last executing test programs:

22.416707488s ago: executing program 1 (id=486):
r0 = io_uring_setup(0x28a6, &(0x7f0000000200)={0x0, 0xfffffffd, 0x2, 0x0, 0x6})
bpf$PROG_LOAD(0x5, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x6)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x0, 0x0)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000300)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f0000000380)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r4 = socket$nl_netfilter(0x10, 0x3, 0xc)
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)
r5 = openat$fuse(0xffffffffffffff9c, &(0x7f0000002080), 0x2, 0x0)
mount$fuse(0x0, &(0x7f00000020c0)='./file0\x00', &(0x7f0000002100), 0x0, &(0x7f0000002140)={{'fd', 0x3d, r5}, 0x2c, {'rootmode', 0x3d, 0x4000}})
write$FUSE_NOTIFY_INVAL_ENTRY(r5, &(0x7f00000043c0)={0x29, 0x3, 0x0, {0x1, 0x8, 0x0, 'group_id'}}, 0x29)
gettid()
bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0x14, 0x7, 0x8c, 0x401, 0x1bcd9, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x3, 0x0, 0x1}, 0x50)
r6 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
bind$bt_hci(r6, &(0x7f0000000100)={0x1f, 0xffff, 0x3}, 0x6)
write$binfmt_misc(r6, &(0x7f0000000000), 0xd)
sendmsg$NFULNL_MSG_CONFIG(r4, 0x0, 0x0)
fsetxattr$system_posix_acl(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x3)
io_uring_register$IORING_REGISTER_BUFFERS2(r0, 0xf, &(0x7f0000001580)={0x0, 0x0, 0x0, 0x0, 0x0}, 0x20)
io_uring_enter(r0, 0x785e, 0x90f3, 0x1, 0x0, 0x0)
io_uring_register$IORING_REGISTER_BUFFERS_UPDATE(r0, 0x10, &(0x7f0000001b00)={0x0, 0x0, &(0x7f0000001a80)=[{0x0}], 0x0, 0x1}, 0x20)
syz_mount_image$udf(&(0x7f0000000040), &(0x7f0000000080)='./file0\x00', 0x100c007, &(0x7f0000000140)=ANY=[@ANYBLOB="646d6f64653d30303030303030303030303030303030303030303030302c6e6f7672732c6e6f6164696e696362402610b022771aa438acea198878372c6c6f6e67616400696f636861727365743d6370313235352c6c617374626c6f636b3d30303030303030303030303030303034373636352c706172746974696f6e3d30303030303030303030303030303030303030342c616e63686f723d30303030303030303030303030303030303030382c646d6f64653d30303030303030303030"], 0xfd, 0xc2f, &(0x7f0000000280)="$eJzs3UFsHNd9B+D/G5Ja0m4qJk4Uu42LdVukMmO5sqSYilW4q5pmG0CWiVDMLQBXJKUuTJEESTWykbZMLz30EKAoesiJQGsUSNHAqIugR7Z1geTiQ5FTT0QLG0HRA1sEyMlgMLNvpSVFWYxISpT1fTb12515b+bNm+EMJfDtCwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAg4vdePX/yhfSgWwEA3E8Xx7928pTnPwA8Ui75+z8AAAAAAAAAAAAAABx2KYp4IlIsXNxIk9X7tv4LrbnrNyZGRneuNpCqmj1V+fKr/4VTp898+cXhs538+Pr77al4ffzS+for89cWFmeWlmam6xNzran56WLXW9i5/sw9t2io7IBaRFyfvnJlqX7q+dNbVt8Y/LD2+LHBc8PPnni6XfZGfWJkdHS8q0xv3z3v/TZ3GuFxJIo4ESme+/5PUjMiqg7bY1/c5do5aAPVQQxVBzExMlodyGyrObdcrhzrdEQRUe+q1Oj00X04F3vSiFgpm182eKg8vPGF5mLz8uxMfay5uNxabs3PjaV2a8vjqUcRZ1PEakSs127fXF8U0Rspvnt0I12OiJ5OP3ypGhh853bs/jvrQJTtrPdFrBYPwTk7xGpRxGuR4qfvHY+pss/yV3wx4rUyfxDxdpkvR6TywjgT8cEO1xEPp94o4i/K839uI01X94POfeXC1+tfnbsy31W2c1/Z2/NhM1899/35MLAt749Dfm/qjyKa1R1/I937DzsAAAAAAAAAAAAAAAAA7LeBKOKpSPHqf/xRNa44qnHpR88N//7gp7qH+D55l+2kiHg+IlaK3Y3JPZKHEI+lsZQe8FjiR1l/FPHHefzftx90YwAAAAAAAAAAAAAAAAAAAB5pRfw4Urz0/vG0Gt1zirfmrtYvNS/PtmeF7cz925kzfXNzc7Oe2tnIOZlzJedqzrWc6zmjyPVzNnJO5lzJuZpzLed6zujJ9XM2ck7mXMm5mnMt53rO6M31czZyTuZcybmacy3nes44JHP3AgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB8khRRxEeR4jvf3EiRIqIRMRntXKs96NYBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAKVaKuLdSFH/g8bNZb0Rkar/246Xf5yJxpEyPxON4TJfjsb5nM0qexvffgDtZ2/6UhE/ihS1/ndunvBPtc9/X/vdzcsg3v7WrXe/0tvOns7KwQ9rjx87em549NeevNPrtFMDhi605q7fqE+MjI6Ody3uzXv/TNeywbzfYn8OnYhYevOtN5qzszOL9/6ivAT2UN2LXb84op/v7cVmvtp/0erRewga/4BePOAbE/dF+fz/IFL89vv/2Xngd37++6X2u5tP+PjZn9x6/r+0fUMH9Px/omvZS/mnkb7eiP7lawt9xyL6l95860TrWvPqzNWZuTMnT35lePgrp0/2HYnov9Kanel6teeuAgAAAAAAAAAAAAAAALi/UhG/GymaP9pI9Yi4UY3XGjw3/OyJp3uipxpvtWXc1uvjl87XX5m/trA4s7Q0M12fmGtNzU/P7HZ3/dVwr4mR0QM5mLsaOOD2D/S/Mr/w5mLr6h8u77j+sf7zl5eWF5tTO6+OgSgiGt1LhqoGT4yMVo2ebTXnqqpjOw6m+8X1pSL+K1JMnamnZ/KyPP5v+wj/LeP/V7Zv6IDG/326a1m5z5SK+Fmk+K2/fDKeqdr5WNzWZ7nc30aKobNfyOXiSFmu04b25wq0RwaWZf8vUvzjR1vLdsZDPnGr7Au77tiHRHn+j0aKd//8e/HreVnvls9/2Pn8P7Z9Q7s8/5t/uq3eXc7/Z7uWPbbl8wr25/gfdeX5PxEpXn7infiNvKz3Yz7/o/PZG8dz4Zufz3FA3/+f61o2mPf7m/tz6AAAAAAAAAAAAA+1vlTE30WKp0d704t52W5+/296+4YO6Pe/Pt+1bHp/5iu664s9dyoAAAAAHBJ9qYgfR4qry+/cHEO9dfx31/jP37k1/nMkbVtb/TvfL1efG7Cf//7XbTDvd3Lvhw0AAAAAAAAAAAAAAAAAAACHSkpFvJjnU5+8y3zqa5Hi1f95LpdLx8pynXngB6s/+y/Oz504Pzs7P9Vcbl6enamPLzSnZsq6n40UG3/zhVy3qOZXf2bbPjpzsS9GitG/75Rtz8XemZu8PR94ey72suynI8V//8PWsp15rD93q+ypsuxfR4pv/PPOZY/dKnu6LPu9SPHDb9Q7ZR8ry3Y+H/Xzt8o+PzVf7Ov5AAAAAAAAAAAAAAAAAAAA4NHUl4r4s0jxv9dWb47lz/P/93W9rbz9ra75/re5Uc3zP1jN/3+n1/cy///g7TU+2myL2Dx6j0cNAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACHW4oi3ooUCxc30lqtfN/Wf6E1d/3GxMjoztUGUlWzpypffvW/cOr0mS+/OHy2kx9ff789Fa+PXzpff2X+2sLizNLSzHR9Yq41NT89s+st7LX+dkNVB9SvvXF9+sqVpfqp509vWX1j8MPa48cGzw0/e+LpTtmJkdHR8a4yvX33vPfbpDssPxJF/FWkeO77P0n/UosoYu99cZdr56ANVAcxVB3ExMhodSCzrebccrlyrNMRRUS9q1Kj00f34VzsSSNipWx+2eCh8vDGF5qLzcuzM/Wx5uJya7k1PzeW2q0tj6ceRZxNEasRcbR2++b6oog3IsV3j26kf61F9HT64UsXx7928tSd21Ec4DHuQtnOel/EavEQnLNDrBZF/FOk+Ol7x+PfahG90f6KL0a8VuYPIt6O9vlO5YVxJuKDHa4jHk69UcT/l+f/3EZ6r1beDzr3lQtfr391+d3usp37ykP/fLifDvm9qT+K+GF1x99I/+77GgAAAAAAAAAAAAAAAOAQKeJXI8VL7x9P67W4NSh6sTV3tX6peXm2PayvM/avs3pzc3OzntrZyDmZcyXnas61nOs5o8j1czbK7N/cnMzvV3Ku5lzLuZ4zenL9nI2ckzlXcq7mXMu5njN6c/2cjZyTOVdyruZcy7meMw7J2D0AAAAAAAAAAAAAAAAAAOCTpaj+S/Gdb26kzVp7funJaOea+UA/8X4eAAD//zPr+xI=")

20.745428882s ago: executing program 1 (id=487):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x7, 0x100}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r2 = getpid()
sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
r5 = semget$private(0x0, 0x207, 0x0)
semctl$GETALL(r5, 0x0, 0xd, 0xfffffffffffffffe)
r6 = socket$packet(0x11, 0x3, 0x300)
setsockopt$packet_tx_ring(r6, 0x107, 0xd, &(0x7f00000002c0)=@req3={0x10000, 0xfffffffd, 0x100, 0x100, 0x10, 0x0, 0xc2}, 0x1c)
r7 = syz_genetlink_get_family_id$mptcp(&(0x7f0000000000), 0xffffffffffffffff)
sendmsg$MPTCP_PM_CMD_ADD_ADDR(r1, &(0x7f0000000400)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f0000000300)=ANY=[@ANYBLOB="1400", @ANYRES16=r7, @ANYBLOB="0100000000000000400100000000"], 0x14}, 0x1, 0x0, 0x0, 0x20000801}, 0x4)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000600)={0xffffffffffffffff, <r8=>0xffffffffffffffff})
write$FUSE_NOTIFY_RETRIEVE(r8, &(0x7f0000000100)={0x30, 0x5, 0x0, {0x0, 0x3, 0x0, 0x10001}}, 0x30)
socket$can_j1939(0x1d, 0x2, 0x7)
socket$nl_generic(0x10, 0x3, 0x10)
r9 = socket$nl_rdma(0x10, 0x3, 0x14)
sendmsg$RDMA_NLDEV_CMD_NEWLINK(r9, &(0x7f0000000240)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000000)=ANY=[@ANYBLOB="880000000314230c2abd7000ffdbdf250900020073797a3100000000080041007369770014003300766972745f7769666930001a000000000900020073797a3200000000080041007278650014003300776732000000000000000000000000000900020073797a3100000000080041007369770014003300776c616e3000"/136], 0x88}, 0x1, 0x0, 0x0, 0x400c080}, 0x0)
sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000600)={0x14, 0x23, 0x301, 0x270bd24, 0x25dfdbfa, {0x1}}, 0x14}, 0x1, 0xa6ffffff}, 0xc004)
openat$sequencer(0xffffffffffffff9c, &(0x7f00000000c0), 0x801, 0x0)
syz_open_dev$vbi(&(0x7f0000000040), 0x3, 0x2)

20.07275354s ago: executing program 3 (id=488):
r0 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r0, &(0x7f0000000100)={0x26, 'hash\x00', 0x0, 0x0, 'vmac64(aes-generic)\x00'}, 0x58)
socket$nl_netfilter(0x10, 0x3, 0xc)
r1 = socket$inet_tcp(0x2, 0x1, 0x0)
r2 = getpgrp(0x0)
sched_setaffinity(r2, 0x8, &(0x7f0000000040)=0x5)
prlimit64(0x0, 0xe, &(0x7f0000000100)={0x8, 0x80000100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000300)=0x7)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r3 = getpid()
sched_setscheduler(r3, 0x2, &(0x7f0000000000)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
r4 = syz_clone(0x8000, 0x0, 0xfffffffffffffe7e, 0x0, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, r4, 0x1, 0x0)
r5 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r5, &(0x7f0000019680)=""/102392, 0x18ff8)
syz_io_uring_setup(0x186, &(0x7f0000000080)={0x0, 0x3416, 0x13100, 0x2, 0x2aa}, 0x0, 0x0, &(0x7f0000000000))
sendmsg$inet(0xffffffffffffffff, &(0x7f0000001b00)={0x0, 0x0, 0x0, 0x0, 0x0, 0x128}, 0x0)
bpf$LINK_GET_NEXT_ID(0x1f, 0x0, 0x0)
add_key$user(&(0x7f0000000240), &(0x7f00000002c0)={'syz', 0x2}, &(0x7f0000000340)="e1b78d1d6b6ed704a65c8dce607e536b7f9553b5138864138fa46056d0f502bf40bfd36efb0d5e2b69d67922068102ed97ab30a25e3b9f81f136935e01a10ab738bfa3509397518f13295c0ec567bda2ba9086790aef93daa45e9f77f05f167bf28f26b20e4440dd498e8f1d797de74df2bdcec4d55d0f92df2eb7693e0ad78012bf2b39dd920d4d", 0x88, 0x0)
select(0x2a, 0x0, 0x0, &(0x7f0000000400)={0xfefdffffffffffff, 0x1, 0x2, 0x300}, &(0x7f0000000440)={0x0, 0x2710})
bind$inet(r1, &(0x7f0000000480)={0x2, 0x4e21, @broadcast}, 0x10)
setsockopt$inet_tcp_TCP_CONGESTION(r1, 0x6, 0xd, &(0x7f0000000280)='nv', 0x2)
setsockopt$inet_tcp_int(r1, 0x6, 0x2, &(0x7f00000001c0)=0xa3, 0x4)
connect$inet(r1, &(0x7f0000000180)={0x2, 0x4e21, @dev={0xac, 0x14, 0x14, 0x1b}}, 0x10)
sendto$inet(r1, &(0x7f0000000000), 0xffffffffffffff94, 0x0, 0x0, 0x0)
recvfrom$inet(r1, &(0x7f0000000080)=""/8, 0xfffffffffffffd0b, 0x720, 0x0, 0xfffffffffffffd25)
setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000480)="b19ccccf6bf531d9ec214627c11430c1", 0x10)

19.945229783s ago: executing program 0 (id=489):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r0, 0x2, 0x0)
ptrace$ARCH_GET_FS(0x1e, r0, &(0x7f0000000040), 0x1003)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r3 = fsopen(&(0x7f0000000100)='selinuxfs\x00', 0x0)
fsconfig$FSCONFIG_CMD_CREATE(r3, 0x6, 0x0, 0x0, 0x0)
bpf$BPF_PROG_DETACH(0x9, &(0x7f00000000c0)={@cgroup, 0xffffffffffffffff, 0x11}, 0x10)
syz_open_procfs(0x0, &(0x7f0000000280)='gid_map\x00')
r4 = fsopen(&(0x7f0000000080)='cgroup2\x00', 0x0)
fsconfig$FSCONFIG_CMD_CREATE(r4, 0x6, 0x0, 0x0, 0x0)
r5 = fsmount(r4, 0x0, 0x8)
r6 = openat$cgroup(r5, &(0x7f00000000c0)='syz0\x00', 0x200002, 0x0)
r7 = openat$cgroup_ro(r6, &(0x7f0000000240)='cpu.stat\x00', 0x0, 0x0)
read$FUSE(r7, &(0x7f0000004000)={0x2020}, 0x2020)
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x0, 0x1}, 0x28)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000640)={0x1e, 0x4, &(0x7f0000000040)=@framed={{}, [@ldst={0x1, 0x2, 0x3, 0x2, 0x1, 0x1d}]}, &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x24}, 0x80)
syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000040)='./file0\x00', 0x3004081, &(0x7f0000000600)=ANY=[@ANYRES8=0x0, @ANYRES8, @ANYRES64, @ANYRES8], 0x0, 0x23e, &(0x7f0000000f80)="$eJzs3c9qE1EUB+AzSdqmukgWrkRwQBeuStsnSJEKYldKFupCi21BklCwEGgVQ1c+gU/ic7jxDXwAoTtdFEYmSZsWUm0wf0r9vk0uzP3NOTe5Iau5eX2n1dja3ds5/PA9yuUkCrWoJUcR1ShEbiEAgOvmV5bFUdYzWrJUmFRPAMBkXfL3f3GKLQEAE/bs+Ysnaxsb60/TtBzR+tSuJ9F77V1f24m30YztWI5KHEdkp3rjR4831qOU5qpxv9Vp1/Nk69XX/v3XfkR08ytRierw/Eracybfadfn4ka/fi3Pr0Ylbg3Prw7JR30+Htw70/9SVOLbm9iNZmxFnh3kP66k6cPs88/3L/OO83zSadcXuvMGsuLUPxwAAAAAAAAAAAAAAAAAAAAAAK6tpTRN0yz7kmVZ1jl3/k7xuHt9KT1RPX8+Ty9/0flAnTPn6yznJZLe/EG+FLdLUZrl2gEAAAAAAAAAAAAAAAAAAOCq2Ns/aGw2m9vvxjo4eax//Hf+10EU+601k4gr0E93sJj3M51ad2PEWrURS0Rh/6Bxsrsam0n8JVWe0CbJhmy/4oWp+TFVn7853lUkETF3+mb+aXIh5sb8TQEAAAAAAAAAAAAAAAAAAKZs8NDvkIuHM2gIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGZg8P//Iww6/fAlUzNeIgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAP+B3wEAAP//bkR7Lg==")
syz_emit_ethernet(0x46, &(0x7f00000010c0)={@local, @multicast, @void, {@ipv4={0x800, @icmp={{0x5, 0x4, 0x0, 0x0, 0x38, 0x0, 0x0, 0x0, 0x1, 0x0, @private=0xa010102, @local}, @redirect={0x4, 0x0, 0x0, @broadcast=0x1000000, {0x7, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x11, 0x0, @private, @empty, {[@timestamp_addr={0x44, 0x4}, @timestamp_addr={0x44, 0x4}]}}}}}}}, 0x0)
mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1)
fsopen(&(0x7f0000000040)='proc\x00', 0x0)
syz_extract_tcp_res(&(0x7f0000000080), 0xcfe, 0x6)

16.928510181s ago: executing program 3 (id=490):
bpf$PROG_LOAD(0x5, 0x0, 0x0)
r0 = socket$inet6(0xa, 0x1, 0x0)
setsockopt$inet6_IPV6_FLOWLABEL_MGR(r0, 0x29, 0x20, &(0x7f0000000200)={@private0, 0x800, 0x0, 0x1, 0x1}, 0x20)
setsockopt$inet6_int(r0, 0x29, 0x1000000000021, &(0x7f0000000180)=0x1, 0x23)
r1 = add_key$keyring(&(0x7f0000000000), 0x0, 0x0, 0x0, 0xfffffffffffffffe)
keyctl$setperm(0x5, r1, 0x110b0925)
keyctl$invalidate(0x15, r1)
syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f0000000340)='./file0\x00', 0x21c91c, &(0x7f0000000440)={[{@dioread_nolock}, {@noblock_validity}, {@inode_readahead_blks={'inode_readahead_blks', 0x3d, 0x10000}}, {@resgid}, {@norecovery}, {@quota}, {@auto_da_alloc}, {@auto_da_alloc_val={'auto_da_alloc', 0x3d, 0x1}}, {@resgid, 0x32}]}, 0x1, 0x519, &(0x7f00000014c0)="$eJzs3V1PZGcdAPD/GZgtLCA0elGbtDZuDRDdAcRuiRe1Jkavmqj1viIMhDAwBIZ2IVVp/AAmxlgTr3rljYkfwMTsRzAmm+i9UeNLdFcvNtHdMefMy7LsmQV2ZxiE3y85nOc85zn8n/9M5pnzljMBXFqvRMS1iHhQr9enI2K8WV9oTnHQmNJ2d++8v5ROSdTrb/8jiUgadWmzqUP/c6S52VBEfPNrEd9JHo+7s7e/vliplLebyzO1ja2Znb3962sbi6vl1fLm/PzcjYXXF15bmO1KnqMR8cZX/vyTH/78q2/8+nPv/eGdv059L2nWRzzMo9saqRez16JlMCK2exGsTwazDAEA+H/Q2s//dERMx3gMZHtzAAAAwEVS/9Jo/DeJqJ/I0MmaAQAAAOdKIbsHNimUmvcBjMZLH5ZKjXt4PxFXC5XqTu2zK9XdzeXGvbITUSysrFXKs817hSeimKTLc1m5vRwR9w4vl+cj4vmI+PH4cLZcWqpWlvt98gMAAAAuiZEjx///frzJf/rRLwAAAKDLJvrdAQAAAKDnHP8DAADAxef4HwAAAC60r7/1VjrVW79/vfzu3u569d3ry+Wd9dLG7lJpqbq9VVqtVlezZ/ZtHPf/KtXq1hdic/fmTK38t7FGXXV3s/bO2iM/gQ0AAACcoec/dev3SUQcfHE4m1JX+t0p4EwMnqbxn3rXD+DsDfS7A0DfnOr7H7hQiv3uANB3yTHrhz76bv6K3/SiNwAAQC9MfjL/+v/AsecGDgpn1EWgR5z/g8vL9X+4vE57/d/+AlwcxRgIB/JwubUfATr8aP1Ic97x4R0nvv5frz9VxwAAgK4ZzaakUIrIzgOMRqFQKkWMZccExWRlrVKejYiPRcTvxovPpctz2ZZJJMfdNAwAAAAAAAAAAAAAAAAAAAAAAAAAZOr1JOqnsHCq1gAAAMB5EFH4S5I9zT9icvzV0aPnB64k98azeUS897O3P7y5WKttz6X1/2zX137arP98P85gAAAAAEe1jtOz+XC/ewMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADARXP3zvtLreks4/79yxExkRd/MIay+VAUI+Lqv5IYPLRdEhEDXYh/8EFEvJAXP0m7FRPNXuTFH+5z/JEuxIfL7FY6/ryZ9/krxCvZPP/zdyMboZ5d5/Gv0B7/BnLip3Vj7dKTvXj7lzMd438Q8eJg/vjTip/E2KPxDxrjz7UT5vjtb+3vd1pX/yhiMvf7J2m3SUsztY2tmZ29/etrG4ur5dXy5vz83I2F1xdeW5idWVmrlJt/c2P86KVfPXhS/lc7xJ9o558//r56wvzv37555+ONYrG9efIw/tS1/Pf/hQ7xC813/TPNcrp+slU+aJQPe/kXv325VX4zJ//lo/lPx5H3Pz//qRPmP/2NH/zxhE0BgDOws7e/vliplLcvdeGZXo10t+hcZPFMhSu9yiJ9Xc9DgnmF7z/t5unub4dVA51XnavC0DFtIp7r68gEAAB02+PHwAAAAAAAAAAAAAAAAAAAAMBZ6/GTxu6nheKRmAfZ3248PR8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAoHv+FwAA//9xi8yk")
syz_mount_image$ext4(&(0x7f0000000240)='ext4\x00', &(0x7f0000000100)='./mnt\x00', 0x840, &(0x7f00000001c0)={[{@test_dummy_encryption_v1}, {@nojournal_checksum}, {@dioread_nolock}], [{@uid_gt={'uid>', 0xee00}}, {@smackfsroot={'smackfsroot', 0x3d, ')$)6${$:,/'}}]}, 0x1, 0x241, &(0x7f0000000540)="$eJzs3U9oFFccB/DfzO42TbKUtL0UCm2hlNIGQnor9JJeWgiUEEoptIUUES9KIsQEb4knLx70rJKTlyDejB4ll+BFETxFzSFeBA0eDB70sDI7iUSz/oGJO+J8PjC7M7vvze8Ns983exkmgMoaiIiRiKhFxGBENCIi2dngm3wZ2Npc6F2ZiGi1/nyYtNvl27ntfv0RMR8RP0fEcprEwXrE7NK/649Xf//+xEzju3NL//R29SC3bKyv/bF5duz4xdGfZq/fvD+WxEg0XziuvZd0+KyeRHz2Loq9J5J62SPgbYwfvXAry/3nEfFtO/+NSCM/eSenP1puxI9nXtX31IMbX3ZzrMDea7Ua2TVwvgVUThoRzUjSoYjI19N0aCj/D3+71pcempo+MnhgamZyf9kzFbBXmhFrv13uudT/Uv7v1fL8Ax+uLP9/jS/eydY3a2WPBuimLP+D/8/9EPIPlSP/UF3yD9Ul/1Bdr8t/WtKYgO5w/Yfqkn+oLvmH6pJ/qC75h+ramX8AoFpaPWXfgQyUpez5BwAAAAAAAAAAAAAAAAAA2G2hd2Vie+lWzaunIzZ+jYh6p/q1recQfNx+7XuUZM2eS/Juhfz3dcEdFHS+5LuvP7lbbv1rX5Vbf24yYv5YRAzX67t/f0nh52B8+obvG/sKFijol7/Lrf90sdz6o6sRV7L5Z7jT/JPGF+33zvNPMzt/BesfflJwBwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHTNswAAAP//ceptKw==")
prlimit64(0x0, 0xe, &(0x7f0000000140)={0xa, 0x4000000000091}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
bpf$MAP_CREATE(0x0, &(0x7f00000008c0)=ANY=[@ANYBLOB], 0x48)
r2 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r2, 0x1, &(0x7f0000000240)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f0000000180)=@abs, 0x6e)
gettid()
sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r5 = syz_open_procfs(0x0, &(0x7f0000000100)='map_files\x00')
fchdir(r5)
mprotect(&(0x7f0000000000/0x4000)=nil, 0x4000, 0x1)
mount(0x0, &(0x7f0000000040)='./file0\x00', 0x0, 0x0, 0x0)
setresgid(0xee01, 0xffffffffffffffff, 0xffffffffffffffff)
connect$inet6(r0, &(0x7f0000000000)={0xa, 0x0, 0x380000, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02'}, 0x1c)
getsockopt$inet6_IPV6_FLOWLABEL_MGR(r0, 0x29, 0x20, &(0x7f0000000300)={@dev={0xfe, 0x80, '\x00', 0x2b}, 0x0, 0x1, 0x3}, &(0x7f0000000040)=0x20)

16.796686525s ago: executing program 1 (id=491):
r0 = socket(0x10, 0x803, 0x0)
r1 = syz_open_dev$sndctrl(&(0x7f00000047c0), 0xab, 0x800)
ioctl$SNDRV_CTL_IOCTL_ELEM_INFO(r1, 0xc1105511, 0x0)
sendto(r0, &(0x7f0000000740)="120000001200e7ef007b00000000000000a1", 0x12, 0x0, 0x0, 0x0)
io_uring_register$IORING_REGISTER_RESTRICTIONS(0xffffffffffffffff, 0xb, &(0x7f0000000340)=[@ioring_restriction_sqe_op={0x1, 0x19}], 0x1)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
socket$rds(0x15, 0x5, 0x0)
syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x5)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x80200, 0x0)
r3 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r3, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
openat$ppp(0xffffffffffffff9c, 0x0, 0x101402, 0x0)
openat$ptmx(0xffffffffffffff9c, 0x0, 0x101e01, 0x0)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f00000003c0)={0xffffffffffffffff, 0x0, 0xe, 0x0, &(0x7f0000000100)="0cff0900a244984f2595f43dfb1e", 0x0, 0x100003, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x4c)
ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f0000000100)={'wlan0\x00'})
syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
sendmsg$FOU_CMD_ADD(r2, &(0x7f0000000200)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x8000}, 0xc, &(0x7f00000001c0)={&(0x7f0000000240)=ANY=[@ANYBLOB="382e388cb5e285a6866419000000", @ANYRES16=0x0, @ANYBLOB="040029bd7000fddbdf250100000004000500"], 0x18}, 0x1, 0x0, 0x0, 0x80}, 0x40000)
r4 = openat$6lowpan_enable(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0)
readv(r4, &(0x7f00000000c0)=[{&(0x7f0000000000)=""/66, 0x42}], 0x1)
r5 = socket$kcm(0x10, 0x2, 0x0)
sendmsg$kcm(r5, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000300)="2e00000011008108090f9becdb4cb9200a4831371400000069bd6efb2502eaf60d000300020400bf050005001201", 0x2e}], 0x1}, 0x0)
ioctl$PAGEMAP_SCAN(0xffffffffffffffff, 0xc0606610, &(0x7f0000000140)={0x60, 0x7, &(0x7f000043f000/0x3000)=nil, &(0x7f0000a3d000/0xf000)=nil, 0x7, 0x0, 0x0, 0x1003, 0x0, 0x6, 0x0, 0x19})
ioctl$KVM_SET_CPUID2(0xffffffffffffffff, 0x4008ae90, &(0x7f0000000000)={0x2, 0x0, [{0x40000001, 0x5, 0x1, 0x31237648, 0x6, 0x8002, 0x80}, {0x2, 0xfffffffd, 0x1, 0x1, 0x624, 0x7, 0x8001}]})
openat$kvm(0xffffff9c, &(0x7f00000001c0), 0x841, 0x0)

15.127490337s ago: executing program 2 (id=493):
r0 = socket$inet_udp(0x2, 0x2, 0x0)
sendmmsg$inet(r0, 0x0, 0x0, 0x4)
r1 = socket$nl_route(0x10, 0x3, 0x0)
socket$inet_udp(0x2, 0x2, 0x0)
lsetxattr$security_capability(0x0, &(0x7f0000000100), &(0x7f0000000140)=@v2={0x2000000, [{0x4, 0x3}, {0x4, 0x4}]}, 0x14, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r2 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000380)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r4, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r2, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r5 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000040)={0x0, 0x0})
socketpair(0x1, 0x1, 0x0, &(0x7f0000000000))
close_range(r5, 0xffffffffffffffff, 0x0)
socket$unix(0x1, 0x2, 0x0)
socket$netlink(0x10, 0x3, 0x8000000004)
r6 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r6, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000003c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0)
sendmsg$NFT_BATCH(r6, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000900)={{0x14, 0x10, 0x1, 0x0, 0x0, {0x3}}, [@NFT_MSG_NEWRULE={0x60, 0x6, 0xa, 0x409, 0x0, 0x0, {0x2, 0x0, 0x4003}, [@NFTA_RULE_EXPRESSIONS={0x34, 0x4, 0x0, 0x1, [{0x30, 0x1, 0x0, 0x1, @immediate={{0xe}, @val={0x1c, 0x2, 0x0, 0x1, [@NFTA_IMMEDIATE_DATA={0x10, 0x2, 0x0, 0x1, [@NFTA_DATA_VERDICT={0xc, 0x2, 0x0, 0x1, [@NFTA_VERDICT_CODE={0x8, 0x1, 0x0, 0x1, 0xfffffffffffffffb}]}]}, @NFTA_IMMEDIATE_DREG={0x8}]}}}]}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_RULE_CHAIN={0x9, 0x2, 'syz2\x00'}]}, @NFT_MSG_DELCHAIN={0x2c, 0x5, 0xa, 0x201, 0x0, 0x0, {0x2}, [@NFTA_CHAIN_HANDLE={0xc, 0x2, 0x1, 0x0, 0x1}, @NFTA_CHAIN_TABLE={0x9, 0x1, 'syz0\x00'}]}], {0x14}}, 0xb4}}, 0x0)
r7 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r7, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000380)={&(0x7f0000000840)=@newsa={0x13c, 0x10, 0x713, 0x0, 0x0, {{@in6=@private2={0xfc, 0x2, '\x00', 0x1}, @in6=@local}, {@in=@dev={0xac, 0x14, 0x14, 0x17}, 0x4d5, 0x33}, @in=@multicast1, {0x3}, {}, {0x0, 0x22}, 0x0, 0x0, 0x2, 0x0, 0x0, 0x2}, [@algo_auth_trunc={0x4c, 0x14, {{'cmac(aes)\x00'}}}]}, 0x13c}}, 0x0)
sendmsg$nl_route(r1, 0x0, 0x40040d4)
mprotect(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1)

