last executing test programs:

1m13.961979423s ago: executing program 3 (id=385):
r0 = syz_open_procfs(0x0, &(0x7f0000000040)='net/udp6\x00')
r1 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_mreq(r1, 0x29, 0x1b, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0xa, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000280)=0x8)
bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0x18, 0x4, &(0x7f0000000480)=ANY=[@ANYBLOB], 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x29}, 0x94)
r2 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeea, 0x8031, 0xffffffffffffffff, 0x28f43000)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f0000000400)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r5 = socket$inet6(0xa, 0x80002, 0x0)
setsockopt$sock_int(r5, 0x1, 0xf, 0x0, 0x0)
bind$inet6(r5, 0x0, 0x0)
r6 = socket$inet6(0xa, 0x80002, 0x0)
setsockopt$sock_int(r6, 0x1, 0xf, 0x0, 0x0)
bind$inet6(r6, 0x0, 0x0)
r7 = socket$packet(0x11, 0x3, 0x300)
ioctl$sock_SIOCGIFINDEX(r7, 0x8933, 0x0)
sendto$packet(r7, 0x0, 0x0, 0x0, 0x0, 0x0)
getsockopt$inet6_buf(r1, 0x29, 0x32, 0x0, 0x0)
sendmsg$netlink(0xffffffffffffffff, 0x0, 0x0)
readv(r0, &(0x7f0000000580)=[{&(0x7f0000000080)=""/110, 0x6e}, {&(0x7f00000002c0)=""/125, 0x7d}, {&(0x7f0000000340)=""/229, 0xe5}], 0x3)

1m11.871148464s ago: executing program 3 (id=387):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x6, 0x40c}, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x1)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
r0 = syz_open_dev$MSR(&(0x7f0000000240), 0x0, 0x0)
read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8)
rmdir(0x0)
epoll_create1(0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
r2 = socket$packet(0x11, 0x3, 0x300)
setsockopt$packet_fanout(r2, 0x107, 0x12, &(0x7f00000000c0)={0x3, 0x1000}, 0x4)
r3 = socket$packet(0x11, 0x2, 0x300)
setsockopt$packet_fanout(r3, 0x107, 0x12, &(0x7f0000000f00)={0x3, 0x5}, 0x4)
sendmsg$nl_route(r1, &(0x7f0000000340)={0x0, 0x0, &(0x7f00000001c0)={0x0}, 0x1, 0x0, 0x0, 0x40008c4}, 0x20004804)
r4 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0a00000004000000ff0f000007"], 0x48)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000200)={{r4}, &(0x7f0000000180), &(0x7f00000001c0)}, 0x20)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r4, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b70400000000000085000000c300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$PROG_LOAD(0x5, &(0x7f0000000380)={0x1, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)

1m10.299305731s ago: executing program 3 (id=390):
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x5)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x80200, 0x0)
r0 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r0, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
fcntl$dupfd(0xffffffffffffffff, 0x2, 0xffffffffffffffff)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
fsmount(0xffffffffffffffff, 0x0, 0x8)
r1 = openat$adsp1(0xffffffffffffff9c, &(0x7f0000000040), 0xa0301, 0x0)
ioctl$SNDCTL_DSP_SETFRAGMENT(r1, 0xc004500a, &(0x7f0000001340))
ioctl$SNDCTL_DSP_CHANNELS(r1, 0xc0045006, &(0x7f0000000180)=0x6f)
write$dsp(r1, &(0x7f00000012c0)="a52876830a602214f6b4e928d758f38a5a7cb4b31c4c09289e9ebb6286784ca3", 0x4000)
syz_usb_connect(0x0, 0x24, 0x0, 0x0)
openat$comedi(0xffffffffffffff9c, 0x0, 0x2, 0x0)
setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x3, 0x0, 0x0)
mount(0x0, &(0x7f0000000240)='.\x00', &(0x7f0000000080)='securityfs\x00', 0x0, &(0x7f0000000280)='\x02\x00\x00\x00\x04\xb0\xfe\x98\x9a!s\x91]\xab\xc9\xa2IV\xb6-\xbfS\x16 \x04\r\xcd\xdb\x9a\xd4\xaf\r\x11\xa0\xd7\xd7\xb6\x9bz\x99\xaf\xfd\x87fN\xad\x90U\xb4A\xdf\xabB\xbba\x7f\xb8\x96\x1a\xe7\xc1\xab\x16\x02\x00<r\xe9\x9cD\x90\xce\xe1\xc5\xff\x01\x00\x00\xbbQ\xde\xc3\xe3\x7f\xcf\x1f\x17G\xa6\x13\xae\x92 \x1c\xbf\xfa\xe8e\x8cD\"\xa3w\x04\xa2,\xda\xcep\x00nT\xfb\x99\xc7-2\x00\x00\xf8\xe5TW\xcd\xd7\x0e\x9c\bh\xae!]{x\xc1\x1fm )>\xfaC\x93\xc0S\xaf\f\x1a\fEik\x86\x15\xab\x909\xf8i\xc0\xa7\xa9\xb1\xbe\xc7\x1d\xe0\x18\xd2\xbaG|\xd5fC\x8d\t\x00/I\x8b\xbf\x94\xf4\x96[us\x96\x90\x8d\x9d\xfb\xdc\x7f0&\xab\x17@)\xf1\xc3Q\xb2M :\xaa\x99G\xdd\xa9E6A]@>\f\xb1n\x1a\x8c\xc6e7{@\x90\x8fz\xfcf\x88\x15A\x0e\xbf\xb8\xff\xa8\xb9\xab\x83>\xf9I0\xdd\x93#\x1e\x00\xed#\xc9\xd0Uk\xa6b\xa6/\x15\x92\xc6,p\xc9\xce\xe1\xc3\xd5\x89Lw\x17\x16\x18\xddh\xc8\x81w\x1e\x7f\xc7\x16\xe5\x96\x03\t\xc3\x94\xc7\xeb\xd6.\xfa\xb3\xe0\x1f\xa9\x19\xfaS\x1f[T\x1e\xc5nX\x84\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00=0\xc3\xbc\xfd\xce~\xe3\xcaO\"\xbb\xd1\x15\xf2y\xb91\x1d\xab\xeaO\x19\rH4\xc2\xe4\x922~K^K`55\xb7\xd1\n\xba\xb7,\xdb\xc2\x86\xc30bnc\x06\x06q\xe9\x97\fHA<\x94`\xf7H?\x86\xb8C9\b\x18vFWRdNee\xf1A\x06\x8f\x97\x99\xa5A\xfa\x94IfB\xa9\xf5\xd8\x83\xc5\b\x0eL\\Z\x80](f6D\x1a\xf7si\xa4l\xa8\x0f\xcc\xa1\xef\x1bCq\x0e\xf87\xfc\xce\x96cm\x83\x05S\x01Zj`dP:d\xba\x02\x14\xaa\x051\xd7\x87\x1b\xcb\xa2.\x89\x16CRx\x9b\x04\x1f\x8fA\t<\x99/\'tk\xcb\xd7|\x0f\xc9m\x95\x9a\n\v&\xca\xcd\x11\xec\xfd\x17a$.\xe9\x14\x8f\n\x15\x8d\rJ\x99\x8a\x87\x81\xc4S\x85L\xe5w\xa1\xbf\x91Q&6\x8e\xd1\x02\x19K\xd3\xab\xe5\xdc\xac\x05\x8dQ\xf4\x1aa\x86\xbc6\\\x06\xdf\x84\x00+F|\xa6\xc4\xab\x00G\xd0\x14N+\xf9\x84i?C\x81\x8eu\xd3\xcbg\xb7\a\xd9\x9a*\x17>\xac\x9d\x9d\xf6\t\xd8b\x19\x8a\x1e&\xde\x87-%\xf3\x8a2L\x1cQ2\f\x94\xf7\xf9\xadI\xedU\xabr\xe2\xe1\xc2{\b\xa8\xc2\n4\x0f\'\xed\xcc\xd7qG\xa7p\x8ct\xe3/l\v\x93\x8a\x95R\xd6\x19L\x85\x80\x18\x15\xcezn\xa8,i\xf1\x91@\xc0\xb1\a\xfd\xec\x95>\b(\xfa~O\xfd\xe2\a6b\x97\xc6$?;\x8eJ/P\x9d\x17\xaaU\xc4\b')
r2 = socket(0x10, 0x3, 0x0)
r3 = socket$nl_netfilter(0x10, 0x3, 0xc)
r4 = syz_open_dev$sndctrl(&(0x7f0000000080), 0x0, 0xc8080)
ioctl$SNDRV_CTL_IOCTL_SUBSCRIBE_EVENTS(r4, 0xc0045516, &(0x7f0000000000)=0x639)
readv(r4, &(0x7f0000000180)=[{&(0x7f00000000c0)=""/162, 0xa2}, {0x0}], 0x2)
ioctl$SNDRV_CTL_IOCTL_ELEM_ADD(r4, 0xc1105517, &(0x7f00000002c0)={{0x0, 0x6, 0xfefe, 0x0, 'syz0\x00', 0xfffffefd}, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 'syz0\x00', 0x0})
ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000040)={'ipvlan1\x00', <r5=>0x0})
sendmsg$nl_route_sched(r2, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000004c0)=@newqdisc={0x90, 0x24, 0xf0b, 0x70bc26, 0x0, {0x0, 0x0, 0x0, r5, {0x0, 0xffab}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_mqprio={{0xb}, {0x58, 0x2, {{0x1, [], 0x0, [0x1, 0x2, 0xfffe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5c4, 0x0, 0x0, 0x0, 0x3dc, 0x0, 0x7], [0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1000]}}}}, @TCA_RATE={0x6, 0x5, {0xfa, 0x3}}]}, 0x90}, 0x1, 0x0, 0x0, 0x2004c084}, 0x20000080)

1m2.299274531s ago: executing program 3 (id=398):
syz_mount_image$ext4(&(0x7f0000000040)='ext2\x00', &(0x7f0000000640)='./file0\x00', 0x10, &(0x7f00000000c0), 0xfe, 0x450, &(0x7f0000000140)="$eJzs3MtvG0UYAPBvnTh9URJKofQFgYKoeCRN+qAHLkUg9QASEhyKOJk0rUrdBjVBolUFhUM5okrcEUck/gIulAsCTkhc4Y6QIpQLhZPR2rupcWwnTpy4xL+ftPWMd9yZb3cnHs94HUDfGo2I/RFxX0T8GhHDEZE0FhitPdxZuD7198L1qSQqlTf+TKrl/lq4PpUXzV+3o5apDLSp9+bbEaVyefpKlh+fu/Te+OzVa89fuFQ6P31++vLkyZPHjh4cOjF5vCtx7kzbuu/DmQN7T79167WpM7fe+fHrJIs7GuLoltHqUWvuqW5X1mM769LJYA8bQkfSPpqermK1/w/HQGxb3Dccr3zS08YB66pSKVS2tN59owJsYuloHuhH+Rt9+vk33zZo6HFPmD8Vi/MYd7KttmcwClmZ4jrWPxoRZ27880W6xTrNQwAA1Lt9KiKeazb+K8TDdeXuz9aGRiLigYjYFREPRsTuiHgoolp2T0Q80mH9jSskS8c/leFVBbZC6fjvxWxt67/jv3z0FyMDWW5nNf5icu5CefpIdkwOR3FLmp9oU8d3L//yWat99eO/dEvrz8eCWTv+GGyYoDtbKpbWEnO9+Y/Tf083iT+JfBknHR/vjYh9Hf7fe7LHC898daBVmeXjb6ML60yVLyOerp3/G9EQfy5puT458cKJyePjW6M8fWQ8vyqW+unnm6+3qn9N8XfB/O1KbG96/S/GP5JsjZi9eu1idb12tvM6bv72acvPNKu7/udKQ8mb1fRQ9twHpbm5KxMRQ8mrS5+fvPvaPJ+XT6//w4ea9/9dcfdI7I+I9CI+GBGPRsRjWdsfj4gnIuJQm/h/eOnJdzuPv82sfBel8Z9d7vxH/fnvPDFw8ftvOo8/l57/Y9XU4eyZ9PwvF9dKG7iWYwcAAAD/F4Xqd+CTwthiulAYG6t9h393bC+UZ2bnnj038/7ls7Xvyo9EsZDPdA3XzYdOZHPDeX6yIX80mzf+fGBbNT82NVPudD4R6K4dLfp/6vd2N/AAm4P7taB/6f/Qv/R/6F/6P/Qv/R/6V7P+/1EP2gFsvGXe/7dtVDuAjWf8D/1L/4f+pf9DX2p5b3xhTbf8S/Qo8e3Q2n6rYeWJKNwjIW+aRDGa7hpc8Y9ZrDKxpemuXv9lAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA6I5/AwAA//84IOG2")
bpf$PROG_LOAD(0x5, 0x0, 0x0)
r0 = socket$nl_sock_diag(0x10, 0x3, 0x4)
r1 = socket$inet_sctp(0x2, 0x5, 0x84)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0xa, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000280)=0x8)
r2 = getpid()
sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeea, 0x8031, 0xffffffffffffffff, 0x28f43000)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f0000000180)=@abs, 0x6e)
sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sendto$inet(r1, &(0x7f00000000c0)="ab", 0xfffd, 0xc1, &(0x7f0000000280)={0x2, 0x4e22, @loopback}, 0x10)
readv(r0, &(0x7f0000000b40)=[{0x0}, {&(0x7f00000013c0)=""/4096, 0x1000}, {&(0x7f00000023c0)=""/4083, 0xff3}], 0x3)
sendmsg$TCPDIAG_GETSOCK(r0, &(0x7f0000001380)={0x0, 0x0, &(0x7f0000001340)={&(0x7f0000000080)=ANY=[@ANYBLOB="4c000000140011f225bd7000fddbcf250284", @ANYRES32], 0x4c}, 0x1, 0x0, 0x0, 0x48000}, 0x40)
bpf$MAP_CREATE(0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="0a00000007000000060000008c"], 0x50)
socket$alg(0x26, 0x5, 0x0)
socket$nl_netfilter(0x10, 0x3, 0xc)
socket(0x10, 0x803, 0x0)
r5 = socket$unix(0x1, 0x1, 0x0)
ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000100)={'team_slave_1\x00'})
sendmsg$DEVLINK_CMD_SB_TC_POOL_BIND_SET(0xffffffffffffffff, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000007c0)=ANY=[@ANYRES16=0x0, @ANYBLOB="100029bd7000fcdbdf25180000000e00013f276574646576736b6d0000000f0002006e557464657673696d300000080003000100000008000b000e00000006001600090000000500120001000000060011000080000008000b0001000000080001007063690011003a30303a31302e3000000000080003000200000008000b000000208006001600060000000500120001000000060011000d00000008000b000700000000"], 0xb0}, 0x1, 0x0, 0x0, 0x20000000}, 0x440400c4)
r6 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r6, 0x0, 0x0)
r7 = openat(0xffffffffffffff9c, &(0x7f0000000000)='.\x00', 0x0, 0x42)
ioctl$FS_IOC_REMOVE_ENCRYPTION_KEY(r7, 0x6609, 0x0)

57.09927679s ago: executing program 3 (id=408):
syz_mount_image$ext4(&(0x7f0000000100)='ext4\x00', &(0x7f0000000280)='./file0\x00', 0x2800000, &(0x7f0000000500)={[{@debug}, {@delalloc}, {@inlinecrypt}, {@test_dummy_encryption}, {@errors_continue}, {@errors_continue}, {@delalloc}, {@barrier}]}, 0x1, 0xbc8, &(0x7f0000002380)="$eJzs3M9rHNcdAPDvjH7alrtyKaXuxSql2FC6ll1kalOoXVx66aHQXgsW8soIrX8gqTiSdVgl/0BIcg7kEkhiEnyIz74kkGsuiXONySFggmIlEEKiMPtDWku7+mGtNIr8+cDTvDdvZt73q5F23oPdDeC5NZT9SCOOR8SVJKJQ359GRG+11h9RqR23tDg/9u3i/FgSy8v/+SqJJCKeLM6PNa6V1LdH6o3+iPj470n88qX1407Pzk2OlsulqXr79Mz1W6enZ+f+NHF99FrpWunGmXN/GTk7cm74/EjHcv3u84v3v/ndP7+ofP/2D3e/fvXNJC7GQL2vOY961js2FEMrv5Nm3REx2oHr7wdd9Xya80y6Nzkp3eWgAABoK22aw/06CtEVq5O3QnzwSa7BAQAAAB2x3BWxDAAAABxwifU/AAAAHHCN9wE8WZwfa5R835Gwtx5fiojBWv5L9VLr6Y5KddsfPRFx+EkSzR9rTWqn7dhQRDz67Px7WYkWn0PebZWFiPhNq/ufVPMfrH8Sem3+aUQMd2D8oTXtn1P+Fzswft75A/B8enCp9iBb//xLV+Y/0eL5193i2fUs8n7+NeZ/S+vmf6v5d7WZ//17i2Pceev12+36svz/ev8f7zZKNn623VFS2/B4IeK33a3yT1byT9rkf2WLYxR+vF1q15d3/stvRJyM1vk3JBt/P9Hp8Ylyabj2s+UYCx+NvNNu/Lzzz+7/4Tb5b3D/+7N9t566Uvsv9fnf5cv32vVtnn/6ZW/y32qtt77nhdGZmakzEb3Jv9bvP7txvo1jGtfI8j/1+43//1v9/WevCZX630aW+UJ9m7VfXDPm3+7eeX+j/LO1X573/+r2739138tbHOMPH75yql1f8/o3K9n4j5LaWhgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGtKIGIgkLUZEUq2nabEYcSQifhWH0/LN6Zk/jt/8/42rWV/EYPSk4xPl0nBEFGrtJGufqdZX22fXtP8cEcci4rXCoWq7OHazfDXv5AEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAFhxJCIGIkmLEZFGxFIhTYvFvKMCAAAAOm4w7wAAAACAXWf9DwAAAAef9T8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAC77NiJBw+TiKhcOFQtmd56X0+ukQG7Lc07ACA3XXkHAOSmO+8AgNxsc41vugAHULJJf3/bnr6OxwIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADA/nXy+IOHSURULhyqlkxvva+n5Rkn9jA6YDeleQcA5KZro87uvYsD2HvP/C9+tLNxAHuv9RofeJ4km/T3rx5Tebqnb9diAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGD/GaiWJC1GRFqtp2mxGHE0IgajJxmfKJeGI+IXEfFpoacva/flHTQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAdNz07NzlaLpemnqWS7Ox0FRWVpkqyP8KoVfJ+ZQIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIA/Ts3OTo+VyaWo670gAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACAvE3Pzk2OlsulqS1U7m3n4KZK3jkCAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAJCfnwIAAP//198NMw==")
syz_mount_image$fuse(0x0, &(0x7f00000000c0)='./bus\x00', 0x3000009, 0x0, 0x1, 0x0, 0x0)
syz_mount_image$fuse(&(0x7f0000000040), 0x0, 0x804000, &(0x7f00000002c0)={{}, 0x2c, {'rootmode', 0x3d, 0x8000}, 0x2c, {}, 0x2c, {'group_id', 0x3d, 0xee01}, 0x2c, {[], [{@uid_eq={'uid', 0x3d, 0xffffffffffffffff}}, {@mask={'mask', 0x3d, '^MAY_READ'}}]}}, 0x1, 0x0, &(0x7f00000003c0)="1e89a22ae16e6f9d4adcc7b968dc7a1fd7359ea3ffdd1ce00a055a90676b2bac63ff9df3d84f9a2548886793c5ab089253db57b2e21b263741540906a9d38b0459b78a5dbcf2a59344fb29b3387e08badc6d3a7e3add91db36f46e303ef42a084a24725795e3c954fd7d238c625e4b39b75b297e99b27422a51f3435cfcf3a")
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000240)=0x8)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeeb, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
fcntl$lock(0xffffffffffffffff, 0x6, &(0x7f0000002000)={0x1, 0x0, 0x200, 0x2})
fcntl$lock(0xffffffffffffffff, 0x26, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x4})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
mount(&(0x7f0000000300), &(0x7f0000000080)='.\x00', &(0x7f0000000180)='tmpfs\x00', 0x2200cd0, 0x0)
sendmsg$NL80211_CMD_VENDOR(0xffffffffffffffff, 0x0, 0x10)
r3 = openat$rtc(0xffffffffffffff9c, 0x0, 0x140, 0x0)
ioctl$RTC_UIE_ON(r3, 0x7003)
ioctl$RTC_AIE_ON(r3, 0x7001)
socket$inet_udp(0x2, 0x2, 0x0)
mount$overlay(0x0, &(0x7f0000000100)='./file0\x00', &(0x7f0000000680), 0x0, &(0x7f0000000200)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, '.'}}, {@upperdir={'upperdir', 0x3d, './file0'}}]})

52.504542272s ago: executing program 3 (id=417):
r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000840)=ANY=[], 0x50)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0xa, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0xf0667000)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f0000000180)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
ioctl$VHOST_SET_MEM_TABLE(0xffffffffffffffff, 0x4008af03, 0x0)
setitimer(0x1, 0x0, 0x0)
getitimer(0x1, 0x0)
r4 = socket$packet(0x11, 0x3, 0x300)
ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000180)={'bond0\x00'})
r5 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r5, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000380)=ANY=[@ANYRESHEX=r0, @ANYRESOCT=r3, @ANYRES16=r0, @ANYRES32=r2, @ANYRESHEX=r2], 0x60}}, 0x20040481)
getsockopt$ARPT_SO_GET_ENTRIES(0xffffffffffffffff, 0x0, 0x61, 0x0, &(0x7f0000000080)=0x40)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000780)={0x5, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="1804000000000000000000000000000018010000b98bc2c900000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b70300000000000085000000b100000095"], 0x0, 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x40000004}, 0x94)
r6 = openat$ubi_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x8400, 0x0)
ioctl$FS_IOC_SETFLAGS(r6, 0x40186f40, &(0x7f0000000440)=0x1f)
r7 = syz_io_uring_setup(0x1073, &(0x7f0000000300)={0x0, 0xa902, 0x0, 0x6, 0xbfdbfdfc}, &(0x7f0000000000), &(0x7f00000001c0), &(0x7f0000000000))
io_uring_register$IORING_REGISTER_NAPI(r7, 0x1b, 0x0, 0x1)
syz_emit_vhci(&(0x7f0000001480)=ANY=[@ANYBLOB="02c9"], 0x11)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x3, 0x13, &(0x7f0000000580)=ANY=[@ANYBLOB="1800000000000000000000000000000018010000ba20702500000000002003007b1af8ff00000000bf02000008000000b70300000000000085000000b0000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffd3020000088dfe000000b703000000000000854000009b000000950e241c10f778d45722971f8ca0ce43328621cfe77ce576c99af65cb5c88379eacf6a45574aae540c59382cbe0443779f03b63abb031a29ae3196aa8049fe38898f680c5fa42ed548ad89b0095fe163a8b47ca93031141706f4de10a89dce8e481656d2827eb9f99c8f3d359f79d3efef57fcd9581b322c405d6c76f8536d93e6b596c99dfad538e61ff5308c969cd9e172491d496dc977620b207cfa34e69ef966136229e32f7cfb04df4afd00"/319], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sched_cls=0x36, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r8 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000002540), 0x2, 0x0)
write$RDMA_USER_CM_CMD_CREATE_ID(r8, &(0x7f0000000140)={0x0, 0x18, 0xfa00, {0x0, &(0x7f0000000040)={<r9=>0xffffffffffffffff}, 0x111}}, 0x20)
write$RDMA_USER_CM_CMD_SET_OPTION(r8, &(0x7f0000000000)={0xe, 0x18, 0xfa00, @id_tos={&(0x7f0000000080)=0x6, r9, 0x0, 0x0, 0x1}}, 0x20)
ioctl$BTRFS_IOC_DEFAULT_SUBVOL(r8, 0x40089413, &(0x7f0000000180)=0x5)

37.273391971s ago: executing program 32 (id=417):
r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000840)=ANY=[], 0x50)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0xa, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0xf0667000)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f0000000180)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
ioctl$VHOST_SET_MEM_TABLE(0xffffffffffffffff, 0x4008af03, 0x0)
setitimer(0x1, 0x0, 0x0)
getitimer(0x1, 0x0)
r4 = socket$packet(0x11, 0x3, 0x300)
ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000180)={'bond0\x00'})
r5 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r5, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000380)=ANY=[@ANYRESHEX=r0, @ANYRESOCT=r3, @ANYRES16=r0, @ANYRES32=r2, @ANYRESHEX=r2], 0x60}}, 0x20040481)
getsockopt$ARPT_SO_GET_ENTRIES(0xffffffffffffffff, 0x0, 0x61, 0x0, &(0x7f0000000080)=0x40)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000780)={0x5, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="1804000000000000000000000000000018010000b98bc2c900000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b70300000000000085000000b100000095"], 0x0, 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x40000004}, 0x94)
r6 = openat$ubi_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x8400, 0x0)
ioctl$FS_IOC_SETFLAGS(r6, 0x40186f40, &(0x7f0000000440)=0x1f)
r7 = syz_io_uring_setup(0x1073, &(0x7f0000000300)={0x0, 0xa902, 0x0, 0x6, 0xbfdbfdfc}, &(0x7f0000000000), &(0x7f00000001c0), &(0x7f0000000000))
io_uring_register$IORING_REGISTER_NAPI(r7, 0x1b, 0x0, 0x1)
syz_emit_vhci(&(0x7f0000001480)=ANY=[@ANYBLOB="02c9"], 0x11)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x3, 0x13, &(0x7f0000000580)=ANY=[@ANYBLOB="1800000000000000000000000000000018010000ba20702500000000002003007b1af8ff00000000bf02000008000000b70300000000000085000000b0000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffd3020000088dfe000000b703000000000000854000009b000000950e241c10f778d45722971f8ca0ce43328621cfe77ce576c99af65cb5c88379eacf6a45574aae540c59382cbe0443779f03b63abb031a29ae3196aa8049fe38898f680c5fa42ed548ad89b0095fe163a8b47ca93031141706f4de10a89dce8e481656d2827eb9f99c8f3d359f79d3efef57fcd9581b322c405d6c76f8536d93e6b596c99dfad538e61ff5308c969cd9e172491d496dc977620b207cfa34e69ef966136229e32f7cfb04df4afd00"/319], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sched_cls=0x36, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r8 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000002540), 0x2, 0x0)
write$RDMA_USER_CM_CMD_CREATE_ID(r8, &(0x7f0000000140)={0x0, 0x18, 0xfa00, {0x0, &(0x7f0000000040)={<r9=>0xffffffffffffffff}, 0x111}}, 0x20)
write$RDMA_USER_CM_CMD_SET_OPTION(r8, &(0x7f0000000000)={0xe, 0x18, 0xfa00, @id_tos={&(0x7f0000000080)=0x6, r9, 0x0, 0x0, 0x1}}, 0x20)
ioctl$BTRFS_IOC_DEFAULT_SUBVOL(r8, 0x40089413, &(0x7f0000000180)=0x5)

30.729457399s ago: executing program 1 (id=447):
socket$phonet_pipe(0x23, 0x5, 0x2)
syz_io_uring_setup(0x83f, &(0x7f00000000c0)={0x0, 0xa9ee, 0x400, 0x3, 0x8002ae}, &(0x7f0000000140), &(0x7f0000000280), &(0x7f0000000000))
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000280)=0x8)
socket$inet6_icmp(0xa, 0x2, 0x3a)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r3 = socket$inet6_tcp(0xa, 0x1, 0x0)
close(r3)
r4 = socket$inet6_mptcp(0xa, 0x1, 0x106)
r5 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000000)={'batadv_slave_1\x00'})
bind$inet6(r3, &(0x7f0000000040)={0xa, 0x4e22, 0x0, @empty, 0x1}, 0x1c)
listen(r4, 0x0)
r6 = socket$inet_mptcp(0x2, 0x1, 0x106)
connect$inet(r6, &(0x7f0000000000)={0x2, 0x4e22, @empty}, 0x10)
r7 = accept(r3, 0x0, 0x0)
sendmsg$TEAM_CMD_OPTIONS_SET(r7, 0x0, 0x1)
recvfrom(r6, &(0x7f0000000180)=""/60, 0xfffffffffffffecb, 0x4100, 0x0, 0x500)

