last executing test programs:

3m8.663260865s ago: executing program 3 (id=70):
r0 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f00000000c0)={0x1, &(0x7f0000000080)=[{0x6, 0x1, 0x0, 0x7fff0000}]})
r1 = fanotify_init(0x200, 0x0)
fanotify_mark(r1, 0x1, 0x1033, r0, 0x0)
sendfile(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000040)=0x3, 0xac5)
syz_clone3(&(0x7f0000000900)={0x23800000, &(0x7f0000000040)=<r2=>0xffffffffffffffff, 0x0, 0x0, {0x27}, 0x0, 0x0, 0x0, 0x0}, 0x58)
io_setup(0x8, &(0x7f0000000600)=<r3=>0x0)
io_submit(r3, 0x1, &(0x7f0000001300)=[&(0x7f00000000c0)={0x0, 0x0, 0x0, 0x5, 0x6, r2, 0x0}])
mknod(&(0x7f0000000040)='./file0\x00', 0x8001420, 0x1)
mmap(&(0x7f00005fe000/0x2000)=nil, 0x2000, 0x3000009, 0x28011, 0xffffffffffffffff, 0x0)
prctl$PR_SET_MM_MAP(0x23, 0xe, &(0x7f0000000080)={&(0x7f0000ff0000/0x1000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ff8000/0x4000)=nil, &(0x7f0000ff8000/0x3000)=nil, &(0x7f0000ffb000/0x3000)=nil, &(0x7f000068c000/0xc000)=nil, &(0x7f0000817000/0x1000)=nil, &(0x7f0000ffa000/0x1000)=nil, &(0x7f0000ffa000/0x2000)=nil, 0x0}, 0x68)
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, 0x0}, 0x0)
r4 = io_uring_setup(0x185d, &(0x7f0000000040)={0x0, 0xc8a1, 0xc000, 0x1, 0x800000c1})
bpf$PROG_LOAD(0x5, &(0x7f0000000000)={0x12, 0x3, 0x0, &(0x7f0000000240)='syzkaller\x00', 0x80000000, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$MAP_CREATE(0x0, &(0x7f0000000000)=ANY=[@ANYBLOB="16"], 0x50)
io_uring_enter(r4, 0x2219, 0x7721, 0x16, 0x0, 0x0)
r5 = openat(0xffffffffffffff9c, &(0x7f000000c380)='./file0\x00', 0x20842, 0x0)
writev(r5, &(0x7f0000000000)=[{&(0x7f0000000cc0)="e1", 0x5603d}], 0x1)
r6 = open$dir(&(0x7f0000000100)='./file0\x00', 0x0, 0x0)
r7 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000580)={0x1, &(0x7f0000000140)=[{0x6, 0x0, 0x0, 0x7fff0000}]})
tee(r6, r7, 0x1, 0x0)

3m7.29026s ago: executing program 3 (id=75):
sendmsg$NL80211_CMD_NEW_KEY(0xffffffffffffffff, &(0x7f0000000440)={&(0x7f0000000140)={0x10, 0x0, 0x0, 0x80000000}, 0xc, 0x0, 0x1, 0x0, 0x0, 0x4000010}, 0x20000001)
syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff)
sendmsg$NL80211_CMD_TRIGGER_SCAN(0xffffffffffffffff, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000000)=ANY=[], 0x38}, 0x1, 0x0, 0x0, 0x92}, 0x0)
openat$tun(0xffffffffffffff9c, 0x0, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x1)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
r0 = syz_open_dev$MSR(&(0x7f0000000240), 0x0, 0x0)
read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8)
r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000200)='./binderfs/binder0\x00', 0x800, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, 0x0)
r2 = syz_init_net_socket$netrom(0x6, 0x5, 0x0)
connect$netrom(r2, &(0x7f0000000380)={{0x6, @rose, 0x1}, [@remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x1}, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @default, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x2}, @default]}, 0x48)
sendmsg$NFULNL_MSG_CONFIG(0xffffffffffffffff, 0x0, 0x0)
close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x200000000000000)
timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004}, &(0x7f0000bbdffc))
timer_settime(0x0, 0x1, 0x0, 0x0)
pipe(&(0x7f00000002c0)={<r3=>0xffffffffffffffff})
vmsplice(r3, &(0x7f00000014c0), 0x0, 0x0)

3m5.439838559s ago: executing program 3 (id=78):
mkdirat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x1c0)
r0 = landlock_create_ruleset(&(0x7f00000002c0)={0x2001}, 0x18, 0x0)
r1 = openat$dir(0xffffffffffffff9c, &(0x7f0000000300)='./file1\x00', 0x200000, 0x0)
landlock_add_rule$LANDLOCK_RULE_PATH_BENEATH(r0, 0x1, &(0x7f0000000340)={0x2000, r1}, 0x0)
landlock_restrict_self(r0, 0x0)

3m3.083552552s ago: executing program 3 (id=82):
openat$uhid(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)={0x0, 0x20}, 0x1, 0x0, 0x0, 0x20000080}, 0x0)
openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000080), 0x4c00, 0x0)
syz_open_procfs(0x0, 0x0)
syz_mount_image$ext4(&(0x7f0000000580)='ext4\x00', &(0x7f00000005c0)='./file0\x00', 0x1008002, &(0x7f0000000040), 0x3, 0x5eb, &(0x7f0000000c00)="$eJzs3ctvFEcaAPCvxw9sjNYDWu0ue1gsrVYg7WJjAysU5QDXCFnkoVxyiYMNIRiwsKPEJBJGIpdIUS5RFCmnHEL+iwSFK6fklEMuOUVIKIk4RspEPdNtPHaPX9jTiP79pGG6q6Zd1djfVHVNVU8AlTWS/lOLOBgRc0nEcLK0nNcbWeZI63WPfnv/fPpIotF4+Zckkiwtf32SPQ9lBw9ExHffJnGgZ22584s3Lk/Nzs5cz/bHFq7Mjc0v3jh66crUxZmLM1cn/j9x6uSJk6fGj23rvG4WpJ29/dY7wx9Ovvbl578n41/9OJnE6Xghe+HK89gpIzHS/D9J1mYNndrpwkrSk/2dNBqNRp6W9JZbJzYv//31RcTfYzh64vEvbzg+eLHUygG7qpG03ruBKkrEP1RU3g/Ir+1XXwfXSumVAN3w8ExrAGBt/Pe2xgZjoDk2sPdREiuHdZKI2N7IXLt9EXH/3uTtC/cmb8cujcMBxZZuRcQ/iuI/acZ/PQai3oz/Wlv8p/2Cc9lzmv7SNstfPVQs/qF7WvE/sG78R4f4fz19vtmK4Te2WX798eabg23xP7jdUwIAAAAAAIDKunsmIv5X9Pl/bXn+TxTM/xmKiNM7UP7Iqv21n//XHuxAMUCBh2cini+c/1vLZ//We1YsYa1HX3Lh0uzMsYj4S0Qcib496f74OmUc/ejAZ53yRrL5f/kjLf9+Nhcwq8eD3j3tx0xPLUw9wSkDmYe3Iv5ZOP83WW7/k4L2P31nmNtkGQf+c+dcp7yN4x/YLY0vIg4Xtv+P71qRrH9/jrFmf2As7xWs9a/3Pv66U/nbjX+3mIAnl7b/e9eP/3qy8n4981sv4/hib6NT3nb7//3JK827CvVnae9OLSxcH4/oT872pKlt6RNbrzM8i/J4yOMljf8j/15//K+o/z8YEUurfnbya/ua4tzf/hj6qVN99P+hPGn8T2+p/d/6xsSd+jedyt9c+3+i2dYfyVKM/0HLp3mY9renF4Rjb1FWt+sLAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAM+CWkTsi6Q2urxdq42ORgxFxF9jb2322vzCfy9ce/vqdJrX/P7/Wv5Nv8Ot/ST//v/6iv2JVfvHI2J/RHzSM9jcHz1/bXa67JMHAAAAAAAAAAAAAAAAAACAp8RQh/X/qZ97yq4dsOt6y64AUJqC+P++jHoA3af9h+oS/1Bd4h+qS/xDdYl/qC7xD9Ul/qG6xD8AAAAAADxT9h+6+0MSEUvPDTYfqf4sr6/UmgG7rVZ2BYDSuMUPVJepP1BdrvGBZIP8gY4HbXTkeubOP8HBAAAAAAAAAAAAAFA5hw9a/w9VZf0/VJf1/1Bd+fr/QyXXA+g+1/hAbLCSv3D9/4ZHAQAAAAAAAAAAAAA7aX7xxuWp2dmZ6zZefTqq0c2NRqNxM/0reFrqs/MbSTZDvSuF5lPhu3+m/Zs5wXyt3+Z+cnnvSQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAQLs/AwAA//+JjCTl")
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f00000001c0)=0x7)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0xe77c000)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
keyctl$clear(0x3, 0xfffffffffffffffd)
keyctl$set_reqkey_keyring(0xe, 0x2)
request_key(&(0x7f0000000340)='user\x00', &(0x7f0000000380)={'syz', 0x3}, &(0x7f00000003c0)='q\xa9', 0x0)
mkdirat(0xffffffffffffff9c, 0x0, 0x1d0)
mount(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f0000000000)='devpts\x00', 0x0, &(0x7f0000000100))

2m58.178868827s ago: executing program 3 (id=88):
connect$unix(0xffffffffffffffff, &(0x7f000057eff8)=@abs, 0x46)
sendmmsg$unix(0xffffffffffffffff, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(0xffffffffffffffff, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setattr(0x0, &(0x7f0000000280)={0x38, 0x5, 0x8, 0x8001, 0x0, 0xc, 0x4, 0xffffbe0000000001, 0x8, 0xffffffff}, 0x0)
madvise(&(0x7f0000a93000/0x4000)=nil, 0x4000, 0x80000000e)
bind$inet(0xffffffffffffffff, &(0x7f00000001c0)={0x2, 0x0, @local}, 0x10)
socket(0x11, 0x3, 0x0)
openat$drirender128(0xffffffffffffff9c, &(0x7f0000000040), 0x101800, 0x0)
syz_io_uring_submit(0x0, 0x0, 0x0, 0x0)
io_uring_enter(0xffffffffffffffff, 0x3516, 0x0, 0x0, 0x0, 0x0)
select(0x0, 0x0, 0x0, 0x0, &(0x7f0000000740)={0x0, 0xea60})
r0 = socket$inet_mptcp(0x2, 0x1, 0x106)
bind$inet(r0, 0x0, 0x0)
add_key(&(0x7f0000000140)='encrypted\x00', &(0x7f0000000180), &(0x7f0000000100), 0xca, 0xfffffffffffffffe)
mremap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x4000, 0x3, &(0x7f0000005000/0x4000)=nil)
r1 = openat$vmci(0xffffffffffffff9c, &(0x7f0000000140), 0x2, 0x0)
ioctl$IOCTL_VMCI_VERSION2(r1, 0x7a7, &(0x7f0000000100)=0xb0000)
ioctl$IOCTL_VMCI_INIT_CONTEXT(r1, 0x7a0, &(0x7f00000001c0)={@hyper})
ioctl$IOCTL_VMCI_CTX_SET_CPT_STATE(r1, 0x7b2, &(0x7f00000000c0)={&(0x7f0000000f00)=[0x2, 0xe0, 0x20400000, 0xff, 0x7, 0x2, 0x9, 0x5, 0x80, 0x4, 0x2, 0x0, 0x5, 0x3a4d, 0x2800, 0x486, 0x5, 0x5a, 0x7, 0x7, 0xfffffff9, 0x4, 0x2, 0x0, 0xfff, 0x9, 0xffff0001, 0x3, 0x4, 0xb9b2, 0x441, 0x6, 0x3, 0x7, 0x8, 0xfffffff8, 0x0, 0xfffffffe, 0x9, 0x8, 0x3, 0x2, 0x1ff, 0x9, 0x2, 0x8, 0x1000, 0x7, 0x1, 0x5, 0x1, 0xf91, 0x0, 0x9, 0x9, 0x7, 0xb, 0x7, 0x7, 0x8000, 0xb80, 0x4, 0x9f, 0x1, 0x5, 0xc41, 0x8, 0x2, 0x1ff, 0x5, 0x7, 0xff76, 0x4, 0xf, 0x6, 0x7, 0x8, 0x3, 0x4, 0x6, 0x4, 0x7fffffff, 0x3, 0x47, 0x7, 0x8, 0x101, 0xfffff046, 0x9, 0x400, 0xfffffffa, 0x5, 0x0, 0x6, 0x4, 0x7, 0x36, 0x157, 0x7d1, 0x8b96, 0xf, 0x20005, 0x0, 0x7, 0x6, 0x2, 0x8, 0x925, 0x4, 0x9, 0x7, 0xb, 0x5a17cff6, 0x0, 0xb6, 0x2, 0x3, 0x2, 0x7f, 0xffffff7f, 0x7, 0x10000, 0x3, 0x1c2a, 0x3ff, 0x0, 0x10, 0x7f, 0x6, 0x3, 0x14, 0x80, 0x7, 0x4, 0x2, 0x0, 0x2f6, 0x5, 0x9, 0xa7, 0x0, 0x9, 0xc, 0x40, 0x8000006, 0x200, 0x1, 0x2, 0x1, 0x401, 0xaa0, 0x2, 0x6, 0x9, 0x400, 0xe, 0x0, 0xfffeffff, 0x5, 0x7fffffff, 0x7ff6, 0x3, 0x1, 0x4, 0x7, 0x400, 0x0, 0x6, 0x6, 0x101, 0x2, 0x5, 0xfffffff8, 0x3, 0x7fff, 0x6d, 0x7, 0x1, 0x8, 0x6, 0x10001, 0x0, 0xffffffff, 0x8, 0xd, 0x2, 0x200, 0x7bd, 0xa2, 0x2, 0x7, 0x9, 0x6, 0x2, 0x4ec, 0x3, 0x401, 0x5, 0xb, 0x1, 0x948, 0x7, 0x8001, 0xff, 0x200, 0xb67, 0x6, 0x5b, 0x2, 0x1, 0x8, 0x6, 0x2, 0x2, 0x1, 0x10, 0x7f, 0xa07, 0xc0bf, 0x40, 0xa4f, 0x8, 0x8001, 0x8, 0x6, 0x10000, 0x1000, 0x8, 0x1, 0x6, 0xab5, 0x4, 0x9da, 0x800000, 0x7, 0x4, 0xf8, 0x7, 0x7fffffff, 0xfffeffff, 0x401, 0x1, 0x101, 0x2, 0x3, 0xe, 0x6, 0x9, 0x401, 0x7, 0x0, 0x7, 0xfffffffc, 0x5, 0x4, 0x8, 0x3f39, 0xbaa, 0x2, 0x6, 0xcb7, 0x4, 0x8, 0x7f, 0x53b, 0xc, 0x1, 0x2, 0x8, 0xc, 0xfffffff8, 0x0, 0x2, 0x3, 0x5, 0x3, 0x400, 0x6b, 0x7ae, 0x1, 0x6f0, 0xffff, 0x7, 0x9, 0x4, 0xfff, 0x2, 0x7f, 0x3, 0x6, 0x544040be, 0x2, 0xc, 0x8, 0x9, 0x8, 0x7, 0x10001, 0xff, 0x7, 0x10000, 0x2, 0x818, 0x4, 0x3, 0x5af, 0x2, 0x5, 0x7, 0x2, 0xd, 0x2, 0x8d, 0xb8c5, 0xfffffffe, 0x202, 0x3, 0x2, 0xa0, 0x9, 0x7, 0x1, 0x4000000, 0xffffffff, 0x4, 0x40, 0x0, 0x1, 0x7, 0x6, 0x4, 0x8, 0x5, 0x6, 0x8, 0x8, 0x1, 0x5, 0x3, 0x9, 0xb1, 0x5, 0x7, 0xe, 0x9, 0x100, 0x3, 0x5, 0x6, 0x7, 0x2, 0x3, 0xec, 0x5, 0x7, 0xff, 0x5, 0x0, 0x9cf, 0xaef8, 0xffff, 0x5, 0x1, 0x5, 0xc, 0x18a, 0xc, 0x0, 0x0, 0x6, 0x7, 0x4, 0xf2ed, 0x6, 0x4, 0x1, 0x7, 0x5, 0x8, 0x10000, 0xb, 0x9, 0xec852fda, 0x2, 0x9, 0x2, 0x3620, 0x9, 0x3, 0x3, 0x7, 0x74, 0x0, 0x9, 0x0, 0x2, 0x7, 0x8, 0x3, 0x5, 0x21000000, 0x4, 0x5, 0x9, 0x356d28dc, 0x8, 0x999, 0x6, 0x24, 0x6, 0x3, 0x2772, 0x4, 0x1, 0x8, 0xffff, 0x8, 0x6, 0x0, 0x8001, 0x2, 0x2, 0x101, 0x9cf, 0x10001, 0xd1, 0x0, 0x5, 0x3, 0x6, 0x40004, 0x80000001, 0x2, 0x5, 0x9, 0xe, 0xfff, 0x7, 0x10000, 0xffff, 0x7, 0x9, 0xfffffff7, 0x6, 0xa8, 0x9, 0x7ff, 0xd8a, 0x5, 0x929, 0x0, 0x8, 0xfffffffe, 0x40, 0x4, 0x2, 0x6, 0x1, 0x7, 0x7, 0x7fffffff, 0x33, 0x5, 0xa7, 0x7d8e, 0x2, 0x5, 0x4, 0x5, 0x3, 0x4, 0x1, 0x5, 0x96, 0x80, 0x8000, 0x0, 0x7, 0xfffffffc, 0x3, 0x3, 0x5, 0x0, 0x4, 0x100000, 0x6, 0x1, 0x9, 0x2, 0x4, 0x5, 0x3ff, 0x9, 0x6, 0x4, 0x5, 0x40, 0x800, 0xfffffffb, 0x5, 0x0, 0x0, 0x80, 0x6, 0x10, 0x0, 0x0, 0x3, 0x4, 0x4, 0x80000001, 0x81, 0x1, 0x0, 0x6, 0x2, 0x7, 0xff, 0x7fff, 0x7, 0x0, 0x3, 0x1, 0x3, 0xb, 0x3, 0x6c, 0xffffffff, 0x8, 0x1ff, 0x10, 0xf, 0x81, 0x292e, 0x2ac9, 0x9, 0xb42, 0x7, 0xd015, 0x3, 0xff, 0x8001, 0x6, 0x0, 0xe, 0x5, 0xfffffffb, 0x6, 0x0, 0x9, 0x5, 0x80000000, 0x6, 0xfffffffb, 0x8, 0x6, 0x3, 0xd, 0x8001, 0x100, 0xffffffa1, 0xb, 0x1, 0x25fa, 0xd4, 0x2, 0xffffffd6, 0x976, 0x7, 0x4, 0x0, 0x5, 0xff, 0x3, 0xe6, 0x74c, 0x4, 0x7, 0xb0a, 0x6, 0x862d, 0x40, 0xffffffff, 0x5, 0x5, 0xd8c, 0x9, 0x7fffffff, 0x7, 0xe11, 0x4, 0x8, 0x1ff, 0x6, 0x10, 0x8001, 0x0, 0x8, 0xffffffff, 0x40, 0xe8, 0xb, 0x2, 0x9, 0x8, 0x5, 0x5, 0x80000001, 0xe, 0x4, 0x9, 0xb, 0x1, 0x3, 0x9, 0x9, 0xa0000000, 0xc390, 0x4, 0x791, 0xfff, 0x4, 0x54f, 0x4, 0x4, 0x80, 0x6, 0xfffffe00, 0xb, 0x5, 0x4, 0x7, 0x401, 0x4, 0x2, 0x8, 0x2, 0x3, 0xfffffff7, 0x9, 0x5, 0x6, 0x6, 0x4, 0x8, 0x0, 0x6f616b2e, 0x8, 0x101, 0x1ff, 0x2, 0x0, 0x4, 0xa25, 0x7, 0x8001, 0x9, 0xdd4, 0x4, 0x9, 0x7ff, 0x9, 0xffffffff, 0x80, 0x1, 0x4, 0x7, 0xfffffff7, 0x8, 0x2f69, 0x1, 0x7, 0x766b, 0x8, 0x1, 0xb, 0x8, 0xffffce7d, 0x6, 0x2, 0xffff349c, 0x9c1, 0x2, 0x1, 0x1, 0x2, 0x52, 0x9, 0x10000, 0x5, 0x4, 0x35, 0x9, 0x9088, 0xfff, 0x8, 0xb, 0x8000, 0x7, 0x80000001, 0x8, 0x800, 0x6, 0x5, 0x6, 0xd1, 0x8, 0x8000, 0x3, 0x6, 0x4, 0x5, 0x10000, 0x5, 0x7fff, 0xff, 0x607, 0x6, 0x3, 0x4, 0x7, 0x8, 0xc0000000, 0x9, 0xf035, 0x5aa8, 0x1, 0x7, 0x3, 0x3, 0x5, 0x5, 0x2, 0x20, 0x101, 0x6, 0xb, 0x5fa5, 0x8, 0x5, 0xfffffffd, 0x7fffffff, 0x4, 0x5, 0x8, 0x1000, 0x3, 0xd, 0x3, 0x9, 0x2, 0x9a5, 0x8, 0x8, 0xff, 0x7, 0x4, 0x7fffffff, 0x4b8, 0x3, 0x5, 0x2, 0x4, 0x6, 0x40, 0x1, 0xe07, 0x8, 0x340, 0x3, 0x5, 0x1, 0x7, 0xfb3f, 0x100000, 0x3, 0x9, 0x4, 0xa, 0x100, 0x1a, 0xfffffffa, 0x7, 0x39, 0x7ff, 0xe, 0x835, 0x7, 0x1, 0x2b, 0x2, 0x1d1c, 0x10, 0x6, 0x10000, 0x7, 0x7f, 0x4, 0x5, 0x5, 0x2, 0x4, 0xffffff00, 0xee5b, 0x1, 0x1, 0x0, 0x8, 0xfffffffc, 0x29f0, 0x6, 0x8, 0x7, 0x769, 0x0, 0x4, 0xe6f, 0x3, 0xf2a, 0x6, 0x93ad, 0x5, 0x9, 0x400, 0x8000, 0x7, 0x6, 0x5, 0x80000001, 0x4, 0x9, 0x1, 0xf4, 0x100, 0x7, 0x1, 0x400, 0x401, 0x4, 0x3, 0xb, 0x7, 0x10, 0x2, 0x2, 0x7f, 0x5, 0x7f, 0x54bf, 0x10, 0xd, 0x8, 0xff, 0x73a3, 0xdc, 0x3, 0x9, 0x3, 0x3b, 0x400000, 0x4, 0x2, 0xfaea, 0x3, 0x80000001, 0x6, 0x7, 0x4, 0x4b, 0x8, 0x6, 0x2, 0xffff, 0x8, 0x8, 0x2, 0xb, 0x9, 0x7fffffff, 0x80, 0x0, 0x1, 0x2, 0x9, 0x5b40000, 0x32bb, 0x200, 0x8, 0xffffffff, 0xf3d, 0x8a, 0x4, 0x3, 0x5, 0x5, 0x81, 0x5, 0xef, 0x6, 0x6, 0xac, 0x7, 0x4, 0x64, 0x6, 0x9, 0x8, 0x3, 0x300000, 0x3, 0x0, 0x4a1, 0xcd9, 0x3e77, 0x854, 0xee8, 0x3, 0x7fffffff, 0x400, 0x5, 0x3, 0x4, 0x2, 0x2, 0x81c, 0x3ff, 0x800, 0xe7d, 0x40, 0x1ff, 0x0, 0x4, 0x3, 0x400, 0xfffffffe, 0xffffffff, 0x800, 0x41c, 0x9, 0xfffffffc, 0x800009, 0x1bcb, 0x9, 0x4, 0x2, 0xf4a, 0x8, 0x1ff, 0x3, 0x401, 0x3, 0x9, 0x7, 0x2b4, 0x91, 0x7, 0x8c, 0x1, 0xffffffff, 0x2, 0xb, 0x9, 0x7, 0x3, 0x0, 0x9, 0xb, 0x3, 0x1f, 0x8, 0x9, 0x0, 0x4, 0x0, 0x7, 0x8, 0xd3, 0x5, 0xf, 0x3, 0x8, 0x7, 0x3, 0x7ff, 0x104, 0x6, 0x5, 0x2, 0x7, 0x8, 0x6ee5, 0xfffffffb, 0x401, 0x7, 0x7fffffff, 0x1, 0x0, 0x1, 0x5, 0xc0000000, 0x1, 0x2, 0x76ac8333, 0xe, 0xff, 0x3ff, 0x66680, 0x7ff, 0x9, 0x9, 0x2, 0x230c, 0x2, 0x51c4ea0d, 0xbd, 0x9c, 0xd, 0x401, 0x0, 0x0, 0x3, 0xe6, 0x2, 0x4], 0x2, 0x400, 0x38})

2m53.366259291s ago: executing program 3 (id=97):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x9}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x3)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f05ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r0, 0x0, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
mkdir(&(0x7f0000000300)='./bus\x00', 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000240)='./file1\x00', 0x40)
mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x1a0)
mount$overlay(0x0, &(0x7f0000000000)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f0000000380)={[{@upperdir={'upperdir', 0x3d, './file1'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@workdir={'workdir', 0x3d, './bus'}}, {@nfs_export_on}]})
chdir(&(0x7f00000000c0)='./bus\x00')
r3 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x42, 0x0)
r4 = creat(&(0x7f0000000580)='./file1\x00', 0x0)
r5 = fanotify_init(0xf00, 0x1)
fanotify_mark(r5, 0x105, 0x40009975, r4, 0x0)
fallocate(r3, 0x0, 0x1000000, 0x3)
mmap(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x27ffff7, 0x4012011, r3, 0x0)

2m52.565470472s ago: executing program 32 (id=97):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x9}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x3)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f05ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r0, 0x0, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
mkdir(&(0x7f0000000300)='./bus\x00', 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000240)='./file1\x00', 0x40)
mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x1a0)
mount$overlay(0x0, &(0x7f0000000000)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f0000000380)={[{@upperdir={'upperdir', 0x3d, './file1'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@workdir={'workdir', 0x3d, './bus'}}, {@nfs_export_on}]})
chdir(&(0x7f00000000c0)='./bus\x00')
r3 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x42, 0x0)
r4 = creat(&(0x7f0000000580)='./file1\x00', 0x0)
r5 = fanotify_init(0xf00, 0x1)
fanotify_mark(r5, 0x105, 0x40009975, r4, 0x0)
fallocate(r3, 0x0, 0x1000000, 0x3)
mmap(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x27ffff7, 0x4012011, r3, 0x0)

18.149021283s ago: executing program 1 (id=352):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000080)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f0000000380)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
r3 = fsopen(&(0x7f00000003c0)='cgroup2\x00', 0x0)
fsconfig$FSCONFIG_CMD_CREATE(r3, 0x6, 0x0, 0x0, 0x0)
r4 = fsmount(r3, 0x0, 0x0)
r5 = openat$cgroup_ro(r4, 0x0, 0x300, 0x0)
read$FUSE(r5, &(0x7f0000000480)={0x2020}, 0x2020)

16.360198371s ago: executing program 0 (id=354):
openat$tun(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x8)
sched_setscheduler(0x0, 0x1, &(0x7f0000000040)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0xffffc000)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f0000000480)=@abs={0x0, 0x0, 0x8004e24}, 0x6e)
sendmmsg$unix(r1, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
pipe(&(0x7f0000000380)={0xffffffffffffffff, <r2=>0xffffffffffffffff})
r3 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$inet_tcp_int(r3, 0x6, 0x10000000013, &(0x7f0000000180)=0x1, 0x4)
setsockopt$inet_tcp_int(r3, 0x6, 0x14, &(0x7f00000000c0)=0x100000001, 0x4)
connect$inet(r3, &(0x7f0000000300)={0x2, 0x0, @remote}, 0x10)
sendto$inet(r3, &(0x7f0000000200)="e1", 0xfea8, 0x0, 0x0, 0x0)
splice(r3, 0x0, r2, 0x0, 0xfea8, 0xa)

15.038952605s ago: executing program 4 (id=356):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7)
ptrace$ARCH_SHSTK_DISABLE(0x1e, r1, 0x1, 0x5002)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
rt_tgsigqueueinfo(0x0, r0, 0xb, 0x0)
sendmmsg$unix(r3, &(0x7f0000000000), 0x400000000000041, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
ioctl$sock_SIOCSIFVLAN_ADD_VLAN_CMD(r2, 0x8983, &(0x7f0000000100)={0x0, 'erspan0\x00', {0x1}, 0x26})
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r4 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
ptrace(0x10, r4)
socket$packet(0x11, 0x3, 0x300)
ptrace$setregs(0xd, r4, 0x0, &(0x7f00000003c0)="18607651149d7b10b4024fbbdc08899b8f589df2dbb5d7a8d1b36cfab675cb3976ee8100e2878c9cfa178cac130eb046eda93df39ed4b41924dc225ad4028dd63defb87d698be5c749450b350a789dcfc6b2d6a696b5026d1e52f19274566d1da0f353dd65e330ebf71c5e823f2753c5fd76724828ef31b353e71805205c3dceb44cc4c7b3664e29fb")
ptrace$getregset(0x4204, r4, 0x2, &(0x7f0000000740)={0x0})

