAP(0xffffffffffffffff, &(0x7f0000000100)={0x18}, 0x18)
write$FUSE_DIRENTPLUS(0xffffffffffffffff, 0x0, 0xb0)
write$FUSE_INIT(0xffffffffffffffff, &(0x7f0000004200)={0x50, 0x0, 0x0, {0x7, 0x1f}}, 0x50)
read$FUSE(0xffffffffffffffff, &(0x7f0000004140)={0x2020, 0x0, 0x0, <r4=>0x0}, 0x2020)
r5 = socket$inet6_tcp(0xa, 0x1, 0x0)
r6 = syz_open_dev$tty20(0xc, 0x4, 0x1)
ioctl$TIOCSETD(r6, 0x5423, &(0x7f0000000000)=0xf)
open(0x0, 0x0, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x11, 0x8, 0x0, &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90)
ioctl$TCFLSH(r6, 0x400455c8, 0x40000000004)
ioctl$TIOCSTI(r6, 0x5412, &(0x7f0000000180)=0x30)
getsockopt$sock_cred(r5, 0x1, 0x11, &(0x7f0000000100)={0x0, 0x0, <r7=>0x0}, &(0x7f0000000140)=0xc)
syz_mount_image$ext4(&(0x7f0000000180)='ext4\x00', &(0x7f00000001c0)='./file0\x00', 0x800700, &(0x7f0000000a80)={[{@journal_ioprio={'journal_ioprio', 0x3d, 0x5}}, {@journal_dev={'journal_dev', 0x3d, 0x8000}}, {@debug_want_extra_isize={'debug_want_extra_isize', 0x3d, 0x5c}}, {@minixdf}, {@resgid={'resgid', 0x3d, r7}}, {@grpquota}, {@usrjquota}]}, 0x3, 0x44a, &(0x7f0000000400)="$eJzs281vG0UbAPBn10n6vv1KKOWjpUCgQkR8JE1aoAcuIJA4FIEEh3IMTlpVdRvUBIlWFQ0IlQsSqgRnxBGJv4AbFwSckLjCHVWqoJcWTkG73m1t106b1rFD/ftJm8x4x555PDve2R07gIE1nv1JIrZGxG8RMVrPNhcYr/+7evls9e/LZ6tJrKy89WeSl7ty+Wy1LFo+b0uRmUgj0k+SopJmi6fPHJ+t1eZPFfmppRPvTS2ePvPssROzR+ePzp+cOXjwwP7pF56fea4rcWZxXdn94cKeXa+9c+H16uEL7/70bdbercX+xji6ZTwL/K+VXOu+J7pdWZ9ta0gnQ31sCGtSiYisu4bz8T8albjeeaPx6sd9bRywrrJz06bOu5dXgLtYEv1uAdAf5Yk+u/4ttx5NPTaESy/VL4CyuK8WW33PUKRFmeGW69tuGo+Iw8v/fJVtsU73IQAAGn1W/fJQPNNu/pfG/Q3lthdrKGMRcU9E7IiIeyNiZ0TcF5GXfSAiHlxj/a1LQzfOf9KLtxXYLcrmfy8Wa1vN879y9hdjlSK3LY9/ODlyrDa/r3hPJmJ4U5afXqWO71/59fNO+xrnf9mW1V/OBYt2XBxquUE3N7s0m09Ku+DSRxG7h9rFn1xbCUgiYldE7F7bS28vE8ee+mZPp0I3j38VXVhnWvk64sl6/y9HS/ylZPX1yan/RW1+31R5VNzo51/Ov9mp/juKvwuy/t/cfPy3FhlLGtdrF9dex/nfP+14TXO7x/9I8nbeLyPFYx/MLi2dmo4YSQ7l+abHZ64/t8yX5bP4J/a2H/87iudk9TwUEdlB/HBEPBIRjxZtfywiHo+IvavE/+PLnfdthP6fa/v5d+34b+n/tScqx3/4rlP9t9b/B/LURPFI/vl3E7fawDt57wAAAOC/Is2/A5+kk9fSaTo5Wf8O/87YnNYWFpeePrLw/sm5+nflx2I4Le90jTbcD51OlotXrOdninvF5f79xX3jLyr/z/OT1YXaXJ9jh0G3pcP4z/xR6XfrgHXXbh1tZqQPDQF6rnX8p83Zc2/0sjFAT/m9Ngyum4z/tFftAHrP+R8GV7vxf64lby0A7k7O/zC4jH8YXMY/DC7jHwbSnfyuX2KQE5FuiGZIrFOi359MAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA3fFvAAAA//+uEO7O")
write$FUSE_DIRENTPLUS(0xffffffffffffffff, &(0x7f0000000600)={0xb0, 0x0, 0x0, [{{0x2, 0x2, 0x80000000, 0x70a7, 0x4, 0x8, {0x2, 0x2, 0x3f, 0x5, 0xfffffffffffffffb, 0x9, 0x0, 0xce00, 0x10001, 0x0, 0x1, r4, r7, 0x9, 0xaa7}}, {0x6, 0x3f, 0x4, 0x1, 'GPL\x00'}}]}, 0xb0)

23.355299242s ago: executing program 4 (id=1115):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000300)=0x7)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0))
r0 = getpid()
sched_setscheduler(r0, 0x1, &(0x7f0000000100)=0x5)
mmap(&(0x7f0000b05000/0x1000)=nil, 0x1000, 0x0, 0x10, 0xffffffffffffffff, 0x27c97000)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000001480)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
openat$rtc(0xffffffffffffff9c, 0x0, 0x0, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0xc, 0xc, &(0x7f0000000240)=ANY=[@ANYBLOB="180000000008002b000000000000000018040000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000002000000b704000000000000850000004300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000240)=ANY=[], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x20, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
socket$nl_netfilter(0x10, 0x3, 0xc)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000400)={&(0x7f00000003c0)='sched_switch\x00', r3}, 0x10)
openat$hwrng(0xffffffffffffff9c, 0x0, 0x0, 0x0)
r4 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x19, 0x4, 0x8, 0x8, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
r5 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r4, @ANYBLOB="0000000000000000b7080000000000107b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b70400000000925e850000000100000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000400)={{r4}, &(0x7f0000000380), &(0x7f00000003c0)=r5}, 0x20)
r6 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f00000002c0)='mm_page_alloc\x00', r6}, 0x10)
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000280)={0x0, &(0x7f0000000040)=""/155, 0x1000000, 0x9b, 0x1, 0x0, 0x0, @void, @value}, 0x20)
syz_mount_image$iso9660(&(0x7f00000003c0), &(0x7f0000000400)='./file0\x00', 0x0, &(0x7f0000000580)=ANY=[@ANYBLOB="696f636861727365743d69736f383835392d352c6d6f64653d3078303030303030304930303030303030696f636861727365743d6d616363656e746575726f2c6d61703d61636f726e2c686964652c6e6f6a6f6c6965742c6d61703d6f66662c6d726d616c2c636865636b3d72656c617865642c757466382c63727566748ca720ad6851ab3b2c0068486e1cce52f5b1e5e41f0b1bfd3596b0470518bd04293772e8c1efc177f474ace49eb1da5d8985a87f2ebc9535519700"/200], 0x3, 0x3e2, &(0x7f0000000840)="$eJzs3M9u3EQcwPFx/sASpAqpok3THKaUQzh0aztko1UPyHhnN9N6bWvGWyUnFJGkipoURItEcyKXABI8RK88BM/CC1Q8Ash/tiTZJFvyb0P1/UjVzNo/z/zGXc1oHY0FAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAQTthyXc8RkY57y/J4Ycsk3RPO99v75EBxQr9COPk/UauJ6fLQ9PV/T39cNnKz/HRT1PKiJnY+vPHRg+sTY/3rT0joUjx/ufN0dWtr/btRJ3Lh/jzyaEfF2ia6G3SU1DaRzUbDvb/UtrKtI2VXbKa6MjQqyBIj58LPpNdszktVX0l6cacVRKp/cPGe77oN+bCeqsDYJL7/sG7DJR1FOu4UMfnpPGYx/yI+0pnMVNCVcmNza31+WOp5kPc2Qf6wIN/1fc/zfa+x0FxYdN2JgQPuIWIgYvRfWozWOc/gwOn9Xa3/AAAAAADg3eUUz9jz3/+TxXN4R7R1pNxRpwUAAAAAAM5R8Zf/m3kxmdemhcPvfwAAAAAA3jU/D91jZ9P3nT/+EsZMOrvp8qfOdpDHBdvj5XXjh1vM2jPOtaqRomhMVJ9CNevcKoNu9aNfV8XGsDycc0hA/CpmypiZtbJc658pe5lq60jVwyR64IkguDaWqeXs+2ebP4hi+L/E3WuO2NjcWq9//c3WWpHLbt7K7na1gWJgH8UJubx4s+/x6BFPFg9iqn6nyn7d/eMfKy8f+w997onbZcztqbKcOjj+Wt6nVz9u9FUW3hlHvidmy5jZubt5cXfuiCz8YVn4+7M41b14iyzmh2Uxf8YsAGBUNvatQrXq2MH1f2DdPcUsdzmr+564U8bcmSkm1omZI2Z0d9iM7p5xdft94B0Ix62xeb+/HVpVX+UXvDq2Xxv5Tn4Lx19sfytuPH+5c29ze/XJ+pP1Z74/33A/d90FX0wWw6gK1h4AwBGUee1MZT85xuj0K6/Z9IJsSUmThI+k0a2OkjrOlAmXgrijZGqSLAmTKK881i1lpe2laWIy2U6MTBOrl4s3v8jq1S9WdYM406FNIxVYJcMkzoIwky1tQ5n2voy0XVKmuNimKtRtHQaZTmJpk54JVV1Kq9S+QN1ScabbOq/GMjW6G5gV+TiJel0lW8qGRqdZUjbY70vH7cR0i2bro77ZAABcEW/eYHeBlVGPEQAAHHTqVfq9C0oIAAAAAAAAAAAAAAAAAAAAAAAMuIz9f5db+eJqpPF0tbrDP569wfGrMJz/feWD6j/kXFseFyMf1wVVRjgpAbgU/wQAAP//S0ucQg==")
r7 = bpf$PROG_LOAD(0x5, 0x0, 0x0)
socket$inet_icmp_raw(0x2, 0x3, 0x1)
socket$inet_icmp_raw(0x2, 0x3, 0x1)
syz_emit_ethernet(0x2a, &(0x7f0000000000)={@link_local, @dev, @void, {@ipv4={0x800, @icmp={{0x5, 0x4, 0x0, 0x0, 0x18, 0x0, 0x0, 0x0, 0x1, 0x0, @private, @broadcast}, @echo_reply={0xe0}}}}}, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000540)='rcu_utilization\x00', r7}, 0x10)
r8 = syz_open_dev$usbfs(&(0x7f0000000100), 0x77, 0x101301)
ioctl$USBDEVFS_FREE_STREAMS(r8, 0x802c550a, &(0x7f0000000000)=ANY=[@ANYBLOB="02002303100007006000000002000020d3"])

22.450908099s ago: executing program 4 (id=1116):
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000000b40)={<r1=>0x0, 0x0, <r2=>0x0}, &(0x7f0000000100)=0xb)
ioprio_set$uid(0x0, 0x0, 0x6000)
syz_mount_image$ext4(&(0x7f0000000bc0)='ext4\x00', &(0x7f0000000240)='./file1\x00', 0x204000, &(0x7f0000000300), 0x5, 0xbb8, &(0x7f00000017c0)="$eJzs3M1rXFUbAPDn3kymaZv3nfTlRawbIyItiNOkkmKLYCsVNy4E3QoN6aSETD9IIjVpFhP9B0RdC24EtSgu7LobRbdutN0qLoQisVEQ0cidjyQ2mTS1M70x/f3gzD3nnpl5nmcuM/cemJkA7luD2U0asT8iTiURpeb+NCKK9V5fRK1xv6XF+bFfF+fHklhefumnJJKIuLk4P9Z6rqS53dsc9EXE188m8b831sednp2bHK1WK1PN8aGZsxcOTc/OPTFxdvRM5Uzl3PCRp0YOjxwZOjrSsVp/++74lV8eef6H2u8f/nH557ffT+J49Dfn1tbRKYMxuPKarFWIiNFOB8tJT7OetXUmhds8KO1yUgAAtJWuuYZ7IErRE6sXb6X4/JtckwMAAAA6YrknYhkAAADY4RLrfwAAANjhWt8DuLk4P9Zq+X4j4d66cSIiBhr1LzVbY6YQtfq2L3ojYs/NJNb+rDVpPOyuDUbE99ePfpK16NLvkDdTW4iIBzc6/km9/oH6r7jX159GxFAH4g/eMv431X+8A/Hzrh+A+9PVE40T2frzX7py/RMbnP8KG5y7/om8z3+t67+lddd/q/X3tLn+e3GLMS598O7FdnNZ/U9fee7jVsviZ9u7KuoO3FiIeKiwUf3JSv1Jm/pPbTFG6c+LlXZzede//F7Egdi4/pZk8/8nOjQ+Ua0MNW43jLHw1chH7eLnXX92/Pe0qb/1/0/tjv+FLcZ45eTJT9ftvL7a3bz+9Mdi8nK9V2zueW10ZmZqOKKYvLB+/+HNc2ndp/UcWf0HH938/b9R/dlnQq35OmRrgYXmNhu/fkvMZy5f+qxdPq31X57H/3Sb47+2/i8L64//m1uM8dgXbx1sN7d2/Zu1LH5rLQwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAALWlE9EeSllf6aVouR+yNiP/HnrR6fnrm8fHzr547nc1FDERvOj5RrQxFRKkxTrLxcL2/Oj58y/jJiNgXEe+UdtfH5bHz1dN5Fw8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMCKvRHRH0lajog0IpZKaVou550VAAAA0HEDeScAAAAAdJ31PwAAAOx81v8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB02b6Hr15LIqJ2bHe9ZYrNud5cMwO6Lc07ASA3PXknAOSmkHcCQG7ucI3vcgF2oOQ2831tZ3Z1PBcAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAtq8D+69eSyKidmx3vWWKzbneXDMDui3NOwEgNz2bTRbuXR7AvectDvcva3wguc183+p9an+f2dW1nAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADYfvrrLUnLEVFs7iuXI/4TEQPRm4xPVCtDEfHfiPi21LsrGw/nnDMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACdNz07NzlarVamsk4azc7KHp3VTtJ4xWrbJR+du+wUY1uksU07eX8yAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACQh+nZucnRarUyNZ13JgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEDepmfnJker1cpUFzt51wgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAQH7+CgAA//9gfgp0")
r3 = openat(0xffffffffffffff9c, &(0x7f0000000040)='.\x00', 0x0, 0x0)
renameat2(0xffffffffffffff9c, &(0x7f0000000440)='./file0\x00', r3, &(0x7f0000000600)='./bus\x00', 0x0)
open(&(0x7f00000001c0)='./bus\x00', 0x42040, 0x0)
r4 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='cpuacct.usage_all\x00', 0x275a, 0x0)
ftruncate(r4, 0x47)
r5 = openat$pfkey(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0)
fcntl$setflags(0xffffffffffffffff, 0x2, 0x0)
keyctl$KEYCTL_CAPABILITIES(0x1f, 0x0, 0x0)
r6 = syz_open_dev$sndctrl(&(0x7f0000000040), 0x0, 0x0)
ioctl$SNDRV_CTL_IOCTL_HWDEP_INFO(r5, 0xc0045516, 0xffffffffffffffff)
r7 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000240), 0x0)
ioctl$SNDRV_SEQ_IOCTL_SET_CLIENT_POOL(r7, 0x4058534c, &(0x7f0000000280)={0x80, 0x8, 0x1f, 0x80})
r8 = inotify_init()
inotify_add_watch(r8, &(0x7f0000000040)='./bus\x00', 0xe0000444)
syz_mount_image$hfsplus(&(0x7f0000000000), &(0x7f0000000080)='./file0\x00', 0x80000c, &(0x7f0000000a40)=ANY=[@ANYBLOB="706172743d3078303030303030303030303030303030342c6e6c733d69736f383835392d312c73657373696f6e3d3078666666666666666666666666666637662c747970653d883b7f382c63726561746f723dddf2bd6c2c7569643d", @ANYRESHEX=0x0, @ANYBLOB=',uid=', @ANYRESHEX=0x0, @ANYRES64=r6, @ANYRESHEX=0x0, @ANYRESDEC=r1, @ANYRESHEX=0x0, @ANYRES8=r2], 0x1, 0x6e4, &(0x7f0000000340)="$eJzs3UtoHOcdAPD/rFarXRccOfEjLYEsMaSlorZkobTqpW4pRYdQQnroebHlWHgtB0kpsimN0se9h5x6Sg+6hR5Keje054ZAyVXHQCGXnHRTmdnZ1Wg1+5CtV9LfT8zMN99rvvnPzsw+EBPA/62lmag+jSSWZt7cTNd3tufbE9vzU3lxOyJqEVGJqHYWkaxGWjrR6+LbaWaeTgZt58OVxbc//2rni85aNZ+y+pVh7UrUDmdt5VM085E1S1tODujxk/7NH+jvzsD+xpX09vB2RFzPlxF/ea5e4bntHbLVK/v4P9l8WPOjnLfAOZUU7+gF0xEXIqIekd31I786VE53dMdv66wHAAAAAEfVOHqTF3ZjNzbj4kkMBwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAL6p8uf/J/lU6aabkXSf/1/L8yJPn0OjH4T42VRn+fTkBwMAAAAAAAAAJ+7V3diNzbjYXd9Lst/8Xyv8xv+teC/WYznW4kZsRis2YiPWYi4ipgsd1TZbGxtrc1nLiMtDWt6KT0ta3ho8xtvHvM8AAAAAAAAAcM7VR5Q/mDyc9/tY2v/9HwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAzoMkYqKzyKbL3fR0VKoRUY+IWlpvK+LTbvprIinLfHr64wAAAIDnUj+4mtTHaPPC+7Ebm3Gxu76XZJ/5r2afl+vxXqzGRqzERrRjOe7mn6HTT/2Vne359s72/MN0OtzvT7880tCzHqPz3UP5ll/OajTiXqxkOTfiTiSxl6nkvby8sz2fLh+Wj+uDdEzJT3JDRjNRSN9NZ9c+ydJ/PvgtQvVIu/iMKgNLprPSyV5EZvOxpS0udSNQHomRR6c6dEtzUel983N5+JbKY/7B8K1f6KtV+s3NmeiPxK2o9I7Q1eGRiPjuPz7+9f326oP799Znzs8ulXp/ZI3+SMwXInHtGxSJ0WazSFzprS/FL+JXMRNfTr0Va7ESv4lWbMRys1veyl/P6Xx6eKQ+u1Bce2vUSNJzstm7fpWNqRkHxhTN+HmWasVr2TG9GCuRxKOIWI43sr9bMde7Guwf4StjnPWVMa60Bde/ly16YYrG4Lp/G6/L45LG9VIhrsVr7nRWVszZj9KLpVHq3uvGvx8VVL+TJ9Ie/jD0/nDa+iMxV4jES4NeL52Q/nUvna+3Vx+s3W+9O+b2Xs+X6Xn0p3N1l0iP8ItRz3fuUjZPsnNqNit7qXeHPRivWv6LS0flUNmVXrvOmfrLeBR3D5ypP4yFWIjFrPbVrPbkoTtWWnat19PBa3halr7TqvZ+2Cm+33oU7c77IQDOtwvfv1Br/Lfx78ZHjT827jferP9s6kdTr9Ri8l+TP67OTrxeeSX5e3wUv9v//A8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAADy79cdPHrTa7eW18kSlvCgZ3qrV3us+SKy8ThzKSfJH5YwYT5pI1h8/2RtRpz8RfTlT+fDGbH6Sie7TGkdXbp7gMJKt/uNVH30suk95ynOG7UVyKOBp42cec3fL+zmT5+BQ9ieax9dh9wVbPImO/OptHDxenaKJiCg9ZYabOIaLD3Cmbm48fPfm+uMnP1h52Hpn+Z3l1cmFhcXZxYU35m/eW2kvz3bmhQan8vBb4DQU30701CLi1dFthzyoFQAAAAAAAAAAADhBp/G/EGe9jwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMDX29JMVJ9GEnOzN2bT9Z3t+XY6ddP7NasRUYmI5LcRyT8jbkdniulCd8mg7Xy4svj251/tfLHfV7VbvxKxNbDdeLbyKZoRMZEvj6u/O6P7q+0np0qKk15k0oBd7wYOztr/AgAA//94PumP")
r9 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='cpuacct.usage_sys\x00', 0x275a, 0x0)
write$binfmt_script(r9, 0x0, 0x0)
dup(0xffffffffffffffff)
bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f00000003c0)={0x2, 0x4, 0x8, 0x1, 0x80, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x1, 0x0, 0x5, 0x0, @void, @value, @void, @value}, 0x48)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
sendmsg$inet(0xffffffffffffffff, 0x0, 0x0)
syz_mount_image$tmpfs(&(0x7f00000000c0), &(0x7f0000000040)='./file0\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f0000000180))
mount(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000000)='binder\x00', 0x0, 0x0)
openat2$dir(0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', &(0x7f00000001c0)={0x0, 0x0, 0x2d}, 0x18)
socket$nl_route(0x10, 0x3, 0x0)
socket$inet_tcp(0x2, 0x1, 0x0)