26.996128815s ago: executing program 5 (id=454):
syz_mount_image$udf(&(0x7f0000000080), &(0x7f0000000100)='\x13\x13w\xc5\xfc5\xd4\x14T\xd5\xd4\x1d)\xad\x1a`)Y\x81F\xe6\xbe\x16nA\xad\r\xbd@T\x03<\x9f3\xbb\xda\x82$\xa2\xf3\xd7r\xe7cnH\xb3<\xbfp\x83r\xe8\xf1\xb9\x93>\xc5\x12wC\xbe\"\x06 \x9e\xf0-\xf9\xcb\xf2\xf6\xe8\x80\xd38/\x00', 0xa00004, &(0x7f0000001bc0)=ANY=[@ANYBLOB='adinicb,mode=00000000000000000000006,iocharset=cp862,uid=', @ANYRESDEC=0x0, @ANYBLOB=',novrs,unhide,mode=00000000000000000000010,noadinicb,adinicb,gid=forget,lastblock=00000000000000000003,gid=', @ANYRESDEC=0x0, @ANYBLOB=',uid=', @ANYRESDEC=0x0, @ANYBLOB=',s?bj_user=^[,smackfshat=utf8,dont_measure,smackfsdef=]/,uid=', @ANYRESDEC=0x0, @ANYBLOB=',smackfsfloor=%*,\x00'], 0x1, 0xc4d, &(0x7f0000000f40)="$eJzs3U9sHNd9B/DfGy3FldxWTJwqThoHm7ZIZcZy9S+mYhXuqqbZBpBlIhRzC8CVSKkLUyRBUo1spAXTSw89BCiKHnIi0BoFUjQwmiLokWldILn4UOTUE9HCRlD0wBYBAhQwWMzsW3FJkbYskhIlfz429Z2deW/mvZn1jCzozQsAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIOL3Xr546nTaZsOhh9AYAOCBuDz2tVNntnv+AwCPrSs7/f8/AAAAAAAAAAAAAABwUKQo4slIMXd5LU1Unzvql9p9t26PD49sX+1IqmoeqsqXP/XTZ86e+/LzQ+e7eak98wH199pn49WxKxcbL83enJufWliYmmyMz7SvzU5O3fMedlt/q8HqBDRuvnZr8vr1hcaZ585u2nx74L3+J44PXBh65uTT3bLjwyMjYxtF6r3la/fdkI6dRngcjiJORopnv/+z1IqIInZ/LuoP9tpvdaTqxGDVifHhkaoj0+3WzGK5cbR7IoqIRk+lZvccbX8totb3QPuws2bEUtn8ssGDZffG5lrzravTU43R1vxie7E9OzOaOq0t+9OIIs6niOWIWO2/e3d9UUQtUnz32Fq6mt/6UZ2HL1UDg3duR7GPfbwHZTsbfRHLxSNwzQ6w/ijilUjx87dPxLV8n6nuNV+MeKXMH0a8WeaLEan8YpyLeHeb7xGPploU8efl9b+wliar+0H3vnLp642vzlyf7Snbva98xOfDXXeKh/R8OLIlH4wDfm+qRxGt6o6/lu7/NzsAAAAAAAAAAAAAAAAA7LUjUcRnIsXL//ZH1bjiqMalH7sw9PsDv9w7ZvypD9lPWfa5iFgq7m1M7uE8MHA0jab0kMcSf5zVo4g/zuP/vv2wGwMAAAAAAAAAAAAAAAAAAPCxVsRPI8UL75xIy9E7p3h75kbjSuvqdGdW2O7cv90509fX19cbqZPNnBM5l3Iu51zJuZozilw/ZzPnRM6lnMs5V3Ku5oxDuX7OZs6JnEs5l3Ou5FzNGbVcP2cz50TOpZzLOVdyruaMAzJ3LwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADA46SIIt6PFN/55lqKFBHNiIno5Er/w24dAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAFDqT0X8IFI0/qB5Z10tIlL1b8eJ8pdz0Txc5iejOVTmi9G8mLNVZa357YfQfnanLxXxk0jRX3/rzgXP17+v8+nO1yDe/NbGp8/WOnmou3Hgvf4njh+7MDTy+ad2Wk7bNWDwUnvm1u3G+PDIyFjP6lo++id71g3k4xZ703UiYuH1N15rTU9Pzd//QvkVuM/q3Su5i6M/yIVUe2SaamEvFqJ2IJrxcPq+Sf1h3JzYd+Xz/91I8dvv/Hv3gd95/tfjlzqf7jzh4xd/svH8f2Hrju7x+V/bWi8//8snwXbP/yd71r2QfzfSV4uoL96c6zseUV94/Y2T7ZutG1M3pmbOnTr1laGhr5w91Xc4on69PT3Vs7QnpwsAAAAAAAAAAAAAAADgwUlF/G6kaP1kLTUi4nY1XmvgwtAzJ58+FIeq8Vabxm2/OnblYuOl2Ztz81MLC1OTjfGZ9rXZyal7PVy9Gu41PjyyL535UEf2uf1H6i/Nzr0+377xh4vbbj9av3h1YXG+dW37zXEkiohm75rBqsHjwyNVo6fbrZmq6ui2g+k/ur5UxH9EimvnGukLeV0e/791hP+m8f9LW3e0h+P/P390Y/zfJ3qKlsdMqYhfRIrf+oun4gtVO4/GXecsl/ubSDF4/nO5XBwuy3Xb0HmvQGdkYFn2fyLFP7y/uWx3POSTG2VPf6ST+wgor/+xSPGDP/te/Hpet/n9D9tf/6Nbd7RP73/4VM+6o5veV7DrrpOv/8lI8eKTb8VvVGv+7wPf/9F9Y8OJTuGN93Ps0/X/1Z51A/m4v7lXnQcAAAAAAAAAAHiE9aUi/jZS/Giklp7P6+7l7/9Nbt3RPv39r0/3rJvcm/mKPnRh1ycVAAAAAA6IvlTETyPFjcW37oyh3jz+u2f85+9sjP8cTlu2Vn/O9yvVewP28s//eg3k407svtsAAAAAAAAAAAAAAAAAAABwoKRUxPN5PvWJajz/5I7zqa9Eipf/69lcLh0vy3XngR+ofq1fnp05eXF6erYei62r01ONsbnWtamy7qcixdpffy7XLar51bvzzXfmeN+Yi30+Uoz8XbdsZy727tzknfnA6+vrEafLsp+IFP/595vL5qmp89zR1X7PlGX/KlJ845+2L3t8o+zZsuz3IsWPv9Holj1alu2+H/XTG2WfuzZb7MNVAQAAAAAAAAAAAAAAAAAA4OOmLxXxp5Hiv28u3xnLn+f/7+v5WHnzWz3z/W9xu5rnf6Ca/3+n5fuZ/796r8DSTkcFAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIDHU4oi3ogUc5fX0kp/+bmjfqk9c+v2+PDI9tWOpKrmoap8+VM/febsuS8/P3S+mx9cf699Jl4du3Kx8dLszbn5qYWFqcnG+Ez72uzk1D3vYbf1txqsTkDj5mu3Jq9fX2icee7sps23B97rf+L4wIWhZ04+3S07PjwyMtZTptZ330e/S9ph/eEo4i8jxbPf/1n6UX9EEbs/Fx/y3dlvR6pODFadGB8eqToy3W7NLJYbR7snooho9FRqds/RA7gWu9KMWCqbXzZ4sOze2FxrvnV1eqox2ppfbC+2Z2dGU6e1ZX8aUcT5FLEcEav9d++uL4p4LVJ899ha+uf+iEPd8/Cly2NfO3Vm53YU+9jHe1C2s9EXsVw8AtfsAOuPIv4xUvz87RPxL/0Rtej8xBcjXinzhxFvRud6p/KLcS7i3W2+RzyaalHE/5bX/8Jaeru/vB907yuXvt746sz12Z6y3fvKI/98eJAO+L2pHkX8uLrjr6V/9d81AAAAAAAAAAAAAAAAwAFSxK9FihfeOZGq8cF3xhS3Z240rrSuTneG9XXH/nXHTK+vr683UiebOSdyLuVczrmSczVnFLl+zmaZ9fX1ifx5KedyzpWcqznjUK6fs5lzIudSzuWcKzlXc0Yt18/ZzDmRcynncs6VnKs544CM3QMAAAAAAAAAAAAAAAAAAB4vRfVPiu98cy2t93fml56ITq6YD/Sx9/8BAAD//9kg9g0=")
sendmsg$NFT_BATCH(0xffffffffffffffff, 0x0, 0x0)
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
r1 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000016c0)=@newsa={0x138, 0x10, 0x1, 0xfff7fffe, 0x100, {{@in6=@initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, @in6=@private1={0xfc, 0x1, '\x00', 0x1}, 0x1, 0x714, 0x4e23, 0x5, 0x0, 0x0, 0x0, 0x3a}, {@in=@local, 0x4d4, 0x6c}, @in=@loopback, {0x0, 0x192, 0x6, 0xffff, 0x8251c, 0x2, 0xfffffffffffffff8}, {0xffffffffffffffff, 0x0, 0x1f, 0xfffffffffffffffe}, {0x2, 0xfffffffc, 0x40}, 0x70bd2a, 0x3504, 0x2, 0x1, 0x0, 0x20}, [@algo_comp={0x48, 0x3, {{'deflate\x00'}}}]}, 0x138}, 0x1, 0x0, 0x0, 0x8801}, 0x0)
sendmsg$nl_xfrm(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000500)=@newsa={0x138, 0x10, 0x1, 0xfffffffe, 0x100, {{@in6=@initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, @in6=@private1={0xfc, 0x1, '\x00', 0x1}, 0x1, 0x714, 0x4e23, 0x5, 0x0, 0x0, 0x0, 0x3a}, {@in6=@mcast2, 0x4d4, 0x6c}, @in=@loopback, {0x0, 0x192, 0x6, 0xffff, 0x8253c, 0x2, 0xfffffffffffffff8}, {0xffffffffffffffff, 0x0, 0x1f, 0x1}, {0x2, 0x8}, 0x70bd2a, 0x3504, 0x2, 0x1, 0x0, 0x20}, [@algo_comp={0x48, 0x3, {{'deflate\x00'}}}]}, 0x138}, 0x1, 0x0, 0x0, 0x8801}, 0x0)
r2 = socket$key(0xf, 0x3, 0x2)
sendmsg$key(r2, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000340)=ANY=[@ANYRESHEX=r0, @ANYRES8=r2], 0x10}}, 0x2400c092)
r3 = io_uring_setup(0x1c79, 0x0)
sendmmsg$inet6(0xffffffffffffffff, &(0x7f0000003440)=[{{0x0, 0x0, &(0x7f0000000b40)=[{&(0x7f0000000000)="f2", 0x1}], 0x1}}], 0x1, 0x0)
getsockopt$IP_VS_SO_GET_VERSION(r1, 0x0, 0x480, &(0x7f00000000c0), &(0x7f0000000280)=0x40)
mprotect(&(0x7f0000000000/0xf000)=nil, 0xf000, 0x1)
openat(0xffffffffffffff9c, &(0x7f0000000000)='./file1\x00', 0x88040, 0x0)
fgetxattr(r3, &(0x7f00000002c0)=@random={'osx.', ']-\x00'}, &(0x7f0000000300)=""/10, 0xa)
openat$binfmt_format(0xffffffffffffff9c, &(0x7f0000001c80)='/proc/sys/fs/binfmt_misc/syz1\x00', 0x2, 0x0)
syz_io_uring_setup(0x49a, &(0x7f00000000c0)={0x0, 0x79af, 0x400, 0x8000, 0x40024e}, 0x0, 0x0, &(0x7f0000000000))
r4 = socket$nl_route(0x10, 0x3, 0x0)
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000006680))
r5 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cpu.stat\x00', 0x275a, 0x0)
ftruncate(r5, 0x8008976)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, r5, 0x0)
r6 = openat$iommufd(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
ioctl$IOMMU_IOAS_ALLOC(r6, 0x3b81, &(0x7f00000000c0)={0xc, 0x0, <r7=>0x0})
ioctl$IOMMU_TEST_OP_MOCK_DOMAIN(r6, 0x3ba0, &(0x7f0000000100)={0x48, 0x2, r7, 0x0, 0x0, 0x0, <r8=>0x0})
ioctl$IOMMU_HWPT_ALLOC$NONE(r6, 0x3b89, &(0x7f0000000180)={0x28, 0x1, r8, r7, <r9=>0x0, 0x0, 0x0, 0x0, 0x0})
ioctl$IOMMU_HWPT_ALLOC$TEST(r6, 0x3b89, &(0x7f0000000200)={0x28, 0x0, r8, r9, <r10=>0x0, 0x0, 0xdead, 0x4, &(0x7f0000000240)})
ioctl$IOMMU_HWPT_INVALIDATE$TEST(r6, 0x3b8d, &(0x7f00000001c0)={0x20, r10, 0x0})
madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x15)
cachestat(r5, &(0x7f00000001c0)={0x7}, &(0x7f0000000200), 0x0)
sendmsg$nl_route(r4, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000100)=ANY=[@ANYBLOB="240000002100010000000000000000000a000000000000000000000008001b"], 0x24}}, 0x0)

25.796488328s ago: executing program 0 (id=456):
r0 = socket(0x10, 0x3, 0x0)
syz_genetlink_get_family_id$ethtool(&(0x7f0000000200), r0)
getsockname$packet(r0, &(0x7f00000002c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, 0x0)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
r2 = socket$inet6_sctp(0xa, 0x801, 0x84)
sendmmsg$inet6(r2, &(0x7f0000002680)=[{{&(0x7f0000000000)={0xa, 0x0, 0x0, @private1}, 0x1c, &(0x7f0000000300)}}], 0x1, 0x4010)
setsockopt$inet_sctp6_SCTP_DEFAULT_SNDINFO(r2, 0x84, 0x22, &(0x7f0000000240)={0x5, 0x2, 0x5, 0x1b}, 0x10)
r3 = syz_genetlink_get_family_id$ipvs(&(0x7f0000000040), 0xffffffffffffffff)
sendmsg$IPVS_CMD_ZERO(r1, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000080)={0x14, r3, 0x1, 0x400, 0x4}, 0x14}}, 0x0)
sendmsg$IPVS_CMD_DEL_SERVICE(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000280)={0x18, r3, 0x800, 0x70bd2d, 0x25dfdbfb, {}, [@IPVS_CMD_ATTR_DAEMON={0x4}]}, 0x18}, 0x1, 0x0, 0x0, 0x40000}, 0x8c0)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
r5 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000040), 0xffffffffffffffff)
sendmsg$ETHTOOL_MSG_DEBUG_SET(r4, &(0x7f0000001540)={0x0, 0x0, &(0x7f0000001500)={&(0x7f0000000880)=ANY=[@ANYBLOB, @ANYRES16=r5, @ANYBLOB="0100000000000003000008000000180001801400020073797a5f74756e00000000000000000024000280040001001c000380"], 0x50}}, 0x0)
sendmsg$ETHTOOL_MSG_EEE_SET(r0, &(0x7f00000003c0)={&(0x7f00000000c0), 0xc, &(0x7f0000000640)={&(0x7f0000000680)=ANY=[], 0x1cc}, 0x1, 0x0, 0x0, 0x40c0}, 0x20008801)
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.net/syz1\x00', 0x1ff)
openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0)
pipe(&(0x7f0000000080)={<r6=>0xffffffffffffffff, <r7=>0xffffffffffffffff})
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={<r8=>0xffffffffffffffff})
pipe(&(0x7f0000000000)={0xffffffffffffffff, <r9=>0xffffffffffffffff})
socket$kcm(0x2, 0xa, 0x2)
write(r7, &(0x7f0000000240)="94", 0x1)
vmsplice(r9, &(0x7f0000000380)=[{&(0x7f0000013580)="0dd2e7c8926dc6acd0ae6c178054e95986faff9544de5fc4c30adf404da41181a77466ac5075905ea5f50134fdd517a957fe2ee59b61f9fe8d7aabe595ea23de2723e437af0423a56686a4c2d957be1a0ab922fbbd3cb1d8c6ab0d58440a327c8eb05d445b4ac5f20abe449e4084f8b996268d0564f67980d3ed3479e0edfe5cec7b4f89bface391c9c4c58ad123b91c33173c72326d1df18804a9ea20f9ece48f784d8ca2318e3d2b316666b5dfb7295c4915989d", 0xb5}], 0x1, 0x0)
tee(r6, r9, 0x8f5, 0x0)
write(r8, 0x0, 0x0)
socket$nl_netfilter(0x10, 0x3, 0xc)

24.7616055s ago: executing program 1 (id=458):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0xa, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000280)=0x8)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeea, 0x8031, 0xffffffffffffffff, 0x28f43000)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f0000000180)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r3 = socket$inet6_tcp(0xa, 0x1, 0x0)
bind$inet6(r3, &(0x7f0000000300)={0xa, 0x2, 0xfffffffc, @empty, 0x80000001}, 0x1c)
sendto$inet6(r3, 0x0, 0x0, 0x20000845, &(0x7f0000b63fe4)={0xa, 0x2}, 0x1c)
r4 = dup(r3)
sendto$packet(r4, &(0x7f0000000400), 0xfffffd23, 0x24005010, 0x0, 0x0)
connect$unix(r4, &(0x7f0000000240)=@abs={0x0, 0x0, 0x4e22}, 0x6e)

22.881609738s ago: executing program 0 (id=459):
r0 = socket$xdp(0x2c, 0x3, 0x0)
setsockopt$XDP_UMEM_REG(r0, 0x11b, 0x4, &(0x7f0000000080)={&(0x7f00000000c0)=""/13, 0x214000, 0x800}, 0x20)
setsockopt$XDP_TX_RING(r0, 0x11b, 0x3, &(0x7f00000001c0)=0x800, 0x4)
r1 = socket$tipc(0x1e, 0x2, 0x0)
setsockopt$XDP_UMEM_COMPLETION_RING(r0, 0x11b, 0x6, &(0x7f0000000040)=0x20000, 0x4)
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000400)={'dummy0\x00', <r2=>0x0})
setsockopt$XDP_UMEM_FILL_RING(r0, 0x11b, 0x5, &(0x7f0000000140)=0x4000, 0x4)
bind$xdp(r0, &(0x7f0000000100)={0x2c, 0x0, r2}, 0x10)

22.324000088s ago: executing program 1 (id=462):
bpf$ITER_CREATE(0x21, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
futex_waitv(&(0x7f0000000180)=[{0x0, &(0x7f0000000000), 0x2}], 0x1, 0x0, 0x0, 0x0)
futex(&(0x7f0000000140), 0x5, 0x0, 0x0, &(0x7f0000000000), 0x0)
mremap(&(0x7f000054e000/0x1000)=nil, 0x1000, 0x3000, 0x3, &(0x7f000022c000/0x3000)=nil)
r3 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r3, 0x0, 0x4000)
openat$audio(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0)

20.726151029s ago: executing program 5 (id=463):
bpf$MAP_CREATE(0x0, &(0x7f0000000380)=@base={0x2, 0x15b, 0x5, 0x1, 0x0, 0xffffffffffffffff, 0xffff, '\x00', 0x0, 0xffffffffffffffff, 0x4, 0x4, 0x1}, 0x50)
setsockopt$inet6_icmp_ICMP_FILTER(0xffffffffffffffff, 0x1, 0x1, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000200)={0x4, 0xe4}, 0x0)
sched_setscheduler(0x0, 0x2, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0)
r0 = syz_open_dev$MSR(&(0x7f0000000140), 0x1400, 0x0)
read$msr(r0, &(0x7f0000032680)=""/102392, 0x18ff8)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x42, 0x0)
r2 = creat(&(0x7f0000000000)='./file1\x00', 0xf8)
r3 = fanotify_init(0xf00, 0x1)
fanotify_mark(r3, 0x105, 0x40009975, r2, 0x0)
fallocate(r1, 0x0, 0x1000000, 0x3)
mmap(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x27ffff7, 0x4012011, r1, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000017c0)={0x1, 0xe, &(0x7f0000000ac0)=ANY=[@ANYBLOB="b700000081000000bfa30000000000000703000006feffff720af0fff8ffffff71a4f0ff000000002d030000000000001d400500000000004704000001ed000072030000000100001d44000000000000db0a00fee10000007303000000000000b500feff000000009500000000000000023bc065b58111c6dfa041b63af4a3912435f1a864a710aad58db6a693002e7f3be361917adef6ee1c8a2a4f8ef1e50becb19bc461e91a7168c50000000190f32050e436fe275daf51efd601b6bf01c8e8b1b526375ec4dd6fcd82e4fee5bef7af9aa0d7d600c095199fe3ff3128e599b0eaebbdbd732c9cc00eec363e4a8f6456e2cc21557c0afc646cb7798b3e6440c2fbdb00a3e35208b0bb0d2cd829e654400e2438ec649dc74a28610643a98d9ec21ead2ed51b104d4d91af25b845d8a7925c3109b151b8b9f75dd08d123deda88c658d42ecbf28bf7076c15b463bebc72f526d8e8afcb913466aaa7f6df70252e79166d858fcd0e06dd31af9612f2460d0b11008e59a5923906f88b53987ad1714e72ba7a54f0c33d39000d06a59ff616236fd9aa58f2477184b6a89adaf17b0a6041bdef728d236619074d6ebdfd1f5089048ddff6da40f9411fe722631cb467600ade70063e5291569b33d21dae356e1c51f03a801be8189679a16da18ec0ae564162a27afea62d84f3a10746443d6438e959532e0617d419c6bc6ea9f2bca4464f56e24e6d2105bd901204a1deeed4155617572652d950ad31928b0b0c3dc2869f478341d02d0f5ad94b081fcd507acb4b9c65fee9d5a17f48a7382f13d000000225d85ae49cee383dc5049076b989b40000000000000da60d2ae20cfb91d6a49964757cdf538f9ce2bdb1ab062cd54e67011d355d84ce97bb0c6b4a595e487efbb2d71cde2c140952f9a0f0bc6980fe78683ac5c0c31032599ddd71063be9261b2e1aab1675b34a22048ef8c126aeef5f510a8f1aded94a129e4aec6f8d9ab06faffc3a15d96c2ea3e2e04cfe031b2875353193f82ade69d0540059fe6c7fe7cd8697502c7596566d674e425da5e87e59602a9f6590521d31d3804b3e0a1053abdc31282dfb15eb6841bb64a1b304502dda787343ce3c953992e4a982f3c48153baae244e7bf37548c7f1a4cad2422ee965a38f7defbd2160242b104e20dc2d9b0c35608d402ccdd9069bd50b994fda7a9de44028d6112a0c2d21b2dc98816106dec28eaeb883418f562ae00003ea96d10f172c0374d6eed826416050000000bfe9b4a9c5a90ff59d54d1f92ecc4e95dd2d18383117c039862198899b212c55318294270a1ad10c80fef7c24d47afce829ba0f85da6d888f18ea40ab959f6074ab2a40d85d15017ab513cdc6c0e57fb1c1ca571380d7b4ead35a385e0b4a26b702396df7e0c1e02b6e4114f244a9bf93f04bf072f0861f7580e69db384ac7eeedcf2ba1a9508f9d6aba582a896a9f1ffa968eacea75caf822a7a63ba34015ea5aacb1188883ad2a3b1832371fe5bc621426d1ed0a4a99702cc1b6912a1e717d29135753208165b9cdbae2ed9dc7358f0ebadde0b727f27feeb744ddcc536cbae315c7d1fe1399562ba6824840bd2951680f6f2f9a6a8346962a350845ffa0d829e4f79adc287906943408e6df3c391e97ba48db0a5adbfd03aac93df8866fb010aec0e92bed1fe39af169d2a466f0db6f3d9436a7d55fc30511d00000000c95265b2bd83d64a532869d701723fedcbada1ee7baa5b6a686b50f0937f778af083e055f6138a757ebd0ed91124a6b244f9acf41ac5d73a008364e0606a594817031fc2f52c8785fe0721719b3d654026c6ea08b83b123145ab5703dad844ceb201ddeb6dc5f6a903792283c42efc54fa84323afc4c10eff462c8843187f1dd48ef3fa293774d582956ff0f40b10ca94f6feeb2893c17888e1cdba94a6ea80c33ead5722c3293a493f1479531dd88261458f40d31fe8df15efaaeea831555877f9538d6ee6ba65893ff1f908ba7554ba583fef3ec7932f5954f31a878e2fae6691d1aee1da02ba516467df3e7d1daac43738012e4fee18a22da19fcdb4c2890cda1f96b952511e3a69d694d625e0b2f808890205f3a6da2819d2f9e77c7c64affa54fec0136cbafa5f62e96753b639a924599c1f69219927ea5301fff0a6063d427f0688430754c02180d61542c2571f983e9673560000000000000000005a7b57f03ca91a01ba2e30ca99e8ebc15ecb4d91675767999d146aef7799738b292fd640dfef6b04d086f737a159d7e0c6e4d81ad64a8bbca48568325b2969e2b15f36b788bce5ccdbaf75c94cb93499f6947a967a7bce14c6de4e7c0660d80010f5c653d22d49030a8c2a4ab595bf4238f18ca428dafc7ac96d404607a0000000051a2104f22e6db5a62b5089c1b45282d38864daa3ae81d6b0968d1d2867b91b7d120617d12d91db2633d6864da40b54783a17aaeb6737c323f9f98e354cc98dcfe23ad01bd1c61563e69ffe1c2c73e1661261173f359e93d2c5e424c17998809ec8f0232b3955e052a4cecd89008f70314a0bdd491ec86a4555d89fe0120f64c62e8e3ed8bcb45202c3d4bbec8d722824c0ebca8db1ea4a003d2fbdc1f9be78537756ab5bbe4fe9af5d785d0128171c90d9900ce2532b0f9d01c4b45294fbba468df3e1b393cb4e62e754598e47df6bd06431c94bc5d047899fd219f448bf9189c65c9d91eda6b52a373803a9efe44f86909bc90addb7b9aee813df534aac4b3093c91b8068cd849904568916694d461b76a58d88cf0f520310a1e9fdc18cde98d662eee077515d0a8811922929e085392ab3d1311b8243266d87047f601fa88a0da36b9f302e8262395174328f2482d14008de83070744f143fdec90ba5a82668d5fac114c13955ad6dca5db2231d8ba14c54c47ed04a4b4ace17e357e1d6432399f87a7a14245bbd796a09313b247b95d37ff40a404bdad74bd20000000000000000000099fef7cd7af3ce64a92f95d89d125b1e641240d7e5e27a3d1f7684448c3e3822d617e205061298b939a191be4b48e169bde2cae3accc5bd40a2968b59c93d35f8e42366fdef9a2abae1cf01ce68abff28861aac8302d268569dd42e194e330c7aaa54ebbcefd23f21ce8153b9926e12e925cb56119df72c7533a48d028ad0c74e2a9478fa3be18a1a2b65079cc1c7bc46dd12305a1ae9dd19e8d525206c0a728cfd42193abe8130bc01a2d69841f3d7799ac04bdc590bb1c89b9c695f163e57343c9bfb59909433c9001c5f8b23e38534a538fc933cac6c2a92d038df638a0f226df9fb857bd414c2cd69985e8053e3dfa41614d7c74d04d8c2471041d17c730fad28395f8d4688898cd58b9d600c851626529bb58aa364b55e73f053450665e7b94ad1012fd7a8139166fd5e59c84f4ab279b1b99c028db4cb9680c8035f967db18de738844da7e260a830c1ffa49f5af3c15423a0e315acb82a3e89218cb314e68fd"], &(0x7f00000001c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8, 0x10, &(0x7f0000000000), 0x10}, 0x94)

20.512103129s ago: executing program 4 (id=465):
bpf$ITER_CREATE(0x21, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
futex_waitv(&(0x7f0000000180)=[{0x0, &(0x7f0000000000), 0x2}], 0x1, 0x0, 0x0, 0x0)
futex(&(0x7f0000000140), 0x5, 0x0, 0x0, &(0x7f0000000000), 0x0)
mremap(&(0x7f000054e000/0x1000)=nil, 0x1000, 0x3000, 0x3, &(0x7f000022c000/0x3000)=nil)
openat$audio(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0)

19.713127209s ago: executing program 1 (id=466):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x6)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r3 = socket$inet(0x2, 0xa, 0x10000)
recvfrom$inet(r3, 0x0, 0x0, 0x0, 0x0, 0x0)
ioctl$sock_inet_SIOCADDRT(r3, 0x890b, 0x0)
r4 = socket$inet_tcp(0x2, 0x1, 0x0)
r5 = gettid()
clock_nanosleep(0xfffffff2, 0x225c17d03, &(0x7f0000000140)={0x77359400}, 0x0)
rt_sigqueueinfo(r5, 0x21, &(0x7f0000002d00)={0x0, 0x0, 0xffffffff})
bpf$OBJ_GET_MAP(0x7, &(0x7f0000000180)=@generic={&(0x7f0000000100)='./file0\x00'}, 0x18)
setsockopt$inet_tcp_buf(r4, 0x6, 0x21, &(0x7f0000000280)="dc8daf8d760c0b8caa98fa19c6a35a18", 0x10)
ioctl$FS_IOC_FSSETXATTR(0xffffffffffffffff, 0x401c5820, &(0x7f0000000080)={0x18})
ioctl$FS_IOC_SETFLAGS(0xffffffffffffffff, 0x40086602, &(0x7f00000000c0)=0x40)
process_vm_readv(r0, &(0x7f0000000440)=[{&(0x7f0000000000)=""/21, 0x15}, {&(0x7f0000000300)=""/182, 0xb6}], 0x2, &(0x7f0000000980)=[{0x0}, {&(0x7f0000000680)=""/177, 0xb1}, {&(0x7f0000000740)=""/110, 0x6e}, {&(0x7f00000007c0)=""/218, 0xda}, {&(0x7f00000008c0)=""/153, 0x99}], 0x5, 0x0)
openat$binfmt_register(0xffffffffffffff9c, &(0x7f0000000240), 0x1, 0x0)
fcntl$dupfd(0xffffffffffffffff, 0x0, 0xffffffffffffffff)

18.533961811s ago: executing program 4 (id=468):
syz_usb_connect$lan78xx(0x3, 0x0, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x6, 0x100000b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x5)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x80202, 0x0)
r0 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r0, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched_retired(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x8080}, 0x9080)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
write$uinput_user_dev(0xffffffffffffffff, &(0x7f0000000380)={'syz1\x00', {0x0, 0x7fff, 0x2, 0x2}, 0x51, [0x3ff, 0x2, 0x10000, 0x0, 0x7ca6, 0x9, 0xc2ad, 0x4, 0x9, 0x9, 0x5, 0x9, 0x8, 0x200, 0x5, 0x3, 0x7, 0x5, 0xfffffff9, 0x6, 0x3, 0xfff, 0x100, 0x4152, 0x8b3, 0x9, 0x861, 0x7, 0x5, 0x0, 0x3c, 0x4, 0x1005, 0x4, 0x8, 0x1ff, 0x8, 0x8, 0xd5bb, 0x3, 0x1, 0x9de9, 0x8, 0x3, 0x3, 0x7f, 0x5, 0x8, 0x0, 0x1, 0x3ff, 0x6, 0x2e, 0x800, 0x846c, 0x3, 0x6, 0x31b, 0x8, 0xa, 0x1, 0x7, 0xffffffff, 0x3], [0x4a, 0x19a78cbf, 0xe936, 0x8, 0xf6, 0xfffffff7, 0x2, 0x7d, 0x10001, 0x8, 0x3ff, 0x1, 0x7, 0x8f, 0x1, 0x2, 0x1ff, 0x200, 0x6f8, 0x7, 0xd, 0x7, 0x100788, 0x6, 0x0, 0x0, 0x8, 0x3, 0x5, 0x2, 0xa, 0x7, 0x80, 0x5aa, 0xfffff000, 0x400, 0x2, 0x7, 0x6, 0x6, 0x5, 0x3, 0x87, 0x22e2, 0x4, 0xffffffff, 0x7, 0x1fd, 0x6, 0x10001, 0x9e, 0x1, 0x5, 0x101, 0xfffffffa, 0x0, 0x2, 0x2, 0x6, 0x1ff, 0x8, 0x3, 0x6], [0x2, 0x94da, 0xffffffff, 0x7, 0xc0000, 0x4, 0x4, 0xfffffffa, 0x6, 0x7, 0xea, 0x7, 0x6, 0x400, 0xfffeffff, 0xfc000000, 0x8, 0x8, 0xd1, 0x2, 0xb66, 0x3, 0x4, 0x52c, 0x4, 0x10001, 0xfffffff8, 0x2, 0x9, 0x1, 0x7, 0xe86, 0x8, 0x20000100, 0x7, 0x1, 0x746a6ffd, 0x3, 0x4, 0x0, 0x1, 0x45a6c325, 0x8, 0x10000, 0x1000, 0x2, 0x5, 0x0, 0x2, 0x2, 0x1, 0x8, 0x2, 0x2, 0x81, 0x200, 0x3ff, 0xffffffcc, 0x6, 0xa000000, 0x8, 0xfff, 0x4000, 0x2], [0x8, 0x7, 0xffffffff, 0xfffffffc, 0x8000, 0x2, 0x74d6, 0x1ff, 0xfffffffe, 0x10, 0x5e, 0x0, 0x8, 0x8, 0x5, 0x8, 0xfb, 0xf25, 0xd, 0x1ff, 0x2, 0x95, 0x9, 0x9, 0x1, 0xc, 0xffff6f9e, 0x4, 0xfffffff7, 0x10000, 0x7, 0x52a, 0x5, 0xc1a0, 0x4, 0x8, 0x3, 0x9, 0x5, 0xb7af, 0x3, 0x4, 0x0, 0x1ff8, 0x2, 0x7, 0x6, 0x7ffffffd, 0x8, 0x7, 0x7fffffff, 0xd, 0x40, 0x3ff, 0xc, 0x1ff, 0x9, 0x6, 0x0, 0x1000, 0x9, 0x2, 0x9, 0x4]}, 0x45c)
listen(r1, 0x90004)
r3 = syz_genetlink_get_family_id$nbd(&(0x7f00000000c0), 0xffffffffffffffff)
sendmsg$NBD_CMD_CONNECT(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000003c0)=ANY=[@ANYBLOB='h\x00\x00\x00', @ANYRES16=r3, @ANYBLOB="010000000000000000000100000008000100400000000c000200700f0000000000000c00060003000000000000000a000a00272d5d29212b0000140007"], 0x6c}}, 0x0)
mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1)
sendmsg$TIPC_NL_KEY_SET(r2, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x4000004}, 0x0)
modify_ldt$write2(0x11, &(0x7f0000000100)={0x81, 0x0, 0x4000, 0x1}, 0x10)

18.225448976s ago: executing program 2 (id=469):
syz_usb_connect$lan78xx(0x3, 0x0, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x6, 0x100000b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x5)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x80202, 0x0)
r0 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r0, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched_retired(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x8080}, 0x9080)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
sendto(0xffffffffffffffff, 0x0, 0x0, 0x810, 0x0, 0x0)
listen(r1, 0x90004)
r3 = syz_genetlink_get_family_id$nbd(&(0x7f00000000c0), 0xffffffffffffffff)
sendmsg$NBD_CMD_CONNECT(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000003c0)=ANY=[@ANYBLOB='h\x00\x00\x00', @ANYRES16=r3, @ANYBLOB="010000000000000000000100000008000100400000000c000200700f0000000000000c00060003000000000000000a000a00272d5d29212b0000140007"], 0x6c}}, 0x0)
mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1)
sendmsg$TIPC_NL_KEY_SET(r2, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x4000004}, 0x0)
modify_ldt$write2(0x11, &(0x7f0000000100)={0x81, 0x0, 0x4000, 0x1}, 0x10)

17.453900226s ago: executing program 0 (id=470):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
r1 = socket$netlink(0x10, 0x3, 0x0)
socket$alg(0x26, 0x5, 0x0)
bpf$BPF_PROG_TEST_RUN(0xa, 0x0, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000180)={0xffffffffffffffff, <r2=>0xffffffffffffffff})
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000240)={'veth0_vlan\x00', <r3=>0x0})
sendmsg$kcm(0xffffffffffffffff, 0x0, 0x48000)
r4 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_tcp_int(r4, 0x6, 0x13, 0x0, 0x0)
r5 = bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f00000005c0)=@bpf_lsm={0x1d, 0x2, &(0x7f0000000780)=@raw=[@alu={0x4, 0x1, 0xb, 0x0, 0x9, 0x1, 0x8}, @jmp={0x5, 0x0, 0x5, 0xa, 0x0, 0x8, 0xffffffffffffffff}], &(0x7f0000000380)='syzkaller\x00', 0xc, 0x2f, &(0x7f00000003c0)=""/47, 0x41000, 0x18, '\x00', r3, 0x1b, 0xffffffffffffffff, 0x8, &(0x7f0000000440)={0x5, 0x4}, 0x8, 0x10, &(0x7f0000000480)={0x3, 0x7, 0x8}, 0x10, 0xffffffffffffffff, 0x0, 0xa, 0x0, &(0x7f0000000500)=[{0x0, 0x3, 0x3}, {0x1, 0x7, 0x9, 0x5}, {0x0, 0x3, 0x1, 0x6}, {0x0, 0x4, 0x1, 0x1}, {0x3, 0x3, 0xb, 0x3}, {0x2, 0x3, 0x1, 0xf}, {0x0, 0x5, 0x1, 0xc}, {0x1, 0x4, 0xe, 0x7}, {0x4, 0x1, 0x10, 0x2}, {0x3, 0x2, 0xc, 0xa}], 0x10, 0x40}, 0x94)
setsockopt$sock_attach_bpf(r0, 0x1, 0x32, &(0x7f0000000680)=r5, 0x4)
connect$inet6(r4, 0x0, 0x0)
setsockopt$inet6_tcp_TCP_ULP(r4, 0x6, 0x1f, &(0x7f00000002c0), 0x4)
bpf$MAP_CREATE(0x0, &(0x7f0000000140)=ANY=[@ANYBLOB, @ANYRES32, @ANYBLOB="0100"/20, @ANYRES32=r3, @ANYRES32, @ANYBLOB="02000000050000000500"/21], 0x50)
writev(r4, 0x0, 0x0)
r6 = gettid()
r7 = socket(0x10, 0x803, 0x0)
shutdown(0xffffffffffffffff, 0x0)
syz_init_net_socket$bt_hci(0x1f, 0x3, 0x5)
sendmsg$nl_route(r7, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000001c0)=@newlink={0x3c, 0x10, 0x403, 0xfffffff9, 0x25dfdbfe, {0x0, 0x0, 0x74, r3, 0x59808, 0x55007}, [@IFLA_NET_NS_PID={0x8, 0x13, r6}, @IFLA_IFNAME={0x14, 0x3, 'veth1_macvtap\x00'}]}, 0x3c}, 0x1, 0x0, 0x0, 0x4802}, 0x4000010)
unshare(0x20000400)
syz_emit_ethernet(0x12, &(0x7f0000000000)=ANY=[], 0x0)
r8 = socket$nl_generic(0x10, 0x3, 0x10)
r9 = syz_genetlink_get_family_id$gtp(0x0, 0xffffffffffffffff)
sendmsg$GTP_CMD_GETPDP(r8, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000240)=ANY=[@ANYBLOB='\b\x00\x00\x00', @ANYRES16=r9, @ANYBLOB="0100000000000000000002000000080002000000000008000700", @ANYRES32, @ANYBLOB="08000100", @ANYRES32=0x0, @ANYBLOB], 0x2c}}, 0x0)
sendmsg$netlink(r1, &(0x7f0000000740)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f00000006c0)=ANY=[@ANYBLOB="2800000010000100000000001000000085ff00003b000000000000000000000008001c00c9000000e7fea8022bdfc67b8f5c3a29c57206315db5259040fbd3"], 0x28}], 0x1, 0x0, 0x0, 0xb305e06daab01a77}, 0x40)
sendmsg$NFT_BATCH(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000080)=ANY=[@ANYBLOB="140000001000010000000000000000000700000a5c000000bcbcef63000000000000000002000000300004802c000180090001007866726d000000001c0002800500030001000000080001400000001508000240000000040900010073797a30000000000900020073797a320000000014000000110030000000000000000000070000"], 0x84}, 0x1, 0x0, 0x0, 0x8010}, 0x4000800)