12.913029376s ago: executing program 2 (id=358):
openat$kvm(0xffffff9c, &(0x7f00000000c0), 0x800, 0x0)
sendmmsg$sock(0xffffffffffffffff, &(0x7f0000001500)=[{{0x0, 0x0, &(0x7f0000000680)=[{&(0x7f0000000980)="d542f6300b61ca7913e7cd7b4036afcfddb3c77fc63db30ef223f1cc4fcdcbb56655be4873ea15e1a9d348fadc935180e702560acae65d42d95f6ddcae59879a1ce7e78eb197a0c8231a504b2614ac6dfd9a5760fe75ba4204694d382eb51806597cde99cedde3f0edd8bd3fce154f83e47f422d0e5bf427c23771a122bd0369cec32bbe791bfc2c0fce202d51df0862c31baa7b80bab6d64c1d5826a7f4c1982e3693e7a0677f2ad388ce872b890394a3ecfd1cec45ba7966945271fc033565", 0xc0}, {&(0x7f0000000780)="92bdcafd7ac9e21583ea71b9eb5feeb69b7eeb919260393d59069611e6d460fd38481da64e5ad543477ed7b768b1a06c0a5d60edf6c5610c123e3572a7c3bd74b7bd876c6f1c54709ef06cb9187fa5ddecc04cdc8fd3e74782c0aa05", 0x5c}, {&(0x7f0000000580)}], 0x3}}, {{0x0, 0x0, &(0x7f0000001400), 0x0, &(0x7f00000014c0)}}], 0x2, 0x0)
openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
socket$nl_xfrm(0x10, 0x3, 0x6)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r0, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
mkdir(&(0x7f0000000340)='./file0\x00', 0x0)
socket$igmp(0x2, 0x3, 0x2)
setsockopt$MRT_ADD_MFC(0xffffffffffffffff, 0x0, 0xcc, &(0x7f0000000100)={@multicast2, @multicast1, 0x0, "aaa517d60f2811d48c8a2cc60c4380bc23b510d442ff13482864280a9c0f4eb5", 0x0, 0xcc, 0xffffffff}, 0x3c)
r3 = bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f0000000740)={0x3, 0x4, 0x4, 0xa, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x2, 0x8, &(0x7f0000000940)=@framed={{0x18, 0x9}, [@tail_call={{0x18, 0x2, 0x1, 0x0, r3}}]}, &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x15, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$MAP_DELETE_ELEM(0x3, &(0x7f00000007c0)={r3, &(0x7f0000000780)}, 0x20)

12.850147783s ago: executing program 4 (id=359):
bind$rds(0xffffffffffffffff, 0x0, 0x0)
fsopen(&(0x7f0000000280)='ceph\x00', 0x1)
gettid()
bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="02000000350000000801000001000000800000", @ANYRES32=0x0, @ANYBLOB='\x00'/20, @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB='\x00'/25], 0x50)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0xa, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0xf0667000)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f0000000180)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
ioctl$VHOST_VSOCK_SET_RUNNING(0xffffffffffffffff, 0x4004af61, 0x0)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000780)={0x5, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="1804000000000000000000000000000018010000b98bc2c900000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b70300000000000085000000b100000095"], 0x0, 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x40000004}, 0x94)
r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x6, 0xb, &(0x7f0000000180)=ANY=[], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @xdp=0x25, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000005880)={r3, 0x2000000, 0xe, 0x0, &(0x7f0000000380)="3f121b5ae730a16b38ec3c25a36f", 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x3}, 0x50)
r4 = openat$ubi_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x8400, 0x0)
ioctl$FS_IOC_SETFLAGS(r4, 0x40186f40, &(0x7f0000000440)=0x1f)
openat$cgroup_ro(r4, 0x0, 0x275a, 0x0)
syz_emit_vhci(&(0x7f0000001480)=ANY=[@ANYBLOB="02c9"], 0x11)

12.652657153s ago: executing program 1 (id=360):
openat$vhost_vsock(0xffffffffffffff9c, &(0x7f00000007c0), 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f00000007c0)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0)
r0 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r0, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
quotactl$Q_SYNC(0xffffffff80000101, 0x0, 0x0, 0x0)
socket$kcm(0x10, 0x2, 0x10)
r1 = socket$packet(0x11, 0x3, 0x300)
setsockopt$packet_fanout(r1, 0x107, 0x12, &(0x7f0000000100)={0x1, 0x7}, 0x4)
setsockopt$packet_int(r1, 0x107, 0x16, &(0x7f0000000000)=0x4, 0x4)
r2 = socket$inet_udp(0x2, 0x2, 0x0)
bind$inet(r2, &(0x7f00000001c0)={0x2, 0x0, @local}, 0x10)
connect$inet(r2, &(0x7f0000000480)={0x2, 0x0, @multicast2}, 0x10)
sendmmsg(r2, &(0x7f0000007fc0), 0x800001d, 0x0)
setsockopt$IP_VS_SO_SET_ADD(r2, 0x0, 0x482, &(0x7f0000000040)={0x100000011, @multicast2, 0x0, 0x0, 'wrr\x00', 0xe, 0x400eeb4, 0x14}, 0x2c)
sendmsg$NL80211_CMD_PROBE_CLIENT(0xffffffffffffffff, &(0x7f0000000280)={&(0x7f0000000140)={0x10, 0x0, 0x0, 0x40000}, 0xc, 0x0, 0x1, 0x0, 0x0, 0x4060}, 0x1)
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, 0x0)
r3 = syz_init_net_socket$nfc_llcp(0x27, 0x1, 0x1)
bind$nfc_llcp(r3, &(0x7f0000000380)={0x27, 0x0, 0x0, 0x0, 0x0, 0x0, "d9298498abdba7f061bd1ca44c226af5160e961711a03760760beeab91e8ff0055e5c0d48bd63ffdb93bd43a847a1597c8ef03da5be42200", 0x37}, 0x60)

10.190701819s ago: executing program 2 (id=361):
mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x1c0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x1c0)
mknodat(0xffffffffffffff9c, &(0x7f00000000c0)='./file1/file2\x00', 0x81c0, 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file1/file3\x00', 0x1c0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000140)='./file1/file4\x00', 0x1c0)
mount$tmpfs(0x0, &(0x7f0000000180)='./file1/file4\x00', &(0x7f00000001c0), 0x0, 0x0)
mknodat(0xffffffffffffff9c, &(0x7f0000000200)='./file1/file4/file5\x00', 0x81c0, 0x0)
r0 = landlock_create_ruleset(&(0x7f00000002c0)={0x2001}, 0x18, 0x0)
r1 = openat$dir(0xffffffffffffff9c, &(0x7f0000000300)='./file1\x00', 0x200000, 0x0)
landlock_add_rule$LANDLOCK_RULE_PATH_BENEATH(r0, 0x1, &(0x7f0000000340)={0x2000, r1}, 0x0)
landlock_restrict_self(r0, 0x0)
renameat2(0xffffffffffffff9c, &(0x7f0000000480)='./file1/file2\x00', 0xffffffffffffff9c, &(0x7f00000004c0)='./file0\x00', 0x2)

10.068752623s ago: executing program 4 (id=362):
socket$nl_route(0x10, 0x3, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
openat2(0xffffffffffffffff, 0x0, 0x0, 0x0)
bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000000a80)=@bpf_ext={0x1c, 0x3, &(0x7f0000000340)=@framed={{0x18, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x982}}, 0x0, 0x6, 0x18, &(0x7f0000000400)=""/24, 0x41000, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000900)={0xa, 0x1}, 0x8, 0x10, 0x0, 0x0, 0xe8b5, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x1}, 0x94)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
r3 = syz_open_dev$video(&(0x7f0000000000), 0x485, 0x40000)
ioctl$VIDIOC_S_INPUT(r3, 0xc0045627, &(0x7f0000000080)=0x2)
ioctl$VIDIOC_S_SELECTION(r3, 0xc040565f, &(0x7f0000000040)={0x9, 0x100, 0x0, {0xffffffff, 0xbde, 0xb, 0x10000}})
sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x40080)
syz_pidfd_open(0x0, 0x0)
r4 = socket$nl_crypto(0x10, 0x3, 0x15)
sendmsg$nl_crypto(r4, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000380)={&(0x7f0000000280)=ANY=[@ANYBLOB="e0000000130001000000000000000000786368616368613230000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000008000"/224], 0xe0}}, 0x0)

9.62666807s ago: executing program 2 (id=363):
syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f0000000040)='./file1\x00', 0x8, &(0x7f0000000340)={[{@nodiscard}, {@nouser_xattr}, {@lazytime}], [{@smackfsdef={'smackfsdef', 0x3d, 'ethtool\x00'}}]}, 0x3, 0x534, &(0x7f0000000680)="$eJzs3c9vG1kdAPCv7SSbtlnSXRDaXSS20iKVH6qdH0KbABLiBBwqIVbiAlIJiTeUOHUUO8smrEQWbnvggIRAWnHgzl/AhZ5YrYQ4gzhw4bTaCkqQCirSII89qZPYqavGdpv5fCTXMx53vu85+b68efPGE0BuXWn9U4iYiYg/RcRse/XoG660nw7uvrXaehQiSV77RyF9X2s9e2v2/y5FxH5ETEfEN78a8b3CybiN3b2NlVqtut1eLVWam1uVxu7etZubK+vV9eqt+aVXl5eX5hYXls+sru/87AfvXP/d16d+e++nH7738z/8vlWsmc627nqcpXbVJ+O5rtcmIuJLwwg2BqVOfS60Vy+Puzw8mtbP76MR8Uqa/7NRSn+ag7k/1JIBw5YkSfK/5Jl+m/cT4Nwqpn3gQrEcEe3lYrFcbvfhPxYXi7V6o/m51+s7t9bafeXLMVl8/WatOtc5Vrgck4XW+nyn85etLxxbX4xI+8A/+lu7YSmv1mtrI2zngJMuHcv/f5fa+Q/kxOCH/MB5I/8hnz6Ykv+QZ/If8kv+Q37Jf8gv+Q/5Jf8hv+Q/5Fd3/ncu5Ipnx1QWYLRO+/s/NcJyACP1jevXW48ku/597Y3dnY36G9fWqo2N8ubOanm1vr1VXq/X12vV8mp982H7q9XrW/Ofj503K81qo1lp7O7d2Kzv3GreSK/rv1GdHEmtgEE89/LtvxQiYv8LF9JHdP3Jl6twviVJIcZ9DTIwHqVxN0DA2Dj1B/n1CMf4fb8kDHi69fiK3kPTl/pu+nJsDaU4wAgUT9t4//3RFQQYuasvOv8HeWX8H/LL+D/k10P6+LoHkAOnjf9H515+D+w/WBx0/P/eo5cJGK5Tx/+Bc22mx/2/kiT58bNd9+6ai4iPRMSfS5PPZPf6As6D4geFTv//6uynZo5vnSr8Jx0DmIqIH7772i/fXGk2t+dbr//z8PXmrzqvL4yj/EB/R0f4sjzN8hgAyK+Du2+tZo9Rxr3zlfYkhJPxJzpjk9NpD+biQeHIXIXCGc1d2H87Il7oFb/Qud95+8zHxYPSifjPd54L7V2k5Z1I75s+mvgvdsX/ZFf8lx77U4F8uN1qf+Z65V8xzek4zL+j7c/MGc2Pztq/bM51d/ys/Sv1af9eHjDG93/9k16nd9PJ3nfejnipZ/ubxZtOYx2P3yrb1QHjf/idb32837bkN+399IqfaS1Vmptblcbu3rWbWSmWXl1eXppbXFiupGPUlWyk+qQvvvDH9/rFb9W/o0/9/3qi/hc6ZfrMgPX/7yfe//aVU+J/+pXev3/Pp8/HPv8kOSzDZweM/6+Fv383+pzra8Vf6/P5F3vFj2xrxOKA8Ru/+JprhwHgCdLY3dtYqdWq2z0WJvtvsvBUL7SOKB5vP8UY5M1RHFm93o2IJ+XjrWYHFWe854keO0xmh1SLh7Uc+8NvnIChepD04y4JAAAAAAAAAAAAMKh+s39vn+F04nHXEQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADgPPh/AAAA//8dws2N")
r0 = openat(0xffffffffffffff9c, 0x0, 0x2a440, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x20008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000640)=0x3)
unshare(0x26020480)
bpf$BPF_PROG_TEST_RUN(0xa, 0x0, 0x0)
ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(0xffffffffffffffff, 0x8933, &(0x7f0000000000))
bpf$BPF_GET_MAP_INFO(0xf, &(0x7f0000000300)={r0, 0x58, &(0x7f0000000200)}, 0x10)
bpf$OBJ_GET_PROG(0x7, 0x0, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f0000000580)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
socket$phonet_pipe(0x23, 0x5, 0x2)
read$msr(r1, &(0x7f0000001a40)=""/102392, 0x18ff8)
bpf$MAP_CREATE(0x0, 0x0, 0x50)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$ethtool(&(0x7f0000000080), r2)
sendmsg$ETHTOOL_MSG_TSINFO_GET(r2, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000003c0)=ANY=[], 0x2c}, 0x1, 0x0, 0x0, 0x20048880}, 0x2000c000)
mbind(&(0x7f0000ff4000/0xc000)=nil, 0xc000, 0x4005, &(0x7f0000000000)=0x5, 0x4, 0x0)
set_mempolicy_home_node(&(0x7f0000ff8000/0x1000)=nil, 0x1000, 0x0, 0x0)
set_mempolicy_home_node(&(0x7f0000ff8000/0x3000)=nil, 0x3000, 0x0, 0x0)

8.864091554s ago: executing program 4 (id=364):
r0 = syz_init_net_socket$rose(0xb, 0x5, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
accept4(r0, &(0x7f00000003c0), 0x0, 0x800)
ioctl$IOCTL_VMCI_VERSION2(0xffffffffffffffff, 0x7a7, 0x0)
prlimit64(0x0, 0xe, &(0x7f00000007c0)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
openat$sequencer(0xffffffffffffff9c, &(0x7f00000020c0), 0x0, 0x0)
r1 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r1, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
connect$llc(0xffffffffffffffff, &(0x7f0000000000)={0x1a, 0x1, 0x0, 0x0, 0x0, 0x0, @remote}, 0x10)
r2 = openat$comedi(0xffffffffffffff9c, &(0x7f0000000080)='/dev/comedi3\x00', 0x0, 0x0)
ioctl$COMEDI_DEVCONFIG(r2, 0x40946400, 0x0)
ioctl$COMEDI_DEVCONFIG(r2, 0x40946400, &(0x7f0000000180)={'pcl812\x00', [0x8001, 0x4, 0x1, 0x0, 0x0, 0xcc7, 0x8, 0x7, 0x1, 0xff, 0x2, 0x1, 0x8, 0x2, 0x6, 0x9, 0x1, 0x9, 0x43, 0x40000003, 0x89, 0x9, 0xf27, 0x6, 0x800b, 0x8, 0x5, 0x6, 0x8, 0x10000, 0xfffffff4]})
sendto$inet(0xffffffffffffffff, &(0x7f0000000140), 0x0, 0x0, 0x0, 0x0)
mmap$xdp(&(0x7f0000800000/0x800000)=nil, 0x800006, 0x7000001, 0x6e073, 0xffffffffffffffff, 0x0)
madvise(&(0x7f0000bc0000/0x400000)=nil, 0x600000, 0x9)
getsockopt$rose(r0, 0x104, 0x3, 0x0, &(0x7f0000000140))
ioctl$BTRFS_IOC_TREE_SEARCH_V2(r1, 0xc0709411, &(0x7f0000000240)={{0x0, 0x5, 0x2, 0xfffffffffffffffb, 0x4, 0x0, 0x1, 0x3, 0x9, 0x6, 0x66, 0x9661, 0xa66, 0x9, 0xa6}, 0x8, [0x0]})
pwritev(0xffffffffffffffff, &(0x7f0000000500)=[{&(0x7f0000000280)="deca", 0x2}, {&(0x7f0000000600)="787621292a83ef51fa59fc04dcfd4e8ee4de0b414add5ce13c109d51150d6e7a7df1016856b360fc9d27d20e2b4a030071d0c991d223db3ed848f2934cc0773f6c5b9a4e2076aadf4e66ad7243809d285be02f280c55e1507e367a8ef90cb3275806a3e8615d6bb200461fe8a7df790e731f4dcd2a92b1d6ee14160b9779f92da5b39bbf1d62a3", 0x87}], 0x2, 0x80040000, 0x5)
syz_mount_image$ext4(&(0x7f00000000c0)='ext4\x00', &(0x7f0000000200)='./bus\x00', 0x1400c, &(0x7f0000000000)={[{@test_dummy_encryption}, {@init_itable}, {@norecovery}]}, 0x3, 0x470, &(0x7f0000000dc0)="$eJzs3M1vG0UbAPBn13H65k0hoZSvlo9AQVQIkqYt0AMHQCBxKBISHOBoJaEqTQtqgkSrSKQcygkhJO6II/8CJ7ggxAmJK9xRpQr1QsvJaL27iZ3YTtPYcYt/P8ntM/vhmce7Y8/u2AlgaE1l/yQReyPi94iYyIutG0zl/12/tjJ349rKXBL1+tt/JY3t/r62MlduWu433lyIJA62qXfpwsUztcXFhfNFeWb57EczSxcuPnf6bO3UwqmFc0dPnDh+bPbFF44+35M8xyMtojfe++rNk1+05L8hjx6Z6rbyqXq9x9UN1l1N8cgA28H2VIrjVW30/4moNB29iXj9s7XCpwNqINA39Xq9Pt559Wod+A9LorWsy8OwKD/oy+vfdtfBL/dt9DF4V1/JL4CyvK8Xj3zNyNodg+qG69temoqId1f/+SZ7RH/uQwAAtPghG/88m412Vuayscf6+CON+5u2u7uYG5qMiHsiYl9E3BvnYn9E3BfR2PaBiHhwm/U3TZI0hpmbxz/plVtO7iZk47+Xirmt1vFfOfqLyUqjdCEvRDV5//TiwpHiNTkc1T1ZebZLHT++9tuXndY1j/+yR1Z/ORYs2nFlZE/rPvO15dqtZ9zq6qWIAyPt8k/WZgKSiHgoIg60e4J06zpOP/Pdw53WbZ1/Fz2YaKp/G/F0fvxXY0P+paT7/OTM/2Jx4chMeVZs9suvl9/qVP+O8u+B7Pj/v+35v5b/ZNI8X7u0/Tou//F5x2uaqWoRbOP8X60t10aTdxrxaLHsk9ry8vnZiNHkZN7o5uVH1/cty+X2Wf6HD7Xv//ti/ZU4GBHZSfxIRDwaEY8Vx+7xiHgiIg51yf/nV5/8YOOysTL/2+D4z2/r+K8Ho9G6JG2zTRZUzvz0fUulk+thkf+N7u9/xxvR4WLJzbz/bW5F+2Cnrx8AAADcCdKI2BtJOr0Wp+n0dP4d/v351Hfm43Pz+W8EJqOalne6Jpruh84Wl/V5+VJE5F8tKNcfi7Rx3/jrylijPD334eL8QDMHxjv0/8yflUG3Dug7P9iC4aX/w/Dq2v+ru9cOYPdt6v9d+/yevrYF2F1tPv/HBtEOYPe1G//7ez8wHDb0f9N+METc/4fhpf/D8NL/YSgtjcXWP5LvGpTPdIu7bxVMROy0hYMJonpbNKNvQaR9r2K0v6dW34LkDmzzpmBw70kAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAC99G8AAAD//1KFzjw=")

8.630593952s ago: executing program 1 (id=365):
socket$nl_netfilter(0x10, 0x3, 0xc)
socket(0x840000000002, 0x3, 0x100)
r0 = socket$inet_udp(0x2, 0x2, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
getxattr(&(0x7f0000000000)='./file0\x00', &(0x7f00000003c0)=@random={'user.', '([\x00'}, 0x0, 0x0)
r1 = socket$inet_udp(0x2, 0x2, 0x0)
r2 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
setsockopt$inet6_int(r2, 0x29, 0x19, &(0x7f0000000000)=0x94b, 0x4)
syz_emit_ethernet(0x0, 0x0, 0x0)
recvmmsg(r2, &(0x7f0000000ac0), 0x40000000000007f, 0x2000, 0x0)
timer_create(0x0, &(0x7f00000000c0)={0x0, 0x21, 0x2, @thr={0x0, 0x0}}, &(0x7f0000000300)=<r3=>0x0)
fcntl$lock(0xffffffffffffffff, 0x24, &(0x7f0000000040)={0x0, 0x0, 0x10001, 0x5})
mprotect(&(0x7f0000000000/0xf000)=nil, 0xf000, 0x1)
timer_settime(r3, 0x1, &(0x7f0000000040)={{}, {0x77359400}}, 0x0)
futex_waitv(&(0x7f0000000180)=[{0x0, &(0x7f0000000000), 0x2}], 0x1, 0x0, 0x0, 0x0)
ioctl$sock_ipv4_tunnel_SIOCADDTUNNEL(r1, 0x89f1, &(0x7f0000000440)={'sit0\x00', &(0x7f0000000400)={'syztnl0\x00', 0x0, 0x0, 0x0, 0x0, 0x0, {{0x5, 0x4, 0x0, 0x0, 0x14, 0x0, 0x0, 0x0, 0x0, 0x0, @local, @empty}}}})
syz_mount_image$ext4(&(0x7f00000000c0)='ext4\x00', &(0x7f0000000040)='./file0\x00', 0x11, &(0x7f0000000100)={[{@noblock_validity}, {@stripe={'stripe', 0x3d, 0x2}}, {@norecovery}, {@min_batch_time={'min_batch_time', 0x3d, 0x71d}}, {@abort}]}, 0x1, 0x610, &(0x7f0000000a40)="$eJzs3c9rFGcfAPDvTH6avO+bKC+8rz3UQCkKrYmJWqQUau5F7I9/IDVRxGgkSaFRwQjtsfTSQ6GnHmr/i1borfTQaw+9F0FK8VCL1C2zOxs3m93Nz/3h7ucDa+aZmczznTXfPM88eWY2gJ41kf2TRhyNiJtJxFjFtv7IN06U9nv8x51L2SuJQuH935O4czdZrzxWkn8dzb/577FIfk4jjvRtrXdl7da1ucXFheW8PLV6/ebUytqtk1evz11ZuLJwY+aNmXNnz5w9N31qX+c3UGPdN189Taa//fVCEufjWR5bdl7V+w3tq+bsPZuIQsmTyvXZ+3pun8fuFH+OlX9OnkuqV9CxLud5m+XJ/2Is+ir+N8fi03fbGhzQVIUkym0U0HOSOvn/42yj3wzDTYsHaJVyP6B8bV/rOnirtMm9EqAVHs2WBqRKuT8QEeX87y+NDcZwcWxg5HGyaZwniYj9jcyVZHX89MOFT7JX1BmHA5pj/V55lLu6/U+KuTkew8XSyON0c/6vFwpp3hPI1r+3x/onqsryH1pn/V5E/D9v/wdjx/mf5rlbzv8P91i//AcAAAAAAICD82A2Il6vNf8v3Zj/M1hj/s9oRJw/gPq3//tf+jBfSKp2HTyA6qGnPZqNeKvm/N+NOb7jfXnp38X5ALeTy1cXF05FxH8i4kQMDGXl6arjVs4QPvnZkS/r1V85/y97ZfWX5wLmR3rYX3Uj7vzc6tx+zxuIeHQv4qXi/N9j+ZrN83+y9j+p0f5n+X1zh3UcefX+xXrbts9/oFkKX0ccr9n+P+9uJ42fzzFV7A9MlXsFW718+/Pv6tVfnf9NOEWgjqz9H2mc/0NJ5fN6VnZ3/Owi/fRaf6He9r32/weTD/qiYhDg47nV1eXpiMHkna3rZ3YXM3SrPB+ORZ4vWf6feKXx+N9G/78iDw9FxPoO6hveZrv+P7RPlv/zjdv/8c3t/+4XZu6Pf1+v/os7av/PFNv0E/ka439QaevzOHaaoG0JFwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABecGlE/CuSdHJjOU0nJyNGI+K/MZIuLq2svnZ56aMb89m2iPEYSMuf9DtWKiflz/8fryjPVJVPR8ThiPii71CxPHlpaXG+3ScPAAAAAAAAAAAAAAAAAAAAHWK0eM9/Yaj6/v/Mb33tjg5ouv78q3yH3tO/5+8sDB1oIEDL7T3/gRdYds2/i/wfaGYsQBvUz/8nTwtFLQ0HaCH9f+hde8x/fy6ALqD9h161wzG94WbHAbSD9h8AAAAAALrK4WMPfkkiYv3NQ8VXZjDfZrI/dLe03QEAbWMOL/Su/qV2RwC0i2t8INlY+qvmzf71Z/8nzQkIAAAAAAAAAAAAANji+FH3/0Ovanz/v7n90M0a3P9fK/k9LgC6SP2P/tD2Q7dzjQ9s19q7/x8AAAAAAAAAAAAAOsDwrWtzi4sLyytrL97C250Rxu4W1uc6IoxdLBTuRjTe51lzah+IiE55E5ZXsmhaVVf5ERxtPOU2/14CAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA2/BMAAP//cdEbCg==")
ioctl$sock_ipv4_tunnel_SIOCGETTUNNEL(r0, 0x89f4, &(0x7f00000001c0)={'syztnl0\x00', 0x0})
ioctl$SECCOMP_IOCTL_NOTIF_ADDFD(0xffffffffffffffff, 0x40082104, 0x0)

5.174602594s ago: executing program 0 (id=366):
syz_clone(0x30209000, 0x0, 0x0, 0x0, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000000)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r0 = getpid()
sched_setscheduler(r0, 0x1, &(0x7f0000000100)=0x5)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000001480)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f00000004c0)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r3 = bpf$PROG_LOAD(0x5, &(0x7f00000002c0)={0x11, 0xb, &(0x7f0000000640)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x34, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xd97}, 0x94)
bpf$MAP_CREATE_TAIL_CALL(0x0, 0x0, 0x48)
fcntl$lock(r3, 0x6, &(0x7f00000001c0)={0x2, 0x1, 0xab4e, 0xfffffffffffffffd})
syz_open_procfs(0x0, 0x0)
r4 = socket$inet6_udp(0xa, 0x2, 0x0)
setsockopt$IP6T_SO_SET_REPLACE(r4, 0x29, 0x40, &(0x7f0000000880)=@raw={'raw\x00', 0x3c1, 0x3, 0x3f8, 0x0, 0x4c, 0x1a, 0x180, 0x73, 0x328, 0x258, 0x258, 0x328, 0x258, 0x3, 0x0, {[{{@ipv6={@private0, @local, [], [], 'wg2\x00', 'macvlan1\x00', {}, {}, 0x73}, 0x0, 0x118, 0x180, 0x0, {}, [@common=@inet=@l2tp={{0x30}, {0x0, 0x0, 0x3, 0x0, 0x3}}, @common=@unspec=@connlimit={{0x40}, {[], 0x0, 0x2}}]}, @unspec=@CT1={0x68, 'CT\x00', 0x1, {0x23, 0x3, 0x2, 0x3, 'syz1\x00', 'syz0\x00', {0x2}}}}, {{@uncond, 0x0, 0x160, 0x1a8, 0x0, {}, [@inet=@rpfilter={{0x28}}, @common=@srh1={{0x90}, {0x2e, 0x8, 0xfb, 0x87, 0x3, @remote, @mcast1, @private2={0xfc, 0x2, '\x00', 0x1}, [0xff000000, 0xff, 0x0, 0xffffff00], [0x8982e4c132e3b466, 0xffffffff, 0xffffff00, 0xff000000], [0xffffff00, 0x0, 0xff000000, 0xffffff00], 0x3420, 0x108}}]}, @common=@inet=@TEE={0x48, 'TEE\x00', 0x1, {@ipv4=@initdev={0xac, 0x1e, 0x1, 0x0}, 'vlan0\x00'}}}], {{'\x00', 0x0, 0xa8, 0xd0, 0x0, {0x0, 0x5400}}, {0x28}}}}, 0x458)
syz_mount_image$msdos(&(0x7f0000000040), &(0x7f0000000300)='./file1\x00', 0x800884, &(0x7f0000000000)=ANY=[], 0x4, 0x2be, &(0x7f0000000d00)="$eJzs3U9r02AYAPCnf7Z1O2w7i4eAF09DPXuwyASxMJj0oF4sTEE2EbpLt4v9Cl7Ez+BH8uBnkJ12q9TEdTP741iTdPT3g5InecqbJyHNm8L7tm/vftzd+bT/fvTjW7RaSTSjFXEcsR71aESqVota/I1jMU4bNs6sxlK2bAYAMKu2t3vti3LDckthKvJPXv1+eyEiVpZyme73kooCAAAAAAAAAABgyvLj/2OYG/+fLevnjf8vvWIA4KYuG/+fMZXvluv3272V7PntLOP/AQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgOocj0Zro0teVdcHAEzf8WhV/w8Ac8b3fwCYP6f6/4gr+v9GdWUCAFP08tXrF+1OZ3M7SVoRR8NBd9BNl2n+2fPO5oMkSZLlP6v1dOvRYNBtnOQfJqlJq+P8Qqxk+Ufn5hfj/r00P8493er8k1+KnTJOAAAAAAAAAAAAAAAAAAAAAMyAjeTE+mTrZH7/xsbW158fzsunUfb7APXIze9vxp1maYcBAAAAAAAAAAAAAAAAAAAAt9r+weFub2/vXb/44Mn+wWEtIgraRTMLGsXtordXXMvjoBU3b2chcqnxSb9GO43/29eXNIj49fn6pT5+E3Hlm2u7y5FLLZd70RYfjNbST+Ks1LOaXS0X3TEWS7w7AQAAAAAAAAAAAAAAAADAfJnM/q26EgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACozuT//4sLqj5GAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAYD78DgAA///il4JR")
openat(0xffffffffffffff9c, 0x0, 0x26a200, 0x59)
bpf$MAP_CREATE(0x300000000000000, &(0x7f0000000380)=@base={0x18, 0x4, 0x41, 0x0, 0x1, 0x1, 0xfffffffc, '\x00', 0x0, 0xffffffffffffffff, 0x4002, 0x4}, 0x50)
r5 = socket$nl_xfrm(0x10, 0x3, 0x6)
getsockopt$sock_cred(r5, 0x1, 0x11, &(0x7f0000000340), &(0x7f00000002c0)=0xc)
sendmmsg$inet(0xffffffffffffffff, 0x0, 0x0, 0x28008004)