21.825883543s ago: executing program 4 (id=1117):
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0xc, 0xe, &(0x7f0000001e40)=ANY=[@ANYBLOB="b702000026000000bfa300000000000005000000000000007a0af0fff8ffffff79a4f0ff00000000b7060000ffffffff2d6405000000000065060400010000050404000001007d60b7030000000000006a0a00fe00000000850000000d000000b7000000000000009500000000000000496cf27fb6d2c643db7e2d5fb4b0936cdf827fb43a431ca711fcd0cdfa146ed3d09a6175037958e27106e225b7937f02008b5e5a076d83923dd29c034055b67d5b310efcfa89147a09000000f110026e6d2ef831ab7ea0c34f17e3ad6eecbb622003b538dfd8e012e79578e51bc53099e90f4580d760551b5b0a341a2d7cbdb9cd38bdb2ca8e050000003a14817ac61e4dd11183a13477bf7e060e3670ef0e6a9f65f1328d6704902cbe7bc04b82d2789cb132b8667c214733a18c8b6619f28d9961b626c57c2691208173656d60a17e3c184b751c51160fbcbbdb5b1e7be6148ba532e60a0ac346dfebd31a08060000000200000000000000334d83239dd27080e71113610e10d858e8327ef01fb6c86acac12233f9a1fb9c2aec61ce63a38d2fd50117b89a9ab359b4eea0c6e957bc73ddc4eabba08ab1e1ad828267d4eadd3964663e88535c133f7130856f756436303767d2e24f29e5dad9796edb697a6ea0183babc190ae2ebf8aad34732181feb215139f15ea7e8cb0bae7c34d5ac5e7c805210600000000000000c3dec04b25dfc17975238345d4f71ab158c36657b7218baa0700f781c0a99bd50499ccc421ace5e845885efb5b9964e4beba3da8223fe5308e4e65ee93e107000000f8ddebf70132a4d0175b989b8eccf707882042e716df9b57b290c661d4e85031086197bcc5cb0e221a0c34323c129102b6ff0100002e88a1940b3c02ed9c92d6f64b1282dc51bb0015982730711c599e1c72ffa11ed8be1a6830d7507005154c46bd3ca96318c570f0721fc7aa2a5836ba99fe1f86468694f22cdf550ef091a78098534f0d973059594119d06d5ea9a8d0857382ec6e2a071474cfc12346e47ad97f4ead7cf70a9d1cdac944779dc08a705414888700a30e2366c6a06b3367a389ca39059787790017b0689a173db9c24db65c1e00015c1d093dab18fd0699fe3304020000323e9c7080397bc49d70c060d57bc88fbe3bbaa058b040362ab926150363fb099408885afc2bf9a46a076b7babfcddeff8c35030669ea69f5e4be1b8e0d6697e97186f9ae97d5670dba6623279f73db9dec75070cd9ab0fda6b069ef6d2857ca3e4effcf7462710d133d541da86e0477e4a6cc999dc21c3ef408e6b178e7c9f274d7fafc8d757d33dfa35aa2000034837d365e63845f3c1092f8dde8af3904ea0f4b82649b83ed4fa0f873339c4cadecc13219ba7518aa4f7db34ead13484742067ab743c1d82a5687f2ed69000000000000000000000000009a6d1852cfe790362ca800000000000000000099d4fa0000000000003f0ecdc7c82e72919c91d2039afe17e95edeeeba72205beff7771bcb293747b88486cacee403000000a2919a4bff2ed893f2c814679fa69fc7e0cf761f918725704a01c56009a9f748e5aaf30a10bd8c409b1870c1f75e26b45264e3d3f8e0048e55ae289ce2ad779ce71d4dc30cbb2cc4289d2f884d66cddc76eb7f601110ff39053c262279f4ef00fbdb8c328615a9ec84f27a9f3938ae736138b8c1ec220c1540bf3d162dc1c27fa30f0dc60b9f257db5d1c7ed2e152cb2cf06f8edb30177fead735a952ffce676a93110904d5ee2abdab2ef3ff84c4d61443f73552195c7ccfbf9f03c44432eaa3b7501d4239354da8de21eada75d3a3afb2c76ff0700007976699b6c0f0e946766f57544ff52cef0dd811bec4e3c0a30f2d7d19d26d2503a3ea376721b8eded3bc475958dd498ee2b2d6146e33fc0de1dc2e0516ac565ddb1d4ae89e671282a2d3066ac968c7d7d7db195f255b1b4a85eb9ee0a3b68c9e209756623adf685dd715d68ed11e4b4d5502f512493af8f98c615cac3666c58f785c3f758be352a71871d5c081197d37980e4f4e26b5476fb20407ff7098b7174bef66fa03a99b5c0c20b378065fac4ef9ac2d0d804b9400000060e5d3f1749f6aecf69ba83a71caa9bdddc679f1b826f74b6563a4be1fd82b73c8c2bc65f63982b951fb058fd3c7b6341c4580376b6c16bd94d2da66059de81abfa15eeeae3b0ba38d8bb1bf032c73f1285e21fff5a1d138e061b1dc7bbda199b5fab8e0719e9cd69b47dcb52b0be6a3a73afdf328132e1d4f21065716be0c53a23940d07188b015fa341dbc92231c8b5e5717eac184f46c9f61b69f55cd2231bcf821052429a1f250e8b734be0605a15f25923d599544b319319ff0a32621019347df460a098119a6f47eb1bac47946d7a009cbc6ec74c19a93cc7c7138b28c95270116181fd5f553573c48104d2ad0e10d3663488e664401453f22f0d76d2162635365258af61ae1f46f4a7862f302d91e3f7c2781f602220522e84602a939a8d5e4137ae31ccd397404dc72e06715a6503d4d865182803ee6725da7293b23daeebefd6fce7411c9624a7e8d5ba5a13e1c32adc4f3274497c6882a72475e4280a4d9a47c003c6ed3071330c58145be813a10788a720a6b5a498ca2b42496c479a0a71e2f6f9bad8c84bc6be20281bde0b348cf2c60538a505ad4a0510eebb023e4954c9eb6cd70627f5c03d867dbf3ad5d1f1dc852064dd0efafc3df20ec8faf3d194db76127f88f284fa1b71ab964fdd2474471da76373e65e9a8bf844bdfdd348bc7d00c4c7e7afe8a1f8cde79b7a6c5aafe954b8ba37818e40c14b37c23f9f614576b689436fef2f27f8b1e756e00262e22bca49c43fd73e7e99b2fa44a8c1db99c2cf2735ad6c5fabf082e0df0f8ba7e24272165f2f5b28230c095162b3b5fb3832ee68e2b53d44bd84bf6770157e96bbb96b5e1f165c87e7a9a7d53c281d88ebb175a4dbb82130e6870982947913110f091d21760d985afd3163f2e6880682432f9b3b97d57a9f980edfa1116a3d04d58872a07d6a7e12db673acd2f7b8988d833e71943fe2c1c65a3cf36b955c56b55bfd3ecf0af694c71a03f2996c15b1ba971de1cb9c7e6a0000000000000014783ef54c51199317413f98dca8ff3df3572a7d9ef5f6103997f1f9e4b0c3970bda50f6c0af58dbd6c031b1a5a7512c5896514adfa17d31429c68db50a93d88199defd3b4625fea426ff9293a28a544a6a9e2a79b55daa1b3c6b14c4ec6d164e902ce4913843d65d841973468729ea12bf6d3499036dbb66718f3497855c3baa6cc07c0fa388ec9df0617c1a28ef5a595ee267a76175b8a057e6efaf4fefe46def451f2858fe71a53e77b1a44e98843bb3a40102da3703dfb9f61bdcea2fb810b32d52e2157a150a63ea6135d1cf6f864c2e68884d7245bc5d61dc5a114d10ffb22e76678bbfc1e3865d17d128306d1b81884a934cb00000000000000000098a4526e6468987dbc63bff7590eb388afaba43d811996333eef7e9f472bee293f0c40d434b8be07cbd52325296e22802493edb5c590ad208bac683a8b2d4c9d2d57ff846ae8c422e0b28546671f11d8157bb762c91f3fbcca8e21589c92446ae65d408c0637ffcc2d44d715ce003dd1e12b085e186d069a55c2e96efbe5024d61a56a36d988c0f51a973a6c238e545b28211a92000000001501aed8d72af0fcd540a9d4e293690c5e697b3a1480e46df5371bca1cfb28a57c1b3c9534229d6133fa814a0a67385fea04220423"], &(0x7f0000000340)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x48)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000900)={r0, 0x18000000000002a0, 0x1c, 0x0, &(0x7f0000000040)="76389e147583ddd0569ba56a88a855055aa57dd856862078721e8137", 0x0, 0x0, 0x60000000, 0x0, 0x0, 0x0, 0x0}, 0x50)
r1 = openat$sw_sync_info(0xffffffffffffff9c, &(0x7f0000000400), 0x0, 0x0)
clock_gettime(0x9, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r2 = getpid()
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xb, &(0x7f00000002c0)=ANY=[@ANYRESOCT=r2], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, r1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
r3 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f00000015c0), 0x2, 0x0)
ioctl$VHOST_SET_VRING_BASE(r3, 0xaf01, 0x0)
ioctl$VHOST_SET_VRING_BASE(r3, 0x4008af12, &(0x7f0000000540)={0x1, 0x7d})
ioctl$VHOST_SET_LOG_FD(r3, 0x4004af07, &(0x7f0000000240))
r4 = syz_open_dev$usbfs(&(0x7f0000003f00), 0x1ff, 0xa401)
ioctl$USBDEVFS_ALLOW_SUSPEND(r4, 0x5522)
ioctl$USBDEVFS_CONTROL(r4, 0xc0185500, &(0x7f0000000140)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
ioctl$VHOST_SET_VRING_ADDR(r3, 0x4028af11, &(0x7f0000000140)={0x3, 0x0, 0x0, &(0x7f00000001c0)=""/53, 0x0})
ioctl$VHOST_SET_VRING_ADDR(r3, 0x4028af11, &(0x7f0000000280)={0x1, 0x1, &(0x7f0000000380)=""/247, &(0x7f00000000c0)=""/87, &(0x7f0000000640)=""/78})
ioctl$VHOST_SET_MEM_TABLE(r3, 0x4008af03, &(0x7f0000000500)={0x80001e2, 0x0, [{0x0, 0xfffffeb4, &(0x7f00000005c0)=""/107}]})
ioctl$VHOST_VSOCK_SET_RUNNING(r3, 0x4004af61, &(0x7f0000000000)=0x1)
close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2)
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu/syz1\x00', 0x1ff)
r5 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0)
writev(r5, 0x0, 0x0)

18.569766951s ago: executing program 4 (id=1122):
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
connect$inet6(r0, &(0x7f0000000000)={0xa, 0x4001, 0x9, @dev={0xfe, 0x80, '\x00', 0x1b}, 0x10}, 0x1c)
sendmsg$NL80211_CMD_FRAME(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000640)={&(0x7f0000000040)=ANY=[@ANYBLOB='p\x00\x00', @ANYBLOB, @ANYBLOB="5100330080000000080211000000080211000000a5fcc8639e9800000000000000000000640000000006020500000000000000060000000000000602000025030000003c04"], 0x70}}, 0x0)
write$binfmt_script(0xffffffffffffffff, 0x0, 0x0)
epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, 0x0)
syz_emit_ethernet(0x2d4, &(0x7f00000001c0)={@dev, @dev, @void, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, "cb653e", 0x29e, 0x3a, 0x0, @dev, @dev, {[], @ndisc_ra={0x86, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, [{}, {}, {0x0, 0x1, "d429145c793e823829b4376332"}, {0x0, 0x4f, "130c3818a2eaac43f1a6efc4f7772852ea05bff405aa28758ba53e0f2060e4e027f24bb723a5571d0da2ebeb3fe47f34e606cb3987e3681841f511126b773758e143f6be25d6965fcca35155fec3f970e2067f5db8a5de787eaf96b5957e6b988c02ae9fe26ec3118d9fdcca129d1269b290f687cde5b4eaba737c806335ca0d1e43697d144c6df4dc0d31e84004bc22e87b6e2daab5674479c76a1be360d309e7e7e5fa089032b331a3ceea18d92124681c0b78a0f1665ffcba0bee11950f6b4912bb302b3e648fad7ff4862ccc823e720fdb20af8ab0a6a09dfcdacf69923d60a0efeacf81e1e7e17db9547a4962bdec794c013af7210e54d43f3fe7da2f88c674f4cfd818f6a7461368bf62f1d5f98fd9394eb74bf0559f1c6b1ebec57dba007f143108ca4be3fa330cc21a411b0b7af23ebd9282be17fb702a5ca61650b283eec78e0280e4f2713b42bd4e3615c48c55c1abe5827601038109736f9c6b7242e7c9c917309397b864eedf5ca71db1debb609b6381b54955706017731319e0cc41083f99bd11da748b47d8715080899eb15caf19df36632b73bb22596b8e16186a2e51e277f8c78df609ca44a83914e8f7a8b053210573941b560ff8b114326678c6851c74596300b1c2a1ddc0af5b4cb5f15fa61e42214341368152275070973f3063f35fded9eeb535a0837783921dc2b705e0a0ceacca1882ff23813bc9199a9be39559c9f82a7452ce6113780cd7d26f532b72603afbfe994f5baf7257c9a33b9ac1ecd0b69da263daa9ac7e6a8d4400341926ed1f0c0e9086009c7945c0b255716f5b0dac45a9af480dc1f17beba2a2cddeafed29ecc91ce704895e28d0c46e639591c667a7f34500ea98ef557801dccf733fa61f3c"}]}}}}}}, 0x0)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
r2 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000140), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f00000013c0)={'wlan1\x00', <r3=>0x0})
sendmsg$NL80211_CMD_FRAME(r1, &(0x7f0000001380)={0x0, 0x0, &(0x7f0000001340)={&(0x7f0000000000)=ANY=[@ANYBLOB="f4060000", @ANYRES16=r2, @ANYBLOB="01000000000000e14f003b00000008000300", @ANYRES32=r3, @ANYBLOB="d506330080000000ffffffffffff080211000001"], 0x6f4}}, 0x0)
socket$nl_xfrm(0x10, 0x3, 0x6)
r4 = socket$inet(0x2b, 0x801, 0x0)
sendto$inet(r4, 0x0, 0x0, 0x24004800, 0x0, 0x0)
setsockopt$IP_VS_SO_SET_ADD(r4, 0x0, 0x482, &(0x7f0000000000)={0x84, @private, 0x0, 0x4000000, 'wrr\x00'}, 0x2c)
setsockopt$IP_VS_SO_SET_FLUSH(r4, 0x0, 0x485, 0x0, 0x0)
getsockopt$inet6_IPV6_XFRM_POLICY(0xffffffffffffffff, 0x29, 0x23, &(0x7f00000004c0)={{{@in6=@dev, @in=@empty}}, {{@in6=@ipv4={""/10, ""/2, @multicast2}}, 0x0, @in=@dev}}, &(0x7f0000001d80)=0xe8)
r5 = socket$netlink(0x10, 0x3, 0x0)
getsockopt$sock_cred(r5, 0x1, 0x11, &(0x7f0000000040)={0x0, <r6=>0x0}, &(0x7f0000000080)=0xc)
sendmsg$netlink(r5, &(0x7f0000001280)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f00000041c0)=ANY=[@ANYBLOB="240000002d000100000000000300000008000000", @ANYRES32=r6, @ANYBLOB="0bd5916e1e72a4c0bba23f00"], 0x24}], 0x1}, 0x0)
getsockopt$sock_cred(r4, 0x1, 0x11, &(0x7f00000001c0), &(0x7f0000000200)=0xc)
getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000001440)={<r7=>0x0, 0x0, <r8=>0x0}, &(0x7f0000001480)=0xc)
r9 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$ifreq_SIOCGIFINDEX_team(r9, 0x8933, &(0x7f0000000000))
syz_genetlink_get_family_id$fou(&(0x7f00000000c0), r9)
r10 = socket(0xa, 0x3, 0x4)
ioctl$sock_SIOCBRDELBR(r10, 0x89a2, &(0x7f0000000000)='bridge0\x00')
getsockopt$inet_IP_IPSEC_POLICY(0xffffffffffffffff, 0x0, 0x10, &(0x7f0000001900)={{{@in=@initdev, @in=@local, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, <r11=>0x0}}, {{@in6=@loopback}}}, &(0x7f0000001a00)=0xe8)
setsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000001a40)={r7, r11, r8}, 0xc)
syz_genetlink_get_family_id$devlink(&(0x7f00000007c0), r10)
socket(0x15, 0x4, 0xff)

6.844938014s ago: executing program 0 (id=1142):
r0 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r0, &(0x7f0000000280)={0x26, 'hash\x00', 0x0, 0x0, 'sha224-avx\x00'}, 0x58)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000080)='sched_switch\x00'}, 0x10)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r4 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000640)={0x3, 0x4, &(0x7f0000000040)=@framed={{}, [@ldst={0x0, 0x0, 0x3, 0x0, 0x1}]}, &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x24, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x80)
waitid(0x1, r4, 0x0, 0x60000007, 0x0)
r5 = socket$inet6_udp(0xa, 0x2, 0x0)
setsockopt$IP6T_SO_SET_REPLACE(r5, 0x29, 0x40, &(0x7f0000000980)=@raw={'raw\x00', 0x3c1, 0x3, 0x350, 0x0, 0x268, 0x33a, 0x0, 0x268, 0x280, 0x460, 0x460, 0x280, 0x460, 0xc, 0x0, {[{{@uncond, 0x0, 0x108, 0x148, 0xd8000000, {0x9402}, [@common=@unspec=@addrtype1={{0x28}, {0x0, 0x228}}, @common=@unspec=@statistic={{0x38}}]}, @common=@inet=@TCPOPTSTRIP={0x40}}, {{@ipv6={@private1, @empty, [], [], 'pim6reg0\x00', 'vxcan1\x00'}, 0x0, 0xd0, 0x138, 0x0, {}, [@inet=@rpfilter={{0x28, 'rpfilter\x00', 0x2}}]}, @unspec=@CT1={0x68, 'CT\x00', 0x1, {0x0, 0x0, 0x0, 0x0, 'snmp_trap\x00', 'syz0\x00'}}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x3b0)
r6 = socket$alg(0x26, 0x5, 0x0)
setrlimit(0xe, &(0x7f0000000100)={0x7, 0x1})
bind$alg(r6, &(0x7f0000000000)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc(aes-aesni)\x00'}, 0x58)
r7 = accept4(r6, 0x0, 0x0, 0x0)
r8 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0)
mkdirat(r8, &(0x7f0000000300)='./file0\x00', 0x100)
fcntl$getownex(r5, 0x10, &(0x7f0000000340))
mmap(&(0x7f0000221000/0x1000)=nil, 0x1000, 0x3000004, 0x30, r6, 0x42ac5000)
preadv(r8, &(0x7f0000000240)=[{&(0x7f0000033a80)=""/102386, 0xfffffd6e}], 0x1, 0x0, 0x0)
sendmmsg$inet6(r7, &(0x7f0000003b80)=[{{0x0, 0x0, 0x0}, 0xff03}, {{0x0, 0x0, &(0x7f0000000740)=[{&(0x7f0000000440)='&', 0x1}], 0x1}}], 0x2, 0x8000)
recvmmsg(r7, &(0x7f00000018c0)=[{{0x0, 0x0, &(0x7f0000001780)=[{&(0x7f0000000400)=""/34, 0x22}, {&(0x7f0000000480)=""/160, 0xa0}], 0x2}}, {{&(0x7f0000000540)=@pppol2tp={0x18, 0x1, {0x0, 0xffffffffffffffff, {0x2, 0x0, @multicast2}}}, 0x80, &(0x7f0000000c80)=[{&(0x7f0000000380)=""/8, 0x8}, {&(0x7f0000000ec0)=""/253, 0xfd}, {&(0x7f0000000840)=""/209, 0xd1}, {0x0}, {&(0x7f0000000a00)=""/79, 0x4f}, {&(0x7f0000000a80)=""/196, 0xc4}], 0x6}}, {{0x0, 0x0, &(0x7f0000000700)=[{&(0x7f0000000d40)=""/129, 0x81}], 0x1}}, {{&(0x7f00000005c0)=@caif=@rfm, 0x80, &(0x7f0000000640)}}, {{0x0, 0x0, &(0x7f0000001540)=[{&(0x7f0000001140)=""/206, 0xce}, {0x0}, {&(0x7f00000013c0)=""/65, 0x41}, {&(0x7f0000001440)=""/233, 0xe9}], 0x4, &(0x7f00000015c0)=""/246, 0xf6}}, {{0x0, 0x0, &(0x7f00000016c0)=[{&(0x7f00000017c0)=""/202, 0xca}], 0x1}}], 0x6, 0x10020, 0x0)

5.888000786s ago: executing program 0 (id=1143):
syz_emit_vhci(&(0x7f0000003040)=ANY=[@ANYBLOB="040e08002320"], 0xb)

5.685951363s ago: executing program 0 (id=1145):
r0 = socket$inet6(0xa, 0x2, 0x0)
bind$inet6(r0, &(0x7f0000000480)={0xa, 0x4e20, 0x0, @mcast1, 0x1}, 0x1c)
r1 = socket$inet6(0xa, 0x2, 0x0)
setsockopt$sock_int(r1, 0x1, 0xf, &(0x7f0000f59ffc)=0x4, 0x4)
bind$inet6(r1, &(0x7f0000000480)={0xa, 0x4e20, 0x0, @mcast1, 0x2}, 0x1c)
r2 = socket$inet6(0xa, 0x2, 0x0)
setsockopt$sock_int(r2, 0x1, 0xf, &(0x7f0000f59ffc)=0x4, 0x4)
bind$inet6(r2, &(0x7f0000000480)={0xa, 0x4e20, 0x0, @mcast1, 0x2}, 0x1c)
r3 = socket$inet6(0xa, 0x2, 0x0)
setsockopt$sock_int(r3, 0x1, 0xf, &(0x7f0000f59ffc)=0x4, 0x4)
bind$inet6(r3, &(0x7f0000000480)={0xa, 0x4e20, 0x0, @mcast1, 0x2}, 0x1c)
r4 = socket$inet6(0xa, 0x2, 0x0)
setsockopt$sock_int(r4, 0x1, 0xf, &(0x7f0000000040)=0x8, 0x4)
bind$inet6(r4, &(0x7f0000000480)={0xa, 0x4e20, 0x0, @mcast1, 0x2}, 0x1c)
r5 = socket$inet6(0xa, 0x2, 0x0)
setsockopt$sock_int(r5, 0x1, 0xf, &(0x7f0000f59ffc)=0x4, 0x4)
bind$inet6(r5, &(0x7f0000000480)={0xa, 0x4e20, 0x0, @mcast1, 0x2}, 0x1c)
r6 = socket$inet6(0xa, 0x2, 0x0)
bind$inet6(r6, &(0x7f0000000000)={0xa, 0xe20, 0x0, @empty}, 0x1c)
r7 = socket$inet6(0xa, 0x2, 0x0)
setsockopt$sock_int(r7, 0x1, 0xf, &(0x7f0000000080)=0x5, 0x4)
bind$inet6(r7, &(0x7f0000000480)={0xa, 0x4e20, 0x0, @mcast1, 0x2}, 0x1c)
r8 = socket$inet6(0xa, 0x2, 0x0)
bind$inet6(r8, &(0x7f0000000480)={0xa, 0x4e20, 0x0, @ipv4={'\x00', '\xff\xff', @empty}}, 0x1c)
r9 = socket$inet6(0xa, 0x2, 0x0)
bind$inet6(r9, &(0x7f0000000480)={0xa, 0x4e20, 0x0, @mcast2, 0x2}, 0x1c)
r10 = socket$inet6(0xa, 0x2, 0x0)
setsockopt$sock_int(r10, 0x1, 0xf, &(0x7f0000f59ffc)=0x4, 0x4)
bind$inet6(r10, &(0x7f0000000480)={0xa, 0x4e20, 0x0, @mcast1, 0x2}, 0x1c)
r11 = socket$inet6(0xa, 0x2, 0x0)
bind$inet6(r11, &(0x7f0000000480)={0xa, 0xe20, 0x0, @mcast1, 0x4}, 0x1c)

5.672805754s ago: executing program 2 (id=1146):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
bpf$ENABLE_STATS(0x20, 0x0, 0x0)
r1 = openat$sw_sync(0xffffffffffffff9c, &(0x7f0000000380), 0x0, 0x0)
ioctl$SW_SYNC_IOC_CREATE_FENCE(r1, 0xc0285700, &(0x7f0000000100)={0x1, "fa02c8098000", <r2=>0xffffffffffffffff})
r3 = openat$sw_sync(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
ioctl$SW_SYNC_IOC_CREATE_FENCE(r3, 0xc0285700, &(0x7f0000000000)={0x2, "fa02c80a3a1e9d4b81af000000008d674fe69b5b7638dd031dd7504fe5809639", <r4=>0xffffffffffffffff})
ioctl$SYNC_IOC_MERGE(r4, 0xc0303e03, &(0x7f0000000080)={"6739669f274d13b691ebe45b00e4f5b53e0ca34dd02acecdc67c5e3126628168", r2, <r5=>0xffffffffffffffff})
ioctl$SYNC_IOC_MERGE(r5, 0xc0303e03, &(0x7f0000000080)={"000c00816800df00", r5, <r6=>0xffffffffffffffff})
ioctl$SYNC_IOC_FILE_INFO(r6, 0xc0383e04, &(0x7f0000000180)={""/32, 0x0, 0x0, 0x2, 0x0, 0x0})
bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0xb, 0x7, 0x10001, 0x0, 0x1, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000040)='sched_switch\x00'}, 0x10)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r7 = getpid()
sched_setscheduler(r7, 0x1, &(0x7f0000000100)=0x5)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000001480)={<r8=>0xffffffffffffffff, <r9=>0xffffffffffffffff})
connect$unix(r8, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r9, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r8, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r10 = bpf$MAP_CREATE(0x100000000000000, &(0x7f0000000140)=@base={0xa, 0x16, 0xb3, 0x7f, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000440)={0x18, 0xb, &(0x7f0000000080)=@framed={{0x18, 0x3}, [@func={0x85, 0x0, 0x1, 0x0, 0x6}, @map_fd={0x18, 0x0, 0x1, 0x0, r10}, @generic={0x66}, @initr0, @exit, @alu={0x7, 0x0, 0x1, 0x3}]}, &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90)
sendmsg$IPCTNL_MSG_EXP_GET(r0, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000008c0)=ANY=[@ANYBLOB="40000000010201010000000000020000002c000180060003400000000014000180524cdb9dfb47a0aa08000200000000000c0002800500010000000000000000"], 0x40}}, 0x0)
r11 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000013c0)={0x18, 0x3, &(0x7f0000000080)=@framed, &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000280)={&(0x7f0000000040)='contention_end\x00', r11}, 0x10)
syz_mount_image$ext4(&(0x7f0000000140)='ext4\x00', &(0x7f0000000000)='./file0\x00', 0x804000, &(0x7f0000000100), 0x3, 0x4ce, &(0x7f0000000e00)="$eJzs3c9rHNcdAPDvjFaubMuV3PbgGuqa1kU2rVeSVduiB1eF0p4Mbd27q0orIbTSCmllW8IEmfwBgZBfJKeccgnkDwgE/wkhYEjuIYQEk9jOIYckG3Y1aytrrSRjrdbWfj7wNDNvRvv9Pol5u2/esBNAxzoZEWMR0RURZyKiL6tPsxJr66V63P17NyeqJYlK5cpXSSRZXf21kmx5OPu1noj4zz8j/p88HndpZXV2vFgsLGbbg+W5hcGlldWzM3Pj04XpwvzIyPCF0Yuj50eHdq2tl/7++WsvvfOPSx/86fqnV788/UI1rd5s38Z27Kb1pnfX/hZ1uYhYbEWwNujK2tPd7kQAANiR6mf8X0TE7yLiwZvtzgYAAABohcpfe+O7JKICAAAA7Ftp7R7YJM1n9wL0Rprm8+v38P4qDqXF0lL5j1Ol5fnJ9Xtl+6M7nZopFoaye4X7ozupbg/X1h9tn2vYHomIoxHxSt/B2nZ+olScbPfFDwAAAOgQhxvG/9/0rY//AQAAgH2mv90JAAAAAC1n/A8AAAD7X9Pxf5Lb20QAAACAVvjX5cvVUqk//3ry2srybOna2cnC0mx+bnkiP1FaXMhPl0rTte/sm9vu9Yql0sKfY375xmC5K6uaKy3Pl6/Wnut9teA50QAAALD3jv729idJRKz95WCtVB3I9u1grD7W2uyAVkqf7PCkVXkAe6+r3QkAbeMGX+hc5uOBbQb2rzZsP+FlAwAA4Fkw8OtH8/+5eOL5f/OB8BwzkIfOZf4fOpf5f+hcO5z/103APrbdhbyeZjs+3P1cAACA1uitlSTNZ3OBvZGm+XzEkdpjAbqTqZliYSgifh4RH/d1/6y6PdzupAEAAAAAAAAAAAAAAAAAAAAAAADgOVOpJFEBAAAA9rWI9Iske/7XQN+p3sbrAweSb/tqy4i4/taV12+Ml8uLw9X6rx/Wl9/I6s+14woGAAAA0Kg+Tq+P4wEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABgN92/d3OiXvYy7t2/RUT/ZvFz0VNb9kR3RBx6kERuw+8lEdG1C/HXbkXEsc3iJ9W0oj/LojF+GhEH2xz/8C7Eh052u9r/jG12/qVxsrZsOP+ykz6Xlad192Sz/i992P91Nen/jjR5zcZ+6fid9wabxr8VcTy3ef9Tj588Zf/7v/+urjbbV3k7YmDT95/kJ7EGy3MLg0srq2dn5sanC9OF+ZGR4QujF0fPjw4NTs0UC9nPTWO8/Jv3f9iq/YeaxO/fpv2ndtj+7+/cuPfLx6tz9finf7/5///YFvGrf/s/ZO8D1f0D9fW19fWNTrz70Ymt2j/ZpP3b/f9P77D9Z/794mc7PBQA2ANLK6uz48ViYfFZXUmzRFsfayyekSZbsdKyler5tKOD29wxAQAAu+7Rh/52ZwIAAAAAAAAAAAAAAAAAAACday++cmxjvJ72NRUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAYEs/BgAA//9lJct9")
r12 = openat(0xffffffffffffff9c, &(0x7f0000000240)='.\x00', 0x0, 0x0)
ioctl$FS_IOC_REMOVE_ENCRYPTION_KEY(r12, 0x40086602, &(0x7f0000000080)={@desc={0x4000, 0x0, @auto="b8f92416074d3848"}})
ioctl$FS_IOC_REMOVE_ENCRYPTION_KEY(r12, 0x40086602, &(0x7f0000000080)={@desc={0x80000, 0x0, @desc2}})
ioctl$sock_ipv4_tunnel_SIOCCHGTUNNEL(0xffffffffffffffff, 0x89f3, &(0x7f0000000000)={'sit0\x00', &(0x7f00000002c0)={'syztnl1\x00', 0x0, 0x0, 0x0, 0x0, 0x0, {{0x28, 0x4, 0x0, 0x0, 0xa0, 0x0, 0x0, 0x0, 0x0, 0x0, @broadcast, @remote, {[@timestamp={0x44, 0x18, 0x0, 0x0, 0x9, [0x20401, 0x0, 0x0, 0x0, 0x0]}, @timestamp_prespec={0x44, 0x34, 0x0, 0x3, 0x1, [{@private=0xa010100}, {@remote}, {@dev, 0x659}, {@broadcast}, {@empty}, {@multicast1, 0xffd200}]}, @timestamp_prespec={0x44, 0x3c, 0x0, 0x3, 0x8, [{@dev}, {@remote}, {@multicast2}, {@private=0xa010101}, {@rand_addr=0x64010101}, {@broadcast, 0x52b1}, {@multicast2}]}, @noop, @noop]}}}}})

