last executing test programs:

2m42.144310037s ago: executing program 2 (id=80):
syz_init_net_socket$nfc_llcp(0x27, 0x1, 0x1)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r0, 0x1, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
fsmount(0xffffffffffffffff, 0x0, 0x80)
r3 = socket(0x840000000002, 0x3, 0xff)
connect$inet(r3, &(0x7f0000000540)={0x2, 0x4e60, @dev={0xac, 0x14, 0x14, 0x28}}, 0x10)
r4 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
r5 = socket$inet_udp(0x2, 0x2, 0x0)
sendmmsg$inet(r5, &(0x7f0000003240)=[{{&(0x7f0000000100)={0x2, 0x4e24, @empty}, 0x10, &(0x7f00000016c0)=[{&(0x7f0000000000)="97", 0xfdef}], 0x1}}], 0x1, 0x4000800)
ioctl$TCSETAW(r4, 0x5407, &(0x7f0000000240)={0x4, 0x3, 0x2004, 0x8, 0xd, "03f37fe99f4da288"})
openat$ttyS3(0xffffffffffffff9c, &(0x7f00000000c0), 0x2000, 0x0)

2m39.15714202s ago: executing program 4 (id=87):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x20040, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='blkio.bfq.time\x00', 0x275a, 0x0)
write$binfmt_script(r2, &(0x7f0000000000), 0x208e24b)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x1000003, 0x13, r2, 0x0)
preadv(r2, &(0x7f00000015c0)=[{&(0x7f0000000080)=""/124, 0xffffff23}], 0x60, 0x0, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil})
r3 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r3, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@text64={0x40, &(0x7f0000000640)="430fc73f0f2390b9800000c00f3235010000000f300f20d835080000000f22d8c4e18173f53866baf80cb83879e487ef66bafc0cec66b88e008ec02d1aa80000460f1c460041ae", 0x47}], 0x1, 0x74, 0x0, 0x0)
getsockopt$sock_buf(0xffffffffffffffff, 0x1, 0x0, 0x0, &(0x7f0000000240))
ioctl$KVM_RUN(r3, 0xae80, 0x0)
setrlimit(0xf, &(0x7f0000000000)={0x1, 0x5})
sendmsg$NL802154_CMD_DEL_SEC_DEVKEY(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x4000891}, 0x20000084)
sendmsg$NL80211_CMD_DISASSOCIATE(0xffffffffffffffff, &(0x7f0000000200)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x40}, 0xc, 0x0}, 0x1)