5.109641965s ago: executing program 2 (id=367):
mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x1c0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x1c0)
mknodat(0xffffffffffffff9c, &(0x7f00000000c0)='./file1/file2\x00', 0x81c0, 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file1/file3\x00', 0x1c0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000140)='./file1/file4\x00', 0x1c0)
mount$tmpfs(0x0, &(0x7f0000000180)='./file1/file4\x00', &(0x7f00000001c0), 0x0, 0x0)
mknodat(0xffffffffffffff9c, &(0x7f0000000200)='./file1/file4/file5\x00', 0x81c0, 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000240)='./file1/file4/file6\x00', 0x1c0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000280)='./file1/file4/file7\x00', 0x1c0)
r0 = openat$dir(0xffffffffffffff9c, &(0x7f0000000300)='./file1\x00', 0x200000, 0x0)
landlock_add_rule$LANDLOCK_RULE_PATH_BENEATH(0xffffffffffffffff, 0x1, &(0x7f0000000340)={0x2000, r0}, 0x0)
prctl$PR_SET_NO_NEW_PRIVS(0x26, 0x1)
landlock_restrict_self(0xffffffffffffffff, 0x0)
linkat(0xffffffffffffff9c, &(0x7f0000000380)='./file1/file2\x00', 0xffffffffffffff9c, &(0x7f00000003c0)='./file0/file2\x00', 0x0)
renameat2(0xffffffffffffff9c, &(0x7f0000000400)='./file1/file3\x00', 0xffffffffffffff9c, &(0x7f0000000440)='./file0/file3\x00', 0x0)
renameat2(0xffffffffffffff9c, &(0x7f0000000480)='./file1/file2\x00', 0xffffffffffffff9c, &(0x7f00000004c0)='./file0\x00', 0x2)
linkat(0xffffffffffffff9c, &(0x7f0000000500)='./file1/file4/file5\x00', 0xffffffffffffff9c, &(0x7f0000000540)='./file1/file4/file7/file5\x00', 0x0)
renameat2(0xffffffffffffff9c, &(0x7f0000000580)='./file1/file4/file6\x00', 0xffffffffffffff9c, &(0x7f00000005c0)='./file1/file4/file7/file6\x00', 0x0)
renameat2(0xffffffffffffff9c, &(0x7f0000000600)='./file1/file4/file5\x00', 0xffffffffffffff9c, &(0x7f0000000640)='./file1/file4/file7/file6\x00', 0x2)

4.119356024s ago: executing program 4 (id=368):
openat$qrtrtun(0xffffffffffffff9c, &(0x7f0000000100), 0x8000)
r0 = syz_open_procfs(0x0, &(0x7f0000000180)='fd/3\x00')
r1 = socket$qrtr(0x2a, 0x2, 0x0)
connect$qrtr(r1, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x20008b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000640)=0x3)
sched_setaffinity(0x0, 0x8, &(0x7f0000000580)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r2, &(0x7f0000001a40)=""/102392, 0x18ff8)
r3 = socket$tipc(0x1e, 0x2, 0x0)
bind$tipc(r3, &(0x7f0000000100)=@name={0x1e, 0x2, 0x0, {{0x42}}}, 0x10)
setsockopt$TIPC_GROUP_JOIN(r3, 0x10f, 0x87, &(0x7f0000000040)={0x42, 0x0, 0x3}, 0x10)
openat$full(0xffffffffffffff9c, 0x0, 0x1, 0x0)
r4 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f00000002c0)={r4, 0x0, 0xa, 0x0, &(0x7f0000000000)="0000010051227b177748", 0x0, 0xfffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x4}, 0x50)
bind$inet6(r0, 0x0, 0x0)
sendmsg$tipc(0xffffffffffffffff, 0x0, 0x0)
sendmsg$tipc(r3, 0x0, 0x0)
linkat(r0, 0x0, 0xffffffffffffffff, &(0x7f0000000340)='./file0\x00', 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000840)={0x1e, 0xf, &(0x7f0000000000)=ANY=[@ANYBLOB="ffff00"/20], &(0x7f0000000100)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sk_lookup=0x24, 0x0, 0x0, 0x0, 0x0, 0xfffffff8, 0x0, 0x0, 0x0, r0, 0x0, 0x0, 0x0, 0x0}, 0x94)

3.98930106s ago: executing program 1 (id=369):
syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000280)=0x8)
r0 = getpid()
sched_setaffinity(0x0, 0x0, 0x0)
sched_setscheduler(r0, 0x2, &(0x7f0000000180)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f07ebbeee, 0x8031, 0xffffffffffffffff, 0x4000)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r3 = socket$xdp(0x2c, 0x3, 0x0)
mmap$xdp(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x100000c, 0x11, r3, 0x100000000)
r4 = inotify_init()
r5 = userfaultfd(0x80001)
ioctl$UFFDIO_API(r5, 0xc018aa3f, &(0x7f0000000040)={0xaa, 0x34d})
ioctl$UFFDIO_REGISTER(r5, 0xc020aa00, &(0x7f0000000100)={{&(0x7f0000ffe000/0x2000)=nil, 0x2000}, 0x1})
bpf$MAP_CREATE_TAIL_CALL(0x9, 0x0, 0xc)
mremap(&(0x7f0000ffa000/0x1000)=nil, 0x1000, 0x3000, 0x3, &(0x7f0000ffb000/0x3000)=nil)
mremap(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x1000, 0x7, &(0x7f0000fff000/0x1000)=nil)
close_range(r4, 0xffffffffffffffff, 0x0)

3.957005077s ago: executing program 0 (id=370):
r0 = socket(0xa, 0x3, 0x3a)
setsockopt$MRT6_FLUSH(r0, 0x29, 0xd1, 0x0, 0x0)
setsockopt$MRT6_ADD_MIF(r0, 0x29, 0xca, 0x0, 0x0)
ioctl$SIOCGETVIFCNT(r0, 0x89e0, &(0x7f00000008c0))
pipe2(0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r1 = getpid()
sched_setscheduler(r1, 0x1, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
chown(&(0x7f00000003c0)='./file0\x00', 0x0, 0xee01)

3.955603792s ago: executing program 2 (id=371):
r0 = socket(0xa, 0x3, 0x3a)
setsockopt$MRT6_FLUSH(r0, 0x29, 0xd1, 0x0, 0x0)
setsockopt$MRT6_ADD_MIF(r0, 0x29, 0xca, 0x0, 0x0)
ioctl$SIOCGETVIFCNT(r0, 0x89e0, &(0x7f00000008c0))
pipe2(0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r1 = getpid()
sched_setscheduler(r1, 0x1, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
chown(&(0x7f00000003c0)='./file0\x00', 0x0, 0xee01)
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.net/syz1\x00', 0x1ff)

1.84433518s ago: executing program 1 (id=372):
mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x1c0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x1c0)
mknodat(0xffffffffffffff9c, &(0x7f00000000c0)='./file1/file2\x00', 0x81c0, 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file1/file3\x00', 0x1c0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000140)='./file1/file4\x00', 0x1c0)
mount$tmpfs(0x0, &(0x7f0000000180)='./file1/file4\x00', &(0x7f00000001c0), 0x0, 0x0)
r0 = landlock_create_ruleset(&(0x7f00000002c0)={0x2001}, 0x18, 0x0)
r1 = openat$dir(0xffffffffffffff9c, &(0x7f0000000300)='./file1\x00', 0x200000, 0x0)
landlock_add_rule$LANDLOCK_RULE_PATH_BENEATH(r0, 0x1, &(0x7f0000000340)={0x2000, r1}, 0x0)
landlock_restrict_self(r0, 0x0)
renameat2(0xffffffffffffff9c, &(0x7f0000000480)='./file1/file2\x00', 0xffffffffffffff9c, &(0x7f00000004c0)='./file0\x00', 0x2)

1.843383157s ago: executing program 2 (id=373):
syz_mount_image$bfs(&(0x7f0000000000), &(0x7f0000000240)='./bus\x00', 0x8008, &(0x7f0000000100)=ANY=[@ANYRES64=0x0], 0xf, 0xab, &(0x7f0000010140)="$eJzs1zGKwkAYBeB/s7CbdptFsLBO4x08ilhqI1aK4A3Ei3gVj5DewiKtiCOYiIidRQT5vmLgzWPgtbM7brubIiKtIlLRme7T3Wy+GA8n9Rl8pCwifiMij4jeX50Pg7r7avqyWo7K6vv58c+69b0AAMDrsug/5nNqLk7NL/Aa/m993vI+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgHe7BAAA//+dfyiL")
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.current\x00', 0x275a, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000040)='./file2\x00', 0x143042, 0x0)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='memory.events\x00', 0x275a, 0x0)
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000200)='rdma.current\x00', 0x275a, 0x0)
mknodat(0xffffffffffffff9c, &(0x7f0000000140)='./file4\x00', 0x40, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000080)='./file7\x00', 0x105042, 0x1ff)
linkat(0xffffffffffffff9c, &(0x7f0000000000)='./file4\x00', 0xffffffffffffff9c, &(0x7f00000006c0)='./file5\x00', 0x0)
syz_mount_image$udf(&(0x7f0000000000), &(0x7f0000000080)='./bus\x00', 0x1000000, &(0x7f0000000040)=ANY=[@ANYBLOB='\x00'], 0x2, 0x58a, &(0x7f0000000740)="$eJzs3c1rXWkZAPDnPc1NbzrtzJ22ttaOckHBMmJJ006qpjjWyQSE4oRp04UrY5N2wtwkJclIOgzahejG/8HVbBRkQN0ILnTrQnciA67ErVEGBhRHOSfnfiUZk5mbm4/m94PknnvOcz7eAwk872cAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABFff/nm8JW0308BAAAA9NM3b786PCL/BwAAgCfaHe3/AAAAAAAAAHDYpcjih5Fi9dRaOll8X1e9NbfwxurU+MTWpw2l4sxjRXz+U70ycvXaC6PXv9T8/P/n77YL8crtOzfrLy3OP1yaXV6enalPLczdW5yZ3fEVej1/o+eLF1Cff/2Nmfv3l+sjl692HV6t/e34U+dqY19++eytZuzU+MTE7Y6YgcrHvvsmengAAAAcbYORxbVIcefiz9OpiMii91x4m7qDfhuKWp5/F4WYGp8oCtKYm15YyQ9ONhPhWndOPNjMkfcgF+9JLeJ0/qyDMnoAAAB2rhJZfCZSXPhgLT0dEceaefAXiokBt79AbQ8ecgsDEXEmIi7FIcjZAQAAYJ8djyxejRS/adTimTKvLvL/r0WM7ffDAQAAALtiILK4HineG1tLtaI/QEQ8PzU+Ub91t/6NhfuLHbGTqWxRP+zjA/aSvgkAAAAcANXI4lTR4r+Wnv2QmIE9fiYAAABgdw1FFv+KFJ9/8bvFvHJRzEv/zNhXTt6Y6Jxh7vw218ljL0fExR2Oya+Ucw1OpsmUsk1Xe7wrhQMAAAAK1ZTFXyPF+3+uFt8vlbl50ugPAAAAT46UxQ8ixVcn11LasC79sY71/VsO+9j//j7/UPWlxYePluYevLay5fET1ZvfWV5Zmr639eH1tQu7ukNst44hAAAA7EAlZfHPSPH7xjutvLNcA6DsAdBONN++0c5Nq2nD0aLe4Omi3qA1huCpkZHO7S1T1o8wP16tvO+x3osNAAAAR0pKWQxGis/97pPl2v8nYlMbdBn3h0hxY/G5Mi4bzOOawwRqxe/q/bnG7HAeOx4pftloxkYRe7yMPdOOvZLH/ja/7nR3bLWMPduOHcljP4gUry1tHfuJduzVPHYpUvzsJ/Vm7Ik89mQZe64de/neYmOmby8YAAAADoBKyuJXkeLH/663hvx3t/+3W9vffqvd3r9pgr4PafPvtf2/1rHvcVkPcbysrxjYpr7ilUhx4dnnmuUp6gqa3QrW1zpo11f8I1Isfas7drCMPd2OvbLjFwsAAAAHSLP//x/v/rrV5b7MgcuvW+f/n9o4P2Cf8v/ONQnzey4/evP16UZjdmk/Nyof8azvR0TXnnQQSmHjv6WD8jx7ulH+UT0+KM/T60Zv/wcBAOAoyPP/u5Fi9b13W+3dZf5fdpVv5//vf6+d/49tvFCf8v/THfvGyvkGKgMR1ZX5h5XzEdXlR29+cW5++sHsg9mFq6MvjA6Pjl6/NlIZbDbut7d6flcAAABwWOX5/3Ck+PuPftoan7+T9v8TGy/Up/z/TMe+/J7tRr98z196LT4AAAAcCXn+/4tI8aeL77Tm0evO/zvm/3+rPc7+0mfXewu0agf6lP+f7dhXK+4bMbRLZQcAAAAAAAAAAAAAAAAAAICDopKy+E+keLc6kMoJ/3c0/9/Mxgv1afz/uY59M7E36//1/FIBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADgkMoii7lI8enza+nFfMe3I052fgIAAACH3v8CAAD//16XHzs=")
write$binfmt_script(r0, &(0x7f00000008c0), 0xfecc)
openat(0xffffffffffffff9c, &(0x7f000000c380)='./file0\x00', 0x40, 0x0)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000006ac0)='cpuacct.stat\x00', 0x275a, 0x0)
openat$incfs(0xffffffffffffff9c, &(0x7f0000000640)='.log\x00', 0xa5d, 0x1)
openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x161442, 0xb6)
syz_clone(0x2000400, 0x0, 0xfffffebf, 0x0, 0x0, 0x0)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000340)='pids.current\x00', 0x275a, 0x0)
open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000000)='cpu.stat\x00', 0x275a, 0x0)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='freezer.state\x00', 0x275a, 0x0)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1, 0x12, r0, 0x0)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='blkio.bfq.io_service_time_recursive\x00', 0x275a, 0x0)

1.797320562s ago: executing program 0 (id=374):
syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f0000000000)='./file1\x00', 0x200000, &(0x7f0000001240)={[{@dioread_nolock}, {@norecovery}, {@min_batch_time={'min_batch_time', 0x3d, 0x1}}, {@nojournal_checksum}, {@debug_want_extra_isize={'debug_want_extra_isize', 0x3d, 0x80}}, {@nodelalloc}, {@errors_remount}, {@acl}, {@auto_da_alloc_val={'auto_da_alloc', 0x3d, 0x343}}, {@jqfmt_vfsold}, {@barrier_val={'barrier', 0x3d, 0x7}}, {@nombcache}], [{@fowner_eq}, {@hash}, {@permit_directio}, {@subj_type={'subj_type', 0x3d, '/)/-:$//('}}, {@rootcontext={'rootcontext', 0x3d, 'unconfined_u'}}]}, 0xfd, 0x573, &(0x7f0000000cc0)="$eJzs3V9rW+UfAPDvSZP9636/djCGeiGDXTgZS9fWPxOEzUvR4UDvZ2izMpouo0nHWgduF+7GGxmCiAPxBXjv5fAN+CoGOhgyil6IUDnpSZe1Sf8tNbH5fOBsz5Nzkud58pzvyfOck/QEMLBOpv/kIl6OiK+SiJGWdfnIVp5c3W756e2pdEliZeXj35O4sO61kuz/4SzzUkT8/EXEmdzGcmuLS7OlSqU8n+XH6nM3xmqLS2evzZVmyjPl6xOTk+ffnJx45+23utbW1y//+e1HD98//+Wp5W9+fHzsfhIX42i2Lm1XF4q405o5Wfo7SxXi4roNx7tQWD9Jel0BdmUoi/NCpMeAkRjKoh7Y/z6PiBVgQCXiHwZUcxzQnNt3aR78n/HkvdUJ0Mb251fPjcShxtzoyHLy3Mwone+OdqH8tIyffntwP11i8/MQh7fIA+zInbsRcS6f33j8S7Lj3+6da5w83tz6Mgbt8wd66WE6/knuRGyI/9za+CfajH+G28Tubmwd/7nHXSimo3T8927b8e/aoWt0KMv9rzHmKyRXr1XK5yLi/xFxOgoH0/xm13POLz9a6bSudfyXLmn5zbFgVo/H+YPPP2e6VC+9SJtbPbkb8Urb8W+y1v9Jm/5P34/L2yzjRPnBq53Wbd3+vbXyQ8Rrbfv/2RWtZPPrk2ON/WGsuVds9Me9E790Kr/X7U/7/8jm7R9NWq/X1nZexveH/ip3Wrfb/f9A8kkjfSB77FapXp8fjziQfJgfXv/4xLPnNvPN7dP2nz7VPv432//Tyden22z/veP3Om7aD/0/vaP+33ni0Qeffdep/O31/xuN1Onske0c/7ZbwRd57wAAAAAAAKDf5CLiaCS54lo6lysWV7/fcTyO5CrVWv3M1erC9elo/FZ2NAq55pXukZbvQ4xn34dt5ifW5Scj4lhEfD10uJEvTlUr071uPAAAAAAAAAAAAAAAAAAAAPSJ4Q6//0/9OtTr2gF7rnFjg4O9rgXQC1ve8r8bd3oC+tKW8Q/sWzuPf2cGYL/w+Q+DS/zD4BL/MLi2G/+FkT2uCPCv8/kPg0v8AwAAAAAAAAAAAAAAAAAAAAAAAAAAQFddvnQpXVaWn96eSvPTNxcXZqs3z06Xa7PFuYWp4lR1/kZxplqdqZSLU9W5rV6vUq3eGJ+IhVtj9XKtPlZbXLoyV124Xr9yba40U75SLvhjwwAAAAAAAAAAAAAAAAAAALBBbXFptlSplOclOiYuRF9UYy8buGpXT8/3Syskupro8YEJAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAFr8EwAA//8DDjNQ")
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000003c0)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f00000000c0)=@getchain={0x17, 0x11, 0x839, 0x70bd2c, 0x100003, {0x0, 0x0, 0x0, 0x0, {0xb, 0xfff3}, {0x2, 0xa}, {0xf, 0xfff1}}}, 0x24}}, 0x0)
getsockopt$IP_VS_SO_GET_DESTS(0xffffffffffffffff, 0x0, 0x484, &(0x7f00000000c0)=""/24, &(0x7f00000005c0)=0x18)
ioctl$XFS_IOC_ATTRMULTI_BY_HANDLE(0xffffffffffffffff, 0x4048587b, &(0x7f0000000d40)={{0xffffffffffffffff, 0x0, 0x0, &(0x7f0000000340)={@_ha_fsid={[0x8, 0x7fffffff]}, {0x2, 0x8, 0xd, 0x6}}, 0x3, &(0x7f0000000540)={@_ha_fsid}, 0x0}, 0x5, &(0x7f0000000e00)=[{0x1, 0x4caa, &(0x7f0000000700)='connmark\x00', &(0x7f0000000740)="01978c1c2cc4b9004d8c4deb4fcffe21aead3de21ade811d2298738aebec76650ec01a668da31d90352fe6a28d60887f03f6cc990debd7581deb98e1ee8d1ebd9fb1664d704ccb614f3a729491d05ec6e2d470e01b64bea7660359", 0x5b, 0x10}, {0x3, 0xe, &(0x7f0000000840)='connmark\x00', &(0x7f0000000880), 0x0, 0x16}, {0x1, 0x4, &(0x7f0000000900)='connmark\x00', &(0x7f0000000940)="ef95e112ba061e6e66d16a", 0xb, 0x2}, {0x1, 0x3, &(0x7f0000000980)='\x00', &(0x7f00000009c0)="9515dde9a164bbe50de6f6d046c5f49efba9c621e80713bc2651c3ff043bdce51ea5f97c8a0488a59b00383f454e54a5c034a99082d54b10ae81624eb2f3bd23892ae9533b61cc6d5be0fad39f7d2ca574d26418ea4d537e1ac251177144ebfe2beb51f9510b95ee8837704bb908b7d9a526d1d2cacb", 0x76, 0x20}, {0x1, 0x80000001, &(0x7f0000000c00)=']\x00', &(0x7f0000000c40)="63602c4d881e675a0ad3e49e5044e8dc7dba90124e2ec2dc19478c8788a3d8fc8cfbc6676ab7f1c1728d038c75822918bf5e875b92187f1db89522bc1cbfd69866fbbad56ff82be5ca52bca254949b8d5a3813a667bddff8ed771d00fac02a47ea360b4fb9c4f11766880413321bcf2a2e2418a5b5557fd49a10122132756a56f1ce0c5a3f18606e4020d7a32998da87d1d07a07a54054e1f6506fb948b48128d9b35820573bc4492c1e666856d01a112ee09b7d2c04a5370d3b13a71a711337ceb96fb73788a3430d", 0xc9, 0xa}]})
syz_genetlink_get_family_id$mptcp(&(0x7f0000000f40), 0xffffffffffffffff)
bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f00000000c0)={0xffffffffffffffff, 0x0, 0x25, 0x0, @void}, 0x10)
sendmsg$IPVS_CMD_SET_INFO(0xffffffffffffffff, &(0x7f0000000480)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x40081c4}, 0x44000)
bpf$PROG_LOAD(0x5, &(0x7f0000000640)={0x11, 0x0, 0x0, 0x0, 0x5, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x19, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x94)
setsockopt$inet_tcp_TCP_REPAIR_WINDOW(0xffffffffffffffff, 0x6, 0x1d, &(0x7f0000000080)={0x0, 0x2, 0x3, 0x0, 0xad7}, 0x14)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000000)={0x0}}, 0x481d5)
r0 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000380)={&(0x7f0000000840)=@newsa={0x14c, 0x10, 0x713, 0x0, 0x0, {{@in6=@private2={0xfc, 0x2, '\x00', 0x1}, @in6=@local}, {@in=@dev={0xac, 0x14, 0x14, 0x17}, 0x4d5, 0x33}, @in=@multicast1, {0x3}, {}, {0x0, 0x22}, 0x0, 0x0, 0x2}, [@algo_auth_trunc={0x5c, 0x14, {{'cmac(aes)\x00'}, 0x80, 0x0, "3509fe8fd57fd44aa5074c50bc700e53"}}]}, 0x14c}}, 0x0)
r1 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r1, &(0x7f00000004c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc-camellia-asm\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r1, 0x117, 0x1, &(0x7f0000000280)="ad56b6c5820fae9d6dcd3292ea54c7beef915d564c90c200", 0x18)
r2 = accept4(r1, 0x0, 0x0, 0x800)
sendmmsg$alg(r2, &(0x7f0000000040)=[{0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000080)="f78d9ca38fff48f3be52163448412ba8", 0xfffffe3f}, {&(0x7f0000000140)="ebe3a0e9796cfd1647e299f4e376fdba128280b372219d205e81f4a7f71c1926aae1efd7e0054a863f3d5cfe6cb55b5bb9fa6935849e6098ed884e7cb51726b360fbb37b4fe035bbb095873048"}, {&(0x7f00000003c0)="e8700e444d50a969ff67347cff6127e6ef12ee3819271482a4975a52c1ab9b8b4db3945d1032005eabe97b4dc33a47d3a158da988456d30026b433186f53cdcdb93a4722bf306a10470d50f5cb1ece9ead3459bab1cf1538cd0b157653c5e892962c80f158c443e9c6ad7d2a8103ef2f4b93766b9a21501f94c1568b13756b66f74f46cf801704d2da8b96c34070b233af0afcc436712e58ed25e721193af05a045ad3fdc928f02f3dbad19d3e66eebda2e63f3f46ef4511cee26d7b48241847bf9e343ef4674c45e2a085060f11"}], 0x1, &(0x7f0000000380)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18}], 0x1, 0x40800)
recvmsg(r2, &(0x7f00000005c0)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f00000000c0)=""/81, 0x7ffff000}, {&(0x7f0000000200)=""/83, 0x20000253}], 0x2}, 0x0)
r3 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000580), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000013c0)={'wlan1\x00', <r4=>0x0})
sendmsg$NL80211_CMD_FRAME(r0, &(0x7f0000001380)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000dc0)=ANY=[@ANYBLOB="f4060000", @ANYRES16=r3, @ANYBLOB="01000000000000e14f003b00000008000300", @ANYRES32=r4, @ANYBLOB="d50633008000009effffffffffff080211000001"], 0x6f4}}, 0x0)

1.593376803s ago: executing program 4 (id=375):
openat$tun(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x8)
sched_setscheduler(0x0, 0x1, &(0x7f0000000040)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0xffffc000)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f0000000480)=@abs={0x0, 0x0, 0x8004e24}, 0x6e)
sendmmsg$unix(r1, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
pipe(&(0x7f0000000380)={0xffffffffffffffff, <r2=>0xffffffffffffffff})
r3 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$inet_tcp_int(r3, 0x6, 0x10000000013, &(0x7f0000000180)=0x1, 0x4)
setsockopt$inet_tcp_int(r3, 0x6, 0x14, &(0x7f00000000c0)=0x100000001, 0x4)
connect$inet(r3, &(0x7f0000000300)={0x2, 0x0, @remote}, 0x10)
sendto$inet(r3, &(0x7f0000000200)="e1", 0xfea8, 0x0, 0x0, 0x0)
splice(r3, 0x0, r2, 0x0, 0xfea8, 0xa)

1.092437364s ago: executing program 0 (id=376):
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, 0x2}, 0x94)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
r3 = getpid()
setsockopt$inet6_tcp_TCP_MD5SIG(0xffffffffffffffff, 0x6, 0xe, &(0x7f0000000900)={@in6={{0xa, 0x4e21, 0x8, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01', 0x1}}, 0x0, 0x0, 0x15, 0x0, "49c866f2599164ec9f2adb18cf6053cd3fbde4afbad1df6c40998f704f9bde91cff97877f391f2703651536d14e4d3e8576c1c1590bbe69e43443a9374fba52f177594ac705f39b66cb39576521ad84c"}, 0xd8)
r4 = syz_pidfd_open(r3, 0x0)
setns(r4, 0x24020000)
socket$nl_xfrm(0x10, 0x3, 0x6)
r5 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r5, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000340)=@newae={0x5c, 0x1e, 0xff01f7747ae9d38d, 0x70bd2d, 0x25dfdbfc, {{@in=@broadcast, 0x4d4, 0x2, 0x33}, @in6=@loopback, 0xffffffff, 0x3504}, [@replay_esn_val={0x1c, 0x17, {0x0, 0x70bd2c, 0x70bd2b, 0x70bd2a, 0x70bd2c, 0x40}}]}, 0x5c}, 0x1, 0x0, 0x0, 0x24004850}, 0x40054)
landlock_restrict_self(0xffffffffffffffff, 0x0)
umount2(&(0x7f0000000040)='.\x00', 0x9)

1.092127854s ago: executing program 1 (id=377):
r0 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000080)={'dummy0\x00'})
timer_create(0x0, 0x0, 0x0)
ptrace$cont(0x1f, 0x0, 0x80, 0x8)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r1=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={0x0, 0xa0}}, 0x0)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f0000000040)={'wlan0\x00', <r3=>0x0})
connect$pppoe(0xffffffffffffffff, &(0x7f00000001c0)={0x18, 0x0, {0x1, @empty, 'ip_vti0\x00'}}, 0x1e)
ioctl$PPPOEIOCSFWD(0xffffffffffffffff, 0x4008b100, 0x0)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX_80211(r4, 0x8933, &(0x7f0000000480)={'wlan0\x00', <r5=>0x0})
r6 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000200), 0xffffffffffffffff)
sendmsg$NL80211_CMD_REMAIN_ON_CHANNEL(r4, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000300)=ANY=[@ANYBLOB=',\x00\x00\x00', @ANYRES16=r6, @ANYBLOB="010000000000000000003700000008000300", @ANYRES32=r5, @ANYBLOB="08002600901500000800570080"], 0x2c}}, 0x808)
r7 = socket$nl_generic(0x10, 0x3, 0x10)
r8 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r7, 0x8933, &(0x7f0000000080)={'wlan0\x00', <r9=>0x0})
sendmsg$NL80211_CMD_FRAME(r7, &(0x7f00000004c0)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000380)=ANY=[@ANYBLOB='h\x00\x00\x00', @ANYRES16=r8, @ANYBLOB="010000000000000000003b00000008000300", @ANYRES32=r9, @ANYBLOB="08002600ad1600004000330010000000080211000000080211000000080211000001000000000000010001002d1a40000b0000000000000000040003000b0000000600500000000304006c"], 0x68}}, 0x0)
r10 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000000), 0xffffffffffffffff)
sendmsg$NL80211_CMD_TRIGGER_SCAN(r2, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000001440)={0x1c, r10, 0x1, 0x0, 0x0, {{0x8}, {@val={0x8, 0x3, r3}, @void}}}, 0x1c}, 0x1, 0x0, 0x0, 0x4000}, 0x0)