5.596770071s ago: executing program 0 (id=1147):
syz_emit_ethernet(0xda, &(0x7f0000000300)={@local, @dev, @void, {@ipv4={0x800, @icmp={{0x5, 0x4, 0x0, 0x0, 0xcc, 0x0, 0x0, 0x0, 0x1, 0x0, @rand_addr=0x64010100, @local}, @time_exceeded={0xb, 0x0, 0x0, 0x3, 0x2c, 0x0, {0x2c, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x89, 0x0, @private, @local, {[@cipso={0x86, 0x2a, 0x0, [{0x0, 0xd, "b800"/11}, {0x0, 0x5, "4eb8a6"}, {0x0, 0x12, "9606053d0006ff00800000b61af93a93"}]}, @lsrr={0x83, 0x13, 0x0, [@dev, @loopback, @loopback, @rand_addr=0x64010100]}, @rr={0x7, 0xf, 0x0, [@multicast1, @initdev={0xac, 0x1e, 0x0, 0x0}, @broadcast]}, @cipso={0x86, 0x46, 0x0, [{0x0, 0x11, "95a43c8d079845a118b63855279f82"}, {0x0, 0x8, "f116177b53f3"}, {0x2, 0xf, "f6afec8bca26e266ea21488e06"}, {0x0, 0xe, "349f23cd8231d006d211d4d4"}, {0x0, 0xa, "774481179bc82872"}]}, @rr={0x7, 0x7, 0x0, [@empty]}]}}}}}}}, 0x0)

4.567123079s ago: executing program 2 (id=1148):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
syz_mount_image$hfs(&(0x7f0000000180), &(0x7f0000000080)='./bus\x00', 0x3000002, &(0x7f0000000580)={[{@uid}, {@file_umask={'file_umask', 0x3d, 0x1}}, {@part={'part', 0x3d, 0xc3}}, {@part={'part', 0x3d, 0xa5ef}}, {@creator={'creator', 0x3d, "a0a54db3"}}, {@part={'part', 0x3d, 0xfff}}, {@gid}, {@uid}, {@codepage={'codepage', 0x3d, 'iso8859-5'}}, {@dir_umask={'dir_umask', 0x3d, 0x2}}, {@codepage={'codepage', 0x3d, 'cp737'}}]}, 0x1, 0x2f2, &(0x7f00000006c0)="$eJzs3T9v004cx/HPOUmT9lf15/5BSCygQiVYKgoMiCUVysrOhIAmlSqiItoiAQsFMSIeAHufAkw8ARYQTwAmJh5AN6O7XP44sdM2JHED75fU6Hy+O39PtuP7WoIIwD/rduX7wfWf9s9IOeUk3ZICSSUpL+mMzpaebu9t7dVr1X4D5VwP+2fU6Gl62mxs15K62n6uhxfarbxmO+swGlEUrf/IOghkzt39CQKp6O9Dt7805rhGZV86n3UM49Z5gs2hDvVMcxmGAwA4BfzzP/CPiYKrMgoCacU/9nuf/0Fm4Q4gim0dZhbHSNyo91RFfTt0PP/d6i4y9vz+73a18z2Xwtn9QTNLPE4wha7tKTWuldgC0xyVVbpYgunNrbxWN16pGui1yl5HsyX3WY1fjEdEu5yQm/aRPlpBd2Yas3Erym7NkDa36rWiLSTEv3iyI/4589l8NfdMqPeqttZ/+cjY0+TOVNh1poKCjf9q+oj/uV62lXzaXy6X498N8+4g5/wRvJ5ZRrFrtpSckah5Rc23XxrstyJoxPkxvdeC4q8VGrNbS5+d67WY1CtsbaX0Wor1yvkrYXXjcb3vq5TRMu/MXbOsX/qgSsf6P7Dxreg4d6Zt41r6K6Mxn6nklnnXMuzJHNu3y4VWBF5xsInhJN7qoW5qbvf5i0e5er22YwsPEgpPZneMrym8kRLbDFAoDmkcW9B+uyayXkbRcbtHwwujqO6aK0MauVGw3x+tGnv7JDW2d1mrJkgf8JN6d80NLdRhFEoJEZ6WQuWL1L3roKdmAgr2iZuyK+svKIzDrmmedF8xnXFAGDe77jKRKTVX8n5V51Ik+xH2yUb6J5nxEddaGVx8KbjgPmeSM7j1tGFTM7iOI15LyRldznXxsnSpo9Kob84V+jj/Eqaib7rP+38AAAAAAAAAAAAAAAAAAIBJM45/aZD1HAEAAAAAAAAAAAAAAAAAAAAAmHQD/f5v0v8R737/N+T3f4EJ8jsAAP//Y/x7PA==")
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000006ac0)='cpuacct.stat\x00', 0x275a, 0x0)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000000)='cpuacct.usage_user\x00', 0x275a, 0x0)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='cpu.stat\x00', 0x275a, 0x0)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cpu.stat\x00', 0x275a, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000100)='./bus\x00', 0xc0642, 0x0)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cpuacct.usage_user\x00', 0x275a, 0x0)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cpu.stat\x00', 0x275a, 0x0)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cgroup.controllers\x00', 0x275a, 0x0)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000000)='blkio.bfq.io_merged\x00', 0x275a, 0x0)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000003c0)='cgroup.stat\x00', 0x275a, 0x0)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cpuset.effective_cpus\x00', 0x275a, 0x0)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000001000)='cpuset.effective_cpus\x00', 0x275a, 0x0)
gettid()
socket$inet6_tcp(0xa, 0x1, 0x0)
syz_mount_image$udf(&(0x7f0000000080), &(0x7f0000000180)='./file1\x00', 0x4000, &(0x7f00000003c0)=ANY=[@ANYBLOB='lastblock=00000000000000000000,umask=00000000000000000000002,dmode=00000000000000000077777,novrs,shortad,shortad,undelete,iocharset=cp437,shortad,umask=00000000000000000000006,dmode=00000000000000000000011,fileset=00000000000000000011,uid=', @ANYBLOB="d6d84c0df937ed4a0cd3f503f2e9ea9568eab74a46c525dc386983eade0b0ce5f1dd911706cf7d32ccd508d1823b8871e001000000eb4ce0a008f5cdea622fc6675e5486860a752ed0298a948efa72b2c8d8525181644a3124f3544a50f192b98f055ad125fd4674534413c6044136ea5aefac5267e43739626ea9391d8f346c4694f71105c4a42e9b979fcee1f628d1cec3462830606bb612bfed912c1cdc907bb91a2e86de2ad5", @ANYBLOB=',session=0000\x00000000000000005,\x00'], 0x12, 0xc38, &(0x7f0000001080)="$eJzs3U9sHNd9B/DfGy3FldxWTOwoThq3m6ZIZcVy9S+mYhXuqqbZBpBlIRRzC8CVSKkLUyRBUo1spAXTSw89BCiKHnIi0BoFUjQwmiLokWldILn4UOTUE9HCRlD0wBYBcgoYzOxbcUmRNiOSEml9Pjb13Z19b+a9eesZWdCbFwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABAxB+8cun0mfSoWwEAPExXRr5y+qz7PwA8Vq75/38AAAAAAAAAAAAAANjvUhTxZKSYubKSxqr3HfXL7b47d0eHhjevdiRVNQ9V5cuf+pmz585/8YXBC9283J76gPq77dPx2si1S42Xp2/PzE7MzU2MN0an2jemxye2vYed1t/oZHUCGrdfvzN+8+Zc4+zz59Z9fHfg/f4njg9cHHz21DPdsqNDw8Mja0XqveVrD9yQjq1meByOIk5Fiue++5PUiogidn4u6g937Dc6UnXiZNWJ0aHhqiOT7dbUfPnh1e6JKCIaPZWa3XO0+VhEre+h9mFrzYiFsvllg0+W3RuZac22rk9ONK62Zufb8+3pqaup09qyP40o4kKKWIyI5f77d9cXRdQixbePraTrEXGoex6+UE0M3rodxR72cRvKdjb6IhaLAzBm+1h/FPFqpPjpOyfiRr7OVNeaz0e8Wub3I94q86WIVH4xzke8t8n3iIOpFkX8ZTn+F1fSeHU96F5XLn+18eWpm9M9ZbvXlV/y/nDfleIR3R+ObMiHY59fm+pRRKu64q+kB//NDgAAAAAAAAAAAAAAAAC77UgU8alI8cp//Ek1rziqeenHLg7+4cCv9s4Zf/pD9lOWfT4iFortzck9nCcGXk1XU3rEc4kfZ/Uo4k/z/L9vPurGAAAAAAAAAAAAAAAAAAAAPNaK+HGkePHdE2kxetcUb0/dalxrXZ/srArbXfu3u2b66urqaiN1splzLOdCzsWcSzmXc0aR6+ds5hzLuZBzMedSzuWccSjXz9nMOZZzIedizqWcyzmjluvnbOYcy7mQczEvur+U3y/njH2ydi8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAwEdJEUX8PFJ86+srKVJENCPGopNL/Y+6dQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABAqT8V8b1I0fij5r1ttYhI1b8dJ8pfzkfzcJkfj+ZgmS9F81LOVpW15jcfQfvZmb5UxI8iRX/97XsDnse/r/Pu3tcg3vrG2rtP1zp5qPvhwPv9Txw/dnFw+Dee3up12qwBJy+3p+7cbYwODQ+P9Gyu5aN/vGfbQD5usTtdJyLm3njz9dbk5MTsg78ovwI7qH6AXqTa49LTg/3iN3drh1HbD915NC8e9ZWJh6G8/78XKX733f/s3vA79/96/Ern3b07fPzsz9bu/y9u3NE27/+1jfXy/b+8p292/3+yZ9uL+XcjfbWI+vztmb7jEfW5N9481b7dujVxa2Lq/OnTXxoc/NK5032HI+o325MTPa925XQBAAAAAAAAAAAAAAAAPDypiN+PFK0fraRGRNyt5msNXBx89tQzh+JQNd9q3bzt10auXWq8PH17ZnZibm5ivDE61b4xPT6x3cPVq+leo0PDe9KZD3Vkj9t/pP7y9Mwbs+1bfzy/6edH65euz83Ptm5s/nEciSKi2bvlZNXg0aHhqtGT7dZUVfXqppPpf3l9qYj/ihQ3zjfSZ/O2PP9/4wz/dfP/FzbuaI/m/3+sZ1t5zJSK+Fmk+J2/ejo+W7XzaNx3znK5v4sUJy98JpeLw2W5bhs6zxXozAwsy/5fpPinn68v250P+eRa2TPbPrEHRDn+xyLF9/7iO/Fbedv65z9sPv5HN+5oj8b/qZ5tR9c9r2DHXSeP/6lI8dKTb8fn8rYPev5H99kbJ3Lhe8/n2KPx/0TPtoF83N/ena4DAAAAAAAAAAAcaH2piL+PFD8YrqUX8rbt/P2/8Y072qO///XJnm3ju7Ne0Ye+2PFJBQAAAIB9oi8V8eNIcWv+7XtzqNfP/+6Z//l7a/M/h9KGT6s/5/u16rkBu/nnf70G8nHHdt5tAAAAAAAAAAAAAAAAAAAA2FdSKuKFvJ76WDWff3zL9dSXIsUr//NcLpeOl+W668APVL/Wr0xPnbo0OTl9ozXfuj450RiZad2YKOs+FSlW/vYzuW5Rra/eXW++s8b72lrss5Fi+B+6ZTtrsXfXJn9qreyZsuzHIsV//+P6sp/L5T6xVvZsWfZvIsXX/uX+sqXja2XPlWW/Eyl++LVGt+zRsmz3+aifXCv7/I3pYo9GBgAAAAAAAAAAAAAAAAAAgMdJXyrizyPF/95evDeXP6//39fztvLWN3rW+9/gbrXO/0C1/v9Wrx9k/f/quQILWx0VAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA+mlIU8WakmLmykpb6y/cd9cvtqTt3R4eGN692JFU1D1Xly5/6mbPnzn/xhcEL3fzg+rvtU/HayLVLjZenb8/MTszNTYw3RqfaN6bHJ7a9h53W3+hkdQIat1+/M37z5lzj7PPn1n18d+D9/ieOD1wcfPbUM92yo0PDwyM9ZWp9D3z0+6Qtth+OIv46Ujz33Z+kH/RHFLHzc/Eh3529dqTqxMmqE6NDw1VHJtutqfnyw6vdE1FENHoqNbvn6CGMxY40IxbK5pcNPll2b2SmNdu6PjnRuNqanW/Pt6enrqZOa8v+NKKICyliMSKW++/fXV8U8Xqk+PaxlfSv/RGHuufhC1dGvnL67NbtKPawj9tQtrPRF7FYHIAx28f6o4h/jhQ/fedE/Ft/RC06P/H5iFfL/H7EW9EZ71R+Mc5HvLfJ94iDqRZF/H85/hdX0jv95fWge125/NXGl6duTveU7V5XDvz94WHa59emehTxw+qKv5L+3X/XAAAAAAAAAAAAAAAAAPtIEb8eKV5890Sq5gffm1PcnrrVuNa6PtmZ1ted+9edM726urraSJ1s5hzLuZBzMedSzuWcUeT6OZtl1ldXx/L7hZyLOZdyLueMQ7l+zmbOsZwLORdzLuVczhm1XD9nM+dYzoWcizmXci7njH0ydw8AAAAAAAAAAAAAAAAAAPhoKap/Unzr6ytptb+zvvRYdHLJeqAfeb8IAAD//1qT9HY=")
syz_mount_image$fuse(0x0, &(0x7f0000000e80)='\x13\x13w\xc5\xfc5\xd4\x14T\xd5\xd4\x1d)\xad\x1a`)Y\x81F\xe6\xbe\x16nA\xad\r\xbd@T\x03<\x9f3\xbb\xda\x82$\xa2\xf3\xd7r\xe7cnH\xb3<\xbfp\x83r\xe8\xf1\xb9\x93>\xc5\x12wC\xbe\"\x06 \x9e\xf0-\xf9\xcb\xf2\xf6\xe8\x80\xd38/\x00', 0x0, 0x0, 0x0, 0x0, 0x0)
chdir(&(0x7f0000000040)='\x13\x13w\xc5\xfc5\xd4\x14T\xd5\xd4\x1d)\xad\x1a`)Y\x81F\xe6\xbe\x16nA\xad\r\xbd@T\x03<\x9f3\xbb\xda\x82$\xa2\xf3\xd7r\xe7cnH\xb3<\xbfp\x83r\xe8\xf1\xb9\x93>\xc5\x12wC\xbe\"\x06 \x9e\xf0-\xf9\xcb\xf2\xf6\xe8\x80\xd38/\x00')
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)
syz_mount_image$fuse(0x0, &(0x7f0000001040)='./file2\x00', 0x0, 0x0, 0x0, 0x0, 0x0)
mount$overlay(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f0000000000), 0x0, &(0x7f0000000140)={[{@workdir={'workdir', 0x3d, './file0'}}, {@lowerdir={'lowerdir', 0x3d, '.'}}, {@upperdir={'upperdir', 0x3d, './file2'}}], [], 0x2c})

4.564920679s ago: executing program 0 (id=1155):
syz_emit_vhci(&(0x7f0000000000)=ANY=[@ANYBLOB="040e04f74120"], 0x7)
socket$nl_crypto(0x10, 0x3, 0x15)
socket$inet6_udp(0xa, 0x2, 0x0)
r0 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r0, &(0x7f0000000340)={0x26, 'hash\x00', 0x0, 0x0, 'blake2b-160-generic\x00'}, 0x58)
ioctl$HIDIOCGRAWPHYS(0xffffffffffffffff, 0x80404805, &(0x7f00000002c0))
r1 = accept4(r0, 0x0, 0x0, 0x0)
sendmmsg$alg(r1, &(0x7f00000025c0)=[{0x0, 0x0, &(0x7f0000002540)=[{&(0x7f0000002100)="bb", 0x1}], 0x1}], 0x1, 0x8044)
r2 = socket$inet(0x2, 0x4000000000000001, 0x0)
setsockopt$inet_tcp_int(r2, 0x6, 0x80000000000002, &(0x7f00000000c0)=0x7a, 0x4)
bind$inet(r2, &(0x7f0000001c00)={0x2, 0x4e23, @multicast2}, 0x10)
setsockopt$SO_TIMESTAMPING(r2, 0x1, 0x25, &(0x7f0000000080)=0x300, 0x4)
connect$inet(r2, &(0x7f0000001bc0)={0x2, 0x4e23, @loopback}, 0x10)
syz_open_dev$loop(&(0x7f0000000200), 0x6ff, 0xc0000)
r3 = syz_open_dev$radio(&(0x7f0000000000), 0xffffffffffffffff, 0x2)
ioctl$VIDIOC_S_HW_FREQ_SEEK(r3, 0x40305652, &(0x7f0000000080)={0x0, 0x1, 0x0, 0x0, 0x0, 0x9, 0x7})
socket$rds(0x15, 0x5, 0x0)
r4 = openat$vnet(0xffffffffffffff9c, &(0x7f0000000180), 0x2, 0x0)
ioctl$int_in(r4, 0x40000000af01, 0x0)
ioctl$VHOST_SET_MEM_TABLE(r4, 0x4008af03, &(0x7f0000000300))
r5 = socket$packet(0x11, 0x3, 0x300)
ioctl$VHOST_SET_VRING_ADDR(r4, 0x4028af11, &(0x7f00000001c0)={0x0, 0x0, 0x0, &(0x7f00000003c0)=""/75, 0x0})
dup(r5)
ioctl$VHOST_NET_SET_BACKEND(r4, 0x4008af30, &(0x7f0000000000))
pselect6(0x40, &(0x7f0000000600)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfff}, 0x0, &(0x7f0000000680)={0xff}, 0x0, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb, 0x4008032, 0xffffffffffffffff, 0x0)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x15)
r6 = syz_open_dev$dri(&(0x7f0000000000), 0x1, 0x0)
ioctl$DRM_IOCTL_MODE_GETRESOURCES(r6, 0xc04064a0, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000300)=[<r7=>0x0], 0x0, 0x0, 0x0, 0x1})
ioctl$DRM_IOCTL_MODE_GETCONNECTOR(r6, 0xc05064a7, &(0x7f0000000040)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, r7})

3.39159096s ago: executing program 2 (id=1149):
syz_emit_ethernet(0x82, &(0x7f0000000480)={@broadcast, @empty, @void, {@ipv4={0x800, @udp={{0x5, 0x4, 0x0, 0x0, 0xa0b9719fb7400b79, 0x0, 0x0, 0x0, 0x73, 0x0, @private, @multicast1}, {0x0, 0x0, 0x58, 0x0, @opaque="7e55053f4c1c73175cd7a345da0d6357807923433f8e7c37896989c9b3c68110e3ca68646a8516bb0139f7844185c15617329d64420520092379b0d373596cebc599670cac380249f0a9254c1d02ffb4"}}}}}, 0x0)

3.099351124s ago: executing program 3 (id=1065):
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000000)={0x8, 0x100008b}, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f0000000200)=0x400000bce)
r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x1)
read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x4)
r2 = syz_open_dev$sg(&(0x7f00000060c0), 0x0, 0x8002)
ptrace$setopts(0xffffffffffffffff, 0x0, 0x0, 0x20002e)
fcntl$dupfd(r2, 0x0, 0xffffffffffffffff)
ioctl$SCSI_IOCTL_GET_PCI(r2, 0x5393, &(0x7f0000000000))
ptrace$ARCH_MAP_VDSO_32(0x1e, 0x0, 0x0, 0x2002)
munmap(&(0x7f0000ffc000/0x4000)=nil, 0x4000)
r3 = userfaultfd(0x80001)
ioctl$UFFDIO_API(r3, 0xc018aa3f, &(0x7f0000000040))
ioctl$UFFDIO_REGISTER(r3, 0xc020aa07, &(0x7f0000000000)={{&(0x7f0000ffc000/0x1000)=nil, 0x1000}})
mlock2(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x0)
r4 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0)
openat$binderfs(0xffffffffffffff9c, &(0x7f0000000540)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000280)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
getpid()
ioctl$SNDRV_SEQ_IOCTL_SET_PORT_INFO(r0, 0x40a85323, &(0x7f0000000380)={{0x4, 0x4}, 'port1\x00', 0x50, 0x1100c, 0x0, 0x0, 0xcf4, 0x1, 0x0, 0x0, 0x0, 0x6})
openat$ppp(0xffffffffffffff9c, &(0x7f00000001c0), 0x101042, 0x0)
socket$netlink(0x10, 0x3, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0x18, 0x4, &(0x7f0000000ac0)=@ringbuf={{0x18, 0x0, 0x0, 0x0, 0x5, 0x0, 0x0, 0x0, 0x1}, {}, {}, [@map_val={0x18, 0x2, 0x2, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0xa}, @alu={0x7, 0x0, 0x8, 0xf, 0x6, 0x6, 0x4}, @map_fd={0x18, 0xa}, @tail_call, @ringbuf_output={{}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x6}}, @ldst={0x0, 0x1, 0x6, 0x8, 0x0, 0x18, 0xfffffffffffffff0}], {{}, {0x7, 0x0, 0xb, 0x2, 0x0, 0x0, 0x2}, {0x85, 0x0, 0x0, 0x84}}}, &(0x7f0000003ff6)='GPL\x00', 0x2, 0xfd90, &(0x7f0000000840)=""/196, 0x40f00, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x5671, @void, @value}, 0x62)
r5 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x2, 0x4, 0x4, 0xc, 0x1000, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
r6 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xd, &(0x7f0000000040)=ANY=[@ANYBLOB="18000000000000000000000000000000850000006d", @ANYRES32=r5, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000010b704000000000000850000000100000095"], &(0x7f00000001c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000380)={&(0x7f0000000180)='mm_page_alloc\x00', r6}, 0x10)
bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@bloom_filter={0x1e, 0x0, 0x10001, 0x7ff, 0x4, r5, 0x9, '\x00', 0x0, 0xffffffffffffffff, 0x3, 0x0, 0x3, 0xf7, @void, @value, @void, @value}, 0x48)

2.977801805s ago: executing program 2 (id=1150):
r0 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r0, &(0x7f0000000280)={0x26, 'hash\x00', 0x0, 0x0, 'sha224-avx\x00'}, 0x58)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000080)='sched_switch\x00'}, 0x10)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r4 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000640)={0x3, 0x4, &(0x7f0000000040)=@framed={{}, [@ldst={0x0, 0x0, 0x3, 0x0, 0x1}]}, &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x24, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x80)
waitid(0x1, r4, 0x0, 0x60000007, 0x0)
r5 = socket$inet6_udp(0xa, 0x2, 0x0)
setsockopt$IP6T_SO_SET_REPLACE(r5, 0x29, 0x40, &(0x7f0000000980)=@raw={'raw\x00', 0x3c1, 0x3, 0x350, 0x0, 0x268, 0x33a, 0x0, 0x268, 0x280, 0x460, 0x460, 0x280, 0x460, 0xc, 0x0, {[{{@uncond, 0x0, 0x108, 0x148, 0xd8000000, {0x9402}, [@common=@unspec=@addrtype1={{0x28}, {0x0, 0x228}}, @common=@unspec=@statistic={{0x38}}]}, @common=@inet=@TCPOPTSTRIP={0x40}}, {{@ipv6={@private1, @empty, [], [], 'pim6reg0\x00', 'vxcan1\x00'}, 0x0, 0xd0, 0x138, 0x0, {}, [@inet=@rpfilter={{0x28, 'rpfilter\x00', 0x2}}]}, @unspec=@CT1={0x68, 'CT\x00', 0x1, {0x0, 0x0, 0x0, 0x0, 'snmp_trap\x00', 'syz0\x00'}}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x3b0)
r6 = socket$alg(0x26, 0x5, 0x0)
setrlimit(0xe, &(0x7f0000000100)={0x7, 0x1})
bind$alg(r6, &(0x7f0000000000)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc(aes-aesni)\x00'}, 0x58)
r7 = accept4(r6, 0x0, 0x0, 0x0)
r8 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0)
mkdirat(r8, &(0x7f0000000300)='./file0\x00', 0x100)
fcntl$getownex(r5, 0x10, &(0x7f0000000340))
mmap(&(0x7f0000221000/0x1000)=nil, 0x1000, 0x3000004, 0x30, r6, 0x42ac5000)
preadv(r8, &(0x7f0000000240)=[{&(0x7f0000033a80)=""/102386, 0xfffffd6e}], 0x1, 0x0, 0x0)
sendmmsg$inet6(r7, &(0x7f0000003b80)=[{{0x0, 0x0, 0x0}, 0xff03}, {{0x0, 0x0, &(0x7f0000000740)=[{&(0x7f0000000440)='&', 0x1}], 0x1}}], 0x2, 0x8000)
recvmmsg(r7, &(0x7f00000018c0)=[{{0x0, 0x0, &(0x7f0000001780)=[{&(0x7f0000000400)=""/34, 0x22}, {&(0x7f0000000480)=""/160, 0xa0}], 0x2}}, {{&(0x7f0000000540)=@pppol2tp={0x18, 0x1, {0x0, 0xffffffffffffffff, {0x2, 0x0, @multicast2}}}, 0x80, &(0x7f0000000c80)=[{&(0x7f0000000380)=""/8, 0x8}, {&(0x7f0000000ec0)=""/253, 0xfd}, {&(0x7f0000000840)=""/209, 0xd1}, {0x0}, {&(0x7f0000000a00)=""/79, 0x4f}, {&(0x7f0000000a80)=""/196, 0xc4}], 0x6}}, {{0x0, 0x0, &(0x7f0000000700)=[{&(0x7f0000000d40)=""/129, 0x81}], 0x1}}, {{&(0x7f00000005c0)=@caif=@rfm, 0x80, &(0x7f0000000640)}}, {{0x0, 0x0, &(0x7f0000001540)=[{&(0x7f0000001140)=""/206, 0xce}, {0x0}, {&(0x7f00000013c0)=""/65, 0x41}, {&(0x7f0000001440)=""/233, 0xe9}], 0x4, &(0x7f00000015c0)=""/246, 0xf6}}, {{0x0, 0x0, &(0x7f00000016c0)=[{&(0x7f00000017c0)=""/202, 0xca}], 0x1}}], 0x6, 0x10020, 0x0)