17.415392504s ago: executing program 1 (id=471):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
socketpair$tipc(0x1e, 0x1, 0x0, &(0x7f0000000000)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
r3 = getpgrp(0x0)
sched_setaffinity(r3, 0x8, &(0x7f0000000040)=0x5)
prlimit64(0x0, 0xe, &(0x7f0000000100)={0x8, 0x80000100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000300)=0x7)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r4 = getpid()
sched_setscheduler(r4, 0x2, &(0x7f0000000000)=0x3)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
r5 = syz_clone(0x8000, 0x0, 0xfffffffffffffe7e, 0x0, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, r5, 0x1, 0x0)
r6 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
r7 = socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$ethtool(&(0x7f0000000040), 0xffffffffffffffff)
sendmsg$ETHTOOL_MSG_COALESCE_SET(r7, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000080)=ANY=[@ANYBLOB='4\x00\x00\x00'], 0x34}, 0x1, 0x0, 0x0, 0x20040804}, 0x4044890)
read$msr(r6, &(0x7f0000019680)=""/102392, 0x18ff8)
syz_emit_ethernet(0x4a, 0x0, 0x0)
symlinkat(0x0, 0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00')
recvmsg(r1, &(0x7f0000000500)={&(0x7f0000000040)=@hci, 0x80, &(0x7f0000000100)=[{&(0x7f0000000400)=""/248, 0x200105d0}], 0x1}, 0x1f00)
sendmsg$tipc(r2, &(0x7f0000000240)={0x0, 0xfffffff5, &(0x7f0000000200)=[{&(0x7f0000000140)="a2", 0xfffffdef}], 0x1}, 0x0)
getsockopt$TIPC_NODE_RECVQ_DEPTH(r1, 0x10f, 0x83, &(0x7f0000000180), 0x0)
symlink(&(0x7f0000001640)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa/../file0\x00', &(0x7f0000000e40)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00')
r8 = openat$dma_heap(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$MEDIA_IOC_DEVICE_INFO(r8, 0xc1007c00, 0x0)
quotactl$Q_SETQUOTA(0xffffffff80000800, &(0x7f0000000540)=@filename='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa/../file0\x00', 0xee00, 0x0)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000100)={'wlan1\x00'})

13.869377937s ago: executing program 1 (id=472):
bpf$ITER_CREATE(0x21, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
futex_waitv(&(0x7f0000000180)=[{0x0, &(0x7f0000000000), 0x2}], 0x1, 0x0, 0x0, 0x0)
futex(&(0x7f0000000140), 0x5, 0x0, 0x0, &(0x7f0000000000), 0x0)
mremap(&(0x7f000054e000/0x1000)=nil, 0x1000, 0x3000, 0x3, &(0x7f000022c000/0x3000)=nil)
openat$audio(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0)

13.392686444s ago: executing program 2 (id=473):
syz_usb_connect$lan78xx(0x3, 0x0, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x6, 0x100000b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x5)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x80202, 0x0)
r0 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r0, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched_retired(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x8080}, 0x9080)
write$uinput_user_dev(0xffffffffffffffff, &(0x7f0000000380)={'syz1\x00', {0x0, 0x7fff, 0x2, 0x2}, 0x51, [0x3ff, 0x2, 0x10000, 0x0, 0x7ca6, 0x9, 0xc2ad, 0x4, 0x9, 0x9, 0x5, 0x9, 0x8, 0x200, 0x5, 0x3, 0x7, 0x5, 0xfffffff9, 0x6, 0x3, 0xfff, 0x100, 0x4152, 0x8b3, 0x9, 0x861, 0x7, 0x5, 0x0, 0x3c, 0x4, 0x1005, 0x4, 0x8, 0x1ff, 0x8, 0x8, 0xd5bb, 0x3, 0x1, 0x9de9, 0x8, 0x3, 0x3, 0x7f, 0x5, 0x8, 0x0, 0x1, 0x3ff, 0x6, 0x2e, 0x800, 0x846c, 0x3, 0x6, 0x31b, 0x8, 0xa, 0x1, 0x7, 0xffffffff, 0x3], [0x4a, 0x19a78cbf, 0xe936, 0x8, 0xf6, 0xfffffff7, 0x2, 0x7d, 0x10001, 0x8, 0x3ff, 0x1, 0x7, 0x8f, 0x1, 0x2, 0x1ff, 0x200, 0x6f8, 0x7, 0xd, 0x7, 0x100788, 0x6, 0x0, 0x0, 0x8, 0x3, 0x5, 0x2, 0xa, 0x7, 0x80, 0x5aa, 0xfffff000, 0x400, 0x2, 0x7, 0x6, 0x6, 0x5, 0x3, 0x87, 0x22e2, 0x4, 0xffffffff, 0x7, 0x1fd, 0x6, 0x10001, 0x9e, 0x1, 0x5, 0x101, 0xfffffffa, 0x0, 0x2, 0x2, 0x6, 0x1ff, 0x8, 0x3, 0x6], [0x2, 0x94da, 0xffffffff, 0x7, 0xc0000, 0x4, 0x4, 0xfffffffa, 0x6, 0x7, 0xea, 0x7, 0x6, 0x400, 0xfffeffff, 0xfc000000, 0x8, 0x8, 0xd1, 0x2, 0xb66, 0x3, 0x4, 0x52c, 0x4, 0x10001, 0xfffffff8, 0x2, 0x9, 0x1, 0x7, 0xe86, 0x8, 0x20000100, 0x7, 0x1, 0x746a6ffd, 0x3, 0x4, 0x0, 0x1, 0x45a6c325, 0x8, 0x10000, 0x1000, 0x2, 0x5, 0x0, 0x2, 0x2, 0x1, 0x8, 0x2, 0x2, 0x81, 0x200, 0x3ff, 0xffffffcc, 0x6, 0xa000000, 0x8, 0xfff, 0x4000, 0x2], [0x8, 0x7, 0xffffffff, 0xfffffffc, 0x8000, 0x2, 0x74d6, 0x1ff, 0xfffffffe, 0x10, 0x5e, 0x0, 0x8, 0x8, 0x5, 0x8, 0xfb, 0xf25, 0xd, 0x1ff, 0x2, 0x95, 0x9, 0x9, 0x1, 0xc, 0xffff6f9e, 0x4, 0xfffffff7, 0x10000, 0x7, 0x52a, 0x5, 0xc1a0, 0x4, 0x8, 0x3, 0x9, 0x5, 0xb7af, 0x3, 0x4, 0x0, 0x1ff8, 0x2, 0x7, 0x6, 0x7ffffffd, 0x8, 0x7, 0x7fffffff, 0xd, 0x40, 0x3ff, 0xc, 0x1ff, 0x9, 0x6, 0x0, 0x1000, 0x9, 0x2, 0x9, 0x4]}, 0x45c)
sendto(0xffffffffffffffff, 0x0, 0x0, 0x810, 0x0, 0x0)
listen(r1, 0x90004)
r2 = syz_genetlink_get_family_id$nbd(&(0x7f00000000c0), 0xffffffffffffffff)
sendmsg$NBD_CMD_CONNECT(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000003c0)=ANY=[@ANYBLOB='h\x00\x00\x00', @ANYRES16=r2, @ANYBLOB="010000000000000000000100000008000100400000000c000200700f0000000000000c00060003000000000000000a000a00272d5d29212b0000140007"], 0x6c}}, 0x0)
mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1)
sendmsg$TIPC_NL_KEY_SET(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x4000004}, 0x0)
modify_ldt$write2(0x11, &(0x7f0000000100)={0x81, 0x0, 0x4000, 0x1}, 0x10)

12.975110033s ago: executing program 5 (id=474):
bpf$BPF_BTF_LOAD(0x12, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000000)={0x2, 0x7}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000640)=0x2)
sched_setaffinity(0x0, 0x8, &(0x7f0000000280)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r0, &(0x7f0000005580)=""/102392, 0x18ff8)
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x7, 0x0)
timer_create(0x3, 0x0, &(0x7f0000000080)=<r1=>0x0)
timer_gettime(r1, &(0x7f00000000c0))
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000500)={0x0, 0x3c}}, 0x4010)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
r3 = syz_genetlink_get_family_id$batadv(&(0x7f0000000080), 0xffffffffffffffff)
ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r2, 0x8933, &(0x7f0000000140)={'batadv0\x00', <r4=>0x0})
sendmsg$BATADV_CMD_GET_NEIGHBORS(r2, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000040)={0x24, r3, 0x331, 0x0, 0x0, {}, [@BATADV_ATTR_MESH_IFINDEX={0x8, 0x3, r4}, @BATADV_ATTR_HARD_IFINDEX={0x8}]}, 0x24}}, 0x4000)
quotactl_fd$Q_GETFMT(0xffffffffffffffff, 0xffffffff80000401, 0xffffffffffffffff, &(0x7f0000000080))
syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f00000000c0)='./file1\x00', 0x3000046, &(0x7f0000000640)={[{@dioread_nolock}, {@data_err_abort}, {@inlinecrypt}, {@noauto_da_alloc}, {@data_err_ignore}, {@discard}, {@data_err_ignore}, {@grpquota}, {@noblock_validity}, {@lazytime}, {@bh}, {@errors_remount}]}, 0x1, 0x553, &(0x7f00000009c0)="$eJzs3d9rW1UcAPDvTdv91nUwhopIYQ9O5tK19ccEH/Rx6HCg7zO0d2U0WUaTjrUO3B7ciy8yBBEH4ru++zj8B/wrBjoYMoo++BK56U2XrUmbddnSmc8Hbjkn9ybnfnPv9/TcnBsSwNCayP4UIl6OiG+SiIMRkeTrRiNfObG23er9q7PZkkSj8elfSXO7rN56rdbz9ueVlyLit68ijhc2tltbXlkolcvpYl6frFcuTdaWV05cqJTm0/n04vTMzKm3Z6bfe/edvsX6xtl/vv/k9ulTXx9d/e6Xu4duJvFBHMjXtcfxBK61VyZiIn9PxuL0IxtO9aGxnSQZ9A6wLSN5no9F1gccjJE864H/vy8jogEMqUT+w5BqjQNa1/Z9ug5+btz7cO0CaGP8o2ufjcSe5rXRvtXkoSuj7Hp3vA/tZ238+uetm9kS/fscAmBL165HxMnR0Y39X5L3f9t3sodtHm1D/wfPzu1s/PNmp/FPYX38Ex3GP/s75O52bJ3/hbt9aKarbPz3fsfx7/qk1fhIXnuhOeYbS85fKKdZ3/ZiRByLsd1ZfbP5nFOrdxrd1rWP/7Ila781Fsz34+7o7oefM1eql54k5nb3rke80nH8m6wf/6TD8c/ej7M9tnEkvfVat3Vbx/90NX6KeL3j8X8wo5VsPj852TwfJltnxUZ/3zjye7f2Bx1/dvz3bR7/eNI+X1t7/DZ+3PNv2m3dQ/FH7+f/ruSzZnlX/tiVUr2+OBWxK/l44+PTD57bqre2z+I/dnTz/q/T+b83Ij7vMf4bh39+taf4B3T85x7r+D9+4c5HX/zQrf3e+r+3mqVj+SO99H+97uCTvHcAAAAAAACw0xQi4kAkheJ6uVAoFtfu7zgc+wrlaq1+/Hx16eJcNL8rOx5jhdZM98G2+yGm8vthW/XpR+ozEXEoIr4d2dusF2er5blBBw8AAAAAAAAAAAAAAAAAAAA7xP4u3//P/DEy6L0Dnjo/+Q3Da8v878cvPQE7kv//MLzkPwwv+Q/DS/7D8JL/MLzkPwwv+Q/DS/4DAAAAAAAAAAAAAAAAAAAAAAAAAABAX509cyZbGqv3r85m9bnLy0sL1csn5tLaQrGyNFucrS5eKs5Xq/PltDhbrWz1euVq9dLUdCxdmayntfpkbXnlXKW6dLF+7kKlNJ+eS8eeSVQAAAAAAAAAAAAAAAAAAADwfKktryyUyuV0UUFhW4XRnbEbCn0uDLpnAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIAH/gsAAP//u5Y3ug==")

12.639769999s ago: executing program 4 (id=475):
capset(&(0x7f0000000040)={0x20080522}, &(0x7f0000000080))
prctl$PR_SET_NO_NEW_PRIVS(0x26, 0x1)
r0 = syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0)
ptrace(0x10, r0)
ptrace(0x11, r0)
landlock_restrict_self(0xffffffffffffffff, 0x0)
r1 = syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0)
ptrace(0x10, r0)
ptrace(0x10, r1)

9.908782254s ago: executing program 2 (id=476):
r0 = openat$fb0(0xffffffffffffff9c, &(0x7f0000000000), 0x180300, 0x0)
ioctl$FBIOPUT_VSCREENINFO(r0, 0x4601, &(0x7f0000000040)={0x191, 0x258, 0x300, 0x3f, 0x32, 0x1, 0x0, 0x0, {}, {}, {}, {}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe07, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x3})
ioctl$FBIOGETCMAP(r0, 0x4604, 0x0)

9.525524138s ago: executing program 4 (id=477):
open_tree(0xffffffffffffffff, &(0x7f0000000100)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x0)
socket$nl_xfrm(0x10, 0x3, 0x6)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
fsopen(0x0, 0x0)
r3 = socket$netlink(0x10, 0x3, 0x4)
bind$netlink(r3, &(0x7f0000000080)={0x10, 0x0, 0x4, 0x2ffffffff}, 0xc)

9.457536252s ago: executing program 0 (id=478):
bpf$ITER_CREATE(0x21, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
futex_waitv(&(0x7f0000000180)=[{0x0, &(0x7f0000000000), 0x2}], 0x1, 0x0, 0x0, 0x0)
futex(&(0x7f0000000140), 0x5, 0x0, 0x0, &(0x7f0000000000), 0x0)
execveat(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x1000)
sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x4000)
openat$audio(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0)

9.119315737s ago: executing program 5 (id=479):
bpf$BPF_BTF_LOAD(0x12, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000000)={0x2, 0x7}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000640)=0x2)
sched_setaffinity(0x0, 0x8, &(0x7f0000000280)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r0, &(0x7f0000005580)=""/102392, 0x18ff8)
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x7, 0x0)
timer_create(0x3, 0x0, &(0x7f0000000080)=<r1=>0x0)
timer_gettime(r1, &(0x7f00000000c0))
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000500)={0x0, 0x3c}}, 0x4010)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$batadv(&(0x7f0000000080), 0xffffffffffffffff)
ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r2, 0x8933, &(0x7f0000000140))
ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r2, 0x8933, &(0x7f0000000200)={'batadv_slave_1\x00'})
quotactl_fd$Q_GETFMT(0xffffffffffffffff, 0xffffffff80000401, 0xffffffffffffffff, &(0x7f0000000080))
syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f00000000c0)='./file1\x00', 0x3000046, &(0x7f0000000640)={[{@dioread_nolock}, {@data_err_abort}, {@inlinecrypt}, {@noauto_da_alloc}, {@data_err_ignore}, {@discard}, {@data_err_ignore}, {@grpquota}, {@noblock_validity}, {@lazytime}, {@bh}, {@errors_remount}]}, 0x1, 0x553, &(0x7f00000009c0)="$eJzs3d9rW1UcAPDvTdv91nUwhopIYQ9O5tK19ccEH/Rx6HCg7zO0d2U0WUaTjrUO3B7ciy8yBBEH4ru++zj8B/wrBjoYMoo++BK56U2XrUmbddnSmc8Hbjkn9ybnfnPv9/TcnBsSwNCayP4UIl6OiG+SiIMRkeTrRiNfObG23er9q7PZkkSj8elfSXO7rN56rdbz9ueVlyLit68ijhc2tltbXlkolcvpYl6frFcuTdaWV05cqJTm0/n04vTMzKm3Z6bfe/edvsX6xtl/vv/k9ulTXx9d/e6Xu4duJvFBHMjXtcfxBK61VyZiIn9PxuL0IxtO9aGxnSQZ9A6wLSN5no9F1gccjJE864H/vy8jogEMqUT+w5BqjQNa1/Z9ug5+btz7cO0CaGP8o2ufjcSe5rXRvtXkoSuj7Hp3vA/tZ238+uetm9kS/fscAmBL165HxMnR0Y39X5L3f9t3sodtHm1D/wfPzu1s/PNmp/FPYX38Ex3GP/s75O52bJ3/hbt9aKarbPz3fsfx7/qk1fhIXnuhOeYbS85fKKdZ3/ZiRByLsd1ZfbP5nFOrdxrd1rWP/7Ila781Fsz34+7o7oefM1eql54k5nb3rke80nH8m6wf/6TD8c/ej7M9tnEkvfVat3Vbx/90NX6KeL3j8X8wo5VsPj852TwfJltnxUZ/3zjye7f2Bx1/dvz3bR7/eNI+X1t7/DZ+3PNv2m3dQ/FH7+f/ruSzZnlX/tiVUr2+OBWxK/l44+PTD57bqre2z+I/dnTz/q/T+b83Ij7vMf4bh39+taf4B3T85x7r+D9+4c5HX/zQrf3e+r+3mqVj+SO99H+97uCTvHcAAAAAAACw0xQi4kAkheJ6uVAoFtfu7zgc+wrlaq1+/Hx16eJcNL8rOx5jhdZM98G2+yGm8vthW/XpR+ozEXEoIr4d2dusF2er5blBBw8AAAAAAAAAAAAAAAAAAAA7xP4u3//P/DEy6L0Dnjo/+Q3Da8v878cvPQE7kv//MLzkPwwv+Q/DS/7D8JL/MLzkPwwv+Q/DS/4DAAAAAAAAAAAAAAAAAAAAAAAAAABAX509cyZbGqv3r85m9bnLy0sL1csn5tLaQrGyNFucrS5eKs5Xq/PltDhbrWz1euVq9dLUdCxdmayntfpkbXnlXKW6dLF+7kKlNJ+eS8eeSVQAAAAAAAAAAAAAAAAAAADwfKktryyUyuV0UUFhW4XRnbEbCn0uDLpnAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIAH/gsAAP//u5Y3ug==")

8.315894643s ago: executing program 4 (id=480):
bpf$BPF_GET_PROG_INFO(0xf, 0x0, 0x0)
r0 = socket$inet_mptcp(0x2, 0x1, 0x106)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e24, @multicast2}, 0x10)
connect$inet(r0, &(0x7f00000009c0)={0x2, 0x4e24, @dev={0xac, 0x14, 0x14, 0x21}}, 0x10)
writev(r0, &(0x7f0000000200)=[{&(0x7f00000000c0)='X', 0x8030000}], 0x1)
shutdown(r0, 0x1)
r4 = socket(0x10, 0x3, 0x0)
sendmsg$nl_generic(r4, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000400)=ANY=[@ANYBLOB="18000000160001ea"], 0x78}, 0x1, 0x0, 0x0, 0x8000}, 0x0)
recvmmsg(r4, &(0x7f0000002a40)=[{{0x0, 0x0, 0x0}, 0x9}], 0x1, 0x40002000, 0x0)
recvmmsg(r4, &(0x7f0000002840)=[{{0x0, 0x0, 0x0}, 0xc}], 0x1, 0x60, 0x0)
openat(0xffffffffffffff9c, &(0x7f00000001c0)='./file0\x00', 0x41, 0x0)
openat$fuse(0xffffffffffffff9c, 0x0, 0x42, 0x0)
prctl$PR_SET_MM_MAP(0x23, 0xe, &(0x7f0000000080)={&(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ff1000/0xf000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ff8000/0x4000)=nil, &(0x7f0000ff8000/0x3000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ff8000/0x2000)=nil, &(0x7f0000ffa000/0x1000)=nil, &(0x7f0000ffa000/0x2000)=nil, 0x0}, 0x68)
io_uring_setup(0x4fef, &(0x7f0000000040)={0x0, 0xa35e, 0x8000, 0x20000a, 0x35b})
sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x0)
socket$inet_sctp(0x2, 0x1, 0x84)
ioctl$VHOST_SET_FEATURES(0xffffffffffffffff, 0x4008af00, 0x0)
sendto$inet(0xffffffffffffffff, &(0x7f0000000140), 0x0, 0x0, &(0x7f0000004ff0)={0x2, 0x0, @rand_addr=0xfffffffffffffffe}, 0x10)
connect$inet(0xffffffffffffffff, &(0x7f0000000240)={0x2, 0x4e23, @private=0xa010100}, 0x10)

6.739475328s ago: executing program 0 (id=481):
prctl$PR_SET_NO_NEW_PRIVS(0x26, 0x1)
r0 = landlock_create_ruleset(0x0, 0x0, 0x0)
landlock_restrict_self(r0, 0x0)
r1 = syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0)
ptrace(0x10, 0x0)
ptrace(0x10, r1)

6.549641524s ago: executing program 2 (id=482):
syz_usb_connect$lan78xx(0x3, 0x0, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x6, 0x100000b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x5)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x80202, 0x0)
r0 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r0, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
r1 = socket$nl_route(0x10, 0x3, 0x0)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
write$uinput_user_dev(0xffffffffffffffff, &(0x7f0000000380)={'syz1\x00', {0x0, 0x7fff, 0x2, 0x2}, 0x51, [0x3ff, 0x2, 0x10000, 0x0, 0x7ca6, 0x9, 0xc2ad, 0x4, 0x9, 0x9, 0x5, 0x9, 0x8, 0x200, 0x5, 0x3, 0x7, 0x5, 0xfffffff9, 0x6, 0x3, 0xfff, 0x100, 0x4152, 0x8b3, 0x9, 0x861, 0x7, 0x5, 0x0, 0x3c, 0x4, 0x1005, 0x4, 0x8, 0x1ff, 0x8, 0x8, 0xd5bb, 0x3, 0x1, 0x9de9, 0x8, 0x3, 0x3, 0x7f, 0x5, 0x8, 0x0, 0x1, 0x3ff, 0x6, 0x2e, 0x800, 0x846c, 0x3, 0x6, 0x31b, 0x8, 0xa, 0x1, 0x7, 0xffffffff, 0x3], [0x4a, 0x19a78cbf, 0xe936, 0x8, 0xf6, 0xfffffff7, 0x2, 0x7d, 0x10001, 0x8, 0x3ff, 0x1, 0x7, 0x8f, 0x1, 0x2, 0x1ff, 0x200, 0x6f8, 0x7, 0xd, 0x7, 0x100788, 0x6, 0x0, 0x0, 0x8, 0x3, 0x5, 0x2, 0xa, 0x7, 0x80, 0x5aa, 0xfffff000, 0x400, 0x2, 0x7, 0x6, 0x6, 0x5, 0x3, 0x87, 0x22e2, 0x4, 0xffffffff, 0x7, 0x1fd, 0x6, 0x10001, 0x9e, 0x1, 0x5, 0x101, 0xfffffffa, 0x0, 0x2, 0x2, 0x6, 0x1ff, 0x8, 0x3, 0x6], [0x2, 0x94da, 0xffffffff, 0x7, 0xc0000, 0x4, 0x4, 0xfffffffa, 0x6, 0x7, 0xea, 0x7, 0x6, 0x400, 0xfffeffff, 0xfc000000, 0x8, 0x8, 0xd1, 0x2, 0xb66, 0x3, 0x4, 0x52c, 0x4, 0x10001, 0xfffffff8, 0x2, 0x9, 0x1, 0x7, 0xe86, 0x8, 0x20000100, 0x7, 0x1, 0x746a6ffd, 0x3, 0x4, 0x0, 0x1, 0x45a6c325, 0x8, 0x10000, 0x1000, 0x2, 0x5, 0x0, 0x2, 0x2, 0x1, 0x8, 0x2, 0x2, 0x81, 0x200, 0x3ff, 0xffffffcc, 0x6, 0xa000000, 0x8, 0xfff, 0x4000, 0x2], [0x8, 0x7, 0xffffffff, 0xfffffffc, 0x8000, 0x2, 0x74d6, 0x1ff, 0xfffffffe, 0x10, 0x5e, 0x0, 0x8, 0x8, 0x5, 0x8, 0xfb, 0xf25, 0xd, 0x1ff, 0x2, 0x95, 0x9, 0x9, 0x1, 0xc, 0xffff6f9e, 0x4, 0xfffffff7, 0x10000, 0x7, 0x52a, 0x5, 0xc1a0, 0x4, 0x8, 0x3, 0x9, 0x5, 0xb7af, 0x3, 0x4, 0x0, 0x1ff8, 0x2, 0x7, 0x6, 0x7ffffffd, 0x8, 0x7, 0x7fffffff, 0xd, 0x40, 0x3ff, 0xc, 0x1ff, 0x9, 0x6, 0x0, 0x1000, 0x9, 0x2, 0x9, 0x4]}, 0x45c)
sendto(0xffffffffffffffff, 0x0, 0x0, 0x810, 0x0, 0x0)
listen(r1, 0x90004)
r3 = syz_genetlink_get_family_id$nbd(&(0x7f00000000c0), 0xffffffffffffffff)
sendmsg$NBD_CMD_CONNECT(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000003c0)=ANY=[@ANYBLOB='h\x00\x00\x00', @ANYRES16=r3, @ANYBLOB="010000000000000000000100000008000100400000000c000200700f0000000000000c00060003000000000000000a000a00272d5d29212b0000140007"], 0x6c}}, 0x0)
mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1)
sendmsg$TIPC_NL_KEY_SET(r2, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x4000004}, 0x0)
modify_ldt$write2(0x11, &(0x7f0000000100)={0x81, 0x0, 0x4000, 0x1}, 0x10)

6.057079294s ago: executing program 4 (id=483):
syz_open_procfs(0x0, &(0x7f0000000440)='net/rt6_stats\x00')
bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0xd, 0x4, &(0x7f00000005c0)=ANY=[@ANYBLOB="b7000000000000006111900000e1f90006000000000000009500000000000000650881f86b2cc338df645e9fe3e06088f59a1804a0411223122b5edcdd5f6cd0ac52cd010001000000000042db7732b4e7f5318f7d072f289968935fe5143706d8a9dacef4e6fa9f392c0565078eba4f0c7243cfaf3983427c7250be5aeb541b4b317897bcfe86a812"], &(0x7f0000003ff6)='GPL\x00', 0x5, 0xc3, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @sock_ops, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0xb}, 0x94)
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB], 0x48)
socket$kcm(0x2, 0xa, 0x2)
r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x5)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x80200, 0x0)
r1 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r1, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
bpf$MAP_CREATE(0x0, 0x0, 0x50)
r2 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r3 = syz_genetlink_get_family_id$nbd(&(0x7f0000000040), 0xffffffffffffffff)
syz_emit_ethernet(0x9c, &(0x7f0000000500)=ANY=[@ANYBLOB="0180c2000001aab1aaaaaaaa3388a801008100110086dd65795382005e210100000000000000000000000000000000ff0100000000000000000000000000017302014000"/78], 0x0)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000000)={<r4=>0xffffffffffffffff})
sendmsg$NBD_CMD_CONNECT(r2, &(0x7f0000001ac0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000000c0)={0x48, r3, 0x1, 0xffffbffe, 0x0, {}, [@NBD_ATTR_SOCKETS={0x1c, 0x7, 0x0, 0x1, [{0xc, 0x1, 0x0, 0x1, {0x8, 0x1, r4}}, {0xc, 0x1, 0x0, 0x1, {0x8, 0x1, r4}}]}, @NBD_ATTR_SERVER_FLAGS={0xc, 0x5, 0xfb2e77a8993c1937}, @NBD_ATTR_SIZE_BYTES={0xc, 0x2, 0x10001}]}, 0x48}}, 0x20000000)
r5 = socket$nl_netfilter(0x10, 0x3, 0xc)
ioctl$BTRFS_IOC_GET_SUBVOL_INFO(r0, 0x81e8943c, 0x0)
sendmsg$NFT_BATCH(r5, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000b00)={0x0, 0xa0}, 0x1, 0x0, 0x0, 0x24002801}, 0x0)
ioctl$int_in(0xffffffffffffffff, 0x40000000af01, 0x0)
openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x0, 0x0)
r6 = socket$inet_sctp(0x2, 0x1, 0x84)
r7 = socket$inet_sctp(0x2, 0x5, 0x84)
setsockopt$IP_VS_SO_SET_ADD(r7, 0x0, 0x482, &(0x7f00000000c0)={0x84, @multicast2, 0x4e22, 0x3, 'rr\x00', 0x1e, 0x4, 0x68}, 0x2c)
setsockopt$IP_VS_SO_SET_ADDDEST(r7, 0x0, 0x487, 0x0, 0x0)
setsockopt$IP_VS_SO_SET_DELDEST(r6, 0x0, 0x488, 0x0, 0x0)

2.002439162s ago: executing program 5 (id=484):
r0 = socket$inet6_sctp(0xa, 0x5, 0x84)
setsockopt(r0, 0x84, 0x81, &(0x7f0000000000)="0000000000000002", 0x8)
socket$inet_sctp(0x2, 0x1, 0x84)
sendmsg$RDMA_NLDEV_CMD_STAT_GET(0xffffffffffffffff, 0x0, 0x20000000)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000480)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0xfc409000)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e24}, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
fsopen(&(0x7f0000000000)='rpc_pipefs\x00', 0x0)
r4 = openat$fb0(0xffffffffffffff9c, &(0x7f0000000000), 0x180300, 0x0)
ioctl$FBIOPUT_VSCREENINFO(r4, 0x4601, &(0x7f0000000040)={0x191, 0x258, 0x300, 0x3f, 0x32, 0x1, 0x0, 0x0, {}, {}, {}, {}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe07, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x3})
ioctl$FBIOGETCMAP(r4, 0x4604, 0x0)
mremap(&(0x7f00009d1000/0x4000)=nil, 0x4000, 0x4000, 0x3, &(0x7f00002a0000/0x4000)=nil)

1.915601724s ago: executing program 2 (id=485):
socket$nl_generic(0x10, 0x3, 0x10)
openat$vicodec0(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0)
bind$802154_dgram(0xffffffffffffffff, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e23}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000240)={0xffffffffffffffff, <r3=>0xffffffffffffffff})
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
sendmmsg$unix(r5, &(0x7f00000001c0)=[{{0x0, 0x0, &(0x7f0000000480)=[{&(0x7f0000000440)='1', 0x1}], 0x1, &(0x7f0000000380)=ANY=[@ANYBLOB="14000000000000000100000001000000", @ANYRES32=r3, @ANYBLOB], 0x18, 0x20040040}}], 0x1, 0x4040)
pipe(&(0x7f00000004c0)={0xffffffffffffffff, <r6=>0xffffffffffffffff})
splice(r4, 0x0, r6, 0x0, 0x39000, 0x0)
r7 = syz_open_dev$vim2m(&(0x7f0000000440), 0x3, 0x2)
ioctl$vim2m_VIDIOC_REQBUFS(r7, 0xc0145608, &(0x7f00000000c0)={0x1, 0x2, 0x1})
ioctl$vim2m_VIDIOC_QBUF(r7, 0xc058560f, &(0x7f00000002c0)=@multiplanar_mmap={0x0, 0x2, 0x4, 0x0, 0x0, {}, {0x5, 0x0, 0x0, 0x0, 0x20, 0x29, "fafc00"}, 0x0, 0x1, {0x0}})

996.05203ms ago: executing program 5 (id=486):
bpf$BPF_BTF_LOAD(0x12, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000000)={0x2, 0x7}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000640)=0x2)
sched_setaffinity(0x0, 0x8, &(0x7f0000000280)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r0, &(0x7f0000005580)=""/102392, 0x18ff8)
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x7, 0x0)
timer_create(0x3, 0x0, &(0x7f0000000080)=<r1=>0x0)
timer_gettime(r1, &(0x7f00000000c0))
r2 = socket$nl_generic(0x10, 0x3, 0x10)
r3 = syz_genetlink_get_family_id$batadv(&(0x7f0000000080), 0xffffffffffffffff)
ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r2, 0x8933, &(0x7f0000000140)={'batadv0\x00', <r4=>0x0})
ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r2, 0x8933, &(0x7f0000000200)={'batadv_slave_1\x00', <r5=>0x0})
sendmsg$BATADV_CMD_GET_NEIGHBORS(r2, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000040)={0x24, r3, 0x331, 0x0, 0x0, {}, [@BATADV_ATTR_MESH_IFINDEX={0x8, 0x3, r4}, @BATADV_ATTR_HARD_IFINDEX={0x8, 0x6, r5}]}, 0x24}}, 0x4000)
quotactl_fd$Q_GETFMT(0xffffffffffffffff, 0xffffffff80000401, 0xffffffffffffffff, &(0x7f0000000080))
syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f00000000c0)='./file1\x00', 0x3000046, &(0x7f0000000640)={[{@dioread_nolock}, {@data_err_abort}, {@inlinecrypt}, {@noauto_da_alloc}, {@data_err_ignore}, {@discard}, {@data_err_ignore}, {@grpquota}, {@noblock_validity}, {@lazytime}, {@bh}, {@errors_remount}]}, 0x1, 0x553, &(0x7f00000009c0)="$eJzs3d9rW1UcAPDvTdv91nUwhopIYQ9O5tK19ccEH/Rx6HCg7zO0d2U0WUaTjrUO3B7ciy8yBBEH4ru++zj8B/wrBjoYMoo++BK56U2XrUmbddnSmc8Hbjkn9ybnfnPv9/TcnBsSwNCayP4UIl6OiG+SiIMRkeTrRiNfObG23er9q7PZkkSj8elfSXO7rN56rdbz9ueVlyLit68ijhc2tltbXlkolcvpYl6frFcuTdaWV05cqJTm0/n04vTMzKm3Z6bfe/edvsX6xtl/vv/k9ulTXx9d/e6Xu4duJvFBHMjXtcfxBK61VyZiIn9PxuL0IxtO9aGxnSQZ9A6wLSN5no9F1gccjJE864H/vy8jogEMqUT+w5BqjQNa1/Z9ug5+btz7cO0CaGP8o2ufjcSe5rXRvtXkoSuj7Hp3vA/tZ238+uetm9kS/fscAmBL165HxMnR0Y39X5L3f9t3sodtHm1D/wfPzu1s/PNmp/FPYX38Ex3GP/s75O52bJ3/hbt9aKarbPz3fsfx7/qk1fhIXnuhOeYbS85fKKdZ3/ZiRByLsd1ZfbP5nFOrdxrd1rWP/7Ila781Fsz34+7o7oefM1eql54k5nb3rke80nH8m6wf/6TD8c/ej7M9tnEkvfVat3Vbx/90NX6KeL3j8X8wo5VsPj852TwfJltnxUZ/3zjye7f2Bx1/dvz3bR7/eNI+X1t7/DZ+3PNv2m3dQ/FH7+f/ruSzZnlX/tiVUr2+OBWxK/l44+PTD57bqre2z+I/dnTz/q/T+b83Ij7vMf4bh39+taf4B3T85x7r+D9+4c5HX/zQrf3e+r+3mqVj+SO99H+97uCTvHcAAAAAAACw0xQi4kAkheJ6uVAoFtfu7zgc+wrlaq1+/Hx16eJcNL8rOx5jhdZM98G2+yGm8vthW/XpR+ozEXEoIr4d2dusF2er5blBBw8AAAAAAAAAAAAAAAAAAAA7xP4u3//P/DEy6L0Dnjo/+Q3Da8v878cvPQE7kv//MLzkPwwv+Q/DS/7D8JL/MLzkPwwv+Q/DS/4DAAAAAAAAAAAAAAAAAAAAAAAAAABAX509cyZbGqv3r85m9bnLy0sL1csn5tLaQrGyNFucrS5eKs5Xq/PltDhbrWz1euVq9dLUdCxdmayntfpkbXnlXKW6dLF+7kKlNJ+eS8eeSVQAAAAAAAAAAAAAAAAAAADwfKktryyUyuV0UUFhW4XRnbEbCn0uDLpnAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIAH/gsAAP//u5Y3ug==")