2m37.065243932s ago: executing program 4 (id=94):
sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x2000040)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
r0 = getpid()
sched_setscheduler(r0, 0x1, &(0x7f0000000100)=0x5)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000001480)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f00000004c0)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
r3 = socket$inet6(0xa, 0x2, 0x0)
setsockopt$inet6_int(r3, 0x29, 0x19, &(0x7f0000000000)=0x84, 0xfde1)
connect$inet6(r3, 0x0, 0x0)
sendto$inet6(r3, &(0x7f0000001cc0), 0x0, 0x8000, 0x0, 0x0)
recvmmsg(r3, &(0x7f0000002480)=[{{0x0, 0x0, 0x0}}], 0x1, 0x40002003, 0x0)
syz_mount_image$erofs(&(0x7f0000000000), &(0x7f00000001c0)='./file1\x00', 0x4, &(0x7f0000000300)=ANY=[@ANYBLOB="00ea2eb34e7ea51c9446c55a2d1e0be39af9faf44ad59cb6ad1c94490d970e811439edddc71c9b18946b559ce53bee0a1abe562fc3f3898e5826eda1962cf6e3c4c0ade52151923a70b46eacfc1aaaebcf156e549e884bcabc1333f344f31cd30cd93cb2814e0dbc24a7a107e295e86e09283c825fe177c89c6385f68f2c843cffffffff15539bab6142ceed9265ba989d1a283fc4ffc83f3a7a6c746823e656ad78f3b5a336cdbd83dad59e0debb36b4ea5e658e253f01637cc03f704a08019f95b92fffffffff8dd21552d6967ab1b01e5d52a5793eb179deee4572770a5197127b090287bca2a4eaa1705b42c16968d0201d3ba3cc8000000657ea095f152b1b6a1e6ad8d24ad17f649ccc23d4ecbcdb5620cc48f95f563c2230f859d196e6c4f00b8e3a7b01fcb1d79dcc09b7a854ec8c31dd27ff9b4a2864e1dcaf719d20b56769d51228ecc1915fb8c8b598c11b3c296b05f9c5355fc6f19a7b28f5ae9a0d0804ccc5716cfac0246ddffa2f12077a02a959aa1b74373c38b2bcc90743b80666eae25dea73e127263b8fdbc64fe862b994ca8473d00000000000000009cf153dc0bf708", @ANYRESHEX=0x0], 0x1, 0x194, &(0x7f0000000640)="$eJzsmD9P+kAYx7/X8if88ktw1UUTScDB0hY1MjgwO2ii0bhJpBK0iIEOwGZ8Ec6+AmfiwvvQQZ0cxM3Joebawx4oYuI/jM9neO57dw/Hc0+Tb5OCIIg/y831w9VZMhHj+j8SiIr1WzXIUaT8Vvxx5qK0cn6i31+22svZ/vMYANd9//+HALRzKhwxd93eXyfEuA6lq8Py/iYYNKG3oWBDaAsMW0LvSbrC8zVtt2Rb2k7FLnCh82DwYPKQ6a+vc8RQkOpj0n6t0dzP27ZV/UIxrH+dnIIlqT75eXV7owf9gwEFhtAZMKwJvYhotzd+S6T7T4SC89Vvvv/vFuPxITlhjEqpJD5BMHBxFwNGo56fEoE/uacMScmfQpJ/pJ3yYbrWaM6WyvmiVbQOTDOzoM/p+ryZ9ozIj2/4X8zzp3/S+eEBuREWQT3vOFXDj89zsx6FUzVfc9yI538KUtN+1UysyXjvgzE2xYeUChwPrJYgCIIgCIIgCIIgCIIgCOIjTIJ5X0F7yL5YMle97KcAAAD//5Z1cak=")
read$FUSE(0xffffffffffffffff, &(0x7f0000003f00)={0x2020}, 0x2020)
r4 = syz_open_procfs(0x0, &(0x7f0000000080)='smaps\x00')
preadv(r4, &(0x7f0000000040)=[{&(0x7f00000024c0)=""/4127, 0x101f}], 0x1, 0x4000, 0x0)
setgroups(0x51, 0x0)
setreuid(0xee01, 0x0)
openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0)
fcntl$lock(r3, 0x26, 0x0)
ioctl$USBDEVFS_DISCONNECT_CLAIM(0xffffffffffffffff, 0x8108551b, &(0x7f0000002600)={0x0, 0x0, "5a77bd318786aeb879ca62cdab2a02fa560186d85b25a5665a3247e500f61681905db88235f8a5447dd2a2ed6e91626f068881e50f68530c2b21a100efb76cba37ff3111d6847e0c7f719e169a596e5fc008daefba68f6222103472bc55704cdb72b4b996ed82ccb1eaae27969d008ba7d34171113d806726615380fe65a6a0a72e19c2b60bd6276fd8bb6363d10f70da60fd53ded22c87eb2be010e4a62fb73c33424b437bb192c9d06ea6ed04983fe5c5ca033dfce0a82575ef14eee686be0fc58e384f93a13e4e8bbf599394baea3a9ca1864f0a35d6cc38fca32ad6b39905a9727d2001457df7be7e1aefe3635b2ee97c143f28def4b73905ca14d90d1f6"})

2m35.702836027s ago: executing program 4 (id=96):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000440)={0x2, 0x5, &(0x7f0000000680)=ANY=[], &(0x7f0000000040)='syzkaller\x00', 0x5, 0xee, &(0x7f0000000340)=""/238}, 0x94)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(r1, r2, &(0x7f0000fe8000/0x18000)=nil, &(0x7f00000001c0)=[@text64={0x40, 0x0}], 0x1, 0x24, 0x0, 0x0)
ioctl$KVM_SET_VCPU_EVENTS(r2, 0x4400ae8f, &(0x7f00000000c0)=@x86={0x60, 0x4, 0x9, 0x0, 0x0, 0x0, 0x10, 0x0, 0x0, 0x7f, 0x9, 0x1, 0x0, 0x0, 0x8, 0x0, 0xff, 0xff, 0x0, '\x00', 0x0, 0x1})

2m35.533330828s ago: executing program 2 (id=97):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
r0 = getpid()
sched_setscheduler(r0, 0x1, &(0x7f0000000100)=0x5)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000001480)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, 0x0, 0x0)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
bpf$MAP_CREATE(0x0, 0x0, 0x50)
bind$inet(0xffffffffffffffff, 0x0, 0x0)
r3 = socket$vsock_stream(0x28, 0x1, 0x0)
bind$vsock_stream(r3, &(0x7f0000000440), 0x10)
listen(r3, 0xfffffffe)
r4 = socket$vsock_stream(0x28, 0x1, 0x0)
connect$vsock_stream(r4, &(0x7f0000000100)={0x28, 0x0, 0x0, @local}, 0x10)
writev(r4, &(0x7f00000003c0)=[{&(0x7f0000000680)='h', 0x1}], 0x1)
r5 = accept4$unix(r3, 0x0, 0x0, 0x0)
recvmmsg(r5, &(0x7f0000001680)=[{{0x0, 0x0, &(0x7f0000003380)=[{&(0x7f0000000140)=""/120, 0x78}, {&(0x7f0000000040)=""/40, 0x28}, {&(0x7f0000003300)=""/107, 0x6b}], 0x3}}], 0x4000000000000a1, 0x2, 0x0)
recvfrom$unix(r5, &(0x7f0000000480)=""/238, 0xee, 0x10120, 0x0, 0x0)