14.529159403s ago: executing program 0 (id=494):
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000580)=ANY=[@ANYBLOB="0500000005"], 0x48)
bpf$MAP_CREATE(0x0, &(0x7f0000000180)=ANY=[@ANYBLOB="0b00000007000000010001000900000001"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0x11, 0x14, &(0x7f0000000000)=ANY=[@ANYBLOB="1802000000000000000000000000000018010000786c6c2500000000070000007b1af8ff00000000bfa100000000000007010000f8ffffffb700000000000000b7030000000000008500000070000000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x1f, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
sendmsg$ETHTOOL_MSG_EEE_GET(0xffffffffffffffff, &(0x7f00000013c0)={0x0, 0x0, &(0x7f0000001380)={0x0}, 0x1, 0x0, 0x0, 0x4000}, 0x40448a0)
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000540), 0x82, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
r3 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r3, &(0x7f0000000380)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc-cast5-avx\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r3, 0x117, 0x1, &(0x7f00000004c0)="2c385a7af3be", 0x6)
r4 = accept4(r3, 0x0, 0x0, 0x800)
sendmmsg$alg(r4, &(0x7f0000000040)=[{0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000080)="f78d9ca38fff48f3be52163448412ba8", 0xfffffe3f}, {&(0x7f0000000140)="ebe3a0e9796cfd1647e299f4e376fdba128280b372219d205e81f4a7f71c1926aae1efd7e0054a863f3d5cfe6cb55b5bb9fa6935849e6098ed884e7cb51726b360fbb37b4fe035bbb095873048", 0xff31}, {&(0x7f00000003c0)="e8700e444d50a969ff67347cff6127e6ef12ee3819271482a4975a52c1ab9b8b4db3945d1032005eabe97b4dc33a47d3a158da988456d30026b433186f53cdcdb93a4722bf306a10470d50f5cb1ece9ead3459bab1cf1538cd0b157653c5e892962c80f158c443e9c6ad7d2a8103ef2f4b93766b9a21501f94c1568b13756b66f74f46cf801704d2da8b96c34070b233af0afcc436712e58ed25e721193af05a045ad3fdc928f02f3dbad19d3e66eebda2e63f3f46ef4511cee26d7b48241847bf9e343ef4674c45e2a085060f11"}], 0x1, &(0x7f0000000380)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18}], 0x1, 0x40800)
recvmsg(r4, &(0x7f00000005c0)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f00000000c0)=""/81, 0x7ffff000}, {&(0x7f0000000200)=""/83, 0x20000253}], 0x2}, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000840)={0x1, 0x2, 0x3000, 0x2000, &(0x7f0000003000/0x2000)=nil})
r5 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x2)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r5, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000100)=[@text32={0x20, &(0x7f00000000c0)="650f340f3566b842000f00d8b805000000b9a00000000f01c13e0f070fde460b0f0130670f01c2f2360f217a0f07", 0x2e}], 0x1, 0x11, 0x0, 0x0)
pwritev(0xffffffffffffffff, &(0x7f0000000b00)=[{&(0x7f0000001880)="ea7c5828b87d70214008724bcae1ce6577c01031b19698ecb8a7f5183947918ce2cc9dc778dbfff9e28e1a6df7d8f95c3e45768a6786d6325bc0fe4ed394c8ed0edcbb9f917074251a7f5b6b24c52516a68f181592262dfd12b5af7386658c5fb6c36d86d5084624a302a155c0463b6c36e9fc88338b0f66e2713728a21d19d9a33da93d419df63d8a87fa100381ec74de8b7409f4977d3cd7a9f2fb03cec91c4277b39b2c9f227a9b74926a11960d085e2aaf98673d2a67fa95b8d9dcc72ca6181f6b9b2d1c402267e6cfef5599e1520077d9bc472fb5a5db42b1befd498ec7b8d519b12f065323b15280a2540bc7a4ffe508fc12f93707064caf4111e893142f9867b432b1e6258caa2ae081b8b646c25de7f5366a21f9dd257b84546cd316e17b79d22c4bcaf70e8a96d1e502b53c581c75482d1d63f0d5f3fb5bdbb714583f0798e0c4d6c9d99513e91a68a26612053290f15f5a2e06acfa229356e37b4d57697224e9561c0430a67fcb5dea72acc91e60751a5b07eb603548a646f082ce213347b4ee908bd95cc56775330aa09d4f19f48a8cb5d7f6346d82bab8ff019309684bd01eb4d90febe2269cd2a1100130c242a2995ce38638a3bbc9008ac0e820a1e0b9a9511af47aa7f3e30a69589985423f3b4ea98152433bf1aa53a0981f783f11c4cc50f70fe63b2043b74b9cb7da59caedadc1fa1f662831a353969893d4f93b919cda52a1ce2200a0a7895abb293c29d6d197cce98a4df8fc90c582014742a00b4bd09f1fcc5ff5753320d2b5593e657c0fb87a4cfa323ce59111eea806a6e020fb0c4fdd601087811e33e793975b5e9e936c16d243bdea757e0ee4508f5d5b496ed07b6f0f1f46ed752448f30d679b23ba8142d4ab25beb913ee77547866e5d9501a55e9797ba3407f3f4cc11398bdaf3ac4c2e79a5b133a09fcf8ae790bb985fa01daf2758fd8a77fde15a822227dddf64bb2ebc49a56ad025e01c6c59e4818abdf808789d9f87c103cf7f7d21d2a1345b9b7fd66b1cf96002343fbd62f8080d945e70bd93d4bf42b401477abed49065b4a8ccfb9d93724118168de2e8df4f78ccf3b9593f993423a619ef6bd8392a2cfc6424d3687fcdc67d33073db95d856f312b934d05a3c4e967217837920fee73b00757b617d1ef3bfc2e88a8a72f0948263db2c9e7bd491f059b6ee8d0ea3f2193314562910529869b248172bfe0f914f7a91a27c6e9e6c2e3455a7ae765392b48fc959958aa39a5a483b2a6e873ac76f8579515e42f7a3bbc82bcf71edaf12f7b40a2adc74d67ef793988cc8ac788185049e57fb84757bdc700ffde10afc19df290787ed98222f8afb2b6d11944666331350e2914466b398750acae526146373b2cbe1bdd1803e6c920a182a1ad118a3d09313c2ce2703a0a1c09215cab90c35b03b1c795cf704f42dd31ddff6be67bb355977b2e07609c5228299a170308e54705674384fc294cdfa4abf989d3c3bf3eabbbcf52a6a0646bf6db5b61ad027007464fd6fc10490ee2e9190c28ae5cb3733105cb782c0d53e5c79c3e455609d557d824154d01e282788ec8ae7c8a03fcd6cd4e37829b0f921c46d715454d5e1281c641cf0756a2f31b0369ce94e819e6254af95b88bffd7bb2cfe9469d303497fead174839b2789b5aa703176510eab1f46916b3b63f6f5b2df262fe7274a0cee9bd6e115e5f9f48ac1c09e5b3c546ae95b9916a633869854d3ee39d4acb800e876e7fc084ffd79a20fca8331caff657ec89b445c6012ff7eb9531eb1e8c90cdc66b82d6fd608310099503a9dcf50b40d10a3b1ab520477e20ad5f6405cd4b5b36d201e12088d7868c6e94737ea88db6ed5f7df4d31cbd2d0c4f21cdcc3b181f5aae7216dc4c06b2989bb44e5369ba96ce87f3e3abbb530d103a53d7e0b914115c302c935eea7d256a73aa851d84dec6d9112163be8135889c67fa90e796a6f050fba0a6a740618cd513748072daac9f3e25034772cc400a14834afbde835bc9fd7cf1113d67ebe99a3b78907596886ad5a1670ef572c18e26c98fe40194428de339cba7b8efc5fa7faf7512ef6b89a877f3e534fb4512729df686e14aece08fab3b42ea14acde0e18ffe5dc00e74288661c7463e00f3b942cddf3b71e1dcf71989f378b933df099316451cca296a4e117bbeb3b1e552e5a10f9731449ae830de14989049ce818f720e77e78a86c307c80450b26278bc25ee7390ce6d4c4dfc8d39b6b4b1ce6f3865dbdd1d37aedb555288bea9ef95c8600dea1cd10e9e42d15aa804f99a31bfaa5ea52185333d734c766e3bb4a9abf86cf4d840dc188167a25cc3054b65fd7ce053d38518474ab55e59c1ccaf34d57b4cd73b07ed63d754ab3d57dfc0f67bbdb22e33d9f63aa2b36cf0af338794d4acbd1b13669bde67f7bd032f9c6b400e8054a0cff77fc6e0591195b21715e42c881e23156b4ba504d7e1b6eb9c2ec9b9e382d85f7c52bd964d305da9496dbaa022880ddf236730c458f31258d64ae2668aa863b3fe558c7f8cfb3dabf42edcaf2891e9b9462c44153658eae85cd499abd9dca762adf26d9904d28b772b3fc3d066d56261474c944387ac7eb00059025ff25e34b8f7c2986db1ccc4297e1315c3ceeef1b8f98e0500bbb8bb0ab52d80f8c6c8fa5d24b9a05f5350e2fd59af4b9fa9a2b4339b61e208f227ba968d4dbd36246133de2078c6a15dd57754a3537c31d04da545f062dbf9cbaa0840e23974f441a4d5937fec23ff81c193bd951a7bacac8eb6d4705702cbe3c930f27869753ba6026455bbb7742c53644f1646d7545467091a207905f831505f214fbd818aea4455705b5e727850cdcac40620135b8dba85cb0c0f393af252ec082cba5c43385fbc2cc5682bc1994b064e29c8c5a20e7e6d15fbb13e6fd1a86b2fda666fbcd80fd08be00a7423fcafbdd8283bac88ead203bc10d1c1a13ca2fe853fa6cc8991b0476561be085b086b0d0e45f73e59f519342c13f368a37464cb55b8a13846f4cd610536d5c4b8704fcd347abe6712d3de67d7918e6954898f31647a8ea37ecc2e1bb02b1b26e7a60fbb2b0a48efc5795c12d5c4ac8dc4149dea0f2e085422ec69352882622711b74e1e32c7ead2cf3c554e8ff1648e8b66d0dc6997b6304b3b560a33d75aa49476175a386ca721156ea79bdba432d439dbceb0285561abd5d134badd9f38c04fae8fa920edfff15705371c907848c14acdfb0b22a4c7168e1840e8b8a50349dcee5f429b3cb34e30f0f67acf93604792b8574f36ea9409d422621f3c0c7b781fc8e23d1d46f04a9b44f633e5f72cb079fbde66a9745705666c6dab6238628e57ee6cffa8cfad616dac1abe2789c9efccb4fc7e65e490d9a4e49e7ce72a6980e72f70a17649e67de86f86b61a4b6219daefc939b5904e5712ecaf85c98484fc02585b1aa990b95173e4a2907cf877af696e528e6b2b634a4fb7d791cacc8644fa76e062148d411e18f0da5aed22116828cd700a28e8f46bca950550acb4ab05eddeb6b2dac24702cff4de0a3ece393cac879ed2f0c5b9645839cfdb79fb1df87596b14504cba9dddda51edaffcd0214b91b5898ea022774e699aa0caf0f646cc0cb8e8fc8b8be43c23aa7f6bd29fd0615c0b78f3514a52989d7f35ad08a4bd473e61da6657cc2e85d3b2b7d3fb51174a96f27038ddbc87a35e09a668e436aa40146c6a26dca87b39220f139b772719d80aadb752c622bf09acd6846838fb48a8817ba4aa72eaa32e82251b3789969d8518f9aa07cdcb9a355f73f119725c086168aaca262f13cd742e5f06c969a462638a557e15a4f5d43e3242c08f23b00d2b8d57c60d3636abd4068ec03a4be3429b95e41351ab5c58812e552df90c3e6c9d8779aa484e74f073ea9fcdce13b1dff8e7c101b2c6865c5cefe108e3559f520e2bc42c9dc39b57fddb44ca49f2689e10c1381c0740d20cbca46da475c62f513cb08398a5fd5d4f6b13ce839fe149df0d291a8f7267fe90a7e1845dace17cd927c2d1aeffbdc36bb983172ceff025e84b0419645fcc72897b992f5081c78756122391947f08ccd20806cfc2bded705b472fc52e84734e016cbd309aadebbbb4e8bdfed77b1e0b15ce0904838d9e4d64643df66f0353c377e554b428dc0f31189a134cdb8e66d2755e84c2b2409c3d63a81f5f05616baf6a243b09153a4f8289e15a5a4ffb007b0cbeffde25391bb2acd86b453e245643c0fa1dfe5d42e0e3f1c592a00b77f0133adf7989c6c2bf3ddc0b8a2b14f35d33f62f4ee2fc56166372058e997b9abe6bad8aa718f8d87ad095e8f354aaef540840437b5451771266a8358ed75954db52b38bca4a1c8696dca1de03b12627254409f8bb68c94eeaa1a8bcf894482b96e81b9ff5c2383a907537a191aff0bb5b5418ef5670cecca1cfbd41b61879b11a5a5053cd86cf5d61f8c2f7d7ad2034a1801b3b92a79ac3b4343c680008b1ba10577a35173cac6d4dbc1d00e436f238b57093b34d4ea19c225b84a2d6086cc6cf72595b980c88142d268bbf9c8375a93afe75c3583b3b9687368d78147985d209e6d89c335e948c51696a948f01ad062dcf84a99584466e24646b2e441fefb10ef962432f2925d6d98e790acf4ca7d9339a589a537aa3392ec79f34a6544144072ab8248e45ac560a78c70c5afcbf10909299dfcd67981c88780c1340c951e115ffec56d23b9ead6a55024e199238f4b133e3e1e0e84318b5037a3947ae09749c25c7e4887936ecf0ba9a807dfa471ea1f3350b70feb58dc9e2836365ce4db456a341e43410cac1253fe08e79c21fca932716f4c171fc957cb325737b70532d81f0eb2f0a16478c0d934165728f7b29a8a0ff6bc964e99dea26d3efd28336b00c112a26da7a2ea1c21a9688cc3a68293958edf27ae89e5f9b8348af4121028e760cf68c931af92906d27dad4d330df9201b5395ccce0c803806422883667ccb11438d9dbe1901d4ab98d89914b313338486deb6f748053517e2188c479adb1eabb8e8ed5d05bb3f66826fae83bbc5bce3615ee32d937ffbe8846a1156aaf7bf9b9d4189bdf290b3df254077688eeda824d6ea0a452f7e7f915c1a94ee250a3907ec035d7ba7bb0256811f04646ca156b8925506c774df4d4072c02929e985057a5f7ddc1469c7306e6fdb86b810ada1cc96f6bd389597dd27dd656f55c316fb2d56b2d13eddf893722e813934a19778719be99697c365222db64039f9caab1201c430e53df1af8a0321c8759fc33e8204150080979936d0717f6c4c9145fb828389acbb894a4600485e8b105c7165a40e814889343deead6d434a8da60eed1e50aa507ac2793b4a4c5517265f859f223bb4f6cadc6fb53430304baea18189e2b5ddd266c38f5c325ba391a50fcd34060d217c4118889c4275e40a8428099ddfa3cc0d8241c22fc1554318e922f3b1257", 0xf15}], 0x1, 0x1, 0x2)
syz_kvm_setup_cpu$x86(r2, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000180)=[@text64={0x40, 0x0}], 0x1, 0x18, 0x0, 0x0)
ioctl$KVM_RUN(r5, 0xae80, 0x0)

13.019569712s ago: executing program 1 (id=495):
socket$nl_generic(0x10, 0x3, 0x10)
socket$nl_generic(0x10, 0x3, 0x10)
openat$kvm(0xffffffffffffff9c, &(0x7f0000000240), 0x60101, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
r0 = getpid()
sched_setscheduler(r0, 0x1, &(0x7f0000000200)=0x7)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000040)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x40000000000029a, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
r3 = socket$inet6(0xa, 0x3, 0xff)
connect$inet6(r3, &(0x7f0000000200)={0xa, 0x0, 0xfffffffd, @empty}, 0x1c)
r4 = bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f0000000540)={0x3, 0x4, 0x4, 0xa, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0xc, 0x6, &(0x7f00000006c0)=@raw=[@tail_call={{0x18, 0x2, 0x1, 0x0, r4}, {}, {0x85, 0x0, 0x0, 0x1a}}, @exit], &(0x7f0000000140)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x8, '\x00', 0x0, @fallback=0x7, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r5 = socket$netlink(0x10, 0x3, 0x10)
syz_usb_connect$midi(0x6, 0x31, &(0x7f0000000140)={{0x12, 0x1, 0x200, 0x0, 0x0, 0x0, 0x20, 0x1430, 0x474b, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x1f, 0x1, 0x1, 0x3f, 0x20, 0x1, "", {{{0x9, 0x4, 0x0, 0x0, 0x1, 0x1, 0x3, 0x20, 0x5, [], [{{0x9, 0x5, 0xf, 0x15, 0x400, 0x1, 0x5, 0x3, {0x4}}}]}}}}}]}}, 0x0)
r6 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX_80211(r6, 0x8933, &(0x7f00000003c0)={'wlan0\x00'})
syz_genetlink_get_family_id$nl80211(&(0x7f0000000280), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r6, 0x8933, &(0x7f0000000140)={'wlan0\x00'})
sendmsg$DEVLINK_CMD_RATE_NEW(r5, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000700)={&(0x7f0000000300)={0x34, 0x0, 0x1, 0x3, 0x25dfdbfb, {0x25}, [@handle=@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}]}, 0x34}, 0x1, 0x0, 0x0, 0x40000}, 0x0)
madvise(&(0x7f000046d000/0x1000)=nil, 0x1000, 0x16)
r7 = syz_init_net_socket$llc(0x1a, 0x2, 0x0)
setsockopt$llc_int(r7, 0x10c, 0x4, &(0x7f0000000000)=0x4, 0x4)
socket$nl_route(0x10, 0x3, 0x0)

12.911170255s ago: executing program 2 (id=496):
prlimit64(0x0, 0xe, &(0x7f00000007c0)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
ioctl$TIOCGPGRP(0xffffffffffffffff, 0x540f, 0x0)
getpgid(0x0)
openat$sequencer(0xffffffffffffff9c, &(0x7f00000020c0), 0x0, 0x0)
sendmsg$IPCTNL_MSG_EXP_DELETE(0xffffffffffffffff, &(0x7f0000000380)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x4000070}, 0x4)
r0 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r0, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
mmap$xdp(&(0x7f0000800000/0x800000)=nil, 0x800006, 0x7000001, 0x6e073, 0xffffffffffffffff, 0x0)
madvise(&(0x7f0000bc0000/0x400000)=nil, 0x600000, 0x9)
r1 = socket(0x10, 0x3, 0x0)
socket$vsock_stream(0x28, 0x1, 0x0)
sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x40040c4)
sendto$packet(r1, &(0x7f0000000400)="e2049778b270cf1d10937905ccfe72ae37683ccf36", 0x15, 0x4c010, 0x0, 0x0)
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000009b40)={0x0, 0x0, &(0x7f0000009b00)={&(0x7f0000000140)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a4c000000090a010400000000000000000a0000040900010073797a31000000000800054000", @ANYRES64=r1], 0xb4}, 0x1, 0x0, 0x0, 0x40008d0}, 0x40)
io_uring_register$IORING_REGISTER_CLONE_BUFFERS(0xffffffffffffffff, 0x1e, 0x0, 0x1)
r2 = openat$vim2m(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0)
r3 = creat(&(0x7f0000000280)='./file0\x00', 0xecf86c37d53049ec)
write$FUSE_NOTIFY_STORE(r3, 0x0, 0x28)
close(r3)
syz_genetlink_get_family_id$mptcp(&(0x7f00000000c0), r3)
ioctl$vim2m_VIDIOC_PREPARE_BUF(r2, 0xc058565d, 0x0)
close(0xffffffffffffffff)
r4 = socket$nl_netfilter(0x10, 0x3, 0xc)
socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_TIMEOUT_NEW(r4, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000440)={&(0x7f0000000380)={0x3c, 0x0, 0x8, 0x101, 0x0, 0x0, {0x3, 0x0, 0x5}, [@CTA_TIMEOUT_L3PROTO={0x6, 0x2, 0x1, 0x0, 0x892f}, @CTA_TIMEOUT_NAME={0x9, 0x1, 'syz0\x00'}, @CTA_TIMEOUT_DATA={0xc, 0x4, 0x0, 0x1, @udp=[@CTA_TIMEOUT_UDP_REPLIED={0x8, 0x2, 0x1, 0x0, 0x6}]}, @CTA_TIMEOUT_L4PROTO={0x5, 0x3, 0x2f}]}, 0x3c}, 0x1, 0x0, 0x0, 0x50800}, 0x10)
sendmsg$nl_route(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)=ANY=[@ANYBLOB="500000001000010425bbe5ad600027842cf52300", @ANYRES32=0x0], 0x50}, 0x1, 0x0, 0x0, 0x13d33d22cca65c15}, 0x4008840)

11.376674505s ago: executing program 2 (id=497):
socket$kcm(0x11, 0x3, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000240)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
socket(0x400000000010, 0x3, 0x0)
fsconfig$FSCONFIG_SET_BINARY(0xffffffffffffffff, 0x6, 0x0, 0x0, 0x0)
r3 = fsmount(0xffffffffffffffff, 0x0, 0xc)
mprotect(&(0x7f0000000000/0xf000)=nil, 0xf000, 0x1)
setpriority(0x2, 0x0, 0x5)
unshare(0x24060400)
semtimedop(0x0, &(0x7f00000000c0)=[{0x0, 0xffff, 0x2000}, {0x4, 0x0, 0x1800}], 0x2, 0x0)
semctl$SETVAL(0x0, 0x0, 0x10, 0x0)
r4 = openat$cgroup_subtree(r3, &(0x7f0000000100), 0x2, 0x0)
write$cgroup_subtree(r4, &(0x7f0000000980)=ANY=[@ANYBLOB="0b56c811d9"], 0x1f)
r5 = getpid()
r6 = syz_pidfd_open(r5, 0x0)
setns(r6, 0x24020000)
r7 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r7, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000003780)={&(0x7f0000000e00)=@newtaction={0x488, 0x30, 0x12f, 0x3c, 0x0, {}, [{0x474, 0x1, [@m_police={0x470, 0x1, 0x0, 0x0, {{0xb}, {0x444, 0x2, 0x0, 0x1, [[@TCA_POLICE_RATE={0x404, 0x2, [0x1, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9, 0x0, 0xffffffff, 0x0, 0x0, 0x4, 0x0, 0xb, 0x4, 0x0, 0x8d, 0x0, 0x7ff, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0xa4f, 0x0, 0x0, 0x0, 0x0, 0x20000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x1000, 0x10, 0xfffffffd, 0x3, 0x3, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0xb4, 0x0, 0x0, 0x1, 0x8000000, 0x0, 0x0, 0x11, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0xfffffffd, 0x0, 0x0, 0xfffffff8, 0x0, 0x0, 0x3, 0xb2e4, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0xffffffff, 0x0, 0x0, 0x100, 0x0, 0x3, 0x1, 0x0, 0x0, 0x0, 0x0, 0x934, 0x7, 0x0, 0x7, 0x0, 0x0, 0x0, 0x9, 0x0, 0x10000000, 0x0, 0x7, 0x0, 0x81, 0x10000, 0x0, 0x0, 0x0, 0x0, 0x1, 0x2000, 0x0, 0x0, 0x7, 0x3, 0x8, 0xfffffffe, 0x20000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0xffff3bac, 0xd, 0x2, 0x2000, 0x3, 0x0, 0x0, 0xfffffffe, 0xffffffd1, 0x480000, 0x0, 0x0, 0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9a3, 0x0, 0x6, 0x7ff, 0x4, 0x0, 0x0, 0x0, 0xfffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffd, 0x0, 0x0, 0x0, 0xfff, 0x0, 0x0, 0x0, 0x0, 0xffff, 0x0, 0x0, 0x0, 0x0, 0xfffffffd, 0x713b, 0x0, 0x0, 0x0, 0xffff, 0x1000000, 0xffffffff, 0x2, 0xfffffffd, 0xfffffffc, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0xce2, 0x0, 0x0, 0x0, 0x400000, 0x0, 0x2000000, 0xfffffff9, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10002, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x0, 0x10000000, 0x7, 0xff, 0x0, 0x7]}, @TCA_POLICE_TBF={0x3c, 0x1, {0x0, 0x1, 0x0, 0x0, 0x0, {0x3, 0x0, 0x0, 0x0, 0x3, 0xbed}, {0x0, 0xf6c5d7a4e5a498ca, 0x1000, 0x8}}}]]}, {0x4}, {0xc, 0xb}, {0xc, 0xa, {0x0, 0x3}}}}]}]}, 0x488}, 0x1, 0x0, 0x0, 0x4044840}, 0x44004)
move_mount(0xffffffffffffff9c, 0x0, 0xffffffffffffff9c, 0x0, 0x64)
openat(0xffffffffffffff9c, &(0x7f0000000680)='./file1\x00', 0x143041, 0x0)

11.284070917s ago: executing program 0 (id=498):
socket$inet_sctp(0x2, 0x1, 0x84)
recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x2, 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x181)
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000080)=0x3)
ioctl$TCFLSH(r0, 0x80047437, 0xffffffffffffffff)
mkdirat(0xffffffffffffff9c, &(0x7f0000000000)='./bus\x00', 0x140)
syz_open_dev$MSR(&(0x7f00000007c0), 0x0, 0x0)
r1 = socket$inet6(0xa, 0x3, 0x3c)
getsockopt$inet6_buf(r1, 0x3a, 0x20, 0x0, 0x0)
r2 = socket$kcm(0xa, 0x1, 0x106)
sendmsg$kcm(r2, &(0x7f0000000140)={0x0, 0x0, 0x0}, 0x20000011)
openat(0xffffffffffffff9c, 0x0, 0x0, 0xd5)
openat$mixer(0xffffffffffffff9c, 0x0, 0x121100, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x9, 0x800001000091}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000300)=0x4)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0)
sched_setaffinity(0x0, 0x1, &(0x7f00000002c0)=0x400000bce)
r3 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r3, &(0x7f0000032680)=""/102400, 0x19000)
mount(&(0x7f00000003c0)=@nullb, &(0x7f0000000000)='./cgroup\x00', &(0x7f0000000300)='udf\x00', 0x200480, 0x0)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r4, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000003580)=ANY=[@ANYBLOB="20000000240007012ebd7000fbdbdf25027c00000c00"], 0x20}, 0x1, 0x0, 0x0, 0x4048011}, 0x8010)
mount$overlay(0x0, 0x0, &(0x7f0000000440), 0x8, &(0x7f0000000380)={[{@lowerdir={'lowerdir', 0x3d, './cgroup'}}, {@redirect_dir_on}]})
r5 = syz_init_net_socket$x25(0x9, 0x5, 0x0)
ioctl$SIOCX25SFACILITIES(r5, 0x541b, 0x0)
socket$kcm(0xa, 0x2, 0x0)
syz_open_procfs(0xffffffffffffffff, &(0x7f0000000000)='fdinfo/3\x00')

9.844523695s ago: executing program 2 (id=499):
r0 = openat$ppp(0xffffffffffffff9c, &(0x7f0000001740), 0x0, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f0000000300)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sendmsg(r2, &(0x7f0000000180)={0x0, 0x0, 0x0}, 0x0)
sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5, 0x0, 0x0, 0x0, 0xb49, 0x9, 0x8, 0x0, 0x3}, 0x0)
r3 = socket$nl_netfilter(0x10, 0x3, 0xc)
r4 = socket$kcm(0x1e, 0x5, 0x0)
sendmsg$kcm(r4, &(0x7f0000000540)={&(0x7f0000000280)=@tipc=@name={0x1e, 0x2, 0x0, {{0x1, 0x1}}}, 0x80, &(0x7f00000004c0)=[{&(0x7f0000000300)="80", 0xfdef}], 0x1}, 0x0)
recvmmsg(r4, &(0x7f0000005240)=[{{0x0, 0x0, &(0x7f00000000c0)=[{&(0x7f0000000780)=""/180, 0xb4}], 0x1, &(0x7f0000000ac0)=""/8, 0x8}, 0xe}], 0x1, 0x40002080, 0x0)
sendmsg$NFT_BATCH(r3, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000001340)={{0x14}, [@NFT_MSG_NEWTABLE={0x20, 0x0, 0xa, 0x301, 0x0, 0x0, {0x1, 0x0, 0x9}, [@NFTA_TABLE_NAME={0x9, 0x1, 'syz1\x00'}]}, @NFT_MSG_NEWCHAIN={0x2c, 0x3, 0xa, 0x201, 0x0, 0x0, {0x1}, [@NFTA_CHAIN_NAME={0x9, 0x3, 'syz2\x00'}, @NFTA_CHAIN_TABLE={0x9, 0x1, 'syz1\x00'}]}, @NFT_MSG_DELCHAIN={0x2c, 0x5, 0xa, 0x201, 0x0, 0x0, {0x1}, [@NFTA_CHAIN_HANDLE={0xc, 0x2, 0x1, 0x0, 0x1}, @NFTA_CHAIN_TABLE={0x9, 0x1, 'syz1\x00'}]}, @NFT_MSG_NEWTABLE={0x28, 0x0, 0xa, 0x5, 0x0, 0x0, {0x1, 0x0, 0x8}, [@NFTA_TABLE_NAME={0x9, 0x1, 'syz1\x00'}, @NFTA_TABLE_FLAGS={0x8, 0x2, 0x1, 0x0, 0x1}]}], {0x14}}, 0xc8}}, 0x0)
r5 = socket$inet_udp(0x2, 0x2, 0x0)
ioctl$sock_ipv4_tunnel_SIOCADDTUNNEL(r5, 0x89f1, &(0x7f0000000440)={'sit0\x00', &(0x7f0000000400)={'syztnl0\x00', <r6=>0x0, 0x0, 0x0, 0x0, 0x0, {{0x5, 0x4, 0x0, 0x0, 0x14, 0x0, 0x0, 0xd1, 0x0, 0x0, @loopback, @multicast1}}}})
ioctl$sock_ipv4_tunnel_SIOCGETTUNNEL(r5, 0x89f5, 0x0)
ioctl$sock_ipv4_tunnel_SIOCDELTUNNEL(r5, 0x89f2, &(0x7f00000000c0)={'syztnl0\x00', &(0x7f0000000240)={'tunl0\x00', r6, 0x700, 0x7800, 0xffff, 0x8001, {{0x5, 0x4, 0x0, 0x28, 0x14, 0x68, 0x0, 0x10, 0x4, 0x0, @local, @initdev={0xac, 0x1e, 0x0, 0x0}}}}})
setsockopt$inet_int(0xffffffffffffffff, 0x0, 0x1, 0x0, 0x0)
openat$qrtrtun(0xffffffffffffff9c, 0x0, 0x32c180)
mknodat(0xffffffffffffff9c, &(0x7f00000000c0)='./file2\x00', 0x81c0, 0x0)
ioctl$sock_SIOCETHTOOL(0xffffffffffffffff, 0x8946, &(0x7f0000000040)={'pim6reg1\x00', &(0x7f00000001c0)=@ethtool_stats={0x1d, 0x5, [0xc000000000, 0x8, 0x3, 0x0, 0x0]}})
r7 = socket$kcm(0x10, 0x2, 0x0)
socket$inet6_sctp(0xa, 0x1, 0x84)
sendmsg$kcm(r7, &(0x7f0000000600)={0x0, 0x0, &(0x7f0000000380)=[{}], 0x1}, 0x0)
setsockopt$MRT6_INIT(r0, 0x29, 0xc8, &(0x7f0000000140), 0x4)
syz_emit_vhci(&(0x7f0000000200)=ANY=[], 0x7)
ioctl$UFFDIO_REGISTER(0xffffffffffffffff, 0xc020aa00, &(0x7f0000000280)={{&(0x7f0000ffc000/0x2000)=nil, 0x2000}, 0x2})
syz_emit_vhci(&(0x7f00000002c0)=@HCI_VENDOR_PKT={0xff, 0x141}, 0x2)