915.7212ms ago: executing program 0 (id=487):
mq_open(0x0, 0x42, 0x197, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000000)={0x2, 0x7}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000640)=0x2)
sched_setaffinity(0x0, 0x8, &(0x7f0000000280)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r0, &(0x7f0000005580)=""/102392, 0x18ff8)
r1 = shmget$private(0x0, 0x3000, 0x0, &(0x7f0000ffd000/0x3000)=nil)
shmat(r1, &(0x7f0000ffc000/0x3000)=nil, 0x4000)
r2 = socket$xdp(0x2c, 0x3, 0x0)
setsockopt$XDP_UMEM_REG(r2, 0x11b, 0x4, &(0x7f0000000080)={&(0x7f00000000c0)=""/13, 0x214000, 0x800}, 0x20)
setsockopt$XDP_TX_RING(r2, 0x11b, 0x3, &(0x7f00000001c0)=0x800, 0x4)
setsockopt$XDP_UMEM_COMPLETION_RING(r2, 0x11b, 0x6, &(0x7f0000000040)=0x20000, 0x4)
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000400)={'dummy0\x00', <r3=>0x0})
setsockopt$XDP_UMEM_FILL_RING(r2, 0x11b, 0x5, &(0x7f0000000140)=0x4000, 0x4)
bind$xdp(r2, &(0x7f0000000100)={0x2c, 0x0, r3}, 0x10)
r4 = socket$netlink(0x10, 0x3, 0x400000000000004)
writev(r4, &(0x7f0000019440)=[{&(0x7f0000000240)="480000001400190d7ebdeb75fd0d8c162c84e48068d8c033ed7a80ffe0090f000060000000a2bc5603ca00000f7f8900000020000001002471083e0d5fcce62483c3f596a77e7ff4", 0x48}], 0x1)

0s ago: executing program 2 (id=488):
r0 = socket$inet6_sctp(0xa, 0x5, 0x84)
setsockopt(r0, 0x84, 0x81, &(0x7f0000000000)="0000000000000002", 0x8)
socket$inet_sctp(0x2, 0x1, 0x84)
sendmsg$RDMA_NLDEV_CMD_STAT_GET(0xffffffffffffffff, 0x0, 0x20000000)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000480)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0xfc409000)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e24}, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
fsopen(&(0x7f0000000000)='rpc_pipefs\x00', 0x0)
r4 = openat$fb0(0xffffffffffffff9c, &(0x7f0000000000), 0x180300, 0x0)
ioctl$FBIOPUT_VSCREENINFO(r4, 0x4601, &(0x7f0000000040)={0x191, 0x258, 0x300, 0x3f, 0x32, 0x1, 0x0, 0x0, {}, {}, {}, {}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe07, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x3})
ioctl$FBIOGETCMAP(r4, 0x4604, 0x0)
mremap(&(0x7f00009d1000/0x4000)=nil, 0x4000, 0x4000, 0x3, &(0x7f00002a0000/0x4000)=nil)

kernel console output (not intermixed with test programs):