2m35.113320243s ago: executing program 4 (id=99):
syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f0000000180)='./bus\x00', 0xe, &(0x7f0000000280)={[{@dioread_lock}, {@resgid}]}, 0x6, 0x44b, &(0x7f00000004c0)="$eJzs282PU1UbAPDn3k6HlxdwRsQPPtRRNE78mGEAlYULNZq4wMREF7qczAwEKYxhxkQIUTAGV8aYuDcu/Rdc6cYYVyZudW9IiGEDuKq57b1MW9rClJYO9PdLLpxz77lzztN7T3vOPW0AI2sq+yeJ2BoRf0bERD3bXGCq/t/Vy2cXrl0+u5BEtfruP0mt3JXLZxeKosV5W/LMdBqRfpHE7jb1rpw+c3y+Ulk6lednV098NLty+swLx07MH106unRy/6FDBw/MvfzS/hf7EmfWpiu7Pl3es/OtD755+/BXTfG3xNEnU90OPl2t9rm64drWkE7GhtgQ1qUUEdnlKtf6/0SUYu3iTcSbnw+1ccBAVavV6pbOh89VgXtYEs15XR5GRfFBn81/i611EPDq4IYfQ3fptfoEKIv7ar7Vj4xFmpcpt8xv+2kqIt4/9+932RaDeQ4BANDkp2z883y78V8aDzWUuy9fG5qMiPsjYntEPBAROyLiwYha2Ycj4pF11t+6SHLj+Ce92FNgtygb/72Sr201j/+K0V9MlvLctlr85eTIscrSvvw1mY7ypiw/16WOn9/44+tOxxrHf9mW1V+MBfN2XBzb1HzO4vzq/O3E3OjS+YhdY+3iT66vBCQRsTMidvVYx7Fnf9jT6djN4++iD+tM1e8jnqlf/3PREn8h6b4+Ofu/qCztmy3uihv99vuFdzrVf1vx90F2/f/f9v6/Hv9k0rheu7L+Oi789WXHOU2v9/948l4tPZ7v+2R+dfXUXMR4crje6Mb9+9fOLfJF+Sz+6b3t+//2WHsldkdEdhM/GhGPRcTjedufiIgnI2Jvl/h/ff2pD3uPf7Cy+BfXdf3XEuPRuqd9onT8lx+bKp28If5r3a//wVpqOt9zK+9/t9Ku3u5mAAAAuPukEbE1knTmejpNZ2bq35ffEZFWlldWnzuy/PHJxfpvBCYj0uJJ10TD89C5fFpfz5+PiPpXC4rjB/Lnxt+WNtfyMwvLlcVhBw8jbkuH/p/5uzTs1gED5/daMLr0fxhd+j+MLv0fRleb/r95GO0A7rx2n/+fDaEdwJ3X0v8t+8EIMf+H0aX/w+jS/2EkrWyOm/9Ivmui+Es9nn7PJqK8IZoxsESkG6IZGzZRvsv7xfDekwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPrpvwAAAP//9gndaw==")
creat(&(0x7f0000000100)='./bus\x00', 0x1fb978507dcbbbd6)
mount(&(0x7f0000000280)=@loop={'/dev/loop', 0x0}, &(0x7f0000000140)='./bus\x00', 0x0, 0x5000, 0x0)
r0 = open(&(0x7f0000000000)='./bus\x00', 0x8000, 0xa0)
ioctl$LOOP_SET_STATUS64(r0, 0x4c04, &(0x7f0000000540)={0x0, 0x0, 0x0, 0x7fffffffffffffff, 0x8005, 0x0, 0x1, 0x12, 0xd, "ef359f413bb93852f7d6a4ae6dddfbd1ce5d29c2ee5e5ca9000ff8ee09e737ff0edf110ff4117639c2eb4b78c660e677df701905b9aafab4afaaf755a3f6a004", "036c47c6780820d1cbf7966d61fdcf335263bd9bffbcc2542ded71038259ca171ce1a311ef54ec32d71e14ef3dc177e9b48b00", "f28359738e229a4c66810000000000d300e6d602000000000000000000000001", [0x204]})