1.305869528s ago: executing program 2 (id=1151):
r0 = io_uring_setup(0x5997, &(0x7f0000000140)={0x0, 0x0, 0x1})
r1 = socket(0x2b, 0x1, 0x1)
syz_mount_image$ext4(&(0x7f0000000100)='ext4\x00', &(0x7f0000000500)='./file0\x00', 0x2008002, &(0x7f0000000300)={[], [{@appraise_type}, {@permit_directio}]}, 0x0, 0x544, &(0x7f0000000fc0)="$eJzs3c+PG1cdAPDvzP5MmnYT6AEqIAEKAUWxs04bVb20uYBQVQlRcUAc0mXXWS2x4xB7S3eJxPZvAAkkTvAncEDigNQTB24ckTggpHJACrACZZFAMprx7MbZ9bKm9trE/nykycybNzPf9+KM3/OzMy+AqXUpInYiYj4i3o6IpWJ/UizxemfJjnu0+2B1b/fBahLt9lt/TfL8bF90nZN5prjmYkR87csR30qOxm1ubd9ZqdWq94t0uVW/V25ubV/dqK+sV9erdyuVG8s3rr1y/eXK0Op6sf7zh1/aeOPrv/rlJz/47c4Xv5cV61yR112PYepUfe4gTmY2It44jWBjMFOs58dcDj6cNCI+EhGfye//pZjJ/3UCAJOs3V6K9lJ3GgCYdGk+BpakpYhI06ITUOqM4T0fZ9Nao9m6cruxeXetM1Z2PubS2xu16rULC7//Tn7wXJKll/O8PD9PVw6lr0fEhYj44cKZPF1abdTWxtPlAYCp90x3+x8R/1hI01Kpr1N7fKsHADw1FsddAABg5LT/ADB9tP8AMH36aP+LL/t3Tr0sAMBo+PwPANNH+w8A00f7DwBT5atvvpkt7b3i+ddr72xt3mm8c3Wt2rxTqm+ullYb9++V1huN9fyZPfWTrldrNO4tvxSb75Zb1War3NzavlVvbN5t3cqf632rOjeSWgEA/82Fi+//LomInVfP5Et0zeWgrYbJlo67AMDYzAxysg4CPNXM9gXTq68mPO8k/ObUywKMR8+HeS/23HzSj/+HIH5nBP9XLn+8//F/czzDZDH+D9Prw43/vzb0cgCjZ/wfple7nRye83/+IAsAmEgD/ISv/f1hdUKAsTppMu+hfP8PAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAE+ZcRHw7krSUzwWeZn+mpVLEsxFxPuaS2xu16rWIeC4uRsTcQpZeHnehAYABpX9Oivm/Li+9eO5w7nzyz4V8HRHf/clbP3p3pdW6v5zt/9vB/oX96cMqj88bYF5BAGDI8va7Uqy7Psg/2n2wur+MsjwPb8a/i6mIV/d2H+RLJ2c2sp0Ri3lf4uzfk5gtzlmMiBciYmYI8Xfei4iP9ap/ko+NnC9mPu2OH0XsZ0caP30ifprnddZZ5+ujT172zBCKBhPv/ZsR8Xqv+y+NS/m69/2/mL9DDe7hzc7F9t/79rrizxaRZnrEz+75S/3GeOnXXzmys73UyXsv4oXZXvGTg/jJMfFf7DP+Hz7xqR+8dkxe+6cRl6N3/O5Y5Vb9Xrm5tX11o76yXl2v3q1UbizfuPbK9Zcr5XyMurw/Un3UX1698txxZcvqf/aY+Is96z9/cO7n+qz/z/719jc//Ti5cDj+Fz7b+/V/vmf8jqxN/Hyf8VfO/uLY6buz+GvH1P+k1/9Kn/E/+NP2Wp+HAgAj0NzavrNSq1XvD7SRfQodxnWObGRF7O/g/e7iYEH/GKdRi5M2kuiZNXdaf6unvjF70Fcc7pW/kV1xxNVJh16LgTYejSrW+N6TgNF4fNOPuyQAAAAAAAAAAAAAAMBxRvFfl8ZdRwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACbXfwIAAP//yQ/MDQ==")
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r2 = getpid()
sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
bind$rxrpc(0xffffffffffffffff, &(0x7f00000002c0)=@in6={0x21, 0x2, 0x2, 0x1c, {0xa, 0x4e23, 0x1, @mcast1, 0x80}}, 0x24)
bpf$MAP_CREATE(0x0, 0x0, 0x0)
socket$igmp6(0xa, 0x3, 0x2)
sendmmsg$inet6(0xffffffffffffffff, &(0x7f0000003080)=[{{&(0x7f00000001c0)={0xa, 0x0, 0x0, @mcast2}, 0x1c, 0x0}}, {{0x0, 0x0, 0x0, 0x0, &(0x7f0000002f80)=ANY=[], 0xa0}}], 0x2, 0x0)
ioctl$ifreq_SIOCGIFINDEX_wireguard(0xffffffffffffffff, 0x8933, 0x0)
pwritev2(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0)
r5 = socket$inet(0x2, 0x3, 0x8)
setsockopt$IPT_SO_SET_REPLACE(r5, 0x0, 0x40, &(0x7f0000001a40)=@raw={'raw\x00', 0x8, 0x3, 0x310, 0x0, 0xe138, 0x198, 0x0, 0x198, 0x278, 0x358, 0x358, 0x278, 0x358, 0x3, 0x0, {[{{@ip={@broadcast, @loopback, 0x0, 0x0, 'netdevsim0\x00', 'veth0_to_bond\x00'}, 0x0, 0x130, 0x198, 0x0, {}, [@common=@unspec=@string={{0xc0}, {0x0, 0x0, 'fsm\x00', "0d0004000000050000000404fff0cf81dfd28c89544e14cd3e01dd24289831867846c88621039b284c3ff45c42995560a99952bed40cf5a8c1df6cdbdb7e2378d5afd35f4c16827f55b3af494e39e8fb330200000000000032b6a99a8d87298e88a94cb519f5c17631af916a0002000000000000000000000000000000000049", 0x4}}]}, @unspec=@CT2={0x68, 'CT\x00', 0x2, {0x0, 0x0, 0x0, 0x0, 'snmp_trap\x00', 'syz0\x00'}}}, {{@uncond, 0x0, 0x98, 0xe0, 0x0, {}, [@inet=@rpfilter={{0x28}}]}, @unspec=@CT0={0x48, 'CT\x00', 0x0, {0x0, 0x0, 0x0, 0x0, 'syz0\x00'}}}], {{'\x00', 0x0, 0x70, 0x98}, {0x28, '\x00', 0x4}}}}, 0x370)
getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000000040), 0x0)
setsockopt$inet6_IPV6_RTHDR(r1, 0x29, 0x39, 0x0, 0x18)
r6 = socket$inet6_sctp(0xa, 0x801, 0x84)
setsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER(r6, 0x84, 0x7b, &(0x7f0000000180)={0x0, 0x4}, 0x8)
sendto$inet6(r6, &(0x7f0000000040)='\x00', 0x1, 0x0, &(0x7f0000000100)={0xa, 0x0, 0x0, @remote, 0x4}, 0x1c)
sendto$inet6(r6, &(0x7f00000001c0)="85", 0x1, 0x0, &(0x7f0000000280)={0xa, 0x0, 0x0, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02'}, 0x1c)
setsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER_VALUE(r6, 0x84, 0x7c, &(0x7f0000000080), 0x8)
ppoll(0x0, 0x0, &(0x7f0000000240)={0x77359400}, 0x0, 0x0)
ioctl$BTRFS_IOC_QUOTA_RESCAN_STATUS(r0, 0x8040942d, &(0x7f00000000c0))
close_range(r0, 0xffffffffffffffff, 0x0)

1.064940769s ago: executing program 3 (id=1152):
syz_emit_vhci(&(0x7f00000000c0)=ANY=[@ANYBLOB="040e04692420"], 0x7)

981.172396ms ago: executing program 3 (id=1153):
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000140)={0x9, 0x4, &(0x7f0000000040)=@framed={{}, [@ldst={0x1, 0x0, 0x3, 0x2, 0x1, 0x18}], {0x95, 0x0, 0x700}}, &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0xc, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x80)

762.037075ms ago: executing program 3 (id=1154):
syz_read_part_table(0x5d7, &(0x7f0000000600)="$eJzs3L+rHFUUB/DvzO7sD4g+KyvBhRQGBZ9g62Is9JkuiHaCthZPJFYWsruoWKh/QHotjEKItYWCBDGdlQgPLUTsLUxhvPLmx+4DtdqgCJ9PsXPuufeec4eZdjb8v5WDpFTJrbPJcd0HPyfvNMnmpaeSaZdq+qkqyQvXnn7m0uJyNd3mTrPrfna6KzgZCmfRR5+P88G1o3fbeJ0qq/Rhmk8nGbdH6/Zd/euhb1dtLf5zF74o3YOY5Nt8luS4GrUPP9nko+S+zNrBYZJR+p91Mj+NJvv3v768uXmyj+fp37SmG63yUHmsn2tSSil1VueHnaPkgScOr/xd0aY7/lmllObcsLdO/ujD4zuT4T18/OsfV9k8uK3ediylG5/Mk9dOnnu0rVV1NZr9bx8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgLvswusPf1kPg4vtb7WNn/049W7pOvl9iBezu9T/+vLmwVtvX6nzxvKV715986ejX/JrklEOj84l0+26l7vLjffay7jP3j/ft//xnXryyYdf7er0pavkm/Pf3y6jPn2yXbA7U5b1vu0BAAAAAAAAAAAAAAAAAACgdSOXFpfrPJ9UeTG7z/1LZklVDcNZUkopv5XW8PH/5Oq9fXTrh1Snm1Kqs9UvJgf3JGX6/iPt3wp0G0sp47ZF9e/cI//szwAAAP//HfdkCg==")

747.263056ms ago: executing program 0 (id=1156):
r0 = socket$nl_rdma(0x10, 0x3, 0x14)
socket$nl_netfilter(0x10, 0x3, 0xc)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4)
r4 = socket$inet6_sctp(0xa, 0x5, 0x84)
r5 = socket$inet6_sctp(0xa, 0x1, 0x84)
shutdown(0xffffffffffffffff, 0x0)
getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(0xffffffffffffffff, 0x84, 0x6f, &(0x7f0000000000)={0x0, 0x1c, &(0x7f00000002c0)=[@in6={0xa, 0x0, 0x0, @private0}]}, &(0x7f0000000180)=0x10)
r6 = dup3(0xffffffffffffffff, r5, 0x0)
getsockopt$inet_sctp_SCTP_MAX_BURST(r6, 0x84, 0x71, 0x0, &(0x7f0000000040))
getsockopt$inet_sctp6_SCTP_PRIMARY_ADDR(r4, 0x84, 0x6, &(0x7f0000000000)={0x0, @in={{0x2, 0x0, @multicast2}}}, 0x0)
write$binfmt_elf64(0xffffffffffffffff, 0x0, 0x7c8)
ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(0xffffffffffffffff, 0x8933, 0x0)
r7 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFULNL_MSG_CONFIG(r7, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000280)={0x1c, 0x1, 0x4, 0x3, 0x0, 0x0, {}, [@NFULA_CFG_CMD={0x5, 0x1, 0x3}]}, 0x1c}}, 0x0)
sendmsg$netlink(0xffffffffffffffff, 0x0, 0x0)
socket$inet6_udp(0xa, 0x2, 0x0)
sendmsg$NFT_BATCH(0xffffffffffffffff, 0x0, 0x0)
bpf$MAP_CREATE(0x0, 0x0, 0x0)
syz_emit_ethernet(0x2a, &(0x7f00000002c0)=ANY=[@ANYBLOB="aaaaaaaaaaaaaaaaaaaaaa0008404500001c006500000001907864010101ac1414aa0300907800000000"], 0x0)
sendmsg$RDMA_NLDEV_CMD_PORT_GET(r0, &(0x7f0000000480)={&(0x7f0000000380), 0xc, &(0x7f0000000440)={&(0x7f00000003c0)={0x20, 0x1405, 0x1, 0x0, 0x0, "", [{{0x8}, {0x4}}]}, 0x20}}, 0x0)

0s ago: executing program 2 (id=1157):
syz_emit_vhci(&(0x7f0000000640)=@HCI_EVENT_PKT={0x4, @hci_ev_cmd_complete={{0xe, 0xa}, @hci_rp_read_bd_addr={{}, {0x0, @none}}}}, 0xd)

kernel console output (not intermixed with test programs):