ding interface: batadv_slave_1
[   83.064268][ T5615] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[   83.090682][ T5615] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   83.109758][ T5619] batman_adv: batadv0: Adding interface: batadv_slave_1
[   83.116844][ T5619] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[   83.143512][ T5619] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   83.221960][ T5617] hsr_slave_0: entered promiscuous mode
[   83.228607][ T5617] hsr_slave_1: entered promiscuous mode
[   83.235044][ T5617] debugfs: 'hsr0' already exists in 'hsr'
[   83.241214][ T5617] Cannot create hsr debugfs directory
[   83.265166][ T5620] hsr_slave_0: entered promiscuous mode
[   83.271901][ T5620] hsr_slave_1: entered promiscuous mode
[   83.278495][ T5620] debugfs: 'hsr0' already exists in 'hsr'
[   83.284298][ T5620] Cannot create hsr debugfs directory
[   83.326571][ T5618] hsr_slave_0: entered promiscuous mode
[   83.333365][ T5618] hsr_slave_1: entered promiscuous mode
[   83.339602][ T5618] debugfs: 'hsr0' already exists in 'hsr'
[   83.345450][ T5618] Cannot create hsr debugfs directory
[   83.456045][ T5615] hsr_slave_0: entered promiscuous mode
[   83.462564][ T5615] hsr_slave_1: entered promiscuous mode
[   83.468724][ T5615] debugfs: 'hsr0' already exists in 'hsr'
[   83.474583][ T5615] Cannot create hsr debugfs directory
[   83.555520][ T5619] hsr_slave_0: entered promiscuous mode
[   83.561997][ T5619] hsr_slave_1: entered promiscuous mode
[   83.568124][ T5619] debugfs: 'hsr0' already exists in 'hsr'
[   83.573924][ T5619] Cannot create hsr debugfs directory
[   84.163680][ T5616] netdevsim netdevsim2 netdevsim0: renamed from eth0
[   84.179925][ T5616] 8021q: adding VLAN 0 to HW filter on device netdevsim0
[   84.189818][ T5616] netdevsim netdevsim2 netdevsim1: renamed from eth1
[   84.201321][ T5616] 8021q: adding VLAN 0 to HW filter on device netdevsim1
[   84.230164][ T5616] netdevsim netdevsim2 netdevsim2: renamed from eth2
[   84.240105][ T5616] 8021q: adding VLAN 0 to HW filter on device netdevsim2
[   84.248367][ T5616] netdevsim netdevsim2 netdevsim3: renamed from eth3
[   84.259433][ T5616] 8021q: adding VLAN 0 to HW filter on device netdevsim3
[   84.328189][ T5620] netdevsim netdevsim4 netdevsim0: renamed from eth0
[   84.343911][ T5620] 8021q: adding VLAN 0 to HW filter on device netdevsim0
[   84.361489][ T5620] netdevsim netdevsim4 netdevsim1: renamed from eth1
[   84.372254][ T5620] 8021q: adding VLAN 0 to HW filter on device netdevsim1
[   84.380351][ T5620] netdevsim netdevsim4 netdevsim2: renamed from eth2
[   84.391511][ T5620] 8021q: adding VLAN 0 to HW filter on device netdevsim2
[   84.399665][ T5620] netdevsim netdevsim4 netdevsim3: renamed from eth3
[   84.410293][ T5620] 8021q: adding VLAN 0 to HW filter on device netdevsim3
[   84.510111][ T5618] netdevsim netdevsim0 netdevsim0: renamed from eth0
[   84.522836][ T5618] 8021q: adding VLAN 0 to HW filter on device netdevsim0
[   84.538361][ T5618] netdevsim netdevsim0 netdevsim1: renamed from eth1
[   84.548374][ T5618] 8021q: adding VLAN 0 to HW filter on device netdevsim1
[   84.558143][ T5618] netdevsim netdevsim0 netdevsim2: renamed from eth2
[   84.568249][ T5618] 8021q: adding VLAN 0 to HW filter on device netdevsim2
[   84.576435][ T5618] netdevsim netdevsim0 netdevsim3: renamed from eth3
[   84.586513][ T5618] 8021q: adding VLAN 0 to HW filter on device netdevsim3
[   84.702486][ T5617] netdevsim netdevsim1 netdevsim0: renamed from eth0
[   84.716163][ T5617] 8021q: adding VLAN 0 to HW filter on device netdevsim0
[   84.725052][ T5617] netdevsim netdevsim1 netdevsim1: renamed from eth1
[   84.736206][ T5617] 8021q: adding VLAN 0 to HW filter on device netdevsim1
[   84.745124][ T5617] netdevsim netdevsim1 netdevsim2: renamed from eth2
[   84.755263][ T5617] 8021q: adding VLAN 0 to HW filter on device netdevsim2
[   84.764858][ T5617] netdevsim netdevsim1 netdevsim3: renamed from eth3
[   84.775410][ T5617] 8021q: adding VLAN 0 to HW filter on device netdevsim3
[   84.811093][ T5621] Bluetooth: hci2: command tx timeout
[   84.866562][ T5616] 8021q: adding VLAN 0 to HW filter on device bond0
[   84.892012][ T5621] Bluetooth: hci3: command tx timeout
[   84.892454][ T5639] Bluetooth: hci4: command tx timeout
[   84.897479][ T5624] Bluetooth: hci0: command tx timeout
[   84.897670][ T5624] Bluetooth: hci5: command tx timeout
[   84.903255][ T5639] Bluetooth: hci1: command tx timeout
[   84.977757][ T5615] netdevsim netdevsim3 netdevsim0: renamed from eth0
[   84.988536][ T5615] 8021q: adding VLAN 0 to HW filter on device netdevsim0
[   84.997949][ T5615] netdevsim netdevsim3 netdevsim1: renamed from eth1
[   85.007979][ T5615] 8021q: adding VLAN 0 to HW filter on device netdevsim1
[   85.018011][ T5616] 8021q: adding VLAN 0 to HW filter on device team0
[   85.040492][ T5615] netdevsim netdevsim3 netdevsim2: renamed from eth2
[   85.051101][ T5615] 8021q: adding VLAN 0 to HW filter on device netdevsim2
[   85.072475][ T5615] netdevsim netdevsim3 netdevsim3: renamed from eth3
[   85.083004][ T5615] 8021q: adding VLAN 0 to HW filter on device netdevsim3
[   85.118700][  T181] bridge0: port 1(bridge_slave_0) entered blocking state
[   85.126378][  T181] bridge0: port 1(bridge_slave_0) entered forwarding state
[   85.172000][ T5620] 8021q: adding VLAN 0 to HW filter on device bond0
[   85.182067][  T181] bridge0: port 2(bridge_slave_1) entered blocking state
[   85.189174][  T181] bridge0: port 2(bridge_slave_1) entered forwarding state
[   85.211551][ T5618] 8021q: adding VLAN 0 to HW filter on device bond0
[   85.253789][ T5619] netdevsim netdevsim5 netdevsim0: renamed from eth0
[   85.265396][ T5619] 8021q: adding VLAN 0 to HW filter on device netdevsim0
[   85.289882][ T5619] netdevsim netdevsim5 netdevsim1: renamed from eth1
[   85.301257][ T5619] 8021q: adding VLAN 0 to HW filter on device netdevsim1
[   85.309185][ T5619] netdevsim netdevsim5 netdevsim2: renamed from eth2
[   85.320468][ T5619] 8021q: adding VLAN 0 to HW filter on device netdevsim2
[   85.342121][ T5619] netdevsim netdevsim5 netdevsim3: renamed from eth3
[   85.353755][ T5619] 8021q: adding VLAN 0 to HW filter on device netdevsim3
[   85.372182][ T5620] 8021q: adding VLAN 0 to HW filter on device team0
[   85.402075][ T5618] 8021q: adding VLAN 0 to HW filter on device team0
[   85.433901][   T12] bridge0: port 1(bridge_slave_0) entered blocking state
[   85.441102][   T12] bridge0: port 1(bridge_slave_0) entered forwarding state
[   85.469597][   T12] bridge0: port 1(bridge_slave_0) entered blocking state
[   85.476817][   T12] bridge0: port 1(bridge_slave_0) entered forwarding state
[   85.513390][   T12] bridge0: port 2(bridge_slave_1) entered blocking state
[   85.520524][   T12] bridge0: port 2(bridge_slave_1) entered forwarding state
[   85.533570][   T12] bridge0: port 2(bridge_slave_1) entered blocking state
[   85.540755][   T12] bridge0: port 2(bridge_slave_1) entered forwarding state
[   85.561347][ T5617] 8021q: adding VLAN 0 to HW filter on device bond0
[   85.677707][ T5617] 8021q: adding VLAN 0 to HW filter on device team0
[   85.745102][   T36] bridge0: port 1(bridge_slave_0) entered blocking state
[   85.752321][   T36] bridge0: port 1(bridge_slave_0) entered forwarding state
[   85.784436][   T36] bridge0: port 2(bridge_slave_1) entered blocking state
[   85.791622][   T36] bridge0: port 2(bridge_slave_1) entered forwarding state
[   85.867336][ T5615] 8021q: adding VLAN 0 to HW filter on device bond0
[   85.978924][ T5615] 8021q: adding VLAN 0 to HW filter on device team0
[   86.038457][  T802] cfg80211: failed to load regulatory.db
[   86.076247][ T1102] bridge0: port 1(bridge_slave_0) entered blocking state
[   86.083481][ T1102] bridge0: port 1(bridge_slave_0) entered forwarding state
[   86.155472][   T57] bridge0: port 2(bridge_slave_1) entered blocking state
[   86.162700][   T57] bridge0: port 2(bridge_slave_1) entered forwarding state
[   86.193024][ T5619] 8021q: adding VLAN 0 to HW filter on device bond0
[   86.324638][ T5619] 8021q: adding VLAN 0 to HW filter on device team0
[   86.366967][   T57] bridge0: port 1(bridge_slave_0) entered blocking state
[   86.374184][   T57] bridge0: port 1(bridge_slave_0) entered forwarding state
[   86.425742][   T57] bridge0: port 2(bridge_slave_1) entered blocking state
[   86.432971][   T57] bridge0: port 2(bridge_slave_1) entered forwarding state
[   86.718582][ T5616] 8021q: adding VLAN 0 to HW filter on device batadv0
[   86.892532][ T5639] Bluetooth: hci2: command tx timeout
[   86.972743][ T5639] Bluetooth: hci1: command tx timeout
[   86.978212][ T5624] Bluetooth: hci5: command tx timeout
[   86.983695][ T5628] Bluetooth: hci3: command tx timeout
[   86.989165][ T5621] Bluetooth: hci4: command tx timeout
[   86.994729][ T5629] Bluetooth: hci0: command tx timeout
[   87.018894][ T5616] veth0_vlan: entered promiscuous mode
[   87.080909][ T5616] veth1_vlan: entered promiscuous mode
[   87.217791][ T5616] veth0_macvtap: entered promiscuous mode
[   87.273859][ T5616] veth1_macvtap: entered promiscuous mode
[   87.369578][ T5620] 8021q: adding VLAN 0 to HW filter on device batadv0
[   87.440863][ T5618] 8021q: adding VLAN 0 to HW filter on device batadv0
[   87.477162][ T5616] batman_adv: batadv0: Interface activated: batadv_slave_0
[   87.520412][ T5616] batman_adv: batadv0: Interface activated: batadv_slave_1
[   87.595758][ T1102] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   87.632573][ T1102] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   87.665611][ T1102] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   87.700940][ T1102] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   87.785568][ T5617] 8021q: adding VLAN 0 to HW filter on device batadv0
[   88.024367][ T5618] veth0_vlan: entered promiscuous mode
[   88.066556][ T5619] 8021q: adding VLAN 0 to HW filter on device batadv0
[   88.115823][ T5615] 8021q: adding VLAN 0 to HW filter on device batadv0
[   88.137140][   T36] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   88.159168][   T36] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   88.175017][ T5618] veth1_vlan: entered promiscuous mode
[   88.233365][ T5617] veth0_vlan: entered promiscuous mode
[   88.277750][   T36] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   88.306082][   T36] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   88.349506][ T5617] veth1_vlan: entered promiscuous mode
[   88.365373][ T5618] veth0_macvtap: entered promiscuous mode
[   88.418402][ T5620] veth0_vlan: entered promiscuous mode
[   88.433240][ T5618] veth1_macvtap: entered promiscuous mode
[   88.437949][ T5616] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality.
[   88.483877][ T5615] veth0_vlan: entered promiscuous mode
[   88.508778][ T5620] veth1_vlan: entered promiscuous mode
[   88.596063][ T5615] veth1_vlan: entered promiscuous mode
[   88.609700][ T5618] batman_adv: batadv0: Interface activated: batadv_slave_0
[   88.635022][ T5617] veth0_macvtap: entered promiscuous mode
[   88.647284][ T5618] batman_adv: batadv0: Interface activated: batadv_slave_1
[   88.697182][ T5617] veth1_macvtap: entered promiscuous mode
[   88.735845][   T12] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   88.745629][   T57] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   88.773258][   T57] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   88.783271][   T57] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   88.888432][ T5620] veth0_macvtap: entered promiscuous mode
[   88.908102][ T5617] batman_adv: batadv0: Interface activated: batadv_slave_0
[   88.953534][ T5617] batman_adv: batadv0: Interface activated: batadv_slave_1
[   88.982696][ T5615] veth0_macvtap: entered promiscuous mode
[   89.008628][ T5620] veth1_macvtap: entered promiscuous mode
[   89.069059][ T5867] process 'syz.2.10' launched '/dev/fd/4' with NULL argv: empty string added
[   89.084510][ T5615] veth1_macvtap: entered promiscuous mode
[   89.095296][   T57] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   89.104490][   T57] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   89.115993][   T36] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   89.129628][ T5619] veth0_vlan: entered promiscuous mode
[   89.152054][   T12] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   89.191186][   T12] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   89.225233][   T12] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   89.252462][ T5619] veth1_vlan: entered promiscuous mode
[   89.294506][ T5620] batman_adv: batadv0: Interface activated: batadv_slave_0
[   89.325083][ T5620] batman_adv: batadv0: Interface activated: batadv_slave_1
[   89.367477][ T5615] batman_adv: batadv0: Interface activated: batadv_slave_0
[   89.379449][   T48] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   89.400931][   T48] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   89.425223][ T5871] loop2: detected capacity change from 0 to 128
[   89.463262][ T5871] FAT-fs (loop2): utf8 is not a recommended IO charset for FAT filesystems, filesystem will be case sensitive!
[   89.494906][ T5871] FAT-fs (loop2): Invalid FSINFO signature: 0x41615252, 0x80417272 (sector = 1)
[   89.504910][ T5615] batman_adv: batadv0: Interface activated: batadv_slave_1
[   89.518902][  T181] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   89.568612][  T181] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   89.578413][  T181] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   89.626858][ T1102] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   89.665256][ T5619] veth0_macvtap: entered promiscuous mode
[   89.673014][ T1102] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   89.688275][  T181] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   89.707000][   T57] FAT-fs (loop2): Invalid FSINFO signature: 0x41615252, 0x80417272 (sector = 1)
[   89.707244][  T181] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   89.749939][  T181] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   89.754411][ T5873] loop0: detected capacity change from 0 to 4096
[   89.777582][  T181] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   89.825383][ T5619] veth1_macvtap: entered promiscuous mode
[   89.888213][   T57] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   89.897553][   T57] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   89.984171][  T181] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   90.222897][ T5877] raw_sendmsg: syz.2.13 forgot to set AF_INET. Fix it!
[   90.422769][ T5877] ceph: No mds server is up or the cluster is laggy
[   90.824584][   T48] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   90.833400][   T48] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   90.850464][  T802] libceph: connect (1)[c::]:6789 error -101
[   90.959420][  T802] libceph: mon0 (1)[c::]:6789 connect error
[   91.059005][ T5619] batman_adv: batadv0: Interface activated: batadv_slave_0
[   91.089934][   T48] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   91.109082][   T48] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   91.196230][ T5883] loop0: detected capacity change from 0 to 32768
[   91.255524][ T5619] batman_adv: batadv0: Interface activated: batadv_slave_1
[   91.305946][ T5883] XFS (loop0): Mounting V5 Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb
[   91.307406][   T57] netdevsim netdevsim5 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   91.356384][ T5883] XFS (loop0): Ending clean mount
[   91.368122][ T5883] XFS (loop0): Quotacheck needed: Please wait.
[   91.378128][   T57] netdevsim netdevsim5 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   91.397526][   T36] netdevsim netdevsim5 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   91.415228][   T36] netdevsim netdevsim5 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   91.441118][ T5883] XFS (loop0): Quotacheck: Done.
[   91.682904][ T5898] netlink: 12 bytes leftover after parsing attributes in process `syz.2.15'.
[   91.716022][ T5900] loop1: detected capacity change from 0 to 1024
[   91.724516][  T132] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   91.780329][  T132] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   92.364871][ T5618] XFS (loop0): Unmounting Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb
[   92.393577][  T181] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   92.460680][  T181] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   92.527535][ T5903] loop4: detected capacity change from 0 to 2048
[   92.646496][ T5903] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000)
[   92.737511][   T12] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   92.785437][   T12] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   93.034491][ T5909] loop0: detected capacity change from 0 to 32768
[   93.045599][ T5909] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop0 (7:0) scanned by syz.0.18 (5909)
[   93.067691][ T5909] BTRFS info (device loop0): first mount of filesystem e417788f-7a09-42b2-9266-8ddc5d5d35d2
[   93.078111][ T5909] BTRFS info (device loop0): using xxhash64 checksum algorithm
[   93.085909][ T5909] BTRFS warning (device loop0): space cache v1 is being deprecated and will be removed in a future release, please use -o space_cache=v2
[   93.139040][  T181] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   93.157261][  T181] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   93.226834][ T5920] loop3: detected capacity change from 0 to 512
[   93.241843][ T5920] EXT4-fs: Ignoring removed nobh option
[   93.306368][ T5909] BTRFS info (device loop0): rebuilding free space tree
[   93.333390][ T5920] fscrypt (loop3, inode 2): Error -61 getting encryption context
[   93.350192][ T5909] BTRFS info (device loop0): disabling free space tree
[   93.358115][ T5909] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1)
[   93.369051][ T5909] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2)
[   93.391190][ T5909] BTRFS info (device loop0): setting nodatasum
[   93.397474][ T5909] BTRFS info (device loop0): allowing degraded mounts
[   93.404353][ T5909] BTRFS info (device loop0): turning on async discard
[   93.412551][ T5909] BTRFS info (device loop0): enabling disk space caching
[   93.419616][ T5909] BTRFS info (device loop0): force clearing of disk cache
[   93.426813][ T5909] BTRFS info (device loop0): force zlib compression, level 3
[   93.432675][ T5920] EXT4-fs (loop3): Cannot turn on journaled quota: type 1: error -61
[   93.478060][ T5920] EXT4-fs error (device loop3): ext4_orphan_get:1397: inode #13: comm syz.3.4: inode has both inline data and extents flags
[   93.533751][ T5920] loop3: lost file I/O error report for ino 13 type 5 pos 0x0 len 0x0 error -117
[   93.537720][ T5920] EXT4-fs error (device loop3): ext4_orphan_get:1402: comm syz.3.4: couldn't read orphan inode 13 (err -117)
[   93.547125][    C1] EXT4-fs (loop3): error count since last fsck: 1
[   93.547214][    C1] EXT4-fs (loop3): initial error at time 1777296236: ext4_orphan_get:1397: inode 13
[   93.547253][    C1] EXT4-fs (loop3): last error at time 1777296236: ext4_orphan_get:1397: inode 13
[   93.636306][ T5909] BTRFS info (device loop0): balance: start -susage=0,usage=0..0,drange=6..0,vrange=8..15,limit=5,stripes=7..3
[   93.649279][ T5909] BTRFS info (device loop0): balance: ended with status: 0
[   93.685548][ T5920] loop3: lost filesystem error report for type 5 error -117
[   93.718281][ T5920] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   93.768498][ T5618] BTRFS info (device loop0): last unmount of filesystem e417788f-7a09-42b2-9266-8ddc5d5d35d2
[   93.833317][ T5934] netlink: 20 bytes leftover after parsing attributes in process `syz.4.20'.
[   93.847999][ T5920] EXT4-fs (loop3): shut down requested (1)
[   93.886525][ T5920] fscrypt (loop3, inode 2): Error -5 getting encryption context
[   94.202076][ T5940] loop1: detected capacity change from 0 to 1024
[   94.210019][ T5615] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   94.244001][ T5940] =======================================================
[   94.244001][ T5940] WARNING: The mand mount option has been deprecated and
[   94.244001][ T5940]          and is ignored by this kernel. Remove the mand
[   94.244001][ T5940]          option from the mount to silence this warning.
[   94.244001][ T5940] =======================================================
[   94.454266][ T5940] EXT4-fs (loop1): mounted filesystem 00000000-0000-0006-0000-000000000000 r/w without journal. Quota mode: none.
[   94.531037][ T5940] ext4 filesystem being mounted at /4/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[   94.619600][ T5949] syz.5.26 uses obsolete (PF_INET,SOCK_PACKET)
[   94.770167][ T5940] EXT4-fs error (device loop1): ext4_validate_block_bitmap:441: comm syz.1.23: bg 0: block 112: padding at end of block bitmap is not set
[   94.850853][ T5940] EXT4-fs (loop1): Delayed block allocation failed for inode 15 at logical offset 16 with max blocks 52 with error 28
[   94.930915][ T5940] EXT4-fs (loop1): This should not happen!! Data will be lost
[   94.930915][ T5940] 
[   94.996886][ T5940] EXT4-fs (loop1): Total free blocks count 0
[   95.020795][ T5940] EXT4-fs (loop1): Free/Dirty block details
[   95.066385][ T5940] EXT4-fs (loop1): free_blocks=0
[   95.107148][ T5940] EXT4-fs (loop1): dirty_blocks=64
[   95.164808][ T5940] EXT4-fs (loop1): Block reservation details
[   95.227456][ T5966] netlink: 8 bytes leftover after parsing attributes in process `syz.2.33'.
[   95.262661][ T5940] EXT4-fs (loop1): i_reserved_data_blocks=4
[   95.272321][ T5966] netlink: 4 bytes leftover after parsing attributes in process `syz.2.33'.
[   95.329564][ T5966] netlink: 'syz.2.33': attribute type 10 has an invalid length.
[   95.417650][ T5970] netlink: 'syz.5.30': attribute type 4 has an invalid length.
[   95.926519][ T5966] bridge0: port 2(bridge_slave_1) entered disabled state
[   95.935758][ T5966] bridge0: port 1(bridge_slave_0) entered disabled state
[   95.988021][ T5966] bridge0: port 2(bridge_slave_1) entered blocking state
[   95.995267][ T5966] bridge0: port 2(bridge_slave_1) entered forwarding state
[   96.003814][ T5966] bridge0: port 1(bridge_slave_0) entered blocking state
[   96.011145][ T5966] bridge0: port 1(bridge_slave_0) entered forwarding state
[   96.064081][ T5966] bond0: (slave bridge0): Enslaving as an active interface with an up link
[   96.084742][ T5617] EXT4-fs warning (device loop1): ext4_evict_inode:195: inode #15: comm syz-executor: data will be lost
[   96.146375][ T5617] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0006-0000-000000000000.
[   96.340570][ T5977] pim6reg1: entered promiscuous mode
[   96.364102][ T5977] pim6reg1: entered allmulticast mode
[   96.647237][ T5979] loop1: detected capacity change from 0 to 512
[   96.699451][ T5979] EXT4-fs: Warning: mounting with data=journal disables delayed allocation, dioread_nolock, O_DIRECT and fast_commit support!
[   96.769042][ T5979] EXT4-fs (loop1): encrypted files will use data=ordered instead of data journaling mode
[   96.806893][ T5979] EXT4-fs (loop1): 1 truncate cleaned up
[   96.825343][ T5979] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[   96.926531][ T5979] netlink: 'syz.1.35': attribute type 4 has an invalid length.
[   96.976891][ T5980] netlink: 'syz.1.35': attribute type 4 has an invalid length.
[   97.040412][ T5953] loop3: detected capacity change from 0 to 32768
[   97.756810][ T5953] read_mapping_page failed!
[   97.781384][ T5997] input: syz0 as /devices/virtual/input/input5
[   97.807900][ T5953] jfs_mount: Failed to read AGGREGATE_I
[   97.827097][ T5953] Mount JFS Failure: -5
[   97.930986][ T5617] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   98.131167][ T5768] usb 3-1: new high-speed USB device number 2 using dummy_hcd
[   98.358276][ T5768] usb 3-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F
[   98.397377][ T5768] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 255, changing to 11
[   98.443546][ T5768] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 59391, setting to 1024
[   98.490781][ T5768] usb 3-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21
[   98.540792][ T1216] usb 5-1: new high-speed USB device number 2 using dummy_hcd
[   98.544988][ T5768] usb 3-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[   98.572770][ T5768] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[   99.586326][ T5768] usb 3-1: config 0 descriptor??
[   99.603015][ T6003] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22
[   99.747864][ T6023] loop5: detected capacity change from 0 to 131072
[   99.810555][ T6023] F2FS-fs (loop5): Test dummy encryption mode enabled
[   99.819982][ T6023] F2FS-fs (loop5): invalid crc value
[   99.911258][ T6023] F2FS-fs (loop5): f2fs_recover_fsync_data: recovery fsync data, check_only: 0
[   99.924705][ T6023] F2FS-fs (loop5): Mounted with checkpoint version = 48b305e5
[  100.053444][ T6023] fscrypt: AES-256-XTS using implementation "xts-aes-vaes-avx2"
[  100.110797][   T30] audit: type=1800 audit(1777296242.798:2): pid=6023 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.5.52" name="file2" dev="loop5" ino=10 res=0 errno=0
[  100.294908][ T5768] plantronics 0003:047F:FFFF.0001: unknown main item tag 0x0
[  100.365158][ T5768] plantronics 0003:047F:FFFF.0001: unknown main item tag 0x0
[  100.440544][ T5768] plantronics 0003:047F:FFFF.0001: unknown main item tag 0x0
[  100.485938][ T5768] plantronics 0003:047F:FFFF.0001: unknown main item tag 0x0
[  100.540772][ T5768] plantronics 0003:047F:FFFF.0001: unknown main item tag 0x0
[  100.601258][ T1216] usb 5-1: Using ep0 maxpacket: 16
[  100.609892][ T1216] usb 5-1: config 0 has an invalid interface number: 1 but max is 0
[  100.615773][ T5768] plantronics 0003:047F:FFFF.0001: unknown main item tag 0x0
[  100.618097][ T1216] usb 5-1: config 0 has no interface number 0
[  100.636331][ T1216] usb 5-1: New USB device found, idVendor=04fc, idProduct=1528, bcdDevice=6d.5d
[  100.645531][ T1216] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  100.663230][ T1216] usb 5-1: Product: syz
[  100.682997][ T5768] plantronics 0003:047F:FFFF.0001: unknown main item tag 0x0
[  100.696568][ T5768] plantronics 0003:047F:FFFF.0001: unknown main item tag 0x0
[  100.747813][ T5768] plantronics 0003:047F:FFFF.0001: unknown main item tag 0x0
[  100.770592][ T5768] plantronics 0003:047F:FFFF.0001: unknown main item tag 0x0
[  100.852976][ T6022] loop0: detected capacity change from 0 to 262144
[  100.866916][ T1216] usb 5-1: Manufacturer: syz
[  100.872599][ T6022] F2FS-fs (loop0): invalid crc value
[  100.886617][ T1216] usb 5-1: SerialNumber: syz
[  100.988277][ T6022] F2FS-fs (loop0): f2fs_recover_fsync_data: recovery fsync data, check_only: 0
[  101.006499][ T1216] usb 5-1: config 0 descriptor??
[  101.011864][ T6022] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e4
[  101.055603][ T5768] plantronics 0003:047F:FFFF.0001: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.2-1/input0
[  101.104245][ T1216] gspca_main: spca1528-2.14.0 probing 04fc:1528
[  101.216733][ T5768] usb 3-1: USB disconnect, device number 2
[  101.704792][ T6035] fido_id[6035]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.2/usb3/3-1/report_descriptor': No such file or directory
[  102.665855][ T1216] gspca_spca1528: reg_w err -71
[  102.701805][ T1216] spca1528 5-1:0.1: probe with driver spca1528 failed with error -71
[  103.672041][ T1216] usb 5-1: USB disconnect, device number 2
[  103.885917][ T6050] loop3: detected capacity change from 0 to 512
[  103.926899][ T6050] EXT4-fs (loop3): encrypted files will use data=ordered instead of data journaling mode
[  104.039376][ T6050] EXT4-fs (loop3): 1 truncate cleaned up
[  104.108728][ T6050] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  104.210079][ T6050] netlink: 'syz.3.59': attribute type 4 has an invalid length.
[  104.425660][ T5615] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  105.029617][ T6066] netlink: 16 bytes leftover after parsing attributes in process `syz.4.65'.
[  105.096716][ T6066] netlink: 8 bytes leftover after parsing attributes in process `syz.4.65'.
[  105.166648][ T6048] loop2: detected capacity change from 0 to 32768
[  105.362915][ T6048] XFS (loop2): Mounting V5 Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb
[  105.522115][ T6048] XFS (loop2): Ending clean mount
[  105.604272][ T6048] XFS (loop2): Quotacheck needed: Please wait.
[  105.848005][ T6048] XFS (loop2): Quotacheck: Done.
[  105.909114][ T6076] loop5: detected capacity change from 0 to 128
[  105.992975][ T6076] FAT-fs (loop5): utf8 is not a recommended IO charset for FAT filesystems, filesystem will be case sensitive!
[  106.101080][ T6055] loop1: detected capacity change from 0 to 40427
[  106.148837][ T6055] F2FS-fs (loop1): Invalid log blocks per segment (4278190089)
[  106.184233][ T5616] XFS (loop2): Unmounting Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb
[  106.225112][ T6055] F2FS-fs (loop1): Can't find valid F2FS filesystem in 1th superblock
[  106.302342][ T6055] F2FS-fs (loop1): invalid crc value
[  106.792256][ T6055] F2FS-fs (loop1): f2fs_recover_fsync_data: recovery fsync data, check_only: 0
[  106.859919][ T6055] F2FS-fs (loop1): Try to recover 1th superblock, ret: 0
[  106.889430][ T6055] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e5
[  106.898244][ T6064] loop3: detected capacity change from 0 to 262144
[  106.910380][ T6064] F2FS-fs (loop3): invalid crc value
[  106.931021][ T6076] FAT-fs (loop5): Invalid FSINFO signature: 0x41615252, 0x80417272 (sector = 1)
[  107.043916][ T6064] F2FS-fs (loop3): f2fs_recover_fsync_data: recovery fsync data, check_only: 0
[  107.088600][ T6064] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e4
[  107.689000][ T6088] loop5: detected capacity change from 0 to 512
[  107.729531][ T6088] EXT4-fs (loop5): encrypted files will use data=ordered instead of data journaling mode
[  107.749760][ T6078] loop4: detected capacity change from 0 to 32768
[  107.809388][ T6088] EXT4-fs (loop5): 1 truncate cleaned up
[  107.835592][ T6078] XFS (loop4): Mounting V5 Filesystem 9f1cad42-11bd-4e12-8f0b-f07876b81d9a
[  107.879602][ T6088] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  108.053144][ T6089] netlink: 'syz.5.71': attribute type 4 has an invalid length.
[  108.115008][ T6104] netlink: 'syz.5.71': attribute type 4 has an invalid length.
[  108.170210][ T6078] XFS (loop4): Ending clean mount
[  108.225981][ T6097] loop2: detected capacity change from 0 to 32768
[  108.244500][ T6097] gfs2: fsid=syz:syz: Trying to join cluster "lock_nolock", "syz:syz"
[  108.252896][ T6097] gfs2: fsid=syz:syz: Now mounting FS (format 1801)...
[  108.345526][ T6097] gfs2: fsid=syz:syz.0: journal 0 mapped with 3 extents in 0ms
[  108.362231][ T5768] gfs2: fsid=syz:syz.0: jid=0, already locked for use
[  108.397997][ T5768] gfs2: fsid=syz:syz.0: jid=0: Looking at journal...
[  108.515580][ T5619] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  108.555371][ T5620] XFS (loop4): Unmounting Filesystem 9f1cad42-11bd-4e12-8f0b-f07876b81d9a
[  108.834111][ T5768] gfs2: fsid=syz:syz.0: jid=0: Journal head lookup took 436ms
[  108.875933][ T5768] gfs2: fsid=syz:syz.0: jid=0: Done
[  108.906149][ T6097] gfs2: fsid=syz:syz.0: first mount done, others may mount
[  109.141284][ T1216] usb 2-1: new high-speed USB device number 2 using dummy_hcd
[  109.332691][ T1216] usb 2-1: Using ep0 maxpacket: 8
[  109.352827][ T6097] gfs2: fsid=syz:syz.0: found 1 quota changes
[  109.356800][ T1216] usb 2-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid maxpacket 56832, setting to 1024
[  109.405300][ T1216] usb 2-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 1024
[  109.435940][ T1216] usb 2-1: config 16 interface 0 altsetting 0 endpoint 0x8B has invalid maxpacket 65535, setting to 1024
[  109.487284][ T1216] usb 2-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 1024
[  109.523933][ T1216] usb 2-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  109.570756][ T5768] usb 5-1: new high-speed USB device number 3 using dummy_hcd
[  109.582381][ T1216] usb 2-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23
[  109.622242][ T1216] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  109.747978][ T5768] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  109.830021][ T5768] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  109.872690][ T5768] usb 5-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21
[  109.882731][ T1216] usb 2-1: usb_control_msg returned -32
[  109.907911][ T1216] usbtmc 2-1:16.0: can't read capabilities
[  109.932435][ T5768] usb 5-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[  109.951882][ T5768] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  110.035136][ T5768] usb 5-1: config 0 descriptor??
[  110.457687][ T6129] loop5: detected capacity change from 0 to 2048
[  110.489999][ T5768] plantronics 0003:047F:FFFF.0002: reserved main item tag 0xd
[  110.559356][ T6132] NILFS (loop5): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
[  110.602477][ T5768] plantronics 0003:047F:FFFF.0002: hiddev1,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.4-1/input0
[  110.670938][ T5632] usb 1-1: new full-speed USB device number 2 using dummy_hcd
[  110.683106][ T6134] loop2: detected capacity change from 0 to 2048
[  110.706512][ T5768] usb 5-1: USB disconnect, device number 3
[  110.735665][ T6134] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000)
[  110.856009][ T6135] fido_id[6135]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.4/usb5/report_descriptor': No such file or directory
[  110.880392][ T6134] UDF-fs: error (device loop2): udf_verify_fi: directory (ino 1376) has entry where CRC length (32) does not match entry length (24)
[  110.883822][ T5632] usb 1-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  110.938510][ T5632] usb 1-1: config 1 has 1 interface, different from the descriptor's value: 2
[  110.957101][ T5632] usb 1-1: config 1 has no interface number 0
[  110.973553][ T5632] usb 1-1: config 1 interface 1 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 10
[  110.999793][ T6132] NILFS (loop5): vblocknr = 23 has abnormal lifetime: start cno (= 4294967298) > current cno (= 3)
[  111.004365][ T5632] usb 1-1: config 1 interface 1 altsetting 0 endpoint 0x81 has invalid maxpacket 512, setting to 64
[  111.050465][ T6132] NILFS error (device loop5): nilfs_bmap_propagate: broken bmap (inode number=4)
[  111.056965][ T5632] usb 1-1: Duplicate descriptor for config 1 interface 1 altsetting 0, skipping
[  111.086528][ T6132] Remounting filesystem read-only
[  111.106956][ T5632] usb 1-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[  111.119992][ T5619] NILFS (loop5): disposed unprocessed dirty file(s) when stopping log writer
[  111.141179][ T5632] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  111.166490][ T5632] usb 1-1: Product: syz
[  111.178790][ T5632] usb 1-1: Manufacturer: syz
[  111.197169][ T5632] usb 1-1: SerialNumber: syz
[  111.237136][ T6131] raw-gadget.2 gadget.0: fail, usb_ep_enable returned -22
[  111.356506][ T6140] loop5: detected capacity change from 0 to 256
[  111.458748][ T6142] loop4: detected capacity change from 0 to 512
[  111.521545][   T30] audit: type=1800 audit(1777296254.238:3): pid=6142 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.4.81" name="file2" dev="loop4" ino=1048615 res=0 errno=0
[  111.548911][ T6142] FAT-fs (loop4): error, corrupted file size (i_pos 51, 8960)
[  111.557509][ T6142] FAT-fs (loop4): Filesystem has been set read-only
[  111.586766][ T6140] exFAT-fs (loop5): failed to load upcase table (idx : 0x00011f1c, chksum : 0x850fc7e5, utbl_chksum : 0xe619d30d)
[  111.669549][ T6131] raw-gadget.2 gadget.0: fail, usb_ep_enable returned -22
[  111.709080][ T6140] exFAT-fs (loop5): error, exfat_zeroed_cluster: out of range(sect:224 len:8)
[  111.730255][ T6140] exFAT-fs (loop5): Filesystem has been set read-only
[  111.873732][ T5861] usb 2-1: USB disconnect, device number 2
[  111.880047][ T6146] loop2: detected capacity change from 0 to 512
[  111.919639][ T6146] EXT4-fs (loop2): encrypted files will use data=ordered instead of data journaling mode
[  111.978682][ T6146] EXT4-fs (loop2): 1 truncate cleaned up
[  111.989447][ T6146] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  112.042436][ T6146] netlink: 'syz.2.84': attribute type 4 has an invalid length.
[  112.092758][ T6152] netlink: 'syz.2.84': attribute type 4 has an invalid length.
[  112.108370][ T5632] cdc_ncm 1-1:1.1: bind() failure
[  112.350896][ T5768] usb 6-1: new high-speed USB device number 2 using dummy_hcd
[  112.377841][ T5616] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  112.392088][ T5632] usb 1-1: USB disconnect, device number 2
[  112.419224][ T6166] syzkaller1: entered promiscuous mode
[  112.440237][ T6166] syzkaller1: entered allmulticast mode
[  112.522578][ T5768] usb 6-1: Using ep0 maxpacket: 32
[  112.528905][ T6174] syzkaller1: entered promiscuous mode
[  112.542661][ T6174] syzkaller1: entered allmulticast mode
[  112.551078][ T5768] usb 6-1: config 0 interface 0 altsetting 2 endpoint 0x81 has an invalid bInterval 254, changing to 11