9.22690467s ago: executing program 1 (id=500):
syz_kvm_add_vcpu$x86(0x0, &(0x7f0000000000)={0x0, &(0x7f00000001c0)=[@code={0xa, 0x75, {"f326460f019f00200000420f01c5470f01c248b8f61e0000000000000f23c80f21f835080030000f23f8c462bd9791040000000f07c7442400e3420000c744240264000000c7442406000000000f011c24c421e3d040000f009f082c000066660f388000"}}], 0x75})
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000180)={0x1, 0x1, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000003c0)={[0x60000000004, 0x1000000004, 0x5, 0x41, 0x2000000, 0x0, 0x2004cb, 0x0, 0xa1d, 0x68ff, 0x5, 0x0, 0x3, 0x2], 0x10000, 0x100603})
r3 = getpgrp(0x0)
sched_setaffinity(r3, 0x8, &(0x7f0000000040)=0x5)
prlimit64(0x0, 0xe, &(0x7f0000000100)={0x8, 0xffff}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000300)=0x7)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r4 = getpid()
sched_setscheduler(r4, 0x2, &(0x7f0000000000)=0x3)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
r5 = syz_clone(0x8000, 0x0, 0xfffffffffffffe7e, 0x0, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, r5, 0x1, 0x0)
getpgid(r3)
r6 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
r7 = syz_open_dev$video(&(0x7f0000000000), 0x7, 0x40440)
ioctl$VIDIOC_S_PARM(r7, 0xc0cc5616, &(0x7f0000001600)={0x1, @capture={0x1000, 0x0, {0xffff}, 0xffffffbd, 0xfffffff4}})
read$msr(r6, &(0x7f0000019680)=""/102392, 0x18ff8)
r8 = openat$fb0(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
ioctl$FBIOPUT_VSCREENINFO(r8, 0x4601, &(0x7f0000000100)={0x400, 0x300, 0x0, 0x800, 0xbbba, 0x0, 0x8, 0x0, {}, {0x0, 0xe, 0xfffffffe}, {0x0, 0xffff0000}, {0x1000000}, 0x0, 0x3f0, 0x0, 0xd613, 0x0, 0x0, 0x0, 0xffffffff, 0x0, 0x4000000, 0x0, 0x0, 0x0, 0x100})
socket$nl_generic(0x10, 0x3, 0x10)
ioctl$KVM_RUN(r2, 0xae80, 0x0)
ioctl$KVM_SET_SREGS(r2, 0x4138ae84, &(0x7f0000000100)={{0xd000, 0x0, 0x0, 0x0, 0x8, 0x0, 0x0, 0x3, 0x0, 0x8, 0x6, 0x40}, {0xffffffff, 0x10000, 0xa, 0x3, 0x2, 0x0, 0x0, 0x0, 0x8a, 0xff}, {0x2000, 0x1000, 0xc, 0x0, 0x7, 0xc4, 0x0, 0x0, 0x48, 0x3, 0x0, 0xfc}, {0xeeef0000, 0x33331000, 0xa, 0x0, 0x1, 0x0, 0x7, 0x0, 0x8, 0xfd, 0x4, 0x4}, {0x6000, 0xffff1000, 0xe, 0x0, 0x0, 0x4, 0x0, 0xfd, 0x0, 0x3c}, {0x4, 0x0, 0xb, 0x78, 0x5, 0x80, 0x2, 0x0, 0x3, 0xff, 0x1}, {0x0, 0xeeee0000, 0xa, 0x4, 0x0, 0x0, 0xa1, 0x20, 0x0, 0x0, 0x8}, {0x2, 0x6000, 0xc, 0x0, 0x0, 0x7, 0x8, 0x40, 0x26, 0x0, 0x0, 0x2}, {0x70000, 0x8cc}, {0xdddd1000}, 0xddf8ffdb, 0x0, 0x0, 0x114, 0x0, 0xf801, 0x0, [0x80000001, 0x0, 0x1]})
syz_mount_image$vfat(&(0x7f00000000c0), &(0x7f0000000200)='./file0\x00', 0x802, &(0x7f0000000940)={[{@iocharset={'iocharset', 0x3d, 'iso8859-15'}}, {@iocharset={'iocharset', 0x3d, 'maccroatian'}}, {@utf8}, {@fat=@errors_continue}, {@iocharset={'iocharset', 0x3d, 'cp860'}}, {@shortname_mixed}, {@utf8no}, {@fat=@codepage={'codepage', 0x3d, '861'}}, {@shortname_lower}, {@iocharset={'iocharset', 0x3d, 'cp1251'}}, {@fat=@dos1xfloppy}, {@fat=@codepage={'codepage', 0x3d, '865'}}, {@iocharset={'iocharset', 0x3d, 'iso8859-4'}}, {@uni_xlateno}]}, 0x25, 0x339, &(0x7f00000011c0)="$eJzs3T1sW9UXAPDjPidOI/WfDH+pgsmwIaGqCWKAKVFVpIoMUGTxtWDRlI/YVIqFpTDE9QJiBLEgwcTWAcbOiAEhNgZWioQKiIVulVrxkP2e7eeP0BThlI/fb4iOzj3H976Xq/glSm5e2oidCwtx8caN67G0VIryxpmNuFmK1TgWSWQuBwDwb3IzTePXNHPn6veXB9HinNcFAMxP//3/lROjROVergYAOAqH/P7/qZnZS3NbFgAwR1Pv/w+ODU/8mL88/J0AAOCf65nnX3hycyvifLW6FNF8p11r1+Lx0fjmxXgtGrEdp2MlbkdkDwrZ00Lv4xPnts6ervb8uBq1Xke7FtHstGvZk8Jm0u+vxFqsxGrenw77k17/Wr+/GhGXO/35o1lq1xZiOZ//u+XYjvVYif9P9Uec2zq7Xs1foNYc9HciurE0uIje+k/FSnzzclyKRlyIXu9o/ftr1eqZdGusv32l0q8DAAAAAAAAAAAAAAAAAAAAAIB5OFUdWh2ef5M2O+23z08WrI6dj1PLhvPzgbrZ+UBpZXA6z7vJ5PlA4+fztGvlOHZPrxwAAAAAAAAAAAAAAAAAAAD+Plp7i1FvNLZ3W3tv7RSDTiHzxleffnE8JmteT0aZKGcvN1aT56LQlcSwPR22p8lYTR4kEaPiK1eHKy7WVIZXMdXeCypTQ6V8TfVG48QDP3w0q+u3USaJqdsyHpTy+QtDzf9lqT/oOjhYv0PNtTRND2rf/3C6K0oR5alP3F8RfHn91fseaZ18tJ/5PD/04aGHV5699sEnP+/UG5HfmkZjcbd1O/3TcyWF/VPK73Npxk6YHXRHme5ua6+efPvLc/e/9/WgppzthGT2/kmLmTcPnuuzycxiFvSWeZgrXZix+WcHL94a7t67v5knP96oX93//qfDdhW+SDioAwAAAAAAAAAAAAAAAAAAjkThb8XvwmNPz29FAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHD0Rv//vxB0pzKHCW51Ynqosr3bOnDy40d6qQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA/If9HgAA//+a43cf")
open(&(0x7f00000001c0)='./file2\x00', 0x86442, 0x0)

9.006615436s ago: executing program 3 (id=501):
socket$nl_generic(0x10, 0x3, 0x10)
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_CREATE(r0, 0x0, 0x8000000)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x20000008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r2 = getpid()
sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x7)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f0000000180)=@abs, 0x6e)
sendmmsg$unix(r4, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0xb, &(0x7f0000000380)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020000000000000000000007b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, 0x2}, 0x94)
keyctl$instantiate(0xc, 0x0, &(0x7f0000000400)=ANY=[@ANYBLOB="6e657720646566617500002074727573746564aaaf7bb320303030303030303030303030303030303337323400e96d72917316b228108c56176cf9bf2cd0137293489cbd47963334da4d7268403a5c7c49b0e315ac98cb6e962ded0637c5be0f0b65160bf5d78fcfb63827a87f8acbe3dae71133e40d9eb3ce56a63648c255866523fc157388ba2c16b495126268d7afdb0eb74620"], 0x2d, 0xfffffffffffffff9)
sendmsg$IPSET_CMD_ADD(r1, 0x0, 0x4000084)
r5 = syz_open_dev$vim2m(&(0x7f0000000000), 0x7, 0x2)
ioctl$vim2m_VIDIOC_S_FMT(r5, 0xc0d05605, &(0x7f00000005c0)={0x1, @pix_mp={0x3ff, 0xffffffff, 0x34325241, 0x3, 0x0, [{0x8, 0xf}, {0x8, 0x29f6ebcd}, {0xd, 0x8}, {0x5, 0x8}, {0x2, 0x3}, {0x1ff, 0x3}, {0x6, 0x409}, {0x10001, 0x1800000}], 0x0, 0xd, 0x2, 0x3078182a3427730f, 0x1}})
sendmsg$IEEE802154_ADD_IFACE(0xffffffffffffffff, &(0x7f0000000740)={&(0x7f00000002c0)={0x10, 0x0, 0x0, 0x200}, 0xc, 0x0, 0x1, 0x0, 0x0, 0x20044001}, 0x10)
bpf$BPF_PROG_QUERY(0x10, &(0x7f0000000280)={@map, 0x7, 0x0, 0x8, &(0x7f0000000180)=[0x0], 0x1, 0x0, 0x0, 0x0, 0x0}, 0x40)
sendmsg$IPCTNL_MSG_TIMEOUT_NEW(0xffffffffffffffff, &(0x7f0000000980)={0x0, 0x0, &(0x7f0000000940)={&(0x7f00000000c0)={0x4c, 0x0, 0x8, 0x201, 0x0, 0x0, {0x1, 0x0, 0x3}, [@CTA_TIMEOUT_L3PROTO={0x6, 0x2, 0x1, 0x0, 0xfbfb}, @CTA_TIMEOUT_L3PROTO={0x6, 0x2, 0x1, 0x0, 0x6558}, @CTA_TIMEOUT_L4PROTO={0x5, 0x3, 0x2f}, @CTA_TIMEOUT_DATA={0x4, 0x4, 0x0, 0x1, @tcp}, @CTA_TIMEOUT_NAME={0x9, 0x1, 'syz0\x00'}, @CTA_TIMEOUT_L3PROTO={0x6, 0x2, 0x1, 0x0, 0x1a}, @CTA_TIMEOUT_L4PROTO={0x5, 0x3, 0x84}]}, 0x4c}, 0x1, 0x0, 0x0, 0x20040800}, 0x40000)
setitimer(0x1, &(0x7f0000000040)={{}, {0x77359400}}, &(0x7f0000000080))

8.781295492s ago: executing program 0 (id=502):
r0 = socket$tipc(0x1e, 0x2, 0x0)
bind$tipc(r0, &(0x7f0000000180)=@nameseq={0x1e, 0x1, 0x0, {0x41}}, 0x10)
r1 = gettid()
timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r1}, 0x0)
openat(0xffffffffffffff9c, 0x0, 0x442, 0x0)
r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000a00)=ANY=[@ANYBLOB="0100000005000000ec0b000007"], 0x48)
bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000340)={r2, 0x0, 0x0, 0x8e90385f0ccb53ea}, 0x20)
r3 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=ANY=[@ANYBLOB="0b00000005000000000400000d00"], 0x48)
bpf$MAP_GET_NEXT_KEY(0x2, &(0x7f00000004c0)={r3, &(0x7f0000000340), &(0x7f00000005c0)=""/155}, 0x20)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000800000000000000000000018110000", @ANYRES32=r3], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
r4 = bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x16, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @flow_dissector, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f00000002c0)={r4, 0x2000002, 0xe, 0x0, &(0x7f0000000000)="5c194c76e3fd358c3f2ec0cf6046", 0x0, 0x8005, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50)
syz_usb_control_io$cdc_ncm(0xffffffffffffffff, 0x0, 0x0)
socket$netlink(0x10, 0x3, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000000)={0x2, 0x7}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000640)=0x2)
sched_setaffinity(0x0, 0x8, &(0x7f0000000280)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r5 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r5, &(0x7f0000005580)=""/102392, 0x18ff8)
execveat(0xffffffffffffff9c, 0x0, 0x0, 0x0, 0x100)
r6 = socket$nl_route(0x10, 0x3, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000040)={0x0, 0x0, 0x0, 0x0, 0x21, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x27, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0xffffffffffffffff}, 0x94)
ioctl$sock_SIOCETHTOOL(0xffffffffffffffff, 0x8946, &(0x7f0000000040)={'wlan1\x00', &(0x7f0000000080)=@ethtool_ringparam={0x11}})
ioctl(r6, 0x8b1a, &(0x7f0000000040))
r7 = syz_open_dev$dvb_demux(&(0x7f0000000080), 0x0, 0x41)
ioctl$DVB_DEMUX_DMX_SET_PES_FILTER(r7, 0x40146f2c, &(0x7f00000000c0)={0x1, 0x0, 0x3, 0x13, 0x4})
sendmsg$RDMA_NLDEV_CMD_NEWLINK(0xffffffffffffffff, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000000)={0x0}, 0x1, 0x0, 0x0, 0x40000}, 0xedbde134798091f0)

5.964992855s ago: executing program 1 (id=503):
r0 = open$dir(&(0x7f0000000140)='./file0\x00', 0x1, 0x27)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='blkio.bfq.io_merged_recursive\x00', 0x275a, 0x0)
ftruncate(r1, 0x2000009)
sendfile(r0, r1, 0x0, 0x20000000000006)
sendmsg$NFT_MSG_GETCHAIN(r1, &(0x7f0000000240)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x2}, 0xc, &(0x7f00000001c0)={&(0x7f0000000180)={0x20, 0x4, 0xa, 0x101, 0x0, 0x0, {0x0, 0x0, 0x7}, [@NFTA_CHAIN_HANDLE={0xc, 0x2, 0x1, 0x0, 0x3}]}, 0x20}, 0x1, 0x0, 0x0, 0x2400c098}, 0x80c0)
r2 = socket$nl_route(0x10, 0x3, 0x0)
r3 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r3, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000001680)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a28000000000a030000000000000000000a00000708000240000000020900010073797a31000000002c000000030a010100000000000000000a0000070900010073797a31000000000900030073797a320000000014000000110001"], 0x7c}, 0x1, 0x0, 0x0, 0x40001}, 0x4040850)
sendmsg$NFT_BATCH(r3, &(0x7f0000009b40)={0x0, 0x0, &(0x7f00000004c0)={&(0x7f0000000a40)=ANY=[@ANYBLOB="140000001000010000000000000000000700000a4c000000030a0fdb00000000000000000a0020050900030073797a30000000000900010073797a310000000014000480080002403cb140bb08000140000000030a000700726f75746500000014000000110001"], 0x74}, 0x1, 0x0, 0x0, 0x4001850}, 0x24000840)
r4 = socket$kcm(0xa, 0x922000000003, 0x11)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r5 = getpid()
sched_setscheduler(r5, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r6=>0xffffffffffffffff, <r7=>0xffffffffffffffff})
connect$unix(r6, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r7, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r6, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
socket(0x10, 0x3, 0x0)
socket$inet(0x2, 0x2, 0x0)
r8 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_mreq(r8, 0x29, 0x1b, &(0x7f00000000c0)={@remote}, 0x14)
r9 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r9, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000008c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0)
sendmsg$NFT_BATCH(r9, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000004f40)={{0x14}, [@NFT_MSG_NEWRULE={0x6c, 0x6, 0xa, 0x40b, 0x0, 0x0, {0x2}, [@NFTA_RULE_EXPRESSIONS={0x40, 0x4, 0x0, 0x1, [{0x18, 0x1, 0x0, 0x1, @osf={{0x8}, @val={0xc, 0x2, 0x0, 0x1, [@NFTA_OSF_DREG={0x8, 0x1, 0x1, 0x0, 0x4}]}}}, {0x24, 0x1, 0x0, 0x1, @meta={{0x9}, @val={0x14, 0x2, 0x0, 0x1, [@NFTA_META_KEY={0x8, 0x2, 0x1, 0x0, 0xc}, @NFTA_META_SREG={0x8, 0x3, 0x1, 0x0, 0x15}]}}}]}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_RULE_CHAIN={0x9, 0x2, 'syz2\x00'}]}], {0x14, 0x11, 0x1, 0x0, 0x0, {0x1}}}, 0x94}}, 0x0)
sendmsg$kcm(r4, &(0x7f0000000000)={&(0x7f0000000500)=@l2tp6={0xa, 0x0, 0x3, @loopback, 0x1, 0xfffffffe}, 0x80, 0x0}, 0x0)
sendmsg$nl_route(r2, &(0x7f0000000480)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x20008001}, 0x24040840)

5.599063715s ago: executing program 3 (id=504):
socket$netlink(0x10, 0x3, 0x0)
socket$nl_netfilter(0x10, 0x3, 0xc)
bind$rds(0xffffffffffffffff, 0x0, 0x0)
r0 = fsopen(&(0x7f0000000280)='ceph\x00', 0x1)
fsconfig$FSCONFIG_SET_STRING(r0, 0x1, &(0x7f0000000b40)='source', &(0x7f0000000040)='c:::\x00', 0x0)
gettid()
prlimit64(0x0, 0xe, &(0x7f0000000140)={0xa, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x3)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0xf0667000)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f0000000180)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
ioctl$VHOST_SET_MEM_TABLE(0xffffffffffffffff, 0x4008af03, 0x0)
ioctl$VHOST_VSOCK_SET_RUNNING(0xffffffffffffffff, 0x4004af61, 0x0)
setitimer(0x1, 0x0, 0x0)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000780)={0x5, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="1804000000000000000000000000000018010000b98bc2c900000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b70300000000000085000000b100000095"], 0x0, 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x40000004}, 0x94)
r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x6, 0xb, &(0x7f0000000180)=ANY=[], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @xdp=0x25, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000005880)={r4, 0x2000000, 0xe, 0x0, &(0x7f0000000380)="3f121b5ae730a16b38ec3c25a36f", 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x3}, 0x50)
r5 = openat$ubi_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x8400, 0x0)
ioctl$FS_IOC_SETFLAGS(r5, 0x40186f40, &(0x7f0000000440)=0x1f)
openat$cgroup_ro(r5, 0x0, 0x275a, 0x0)
r6 = syz_io_uring_setup(0x88f, 0x0, &(0x7f0000000000), 0x0, &(0x7f0000000000))
io_uring_register$IORING_REGISTER_NAPI(r6, 0x1b, 0x0, 0x1)
syz_emit_vhci(&(0x7f0000001480)=ANY=[@ANYBLOB="02c9"], 0x11)
socket$nl_route(0x10, 0x3, 0x0)

5.237135614s ago: executing program 2 (id=505):
write$P9_RSETATTR(0xffffffffffffffff, 0x0, 0x0)
openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x0, 0x0)
openat$ptmx(0xffffffffffffff9c, 0x0, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x5)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x80202, 0x0)
r0 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r0, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
r1 = syz_open_dev$dvb_dvr(&(0x7f0000000040), 0x0, 0x800)
readv(r1, &(0x7f0000000280)=[{&(0x7f0000000140)=""/117, 0x75}], 0x1)
r2 = syz_open_dev$dvb_demux(&(0x7f0000001e00), 0x0, 0x2000)
ioctl$DVB_DEMUX_DMX_SET_FILTER(r2, 0x403c6f2b, &(0x7f0000001e40)={0x4, {"0dbad96fff01000008ff002084000100", "3dfab043e15fad27a639f105b5e9f977", "a7c947420000000000000000ff4a70f3"}, 0x4000c, 0x5})
r3 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x48241, 0x0)
ioctl$TUNSETIFF(r3, 0x400454ca, &(0x7f00000000c0)={'syzkaller1\x00', 0x6bf1c2d5adba8c32})
ioctl$SIOCSIFHWADDR(0xffffffffffffffff, 0x8914, &(0x7f0000000180)={'syzkaller1\x00', @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0xe}})
writev(r3, &(0x7f00000006c0)=[{&(0x7f0000000440)="2e9b3d0007e03dd65193dfb6c575963f88a8", 0x12}], 0x1)
preadv(r2, &(0x7f0000000480)=[{&(0x7f0000000180)=""/1, 0x1}], 0x1, 0x2, 0xd)
ioctl$DVB_DEMUX_DMX_SET_FILTER(r2, 0x403c6f2b, &(0x7f0000000080)={0x6, {"4b81b0c732e92eb1fd60fbf401687d72", "1cea03ca4fe1c1f1e31253bda1f1fed5", "d80190bae206002cb2a1a28cde21dbfd"}, 0x2, 0x7})
r4 = syz_open_procfs(0x0, &(0x7f0000000100)='net/netlink\x00')
poll(&(0x7f00000001c0)=[{r2, 0xc004}, {r4, 0x2400}], 0x2, 0x2)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
r5 = openat$uhid(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0)
write$UHID_CREATE(r5, &(0x7f00000003c0)={0x0, {'syz0\x00', 'syz0\x00', 'syz1\x00', &(0x7f00000000c0)=""/43, 0x2b}}, 0x120)
write$UHID_DESTROY(r5, &(0x7f0000000080), 0x4)
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x850}, 0x0)
r6 = openat$uinput(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0)
write$uinput_user_dev(r6, &(0x7f0000000a00)={'syz1\x00', {0x9, 0x7, 0x5, 0x5}, 0x3f, [0x9, 0x2, 0x18, 0x2, 0x2, 0x400, 0x80000000, 0x0, 0x8, 0x0, 0x6, 0x1, 0xfffffffb, 0x39, 0x747d5e13, 0x800, 0xfffffb9a, 0xfffffffe, 0x0, 0xfffffffb, 0x2004, 0x3, 0x0, 0xf250, 0x80, 0x4800, 0x300000, 0x7, 0xe, 0x4623f, 0x0, 0x2010001, 0x1ff, 0x8000, 0x0, 0x3, 0xc, 0x3, 0xba55, 0x8da8, 0x2, 0x200, 0x2, 0x5, 0xe, 0x4, 0x2, 0x6f, 0x8, 0x9, 0x10001, 0x199d, 0x6, 0x2, 0x9, 0xffffffff, 0x4, 0x6, 0x1000, 0x5, 0x3d, 0x8, 0xa, 0x5], [0x7, 0x1e, 0x3, 0x8000, 0xfffffffd, 0x3, 0x0, 0x25, 0x7, 0xfffffffc, 0x8, 0x7fff, 0x728, 0x1c32, 0x3, 0x5, 0x10000, 0x400, 0x7ffd, 0x3, 0x3, 0x297, 0x5, 0x0, 0x981, 0x4, 0x0, 0x3ff, 0x0, 0xfffffffe, 0x8, 0x1000001, 0x10, 0xfffffff9, 0xfffffffd, 0x7, 0x1, 0xffffffff, 0x6, 0x2000008, 0x800, 0xffff, 0x6, 0x96, 0xfffffff9, 0x7fffffff, 0x0, 0x2, 0x401, 0xc, 0x3, 0x379, 0x9, 0xe, 0x5, 0x7, 0x6, 0x2, 0x1, 0x1, 0x8, 0x7, 0x200, 0x3], [0x401, 0x8000c584, 0xffff, 0xcd3, 0x7, 0x1f, 0x404, 0xf, 0x4, 0xc, 0x7, 0x9, 0x1e88, 0x5, 0x80000001, 0x8, 0x3f92, 0x1000, 0x0, 0x10, 0x1, 0xfffffff9, 0x0, 0x1000, 0x80040101, 0x5, 0x4, 0x5, 0x4200003, 0x1, 0x5, 0x80, 0x9, 0x3ff, 0x10000, 0x0, 0x3, 0x400004, 0x3, 0x6d7e, 0x3, 0x8, 0x3, 0xbf23, 0x6, 0x9, 0x956, 0x0, 0x3ff, 0xe, 0x6, 0x100fffd, 0x2005, 0x9, 0x4, 0xea, 0x9, 0x20000005, 0x3, 0x80, 0x0, 0x7d, 0x401, 0x5], [0x108e, 0xffff, 0x3, 0x3, 0x88, 0x2, 0x4000000, 0x4, 0x50, 0x2, 0x763, 0xb, 0x402, 0x1, 0x7, 0x1000, 0x7f, 0x5, 0xffffffff, 0x4, 0x0, 0x5, 0x3, 0x4, 0xe47, 0x4, 0x3, 0x4, 0x200, 0x2851, 0x3b, 0x20000001, 0x5, 0x5, 0xa80a, 0x65f413f9, 0x4, 0x20008, 0x8a5, 0x86, 0x44, 0x409, 0x6, 0x4, 0x4, 0xe, 0x8, 0xffffffff, 0x7fff, 0xffff8a33, 0xfffffff8, 0x401, 0x3, 0x200, 0x7, 0x4edf, 0xfffffffd, 0xa, 0xe, 0x101, 0xf, 0xf, 0x136, 0x6]}, 0x45c)