862.374359ms ago: executing program 5 (id=98):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r0, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sendmsg$NFT_BATCH(0xffffffffffffffff, 0x0, 0x4000)
mount(&(0x7f0000000140)=@nullb, &(0x7f0000000040)='./cgroup\x00', 0x0, 0x2208004, 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000140)='./file0\x00', 0x0)
mount$cgroup(0x0, &(0x7f0000000100)='./file0\x00', &(0x7f00000001c0), 0x2010042, 0x0)
mkdirat(0xffffffffffffffff, &(0x7f0000000380)='./cgroup\x00', 0x108)
socket(0x84000000002a, 0x1, 0xff)
r3 = bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000280)={&(0x7f0000000080)=ANY=[@ANYBLOB="9feb010018000000000000003000000030000000050000000000000001000004080000000000000003000000100000000000000000000002000000000300000000000004040000000000002e"], 0x0, 0x4d}, 0x20)
bpf$MAP_CREATE(0x0, &(0x7f0000000640)=@bloom_filter={0x1e, 0x0, 0x8, 0x2, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, r3, 0x0, 0x1, 0x0, 0x2}, 0x50)

0s ago: executing program 0 (id=378):
socket$nl_netfilter(0x10, 0x3, 0xc)
socket(0x840000000002, 0x3, 0x100)
r0 = socket$inet_udp(0x2, 0x2, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
getxattr(&(0x7f0000000000)='./file0\x00', &(0x7f00000003c0)=@random={'user.', '([\x00'}, 0x0, 0x0)
r1 = socket$inet_udp(0x2, 0x2, 0x0)
r2 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
setsockopt$inet6_int(r2, 0x29, 0x19, &(0x7f0000000000)=0x94b, 0x4)
syz_emit_ethernet(0x0, 0x0, 0x0)
recvmmsg(r2, &(0x7f0000000ac0), 0x40000000000007f, 0x2000, 0x0)
timer_create(0x0, &(0x7f00000000c0)={0x0, 0x21, 0x2, @thr={0x0, 0x0}}, &(0x7f0000000300)=<r3=>0x0)
fcntl$lock(0xffffffffffffffff, 0x24, &(0x7f0000000040)={0x0, 0x0, 0x10001, 0x5})
mprotect(&(0x7f0000000000/0xf000)=nil, 0xf000, 0x1)
timer_settime(r3, 0x1, &(0x7f0000000040)={{}, {0x77359400}}, 0x0)
futex_waitv(&(0x7f0000000180)=[{0x0, &(0x7f0000000000), 0x2}], 0x1, 0x0, 0x0, 0x0)
ioctl$sock_ipv4_tunnel_SIOCADDTUNNEL(r1, 0x89f1, &(0x7f0000000440)={'sit0\x00', &(0x7f0000000400)={'syztnl0\x00', 0x0, 0x0, 0x0, 0x0, 0x0, {{0x5, 0x4, 0x0, 0x0, 0x14, 0x0, 0x0, 0x0, 0x0, 0x0, @local, @empty}}}})
syz_mount_image$ext4(&(0x7f00000000c0)='ext4\x00', &(0x7f0000000040)='./file0\x00', 0x11, &(0x7f0000000100)={[{@noblock_validity}, {@stripe={'stripe', 0x3d, 0x2}}, {@norecovery}, {@min_batch_time={'min_batch_time', 0x3d, 0x71d}}, {@abort}]}, 0x1, 0x610, &(0x7f0000000a40)="$eJzs3c9rFGcfAPDvTH6avO+bKC+8rz3UQCkKrYmJWqQUau5F7I9/IDVRxGgkSaFRwQjtsfTSQ6GnHmr/i1borfTQaw+9F0FK8VCL1C2zOxs3m93Nz/3h7ucDa+aZmczznTXfPM88eWY2gJ41kf2TRhyNiJtJxFjFtv7IN06U9nv8x51L2SuJQuH935O4czdZrzxWkn8dzb/577FIfk4jjvRtrXdl7da1ucXFheW8PLV6/ebUytqtk1evz11ZuLJwY+aNmXNnz5w9N31qX+c3UGPdN189Taa//fVCEufjWR5bdl7V+w3tq+bsPZuIQsmTyvXZ+3pun8fuFH+OlX9OnkuqV9CxLud5m+XJ/2Is+ir+N8fi03fbGhzQVIUkym0U0HOSOvn/42yj3wzDTYsHaJVyP6B8bV/rOnirtMm9EqAVHs2WBqRKuT8QEeX87y+NDcZwcWxg5HGyaZwniYj9jcyVZHX89MOFT7JX1BmHA5pj/V55lLu6/U+KuTkew8XSyON0c/6vFwpp3hPI1r+3x/onqsryH1pn/V5E/D9v/wdjx/mf5rlbzv8P91i//AcAAAAAAICD82A2Il6vNf8v3Zj/M1hj/s9oRJw/gPq3//tf+jBfSKp2HTyA6qGnPZqNeKvm/N+NOb7jfXnp38X5ALeTy1cXF05FxH8i4kQMDGXl6arjVs4QPvnZkS/r1V85/y97ZfWX5wLmR3rYX3Uj7vzc6tx+zxuIeHQv4qXi/N9j+ZrN83+y9j+p0f5n+X1zh3UcefX+xXrbts9/oFkKX0ccr9n+P+9uJ42fzzFV7A9MlXsFW718+/Pv6tVfnf9NOEWgjqz9H2mc/0NJ5fN6VnZ3/Owi/fRaf6He9r32/weTD/qiYhDg47nV1eXpiMHkna3rZ3YXM3SrPB+ORZ4vWf6feKXx+N9G/78iDw9FxPoO6hveZrv+P7RPlv/zjdv/8c3t/+4XZu6Pf1+v/os7av/PFNv0E/ka439QaevzOHaaoG0JFwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABecGlE/CuSdHJjOU0nJyNGI+K/MZIuLq2svnZ56aMb89m2iPEYSMuf9DtWKiflz/8fryjPVJVPR8ThiPii71CxPHlpaXG+3ScPAAAAAAAAAAAAAAAAAAAAHWK0eM9/Yaj6/v/Mb33tjg5ouv78q3yH3tO/5+8sDB1oIEDL7T3/gRdYds2/i/wfaGYsQBvUz/8nTwtFLQ0HaCH9f+hde8x/fy6ALqD9h161wzG94WbHAbSD9h8AAAAAALrK4WMPfkkiYv3NQ8VXZjDfZrI/dLe03QEAbWMOL/Su/qV2RwC0i2t8INlY+qvmzf71Z/8nzQkIAAAAAAAAAAAAANji+FH3/0Ovanz/v7n90M0a3P9fK/k9LgC6SP2P/tD2Q7dzjQ9s19q7/x8AAAAAAAAAAAAAOsDwrWtzi4sLyytrL97C250Rxu4W1uc6IoxdLBTuRjTe51lzah+IiE55E5ZXsmhaVVf5ERxtPOU2/14CAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA2/BMAAP//cdEbCg==")
ioctl$sock_ipv4_tunnel_SIOCGETTUNNEL(r0, 0x89f4, &(0x7f00000001c0)={'syztnl0\x00', 0x0})
ioctl$SECCOMP_IOCTL_NOTIF_ADDFD(0xffffffffffffffff, 0x40082104, 0x0)

kernel console output (not intermixed with test programs):