[  112.584099][ T5768] usb 6-1: config 0 interface 0 has no altsetting 0
[  112.600915][ T5768] usb 6-1: New USB device found, idVendor=046d, idProduct=c298, bcdDevice= 0.00
[  112.618952][ T5768] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  112.643524][ T5768] usb 6-1: config 0 descriptor??
[  112.693872][ T6181] capability: warning: `syz.4.91' uses 32-bit capabilities (legacy support in use)
[  112.737289][ T6181] overlayfs: upper fs does not support file handles, falling back to index=off.
[  112.801833][ T1216] usb 3-1: new high-speed USB device number 3 using dummy_hcd
[  112.962000][ T1216] usb 3-1: Using ep0 maxpacket: 16
[  112.994836][ T1216] usb 3-1: New USB device found, idVendor=0471, idProduct=0327, bcdDevice=61.a4
[  113.012451][ T1216] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  113.053688][ T1216] usb 3-1: config 0 descriptor??
[  113.103835][ T1216] gspca_main: sonixj-2.14.0 probing 0471:0327
[  113.106315][ T5768] hid_parser_main: 1 callbacks suppressed
[  113.106338][ T5768] logitech 0003:046D:C298.0003: unknown main item tag 0x0
[  113.116011][ T6188] loop4: detected capacity change from 0 to 4096
[  113.143627][ T6188] EXT4-fs (loop4): Test dummy encryption mode enabled
[  113.165412][ T5768] logitech 0003:046D:C298.0003: unknown main item tag 0x0
[  113.181214][ T6188] [EXT4 FS bs=4096, gc=1, bpg=524288, ipg=32, mo=8843c01c, mo2=0003]
[  113.191986][ T5768] logitech 0003:046D:C298.0003: unknown main item tag 0x0
[  113.213697][ T6188] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  113.229121][ T5768] logitech 0003:046D:C298.0003: unknown main item tag 0x0
[  113.253547][ T6193] loop0: detected capacity change from 0 to 2048
[  113.261666][  T802] usb 2-1: new high-speed USB device number 3 using dummy_hcd
[  113.284341][ T5768] logitech 0003:046D:C298.0003: unknown main item tag 0x0
[  113.326964][ T5768] logitech 0003:046D:C298.0003: unknown main item tag 0x0
[  113.382093][ T5768] logitech 0003:046D:C298.0003: unknown main item tag 0x0
[  113.420467][ T5768] logitech 0003:046D:C298.0003: unknown main item tag 0x0
[  113.449997][ T6193] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  113.462598][  T802] usb 2-1: Using ep0 maxpacket: 32
[  113.469368][ T5768] logitech 0003:046D:C298.0003: unknown main item tag 0x0
[  113.493438][ T5768] logitech 0003:046D:C298.0003: unknown main item tag 0x0
[  113.506797][  T802] usb 2-1: New USB device found, idVendor=05a9, idProduct=1550, bcdDevice=e4.bb
[  113.528684][ T5768] logitech 0003:046D:C298.0003: item fetching failed at offset 32/33
[  113.541353][  T802] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  113.559503][ T6193] EXT4-fs error (device loop0): ext4_mb_generate_buddy:1317: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters
[  113.577852][  T802] usb 2-1: Product: syz
[  113.587436][ T5768] logitech 0003:046D:C298.0003: parse failed
[  113.600759][  T802] usb 2-1: Manufacturer: syz
[  113.610560][ T5768] logitech 0003:046D:C298.0003: probe with driver logitech failed with error -22
[  113.624548][  T802] usb 2-1: SerialNumber: syz
[  113.638283][  T802] usb 2-1: config 0 descriptor??
[  113.653404][ T5768] usb 6-1: USB disconnect, device number 2
[  113.660270][ T6193] EXT4-fs (loop0): Delayed block allocation failed for inode 15 at logical offset 31 with max blocks 1 with error 28
[  113.686369][  T802] gspca_main: ov534_9-2.14.0 probing 05a9:1550
[  113.699454][ T6193] EXT4-fs (loop0): This should not happen!! Data will be lost
[  113.699454][ T6193] 
[  113.715694][ T6193] EXT4-fs (loop0): Total free blocks count 0
[  113.726430][ T6193] EXT4-fs (loop0): Free/Dirty block details
[  113.733811][ T6193] EXT4-fs (loop0): free_blocks=2415919104
[  113.739694][ T6193] EXT4-fs (loop0): dirty_blocks=32
[  113.749376][ T6193] EXT4-fs (loop0): Block reservation details
[  113.758339][ T6193] EXT4-fs (loop0): i_reserved_data_blocks=2
[  113.766757][   T30] audit: type=1800 audit(1777296256.478:4): pid=6201 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.4.93" name="file1" dev="loop4" ino=15 res=0 errno=0
[  113.813337][ T5810] EXT4-fs (loop0): Delayed block allocation failed for inode 15 at logical offset 0 with max blocks 1 with error 28
[  113.830236][ T5618] EXT4-fs warning (device loop0): ext4_evict_inode:195: inode #15: comm syz-executor: data will be lost
[  114.104741][ T6206] loop2: detected capacity change from 0 to 7
[  114.140863][ T6206]  loop2:
[  114.150880][ T6206] loop2: partition table partially beyond EOD, truncated
[  114.261360][ T5620] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  114.299810][ T1216] gspca_sonixj: reg_w1 err -71
[  114.351459][ T1216] sonixj 3-1:0.0: probe with driver sonixj failed with error -71
[  114.409054][ T1216] usb 3-1: USB disconnect, device number 3
[  115.599618][  T802] gspca_ov534_9: reg_w failed -110
[  115.747141][ T6213] loop5: detected capacity change from 0 to 131072
[  115.956743][ T6213] F2FS-fs (loop5): Wrong CP boundary, start(512) end(1536) blocks(0)
[  115.964932][ T6213] F2FS-fs (loop5): Can't find valid F2FS filesystem in 1th superblock
[  116.177246][ T6213] F2FS-fs (loop5): invalid crc value
[  116.273827][ T6213] F2FS-fs (loop5): f2fs_recover_fsync_data: recovery fsync data, check_only: 0
[  116.289464][ T6213] F2FS-fs (loop5): Try to recover 1th superblock, ret: 0
[  116.296613][ T6213] F2FS-fs (loop5): Mounted with checkpoint version = 48b305e4
[  116.370888][  T802] gspca_ov534_9: Unknown sensor 0000
[  116.371000][  T802] ov534_9 2-1:0.0: probe with driver ov534_9 failed with error -22
[  116.439957][ T6227] loop4: detected capacity change from 0 to 4096
[  116.494976][ T6227] ntfs3(loop4): Different NTFS sector size (1024) and media sector size (512).
[  116.559859][ T6227] ntfs3(loop4): ino=3, mi_enum_attr
[  116.767686][ T6233] netlink: 'syz.0.104': attribute type 4 has an invalid length.
[  117.292577][ T1216] usb 3-1: new high-speed USB device number 4 using dummy_hcd
[  117.351119][ T6227] ntfs3(loop4): Mark volume as dirty due to NTFS errors
[  117.363128][ T6227] ntfs3(loop4): ino=1a, mi_enum_attr
[  117.384143][ T6227] ntfs3(loop4): ino=1a, mi_enum_attr
[  117.403720][ T6227] ntfs3(loop4): Failed to initialize $Extend/$Reparse.
[  117.418632][ T6236] loop3: detected capacity change from 0 to 256
[  117.429547][ T5768] usb 2-1: USB disconnect, device number 3
[  117.545741][ T1216] usb 3-1: device descriptor read/64, error -71
[  117.550014][ T6236] exFAT-fs (loop3): failed to load upcase table (idx : 0x00010000, chksum : 0xe3865569, utbl_chksum : 0xe619d30d)
[  117.650974][   T30] audit: type=1800 audit(1777296260.358:5): pid=6236 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.3.106" name="file1" dev="loop3" ino=1048616 res=0 errno=0
[  117.803110][   T30] audit: type=1800 audit(1777296260.508:6): pid=6238 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.4.103" name="file1" dev="loop4" ino=30 res=0 errno=0
[  117.835699][ T1216] usb 3-1: new high-speed USB device number 5 using dummy_hcd
[  117.969831][ T6247] loop3: detected capacity change from 0 to 2048
[  118.002283][ T1216] usb 3-1: device descriptor read/64, error -71
[  118.152949][ T1216] usb usb3-port1: attempt power cycle
[  118.173043][ T6248] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  118.175163][ T6247] NILFS error (device loop3): nilfs_check_folio: bad entry in directory #2: unaligned directory entry - offset=0, inode=18446736377128157191, rec_len=65535, name_len=255
[  118.235806][ T6251] NILFS error (device loop3): nilfs_check_folio: bad entry in directory #2: unaligned directory entry - offset=0, inode=18446736377128157191, rec_len=65535, name_len=255
[  118.272769][ T6247] NILFS error (device loop3): nilfs_check_folio: bad entry in directory #2: unaligned directory entry - offset=0, inode=18446736377128157191, rec_len=65535, name_len=255
[  118.318986][ T6247] NILFS error (device loop3): nilfs_check_folio: bad entry in directory #2: unaligned directory entry - offset=0, inode=18446736377128157191, rec_len=65535, name_len=255
[  118.372036][ T6247] NILFS error (device loop3): nilfs_check_folio: bad entry in directory #2: unaligned directory entry - offset=0, inode=18446736377128157191, rec_len=65535, name_len=255
[  118.521414][ T6248] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  118.571541][ T1216] usb 3-1: new high-speed USB device number 6 using dummy_hcd
[  118.622856][ T1216] usb 3-1: device descriptor read/8, error -71
[  118.646951][ T5621] block nbd0: Receive control failed (result -107)
[  118.698223][ T6258] block nbd0: shutting down sockets
[  118.873923][ T1216] usb 3-1: new high-speed USB device number 7 using dummy_hcd
[  118.946330][ T1216] usb 3-1: device descriptor read/8, error -71
[  118.969221][ T6248] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  119.728715][ T1216] usb usb3-port1: unable to enumerate USB device
[  119.886448][ T6248] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  120.022265][ T6277] loop2: detected capacity change from 0 to 4096
[  120.048775][ T6277] EXT4-fs (loop2): Test dummy encryption mode enabled
[  120.124080][ T6277] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  120.224748][ T6277] fscrypt: AES-256-CBC-CTS using implementation "cts-cbc-aes-aesni"
[  120.513072][ T6288] loop5: detected capacity change from 0 to 256
[  120.521435][ T6285] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  120.764278][ T6290] iommufd_mock iommufd_mock1: Adding to iommu group 1
[  120.812460][   T48] netdevsim netdevsim1 eth0: set [1, 0] type 2 family 0 port 6081 - 0
[  121.288102][  T164] netdevsim netdevsim1 eth1: set [1, 0] type 2 family 0 port 6081 - 0
[  121.819072][  T164] netdevsim netdevsim1 eth2: set [1, 0] type 2 family 0 port 6081 - 0
[  121.902084][   T12] netdevsim netdevsim1 eth3: set [1, 0] type 2 family 0 port 6081 - 0
[  121.920087][ T5616] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  122.004126][ T6305] binder: 6304:6305 unknown command 0
[  122.028362][ T6305] binder: 6304:6305 ioctl c0306201 200000000140 returned -22
[  122.121179][ T5632] usb 6-1: new high-speed USB device number 3 using dummy_hcd
[  122.130781][ T1216] usb 4-1: new high-speed USB device number 2 using dummy_hcd
[  122.153893][ T6307] loop1: detected capacity change from 0 to 4096
[  122.175602][ T6307] EXT4-fs (loop1): Test dummy encryption mode enabled
[  122.178112][ T6309] netlink: 4 bytes leftover after parsing attributes in process `syz.2.128'.
[  122.237967][ T6307] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  122.292387][ T5632] usb 6-1: Using ep0 maxpacket: 32
[  122.292521][ T1216] usb 4-1: Using ep0 maxpacket: 8
[  122.299569][ T5632] usb 6-1: config 0 interface 0 altsetting 128 endpoint 0x2 has an invalid bInterval 0, changing to 7
[  122.316748][ T5632] usb 6-1: config 0 interface 0 altsetting 128 endpoint 0x2 has invalid wMaxPacketSize 0
[  122.327117][ T5632] usb 6-1: config 0 interface 0 has no altsetting 0
[  122.334913][ T5632] usb 6-1: New USB device found, idVendor=1b1c, idProduct=1c09, bcdDevice= 0.00
[  122.345187][ T5632] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  122.369373][ T5632] usb 6-1: config 0 descriptor??
[  123.696431][ T5632] hid_parser_main: 11 callbacks suppressed
[  123.696498][ T5632] corsair-psu 0003:1B1C:1C09.0004: unknown main item tag 0x0
[  123.881828][ T1216] usb 4-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid maxpacket 56832, setting to 1024
[  123.893269][ T1216] usb 4-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 1024
[  123.900211][ T5632] corsair-psu 0003:1B1C:1C09.0004: unknown main item tag 0x0
[  123.903300][ T1216] usb 4-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32
[  123.903332][ T1216] usb 4-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  123.903383][ T1216] usb 4-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23
[  123.940402][ T5632] corsair-psu 0003:1B1C:1C09.0004: unknown main item tag 0x0
[  123.963862][ T5632] corsair-psu 0003:1B1C:1C09.0004: unknown main item tag 0x0
[  123.971383][ T5632] corsair-psu 0003:1B1C:1C09.0004: unknown main item tag 0x0
[  123.982943][ T5632] corsair-psu 0003:1B1C:1C09.0004: hidraw0: USB HID v4.08 Device [HID 1b1c:1c09] on usb-dummy_hcd.5-1/input0
[  123.999216][ T6318] syz.2.128 (6318) used greatest stack depth: 17168 bytes left
[  124.054363][ T5632] corsair-psu 0003:1B1C:1C09.0004: unable to initialize device (-90)
[  124.630415][ T5632] corsair-psu 0003:1B1C:1C09.0004: probe with driver corsair-psu failed with error -90
[  124.669289][ T1216] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  124.752747][ T5632] usb 6-1: USB disconnect, device number 3
[  125.024689][ T5617] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  125.902097][ T6324] fido_id[6324]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.5/usb6/report_descriptor': No such file or directory
[  125.923527][ T1216] usb 4-1: usb_control_msg returned -71
[  125.958624][ T1216] usbtmc 4-1:16.0: can't read capabilities
[  126.025002][ T1216] usb 4-1: USB disconnect, device number 2
[  126.027611][ T6332] loop4: detected capacity change from 0 to 128
[  126.062280][ T6334] loop5: detected capacity change from 0 to 7
[  126.115089][ T6334] Dev loop5: unable to read RDB block 7
[  126.124351][   T30] audit: type=1800 audit(1777296268.838:7): pid=6342 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.135" name="#134" dev="overlay" ino=134 res=0 errno=0
[  126.134429][ T6332] EXT4-fs (loop4): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none.
[  126.178573][ T6334]  loop5: unable to read partition table
[  126.184667][ T6334] loop5: partition table beyond EOD, truncated
[  126.192536][ T6334] loop_reread_partitions: partition scan of loop5 (�被x������ ) failed (rc=-5)
[  126.264366][ T6332] ext4 filesystem being mounted at /28/mnt supports timestamps until 2038-01-19 (0x7fffffff)
[  126.411372][ T5861] usb 2-1: new high-speed USB device number 4 using dummy_hcd
[  126.584064][ T5861] usb 2-1: config 0 has no interfaces?
[  126.636097][ T5861] usb 2-1: New USB device found, idVendor=0af0, idProduct=7a05, bcdDevice=f6.00
[  126.681816][ T5861] usb 2-1: New USB device strings: Mfr=0, Product=2, SerialNumber=3
[  126.720769][ T5861] usb 2-1: Product: syz
[  126.738680][ T5861] usb 2-1: SerialNumber: syz
[  126.770331][ T5861] usb 2-1: config 0 descriptor??
[  126.837868][ T6332] fscrypt (loop4, inode 12): Error allocating 'adiantum(xchacha12,aes)' transform: -4
[  127.030761][ T5620] EXT4-fs (loop4): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09.
[  127.044077][ T6341] loop1: detected capacity change from 0 to 64
[  127.135826][ T6359] netlink: 36 bytes leftover after parsing attributes in process `syz.0.142'.
[  127.162505][ T6358] Zero length message leads to an empty skb
[  127.221509][ T6359] netlink: 8 bytes leftover after parsing attributes in process `syz.0.142'.
[  127.241076][ T5769] usb 2-1: USB disconnect, device number 4
[  127.292217][ T6359] netlink: 4 bytes leftover after parsing attributes in process `syz.0.142'.
[  127.333449][ T6360] netlink: 'syz.0.142': attribute type 10 has an invalid length.
[  127.349293][ T6362] loop4: detected capacity change from 0 to 1024
[  127.410137][ T6340] loop3: detected capacity change from 0 to 32768
[  127.432921][ T6360] bridge0: port 2(bridge_slave_1) entered disabled state
[  127.442316][ T6360] bridge0: port 1(bridge_slave_0) entered disabled state
[  127.464510][ T6340] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop3 (7:3) scanned by syz.3.138 (6340)
[  127.553324][ T6340] BTRFS info (device loop3): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[  127.569907][ T6360] bridge0: port 2(bridge_slave_1) entered blocking state
[  127.577102][ T6360] bridge0: port 2(bridge_slave_1) entered forwarding state
[  127.584674][ T6360] bridge0: port 1(bridge_slave_0) entered blocking state
[  127.591878][ T6360] bridge0: port 1(bridge_slave_0) entered forwarding state
[  127.608043][ T6368] comedi comedi3: dt2817: I/O base address or length out of range
[  127.621944][ T6340] BTRFS info (device loop3): using crc32c checksum algorithm
[  127.733828][ T6360] bond0: (slave bridge0): Enslaving as an active interface with an up link
[  127.763961][   T36] BTRFS warning (device loop3): checksum verify failed on logical 5332992 mirror 1 wanted 0x0a5e5d25 found 0xcee3a718 level 0
[  127.791583][ T6340] BTRFS warning (device loop3): couldn't read tree root
[  127.799866][ T6340] BTRFS warning (device loop3): try to load backup roots slot 1
[  127.808115][   T36] BTRFS warning (device loop3): checksum verify failed on logical 5324800 mirror 1 wanted 0x9f73850b found 0xe06dfc66 level 0
[  127.822858][ T6340] BTRFS warning (device loop3): couldn't read tree root
[  127.833501][ T6340] BTRFS warning (device loop3): try to load backup roots slot 2
[  127.864575][ T6383] loop5: detected capacity change from 0 to 4096
[  127.888854][ T6220] BTRFS error (device loop3): level verify failed on logical 5255168 mirror 1 wanted 0 found 1
[  127.943541][ T6383] EXT4-fs (loop5): Test dummy encryption mode enabled
[  127.999152][ T6340] BTRFS warning (device loop3): couldn't read tree root
[  128.025847][ T6340] BTRFS warning (device loop3): try to load backup roots slot 3
[  128.073383][ T6383] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  130.008832][ T6340] BTRFS error (device loop3): open_ctree failed: -4
[  130.171127][ T5619] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  130.668889][ T6406] loop1: detected capacity change from 0 to 32768
[  130.717063][ T6406] gfs2: fsid=syz:syz: Trying to join cluster "lock_nolock", "syz:syz"
[  130.725398][ T6406] gfs2: fsid=syz:syz: Now mounting FS (format 1801)...
[  130.879801][ T6406] gfs2: fsid=syz:syz.0: journal 0 mapped with 1 extents in 0ms
[  130.893269][ T1216] gfs2: fsid=syz:syz.0: jid=0, already locked for use
[  130.901608][ T1216] gfs2: fsid=syz:syz.0: jid=0: Looking at journal...
[  131.041071][ T6400] loop2: detected capacity change from 0 to 32768
[  131.238703][ T1216] gfs2: fsid=syz:syz.0: jid=0: Journal head lookup took 337ms
[  131.279662][ T1216] gfs2: fsid=syz:syz.0: jid=0: Done
[  131.323286][ T6406] gfs2: fsid=syz:syz.0: first mount done, others may mount
[  131.503761][ T6400] JBD2: Ignoring recovery information on journal
[  132.095133][ T1308] ieee802154 phy0 wpan0: encryption failed: -22
[  132.108068][ T1308] ieee802154 phy1 wpan1: encryption failed: -22
[  132.551824][ T6400] JBD2: journal reset failed
[  132.585512][ T6400] (syz.2.151,6400,1):ocfs2_journal_load:1162 ERROR: Failed to load journal!
[  132.632503][ T6400] (syz.2.151,6400,1):ocfs2_check_volume:2376 ERROR: ocfs2 journal load failed! -4
[  133.531402][ T6435] faux_driver vkms: [drm] Unknown color mode 11; guessing buffer size.
[  133.682096][ T6437] loop0: detected capacity change from 0 to 1024
[  134.070798][ T6443] comedi comedi3: dt2817: I/O base address or length out of range
[  135.379717][ T6458] netlink: 32 bytes leftover after parsing attributes in process `syz.0.170'.
[  135.680291][ T6438] loop1: detected capacity change from 0 to 262144
[  135.691222][ T6438] F2FS-fs (loop1): invalid crc value
[  135.806219][ T6438] F2FS-fs (loop1): f2fs_recover_fsync_data: recovery fsync data, check_only: 0
[  135.817803][ T6438] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e4
[  135.905992][   T30] audit: type=1800 audit(1777296278.618:8): pid=6438 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.1.157" name="file1" dev="loop1" ino=7 res=0 errno=0
[  136.144439][ T6448] loop5: detected capacity change from 0 to 40427
[  136.206338][ T6448] F2FS-fs (loop5): Invalid SB checksum offset: 0
[  136.256261][ T6448] F2FS-fs (loop5): Can't find valid F2FS filesystem in 2th superblock
[  136.310315][ T6448] F2FS-fs (loop5): invalid crc value
[  136.739079][ T6448] F2FS-fs (loop5): f2fs_recover_fsync_data: recovery fsync data, check_only: 0
[  136.827473][ T6448] F2FS-fs (loop5): Try to recover 2th superblock, ret: 0
[  136.871011][ T6482] loop2: detected capacity change from 0 to 512
[  136.891586][ T6482] EXT4-fs (loop2): encrypted files will use data=ordered instead of data journaling mode
[  136.900733][ T6448] F2FS-fs (loop5): Mounted with checkpoint version = 48b305e5
[  137.414622][ T6482] EXT4-fs (loop2): 1 truncate cleaned up
[  137.604758][ T6482] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  137.711347][ T6487] netlink: 'syz.2.177': attribute type 4 has an invalid length.
[  137.740049][ T6487] netlink: 'syz.2.177': attribute type 4 has an invalid length.
[  137.931799][ T6495] netlink: 36 bytes leftover after parsing attributes in process `syz.3.181'.
[  137.984967][ T5616] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  138.483278][ T6498] loop4: detected capacity change from 0 to 40427
[  138.494784][ T6498] F2FS-fs (loop4): invalid crc value
[  138.604410][ T6498] F2FS-fs (loop4): f2fs_recover_fsync_data: recovery fsync data, check_only: 0
[  138.623734][ T6498] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e5
[  138.716643][ T6498] F2FS-fs (loop4): Inconsistent segment (8) type [1, 0] in SSA and SIT
[  138.726577][ T6498] CPU: 0 UID: 0 PID: 6498 Comm: syz.4.182 Not tainted syzkaller #0 PREEMPT(full) 
[  138.726608][ T6498] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026
[  138.726623][ T6498] Call Trace:
[  138.726632][ T6498]  <TASK>
[  138.726642][ T6498]  dump_stack_lvl+0xe8/0x150
[  138.726683][ T6498]  f2fs_stop_checkpoint+0x3c7/0x590
[  138.726734][ T6498]  do_garbage_collect+0x15a2/0x6d90
[  138.726793][ T6498]  ? srso_alias_return_thunk+0x5/0xfbef5
[  138.726836][ T6498]  ? f2fs_get_victim+0x16e/0x6460
[  138.726887][ T6498]  ? stack_trace_save+0xa9/0x100
[  138.726939][ T6498]  ? __pfx_do_garbage_collect+0x10/0x10
[  138.726973][ T6498]  ? f2fs_get_victim+0x5c60/0x6460
[  138.727014][ T6498]  ? srso_alias_return_thunk+0x5/0xfbef5
[  138.727096][ T6498]  ? srso_alias_return_thunk+0x5/0xfbef5
[  138.727137][ T6498]  ? srso_alias_return_thunk+0x5/0xfbef5
[  138.727177][ T6498]  f2fs_gc+0xc8f/0x2480
[  138.727245][ T6498]  ? __pfx_f2fs_gc+0x10/0x10
[  138.727296][ T6498]  ? srso_alias_return_thunk+0x5/0xfbef5
[  138.727353][ T6498]  ? srso_alias_return_thunk+0x5/0xfbef5
[  138.727388][ T6498]  f2fs_expand_inode_data+0x64f/0xb20
[  138.727446][ T6498]  ? __pfx_f2fs_expand_inode_data+0x10/0x10
[  138.727491][ T6498]  ? __pfx_inode_dio_wait+0x10/0x10
[  138.727542][ T6498]  ? srso_alias_return_thunk+0x5/0xfbef5
[  138.727571][ T6498]  ? file_update_time_flags+0x3b3/0x4a0
[  138.727613][ T6498]  f2fs_fallocate+0x4e5/0x980
[  138.727660][ T6498]  vfs_fallocate+0x669/0x7e0
[  138.727709][ T6498]  ? __pfx_vfs_fallocate+0x10/0x10
[  138.727762][ T6498]  file_ioctl+0x5bf/0x860
[  138.727805][ T6498]  ? __pfx_file_ioctl+0x10/0x10
[  138.727862][ T6498]  ? kasan_quarantine_put+0xbb/0x1f0
[  138.727904][ T6498]  ? srso_alias_return_thunk+0x5/0xfbef5
[  138.727938][ T6498]  ? tomoyo_path_number_perm+0x219/0x630
[  138.727971][ T6498]  ? tomoyo_path_number_perm+0x219/0x630
[  138.728003][ T6498]  do_vfs_ioctl+0xc26/0x1530
[  138.728046][ T6498]  ? __pfx_do_vfs_ioctl+0x10/0x10
[  138.728100][ T6498]  ? srso_alias_return_thunk+0x5/0xfbef5
[  138.728129][ T6498]  ? do_futex+0x333/0x420
[  138.728158][ T6498]  ? srso_alias_return_thunk+0x5/0xfbef5
[  138.728211][ T6498]  ? __fget_files+0x2a/0x420
[  138.728246][ T6498]  ? __fget_files+0x2a/0x420
[  138.728276][ T6498]  ? __fget_files+0x3a0/0x420
[  138.728306][ T6498]  ? __fget_files+0x2a/0x420
[  138.728341][ T6498]  ? srso_alias_return_thunk+0x5/0xfbef5
[  138.728370][ T6498]  ? srso_alias_return_thunk+0x5/0xfbef5
[  138.728405][ T6498]  __se_sys_ioctl+0x82/0x170
[  138.728444][ T6498]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  138.728473][ T6498]  do_syscall_64+0x15f/0xf80
[  138.728502][ T6498]  ? trace_irq_disable+0x3b/0x140
[  138.728549][ T6498]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  138.728574][ T6498] RIP: 0033:0x7ff46139cdd9
[  138.728597][ T6498] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  138.728618][ T6498] RSP: 002b:00007ff46220b028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  138.728643][ T6498] RAX: ffffffffffffffda RBX: 00007ff461615fa0 RCX: 00007ff46139cdd9
[  138.728669][ T6498] RDX: 0000200000000040 RSI: 0000000040305828 RDI: 0000000000000005
[  138.728685][ T6498] RBP: 00007ff461432d69 R08: 0000000000000000 R09: 0000000000000000
[  138.728701][ T6498] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  138.728716][ T6498] R13: 00007ff461616038 R14: 00007ff461615fa0 R15: 00007fffc22630c8
[  138.728756][ T6498]  </TASK>
[  138.728766][ T6498] F2FS-fs (loop4): Stopped filesystem due to reason: 4
[  138.831971][ T6508] F2FS-fs (loop4): f2fs_get_node_info of read_node_folio+0x221/0x410: inconsistent nat entry, ino:6, nid:6, blkaddr:4609, ver:0, flag:0
[  139.135297][ T6510] netlink: 16 bytes leftover after parsing attributes in process `syz.2.185'.
[  139.721157][ T6520] binder: 6519:6520 ioctl c0306201 0 returned -14
[  140.393951][ T6537] loop2: detected capacity change from 0 to 256
[  140.415391][ T6534] loop3: detected capacity change from 0 to 2048
[  140.447204][ T6534] NILFS (loop3): broken superblock, retrying with spare superblock (blocksize = 1024)
[  140.488520][ T6534] NILFS (loop3): mounting unchecked fs
[  140.562269][ T5907] udevd[5907]: incorrect nilfs2 checksum on /dev/loop3
[  140.576315][ T6516] loop5: detected capacity change from 0 to 40427
[  140.587270][ T6534] NILFS (loop3): recovery complete
[  140.634824][ T6542] NILFS (loop3): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
[  140.652075][ T6516] F2FS-fs (loop5): invalid crc value
[  140.795533][ T6534] xt_CHECKSUM: CHECKSUM should be avoided.  If really needed, restrict with "-p udp" and only use in OUTPUT
[  141.010137][ T6516] F2FS-fs (loop5): f2fs_recover_fsync_data: recovery fsync data, check_only: 1
[  141.031869][ T6548] loop2: detected capacity change from 0 to 64
[  141.074236][ T6516] F2FS-fs (loop5): Start checkpoint disabled!
[  141.143017][ T6516] F2FS-fs (loop5): f2fs_disable_checkpoint() finish, err:0
[  141.177626][ T6516] F2FS-fs (loop5): Mounted with checkpoint version = 48b305e6
[  141.339272][ T6545] loop2: detected capacity change from 0 to 64
[  141.465720][ T6545] hfs: inconsistency in B*Tree (3,2,0,3,0)
[  141.489564][ T6545] hfs: get root inode failed
[  141.511933][ T6045] kworker/u8:11: attempt to access beyond end of device
[  141.511933][ T6045] loop5: rw=2049, sector=45096, nr_sectors = 8 limit=40427
[  141.539394][ T6545] IPv6: NLM_F_REPLACE set, but no existing node found!
[  141.574705][ T6045] CPU: 0 UID: 0 PID: 6045 Comm: kworker/u8:11 Not tainted syzkaller #0 PREEMPT(full) 
[  141.574739][ T6045] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026
[  141.574755][ T6045] Workqueue: writeback wb_workfn (flush-7:5)
[  141.574805][ T6045] Call Trace:
[  141.574815][ T6045]  <TASK>
[  141.574825][ T6045]  dump_stack_lvl+0xe8/0x150
[  141.574857][ T6045]  f2fs_stop_checkpoint+0x3c7/0x590
[  141.574914][ T6045]  f2fs_write_end_io+0x1274/0x1740
[  141.574978][ T6045]  __submit_merged_bio+0x256/0x6a0
[  141.575015][ T6045]  __submit_merged_write_cond+0x3c9/0x4e0
[  141.575072][ T6045]  ? __pfx___submit_merged_write_cond+0x10/0x10
[  141.575135][ T6045]  ? srso_alias_return_thunk+0x5/0xfbef5
[  141.575184][ T6045]  f2fs_write_data_pages+0x287e/0x34f0
[  141.575266][ T6045]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[  141.575398][ T6045]  ? srso_alias_return_thunk+0x5/0xfbef5
[  141.575429][ T6045]  ? __lock_acquire+0x6b5/0x2cf0
[  141.575491][ T6045]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[  141.575525][ T6045]  do_writepages+0x32e/0x550
[  141.575562][ T6045]  ? srso_alias_return_thunk+0x5/0xfbef5
[  141.575592][ T6045]  ? reacquire_held_locks+0x104/0x190
[  141.575625][ T6045]  ? writeback_sb_inodes+0x463/0x19d0
[  141.575665][ T6045]  __writeback_single_inode+0x133/0x10e0
[  141.575698][ T6045]  ? do_raw_spin_unlock+0xf5/0x210
[  141.575742][ T6045]  writeback_sb_inodes+0x979/0x19d0
[  141.575770][ T6045]  ? __lock_acquire+0x6b5/0x2cf0
[  141.575838][ T6045]  ? __pfx_writeback_sb_inodes+0x10/0x10
[  141.575865][ T6045]  ? do_raw_spin_lock+0x12b/0x2f0
[  141.575964][ T6045]  ? srso_alias_return_thunk+0x5/0xfbef5
[  141.575994][ T6045]  ? rcu_is_watching+0x15/0xb0
[  141.576026][ T6045]  ? srso_alias_return_thunk+0x5/0xfbef5
[  141.576068][ T6045]  wb_writeback+0x445/0xb00
[  141.576104][ T6045]  ? queue_io+0x201/0x470
[  141.576145][ T6045]  ? __pfx_wb_writeback+0x10/0x10
[  141.576171][ T6045]  ? do_raw_spin_lock+0x12b/0x2f0
[  141.576234][ T6045]  wb_workfn+0x3f8/0xf10
[  141.576270][ T6045]  ? srso_alias_return_thunk+0x5/0xfbef5
[  141.576300][ T6045]  ? look_up_lock_class+0x57/0x110
[  141.576357][ T6045]  ? __pfx_wb_workfn+0x10/0x10
[  141.576401][ T6045]  ? srso_alias_return_thunk+0x5/0xfbef5
[  141.576431][ T6045]  ? do_raw_spin_lock+0x12b/0x2f0
[  141.576467][ T6045]  ? lock_acquire+0x106/0x350
[  141.576498][ T6045]  ? __pfx_do_raw_spin_lock+0x10/0x10
[  141.576541][ T6045]  ? srso_alias_return_thunk+0x5/0xfbef5
[  141.576575][ T6045]  ? srso_alias_return_thunk+0x5/0xfbef5
[  141.576613][ T6045]  ? srso_alias_return_thunk+0x5/0xfbef5
[  141.576648][ T6045]  ? process_scheduled_works+0xa70/0x1860
[  141.576674][ T6045]  ? process_scheduled_works+0xa70/0x1860
[  141.576705][ T6045]  process_scheduled_works+0xb5d/0x1860
[  141.576733][ T6045]  ? srso_alias_return_thunk+0x5/0xfbef5
[  141.576808][ T6045]  ? __pfx_process_scheduled_works+0x10/0x10
[  141.576845][ T6045]  ? srso_alias_return_thunk+0x5/0xfbef5
[  141.576874][ T6045]  ? assign_work+0x3d5/0x5e0
[  141.576914][ T6045]  worker_thread+0xa53/0xfc0
[  141.576946][ T6045]  ? srso_alias_return_thunk+0x5/0xfbef5
[  141.576998][ T6045]  ? srso_alias_return_thunk+0x5/0xfbef5
[  141.577043][ T6045]  kthread+0x388/0x470
[  141.577080][ T6045]  ? __pfx_worker_thread+0x10/0x10
[  141.577106][ T6045]  ? __pfx_kthread+0x10/0x10
[  141.577144][ T6045]  ret_from_fork+0x514/0xb70
[  141.577177][ T6045]  ? __pfx_ret_from_fork+0x10/0x10
[  141.577205][ T6045]  ? srso_alias_return_thunk+0x5/0xfbef5
[  141.577235][ T6045]  ? __switch_to+0xc79/0x1410
[  141.577279][ T6045]  ? __pfx_kthread+0x10/0x10
[  141.577317][ T6045]  ret_from_fork_asm+0x1a/0x30
[  141.577375][ T6045]  </TASK>
[  141.937543][ T6045] F2FS-fs (loop5): Stopped filesystem due to reason: 3
[  142.054887][ T6559] syz.3.202 calls setitimer() with new_value NULL pointer. Misfeature support will be removed
[  142.892053][ T6556] xt_l2tp: v2 tid > 0xffff: 134217728
[  143.184906][ T6576] netlink: 36 bytes leftover after parsing attributes in process `syz.1.209'.
[  143.635509][  T802] hid-generic 0000:0000:0000.0005: unknown main item tag 0x0
[  143.645702][ T5768] usb 4-1: new high-speed USB device number 3 using dummy_hcd
[  143.737716][  T802] hid-generic 0000:0000:0000.0005: hidraw0: <UNKNOWN> HID v0.00 Device [syz1] on syz0
[  143.792876][ T6591] loop0: detected capacity change from 0 to 512
[  143.827016][ T6591] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode
[  143.838996][ T5768] usb 4-1: Using ep0 maxpacket: 16
[  143.863223][ T5768] usb 4-1: config 0 interface 0 altsetting 9 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  143.896567][ T5768] usb 4-1: config 0 interface 0 has no altsetting 0
[  143.918357][ T5768] usb 4-1: New USB device found, idVendor=1e71, idProduct=2009, bcdDevice= 0.00
[  143.931509][ T5768] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  143.944916][ T6591] EXT4-fs (loop0): 1 truncate cleaned up
[  143.964298][ T5768] usb 4-1: config 0 descriptor??
[  143.982226][ T6591] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  144.007382][ T6595] fido_id[6595]: Failed to open report descriptor at '/sys/devices/virtual/misc/uhid/report_descriptor': No such file or directory
[  144.044255][ T6598] loop1: detected capacity change from 0 to 64
[  144.423636][ T5768] nzxt-smart2 0003:1E71:2009.0006: hidraw0: USB HID v0.05 Device [HID 1e71:2009] on usb-dummy_hcd.3-1/input0
[  144.745285][ T5618] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  144.912936][ T5769] usb 4-1: USB disconnect, device number 3
[  147.004086][ T6631] netlink: 36 bytes leftover after parsing attributes in process `syz.0.225'.
[  148.457595][ T6640] loop1: detected capacity change from 0 to 131072
[  148.485705][ T6640] F2FS-fs (loop1): Test dummy encryption mode enabled
[  148.495542][ T6640] F2FS-fs (loop1): invalid crc value
[  148.556828][ T6640] F2FS-fs (loop1): f2fs_recover_fsync_data: recovery fsync data, check_only: 0
[  148.569424][ T6640] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e5
[  149.969971][ T6640] syz.1.226 (6640): drop_caches: 2
[  151.044582][ T6650] loop0: detected capacity change from 0 to 32768
[  151.051991][ T6650] btrfs: Deprecated parameter 'usebackuproot'
[  151.059728][ T6650] BTRFS warning: 'usebackuproot' is deprecated, use 'rescue=usebackuproot' instead
[  151.082015][ T6650] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop0 (7:0) scanned by syz.0.230 (6650)
[  151.114597][ T6650] BTRFS info (device loop0): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[  151.125047][ T6650] BTRFS info (device loop0): using crc32c checksum algorithm
[  151.249565][ T6659] netlink: 4 bytes leftover after parsing attributes in process `syz.4.233'.
[  151.252824][ T6220] BTRFS warning (device loop0): checksum verify failed on logical 5337088 mirror 1 wanted 0xe63dbdda found 0xc926492d level 0
[  152.061919][ T6650] BTRFS error (device loop0): failed to load root extent
[  152.069050][ T6650] BTRFS warning (device loop0): try to load backup roots slot 1
[  152.085212][  T164] BTRFS warning (device loop0): checksum verify failed on logical 5324800 mirror 1 wanted 0x9f73850b found 0x80379423 level 0
[  152.213480][ T6650] BTRFS warning (device loop0): couldn't read tree root
[  152.220540][ T6650] BTRFS warning (device loop0): try to load backup roots slot 2
[  152.229119][ T5810] BTRFS error (device loop0): level verify failed on logical 5255168 mirror 1 wanted 0 found 1
[  152.283037][ T6650] BTRFS warning (device loop0): couldn't read tree root
[  152.291225][ T6650] BTRFS warning (device loop0): try to load backup roots slot 3
[  152.302994][ T6673] loop5: detected capacity change from 0 to 1024
[  152.304542][   T10] usb 4-1: new high-speed USB device number 4 using dummy_hcd
[  152.344054][ T6650] BTRFS info (device loop0): rebuilding free space tree
[  152.364064][ T6650] BTRFS info (device loop0): checking UUID tree
[  152.371861][ T6650] BTRFS info (device loop0): enabling ssd optimizations
[  152.378844][ T6650] BTRFS info (device loop0): turning on async discard
[  152.385732][ T6650] BTRFS info (device loop0): enabling free space tree
[  152.394386][ T6650] BTRFS info (device loop0): force clearing of disk cache
[  152.401562][ T6650] BTRFS info (device loop0): enabling auto defrag
[  152.407985][ T6650] BTRFS info (device loop0): trying to use backup root at mount time
[  152.416186][ T6650] BTRFS info (device loop0): use zstd compression, level 3
[  152.458402][ T6673] comedi comedi3: dt2817: I/O base address or length out of range
[  152.480757][ T5769] usb 3-1: new high-speed USB device number 8 using dummy_hcd
[  152.523620][   T10] usb 4-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  152.564847][   T10] usb 4-1: config 1 has 1 interface, different from the descriptor's value: 3
[  152.580379][   T10] usb 4-1: New USB device found, idVendor=08b7, idProduct=0000, bcdDevice= 0.00
[  152.597480][   T10] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3
[  152.618754][   T10] usb 4-1: SerialNumber: syz
[  152.704918][ T5769] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  152.744781][ T5769] usb 3-1: New USB device found, idVendor=0471, idProduct=0304, bcdDevice=e4.df
[  152.769815][ T5769] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  152.787355][ T5769] usb 3-1: config 0 descriptor??
[  152.835853][ T5769] pwc: Askey VC010 type 2 USB webcam detected.
[  152.946692][   T10] usb 4-1: 0:2 : does not exist
[  152.991927][ T5618] BTRFS info (device loop0): last unmount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[  153.177238][   T10] usb 4-1: USB disconnect, device number 4
[  153.225831][ T5769] pwc: recv_control_msg error -32 req 02 val 2b00
[  153.286811][ T5769] pwc: recv_control_msg error -32 req 02 val 2700
[  153.308431][ T5769] pwc: recv_control_msg error -32 req 02 val 2c00
[  153.343618][ T5769] pwc: recv_control_msg error -32 req 04 val 1000
[  153.366665][ T5769] pwc: recv_control_msg error -32 req 04 val 1300
[  153.478917][ T5907] udevd[5907]: error opening ATTR{/sys/devices/platform/dummy_hcd.3/usb4/4-1/4-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  153.614363][ T5769] pwc: recv_control_msg error -32 req 02 val 2000
[  153.647754][ T5769] pwc: recv_control_msg error -32 req 02 val 2100
[  153.877940][ T5769] pwc: recv_control_msg error -71 req 02 val 2500
[  153.903781][ T5769] pwc: recv_control_msg error -71 req 02 val 2400
[  153.954373][ T5769] pwc: recv_control_msg error -71 req 02 val 2600
[  153.973366][ T5769] pwc: recv_control_msg error -71 req 02 val 2900
[  153.999526][ T5769] pwc: recv_control_msg error -71 req 02 val 2800
[  154.033117][ T5769] pwc: recv_control_msg error -71 req 04 val 1100