 #16: comm syz.3.635: corrupted inode contents
[  408.022712][ T7876] EXT4-fs error (device loop3): __ext4_ext_dirty:202: inode #16: comm syz.3.635: mark_inode_dirty error
[  408.065709][ T3747] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  408.081815][ T7876] EXT4-fs error (device loop3): ext4_do_update_inode:5224: inode #16: comm syz.3.635: corrupted inode contents
[  408.107179][ T3747] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  408.116218][ T7876] EXT4-fs error (device loop3) in ext4_orphan_del:305: Corrupt filesystem
[  408.134294][ T3732] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  408.145375][ T3698] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready
[  408.158749][ T7876] EXT4-fs error (device loop3): ext4_do_update_inode:5224: inode #16: comm syz.3.635: corrupted inode contents
[  408.180063][ T3732] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  408.204089][ T7876] EXT4-fs error (device loop3): ext4_truncate:4311: inode #16: comm syz.3.635: mark_inode_dirty error
[  408.223393][ T3698] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready
[  408.295077][ T7876] EXT4-fs error (device loop3) in ext4_process_orphan:347: Corrupt filesystem
[  408.307532][ T7876] EXT4-fs (loop3): 1 truncate cleaned up
[  408.309042][ T7885] netlink: 16 bytes leftover after parsing attributes in process `syz.0.719'.
[  408.341756][   T26] audit: type=1326 audit(537.311:401): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7887 comm="syz.1.720" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fe3dab7dff9 code=0x0
[  408.344217][ T7876] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: writeback.
[  408.442242][ T7889] netlink: 'syz.4.718': attribute type 3 has an invalid length.
[  409.005892][ T7890] netlink: 'syz.1.720': attribute type 5 has an invalid length.
[  409.058285][ T7892] netlink: 12 bytes leftover after parsing attributes in process `syz.1.720'.
[  409.184757][ T7895] loop4: detected capacity change from 0 to 1024
[  409.229992][ T7895] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE
[  409.306633][ T3652] Bluetooth: hci4: command 0x0c1a tx timeout
[  409.347266][ T7895] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: writeback.
[  409.531240][   T26] audit: type=1800 audit(538.411:402): pid=7900 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.3.635" name="bus" dev="loop3" ino=18 res=0 errno=0
[  409.531867][   T26] audit: type=1800 audit(538.421:403): pid=7900 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.3.635" name="bus" dev="loop3" ino=18 res=0 errno=0
[  409.946665][ T3652] Bluetooth: hci1: command 0x0c1a tx timeout
[  411.386845][ T3651] Bluetooth: hci4: command 0x0c1a tx timeout
[  411.407993][ T6830] EXT4-fs (loop4): unmounting filesystem.
[  412.423001][ T7925] Cannot find set identified by id 0 to match
[  412.470426][ T7928] netlink: 'syz.0.739': attribute type 3 has an invalid length.
[  412.507067][ T7928] netlink: 48 bytes leftover after parsing attributes in process `syz.0.739'.
[  412.588842][ T7928] netlink: 16 bytes leftover after parsing attributes in process `syz.0.739'.
[  412.632215][ T7928] netlink: 16 bytes leftover after parsing attributes in process `syz.0.739'.
[  412.651662][ T7928] netlink: 8 bytes leftover after parsing attributes in process `syz.0.739'.
[  412.765506][ T7943]  nullb0: [POWERTEC] p1 p2 p3
[  412.775915][ T7943] nullb0: p1 start 1986356271 is beyond EOD, truncated
[  412.791231][ T7943] nullb0: p2 size 536871424 extends beyond EOD, truncated
[  412.820680][ T7943] nullb0: p3 start 1819635247 is beyond EOD, truncated
[  412.991628][ T7384] EXT4-fs (loop3): unmounting filesystem.
[  413.042603][ T6592] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  413.104027][ T7950] fuse: Bad value for 'fd'
[  413.223913][ T7950] x_tables: ip6_tables: rpfilter match: used from hooks OUTPUT, but only valid from PREROUTING
[  413.653044][ T7937] Bluetooth: hci4: Opcode 0x0c1a failed: -4
[  413.677473][ T7937] Bluetooth: hci4: Opcode 0x0406 failed: -4
[  413.691594][ T6592] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  413.708098][ T7937] Bluetooth: hci4: Suspend notifier action (1) failed: -4
[  413.928705][ T6592] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  414.058953][ T6592] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  414.171103][ T7967] syz.4.738 sent an empty control message without MSG_MORE.
[  414.826709][ T3651] Bluetooth: hci4: command 0x0c1a tx timeout
[  415.122236][ T7971] netlink: 8 bytes leftover after parsing attributes in process `syz.1.740'.
[  415.475347][ T3652] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1
[  415.487712][ T3652] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9
[  415.500717][ T3652] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9
[  415.513589][ T3652] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4
[  415.690602][ T7982] ip6gretap0 speed is unknown, defaulting to 1000
[  416.126838][ T3652] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3
[  416.177025][ T3652] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2
[  416.241132][ T7977] ip6gretap0 speed is unknown, defaulting to 1000
[  417.618514][ T3652] Bluetooth: hci4: command 0x0c1a tx timeout
[  417.697080][   T26] audit: type=1326 audit(546.661:404): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7985 comm="syz.4.743" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f8ed4b7dff9 code=0x0
[  417.763705][ T7995] netlink: 703 bytes leftover after parsing attributes in process `syz.4.743'.
[  418.209310][ T7998] netlink: 80 bytes leftover after parsing attributes in process `syz.2.745'.
[  418.266841][ T3651] Bluetooth: hci1: command tx timeout
[  418.930799][ T8006] netlink: 'syz.4.747': attribute type 3 has an invalid length.
[  418.945629][ T8007] netlink: 'syz.1.746': attribute type 3 has an invalid length.
[  419.128077][ T3651] Bluetooth: hci4: unexpected event for opcode 0x201c
[  419.571446][ T7977] chnl_net:caif_netlink_parms(): no params data found
[  419.695880][ T8038] netlink: 8 bytes leftover after parsing attributes in process `syz.4.751'.
[  419.826717][ T8012] Bluetooth: hci4: Opcode 0x0c1a failed: -4
[  419.858141][ T8012] Bluetooth: hci4: Opcode 0x0406 failed: -4
[  419.876619][ T8012] Bluetooth: hci4: Suspend notifier action (1) failed: -4
[  419.894601][ T8012] Bluetooth: hci1: Opcode 0x0c1a failed: -4
[  420.036971][ T8012] Bluetooth: hci1: Opcode 0x0406 failed: -4
[  420.326174][ T8012] Bluetooth: hci1: Suspend notifier action (1) failed: -4
[  420.503185][ T8043] loop4: detected capacity change from 0 to 1024
[  421.425423][ T8057] loop4: detected capacity change from 0 to 256
[  421.466692][ T3651] Bluetooth: hci4: command 0x0c1a tx timeout
[  421.487663][ T8057] FAT-fs (loop4): error, fat_get_cluster: invalid start cluster (i_pos 196, start 00006005)
[  421.500644][ T8057] FAT-fs (loop4): Filesystem has been set read-only
[  421.522929][ T8057] FAT-fs (loop4): error, invalid access to FAT (entry 0x00006005)
[  421.859364][ T8067] netlink: 'syz.2.758': attribute type 3 has an invalid length.
[  421.948187][ T3651] Bluetooth: hci1: command 0x040f tx timeout
[  422.467796][ T7977] bridge0: port 1(bridge_slave_0) entered blocking state
[  422.486150][ T7977] bridge0: port 1(bridge_slave_0) entered disabled state
[  422.607987][ T7977] device bridge_slave_0 entered promiscuous mode
[  422.701097][ T8075] netlink: 'syz.1.759': attribute type 3 has an invalid length.
[  423.179295][ T3651] Bluetooth: hci4: unexpected event for opcode 0x0c0d
[  423.385946][ T8078] netlink: 8 bytes leftover after parsing attributes in process `syz.1.761'.
[  423.527904][ T7977] bridge0: port 2(bridge_slave_1) entered blocking state
[  423.535043][ T7977] bridge0: port 2(bridge_slave_1) entered disabled state
[  423.587493][ T7977] device bridge_slave_1 entered promiscuous mode
[  423.691826][ T8087]  nullb0: [POWERTEC] p1 p2 p3
[  423.707751][ T8081] loop4: detected capacity change from 0 to 8192
[  423.721794][ T8087] nullb0: p1 start 1986356271 is beyond EOD, truncated
[  423.730123][ T8081] REISERFS warning:  read_super_block: reiserfs filesystem is deprecated and scheduled to be removed from the kernel in 2025
[  423.739922][ T7977] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  423.761642][ T8087] nullb0: p2 size 536871424 extends beyond EOD, truncated
[  423.769008][ T8081] REISERFS (device loop4): found reiserfs format "3.5" with non-standard journal
[  423.778861][ T8081] REISERFS (device loop4): using ordered data mode
[  423.790869][ T8087] nullb0: p3 start 1819635247 is beyond EOD, truncated
[  423.791176][ T8081] reiserfs: using flush barriers
[  423.799239][ T3683] usb 2-1: new high-speed USB device number 8 using dummy_hcd
[  423.806367][ T7977] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  423.828071][ T8081] REISERFS (device loop4): journal params: device loop4, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30
[  423.917877][ T7977] team0: Port device team_slave_0 added
[  423.934649][ T8081] REISERFS (device loop4): checking transaction log (loop4)
[  423.947633][ T7977] team0: Port device team_slave_1 added
[  423.962885][ T8081] REISERFS (device loop4): Using r5 hash to sort names
[  423.971582][ T8081] REISERFS (device loop4): using 3.5.x disk format
[  423.987499][ T8081] REISERFS (device loop4): Created .reiserfs_priv - reserved for xattr storage.
[  424.056196][ T3651] Bluetooth: hci1: command 0x040f tx timeout
[  424.154602][ T7977] batman_adv: batadv0: Adding interface: batadv_slave_0
[  424.163809][ T7977] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  424.226160][ T7977] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  424.260716][ T7977] batman_adv: batadv0: Adding interface: batadv_slave_1
[  424.351073][ T7977] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  424.534308][ T7977] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  424.768697][ T3683] usb 2-1: Using ep0 maxpacket: 32
[  425.026768][ T3683] usb 2-1: config 0 contains an unexpected descriptor of type 0x2, skipping
[  425.035497][ T3683] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  425.035737][ T7977] device hsr_slave_0 entered promiscuous mode
[  425.363681][ T8112] xt_addrtype: ipv6 PROHIBIT (THROW, NAT ..) matching not supported
[  426.226643][ T3652] Bluetooth: hci1: command 0x040f tx timeout
[  426.264257][ T3683] usb 2-1: config 0 has 0 interfaces, different from the descriptor's value: 1
[  426.273330][ T3683] usb 2-1: New USB device found, idVendor=1b96, idProduct=000a, bcdDevice= 0.00
[  426.283442][ T3683] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  426.303729][ T3683] usb 2-1: config 0 descriptor??
[  426.357003][ T7977] device hsr_slave_1 entered promiscuous mode
[  426.368591][ T7977] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  426.383387][ T7977] Cannot create hsr debugfs directory
[  426.402636][ T6592] device hsr_slave_0 left promiscuous mode
[  426.427401][ T6592] device hsr_slave_1 left promiscuous mode
[  426.445520][ T6592] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  426.470031][ T6592] batman_adv: batadv0: Removing interface: batadv_slave_0
[  426.487642][ T6592] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  426.500760][ T6592] batman_adv: batadv0: Removing interface: batadv_slave_1
[  426.539318][ T6592] device bridge_slave_1 left promiscuous mode
[  426.566760][ T6592] bridge0: port 2(bridge_slave_1) entered disabled state
[  426.575588][ T6592] device bridge_slave_0 left promiscuous mode
[  426.584086][ T3683] usb 2-1: USB disconnect, device number 8
[  426.625712][ T6592] bridge0: port 1(bridge_slave_0) entered disabled state
[  426.724519][ T6592] device veth1_macvtap left promiscuous mode
[  426.743755][ T6592] device veth0_macvtap left promiscuous mode
[  426.895999][ T8131] xt_addrtype: ipv6 PROHIBIT (THROW, NAT ..) matching not supported
[  428.143598][ T3651] Bluetooth: hci4: Controller not accepting commands anymore: ncmd = 0
[  428.161129][ T3651] Bluetooth: hci4: Injecting HCI hardware error event
[  428.170299][ T3651] Bluetooth: hci4: hardware error 0x00
[  428.201404][ T6592] device veth1_vlan left promiscuous mode
[  428.227000][ T6592] device veth0_vlan left promiscuous mode
[  428.399897][ T8130] netlink: 'syz.1.769': attribute type 3 has an invalid length.
[  428.452275][ T3652] Bluetooth: hci1: command 0x040f tx timeout
[  429.570676][ T8151] netlink: 'syz.0.771': attribute type 3 has an invalid length.
[  430.251634][ T8155] netlink: 8 bytes leftover after parsing attributes in process `syz.0.773'.
[  430.551702][ T6592] team0 (unregistering): Port device team_slave_1 removed
[  430.581519][ T3651] Bluetooth: hci4: Opcode 0x0c03 failed: -110
[  430.627605][ T6592] team0 (unregistering): Port device team_slave_0 removed
[  430.672275][ T6592] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  431.186689][ T6592] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  431.795312][ T6592] bond0 (unregistering): Released all slaves
[  432.006916][ T8124] Bluetooth: hci1: Opcode 0x0c1a failed: -4
[  432.016381][ T8124] Bluetooth: hci1: Opcode 0x0406 failed: -4
[  432.039489][ T8124] Bluetooth: hci1: Suspend notifier action (1) failed: -4
[  434.852542][ T3651] Bluetooth: hci1: command 0x040f tx timeout
[  436.212843][ T8202] netlink: 8 bytes leftover after parsing attributes in process `syz.4.785'.
[  436.282440][ T8203] netlink: 'syz.0.783': attribute type 3 has an invalid length.
[  436.921671][ T3651] Bluetooth: hci1: command 0x040f tx timeout
[  440.816865][ T1271] ieee802154 phy0 wpan0: encryption failed: -22
[  440.823239][ T1271] ieee802154 phy1 wpan1: encryption failed: -22
[  441.538307][ T8229] Can not set IPV6_FL_F_REFLECT if flowlabel_consistency sysctl is enable
[  441.572716][ T8230] loop4: detected capacity change from 0 to 164
[  441.747707][ T8229] device veth0_to_bridge entered promiscuous mode
[  442.904492][ T8242] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration
[  442.977687][ T8225] device veth0_to_bridge left promiscuous mode
[  443.073015][ T8245] xt_addrtype: ipv6 PROHIBIT (THROW, NAT ..) matching not supported
[  443.894598][ T8253] netlink: 8 bytes leftover after parsing attributes in process `syz.0.796'.
[  444.166229][ T8261] IPVS: sync thread started: state = MASTER, mcast_ifn = pimreg, syncid = 0, id = 0
[  444.237250][ T8262] netlink: 'syz.1.798': attribute type 3 has an invalid length.
[  445.117869][ T7977] netdevsim netdevsim3 netdevsim0: renamed from eth0
[  445.136796][ T7977] netdevsim netdevsim3 netdevsim1: renamed from eth1
[  445.168845][ T7977] netdevsim netdevsim3 netdevsim2: renamed from eth2
[  445.209353][ T7977] netdevsim netdevsim3 netdevsim3: renamed from eth3
[  445.544881][ T8276] PKCS7: Unknown OID: [4] 0.38.35.0.951690.11253
[  445.551549][ T8276] PKCS7: Only support pkcs7_signedData type
[  445.886819][   T22] usb 2-1: new high-speed USB device number 9 using dummy_hcd
[  446.325950][ T7977] 8021q: adding VLAN 0 to HW filter on device bond0
[  446.410323][ T6597] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[  446.422416][ T6597] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[  446.454021][ T7977] 8021q: adding VLAN 0 to HW filter on device team0
[  446.475424][ T8274] loop4: detected capacity change from 0 to 8192
[  446.494126][ T6597] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[  446.514622][ T6597] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[  446.546623][ T8274] REISERFS warning:  read_super_block: reiserfs filesystem is deprecated and scheduled to be removed from the kernel in 2025
[  446.564724][ T6597] bridge0: port 1(bridge_slave_0) entered blocking state
[  446.572072][ T6597] bridge0: port 1(bridge_slave_0) entered forwarding state
[  446.576675][ T8274] REISERFS (device loop4): found reiserfs format "3.5" with non-standard journal
[  446.616060][ T6597] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[  446.625444][ T8274] REISERFS (device loop4): using ordered data mode
[  446.647469][ T6597] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[  446.662151][ T8274] reiserfs: using flush barriers
[  446.673567][ T8274] REISERFS (device loop4): journal params: device loop4, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30
[  446.697345][ T6597] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[  446.730281][ T6597] bridge0: port 2(bridge_slave_1) entered blocking state
[  446.737489][ T6597] bridge0: port 2(bridge_slave_1) entered forwarding state
[  446.768277][ T8274] REISERFS (device loop4): checking transaction log (loop4)
[  446.796341][ T8274] REISERFS (device loop4): Using r5 hash to sort names
[  446.822755][ T6597] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[  446.832425][ T8274] REISERFS (device loop4): using 3.5.x disk format
[  446.871130][ T8274] REISERFS (device loop4): Created .reiserfs_priv - reserved for xattr storage.
[  446.886576][   T22] usb 2-1: config index 0 descriptor too short (expected 1292, got 146)
[  447.708444][   T22] usb 2-1: config 0 has an invalid descriptor of length 255, skipping remainder of the config
[  447.894695][ T6597] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[  447.906004][   T22] usb 2-1: config 0 has 0 interfaces, different from the descriptor's value: 12
[  447.924695][ T6597] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[  448.332734][ T6597] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[  448.348335][ T3652] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1
[  448.361465][ T3652] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9
[  448.370598][ T3653] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9
[  448.378911][ T3652] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4
[  448.388018][ T3653] Bluetooth: hci5: unexpected cc 0x0c25 length: 249 > 3
[  448.395334][ T3653] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2
[  448.484965][ T6597] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[  448.512763][ T6597] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[  448.546683][   T22] usb 2-1: New USB device found, idVendor=08b7, idProduct=0000, bcdDevice= 0.00
[  448.556093][   T22] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3
[  448.630962][   T22] usb 2-1: rejected 1 configuration due to insufficient available bus power
[  448.639844][   T22] usb 2-1: no configuration chosen from 1 choice
[  448.696737][   T22] usb 2-1: USB disconnect, device number 9
[  448.704985][ T6597] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[  448.743835][ T6597] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[  449.070876][ T8303] netlink: 'syz.1.807': attribute type 3 has an invalid length.
[  450.033004][ T8304] xt_addrtype: ipv6 PROHIBIT (THROW, NAT ..) matching not supported
[  450.342183][ T6597] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[  450.398203][ T6597] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[  450.452909][ T7977] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[  450.506752][ T3651] Bluetooth: hci5: command tx timeout
[  450.567713][ T6597] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[  450.637674][ T8293] ip6gretap0 speed is unknown, defaulting to 1000
[  451.215046][ T8320] netlink: 'syz.1.810': attribute type 3 has an invalid length.
[  452.289682][   T26] audit: type=1800 audit(581.261:405): pid=8332 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.4.813" name="SYSV00000000" dev="hugetlbfs" ino=2 res=0 errno=0
[  452.414326][ T8339] netlink: 12 bytes leftover after parsing attributes in process `syz.4.814'.
[  452.552447][ T6615] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready
[  452.572452][ T6615] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready
[  452.586728][ T3651] Bluetooth: hci5: command tx timeout
[  452.598728][ T7977] 8021q: adding VLAN 0 to HW filter on device batadv0
[  452.675901][ T8293] chnl_net:caif_netlink_parms(): no params data found
[  452.776625][ T3698] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready
[  452.828135][ T3698] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[  452.950870][ T7977] device veth0_vlan entered promiscuous mode
[  453.046366][ T8356] loop4: detected capacity change from 0 to 8192
[  453.098959][ T8356] REISERFS warning:  read_super_block: reiserfs filesystem is deprecated and scheduled to be removed from the kernel in 2025
[  453.113901][ T8356] REISERFS (device loop4): found reiserfs format "3.5" with non-standard journal
[  453.124114][ T8356] REISERFS (device loop4): using ordered data mode
[  453.131664][ T8356] reiserfs: using flush barriers
[  453.133465][ T6611] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  453.155666][ T8356] REISERFS (device loop4): journal params: device loop4, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30
[  453.180090][ T8356] REISERFS (device loop4): checking transaction log (loop4)
[  453.193607][ T8356] REISERFS (device loop4): Using r5 hash to sort names
[  453.201482][ T8293] bridge0: port 1(bridge_slave_0) entered blocking state
[  453.208891][ T8293] bridge0: port 1(bridge_slave_0) entered disabled state
[  453.217708][ T8356] REISERFS (device loop4): using 3.5.x disk format
[  453.235643][ T8356] REISERFS (device loop4): Created .reiserfs_priv - reserved for xattr storage.
[  453.273721][ T8293] device bridge_slave_0 entered promiscuous mode
[  453.444212][ T6615] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready
[  453.684632][ T6615] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[  454.420442][ T8369] nfs4: Unknown parameter 'context'
[  457.892209][ T3651] Bluetooth: hci5: command tx timeout
[  457.905731][ T7977] device veth1_vlan entered promiscuous mode
[  458.219031][ T6611] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  458.527546][ T8386] xt_addrtype: ipv6 PROHIBIT (THROW, NAT ..) matching not supported
[  458.806168][ T8391] netlink: 'syz.1.820': attribute type 3 has an invalid length.
[  459.690979][ T8293] bridge0: port 2(bridge_slave_1) entered blocking state
[  459.699779][ T8293] bridge0: port 2(bridge_slave_1) entered disabled state
[  459.897758][ T8293] device bridge_slave_1 entered promiscuous mode
[  459.913985][ T6615] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[  459.937334][ T6615] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[  459.947106][ T3651] Bluetooth: hci5: command tx timeout
[  459.956005][ T6615] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready
[  460.028951][   T26] audit: type=1326 audit(589.001:406): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8394 comm="syz.1.822" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe3dab7dff9 code=0x7fc00000
[  460.110665][ T8293] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  460.122270][   T26] audit: type=1326 audit(589.031:407): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8394 comm="syz.1.822" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7fe3dab7dff9 code=0x7fc00000
[  460.218424][ T6611] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  460.448026][ T8293] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  460.750405][   T26] audit: type=1326 audit(589.721:408): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8394 comm="syz.1.822" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe3dab7dff9 code=0x7fc00000
[  460.836583][   T26] audit: type=1326 audit(589.741:409): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8394 comm="syz.1.822" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7fe3dab7dff9 code=0x7fc00000
[  460.874902][   T26] audit: type=1326 audit(589.741:410): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8394 comm="syz.1.822" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe3dab7dff9 code=0x7fc00000
[  460.910471][ T6611] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  460.972821][   T26] audit: type=1326 audit(589.741:411): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8394 comm="syz.1.822" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe3dab7dff9 code=0x7fc00000
[  461.012055][ T7977] device veth0_macvtap entered promiscuous mode
[  461.052966][ T8411] loop7: detected capacity change from 0 to 16384
[  461.080593][ T6597] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready
[  461.086620][   T26] audit: type=1326 audit(589.741:412): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8394 comm="syz.1.822" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe3dab7dff9 code=0x7fc00000
[  461.110222][ T6597] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[  461.117428][   T26] audit: type=1326 audit(589.741:413): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8394 comm="syz.1.822" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe3dab7dff9 code=0x7fc00000
[  461.155789][ T6597] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready
[  461.156096][   T26] audit: type=1326 audit(589.741:414): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8394 comm="syz.1.822" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe3dab7dff9 code=0x7fc00000
[  461.197040][ T7977] device veth1_macvtap entered promiscuous mode
[  461.240171][ T8293] team0: Port device team_slave_0 added
[  461.258581][ T7977] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  461.270171][ T7977] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  461.281149][   T26] audit: type=1326 audit(589.751:415): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8394 comm="syz.1.822" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe3dab7dff9 code=0x7fc00000
[  461.325687][ T7977] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  461.336664][ T7977] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  461.354403][ T7977] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  461.366930][ T7977] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  461.386287][ T7977] batman_adv: batadv0: Interface activated: batadv_slave_0
[  461.397326][ T8416] I/O error, dev loop7, sector 512 op 0x0:(READ) flags 0x80700 phys_seg 32 prio class 2
[  461.409886][ T7977] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  461.441509][ T7977] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  461.454015][ T7977] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  461.465398][ T7977] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  461.476650][ T7977] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  461.488247][ T7977] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  461.499888][ T7977] batman_adv: batadv0: Interface activated: batadv_slave_1
[  461.528388][ T8293] team0: Port device team_slave_1 added
[  461.544699][ T3698] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready
[  461.565875][ T3698] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[  461.587852][ T3698] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
[  461.623323][ T3698] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[  461.647323][ T7977] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  461.656048][ T7977] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  461.693650][ T7977] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  461.716356][ T7977] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  461.811684][ T8293] batman_adv: batadv0: Adding interface: batadv_slave_0
[  461.831136][ T8293] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  461.920821][ T8293] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  462.002795][ T8293] batman_adv: batadv0: Adding interface: batadv_slave_1
[  462.013726][ T8293] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  462.083536][ T8293] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  462.308837][ T8293] device hsr_slave_0 entered promiscuous mode
[  462.333386][ T8293] device hsr_slave_1 entered promiscuous mode
[  462.360028][ T8293] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  462.390941][ T8293] Cannot create hsr debugfs directory
[  462.574084][ T3698] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  462.602936][ T3698] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  462.700787][ T6615] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready
[  462.979174][ T6615] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  463.246958][ T6615] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  463.315512][ T3698] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready
[  464.170943][ T8466] netlink: 'syz.3.831': attribute type 3 has an invalid length.
[  465.894947][ T8474] loop3: detected capacity change from 0 to 164
[  466.282569][ T8481] UBIFS error (pid: 8481): cannot open "(null)", error -22
[  467.847156][ T3689] usb 4-1: new high-speed USB device number 6 using dummy_hcd
[  467.878698][ T8500] netlink: 8 bytes leftover after parsing attributes in process `syz.4.840'.
[  467.936181][ T6611] device hsr_slave_0 left promiscuous mode
[  467.944347][ T6611] device hsr_slave_1 left promiscuous mode
[  467.952417][ T6611] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  467.960371][ T6611] batman_adv: batadv0: Removing interface: batadv_slave_0
[  467.968869][ T6611] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  467.991233][ T6611] batman_adv: batadv0: Removing interface: batadv_slave_1
[  468.023445][ T6611] device bridge_slave_1 left promiscuous mode
[  468.053673][ T6611] bridge0: port 2(bridge_slave_1) entered disabled state
[  468.103512][ T6611] device bridge_slave_0 left promiscuous mode
[  468.132620][ T6611] bridge0: port 1(bridge_slave_0) entered disabled state
[  468.140549][ T3689] usb 4-1: Using ep0 maxpacket: 8
[  468.256636][ T3689] usb 4-1: New USB device found, idVendor=1557, idProduct=7720, bcdDevice=b7.eb
[  468.265802][ T3689] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  468.307171][ T3689] usb 4-1: config 0 descriptor??
[  468.312719][ T6611] device veth1_macvtap left promiscuous mode
[  468.326624][ T6611] device veth0_macvtap left promiscuous mode
[  468.332773][ T6611] device veth1_vlan left promiscuous mode
[  468.351083][ T6611] device veth0_vlan left promiscuous mode
[  470.568811][ T6611] team0 (unregistering): Port device team_slave_1 removed
[  470.673398][ T6611] team0 (unregistering): Port device team_slave_0 removed
[  470.787901][ T6611] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  470.891732][ T6611] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  471.784200][ T6611] bond0 (unregistering): Released all slaves
[  471.936248][ T8293] netdevsim netdevsim2 netdevsim0: renamed from eth0
[  472.002277][ T8537] device batadv_slave_0 entered promiscuous mode
[  472.023700][ T8539] device batadv_slave_0 left promiscuous mode
[  472.047305][ T8293] netdevsim netdevsim2 netdevsim1: renamed from eth1
[  472.069589][ T8293] netdevsim netdevsim2 netdevsim2: renamed from eth2
[  472.117717][ T8293] netdevsim netdevsim2 netdevsim3: renamed from eth3
[  472.446786][ T3689] asix 4-1:0.0 (unnamed net_device) (uninitialized): Failed to read reg index 0x0000: -71
[  472.552533][ T8548] xt_addrtype: ipv6 PROHIBIT (THROW, NAT ..) matching not supported
[  473.059100][ T8293] 8021q: adding VLAN 0 to HW filter on device bond0
[  473.119772][ T3689] asix: probe of 4-1:0.0 failed with error -71
[  473.133150][ T3689] usb 4-1: USB disconnect, device number 6
[  473.169695][ T6592] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[  473.201952][ T6592] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[  473.240715][ T8293] 8021q: adding VLAN 0 to HW filter on device team0
[  473.281298][ T6592] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[  473.337208][ T6592] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[  473.440576][ T8563] loop3: detected capacity change from 0 to 512
[  473.524212][ T8566] netlink: 'syz.4.845': attribute type 3 has an invalid length.
[  474.105264][ T8563] EXT4-fs: Ignoring removed mblk_io_submit option