4.357766548s ago: executing program 3 (id=506):
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000580)=ANY=[@ANYBLOB="0500000005"], 0x48)
bpf$MAP_CREATE(0x0, &(0x7f0000000180)=ANY=[@ANYBLOB="0b00000007000000010001000900000001"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0x11, 0x14, &(0x7f0000000000)=ANY=[@ANYBLOB="1802000000000000000000000000000018010000786c6c2500000000070000007b1af8ff00000000bfa100000000000007010000f8ffffffb700000000000000b7030000000000008500000070000000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x1f, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
sendmsg$ETHTOOL_MSG_EEE_GET(0xffffffffffffffff, &(0x7f00000013c0)={0x0, 0x0, &(0x7f0000001380)={0x0}, 0x1, 0x0, 0x0, 0x4000}, 0x40448a0)
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000540), 0x82, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
r3 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r3, &(0x7f0000000380)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc-cast5-avx\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r3, 0x117, 0x1, &(0x7f00000004c0)="2c385a7af3be", 0x6)
r4 = accept4(r3, 0x0, 0x0, 0x800)
sendmmsg$alg(r4, &(0x7f0000000040)=[{0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000080)="f78d9ca38fff48f3be52163448412ba8", 0xfffffe3f}, {&(0x7f0000000140)="ebe3a0e9796cfd1647e299f4e376fdba128280b372219d205e81f4a7f71c1926aae1efd7e0054a863f3d5cfe6cb55b5bb9fa6935849e6098ed884e7cb51726b360fbb37b4fe035bbb095873048", 0xff31}, {&(0x7f00000003c0)="e8700e444d50a969ff67347cff6127e6ef12ee3819271482a4975a52c1ab9b8b4db3945d1032005eabe97b4dc33a47d3a158da988456d30026b433186f53cdcdb93a4722bf306a10470d50f5cb1ece9ead3459bab1cf1538cd0b157653c5e892962c80f158c443e9c6ad7d2a8103ef2f4b93766b9a21501f94c1568b13756b66f74f46cf801704d2da8b96c34070b233af0afcc436712e58ed25e721193af05a045ad3fdc928f02f3dbad19d3e66eebda2e63f3f46ef4511cee26d7b48241847bf9e343ef4674c45e2a085060f11"}], 0x1, &(0x7f0000000380)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18}], 0x1, 0x40800)
recvmsg(r4, &(0x7f00000005c0)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f00000000c0)=""/81, 0x7ffff000}, {&(0x7f0000000200)=""/83, 0x20000253}], 0x2}, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000840)={0x1, 0x2, 0x3000, 0x2000, &(0x7f0000003000/0x2000)=nil})
r5 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x2)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r5, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000100)=[@text32={0x20, &(0x7f00000000c0)="650f340f3566b842000f00d8b805000000b9a00000000f01c13e0f070fde460b0f0130670f01c2f2360f217a0f07", 0x2e}], 0x1, 0x11, 0x0, 0x0)
pwritev(0xffffffffffffffff, &(0x7f0000000b00)=[{&(0x7f0000001880)="ea7c5828b87d70214008724bcae1ce6577c01031b19698ecb8a7f5183947918ce2cc9dc778dbfff9e28e1a6df7d8f95c3e45768a6786d6325bc0fe4ed394c8ed0edcbb9f917074251a7f5b6b24c52516a68f181592262dfd12b5af7386658c5fb6c36d86d5084624a302a155c0463b6c36e9fc88338b0f66e2713728a21d19d9a33da93d419df63d8a87fa100381ec74de8b7409f4977d3cd7a9f2fb03cec91c4277b39b2c9f227a9b74926a11960d085e2aaf98673d2a67fa95b8d9dcc72ca6181f6b9b2d1c402267e6cfef5599e1520077d9bc472fb5a5db42b1befd498ec7b8d519b12f065323b15280a2540bc7a4ffe508fc12f93707064caf4111e893142f9867b432b1e6258caa2ae081b8b646c25de7f5366a21f9dd257b84546cd316e17b79d22c4bcaf70e8a96d1e502b53c581c75482d1d63f0d5f3fb5bdbb714583f0798e0c4d6c9d99513e91a68a26612053290f15f5a2e06acfa229356e37b4d57697224e9561c0430a67fcb5dea72acc91e60751a5b07eb603548a646f082ce213347b4ee908bd95cc56775330aa09d4f19f48a8cb5d7f6346d82bab8ff019309684bd01eb4d90febe2269cd2a1100130c242a2995ce38638a3bbc9008ac0e820a1e0b9a9511af47aa7f3e30a69589985423f3b4ea98152433bf1aa53a0981f783f11c4cc50f70fe63b2043b74b9cb7da59caedadc1fa1f662831a353969893d4f93b919cda52a1ce2200a0a7895abb293c29d6d197cce98a4df8fc90c582014742a00b4bd09f1fcc5ff5753320d2b5593e657c0fb87a4cfa323ce59111eea806a6e020fb0c4fdd601087811e33e793975b5e9e936c16d243bdea757e0ee4508f5d5b496ed07b6f0f1f46ed752448f30d679b23ba8142d4ab25beb913ee77547866e5d9501a55e9797ba3407f3f4cc11398bdaf3ac4c2e79a5b133a09fcf8ae790bb985fa01daf2758fd8a77fde15a822227dddf64bb2ebc49a56ad025e01c6c59e4818abdf808789d9f87c103cf7f7d21d2a1345b9b7fd66b1cf96002343fbd62f8080d945e70bd93d4bf42b401477abed49065b4a8ccfb9d93724118168de2e8df4f78ccf3b9593f993423a619ef6bd8392a2cfc6424d3687fcdc67d33073db95d856f312b934d05a3c4e967217837920fee73b00757b617d1ef3bfc2e88a8a72f0948263db2c9e7bd491f059b6ee8d0ea3f2193314562910529869b248172bfe0f914f7a91a27c6e9e6c2e3455a7ae765392b48fc959958aa39a5a483b2a6e873ac76f8579515e42f7a3bbc82bcf71edaf12f7b40a2adc74d67ef793988cc8ac788185049e57fb84757bdc700ffde10afc19df290787ed98222f8afb2b6d11944666331350e2914466b398750acae526146373b2cbe1bdd1803e6c920a182a1ad118a3d09313c2ce2703a0a1c09215cab90c35b03b1c795cf704f42dd31ddff6be67bb355977b2e07609c5228299a170308e54705674384fc294cdfa4abf989d3c3bf3eabbbcf52a6a0646bf6db5b61ad027007464fd6fc10490ee2e9190c28ae5cb3733105cb782c0d53e5c79c3e455609d557d824154d01e282788ec8ae7c8a03fcd6cd4e37829b0f921c46d715454d5e1281c641cf0756a2f31b0369ce94e819e6254af95b88bffd7bb2cfe9469d303497fead174839b2789b5aa703176510eab1f46916b3b63f6f5b2df262fe7274a0cee9bd6e115e5f9f48ac1c09e5b3c546ae95b9916a633869854d3ee39d4acb800e876e7fc084ffd79a20fca8331caff657ec89b445c6012ff7eb9531eb1e8c90cdc66b82d6fd608310099503a9dcf50b40d10a3b1ab520477e20ad5f6405cd4b5b36d201e12088d7868c6e94737ea88db6ed5f7df4d31cbd2d0c4f21cdcc3b181f5aae7216dc4c06b2989bb44e5369ba96ce87f3e3abbb530d103a53d7e0b914115c302c935eea7d256a73aa851d84dec6d9112163be8135889c67fa90e796a6f050fba0a6a740618cd513748072daac9f3e25034772cc400a14834afbde835bc9fd7cf1113d67ebe99a3b78907596886ad5a1670ef572c18e26c98fe40194428de339cba7b8efc5fa7faf7512ef6b89a877f3e534fb4512729df686e14aece08fab3b42ea14acde0e18ffe5dc00e74288661c7463e00f3b942cddf3b71e1dcf71989f378b933df099316451cca296a4e117bbeb3b1e552e5a10f9731449ae830de14989049ce818f720e77e78a86c307c80450b26278bc25ee7390ce6d4c4dfc8d39b6b4b1ce6f3865dbdd1d37aedb555288bea9ef95c8600dea1cd10e9e42d15aa804f99a31bfaa5ea52185333d734c766e3bb4a9abf86cf4d840dc188167a25cc3054b65fd7ce053d38518474ab55e59c1ccaf34d57b4cd73b07ed63d754ab3d57dfc0f67bbdb22e33d9f63aa2b36cf0af338794d4acbd1b13669bde67f7bd032f9c6b400e8054a0cff77fc6e0591195b21715e42c881e23156b4ba504d7e1b6eb9c2ec9b9e382d85f7c52bd964d305da9496dbaa022880ddf236730c458f31258d64ae2668aa863b3fe558c7f8cfb3dabf42edcaf2891e9b9462c44153658eae85cd499abd9dca762adf26d9904d28b772b3fc3d066d56261474c944387ac7eb00059025ff25e34b8f7c2986db1ccc4297e1315c3ceeef1b8f98e0500bbb8bb0ab52d80f8c6c8fa5d24b9a05f5350e2fd59af4b9fa9a2b4339b61e208f227ba968d4dbd36246133de2078c6a15dd57754a3537c31d04da545f062dbf9cbaa0840e23974f441a4d5937fec23ff81c193bd951a7bacac8eb6d4705702cbe3c930f27869753ba6026455bbb7742c53644f1646d7545467091a207905f831505f214fbd818aea4455705b5e727850cdcac40620135b8dba85cb0c0f393af252ec082cba5c43385fbc2cc5682bc1994b064e29c8c5a20e7e6d15fbb13e6fd1a86b2fda666fbcd80fd08be00a7423fcafbdd8283bac88ead203bc10d1c1a13ca2fe853fa6cc8991b0476561be085b086b0d0e45f73e59f519342c13f368a37464cb55b8a13846f4cd610536d5c4b8704fcd347abe6712d3de67d7918e6954898f31647a8ea37ecc2e1bb02b1b26e7a60fbb2b0a48efc5795c12d5c4ac8dc4149dea0f2e085422ec69352882622711b74e1e32c7ead2cf3c554e8ff1648e8b66d0dc6997b6304b3b560a33d75aa49476175a386ca721156ea79bdba432d439dbceb0285561abd5d134badd9f38c04fae8fa920edfff15705371c907848c14acdfb0b22a4c7168e1840e8b8a50349dcee5f429b3cb34e30f0f67acf93604792b8574f36ea9409d422621f3c0c7b781fc8e23d1d46f04a9b44f633e5f72cb079fbde66a9745705666c6dab6238628e57ee6cffa8cfad616dac1abe2789c9efccb4fc7e65e490d9a4e49e7ce72a6980e72f70a17649e67de86f86b61a4b6219daefc939b5904e5712ecaf85c98484fc02585b1aa990b95173e4a2907cf877af696e528e6b2b634a4fb7d791cacc8644fa76e062148d411e18f0da5aed22116828cd700a28e8f46bca950550acb4ab05eddeb6b2dac24702cff4de0a3ece393cac879ed2f0c5b9645839cfdb79fb1df87596b14504cba9dddda51edaffcd0214b91b5898ea022774e699aa0caf0f646cc0cb8e8fc8b8be43c23aa7f6bd29fd0615c0b78f3514a52989d7f35ad08a4bd473e61da6657cc2e85d3b2b7d3fb51174a96f27038ddbc87a35e09a668e436aa40146c6a26dca87b39220f139b772719d80aadb752c622bf09acd6846838fb48a8817ba4aa72eaa32e82251b3789969d8518f9aa07cdcb9a355f73f119725c086168aaca262f13cd742e5f06c969a462638a557e15a4f5d43e3242c08f23b00d2b8d57c60d3636abd4068ec03a4be3429b95e41351ab5c58812e552df90c3e6c9d8779aa484e74f073ea9fcdce13b1dff8e7c101b2c6865c5cefe108e3559f520e2bc42c9dc39b57fddb44ca49f2689e10c1381c0740d20cbca46da475c62f513cb08398a5fd5d4f6b13ce839fe149df0d291a8f7267fe90a7e1845dace17cd927c2d1aeffbdc36bb983172ceff025e84b0419645fcc72897b992f5081c78756122391947f08ccd20806cfc2bded705b472fc52e84734e016cbd309aadebbbb4e8bdfed77b1e0b15ce0904838d9e4d64643df66f0353c377e554b428dc0f31189a134cdb8e66d2755e84c2b2409c3d63a81f5f05616baf6a243b09153a4f8289e15a5a4ffb007b0cbeffde25391bb2acd86b453e245643c0fa1dfe5d42e0e3f1c592a00b77f0133adf7989c6c2bf3ddc0b8a2b14f35d33f62f4ee2fc56166372058e997b9abe6bad8aa718f8d87ad095e8f354aaef540840437b5451771266a8358ed75954db52b38bca4a1c8696dca1de03b12627254409f8bb68c94eeaa1a8bcf894482b96e81b9ff5c2383a907537a191aff0bb5b5418ef5670cecca1cfbd41b61879b11a5a5053cd86cf5d61f8c2f7d7ad2034a1801b3b92a79ac3b4343c680008b1ba10577a35173cac6d4dbc1d00e436f238b57093b34d4ea19c225b84a2d6086cc6cf72595b980c88142d268bbf9c8375a93afe75c3583b3b9687368d78147985d209e6d89c335e948c51696a948f01ad062dcf84a99584466e24646b2e441fefb10ef962432f2925d6d98e790acf4ca7d9339a589a537aa3392ec79f34a6544144072ab8248e45ac560a78c70c5afcbf10909299dfcd67981c88780c1340c951e115ffec56d23b9ead6a55024e199238f4b133e3e1e0e84318b5037a3947ae09749c25c7e4887936ecf0ba9a807dfa471ea1f3350b70feb58dc9e2836365ce4db456a341e43410cac1253fe08e79c21fca932716f4c171fc957cb325737b70532d81f0eb2f0a16478c0d934165728f7b29a8a0ff6bc964e99dea26d3efd28336b00c112a26da7a2ea1c21a9688cc3a68293958edf27ae89e5f9b8348af4121028e760cf68c931af92906d27dad4d330df9201b5395ccce0c803806422883667ccb11438d9dbe1901d4ab98d89914b313338486deb6f748053517e2188c479adb1eabb8e8ed5d05bb3f66826fae83bbc5bce3615ee32d937ffbe8846a1156aaf7bf9b9d4189bdf290b3df254077688eeda824d6ea0a452f7e7f915c1a94ee250a3907ec035d7ba7bb0256811f04646ca156b8925506c774df4d4072c02929e985057a5f7ddc1469c7306e6fdb86b810ada1cc96f6bd389597dd27dd656f55c316fb2d56b2d13eddf893722e813934a19778719be99697c365222db64039f9caab1201c430e53df1af8a0321c8759fc33e8204150080979936d0717f6c4c9145fb828389acbb894a4600485e8b105c7165a40e814889343deead6d434a8da60eed1e50aa507ac2793b4a4c5517265f859f223bb4f6cadc6fb53430304baea18189e2b5ddd266c38f5c325ba391a50fcd34060d217c4118889c4275e40a8428099ddfa3cc0d8241c22fc1554318e922f3b1257", 0xf15}], 0x1, 0x1, 0x2)
syz_kvm_setup_cpu$x86(r2, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000180)=[@text64={0x40, 0x0}], 0x1, 0x18, 0x0, 0x0)
ioctl$KVM_RUN(r5, 0xae80, 0x0)

1.873927752s ago: executing program 0 (id=507):
madvise(&(0x7f0000c00000/0x400000)=nil, 0x400000, 0x12)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0xf)
ioctl$SNDRV_RAWMIDI_IOCTL_INFO(0xffffffffffffffff, 0x40045731, &(0x7f0000000300))
r0 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
r1 = socket$inet_sctp(0x2, 0x1, 0x84)
socket$inet_sctp(0x2, 0x5, 0x84)
writev(0xffffffffffffffff, &(0x7f0000000540)=[{0x0}, {&(0x7f0000000340)="8a226ff432407a7f5fd09590d734f795e12e57ce9fed3f0300eb6368ed559a85603b0080", 0x24}], 0x2)
r2 = syz_init_net_socket$rose(0xb, 0x5, 0x0)
ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8b36, &(0x7f0000000000)={'wlan0\x00'})
r3 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000400)='/sys/power/resume', 0x149a82, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, 0x0, &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x7, 0x100}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r4 = getpid()
sched_setscheduler(r4, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r5=>0xffffffffffffffff, <r6=>0xffffffffffffffff})
connect$unix(r5, &(0x7f0000000580)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r6, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r5, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
write$cgroup_int(r3, &(0x7f0000000040)=0x1f00, 0x12)
setsockopt$IP_VS_SO_SET_FLUSH(r1, 0x0, 0x485, 0x0, 0x0)
openat$sndtimer(0xffffffffffffff9c, &(0x7f0000000040), 0x0)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000001c0)={<r7=>0xffffffffffffffff, <r8=>0xffffffffffffffff})
setsockopt$SO_ATTACH_FILTER(r8, 0x1, 0x1a, &(0x7f0000000000)={0x3, &(0x7f0000000040)=[{0x40, 0xfe}, {0x20, 0xf2, 0x0, 0xffff7010}, {0x6, 0x0, 0x0, 0x2000000}]}, 0x10)
writev(r7, &(0x7f00000000c0)=[{&(0x7f0000000080)="0ccc3611", 0x4}], 0x1)
connect$bt_sco(r0, &(0x7f0000000040)={0x1f, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x10}}, 0x8)

1.516126731s ago: executing program 3 (id=508):
socket$nl_route(0x10, 0x3, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
r0 = getpid()
r1 = socket$packet(0x11, 0x3, 0x300)
setsockopt$packet_fanout(r1, 0x107, 0x12, &(0x7f0000000000)={0x0, 0x2}, 0x4)
sched_setscheduler(r0, 0x1, &(0x7f0000000100)=0x5)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000001480)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f00000004c0)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r3, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
r4 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000040)='/sys/power/wakeup_count', 0x301880, 0x20d)
write$tun(r4, &(0x7f0000000000)={@val={0x0, 0x886c}, @void, @eth={@random="000000f400", @dev={'\xaa\xaa\xaa\xaa\xaa', 0x18}, @val={@void, {0x8100, 0x0, 0x1, 0x2}}, {@llc_tr={0x11, {@llc={0xaa, 0xe, "d8"}}}}}}, 0x19)
ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000240)={'veth1_to_bridge\x00'})
r5 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r5, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000300)=ANY=[], 0x5c}}, 0x0)
bpf$BPF_BTF_LOAD(0x12, 0x0, 0x0)
r6 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$nl_route(r6, 0x0, 0x0)
sendmsg$ETHTOOL_MSG_DEBUG_SET(0xffffffffffffffff, &(0x7f0000001900)={0x0, 0x0, &(0x7f00000018c0)={&(0x7f0000000000)=ANY=[@ANYBLOB='D\x00\x00\x00', @ANYRES16=0x0, @ANYBLOB="1f0028bd7000ffdbdf250800000018000280100003800c0001800800010007"], 0x44}}, 0x10004000)
r7 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000006c0)='blkio.bfq.io_merged_recursive\x00', 0x275a, 0x0)
fcntl$lock(r7, 0x24, 0x0)
r8 = socket$nl_generic(0x10, 0x3, 0x10)
socket$nl_generic(0x10, 0x3, 0x10)
r9 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000380), r8)
sendmsg$NL80211_CMD_REMAIN_ON_CHANNEL(r8, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000580)={&(0x7f00000000c0)={0x1c, r9, 0x9c3fa077fa966179, 0x0, 0x0, {{0x7e}, {@val={0x8}, @void}}}, 0x1c}}, 0x4000054)

2.6191ms ago: executing program 2 (id=509):
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0a00000005000000080000000f"], 0x50)
close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2)
keyctl$instantiate(0xc, 0x0, &(0x7f0000000100)=ANY=[], 0x1d, 0xfffffffffffffffd)
prlimit64(0x0, 0xe, 0x0, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, 0xffffffffffffffff, 0x0)
getsockopt$inet_sctp_SCTP_DEFAULT_PRINFO(0xffffffffffffffff, 0x84, 0x72, &(0x7f0000000580)={<r0=>0x0, 0x0, 0x10}, &(0x7f00000005c0)=0xc)
setsockopt$inet_sctp6_SCTP_RECONFIG_SUPPORTED(0xffffffffffffffff, 0x84, 0x75, &(0x7f0000000600)={r0, 0xfffffff8}, 0x8)
ioctl$SNDRV_SEQ_IOCTL_GET_QUEUE_CLIENT(0xffffffffffffffff, 0xc0105303, 0x0)
socket$alg(0x26, 0x5, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x5)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x80200, 0x0)
r1 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r1, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
r2 = syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0)
setsockopt$WPAN_SECURITY_LEVEL(r2, 0x0, 0x2, &(0x7f0000000240)=0xffffffffffffffff, 0x4)
r3 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040), 0x8800, 0x0)
r4 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r4, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000200)=ANY=[@ANYBLOB="3c00000010004b0400000000000000007a000008", @ANYRES32=0x0, @ANYBLOB="00000000000000001c0012800b00010062726964676500000c00028005002d0020000000"], 0x3c}, 0x1, 0x0, 0x0, 0x4010}, 0x0)
ioctl$TIOCSETD(r3, 0x5423, &(0x7f0000000180)=0xe)
ioctl$TIOCVHANGUP(r3, 0x5437, 0x0)
ioctl$XFS_IOC_PATH_TO_FSHANDLE(r4, 0xc0385868, 0x0)
close(r4)
r5 = socket$inet6_sctp(0xa, 0x5, 0x84)
setsockopt(r5, 0x84, 0x11, &(0x7f0000000040)="0200000009", 0x5)
ioctl$VIDIOC_S_INPUT(0xffffffffffffffff, 0xc0045627, &(0x7f00000000c0)=0x2)
openat$sysfs(0xffffffffffffff9c, &(0x7f0000000080)='/sys/kernel/profiling', 0xa0642, 0x0)

0s ago: executing program 0 (id=510):
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x20000010}, 0x200000a0)
r1 = openat$sysctl(0xffffffffffffff9c, &(0x7f0000000080)='/sys/kernel/mm/ksm/run\x00', 0x1, 0x0)
prctl$PR_GET_TSC(0x43, &(0x7f0000000040))
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, 0x0, &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x4}, 0x94)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
recvmsg(r0, &(0x7f00000054c0)={&(0x7f00000002c0)=@tipc, 0x80, &(0x7f0000005380)=[{0x0}, {&(0x7f0000005180)=""/127, 0x7f}, {0x0}, {&(0x7f00000052c0)=""/150, 0x96}], 0x4}, 0x60)
r2 = getpid()
sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
r5 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
ptrace(0x10, r5)
ptrace$setregs(0xf, r5, 0x0, &(0x7f00000003c0))
sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0)
r6 = openat$vicodec0(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0)
ioctl$VIDIOC_REQBUFS(r6, 0xc0585609, &(0x7f0000000040)={0x0, 0xa})
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
r7 = openat(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup.net/devices.allow\x00', 0x2, 0x48)
write$cgroup_devices(r7, &(0x7f00000000c0)=ANY=[@ANYBLOB="10008ffbcb4bf0dd40598874e660ded1fcc2815ccbb67cffa7e96f51769f0d"], 0x8)
read$FUSE(r7, &(0x7f0000002140)={0x2020}, 0x2020)
madvise(&(0x7f0000bdc000/0x4000)=nil, 0x86ac726dff2f4713, 0xa)
setsockopt$IP6T_SO_SET_REPLACE(0xffffffffffffffff, 0x29, 0x40, &(0x7f0000000ec0)=@raw={'raw\x00', 0x8, 0x3, 0x6e8, 0x358, 0xffffffff, 0xffffffff, 0x358, 0xffffffff, 0x618, 0xffffffff, 0xffffffff, 0x618, 0xffffffff, 0x3, 0x0, {[{{@ipv6={@private0, @mcast2, [], [], 'veth0_macvtap\x00', 'dvmrp1\x00'}, 0x0, 0x330, 0x358, 0x0, {}, [@common=@unspec=@bpf1={{0x230}, @pinned={0x1, 0x0, 0x0, './file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa', {0x6}}}, @common=@inet=@hashlimit1={{0x58}, {'bond_slave_1\x00', {0x41, 0x1ff, 0x6, 0xb0e2, 0x10001, 0x84e, 0xfffffffb, 0x18, 0x8}, {0x1}}}]}, @common=@unspec=@NFQUEUE0={0x28}}, {{@ipv6={@remote, @ipv4={'\x00', '\xff\xff', @dev}, [], [], 'erspan0\x00', 'gre0\x00'}, 0x0, 0x258, 0x2c0, 0x0, {}, [@common=@inet=@hashlimit1={{0x58}, {'pim6reg\x00', {0xc4, 0x0, 0x5, 0x0, 0x0, 0x7, 0x3ff}}}, @common=@inet=@hashlimit3={{0x158}, {'vcan0\x00', {0xffffffffffffffff, 0x0, 0x41, 0x0, 0x2, 0x1000, 0x6, 0x3}}}]}, @unspec=@CT1={0x68, 'CT\x00', 0x1, {0x0, 0x8000, 0x16a, 0x1, 'syz1\x00', 'syz0\x00', {0x80000001}}}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28, '\x00', 0x7}}}}, 0x748)
syz_clone3(&(0x7f0000000740)={0x8180080, 0x0, 0x0, 0x0, {0x39}, 0x0, 0x0, 0x0, &(0x7f00000005c0)=[0xffffffffffffffff], 0x1}, 0x58)
write$sysctl(r1, &(0x7f0000000000)='2\x00', 0x2)

kernel console output (not intermixed with test programs):