Warning: Permanently added '10.128.0.238' (ED25519) to the list of known hosts.
[   80.751735][ T5827] cgroup: Unknown subsys name 'net'
[   80.891331][ T5827] cgroup: Unknown subsys name 'cpuset'
[   80.900971][ T5827] cgroup: Unknown subsys name 'rlimit'
Setting up swapspace version 1, size = 127995904 bytes
[   82.533207][ T5827] Adding 124996k swap on ./swap-file.  Priority:0 extents:1 across:124996k 
[   86.135559][ T5843] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[   86.146251][ T5843] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[   86.154892][ T5843] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[   86.164855][ T5843] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[   86.173421][ T5843] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[   86.365275][   T51] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1
[   86.376846][ T5853] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1
[   86.387576][ T5853] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9
[   86.397006][ T5853] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9
[   86.405340][ T5853] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9
[   86.414896][ T5853] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9
[   86.425362][ T5857] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1
[   86.427370][ T5860] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4
[   86.435260][ T5857] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9
[   86.441134][ T5860] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2
[   86.450220][ T5857] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9
[   86.466014][ T5857] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4
[   86.475016][ T5853] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4
[   86.482594][ T5843] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2
[   86.496479][ T5843] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2
[   86.540361][   T51] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1
[   86.552144][   T51] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9
[   86.560515][   T51] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9
[   86.572022][   T51] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4
[   86.580216][   T51] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2
[   86.796996][ T5842] chnl_net:caif_netlink_parms(): no params data found
[   87.100087][ T5842] bridge0: port 1(bridge_slave_0) entered blocking state
[   87.112806][ T5842] bridge0: port 1(bridge_slave_0) entered disabled state
[   87.121184][ T5842] bridge_slave_0: entered allmulticast mode
[   87.132013][ T5842] bridge_slave_0: entered promiscuous mode
[   87.145327][ T5842] bridge0: port 2(bridge_slave_1) entered blocking state
[   87.153176][ T5842] bridge0: port 2(bridge_slave_1) entered disabled state
[   87.160664][ T5842] bridge_slave_1: entered allmulticast mode
[   87.169798][ T5842] bridge_slave_1: entered promiscuous mode
[   87.314096][ T5842] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   87.353704][ T5842] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   87.494332][ T5842] team0: Port device team_slave_0 added
[   87.501098][ T5849] chnl_net:caif_netlink_parms(): no params data found
[   87.528008][ T5842] team0: Port device team_slave_1 added
[   87.575942][ T5850] chnl_net:caif_netlink_parms(): no params data found
[   87.670240][ T5852] chnl_net:caif_netlink_parms(): no params data found
[   87.683139][ T5842] batman_adv: batadv0: Adding interface: batadv_slave_0
[   87.690289][ T5842] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[   87.716517][ T5842] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   87.758893][ T5842] batman_adv: batadv0: Adding interface: batadv_slave_1
[   87.766129][ T5842] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[   87.792698][ T5842] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   87.804392][ T5861] chnl_net:caif_netlink_parms(): no params data found
[   87.962959][ T5849] bridge0: port 1(bridge_slave_0) entered blocking state
[   87.970282][ T5849] bridge0: port 1(bridge_slave_0) entered disabled state
[   87.978142][ T5849] bridge_slave_0: entered allmulticast mode
[   87.986090][ T5849] bridge_slave_0: entered promiscuous mode
[   88.028338][ T5849] bridge0: port 2(bridge_slave_1) entered blocking state
[   88.035549][ T5849] bridge0: port 2(bridge_slave_1) entered disabled state
[   88.043011][ T5849] bridge_slave_1: entered allmulticast mode
[   88.050492][ T5849] bridge_slave_1: entered promiscuous mode
[   88.076799][ T5842] hsr_slave_0: entered promiscuous mode
[   88.083758][ T5842] hsr_slave_1: entered promiscuous mode
[   88.108210][ T5850] bridge0: port 1(bridge_slave_0) entered blocking state
[   88.115937][ T5850] bridge0: port 1(bridge_slave_0) entered disabled state
[   88.123364][ T5850] bridge_slave_0: entered allmulticast mode
[   88.130602][ T5850] bridge_slave_0: entered promiscuous mode
[   88.151542][ T5849] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   88.177591][ T5850] bridge0: port 2(bridge_slave_1) entered blocking state
[   88.184879][ T5850] bridge0: port 2(bridge_slave_1) entered disabled state
[   88.192254][ T5850] bridge_slave_1: entered allmulticast mode
[   88.200181][ T5850] bridge_slave_1: entered promiscuous mode
[   88.223139][ T5849] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   88.232992][ T5852] bridge0: port 1(bridge_slave_0) entered blocking state
[   88.240994][   T51] Bluetooth: hci0: command tx timeout
[   88.241054][ T5852] bridge0: port 1(bridge_slave_0) entered disabled state
[   88.254110][ T5852] bridge_slave_0: entered allmulticast mode
[   88.261817][ T5852] bridge_slave_0: entered promiscuous mode
[   88.310572][ T5852] bridge0: port 2(bridge_slave_1) entered blocking state
[   88.318677][ T5852] bridge0: port 2(bridge_slave_1) entered disabled state
[   88.326199][ T5852] bridge_slave_1: entered allmulticast mode
[   88.333758][ T5852] bridge_slave_1: entered promiscuous mode
[   88.361053][ T5850] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   88.392792][ T5861] bridge0: port 1(bridge_slave_0) entered blocking state
[   88.400481][ T5861] bridge0: port 1(bridge_slave_0) entered disabled state
[   88.408274][ T5861] bridge_slave_0: entered allmulticast mode
[   88.415352][ T5861] bridge_slave_0: entered promiscuous mode
[   88.436240][ T5850] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   88.447972][ T5849] team0: Port device team_slave_0 added
[   88.464736][ T5861] bridge0: port 2(bridge_slave_1) entered blocking state
[   88.472126][ T5861] bridge0: port 2(bridge_slave_1) entered disabled state
[   88.480721][   T51] Bluetooth: hci1: command tx timeout
[   88.480920][ T5861] bridge_slave_1: entered allmulticast mode
[   88.493729][ T5861] bridge_slave_1: entered promiscuous mode
[   88.517999][ T5849] team0: Port device team_slave_1 added
[   88.526413][ T5852] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   88.567509][ T5843] Bluetooth: hci2: command tx timeout
[   88.573884][   T51] Bluetooth: hci3: command tx timeout
[   88.589917][ T5852] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   88.621601][ T5861] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   88.633070][ T5850] team0: Port device team_slave_0 added
[   88.639371][   T51] Bluetooth: hci4: command tx timeout
[   88.643360][ T5850] team0: Port device team_slave_1 added
[   88.680409][ T5861] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   88.700178][ T5849] batman_adv: batadv0: Adding interface: batadv_slave_0
[   88.707636][ T5849] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[   88.734787][ T5849] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   88.748538][ T5852] team0: Port device team_slave_0 added
[   88.782788][ T5849] batman_adv: batadv0: Adding interface: batadv_slave_1
[   88.790149][ T5849] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[   88.817647][ T5849] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   88.830698][ T5852] team0: Port device team_slave_1 added
[   88.852297][ T5850] batman_adv: batadv0: Adding interface: batadv_slave_0
[   88.859733][ T5850] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[   88.886507][ T5850] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   88.926969][ T5861] team0: Port device team_slave_0 added
[   88.940014][ T5850] batman_adv: batadv0: Adding interface: batadv_slave_1
[   88.947465][ T5850] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[   88.974424][ T5850] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   89.013723][ T5861] team0: Port device team_slave_1 added
[   89.049434][ T5861] batman_adv: batadv0: Adding interface: batadv_slave_0
[   89.056815][ T5861] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[   89.083606][ T5861] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   89.095500][ T5852] batman_adv: batadv0: Adding interface: batadv_slave_0
[   89.102947][ T5852] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[   89.129291][ T5852] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   89.166177][ T5861] batman_adv: batadv0: Adding interface: batadv_slave_1
[   89.173659][ T5861] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[   89.200188][ T5861] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   89.212040][ T5852] batman_adv: batadv0: Adding interface: batadv_slave_1
[   89.219399][ T5852] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[   89.246730][ T5852] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   89.280506][ T5849] hsr_slave_0: entered promiscuous mode
[   89.286894][ T5849] hsr_slave_1: entered promiscuous mode
[   89.293359][ T5849] debugfs: 'hsr0' already exists in 'hsr'
[   89.299684][ T5849] Cannot create hsr debugfs directory
[   89.351957][ T5850] hsr_slave_0: entered promiscuous mode
[   89.358868][ T5850] hsr_slave_1: entered promiscuous mode
[   89.365230][ T5850] debugfs: 'hsr0' already exists in 'hsr'
[   89.371251][ T5850] Cannot create hsr debugfs directory
[   89.478209][ T5861] hsr_slave_0: entered promiscuous mode
[   89.484612][ T5861] hsr_slave_1: entered promiscuous mode
[   89.492435][ T5861] debugfs: 'hsr0' already exists in 'hsr'
[   89.498241][ T5861] Cannot create hsr debugfs directory
[   89.510158][ T5852] hsr_slave_0: entered promiscuous mode
[   89.516636][ T5852] hsr_slave_1: entered promiscuous mode
[   89.523258][ T5852] debugfs: 'hsr0' already exists in 'hsr'
[   89.529605][ T5852] Cannot create hsr debugfs directory
[   89.789352][ T5842] netdevsim netdevsim4 netdevsim0: renamed from eth0
[   89.830609][ T5842] netdevsim netdevsim4 netdevsim1: renamed from eth1
[   89.865965][ T5842] netdevsim netdevsim4 netdevsim2: renamed from eth2
[   89.899292][ T5842] netdevsim netdevsim4 netdevsim3: renamed from eth3
[   90.109058][ T5850] netdevsim netdevsim2 netdevsim0: renamed from eth0
[   90.122246][ T5850] netdevsim netdevsim2 netdevsim1: renamed from eth1
[   90.132895][ T5850] netdevsim netdevsim2 netdevsim2: renamed from eth2
[   90.156094][ T5850] netdevsim netdevsim2 netdevsim3: renamed from eth3
[   90.256839][ T5849] netdevsim netdevsim3 netdevsim0: renamed from eth0
[   90.270283][ T5849] netdevsim netdevsim3 netdevsim1: renamed from eth1
[   90.281103][ T5849] netdevsim netdevsim3 netdevsim2: renamed from eth2
[   90.291291][ T5849] netdevsim netdevsim3 netdevsim3: renamed from eth3
[   90.316933][ T5842] 8021q: adding VLAN 0 to HW filter on device bond0
[   90.317804][   T51] Bluetooth: hci0: command tx timeout
[   90.429515][ T5852] netdevsim netdevsim0 netdevsim0: renamed from eth0
[   90.443272][ T5842] 8021q: adding VLAN 0 to HW filter on device team0
[   90.464258][ T5852] netdevsim netdevsim0 netdevsim1: renamed from eth1
[   90.494155][ T5852] netdevsim netdevsim0 netdevsim2: renamed from eth2
[   90.507010][   T35] bridge0: port 1(bridge_slave_0) entered blocking state
[   90.515004][   T35] bridge0: port 1(bridge_slave_0) entered forwarding state
[   90.543165][ T5852] netdevsim netdevsim0 netdevsim3: renamed from eth3
[   90.556195][   T35] bridge0: port 2(bridge_slave_1) entered blocking state
[   90.563766][   T35] bridge0: port 2(bridge_slave_1) entered forwarding state
[   90.571882][   T51] Bluetooth: hci1: command tx timeout
[   90.635242][ T5861] netdevsim netdevsim1 netdevsim0: renamed from eth0
[   90.642160][   T51] Bluetooth: hci3: command tx timeout
[   90.642207][   T51] Bluetooth: hci2: command tx timeout
[   90.674264][ T5861] netdevsim netdevsim1 netdevsim1: renamed from eth1
[   90.684760][ T5861] netdevsim netdevsim1 netdevsim2: renamed from eth2
[   90.696504][ T5861] netdevsim netdevsim1 netdevsim3: renamed from eth3
[   90.717752][ T5843] Bluetooth: hci4: command tx timeout
[   90.782373][ T5842] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[   90.805190][ T5850] 8021q: adding VLAN 0 to HW filter on device bond0
[   90.862953][ T5849] 8021q: adding VLAN 0 to HW filter on device bond0
[   90.899331][ T5850] 8021q: adding VLAN 0 to HW filter on device team0
[   90.948665][   T35] bridge0: port 1(bridge_slave_0) entered blocking state
[   90.956182][   T35] bridge0: port 1(bridge_slave_0) entered forwarding state
[   90.975433][ T5849] 8021q: adding VLAN 0 to HW filter on device team0
[   90.997445][   T35] bridge0: port 2(bridge_slave_1) entered blocking state
[   91.004851][   T35] bridge0: port 2(bridge_slave_1) entered forwarding state
[   91.031115][   T35] bridge0: port 1(bridge_slave_0) entered blocking state
[   91.038346][   T35] bridge0: port 1(bridge_slave_0) entered forwarding state
[   91.092626][   T35] bridge0: port 2(bridge_slave_1) entered blocking state
[   91.100061][   T35] bridge0: port 2(bridge_slave_1) entered forwarding state
[   91.177022][ T5852] 8021q: adding VLAN 0 to HW filter on device bond0
[   91.204798][ T5842] 8021q: adding VLAN 0 to HW filter on device batadv0
[   91.237635][ T5861] 8021q: adding VLAN 0 to HW filter on device bond0
[   91.275317][ T5852] 8021q: adding VLAN 0 to HW filter on device team0
[   91.330334][   T49] bridge0: port 1(bridge_slave_0) entered blocking state
[   91.337593][   T49] bridge0: port 1(bridge_slave_0) entered forwarding state
[   91.375190][ T5861] 8021q: adding VLAN 0 to HW filter on device team0
[   91.425152][   T12] bridge0: port 1(bridge_slave_0) entered blocking state
[   91.432414][   T12] bridge0: port 1(bridge_slave_0) entered forwarding state
[   91.470249][   T12] bridge0: port 2(bridge_slave_1) entered blocking state
[   91.477513][   T12] bridge0: port 2(bridge_slave_1) entered forwarding state
[   91.523995][   T12] bridge0: port 2(bridge_slave_1) entered blocking state
[   91.531414][   T12] bridge0: port 2(bridge_slave_1) entered forwarding state
[   91.846226][ T5849] 8021q: adding VLAN 0 to HW filter on device batadv0
[   91.874675][ T5850] 8021q: adding VLAN 0 to HW filter on device batadv0
[   91.887857][ T5842] veth0_vlan: entered promiscuous mode
[   91.940770][ T5842] veth1_vlan: entered promiscuous mode
[   92.103490][   T43] cfg80211: failed to load regulatory.db
[   92.122872][ T5850] veth0_vlan: entered promiscuous mode
[   92.184470][ T5849] veth0_vlan: entered promiscuous mode
[   92.192927][ T5850] veth1_vlan: entered promiscuous mode
[   92.206005][ T5842] veth0_macvtap: entered promiscuous mode
[   92.232703][ T5849] veth1_vlan: entered promiscuous mode
[   92.253625][ T5842] veth1_macvtap: entered promiscuous mode
[   92.272876][ T5852] 8021q: adding VLAN 0 to HW filter on device batadv0
[   92.308013][ T5861] 8021q: adding VLAN 0 to HW filter on device batadv0
[   92.321141][ T5842] batman_adv: batadv0: Interface activated: batadv_slave_0
[   92.350224][ T5842] batman_adv: batadv0: Interface activated: batadv_slave_1
[   92.368780][ T5850] veth0_macvtap: entered promiscuous mode
[   92.390948][   T49] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   92.398705][ T5843] Bluetooth: hci0: command tx timeout
[   92.404012][   T49] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   92.421667][ T5849] veth0_macvtap: entered promiscuous mode
[   92.433788][ T5850] veth1_macvtap: entered promiscuous mode
[   92.441261][   T49] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   92.450305][   T49] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   92.471547][ T5849] veth1_macvtap: entered promiscuous mode
[   92.541489][ T5852] veth0_vlan: entered promiscuous mode
[   92.553319][ T5849] batman_adv: batadv0: Interface activated: batadv_slave_0
[   92.602929][ T5850] batman_adv: batadv0: Interface activated: batadv_slave_0
[   92.612353][ T5849] batman_adv: batadv0: Interface activated: batadv_slave_1
[   92.632190][ T5861] veth0_vlan: entered promiscuous mode
[   92.638340][ T5843] Bluetooth: hci1: command tx timeout
[   92.664784][ T5850] batman_adv: batadv0: Interface activated: batadv_slave_1
[   92.676201][ T1168] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   92.685637][ T1168] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   92.696593][ T5852] veth1_vlan: entered promiscuous mode
[   92.717896][ T5843] Bluetooth: hci2: command tx timeout
[   92.719088][   T51] Bluetooth: hci3: command tx timeout
[   92.730759][ T1168] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   92.740354][ T1168] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   92.772710][ T1164] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   92.779398][ T1168] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   92.786707][ T1164] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   92.794668][ T1168] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   92.810437][   T51] Bluetooth: hci4: command tx timeout
[   92.815218][ T5861] veth1_vlan: entered promiscuous mode
[   92.835304][ T1168] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   92.844287][ T1168] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   92.933385][   T12] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   92.943001][   T12] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   93.055038][ T5861] veth0_macvtap: entered promiscuous mode
[   93.063171][ T5842] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality.
[   93.088651][   T49] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   93.092470][ T5852] veth0_macvtap: entered promiscuous mode
[   93.107021][   T49] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   93.123532][ T5861] veth1_macvtap: entered promiscuous mode
[   93.163180][ T5852] veth1_macvtap: entered promiscuous mode
[   93.227808][   T49] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   93.241335][   T35] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   93.254053][   T49] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   93.267501][   T35] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   93.786422][ T5958] =======================================================
[   93.786422][ T5958] WARNING: The mand mount option has been deprecated and
[   93.786422][ T5958]          and is ignored by this kernel. Remove the mand
[   93.786422][ T5958]          option from the mount to silence this warning.
[   93.786422][ T5958] =======================================================
[   93.850657][ T5958] overlayfs: "xino" feature enabled using 3 upper inode bits.
[   94.886728][   T51] Bluetooth: hci0: command tx timeout
[   94.892349][   T51] Bluetooth: hci1: command tx timeout
[   94.897935][ T5843] Bluetooth: hci2: command tx timeout
[   94.897974][ T5161] Bluetooth: hci3: command tx timeout
[   94.904188][   T51] Bluetooth: hci4: command tx timeout
[   94.972344][ T5861] batman_adv: batadv0: Interface activated: batadv_slave_0
[   95.004386][ T5852] batman_adv: batadv0: Interface activated: batadv_slave_0
[   95.023027][ T5861] batman_adv: batadv0: Interface activated: batadv_slave_1
[   95.035451][   T35] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   95.044337][   T35] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   95.061554][ T5852] batman_adv: batadv0: Interface activated: batadv_slave_1
[   95.092416][   T12] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   95.147008][   T12] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   95.163985][   T12] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   95.209713][   T12] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   95.219225][   T12] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   95.451003][   T12] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   95.478626][   T12] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   96.126217][   T12] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   96.646828][   T12] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   96.663277][ T5971] IPVS: set_ctl: invalid protocol: 1 0.0.0.0:0
[   96.688056][   T12] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   96.848126][   T12] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   96.885845][   T12] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   97.082876][   T12] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   97.106440][   T12] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   97.137750][   T81] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   97.165490][   T81] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   97.328078][   T43] usb 5-1: new high-speed USB device number 2 using dummy_hcd
[   97.471158][ T5983] loop2: detected capacity change from 0 to 128
[   98.280877][ T5982] syz.2.9: attempt to access beyond end of device
[   98.280877][ T5982] loop2: rw=1, sector=145, nr_sectors = 896 limit=128
[   98.309824][   T43] usb 5-1: Using ep0 maxpacket: 8
[   98.370924][   T43] usb 5-1: config index 0 descriptor too short (expected 30, got 18)
[   98.410787][   T43] usb 5-1: New USB device found, idVendor=1660, idProduct=0932, bcdDevice=80.ea
[   98.486283][   T43] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[   98.516998][   T43] usb 5-1: Product: syz
[   98.539254][   T43] usb 5-1: Manufacturer: syz
[   98.547629][   T43] usb 5-1: SerialNumber: syz
[   98.638195][   T43] usb 5-1: config 0 descriptor??
[   98.694859][   T43] dvb-usb: found a 'Medion MD95700 (MDUSBTV-HYBRID)' in warm state.
[   98.725417][   T43] usb 5-1: setting power ON
[   98.742236][   T43] dvb-usb: bulk message failed: -22 (2/0)
[   98.956413][ T5986] loop1: detected capacity change from 0 to 32768
[   98.984895][ T5986] BTRFS: device fsid 24c7a497-3402-47dd-bef8-82358f5f30e0 devid 1 transid 8 /dev/loop1 (7:1) scanned by syz.1.2 (5986)
[   99.010234][ T5986] BTRFS info (device loop1): first mount of filesystem 24c7a497-3402-47dd-bef8-82358f5f30e0
[   99.021448][ T5986] BTRFS info (device loop1): using crc32c checksum algorithm
[   99.029109][ T5986] BTRFS warning (device loop1): space cache v1 is being deprecated and will be removed in a future release, please use -o space_cache=v2
[   99.083597][   T43] dvb-usb: will pass the complete MPEG2 transport stream to the software demuxer.
[   99.715674][   T43] dvbdev: DVB: registering new adapter (Medion MD95700 (MDUSBTV-HYBRID))
[   99.797749][   T43] usb 5-1: media controller created
[   99.967288][ T6004] Zero length message leads to an empty skb
[  100.435188][ T5986] BTRFS info (device loop1): rebuilding free space tree
[  100.903694][ T5986] BTRFS info (device loop1): disabling free space tree
[  100.912035][ T5986] BTRFS info (device loop1): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1)
[  100.922127][ T5986] BTRFS info (device loop1): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2)
[  100.942826][ T5986] BTRFS info (device loop1): enabling ssd optimizations
[  100.949966][ T5986] BTRFS info (device loop1): turning on async discard
[  100.956862][ T5986] BTRFS info (device loop1): enabling disk space caching
[  100.964593][ T5986] BTRFS info (device loop1): force clearing of disk cache
[  100.971811][ T5986] BTRFS info (device loop1): use zstd compression, level 3
[  100.974892][   T43] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered.
[  102.970177][ T6004] loop0: detected capacity change from 0 to 512
[  103.695366][ T6048] loop2: detected capacity change from 0 to 256
[  103.725570][   T43] usb 5-1: selecting invalid altsetting 6
[  103.895743][ T5861] BTRFS info (device loop1): last unmount of filesystem 24c7a497-3402-47dd-bef8-82358f5f30e0
[  103.923794][   T43] usb 5-1: digital interface selection failed (-22)
[  104.070710][   T43] dvb-usb: no frontend was attached by 'Medion MD95700 (MDUSBTV-HYBRID)'
[  104.212205][   T43] usb 5-1: setting power OFF
[  104.221364][ T6048] exFAT-fs (loop2): failed to load upcase table (idx : 0x00010000, chksum : 0x905a013b, utbl_chksum : 0xe619d30d)
[  104.352705][   T43] dvb-usb: bulk message failed: -22 (2/0)
[  104.386906][ T6062] loop3: detected capacity change from 0 to 1024
[  104.626400][   T43] dvb-usb: Medion MD95700 (MDUSBTV-HYBRID) successfully initialized and connected.
[  105.075366][   T43] (NULL device *): no alternate interface
[  106.859140][ T6065] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  108.981700][   T12] hfsplus: b-tree write err: -5, ino 3
[  109.014646][   T43] dvb-usb: Medion MD95700 (MDUSBTV-HYBRID) successfully deinitialized and disconnected.
[  109.070050][   T43] usb 5-1: USB disconnect, device number 2
[  110.327968][    T0] NOHZ tick-stop error: local softirq work is pending, handler #140!!!
[  110.889295][ T6088] loop3: detected capacity change from 0 to 128
[  110.926374][ T6089] loop2: detected capacity change from 0 to 8
[  111.204927][ T6093] sd 0:0:1:0: device reset
[  116.916106][ T6124] fuse: Bad value for 'fd'
[  117.193860][ T6126] xt_CT: You must specify a L4 protocol and not use inversions on it
[  120.773951][   T51] sysfs: cannot create duplicate filename '/devices/virtual/bluetooth/hci4/hci4:201'
[  120.792103][   T51] CPU: 1 UID: 0 PID: 51 Comm: kworker/u9:0 Not tainted syzkaller #0 PREEMPT(full) 
[  120.792131][   T51] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026
[  120.792144][   T51] Workqueue: hci4 hci_rx_work
[  120.792173][   T51] Call Trace:
[  120.792182][   T51]  <TASK>
[  120.792192][   T51]  dump_stack_lvl+0xe8/0x150
[  120.792228][   T51]  sysfs_create_dir_ns+0x271/0x2a0
[  120.792261][   T51]  ? __pfx_sysfs_create_dir_ns+0x10/0x10
[  120.792294][   T51]  ? do_raw_spin_unlock+0xf5/0x210
[  120.792333][   T51]  kobject_add_internal+0x62b/0xd00
[  120.792362][   T51]  kobject_add+0x163/0x240
[  120.792400][   T51]  ? __pfx_kobject_add+0x10/0x10
[  120.792432][   T51]  ? _raw_spin_unlock+0x28/0x50
[  120.792461][   T51]  ? get_device_parent+0x366/0x3a0
[  120.792497][   T51]  device_add+0x408/0xb70
[  120.792533][   T51]  hci_conn_add_sysfs+0xd5/0x210
[  120.792559][   T51]  le_conn_complete_evt+0x10e6/0x16b0
[  120.792598][   T51]  ? __pfx_le_conn_complete_evt+0x10/0x10
[  120.792624][   T51]  ? lockdep_hardirqs_on+0x7a/0x110
[  120.792651][   T51]  ? irqentry_exit+0x61a/0x700
[  120.792676][   T51]  ? rcu_is_watching+0x15/0xb0
[  120.792699][   T51]  ? skb_pull_data+0xfb/0x200
[  120.792736][   T51]  hci_le_conn_complete_evt+0x187/0x470
[  120.792772][   T51]  hci_event_packet+0x659/0xef0
[  120.792803][   T51]  ? __pfx_hci_le_meta_evt+0x10/0x10
[  120.792826][   T51]  ? __pfx_hci_event_packet+0x10/0x10
[  120.792854][   T51]  ? kcov_remote_start+0x49a/0x7a0
[  120.792882][   T51]  ? hci_send_to_monitor+0xe2/0x590
[  120.792915][   T51]  hci_rx_work+0x3ee/0x1040
[  120.792940][   T51]  ? preempt_schedule_thunk+0x16/0x30
[  120.792969][   T51]  ? process_scheduled_works+0xa70/0x1860
[  120.793000][   T51]  process_scheduled_works+0xb5d/0x1860
[  120.793067][   T51]  ? __pfx_process_scheduled_works+0x10/0x10
[  120.793096][   T51]  ? assign_work+0x3d5/0x5e0
[  120.793123][   T51]  worker_thread+0xa53/0xfc0
[  120.793164][   T51]  kthread+0x388/0x470
[  120.793187][   T51]  ? __pfx_worker_thread+0x10/0x10
[  120.793214][   T51]  ? __pfx_kthread+0x10/0x10
[  120.793240][   T51]  ret_from_fork+0x514/0xb70
[  120.793274][   T51]  ? __pfx_ret_from_fork+0x10/0x10
[  120.793302][   T51]  ? __switch_to+0xc79/0x1410
[  120.793340][   T51]  ? __pfx_kthread+0x10/0x10
[  120.793372][   T51]  ret_from_fork_asm+0x1a/0x30
[  120.793411][   T51]  </TASK>
[  120.794401][   T51] kobject: kobject_add_internal failed for hci4:201 with -EEXIST, don't try to register things with the same name in the same directory.
[  121.076852][   T51] Bluetooth: hci4: failed to register connection device
[  121.245249][ T6160] netlink: 20 bytes leftover after parsing attributes in process `syz.1.34'.
[  124.499003][ T6179] loop0: detected capacity change from 0 to 40427
[  124.563711][ T6179] F2FS-fs (loop0): invalid crc value
[  124.655740][ T6179] F2FS-fs (loop0): f2fs_recover_fsync_data: recovery fsync data, check_only: 0
[  124.672487][ T6179] F2FS-fs (loop0): Start checkpoint disabled!
[  124.693673][ T6179] F2FS-fs (loop0): f2fs_disable_checkpoint() finish, err:0
[  124.702301][ T6179] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e6
[  124.741253][   T29] audit: type=1800 audit(1775013158.266:2): pid=6179 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.38" name="file1" dev="loop0" ino=10 res=0 errno=0
[  125.080003][ T6184] syz.0.38: attempt to access beyond end of device
[  125.080003][ T6184] loop0: rw=10241, sector=45096, nr_sectors = 8 limit=40427
[  125.102942][ T6184] syz.0.38: attempt to access beyond end of device
[  125.102942][ T6184] loop0: rw=2049, sector=45104, nr_sectors = 8 limit=40427
[  125.121989][ T6184] syz.0.38: attempt to access beyond end of device
[  125.121989][ T6184] loop0: rw=2049, sector=45112, nr_sectors = 8 limit=40427
[  125.141307][ T6184] syz.0.38: attempt to access beyond end of device
[  125.141307][ T6184] loop0: rw=2049, sector=45120, nr_sectors = 8 limit=40427
[  125.159050][ T6184] syz.0.38: attempt to access beyond end of device
[  125.159050][ T6184] loop0: rw=2049, sector=45128, nr_sectors = 8 limit=40427
[  125.178716][ T6184] syz.0.38: attempt to access beyond end of device
[  125.178716][ T6184] loop0: rw=2049, sector=45136, nr_sectors = 16 limit=40427
[  125.197749][ T6184] syz.0.38: attempt to access beyond end of device
[  125.197749][ T6184] loop0: rw=2049, sector=45152, nr_sectors = 8 limit=40427
[  125.214961][ T6184] syz.0.38: attempt to access beyond end of device
[  125.214961][ T6184] loop0: rw=2049, sector=45160, nr_sectors = 8 limit=40427
[  125.231629][ T6184] syz.0.38: attempt to access beyond end of device
[  125.231629][ T6184] loop0: rw=2049, sector=45168, nr_sectors = 8 limit=40427
[  125.249921][ T6184] syz.0.38: attempt to access beyond end of device
[  125.249921][ T6184] loop0: rw=2049, sector=45176, nr_sectors = 8 limit=40427
[  125.733832][ T6049] CPU: 1 UID: 0 PID: 6049 Comm: kworker/u8:15 Not tainted syzkaller #0 PREEMPT(full) 
[  125.733881][ T6049] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026
[  125.733894][ T6049] Workqueue: writeback wb_workfn (flush-7:0)
[  125.733928][ T6049] Call Trace:
[  125.733936][ T6049]  <TASK>
[  125.733945][ T6049]  dump_stack_lvl+0xe8/0x150
[  125.733978][ T6049]  f2fs_stop_checkpoint+0x3c7/0x590
[  125.734015][ T6049]  f2fs_write_end_io+0x12e5/0x17a0
[  125.734061][ T6049]  __submit_merged_bio+0x256/0x6a0
[  125.734097][ T6049]  __submit_merged_write_cond+0x3c9/0x4e0
[  125.734138][ T6049]  ? __pfx___submit_merged_write_cond+0x10/0x10
[  125.734196][ T6049]  f2fs_write_data_pages+0x287e/0x34f0
[  125.734217][ T6049]  ? rcu_is_watching+0x15/0xb0
[  125.734288][ T6049]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[  125.734325][ T6049]  ? __pfx_f2fs_available_free_memory+0x10/0x10