[  474.131733][ T8563] EXT4-fs (loop3): encrypted files will use data=ordered instead of data journaling mode
[  474.156016][ T6592] bridge0: port 1(bridge_slave_0) entered blocking state
[  474.163284][ T6592] bridge0: port 1(bridge_slave_0) entered forwarding state
[  474.207723][ T6592] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[  474.250475][ T6592] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[  474.314300][ T6592] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[  474.330700][ T8563] EXT4-fs (loop3): 1 truncate cleaned up
[  474.336399][ T8563] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: writeback.
[  474.397258][ T6592] bridge0: port 2(bridge_slave_1) entered blocking state
[  474.404476][ T6592] bridge0: port 2(bridge_slave_1) entered forwarding state
[  474.640166][ T8576] netlink: 'syz.4.848': attribute type 3 has an invalid length.
[  475.357036][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[  475.389881][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[  475.499985][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[  475.561030][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[  475.597564][ T7977] EXT4-fs (loop3): unmounting filesystem.
[  475.625539][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[  475.738494][ T6597] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[  475.747340][ T3651] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1
[  475.758124][ T3651] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9
[  475.758600][ T6597] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[  475.775797][ T3651] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9
[  475.789844][ T3651] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4
[  475.798526][ T3651] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3
[  475.805899][ T3651] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2
[  475.814458][ T6597] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[  475.825663][ T6597] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[  475.841535][ T8293] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[  475.949901][ T8588] fuse: Bad value for 'fd'
[  475.964904][ T8588] 9pnet_fd: Insufficient options for proto=fd
[  475.975060][ T8293] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[  476.016945][ T6597] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[  476.027416][ T6597] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[  476.062240][ T8583] ip6gretap0 speed is unknown, defaulting to 1000
[  476.212876][   T26] kauditd_printk_skb: 4 callbacks suppressed
[  476.212891][   T26] audit: type=1326 audit(605.181:420): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8593 comm="syz.0.853" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f5adc77dff9 code=0x0
[  476.365270][ T8601] team0: Port device macvlan2 added
[  476.386798][ T8583] chnl_net:caif_netlink_parms(): no params data found
[  476.578700][ T8583] bridge0: port 1(bridge_slave_0) entered blocking state
[  476.600656][ T8583] bridge0: port 1(bridge_slave_0) entered disabled state
[  476.615794][ T8583] device bridge_slave_0 entered promiscuous mode
[  476.662795][ T8583] bridge0: port 2(bridge_slave_1) entered blocking state
[  476.690052][ T8583] bridge0: port 2(bridge_slave_1) entered disabled state
[  476.737700][ T8583] device bridge_slave_1 entered promiscuous mode
[  476.774162][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready
[  476.782345][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready
[  476.792427][ T8293] 8021q: adding VLAN 0 to HW filter on device batadv0
[  476.921979][ T8617] xt_addrtype: ipv6 PROHIBIT (THROW, NAT ..) matching not supported
[  477.592222][ T8293] device veth0_vlan entered promiscuous mode
[  477.698506][ T8583] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  477.707998][ T8627] loop4: detected capacity change from 0 to 164
[  477.870701][ T6611] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready
[  477.880857][ T3651] Bluetooth: hci3: command tx timeout
[  477.922928][ T8627] Unable to read rock-ridge attributes
[  477.962416][ T6611] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[  478.066162][ T8627] Unable to read rock-ridge attributes
[  478.077563][ T6611] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready
[  478.121554][ T8627] iso9660: Corrupted directory entry in block 4 of inode 1792
[  478.132656][ T6611] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[  478.162744][ T8632] Unable to read rock-ridge attributes
[  478.176724][ T6611] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[  478.221108][ T8632] iso9660: Corrupted directory entry in block 4 of inode 1792
[  478.233189][ T6611] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[  479.533796][ T8293] device veth1_vlan entered promiscuous mode
[  479.568327][ T8627] Unable to read rock-ridge attributes
[  479.574454][ T8627] iso9660: Corrupted directory entry in block 4 of inode 1792
[  479.579193][ T8583] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  479.610679][ T8624] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  479.779302][ T8293] device veth0_macvtap entered promiscuous mode
[  479.815100][ T8293] device veth1_macvtap entered promiscuous mode
[  479.844984][ T6597] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready
[  479.868320][ T6597] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[  479.945008][ T8640] netlink: 'syz.3.859': attribute type 3 has an invalid length.
[  480.527416][ T3651] Bluetooth: hci3: command tx timeout
[  480.537734][ T6597] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready
[  480.548308][ T6597] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready
[  480.563556][ T8583] team0: Port device team_slave_0 added
[  480.598165][ T8583] team0: Port device team_slave_1 added
[  480.604431][ T8293] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  480.615479][ T8293] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  480.627147][ T8293] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  480.639255][ T8293] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  480.649507][ T8293] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  480.650264][ T8647] loop3: detected capacity change from 0 to 2048
[  480.669550][ T8647] NILFS (loop3): invalid segment: Sequence number mismatch
[  480.673945][ T8293] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  480.676813][ T8647] NILFS (loop3): trying rollback from an earlier position
[  480.698513][ T8647] NILFS (loop3): recovery complete
[  480.711529][ T8293] batman_adv: batadv0: Interface activated: batadv_slave_0
[  480.719850][ T8650] NILFS (loop3): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
[  480.863645][ T8583] batman_adv: batadv0: Adding interface: batadv_slave_0
[  480.888138][ T8583] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  480.938061][ T8583] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  480.951981][ T6592] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready
[  480.968897][ T6592] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[  480.984474][ T8583] batman_adv: batadv0: Adding interface: batadv_slave_1
[  480.992166][ T8583] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  481.675366][ T8583] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  481.762735][ T8293] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  481.879211][ T8661] loop3: detected capacity change from 0 to 1024
[  481.923752][ T8293] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  481.949695][ T8293] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  481.974129][ T8661] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: writeback.
[  481.989015][ T8293] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  482.061481][ T8659] loop4: detected capacity change from 0 to 32768
[  482.076774][ T8293] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  482.087387][ T8293] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  482.098739][ T8293] batman_adv: batadv0: Interface activated: batadv_slave_1
[  482.109356][ T8659] BTRFS: device fsid ed167579-eb65-4e76-9a50-61ac97e9b59d devid 1 transid 8 /dev/loop4 scanned by syz.4.866 (8659)
[  482.197881][ T8659] BTRFS info (device loop4): first mount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d
[  482.208803][ T8659] BTRFS info (device loop4): using sha256 (sha256-avx2) checksum algorithm
[  482.220018][ T8659] BTRFS info (device loop4): doing ref verification
[  482.226764][ T8659] BTRFS info (device loop4): max_inline at 4096
[  482.233059][ T8659] BTRFS info (device loop4): max_inline at 4096
[  482.239451][ T8659] BTRFS info (device loop4): turning off barriers
[  482.246065][ T8659] BTRFS info (device loop4): using free space tree
[  482.248499][ T8583] device hsr_slave_0 entered promiscuous mode
[  482.416495][ T8583] device hsr_slave_1 entered promiscuous mode
[  482.523500][ T8583] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  482.606766][ T3651] Bluetooth: hci3: command tx timeout
[  482.657099][ T8583] Cannot create hsr debugfs directory
[  482.978852][ T7977] EXT4-fs (loop3): unmounting filesystem.
[  483.009609][ T8293] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  483.034875][ T8293] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  483.066192][ T8293] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  483.135243][ T8293] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  483.167296][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
[  483.175717][ T8690] loop3: detected capacity change from 0 to 164
[  483.177492][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[  483.196985][   T26] audit: type=1326 audit(612.171:421): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8658 comm="syz.4.866" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8ed4b7dff9 code=0x7ffc0000
[  483.285502][ T8690] Unable to read rock-ridge attributes
[  483.286016][   T26] audit: type=1326 audit(612.171:422): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8658 comm="syz.4.866" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8ed4b7dff9 code=0x7ffc0000
[  483.337269][ T8690] Unable to read rock-ridge attributes
[  483.359159][ T8690] iso9660: Corrupted directory entry in block 4 of inode 1792
[  483.377048][ T8690] Unable to read rock-ridge attributes
[  483.383460][ T8690] iso9660: Corrupted directory entry in block 4 of inode 1792
[  483.400462][   T26] audit: type=1326 audit(612.171:423): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8658 comm="syz.4.866" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8ed4b7dff9 code=0x7ffc0000
[  483.489916][ T8695] Unable to read rock-ridge attributes
[  483.495458][ T8695] iso9660: Corrupted directory entry in block 4 of inode 1792
[  483.718352][ T3652] Bluetooth: hci1: Malformed MSFT vendor event: 0x02
[  483.737035][   T26] audit: type=1326 audit(612.171:424): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8658 comm="syz.4.866" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8ed4b7dff9 code=0x7ffc0000
[  483.989491][ T8688] netlink: 132 bytes leftover after parsing attributes in process `syz.0.868'.
[  483.998663][   T26] audit: type=1326 audit(612.171:425): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8658 comm="syz.4.866" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8ed4b7dff9 code=0x7ffc0000
[  484.036754][ T8693] netlink: 'syz.0.868': attribute type 21 has an invalid length.
[  484.044589][   T26] audit: type=1326 audit(612.191:426): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8658 comm="syz.4.866" exe="/root/syz-executor" sig=0 arch=c000003e syscall=54 compat=0 ip=0x7f8ed4b7dff9 code=0x7ffc0000
[  484.078734][ T8693] netlink: 128 bytes leftover after parsing attributes in process `syz.0.868'.
[  484.120277][   T26] audit: type=1326 audit(612.191:427): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8658 comm="syz.4.866" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8ed4b7dff9 code=0x7ffc0000
[  484.156793][ T8693] netlink: 'syz.0.868': attribute type 4 has an invalid length.
[  484.172457][   T26] audit: type=1326 audit(612.191:428): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8658 comm="syz.4.866" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8ed4b7dff9 code=0x7ffc0000
[  484.186553][ T8693] netlink: 'syz.0.868': attribute type 5 has an invalid length.
[  484.218861][ T8693] netlink: 3 bytes leftover after parsing attributes in process `syz.0.868'.
[  484.227542][   T26] audit: type=1326 audit(612.191:429): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8658 comm="syz.4.866" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f8ed4b7dff9 code=0x7ffc0000
[  484.262963][   T26] audit: type=1326 audit(612.191:430): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8658 comm="syz.4.866" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8ed4b7dff9 code=0x7ffc0000
[  484.368071][ T6611] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  484.389196][ T6611] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  484.441197][ T6830] BTRFS info (device loop4): last unmount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d
[  484.465562][ T6611] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready
[  484.490127][ T6611] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  484.506491][ T6611] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  484.543258][ T8583] bond0: (slave netdevsim0): Releasing backup interface
[  484.631775][ T6597] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready
[  484.666745][ T3652] Bluetooth: hci3: command tx timeout
[  484.704218][ T8705] loop3: detected capacity change from 0 to 8192
[  484.773927][ T8705] REISERFS warning:  read_super_block: reiserfs filesystem is deprecated and scheduled to be removed from the kernel in 2025
[  484.802349][ T8705] REISERFS (device loop3): found reiserfs format "3.5" with non-standard journal
[  484.812789][ T8705] REISERFS (device loop3): using ordered data mode
[  484.820518][ T8705] reiserfs: using flush barriers
[  484.831676][ T8705] REISERFS (device loop3): journal params: device loop3, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30
[  484.848397][ T8705] REISERFS (device loop3): checking transaction log (loop3)
[  484.860265][ T8705] REISERFS (device loop3): Using r5 hash to sort names
[  484.867291][ T8705] REISERFS (device loop3): using 3.5.x disk format
[  484.874367][ T8705] REISERFS (device loop3): Created .reiserfs_priv - reserved for xattr storage.
[  485.118725][ T8721] syz.0.875 calls setitimer() with new_value NULL pointer. Misfeature support will be removed
[  485.784432][ T8583] netdevsim netdevsim1 netdevsim0: renamed from eth0
[  485.819015][ T8583] netdevsim netdevsim1 netdevsim1: renamed from eth1
[  485.870884][ T8583] netdevsim netdevsim1 netdevsim2: renamed from eth2
[  485.919649][ T8583] netdevsim netdevsim1 netdevsim3: renamed from eth3
[  486.261899][ T8583] 8021q: adding VLAN 0 to HW filter on device bond0
[  486.309697][ T8745] loop4: detected capacity change from 0 to 512
[  486.322637][ T8747] IPVS: sync thread started: state = MASTER, mcast_ifn = pimreg, syncid = 0, id = 0
[  486.363006][ T8745] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled
[  486.390932][ T8745] EXT4-fs (loop4): feature flags set on rev 0 fs, running e2fsck is recommended
[  486.402970][ T6611] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[  486.418856][ T6611] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[  486.432536][ T8583] 8021q: adding VLAN 0 to HW filter on device team0
[  486.455110][ T8745] EXT4-fs (loop4): orphan cleanup on readonly fs
[  486.462028][ T3747] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[  486.500117][ T3747] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[  486.510492][ T8745] EXT4-fs warning (device loop4): ext4_enable_quotas:7035: Failed to enable quota tracking (type=1, err=-117, ino=4). Please run e2fsck to fix.
[  486.534070][ T3747] bridge0: port 1(bridge_slave_0) entered blocking state
[  486.541247][ T3747] bridge0: port 1(bridge_slave_0) entered forwarding state
[  486.595424][ T8745] EXT4-fs (loop4): Cannot turn on quotas: error -117
[  486.605462][ T8745] EXT4-fs (loop4): 1 truncate cleaned up
[  486.611263][ T8745] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: writeback.
[  486.621641][ T8745] EXT4-fs (loop4): unmounting filesystem.
[  486.657832][ T3747] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[  486.772235][ T3747] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[  486.784291][ T3747] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[  486.808925][ T3747] bridge0: port 2(bridge_slave_1) entered blocking state
[  486.816108][ T3747] bridge0: port 2(bridge_slave_1) entered forwarding state
[  486.834561][ T3747] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[  489.753376][ T3747] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[  489.832863][ T6597] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[  489.892782][ T6597] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[  489.924192][ T6597] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[  489.933096][ T6597] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[  489.970454][ T6597] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[  490.000956][ T6597] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[  490.093829][ T8782] kvm: vcpu 0: requested 32 ns lapic timer period limited to 200000 ns
[  490.104562][ T6597] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[  490.171771][ T8583] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[  490.215090][ T8583] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[  490.248034][ T6597] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[  490.257484][ T8782] xt_hashlimit: Unknown mode mask 312C7057, kernel too old?
[  490.265455][ T6597] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[  490.917045][ T6615] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready
[  490.924777][ T6615] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready
[  490.964941][ T8583] 8021q: adding VLAN 0 to HW filter on device batadv0
[  491.053565][ T3698] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready
[  491.099723][ T3698] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[  491.142222][ T8814] ip6gretap0 speed is unknown, defaulting to 1000
[  491.156118][ T8583] device veth0_vlan entered promiscuous mode
[  491.163149][ T3698] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready
[  491.172836][ T3698] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[  491.190044][ T3698] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[  491.202304][ T3698] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[  491.448057][ T8583] device veth1_vlan entered promiscuous mode
[  492.011154][ T6615] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready
[  492.084273][ T6615] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready
[  492.151310][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready
[  492.167236][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[  492.217597][ T8583] device veth0_macvtap entered promiscuous mode
[  492.241369][ T8583] device veth1_macvtap entered promiscuous mode
[  492.317689][ T8583] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  492.335677][ T8583] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  492.385854][ T8583] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  492.553171][ T8583] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  492.678610][ T8583] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  492.804729][ T8583] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  492.861554][ T8583] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  492.872687][ T8583] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  492.921265][ T8583] batman_adv: batadv0: Interface activated: batadv_slave_0
[  492.997136][ T3698] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready
[  493.012112][ T3698] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready
[  494.020095][ T3698] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready
[  494.071480][ T3698] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[  494.096133][ T8583] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  494.131858][ T8583] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  494.142567][ T8583] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  494.198508][ T8583] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  494.246983][ T8583] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  494.276659][ T8583] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  494.296562][ T8583] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  494.313233][ T8583] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  494.327678][ T8583] batman_adv: batadv0: Interface activated: batadv_slave_1
[  494.360285][   T26] kauditd_printk_skb: 38 callbacks suppressed
[  494.360301][   T26] audit: type=1326 audit(623.331:468): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8842 comm="syz.4.896" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f8ed4b7dff9 code=0x0
[  494.386086][ T8583] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  494.404618][ T8583] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  494.413800][ T8583] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  494.464102][ T8583] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  494.472412][ T8856] netlink: 4 bytes leftover after parsing attributes in process `syz.0.900'.
[  494.487725][ T3747] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
[  494.502305][ T3747] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[  495.229216][ T6606] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  495.336135][ T6606] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  495.389855][ T6592] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  495.458013][ T6592] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  495.578417][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready
[  495.639160][ T8871] loop4: detected capacity change from 0 to 512
[  495.646094][ T8871] ext4: Unknown parameter 'noacl'
[  495.677967][ T6615] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready
[  495.702593][ T8552] I/O error, dev loop4, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2
[  495.724207][ T8871] usb usb9: Requested nonsensical USBDEVFS_URB_ZERO_PACKET.
[  495.739904][ T8869] sp0: Synchronizing with TNC
[  495.905147][ T8873] loop4: detected capacity change from 0 to 128
[  496.025948][ T8873] UDF-fs: error (device loop4): udf_read_tagged: read failed, block=256, location=256
[  496.057865][ T8872] Cannot find set identified by id 0 to match
[  496.180581][   T26] audit: type=1800 audit(625.151:469): pid=8873 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.4.906" name="file3" dev="loop4" ino=95 res=0 errno=0
[  496.444392][ T8881] loop3: detected capacity change from 0 to 128
[  496.470185][ T8881] FAT-fs (loop3): utf8 is not a recommended IO charset for FAT filesystems, filesystem will be case sensitive!
[  496.535410][ T8881] FAT-fs (loop3): bogus number of FAT sectors
[  496.555717][ T8881] FAT-fs (loop3): Can't find a valid FAT filesystem
[  497.645118][   T26] audit: type=1326 audit(626.611:470): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8875 comm="syz.3.916" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb2d757dff9 code=0x7fc00000
[  498.087857][ T8897] loop4: detected capacity change from 0 to 512
[  498.453016][ T3651] Bluetooth: hci1: unexpected event for opcode 0x2039
[  498.632430][ T8897] Quota error (device loop4): find_tree_dqentry: Cycle in quota tree detected: block 1 index 0
[  498.643766][ T8897] Quota error (device loop4): qtree_read_dquot: Can't read quota structure for id 0
[  498.653168][ T8897] EXT4-fs error (device loop4): ext4_acquire_dquot:6800: comm syz.4.909: Failed to acquire dquot type 0
[  498.677943][ T8897] Quota error (device loop4): find_tree_dqentry: Cycle in quota tree detected: block 1 index 0
[  498.688382][ T8897] Quota error (device loop4): qtree_read_dquot: Can't read quota structure for id 0
[  498.697849][ T8897] EXT4-fs error (device loop4): ext4_acquire_dquot:6800: comm syz.4.909: Failed to acquire dquot type 0
[  498.721107][ T8897] EXT4-fs error (device loop4): ext4_validate_block_bitmap:438: comm syz.4.909: bg 0: block 205: padding at end of block bitmap is not set
[  498.750629][ T8897] EXT4-fs error (device loop4) in ext4_mb_clear_bb:6172: Corrupt filesystem
[  498.762534][ T8897] Quota error (device loop4): find_tree_dqentry: Cycle in quota tree detected: block 1 index 0
[  498.773543][ T8897] Quota error (device loop4): qtree_read_dquot: Can't read quota structure for id 0
[  498.783053][ T8897] EXT4-fs error (device loop4): ext4_acquire_dquot:6800: comm syz.4.909: Failed to acquire dquot type 0
[  498.811480][ T8897] EXT4-fs (loop4): 1 orphan inode deleted
[  498.817326][ T8897] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: writeback.
[  499.140372][ T6830] EXT4-fs (loop4): unmounting filesystem.
[  499.230893][ T8919] netlink: 703 bytes leftover after parsing attributes in process `syz.2.914'.
[  499.248791][   T26] audit: type=1326 audit(628.221:471): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8916 comm="syz.2.914" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f5a04b7dff9 code=0x0
[  499.981597][ T8922] tipc: Started in network mode
[  499.989374][ T3651] Bluetooth: latency 2018 > 499
[  499.997007][ T8922] tipc: Node identity 621ef5d6aab6, cluster identity 4711
[  499.997152][ T8922] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  500.504619][ T8933] "syz.0.919" (8933) uses obsolete ecb(arc4) skcipher
[  502.460774][ T1271] ieee802154 phy0 wpan0: encryption failed: -22
[  502.460898][ T1271] ieee802154 phy1 wpan1: encryption failed: -22
[  503.597987][ T3651] Bluetooth: hci5: command tx timeout
[  503.612717][ T8716] tipc: Node number set to 3366516182
[  503.717846][ T8922] tipc: Disabling bearer <eth:syzkaller0>
[  505.775703][   T26] audit: type=1326 audit(634.161:472): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8935 comm="syz.2.920" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5a04b7dff9 code=0x7fc00000
[  505.889294][   T26] audit: type=1326 audit(634.631:473): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8935 comm="syz.2.920" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7f5a04b7dff9 code=0x7fc00000
[  506.095473][ T8961] netlink: 'syz.3.925': attribute type 2 has an invalid length.
[  507.575847][ T8963] overlayfs: conflicting lowerdir path
[  510.492582][ T8972] sp0: Synchronizing with TNC
[  510.825058][ T8985] Cannot find set identified by id 0 to match
[  510.865647][ T8974] af_packet: tpacket_rcv: packet too big, clamped from 70 to 4294967286. macoff=82
[  512.128999][ T8994] loop4: detected capacity change from 0 to 1024
[  512.233239][ T8996] smc: net device vlan0 applied user defined pnetid SYZ1
[  512.254263][ T8996] smc: net device bridge_slave_0 applied user defined pnetid SYZ1
[  512.273127][ T8994] [EXT4 FS bs=1024, gc=1, bpg=131072, ipg=32, mo=a000c118, mo2=0002]
[  512.282709][ T8994] System zones: 0-1, 3-12
[  512.304432][ T8994] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: none.
[  512.361941][   T26] audit: type=1800 audit(641.331:474): pid=8994 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.4.934" name="bus" dev="loop4" ino=18 res=0 errno=0
[  512.914338][ T6830] EXT4-fs (loop4): unmounting filesystem.
[  513.401588][   T26] audit: type=1326 audit(642.371:475): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9009 comm="syz.4.938" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f8ed4b7dff9 code=0x0
[  514.597429][ T9027] netlink: 'syz.4.943': attribute type 5 has an invalid length.
[  514.661341][ T9027] 9pnet_fd: p9_fd_create_tcp (9027): problem connecting socket to 127.0.0.1
[  514.773239][ T9036] (unnamed net_device) (uninitialized): option mode: invalid value (254)
[  514.790485][ T3652] Bluetooth: hci1: unexpected event for opcode 0x0c0d
[  515.070376][   T26] audit: type=1326 audit(644.031:476): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9044 comm="syz.1.948" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc51cb7dff9 code=0x7ffc0000
[  515.099089][ T9047] 9pnet_fd: Insufficient options for proto=fd
[  515.207307][   T26] audit: type=1326 audit(644.031:477): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9044 comm="syz.1.948" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc51cb7dff9 code=0x7ffc0000
[  515.278018][ T9047] loop4: detected capacity change from 0 to 2048
[  515.353922][ T9047] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000)
[  515.366715][   T26] audit: type=1326 audit(644.031:478): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9044 comm="syz.1.948" exe="/root/syz-executor" sig=0 arch=c000003e syscall=319 compat=0 ip=0x7fc51cb7dff9 code=0x7ffc0000
[  515.494633][ T9043] loop3: detected capacity change from 0 to 65536
[  515.497178][   T26] audit: type=1326 audit(644.031:479): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9044 comm="syz.1.948" exe="/root/syz-executor" sig=0 arch=c000003e syscall=9 compat=0 ip=0x7fc51cb7e033 code=0x7ffc0000
[  515.586322][   T26] audit: type=1326 audit(644.101:480): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9044 comm="syz.1.948" exe="/root/syz-executor" sig=0 arch=c000003e syscall=1 compat=0 ip=0x7fc51cb7cadf code=0x7ffc0000
[  515.611636][   T26] audit: type=1326 audit(644.161:481): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9044 comm="syz.1.948" exe="/root/syz-executor" sig=0 arch=c000003e syscall=11 compat=0 ip=0x7fc51cb7e087 code=0x7ffc0000
[  515.646861][ T9043] XFS (loop3): Mounting V5 Filesystem
[  515.726734][   T26] audit: type=1326 audit(644.161:482): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9044 comm="syz.1.948" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7fc51cb7c990 code=0x7ffc0000
[  515.790306][   T26] audit: type=1326 audit(644.161:483): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9044 comm="syz.1.948" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7fc51cb7dbfb code=0x7ffc0000
[  515.804834][ T9043] XFS (loop3): Ending clean mount
[  515.829349][ T9043] XFS (loop3): Quotacheck needed: Please wait.
[  515.942847][ T9043] XFS (loop3): Quotacheck: Done.
[  516.000793][ T9066] netlink: 4 bytes leftover after parsing attributes in process `syz.4.951'.
[  516.350073][ T9070] device wg1 entered promiscuous mode
[  518.427303][ T9071] sd 0:0:1:0: device reset
[  518.504849][ T9066] loop4: detected capacity change from 0 to 512
[  518.633777][ T9066] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: writeback.
[  518.688518][ T7977] XFS (loop3): Unmounting Filesystem
[  518.826697][ T3652] Bluetooth: hci1: Controller not accepting commands anymore: ncmd = 0
[  518.836340][ T3652] Bluetooth: hci1: Injecting HCI hardware error event
[  518.848763][ T3651] Bluetooth: hci1: hardware error 0x00
[  518.888904][ T6830] EXT4-fs (loop4): unmounting filesystem.
[  520.906570][ T3651] Bluetooth: hci1: Opcode 0x0c03 failed: -110
[  523.583899][ T3651] Bluetooth: Frame is too long (len 16, expected len 4)
[  523.704063][ T9116] netlink: 24 bytes leftover after parsing attributes in process `syz.3.962'.
[  523.977367][ T9116] netlink: 4 bytes leftover after parsing attributes in process `syz.3.962'.
[  524.076929][   T22] usb 1-1: new high-speed USB device number 4 using dummy_hcd
[  524.419441][ T9116] netlink: 164 bytes leftover after parsing attributes in process `syz.3.962'.
[  524.496809][   T22] usb 1-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  524.604306][ T3652] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1