Warning: Permanently added '10.128.1.75' (ED25519) to the list of known hosts.
[   75.476372][ T5760] cgroup: Unknown subsys name 'net'
[   75.614651][ T5760] cgroup: Unknown subsys name 'rlimit'
Setting up swapspace version 1, size = 127995904 bytes
[   77.177089][ T5760] Adding 124996k swap on ./swap-file.  Priority:0 extents:1 across:124996k 
[   78.598696][ T5773] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[   78.626786][ T5773] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[   78.636999][ T5773] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[   78.645015][ T5773] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[   78.652842][ T5773] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3
[   78.663981][ T5773] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[   78.684814][ T5773] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1
[   78.697212][ T5773] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9
[   78.704965][ T5773] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9
[   78.717337][ T5773] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4
[   78.735439][ T5773] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3
[   78.747428][ T5773] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2
[   78.814601][   T51] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1
[   78.830888][   T51] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9
[   78.841830][   T51] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9
[   78.858468][   T51] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4
[   78.873710][   T51] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3
[   78.881503][   T51] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2
[   78.891052][   T51] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1
[   78.914277][   T51] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9
[   78.922550][   T51] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9
[   78.930631][   T51] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4
[   78.938613][   T51] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3
[   78.946038][   T51] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2
[   79.187801][ T5771] chnl_net:caif_netlink_parms(): no params data found
[   79.302167][ T5774] chnl_net:caif_netlink_parms(): no params data found
[   79.365073][ T5771] bridge0: port 1(bridge_slave_0) entered blocking state
[   79.372886][ T5771] bridge0: port 1(bridge_slave_0) entered disabled state
[   79.380516][ T5771] bridge_slave_0: entered allmulticast mode
[   79.388055][ T5771] bridge_slave_0: entered promiscuous mode
[   79.399134][ T5771] bridge0: port 2(bridge_slave_1) entered blocking state
[   79.406274][ T5771] bridge0: port 2(bridge_slave_1) entered disabled state
[   79.413935][ T5771] bridge_slave_1: entered allmulticast mode
[   79.421188][ T5771] bridge_slave_1: entered promiscuous mode
[   79.505892][ T5771] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   79.541467][ T5771] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   79.593215][ T5778] chnl_net:caif_netlink_parms(): no params data found
[   79.609138][ T5771] team0: Port device team_slave_0 added
[   79.630053][ T5774] bridge0: port 1(bridge_slave_0) entered blocking state
[   79.637404][ T5774] bridge0: port 1(bridge_slave_0) entered disabled state
[   79.644563][ T5774] bridge_slave_0: entered allmulticast mode
[   79.652002][ T5774] bridge_slave_0: entered promiscuous mode
[   79.665278][ T5774] bridge0: port 2(bridge_slave_1) entered blocking state
[   79.672631][ T5774] bridge0: port 2(bridge_slave_1) entered disabled state
[   79.680539][ T5774] bridge_slave_1: entered allmulticast mode
[   79.689542][ T5774] bridge_slave_1: entered promiscuous mode
[   79.697998][ T5771] team0: Port device team_slave_1 added
[   79.783997][ T5774] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   79.794826][ T5771] batman_adv: batadv0: Adding interface: batadv_slave_0
[   79.802706][ T5771] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   79.829149][ T5771] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   79.846473][ T5771] batman_adv: batadv0: Adding interface: batadv_slave_1
[   79.853522][ T5771] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   79.879793][ T5771] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   79.899028][ T5774] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   79.908420][ T5780] chnl_net:caif_netlink_parms(): no params data found
[   80.014328][ T5778] bridge0: port 1(bridge_slave_0) entered blocking state
[   80.021766][ T5778] bridge0: port 1(bridge_slave_0) entered disabled state
[   80.029064][ T5778] bridge_slave_0: entered allmulticast mode
[   80.036198][ T5778] bridge_slave_0: entered promiscuous mode
[   80.048155][ T5774] team0: Port device team_slave_0 added
[   80.070354][ T5778] bridge0: port 2(bridge_slave_1) entered blocking state
[   80.077994][ T5778] bridge0: port 2(bridge_slave_1) entered disabled state
[   80.085154][ T5778] bridge_slave_1: entered allmulticast mode
[   80.092808][ T5778] bridge_slave_1: entered promiscuous mode
[   80.101147][ T5774] team0: Port device team_slave_1 added
[   80.122983][ T5771] hsr_slave_0: entered promiscuous mode
[   80.129814][ T5771] hsr_slave_1: entered promiscuous mode
[   80.209323][ T5774] batman_adv: batadv0: Adding interface: batadv_slave_0
[   80.216313][ T5774] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   80.242442][ T5774] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   80.257748][ T5778] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   80.267285][ T5780] bridge0: port 1(bridge_slave_0) entered blocking state
[   80.274468][ T5780] bridge0: port 1(bridge_slave_0) entered disabled state
[   80.281929][ T5780] bridge_slave_0: entered allmulticast mode
[   80.295268][ T5780] bridge_slave_0: entered promiscuous mode
[   80.314070][ T5774] batman_adv: batadv0: Adding interface: batadv_slave_1
[   80.321151][ T5774] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   80.349960][ T5774] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   80.363102][ T5778] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   80.392014][ T5780] bridge0: port 2(bridge_slave_1) entered blocking state
[   80.399944][ T5780] bridge0: port 2(bridge_slave_1) entered disabled state
[   80.407741][ T5780] bridge_slave_1: entered allmulticast mode
[   80.415046][ T5780] bridge_slave_1: entered promiscuous mode
[   80.453289][ T5778] team0: Port device team_slave_0 added
[   80.461093][ T5778] team0: Port device team_slave_1 added
[   80.489071][ T5780] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   80.515861][ T5780] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   80.570400][ T5778] batman_adv: batadv0: Adding interface: batadv_slave_0
[   80.577556][ T5778] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   80.603703][ T5778] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   80.628260][ T5780] team0: Port device team_slave_0 added
[   80.639753][ T5774] hsr_slave_0: entered promiscuous mode
[   80.646450][ T5774] hsr_slave_1: entered promiscuous mode
[   80.653246][ T5774] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[   80.661102][ T5774] Cannot create hsr debugfs directory
[   80.686575][ T5778] batman_adv: batadv0: Adding interface: batadv_slave_1
[   80.693674][ T5778] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   80.699879][ T5773] Bluetooth: hci0: command tx timeout
[   80.719653][ T5778] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   80.740949][ T5780] team0: Port device team_slave_1 added
[   80.767116][ T5773] Bluetooth: hci1: command tx timeout
[   80.849480][ T5780] batman_adv: batadv0: Adding interface: batadv_slave_0
[   80.856488][ T5780] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   80.882669][ T5780] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   80.895195][ T5780] batman_adv: batadv0: Adding interface: batadv_slave_1
[   80.902221][ T5780] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   80.928798][ T5780] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   80.954958][ T5778] hsr_slave_0: entered promiscuous mode
[   80.961901][ T5778] hsr_slave_1: entered promiscuous mode
[   80.968676][ T5778] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[   80.976288][ T5778] Cannot create hsr debugfs directory
[   81.016993][ T5083] Bluetooth: hci2: command tx timeout
[   81.022688][ T5773] Bluetooth: hci3: command tx timeout
[   81.053312][ T5780] hsr_slave_0: entered promiscuous mode
[   81.060802][ T5780] hsr_slave_1: entered promiscuous mode
[   81.067321][ T5780] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[   81.074884][ T5780] Cannot create hsr debugfs directory
[   81.141351][ T5771] netdevsim netdevsim0 netdevsim0: renamed from eth0
[   81.181941][ T5771] netdevsim netdevsim0 netdevsim1: renamed from eth1
[   81.192660][ T5771] netdevsim netdevsim0 netdevsim2: renamed from eth2
[   81.231652][ T5771] netdevsim netdevsim0 netdevsim3: renamed from eth3
[   81.450926][ T5774] netdevsim netdevsim2 netdevsim0: renamed from eth0
[   81.471925][ T5774] netdevsim netdevsim2 netdevsim1: renamed from eth1
[   81.487034][ T5774] netdevsim netdevsim2 netdevsim2: renamed from eth2
[   81.519714][ T5774] netdevsim netdevsim2 netdevsim3: renamed from eth3
[   81.579774][ T5778] netdevsim netdevsim3 netdevsim0: renamed from eth0
[   81.590988][ T5778] netdevsim netdevsim3 netdevsim1: renamed from eth1
[   81.622552][ T5778] netdevsim netdevsim3 netdevsim2: renamed from eth2
[   81.635394][ T5778] netdevsim netdevsim3 netdevsim3: renamed from eth3
[   81.684504][ T5780] netdevsim netdevsim1 netdevsim0: renamed from eth0
[   81.694913][ T5780] netdevsim netdevsim1 netdevsim1: renamed from eth1
[   81.706437][ T5780] netdevsim netdevsim1 netdevsim2: renamed from eth2
[   81.737281][ T5780] netdevsim netdevsim1 netdevsim3: renamed from eth3
[   81.800634][ T5771] 8021q: adding VLAN 0 to HW filter on device bond0
[   81.847011][ T5774] 8021q: adding VLAN 0 to HW filter on device bond0
[   81.894896][ T5771] 8021q: adding VLAN 0 to HW filter on device team0
[   81.927263][   T58] bridge0: port 1(bridge_slave_0) entered blocking state
[   81.934649][   T58] bridge0: port 1(bridge_slave_0) entered forwarding state
[   81.953996][ T5774] 8021q: adding VLAN 0 to HW filter on device team0
[   81.979992][   T58] bridge0: port 1(bridge_slave_0) entered blocking state
[   81.987182][   T58] bridge0: port 1(bridge_slave_0) entered forwarding state
[   82.000324][   T58] bridge0: port 2(bridge_slave_1) entered blocking state
[   82.007533][   T58] bridge0: port 2(bridge_slave_1) entered forwarding state
[   82.036372][   T11] bridge0: port 2(bridge_slave_1) entered blocking state
[   82.043533][   T11] bridge0: port 2(bridge_slave_1) entered forwarding state
[   82.091259][ T5778] 8021q: adding VLAN 0 to HW filter on device bond0
[   82.150686][ T5780] 8021q: adding VLAN 0 to HW filter on device bond0
[   82.165941][ T5778] 8021q: adding VLAN 0 to HW filter on device team0
[   82.205821][   T58] bridge0: port 1(bridge_slave_0) entered blocking state
[   82.213007][   T58] bridge0: port 1(bridge_slave_0) entered forwarding state
[   82.233272][   T11] bridge0: port 2(bridge_slave_1) entered blocking state
[   82.240404][   T11] bridge0: port 2(bridge_slave_1) entered forwarding state
[   82.262494][ T5780] 8021q: adding VLAN 0 to HW filter on device team0
[   82.303054][   T58] bridge0: port 1(bridge_slave_0) entered blocking state
[   82.310250][   T58] bridge0: port 1(bridge_slave_0) entered forwarding state
[   82.354136][   T58] bridge0: port 2(bridge_slave_1) entered blocking state
[   82.361437][   T58] bridge0: port 2(bridge_slave_1) entered forwarding state
[   82.746457][ T5771] 8021q: adding VLAN 0 to HW filter on device batadv0
[   82.767902][ T5773] Bluetooth: hci0: command tx timeout
[   82.847409][ T5773] Bluetooth: hci1: command tx timeout
[   82.851139][ T5774] 8021q: adding VLAN 0 to HW filter on device batadv0
[   82.920257][ T5778] 8021q: adding VLAN 0 to HW filter on device batadv0
[   82.936696][ T5771] veth0_vlan: entered promiscuous mode
[   82.958615][ T5780] 8021q: adding VLAN 0 to HW filter on device batadv0
[   82.985347][ T5774] veth0_vlan: entered promiscuous mode
[   83.000925][ T5774] veth1_vlan: entered promiscuous mode
[   83.015142][ T5771] veth1_vlan: entered promiscuous mode
[   83.087891][ T5083] Bluetooth: hci2: command tx timeout
[   83.093440][ T5773] Bluetooth: hci3: command tx timeout
[   83.125433][ T5771] veth0_macvtap: entered promiscuous mode
[   83.142142][ T5778] veth0_vlan: entered promiscuous mode
[   83.150504][ T5771] veth1_macvtap: entered promiscuous mode
[   83.163907][ T5774] veth0_macvtap: entered promiscuous mode
[   83.185771][ T5774] veth1_macvtap: entered promiscuous mode
[   83.194031][ T5780] veth0_vlan: entered promiscuous mode
[   83.209907][ T5771] batman_adv: batadv0: Interface activated: batadv_slave_0
[   83.219818][ T5778] veth1_vlan: entered promiscuous mode
[   83.241623][ T5771] batman_adv: batadv0: Interface activated: batadv_slave_1
[   83.254051][ T5771] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   83.264967][ T5771] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   83.274084][ T5771] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   83.282856][ T5771] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   83.308993][ T5774] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[   83.320745][ T5774] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   83.333396][ T5774] batman_adv: batadv0: Interface activated: batadv_slave_0
[   83.345827][ T5780] veth1_vlan: entered promiscuous mode
[   83.360023][ T5774] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[   83.370676][ T5774] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   83.382510][ T5774] batman_adv: batadv0: Interface activated: batadv_slave_1
[   83.445322][ T5774] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   83.458659][ T5774] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   83.467816][ T5774] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   83.481334][ T5774] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   83.513057][ T5780] veth0_macvtap: entered promiscuous mode
[   83.533264][ T5778] veth0_macvtap: entered promiscuous mode
[   83.547509][ T5778] veth1_macvtap: entered promiscuous mode
[   83.554683][ T5780] veth1_macvtap: entered promiscuous mode
[   83.594962][   T58] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   83.604017][   T58] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   83.685726][ T5780] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[   83.700362][ T5780] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   83.711643][ T5780] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[   83.722135][ T5780] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   83.734399][ T5780] batman_adv: batadv0: Interface activated: batadv_slave_0
[   83.757412][   T11] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   83.765294][   T11] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   83.777169][ T5780] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[   83.789227][ T5780] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   83.800196][ T5780] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[   83.811205][ T5780] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   83.822790][ T5780] batman_adv: batadv0: Interface activated: batadv_slave_1
[   83.856506][   T58] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   83.865468][ T5778] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[   83.886000][   T58] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   83.888088][ T5778] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   83.904115][ T5778] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[   83.915693][ T5778] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   83.925605][ T5778] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[   83.936188][ T5778] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   83.958400][ T5778] batman_adv: batadv0: Interface activated: batadv_slave_0
[   84.001240][ T5780] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   84.011121][ T5780] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   84.020012][ T5780] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   84.028874][ T5780] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   84.041292][ T5778] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[   84.053362][ T5778] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   84.063571][ T5778] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[   84.074806][ T5778] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   84.084883][ T5778] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[   84.095991][ T5778] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   84.107742][ T5778] batman_adv: batadv0: Interface activated: batadv_slave_1
[   84.124041][ T5778] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   84.129036][   T11] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   84.138186][ T5778] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   84.149842][   T11] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   84.158185][ T5778] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   84.167033][ T5778] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   84.398363][ T2928] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   84.411742][ T2928] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   84.539581][   T12] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   84.577561][   T12] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   84.658796][   T11] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   84.681721][   T11] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   84.710474][   T58] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   84.772219][   T58] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   84.855313][ T5773] Bluetooth: hci0: command tx timeout
[   84.937902][ T5773] Bluetooth: hci1: command tx timeout
[   85.176971][ T5773] Bluetooth: hci3: command tx timeout
[   85.182808][ T5083] Bluetooth: hci2: command tx timeout
[   86.317195][ T5826] usb 1-1: new high-speed USB device number 2 using dummy_hcd
[   86.522136][ T5826] usb 1-1: New USB device found, idVendor=0bed, idProduct=1100, bcdDevice=ec.c3
[   86.533911][ T5826] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[   86.651338][ T5826] usb 1-1: config 0 descriptor??
[   86.686069][ T5826] cp210x 1-1:0.0: cp210x converter detected
[   86.764455][ T5850] syz.3.4[5850]: memfd_create() called without MFD_EXEC or MFD_NOEXEC_SEAL set
[   87.021707][ T5850] loop3: detected capacity change from 0 to 32768
[   87.035992][ T5083] Bluetooth: hci0: command tx timeout
[   87.046839][ T5083] Bluetooth: hci1: command tx timeout
[   87.102886][ T5850] BTRFS: device fsid 24c7a497-3402-47dd-bef8-82358f5f30e0 devid 1 transid 8 /dev/loop3 scanned by syz.3.4 (5850)
[   87.150130][ T5850] BTRFS info (device loop3): first mount of filesystem 24c7a497-3402-47dd-bef8-82358f5f30e0
[   87.160861][ T5850] BTRFS info (device loop3): using crc32c (crc32c-intel) checksum algorithm
[   87.169861][ T5850] BTRFS info (device loop3): enabling disk space caching
[   87.177006][ T5850] BTRFS info (device loop3): force clearing of disk cache
[   87.184413][ T5850] BTRFS info (device loop3): setting incompat feature flag for COMPRESS_ZSTD (0x10)
[   87.194501][ T5850] BTRFS info (device loop3): use zstd compression, level 3
[   87.201849][ T5850] BTRFS info (device loop3): disk space caching is enabled
[   87.248946][ T5083] Bluetooth: hci2: command tx timeout
[   87.248990][ T5773] Bluetooth: hci3: command tx timeout
[   87.319726][ T5842] IPVS: sh: FWM 3 0x00000003 - no destination available
[   87.340797][   T28] audit: type=1326 audit(1777724851.003:2): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5841 comm="syz.1.2" exe="/root/ci2-linux-6-6-kasan/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fa4ded9cdd9 code=0x0
[   87.370863][ T5808] IPVS: starting estimator thread 0...
[   87.425528][ T5850] BTRFS info (device loop3): enabling ssd optimizations
[   87.432596][ T5850] BTRFS info (device loop3): auto enabling async discard
[   87.442706][ T5850] BTRFS info (device loop3): rebuilding free space tree
[   87.482311][ T5837] loop0: detected capacity change from 0 to 2048
[   87.489908][ T5862] IPVS: using max 30 ests per chain, 72000 per kthread
[   87.506598][ T5850] BTRFS info (device loop3): disabling free space tree
[   87.513694][ T5850] BTRFS info (device loop3): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1)
[   87.524865][ T5850] BTRFS info (device loop3): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2)
[   87.633712][ T5837] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000)
[   87.705670][ T5872] syz.1.7 (5872): attempted to duplicate a private mapping with mremap.  This is not supported.
[   89.831789][ T5778] BTRFS info (device loop3): last unmount of filesystem 24c7a497-3402-47dd-bef8-82358f5f30e0
[   90.462978][ T5826] cp210x 1-1:0.0: failed to get vendor val 0x000e size 3: -32
[   92.356884][  T788] cfg80211: failed to load regulatory.db
[   93.042829][ T5826] usb 1-1: cp210x converter now attached to ttyUSB0
[   93.187683][ T5888] xt_CHECKSUM: CHECKSUM should be avoided.  If really needed, restrict with "-p udp" and only use in OUTPUT
[   94.382057][ T5893] loop1: detected capacity change from 0 to 4096
[   94.393972][ T5893] NILFS: invalid option "cp=0x0000000000000002": read-only option is not specified
[   96.548834][ T5826] usb 1-1: USB disconnect, device number 2
[   96.688995][ T5762] I/O error, dev loop1, sector 3968 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2
[   96.701016][ T5826] cp210x ttyUSB0: cp210x converter now disconnected from ttyUSB0
[   96.733307][ T5826] cp210x 1-1:0.0: device disconnected
[   97.045963][ T5905] Zero length message leads to an empty skb
[   97.351723][ T5900] loop2: detected capacity change from 0 to 256
[   97.420566][ T5904] loop5: detected capacity change from 0 to 7
[   97.481906][ T5904] Dev loop5: unable to read RDB block 7
[   97.488393][ T5904]  loop5: AHDI p1
[   97.492216][ T5904] loop5: partition table partially beyond EOD, truncated
[   98.460273][ T5913] loop3: detected capacity change from 0 to 256
[   98.467614][ T5913] exfat: Deprecated parameter 'utf8'
[   98.902923][ T5826] IPVS: starting estimator thread 0...
[   98.982968][ T5913] exFAT-fs (loop3): failed to load upcase table (idx : 0x00010000, chksum : 0xe3865569, utbl_chksum : 0xe619d30d)
[   99.106851][ T5916] IPVS: using max 25 ests per chain, 60000 per kthread
[   99.996619][ T5921] tipc: Enabling of bearer <udp:syz2> rejected, failed to enable media
[  100.408035][ T5929] netlink: 'syz.1.18': attribute type 10 has an invalid length.
[  100.415987][ T5929] netlink: 40 bytes leftover after parsing attributes in process `syz.1.18'.
[  100.425714][ T5929] batadv0: entered promiscuous mode
[  100.430998][ T5929] batadv0: entered allmulticast mode
[  100.437105][ T5929] bridge0: port 3(batadv0) entered blocking state
[  100.443661][ T5929] bridge0: port 3(batadv0) entered disabled state
[  100.452319][ T5929] bridge0: port 3(batadv0) entered blocking state
[  100.459195][ T5929] bridge0: port 3(batadv0) entered forwarding state
[  102.182007][ T5931] DRBG: could not allocate CTR cipher TFM handle: ctr(aes)
[  102.949368][ T5940] netdevsim netdevsim2 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0
[  102.958484][ T5940] netdevsim netdevsim2 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0
[  102.967319][ T5940] netdevsim netdevsim2 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0
[  102.976050][ T5940] netdevsim netdevsim2 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0
[  103.008307][ T2928] batman_adv: batadv0: No IGMP Querier present - multicast optimizations disabled
[  103.017922][ T2928] batman_adv: batadv0: No MLD Querier present - multicast optimizations disabled
[  103.354920][ T5940] netdevsim netdevsim2 netdevsim0: unset [0, 0] type 1 family 0 port 8472 - 0
[  103.363971][ T5940] netdevsim netdevsim2 netdevsim1: unset [0, 0] type 1 family 0 port 8472 - 0
[  103.372992][ T5940] netdevsim netdevsim2 netdevsim2: unset [0, 0] type 1 family 0 port 8472 - 0
[  103.381997][ T5940] netdevsim netdevsim2 netdevsim3: unset [0, 0] type 1 family 0 port 8472 - 0
[  105.019799][ T5941] netdevsim netdevsim2 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0
[  105.028723][ T5941] netdevsim netdevsim2 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0
[  105.038221][ T5941] netdevsim netdevsim2 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0
[  105.047090][ T5941] netdevsim netdevsim2 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0
[  105.065444][ T5948] loop1: detected capacity change from 0 to 512
[  105.082657][ T5941] netdevsim netdevsim2 netdevsim0: unset [0, 0] type 1 family 0 port 8472 - 0
[  105.091831][ T5941] netdevsim netdevsim2 netdevsim1: unset [0, 0] type 1 family 0 port 8472 - 0
[  105.100796][ T5941] netdevsim netdevsim2 netdevsim2: unset [0, 0] type 1 family 0 port 8472 - 0
[  105.109771][ T5941] netdevsim netdevsim2 netdevsim3: unset [0, 0] type 1 family 0 port 8472 - 0
[  105.270972][ T5948] EXT4-fs (loop1): Test dummy encryption mode enabled
[  105.783592][ T5948] EXT4-fs (loop1): 1 truncate cleaned up
[  105.875067][ T5948] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  106.641532][ T5956] vhci_hcd vhci_hcd.0: pdev(1) rhport(0) sockfd(11)
[  106.648438][ T5956] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed)
[  106.657763][ T5956] vhci_hcd vhci_hcd.0: Device attached
[  107.453568][ T5964] genirq: Flags mismatch irq 4. 00000000 (pcmmio) vs. 00000000 (ttyS0)
[  107.767462][ T5960] workqueue: Failed to create a rescuer kthread for wq "ceph-watch-notify": -EINTR
[  107.848505][ T5957] vhci_hcd: connection closed
[  108.043561][ T5965] vhci_hcd: stop threads
[  108.139739][ T5962] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.
[  108.266957][ T5965] vhci_hcd: release socket
[  108.300627][ T5965] vhci_hcd: disconnect device
[  108.640767][ T5780] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  108.666488][   T28] audit: type=1326 audit(1777724872.323:3): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5970 comm="syz.2.24" exe="/root/ci2-linux-6-6-kasan/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f08f679cdd9 code=0x7ffc0000
[  108.750633][   T28] audit: type=1326 audit(1777724872.323:4): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5970 comm="syz.2.24" exe="/root/ci2-linux-6-6-kasan/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f08f679cdd9 code=0x7ffc0000
[  108.781067][   T28] audit: type=1326 audit(1777724872.323:5): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5970 comm="syz.2.24" exe="/root/ci2-linux-6-6-kasan/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7f08f679cdd9 code=0x7ffc0000
[  108.975773][ T5979] bridge0: port 3(batadv0) entered disabled state
[  109.704804][ T5979] bridge_slave_0: left allmulticast mode
[  109.710567][ T5979] bridge_slave_0: left promiscuous mode
[  109.716352][ T5979] bridge0: port 1(bridge_slave_0) entered disabled state
[  109.730677][ T5979] bridge_slave_1: left allmulticast mode
[  109.736378][ T5979] bridge_slave_1: left promiscuous mode
[  109.743263][ T5979] bridge0: port 2(bridge_slave_1) entered disabled state
[  109.794142][ T5979] bond0: (slave bond_slave_0): Releasing backup interface
[  109.826575][   T28] audit: type=1326 audit(1777724872.333:6): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5970 comm="syz.2.24" exe="/root/ci2-linux-6-6-kasan/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f08f679cdd9 code=0x7ffc0000
[  110.278688][   T28] audit: type=1326 audit(1777724872.333:7): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5970 comm="syz.2.24" exe="/root/ci2-linux-6-6-kasan/syz-executor" sig=0 arch=c000003e syscall=49 compat=0 ip=0x7f08f679cdd9 code=0x7ffc0000
[  110.337235][ T5979] bond0: (slave bond_slave_1): Releasing backup interface
[  110.364856][   T28] audit: type=1326 audit(1777724872.333:8): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5970 comm="syz.2.24" exe="/root/ci2-linux-6-6-kasan/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f08f679cdd9 code=0x7ffc0000
[  110.495978][   T28] audit: type=1326 audit(1777724872.333:9): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5970 comm="syz.2.24" exe="/root/ci2-linux-6-6-kasan/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f08f679cdd9 code=0x7ffc0000
[  110.535816][ T5979] team0: Port device team_slave_0 removed
[  110.753179][   T28] audit: type=1326 audit(1777724872.333:10): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5970 comm="syz.2.24" exe="/root/ci2-linux-6-6-kasan/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7f08f679cdd9 code=0x7ffc0000
[  110.920565][ T5979] team0: Port device team_slave_1 removed
[  110.930590][ T5979] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  110.938249][ T5979] batman_adv: batadv0: Removing interface: batadv_slave_0
[  111.060840][ T5979] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  111.068663][ T5979] batman_adv: batadv0: Removing interface: batadv_slave_1
[  111.537903][   T28] audit: type=1326 audit(1777724872.333:11): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5970 comm="syz.2.24" exe="/root/ci2-linux-6-6-kasan/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f08f679cdd9 code=0x7ffc0000
[  111.921732][   T28] audit: type=1326 audit(1777724872.333:12): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5970 comm="syz.2.24" exe="/root/ci2-linux-6-6-kasan/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f08f679cdd9 code=0x7ffc0000
[  112.418425][ T5997] syz.1.28 calls setitimer() with new_value NULL pointer. Misfeature support will be removed
[  112.462228][ T5997] ptrace attach of "ci2-linux-6-6-kasan/syz-executor exec"[5780] was attempted by "                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            
[  114.254169][ T6007] netlink: 8 bytes leftover after parsing attributes in process `syz.2.31'.
[  115.716786][ T5826] IPVS: starting estimator thread 0...
[  115.817038][ T6009] IPVS: using max 22 ests per chain, 52800 per kthread
[  116.258182][ T6017] mmap: syz.2.32 (6017) uses deprecated remap_file_pages() syscall. See Documentation/mm/remap_file_pages.rst.
[  116.874862][ T6016] platform regulatory.0: loading /lib/firmware/regulatory.db failed with error -12
[  116.884293][ T6016] platform regulatory.0: Direct firmware load for regulatory.db failed with error -12
[  116.893952][ T6016] platform regulatory.0: Falling back to sysfs fallback for: regulatory.db
[  117.000483][   T28] kauditd_printk_skb: 21 callbacks suppressed
[  117.000497][   T28] audit: type=1800 audit(1777724880.543:34): pid=6016 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.2.32" name="regulatory.db" dev="sda1" ino=448 res=0 errno=0