[  125.734393][ T6049]  ? __pfx_f2fs_balance_fs_bg+0x10/0x10
[  125.734437][ T6049]  ? __lock_acquire+0x6b5/0x2cf0
[  125.734487][ T6049]  ? __lock_acquire+0x6b5/0x2cf0
[  125.734517][ T6049]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[  125.734541][ T6049]  do_writepages+0x32e/0x550
[  125.734576][ T6049]  ? reacquire_held_locks+0x104/0x190
[  125.734596][ T6049]  ? writeback_sb_inodes+0x463/0x19d0
[  125.734630][ T6049]  __writeback_single_inode+0x133/0x10e0
[  125.734659][ T6049]  ? do_raw_spin_unlock+0xf5/0x210
[  125.734689][ T6049]  writeback_sb_inodes+0x979/0x19d0
[  125.734713][ T6049]  ? __lock_acquire+0x6b5/0x2cf0
[  125.734775][ T6049]  ? __pfx_writeback_sb_inodes+0x10/0x10
[  125.734797][ T6049]  ? do_raw_spin_lock+0x12b/0x2f0
[  125.734863][ T6049]  ? rcu_is_watching+0x15/0xb0
[  125.734894][ T6049]  wb_writeback+0x445/0xb00
[  125.734923][ T6049]  ? queue_io+0x291/0x470
[  125.734958][ T6049]  ? __pfx_wb_writeback+0x10/0x10
[  125.734979][ T6049]  ? do_raw_spin_lock+0x12b/0x2f0
[  125.735021][ T6049]  wb_workfn+0x3f8/0xf10
[  125.735038][ T6049]  ? __lock_acquire+0x6b5/0x2cf0
[  125.735061][ T6049]  ? look_up_lock_class+0x57/0x110
[  125.735109][ T6049]  ? __pfx_wb_workfn+0x10/0x10
[  125.735134][ T6049]  ? do_raw_spin_lock+0x12b/0x2f0
[  125.735154][ T6049]  ? lock_acquire+0x106/0x350
[  125.735184][ T6049]  ? __pfx_do_raw_spin_lock+0x10/0x10
[  125.735211][ T6049]  ? process_scheduled_works+0xa70/0x1860
[  125.735242][ T6049]  ? process_scheduled_works+0xa70/0x1860
[  125.735291][ T6049]  ? process_scheduled_works+0xa70/0x1860
[  125.735328][ T6049]  ? process_scheduled_works+0xa70/0x1860
[  125.735358][ T6049]  process_scheduled_works+0xb5d/0x1860
[  125.735425][ T6049]  ? __pfx_process_scheduled_works+0x10/0x10
[  125.735461][ T6049]  ? assign_work+0x3d5/0x5e0
[  125.735491][ T6049]  worker_thread+0xa53/0xfc0
[  125.735540][ T6049]  kthread+0x388/0x470
[  125.735560][ T6049]  ? __pfx_worker_thread+0x10/0x10
[  125.735585][ T6049]  ? __pfx_kthread+0x10/0x10
[  125.735609][ T6049]  ret_from_fork+0x514/0xb70
[  125.735642][ T6049]  ? __pfx_ret_from_fork+0x10/0x10
[  125.735670][ T6049]  ? __switch_to+0xc79/0x1410
[  125.735700][ T6049]  ? __pfx_kthread+0x10/0x10
[  125.735726][ T6049]  ret_from_fork_asm+0x1a/0x30
[  125.735776][ T6049]  </TASK>
[  126.043260][ T6049] F2FS-fs (loop0): Stopped filesystem due to reason: 3
[  126.352314][ T6189] xt_connbytes: Forcing CT accounting to be enabled
[  126.365697][ T6189] x_tables: ip_tables: sctp match: only valid for protocol 132
[  126.483329][ T6190] loop1: detected capacity change from 0 to 1024
[  126.527696][ T5848] udevd[5848]: inotify_add_watch(7, /dev/nbd64, 10) failed: No such file or directory
[  127.685980][   T35] hfsplus: b-tree write err: -5, ino 25
[  127.717662][   T35] hfsplus: b-tree write err: -5, ino 4
[  127.748950][   T35] hfsplus: b-tree write err: -5, ino 2
[  133.052033][ T1318] ieee802154 phy0 wpan0: encryption failed: -22
[  133.319764][ T1318] ieee802154 phy1 wpan1: encryption failed: -22
[  134.404373][ T5914] usb 4-1: new high-speed USB device number 2 using dummy_hcd
[  135.360593][ T5914] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  135.376958][ T5914] usb 4-1: New USB device found, idVendor=1e7d, idProduct=2cf6, bcdDevice= 0.00
[  135.386846][ T5914] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  135.485447][ T5914] usb 4-1: config 0 descriptor??
[  136.756873][ T5914] usb 4-1: can't set config #0, error -71
[  136.825092][ T5914] usb 4-1: USB disconnect, device number 2
[  137.004602][ T6249] loop4: detected capacity change from 0 to 1024
[  137.326239][ T6257] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  139.149758][ T6057] hfsplus: b-tree write err: -5, ino 25
[  139.157509][ T6057] hfsplus: b-tree write err: -5, ino 4
[  139.164634][ T6057] hfsplus: b-tree write err: -5, ino 2
[  139.997619][ T6268] loop0: detected capacity change from 0 to 1024
[  140.194043][ T6268] EXT4-fs (loop0): ext4_check_descriptors: Inode bitmap for group 0 overlaps superblock
[  140.250273][ T6268] EXT4-fs (loop0): ext4_check_descriptors: Checksum for group 0 failed (42152!=20869)
[  140.282420][ T6268] EXT4-fs (loop0): stripe (2) is not aligned with cluster size (16), stripe is disabled
[  140.316473][ T6268] EXT4-fs error (device loop0): ext4_get_journal_inode:5888: inode #5: comm syz.0.58: unexpected bad inode w/o EXT4_IGET_BAD
[  140.357744][ T6268] loop0: lost file I/O error report for ino 5 type 5 pos 0x0 len 0x0 error -117
[  140.360592][ T6268] EXT4-fs (loop0): no journal found
[  140.370267][    C0] EXT4-fs (loop0): error count since last fsck: 1
[  140.370367][    C0] EXT4-fs (loop0): initial error at time 1775013173: ext4_get_journal_inode:5888: inode 5
[  140.370400][    C0] EXT4-fs (loop0): last error at time 1775013173: ext4_get_journal_inode:5888: inode 5
[  140.425806][ T6268] EXT4-fs (loop0): can't get journal size
[  140.470648][ T6268] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback.
[  142.823531][ T5852] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  143.607833][    T0] NOHZ tick-stop error: local softirq work is pending, handler #142!!!
[  144.017493][    T0] NOHZ tick-stop error: local softirq work is pending, handler #142!!!
[  144.217625][   T29] audit: type=1800 audit(1775013177.716:3): pid=6299 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.2.67" name="bus" dev="overlay" ino=121 res=0 errno=0
[  146.966746][ T6321] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  148.084838][ T6326] binder: 6324:6326 ioctl c0306201 0 returned -14
[  151.497466][ T5161] Bluetooth: hci5: Opcode 0x1003 failed: -110
[  153.573330][ T6354] md: async del_gendisk mode will be removed in future, please upgrade to mdadm-4.5+
[  153.583746][ T6354] block device autoloading is deprecated and will be removed.
[  154.060514][ T6359] loop0: detected capacity change from 0 to 32768
[  154.537241][ T6359] JBD2: Ignoring recovery information on journal
[  154.589852][ T6359] ocfs2: Mounting device (7,0) on (node local, slot 0) with ordered data mode.
[  154.618837][ T6363] loop3: detected capacity change from 0 to 1024
[  155.158291][ T6367] loop2: detected capacity change from 0 to 4096
[  155.170949][ T6367] ntfs3(loop2): Different NTFS sector size (4096) and media sector size (512).
[  155.204165][ T6363] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  155.701904][ T6375] loop4: detected capacity change from 0 to 16
[  156.142552][ T6375] erofs (device loop4): mounted with root inode @ nid 36.
[  156.313303][ T6367] ntfs3(loop2): Mark volume as dirty due to NTFS errors
[  156.393653][ T6372] process 'syz.4.84' launched '/dev/fd/9' with NULL argv: empty string added
[  156.431803][ T6367] ntfs3(loop2): ino=19, mi_enum_attr
[  156.872020][ T5852] ocfs2: Unmounting device (7,0) on (node local)
[  157.365010][ T6383] netlink: 76 bytes leftover after parsing attributes in process `syz.4.87'.
[  158.170282][ T5849] EXT4-fs warning (device loop3): empty_inline_dir:1767: bad inline directory (dir #12) - no `..'
[  158.191310][ T6385] capability: warning: `syz.2.89' uses 32-bit capabilities (legacy support in use)
[  158.227372][ T5849] EXT4-fs warning (device loop3): empty_inline_dir:1767: bad inline directory (dir #12) - no `..'
[  158.239315][ T5849] EXT4-fs warning (device loop3): empty_inline_dir:1767: bad inline directory (dir #12) - no `..'
[  158.252095][ T5849] EXT4-fs warning (device loop3): empty_inline_dir:1767: bad inline directory (dir #12) - no `..'
[  158.263525][ T5849] EXT4-fs warning (device loop3): empty_inline_dir:1767: bad inline directory (dir #12) - no `..'
[  158.274966][ T5849] EXT4-fs warning (device loop3): empty_inline_dir:1767: bad inline directory (dir #12) - no `..'
[  158.286377][ T5849] EXT4-fs warning (device loop3): empty_inline_dir:1767: bad inline directory (dir #12) - no `..'
[  158.316864][ T5849] EXT4-fs warning (device loop3): empty_inline_dir:1767: bad inline directory (dir #12) - no `..'
[  158.384704][ T5849] EXT4-fs warning (device loop3): empty_inline_dir:1767: bad inline directory (dir #12) - no `..'
[  158.396664][ T5849] EXT4-fs warning (device loop3): empty_inline_dir:1767: bad inline directory (dir #12) - no `..'
[  161.351166][ T5849] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  162.236378][ T6039] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  162.429452][ T6039] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  162.636931][ T6039] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  164.342168][ T5161] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1
[  164.353101][ T5161] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9
[  164.364152][ T5161] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9
[  164.372612][ T5161] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4
[  164.382214][ T5161] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2
[  164.654529][ T6039] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  164.971852][ T6448] tipc: Started in network mode
[  165.177509][ T6448] tipc: Node identity 52b205c05ef5, cluster identity 4711
[  165.204928][ T6448] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  165.233266][ T6451] syzkaller0: entered promiscuous mode
[  165.253621][ T6451] syzkaller0: entered allmulticast mode
[  165.631537][ T6460] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  166.284304][ T6444] tipc: Resetting bearer <eth:syzkaller0>
[  166.429281][ T6438] tipc: Resetting bearer <eth:syzkaller0>
[  166.478104][   T51] Bluetooth: hci1: command tx timeout
[  166.492817][ T6438] tipc: Disabling bearer <eth:syzkaller0>
[  167.048587][ T5922] tipc: Node number set to 205981120
[  168.557526][   T51] Bluetooth: hci1: command tx timeout
[  169.762932][ T6479] loop1: detected capacity change from 0 to 2048
[  169.804313][ T6479] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000)
[  169.885703][ T6039] bridge_slave_1: left allmulticast mode
[  169.899540][ T6039] bridge_slave_1: left promiscuous mode
[  169.912420][ T6039] bridge0: port 2(bridge_slave_1) entered disabled state
[  170.097294][ T6039] bridge_slave_0: left allmulticast mode
[  170.103095][ T6039] bridge_slave_0: left promiscuous mode
[  170.110811][ T6039] bridge0: port 1(bridge_slave_0) entered disabled state
[  170.797893][   T51] Bluetooth: hci1: command tx timeout
[  172.927780][   T51] Bluetooth: hci1: command tx timeout
[  173.108510][ T6511] kvm_intel: L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/l1tf.html for details.
[  173.118083][ T6039] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  173.200348][ T6039] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  173.770105][ T6039] bond0 (unregistering): Released all slaves
[  174.075175][ T6432] chnl_net:caif_netlink_parms(): no params data found
[  178.145814][ T6552] overlayfs: failed to resolve './file0': -2
[  178.676643][ T6432] bridge0: port 1(bridge_slave_0) entered blocking state
[  178.702278][ T6432] bridge0: port 1(bridge_slave_0) entered disabled state
[  178.723355][ T6432] bridge_slave_0: entered allmulticast mode
[  178.808863][ T5161] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1
[  178.828185][ T5161] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9
[  178.852304][ T5161] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9
[  178.877757][ T6432] bridge_slave_0: entered promiscuous mode
[  178.899554][ T5161] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4
[  178.914590][ T5161] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2
[  179.290349][ T6432] bridge0: port 2(bridge_slave_1) entered blocking state
[  179.302904][ T6432] bridge0: port 2(bridge_slave_1) entered disabled state
[  179.319515][ T6432] bridge_slave_1: entered allmulticast mode
[  179.338057][ T6432] bridge_slave_1: entered promiscuous mode
[  180.383455][ T6432] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  180.396654][ T6432] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  180.872007][ T6587] capability: warning: `syz.0.136' uses deprecated v2 capabilities in a way that may be insecure
[  181.765358][   T51] Bluetooth: hci4: command tx timeout
[  181.964384][ T6039] hsr_slave_0: left promiscuous mode
[  182.003868][ T6039] hsr_slave_1: left promiscuous mode
[  182.106539][ T6590] overlayfs: failed to clone lowerpath
[  182.124883][ T6039] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  182.162405][ T6039] batman_adv: batadv0: Removing interface: batadv_slave_0
[  182.204388][ T6039] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  182.236139][ T6039] batman_adv: batadv0: Removing interface: batadv_slave_1
[  182.398505][ T6039] veth1_macvtap: left promiscuous mode
[  182.455287][ T6039] veth0_macvtap: left promiscuous mode
[  182.474088][ T6039] veth1_vlan: left promiscuous mode
[  182.483164][ T6039] veth0_vlan: left promiscuous mode
[  184.003165][   T51] Bluetooth: hci4: command tx timeout
[  184.866047][ T6613] loop4: detected capacity change from 0 to 512
[  184.885533][ T6613] EXT4-fs: Ignoring removed i_version option
[  184.892466][ T6613] EXT4-fs: Ignoring removed bh option
[  185.095998][ T6613] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  185.137928][ T6613] ext4 filesystem being mounted at /24/bus supports timestamps until 2038-01-19 (0x7fffffff)
[  185.380239][ T6618] loop2: detected capacity change from 0 to 32768
[  185.443634][ T6618] BTRFS: device fsid 24c7a497-3402-47dd-bef8-82358f5f30e0 devid 1 transid 8 /dev/loop2 (7:2) scanned by syz.2.145 (6618)
[  185.485600][ T6618] BTRFS info (device loop2): first mount of filesystem 24c7a497-3402-47dd-bef8-82358f5f30e0
[  185.506450][ T6618] BTRFS info (device loop2): using crc32c checksum algorithm
[  185.515566][ T6618] BTRFS warning (device loop2): space cache v1 is being deprecated and will be removed in a future release, please use -o space_cache=v2
[  186.437568][ T5842] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  186.459803][ T6618] BTRFS info (device loop2): rebuilding free space tree
[  186.477526][ T5161] Bluetooth: hci4: command tx timeout
[  186.519592][ T6618] BTRFS info (device loop2): disabling free space tree
[  186.528535][ T6618] BTRFS info (device loop2): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1)
[  186.539958][ T6618] BTRFS info (device loop2): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2)
[  186.562316][ T6039] team0 (unregistering): Port device team_slave_1 removed
[  186.564015][ T6618] BTRFS info (device loop2): enabling ssd optimizations
[  186.580990][ T6618] BTRFS info (device loop2): turning on async discard
[  186.589795][ T6618] BTRFS info (device loop2): enabling disk space caching
[  186.597821][ T6618] BTRFS info (device loop2): force clearing of disk cache
[  186.606987][ T6618] BTRFS info (device loop2): use zstd compression, level 3
[  186.686363][ T6039] team0 (unregistering): Port device team_slave_0 removed
[  188.567269][ T5161] Bluetooth: hci4: command tx timeout
[  188.801718][ T5850] BTRFS info (device loop2): last unmount of filesystem 24c7a497-3402-47dd-bef8-82358f5f30e0
[  188.849084][ T6644] loop4: detected capacity change from 0 to 4096
[  189.012865][ T6432] team0: Port device team_slave_0 added
[  189.066395][ T6432] team0: Port device team_slave_1 added
[  189.194317][ T6610] faux_driver regulatory: loading /lib/firmware/regulatory.db failed with error -4
[  189.206459][ T6610] faux_driver regulatory: Direct firmware load for regulatory.db failed with error -4
[  189.217303][ T6610] faux_driver regulatory: Falling back to sysfs fallback for: regulatory.db
[  189.310008][   T29] audit: type=1800 audit(1775013222.716:4): pid=6610 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.0.143" name="regulatory.db" dev="sda1" ino=448 res=0 errno=0
[  189.434462][ T6432] batman_adv: batadv0: Adding interface: batadv_slave_0
[  189.442743][ T6432] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  189.485021][ T6432] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  189.554342][ T6432] batman_adv: batadv0: Adding interface: batadv_slave_1
[  189.580024][ T6432] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  189.648292][ T6432] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  192.657199][    T0] NOHZ tick-stop error: local softirq work is pending, handler #142!!!
[  193.067529][    T0] NOHZ tick-stop error: local softirq work is pending, handler #40!!!
[  193.924129][ T6432] hsr_slave_0: entered promiscuous mode
[  193.948832][ T6432] hsr_slave_1: entered promiscuous mode
[  194.163719][ T6432] debugfs: 'hsr0' already exists in 'hsr'
[  194.534016][ T1318] ieee802154 phy0 wpan0: encryption failed: -22
[  194.730783][ T1318] ieee802154 phy1 wpan1: encryption failed: -22
[  194.755511][ T6432] Cannot create hsr debugfs directory
[  194.806356][ T6677] tipc: Started in network mode
[  194.813481][ T6677] tipc: Node identity 4004, cluster identity 4711
[  194.820514][ T6677] tipc: Node number set to 16388
[  195.300813][ T6684] loop4: detected capacity change from 0 to 32768
[  195.330733][ T6684] BTRFS: device fsid ed167579-eb65-4e76-9a50-61ac97e9b59d devid 1 transid 8 /dev/loop4 (7:4) scanned by syz.4.156 (6684)
[  195.360496][ T6684] BTRFS info (device loop4): first mount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d
[  195.371818][ T6684] BTRFS info (device loop4): using sha256 checksum algorithm
[  195.464216][ T6684] BTRFS info (device loop4): enabling ssd optimizations
[  195.472478][ T6684] BTRFS info (device loop4): turning on async discard
[  195.480758][ T6684] BTRFS info (device loop4): enabling free space tree
[  196.628477][ T6555] chnl_net:caif_netlink_parms(): no params data found
[  196.880317][ T5842] BTRFS info (device loop4): last unmount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d
[  197.296119][ T6716] loop4: detected capacity change from 0 to 8
[  198.364529][ T6039] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  200.008603][ T6039] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  200.116031][ T6737] netlink: 'syz.0.160': attribute type 17 has an invalid length.
[  200.258552][ T6737] netlink: 8 bytes leftover after parsing attributes in process `syz.0.160'.
[  201.442342][ T6039] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  201.476820][ T6737] bond0: option all_slaves_active: invalid value (255)
[  201.487490][ T6555] bridge0: port 1(bridge_slave_0) entered blocking state
[  201.498398][ T6555] bridge0: port 1(bridge_slave_0) entered disabled state
[  201.506959][ T6555] bridge_slave_0: entered allmulticast mode
[  201.545820][ T6555] bridge_slave_0: entered promiscuous mode
[  201.630834][ T6746] loop4: detected capacity change from 0 to 512
[  201.735372][ T6555] bridge0: port 2(bridge_slave_1) entered blocking state
[  201.857847][ T6555] bridge0: port 2(bridge_slave_1) entered disabled state
[  201.985231][ T6555] bridge_slave_1: entered allmulticast mode
[  202.039142][ T6746] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  202.184828][ T6555] bridge_slave_1: entered promiscuous mode
[  202.722904][ T6039] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  202.887678][ T6759] tipc: Started in network mode
[  202.936832][ T6759] tipc: Node identity 1a8b22430644, cluster identity 4711
[  202.961225][ T6759] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  202.965399][ T5842] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  203.028148][ T6760] syzkaller0: entered promiscuous mode
[  203.034649][ T6760] syzkaller0: entered allmulticast mode
[  203.057864][ T6555] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  203.246930][ T6555] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  203.280041][ T6754] tipc: Resetting bearer <eth:syzkaller0>
[  203.356206][ T6555] team0: Port device team_slave_0 added
[  203.385492][ T6753] tipc: Resetting bearer <eth:syzkaller0>
[  203.431094][ T6753] tipc: Disabling bearer <eth:syzkaller0>
[  204.216067][ T6555] team0: Port device team_slave_1 added
[  204.295180][ T6432] netdevsim netdevsim5 netdevsim0: renamed from eth0
[  204.776387][ T6780] loop2: detected capacity change from 0 to 40427
[  204.796249][ T6780] F2FS-fs (loop2): invalid crc value
[  204.857938][ T6780] F2FS-fs (loop2): f2fs_recover_fsync_data: recovery fsync data, check_only: 0
[  204.870010][ T6780] F2FS-fs (loop2): Start checkpoint disabled!
[  204.886222][ T6780] F2FS-fs (loop2): f2fs_disable_checkpoint() finish, err:0
[  204.909396][ T6780] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e6
[  204.935130][   T29] audit: type=1800 audit(1775013494.455:5): pid=6780 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.2.168" name="file1" dev="loop2" ino=10 res=0 errno=0
[  205.047667][    T0] NOHZ tick-stop error: local softirq work is pending, handler #140!!!
[  205.252899][ T6795] bio_check_eod: 176 callbacks suppressed
[  205.252924][ T6795] syz.2.168: attempt to access beyond end of device
[  205.252924][ T6795] loop2: rw=10241, sector=45096, nr_sectors = 8 limit=40427
[  205.276207][ T6795] syz.2.168: attempt to access beyond end of device
[  205.276207][ T6795] loop2: rw=2049, sector=45104, nr_sectors = 8 limit=40427
[  205.293443][ T6795] syz.2.168: attempt to access beyond end of device
[  205.293443][ T6795] loop2: rw=2049, sector=45112, nr_sectors = 8 limit=40427
[  205.310615][ T6795] syz.2.168: attempt to access beyond end of device
[  205.310615][ T6795] loop2: rw=2049, sector=45120, nr_sectors = 8 limit=40427
[  205.328472][ T6795] syz.2.168: attempt to access beyond end of device
[  205.328472][ T6795] loop2: rw=2049, sector=45128, nr_sectors = 8 limit=40427
[  205.350715][ T6795] syz.2.168: attempt to access beyond end of device
[  205.350715][ T6795] loop2: rw=2049, sector=45136, nr_sectors = 16 limit=40427
[  205.371901][ T6795] syz.2.168: attempt to access beyond end of device
[  205.371901][ T6795] loop2: rw=2049, sector=45152, nr_sectors = 8 limit=40427
[  205.391317][ T6795] syz.2.168: attempt to access beyond end of device
[  205.391317][ T6795] loop2: rw=2049, sector=45160, nr_sectors = 8 limit=40427
[  205.413907][ T6795] syz.2.168: attempt to access beyond end of device
[  205.413907][ T6795] loop2: rw=2049, sector=45168, nr_sectors = 8 limit=40427
[  205.433605][ T6795] syz.2.168: attempt to access beyond end of device
[  205.433605][ T6795] loop2: rw=2049, sector=45176, nr_sectors = 8 limit=40427
[  205.987063][ T6051] CPU: 0 UID: 0 PID: 6051 Comm: kworker/u8:16 Not tainted syzkaller #0 PREEMPT(full) 
[  205.987084][ T6051] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026
[  205.987092][ T6051] Workqueue: writeback wb_workfn (flush-7:2)
[  205.987115][ T6051] Call Trace:
[  205.987120][ T6051]  <TASK>
[  205.987126][ T6051]  dump_stack_lvl+0xe8/0x150
[  205.987164][ T6051]  f2fs_stop_checkpoint+0x3c7/0x590
[  205.987199][ T6051]  f2fs_write_end_io+0x12e5/0x17a0
[  205.987250][ T6051]  __submit_merged_bio+0x256/0x6a0
[  205.987297][ T6051]  __submit_merged_write_cond+0x3c9/0x4e0
[  205.987335][ T6051]  ? __pfx___submit_merged_write_cond+0x10/0x10
[  205.987379][ T6051]  f2fs_write_data_pages+0x287e/0x34f0
[  205.987417][ T6051]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[  205.987429][ T6051]  ? cfg80211_inform_single_bss_data+0x13b9/0x1af0
[  205.987472][ T6051]  ? __lock_acquire+0x6b5/0x2cf0
[  205.987506][ T6051]  ? unwind_next_frame+0xa6/0x2550
[  205.987537][ T6051]  ? __lock_acquire+0x6b5/0x2cf0
[  205.987552][ T6051]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[  205.987565][ T6051]  do_writepages+0x32e/0x550
[  205.987589][ T6051]  ? reacquire_held_locks+0x104/0x190
[  205.987607][ T6051]  ? writeback_sb_inodes+0x463/0x19d0
[  205.987629][ T6051]  __writeback_single_inode+0x133/0x10e0
[  205.987645][ T6051]  ? do_raw_spin_unlock+0xf5/0x210
[  205.987662][ T6051]  writeback_sb_inodes+0x979/0x19d0
[  205.987676][ T6051]  ? __lock_acquire+0x6b5/0x2cf0
[  205.987711][ T6051]  ? __pfx_writeback_sb_inodes+0x10/0x10
[  205.987724][ T6051]  ? do_raw_spin_lock+0x12b/0x2f0
[  205.987765][ T6051]  ? rcu_is_watching+0x15/0xb0
[  205.987783][ T6051]  wb_writeback+0x445/0xb00
[  205.987801][ T6051]  ? queue_io+0x291/0x470
[  205.987821][ T6051]  ? __pfx_wb_writeback+0x10/0x10
[  205.987840][ T6051]  ? do_raw_spin_lock+0x12b/0x2f0
[  205.987879][ T6051]  wb_workfn+0x3f8/0xf10
[  205.987898][ T6051]  ? __lock_acquire+0x6b5/0x2cf0
[  205.987915][ T6051]  ? look_up_lock_class+0x57/0x110
[  205.987943][ T6051]  ? __pfx_wb_workfn+0x10/0x10
[  205.987958][ T6051]  ? do_raw_spin_lock+0x12b/0x2f0
[  205.987970][ T6051]  ? lock_acquire+0x106/0x350
[  205.987988][ T6051]  ? __pfx_do_raw_spin_lock+0x10/0x10
[  205.988004][ T6051]  ? process_scheduled_works+0xa70/0x1860
[  205.988021][ T6051]  ? process_scheduled_works+0xa70/0x1860
[  205.988043][ T6051]  ? process_scheduled_works+0xa70/0x1860
[  205.988058][ T6051]  ? process_scheduled_works+0xa70/0x1860
[  205.988075][ T6051]  process_scheduled_works+0xb5d/0x1860
[  205.988114][ T6051]  ? __pfx_process_scheduled_works+0x10/0x10
[  205.988135][ T6051]  ? assign_work+0x3d5/0x5e0
[  205.988156][ T6051]  worker_thread+0xa53/0xfc0
[  205.988186][ T6051]  kthread+0x388/0x470
[  205.988200][ T6051]  ? __pfx_worker_thread+0x10/0x10
[  205.988216][ T6051]  ? __pfx_kthread+0x10/0x10
[  205.988230][ T6051]  ret_from_fork+0x514/0xb70
[  205.988249][ T6051]  ? __pfx_ret_from_fork+0x10/0x10
[  205.988274][ T6051]  ? __switch_to+0xc79/0x1410
[  205.988292][ T6051]  ? __pfx_kthread+0x10/0x10
[  205.988306][ T6051]  ret_from_fork_asm+0x1a/0x30
[  205.988330][ T6051]  </TASK>
[  206.333781][ T6555] batman_adv: batadv0: Adding interface: batadv_slave_0
[  206.341821][ T6555] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  206.373028][ T6555] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  206.723207][ T6051] F2FS-fs (loop2): Stopped filesystem due to reason: 3
[  206.816481][ T6432] netdevsim netdevsim5 netdevsim1: renamed from eth1
[  206.826089][   T10] loop2: lost filesystem error report for type 5 error -108
[  207.134448][ T6555] batman_adv: batadv0: Adding interface: batadv_slave_1
[  207.157620][ T6555] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  207.298414][ T6555] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  207.635988][ T6432] netdevsim netdevsim5 netdevsim2: renamed from eth2
[  207.925186][ T6432] netdevsim netdevsim5 netdevsim3: renamed from eth3
[  208.123678][ T6812] loop2: detected capacity change from 0 to 256
[  208.246691][ T6555] hsr_slave_0: entered promiscuous mode
[  208.275284][ T6812] FAT-fs (loop2): Directory bread(block 64) failed
[  208.290437][ T6555] hsr_slave_1: entered promiscuous mode
[  208.306218][ T6812] FAT-fs (loop2): Directory bread(block 65) failed
[  208.315604][ T6555] debugfs: 'hsr0' already exists in 'hsr'
[  208.338823][ T6812] FAT-fs (loop2): Directory bread(block 66) failed
[  208.347610][ T6555] Cannot create hsr debugfs directory
[  208.358162][ T6812] FAT-fs (loop2): Directory bread(block 67) failed
[  208.388067][ T6812] FAT-fs (loop2): Directory bread(block 68) failed
[  208.397533][ T6812] FAT-fs (loop2): Directory bread(block 69) failed
[  208.404870][ T6812] FAT-fs (loop2): Directory bread(block 70) failed
[  208.435826][ T6812] FAT-fs (loop2): Directory bread(block 71) failed
[  208.469162][ T6812] FAT-fs (loop2): Directory bread(block 72) failed
[  208.479448][ T6039] bridge_slave_1: left allmulticast mode
[  208.492198][ T6039] bridge_slave_1: left promiscuous mode
[  208.498351][ T6812] FAT-fs (loop2): Directory bread(block 73) failed
[  208.511272][ T6039] bridge0: port 2(bridge_slave_1) entered disabled state
[  208.571248][ T6039] bridge_slave_0: left allmulticast mode
[  208.595508][ T6039] bridge_slave_0: left promiscuous mode
[  208.624799][ T6039] bridge0: port 1(bridge_slave_0) entered disabled state
[  208.671011][ T6818] loop4: detected capacity change from 0 to 1024
[  208.702785][ T6818] EXT4-fs (loop4): ext4_check_descriptors: Inode bitmap for group 0 overlaps superblock
[  208.727448][ T6818] EXT4-fs (loop4): ext4_check_descriptors: Checksum for group 0 failed (42152!=20869)
[  209.266708][ T6818] EXT4-fs (loop4): stripe (2) is not aligned with cluster size (16), stripe is disabled
[  209.432332][ T6818] EXT4-fs error (device loop4): ext4_get_journal_inode:5888: inode #5: comm syz.4.172: unexpected bad inode w/o EXT4_IGET_BAD
[  209.578055][ T6825] xt_TPROXY: Can be used only with -p tcp or -p udp
[  209.994207][ T6818] loop4: lost file I/O error report for ino 5 type 5 pos 0x0 len 0x0 error -117
[  209.995539][ T6818] EXT4-fs (loop4): no journal found
[  210.011419][    C1] EXT4-fs (loop4): error count since last fsck: 1
[  210.011447][    C1] EXT4-fs (loop4): initial error at time 1775013499: ext4_get_journal_inode:5888: inode 5
[  210.011480][    C1] EXT4-fs (loop4): last error at time 1775013499: ext4_get_journal_inode:5888: inode 5
[  210.068489][ T6818] EXT4-fs (loop4): can't get journal size
[  210.099414][ T6818] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback.
[  210.197958][   T43] usb 3-1: new high-speed USB device number 2 using dummy_hcd
[  210.369734][   T43] usb 3-1: New USB device found, idVendor=0c72, idProduct=0012, bcdDevice=22.96
[  210.403487][   T43] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  210.426118][   T43] usb 3-1: Product: syz
[  210.446980][   T43] usb 3-1: Manufacturer: syz
[  210.475541][   T43] usb 3-1: SerialNumber: syz
[  210.572275][   T43] usb 3-1: config 0 descriptor??
[  210.665173][ T6039] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  210.676319][ T6039] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  210.688741][ T6039] bond0 (unregistering): Released all slaves
[  210.927970][ T5842] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  211.026376][ T6432] 8021q: adding VLAN 0 to HW filter on device bond0
[  211.243080][ T6039] tipc: Left network mode
[  211.343625][ T6832] netlink: 8 bytes leftover after parsing attributes in process `syz.0.174'.
[  211.354115][ T6832] netlink: 'syz.0.174': attribute type 30 has an invalid length.
[  211.362807][ T6832] netlink: 12 bytes leftover after parsing attributes in process `syz.0.174'.
[  211.997417][ T5161] Bluetooth: hci0: command 0x0406 tx timeout
[  212.007014][ T5853] Bluetooth: hci3: command 0x0406 tx timeout
[  212.014305][   T51] Bluetooth: hci2: command 0x0406 tx timeout
[  212.256775][ T6432] 8021q: adding VLAN 0 to HW filter on device team0
[  212.328275][   T43] peak_usb 3-1:0.0 can0: unable to request usb[type=0 value=1] err=-71
[  212.344766][   T43] peak_usb 3-1:0.0: unable to read PCAN-USB FD firmware info (err -71)
[  212.623630][   T43] peak_usb 3-1:0.0: probe with driver peak_usb failed with error -71
[  212.663810][   T43] usb 3-1: USB disconnect, device number 2
[  212.764978][ T6051] bridge0: port 1(bridge_slave_0) entered blocking state
[  212.772373][ T6051] bridge0: port 1(bridge_slave_0) entered forwarding state
[  213.040647][ T6051] bridge0: port 2(bridge_slave_1) entered blocking state
[  213.048356][ T6051] bridge0: port 2(bridge_slave_1) entered forwarding state
[  213.076858][ T6843] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  213.086093][ T6847] syzkaller0: entered promiscuous mode
[  213.093713][ T6847] syzkaller0: entered allmulticast mode
[  213.208191][ T6856] loop4: detected capacity change from 0 to 1024
[  213.254188][ T6856] EXT4-fs (loop4): ext4_check_descriptors: Inode bitmap for group 0 overlaps superblock
[  213.294693][ T6856] EXT4-fs (loop4): ext4_check_descriptors: Checksum for group 0 failed (42152!=20869)