[  524.615842][ T3652] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9
[  524.636824][ T3652] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9
[  524.649094][ T3652] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4
[  524.735703][   T22] usb 1-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[  524.746652][ T3652] Bluetooth: hci4: unexpected cc 0x0c25 length: 249 > 3
[  524.754098][ T3652] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2
[  524.816692][   T22] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  524.856636][   T22] usb 1-1: Product: syz
[  524.860831][   T22] usb 1-1: Manufacturer: syz
[  524.865422][   T22] usb 1-1: SerialNumber: syz
[  524.951710][ T9129] UBIFS error (pid: 9129): cannot open "(null)", error -22
[  525.205805][ T9127] loop4: detected capacity change from 0 to 65536
[  525.952145][ T9127] XFS (loop4): Mounting V5 Filesystem
[  525.980381][ T9124] ip6gretap0 speed is unknown, defaulting to 1000
[  526.040368][ T9127] XFS (loop4): Ending clean mount
[  526.058561][ T6615] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  526.074484][ T9127] XFS (loop4): Quotacheck needed: Please wait.
[  526.107960][   T22] cdc_ncm 1-1:1.0: failed GET_NTB_PARAMETERS
[  526.122591][   T22] cdc_ncm 1-1:1.0: bind() failure
[  526.141656][   T22] cdc_ncm 1-1:1.1: CDC Union missing and no IAD found
[  526.163180][   T22] cdc_ncm 1-1:1.1: bind() failure
[  526.192317][ T9127] XFS (loop4): Quotacheck: Done.
[  526.397670][ T6615] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  526.548758][ T9146] sd 0:0:1:0: device reset
[  526.866614][ T3652] Bluetooth: hci4: command tx timeout
[  526.913630][ T6615] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  527.052733][ T6830] XFS (loop4): Unmounting Filesystem
[  527.278467][ T6615] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  527.947989][ T8718] usb 1-1: USB disconnect, device number 4
[  528.908650][ T3653] Bluetooth: hci4: command tx timeout
[  529.241811][ T9124] chnl_net:caif_netlink_parms(): no params data found
[  529.252824][ T9157] netlink: 4 bytes leftover after parsing attributes in process `syz.1.970'.
[  530.026581][ T9177] overlayfs: conflicting lowerdir path
[  531.021005][ T3653] Bluetooth: hci4: command tx timeout
[  531.634582][ T9184] fuse: Unknown parameter '0x0000000000000005'
[  531.799108][ T9188] loop4: detected capacity change from 0 to 128
[  531.875211][ T9188] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: none.
[  531.933977][ T9191] netlink: 24 bytes leftover after parsing attributes in process `syz.3.975'.
[  532.001974][ T9188] EXT4-fs (loop4): re-mounted. Quota mode: none.
[  532.168587][ T9124] bridge0: port 1(bridge_slave_0) entered blocking state
[  532.176146][ T9124] bridge0: port 1(bridge_slave_0) entered disabled state
[  532.211731][ T9124] device bridge_slave_0 entered promiscuous mode
[  532.325178][ T6830] EXT4-fs (loop4): unmounting filesystem.
[  532.362846][ T9124] bridge0: port 2(bridge_slave_1) entered blocking state
[  532.370622][ T9124] bridge0: port 2(bridge_slave_1) entered disabled state
[  532.395067][ T9201] loop0: detected capacity change from 0 to 128
[  532.418924][ T9124] device bridge_slave_1 entered promiscuous mode
[  532.476820][ T9201] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: none.
[  532.598955][ T9205] UBIFS error (pid: 9205): cannot open "(null)", error -22
[  532.638071][ T9201] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration
[  532.804192][ T9124] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  532.843369][ T9124] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  532.892838][ T9199] ip6gretap0 speed is unknown, defaulting to 1000
[  532.905288][ T9210] EXT4-fs (loop0): re-mounted. Quota mode: none.
[  533.066560][ T3652] Bluetooth: hci4: command tx timeout
[  533.095448][ T9124] team0: Port device team_slave_0 added
[  533.116747][ T9124] team0: Port device team_slave_1 added
[  533.262653][ T9124] batman_adv: batadv0: Adding interface: batadv_slave_0
[  533.275797][ T5590] EXT4-fs (loop0): unmounting filesystem.
[  533.289873][ T9124] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  533.427399][ T9124] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  533.474575][ T9124] batman_adv: batadv0: Adding interface: batadv_slave_1
[  533.492031][ T9124] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  533.743855][ T9124] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  534.795053][ T9124] device hsr_slave_0 entered promiscuous mode
[  534.817690][ T9124] device hsr_slave_1 entered promiscuous mode
[  534.844842][   T26] kauditd_printk_skb: 10 callbacks suppressed
[  534.844864][   T26] audit: type=1326 audit(663.811:494): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9238 comm="syz.4.982" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f8ed4b7dff9 code=0x0
[  534.889017][ T9124] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  534.977406][ T9124] Cannot create hsr debugfs directory
[  535.098576][ T9244] netlink: 68 bytes leftover after parsing attributes in process `syz.1.983'.
[  535.527806][   T26] audit: type=1326 audit(664.501:495): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9238 comm="syz.4.982" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f8ed4b7dff9 code=0x0
[  535.701374][ T9245] netlink: 'syz.1.983': attribute type 10 has an invalid length.
[  535.723732][ T9245] bridge0: port 3(team0) entered blocking state
[  535.730241][ T9245] bridge0: port 3(team0) entered disabled state
[  535.774826][ T9245] device team0 entered promiscuous mode
[  535.816913][ T9245] device team_slave_0 entered promiscuous mode
[  535.846237][ T9245] device team_slave_1 entered promiscuous mode
[  535.854345][ T9245] bridge0: port 3(team0) entered blocking state
[  535.860718][ T9245] bridge0: port 3(team0) entered forwarding state
[  535.939788][ T6615] device hsr_slave_0 left promiscuous mode
[  535.949409][ T6615] device hsr_slave_1 left promiscuous mode
[  535.964346][ T6615] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  535.991112][ T6615] batman_adv: batadv0: Removing interface: batadv_slave_0
[  536.029738][ T6615] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  536.058799][ T6615] batman_adv: batadv0: Removing interface: batadv_slave_1
[  536.079660][ T6615] device bridge_slave_1 left promiscuous mode
[  536.102336][ T6615] bridge0: port 2(bridge_slave_1) entered disabled state
[  536.112528][ T9255] TCP: request_sock_TCPv6: Possible SYN flooding on port 20002. Sending cookies.  Check SNMP counters.
[  536.171794][ T6615] device bridge_slave_0 left promiscuous mode
[  536.184793][ T9244] infiniband syz0: set active
[  536.188341][ T6615] bridge0: port 1(bridge_slave_0) entered disabled state
[  536.198888][ T9244] infiniband syz0: added bond_slave_0
[  536.204615][ T9244] rdma_rxe: unable to create cq
[  536.210673][ T9244] infiniband syz0: Couldn't create ib_mad CQ
[  536.219765][ T9244] infiniband syz0: Couldn't open port 1
[  536.255949][ T9244] RDS/IB: syz0: added
[  536.266120][ T9244] smc: adding ib device syz0 with port count 1
[  536.282875][ T9244] smc:    ib device syz0 port 1 has pnetid 
[  536.313140][ T6615] device veth1_macvtap left promiscuous mode
[  536.319450][ T6615] device veth0_macvtap left promiscuous mode
[  536.325636][ T6615] device veth1_vlan left promiscuous mode
[  536.333066][ T6615] device veth0_vlan left promiscuous mode
[  536.454274][ T3683] usb 5-1: new high-speed USB device number 5 using dummy_hcd
[  536.846799][ T3683] usb 5-1: config 0 has an invalid interface number: 222 but max is 0
[  536.858479][ T3683] usb 5-1: config 0 has no interface number 0
[  536.870405][ T3683] usb 5-1: too many endpoints for config 0 interface 222 altsetting 195: 227, using maximum allowed: 30
[  536.888105][ T3683] usb 5-1: config 0 interface 222 altsetting 195 has 0 endpoint descriptors, different from the interface descriptor's value: 227
[  536.916239][ T3683] usb 5-1: config 0 interface 222 has no altsetting 0
[  536.934189][ T3683] usb 5-1: New USB device found, idVendor=9710, idProduct=7730, bcdDevice=96.33
[  536.946968][ T3683] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  536.980078][ T3683] usb 5-1: config 0 descriptor??
[  537.096282][ T6615] team0 (unregistering): Port device team_slave_1 removed
[  537.154585][ T6615] team0 (unregistering): Port device team_slave_0 removed
[  537.203658][ T6615] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  537.263961][ T6615] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  537.469029][ T3683] usb 5-1: string descriptor 0 read error: -32
[  537.636741][ T3683] usb 5-1: Cannot read MAC address
[  537.642738][ T3683] MOSCHIP usb-ethernet driver: probe of 5-1:0.222 failed with error -71
[  537.790441][ T3683] usb 5-1: USB disconnect, device number 5
[  538.290179][ T6615] bond0 (unregistering): Released all slaves
[  538.487830][ T9271] loop4: detected capacity change from 0 to 256
[  539.701819][ T9285] netlink: 4 bytes leftover after parsing attributes in process `syz.0.991'.
[  541.042005][ T9124] netdevsim netdevsim2 netdevsim0: renamed from eth0
[  541.116182][ T9124] netdevsim netdevsim2 netdevsim1: renamed from eth1
[  541.185721][ T9124] netdevsim netdevsim2 netdevsim2: renamed from eth2
[  541.217226][ T9124] netdevsim netdevsim2 netdevsim3: renamed from eth3
[  541.553934][ T9124] 8021q: adding VLAN 0 to HW filter on device bond0
[  541.624645][ T9306] loop4: detected capacity change from 0 to 512
[  541.652667][ T9309] UBIFS error (pid: 9309): cannot open "(null)", error -22
[  541.669189][ T3929] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[  542.581057][ T8968] I/O error, dev loop4, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2
[  542.690706][ T3929] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[  542.803976][ T9325] netlink: 'syz.0.996': attribute type 3 has an invalid length.
[  543.341403][ T9124] 8021q: adding VLAN 0 to HW filter on device team0
[  543.498665][ T9326] device wireguard0 entered promiscuous mode
[  543.711881][ T9344] netlink: 20 bytes leftover after parsing attributes in process `syz.0.999'.
[  543.727792][ T3749] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[  543.879953][ T9347] xt_addrtype: ipv6 PROHIBIT (THROW, NAT ..) matching not supported
[  543.930901][ T3749] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[  544.484614][ T3749] bridge0: port 1(bridge_slave_0) entered blocking state
[  544.491819][ T3749] bridge0: port 1(bridge_slave_0) entered forwarding state
[  544.536900][    C1] sd 0:0:1:0: [sda] tag#70 FAILED Result: hostbyte=DID_ERROR driverbyte=DRIVER_OK cmd_age=0s
[  544.547245][    C1] sd 0:0:1:0: [sda] tag#70 CDB: Read(6) 08 00 00 00 00 00 00 00 8b 00 00 01
[  544.878014][ T9355] netlink: 'syz.3.1001': attribute type 3 has an invalid length.
[  546.065614][ T9365] xt_CT: You must specify a L4 protocol and not use inversions on it
[  546.204002][ T9367] kernel profiling enabled (shift: 17)
[  546.854428][ T3749] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[  546.884427][ T3749] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[  546.911845][ T3749] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[  546.947492][ T3749] bridge0: port 2(bridge_slave_1) entered blocking state
[  546.954614][ T3749] bridge0: port 2(bridge_slave_1) entered forwarding state
[  547.030620][ T3749] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[  547.079239][ T3749] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[  547.209251][ T3749] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[  547.290683][ T3749] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[  547.365049][ T3749] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[  547.394623][ T3749] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[  547.403969][ T3749] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[  547.749889][ T3749] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[  547.771076][ T9124] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[  547.813488][ T9124] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[  547.929258][ T3749] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[  547.995089][ T3749] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[  548.050424][ T3749] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[  548.419205][ T9402] netlink: 'syz.3.1008': attribute type 3 has an invalid length.
[  549.267202][ T3929] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready
[  549.274730][ T3929] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready
[  549.298189][ T9124] 8021q: adding VLAN 0 to HW filter on device batadv0
[  549.421186][ T9412] xt_addrtype: ipv6 PROHIBIT (THROW, NAT ..) matching not supported
[  550.110701][ T6597] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready
[  550.140292][ T9418] loop4: detected capacity change from 0 to 128
[  550.150502][ T6597] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[  550.201296][ T9421] i2c i2c-0: Invalid block write size 34
[  550.210267][ T9418] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: none.
[  550.249306][ T6597] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready
[  550.287769][ T6597] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[  550.345502][ T9124] device veth0_vlan entered promiscuous mode
[  550.367584][ T6597] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[  550.523480][ T6597] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[  551.206951][ T6830] EXT4-fs (loop4): unmounting filesystem.
[  551.258455][ T9124] device veth1_vlan entered promiscuous mode
[  551.394352][ T6592] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready
[  551.418114][ T6592] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[  551.444791][ T9124] device veth0_macvtap entered promiscuous mode
[  551.484011][ T9124] device veth1_macvtap entered promiscuous mode
[  551.526190][ T9444] loop3: detected capacity change from 0 to 128
[  551.628480][ T9124] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  551.661129][ T9124] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  551.673939][ T9444] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: none.
[  551.692765][ T9124] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  551.736416][ T9444] syz.3.1016 (pid 9444) is setting deprecated v1 encryption policy; recommend upgrading to v2.
[  551.744885][ T9124] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  551.778695][ T9124] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  551.809761][ T9124] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  551.843971][ T9124] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  551.881441][ T9124] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  551.917706][ T9124] batman_adv: batadv0: Interface activated: batadv_slave_0
[  551.950993][ T3898] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready
[  551.967198][ T3898] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready
[  552.004914][ T3898] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[  552.069190][ T9124] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  552.117661][ T9124] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  552.151476][ T9124] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  552.173731][ T9124] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  552.250848][ T9124] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  552.320145][ T9124] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  552.357652][ T9444] fscrypt (loop3, inode 12): Missing crypto API support for AES-256-CTS-CBC (API name: "cts(cbc(aes))")
[  552.432270][ T9124] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  552.483932][ T9124] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  552.517195][ T9124] batman_adv: batadv0: Interface activated: batadv_slave_1
[  552.553860][ T7977] EXT4-fs (loop3): unmounting filesystem.
[  552.638060][ T6597] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
[  552.668621][ T6597] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[  553.019134][ T9477] loop3: detected capacity change from 0 to 256
[  553.655796][ T9124] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  553.690361][ T9124] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  553.699721][ T9124] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  553.716186][ T9124] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  554.357740][ T9497] xt_addrtype: ipv6 PROHIBIT (THROW, NAT ..) matching not supported
[  555.732088][ T6597] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  555.753279][ T6597] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  555.831882][ T9510] ip6gretap0 speed is unknown, defaulting to 1000
[  556.144285][ T6611] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  556.257792][ T6611] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  556.412301][ T6597] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready
[  556.469738][ T6597] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready
[  557.082805][ T9524] loop0: detected capacity change from 0 to 1024
[  557.149026][ T9519] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1026'.
[  557.167503][ T9524] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: writeback.
[  557.282293][ T9524] EXT4-fs warning (device loop0): empty_inline_dir:1851: bad inline directory (dir #12) - no `..'
[  557.402771][ T5590] EXT4-fs (loop0): unmounting filesystem.
[  557.749115][ T9539] loop4: detected capacity change from 0 to 512
[  557.829134][ T9540] "syz.0.1029" (9540) uses obsolete ecb(arc4) skcipher
[  558.475637][ T9539] EXT4-fs (loop4): mounting ext3 file system using the ext4 subsystem
[  559.017349][    C1] sd 0:0:1:0: [sda] tag#83 FAILED Result: hostbyte=DID_ERROR driverbyte=DRIVER_OK cmd_age=0s
[  559.027662][    C1] sd 0:0:1:0: [sda] tag#83 CDB: Read(6) 08 00 00 00 00 00 00 00 8b 00 00 01
[  560.485684][ T9539] EXT4-fs (loop4): failed to open journal device unknown-block(0,0) -6
[  560.802271][ T9559] xt_addrtype: ipv6 PROHIBIT (THROW, NAT ..) matching not supported
[  561.335231][ T3653] Bluetooth: hci4: Controller not accepting commands anymore: ncmd = 0
[  561.344422][ T3653] Bluetooth: hci4: Injecting HCI hardware error event
[  561.354062][ T3653] Bluetooth: hci4: hardware error 0x00
[  561.925694][   T26] audit: type=1326 audit(690.891:496): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9570 comm="syz.2.1038" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4e3437dff9 code=0x7ffc0000
[  561.994077][   T26] audit: type=1326 audit(690.931:497): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9570 comm="syz.2.1038" exe="/root/syz-executor" sig=0 arch=c000003e syscall=13 compat=0 ip=0x7f4e3437dff9 code=0x7ffc0000
[  562.033222][   T26] audit: type=1326 audit(690.931:498): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9570 comm="syz.2.1038" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4e3437dff9 code=0x7ffc0000
[  562.071102][   T26] audit: type=1326 audit(690.931:499): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9570 comm="syz.2.1038" exe="/root/syz-executor" sig=0 arch=c000003e syscall=319 compat=0 ip=0x7f4e3437dff9 code=0x7ffc0000
[  562.927395][ T1271] ieee802154 phy0 wpan0: encryption failed: -22
[  562.933991][ T1271] ieee802154 phy1 wpan1: encryption failed: -22
[  563.369668][   T26] audit: type=1326 audit(690.931:500): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9570 comm="syz.2.1038" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4e3437dff9 code=0x7ffc0000
[  563.453286][   T26] audit: type=1326 audit(690.931:501): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9570 comm="syz.2.1038" exe="/root/syz-executor" sig=0 arch=c000003e syscall=285 compat=0 ip=0x7f4e3437dff9 code=0x7ffc0000
[  563.512497][   T26] audit: type=1326 audit(690.931:502): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9570 comm="syz.2.1038" exe="/root/syz-executor" sig=0 arch=c000003e syscall=96 compat=0 ip=0xffffffffff600000 code=0x7ffc0000
[  563.535020][   T26] audit: type=1326 audit(690.931:503): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9570 comm="syz.2.1038" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4e3437dff9 code=0x7ffc0000
[  563.565840][   T26] audit: type=1326 audit(690.931:504): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9570 comm="syz.2.1038" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f4e3437dff9 code=0x7ffc0000
[  563.566815][ T3653] Bluetooth: hci4: Opcode 0x0c03 failed: -110
[  563.658802][ T9594] loop3: detected capacity change from 0 to 256
[  563.666344][ T9597] Cannot find del_set index 0 as target
[  563.691606][ T9597] netlink: 'syz.4.1044': attribute type 2 has an invalid length.
[  563.763560][   T26] audit: type=1326 audit(690.931:505): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9570 comm="syz.2.1038" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4e3437dff9 code=0x7ffc0000
[  564.057314][ T9600] FAT-fs (loop3): error, fat_get_cluster: invalid start cluster (i_pos 196, start 00000001)
[  564.067974][ T9600] FAT-fs (loop3): Filesystem has been set read-only
[  564.075304][ T9600] FAT-fs (loop3): error, fat_get_cluster: invalid start cluster (i_pos 196, start 00000001)
[  564.085758][ T9600] FAT-fs (loop3): error, fat_get_cluster: invalid start cluster (i_pos 196, start 00000001)
[  564.167690][ T9600] netlink: 277 bytes leftover after parsing attributes in process `syz.3.1042'.
[  564.966676][ T9604] xt_addrtype: ipv6 PROHIBIT (THROW, NAT ..) matching not supported
[  565.789966][ T9613] netlink: 'syz.4.1046': attribute type 3 has an invalid length.
[  567.107901][ T9620] ebt_limit: overflow, try lower: 0/0
[  570.129809][   T14] usb 5-1: new full-speed USB device number 6 using dummy_hcd
[  571.116868][ T9653] usb usb8: usbfs: process 9653 (syz.1.1056) did not claim interface 0 before use
[  571.356832][   T14] usb 5-1: device descriptor read/all, error -71
[  571.731862][ T9662] xt_addrtype: ipv6 PROHIBIT (THROW, NAT ..) matching not supported
[  574.053912][ T9690] loop4: detected capacity change from 0 to 8
[  574.283872][ T9692] netlink: 'syz.0.1063': attribute type 3 has an invalid length.
[  575.654374][ T9699] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  575.672171][ T9697] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1069'.
[  576.248260][ T9705] loop0: detected capacity change from 0 to 512
[  577.217068][ T9710] 9pnet_fd: Insufficient options for proto=fd
[  581.787155][ T9705] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode
[  582.447555][ T9705] EXT4-fs: failed to create workqueue
[  582.452979][ T9705] EXT4-fs (loop0): mount failed
[  582.507138][ T3652] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1
[  582.519093][ T3652] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9
[  582.528393][ T3651] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9
[  582.549462][ T3652] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4
[  582.557522][ T3652] Bluetooth: hci5: unexpected cc 0x0c25 length: 249 > 3
[  582.564940][ T3652] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2
[  582.690080][ T9711] ip6gretap0 speed is unknown, defaulting to 1000
[  582.714724][ T9716] netlink: 20 bytes leftover after parsing attributes in process `syz.2.1074'.
[  582.784033][ T9716] netlink: 'syz.2.1074': attribute type 5 has an invalid length.
[  582.949261][ T9721] loop0: detected capacity change from 0 to 164
[  582.977849][ T9719] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1074'.
[  583.080308][ T9723] netlink: 'syz.4.1075': attribute type 3 has an invalid length.
[  583.088300][ T9723] netlink: 36 bytes leftover after parsing attributes in process `syz.4.1075'.
[  584.155427][ T9733] binder: 9732:9733 ioctl c018620c 20000600 returned -1
[  584.187236][ T3653] Bluetooth: hci6: unexpected cc 0x0c03 length: 249 > 1
[  584.200105][ T3653] Bluetooth: hci6: unexpected cc 0x1003 length: 249 > 9
[  584.208983][ T3653] Bluetooth: hci6: unexpected cc 0x1001 length: 249 > 9
[  584.218471][ T3653] Bluetooth: hci6: unexpected cc 0x0c23 length: 249 > 4
[  584.226082][ T3653] Bluetooth: hci6: unexpected cc 0x0c25 length: 249 > 3
[  584.234765][ T3653] Bluetooth: hci6: unexpected cc 0x0c38 length: 249 > 2
[  584.468167][ T9739] xt_CT: You must specify a L4 protocol and not use inversions on it
[  584.597209][ T3653] Bluetooth: hci5: command tx timeout
[  584.668701][ T9734] ip6gretap0 speed is unknown, defaulting to 1000
[  584.684085][ T9738] netlink: 25 bytes leftover after parsing attributes in process `syz.0.1078'.
[  584.897964][ T9745] netlink: 24 bytes leftover after parsing attributes in process `syz.2.1080'.
[  585.095463][ T9711] chnl_net:caif_netlink_parms(): no params data found
[  585.499409][ T9761] loop4: detected capacity change from 0 to 512
[  586.026820][ T9761] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: writeback.
[  586.334409][ T3653] Bluetooth: hci6: command tx timeout
[  586.676538][ T3653] Bluetooth: hci5: command tx timeout
[  588.094067][ T6830] EXT4-fs (loop4): unmounting filesystem.
[  588.202485][ T6615] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  588.284899][ T9772] loop0: detected capacity change from 0 to 1764
[  588.346881][ T3653] Bluetooth: hci6: command tx timeout
[  588.467183][ T9772] ISOFS: root inode is unusable. Disabling Rock Ridge and switching to Joliet.
[  588.512407][ T9778] loop4: detected capacity change from 0 to 128
[  588.529553][ T6615] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  588.571052][ T9778] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: none.
[  588.651263][ T9778] EXT4-fs (loop4): re-mounted. Quota mode: none.
[  588.753237][ T6615] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  588.787121][ T9711] bridge0: port 1(bridge_slave_0) entered blocking state
[  588.794362][ T9711] bridge0: port 1(bridge_slave_0) entered disabled state
[  588.815956][ T9711] device bridge_slave_0 entered promiscuous mode
[  588.897528][ T6830] EXT4-fs (loop4): unmounting filesystem.
[  588.918406][ T6615] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  589.098994][ T9790] loop4: detected capacity change from 0 to 1024
[  590.264294][ T3653] Bluetooth: hci5: command tx timeout
[  590.271357][ T9790] EXT4-fs (loop4): ext4_check_descriptors: Checksum for group 0 failed (7780!=20869)
[  590.289421][ T9793] ip6gretap0 speed is unknown, defaulting to 1000
[  590.363238][ T9711] bridge0: port 2(bridge_slave_1) entered blocking state
[  590.380832][ T9790] EXT4-fs (loop4): invalid journal inode
[  590.388653][ T9790] EXT4-fs (loop4): can't get journal size
[  590.396083][ T9711] bridge0: port 2(bridge_slave_1) entered disabled state
[  590.404781][ T9711] device bridge_slave_1 entered promiscuous mode
[  590.408407][ T9790] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: writeback.
[  590.427080][ T3653] Bluetooth: hci6: command tx timeout
[  590.560438][ T9790] sch_tbf: burst 0 is lower than device lo mtu (14) !
[  590.574366][ T9711] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  591.685065][ T9711] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  591.715269][ T9790] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1089'.
[  591.807682][ T6830] EXT4-fs (loop4): unmounting filesystem.
[  591.936128][ T9711] team0: Port device team_slave_0 added
[  591.948870][ T9734] chnl_net:caif_netlink_parms(): no params data found
[  592.068956][ T9711] team0: Port device team_slave_1 added
[  592.218551][ T9711] batman_adv: batadv0: Adding interface: batadv_slave_0
[  592.304397][ T9711] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  592.346627][ T3653] Bluetooth: hci5: command tx timeout
[  592.413953][ T9815] loop0: detected capacity change from 0 to 512
[  592.425846][ T9711] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  592.473326][ T9815] EXT4-fs error (device loop0): __ext4_fill_super:5399: inode #2: comm syz.0.1093: casefold flag without casefold feature
[  592.487314][ T9806] netlink: 24 bytes leftover after parsing attributes in process `syz.4.1092'.
[  592.506769][ T3653] Bluetooth: hci6: command tx timeout
[  592.591821][ T9815] EXT4-fs (loop0): get root inode failed
[  592.599376][ T9815] EXT4-fs (loop0): mount failed
[  593.128922][ T9711] batman_adv: batadv0: Adding interface: batadv_slave_1
[  593.136232][ T9711] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  593.183211][ T9711] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  594.248381][ T9734] bridge0: port 1(bridge_slave_0) entered blocking state
[  594.259835][ T9734] bridge0: port 1(bridge_slave_0) entered disabled state
[  594.338555][ T9734] device bridge_slave_0 entered promiscuous mode
[  594.446756][ T9734] bridge0: port 2(bridge_slave_1) entered blocking state
[  594.453889][ T9734] bridge0: port 2(bridge_slave_1) entered disabled state
[  594.512113][ T9849] loop4: detected capacity change from 0 to 1024
[  594.519743][ T9734] device bridge_slave_1 entered promiscuous mode
[  594.540615][ T9711] device hsr_slave_0 entered promiscuous mode
[  594.574743][ T9711] device hsr_slave_1 entered promiscuous mode
[  594.578308][ T9855] loop0: detected capacity change from 0 to 128
[  594.584234][ T9849] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: writeback.
[  594.609378][ T9711] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  594.621469][ T9849] EXT4-fs warning (device loop4): empty_inline_dir:1851: bad inline directory (dir #12) - no `..'
[  594.626292][ T9711] Cannot create hsr debugfs directory
[  594.656646][ T9855] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: none.
[  594.748882][ T9855] EXT4-fs (loop0): re-mounted. Quota mode: none.
[  594.838023][ T6830] EXT4-fs (loop4): unmounting filesystem.
[  594.875706][ T9863] input: syz0 as /devices/virtual/input/input15
[  594.937802][ T9734] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  595.036175][ T5590] EXT4-fs (loop0): unmounting filesystem.
[  595.115111][ T9869] loop4: detected capacity change from 0 to 128
[  595.208568][ T9869] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: none.
[  595.243078][ T9734] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  595.299332][ T9872] loop0: detected capacity change from 0 to 1024
[  595.306831][ T9872] hfsplus: unable to parse mount options
[  595.340205][ T9163] I/O error, dev loop0, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2
[  596.268486][ T9734] team0: Port device team_slave_0 added
[  596.392356][   T26] kauditd_printk_skb: 22 callbacks suppressed
[  596.392370][   T26] audit: type=1326 audit(725.361:528): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9865 comm="syz.4.1100" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f8ed4b7dff9 code=0x0
[  596.474205][ T9734] team0: Port device team_slave_1 added
[  596.481913][ T9880] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1102'.
[  596.607880][ T9734] batman_adv: batadv0: Adding interface: batadv_slave_0
[  596.614894][ T9734] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  596.659213][ T9884] loop0: detected capacity change from 0 to 128
[  596.677546][ T9884] FAT-fs (loop0): Invalid FSINFO signature: 0x41615252, 0x614101ff (sector = 1)
[  596.686746][ T9734] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  596.722524][ T9882] netlink: 12 bytes leftover after parsing attributes in process `syz.2.1102'.
[  596.785542][ T9734] batman_adv: batadv0: Adding interface: batadv_slave_1
[  596.792822][ T9734] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  596.823211][ T9734] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  597.372891][ T9734] device hsr_slave_0 entered promiscuous mode
[  597.434961][ T9734] device hsr_slave_1 entered promiscuous mode
[  597.464148][ T6830] EXT4-fs (loop4): unmounting filesystem.