[  117.309571][ T6025] kvm_intel: L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/l1tf.html for details.
[  118.298759][ T6014] IPVS: sh: FWM 3 0x00000003 - no destination available
[  118.555149][   T28] audit: type=1326 audit(1777724882.223:35): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6010 comm="syz.1.33" exe="/root/ci2-linux-6-6-kasan/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fa4ded9cdd9 code=0x0
[  118.849770][ T6037] lo speed is unknown, defaulting to 1000
[  118.857365][ T6037] lo speed is unknown, defaulting to 1000
[  118.888707][ T6037] lo speed is unknown, defaulting to 1000
[  118.949748][ T6037] iwpm_register_pid: Unable to send a nlmsg (client = 2)
[  119.008769][ T6037] infiniband syz2: RDMA CMA: cma_listen_on_dev, error -98
[  119.089801][ T6037] lo speed is unknown, defaulting to 1000
[  119.101557][ T6037] lo speed is unknown, defaulting to 1000
[  119.112234][ T6037] lo speed is unknown, defaulting to 1000
[  119.123757][ T6037] lo speed is unknown, defaulting to 1000
[  121.297706][ T6055] loop0: detected capacity change from 0 to 131072
[  121.339609][ T6055] F2FS-fs (loop0): invalid crc value
[  121.364663][ T6055] F2FS-fs (loop0): Found nat_bits in checkpoint
[  121.473034][ T6055] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e4
[  122.008939][ T6067] loop3: detected capacity change from 0 to 40427
[  122.025169][ T6067] F2FS-fs (loop3): invalid crc value
[  122.041551][ T6067] F2FS-fs (loop3): Found nat_bits in checkpoint
[  122.074533][ T6072] syz.2.41 uses obsolete (PF_INET,SOCK_PACKET)
[  122.096901][ T6067] F2FS-fs (loop3): Start checkpoint disabled!
[  122.108156][ T6067] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e6
[  122.151363][ T6072] Bluetooth: MGMT ver 1.22
[  123.575544][ T2928] kworker/u4:9: attempt to access beyond end of device
[  123.575544][ T2928] loop3: rw=2049, sector=40960, nr_sectors = 24 limit=40427
[  123.638085][ T2928] F2FS-fs (loop3): Stopped filesystem due to reason: 3
[  123.645396][ T2928] F2FS-fs (loop3): Stopped filesystem due to reason: 3
[  123.652868][ T2928] F2FS-fs (loop3): Stopped filesystem due to reason: 3
[  123.733417][ T6078] loop1: detected capacity change from 0 to 32768
[  124.257394][ T6085] read_mapping_page failed!
[  124.262430][ T6085] ERROR: (device loop1): txCommit: 
[  124.262430][ T6085] 
[  124.518177][ T6083] xt_TPROXY: Can be used only with -p tcp or -p udp
[  125.419945][ T2928] read_mapping_page failed!
[  125.424728][ T2928] ERROR: (device loop1): txCommit: 
[  125.424728][ T2928] 
[  125.457854][ T2928] jfs_write_inode: jfs_commit_inode failed!
[  126.111684][ T6090] netlink: 12 bytes leftover after parsing attributes in process `syz.1.46'.
[  126.313513][ T6090] =======================================================
[  126.313513][ T6090] WARNING: The mand mount option has been deprecated and
[  126.313513][ T6090]          and is ignored by this kernel. Remove the mand
[  126.313513][ T6090]          option from the mount to silence this warning.
[  126.313513][ T6090] =======================================================
[  126.669540][ T6090] loop1: detected capacity change from 0 to 256
[  126.686803][ T6090] FAT-fs (loop1): Unrecognized mount option "nonumtailá=0" or missing value
[  129.015416][ T6109] loop2: detected capacity change from 0 to 2048
[  129.066628][ T6109] NILFS (loop2): broken superblock, retrying with spare superblock (blocksize = 1024)
[  129.107982][ T5895] udevd[5895]: incorrect nilfs2 checksum on /dev/loop2
[  129.897383][ T6116] NILFS (loop2): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
[  130.681496][ T6123] loop0: detected capacity change from 0 to 512
[  130.899685][ T6123] EXT4-fs: test_dummy_encryption requires encrypt feature
[  131.823465][ T6121] loop0: detected capacity change from 0 to 512
[  131.873600][ T6121] EXT4-fs error (device loop0): ext4_xattr_inode_iget:441: inode #11: comm syz.0.52: iget: bad extra_isize 90 (inode size 256)
[  131.910026][ T6121] EXT4-fs error (device loop0): ext4_xattr_inode_iget:446: comm syz.0.52: error while reading EA inode 11 err=-117
[  131.930458][ T6121] EXT4-fs warning (device loop0): ext4_expand_extra_isize_ea:2853: Unable to expand inode 15. Delete some EAs or run e2fsck.
[  131.943832][ T6121] EXT4-fs error (device loop0): ext4_xattr_inode_iget:441: inode #11: comm syz.0.52: iget: bad extra_isize 90 (inode size 256)
[  131.972479][ T6121] EXT4-fs error (device loop0): ext4_xattr_inode_iget:446: comm syz.0.52: error while reading EA inode 11 err=-117
[  131.993011][ T6121] EXT4-fs error (device loop0): ext4_xattr_inode_iget:441: inode #18: comm syz.0.52: iget: bad extra_isize 90 (inode size 256)
[  132.011564][ T6121] EXT4-fs error (device loop0): ext4_xattr_inode_iget:446: comm syz.0.52: error while reading EA inode 18 err=-117
[  132.033042][ T6121] EXT4-fs error (device loop0): ext4_xattr_inode_iget:441: inode #18: comm syz.0.52: iget: bad extra_isize 90 (inode size 256)
[  132.050820][ T6121] EXT4-fs error (device loop0): ext4_xattr_inode_iget:446: comm syz.0.52: error while reading EA inode 18 err=-117
[  132.073823][ T6121] EXT4-fs (loop0): 1 orphan inode deleted
[  132.081709][ T6121] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  132.406403][ T5771] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  133.693594][ T1289] ieee802154 phy0 wpan0: encryption failed: -22
[  133.700548][ T1289] ieee802154 phy1 wpan1: encryption failed: -22
[  134.874007][ T6152] loop0: detected capacity change from 0 to 16
[  134.907614][ T6152] erofs: (device loop0): erofs_read_inode: bogus i_mode (177777) @ nid 36
[  135.726164][ T6149] netlink: 60 bytes leftover after parsing attributes in process `syz.2.56'.
[  135.749548][ T6149] netlink: 12 bytes leftover after parsing attributes in process `syz.2.56'.
[  136.162134][ T6154] sched: RT throttling activated
[  136.171360][ T6149] netlink: 8 bytes leftover after parsing attributes in process `syz.2.56'.
[  136.659469][ T6161] overlayfs: failed to clone upperpath
[  136.678800][ T5895] I/O error, dev loop0, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2
[  137.138986][ T6166] RDS: rds_bind could not find a transport for ::ffff:172.30.1.2, load rds_tcp or rds_rdma?
[  137.281253][ T6167] netlink: 4 bytes leftover after parsing attributes in process `syz.1.61'.
[  139.722635][ T6178] netlink: 4 bytes leftover after parsing attributes in process `syz.0.63'.
[  140.699702][ T6180] loop2: detected capacity change from 0 to 32768
[  141.196125][ T6180] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop2 scanned by syz.2.65 (6180)
[  141.222956][ T6180] BTRFS info (device loop2): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[  141.233271][ T6180] BTRFS info (device loop2): using crc32c (crc32c-intel) checksum algorithm
[  141.242039][ T6180] BTRFS info (device loop2): turning on sync discard
[  141.248741][ T6180] BTRFS info (device loop2): setting incompat feature flag for COMPRESS_ZSTD (0x10)
[  141.258181][ T6180] BTRFS info (device loop2): use zstd compression, level 3
[  141.266078][ T6180] BTRFS info (device loop2): turning on async discard
[  141.272995][ T6180] BTRFS warning (device loop2): 'usebackuproot' is deprecated, use 'rescue=usebackuproot' instead
[  141.283648][ T6180] BTRFS info (device loop2): trying to use backup root at mount time
[  141.291758][ T6180] BTRFS info (device loop2): force zlib compression, level 3
[  141.299223][ T6180] BTRFS info (device loop2): using free space tree
[  141.559722][ T2888] BTRFS warning (device loop2): checksum verify failed on logical 5337088 mirror 1 wanted 0xe63dbdda found 0xc926492d level 0
[  141.766329][ T6180] BTRFS error (device loop2): failed to load root extent
[  141.773427][ T6180] BTRFS warning (device loop2): try to load backup roots slot 1
[  141.786979][ T5965] BTRFS warning (device loop2): checksum verify failed on logical 5324800 mirror 1 wanted 0x9f73850b found 0x80379423 level 0
[  142.175370][ T6202] fuse: Bad value for 'fd'
[  144.105088][    T0] NOHZ tick-stop error: local softirq work is pending, handler #40!!!
[  144.153448][ T6180] BTRFS warning (device loop2): couldn't read tree root
[  144.160590][ T6180] BTRFS warning (device loop2): try to load backup roots slot 2
[  144.187779][   T11] BTRFS error (device loop2): level verify failed on logical 5255168 mirror 1 wanted 0 found 1
[  145.665263][ T6180] BTRFS warning (device loop2): couldn't read tree root
[  145.672270][ T6180] BTRFS warning (device loop2): try to load backup roots slot 3
[  145.795331][ T6180] BTRFS error (device loop2): open_ctree failed: -4
[  146.840708][    T0] NOHZ tick-stop error: local softirq work is pending, handler #40!!!
[  147.569975][ T5895] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop2 scanned by udevd (5895)
[  150.276180][ T6239] A link change request failed with some changes committed already. Interface bridge_slave_1 may have been left with an inconsistent configuration, please check.
[  150.722038][    C0] bridge0: received packet on bridge_slave_1 with own address as source address (addr:aa:aa:aa:aa:aa:1c, vlan:0)
[  151.328907][    T0] NOHZ tick-stop error: local softirq work is pending, handler #c0!!!
[  151.710037][ T6247] ieee802154 phy0 wpan0: encryption failed: -22
[  152.667064][ T5827] usb 3-1: new full-speed USB device number 2 using dummy_hcd
[  153.274995][ T6260] netlink: 4 bytes leftover after parsing attributes in process `syz.1.79'.
[  154.876082][ T6266] warning: `syz.2.78' uses wireless extensions which will stop working for Wi-Fi 7 hardware; use nl80211
[  155.289136][ T6265] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  155.299543][ T6265] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  155.386722][ T6267] lo speed is unknown, defaulting to 1000
[  155.512071][ T6269] netlink: 28 bytes leftover after parsing attributes in process `syz.3.72'.
[  155.692947][ T6271] netlink: 32 bytes leftover after parsing attributes in process `syz.1.80'.
[  156.630393][ T5827] usb 3-1: unable to get BOS descriptor or descriptor too short
[  156.640536][ T5827] usb 3-1: unable to read config index 0 descriptor/start: -71
[  156.648193][ T5827] usb 3-1: can't read configurations, error -71
[  156.681596][ T6277] input: syz0 as /devices/virtual/input/input5
[  157.560977][ T6277] netlink: 140 bytes leftover after parsing attributes in process `syz.0.81'.
[  159.557839][ T6287] netlink: 16 bytes leftover after parsing attributes in process `syz.2.83'.
[  160.743090][    T0] NOHZ tick-stop error: local softirq work is pending, handler #c0!!!
[  161.246859][ T6314] capability: warning: `syz.1.88' uses deprecated v2 capabilities in a way that may be insecure
[  164.810235][ T6331] tipc: Started in network mode
[  164.815401][ T6331] tipc: Node identity fffffff8, cluster identity 4711
[  164.822200][ T6331] tipc: Node number set to 4294967288
[  167.242596][ T6350] netlink: 'syz.2.94': attribute type 1 has an invalid length.
[  167.354538][ T6351] netdevsim netdevsim2 netdevsim0: set [1, 1] type 2 family 0 port 20004 - 0
[  167.363670][ T6351] netdevsim netdevsim2 netdevsim1: set [1, 1] type 2 family 0 port 20004 - 0
[  167.372916][ T6351] netdevsim netdevsim2 netdevsim2: set [1, 1] type 2 family 0 port 20004 - 0
[  167.382712][ T6351] netdevsim netdevsim2 netdevsim3: set [1, 1] type 2 family 0 port 20004 - 0
[  167.395163][ T6351] bond1: (slave geneve2): making interface the new active one
[  167.410443][ T6351] bond1: (slave geneve2): Enslaving as an active interface with an up link
[  167.614348][ T6351] syz.2.94 (6351) used greatest stack depth: 20048 bytes left
[  168.029083][ T6358] loop0: detected capacity change from 0 to 32768
[  168.150001][ T6363] IPv6: syztnl0: Disabled Multicast RS
[  168.782095][ T6358] XFS (loop0): Mounting V5 Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb
[  169.033339][ T5434] veth0_macvtap: left promiscuous mode
[  169.052796][ T6358] XFS (loop0): Ending clean mount
[  169.074892][ T6358] XFS (loop0): Quotacheck needed: Please wait.
[  169.260005][ T6358] XFS (loop0): Quotacheck: Done.
[  170.371927][   T28] audit: type=1804 audit(1777724930.498:36): pid=6381 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.0.95" name="/newroot/19/file0/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" dev="loop0" ino=4429 res=1 errno=0
[  170.968197][ T6384] 9pnet_virtio: no channels available for device syz
[  171.187033][ T5771] XFS (loop0): Unmounting Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb
[  171.458340][ T6389] netlink: 64 bytes leftover after parsing attributes in process `syz.1.90'.
[  172.480945][ T6394] Bluetooth: MGMT ver 1.22
[  172.520654][ T6394] netlink: 24 bytes leftover after parsing attributes in process `syz.3.100'.
[  173.626308][ T6411] loop3: detected capacity change from 0 to 164
[  175.858498][ T6415] loop0: detected capacity change from 0 to 2048
[  176.573596][ T6415] NILFS (loop0): broken superblock, retrying with spare superblock (blocksize = 1024)
[  176.610485][ T6416] NILFS (loop0): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
[  177.438266][ T6426] netlink: 8 bytes leftover after parsing attributes in process `syz.2.105'.
[  177.453724][ T6426] netlink: 4 bytes leftover after parsing attributes in process `syz.2.105'.
[  177.463038][ T6426] netlink: 'syz.2.105': attribute type 11 has an invalid length.
[  177.477868][ T6426] netlink: 'syz.2.105': attribute type 13 has an invalid length.
[  177.598867][ T6429] UDPLite6: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list
[  177.622121][ T6426] bridge0: port 2(bridge_slave_1) entered disabled state
[  177.630622][ T6426] bridge0: port 1(bridge_slave_0) entered disabled state
[  177.721631][ T6426] bridge0: entered allmulticast mode
[  178.155133][ T6436] tipc: Started in network mode
[  178.160131][ T6436] tipc: Node identity fe800000000000000000000000000014, cluster identity 4711
[  178.174696][ T6436] tipc: Enabled bearer <udp:syz1>, priority 10
[  178.254434][ T6426] bridge_slave_1: left allmulticast mode
[  178.600036][ T6426] bridge_slave_1: left promiscuous mode
[  178.608190][ T6426] bridge0: port 2(bridge_slave_1) entered disabled state
[  178.641688][ T6426] bridge_slave_0: left allmulticast mode
[  178.648689][ T6426] bridge_slave_0: left promiscuous mode
[  178.659800][ T6426] bridge0: port 1(bridge_slave_0) entered disabled state
[  180.113802][   T27] tipc: Node number set to 4269801492
[  181.092272][ T5773] Bluetooth: hci0: command tx timeout
[  181.511140][ T6468] loop1: detected capacity change from 0 to 2048
[  181.548733][ T6468] NILFS (loop1): broken superblock, retrying with spare superblock (blocksize = 1024)
[  182.052154][ T6469] NILFS (loop1): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
[  182.155010][ T6467] loop3: detected capacity change from 0 to 2048
[  182.199467][ T6467] NILFS (loop3): broken superblock, retrying with spare superblock (blocksize = 1024)
[  182.251195][ T6472] NILFS (loop3): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
[  183.713095][ T6478] IPVS: sh: FWM 3 0x00000003 - no destination available
[  183.722281][ T5808] IPVS: starting estimator thread 0...
[  183.801696][ T6486] dvb_demux: dvb_demux_feed_del: feed not in list (type=0 state=0 pid=ffff)
[  183.889571][ T6484] IPVS: using max 19 ests per chain, 45600 per kthread
[  184.556428][   T28] audit: type=1326 audit(1777724944.338:37): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6475 comm="syz.0.114" exe="/root/ci2-linux-6-6-kasan/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f9ccfb9cdd9 code=0x0
[  184.872475][ T6493] NILFS error (device loop3): nilfs_lookup: deleted inode referenced: 12
[  184.954350][ T6503] netlink: 180 bytes leftover after parsing attributes in process `syz.1.124'.
[  185.169849][ T6493] Remounting filesystem read-only
[  186.304945][ T6510] netlink: 24 bytes leftover after parsing attributes in process `syz.0.117'.
[  186.587828][ T6512] loop2: detected capacity change from 0 to 32768
[  186.970695][ T6522] xt_TPROXY: Can be used only with -p tcp or -p udp
[  187.233608][ T6526] read_mapping_page failed!
[  187.238225][ T6526] ERROR: (device loop2): txCommit: 
[  187.238225][ T6526] 
[  188.258712][ T5944] read_mapping_page failed!
[  188.275836][ T5944] ERROR: (device loop2): txCommit: 
[  188.275836][ T5944] 
[  188.284298][ T5944] jfs_write_inode: jfs_commit_inode failed!
[  190.045039][   T58] NILFS (loop3): discard dirty page: offset=0, ino=3
[  190.052148][   T58] NILFS (loop3): discard dirty block: blocknr=42, size=1024
[  190.086307][   T58] NILFS (loop3): discard dirty block: blocknr=43, size=1024
[  190.106619][   T58] NILFS (loop3): discard dirty block: blocknr=44, size=1024
[  190.118245][   T58] NILFS (loop3): discard dirty block: blocknr=18446744073709551615, size=1024
[  190.129916][   T58] NILFS (loop3): discard dirty page: offset=0, ino=6
[  190.136643][   T58] NILFS (loop3): discard dirty block: blocknr=3, size=1024
[  190.387949][   T58] NILFS (loop3): discard dirty block: blocknr=18446744073709551615, size=1024
[  190.398042][   T58] NILFS (loop3): discard dirty block: blocknr=37, size=1024
[  190.803739][ T6557] dvb_demux: dvb_demux_feed_del: feed not in list (type=0 state=0 pid=ffff)
[  190.846168][ T6563] loop2: detected capacity change from 0 to 2048
[  191.438474][ T6563] NILFS (loop2): broken superblock, retrying with spare superblock (blocksize = 1024)
[  191.464229][   T58] NILFS (loop3): discard dirty block: blocknr=38, size=1024
[  191.477055][ T6567] NILFS (loop2): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
[  191.924410][   T58] NILFS (loop3): discard dirty page: offset=0, ino=2097152
[  192.546770][ T6576] netlink: 180 bytes leftover after parsing attributes in process `syz.0.127'.
[  192.801372][   T58] NILFS (loop3): discard dirty block: blocknr=0, size=1024
[  192.822029][   T58] NILFS (loop3): discard dirty block: blocknr=18446744073709551615, size=1024
[  193.308429][ T6573] DRBG: could not allocate CTR cipher TFM handle: ctr(aes)
[  193.373330][   T58] NILFS (loop3): discard dirty block: blocknr=18446744073709551615, size=1024
[  193.455229][   T58] NILFS (loop3): discard dirty block: blocknr=18446744073709551615, size=1024
[  193.571667][ T5778] NILFS (loop3): disposed unprocessed dirty file(s) when detaching log writer
[  193.646101][ T5778] NILFS (loop3): discard dirty page: offset=0, ino=2
[  193.719458][ T5778] NILFS (loop3): discard dirty block: blocknr=18, size=1024
[  193.784517][ T5778] NILFS (loop3): discard dirty block: blocknr=18446744073709551615, size=1024
[  193.883757][ T5778] NILFS (loop3): discard dirty block: blocknr=18446744073709551615, size=1024
[  193.909008][ T5778] NILFS (loop3): discard dirty block: blocknr=18446744073709551615, size=1024
[  194.798895][ T5778] NILFS (loop3): discard dirty page: offset=268697600, ino=6
[  194.821138][ T5778] NILFS (loop3): discard dirty block: blocknr=18446744073709551615, size=1024
[  194.830069][ T5778] NILFS (loop3): discard dirty block: blocknr=0, size=1024
[  194.885293][ T5778] NILFS (loop3): discard dirty block: blocknr=0, size=1024
[  194.909248][ T5778] NILFS (loop3): discard dirty block: blocknr=0, size=1024
[  194.935902][ T5778] NILFS (loop3): discard dirty page: offset=196608, ino=3
[  194.944019][ T5778] NILFS (loop3): discard dirty block: blocknr=18446744073709551615, size=1024
[  194.959924][ T5778] NILFS (loop3): discard dirty block: blocknr=18446744073709551615, size=1024
[  194.968812][ T5778] NILFS (loop3): discard dirty block: blocknr=49, size=1024
[  194.978256][ T5778] NILFS (loop3): discard dirty block: blocknr=18446744073709551615, size=1024
[  195.628671][ T5778] NILFS (loop3): discard dirty page: offset=67371008, ino=3
[  195.989826][ T5778] NILFS (loop3): discard dirty block: blocknr=18446744073709551615, size=1024
[  196.015551][ T5778] NILFS (loop3): discard dirty block: blocknr=0, size=1024
[  196.026214][ T5778] NILFS (loop3): discard dirty block: blocknr=0, size=1024
[  196.038978][ T5778] NILFS (loop3): discard dirty block: blocknr=0, size=1024
[  196.752039][ T6614] capability: warning: `syz.1.135' uses 32-bit capabilities (legacy support in use)
[  198.153641][ T6612] xt_TPROXY: Can be used only with -p tcp or -p udp
[  198.587216][ T6619] loop3: detected capacity change from 0 to 512
[  198.609383][ T6619] EXT4-fs (loop3): Test dummy encryption mode enabled
[  198.630417][ T6622] netlink: 8 bytes leftover after parsing attributes in process `syz.2.137'.
[  198.649747][ T6619] EXT4-fs (loop3): 1 truncate cleaned up
[  198.656736][ T6619] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  199.149776][ T6631] netlink: 36 bytes leftover after parsing attributes in process `syz.2.138'.
[  199.282649][ T1289] ieee802154 phy1 wpan1: encryption failed: -22
[  199.879752][ T6629] vhci_hcd vhci_hcd.0: pdev(3) rhport(0) sockfd(11)
[  199.886510][ T6629] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed)
[  199.894453][ T6629] vhci_hcd vhci_hcd.0: Device attached
[  200.265522][   T27] usb 39-1: new low-speed USB device number 2 using vhci_hcd
[  200.486166][ T6632] vhci_hcd: connection reset by peer
[  201.424699][ T2888] vhci_hcd: stop threads
[  201.644584][ T2888] vhci_hcd: release socket
[  202.003532][ T6644] syz.0.140 (6644) used greatest stack depth: 19696 bytes left
[  202.290859][ T2888] vhci_hcd: disconnect device
[  202.357599][ T5778] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  202.633210][ T6650] netlink: 180 bytes leftover after parsing attributes in process `syz.0.152'.
[  205.009627][ T6667] syz.3.144 (6667) used greatest stack depth: 17384 bytes left
[  205.603180][ T6683] netlink: 180 bytes leftover after parsing attributes in process `syz.0.149'.
[  205.774325][   T27] vhci_hcd: vhci_device speed not set
[  207.641129][ T6701] xt_TPROXY: Can be used only with -p tcp or -p udp
[  208.057173][ T6670] Bluetooth: hci1: command 0x0406 tx timeout
[  208.520702][ T6670] Bluetooth: hci2: command 0x0406 tx timeout
[  208.527030][ T6670] Bluetooth: hci3: command 0x0406 tx timeout
[  208.539883][ T6670] Bluetooth: hci0: command 0x0406 tx timeout
[  209.481492][ T6717] netlink: 180 bytes leftover after parsing attributes in process `syz.0.155'.
[  210.987459][ T6730] PKCS8: Unsupported PKCS#8 version
[  211.266875][ T6736] netlink: 180 bytes leftover after parsing attributes in process `syz.3.161'.
[  213.814744][ T6754] bond0: (slave bond_slave_0): Releasing backup interface
[  214.614805][ T6754] bond0: (slave bond_slave_1): Releasing backup interface
[  214.671714][ T6754] team0: Port device team_slave_0 removed
[  214.723163][ T6754] team0: Port device team_slave_1 removed
[  214.729872][ T6754] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  214.737325][ T6754] batman_adv: batadv0: Removing interface: batadv_slave_0
[  214.772593][ T6754] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  214.780231][ T6754] batman_adv: batadv0: Removing interface: batadv_slave_1
[  214.815750][ T6754] bond1: (slave geneve2): Releasing active interface
[  214.852376][ T6754] netdevsim netdevsim2 netdevsim0: unset [1, 1] type 2 family 0 port 20004 - 0
[  214.861654][ T6754] netdevsim netdevsim2 netdevsim1: unset [1, 1] type 2 family 0 port 20004 - 0
[  214.871224][ T6754] netdevsim netdevsim2 netdevsim2: unset [1, 1] type 2 family 0 port 20004 - 0
[  214.880267][ T6754] netdevsim netdevsim2 netdevsim3: unset [1, 1] type 2 family 0 port 20004 - 0
[  215.157532][ T6761] platform regulatory.0: loading /lib/firmware/regulatory.db failed with error -12
[  215.166960][ T6761] platform regulatory.0: Direct firmware load for regulatory.db failed with error -12
[  215.176810][ T6761] platform regulatory.0: Falling back to sysfs fallback for: regulatory.db
[  216.245261][ T6777] netlink: 8 bytes leftover after parsing attributes in process `syz.0.176'.
[  216.265608][ T6777] netlink: 4 bytes leftover after parsing attributes in process `syz.0.176'.
[  216.291918][ T6777] netlink: 'syz.0.176': attribute type 11 has an invalid length.
[  216.363915][ T6775] loop2: detected capacity change from 0 to 4096
[  216.378105][ T6777] netlink: 'syz.0.176': attribute type 13 has an invalid length.
[  216.482345][ T6781] bridge0: port 2(bridge_slave_1) entered disabled state
[  216.489907][ T6781] bridge0: port 1(bridge_slave_0) entered disabled state
[  216.519915][ T6781] bridge0: entered allmulticast mode
[  216.735603][ T6777] bridge_slave_1: left allmulticast mode
[  216.787385][ T6777] bridge_slave_1: left promiscuous mode
[  216.969065][ T6777] bridge0: port 2(bridge_slave_1) entered disabled state
[  217.357896][ T6777] bridge_slave_0: left allmulticast mode
[  217.363605][ T6777] bridge_slave_0: left promiscuous mode
[  217.375837][ T6777] bridge0: port 1(bridge_slave_0) entered disabled state
[  218.197745][ T6792] netlink: 64 bytes leftover after parsing attributes in process `syz.3.169'.
[  218.529793][ T6796] netlink: 180 bytes leftover after parsing attributes in process `syz.2.171'.
[  219.159500][ T6801] netlink: 180 bytes leftover after parsing attributes in process `syz.1.172'.
[  220.107625][ T6808] NILFS (nullb0): couldn't find nilfs on the device
[  222.646831][ T6823] input: syz0 as /devices/virtual/input/input6
[  222.811329][ T6823] netlink: 140 bytes leftover after parsing attributes in process `syz.1.187'.
[  226.870477][ T6843] loop2: detected capacity change from 0 to 32768
[  227.021103][ T6843] XFS (loop2): Mounting V5 Filesystem d7dc424e-7990-42cb-9f91-9cb7200a101d
[  227.048846][ T6843] XFS (loop2): Ending clean mount
[  227.375012][ T5774] XFS (loop2): Unmounting Filesystem d7dc424e-7990-42cb-9f91-9cb7200a101d
[  227.434970][ T5806] usb 1-1: new high-speed USB device number 3 using dummy_hcd
[  227.693391][ T5806] usb 1-1: Using ep0 maxpacket: 32
[  227.828338][ T5806] usb 1-1: config 0 interface 0 altsetting 0 has an invalid endpoint with address 0xFF, skipping
[  228.038511][ T6859] netlink: 8 bytes leftover after parsing attributes in process `syz.3.186'.
[  228.065344][ T5806] usb 1-1: New USB device found, idVendor=046d, idProduct=c314, bcdDevice= 0.40
[  228.074453][ T5806] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  228.108449][ T6859] netlink: 4 bytes leftover after parsing attributes in process `syz.3.186'.
[  228.117434][ T6859] netlink: 'syz.3.186': attribute type 11 has an invalid length.
[  228.126521][ T5806] usb 1-1: config 0 descriptor??
[  228.178389][ T6854] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22
[  228.196283][ T6859] netlink: 'syz.3.186': attribute type 13 has an invalid length.
[  228.210266][ T5806] hub 1-1:0.0: bad descriptor, ignoring hub
[  228.243546][ T5806] hub: probe of 1-1:0.0 failed with error -5
[  228.270296][ T5806] usbhid 1-1:0.0: couldn't find an input interrupt endpoint
[  228.385645][ T6862] bridge0: port 2(bridge_slave_1) entered disabled state
[  228.395365][ T6862] bridge0: port 1(bridge_slave_0) entered disabled state
[  228.410931][ T6862] bridge0: entered allmulticast mode
[  228.509686][ T6868] input: syz0 as /devices/virtual/input/input7
[  228.592998][ T6862] bridge_slave_1: left allmulticast mode
[  228.628387][ T6862] bridge_slave_1: left promiscuous mode
[  228.653505][ T6862] bridge0: port 2(bridge_slave_1) entered disabled state
[  228.679463][ T6871] netlink: 12 bytes leftover after parsing attributes in process `syz.0.184'.
[  228.719196][ T6862] bridge_slave_0: left allmulticast mode
[  228.775902][ T6862] bridge_slave_0: left promiscuous mode
[  229.028165][ T6862] bridge0: port 1(bridge_slave_0) entered disabled state
[  230.454433][ T6881] NILFS (nullb0): couldn't find nilfs on the device
[  232.359606][ T6889] input: syz0 as /devices/virtual/input/input8
[  232.379865][ T6889] netlink: 140 bytes leftover after parsing attributes in process `syz.3.192'.
[  232.548516][ T6892] netdevsim netdevsim1 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0
[  232.557469][ T6892] netdevsim netdevsim1 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0
[  232.566361][ T6892] netdevsim netdevsim1 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0
[  232.575143][ T6892] netdevsim netdevsim1 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0
[  232.713267][ T6892] netdevsim netdevsim1 netdevsim0: unset [0, 0] type 1 family 0 port 8472 - 0
[  232.722720][ T6892] netdevsim netdevsim1 netdevsim1: unset [0, 0] type 1 family 0 port 8472 - 0
[  232.732312][ T6892] netdevsim netdevsim1 netdevsim2: unset [0, 0] type 1 family 0 port 8472 - 0
[  232.741765][ T6892] netdevsim netdevsim1 netdevsim3: unset [0, 0] type 1 family 0 port 8472 - 0
[  235.039771][ T6893] netdevsim netdevsim1 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0
[  235.048671][ T6893] netdevsim netdevsim1 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0
[  235.057533][ T6893] netdevsim netdevsim1 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0
[  235.066345][ T6893] netdevsim netdevsim1 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0
[  235.264370][ T5806] usb 1-1: USB disconnect, device number 3
[  236.100736][ T6893] netdevsim netdevsim1 netdevsim0: unset [0, 0] type 1 family 0 port 8472 - 0
[  236.110157][ T6893] netdevsim netdevsim1 netdevsim1: unset [0, 0] type 1 family 0 port 8472 - 0
[  236.119736][ T6893] netdevsim netdevsim1 netdevsim2: unset [0, 0] type 1 family 0 port 8472 - 0
[  236.129412][ T6893] netdevsim netdevsim1 netdevsim3: unset [0, 0] type 1 family 0 port 8472 - 0
[  236.554884][ T6903] ieee802154 phy1 wpan1: encryption failed: -22
[  238.766538][ T6907] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  239.268732][ T6915] loop2: detected capacity change from 0 to 1024
[  239.405894][ T6920] netlink: 8 bytes leftover after parsing attributes in process `syz.0.198'.
[  240.637332][ T6915] hfsplus: invalid btree flag
[  240.643471][ T6915] hfsplus: failed to load catalog file
[  241.578357][ T6926] NILFS (nullb0): couldn't find nilfs on the device
[  241.883300][ T6932] input: syz0 as /devices/virtual/input/input9
[  241.898786][ T6932] netlink: 140 bytes leftover after parsing attributes in process `syz.2.202'.
[  242.604731][ T6934] netlink: 16 bytes leftover after parsing attributes in process `syz.1.201'.
[  242.963543][  T787] usb 4-1: new high-speed USB device number 2 using dummy_hcd
[  243.555983][  T787] usb 4-1: Using ep0 maxpacket: 32
[  243.634047][  T787] usb 4-1: config 0 interface 0 altsetting 0 has an invalid endpoint with address 0xFF, skipping
[  243.655508][  T787] usb 4-1: New USB device found, idVendor=046d, idProduct=c314, bcdDevice= 0.40
[  243.676403][  T787] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  243.712354][  T787] usb 4-1: config 0 descriptor??
[  243.723210][ T6940] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22
[  243.742949][  T787] hub 4-1:0.0: bad descriptor, ignoring hub
[  243.748928][  T787] hub: probe of 4-1:0.0 failed with error -5
[  243.780219][  T787] usbhid 4-1:0.0: couldn't find an input interrupt endpoint