[  213.349113][ T6856] EXT4-fs (loop4): stripe (2) is not aligned with cluster size (16), stripe is disabled
[  213.364154][ T6856] EXT4-fs error (device loop4): ext4_get_journal_inode:5888: inode #5: comm syz.4.178: unexpected bad inode w/o EXT4_IGET_BAD
[  213.418714][ T6039] hsr_slave_0: left promiscuous mode
[  213.425926][ T6856] loop4: lost file I/O error report for ino 5 type 5 pos 0x0 len 0x0 error -117
[  213.428849][    C1] EXT4-fs (loop4): error count since last fsck: 1
[  213.446585][    C1] EXT4-fs (loop4): initial error at time 1775013502: ext4_get_journal_inode:5888: inode 5
[  213.457399][    C1] EXT4-fs (loop4): last error at time 1775013502: ext4_get_journal_inode:5888: inode 5
[  213.472231][ T6039] hsr_slave_1: left promiscuous mode
[  213.489859][ T6856] EXT4-fs (loop4): no journal found
[  213.503958][ T6039] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  213.507364][ T6856] EXT4-fs (loop4): can't get journal size
[  213.521444][ T6039] batman_adv: batadv0: Removing interface: batadv_slave_0
[  213.531896][ T6856] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback.
[  213.553977][ T6039] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  213.562148][ T6039] batman_adv: batadv0: Removing interface: batadv_slave_1
[  213.586324][ T6039] veth1_macvtap: left promiscuous mode
[  213.595330][ T6039] veth0_macvtap: left promiscuous mode
[  213.601370][ T6039] veth1_vlan: left promiscuous mode
[  213.606944][ T6039] veth0_vlan: left promiscuous mode
[  213.617087][ T6860] fuse: Bad value for 'fd'
[  214.180623][ T6039] team0 (unregistering): Port device team_slave_1 removed
[  214.229927][ T6039] team0 (unregistering): Port device team_slave_0 removed
[  214.993000][ T6432] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network
[  215.004184][ T6432] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[  215.089222][ T6845] tipc: Resetting bearer <eth:syzkaller0>
[  215.217754][ T6880] netlink: 12 bytes leftover after parsing attributes in process `syz.0.182'.
[  215.244273][ T6842] tipc: Resetting bearer <eth:syzkaller0>
[  215.409333][ T6842] tipc: Disabling bearer <eth:syzkaller0>
[  215.458038][ T5922] tipc: Node number set to 483336771
[  216.086413][ T5842] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  216.229191][ T6884] netlink: 'syz.0.184': attribute type 17 has an invalid length.
[  216.277410][ T6884] netlink: 8 bytes leftover after parsing attributes in process `syz.0.184'.
[  216.416159][ T6884] bond0: option all_slaves_active: invalid value (255)
[  217.301812][ T6889] loop4: detected capacity change from 0 to 512
[  217.838448][ T6889] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  218.444492][ T6555] netdevsim netdevsim1 netdevsim0: renamed from eth0
[  218.516519][ T6555] netdevsim netdevsim1 netdevsim1: renamed from eth1
[  218.770420][ T6904] Bluetooth: MGMT ver 1.23
[  218.785001][ T5857] Bluetooth: hci2: command 0x0406 tx timeout
[  219.640511][ T6432] 8021q: adding VLAN 0 to HW filter on device batadv0
[  219.701294][ T6555] netdevsim netdevsim1 netdevsim2: renamed from eth2
[  220.337946][ T6555] netdevsim netdevsim1 netdevsim3: renamed from eth3
[  220.446263][ T5842] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  220.797379][ T5857] Bluetooth: hci2: command 0x0406 tx timeout
[  220.926618][ T6555] 8021q: adding VLAN 0 to HW filter on device bond0
[  220.975921][ T6555] 8021q: adding VLAN 0 to HW filter on device team0
[  221.056045][ T6044] bridge0: port 1(bridge_slave_0) entered blocking state
[  221.064074][ T6044] bridge0: port 1(bridge_slave_0) entered forwarding state
[  221.145216][ T6044] bridge0: port 2(bridge_slave_1) entered blocking state
[  221.153217][ T6044] bridge0: port 2(bridge_slave_1) entered forwarding state
[  221.311567][ T6926] loop4: detected capacity change from 0 to 40427
[  221.415512][ T6926] F2FS-fs (loop4): invalid crc value
[  221.589230][ T6926] F2FS-fs (loop4): f2fs_recover_fsync_data: recovery fsync data, check_only: 0
[  221.603550][ T6926] F2FS-fs (loop4): Start checkpoint disabled!
[  221.619241][ T6926] F2FS-fs (loop4): f2fs_disable_checkpoint() finish, err:0
[  221.628005][ T6926] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e6
[  221.910549][   T29] audit: type=1800 audit(1775013511.185:6): pid=6926 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.4.187" name="file1" dev="loop4" ino=10 res=0 errno=0
[  222.326246][ T6939] bio_check_eod: 176 callbacks suppressed
[  222.326270][ T6939] syz.4.187: attempt to access beyond end of device
[  222.326270][ T6939] loop4: rw=10241, sector=45096, nr_sectors = 8 limit=40427
[  222.347124][ T6939] syz.4.187: attempt to access beyond end of device
[  222.347124][ T6939] loop4: rw=2049, sector=45104, nr_sectors = 8 limit=40427
[  222.363445][ T6939] syz.4.187: attempt to access beyond end of device
[  222.363445][ T6939] loop4: rw=2049, sector=45112, nr_sectors = 8 limit=40427
[  222.378313][ T6939] syz.4.187: attempt to access beyond end of device
[  222.378313][ T6939] loop4: rw=2049, sector=45120, nr_sectors = 8 limit=40427
[  222.394185][ T6939] syz.4.187: attempt to access beyond end of device
[  222.394185][ T6939] loop4: rw=2049, sector=45128, nr_sectors = 8 limit=40427
[  222.409728][ T6939] syz.4.187: attempt to access beyond end of device
[  222.409728][ T6939] loop4: rw=2049, sector=45136, nr_sectors = 16 limit=40427
[  222.424722][ T6939] syz.4.187: attempt to access beyond end of device
[  222.424722][ T6939] loop4: rw=2049, sector=45152, nr_sectors = 8 limit=40427
[  222.439334][ T6939] syz.4.187: attempt to access beyond end of device
[  222.439334][ T6939] loop4: rw=2049, sector=45160, nr_sectors = 8 limit=40427
[  222.478693][ T6939] syz.4.187: attempt to access beyond end of device
[  222.478693][ T6939] loop4: rw=2049, sector=45168, nr_sectors = 8 limit=40427
[  222.493364][ T6939] syz.4.187: attempt to access beyond end of device
[  222.493364][ T6939] loop4: rw=2049, sector=45176, nr_sectors = 8 limit=40427
[  223.235723][ T6044] CPU: 1 UID: 0 PID: 6044 Comm: kworker/u8:13 Not tainted syzkaller #0 PREEMPT(full) 
[  223.235753][ T6044] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026
[  223.235765][ T6044] Workqueue: writeback wb_workfn (flush-7:4)
[  223.235805][ T6044] Call Trace:
[  223.235813][ T6044]  <TASK>
[  223.235821][ T6044]  dump_stack_lvl+0xe8/0x150
[  223.235853][ T6044]  f2fs_stop_checkpoint+0x3c7/0x590
[  223.235889][ T6044]  f2fs_write_end_io+0x12e5/0x17a0
[  223.235940][ T6044]  __submit_merged_bio+0x256/0x6a0
[  223.235979][ T6044]  __submit_merged_write_cond+0x3c9/0x4e0
[  223.236021][ T6044]  ? __pfx___submit_merged_write_cond+0x10/0x10
[  223.236092][ T6044]  f2fs_write_data_pages+0x287e/0x34f0
[  223.236113][ T6044]  ? __pfx_stack_trace_consume_entry+0x10/0x10
[  223.236185][ T6044]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[  223.236224][ T6044]  ? __pfx_f2fs_available_free_memory+0x10/0x10
[  223.236291][ T6044]  ? __pfx_f2fs_balance_fs_bg+0x10/0x10
[  223.236334][ T6044]  ? __lock_acquire+0x6b5/0x2cf0
[  223.236387][ T6044]  ? __pfx_f2fs_inode_chksum_set+0x10/0x10
[  223.236415][ T6044]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[  223.236438][ T6044]  do_writepages+0x32e/0x550
[  223.236474][ T6044]  ? reacquire_held_locks+0x104/0x190
[  223.236494][ T6044]  ? writeback_sb_inodes+0x463/0x19d0
[  223.236529][ T6044]  __writeback_single_inode+0x133/0x10e0
[  223.236558][ T6044]  ? do_raw_spin_unlock+0xf5/0x210
[  223.236589][ T6044]  writeback_sb_inodes+0x979/0x19d0
[  223.236613][ T6044]  ? __lock_acquire+0x6b5/0x2cf0
[  223.236676][ T6044]  ? __pfx_writeback_sb_inodes+0x10/0x10
[  223.236699][ T6044]  ? do_raw_spin_lock+0x12b/0x2f0
[  223.236776][ T6044]  ? rcu_is_watching+0x15/0xb0
[  223.236809][ T6044]  wb_writeback+0x445/0xb00
[  223.236847][ T6044]  ? queue_io+0x291/0x470
[  223.236883][ T6044]  ? __pfx_wb_writeback+0x10/0x10
[  223.236906][ T6044]  ? do_raw_spin_lock+0x12b/0x2f0
[  223.236950][ T6044]  wb_workfn+0x3f8/0xf10
[  223.236971][ T6044]  ? look_up_lock_class+0x57/0x110
[  223.237021][ T6044]  ? __pfx_wb_workfn+0x10/0x10
[  223.237056][ T6044]  ? __pfx___schedule+0x10/0x10
[  223.237083][ T6044]  ? do_raw_spin_unlock+0xf5/0x210
[  223.237114][ T6044]  ? process_scheduled_works+0xa70/0x1860
[  223.237142][ T6044]  ? process_scheduled_works+0xa70/0x1860
[  223.237172][ T6044]  ? preempt_schedule_thunk+0x16/0x30
[  223.237197][ T6044]  ? process_scheduled_works+0xa70/0x1860
[  223.237222][ T6044]  ? process_scheduled_works+0xa70/0x1860
[  223.237253][ T6044]  process_scheduled_works+0xb5d/0x1860
[  223.237313][ T6044]  ? __pfx_process_scheduled_works+0x10/0x10
[  223.237347][ T6044]  ? assign_work+0x3d5/0x5e0
[  223.237381][ T6044]  worker_thread+0xa53/0xfc0
[  223.237433][ T6044]  kthread+0x388/0x470
[  223.237455][ T6044]  ? __pfx_worker_thread+0x10/0x10
[  223.237481][ T6044]  ? __pfx_kthread+0x10/0x10
[  223.237505][ T6044]  ret_from_fork+0x514/0xb70
[  223.237538][ T6044]  ? __pfx_ret_from_fork+0x10/0x10
[  223.237567][ T6044]  ? __switch_to+0xc79/0x1410
[  223.237598][ T6044]  ? __pfx_kthread+0x10/0x10
[  223.237623][ T6044]  ret_from_fork_asm+0x1a/0x30
[  223.237665][ T6044]  </TASK>
[  223.802057][ T6044] F2FS-fs (loop4): Stopped filesystem due to reason: 3
[  223.935169][   T51] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1
[  223.951069][   T51] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9
[  223.962298][   T51] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9
[  223.975387][   T51] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4
[  223.986933][   T51] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2
[  224.234310][ T6555] 8021q: adding VLAN 0 to HW filter on device batadv0
[  226.112653][   T51] Bluetooth: hci5: command tx timeout
[  226.837043][ T6978] loop2: detected capacity change from 0 to 512
[  227.308515][ T6978] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  227.925896][ T6975] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  227.933437][ T6979] syzkaller0: entered promiscuous mode
[  227.941244][ T6979] syzkaller0: entered allmulticast mode
[  227.989353][ T6972] tipc: Resetting bearer <eth:syzkaller0>
[  228.019277][ T6972] tipc: Disabling bearer <eth:syzkaller0>
[  228.036988][ T5850] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  228.167543][   T51] Bluetooth: hci5: command tx timeout
[  228.266303][ T6555] veth0_vlan: entered promiscuous mode
[  228.494331][ T6555] veth1_vlan: entered promiscuous mode
[  228.982871][ T6555] veth0_macvtap: entered promiscuous mode
[  229.021276][ T6555] veth1_macvtap: entered promiscuous mode
[  229.121329][ T6555] batman_adv: batadv0: Interface activated: batadv_slave_0
[  229.270811][ T6952] chnl_net:caif_netlink_parms(): no params data found
[  230.241708][   T51] Bluetooth: hci5: command tx timeout
[  231.277931][ T6039] bridge_slave_1: left allmulticast mode
[  231.337254][ T6039] bridge_slave_1: left promiscuous mode
[  231.343801][ T6039] bridge0: port 2(bridge_slave_1) entered disabled state
[  232.317420][   T51] Bluetooth: hci5: command tx timeout
[  232.439971][ T7020] loop2: detected capacity change from 0 to 8
[  232.538972][ T7020] SQUASHFS error: xz decompression failed, data probably corrupt
[  232.547722][ T7020] SQUASHFS error: Failed to read block 0x108: -5
[  232.555923][ T7020] SQUASHFS error: Unable to read metadata cache entry [106]
[  232.564665][ T7020] SQUASHFS error: Unable to read inode 0x11f
[  233.207254][    T0] NOHZ tick-stop error: local softirq work is pending, handler #40!!!
[  233.300443][ T6039] bridge_slave_0: left allmulticast mode
[  233.337047][ T6039] bridge_slave_0: left promiscuous mode
[  233.346585][ T6039] bridge0: port 1(bridge_slave_0) entered disabled state
[  236.406309][ T7066] netlink: 64 bytes leftover after parsing attributes in process `syz.2.213'.
[  237.245879][ T6039] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  237.282952][ T6039] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  237.295774][ T6039] bond0 (unregistering): Released all slaves
[  237.337822][ T6555] batman_adv: batadv0: Interface activated: batadv_slave_1
[  237.378999][ T7047] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  237.388886][ T7051] syzkaller0: entered promiscuous mode
[  237.394678][ T7051] syzkaller0: entered allmulticast mode
[  237.655372][   T13] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  237.689131][ T6044] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  237.720015][ T7051] tipc: Resetting bearer <eth:syzkaller0>
[  237.789437][ T7051] tipc: Disabling bearer <eth:syzkaller0>
[  237.817498][ T5857] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1
[  237.834528][ T5857] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9
[  237.844264][ T5857] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9
[  237.852538][ T7073] netlink: 'syz.0.215': attribute type 3 has an invalid length.
[  237.858590][ T5857] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4
[  237.871983][ T5857] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2
[  237.971267][ T6044] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  237.980362][ T6044] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  238.022037][ T6039] hsr_slave_0: left promiscuous mode
[  238.041818][ T6039] hsr_slave_1: left promiscuous mode
[  238.053691][ T6039] batman_adv: batadv0: Removing interface: batadv_slave_0
[  238.284134][ T6039] batman_adv: batadv0: Removing interface: batadv_slave_1
[  239.224732][ T7100] netlink: 'syz.4.220': attribute type 17 has an invalid length.
[  239.265168][ T7100] netlink: 8 bytes leftover after parsing attributes in process `syz.4.220'.
[  239.936027][   T51] Bluetooth: hci1: command tx timeout
[  240.413439][ T6039] team0 (unregistering): Port device team_slave_1 removed
[  240.443646][ T6039] team0 (unregistering): Port device team_slave_0 removed
[  241.598630][ T5857] Bluetooth: hci3: command 0x0406 tx timeout
[  241.737038][ T7100] bond0: option all_slaves_active: invalid value (255)
[  241.999614][   T51] Bluetooth: hci1: command tx timeout
[  242.050511][ T6952] bridge0: port 1(bridge_slave_0) entered blocking state
[  242.059690][ T6952] bridge0: port 1(bridge_slave_0) entered disabled state
[  242.067099][ T6952] bridge_slave_0: entered allmulticast mode
[  242.079233][ T6952] bridge_slave_0: entered promiscuous mode
[  242.097972][ T7127] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  242.129892][ T7125] syzkaller0: entered promiscuous mode
[  242.135817][ T7125] syzkaller0: entered allmulticast mode
[  242.143672][ T6952] bridge0: port 2(bridge_slave_1) entered blocking state
[  242.151594][ T6952] bridge0: port 2(bridge_slave_1) entered disabled state
[  242.159524][ T6952] bridge_slave_1: entered allmulticast mode
[  242.168088][ T6952] bridge_slave_1: entered promiscuous mode
[  242.336643][ T7124] tipc: Resetting bearer <eth:syzkaller0>
[  242.364214][ T7124] tipc: Disabling bearer <eth:syzkaller0>
[  242.400937][ T6952] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  242.416252][ T6952] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  242.593630][ T6952] team0: Port device team_slave_0 added
[  242.610231][ T6952] team0: Port device team_slave_1 added
[  243.690749][   T51] Bluetooth: hci3: command 0x0406 tx timeout
[  244.087906][   T51] Bluetooth: hci1: command tx timeout
[  244.191418][ T6952] batman_adv: batadv0: Adding interface: batadv_slave_0
[  244.253333][ T6952] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  244.351250][ T6952] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  244.825062][ T6952] batman_adv: batadv0: Adding interface: batadv_slave_1
[  244.832537][ T6952] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  244.876178][ T6952] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  246.121162][ T6952] hsr_slave_0: entered promiscuous mode
[  246.140444][ T6952] hsr_slave_1: entered promiscuous mode
[  246.150934][ T6952] debugfs: 'hsr0' already exists in 'hsr'
[  246.159683][ T5857] Bluetooth: hci1: command tx timeout
[  246.166109][ T6952] Cannot create hsr debugfs directory
[  246.233328][ T7170] netlink: 24 bytes leftover after parsing attributes in process `syz.2.233'.
[  246.556793][ T7169] netlink: 'syz.0.234': attribute type 16 has an invalid length.
[  246.948623][ T7169] netlink: 8 bytes leftover after parsing attributes in process `syz.0.234'.
[  248.148911][ T7187] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  248.762578][ T6039] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  248.811465][ T7181] tipc: Resetting bearer <eth:syzkaller0>
[  248.859270][ T7180] tipc: Disabling bearer <eth:syzkaller0>
[  248.914341][ T7078] chnl_net:caif_netlink_parms(): no params data found
[  249.031404][ T6039] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  249.115449][ T7198] loop2: detected capacity change from 0 to 1024
[  249.184674][ T7198] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  249.330711][ T6039] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  249.466380][ T5850] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  249.556160][ T6039] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  249.673745][ T7078] bridge0: port 1(bridge_slave_0) entered blocking state
[  249.689645][ T7078] bridge0: port 1(bridge_slave_0) entered disabled state
[  249.700529][ T7078] bridge_slave_0: entered allmulticast mode
[  249.711962][ T7078] bridge_slave_0: entered promiscuous mode
[  249.724783][ T7078] bridge0: port 2(bridge_slave_1) entered blocking state
[  249.732576][ T7078] bridge0: port 2(bridge_slave_1) entered disabled state
[  249.740456][ T7078] bridge_slave_1: entered allmulticast mode
[  249.752707][ T7078] bridge_slave_1: entered promiscuous mode
[  251.080674][ T7078] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  252.371567][ T7078] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  256.418841][ T1318] ieee802154 phy0 wpan0: encryption failed: -22
[  256.425385][ T1318] ieee802154 phy1 wpan1: encryption failed: -22
[  256.492903][ T7078] team0: Port device team_slave_0 added
[  256.562327][ T7078] team0: Port device team_slave_1 added
[  258.007296][    T0] NOHZ tick-stop error: local softirq work is pending, handler #02!!!
[  259.217228][    T0] NOHZ tick-stop error: local softirq work is pending, handler #c0!!!
[  259.627756][    T0] NOHZ tick-stop error: local softirq work is pending, handler #1c2!!!
[  260.409924][ T7078] batman_adv: batadv0: Adding interface: batadv_slave_0
[  260.449708][ T7078] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  260.524366][ T7078] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  260.612538][ T7078] batman_adv: batadv0: Adding interface: batadv_slave_1
[  260.658097][ T7078] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  260.740801][ T7078] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  261.790608][ T6039] bridge_slave_1: left allmulticast mode
[  261.810935][ T6039] bridge_slave_1: left promiscuous mode
[  261.826604][ T6039] bridge0: port 2(bridge_slave_1) entered disabled state
[  261.864537][ T6039] bridge_slave_0: left allmulticast mode
[  261.877622][ T6039] bridge_slave_0: left promiscuous mode
[  261.897457][ T6039] bridge0: port 1(bridge_slave_0) entered disabled state
[  262.773213][ T6039] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  262.981720][ T6039] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  263.021017][ T6039] bond0 (unregistering): Released all slaves
[  263.035429][ T7308] loop4: detected capacity change from 0 to 1024
[  263.068784][ T7308] EXT4-fs (loop4): ext4_check_descriptors: Inode bitmap for group 0 overlaps superblock
[  263.079224][ T7308] EXT4-fs (loop4): ext4_check_descriptors: Checksum for group 0 failed (42152!=20869)
[  263.090006][ T7308] EXT4-fs (loop4): stripe (2) is not aligned with cluster size (16), stripe is disabled
[  263.104002][ T7308] EXT4-fs error (device loop4): ext4_get_journal_inode:5888: inode #5: comm syz.4.250: unexpected bad inode w/o EXT4_IGET_BAD
[  263.119915][ T7308] loop4: lost file I/O error report for ino 5 type 5 pos 0x0 len 0x0 error -117
[  263.120310][ T7308] EXT4-fs (loop4): no journal found
[  263.129704][    C1] EXT4-fs (loop4): error count since last fsck: 1
[  263.129724][    C1] EXT4-fs (loop4): initial error at time 1775013552: ext4_get_journal_inode:5888: inode 5
[  263.129746][    C1] EXT4-fs (loop4): last error at time 1775013552: ext4_get_journal_inode:5888: inode 5
[  263.166630][ T7078] hsr_slave_0: entered promiscuous mode
[  263.176309][ T7078] hsr_slave_1: entered promiscuous mode
[  263.185089][ T7078] debugfs: 'hsr0' already exists in 'hsr'
[  263.193156][ T7078] Cannot create hsr debugfs directory
[  263.199404][ T7308] EXT4-fs (loop4): can't get journal size
[  263.224934][ T7308] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback.
[  263.496173][ T5842] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  263.695096][ T7320] netlink: 'syz.4.256': attribute type 16 has an invalid length.
[  263.718946][ T7320] netlink: 8 bytes leftover after parsing attributes in process `syz.4.256'.
[  263.757499][ T5914] usb 3-1: new high-speed USB device number 3 using dummy_hcd
[  263.865512][ T6039] hsr_slave_0: left promiscuous mode
[  263.889316][ T6039] hsr_slave_1: left promiscuous mode
[  263.901434][ T6039] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  263.916441][ T6039] batman_adv: batadv0: Removing interface: batadv_slave_0
[  263.940338][ T6039] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  263.950418][ T5914] usb 3-1: Using ep0 maxpacket: 8
[  263.951599][ T6039] batman_adv: batadv0: Removing interface: batadv_slave_1
[  263.989300][ T5914] usb 3-1: config index 0 descriptor too short (expected 301, got 45)
[  264.007813][ T5914] usb 3-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[  264.023706][ T6039] veth1_macvtap: left promiscuous mode
[  264.031761][ T5914] usb 3-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0
[  264.037814][ T6039] veth0_macvtap: left promiscuous mode
[  264.052261][ T5914] usb 3-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32
[  264.075180][ T5914] usb 3-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  264.111447][ T5914] usb 3-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23
[  264.144026][ T5914] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  264.426817][ T5914] usb 3-1: usb_control_msg returned -32
[  264.444992][ T5914] usbtmc 3-1:16.0: can't read capabilities
[  264.459415][ T6039] veth1_vlan: left promiscuous mode
[  264.500745][ T6039] veth0_vlan: left promiscuous mode
[  264.859736][ T7315] usbtmc 3-1:16.0: usb_control_msg returned -71
[  264.859785][   T43] usb 3-1: USB disconnect, device number 3
[  264.886927][ T7338] usbtmc 3-1:16.0: send_request_dev_dep_msg_in returned -19
[  264.954001][ T6039] team0 (unregistering): Port device team_slave_1 removed
[  264.980666][ T6039] team0 (unregistering): Port device team_slave_0 removed
[  266.474447][ T6952] netdevsim netdevsim5 netdevsim0: renamed from eth0
[  266.553305][ T6952] netdevsim netdevsim5 netdevsim1: renamed from eth1
[  266.817795][ T6952] netdevsim netdevsim5 netdevsim2: renamed from eth2
[  267.897098][ T6952] netdevsim netdevsim5 netdevsim3: renamed from eth3
[  269.085489][ T7388] loop2: detected capacity change from 0 to 1024
[  269.135647][ T7388] EXT4-fs (loop2): ext4_check_descriptors: Inode bitmap for group 0 overlaps superblock
[  269.244823][ T7388] EXT4-fs (loop2): ext4_check_descriptors: Checksum for group 0 failed (42152!=20869)
[  269.269213][ T7388] EXT4-fs (loop2): stripe (2) is not aligned with cluster size (16), stripe is disabled
[  269.290788][ T7388] EXT4-fs error (device loop2): ext4_get_journal_inode:5888: inode #5: comm syz.2.266: unexpected bad inode w/o EXT4_IGET_BAD
[  269.309355][ T7388] loop2: lost file I/O error report for ino 5 type 5 pos 0x0 len 0x0 error -117
[  269.317230][    C0] EXT4-fs (loop2): error count since last fsck: 1
[  269.333494][    C0] EXT4-fs (loop2): initial error at time 1775013558: ext4_get_journal_inode:5888: inode 5
[  269.346048][    C0] EXT4-fs (loop2): last error at time 1775013558: ext4_get_journal_inode:5888: inode 5
[  269.361741][ T7388] EXT4-fs (loop2): no journal found
[  269.367263][ T7388] EXT4-fs (loop2): can't get journal size
[  269.390435][ T7388] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback.
[  270.280879][ T5850] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  270.415432][ T6952] 8021q: adding VLAN 0 to HW filter on device bond0
[  270.458265][ T6952] 8021q: adding VLAN 0 to HW filter on device team0
[  271.209249][ T6952] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network
[  271.219914][ T6952] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[  271.661984][   T49] bridge0: port 1(bridge_slave_0) entered blocking state
[  271.670010][   T49] bridge0: port 1(bridge_slave_0) entered forwarding state
[  271.995618][   T49] bridge0: port 2(bridge_slave_1) entered blocking state
[  272.003085][   T49] bridge0: port 2(bridge_slave_1) entered forwarding state
[  272.076129][ T7434] x_tables: ip6_tables: TPROXY target: used from hooks FORWARD, but only usable from PREROUTING
[  272.102093][ T7434] netlink: 28 bytes leftover after parsing attributes in process `syz.4.273'.
[  274.988927][ T7455] ntfs3(nullb0): Primary boot signature is not NTFS.
[  275.050490][ T7455] ntfs3(nullb0): try to read out of volume at offset 0x3e7ffffe00
[  275.391642][ T7078] netdevsim netdevsim1 netdevsim0: renamed from eth0
[  275.599947][ T7078] netdevsim netdevsim1 netdevsim1: renamed from eth1
[  275.667037][ T7078] netdevsim netdevsim1 netdevsim2: renamed from eth2
[  275.728283][ T7078] netdevsim netdevsim1 netdevsim3: renamed from eth3
[  275.769909][ T6952] 8021q: adding VLAN 0 to HW filter on device batadv0
[  275.851661][ T7466] syzkaller0: entered promiscuous mode
[  275.871059][ T7466] syzkaller0: entered allmulticast mode
[  277.568500][ T7078] 8021q: adding VLAN 0 to HW filter on device bond0
[  278.216386][ T7078] 8021q: adding VLAN 0 to HW filter on device team0
[  278.280693][ T6039] bridge0: port 1(bridge_slave_0) entered blocking state
[  278.288441][ T6039] bridge0: port 1(bridge_slave_0) entered forwarding state
[  278.331279][ T7506] loop4: detected capacity change from 0 to 1024
[  278.422582][ T6039] bridge0: port 2(bridge_slave_1) entered blocking state
[  278.430225][ T6039] bridge0: port 2(bridge_slave_1) entered forwarding state
[  278.481533][ T7506] EXT4-fs (loop4): ext4_check_descriptors: Inode bitmap for group 0 overlaps superblock
[  278.521569][ T7506] EXT4-fs (loop4): ext4_check_descriptors: Checksum for group 0 failed (42152!=20869)
[  278.550836][ T7506] EXT4-fs (loop4): stripe (2) is not aligned with cluster size (16), stripe is disabled
[  278.574586][ T7078] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network
[  278.599853][ T7506] EXT4-fs error (device loop4): ext4_get_journal_inode:5888: inode #5: comm syz.4.280: unexpected bad inode w/o EXT4_IGET_BAD
[  278.615441][ T7078] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[  278.646259][ T7506] loop4: lost file I/O error report for ino 5 type 5 pos 0x0 len 0x0 error -117
[  278.646661][ T7506] EXT4-fs (loop4): no journal found
[  278.656722][    C0] EXT4-fs (loop4): error count since last fsck: 1
[  278.656750][    C0] EXT4-fs (loop4): initial error at time 1775013568: ext4_get_journal_inode:5888: inode 5
[  278.656785][    C0] EXT4-fs (loop4): last error at time 1775013568: ext4_get_journal_inode:5888: inode 5
[  278.714857][ T7506] EXT4-fs (loop4): can't get journal size
[  278.900877][ T7506] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback.
[  279.662746][ T6952] veth0_vlan: entered promiscuous mode
[  279.705167][ T6952] veth1_vlan: entered promiscuous mode
[  279.921556][ T6952] veth0_macvtap: entered promiscuous mode
[  279.949782][ T6952] veth1_macvtap: entered promiscuous mode
[  280.018002][ T7527] syz.2.283 calls setitimer() with new_value NULL pointer. Misfeature support will be removed
[  280.045417][ T7527] ubi31: attaching mtd0
[  280.066894][ T7527] ubi31: scanning is finished
[  280.072049][ T7527] ubi31: empty MTD device detected
[  280.181319][ T5857] Bluetooth: hci2: ACL packet for unknown connection handle 201
[  280.479058][ T5842] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  280.652770][ T6952] batman_adv: batadv0: Interface activated: batadv_slave_0
[  280.666316][ T6952] batman_adv: batadv0: Interface activated: batadv_slave_1
[  280.715093][ T1120] netdevsim netdevsim5 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  280.738028][ T1120] netdevsim netdevsim5 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  280.750720][ T1120] netdevsim netdevsim5 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  280.768792][ T1120] netdevsim netdevsim5 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  280.870979][ T7527] ubi31 error: ubi_attach_mtd_dev: cannot spawn "ubi_bgt31d", error -4
[  281.129262][ T7536] fuse: Bad value for 'fd'
[  282.126651][ T7543] netlink: 'syz.2.295': attribute type 17 has an invalid length.
[  282.146619][ T7543] netlink: 8 bytes leftover after parsing attributes in process `syz.2.295'.
[  282.230212][ T7549] netlink: 'syz.0.287': attribute type 17 has an invalid length.
[  282.238511][ T7549] netlink: 8 bytes leftover after parsing attributes in process `syz.0.287'.
[  282.312382][ T7078] 8021q: adding VLAN 0 to HW filter on device batadv0
[  282.325334][ T7543] bond0: option all_slaves_active: invalid value (255)
[  282.348575][ T7549] bond0: option all_slaves_active: invalid value (255)
[  282.387065][ T6039] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  282.466854][ T6039] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  283.225882][ T7078] veth0_vlan: entered promiscuous mode
[  283.439579][ T7558] loop2: detected capacity change from 0 to 32768
[  283.456369][ T7558] BTRFS: device fsid ed167579-eb65-4e76-9a50-61ac97e9b59d devid 1 transid 8 /dev/loop2 (7:2) scanned by syz.2.289 (7558)
[  283.491978][ T7558] BTRFS info (device loop2): first mount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d
[  283.503380][ T7558] BTRFS info (device loop2): using sha256 checksum algorithm
[  283.590526][ T7078] veth1_vlan: entered promiscuous mode
[  283.623968][ T1168] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  283.637988][ T1168] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  283.693258][ T7558] BTRFS info (device loop2): enabling ssd optimizations
[  283.701733][ T7558] BTRFS info (device loop2): turning on async discard
[  283.708717][ T7558] BTRFS info (device loop2): enabling free space tree
[  284.471849][ T7078] veth0_macvtap: entered promiscuous mode
[  284.539901][ T7078] veth1_macvtap: entered promiscuous mode
[  284.546879][ T7567] loop4: detected capacity change from 0 to 1024
[  284.641403][   T51] Bluetooth: hci0: command 0x0406 tx timeout
[  284.660873][ T7567] EXT4-fs (loop4): ext4_check_descriptors: Inode bitmap for group 0 overlaps superblock
[  284.747373][ T7078] batman_adv: batadv0: Interface activated: batadv_slave_0
[  284.796324][ T7078] batman_adv: batadv0: Interface activated: batadv_slave_1
[  284.827589][ T5850] BTRFS info (device loop2): last unmount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d
[  284.855808][ T7567] EXT4-fs (loop4): ext4_check_descriptors: Checksum for group 0 failed (42152!=20869)
[  284.950457][ T7567] EXT4-fs (loop4): stripe (2) is not aligned with cluster size (16), stripe is disabled