[  597.495368][ T9734] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  597.513500][ T9734] Cannot create hsr debugfs directory
[  597.665008][ T9906] x_tables: ip6_tables: TPROXY target: used from hooks FORWARD, but only usable from PREROUTING
[  598.070330][ T9711] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  598.167153][ T9917] loop0: detected capacity change from 0 to 64
[  598.966292][ T9711] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  599.051022][ T9927] 9pnet_virtio: no channels available for device syz
[  599.171418][ T9711] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  599.172296][ T9930] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration
[  599.410995][ T6615] device hsr_slave_0 left promiscuous mode
[  599.417629][ T6615] device hsr_slave_1 left promiscuous mode
[  599.521662][ T9939] loop4: detected capacity change from 0 to 512
[  599.530642][ T9939] EXT4-fs: Invalid gid value -1
[  599.638108][ T6615] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  599.691098][ T6615] batman_adv: batadv0: Removing interface: batadv_slave_0
[  599.918290][ T6615] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  600.031262][ T6615] batman_adv: batadv0: Removing interface: batadv_slave_1
[  600.057781][ T6615] device team0 left promiscuous mode
[  600.063460][ T6615] device team_slave_0 left promiscuous mode
[  600.072127][ T6615] device team_slave_1 left promiscuous mode
[  600.074322][ T8968] I/O error, dev loop4, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2
[  600.085032][ T6615] bridge0: port 3(team0) entered disabled state
[  600.108667][ T6615] device bridge_slave_1 left promiscuous mode
[  600.117214][ T6615] bridge0: port 2(bridge_slave_1) entered disabled state
[  600.147048][ T6615] device bridge_slave_0 left promiscuous mode
[  600.154436][ T6615] bridge0: port 1(bridge_slave_0) entered disabled state
[  600.326816][ T6615] device veth1_macvtap left promiscuous mode
[  600.332980][ T6615] device veth0_macvtap left promiscuous mode
[  600.347983][ T6615] device veth1_vlan left promiscuous mode
[  600.353846][ T6615] device veth0_vlan left promiscuous mode
[  600.702423][ T9951] loop4: detected capacity change from 0 to 136
[  600.769429][ T9951] usb usb9: Requested nonsensical USBDEVFS_URB_ZERO_PACKET.
[  601.354981][ T6615] infiniband syz0: set down
[  601.362755][ T9953] loop4: detected capacity change from 0 to 4096
[  601.435282][ T9953] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: writeback.
[  601.531684][ T9953] EXT4-fs error (device loop4): ext4_get_first_dir_block:3601: inode #12: block 80: comm syz.4.1116: bad entry in directory: rec_len is smaller than minimal - offset=12, inode=6, rec_len=0, size=4096 fake=0
[  601.596055][ T9953] EXT4-fs error (device loop4): ext4_get_first_dir_block:3603: inode #12: comm syz.4.1116: directory missing '..'
[  601.794511][ T6830] EXT4-fs error (device loop4): ext4_readdir:260: inode #12: block 80: comm syz-executor: path /134/file1/file0: bad entry in directory: rec_len is smaller than minimal - offset=12, inode=6, rec_len=0, size=4096 fake=0
[  601.834990][ T6830] EXT4-fs error (device loop4): ext4_empty_dir:3152: inode #12: block 80: comm syz-executor: bad entry in directory: rec_len is smaller than minimal - offset=12, inode=6, rec_len=0, size=4096 fake=0
[  601.859275][ T6830] EXT4-fs warning (device loop4): ext4_empty_dir:3154: inode #12: comm syz-executor: directory missing '..'
[  601.871662][ T6830] EXT4-fs error (device loop4): ext4_readdir:260: inode #12: block 80: comm syz-executor: path /134/file1/file0: bad entry in directory: rec_len is smaller than minimal - offset=12, inode=6, rec_len=0, size=4096 fake=0
[  601.929131][ T6830] EXT4-fs error (device loop4): ext4_empty_dir:3152: inode #12: block 80: comm syz-executor: bad entry in directory: rec_len is smaller than minimal - offset=12, inode=6, rec_len=0, size=4096 fake=0
[  601.950710][ T6830] EXT4-fs warning (device loop4): ext4_empty_dir:3154: inode #12: comm syz-executor: directory missing '..'
[  601.963408][ T6830] EXT4-fs error (device loop4): ext4_readdir:260: inode #12: block 80: comm syz-executor: path /134/file1/file0: bad entry in directory: rec_len is smaller than minimal - offset=12, inode=6, rec_len=0, size=4096 fake=0
[  601.988478][ T6830] EXT4-fs error (device loop4): ext4_empty_dir:3152: inode #12: block 80: comm syz-executor: bad entry in directory: rec_len is smaller than minimal - offset=12, inode=6, rec_len=0, size=4096 fake=0
[  602.016092][ T6830] EXT4-fs warning (device loop4): ext4_empty_dir:3154: inode #12: comm syz-executor: directory missing '..'
[  602.045303][ T6830] EXT4-fs error (device loop4): ext4_readdir:260: inode #12: block 80: comm syz-executor: path /134/file1/file0: bad entry in directory: rec_len is smaller than minimal - offset=12, inode=6, rec_len=0, size=4096 fake=0
[  602.101555][ T6830] EXT4-fs error (device loop4): ext4_empty_dir:3152: inode #12: block 80: comm syz-executor: bad entry in directory: rec_len is smaller than minimal - offset=12, inode=6, rec_len=0, size=4096 fake=0
[  602.135822][ T6830] EXT4-fs warning (device loop4): ext4_empty_dir:3154: inode #12: comm syz-executor: directory missing '..'
[  602.151195][ T6830] EXT4-fs warning (device loop4): ext4_empty_dir:3154: inode #12: comm syz-executor: directory missing '..'
[  602.165364][ T6830] EXT4-fs warning (device loop4): ext4_empty_dir:3154: inode #12: comm syz-executor: directory missing '..'
[  602.178651][ T6830] EXT4-fs warning (device loop4): ext4_empty_dir:3154: inode #12: comm syz-executor: directory missing '..'
[  602.182294][ T9967] loop0: detected capacity change from 0 to 2048
[  602.191997][ T6830] EXT4-fs warning (device loop4): ext4_empty_dir:3154: inode #12: comm syz-executor: directory missing '..'
[  602.210172][ T9967] UDF-fs: bad mount option "lastMlock=0000000000000" or missing value
[  602.225265][ T6830] EXT4-fs warning (device loop4): ext4_empty_dir:3154: inode #12: comm syz-executor: directory missing '..'
[  602.276277][ T6830] EXT4-fs warning (device loop4): ext4_empty_dir:3154: inode #12: comm syz-executor: directory missing '..'
[  602.577407][ T9969] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration
[  603.350389][ T9971] loop0: detected capacity change from 0 to 256
[  603.375065][ T9013] EXT4-fs (loop4): unmounting filesystem.
[  603.401968][ T9971] exFAT-fs (loop0): failed to load upcase table (idx : 0x0000fd4f, chksum : 0x3963664b, utbl_chksum : 0xe619d30d)
[  603.609778][ T9973] x_tables: ip6_tables: TPROXY target: used from hooks FORWARD, but only usable from PREROUTING
[  603.614889][ T6615] team0 (unregistering): Port device team_slave_1 removed
[  603.717599][ T6615] team0 (unregistering): Port device team_slave_0 removed
[  603.791871][ T6615] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  603.844983][ T6615] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  603.873394][ T3929] smc: removing ib device syz0
[  604.484169][ T6615] bond0 (unregistering): Released all slaves
[  604.596999][ T9711] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  605.402979][ T9984] xt_addrtype: ipv6 PROHIBIT (THROW, NAT ..) matching not supported
[  606.028215][ T9711] netdevsim netdevsim3 netdevsim0: renamed from eth0
[  606.178955][ T9711] netdevsim netdevsim3 netdevsim1: renamed from eth1
[  606.207417][ T9711] netdevsim netdevsim3 netdevsim2: renamed from eth2
[  606.238815][ T9711] netdevsim netdevsim3 netdevsim3: renamed from eth3
[  606.407647][ T9995] loop0: detected capacity change from 0 to 512
[  606.561687][ T9995] EXT4-fs (loop0): 1 orphan inode deleted
[  606.606689][ T9995] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: writeback.
[  606.617264][ T3732] Quota error (device loop0): do_check_range: Getting dqdh_entries 15 out of range 0-14
[  606.628289][ T3732] EXT4-fs error (device loop0): ext4_release_dquot:6823: comm kworker/u4:7: Failed to release dquot type 1
[  607.648435][ T5590] EXT4-fs (loop0): unmounting filesystem.
[  607.675983][ T9711] 8021q: adding VLAN 0 to HW filter on device bond0
[  607.693530][ T9711] 8021q: adding VLAN 0 to HW filter on device team0
[  607.702111][ T6592] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[  607.722184][ T6592] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[  607.767009][ T6592] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[  607.806771][ T6592] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[  607.885639][ T6592] bridge0: port 1(bridge_slave_0) entered blocking state
[  607.892835][ T6592] bridge0: port 1(bridge_slave_0) entered forwarding state
[  608.013668][T10012] "syz.2.1126" (10012) uses obsolete ecb(arc4) skcipher
[  608.390012][ T3652] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1
[  608.412318][ T3652] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9
[  608.425879][ T3652] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9
[  608.441876][ T3652] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4
[  608.454060][ T3652] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3
[  608.466173][ T3652] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2
[  608.607941][ T6592] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[  608.627019][ T6592] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[  608.646653][ T6592] bridge0: port 2(bridge_slave_1) entered blocking state
[  608.653901][ T6592] bridge0: port 2(bridge_slave_1) entered forwarding state
[  608.769006][ T9711] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network
[  608.779430][ T9711] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[  609.004283][T10021] loop0: detected capacity change from 0 to 1024
[  609.024806][T10021] hfsplus: invalid attributes max_key_len 0
[  609.031624][T10021] hfsplus: failed to load attributes file
[  611.242977][ T3652] Bluetooth: hci1: command tx timeout
[  611.414020][ T6592] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[  611.429916][ T6592] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[  611.471248][ T6592] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[  611.481683][ T6592] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[  611.495780][ T6592] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[  611.505099][ T6592] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[  611.515888][ T6592] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[  611.534649][ T6592] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[  611.545112][ T6592] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[  611.554597][ T6592] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[  611.563384][ T6592] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[  611.576109][ T6592] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[  611.594581][ T6592] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[  611.610563][T10019] ip6gretap0 speed is unknown, defaulting to 1000
[  611.719067][T10010] ip6gretap0 speed is unknown, defaulting to 1000
[  611.737076][   T14] usb 3-1: new high-speed USB device number 7 using dummy_hcd
[  611.859673][ T3929] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready
[  611.867698][ T3929] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready
[  611.906751][ T9711] 8021q: adding VLAN 0 to HW filter on device batadv0
[  611.976724][   T14] usb 3-1: Using ep0 maxpacket: 8
[  612.011616][ T6592] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready
[  612.026130][ T6592] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[  612.055630][ T9734] netdevsim netdevsim1 netdevsim0: renamed from eth0
[  612.081387][ T9734] netdevsim netdevsim1 netdevsim1: renamed from eth1
[  612.095668][T10010] chnl_net:caif_netlink_parms(): no params data found
[  612.096909][   T14] usb 3-1: config index 0 descriptor too short (expected 6427, got 27)
[  612.110709][ T9711] device veth0_vlan entered promiscuous mode
[  612.119076][ T9734] netdevsim netdevsim1 netdevsim2: renamed from eth2
[  612.129313][ T3929] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready
[  612.138115][   T14] usb 3-1: config 0 has an invalid interface number: 21 but max is 0
[  612.138593][ T3929] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[  612.146376][   T14] usb 3-1: config 0 has no interface number 0
[  612.196635][   T14] usb 3-1: config 0 interface 21 altsetting 0 endpoint 0x7 has an invalid bInterval 0, changing to 7
[  612.209780][   T14] usb 3-1: config 0 interface 21 altsetting 0 endpoint 0x7 has invalid wMaxPacketSize 0
[  612.220917][   T14] usb 3-1: New USB device found, idVendor=06cd, idProduct=0202, bcdDevice=92.d4
[  612.224944][ T9711] device veth1_vlan entered promiscuous mode
[  612.230751][   T14] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  612.304151][ T9734] netdevsim netdevsim1 netdevsim3: renamed from eth3
[  612.320444][   T14] usb 3-1: config 0 descriptor??
[  612.338356][ T3929] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[  612.356267][ T3929] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[  612.365525][ T3929] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready
[  612.499555][ T6595] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready
[  612.544616][T10010] bridge0: port 1(bridge_slave_0) entered blocking state
[  612.555967][T10010] bridge0: port 1(bridge_slave_0) entered disabled state
[  612.579538][  T155] usb 3-1: USB disconnect, device number 7
[  612.591250][T10010] device bridge_slave_0 entered promiscuous mode
[  612.608632][T10010] bridge0: port 2(bridge_slave_1) entered blocking state
[  612.615737][T10010] bridge0: port 2(bridge_slave_1) entered disabled state
[  612.667751][T10010] device bridge_slave_1 entered promiscuous mode
[  612.696723][ T6595] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready
[  612.708155][ T6595] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[  612.799526][ T9711] device veth0_macvtap entered promiscuous mode
[  612.816769][ T9711] device veth1_macvtap entered promiscuous mode
[  612.873039][T10010] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  613.025234][ T6615] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  613.060141][T10010] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  613.079582][ T9711] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  613.132247][ T9711] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  613.165861][ T9711] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  613.196566][ T9711] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  613.206746][ T9711] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  613.219086][ T9711] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  613.240946][ T9711] batman_adv: batadv0: Interface activated: batadv_slave_0
[  613.271733][ T9711] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  613.292230][ T9711] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  613.307010][ T3652] Bluetooth: hci1: command tx timeout
[  613.521020][ T9711] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  613.991762][T10064] xt_addrtype: ipv6 PROHIBIT (THROW, NAT ..) matching not supported
[  614.575462][ T9711] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  614.595902][ T9711] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  614.620398][ T9711] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  614.636209][ T9711] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  614.656604][ T9711] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  614.732572][ T9711] batman_adv: batadv0: Interface activated: batadv_slave_1
[  614.883979][ T9734] 8021q: adding VLAN 0 to HW filter on device bond0
[  614.934290][ T3929] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready
[  614.951402][ T3929] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready
[  615.009779][ T3929] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready
[  615.037429][ T3929] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[  615.067108][ T3929] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
[  615.088231][ T3929] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[  615.134079][ T9711] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  615.143439][ T9711] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  615.152628][ T9711] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  615.171553][ T9711] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  615.713252][T10010] team0: Port device team_slave_0 added
[  615.854777][T10010] team0: Port device team_slave_1 added
[  615.959439][ T6615] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  616.147496][ T6615] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  616.175533][ T3749] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[  616.200940][T10079] binder: 10069:10079 ioctl c0306201 0 returned -14
[  616.215534][ T3749] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[  616.283422][T10010] batman_adv: batadv0: Adding interface: batadv_slave_0
[  616.294310][T10010] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  616.330947][T10010] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  616.355483][T10073] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1135'.
[  616.390859][ T9734] 8021q: adding VLAN 0 to HW filter on device team0
[  616.448632][ T6615] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  616.491265][T10010] batman_adv: batadv0: Adding interface: batadv_slave_1
[  616.513009][T10010] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  616.584413][T10010] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  616.666672][ T3653] Bluetooth: hci1: command tx timeout
[  616.851906][  T102] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[  616.980976][  T102] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[  617.005977][  T102] bridge0: port 1(bridge_slave_0) entered blocking state
[  617.013123][  T102] bridge0: port 1(bridge_slave_0) entered forwarding state
[  617.144486][T10104] xt_addrtype: ipv6 PROHIBIT (THROW, NAT ..) matching not supported
[  617.748408][  T102] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[  617.782031][  T102] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[  617.806699][  T102] bridge0: port 2(bridge_slave_1) entered blocking state
[  617.813815][  T102] bridge0: port 2(bridge_slave_1) entered forwarding state
[  617.902006][T10010] device hsr_slave_0 entered promiscuous mode
[  617.925586][T10010] device hsr_slave_1 entered promiscuous mode
[  617.945042][T10010] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  617.975206][T10010] Cannot create hsr debugfs directory
[  618.028852][  T102] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[  618.037494][ T6592] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  618.055771][ T6592] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  618.081873][  T102] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[  618.117137][  T102] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[  618.148121][  T102] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready
[  618.177415][  T102] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[  618.210385][  T102] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[  618.408044][T10122] netlink: 44 bytes leftover after parsing attributes in process `syz.2.1146'.
[  618.620808][  T102] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[  618.660966][  T102] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[  618.764635][  T102] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[  618.772968][ T3653] Bluetooth: hci1: command tx timeout
[  619.016597][ T6606] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[  619.027678][ T6606] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[  619.036285][ T6606] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[  619.045720][ T6606] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[  619.192475][ T3929] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  619.203378][ T3929] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  619.251639][ T6592] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready
[  620.517423][ T6615] tipc: Left network mode
[  620.637525][ T6615] tipc: Left network mode
[  620.754145][    C1] sd 0:0:1:0: [sda] tag#123 FAILED Result: hostbyte=DID_ERROR driverbyte=DRIVER_OK cmd_age=0s
[  620.764710][    C1] sd 0:0:1:0: [sda] tag#123 CDB: Read(6) 08 00 00 00 00 00 00 00 8b 00 00 01
[  621.567372][T10169] xt_addrtype: ipv6 PROHIBIT (THROW, NAT ..) matching not supported
[  622.571940][ T3757] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready
[  622.617156][ T3757] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready
[  622.640538][ T9734] 8021q: adding VLAN 0 to HW filter on device batadv0
[  623.582389][T10187] loop3: detected capacity change from 0 to 2048
[  623.698516][T10187]  loop3: p3 < > p4 < >
[  623.702862][T10187] loop3: partition table partially beyond EOD, truncated
[  623.734959][T10187] loop3: p3 start 4284289 is beyond EOD, truncated
[  623.818240][ T3092]  loop3: p3 < > p4 < >
[  623.822464][ T3092] loop3: partition table partially beyond EOD, truncated
[  623.836159][ T3092] loop3: p3 start 4284289 is beyond EOD, truncated
[  623.916614][T10195] netlink: 'syz.0.1156': attribute type 3 has an invalid length.
[  624.130996][  T153] ip6gretap0 speed is unknown, defaulting to 1000
[  624.193351][  T153] ==================================================================
[  624.201452][  T153] BUG: KASAN: use-after-free in siw_query_port+0x342/0x430
[  624.208667][  T153] Read of size 4 at addr ffff88807b9e80e0 by task kworker/1:2/153
[  624.216557][  T153] 
[  624.218895][  T153] CPU: 1 PID: 153 Comm: kworker/1:2 Not tainted 6.1.112-syzkaller #0
[  624.226959][  T153] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
[  624.237017][  T153] Workqueue: infiniband ib_cache_event_task
[  624.242931][  T153] Call Trace:
[  624.246212][  T153]  <TASK>
[  624.249177][  T153]  dump_stack_lvl+0x1e3/0x2cb
[  624.253874][  T153]  ? nf_tcp_handle_invalid+0x642/0x642
[  624.259341][  T153]  ? panic+0x764/0x764
[  624.263496][  T153]  ? _printk+0xd1/0x111
[  624.267739][  T153]  ? __virt_addr_valid+0x17f/0x530
[  624.272965][  T153]  ? __virt_addr_valid+0x17f/0x530
[  624.278100][  T153]  print_report+0x15f/0x4f0
[  624.282613][  T153]  ? __virt_addr_valid+0x17f/0x530
[  624.287739][  T153]  ? __virt_addr_valid+0x17f/0x530
[  624.292859][  T153]  ? __virt_addr_valid+0x45b/0x530
[  624.297981][  T153]  ? __phys_addr+0xb6/0x170
[  624.302488][  T153]  ? siw_query_port+0x342/0x430
[  624.307350][  T153]  kasan_report+0x136/0x160
[  624.311862][  T153]  ? siw_query_port+0x342/0x430
[  624.316814][  T153]  siw_query_port+0x342/0x430
[  624.321490][  T153]  ? ib_query_port+0x344/0x7c0
[  624.326254][  T153]  ib_cache_update+0x1a8/0xaf0
[  624.331032][  T153]  ? ib_cache_setup_one+0x5a0/0x5a0
[  624.336238][  T153]  ? read_lock_is_recursive+0x10/0x10
[  624.336907][ T1271] ieee802154 phy0 wpan0: encryption failed: -22
[  624.341603][  T153]  ? lockdep_hardirqs_on_prepare+0x438/0x7a0
[  624.341631][  T153]  ? print_irqtrace_events+0x210/0x210
[  624.353344][ T1271] ieee802154 phy1 wpan1: encryption failed: -22
[  624.353805][  T153]  ? _raw_spin_unlock_irqrestore+0xd9/0x130
[  624.371461][  T153]  ib_cache_event_task+0xef/0x1e0
[  624.376513][  T153]  ? process_one_work+0x7a9/0x11d0
[  624.381639][  T153]  process_one_work+0x8a9/0x11d0
[  624.386601][  T153]  ? worker_detach_from_pool+0x260/0x260
[  624.392508][  T153]  ? _raw_spin_lock_irqsave+0x120/0x120
[  624.398257][  T153]  ? kthread_data+0x4e/0xc0
[  624.402773][  T153]  ? wq_worker_running+0x97/0x190
[  624.407804][  T153]  worker_thread+0xa47/0x1200
[  624.412493][  T153]  ? _raw_spin_unlock+0x40/0x40
[  624.417364][  T153]  kthread+0x28d/0x320
[  624.421439][  T153]  ? worker_clr_flags+0x190/0x190
[  624.426469][  T153]  ? kthread_blkcg+0xd0/0xd0
[  624.431069][  T153]  ret_from_fork+0x1f/0x30
[  624.435507][  T153]  </TASK>
[  624.438532][  T153] 
[  624.440860][  T153] Allocated by task 6830:
[  624.445190][  T153]  kasan_set_track+0x4b/0x70
[  624.449792][  T153]  __kasan_kmalloc+0x97/0xb0
[  624.454397][  T153]  __kmalloc_node+0xb3/0x230
[  624.458989][  T153]  kvmalloc_node+0x6e/0x180
[  624.463493][  T153]  alloc_netdev_mqs+0x85/0xeb0
[  624.468266][  T153]  rtnl_create_link+0x2e9/0xa30
[  624.473133][  T153]  rtnl_newlink+0x1403/0x2050
[  624.477920][  T153]  rtnetlink_rcv_msg+0x818/0xff0
[  624.482860][  T153]  netlink_rcv_skb+0x1cd/0x410
[  624.487634][  T153]  netlink_unicast+0x7d8/0x970
[  624.492412][  T153]  netlink_sendmsg+0xa26/0xd60
[  624.497179][  T153]  __sys_sendto+0x480/0x600
[  624.501689][  T153]  __x64_sys_sendto+0xda/0xf0
[  624.506375][  T153]  do_syscall_64+0x3b/0xb0
[  624.510803][  T153]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[  624.516884][  T153] 
[  624.519289][  T153] Freed by task 6615:
[  624.523267][  T153]  kasan_set_track+0x4b/0x70
[  624.527872][  T153]  kasan_save_free_info+0x27/0x40
[  624.532991][  T153]  ____kasan_slab_free+0xd6/0x120
[  624.538024][  T153]  __kmem_cache_free+0x25c/0x3c0
[  624.543095][  T153]  device_release+0x91/0x1c0
[  624.547696][  T153]  kobject_put+0x224/0x460
[  624.552120][  T153]  netdev_run_todo+0xe56/0xf40
[  624.556980][  T153]  ip6gre_exit_batch_net+0x41a/0x460
[  624.562271][  T153]  cleanup_net+0x763/0xb60
[  624.566699][  T153]  process_one_work+0x8a9/0x11d0
[  624.571643][  T153]  worker_thread+0xa47/0x1200
[  624.576327][  T153]  kthread+0x28d/0x320
[  624.580404][  T153]  ret_from_fork+0x1f/0x30
[  624.584827][  T153] 
[  624.587149][  T153] The buggy address belongs to the object at ffff88807b9e8000
[  624.587149][  T153]  which belongs to the cache kmalloc-cg-4k of size 4096
[  624.601472][  T153] The buggy address is located 224 bytes inside of
[  624.601472][  T153]  4096-byte region [ffff88807b9e8000, ffff88807b9e9000)
[  624.614840][  T153] 
[  624.617168][  T153] The buggy address belongs to the physical page:
[  624.623585][  T153] page:ffffea0001ee7a00 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x7b9e8
[  624.633743][  T153] head:ffffea0001ee7a00 order:3 compound_mapcount:0 compound_pincount:0
[  624.642163][  T153] memcg:ffff888079c3f001
[  624.646404][  T153] flags: 0xfff00000010200(slab|head|node=0|zone=1|lastcpupid=0x7ff)
[  624.654408][  T153] raw: 00fff00000010200 dead000000000100 dead000000000122 ffff888017c4c280
[  624.663010][  T153] raw: 0000000000000000 0000000000040004 00000001ffffffff ffff888079c3f001
[  624.671873][  T153] page dumped because: kasan: bad access detected
[  624.678311][  T153] page_owner tracks the page as allocated
[  624.684025][  T153] page last allocated via order 3, migratetype Unmovable, gfp_mask 0xd20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 3636, tgid 3636 (syz-executor), ts 53066170030, free_ts 53062675216
[  624.705397][  T153]  post_alloc_hook+0x18d/0x1b0
[  624.710178][  T153]  get_page_from_freelist+0x322e/0x33b0
[  624.715737][  T153]  __alloc_pages+0x28d/0x770
[  624.720336][  T153]  alloc_slab_page+0x6a/0x150
[  624.725027][  T153]  new_slab+0x84/0x2d0
[  624.729105][  T153]  ___slab_alloc+0xc20/0x1270
[  624.733797][  T153]  __kmem_cache_alloc_node+0x19f/0x260
[  624.739272][  T153]  kmalloc_trace+0x26/0xe0
[  624.743703][  T153]  ipv6_add_dev+0x5a7/0x1180
[  624.748307][  T153]  addrconf_notify+0x7a6/0xf60
[  624.753092][  T153]  raw_notifier_call_chain+0xd0/0x170
[  624.758486][  T153]  call_netdevice_notifiers+0x145/0x1b0
[  624.764052][  T153]  register_netdevice+0x12f2/0x1720
[  624.769272][  T153]  xfrmi_newlink+0x576/0x7c0
[  624.773885][  T153]  rtnl_newlink+0x14e3/0x2050
[  624.778581][  T153]  rtnetlink_rcv_msg+0x818/0xff0
[  624.783529][  T153] page last free stack trace:
[  624.788201][  T153]  free_unref_page_prepare+0xf63/0x1120
[  624.793839][  T153]  free_unref_page+0x33/0x3e0
[  624.798543][  T153]  __unfreeze_partials+0x1b7/0x210
[  624.803656][  T153]  put_cpu_partial+0x17b/0x250
[  624.808501][  T153]  qlist_free_all+0x76/0xe0
[  624.813020][  T153]  kasan_quarantine_reduce+0x156/0x170
[  624.818490][  T153]  __kasan_slab_alloc+0x1f/0x70
[  624.823357][  T153]  slab_post_alloc_hook+0x52/0x3a0
[  624.828470][  T153]  __kmem_cache_alloc_node+0x137/0x260
[  624.833927][  T153]  kmalloc_trace+0x26/0xe0
[  624.838342][  T153]  kobject_uevent_env+0x281/0x8c0
[  624.843392][  T153]  __kobject_del+0xd3/0x310
[  624.847973][  T153]  kobject_put+0x238/0x460
[  624.852386][  T153]  net_rx_queue_update_kobjects+0x44a/0x4c0
[  624.858276][  T153]  netif_set_real_num_rx_queues+0xfc/0x1e0
[  624.864089][  T153]  veth_newlink+0x9d6/0xc70
[  624.868589][  T153] 
[  624.870918][  T153] Memory state around the buggy address:
[  624.876544][  T153]  ffff88807b9e7f80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[  624.884693][  T153]  ffff88807b9e8000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  624.892743][  T153] >ffff88807b9e8080: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  624.900798][  T153]                                                        ^
[  624.908013][  T153]  ffff88807b9e8100: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  624.916088][  T153]  ffff88807b9e8180: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  624.924249][  T153] ==================================================================
[  624.932454][    C1] vkms_vblank_simulate: vblank timer overrun
[  624.948835][  T153] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[  624.956063][  T153] CPU: 1 PID: 153 Comm: kworker/1:2 Not tainted 6.1.112-syzkaller #0
[  624.964139][  T153] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
[  624.974198][  T153] Workqueue: infiniband ib_cache_event_task
[  624.980109][  T153] Call Trace:
[  624.983390][  T153]  <TASK>
[  624.986666][  T153]  dump_stack_lvl+0x1e3/0x2cb
[  624.991355][  T153]  ? nf_tcp_handle_invalid+0x642/0x642
[  624.996915][  T153]  ? panic+0x764/0x764
[  625.000982][  T153]  ? preempt_schedule_common+0xa6/0xd0
[  625.006439][  T153]  ? vscnprintf+0x59/0x80
[  625.010768][  T153]  panic+0x318/0x764
[  625.014666][  T153]  ? check_panic_on_warn+0x1d/0xa0
[  625.019780][  T153]  ? memcpy_page_flushcache+0xfc/0xfc
[  625.025159][  T153]  ? _raw_spin_unlock_irqrestore+0x128/0x130
[  625.031667][  T153]  ? _raw_spin_unlock+0x40/0x40
[  625.036510][  T153]  ? print_report+0x4a3/0x4f0
[  625.041175][  T153]  check_panic_on_warn+0x7e/0xa0
[  625.046098][  T153]  ? siw_query_port+0x342/0x430
[  625.051287][  T153]  end_report+0x66/0x110
[  625.055530][  T153]  kasan_report+0x143/0x160
[  625.060046][  T153]  ? siw_query_port+0x342/0x430
[  625.064951][  T153]  siw_query_port+0x342/0x430
[  625.069625][  T153]  ? ib_query_port+0x344/0x7c0
[  625.074384][  T153]  ib_cache_update+0x1a8/0xaf0
[  625.079141][  T153]  ? ib_cache_setup_one+0x5a0/0x5a0
[  625.084333][  T153]  ? read_lock_is_recursive+0x10/0x10
[  625.089781][  T153]  ? lockdep_hardirqs_on_prepare+0x438/0x7a0
[  625.095758][  T153]  ? print_irqtrace_events+0x210/0x210
[  625.101212][  T153]  ? _raw_spin_unlock_irqrestore+0xd9/0x130
[  625.107123][  T153]  ib_cache_event_task+0xef/0x1e0
[  625.112145][  T153]  ? process_one_work+0x7a9/0x11d0
[  625.117331][  T153]  process_one_work+0x8a9/0x11d0
[  625.122263][  T153]  ? worker_detach_from_pool+0x260/0x260
[  625.127885][  T153]  ? _raw_spin_lock_irqsave+0x120/0x120
[  625.133426][  T153]  ? kthread_data+0x4e/0xc0
[  625.137947][  T153]  ? wq_worker_running+0x97/0x190
[  625.142956][  T153]  worker_thread+0xa47/0x1200
[  625.147624][  T153]  ? _raw_spin_unlock+0x40/0x40
[  625.152552][  T153]  kthread+0x28d/0x320
[  625.156604][  T153]  ? worker_clr_flags+0x190/0x190
[  625.161871][  T153]  ? kthread_blkcg+0xd0/0xd0
[  625.166444][  T153]  ret_from_fork+0x1f/0x30
[  625.170970][  T153]  </TASK>
[  625.174202][  T153] Kernel Offset: disabled
[  625.178548][  T153] Rebooting in 86400 seconds..