[  243.853198][ T6952] netdevsim netdevsim0 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0
[  243.862497][ T6952] netdevsim netdevsim0 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0
[  243.871379][ T6952] netdevsim netdevsim0 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0
[  243.880136][ T6952] netdevsim netdevsim0 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0
[  243.917303][ T6952] netdevsim netdevsim0 netdevsim0: unset [0, 0] type 1 family 0 port 8472 - 0
[  243.926356][ T6952] netdevsim netdevsim0 netdevsim1: unset [0, 0] type 1 family 0 port 8472 - 0
[  243.935352][ T6952] netdevsim netdevsim0 netdevsim2: unset [0, 0] type 1 family 0 port 8472 - 0
[  243.944247][ T6952] netdevsim netdevsim0 netdevsim3: unset [0, 0] type 1 family 0 port 8472 - 0
[  245.323245][    T0] NOHZ tick-stop error: local softirq work is pending, handler #42!!!
[  246.033449][ T6954] netdevsim netdevsim0 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0
[  246.042422][ T6954] netdevsim netdevsim0 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0
[  246.051699][ T6954] netdevsim netdevsim0 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0
[  246.060433][ T6954] netdevsim netdevsim0 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0
[  246.098540][ T6960] netlink: 12 bytes leftover after parsing attributes in process `syz.3.203'.
[  246.301039][ T6954] netdevsim netdevsim0 netdevsim0: unset [0, 0] type 1 family 0 port 8472 - 0
[  246.310593][ T6954] netdevsim netdevsim0 netdevsim1: unset [0, 0] type 1 family 0 port 8472 - 0
[  246.319715][ T6954] netdevsim netdevsim0 netdevsim2: unset [0, 0] type 1 family 0 port 8472 - 0
[  246.328845][ T6954] netdevsim netdevsim0 netdevsim3: unset [0, 0] type 1 family 0 port 8472 - 0
[  249.870558][ T6973] loop0: detected capacity change from 0 to 1024
[  249.892357][ T6973] hfsplus: invalid btree flag
[  249.897400][   T27] usb 4-1: USB disconnect, device number 2
[  249.897802][ T6973] hfsplus: failed to load catalog file
[  251.712823][ T6987] netlink: 140 bytes leftover after parsing attributes in process `syz.0.213'.
[  251.759182][ T6988] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  252.156493][   T58] Bluetooth: hci4: Frame reassembly failed (-84)
[  254.331933][ T5776] Bluetooth: hci4: command 0xfc11 tx timeout
[  254.340275][ T5773] Bluetooth: hci4: Entering manufacturer mode failed (-110)
[  254.761819][ T7006] netlink: 36 bytes leftover after parsing attributes in process `syz.1.208'.
[  256.394912][ T7010] autofs4:pid:7010:validate_dev_ioctl: invalid path supplied for cmd(0xc018937a)
[  259.012034][    T0] NOHZ tick-stop error: local softirq work is pending, handler #80!!!
[  259.939825][ T7033] netdevsim netdevsim3 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0
[  259.948715][ T7033] netdevsim netdevsim3 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0
[  259.957509][ T7033] netdevsim netdevsim3 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0
[  259.966279][ T7033] netdevsim netdevsim3 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0
[  260.158794][ T7033] netdevsim netdevsim3 netdevsim0: unset [0, 0] type 1 family 0 port 8472 - 0
[  260.167862][ T7033] netdevsim netdevsim3 netdevsim1: unset [0, 0] type 1 family 0 port 8472 - 0
[  260.176827][ T7033] netdevsim netdevsim3 netdevsim2: unset [0, 0] type 1 family 0 port 8472 - 0
[  260.185723][ T7033] netdevsim netdevsim3 netdevsim3: unset [0, 0] type 1 family 0 port 8472 - 0
[  260.924015][ T7034] netdevsim netdevsim3 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0
[  260.933174][ T7034] netdevsim netdevsim3 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0
[  260.942104][ T7034] netdevsim netdevsim3 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0
[  260.950858][ T7034] netdevsim netdevsim3 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0
[  261.159949][ T7034] netdevsim netdevsim3 netdevsim0: unset [0, 0] type 1 family 0 port 8472 - 0
[  261.169016][ T7034] netdevsim netdevsim3 netdevsim1: unset [0, 0] type 1 family 0 port 8472 - 0
[  261.178129][ T7034] netdevsim netdevsim3 netdevsim2: unset [0, 0] type 1 family 0 port 8472 - 0
[  261.187108][ T7034] netdevsim netdevsim3 netdevsim3: unset [0, 0] type 1 family 0 port 8472 - 0
[  261.639300][ T7043] loop1: detected capacity change from 0 to 1024
[  261.675878][ T7043] hfsplus: invalid btree flag
[  261.680788][ T7043] hfsplus: failed to load catalog file
[  262.543776][ T7046] platform regulatory.0: loading /lib/firmware/regulatory.db failed with error -12
[  262.553414][ T7046] platform regulatory.0: Direct firmware load for regulatory.db failed with error -12
[  262.563233][ T7046] platform regulatory.0: Falling back to sysfs fallback for: regulatory.db
[  262.712001][ T7044] input: syz0 as /devices/virtual/input/input10
[  265.409096][ T1289] ieee802154 phy1 wpan1: encryption failed: -22
[  266.617601][ T7070] netlink: 4 bytes leftover after parsing attributes in process `syz.1.227'.
[  268.239697][ T7083] autofs4:pid:7083:validate_dev_ioctl: invalid path supplied for cmd(0xc018937a)
[  269.489846][ T7089] input: syz0 as /devices/virtual/input/input11
[  269.882773][ T7089] netlink: 140 bytes leftover after parsing attributes in process `syz.3.234'.
[  271.775130][ T7104] netdevsim netdevsim0 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0
[  271.783993][ T7104] netdevsim netdevsim0 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0
[  271.792973][ T7104] netdevsim netdevsim0 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0
[  271.801708][ T7104] netdevsim netdevsim0 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0
[  271.829571][ T7103] loop2: detected capacity change from 0 to 1024
[  271.957062][ T7104] netdevsim netdevsim0 netdevsim0: unset [0, 0] type 1 family 0 port 8472 - 0
[  271.966372][ T7104] netdevsim netdevsim0 netdevsim1: unset [0, 0] type 1 family 0 port 8472 - 0
[  271.975337][ T7104] netdevsim netdevsim0 netdevsim2: unset [0, 0] type 1 family 0 port 8472 - 0
[  271.984274][ T7104] netdevsim netdevsim0 netdevsim3: unset [0, 0] type 1 family 0 port 8472 - 0
[  272.038722][    T0] NOHZ tick-stop error: local softirq work is pending, handler #02!!!
[  272.192691][ T6974] I/O error, dev loop2, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2
[  277.624539][ T7105] netdevsim netdevsim0 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0
[  277.633450][ T7105] netdevsim netdevsim0 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0
[  277.642330][ T7105] netdevsim netdevsim0 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0
[  277.651133][ T7105] netdevsim netdevsim0 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0
[  277.720896][ T7105] netdevsim netdevsim0 netdevsim0: unset [0, 0] type 1 family 0 port 8472 - 0
[  277.729961][ T7105] netdevsim netdevsim0 netdevsim1: unset [0, 0] type 1 family 0 port 8472 - 0
[  277.739037][ T7105] netdevsim netdevsim0 netdevsim2: unset [0, 0] type 1 family 0 port 8472 - 0
[  277.748030][ T7105] netdevsim netdevsim0 netdevsim3: unset [0, 0] type 1 family 0 port 8472 - 0
[  277.777569][ T7129] input: syz0 as /devices/virtual/input/input12
[  277.785987][ T7129] netlink: 140 bytes leftover after parsing attributes in process `syz.3.243'.
[  280.609657][ T7149] siw: device registration error -23
[  280.897261][ T7152] input: syz0 as /devices/virtual/input/input13
[  281.060106][ T7152] netlink: 140 bytes leftover after parsing attributes in process `syz.3.248'.
[  285.047607][ T7179] overlayfs: missing 'lowerdir'
[  286.701719][ T7189] input: syz0 as /devices/virtual/input/input14
[  287.465110][ T7194] input: syz0 as /devices/virtual/input/input15
[  287.508219][ T7194] netlink: 140 bytes leftover after parsing attributes in process `syz.3.259'.
[  289.452456][ T7219] autofs4:pid:7219:validate_dev_ioctl: invalid path supplied for cmd(0xc018937a)
[  291.862273][ T7234] input: syz0 as /devices/virtual/input/input16
[  291.875373][ T7234] netlink: 140 bytes leftover after parsing attributes in process `syz.0.270'.
[  295.815519][ T7262] overlayfs: overlapping lowerdir path
[  296.104167][ T7261] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off.
[  297.937149][ T7280] Driver unsupported XDP return value 0 on prog  (id 24) dev N/A, expect packet loss!
[  298.747950][ T7286] input: syz0 as /devices/virtual/input/input17
[  298.944134][ T7286] netlink: 140 bytes leftover after parsing attributes in process `syz.2.280'.
[  299.047665][ T7289] GUP no longer grows the stack in syz.1.279 (7289): 200000006000-200000009000 (200000004000)
[  299.058905][ T7289] CPU: 1 PID: 7289 Comm: syz.1.279 Not tainted syzkaller #0
[  299.066244][ T7289] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026
[  299.076371][ T7289] Call Trace:
[  299.079707][ T7289]  <TASK>
[  299.082674][ T7289]  dump_stack_lvl+0x18c/0x250
[  299.087410][ T7289]  ? asm_sysvec_reschedule_ipi+0x1a/0x20
[  299.093092][ T7289]  ? show_regs_print_info+0x20/0x20
[  299.098347][ T7289]  ? asm_sysvec_reschedule_ipi+0x1a/0x20
[  299.104042][ T7289]  fixup_user_fault+0x642/0x700
[  299.108954][ T7289]  fault_in_user_writeable+0x71/0xd0
[  299.114285][ T7289]  futex_lock_pi+0x274/0x9b0
[  299.118931][ T7289]  ? fixup_pi_state_owner+0x5e0/0x5e0
[  299.124390][ T7289]  ? do_futex+0x21f/0x3e0
[  299.128769][ T7289]  do_futex+0x23d/0x3e0
[  299.133011][ T7289]  ? __ia32_sys_get_robust_list+0x110/0x110
[  299.138991][ T7289]  __se_sys_futex+0x3a9/0x440
[  299.143718][ T7289]  ? __x64_sys_futex+0xf0/0xf0
[  299.148532][ T7289]  ? __x64_sys_futex+0x21/0xf0
[  299.153338][ T7289]  do_syscall_64+0x55/0xa0
[  299.157789][ T7289]  ? clear_bhb_loop+0x40/0x90
[  299.162520][ T7289]  ? clear_bhb_loop+0x40/0x90
[  299.167264][ T7289]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[  299.173201][ T7289] RIP: 0033:0x7fa4ded9cdd9
[  299.177679][ T7289] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  299.197358][ T7289] RSP: 002b:00007fa4dcfd5028 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca
[  299.205832][ T7289] RAX: ffffffffffffffda RBX: 00007fa4df016180 RCX: 00007fa4ded9cdd9
[  299.213838][ T7289] RDX: 0000000000000002 RSI: 000000000000008d RDI: 0000200000004000
[  299.221835][ T7289] RBP: 00007fa4dee32d69 R08: 0000000000000000 R09: 0000000000000082
[  299.229850][ T7289] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  299.237859][ T7289] R13: 00007fa4df016218 R14: 00007fa4df016180 R15: 00007fff3bd07d68
[  299.245889][ T7289]  </TASK>
[  301.489138][   T28] audit: type=1326 audit(1777725053.761:38): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7294 comm="syz.1.282" exe="/root/ci2-linux-6-6-kasan/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fa4ded9cdd9 code=0x0
[  301.588907][ T7299] netlink: 64 bytes leftover after parsing attributes in process `syz.2.283'.
[  302.771893][    T0] NOHZ tick-stop error: local softirq work is pending, handler #140!!!
[  303.056181][ T7302] loop1: detected capacity change from 0 to 1024
[  303.405783][ T7305] loop1: detected capacity change from 0 to 1764
[  307.190960][ T7339] pim6reg: entered allmulticast mode
[  307.517674][ T7338] overlayfs: missing 'lowerdir'
[  309.591168][ T7346] input: syz0 as /devices/virtual/input/input18
[  309.918862][ T7346] netlink: 140 bytes leftover after parsing attributes in process `syz.2.292'.
[  310.370687][ T7354] netlink: 180 bytes leftover after parsing attributes in process `syz.3.293'.
[  314.988962][ T7375] netlink: 180 bytes leftover after parsing attributes in process `syz.1.297'.
[  316.093219][ T7383] dvb_demux: dvb_demux_feed_del: feed not in list (type=0 state=0 pid=ffff)
[  317.143279][    T8] libceph: connect (1)[c::]:6789 error -101
[  317.168035][    T8] libceph: mon0 (1)[c::]:6789 connect error
[  317.186533][ T7391] ceph: No mds server is up or the cluster is laggy
[  317.379535][ T7395] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.
[  318.053210][ T7403] netlink: 180 bytes leftover after parsing attributes in process `syz.0.303'.
[  319.308133][ T7412] input: syz0 as /devices/virtual/input/input19
[  319.323642][ T7412] netlink: 140 bytes leftover after parsing attributes in process `syz.0.304'.
[  319.623295][    T0] NOHZ tick-stop error: local softirq work is pending, handler #142!!!
[  320.443914][ T7423] netlink: 8 bytes leftover after parsing attributes in process `syz.0.309'.
[  320.478287][ T7423] netlink: 12 bytes leftover after parsing attributes in process `syz.0.309'.
[  320.686857][ T7423] netlink: 4 bytes leftover after parsing attributes in process `syz.0.309'.
[  321.418980][ T7430] netlink: 180 bytes leftover after parsing attributes in process `syz.2.310'.
[  323.923932][ T7454] input: syz0 as /devices/virtual/input/input20
[  323.939098][ T7454] netlink: 140 bytes leftover after parsing attributes in process `syz.3.315'.
[  324.177824][ T7456] netlink: 180 bytes leftover after parsing attributes in process `syz.0.314'.
[  324.998066][ T7463] loop0: detected capacity change from 0 to 512
[  325.048439][ T7465] autofs4:pid:7465:validate_dev_ioctl: invalid path supplied for cmd(0xc018937a)
[  326.195546][    T0] NOHZ tick-stop error: local softirq work is pending, handler #02!!!
[  328.581864][ T7463] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  328.594928][ T7463] ext4 filesystem being mounted at /70/file2 supports timestamps until 2038-01-19 (0x7fffffff)
[  328.688421][ T5771] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  330.823868][ T7490] input: syz0 as /devices/virtual/input/input21
[  330.848164][ T1289] ieee802154 phy1 wpan1: encryption failed: -22
[  335.111413][ T7521] netlink: 180 bytes leftover after parsing attributes in process `syz.0.329'.
[  337.753770][ T7538] netlink: 180 bytes leftover after parsing attributes in process `syz.2.332'.
[  338.039385][ T5773] Bluetooth: hci3: command 0x0406 tx timeout
[  340.600360][ T7554] netlink: 180 bytes leftover after parsing attributes in process `syz.1.338'.
[  341.060543][ T7555] UDPLite: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list
[  341.264047][ T7549] netlink: 4 bytes leftover after parsing attributes in process `syz.0.337'.
[  341.443296][ T7561] loop3: detected capacity change from 0 to 128
[  341.801016][ T7565] netlink: 128 bytes leftover after parsing attributes in process `syz.3.340'.
[  343.933434][  T787] libceph: connect (1)[c::]:6789 error -101
[  344.132335][ T7579] loop0: detected capacity change from 0 to 32768
[  344.140481][ T7573] ceph: No mds server is up or the cluster is laggy
[  344.158655][  T787] libceph: mon0 (1)[c::]:6789 connect error
[  344.194809][ T7575] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.
[  344.195843][ T7579] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop0 scanned by syz.0.344 (7579)
[  344.248170][ T7579] BTRFS info (device loop0): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[  344.258447][ T7579] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm
[  344.267419][ T7579] BTRFS info (device loop0): turning on sync discard
[  344.274132][ T7579] BTRFS info (device loop0): setting incompat feature flag for COMPRESS_ZSTD (0x10)
[  344.283656][ T7579] BTRFS info (device loop0): use zstd compression, level 3
[  344.290921][ T7579] BTRFS info (device loop0): turning on async discard
[  344.297745][ T7579] BTRFS warning (device loop0): 'usebackuproot' is deprecated, use 'rescue=usebackuproot' instead
[  344.308361][ T7579] BTRFS info (device loop0): trying to use backup root at mount time
[  344.316440][ T7579] BTRFS info (device loop0): enabling auto defrag
[  344.322922][ T7579] BTRFS info (device loop0): using free space tree
[  344.483747][   T35] BTRFS warning (device loop0): checksum verify failed on logical 5337088 mirror 1 wanted 0xe63dbdda found 0xc926492d level 0
[  344.522616][ T7579] BTRFS error (device loop0): failed to load root extent
[  344.529708][ T7579] BTRFS warning (device loop0): try to load backup roots slot 1
[  344.538454][   T35] BTRFS warning (device loop0): checksum verify failed on logical 5324800 mirror 1 wanted 0x9f73850b found 0x80379423 level 0
[  344.551809][ T7579] BTRFS warning (device loop0): couldn't read tree root
[  344.558888][ T7579] BTRFS warning (device loop0): try to load backup roots slot 2
[  344.567048][   T35] BTRFS error (device loop0): level verify failed on logical 5255168 mirror 1 wanted 0 found 1
[  344.578080][ T7579] BTRFS warning (device loop0): couldn't read tree root
[  344.585076][ T7579] BTRFS warning (device loop0): try to load backup roots slot 3
[  344.620494][ T7579] BTRFS info (device loop0): enabling ssd optimizations
[  344.628332][ T7579] BTRFS info (device loop0): rebuilding free space tree
[  344.646786][ T7579] BTRFS info (device loop0): checking UUID tree
[  344.761464][ T7582] dvb_demux: dvb_demux_feed_del: feed not in list (type=0 state=0 pid=ffff)
[  344.959549][   T28] audit: type=1800 audit(1777725094.441:39): pid=7604 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.344" name="bus" dev="loop0" ino=257 res=0 errno=0
[  346.150891][ T7609] lo speed is unknown, defaulting to 1000
[  346.157101][ T7609] lo speed is unknown, defaulting to 1000
[  346.167026][ T7609] lo speed is unknown, defaulting to 1000
[  346.227759][ T7609] infiniband syz2: RDMA CMA: cma_listen_on_dev, error -98
[  347.159187][ T7609] lo speed is unknown, defaulting to 1000
[  347.173504][ T7609] lo speed is unknown, defaulting to 1000
[  347.202681][ T7609] lo speed is unknown, defaulting to 1000
[  347.237586][ T7609] lo speed is unknown, defaulting to 1000
[  347.340373][ T5771] BTRFS info (device loop0): last unmount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[  347.945229][  T788] usb 4-1: new high-speed USB device number 3 using dummy_hcd
[  348.071749][ T7618] netlink: 180 bytes leftover after parsing attributes in process `syz.0.347'.
[  349.548554][  T788] usb 4-1: Using ep0 maxpacket: 32
[  349.673446][  T788] usb 4-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1
[  349.687343][  T788] usb 4-1: New USB device found, idVendor=046d, idProduct=c31c, bcdDevice= 0.40
[  349.715738][  T788] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  349.752325][  T788] usb 4-1: config 0 descriptor??
[  349.781396][  T788] hub 4-1:0.0: bad descriptor, ignoring hub
[  349.787380][  T788] hub: probe of 4-1:0.0 failed with error -5
[  349.825468][  T788] usbhid 4-1:0.0: couldn't find an input interrupt endpoint
[  350.474401][ T7625] fuse: Unknown parameter '0x000000000000000800000000000000000000'
[  350.611769][ T7633] can: request_module (can-proto-4) failed.
[  353.103756][ T5806] usb 4-1: USB disconnect, device number 3
[  353.984165][ T7644] netlink: 4 bytes leftover after parsing attributes in process `syz.3.355'.
[  354.877119][ T7654] process 'syz.2.357' launched '/dev/fd/7' with NULL argv: empty string added
[  356.499474][ T7663] netlink: 180 bytes leftover after parsing attributes in process `syz.2.359'.
[  357.656451][ T7661] lo speed is unknown, defaulting to 1000
[  359.775997][ T7665] netlink: 16186 bytes leftover after parsing attributes in process `syz.0.361'.
[  362.068736][ T7679] vhci_hcd vhci_hcd.0: pdev(3) rhport(0) sockfd(6)
[  362.075322][ T7679] vhci_hcd vhci_hcd.0: devid(0) speed(4) speed_str(wireless)
[  362.418155][ T7679] vhci_hcd vhci_hcd.0: Device attached
[  362.424886][ T7686] kernel profiling enabled (shift: 9)
[  363.198455][  T787] vhci_hcd: vhci_device speed not set
[  363.275897][  T787] usb 39-1: new full-speed USB device number 3 using vhci_hcd
[  363.499804][ T7697] loop2: detected capacity change from 0 to 128
[  363.506537][ T7680] vhci_hcd: connection reset by peer
[  363.539445][   T35] vhci_hcd: stop threads
[  363.553825][   T35] vhci_hcd: release socket
[  363.634904][ T7701] loop4: detected capacity change from 0 to 7
[  365.575157][   T35] vhci_hcd: disconnect device
[  365.646711][    C0] I/O error, dev loop4, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2
[  365.684211][ T7697] EXT4-fs (loop2): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none.
[  365.711361][    C0] I/O error, dev loop4, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[  365.720997][    C0] Buffer I/O error on dev loop4, logical block 0, async page read
[  365.762272][ T7697] ext4 filesystem being mounted at /90/mnt supports timestamps until 2038-01-19 (0x7fffffff)
[  365.774000][    C0] I/O error, dev loop4, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[  365.783413][    C0] Buffer I/O error on dev loop4, logical block 0, async page read
[  365.924139][    C0] I/O error, dev loop4, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[  365.933480][    C0] Buffer I/O error on dev loop4, logical block 0, async page read
[  365.958939][    C0] I/O error, dev loop4, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[  365.968249][    C0] Buffer I/O error on dev loop4, logical block 0, async page read
[  365.983537][    C0] I/O error, dev loop4, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[  365.992894][    C0] Buffer I/O error on dev loop4, logical block 0, async page read
[  366.050428][ T7710] IPVS: set_ctl: invalid protocol: 59 100.1.1.1:20004
[  367.074759][ T5774] EXT4-fs (loop2): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09.
[  367.231535][ T7717] fuse: Unknown parameter '0x0000000000000007'
[  367.242010][ T7717] 9pnet_fd: Insufficient options for proto=fd
[  368.656594][ T7726] netlink: 180 bytes leftover after parsing attributes in process `syz.2.370'.
[  369.332838][  T787] vhci_hcd: vhci_device speed not set
[  369.498509][ T5773] Bluetooth: hci2: unexpected event for opcode 0x203d
[  369.583136][ T7734] netdevsim netdevsim3: loading /lib/firmware/. failed with error -22
[  369.591890][ T7734] netdevsim netdevsim3: Direct firmware load for . failed with error -22
[  369.600432][ T7734] netdevsim netdevsim3: Falling back to sysfs fallback for: .
[  374.455907][ T5773] Bluetooth: hci2: Controller not accepting commands anymore: ncmd = 0
[  374.456710][ T5773] Bluetooth: hci2: Injecting HCI hardware error event
[  374.459638][ T5773] Bluetooth: hci2: hardware error 0x00
[  374.749464][ T7738] mac80211_hwsim hwsim8 wlan1: (WE) : Wireless Event (cmd=0x8B1A) too big (33)
[  376.207805][ T7766] loop3: detected capacity change from 0 to 2048
[  376.215341][ T7766] UDF-fs: bad mount option "noadinicb@&°"w¤8¬êˆx7" or missing value
[  376.932860][ T5773] Bluetooth: hci2: Opcode 0x0c03 failed: -110
[  377.828856][ T2928] wlan1: Trigger new scan to find an IBSS to join
[  377.871896][ T7752] I/O error, dev loop3, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2
[  379.245151][ T7775] input: syz0 as /devices/virtual/input/input22
[  379.343890][ T7775] netlink: 140 bytes leftover after parsing attributes in process `syz.1.377'.
[  380.940336][ T7793] input: syz0 as /devices/virtual/input/input23
[  380.988638][ T7793] netlink: 140 bytes leftover after parsing attributes in process `syz.2.381'.
[  382.756578][ T5776] Bluetooth: hci3: command 0x0406 tx timeout
[  382.858280][ T2928] wlan1: Trigger new scan to find an IBSS to join
[  383.811422][ T7810] loop3: detected capacity change from 0 to 512
[  384.045128][ T7815] netlink: 180 bytes leftover after parsing attributes in process `syz.0.388'.
[  384.056575][ T7815] overlayfs: missing 'lowerdir'
[  384.074288][ T7810] EXT4-fs (loop3): 1 truncate cleaned up
[  384.655988][ T7810] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  384.801893][ T7813] netlink: 136 bytes leftover after parsing attributes in process `syz.2.387'.
[  384.891237][   T35] wlan1: Creating new IBSS network, BSSID 36:cf:f1:52:03:a6
[  386.297022][ T7832] batadv0: left promiscuous mode
[  386.790941][ T5778] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  387.195936][ T7837] input: syz0 as /devices/virtual/input/input24
[  387.363695][ T7837] netlink: 140 bytes leftover after parsing attributes in process `syz.2.391'.
[  388.166705][ T7827] netlink: 180 bytes leftover after parsing attributes in process `syz.0.389'.
[  389.233984][ T7851] PKCS8: Unsupported PKCS#8 version
[  389.623465][ T7856] netlink: 180 bytes leftover after parsing attributes in process `syz.3.397'.
[  389.636302][ T7856] overlayfs: missing 'lowerdir'
[  391.510551][ T5773] Bluetooth: hci3: command 0x0406 tx timeout
[  393.124472][ T7874] loop3: detected capacity change from 0 to 512
[  393.220741][ T7874] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  393.293404][ T7874] ext4 filesystem being mounted at /96/file2 supports timestamps until 2038-01-19 (0x7fffffff)
[  394.826364][ T5778] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  394.970853][ T7892] input: syz0 as /devices/virtual/input/input25
[  394.989496][ T7892] netlink: 140 bytes leftover after parsing attributes in process `syz.1.403'.
[  395.564513][ T7904] dvb_demux: dvb_demux_feed_del: feed not in list (type=0 state=0 pid=ffff)
[  396.247331][ T1289] ieee802154 phy1 wpan1: encryption failed: -22
[  396.418306][ T7896] loop3: detected capacity change from 0 to 128
[  396.660830][ T7896] EXT4-fs (loop3): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none.
[  396.737863][ T7896] ext4 filesystem being mounted at /97/mnt supports timestamps until 2038-01-19 (0x7fffffff)
[  398.409496][ T7920] fscrypt (loop3, inode 12): Unsupported encryption flags (0x08)
[  399.142473][ T7928] netlink: 8 bytes leftover after parsing attributes in process `syz.1.409'.
[  399.169313][ T7928] bridge0: port 1(geneve1) entered blocking state
[  399.176234][ T7928] bridge0: port 1(geneve1) entered disabled state
[  399.182996][ T7928] geneve1: entered allmulticast mode
[  399.189940][ T7928] geneve1: entered promiscuous mode
[  400.102483][ T5778] EXT4-fs (loop3): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09.
[  404.140388][ T7940] loop1: detected capacity change from 0 to 512
[  404.262905][ T7945] siw: device registration error -23
[  404.333169][ T7940] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  404.510162][ T7940] ext4 filesystem being mounted at /113/file2 supports timestamps until 2038-01-19 (0x7fffffff)
[  405.921273][ T7948] input: syz0 as /devices/virtual/input/input26
[  405.952236][ T5780] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  406.020324][ T7948] netlink: 140 bytes leftover after parsing attributes in process `syz.2.414'.
[  407.099477][ T7957] lo speed is unknown, defaulting to 1000
[  411.988849][ T7990] PKCS8: Unsupported PKCS#8 version
[  412.128936][ T7997] loop2: detected capacity change from 0 to 512
[  413.816435][ T8000] bond0: (slave bond_slave_0): Releasing backup interface
[  414.200997][ T8004] block device autoloading is deprecated and will be removed.
[  414.496984][ T7997] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  414.515259][ T8000] bond0: (slave bond_slave_1): Releasing backup interface
[  414.550975][ T7997] ext4 filesystem being mounted at /106/file2 supports timestamps until 2038-01-19 (0x7fffffff)
[  414.600418][ T8000] team0: Port device team_slave_0 removed
[  414.809326][ T8000] team0: Port device team_slave_1 removed
[  414.816064][ T8000] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  414.823759][ T8000] batman_adv: batadv0: Removing interface: batadv_slave_0
[  414.868184][ T8000] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  414.875944][ T8000] batman_adv: batadv0: Removing interface: batadv_slave_1
[  415.764295][ T5774] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  415.836303][ T8014] input: syz0 as /devices/virtual/input/input27
[  415.947966][ T8012] netlink: 140 bytes leftover after parsing attributes in process `syz.1.434'.
[  417.178808][ T2911] wlan1: No active IBSS STAs - trying to scan for other IBSS networks with same SSID (merge)
[  417.863919][ T8020] lo speed is unknown, defaulting to 1000
[  419.158665][ T8026] input: syz0 as /devices/virtual/input/input28
[  419.183899][ T8026] netlink: 140 bytes leftover after parsing attributes in process `syz.2.427'.
[  420.280384][ T8028] bridge0: port 2(erspan0) entered blocking state
[  420.287472][ T8028] bridge0: port 2(erspan0) entered disabled state
[  420.294313][ T8028] erspan0: entered allmulticast mode
[  420.300817][ T8028] erspan0: entered promiscuous mode
[  423.394328][ T8060] loop1: detected capacity change from 0 to 512
[  423.499665][ T8060] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  423.543933][ T8060] ext4 filesystem being mounted at /121/file2 supports timestamps until 2038-01-19 (0x7fffffff)
[  424.732948][ T8067] netlink: 'syz.2.438': attribute type 12 has an invalid length.
[  424.939713][ T5780] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  425.123196][ T8077] input: syz0 as /devices/virtual/input/input29
[  425.190975][ T8077] netlink: 140 bytes leftover after parsing attributes in process `syz.3.440'.
[  425.223860][ T8079] input: syz0 as /devices/virtual/input/input30
[  425.261529][ T8079] netlink: 140 bytes leftover after parsing attributes in process `syz.1.441'.
[  425.516122][ T8087] loop2: detected capacity change from 0 to 2048
[  425.594878][ T8087] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  425.618568][ T8087] ext4 filesystem being mounted at /111/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  426.017051][ T8091] netlink: 180 bytes leftover after parsing attributes in process `syz.0.439'.
[  426.041732][ T8089] mac80211_hwsim hwsim9 wlan1: (WE) : Wireless Event (cmd=0x8B1A) too big (33)
[  426.484431][   T28] audit: type=1326 audit(1777725170.577:40): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8086 comm="syz.2.444" exe="/root/ci2-linux-6-6-kasan/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f08f679cdd9 code=0x7ffc0000
[  426.508538][   T28] audit: type=1326 audit(1777725170.577:41): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8086 comm="syz.2.444" exe="/root/ci2-linux-6-6-kasan/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f08f679cdd9 code=0x7ffc0000
[  426.533162][   T28] audit: type=1326 audit(1777725170.577:42): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8086 comm="syz.2.444" exe="/root/ci2-linux-6-6-kasan/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f08f679cdd9 code=0x7ffc0000
[  426.594958][   T28] audit: type=1326 audit(1777725170.577:43): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8086 comm="syz.2.444" exe="/root/ci2-linux-6-6-kasan/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f08f679cdd9 code=0x7ffc0000
[  426.748735][   T28] audit: type=1326 audit(1777725170.577:44): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8086 comm="syz.2.444" exe="/root/ci2-linux-6-6-kasan/syz-executor" sig=0 arch=c000003e syscall=56 compat=0 ip=0x7f08f679cdd9 code=0x7ffc0000
[  426.778554][   T28] audit: type=1326 audit(1777725170.605:45): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8099 comm="syz.2.444" exe="/root/ci2-linux-6-6-kasan/syz-executor" sig=0 arch=c000003e syscall=230 compat=0 ip=0x7f08f675d60e code=0x7ffc0000
[  426.804409][   T28] audit: type=1326 audit(1777725170.605:46): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8086 comm="syz.2.444" exe="/root/ci2-linux-6-6-kasan/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f08f679cdd9 code=0x7ffc0000