[  154.060032][ T5769] pwc: recv_control_msg error -71 req 04 val 1200
[  154.148427][ T5769] pwc: Registered as video103.
[  154.180198][ T6695] loop4: detected capacity change from 0 to 8192
[  154.211185][ T5769] input: PWC snapshot button as /devices/platform/dummy_hcd.2/usb3/3-1/input/input8
[  154.324410][ T5769] usb 3-1: USB disconnect, device number 8
[  154.751834][ T6707] loop4: detected capacity change from 0 to 512
[  154.775390][ T6706] Bluetooth: MGMT ver 1.23
[  154.835698][ T6706] Bluetooth: hci0: invalid length 0, exp 2 for type 9
[  154.842731][ T6707] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  154.933241][ T6707] ext4 filesystem being mounted at /46/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  156.059363][ T6727] loop1: detected capacity change from 0 to 1024
[  157.126353][ T6732] comedi comedi3: dt2817: I/O base address or length out of range
[  158.380959][ T5620] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  158.492685][ T6740] loop2: detected capacity change from 0 to 512
[  158.510121][ T6740] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled
[  158.532127][ T6740] EXT4-fs error (device loop2): ext4_orphan_get:1423: comm syz.2.253: bad orphan inode 11
[  158.565959][ T6740] loop2: lost filesystem error report for type 5 error -117
[  158.568386][ T6740] ext4_test_bit(bit=10, block=4) = 1
[  158.575959][    C0] EXT4-fs (loop2): error count since last fsck: 1
[  158.575984][    C0] EXT4-fs (loop2): initial error at time 1777296301: ext4_orphan_get:1423
[  158.576012][    C0] EXT4-fs (loop2): last error at time 1777296301: ext4_orphan_get:1423
[  158.604739][ T5769] usb 6-1: new full-speed USB device number 4 using dummy_hcd
[  158.616611][ T6740] is_bad_inode(inode)=0
[  158.621874][ T6740] NEXT_ORPHAN(inode)=2080374784
[  158.626866][ T6740] max_ino=32
[  158.630131][ T6740] i_nlink=0
[  158.634209][ T6740] EXT4-fs (loop2): 1 truncate cleaned up
[  158.644034][ T6740] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  158.863431][ T6740] netlink: 'syz.2.253': attribute type 1 has an invalid length.
[  158.932512][ T5769] usb 6-1: config 126 has an invalid descriptor of length 0, skipping remainder of the config
[  159.710789][ T5769] usb 6-1: config 126 has 0 interfaces, different from the descriptor's value: 1
[  159.747891][ T6740] 8021q: adding VLAN 0 to HW filter on device bond1
[  159.787857][ T5769] usb 6-1: New USB device found, idVendor=045e, idProduct=0283, bcdDevice=99.0b
[  159.827925][ T5769] usb 6-1: New USB device strings: Mfr=1, Product=228, SerialNumber=2
[  160.006684][ T5769] usb 6-1: Product: syz
[  160.011910][ T6749] vlan2: entered allmulticast mode
[  160.017264][ T6749] bond1: entered allmulticast mode
[  160.031111][ T5769] usb 6-1: Manufacturer: syz
[  160.062680][ T5769] usb 6-1: SerialNumber: syz
[  160.480685][ T5861] usb 1-1: new full-speed USB device number 3 using dummy_hcd
[  160.539917][ T6751] bond1: (slave geneve2): making interface the new active one
[  160.580570][ T6751] geneve2: entered allmulticast mode
[  160.625434][ T6751] bond1: (slave geneve2): Enslaving as an active interface with an up link
[  160.675835][ T5861] usb 1-1: config 0 has an invalid interface number: 41 but max is 0
[  160.721032][ T5861] usb 1-1: config 0 has no interface number 0
[  160.753028][ T5769] usb 6-1: USB disconnect, device number 4
[  160.761609][ T5861] usb 1-1: config 0 interface 41 has no altsetting 0
[  160.792238][ T5861] usb 1-1: New USB device found, idVendor=0fe6, idProduct=9800, bcdDevice=d1.9a
[  160.815500][ T5861] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  160.825164][ T5861] usb 1-1: Product: syz
[  160.835259][ T5861] usb 1-1: Manufacturer: syz
[  160.842300][ T5861] usb 1-1: SerialNumber: syz
[  160.852462][ T5616] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  160.890472][ T5861] usb 1-1: config 0 descriptor??
[  161.101452][ T6777] loop3: detected capacity change from 0 to 512
[  161.125239][ T6777] EXT4-fs (loop3): encrypted files will use data=ordered instead of data journaling mode
[  161.149715][ T6777] EXT4-fs (loop3): 1 truncate cleaned up
[  161.167754][ T6777] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  161.237372][ T6777] netlink: 'syz.3.261': attribute type 4 has an invalid length.
[  161.267512][ T6777] netlink: 'syz.3.261': attribute type 4 has an invalid length.
[  161.337476][ T6785] syzkaller0: entered promiscuous mode
[  161.360451][ T6785] syzkaller0: entered allmulticast mode
[  161.496531][ T5615] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  161.757999][ T5861] CoreChips 1-1:0.41 (unnamed net_device) (uninitialized): sr_get_phy_addr : Error reading PHYID register:ffffffe0
[  162.276930][ T6802] loop2: detected capacity change from 0 to 512
[  162.308154][ T6802] EXT4-fs (loop2): encrypted files will use data=ordered instead of data journaling mode
[  162.360510][ T6802] EXT4-fs (loop2): 1 truncate cleaned up
[  162.543831][ T6802] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  162.716421][ T6802] netlink: 'syz.2.269': attribute type 4 has an invalid length.
[  162.846061][ T6804] netlink: 'syz.2.269': attribute type 4 has an invalid length.
[  163.460164][ T5861] CoreChips 1-1:0.41 (unnamed net_device) (uninitialized): Error reading RX_CTL register:ffffffb9
[  163.775089][ T5861] CoreChips 1-1:0.41 (unnamed net_device) (uninitialized): Failed to write RX_CTL mode to 0x0000:ffffffb9
[  163.802762][ T5861] CoreChips 1-1:0.41: probe with driver CoreChips failed with error -71
[  163.877018][ T5861] usb 1-1: USB disconnect, device number 3
[  163.940322][ T6796] loop3: detected capacity change from 0 to 32768
[  163.953222][ T6796] btrfs: Deprecated parameter 'usebackuproot'
[  163.975811][ T6796] BTRFS warning: 'usebackuproot' is deprecated, use 'rescue=usebackuproot' instead
[  164.007667][ T6796] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop3 (7:3) scanned by syz.3.266 (6796)
[  164.273873][ T6818] loop1: detected capacity change from 0 to 40427
[  164.324911][ T6818] F2FS-fs (loop1): build fault injection rate: 174
[  164.331505][ T6818] F2FS-fs (loop1): build fault injection type: 0x3bfe8c
[  164.339604][ T6818] F2FS-fs (loop1): invalid crc value
[  164.416869][ T6818] F2FS-fs (loop1): f2fs_recover_fsync_data: recovery fsync data, check_only: 0
[  164.434974][ T6818] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e5
[  164.931683][ T6796] BTRFS info (device loop3): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[  164.959332][ T5616] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  165.045153][ T6796] BTRFS info (device loop3): using crc32c checksum algorithm
[  165.141724][ T6796] workqueue: Failed to create a rescuer kthread for wq "btrfs-flush_delalloc": -EINTR
[  165.142522][ T6796] workqueue: Failed to create a rescuer kthread for wq "btrfs-cache": -EINTR
[  165.162060][ T5617] syz-executor: attempt to access beyond end of device
[  165.162060][ T5617] loop1: rw=2049, sector=45096, nr_sectors = 16 limit=40427
[  165.191272][ T6796] workqueue: Failed to create a rescuer kthread for wq "btrfs-fixup": -EINTR
[  165.192581][ T6796] workqueue: Failed to create a rescuer kthread for wq "btrfs-endio": -EINTR
[  165.253722][ T6796] workqueue: Failed to create a rescuer kthread for wq "btrfs-endio-meta": -EINTR
[  165.282029][ T5617] CPU: 0 UID: 0 PID: 5617 Comm: syz-executor Not tainted syzkaller #0 PREEMPT(full) 
[  165.282063][ T5617] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026
[  165.282078][ T5617] Call Trace:
[  165.282088][ T5617]  <TASK>
[  165.282098][ T5617]  dump_stack_lvl+0xe8/0x150
[  165.282131][ T5617]  f2fs_stop_checkpoint+0x3c7/0x590
[  165.282182][ T5617]  f2fs_write_end_io+0x1274/0x1740
[  165.282238][ T5617]  __submit_merged_bio+0x256/0x6a0
[  165.282273][ T5617]  __submit_merged_write_cond+0x3c9/0x4e0
[  165.282326][ T5617]  ? __pfx___submit_merged_write_cond+0x10/0x10
[  165.282384][ T5617]  ? srso_alias_return_thunk+0x5/0xfbef5
[  165.282425][ T5617]  f2fs_write_data_pages+0x287e/0x34f0
[  165.282458][ T5617]  ? srso_alias_return_thunk+0x5/0xfbef5
[  165.282520][ T5617]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[  165.282545][ T5617]  ? is_bpf_text_address+0x26/0x2b0
[  165.282602][ T5617]  ? arch_stack_walk+0xfb/0x150
[  165.282659][ T5617]  ? srso_alias_return_thunk+0x5/0xfbef5
[  165.282686][ T5617]  ? add_lock_to_list+0xc7/0x100
[  165.282718][ T5617]  ? srso_alias_return_thunk+0x5/0xfbef5
[  165.282744][ T5617]  ? __lock_acquire+0x146e/0x2cf0
[  165.282795][ T5617]  ? srso_alias_return_thunk+0x5/0xfbef5
[  165.282821][ T5617]  ? do_raw_spin_lock+0x12b/0x2f0
[  165.282863][ T5617]  ? srso_alias_return_thunk+0x5/0xfbef5
[  165.282893][ T5617]  ? srso_alias_return_thunk+0x5/0xfbef5
[  165.282919][ T5617]  ? do_raw_spin_unlock+0xf5/0x210
[  165.282953][ T5617]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[  165.282982][ T5617]  do_writepages+0x32e/0x550
[  165.283008][ T5617]  ? srso_alias_return_thunk+0x5/0xfbef5
[  165.283036][ T5617]  ? srso_alias_return_thunk+0x5/0xfbef5
[  165.283067][ T5617]  ? srso_alias_return_thunk+0x5/0xfbef5
[  165.283092][ T5617]  ? do_raw_spin_unlock+0xf5/0x210
[  165.283130][ T5617]  filemap_fdatawrite+0x1e9/0x2f0
[  165.283159][ T5617]  ? __pfx_filemap_fdatawrite+0x10/0x10
[  165.283224][ T5617]  ? srso_alias_return_thunk+0x5/0xfbef5
[  165.283252][ T5617]  ? srso_alias_return_thunk+0x5/0xfbef5
[  165.283283][ T5617]  ? do_raw_spin_unlock+0xf5/0x210
[  165.283321][ T5617]  f2fs_sync_dirty_inodes+0x30e/0x830
[  165.283365][ T5617]  f2fs_write_checkpoint+0x9df/0x26a0
[  165.283393][ T5617]  ? __lock_acquire+0x6b5/0x2cf0
[  165.283449][ T5617]  ? __pfx_f2fs_write_checkpoint+0x10/0x10
[  165.283476][ T5617]  ? srso_alias_return_thunk+0x5/0xfbef5
[  165.283557][ T5617]  kill_f2fs_super+0x314/0x730
[  165.283591][ T5617]  ? __pfx_kill_f2fs_super+0x10/0x10
[  165.283631][ T5617]  ? srso_alias_return_thunk+0x5/0xfbef5
[  165.283657][ T5617]  ? lockdep_hardirqs_on+0x7a/0x110
[  165.283682][ T5617]  ? srso_alias_return_thunk+0x5/0xfbef5
[  165.283722][ T5617]  deactivate_locked_super+0xbc/0x130
[  165.283755][ T5617]  cleanup_mnt+0x437/0x4d0
[  165.283787][ T5617]  ? _raw_spin_unlock_irq+0x23/0x50
[  165.283814][ T5617]  task_work_run+0x1d9/0x270
[  165.283855][ T5617]  ? __pfx_task_work_run+0x10/0x10
[  165.283895][ T5617]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  165.283920][ T5617]  exit_to_user_mode_loop+0xed/0x480
[  165.283942][ T5617]  ? rcu_is_watching+0x15/0xb0
[  165.283972][ T5617]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  165.283996][ T5617]  do_syscall_64+0x33e/0xf80
[  165.284021][ T5617]  ? trace_irq_disable+0x3b/0x140
[  165.284061][ T5617]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  165.284083][ T5617] RIP: 0033:0x7f8773b9e017
[  165.284104][ T5617] Code: a2 c7 05 dc 06 25 00 00 00 00 00 eb 96 e8 e1 12 00 00 90 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 e8 ff ff ff f7 d8 64 89 02 b8
[  165.284121][ T5617] RSP: 002b:00007fff0b2b66a8 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6
[  165.284144][ T5617] RAX: 0000000000000000 RBX: 00007f8773c32120 RCX: 00007f8773b9e017
[  165.284159][ T5617] RDX: 0000000000000000 RSI: 0000000000000009 RDI: 00007fff0b2b6760
[  165.284172][ T5617] RBP: 00007fff0b2b6760 R08: 00007fff0b2b7760 R09: 00000000ffffffff
[  165.284187][ T5617] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fff0b2b77f0
[  165.284201][ T5617] R13: 00007f8773c32120 R14: 0000000000028466 R15: 00007fff0b2b7830
[  165.284235][ T5617]  </TASK>
[  165.285035][ T5617] F2FS-fs (loop1): Stopped filesystem due to reason: 3
[  165.346784][ T6796] workqueue: Failed to create a rescuer kthread for wq "btrfs-rmw": -EINTR
[  165.892241][ T5617] CPU: 1 UID: 0 PID: 5617 Comm: syz-executor Not tainted syzkaller #0 PREEMPT(full) 
[  165.892282][ T5617] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026
[  165.892298][ T5617] Call Trace:
[  165.892307][ T5617]  <TASK>
[  165.892318][ T5617]  dump_stack_lvl+0xe8/0x150
[  165.892351][ T5617]  f2fs_stop_checkpoint+0x3c7/0x590
[  165.892403][ T5617]  f2fs_write_end_io+0x1274/0x1740
[  165.892461][ T5617]  __submit_merged_bio+0x256/0x6a0
[  165.892496][ T5617]  __submit_merged_write_cond+0x3c9/0x4e0
[  165.892550][ T5617]  ? __pfx___submit_merged_write_cond+0x10/0x10
[  165.892610][ T5617]  ? srso_alias_return_thunk+0x5/0xfbef5
[  165.892652][ T5617]  f2fs_write_data_pages+0x287e/0x34f0
[  165.892683][ T5617]  ? srso_alias_return_thunk+0x5/0xfbef5
[  165.892756][ T5617]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[  165.892785][ T5617]  ? is_bpf_text_address+0x26/0x2b0
[  165.892827][ T5617]  ? arch_stack_walk+0xfb/0x150
[  165.892894][ T5617]  ? srso_alias_return_thunk+0x5/0xfbef5
[  165.892924][ T5617]  ? add_lock_to_list+0xc7/0x100
[  165.892970][ T5617]  ? srso_alias_return_thunk+0x5/0xfbef5
[  165.892999][ T5617]  ? __lock_acquire+0x146e/0x2cf0
[  165.893060][ T5617]  ? srso_alias_return_thunk+0x5/0xfbef5
[  165.893091][ T5617]  ? do_raw_spin_lock+0x12b/0x2f0
[  165.893135][ T5617]  ? srso_alias_return_thunk+0x5/0xfbef5
[  165.893170][ T5617]  ? srso_alias_return_thunk+0x5/0xfbef5
[  165.893200][ T5617]  ? do_raw_spin_unlock+0xf5/0x210
[  165.893239][ T5617]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[  165.893272][ T5617]  do_writepages+0x32e/0x550
[  165.893302][ T5617]  ? srso_alias_return_thunk+0x5/0xfbef5
[  165.893334][ T5617]  ? srso_alias_return_thunk+0x5/0xfbef5
[  165.893369][ T5617]  ? srso_alias_return_thunk+0x5/0xfbef5
[  165.893399][ T5617]  ? do_raw_spin_unlock+0xf5/0x210
[  165.893444][ T5617]  filemap_fdatawrite+0x1e9/0x2f0
[  165.893477][ T5617]  ? __pfx_filemap_fdatawrite+0x10/0x10
[  165.893550][ T5617]  ? srso_alias_return_thunk+0x5/0xfbef5
[  165.893583][ T5617]  ? srso_alias_return_thunk+0x5/0xfbef5
[  165.893619][ T5617]  ? do_raw_spin_unlock+0xf5/0x210
[  165.893663][ T5617]  f2fs_sync_dirty_inodes+0x30e/0x830
[  165.893715][ T5617]  f2fs_write_checkpoint+0x9df/0x26a0
[  165.893747][ T5617]  ? __lock_acquire+0x6b5/0x2cf0
[  165.893813][ T5617]  ? __pfx_f2fs_write_checkpoint+0x10/0x10
[  165.893844][ T5617]  ? srso_alias_return_thunk+0x5/0xfbef5
[  165.893945][ T5617]  kill_f2fs_super+0x314/0x730
[  165.893986][ T5617]  ? __pfx_kill_f2fs_super+0x10/0x10
[  165.894032][ T5617]  ? srso_alias_return_thunk+0x5/0xfbef5
[  165.894062][ T5617]  ? lockdep_hardirqs_on+0x7a/0x110
[  165.894091][ T5617]  ? srso_alias_return_thunk+0x5/0xfbef5
[  165.894138][ T5617]  deactivate_locked_super+0xbc/0x130
[  165.894176][ T5617]  cleanup_mnt+0x437/0x4d0
[  165.894213][ T5617]  ? _raw_spin_unlock_irq+0x23/0x50
[  165.894243][ T5617]  task_work_run+0x1d9/0x270
[  165.894285][ T5617]  ? __pfx_task_work_run+0x10/0x10
[  165.894332][ T5617]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  165.894360][ T5617]  exit_to_user_mode_loop+0xed/0x480
[  165.894386][ T5617]  ? rcu_is_watching+0x15/0xb0
[  165.894419][ T5617]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  165.894448][ T5617]  do_syscall_64+0x33e/0xf80
[  165.894476][ T5617]  ? trace_irq_disable+0x3b/0x140
[  165.894523][ T5617]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  165.894549][ T5617] RIP: 0033:0x7f8773b9e017
[  165.894572][ T5617] Code: a2 c7 05 dc 06 25 00 00 00 00 00 eb 96 e8 e1 12 00 00 90 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 e8 ff ff ff f7 d8 64 89 02 b8
[  165.894592][ T5617] RSP: 002b:00007fff0b2b66a8 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6
[  165.894617][ T5617] RAX: 0000000000000000 RBX: 00007f8773c32120 RCX: 00007f8773b9e017
[  165.894635][ T5617] RDX: 0000000000000000 RSI: 0000000000000009 RDI: 00007fff0b2b6760
[  165.894651][ T5617] RBP: 00007fff0b2b6760 R08: 00007fff0b2b7760 R09: 00000000ffffffff
[  165.894668][ T5617] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fff0b2b77f0
[  165.894684][ T5617] R13: 00007f8773c32120 R14: 0000000000028466 R15: 00007fff0b2b7830
[  165.894724][ T5617]  </TASK>
[  166.299846][ T6796] workqueue: Failed to create a rescuer kthread for wq "btrfs-endio-write": -EINTR
[  166.300267][ T6796] workqueue: Failed to create a rescuer kthread for wq "btrfs-freespace-write": -EINTR
[  166.319580][ T5617] F2FS-fs (loop1): Stopped filesystem due to reason: 3
[  166.459640][ T6796] workqueue: Failed to create a rescuer kthread for wq "btrfs-delayed-meta": -EINTR
[  166.459935][ T6796] workqueue: Failed to create a rescuer kthread for wq "btrfs-qgroup-rescan": -EINTR
[  166.473492][ T6837] loop0: detected capacity change from 0 to 128
[  166.503028][ T6796] BTRFS error (device loop3): open_ctree failed: -12
[  166.511228][ T6837] UDF-fs: error (device loop0): udf_read_tagged: read failed, block=256, location=256
[  166.545497][ T6849] netlink: 12 bytes leftover after parsing attributes in process `syz.4.279'.
[  167.185924][ T6837] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000)
[  167.300280][ T6855] loop5: detected capacity change from 0 to 512
[  167.379589][ T6855] EXT4-fs (loop5): encrypted files will use data=ordered instead of data journaling mode
[  167.481984][ T6855] EXT4-fs (loop5): 1 truncate cleaned up
[  167.504811][ T6853] bond1: entered promiscuous mode
[  167.511357][ T6855] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  167.566016][ T6853] bond1: entered allmulticast mode
[  167.589607][ T6855] netlink: 'syz.5.278': attribute type 4 has an invalid length.
[  167.623431][ T6855] netlink: 'syz.5.278': attribute type 4 has an invalid length.
[  167.830722][ T5768] usb 1-1: new high-speed USB device number 4 using dummy_hcd
[  167.876119][ T5619] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  168.000703][ T5768] usb 1-1: Using ep0 maxpacket: 16
[  168.032586][ T5768] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x84 has invalid wMaxPacketSize 0
[  168.090543][ T5768] usb 1-1: New USB device found, idVendor=2040, idProduct=0264, bcdDevice=4e.d1
[  168.128862][ T5768] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  168.171880][ T5768] usb 1-1: Product: syz
[  168.186091][ T5768] usb 1-1: Manufacturer: syz
[  168.199983][ T5768] usb 1-1: SerialNumber: syz
[  168.234463][ T5768] usb 1-1: config 0 descriptor??
[  168.271573][ T5768] em28xx 1-1:0.0: New device syz syz @ 480 Mbps (2040:0264, interface 0, class 0)
[  168.304082][ T5768] em28xx 1-1:0.0: DVB interface 0 found: bulk
[  168.328900][ T6878] netlink: 8 bytes leftover after parsing attributes in process `syz.3.287'.
[  168.707800][ T6880] netlink: 8 bytes leftover after parsing attributes in process `syz.3.287'.
[  168.814621][ T6882] netlink: 'syz.3.287': attribute type 10 has an invalid length.
[  168.880370][ T6880] netlink: 4 bytes leftover after parsing attributes in process `syz.3.287'.
[  169.351148][ T6878] 8021q: adding VLAN 0 to HW filter on device bond1
[  169.400935][ T5768] em28xx 1-1:0.0: unknown em28xx chip ID (0)
[  169.789948][ T6882] bridge0: port 2(bridge_slave_1) entered disabled state
[  169.797665][ T6882] bridge0: port 1(bridge_slave_0) entered disabled state
[  169.848260][ T6895] loop2: detected capacity change from 0 to 4096
[  169.886233][ T6882] bridge0: port 2(bridge_slave_1) entered blocking state
[  169.893440][ T6882] bridge0: port 2(bridge_slave_1) entered forwarding state
[  169.901009][ T6882] bridge0: port 1(bridge_slave_0) entered blocking state
[  169.908113][ T6882] bridge0: port 1(bridge_slave_0) entered forwarding state
[  170.440774][ T6882] bond0: (slave bridge0): Enslaving as an active interface with an up link
[  170.626366][ T5768] em28xx 1-1:0.0: reading from i2c device at 0xa0 failed (error=-5)
[  170.661577][ T5768] em28xx 1-1:0.0: board has no eeprom
[  170.802338][ T6901] netlink: 'syz.3.291': attribute type 1 has an invalid length.
[  171.198042][ T6907] loop5: detected capacity change from 0 to 32768
[  171.241567][ T6907] BTRFS: device fsid ed167579-eb65-4e76-9a50-61ac97e9b59d devid 1 transid 8 /dev/loop5 (7:5) scanned by syz.5.294 (6907)
[  171.591304][ T6907] BTRFS info (device loop5): first mount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d
[  171.601528][ T6907] BTRFS info (device loop5): using sha256 checksum algorithm
[  171.748625][ T6907] BTRFS info (device loop5): rebuilding free space tree
[  171.783471][ T5768] em28xx 1-1:0.0: Identified as PCTV tripleStick (292e) (card=94)
[  171.785601][ T6907] BTRFS info (device loop5): disabling free space tree
[  171.792025][ T5768] em28xx 1-1:0.0: dvb set to bulk mode.
[  171.798359][ T6907] BTRFS info (device loop5): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1)
[  171.806320][  T802] em28xx 1-1:0.0: Binding DVB extension
[  171.813750][ T6907] BTRFS info (device loop5): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2)
[  171.850558][ T6907] BTRFS info (device loop5): setting nodatasum
[  171.856945][ T6907] BTRFS info (device loop5): setting nodatacow
[  171.863228][ T6907] BTRFS info (device loop5): turning off barriers
[  171.869704][ T6907] BTRFS info (device loop5): turning on sync discard
[  171.876478][ T6907] BTRFS info (device loop5): force clearing of disk cache
[  171.901772][ T6908] bond2: (slave bridge1): making interface the new active one
[  171.912476][ T6908] bond2: (slave bridge1): Enslaving as an active interface with an up link
[  171.942350][ T6915] bond2: (slave gretap1): Enslaving as an active interface with an up link
[  172.081765][ T6932] netlink: 'syz.2.295': attribute type 1 has an invalid length.
[  172.861111][ T6864] em28xx 1-1:0.0: reading from i2c device at 0xe failed (error=-5)
[  173.170951][ T5768] usb 1-1: USB disconnect, device number 4
[  173.298111][ T6941] BTRFS info (device loop5): setting incompat feature flag for COMPRESS_ZSTD (0x10)
[  173.769967][  T802] em28xx 1-1:0.0: Registering input extension
[  173.787190][ T5768] em28xx 1-1:0.0: Disconnecting em28xx
[  173.832140][ T5768] em28xx 1-1:0.0: Closing input extension
[  173.904527][ T6938] loop3: detected capacity change from 0 to 512
[  174.016585][ T6938] EXT4-fs (loop3): encrypted files will use data=ordered instead of data journaling mode
[  174.255392][ T6938] EXT4-fs (loop3): 1 truncate cleaned up
[  174.718154][ T6938] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  174.793051][ T6938] netlink: 'syz.3.297': attribute type 4 has an invalid length.
[  174.845732][ T6942] netlink: 'syz.3.297': attribute type 4 has an invalid length.
[  174.855250][ T5619] BTRFS info (device loop5): last unmount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d
[  175.177177][ T5615] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  175.188851][ T6960] netlink: 8 bytes leftover after parsing attributes in process `syz.2.303'.
[  175.235721][ T5768] em28xx 1-1:0.0: Freeing device
[  175.239454][ T6958] loop4: detected capacity change from 0 to 2048
[  175.287077][ T6958] EXT4-fs (loop4): stripe (5) is not aligned with cluster size (16), stripe is disabled
[  175.305774][ T6962] netlink: 8 bytes leftover after parsing attributes in process `syz.2.303'.
[  175.371909][ T6962] netlink: 4 bytes leftover after parsing attributes in process `syz.2.303'.
[  175.396636][ T6964] netlink: 'syz.2.303': attribute type 10 has an invalid length.
[  175.478261][ T6958] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  175.568940][ T6970] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  175.577740][   T30] audit: type=1800 audit(1777296318.278:9): pid=6958 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.4.302" name="file1" dev="loop4" ino=15 res=0 errno=0
[  176.500101][ T6960] 8021q: adding VLAN 0 to HW filter on device bond2
[  176.574396][ T6977] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  176.983939][ T6964] bridge0: port 2(bridge_slave_1) entered disabled state
[  176.991425][ T6964] bridge0: port 1(bridge_slave_0) entered disabled state
[  177.021906][ T6976] netlink: 4 bytes leftover after parsing attributes in process `syz.1.306'.
[  177.064575][ T5620] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  177.097370][ T6976] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  177.148077][ T6976] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  177.186022][ T6976] bond0 (unregistering): Released all slaves
[  178.306983][ T6992] loop1: detected capacity change from 0 to 32768
[  178.333973][ T6992] XFS (loop1): Mounting V5 Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb
[  178.398205][ T6992] XFS (loop1): Torn write (CRC failure) detected at log block 0x30. Truncating head block from 0x51.
[  178.421212][ T6992] XFS (loop1): Starting recovery (logdev: internal)
[  178.447041][ T6992] XFS (loop1): Ending recovery (logdev: internal)
[  178.578690][ T7001] XFS (loop1): User initiated shutdown received.
[  178.585732][ T7001] XFS (loop1): Log I/O Error (0x6) detected at xfs_fs_goingdown+0x71/0x150 (fs/xfs/xfs_fsops.c:466).  Shutting down filesystem.
[  178.599326][ T7001] XFS (loop1): Please unmount the filesystem and rectify the problem(s)
[  179.323996][ T1216] usb 6-1: new high-speed USB device number 5 using dummy_hcd
[  179.665309][ T7011] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  180.204992][ T7014] syz.3.313 (7014): drop_caches: 2
[  180.766299][ T1216] usb 6-1: unable to get BOS descriptor or descriptor too short
[  180.775094][ T1216] usb 6-1: no configurations
[  180.785221][ T1216] usb 6-1: can't read configurations, error -22
[  180.810170][ T5617] XFS (loop1): Unmounting Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb
[  181.066678][ T5768] IPVS: starting estimator thread 0...
[  181.088066][ T7026] netlink: 'syz.3.316': attribute type 4 has an invalid length.
[  181.165458][ T7026] netlink: 'syz.3.316': attribute type 4 has an invalid length.
[  181.215149][ T7027] IPVS: using max 26 ests per chain, 62400 per kthread
[  183.088522][ T5768] IPVS: starting estimator thread 0...
[  183.260726][ T7041] IPVS: using max 24 ests per chain, 57600 per kthread
[  183.639192][ T7034] loop4: detected capacity change from 0 to 32768
[  183.670510][ T7034] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop4 (7:4) scanned by syz.4.320 (7034)
[  183.688839][ T7034] BTRFS info (device loop4): first mount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d
[  183.699219][ T7034] BTRFS info (device loop4): using sha256 checksum algorithm
[  183.982007][ T7034] BTRFS info (device loop4): rebuilding free space tree
[  184.693247][   T30] audit: type=1800 audit(1777296326.858:10): pid=7060 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.2.324" name="file0" dev="overlay" ino=405 res=0 errno=0
[  184.741387][ T7034] BTRFS info (device loop4): enabling ssd optimizations
[  184.749845][ T7034] BTRFS info (device loop4): using spread ssd allocation scheme
[  184.757557][ T7034] BTRFS info (device loop4): enabling free space tree
[  184.764436][ T7034] BTRFS info (device loop4): force clearing of disk cache
[  184.771838][ T7034] BTRFS info (device loop4): enabling auto defrag
[  184.778341][ T7034] BTRFS info (device loop4): max_inline set to 0
[  184.891569][ T7061] netlink: 8 bytes leftover after parsing attributes in process `syz.5.322'.
[  184.922527][ T7061] bond0: option min_links: invalid value (18446744073568892239)
[  185.193231][ T7061] bond0: option min_links: allowed values 0 - 2147483647
[  186.587575][ T6045] BTRFS info (device loop4): qgroup scan completed (inconsistency flag cleared)
[  187.034600][ T7088] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off.
[  187.319206][ T7090] evm: overlay not supported
[  187.760864][ T5620] BTRFS info (device loop4): last unmount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d
[  187.912584][ T7092] syzkaller0: entered promiscuous mode
[  187.969439][ T7092] syzkaller0: entered allmulticast mode
[  191.214420][ T7121] netlink: 'syz.2.337': attribute type 4 has an invalid length.
[  192.240771][ T7125] netlink: 'syz.2.337': attribute type 4 has an invalid length.
[  192.561048][ T7135] loop1: detected capacity change from 0 to 4096
[  192.656502][ T7135] EXT4-fs (loop1): Test dummy encryption mode enabled
[  192.704661][ T7135] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  193.633096][ T1308] ieee802154 phy0 wpan0: encryption failed: -22
[  193.646730][ T1308] ieee802154 phy1 wpan1: encryption failed: -22
[  195.483691][ T7161] loop5: detected capacity change from 0 to 2048
[  195.513546][ T5617] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  195.530094][ T7161] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  197.454666][ T7142] EXT4-fs error (device loop5): ext4_mb_generate_buddy:1317: group 0, block bitmap and bg descriptor inconsistent: 0 vs 150994969 free clusters
[  197.650850][    T0] NOHZ tick-stop error: local softirq work is pending, handler #182!!!
[  199.206905][ T5619] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  199.462273][ T5861] usb 5-1: new high-speed USB device number 4 using dummy_hcd
[  199.597380][ T7192] tipc: Started in network mode
[  199.618917][ T7192] tipc: Node identity fef776b36bc, cluster identity 4711
[  199.626243][ T5861] usb 5-1: Using ep0 maxpacket: 8
[  199.657667][ T5861] usb 5-1: config 0 has 0 interfaces, different from the descriptor's value: 1
[  199.694672][ T7192] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  199.725436][ T5861] usb 5-1: New USB device found, idVendor=2770, idProduct=930c, bcdDevice=8d.6a
[  199.734167][ T7198] netlink: 'syz.5.354': attribute type 4 has an invalid length.
[  199.756757][ T5861] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  199.786740][ T5861] usb 5-1: Product: syz
[  199.798131][ T5861] usb 5-1: Manufacturer: syz
[  199.798540][ T7201] netlink: 'syz.5.354': attribute type 4 has an invalid length.
[  199.807614][ T5861] usb 5-1: SerialNumber: syz
[  199.833029][ T7192] syzkaller0: entered promiscuous mode
[  199.844405][ T5861] usb 5-1: config 0 descriptor??
[  199.853656][ T7192] syzkaller0: entered allmulticast mode
[  199.883055][ T7192] tipc: Resetting bearer <eth:syzkaller0>
[  200.074248][ T7191] tipc: Resetting bearer <eth:syzkaller0>
[  201.087778][ T5629] Bluetooth: hci2: command 0x0406 tx timeout
[  202.128360][ T5761] usb 5-1: USB disconnect, device number 4
[  202.342437][ T7191] tipc: Disabling bearer <eth:syzkaller0>
[  202.471117][ T5861] tipc: Node number set to 2503440051
[  202.771030][    T0] NOHZ tick-stop error: local softirq work is pending, handler #42!!!
[  203.859347][ T7217] loop4: detected capacity change from 0 to 4096
[  203.909555][ T7217] EXT4-fs (loop4): Test dummy encryption mode enabled
[  204.017787][ T7217] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  204.461709][ T7237] vimc link validate: Scaler:src:640x480 (0x33424752, 8, 0, 0, 0) RGB/YUV Capture:snk:640x480 (0x33424752, 8, 0, 0, 0)
[  205.982499][ T5621] Bluetooth: hci0: command 0x0406 tx timeout
[  205.994699][ T5630] Bluetooth: hci3: command 0x0406 tx timeout
[  205.996054][ T4936] Bluetooth: hci1: command 0x0406 tx timeout
[  206.000881][ T5621] Bluetooth: hci5: command 0x0406 tx timeout
[  206.006813][ T5631] Bluetooth: hci4: command 0x0406 tx timeout
[  206.323806][ T5620] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  208.985890][ T7265] loop5: detected capacity change from 0 to 4096
[  209.110113][ T7273] fuse: fd is not a fuse device
[  209.247477][ T7276] netlink: 'syz.0.374': attribute type 4 has an invalid length.
[  209.298630][ T7278] netlink: 'syz.0.374': attribute type 4 has an invalid length.
[  209.450802][   T50] Bluetooth: hci5: command 0x0406 tx timeout
[  210.519608][ T7260] Bluetooth: hci2: Opcode 0x0c1a failed: -4
[  210.536027][ T7260] Bluetooth: hci2: Error when powering off device on rfkill (-4)
[  210.750922][ T7260] Bluetooth: hci1: Opcode 0x0c1a failed: -4
[  210.788079][ T7260] Bluetooth: hci1: Error when powering off device on rfkill (-4)
[  210.911480][ T7260] Bluetooth: hci4: Opcode 0x0c1a failed: -4
[  210.939025][ T7260] Bluetooth: hci4: Error when powering off device on rfkill (-4)
[  211.036276][ T7260] Bluetooth: hci0: Opcode 0x0c1a failed: -4
[  211.068329][ T7260] Bluetooth: hci0: Error when powering off device on rfkill (-4)
[  211.098866][ T7296] loop3: detected capacity change from 0 to 2048
[  211.123051][ T7293] loop2: detected capacity change from 0 to 512
[  211.143758][ T7293] EXT4-fs (loop2): encrypted files will use data=ordered instead of data journaling mode
[  211.149488][ T7260] Bluetooth: hci5: Opcode 0x0c1a failed: -4
[  211.193097][ T7293] EXT4-fs (loop2): 1 truncate cleaned up
[  211.202854][ T7296] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000)
[  211.216113][ T7260] Bluetooth: hci5: Error when powering off device on rfkill (-4)
[  211.245124][ T7293] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  211.377048][ T7293] netlink: 'syz.2.378': attribute type 4 has an invalid length.
[  211.423593][ T7260] Bluetooth: hci3: Opcode 0x0c1a failed: -4
[  211.551456][ T7260] Bluetooth: hci3: Error when powering off device on rfkill (-4)
[  211.596587][ T7299] netlink: 'syz.2.378': attribute type 4 has an invalid length.
[  212.187775][   T30] audit: type=1800 audit(1777296354.898:11): pid=7308 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.3.379" name="file1" dev="loop3" ino=1368 res=0 errno=0
[  212.361894][ T5616] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  212.543862][ T7321] ubi16: attaching mtd0
[  212.827278][ T7321] ubi16: scanning is finished
[  212.832208][ T7321] ubi16: empty MTD device detected
[  215.372889][ T7321] ubi16: attached mtd0 (name "mtdram test device", size 0 MiB)
[  215.399818][ T7321] ubi16: PEB size: 4096 bytes (4 KiB), LEB size: 3968 bytes
[  215.428290][ T7321] ubi16: min./max. I/O unit sizes: 1/64, sub-page size 1
[  215.441354][ T7321] ubi16: VID header offset: 64 (aligned 64), data offset: 128
[  215.458370][ T7321] ubi16: good PEBs: 32, bad PEBs: 0, corrupted PEBs: 0
[  215.549544][ T7321] ubi16: user volume: 0, internal volumes: 1, max. volumes count: 23
[  215.663404][ T7321] ubi16: max/mean erase counter: 0/0, WL threshold: 4096, image sequence number: 520445796
[  215.734788][ T7344] loop1: detected capacity change from 0 to 1024
[  215.735603][ T7321] ubi16: available PEBs: 28, total reserved PEBs: 4, PEBs reserved for bad PEB handling: 0
[  215.818048][ T7340] ubi16: background thread "ubi_bgt16d" started, PID 7340
[  216.146721][ T7349] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  216.189709][ T7349] iommufd_mock iommufd_mock1: Adding to iommu group 1
[  216.648483][ T7358] securityfs: Unknown parameter ''
[  217.061685][ T7353] netlink: 'syz.2.389': attribute type 4 has an invalid length.
[  220.203477][ T7375] loop4: detected capacity change from 0 to 1024
[  224.372455][ T7385] PKCS7: Unknown OID: [4] (bad)
[  224.379460][ T7385] PKCS7: Only support pkcs7_signedData type
[  225.400067][ T7391] loop3: detected capacity change from 0 to 512
[  225.414638][ T7391] EXT4-fs (loop3): mounting ext2 file system using the ext4 subsystem
[  225.890472][ T7399] loop4: detected capacity change from 0 to 32768
[  225.933339][ T7400] trusted_key: encrypted_key: insufficient parameters specified
[  226.672923][ T7391] EXT4-fs error (device loop3): ext4_get_branch:178: inode #13: block 1024: comm syz.3.398: invalid block
[  226.701371][ T7391] loop3: lost file I/O error report for ino 13 type 5 pos 0x0 len 0x0 error -117
[  226.710601][    C1] EXT4-fs (loop3): error count since last fsck: 1
[  226.727647][    C1] EXT4-fs (loop3): initial error at time 1777296369: ext4_get_branch:178: inode 13: block 1024
[  226.738037][    C1] EXT4-fs (loop3): last error at time 1777296369: ext4_get_branch:178: inode 13: block 1024
[  227.170833][ T7399] XFS (loop4): Mounting V5 Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb
[  227.289245][ T7391] EXT4-fs error (device loop3): ext4_free_branches:1023: inode #13: comm syz.3.398: invalid indirect mapped block 1024 (level 0)
[  227.345979][ T7391] loop3: lost file I/O error report for ino 13 type 5 pos 0x0 len 0x0 error -117
[  227.378403][ T7391] EXT4-fs error (device loop3): ext4_validate_block_bitmap:441: comm syz.3.398: bg 0: block 35: padding at end of block bitmap is not set
[  227.427787][ T7391] loop3: lost filesystem error report for type 5 error -117
[  227.432625][ T7391] EXT4-fs error (device loop3) in ext4_mb_clear_bb:6679: Corrupt filesystem
[  227.497847][ T7399] XFS (loop4): Ending clean mount
[  227.514561][ T7399] XFS (loop4): Quotacheck needed: Please wait.
[  227.636316][ T7391] loop3: lost filesystem error report for type 5 error -117
[  228.629333][ T7391] EXT4-fs (loop3): 1 truncate cleaned up
[  228.733942][ T7391] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  228.819697][ T7426] loop2: detected capacity change from 0 to 128
[  229.085640][ T7426] EXT4-fs (loop2): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none.
[  229.111815][ T7426] ext4 filesystem being mounted at /85/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa supports timestamps until 2038-01-19 (0x7fffffff)
[  229.280617][ T7399] XFS (loop4): Quotacheck: Done.
[  229.459065][ T5620] XFS (loop4): Unmounting Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb
[  230.708397][ T5615] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  230.768392][ T7441] netlink: 'syz.4.407': attribute type 4 has an invalid length.
[  230.866059][ T5616] EXT4-fs (loop2): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09.