[  284.976552][ T6044] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  284.995752][ T7567] EXT4-fs error (device loop4): ext4_get_journal_inode:5888: inode #5: comm syz.4.290: unexpected bad inode w/o EXT4_IGET_BAD
[  285.058282][ T6044] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  285.218552][ T7567] loop4: lost file I/O error report for ino 5 type 5 pos 0x0 len 0x0 error -117
[  285.230098][    C0] EXT4-fs (loop4): error count since last fsck: 1
[  285.246803][    C0] EXT4-fs (loop4): initial error at time 1775013574: ext4_get_journal_inode:5888: inode 5
[  285.257507][    C0] EXT4-fs (loop4): last error at time 1775013574: ext4_get_journal_inode:5888: inode 5
[  285.354177][ T7567] EXT4-fs (loop4): no journal found
[  285.421968][ T6044] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  285.524823][ T7567] EXT4-fs (loop4): can't get journal size
[  285.586302][ T6044] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  285.706999][ T7567] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback.
[  285.756877][   T51] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1
[  285.785819][   T51] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9
[  285.806424][   T51] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9
[  285.817333][   T51] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4
[  285.830856][   T51] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2
[  286.175033][ T5842] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  286.757571][   T51] Bluetooth: hci0: command 0x0406 tx timeout
[  288.021692][   T51] Bluetooth: hci4: command tx timeout
[  288.718451][ T7619] netlink: 'syz.0.298': attribute type 17 has an invalid length.
[  288.739532][   T12] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  288.750128][ T7619] netlink: 8 bytes leftover after parsing attributes in process `syz.0.298'.
[  288.767559][   T12] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  288.993825][ T7619] bond0: option all_slaves_active: invalid value (255)
[  289.004088][ T7624] netlink: 'syz.2.299': attribute type 16 has an invalid length.
[  289.034691][ T7624] netlink: 8 bytes leftover after parsing attributes in process `syz.2.299'.
[  290.331956][   T51] Bluetooth: hci4: command tx timeout
[  291.059660][ T1120] netdevsim netdevsim5 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  291.275680][   T12] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  291.342640][   T12] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  291.444885][ T1120] netdevsim netdevsim5 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  291.448165][ T7643] loop2: detected capacity change from 0 to 16
[  291.689972][ T7643] erofs (device loop2): mounted with root inode @ nid 36.
[  292.460036][ T5857] Bluetooth: hci4: command tx timeout
[  293.536366][ T7659] loop1: detected capacity change from 0 to 64
[  293.802894][ T7655] loop2: detected capacity change from 0 to 32768
[  294.065337][ T7655] XFS (loop2): Mounting V5 Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb
[  294.437897][ T1120] netdevsim netdevsim5 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  294.479799][ T5857] Bluetooth: hci4: command tx timeout
[  294.549531][ T7655] XFS (loop2): Ending clean mount
[  294.596849][ T7655] XFS (loop2): Quotacheck needed: Please wait.
[  295.492436][ T7655] XFS (loop2): Quotacheck: Done.
[  295.566834][ T7677] loop4: detected capacity change from 0 to 512
[  296.288267][ T7677] EXT4-fs: Warning: mounting with data=journal disables delayed allocation, dioread_nolock, O_DIRECT and fast_commit support!
[  296.446784][ T7677] EXT4-fs (loop4): encrypted files will use data=ordered instead of data journaling mode
[  297.038394][ T1120] netdevsim netdevsim5 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  297.062489][ T7677] EXT4-fs warning (device loop4): ext4_expand_extra_isize_ea:2858: Unable to expand inode 15. Delete some EAs or run e2fsck.
[  297.279760][ T7677] EXT4-fs (loop4): 1 truncate cleaned up
[  297.345579][ T7677] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  297.360067][ T7691] netlink: 'syz.0.310': attribute type 17 has an invalid length.
[  297.369023][ T5850] XFS (loop2): Unmounting Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb
[  297.403953][ T7691] netlink: 8 bytes leftover after parsing attributes in process `syz.0.310'.
[  298.270348][ T7691] bond0: option all_slaves_active: invalid value (255)
[  298.290905][ T7586] chnl_net:caif_netlink_parms(): no params data found
[  300.346513][ T5842] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  300.444234][ T7701] loop1: detected capacity change from 0 to 4096
[  300.734704][ T7586] bridge0: port 1(bridge_slave_0) entered blocking state
[  300.990645][ T7586] bridge0: port 1(bridge_slave_0) entered disabled state
[  301.024905][ T7586] bridge_slave_0: entered allmulticast mode
[  301.036486][ T7586] bridge_slave_0: entered promiscuous mode
[  301.038268][ T5922] usb 5-1: new full-speed USB device number 3 using dummy_hcd
[  301.048414][ T7586] bridge0: port 2(bridge_slave_1) entered blocking state
[  301.066604][ T7586] bridge0: port 2(bridge_slave_1) entered disabled state
[  301.075390][ T7586] bridge_slave_1: entered allmulticast mode
[  301.122115][ T7586] bridge_slave_1: entered promiscuous mode
[  301.773512][ T7726] netlink: 'syz.2.311': attribute type 4 has an invalid length.
[  301.881559][ T5922] usb 5-1: New USB device found, idVendor=0ccd, idProduct=00b3, bcdDevice=2d.ea
[  301.914465][ T5922] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  301.937018][ T5922] usb 5-1: Product: syz
[  301.947255][ T5922] usb 5-1: Manufacturer: syz
[  301.957171][ T5922] usb 5-1: SerialNumber: syz
[  301.973616][ T5922] usb 5-1: config 0 descriptor??
[  302.095032][ T7586] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  302.158826][ T1120] bridge_slave_1: left allmulticast mode
[  302.175242][ T1120] bridge_slave_1: left promiscuous mode
[  302.202024][ T1120] bridge0: port 2(bridge_slave_1) entered disabled state
[  302.225863][ T5922] usb 5-1: dvb_usb_v2: found a 'TerraTec NOXON DAB Stick' in warm state
[  302.238288][ T1120] bridge_slave_0: left allmulticast mode
[  302.247225][ T1120] bridge_slave_0: left promiscuous mode
[  302.258499][ T1120] bridge0: port 1(bridge_slave_0) entered disabled state
[  302.385548][ T7732] loop1: detected capacity change from 0 to 4096
[  302.830769][ T7742] netlink: 48 bytes leftover after parsing attributes in process `syz.1.317'.
[  305.292424][ T1120] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  305.345846][ T7761] netlink: 'syz.2.322': attribute type 17 has an invalid length.
[  305.366243][ T1120] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  305.372511][ T7761] netlink: 8 bytes leftover after parsing attributes in process `syz.2.322'.
[  305.395841][ T1120] bond0 (unregistering): Released all slaves
[  305.441029][ T7586] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  305.499552][ T5922] dvb_usb_rtl28xxu 5-1:0.0: probe with driver dvb_usb_rtl28xxu failed with error -71
[  305.533164][ T7761] bond0: option all_slaves_active: invalid value (255)
[  305.610155][ T5922] usb 5-1: USB disconnect, device number 3
[  305.972673][ T7586] team0: Port device team_slave_0 added
[  306.140802][ T7586] team0: Port device team_slave_1 added
[  306.894633][ T7777] loop2: detected capacity change from 0 to 512
[  307.917376][ T7777] EXT4-fs (loop2): encrypted files will use data=ordered instead of data journaling mode
[  308.421600][ T7777] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=a002c028, mo2=0002]
[  308.430356][ T7777] System zones: 1-12
[  308.474965][ T7777] EXT4-fs (loop2): 1 truncate cleaned up
[  308.484827][ T7777] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  308.517742][ T7586] batman_adv: batadv0: Adding interface: batadv_slave_0
[  308.546127][ T7586] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  308.588893][ T7586] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  308.702189][ T1120] hsr_slave_0: left promiscuous mode
[  308.789438][ T1120] hsr_slave_1: left promiscuous mode
[  308.795222][ T5850] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  308.796143][ T1120] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  308.819403][ T1120] batman_adv: batadv0: Removing interface: batadv_slave_0
[  308.857687][ T1120] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  308.891315][ T1120] batman_adv: batadv0: Removing interface: batadv_slave_1
[  308.964952][ T1120] veth1_macvtap: left promiscuous mode
[  308.977599][ T1120] veth0_macvtap: left promiscuous mode
[  308.995284][ T1120] veth1_vlan: left promiscuous mode
[  309.015643][ T5857] Bluetooth: hci2: unexpected event for opcode 0x080d
[  309.025090][ T1120] veth0_vlan: left promiscuous mode
[  309.032962][ T7797] 9pnet_virtio: no channels available for device syz
[  309.054903][ T7797] 9pnet_virtio: no channels available for device syz
[  309.065954][ T7796] loop1: detected capacity change from 0 to 1024
[  309.113072][ T7796] EXT4-fs (loop1): ext4_check_descriptors: Inode bitmap for group 0 overlaps superblock
[  309.153156][ T7796] EXT4-fs (loop1): ext4_check_descriptors: Checksum for group 0 failed (42152!=20869)
[  309.185029][ T7796] EXT4-fs (loop1): stripe (2) is not aligned with cluster size (16), stripe is disabled
[  309.220065][ T7796] EXT4-fs error (device loop1): ext4_get_journal_inode:5888: inode #5: comm syz.1.330: unexpected bad inode w/o EXT4_IGET_BAD
[  309.258444][ T7796] loop1: lost file I/O error report for ino 5 type 5 pos 0x0 len 0x0 error -117
[  309.258849][ T7796] EXT4-fs (loop1): no journal found
[  309.268490][    C1] EXT4-fs (loop1): error count since last fsck: 1
[  309.268516][    C1] EXT4-fs (loop1): initial error at time 1775013598: ext4_get_journal_inode:5888: inode 5
[  309.268548][    C1] EXT4-fs (loop1): last error at time 1775013598: ext4_get_journal_inode:5888: inode 5
[  309.317005][ T7796] EXT4-fs (loop1): can't get journal size
[  309.341511][ T7796] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback.
[  309.494275][ T7800] netlink: 'syz.0.333': attribute type 17 has an invalid length.
[  309.504483][ T7800] netlink: 8 bytes leftover after parsing attributes in process `syz.0.333'.
[  309.851729][ T1120] team0 (unregistering): Port device team_slave_1 removed
[  309.875851][ T1120] team0 (unregistering): Port device team_slave_0 removed
[  310.121154][ T7586] batman_adv: batadv0: Adding interface: batadv_slave_1
[  310.146213][ T7586] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  310.210488][ T7586] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  310.256454][ T7795] warning: `syz.2.332' uses wireless extensions which will stop working for Wi-Fi 7 hardware; use nl80211
[  310.269076][ T7800] bond0: option all_slaves_active: invalid value (255)
[  310.366396][ T7078] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  310.490799][ T7586] hsr_slave_0: entered promiscuous mode
[  310.530782][ T7586] hsr_slave_1: entered promiscuous mode
[  310.749539][ T7586] debugfs: 'hsr0' already exists in 'hsr'
[  310.772472][ T7586] Cannot create hsr debugfs directory
[  313.726623][ T7851] loop4: detected capacity change from 0 to 1024
[  315.416347][ T7586] netdevsim netdevsim5 netdevsim0: renamed from eth0
[  315.470055][ T7586] netdevsim netdevsim5 netdevsim1: renamed from eth1
[  315.494071][ T7864] netlink: 'syz.1.346': attribute type 17 has an invalid length.
[  315.557541][ T7864] netlink: 8 bytes leftover after parsing attributes in process `syz.1.346'.
[  315.565657][ T7586] netdevsim netdevsim5 netdevsim2: renamed from eth2
[  315.619848][ T7864] bond0: option all_slaves_active: invalid value (255)
[  315.681653][ T7586] netdevsim netdevsim5 netdevsim3: renamed from eth3
[  315.703844][ T6049] hfsplus: b-tree write err: -5, ino 25
[  316.115109][ T6049] hfsplus: b-tree write err: -5, ino 4
[  316.176373][ T7874] netlink: 20 bytes leftover after parsing attributes in process `syz.2.348'.
[  316.329083][ T5857] Bluetooth: hci1: command 0x0406 tx timeout
[  316.695274][ T6049] hfsplus: b-tree write err: -5, ino 2
[  317.378183][ T1318] ieee802154 phy0 wpan0: encryption failed: -22
[  317.387541][ T1318] ieee802154 phy1 wpan1: encryption failed: -22
[  318.604619][ T7586] 8021q: adding VLAN 0 to HW filter on device bond0
[  318.695322][ T7586] 8021q: adding VLAN 0 to HW filter on device team0
[  318.981564][   T81] bridge0: port 1(bridge_slave_0) entered blocking state
[  318.988873][   T81] bridge0: port 1(bridge_slave_0) entered forwarding state
[  319.754589][   T81] bridge0: port 2(bridge_slave_1) entered blocking state
[  319.761887][   T81] bridge0: port 2(bridge_slave_1) entered forwarding state
[  323.327310][ T7936] ubi31: attaching mtd0
[  323.333961][ T7936] ubi31: scanning is finished
[  323.634170][   T51] Bluetooth: hci0: ACL packet for unknown connection handle 201
[  324.368077][ T7586] 8021q: adding VLAN 0 to HW filter on device batadv0
[  324.904100][ T7936] ubi31 error: ubi_attach_mtd_dev: cannot spawn "ubi_bgt31d", error -4
[  325.160606][ T7938] IPVS: wrr: UDP 224.0.0.2:0 - no destination available
[  325.227158][ T5955] IPVS: starting estimator thread 0...
[  325.357430][ T7954] IPVS: using max 25 ests per chain, 60000 per kthread
[  326.353913][ T7964] loop2: detected capacity change from 0 to 512
[  326.390317][ T7964] ext4: Unknown parameter 'nouser_xattr'
[  326.504665][ T7969] genirq: Flags mismatch irq 4. 00200000 (pcl812) vs. 00200080 (ttyS0)
[  326.725842][ T7970] loop4: detected capacity change from 0 to 512
[  326.761253][ T7970] EXT4-fs (loop4): Test dummy encryption mode enabled
[  326.768947][ T7970] EXT4-fs (loop4): encrypted files will use data=ordered instead of data journaling mode
[  328.414473][ T7970] EXT4-fs error (device loop4): ext4_orphan_get:1423: comm syz.4.364: bad orphan inode 131083
[  328.426339][ T7970] loop4: lost filesystem error report for type 5 error -117
[  328.429225][    C0] EXT4-fs (loop4): error count since last fsck: 1
[  328.443430][    C0] EXT4-fs (loop4): initial error at time 1775013617: ext4_orphan_get:1423
[  328.452903][    C0] EXT4-fs (loop4): last error at time 1775013617: ext4_orphan_get:1423
[  329.139344][ T7970] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  329.816532][ T7586] veth0_vlan: entered promiscuous mode
[  329.849193][ T7586] veth1_vlan: entered promiscuous mode
[  329.910345][ T7586] veth0_macvtap: entered promiscuous mode
[  329.919472][ T7586] veth1_macvtap: entered promiscuous mode
[  330.925781][ T7586] batman_adv: batadv0: Interface activated: batadv_slave_0
[  331.031659][ T5842] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  331.043041][ T7586] batman_adv: batadv0: Interface activated: batadv_slave_1
[  331.143216][ T1164] netdevsim netdevsim5 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  331.159059][ T1164] netdevsim netdevsim5 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  331.173281][ T1164] netdevsim netdevsim5 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  331.231697][ T1164] netdevsim netdevsim5 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  333.547308][ T8014] loop2: detected capacity change from 0 to 64
[  333.768661][ T6044] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  333.821538][ T6044] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  333.833475][ T6046] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  333.861901][ T6046] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  335.262462][ T8033] ------------[ cut here ]------------
[  335.268430][ T8033] !buffer_uptodate(bh)
[  335.268448][ T8033] WARNING: fs/buffer.c:1180 at mark_buffer_dirty+0x299/0x410, CPU#0: syz.2.373/8033
[  335.285645][ T8033] Modules linked in:
[  335.290424][ T8033] CPU: 0 UID: 0 PID: 8033 Comm: syz.2.373 Not tainted syzkaller #0 PREEMPT(full) 
[  335.300452][ T8033] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026
[  335.311218][ T8033] RIP: 0010:mark_buffer_dirty+0x299/0x410
[  335.317433][ T8033] Code: 4c 89 f7 e8 b9 64 da ff 49 8b 3e be 40 00 00 00 5b 41 5c 41 5e 41 5f 5d e9 54 5e fb ff e8 4f fe 70 ff eb 8c e8 48 fe 70 ff 90 <0f> 0b 90 e9 a5 fd ff ff e8 3a fe 70 ff 90 0f 0b 90 e9 cf fd ff ff
[  335.337633][ T8033] RSP: 0018:ffffc90004ef63e8 EFLAGS: 00010293
[  335.343749][ T8033] RAX: ffffffff82552e08 RBX: ffff888053fb5e80 RCX: ffff88802798bd00
[  335.352118][ T8033] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000002
[  335.360364][ T8033] RBP: ffff88807f718001 R08: ffff888053fb5e87 R09: 1ffff1100a7f6bd0
[  335.368774][ T8033] R10: dffffc0000000000 R11: ffffed100a7f6bd1 R12: ffff888055b37a00
[  335.376917][ T8033] R13: ffff888053e5e910 R14: ffff888053fb5e80 R15: 0000000000000012
[  335.385097][ T8033] FS:  00007f5ec5ee56c0(0000) GS:ffff88812543c000(0000) knlGS:0000000000000000
[  335.394181][ T8033] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  335.401202][ T8033] CR2: 0000200000000340 CR3: 000000005a614000 CR4: 00000000003526f0
[  335.409656][ T8033] Call Trace:
[  335.413742][ T8033]  <TASK>
[  335.417142][ T8033]  bfs_get_block+0x5da/0xae0
[  335.421878][ T8033]  __block_write_begin_int+0x6c6/0x1910
[  335.427569][ T8033]  ? __pfx_bfs_get_block+0x10/0x10
[  335.432736][ T8033]  ? __pfx___block_write_begin_int+0x10/0x10
[  335.439054][ T8033]  ? ktime_get_coarse_real_ts64_mg+0x59/0x1e0
[  335.445350][ T8033]  ? __pfx_bfs_get_block+0x10/0x10
[  335.450599][ T8033]  block_write_begin+0x8d/0x120
[  335.455519][ T8033]  ? bfs_write_begin+0x1e/0xd0
[  335.460437][ T8033]  bfs_write_begin+0x35/0xd0
[  335.465089][ T8033]  generic_perform_write+0x2e2/0x8f0
[  335.470625][ T8033]  ? __pfx_generic_perform_write+0x10/0x10
[  335.476557][ T8033]  ? file_update_time_flags+0x219/0x4a0
[  335.482221][ T8033]  ? __generic_file_write_iter+0xf9/0x230
[  335.488090][ T8033]  ? generic_file_write_iter+0x136/0x680
[  335.494076][ T8033]  generic_file_write_iter+0x14a/0x680
[  335.499718][ T8033]  ? __pfx_generic_file_write_iter+0x10/0x10
[  335.506289][ T8033]  ? unwind_next_frame+0xa6/0x2550
[  335.511887][ T8033]  ? is_bpf_text_address+0x26/0x2b0
[  335.517650][ T8033]  ? is_bpf_text_address+0x26/0x2b0
[  335.523184][ T8033]  ? is_bpf_text_address+0x292/0x2b0
[  335.528572][ T8033]  ? is_bpf_text_address+0x26/0x2b0
[  335.533818][ T8033]  ? kernel_text_address+0xa5/0xe0
[  335.539064][ T8033]  ? __kernel_text_address+0xd/0x30
[  335.544327][ T8033]  ? unwind_get_return_address+0x4d/0x90
[  335.550257][ T8033]  ? __pfx_stack_trace_consume_entry+0x10/0x10
[  335.556689][ T8033]  ? arch_stack_walk+0xfb/0x150
[  335.561693][ T8033]  __kernel_write_iter+0x41e/0x880
[  335.566945][ T8033]  ? __pfx___kernel_write_iter+0x10/0x10
[  335.572969][ T8033]  ? __asan_memset+0x22/0x50
[  335.577842][ T8033]  ? iov_iter_kvec+0xb8/0x180
[  335.582734][ T8033]  __kernel_write+0x106/0x170
[  335.587547][ T8033]  ? __pfx___kernel_write+0x10/0x10
[  335.592799][ T8033]  dump_emit+0x8e9/0xab0
[  335.599377][ T8033]  ? __pfx_dump_emit+0x10/0x10
[  335.604774][ T8033]  ? __kasan_kmalloc+0x93/0xb0
[  335.610203][ T8033]  ? __kmalloc_cache_noprof+0x31c/0x660
[  335.615928][ T8033]  elf_core_dump+0x2e5d/0x3ad0
[  335.621209][ T8033]  ? __pfx_elf_core_dump+0x10/0x10
[  335.626550][ T8033]  ? __kasan_kmalloc+0x93/0xb0
[  335.631445][ T8033]  ? __kvmalloc_node_noprof+0x528/0x8a0
[  335.637130][ T8033]  ? coredump_write+0x387/0x1910
[  335.642197][ T8033]  ? vfs_coredump+0x36a9/0x4280
[  335.647142][ T8033]  ? get_signal+0x1107/0x1330
[  335.651992][ T8033]  ? arch_do_signal_or_restart+0xbc/0x830
[  335.657846][ T8033]  ? irqentry_exit+0x188/0x700
[  335.662824][ T8033]  ? asm_exc_page_fault+0x26/0x30
[  335.668118][ T8033]  ? mas_ascend+0x304/0x890
[  335.672801][ T8033]  ? vfs_coredump+0x36a9/0x4280
[  335.677808][ T8033]  coredump_write+0x1216/0x1910
[  335.682736][ T8033]  ? __pfx_coredump_write+0x10/0x10
[  335.688060][ T8033]  ? do_raw_spin_lock+0x12b/0x2f0
[  335.693277][ T8033]  ? put_files_struct+0x256/0x350
[  335.698543][ T8033]  ? do_raw_spin_unlock+0xf5/0x210
[  335.703841][ T8033]  ? unshare_files+0xfc/0x140
[  335.708766][ T8033]  vfs_coredump+0x36a9/0x4280
[  335.714520][ T8033]  ? __pfx_vfs_coredump+0x10/0x10
[  335.719772][ T8033]  ? __lock_acquire+0x6b5/0x2cf0
[  335.724771][ T8033]  ? __lock_acquire+0x6b5/0x2cf0
[  335.729899][ T8033]  ? __lock_acquire+0x6b5/0x2cf0
[  335.735043][ T8033]  ? __lock_acquire+0x6b5/0x2cf0
[  335.740124][ T8033]  ? __lock_acquire+0x6b5/0x2cf0
[  335.745211][ T8033]  ? unwind_next_frame+0xa6/0x2550
[  335.750503][ T8033]  ? lock_acquire+0x106/0x350
[  335.755271][ T8033]  ? unwind_next_frame+0xa6/0x2550
[  335.760529][ T8033]  ? is_bpf_text_address+0x26/0x2b0
[  335.765947][ T8033]  ? lock_acquire+0x106/0x350
[  335.770833][ T8033]  ? is_bpf_text_address+0x26/0x2b0
[  335.776088][ T8033]  ? is_bpf_text_address+0x292/0x2b0
[  335.781472][ T8033]  ? is_bpf_text_address+0x26/0x2b0
[  335.786753][ T8033]  ? kernel_text_address+0xa5/0xe0
[  335.792057][ T8033]  ? __kernel_text_address+0xd/0x30
[  335.797458][ T8033]  ? unwind_get_return_address+0x4d/0x90
[  335.803180][ T8033]  ? __pfx_stack_trace_consume_entry+0x10/0x10
[  335.809450][ T8033]  ? arch_stack_walk+0xfb/0x150
[  335.814824][ T8033]  ? stack_trace_save+0xa9/0x100
[  335.820692][ T8033]  ? __pfx_stack_trace_save+0x10/0x10
[  335.826116][ T8033]  ? stack_depot_save_flags+0x33/0x810
[  335.831686][ T8033]  ? kasan_save_track+0x4f/0x80
[  335.836689][ T8033]  ? kasan_save_track+0x3e/0x80
[  335.841746][ T8033]  ? kasan_save_free_info+0x46/0x50
[  335.847132][ T8033]  ? __kasan_slab_free+0x5c/0x80
[  335.852145][ T8033]  ? kmem_cache_free+0x182/0x650
[  335.857161][ T8033]  ? get_signal+0xa4a/0x1330
[  335.861834][ T8033]  ? arch_do_signal_or_restart+0xbc/0x830
[  335.867783][ T8033]  ? irqentry_exit+0x188/0x700
[  335.872618][ T8033]  ? asm_exc_page_fault+0x26/0x30
[  335.877791][ T8033]  ? _raw_spin_unlock_irq+0x23/0x50
[  335.883042][ T8033]  get_signal+0x1107/0x1330
[  335.887691][ T8033]  arch_do_signal_or_restart+0xbc/0x830
[  335.893399][ T8033]  ? __pfx_arch_do_signal_or_restart+0x10/0x10
[  335.899802][ T8033]  irqentry_exit+0x188/0x700
[  335.904490][ T8033]  ? trace_irq_disable+0x3b/0x140
[  335.909751][ T8033]  asm_exc_page_fault+0x26/0x30
[  335.915152][ T8033] RIP: 0033:0x7f5ec4f9c821
[  335.920732][ T8033] Code: 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 48 3d 01 f0 ff ff 73 01 <c3> 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 66 2e 0f 1f
[  335.941082][ T8033] RSP: 002b:00000000fffffeb0 EFLAGS: 00010217
[  335.947279][ T8033] RAX: 0000000000000000 RBX: 00007f5ec5216090 RCX: 00007f5ec4f9c819
[  335.955580][ T8033] RDX: 0000000000000000 RSI: 00000000fffffeb0 RDI: 0000000002000400
[  335.963669][ T8033] RBP: 00007f5ec5032c91 R08: 0000000000000000 R09: 0000000000000000
[  335.971942][ T8033] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000
[  335.980015][ T8033] R13: 00007f5ec5216128 R14: 00007f5ec5216090 R15: 00007ffca9819098
[  335.988119][ T8033]  </TASK>
[  335.991189][ T8033] Kernel panic - not syncing: kernel: panic_on_warn set ...
[  335.998518][ T8033] CPU: 0 UID: 0 PID: 8033 Comm: syz.2.373 Not tainted syzkaller #0 PREEMPT(full) 
[  336.007843][ T8033] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026
[  336.018115][ T8033] Call Trace:
[  336.021432][ T8033]  <TASK>
[  336.024397][ T8033]  vpanic+0x56c/0xa60
[  336.028431][ T8033]  ? __pfx__printk+0x10/0x10
[  336.033667][ T8033]  ? __pfx_vpanic+0x10/0x10
[  336.038207][ T8033]  ? is_bpf_text_address+0x292/0x2b0
[  336.043525][ T8033]  ? is_bpf_text_address+0x26/0x2b0
[  336.048775][ T8033]  panic+0xc5/0xd0
[  336.052521][ T8033]  ? __pfx_panic+0x10/0x10
[  336.056978][ T8033]  __warn+0x315/0x4c0
[  336.061055][ T8033]  ? mark_buffer_dirty+0x299/0x410
[  336.066173][ T8033]  ? mark_buffer_dirty+0x299/0x410
[  336.071307][ T8033]  __report_bug+0x29a/0x540
[  336.075825][ T8033]  ? filemap_get_entry+0xcd/0x3f0
[  336.080861][ T8033]  ? filemap_get_entry+0xcd/0x3f0
[  336.086075][ T8033]  ? mark_buffer_dirty+0x299/0x410
[  336.091299][ T8033]  ? __pfx___report_bug+0x10/0x10
[  336.096365][ T8033]  ? __pfx_folio_mark_accessed+0x10/0x10
[  336.102053][ T8033]  ? mark_buffer_dirty+0x299/0x410
[  336.107296][ T8033]  report_bug+0x16a/0x220
[  336.111646][ T8033]  ? mark_buffer_dirty+0x299/0x410
[  336.116764][ T8033]  ? mark_buffer_dirty+0x29b/0x410
[  336.121990][ T8033]  handle_bug+0x9c/0x200
[  336.126266][ T8033]  exc_invalid_op+0x1a/0x50
[  336.130798][ T8033]  asm_exc_invalid_op+0x1a/0x20
[  336.135658][ T8033] RIP: 0010:mark_buffer_dirty+0x299/0x410
[  336.141389][ T8033] Code: 4c 89 f7 e8 b9 64 da ff 49 8b 3e be 40 00 00 00 5b 41 5c 41 5e 41 5f 5d e9 54 5e fb ff e8 4f fe 70 ff eb 8c e8 48 fe 70 ff 90 <0f> 0b 90 e9 a5 fd ff ff e8 3a fe 70 ff 90 0f 0b 90 e9 cf fd ff ff
[  336.161089][ T8033] RSP: 0018:ffffc90004ef63e8 EFLAGS: 00010293
[  336.167168][ T8033] RAX: ffffffff82552e08 RBX: ffff888053fb5e80 RCX: ffff88802798bd00
[  336.175154][ T8033] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000002
[  336.183307][ T8033] RBP: ffff88807f718001 R08: ffff888053fb5e87 R09: 1ffff1100a7f6bd0
[  336.191290][ T8033] R10: dffffc0000000000 R11: ffffed100a7f6bd1 R12: ffff888055b37a00
[  336.199293][ T8033] R13: ffff888053e5e910 R14: ffff888053fb5e80 R15: 0000000000000012
[  336.207282][ T8033]  ? mark_buffer_dirty+0x298/0x410
[  336.212410][ T8033]  ? mark_buffer_dirty+0x298/0x410
[  336.217531][ T8033]  bfs_get_block+0x5da/0xae0
[  336.222147][ T8033]  __block_write_begin_int+0x6c6/0x1910
[  336.227808][ T8033]  ? __pfx_bfs_get_block+0x10/0x10
[  336.233022][ T8033]  ? __pfx___block_write_begin_int+0x10/0x10
[  336.239019][ T8033]  ? ktime_get_coarse_real_ts64_mg+0x59/0x1e0
[  336.245118][ T8033]  ? __pfx_bfs_get_block+0x10/0x10
[  336.250241][ T8033]  block_write_begin+0x8d/0x120
[  336.255102][ T8033]  ? bfs_write_begin+0x1e/0xd0
[  336.259911][ T8033]  bfs_write_begin+0x35/0xd0
[  336.264515][ T8033]  generic_perform_write+0x2e2/0x8f0
[  336.269905][ T8033]  ? __pfx_generic_perform_write+0x10/0x10
[  336.275722][ T8033]  ? file_update_time_flags+0x219/0x4a0
[  336.281362][ T8033]  ? __generic_file_write_iter+0xf9/0x230
[  336.287086][ T8033]  ? generic_file_write_iter+0x136/0x680
[  336.292726][ T8033]  generic_file_write_iter+0x14a/0x680
[  336.298194][ T8033]  ? __pfx_generic_file_write_iter+0x10/0x10
[  336.304302][ T8033]  ? unwind_next_frame+0xa6/0x2550
[  336.309512][ T8033]  ? is_bpf_text_address+0x26/0x2b0
[  336.314736][ T8033]  ? is_bpf_text_address+0x26/0x2b0
[  336.320051][ T8033]  ? is_bpf_text_address+0x292/0x2b0
[  336.325348][ T8033]  ? is_bpf_text_address+0x26/0x2b0
[  336.330652][ T8033]  ? kernel_text_address+0xa5/0xe0
[  336.335902][ T8033]  ? __kernel_text_address+0xd/0x30
[  336.341198][ T8033]  ? unwind_get_return_address+0x4d/0x90
[  336.347281][ T8033]  ? __pfx_stack_trace_consume_entry+0x10/0x10
[  336.353454][ T8033]  ? arch_stack_walk+0xfb/0x150
[  336.358319][ T8033]  __kernel_write_iter+0x41e/0x880
[  336.363536][ T8033]  ? __pfx___kernel_write_iter+0x10/0x10
[  336.369290][ T8033]  ? __asan_memset+0x22/0x50
[  336.373986][ T8033]  ? iov_iter_kvec+0xb8/0x180
[  336.378764][ T8033]  __kernel_write+0x106/0x170
[  336.383457][ T8033]  ? __pfx___kernel_write+0x10/0x10
[  336.388744][ T8033]  dump_emit+0x8e9/0xab0
[  336.393066][ T8033]  ? __pfx_dump_emit+0x10/0x10
[  336.398016][ T8033]  ? __kasan_kmalloc+0x93/0xb0
[  336.402873][ T8033]  ? __kmalloc_cache_noprof+0x31c/0x660
[  336.408516][ T8033]  elf_core_dump+0x2e5d/0x3ad0
[  336.413655][ T8033]  ? __pfx_elf_core_dump+0x10/0x10
[  336.418786][ T8033]  ? __kasan_kmalloc+0x93/0xb0
[  336.423641][ T8033]  ? __kvmalloc_node_noprof+0x528/0x8a0
[  336.429272][ T8033]  ? coredump_write+0x387/0x1910
[  336.434218][ T8033]  ? vfs_coredump+0x36a9/0x4280
[  336.439163][ T8033]  ? get_signal+0x1107/0x1330
[  336.443854][ T8033]  ? arch_do_signal_or_restart+0xbc/0x830
[  336.449670][ T8033]  ? irqentry_exit+0x188/0x700
[  336.454452][ T8033]  ? asm_exc_page_fault+0x26/0x30
[  336.459593][ T8033]  ? mas_ascend+0x304/0x890
[  336.464316][ T8033]  ? vfs_coredump+0x36a9/0x4280
[  336.469193][ T8033]  coredump_write+0x1216/0x1910
[  336.474066][ T8033]  ? __pfx_coredump_write+0x10/0x10
[  336.479359][ T8033]  ? do_raw_spin_lock+0x12b/0x2f0
[  336.484490][ T8033]  ? put_files_struct+0x256/0x350
[  336.489525][ T8033]  ? do_raw_spin_unlock+0xf5/0x210
[  336.495037][ T8033]  ? unshare_files+0xfc/0x140
[  336.499833][ T8033]  vfs_coredump+0x36a9/0x4280
[  336.504535][ T8033]  ? __pfx_vfs_coredump+0x10/0x10
[  336.509576][ T8033]  ? __lock_acquire+0x6b5/0x2cf0
[  336.515052][ T8033]  ? __lock_acquire+0x6b5/0x2cf0
[  336.520163][ T8033]  ? __lock_acquire+0x6b5/0x2cf0
[  336.525208][ T8033]  ? __lock_acquire+0x6b5/0x2cf0
[  336.530156][ T8033]  ? __lock_acquire+0x6b5/0x2cf0
[  336.535115][ T8033]  ? unwind_next_frame+0xa6/0x2550
[  336.540235][ T8033]  ? lock_acquire+0x106/0x350
[  336.544931][ T8033]  ? unwind_next_frame+0xa6/0x2550
[  336.550058][ T8033]  ? is_bpf_text_address+0x26/0x2b0
[  336.555469][ T8033]  ? lock_acquire+0x106/0x350
[  336.560266][ T8033]  ? is_bpf_text_address+0x26/0x2b0
[  336.565532][ T8033]  ? is_bpf_text_address+0x292/0x2b0
[  336.570884][ T8033]  ? is_bpf_text_address+0x26/0x2b0
[  336.576313][ T8033]  ? kernel_text_address+0xa5/0xe0
[  336.581546][ T8033]  ? __kernel_text_address+0xd/0x30
[  336.586859][ T8033]  ? unwind_get_return_address+0x4d/0x90
[  336.592517][ T8033]  ? __pfx_stack_trace_consume_entry+0x10/0x10
[  336.598886][ T8033]  ? arch_stack_walk+0xfb/0x150
[  336.603756][ T8033]  ? stack_trace_save+0xa9/0x100
[  336.608706][ T8033]  ? __pfx_stack_trace_save+0x10/0x10
[  336.614088][ T8033]  ? stack_depot_save_flags+0x33/0x810
[  336.619737][ T8033]  ? kasan_save_track+0x4f/0x80
[  336.624611][ T8033]  ? kasan_save_track+0x3e/0x80
[  336.629467][ T8033]  ? kasan_save_free_info+0x46/0x50
[  336.634691][ T8033]  ? __kasan_slab_free+0x5c/0x80
[  336.639648][ T8033]  ? kmem_cache_free+0x182/0x650
[  336.644594][ T8033]  ? get_signal+0xa4a/0x1330
[  336.649379][ T8033]  ? arch_do_signal_or_restart+0xbc/0x830
[  336.655115][ T8033]  ? irqentry_exit+0x188/0x700
[  336.659891][ T8033]  ? asm_exc_page_fault+0x26/0x30
[  336.664978][ T8033]  ? _raw_spin_unlock_irq+0x23/0x50
[  336.670280][ T8033]  get_signal+0x1107/0x1330
[  336.674940][ T8033]  arch_do_signal_or_restart+0xbc/0x830
[  336.680591][ T8033]  ? __pfx_arch_do_signal_or_restart+0x10/0x10
[  336.686870][ T8033]  irqentry_exit+0x188/0x700
[  336.691639][ T8033]  ? trace_irq_disable+0x3b/0x140
[  336.696699][ T8033]  asm_exc_page_fault+0x26/0x30
[  336.701584][ T8033] RIP: 0033:0x7f5ec4f9c821
[  336.706024][ T8033] Code: 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 48 3d 01 f0 ff ff 73 01 <c3> 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 66 2e 0f 1f
[  336.725905][ T8033] RSP: 002b:00000000fffffeb0 EFLAGS: 00010217
[  336.732076][ T8033] RAX: 0000000000000000 RBX: 00007f5ec5216090 RCX: 00007f5ec4f9c819
[  336.740161][ T8033] RDX: 0000000000000000 RSI: 00000000fffffeb0 RDI: 0000000002000400
[  336.748671][ T8033] RBP: 00007f5ec5032c91 R08: 0000000000000000 R09: 0000000000000000
[  336.756730][ T8033] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000
[  336.764728][ T8033] R13: 00007f5ec5216128 R14: 00007f5ec5216090 R15: 00007ffca9819098
[  336.772755][ T8033]  </TASK>
[  336.776230][ T8033] Kernel Offset: disabled
[  336.780555][ T8033] Rebooting in 86400 seconds..