[  426.828833][   T28] audit: type=1326 audit(1777725170.652:47): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8086 comm="syz.2.444" exe="/root/ci2-linux-6-6-kasan/syz-executor" sig=0 arch=c000003e syscall=9 compat=0 ip=0x7f08f679cb42 code=0x7ffc0000
[  426.853068][   T28] audit: type=1326 audit(1777725170.652:48): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8086 comm="syz.2.444" exe="/root/ci2-linux-6-6-kasan/syz-executor" sig=0 arch=c000003e syscall=9 compat=0 ip=0x7f08f679cb42 code=0x7ffc0000
[  426.879345][   T28] audit: type=1326 audit(1777725170.661:49): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8086 comm="syz.2.444" exe="/root/ci2-linux-6-6-kasan/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f08f679cdd9 code=0x7ffc0000
[  428.735710][ T2911] wlan1: Trigger new scan to find an IBSS to join
[  428.911894][ T5774] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  429.021904][ T8105] loop2: detected capacity change from 0 to 8
[  429.620871][ T8110] SQUASHFS error: lzo decompression failed, data probably corrupt
[  429.629355][ T8110] SQUASHFS error: Failed to read block 0x0: -5
[  429.635672][ T8110] SQUASHFS error: Failed to read block 0xff: -5
[  429.642679][ T8110] SQUASHFS error: lzo decompression failed, data probably corrupt
[  429.650692][ T8110] SQUASHFS error: Failed to read block 0x0: -5
[  430.192142][ T8110] SQUASHFS error: lzo decompression failed, data probably corrupt
[  430.200069][ T8110] SQUASHFS error: Failed to read block 0x0: -5
[  430.312182][ T8110] SQUASHFS error: Failed to read block 0x6a4: -5
[  430.318967][ T8110] SQUASHFS error: Unable to read metadata cache entry [6a2]
[  430.326401][ T8110] SQUASHFS error: read_indexes: reading block [6a2:0]
[  430.333318][ T8110] SQUASHFS error: Failed to read block 0x0: -5
[  430.339553][ T8110] SQUASHFS error: Unable to read metadata cache entry [6a2]
[  430.346944][ T8110] SQUASHFS error: read_indexes: reading block [6a2:0]
[  430.353844][ T8110] SQUASHFS error: Failed to read block 0x0: -5
[  431.920306][ T8126] input: syz0 as /devices/virtual/input/input31
[  431.955799][ T8126] netlink: 140 bytes leftover after parsing attributes in process `syz.1.451'.
[  432.881338][ T8127] netdevsim netdevsim2: loading /lib/firmware/. failed with error -22
[  432.890306][ T8127] netdevsim netdevsim2: Direct firmware load for . failed with error -22
[  432.898979][ T8127] netdevsim netdevsim2: Falling back to sysfs fallback for: .
[  433.202516][ T8137] input: syz0 as /devices/virtual/input/input32
[  433.389021][ T8140] netlink: 140 bytes leftover after parsing attributes in process `syz.3.453'.
[  434.355848][ T8144] netlink: 4 bytes leftover after parsing attributes in process `syz.0.454'.
[  434.741438][ T8152] loop3: detected capacity change from 0 to 1024
[  435.074264][ T2911] wlan1: Trigger new scan to find an IBSS to join
[  436.678447][ T5773] Bluetooth: hci3: command 0x0406 tx timeout
[  438.367992][ T5965] wlan1: Creating new IBSS network, BSSID c2:9b:e8:56:e3:92
[  438.739033][ T8169] loop2: detected capacity change from 0 to 32768
[  439.046787][ T8171] binder: 8170:8171 ioctl c01c586a 0 returned -22
[  439.424297][ T8173] hub 8-0:1.0: USB hub found
[  439.432340][ T8173] hub 8-0:1.0: 1 port detected
[  439.438278][ T8152] hfsplus: found bad thread record in catalog
[  439.759419][ T8177] syz.0.460 (8177): /proc/8174/oom_adj is deprecated, please use /proc/8174/oom_score_adj instead.
[  440.674568][   T11] hfsplus: b-tree write err: -5, ino 25
[  440.684158][   T11] hfsplus: b-tree write err: -5, ino 4
[  440.716652][   T11] hfsplus: b-tree write err: -5, ino 2
[  440.852802][ T5965] hfsplus: b-tree write err: -5, ino 22
[  441.126162][ T8181] input: syz0 as /devices/virtual/input/input33
[  441.147341][ T8181] netlink: 140 bytes leftover after parsing attributes in process `syz.3.461'.
[  442.232688][ T8186] loop2: detected capacity change from 0 to 256
[  442.303840][   T28] kauditd_printk_skb: 64 callbacks suppressed
[  442.303853][   T28] audit: type=1326 audit(1777725185.541:114): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8187 comm="syz.0.464" exe="/root/ci2-linux-6-6-kasan/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9ccfb9cdd9 code=0x7ffc0000
[  442.335136][ T8190] input: syz0 as /devices/virtual/input/input34
[  442.380617][ T8191] netlink: 140 bytes leftover after parsing attributes in process `syz.3.465'.
[  442.411419][   T28] audit: type=1326 audit(1777725185.578:115): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8187 comm="syz.0.464" exe="/root/ci2-linux-6-6-kasan/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9ccfb9cdd9 code=0x7ffc0000
[  442.555854][   T28] audit: type=1326 audit(1777725185.578:116): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8187 comm="syz.0.464" exe="/root/ci2-linux-6-6-kasan/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9ccfb9cdd9 code=0x7ffc0000
[  442.750014][ T8197] xt_TCPMSS: path-MTU clamping only supported in FORWARD, OUTPUT and POSTROUTING hooks
[  442.762009][ T8197] syz.2.462: attempt to access beyond end of device
[  442.762009][ T8197] loop2: rw=0, sector=0, nr_sectors = 8 limit=0
[  442.774865][ T8197] F2FS-fs (loop2): Unable to read 1th superblock
[  442.781421][ T8197] syz.2.462: attempt to access beyond end of device
[  442.781421][ T8197] loop2: rw=0, sector=8, nr_sectors = 8 limit=0
[  442.794193][ T8197] F2FS-fs (loop2): Unable to read 2th superblock
[  442.830534][   T28] audit: type=1326 audit(1777725185.578:117): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8187 comm="syz.0.464" exe="/root/ci2-linux-6-6-kasan/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9ccfb9cdd9 code=0x7ffc0000
[  442.858477][   T28] audit: type=1326 audit(1777725185.578:118): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8187 comm="syz.0.464" exe="/root/ci2-linux-6-6-kasan/syz-executor" sig=0 arch=c000003e syscall=334 compat=0 ip=0x7f9ccfb9cdd9 code=0x7ffc0000
[  442.885025][   T28] audit: type=1326 audit(1777725185.578:119): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8187 comm="syz.0.464" exe="/root/ci2-linux-6-6-kasan/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9ccfb9cdd9 code=0x7ffc0000
[  442.991073][   T28] audit: type=1326 audit(1777725185.578:120): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8187 comm="syz.0.464" exe="/root/ci2-linux-6-6-kasan/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9ccfb9cdd9 code=0x7ffc0000
[  443.034899][   T28] audit: type=1326 audit(1777725185.587:121): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8187 comm="syz.0.464" exe="/root/ci2-linux-6-6-kasan/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9ccfb9cdd9 code=0x7ffc0000
[  443.349240][ T8201] tmpfs: Bad value for 'mpol'
[  444.067934][   T28] audit: type=1326 audit(1777725185.587:123): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8187 comm="syz.0.464" exe="/root/ci2-linux-6-6-kasan/syz-executor" sig=0 arch=c000003e syscall=87 compat=0 ip=0x7f9ccfb9cdd9 code=0x7ffc0000
[  444.093406][   T28] audit: type=1326 audit(1777725185.587:122): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8187 comm="syz.0.464" exe="/root/ci2-linux-6-6-kasan/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9ccfb9cdd9 code=0x7ffc0000
[  444.473302][ T8205] tipc: Can't bind to reserved service type 1
[  444.489530][ T8205] misc userio: Invalid payload size
[  444.497231][ T8205] misc userio: No port type given on /dev/userio
[  447.849113][ T8215] mac80211_hwsim hwsim3 wlan1: (WE) : Wireless Event (cmd=0x8B1A) too big (33)
[  447.928062][ T8216] netlink: 'syz.1.469': attribute type 10 has an invalid length.
[  447.943308][ T8216] team0: Device ipvlan1 failed to register rx_handler
[  447.962971][    T8] hid-generic 0006:0004:0009.0001: unknown main item tag 0x0
[  448.015851][    T8] hid-generic 0006:0004:0009.0001: unknown main item tag 0x0
[  448.070130][    T8] hid-generic 0006:0004:0009.0001: unknown main item tag 0x0
[  448.080984][    T8] hid-generic 0006:0004:0009.0001: unknown main item tag 0x0
[  448.089069][    T8] hid-generic 0006:0004:0009.0001: unknown main item tag 0x0
[  448.097214][    T8] hid-generic 0006:0004:0009.0001: unknown main item tag 0x0
[  448.104920][    T8] hid-generic 0006:0004:0009.0001: unknown main item tag 0x0
[  448.123397][    T8] hid-generic 0006:0004:0009.0001: unknown main item tag 0x0
[  448.145657][    T8] hid-generic 0006:0004:0009.0001: unknown main item tag 0x0
[  448.172100][    T8] hid-generic 0006:0004:0009.0001: unknown main item tag 0x0
[  448.182946][    T8] hid-generic 0006:0004:0009.0001: unknown main item tag 0x0
[  448.190688][    T8] hid-generic 0006:0004:0009.0001: unknown main item tag 0x0
[  448.199738][    T8] hid-generic 0006:0004:0009.0001: unknown main item tag 0x0
[  448.207374][    T8] hid-generic 0006:0004:0009.0001: unknown main item tag 0x0
[  448.215621][    T8] hid-generic 0006:0004:0009.0001: unknown main item tag 0x0
[  448.223603][    T8] hid-generic 0006:0004:0009.0001: unknown main item tag 0x0
[  448.231200][    T8] hid-generic 0006:0004:0009.0001: unknown main item tag 0x0
[  448.697403][    T8] hid-generic 0006:0004:0009.0001: hidraw0: VIRTUAL HID v0.04 Device [syz1] on syz0
[  449.091040][ T8230] fido_id[8230]: Failed to open report descriptor at '/sys/devices/virtual/misc/uhid/report_descriptor': No such file or directory
[  450.097976][ T2888] wlan1: Trigger new scan to find an IBSS to join
[  450.313097][ T8244] fuse: Bad value for 'fd'
[  452.204661][ T8256] futex_wake_op: syz.2.477 tries to shift op by 144; fix this program
[  452.486309][ T2888] wlan1: No active IBSS STAs - trying to scan for other IBSS networks with same SSID (merge)
[  452.968550][ T8245] netlink: 8 bytes leftover after parsing attributes in process `syz.0.475'.
[  455.140693][ T8271] netlink: 28 bytes leftover after parsing attributes in process `syz.3.482'.
[  456.196822][ T8276] netlink: 12 bytes leftover after parsing attributes in process `syz.0.483'.
[  456.344301][ T8278] loop3: detected capacity change from 0 to 256
[  456.836176][ T8278] exFAT-fs (loop3): failed to load upcase table (idx : 0x0001ff53, chksum : 0xd72bb7d8, utbl_chksum : 0xe619d30d)
[  456.947422][ T8289] loop1: detected capacity change from 0 to 2048
[  456.960124][ T8289] UDF-fs: bad mount option "noadinicb@&°"w¤8¬êˆx7" or missing value
[  457.453688][ T5944] wlan1: Trigger new scan to find an IBSS to join
[  457.658248][ T8281] mac80211_hwsim hwsim5 wlan1: (WE) : Wireless Event (cmd=0x8B1A) too big (33)
[  459.180112][ T8305] wlan0 speed is unknown, defaulting to 1000
[  459.186252][ T8305] wlan0 speed is unknown, defaulting to 1000
[  459.193101][ T8305] wlan0 speed is unknown, defaulting to 1000
[  459.211689][ T8305] infiniband syz1: RDMA CMA: cma_listen_on_dev, error -98
[  459.292970][ T8305] wlan0 speed is unknown, defaulting to 1000
[  459.300413][ T8305] wlan0 speed is unknown, defaulting to 1000
[  459.309640][ T8305] wlan0 speed is unknown, defaulting to 1000
[  459.317230][ T8305] wlan0 speed is unknown, defaulting to 1000
[  461.411557][   T35] wlan1: Trigger new scan to find an IBSS to join
[  461.719160][ T2888] wlan1: Creating new IBSS network, BSSID 8e:fc:b1:76:d4:e5
[  461.859108][ T8317] loop0: detected capacity change from 0 to 256
[  461.902504][ T1289] ieee802154 phy1 wpan1: encryption failed: -22
[  462.001146][ T8317] FAT-fs (loop0): bogus number of FAT sectors
[  462.112293][ T8317] FAT-fs (loop0): Can't find a valid FAT filesystem
[  465.890103][ T8351] loop3: detected capacity change from 0 to 512
[  465.946377][ T8351] EXT4-fs (loop3): feature flags set on rev 0 fs, running e2fsck is recommended
[  466.146940][ T8352] netlink: 48 bytes leftover after parsing attributes in process `syz.2.496'.
[  466.990446][   T78] wlan1: Trigger new scan to find an IBSS to join
[  467.177839][ T8351] EXT4-fs error (device loop3): ext4_mb_generate_buddy:1244: group 0, block bitmap and bg descriptor inconsistent: 48 vs 41 free clusters
[  467.253589][ T8351] __quota_error: 134 callbacks suppressed
[  467.253604][ T8351] Quota error (device loop3): write_blk: dquota write failed
[  467.288009][ T8351] Quota error (device loop3): find_free_dqentry: Can't write quota data block 5
[  467.312001][ T8351] Quota error (device loop3): write_blk: dquota write failed
[  467.332046][ T8351] Quota error (device loop3): qtree_write_dquot: Error -28 occurred while creating quota
[  467.460896][ T8351] EXT4-fs error (device loop3): ext4_acquire_dquot:6953: comm syz.3.490: Failed to acquire dquot type 1
[  468.164676][ T8351] EXT4-fs (loop3): 1 truncate cleaned up
[  468.183344][ T8351] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  469.083481][   T35] wlan1: Creating new IBSS network, BSSID 00:8d:ff:ff:00:00
[  469.571595][ T5778] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  471.155590][ T8376] loop1: detected capacity change from 0 to 256
[  471.189281][   T11] wlan1: No active IBSS STAs - trying to scan for other IBSS networks with same SSID (merge)
[  471.225100][ T8376] FAT-fs (loop1): Directory bread(block 64) failed
[  471.231750][ T8376] FAT-fs (loop1): Directory bread(block 65) failed
[  471.238437][ T8376] FAT-fs (loop1): Directory bread(block 66) failed
[  471.244963][ T8376] FAT-fs (loop1): Directory bread(block 67) failed
[  471.251568][ T8376] FAT-fs (loop1): Directory bread(block 68) failed
[  471.258089][ T8376] FAT-fs (loop1): Directory bread(block 69) failed
[  471.264715][ T8376] FAT-fs (loop1): Directory bread(block 70) failed
[  471.271327][ T8376] FAT-fs (loop1): Directory bread(block 71) failed
[  471.277905][ T8376] FAT-fs (loop1): Directory bread(block 72) failed
[  471.284462][ T8376] FAT-fs (loop1): Directory bread(block 73) failed
[  471.315086][   T28] audit: type=1800 audit(1777725212.688:258): pid=8376 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.1.500" name="file2" dev="loop1" ino=1048638 res=0 errno=0
[  472.994576][ T8387] mac80211_hwsim hwsim3 wlan1: (WE) : Wireless Event (cmd=0x8B1A) too big (33)
[  473.281970][ T8393] ubi31: attaching mtd0
[  473.289457][ T8393] ubi31: scanning is finished
[  473.294179][ T8393] ubi31: empty MTD device detected
[  473.481770][ T8393] ubi31: attached mtd0 (name "mtdram test device", size 0 MiB)
[  473.489446][ T8393] ubi31: PEB size: 4096 bytes (4 KiB), LEB size: 3968 bytes
[  473.496915][ T8393] ubi31: min./max. I/O unit sizes: 1/64, sub-page size 1
[  473.504158][ T8393] ubi31: VID header offset: 64 (aligned 64), data offset: 128
[  473.511661][ T8393] ubi31: good PEBs: 32, bad PEBs: 0, corrupted PEBs: 0
[  473.518636][ T8393] ubi31: user volume: 0, internal volumes: 1, max. volumes count: 23
[  473.527083][ T8393] ubi31: max/mean erase counter: 0/0, WL threshold: 4096, image sequence number: 3541038973
[  473.537390][ T8393] ubi31: available PEBs: 28, total reserved PEBs: 4, PEBs reserved for bad PEB handling: 0
[  473.557229][ T8395] ubi31: background thread "ubi_bgt31d" started, PID 8395
[  476.587652][   T35] wlan1: Trigger new scan to find an IBSS to join
[  479.936084][    C1] ------------[ cut here ]------------
[  479.942356][    C1] WARNING: CPU: 1 PID: 8419 at net/core/flow_dissector.c:1107 __skb_flow_dissect+0xbde/0x6d60
[  479.952731][    C1] Modules linked in:
[  479.956687][    C1] CPU: 1 PID: 8419 Comm: syz.1.503 Not tainted syzkaller #0
[  479.964060][    C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026
[  479.974205][    C1] RIP: 0010:__skb_flow_dissect+0xbde/0x6d60
[  479.980185][    C1] Code: db 59 00 00 80 3d 70 ac fd 05 01 0f 85 01 5a 00 00 e8 06 27 0f f9 e9 17 f9 ff ff e8 fc 26 0f f9 e9 b4 03 00 00 e8 f2 26 0f f9 <0f> 0b e9 00 ff ff ff e8 e6 26 0f f9 c6 05 3b ac fd 05 01 48 c7 c7
[  479.999872][    C1] RSP: 0018:ffffc900001ef980 EFLAGS: 00010246
[  480.005984][    C1] RAX: ffffffff8877fb0e RBX: ffff8880262baff0 RCX: ffff888023da5a00
[  480.014128][    C1] RDX: 0000000000000100 RSI: ffffffff8b1c8f80 RDI: ffffffff8b1c8f40
[  480.022178][    C1] RBP: ffffc900001eff98 R08: dffffc0000000000 R09: 1ffffffff2238ca0
[  480.030190][    C1] R10: dffffc0000000000 R11: fffffbfff2238ca1 R12: ffffffff8e8b8b78
[  480.038242][    C1] R13: ffffffff8877f129 R14: 0000000000000000 R15: 1ffffffff1d17170
[  480.046301][    C1] FS:  00007fa4dcff66c0(0000) GS:ffff8880b8f00000(0000) knlGS:0000000000000000
[  480.055321][    C1] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  480.061968][    C1] CR2: 0000001b2da15ff8 CR3: 0000000024fd2000 CR4: 00000000003506e0
[  480.070031][    C1] Call Trace:
[  480.073351][    C1]  <IRQ>
[  480.076266][    C1]  ? mark_lock+0x94/0x320
[  480.080640][    C1]  ? __lock_acquire+0x1273/0x7d40
[  480.085763][    C1]  ? bpf_flow_dissect+0x3f0/0x3f0
[  480.090837][    C1]  ? verify_lock_unused+0x140/0x140
[  480.096121][    C1]  ? mark_lock+0x94/0x320
[  480.100498][    C1]  ? __lock_acquire+0x1273/0x7d40
[  480.105655][    C1]  ? mark_lock+0x94/0x320
[  480.110076][    C1]  ? __lock_acquire+0x1273/0x7d40
[  480.115154][    C1]  ? mark_lock+0x94/0x320
[  480.119577][    C1]  ? mark_lock+0x94/0x320
[  480.123967][    C1]  ? __lock_acquire+0x1347/0x7d40
[  480.129097][    C1]  ? verify_lock_unused+0x140/0x140
[  480.134342][    C1]  __skb_get_hash+0xf3/0x2e0
[  480.139019][    C1]  ? __lock_acquire+0x1347/0x7d40
[  480.144085][    C1]  ? __skb_get_hash_symmetric+0x1d0/0x1d0
[  480.149906][    C1]  ? mark_lock+0x94/0x320
[  480.154289][    C1]  nft_trace_init+0x1bb/0x410
[  480.159012][    C1]  ? nf_trace_fill_pkt_info+0x8a0/0x8a0
[  480.164647][    C1]  ? lockdep_hardirqs_on_prepare+0x40d/0x770
[  480.170700][    C1]  nft_do_chain+0x14fc/0x1600
[  480.175416][    C1]  ? lockdep_hardirqs_on+0x98/0x150
[  480.180666][    C1]  ? mark_lock+0x94/0x320
[  480.185090][    C1]  ? lockdep_hardirqs_on_prepare+0x40d/0x770
[  480.191119][    C1]  ? nft_fwd_dup_netdev_offload+0x120/0x120
[  480.197158][    C1]  ? ip6t_do_table+0x135e/0x1510
[  480.202163][    C1]  ? nf_route_table_hook6+0x2bb/0x7b0
[  480.207666][    C1]  nf_route_table_hook6+0x366/0x7b0
[  480.212945][    C1]  ? nft_inner_dump+0x2f0/0x2f0
[  480.217906][    C1]  ? ip6t_do_table+0x1d9/0x1510
[  480.222834][    C1]  ? nf_nat_ipv6_local_fn+0x2df/0x390
[  480.228289][    C1]  ? nft_inner_dump+0x2f0/0x2f0
[  480.233158][    C1]  nf_hook_slow+0xbd/0x200
[  480.237651][    C1]  __ip6_local_out+0x784/0x8a0
[  480.242436][    C1]  ? __ip6_local_out+0x60c/0x8a0
[  480.247418][    C1]  ? ip6_dst_hoplimit+0x350/0x350
[  480.252456][    C1]  ? __ip6_local_out+0x8a0/0x8a0
[  480.257466][    C1]  ? udp6_set_csum+0x98d/0xef0
[  480.262249][    C1]  ip6_local_out+0x2a/0x130
[  480.266824][    C1]  udp_tunnel6_xmit_skb+0x53e/0x970
[  480.272088][    C1]  tipc_udp_xmit+0x58d/0xb40
[  480.276716][    C1]  ? tipc_udp_xmit+0xb7/0xb40
[  480.281471][    C1]  ? tipc_udp_msg2addr+0x1d0/0x1d0
[  480.286597][    C1]  ? __lock_acquire+0x7d40/0x7d40
[  480.291675][    C1]  ? tipc_udp_send_msg+0x2a5/0x3e0
[  480.296810][    C1]  tipc_bearer_xmit_skb+0x2ad/0x3f0
[  480.299251][ T5773] Bluetooth: hci3: command 0x0406 tx timeout
[  480.302164][    C1]  ? tipc_bearer_xmit_skb+0xaa/0x3f0
[  480.313427][    C1]  ? tipc_bearer_min_mtu+0x1d0/0x1d0
[  480.318744][    C1]  tipc_disc_timeout+0x596/0x6f0
[  480.323754][    C1]  ? tipc_disc_init_msg+0x560/0x560
[  480.328989][    C1]  call_timer_fn+0x189/0x540
[  480.333614][    C1]  ? tipc_disc_init_msg+0x560/0x560
[  480.338816][    C1]  ? call_timer_fn+0xd2/0x540
[  480.343528][    C1]  ? __run_timers+0x800/0x800
[  480.348221][    C1]  ? _raw_spin_unlock_irq+0x23/0x50
[  480.353453][    C1]  ? lockdep_hardirqs_on+0x98/0x150
[  480.358676][    C1]  ? tipc_disc_init_msg+0x560/0x560
[  480.363934][    C1]  __run_timers+0x542/0x800
[  480.368489][    C1]  ? detach_timer+0x2b0/0x2b0
[  480.373207][    C1]  ? lock_chain_count+0x20/0x20
[  480.378097][    C1]  run_timer_softirq+0x67/0xf0
[  480.382866][    C1]  handle_softirqs+0x280/0x820
[  480.387675][    C1]  ? __irq_exit_rcu+0xd3/0x190
[  480.392448][    C1]  ? do_softirq+0x1a0/0x1a0
[  480.396982][    C1]  __irq_exit_rcu+0xd3/0x190
[  480.401572][    C1]  ? irq_exit_rcu+0x20/0x20
[  480.406111][    C1]  irq_exit_rcu+0x9/0x20
[  480.410358][    C1]  sysvec_apic_timer_interrupt+0xa4/0xc0
[  480.416008][    C1]  </IRQ>
[  480.418986][    C1]  <TASK>
[  480.421944][    C1]  asm_sysvec_apic_timer_interrupt+0x1a/0x20
[  480.427975][    C1] RIP: 0010:lock_acquire+0x208/0x420
[  480.433265][    C1] Code: f7 84 24 80 00 00 00 00 02 00 00 43 c6 44 3c 04 f8 0f 85 f0 00 00 00 41 f7 c6 00 02 00 00 74 01 fb 48 c7 44 24 60 0e 36 e0 45 <4b> c7 04 3c 00 00 00 00 43 c7 44 3c 08 00 00 00 00 65 48 8b 04 25
[  480.452901][    C1] RSP: 0018:ffffc900039cfb20 EFLAGS: 00000206
[  480.459061][    C1] RAX: 0000000000000001 RBX: 0000000000000000 RCX: ed9f2ecabbf40c00
[  480.467088][    C1] RDX: 0000000000000000 RSI: ffffffff8acadb60 RDI: ffffffff8b1c8fa0
[  480.475106][    C1] RBP: ffffc900039cfc30 R08: dffffc0000000000 R09: 1ffffffff2238ca6
[  480.483111][    C1] R10: dffffc0000000000 R11: fffffbfff2238ca7 R12: 1ffff92000739f70
[  480.491135][    C1] R13: ffff888031add720 R14: 0000000000000246 R15: dffffc0000000000
[  480.499152][    C1]  ? __might_sleep+0xe0/0xe0
[  480.503805][    C1]  ? read_lock_is_recursive+0x20/0x20
[  480.509183][    C1]  ? __lock_acquire+0x7d40/0x7d40
[  480.514239][    C1]  ? __might_fault+0xaa/0x120
[  480.518955][    C1]  __might_fault+0xc6/0x120
[  480.523499][    C1]  ? __might_fault+0xaa/0x120
[  480.528210][    C1]  do_recvmmsg+0x3c3/0x870
[  480.532651][    C1]  ? __sys_recvmmsg+0x290/0x290
[  480.537575][    C1]  ? __ia32_sys_get_robust_list+0x110/0x110
[  480.543492][    C1]  ? rcu_read_lock_sched_held+0x8a/0x110
[  480.549179][    C1]  __x64_sys_recvmmsg+0x199/0x250
[  480.554215][    C1]  ? do_recvmmsg+0x870/0x870
[  480.558841][    C1]  ? lockdep_hardirqs_on+0x98/0x150
[  480.564051][    C1]  do_syscall_64+0x55/0xa0
[  480.568493][    C1]  ? clear_bhb_loop+0x40/0x90
[  480.573197][    C1]  ? clear_bhb_loop+0x40/0x90
[  480.577934][    C1]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[  480.583837][    C1] RIP: 0033:0x7fa4ded9cdd9
[  480.588302][    C1] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  480.608018][    C1] RSP: 002b:00007fa4dcff6028 EFLAGS: 00000246 ORIG_RAX: 000000000000012b
[  480.616465][    C1] RAX: ffffffffffffffda RBX: 00007fa4df016090 RCX: 00007fa4ded9cdd9
[  480.624490][    C1] RDX: 0000000000010106 RSI: 00002000000000c0 RDI: 0000000000000007
[  480.632488][    C1] RBP: 00007fa4dee32d69 R08: 0000000000000000 R09: 0000000000000000
[  480.640472][    C1] R10: 0000000000000002 R11: 0000000000000246 R12: 0000000000000000
[  480.648488][    C1] R13: 00007fa4df016128 R14: 00007fa4df016090 R15: 00007fff3bd07d68
[  480.656510][    C1]  </TASK>
[  480.659534][    C1] Kernel panic - not syncing: kernel: panic_on_warn set ...
[  480.666810][    C1] CPU: 1 PID: 8419 Comm: syz.1.503 Not tainted syzkaller #0
[  480.674089][    C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026
[  480.684150][    C1] Call Trace:
[  480.687437][    C1]  <IRQ>
[  480.690286][    C1]  dump_stack_lvl+0x18c/0x250
[  480.695002][    C1]  ? show_regs_print_info+0x20/0x20
[  480.700212][    C1]  ? load_image+0x420/0x420
[  480.704733][    C1]  panic+0x2dc/0x730
[  480.708653][    C1]  ? bpf_jit_dump+0xd0/0xd0
[  480.713169][    C1]  __warn+0x2e0/0x470
[  480.717168][    C1]  ? __skb_flow_dissect+0xbde/0x6d60
[  480.722459][    C1]  ? __skb_flow_dissect+0xbde/0x6d60
[  480.727750][    C1]  report_bug+0x2be/0x4f0
[  480.732092][    C1]  ? __skb_flow_dissect+0xbde/0x6d60
[  480.737392][    C1]  ? __skb_flow_dissect+0xbde/0x6d60
[  480.742675][    C1]  ? __skb_flow_dissect+0xbe0/0x6d60
[  480.747979][    C1]  handle_bug+0xcf/0x120
[  480.752233][    C1]  exc_invalid_op+0x1a/0x50
[  480.756734][    C1]  asm_exc_invalid_op+0x1a/0x20
[  480.761608][    C1] RIP: 0010:__skb_flow_dissect+0xbde/0x6d60
[  480.767523][    C1] Code: db 59 00 00 80 3d 70 ac fd 05 01 0f 85 01 5a 00 00 e8 06 27 0f f9 e9 17 f9 ff ff e8 fc 26 0f f9 e9 b4 03 00 00 e8 f2 26 0f f9 <0f> 0b e9 00 ff ff ff e8 e6 26 0f f9 c6 05 3b ac fd 05 01 48 c7 c7
[  480.787132][    C1] RSP: 0018:ffffc900001ef980 EFLAGS: 00010246
[  480.793214][    C1] RAX: ffffffff8877fb0e RBX: ffff8880262baff0 RCX: ffff888023da5a00
[  480.801185][    C1] RDX: 0000000000000100 RSI: ffffffff8b1c8f80 RDI: ffffffff8b1c8f40
[  480.809173][    C1] RBP: ffffc900001eff98 R08: dffffc0000000000 R09: 1ffffffff2238ca0
[  480.817159][    C1] R10: dffffc0000000000 R11: fffffbfff2238ca1 R12: ffffffff8e8b8b78
[  480.825155][    C1] R13: ffffffff8877f129 R14: 0000000000000000 R15: 1ffffffff1d17170
[  480.833190][    C1]  ? __skb_flow_dissect+0x1f9/0x6d60
[  480.838481][    C1]  ? __skb_flow_dissect+0xbde/0x6d60
[  480.843798][    C1]  ? mark_lock+0x94/0x320
[  480.848171][    C1]  ? __lock_acquire+0x1273/0x7d40
[  480.853223][    C1]  ? bpf_flow_dissect+0x3f0/0x3f0
[  480.858272][    C1]  ? verify_lock_unused+0x140/0x140
[  480.863498][    C1]  ? mark_lock+0x94/0x320
[  480.867832][    C1]  ? __lock_acquire+0x1273/0x7d40
[  480.872875][    C1]  ? mark_lock+0x94/0x320
[  480.877213][    C1]  ? __lock_acquire+0x1273/0x7d40
[  480.882257][    C1]  ? mark_lock+0x94/0x320
[  480.886597][    C1]  ? mark_lock+0x94/0x320
[  480.890936][    C1]  ? __lock_acquire+0x1347/0x7d40
[  480.895981][    C1]  ? verify_lock_unused+0x140/0x140
[  480.901188][    C1]  __skb_get_hash+0xf3/0x2e0
[  480.905798][    C1]  ? __lock_acquire+0x1347/0x7d40
[  480.910844][    C1]  ? __skb_get_hash_symmetric+0x1d0/0x1d0
[  480.916617][    C1]  ? mark_lock+0x94/0x320
[  480.921000][    C1]  nft_trace_init+0x1bb/0x410
[  480.925701][    C1]  ? nf_trace_fill_pkt_info+0x8a0/0x8a0
[  480.931272][    C1]  ? lockdep_hardirqs_on_prepare+0x40d/0x770
[  480.937259][    C1]  nft_do_chain+0x14fc/0x1600
[  480.941939][    C1]  ? lockdep_hardirqs_on+0x98/0x150
[  480.947150][    C1]  ? mark_lock+0x94/0x320
[  480.951481][    C1]  ? lockdep_hardirqs_on_prepare+0x40d/0x770
[  480.957500][    C1]  ? nft_fwd_dup_netdev_offload+0x120/0x120
[  480.963435][    C1]  ? ip6t_do_table+0x135e/0x1510
[  480.968370][    C1]  ? nf_route_table_hook6+0x2bb/0x7b0
[  480.973752][    C1]  nf_route_table_hook6+0x366/0x7b0
[  480.978961][    C1]  ? nft_inner_dump+0x2f0/0x2f0
[  480.983830][    C1]  ? ip6t_do_table+0x1d9/0x1510
[  480.988694][    C1]  ? nf_nat_ipv6_local_fn+0x2df/0x390
[  480.994071][    C1]  ? nft_inner_dump+0x2f0/0x2f0
[  480.998939][    C1]  nf_hook_slow+0xbd/0x200
[  481.003397][    C1]  __ip6_local_out+0x784/0x8a0
[  481.008167][    C1]  ? __ip6_local_out+0x60c/0x8a0
[  481.013105][    C1]  ? ip6_dst_hoplimit+0x350/0x350
[  481.018139][    C1]  ? __ip6_local_out+0x8a0/0x8a0
[  481.023097][    C1]  ? udp6_set_csum+0x98d/0xef0
[  481.027911][    C1]  ip6_local_out+0x2a/0x130
[  481.032438][    C1]  udp_tunnel6_xmit_skb+0x53e/0x970
[  481.037664][    C1]  tipc_udp_xmit+0x58d/0xb40
[  481.042282][    C1]  ? tipc_udp_xmit+0xb7/0xb40
[  481.046957][    C1]  ? tipc_udp_msg2addr+0x1d0/0x1d0
[  481.052070][    C1]  ? __lock_acquire+0x7d40/0x7d40
[  481.057109][    C1]  ? tipc_udp_send_msg+0x2a5/0x3e0
[  481.062277][    C1]  tipc_bearer_xmit_skb+0x2ad/0x3f0
[  481.067495][    C1]  ? tipc_bearer_xmit_skb+0xaa/0x3f0
[  481.072785][    C1]  ? tipc_bearer_min_mtu+0x1d0/0x1d0
[  481.078086][    C1]  tipc_disc_timeout+0x596/0x6f0
[  481.083077][    C1]  ? tipc_disc_init_msg+0x560/0x560
[  481.088307][    C1]  call_timer_fn+0x189/0x540
[  481.092901][    C1]  ? tipc_disc_init_msg+0x560/0x560
[  481.098094][    C1]  ? call_timer_fn+0xd2/0x540
[  481.102775][    C1]  ? __run_timers+0x800/0x800
[  481.107473][    C1]  ? _raw_spin_unlock_irq+0x23/0x50
[  481.112863][    C1]  ? lockdep_hardirqs_on+0x98/0x150
[  481.118155][    C1]  ? tipc_disc_init_msg+0x560/0x560
[  481.123356][    C1]  __run_timers+0x542/0x800
[  481.127880][    C1]  ? detach_timer+0x2b0/0x2b0
[  481.132581][    C1]  ? lock_chain_count+0x20/0x20
[  481.137441][    C1]  run_timer_softirq+0x67/0xf0
[  481.142209][    C1]  handle_softirqs+0x280/0x820
[  481.147016][    C1]  ? __irq_exit_rcu+0xd3/0x190
[  481.151778][    C1]  ? do_softirq+0x1a0/0x1a0
[  481.156304][    C1]  __irq_exit_rcu+0xd3/0x190
[  481.160906][    C1]  ? irq_exit_rcu+0x20/0x20
[  481.165434][    C1]  irq_exit_rcu+0x9/0x20
[  481.169676][    C1]  sysvec_apic_timer_interrupt+0xa4/0xc0
[  481.175339][    C1]  </IRQ>
[  481.178269][    C1]  <TASK>
[  481.181202][    C1]  asm_sysvec_apic_timer_interrupt+0x1a/0x20
[  481.187362][    C1] RIP: 0010:lock_acquire+0x208/0x420
[  481.192646][    C1] Code: f7 84 24 80 00 00 00 00 02 00 00 43 c6 44 3c 04 f8 0f 85 f0 00 00 00 41 f7 c6 00 02 00 00 74 01 fb 48 c7 44 24 60 0e 36 e0 45 <4b> c7 04 3c 00 00 00 00 43 c7 44 3c 08 00 00 00 00 65 48 8b 04 25
[  481.212255][    C1] RSP: 0018:ffffc900039cfb20 EFLAGS: 00000206
[  481.218337][    C1] RAX: 0000000000000001 RBX: 0000000000000000 RCX: ed9f2ecabbf40c00
[  481.226327][    C1] RDX: 0000000000000000 RSI: ffffffff8acadb60 RDI: ffffffff8b1c8fa0
[  481.234302][    C1] RBP: ffffc900039cfc30 R08: dffffc0000000000 R09: 1ffffffff2238ca6
[  481.242286][    C1] R10: dffffc0000000000 R11: fffffbfff2238ca7 R12: 1ffff92000739f70
[  481.250261][    C1] R13: ffff888031add720 R14: 0000000000000246 R15: dffffc0000000000
[  481.258249][    C1]  ? __might_sleep+0xe0/0xe0
[  481.262876][    C1]  ? read_lock_is_recursive+0x20/0x20
[  481.268259][    C1]  ? __lock_acquire+0x7d40/0x7d40
[  481.273306][    C1]  ? __might_fault+0xaa/0x120
[  481.277995][    C1]  __might_fault+0xc6/0x120
[  481.282531][    C1]  ? __might_fault+0xaa/0x120
[  481.287206][    C1]  do_recvmmsg+0x3c3/0x870
[  481.291646][    C1]  ? __sys_recvmmsg+0x290/0x290
[  481.296522][    C1]  ? __ia32_sys_get_robust_list+0x110/0x110
[  481.302408][    C1]  ? rcu_read_lock_sched_held+0x8a/0x110
[  481.308053][    C1]  __x64_sys_recvmmsg+0x199/0x250
[  481.313089][    C1]  ? do_recvmmsg+0x870/0x870
[  481.317686][    C1]  ? lockdep_hardirqs_on+0x98/0x150
[  481.322890][    C1]  do_syscall_64+0x55/0xa0
[  481.327307][    C1]  ? clear_bhb_loop+0x40/0x90
[  481.331984][    C1]  ? clear_bhb_loop+0x40/0x90
[  481.336672][    C1]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[  481.342566][    C1] RIP: 0033:0x7fa4ded9cdd9
[  481.346982][    C1] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  481.366594][    C1] RSP: 002b:00007fa4dcff6028 EFLAGS: 00000246 ORIG_RAX: 000000000000012b
[  481.375022][    C1] RAX: ffffffffffffffda RBX: 00007fa4df016090 RCX: 00007fa4ded9cdd9
[  481.383002][    C1] RDX: 0000000000010106 RSI: 00002000000000c0 RDI: 0000000000000007
[  481.390978][    C1] RBP: 00007fa4dee32d69 R08: 0000000000000000 R09: 0000000000000000
[  481.398949][    C1] R10: 0000000000000002 R11: 0000000000000246 R12: 0000000000000000
[  481.406921][    C1] R13: 00007fa4df016128 R14: 00007fa4df016090 R15: 00007fff3bd07d68
[  481.414935][    C1]  </TASK>
[  481.418552][    C1] Kernel Offset: disabled
[  481.423000][    C1] Rebooting in 86400 seconds..