[  230.885385][ T7441] netlink: 'syz.4.407': attribute type 4 has an invalid length.
[  231.780111][ T7448] capability: warning: `syz.0.411' uses deprecated v2 capabilities in a way that may be insecure
[  231.847015][ T7454] loop2: detected capacity change from 0 to 128
[  231.927857][ T7454] EXT4-fs: Ignoring removed nomblk_io_submit option
[  231.977045][ T7451] loop3: detected capacity change from 0 to 4096
[  231.987166][ T7454] ext4: Unknown parameter 'euid'
[  232.028541][ T7451] EXT4-fs: inline encryption not supported
[  232.196695][ T7451] EXT4-fs (loop3): Test dummy encryption mode enabled
[  232.240499][ T7451] [EXT4 FS bs=4096, gc=1, bpg=524288, ipg=32, mo=a842c018, mo2=0003]
[  232.274006][ T7451] System zones: 0-5
[  232.751881][ T7463] loop4: detected capacity change from 0 to 512
[  232.778213][ T7451] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  232.818768][ T7463] trusted_key: encrypted_key: insufficient parameters specified
[  234.186740][ T5615] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  234.290898][ T1216] usb 6-1: new high-speed USB device number 7 using dummy_hcd
[  235.183131][ T1216] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  235.316578][ T1216] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  235.397414][ T1216] usb 6-1: New USB device found, idVendor=27b8, idProduct=01ed, bcdDevice= 0.00
[  235.670779][ T7497] sd 0:0:1:0: ioctl_internal_command: ILLEGAL REQUEST asc=0x20 ascq=0x0
[  236.201025][ T1216] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  236.231294][ T1216] usb 6-1: config 0 descriptor??
[  237.053390][ T1216] usbhid 6-1:0.0: can't add hid device: -71
[  237.100443][ T1216] usbhid 6-1:0.0: probe with driver usbhid failed with error -71
[  237.119877][ T7510] ubi: mtd0 is already attached to ubi16
[  237.691994][ T1216] usb 6-1: USB disconnect, device number 7
[  238.783690][ T7523] loop6: detected capacity change from 0 to 7
[  238.938890][    C1] I/O error, dev loop6, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[  238.948274][    C1] Buffer I/O error on dev loop6, logical block 0, async page read
[  239.708006][    C1] I/O error, dev loop6, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[  239.717239][    C1] Buffer I/O error on dev loop6, logical block 0, async page read
[  240.393500][    C1] I/O error, dev loop6, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[  240.402745][    C1] Buffer I/O error on dev loop6, logical block 0, async page read
[  240.419664][    C1] I/O error, dev loop6, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[  240.428867][    C1] Buffer I/O error on dev loop6, logical block 0, async page read
[  240.440684][    C1] I/O error, dev loop6, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[  240.449855][    C1] Buffer I/O error on dev loop6, logical block 0, async page read
[  240.458720][    C1] I/O error, dev loop6, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[  240.467914][    C1] Buffer I/O error on dev loop6, logical block 0, async page read
[  240.478182][    C1] I/O error, dev loop6, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[  240.487357][    C1] Buffer I/O error on dev loop6, logical block 0, async page read
[  240.498006][ T7523] ldm_validate_partition_table(): Disk read failed.
[  240.507674][    C1] I/O error, dev loop6, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[  240.516863][    C1] Buffer I/O error on dev loop6, logical block 0, async page read
[  240.527573][    C1] I/O error, dev loop6, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[  240.536830][    C1] Buffer I/O error on dev loop6, logical block 0, async page read
[  240.549364][    C1] I/O error, dev loop6, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[  240.558564][    C1] Buffer I/O error on dev loop6, logical block 0, async page read
[  240.568772][ T7523] Dev loop6: unable to read RDB block 0
[  242.726370][ T7523]  loop6: unable to read partition table
[  242.951174][ T7523] loop6: partition table beyond EOD, truncated
[  242.989094][ T7523] loop_reread_partitions: partition scan of loop6 (���������S�j̖�P=ý?�}X���	���%��`��ր����5) failed (rc=-5)
[  248.477011][ T7575] netlink: 4 bytes leftover after parsing attributes in process `syz.5.434'.
[  250.695428][ T7575] nbd: socks must be embedded in a SOCK_ITEM attr
[  250.716353][ T5624] Bluetooth: hci6: unexpected cc 0x0c03 length: 249 > 1
[  250.733421][ T5624] Bluetooth: hci6: unexpected cc 0x1003 length: 249 > 9
[  250.810884][ T5624] Bluetooth: hci6: unexpected cc 0x1001 length: 249 > 9
[  250.832895][ T5624] Bluetooth: hci6: unexpected cc 0x0c23 length: 249 > 4
[  250.848943][ T5624] Bluetooth: hci6: unexpected cc 0x0c38 length: 249 > 2
[  252.056286][   T50] Bluetooth: hci6: unexpected cc 0x0c03 length: 249 > 1
[  252.063872][   T50] Bluetooth: hci6: unexpected cc 0x1003 length: 249 > 9
[  252.071661][   T50] Bluetooth: hci6: unexpected cc 0x1001 length: 249 > 9
[  252.081114][   T50] Bluetooth: hci6: unexpected cc 0x0c23 length: 249 > 4
[  252.092629][   T50] Bluetooth: hci6: unexpected cc 0x0c38 length: 249 > 2
[  252.112097][ T5740] block nbd64: NBD_DISCONNECT
[  254.814170][   T30] audit: type=1326 audit(1777296396.788:12): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7619 comm="syz.1.443" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8773b9cdd9 code=0x7ffc0000
[  254.845165][   T50] Bluetooth: hci6: command tx timeout
[  254.981313][ T1308] ieee802154 phy0 wpan0: encryption failed: -22
[  254.989594][ T1308] ieee802154 phy1 wpan1: encryption failed: -22
[  255.640000][ T7630] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  255.722780][   T30] audit: type=1326 audit(1777296396.788:13): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7619 comm="syz.1.443" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8773b9cdd9 code=0x7ffc0000
[  256.825104][   T30] audit: type=1326 audit(1777296396.788:14): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7619 comm="syz.1.443" exe="/root/syz-executor" sig=0 arch=c000003e syscall=317 compat=0 ip=0x7f8773b9cdd9 code=0x7ffc0000
[  256.867786][ T7636] fuse: fd is not a fuse device
[  257.353952][   T30] audit: type=1326 audit(1777296396.788:15): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7619 comm="syz.1.443" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8773b9cdd9 code=0x7ffc0000
[  257.613900][ T7647] tipc: Started in network mode
[  257.621183][ T7647] tipc: Node identity 4, cluster identity 4711
[  257.627547][ T7647] tipc: Node number set to 4
[  257.992645][   T50] Bluetooth: hci6: command tx timeout
[  258.041096][   T30] audit: type=1326 audit(1777296396.788:16): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7619 comm="syz.1.443" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8773b9cdd9 code=0x7ffc0000
[  258.081402][   T30] audit: type=1326 audit(1777296396.788:17): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7619 comm="syz.1.443" exe="/root/syz-executor" sig=0 arch=c000003e syscall=0 compat=0 ip=0x7f8773b9cdd9 code=0x7ffc0000
[  258.109281][   T30] audit: type=1326 audit(1777296396.788:18): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7619 comm="syz.1.443" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8773b9cdd9 code=0x7ffc0000
[  258.160676][ T7647] loop4: detected capacity change from 0 to 2048
[  258.304233][ T5740] udevd[5740]: inotify_add_watch(7, /dev/nbd64, 10) failed: No such file or directory
[  258.318007][   T30] audit: type=1326 audit(1777296396.788:19): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7619 comm="syz.1.443" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8773b9cdd9 code=0x7ffc0000
[  258.344500][ T7647] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  258.362907][   T30] audit: type=1326 audit(1777296396.788:20): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7619 comm="syz.1.443" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7f8773b9cdd9 code=0x7ffc0000
[  258.553162][   T30] audit: type=1326 audit(1777296396.788:21): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7619 comm="syz.1.443" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8773b9cdd9 code=0x7ffc0000
[  259.534832][ T5620] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  260.442341][   T50] Bluetooth: hci6: command tx timeout
[  260.696798][ T7674] loop5: detected capacity change from 0 to 2048
[  260.939674][ T7674] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000)
[  261.171293][ T7685] netlink: 'syz.4.453': attribute type 7 has an invalid length.
[  261.179424][ T7685] netlink: 'syz.4.453': attribute type 8 has an invalid length.
[  262.490696][   T50] Bluetooth: hci6: command tx timeout
[  262.682148][ T7687] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  264.714503][ T7718] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  267.167310][ T7731] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  269.432822][ T7755] netlink: 4 bytes leftover after parsing attributes in process `syz.4.468'.
[  270.177387][ T7755] nbd: socks must be embedded in a SOCK_ITEM attr
[  275.546693][ T6045] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  276.690838][ T6005] udevd[6005]: inotify_add_watch(7, /dev/nbd64, 10) failed: No such file or directory
[  276.709356][ T5740] udevd[5740]: inotify_add_watch(7, /dev/nbd64, 10) failed: No such file or directory
[  276.884918][ T7783] loop5: detected capacity change from 0 to 1024
[  276.903916][ T7783] EXT4-fs: inline encryption not supported
[  276.927060][ T7783] EXT4-fs: Ignoring removed bh option
[  276.973392][ T7783] EXT4-fs (loop5): bad geometry: bigalloc file system with non-zero first_data_block
[  276.973392][ T7783] 
[  277.190134][ T6045] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  278.354208][ T6045] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  280.682324][ T7812] loop5: detected capacity change from 0 to 1024
[  280.706291][ T7812] EXT4-fs: inline encryption not supported
[  280.816132][ T7812] EXT4-fs: Ignoring removed bh option
[  280.834776][ T7826] netlink: 4 bytes leftover after parsing attributes in process `syz.2.482'.
[  281.012460][ T7812] EXT4-fs (loop5): bad geometry: bigalloc file system with non-zero first_data_block
[  281.012460][ T7812] 
[  281.145782][ T7826] nbd: socks must be embedded in a SOCK_ITEM attr
[  281.477397][ T7832] binder: 7825:7832 ioctl 81e8943c 0 returned -22
[  282.307561][ T5861] IPVS: starting estimator thread 0...
[  284.481038][ T7833] IPVS: using max 24 ests per chain, 57600 per kthread
[  284.652128][ T6045] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  286.893974][ T6005] udevd[6005]: inotify_add_watch(7, /dev/nbd64, 10) failed: No such file or directory
[  286.995200][   T50] block nbd0: Receive control failed (result -32)
[  287.006661][ T5740] udevd[5740]: inotify_add_watch(7, /dev/nbd64, 10) failed: No such file or directory
[  287.030870][   T50] block nbd0: Receive control failed (result -32)
[  287.042358][ T7602] bridge0: port 1(bridge_slave_0) entered blocking state
[  287.053041][ T7602] bridge0: port 1(bridge_slave_0) entered disabled state
[  287.061013][ T7602] bridge_slave_0: entered allmulticast mode
[  287.100468][ T7602] bridge_slave_0: entered promiscuous mode
[  287.356091][ T7830] nbd0: detected capacity change from 0 to 128
[  287.546063][ T7852] loop5: detected capacity change from 0 to 1024
[  287.568545][ T5740] 
[  287.571013][ T5740] ======================================================
[  287.578074][ T5740] WARNING: possible circular locking dependency detected
[  287.585207][ T5740] syzkaller #0 Not tainted
[  287.589627][ T5740] ------------------------------------------------------
[  287.596656][ T5740] udevd/5740 is trying to acquire lock:
[  287.602196][ T5740] ffff88803398ba68 (&nsock->tx_lock){+.+.}-{4:4}, at: nbd_queue_rq+0x37b/0x1100
[  287.611369][ T5740] 
[  287.611369][ T5740] but task is already holding lock:
[  287.618728][ T5740] ffff888063eb51f8 (&cmd->lock){+.+.}-{4:4}, at: nbd_queue_rq+0xc6/0x1100
[  287.620153][ T7602] bridge0: port 2(bridge_slave_1) entered blocking state
[  287.627279][ T5740] 
[  287.627279][ T5740] which lock already depends on the new lock.
[  287.627279][ T5740] 
[  287.627290][ T5740] 
[  287.627290][ T5740] the existing dependency chain (in reverse order) is:
[  287.627300][ T5740] 
[  287.627300][ T5740] -> #6 (&cmd->lock){+.+.}-{4:4}:
[  287.627341][ T5740]        __mutex_lock+0x1a3/0x1550
[  287.627374][ T5740]        nbd_queue_rq+0xc6/0x1100
[  287.671659][ T5740]        blk_mq_dispatch_rq_list+0xa70/0x1910
[  287.671705][ T5740]        __blk_mq_sched_dispatch_requests+0xdcc/0x1600
[  287.671743][ T5740]        blk_mq_sched_dispatch_requests+0xd7/0x190
[  287.671781][ T5740]        blk_mq_run_hw_queue+0x348/0x4f0
[  287.671814][ T5740]        blk_mq_dispatch_list+0xd16/0xe10
[  287.671851][ T5740]        blk_mq_flush_plug_list+0x48d/0x570
[  287.671889][ T5740]        __blk_flush_plug+0x3ed/0x4d0
[  287.671927][ T5740]        __submit_bio+0x28d/0x580
[  287.671975][ T5740]        submit_bio_noacct_nocheck+0x2f4/0xa40
[  287.672009][ T5740]        block_read_full_folio+0x7b7/0x830
[  287.672036][ T5740]        filemap_read_folio+0x137/0x3b0
[  287.672071][ T5740]        do_read_cache_folio+0x358/0x590
[  287.672108][ T5740]        read_part_sector+0xb6/0x2b0
[  287.672140][ T5740]        adfspart_check_ICS+0xb1/0x960
[  287.672168][ T5740]        bdev_disk_changed+0x817/0x1770
[  287.672203][ T5740]        blkdev_get_whole+0x380/0x510
[  287.672231][ T5740]        bdev_open+0x31e/0xd30
[  287.672255][ T5740]        blkdev_open+0x470/0x610
[  287.672271][ T5740]        do_dentry_open+0x785/0x14e0
[  287.672290][ T5740]        vfs_open+0x3b/0x340
[  287.672307][ T5740]        path_openat+0x2e08/0x3860
[  287.672332][ T5740]        do_file_open+0x23e/0x4a0
[  287.672356][ T5740]        do_sys_openat2+0x113/0x200
[  287.672375][ T5740]        __x64_sys_openat+0x138/0x170
[  287.672396][ T5740]        do_syscall_64+0x15f/0xf80
[  287.672416][ T5740]        entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  287.672435][ T5740] 
[  287.672435][ T5740] -> #5 (set->srcu){.+.+}-{0:0}:
[  287.672466][ T5740]        __synchronize_srcu+0xca/0x300
[  287.672484][ T5740]        elevator_switch+0x1e8/0x7a0
[  287.672508][ T5740]        elevator_change+0x2cc/0x450
[  287.672532][ T5740]        elevator_set_default+0x36c/0x430
[  287.672556][ T5740]        blk_register_queue+0x3e9/0x4e0
[  287.672583][ T5740]        __add_disk+0x677/0xd50
[  287.672599][ T5740]        add_disk_fwnode+0xfb/0x480
[  287.672616][ T5740]        nbd_dev_add+0x72c/0xb50
[  287.672632][ T5740]        nbd_init+0x168/0x1f0
[  287.672656][ T5740]        do_one_initcall+0x250/0x870
[  287.672676][ T5740]        do_initcall_level+0x104/0x190
[  287.672696][ T5740]        do_initcalls+0x59/0xa0
[  287.672716][ T5740]        kernel_init_freeable+0x2a6/0x3e0
[  287.672735][ T5740]        kernel_init+0x1d/0x1d0
[  287.672759][ T5740]        ret_from_fork+0x514/0xb70
[  287.672776][ T5740]        ret_from_fork_asm+0x1a/0x30
[  287.672798][ T5740] 
[  287.672798][ T5740] -> #4 (&q->elevator_lock){+.+.}-{4:4}:
[  287.672826][ T5740]        __mutex_lock+0x1a3/0x1550
[  287.672846][ T5740]        elevator_change+0x1b3/0x450
[  287.672870][ T5740]        elevator_set_none+0xb5/0x140
[  287.672894][ T5740]        blk_mq_update_nr_hw_queues+0x5e7/0x1a60
[  287.672912][ T5740]        nbd_start_device+0x17f/0xb10
[  287.672928][ T5740]        nbd_genl_connect+0x165b/0x1cf0
[  287.672960][ T5740]        genl_family_rcv_msg_doit+0x22a/0x330
[  287.672989][ T5740]        genl_rcv_msg+0x61c/0x7a0
[  287.673014][ T5740]        netlink_rcv_skb+0x232/0x4b0
[  287.673034][ T5740]        genl_rcv+0x28/0x40
[  287.673058][ T5740]        netlink_unicast+0x75c/0x8e0
[  287.673075][ T5740]        netlink_sendmsg+0x813/0xb40
[  287.673095][ T5740]        ____sys_sendmsg+0x972/0x9f0
[  287.673121][ T5740]        ___sys_sendmsg+0x2a5/0x360
[  287.673153][ T5740]        __x64_sys_sendmsg+0x1bd/0x2a0
[  287.673184][ T5740]        do_syscall_64+0x15f/0xf80
[  287.673204][ T5740]        entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  287.673222][ T5740] 
[  287.673222][ T5740] -> #3 (&q->q_usage_counter(io)#49){++++}-{0:0}:
[  287.673257][ T5740]        blk_alloc_queue+0x546/0x680
[  287.673280][ T5740]        __blk_mq_alloc_disk+0x197/0x390
[  287.673308][ T5740]        nbd_dev_add+0x499/0xb50
[  287.673323][ T5740]        nbd_init+0x168/0x1f0
[  287.673344][ T5740]        do_one_initcall+0x250/0x870
[  287.673364][ T5740]        do_initcall_level+0x104/0x190
[  287.673383][ T5740]        do_initcalls+0x59/0xa0
[  287.673401][ T5740]        kernel_init_freeable+0x2a6/0x3e0
[  287.673420][ T5740]        kernel_init+0x1d/0x1d0
[  287.673444][ T5740]        ret_from_fork+0x514/0xb70
[  287.673461][ T5740]        ret_from_fork_asm+0x1a/0x30
[  287.673482][ T5740] 
[  287.673482][ T5740] -> #2 (fs_reclaim){+.+.}-{0:0}:
[  287.673511][ T5740]        fs_reclaim_acquire+0x71/0x100
[  287.673540][ T5740]        kmem_cache_alloc_node_noprof+0x4a/0x690
[  287.673571][ T5740]        __alloc_skb+0x1d0/0x7d0
[  287.673589][ T5740]        tcp_stream_alloc_skb+0x3f/0x580
[  287.673616][ T5740]        tcp_sendmsg_locked+0x1345/0x5360
[  287.673644][ T5740]        tcp_sendmsg+0x2f/0x50
[  287.673670][ T5740]        sock_write_iter+0x406/0x4f0
[  287.673695][ T5740]        vfs_write+0x61d/0xb90
[  287.673720][ T5740]        ksys_write+0x150/0x270
[  287.673744][ T5740]        do_syscall_64+0x15f/0xf80
[  287.673763][ T5740]        entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  287.673781][ T5740] 
[  287.673781][ T5740] -> #1 (sk_lock-AF_INET){+.+.}-{0:0}:
[  287.673810][ T5740]        lock_sock_nested+0x41/0x100
[  287.673838][ T5740]        inet_shutdown+0x6a/0x390
[  287.673862][ T5740]        nbd_mark_nsock_dead+0x2e9/0x560
[  287.673880][ T5740]        recv_work+0x1c2e/0x1d40
[  287.673897][ T5740]        process_scheduled_works+0xb5d/0x1860
[  287.673915][ T5740]        worker_thread+0xa53/0xfc0
[  287.673933][ T5740]        kthread+0x388/0x470
[  287.673960][ T5740]        ret_from_fork+0x514/0xb70
[  287.673977][ T5740]        ret_from_fork_asm+0x1a/0x30
[  287.673998][ T5740] 
[  287.673998][ T5740] -> #0 (&nsock->tx_lock){+.+.}-{4:4}:
[  287.674027][ T5740]        __lock_acquire+0x15a5/0x2cf0
[  287.674046][ T5740]        lock_acquire+0x106/0x350
[  287.674064][ T5740]        __mutex_lock+0x1a3/0x1550
[  287.674084][ T5740]        nbd_queue_rq+0x37b/0x1100
[  287.674100][ T5740]        blk_mq_dispatch_rq_list+0xa70/0x1910
[  287.674125][ T5740]        __blk_mq_sched_dispatch_requests+0xdcc/0x1600
[  287.674153][ T5740]        blk_mq_sched_dispatch_requests+0xd7/0x190
[  287.674188][ T5740]        blk_mq_run_hw_queue+0x348/0x4f0
[  287.674221][ T5740]        blk_mq_dispatch_list+0xd16/0xe10
[  287.674250][ T5740]        blk_mq_flush_plug_list+0x48d/0x570
[  287.674276][ T5740]        __blk_flush_plug+0x3ed/0x4d0
[  287.674301][ T5740]        __submit_bio+0x28d/0x580
[  287.674327][ T5740]        submit_bio_noacct_nocheck+0x2f4/0xa40
[  287.674352][ T5740]        block_read_full_folio+0x7b7/0x830
[  287.674370][ T5740]        filemap_read_folio+0x137/0x3b0
[  287.674395][ T5740]        do_read_cache_folio+0x358/0x590
[  287.674421][ T5740]        read_part_sector+0xb6/0x2b0
[  287.674445][ T5740]        adfspart_check_ICS+0xb1/0x960
[  287.674471][ T5740]        bdev_disk_changed+0x817/0x1770
[  287.674495][ T5740]        blkdev_get_whole+0x380/0x510
[  287.674521][ T5740]        bdev_open+0x31e/0xd30
[  287.674545][ T5740]        blkdev_open+0x470/0x610
[  287.674560][ T5740]        do_dentry_open+0x785/0x14e0
[  287.674579][ T5740]        vfs_open+0x3b/0x340
[  287.674602][ T5740]        path_openat+0x2e08/0x3860
[  287.674631][ T5740]        do_file_open+0x23e/0x4a0
[  287.674655][ T5740]        do_sys_openat2+0x113/0x200
[  287.674674][ T5740]        __x64_sys_openat+0x138/0x170
[  287.674695][ T5740]        do_syscall_64+0x15f/0xf80
[  287.674716][ T5740]        entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  287.674733][ T5740] 
[  287.674733][ T5740] other info that might help us debug this:
[  287.674733][ T5740] 
[  287.674741][ T5740] Chain exists of:
[  287.674741][ T5740]   &nsock->tx_lock --> set->srcu --> &cmd->lock
[  287.674741][ T5740] 
[  287.674776][ T5740]  Possible unsafe locking scenario:
[  287.674776][ T5740] 
[  287.674782][ T5740]        CPU0                    CPU1
[  287.674789][ T5740]        ----                    ----
[  287.674796][ T5740]   lock(&cmd->lock);
[  287.674810][ T5740]                                lock(set->srcu);
[  287.674826][ T5740]                                lock(&cmd->lock);
[  287.674842][ T5740]   lock(&nsock->tx_lock);
[  287.674856][ T5740] 
[  287.674856][ T5740]  *** DEADLOCK ***
[  287.674856][ T5740] 
[  287.674862][ T5740] 3 locks held by udevd/5740:
[  287.674873][ T5740]  #0: ffff888026d7a350 (&disk->open_mutex){+.+.}-{4:4}, at: bdev_open+0xe0/0xd30
[  287.674928][ T5740]  #1: ffff8880223a0618 (set->srcu){.+.+}-{0:0}, at: blk_mq_run_hw_queue+0x31f/0x4f0
[  287.674986][ T5740]  #2: ffff888063eb51f8 (&cmd->lock){+.+.}-{4:4}, at: nbd_queue_rq+0xc6/0x1100
[  287.675048][ T5740] 
[  287.675048][ T5740] stack backtrace:
[  287.675061][ T5740] CPU: 0 UID: 0 PID: 5740 Comm: udevd Not tainted syzkaller #0 PREEMPT(full) 
[  287.675088][ T5740] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026
[  287.675104][ T5740] Call Trace:
[  287.675111][ T5740]  <TASK>
[  287.675119][ T5740]  dump_stack_lvl+0xe8/0x150
[  287.675139][ T5740]  print_circular_bug+0x2e1/0x300
[  287.675165][ T5740]  check_noncircular+0x12e/0x150
[  287.675193][ T5740]  __lock_acquire+0x15a5/0x2cf0
[  287.675216][ T5740]  ? irqentry_exit+0x218/0x730
[  287.675237][ T5740]  ? srso_alias_return_thunk+0x5/0xfbef5
[  287.675258][ T5740]  ? lockdep_hardirqs_on+0x7a/0x110
[  287.675284][ T5740]  ? __pfx___schedule+0x10/0x10
[  287.675308][ T5740]  ? srso_alias_return_thunk+0x5/0xfbef5
[  287.675345][ T5740]  ? nbd_queue_rq+0x37b/0x1100
[  287.675362][ T5740]  lock_acquire+0x106/0x350
[  287.675381][ T5740]  ? nbd_queue_rq+0x37b/0x1100
[  287.675401][ T5740]  ? srso_alias_return_thunk+0x5/0xfbef5
[  287.675425][ T5740]  __mutex_lock+0x1a3/0x1550
[  287.675446][ T5740]  ? nbd_queue_rq+0x37b/0x1100
[  287.675462][ T5740]  ? srso_alias_return_thunk+0x5/0xfbef5
[  287.675483][ T5740]  ? is_bpf_text_address+0x292/0x2b0
[  287.675502][ T5740]  ? is_bpf_text_address+0x26/0x2b0
[  287.675521][ T5740]  ? srso_alias_return_thunk+0x5/0xfbef5
[  287.675542][ T5740]  ? kernel_text_address+0xa5/0xe0
[  287.675568][ T5740]  ? srso_alias_return_thunk+0x5/0xfbef5
[  287.675589][ T5740]  ? __kernel_text_address+0xd/0x30
[  287.675615][ T5740]  ? srso_alias_return_thunk+0x5/0xfbef5
[  287.675635][ T5740]  ? unwind_get_return_address+0x4d/0x90
[  287.675659][ T5740]  ? srso_alias_return_thunk+0x5/0xfbef5
[  287.675679][ T5740]  ? nbd_queue_rq+0x37b/0x1100
[  287.675698][ T5740]  ? __pfx___mutex_lock+0x10/0x10
[  287.675723][ T5740]  ? srso_alias_return_thunk+0x5/0xfbef5
[  287.675744][ T5740]  ? stack_trace_save+0xa9/0x100
[  287.675772][ T5740]  ? __pfx_stack_trace_save+0x10/0x10
[  287.675799][ T5740]  ? srso_alias_return_thunk+0x5/0xfbef5
[  287.675823][ T5740]  nbd_queue_rq+0x37b/0x1100
[  287.675843][ T5740]  ? srso_alias_return_thunk+0x5/0xfbef5
[  287.675864][ T5740]  ? __lock_acquire+0x146e/0x2cf0
[  287.675885][ T5740]  ? __pfx_nbd_queue_rq+0x10/0x10
[  287.675910][ T5740]  blk_mq_dispatch_rq_list+0xa70/0x1910
[  287.675936][ T5740]  ? srso_alias_return_thunk+0x5/0xfbef5
[  287.675969][ T5740]  ? sbitmap_get+0x229/0x390
[  287.675998][ T5740]  ? __pfx_blk_mq_dispatch_rq_list+0x10/0x10
[  287.676024][ T5740]  ? __blk_mq_alloc_driver_tag+0x2e7/0x6e0
[  287.676053][ T5740]  __blk_mq_sched_dispatch_requests+0xdcc/0x1600
[  287.676090][ T5740]  ? __pfx___blk_mq_sched_dispatch_requests+0x10/0x10
[  287.676118][ T5740]  ? srso_alias_return_thunk+0x5/0xfbef5
[  287.676144][ T5740]  ? srso_alias_return_thunk+0x5/0xfbef5
[  287.676170][ T5740]  blk_mq_sched_dispatch_requests+0xd7/0x190
[  287.676199][ T5740]  ? blk_mq_run_hw_queue+0x31f/0x4f0
[  287.676223][ T5740]  blk_mq_run_hw_queue+0x348/0x4f0
[  287.676249][ T5740]  blk_mq_dispatch_list+0xd16/0xe10
[  287.676276][ T5740]  ? srso_alias_return_thunk+0x5/0xfbef5
[  287.676297][ T5740]  ? bdev_count_inflight+0x1cf/0x210
[  287.676316][ T5740]  ? blk_mq_dispatch_list+0x1b0/0xe10
[  287.676345][ T5740]  ? __pfx_blk_mq_dispatch_list+0x10/0x10
[  287.676375][ T5740]  ? srso_alias_return_thunk+0x5/0xfbef5
[  287.676408][ T5740]  ? srso_alias_return_thunk+0x5/0xfbef5
[  287.676437][ T5740]  ? rcu_is_watching+0x15/0xb0
[  287.676461][ T5740]  blk_mq_flush_plug_list+0x48d/0x570
[  287.676488][ T5740]  ? srso_alias_return_thunk+0x5/0xfbef5
[  287.676509][ T5740]  ? blk_add_rq_to_plug+0x300/0x450
[  287.676535][ T5740]  ? blk_mq_submit_bio+0x1acf/0x28e0
[  287.676562][ T5740]  ? __pfx_blk_mq_flush_plug_list+0x10/0x10
[  287.676594][ T5740]  __blk_flush_plug+0x3ed/0x4d0
[  287.676623][ T5740]  ? __pfx___blk_flush_plug+0x10/0x10
[  287.676654][ T5740]  __submit_bio+0x28d/0x580
[  287.676683][ T5740]  ? __pfx___submit_bio+0x10/0x10
[  287.676715][ T5740]  ? bio_associate_blkg+0x6d/0x230
[  287.676751][ T5740]  submit_bio_noacct_nocheck+0x2f4/0xa40
[  287.676782][ T5740]  ? srso_alias_return_thunk+0x5/0xfbef5
[  287.676806][ T5740]  ? __pfx_submit_bio_noacct_nocheck+0x10/0x10
[  287.676834][ T5740]  ? srso_alias_return_thunk+0x5/0xfbef5
[  287.676862][ T5740]  block_read_full_folio+0x7b7/0x830
[  287.676884][ T5740]  ? __pfx_blkdev_get_block+0x10/0x10
[  287.676902][ T5740]  filemap_read_folio+0x137/0x3b0
[  287.676928][ T5740]  ? srso_alias_return_thunk+0x5/0xfbef5
[  287.676954][ T5740]  ? __pfx_blkdev_read_folio+0x10/0x10
[  287.676982][ T5740]  ? __pfx_filemap_read_folio+0x10/0x10
[  287.677008][ T5740]  ? srso_alias_return_thunk+0x5/0xfbef5
[  287.677029][ T5740]  ? filemap_add_folio+0x356/0x530
[  287.677054][ T5740]  do_read_cache_folio+0x358/0x590
[  287.677081][ T5740]  ? __pfx_blkdev_read_folio+0x10/0x10
[  287.677112][ T5740]  read_part_sector+0xb6/0x2b0
[  287.677138][ T5740]  adfspart_check_ICS+0xb1/0x960
[  287.677165][ T5740]  ? srso_alias_return_thunk+0x5/0xfbef5
[  287.677186][ T5740]  ? seq_buf_printf+0x212/0x2d0
[  287.677207][ T5740]  ? __pfx___vmalloc_node_range_noprof+0x10/0x10
[  287.677234][ T5740]  ? __pfx_adfspart_check_ICS+0x10/0x10
[  287.677260][ T5740]  ? srso_alias_return_thunk+0x5/0xfbef5
[  287.677288][ T5740]  bdev_disk_changed+0x817/0x1770
[  287.677324][ T5740]  ? __pfx_bdev_disk_changed+0x10/0x10
[  287.677354][ T5740]  blkdev_get_whole+0x380/0x510
[  287.677383][ T5740]  bdev_open+0x31e/0xd30
[  287.677413][ T5740]  blkdev_open+0x470/0x610
[  287.677440][ T5740]  ? __pfx_blkdev_open+0x10/0x10
[  287.677462][ T5740]  do_dentry_open+0x785/0x14e0
[  287.677495][ T5740]  vfs_open+0x3b/0x340
[  287.677513][ T5740]  ? path_openat+0x2df0/0x3860
[  287.677540][ T5740]  path_openat+0x2e08/0x3860
[  287.677571][ T5740]  ? srso_alias_return_thunk+0x5/0xfbef5
[  287.677593][ T5740]  ? __pfx_stack_trace_save+0x10/0x10
[  287.677622][ T5740]  ? stack_depot_save_flags+0x33/0x810
[  287.677649][ T5740]  ? __pfx_path_openat+0x10/0x10
[  287.677674][ T5740]  ? __x64_sys_openat+0x138/0x170
[  287.677698][ T5740]  ? srso_alias_return_thunk+0x5/0xfbef5
[  287.677720][ T5740]  ? __lock_acquire+0x6b5/0x2cf0
[  287.677744][ T5740]  do_file_open+0x23e/0x4a0
[  287.677772][ T5740]  ? __pfx_do_file_open+0x10/0x10
[  287.677808][ T5740]  ? _raw_spin_unlock+0x28/0x50
[  287.677824][ T5740]  ? srso_alias_return_thunk+0x5/0xfbef5
[  287.677848][ T5740]  ? alloc_fd+0x64b/0x6c0
[  287.677880][ T5740]  do_sys_openat2+0x113/0x200
[  287.677901][ T5740]  ? __pfx___x64_sys_recvmsg+0x10/0x10
[  287.677926][ T5740]  ? __pfx_do_sys_openat2+0x10/0x10
[  287.677953][ T5740]  ? rcu_is_watching+0x15/0xb0
[  287.677975][ T5740]  ? srso_alias_return_thunk+0x5/0xfbef5
[  287.677998][ T5740]  __x64_sys_openat+0x138/0x170
[  287.678021][ T5740]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  287.678040][ T5740]  do_syscall_64+0x15f/0xf80
[  287.678060][ T5740]  ? srso_alias_return_thunk+0x5/0xfbef5
[  287.678083][ T5740]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  287.678102][ T5740] RIP: 0033:0x7f56638a7407
[  287.678118][ T5740] Code: 48 89 fa 4c 89 df e8 38 aa 00 00 8b 93 08 03 00 00 59 5e 48 83 f8 fc 74 1a 5b c3 0f 1f 84 00 00 00 00 00 48 8b 44 24 10 0f 05 <5b> c3 0f 1f 80 00 00 00 00 83 e2 39 83 fa 08 75 de e8 23 ff ff ff
[  287.678133][ T5740] RSP: 002b:00007ffe49bb4730 EFLAGS: 00000202 ORIG_RAX: 0000000000000101
[  287.678152][ T5740] RAX: ffffffffffffffda RBX: 00007f5663f5e880 RCX: 00007f56638a7407
[  287.678165][ T5740] RDX: 00000000000a0800 RSI: 000055cb3f6e43d0 RDI: ffffffffffffff9c
[  287.678178][ T5740] RBP: 000055cb3f6da910 R08: 0000000000000000 R09: 0000000000000000
[  287.678190][ T5740] R10: 0000000000000000 R11: 0000000000000202 R12: 000055cb3f704360
[  287.678201][ T5740] R13: 000055cb3f6e8190 R14: 0000000000000000 R15: 000055cb3f704360
[  287.678222][ T5740]  </TASK>
[  288.229903][ T7602] bridge0: port 2(bridge_slave_1) entered disabled state
[  288.401147][ T5740] block nbd0: Dead connection, failed to find a fallback
[  289.401198][ T5740] block nbd0: shutting down sockets
[  289.406544][ T5740] blk_print_req_error: 10 callbacks suppressed
[  289.406568][ T5740] I/O error, dev nbd0, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[  289.439663][ T7602] bridge_slave_1: entered allmulticast mode
[  289.448108][ T7602] bridge_slave_1: entered promiscuous mode
[  289.489661][ T7602] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  289.503082][ T7602] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  289.551112][ T5740] buffer_io_error: 10 callbacks suppressed
[  289.551133][ T5740] Buffer I/O error on dev nbd0, logical block 0, async page read
[  289.569871][ T5740] I/O error, dev nbd0, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[  289.585002][ T5740] Buffer I/O error on dev nbd0, logical block 0, async page read
[  289.631888][ T5740] I/O error, dev nbd0, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[  289.734438][ T5740] Buffer I/O error on dev nbd0, logical block 0, async page read
[  289.868182][ T5740] I/O error, dev nbd0, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[  289.926670][ T5740] Buffer I/O error on dev nbd0, logical block 0, async page read
[  289.971744][ T5740] I/O error, dev nbd0, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[  290.020493][ T5740] Buffer I/O error on dev nbd0, logical block 0, async page read
[  290.040077][ T5740] I/O error, dev nbd0, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[  290.049189][ T5740] Buffer I/O error on dev nbd0, logical block 0, async page read
[  290.057150][ T5740] I/O error, dev nbd0, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[  290.066244][ T5740] Buffer I/O error on dev nbd0, logical block 0, async page read
[  290.074828][ T5740] I/O error, dev nbd0, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[  290.084096][ T5740] Buffer I/O error on dev nbd0, logical block 0, async page read
[  290.085222][ T7602] team0: Port device team_slave_0 added
[  290.099459][ T5740] ldm_validate_partition_table(): Disk read failed.
[  290.108676][ T6045] bridge_slave_1: left allmulticast mode
[  290.112320][ T5740] I/O error, dev nbd0, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[  290.120298][ T6045] bridge_slave_1: left promiscuous mode
[  290.123658][ T5740] Buffer I/O error on dev nbd0, logical block 0, async page read
[  290.138962][ T5740] I/O error, dev nbd0, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[  290.141757][ T6045] bridge0: port 2(bridge_slave_1) entered disabled state
[  290.149338][ T5740] Buffer I/O error on dev nbd0, logical block 0, async page read
[  290.164244][ T5740] Dev nbd0: unable to read RDB block 0
[  290.170416][ T5740]  nbd0: unable to read partition table
[  290.177460][ T6045] bridge_slave_0: left allmulticast mode
[  290.184504][ T6045] bridge_slave_0: left promiscuous mode
[  290.185337][ T5740] ldm_validate_partition_table(): Disk read failed.
[  290.190255][ T6045] bridge0: port 1(bridge_slave_0) entered disabled state
[  290.206586][ T5740] Dev nbd0: unable to read RDB block 0
[  290.212796][ T5740]  nbd0: unable to read partition table
[  290.445234][ T6045] bond2 (unregistering): (slave gretap1): Releasing active interface
[  290.470276][ T6045] bond0 (unregistering): (slave bridge0): Releasing backup interface
[  290.513964][ T6045] bond2 (unregistering): (slave bridge1): Releasing active interface
[  290.575310][ T6045] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  290.586075][ T6045] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  290.597616][ T6045] bond0 (unregistering): Released all slaves
[  290.606486][ T6045] bond1 (unregistering): Released all slaves
[  290.617195][ T6045] bond2 (unregistering): Released all slaves
[  290.629329][ T7602] team0: Port device team_slave_1 added
[  290.666086][ T7602] batman_adv: batadv0: Adding interface: batadv_slave_0
[  290.673231][ T7602] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  290.700146][ T7602] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  290.724737][ T6045] tipc: Left network mode
[  290.726557][ T7602] batman_adv: batadv0: Adding interface: batadv_slave_1
[  290.738144][ T7602] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  290.764356][ T7602] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  290.807140][ T7602] hsr_slave_0: entered promiscuous mode
[  290.815528][ T7602] hsr_slave_1: entered promiscuous mode
[  290.822335][ T7602] debugfs: 'hsr0' already exists in 'hsr'
[  290.829291][ T7602] Cannot create hsr debugfs directory
[  290.960038][ T6045] hsr_slave_0: left promiscuous mode
[  290.966627][ T6045] hsr_slave_1: left promiscuous mode
[  290.974035][ T6045] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  290.982756][ T6045] batman_adv: batadv0: Removing interface: batadv_slave_0
[  290.991338][ T6045] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  290.998816][ T6045] batman_adv: batadv0: Removing interface: batadv_slave_1
[  291.011710][ T6045] veth1_macvtap: left promiscuous mode
[  291.017362][ T6045] veth0_macvtap: left promiscuous mode
[  291.023194][ T6045] veth1_vlan: left promiscuous mode
[  291.028578][ T6045] veth0_vlan: left promiscuous mode
[  291.188794][ T6045] team0 (unregistering): Port device team_slave_1 removed
[  291.203077][ T6045] team0 (unregistering): Port device team_slave_0 removed
[  291.293425][ T5280] 8021q: adding VLAN 0 to HW filter on device eth2
[  291.351170][ T7602] netdevsim netdevsim6 netdevsim0: renamed from eth0
[  291.361411][ T7602] 8021q: adding VLAN 0 to HW filter on device netdevsim0
[  291.369228][ T7602] netdevsim netdevsim6 netdevsim1: renamed from eth1
[  291.378980][ T7602] 8021q: adding VLAN 0 to HW filter on device netdevsim1
[  291.388388][ T7602] netdevsim netdevsim6 netdevsim2: renamed from eth2
[  291.426214][ T7602] 8021q: adding VLAN 0 to HW filter on device netdevsim2
[  291.434551][ T7602] netdevsim netdevsim6 netdevsim3: renamed from eth3
[  291.443983][ T7602] 8021q: adding VLAN 0 to HW filter on device netdevsim3
[  291.528685][ T7602] 8021q: adding VLAN 0 to HW filter on device bond0
[  291.556882][ T7602] 8021q: adding VLAN 0 to HW filter on device team0
[  291.568136][ T5810] bridge0: port 1(bridge_slave_0) entered blocking state
[  291.575709][ T5810] bridge0: port 1(bridge_slave_0) entered forwarding state
[  291.604336][ T5810] bridge0: port 2(bridge_slave_1) entered blocking state
[  291.611462][ T5810] bridge0: port 2(bridge_slave_1) entered forwarding state
[  291.810413][ T5280] 8021q: adding VLAN 0 to HW filter on device eth1
[  291.984647][ T7602] 8021q: adding VLAN 0 to HW filter on device batadv0
[  292.213254][ T7602] veth0_vlan: entered promiscuous mode
[  292.226161][ T7602] veth1_vlan: entered promiscuous mode
[  292.234553][ T5280] 8021q: adding VLAN 0 to HW filter on device eth3
[  292.259399][ T7602] veth0_macvtap: entered promiscuous mode
[  292.269096][ T7602] veth1_macvtap: entered promiscuous mode
[  292.291667][ T7602] batman_adv: batadv0: Interface activated: batadv_slave_0
[  292.306036][ T7602] batman_adv: batadv0: Interface activated: batadv_slave_1
[  292.320993][ T7015] netdevsim netdevsim6 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  292.341646][ T7015] netdevsim netdevsim6 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  292.363582][ T7015] netdevsim netdevsim6 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  292.377066][ T7602] ieee80211 phy16: Selected rate control algorithm 'minstrel_ht'
[  292.385672][ T7015] netdevsim netdevsim6 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  292.416267][ T7015] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  292.417904][ T7602] ieee80211 phy17: Selected rate control algorithm 'minstrel_ht'
[  292.432730][ T7015] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  292.464960][ T5810] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  292.473059][ T5810] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  292.649451][ T5280] 8021q: adding VLAN 0 to HW filter on device eth4