2m34.529060919s ago: executing program 2 (id=101):
syz_mount_image$ext4(&(0x7f0000000380)='ext4\x00', &(0x7f00000000c0)='./file1\x00', 0x4000, &(0x7f0000000040)={[{@test_dummy_encryption}, {@grpquota}]}, 0x2, 0xbbf, &(0x7f0000000440)="$eJzs3M9rHOUbAPBnJptt2ub73VRErBcjIi2I26SSYotgKxUvHgS9Cg3ppoRsf5BEatIcNvoPiHoWvAhqUTzYcy+KXr1oe1U8CEVioyCikdkfSdpk09TudmL7+cC7877z7u7zPDvszrywuwHctwazmzRib0ScSCJKzf1pRBTrvb6IWuN+S4vzY78vzo8lsbz8yi9JJBFxfXF+rPVcSXO7uznoi4hvn0/igbfWx52enZscrVYrU83xgZnT5w5Mz849NXF69FTlVOXM8KFnRg6OHBo6PNKxWv/44eil3x578afanx//dfHXdz9M4mj0N+fW1tEpgzG48pqsVYiI0U4Hy0lPs561dSaFWzwo7XJSAAC0la65hnsoStETqxdvpfjyu1yTAwAAADpiuSdiGQAAALjHJdb/AAAAcI9rfQ/g+uL8WKvl+42Eu+vasYgYaNS/1GyNmULU6tu+6I2IXdeTWPuz1qTxsDs2GBE/Xj38WdaiS79D3kxtISIe3uj4J/X6B+q/4l5ffxoRQx2IP3jT+L9U/9EOxM+7fgDuT5ePNU5k689/6cr1T2xw/itscO76N/I+/7Wu/5bWXf+t1t/T5vrv5S3GuPDR++fbzWX1P3vphU9bLYufbe+oqNtwbSHikcJG9Scr9Sdt6j+xxRilv89X2s3lXf/yBxH7YuP6W5LN/5/owPhEtTLUuN0wxsI3I5+0i593/dnx39Wm/tb/P7U7/ue2GOO148c/X7fz6mp38/rTn4vJq/VesbnnjdGZmanhiGLy0vr9BzfPpXWf1nNk9e9/fPP3/0b1Z58JtebrkK0FFprbbPzmTTGfu3jhi3b5tNZ/eR7/k22O/9r6vy6sP/5vbzHGE1+9s7/d3Nr1b9ay+K21MAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAC0pBHRH0laXumnabkcsTsiHoxdafXs9MyT42dfP3Mym4sYiN50fKJaGYqIUmOcZOPhen91fPCm8dMRsSci3ivtrI/LY2erJ/MuHgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgBW7I6I/krQcEWlELJXStFzOOysAAACg4wZuHBbzygMAAADonoG8EwAAAAC6zvofAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACALtvz6OUrSUTUjuyst0yxOdeba2ZAt6V5JwDkpifvBIDcFPJOAMjNba7xXS7APSi5xXxf25kdHc8FAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgO1r397LV5KIqB3ZWW+ZYnOuN9fMgG5L804AyE3PZpOFu5cHcPd5i8P9yxofSG4x37d6n9qNMzu6lhMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA209/vSVpOSKKzX3lcsT/ImIgepPxiWplKCL+HxHfl3p3ZOPhlUf35ZY3AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAnTU9Ozc5Wq1WprJOGs3Oyh6d1U7SeMVq2yUfnTvsFGNbpLFNO3l/MgEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAkIfp2bnJ0Wq1MjWddyYAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABA3qZn5yZHq9XKVBc7edcIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEB+/gkAAP//FUoKgg==")
creat(&(0x7f0000000000)='./file1\x00', 0x28)
rename(&(0x7f0000001080)='./file1\x00', &(0x7f00000010c0)='./bus\x00')
openat(0xffffffffffffff9c, &(0x7f0000000040)='./bus\x00', 0x800c4, 0xf7)

2m34.365387101s ago: executing program 4 (id=102):
openat(0xffffffffffffff9c, &(0x7f0000000040)='.\x00', 0x0, 0x0)
pipe2$9p(&(0x7f0000001900)={0xffffffffffffffff, <r0=>0xffffffffffffffff}, 0x0)
dup(r0)
syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
r1 = socket$packet(0x11, 0x3, 0x300)
openat$uinput(0xffffffffffffff9c, &(0x7f0000000040), 0x802, 0x0)
socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040))
openat$thread_pidfd(0xffffffffffffff9c, &(0x7f0000000000), 0x800, 0x0)
socket(0x10, 0x3, 0x0)
syz_open_dev$tty20(0xc, 0x4, 0x1)
pipe2(&(0x7f0000000400), 0x0)
openat$random(0xffffffffffffff9c, &(0x7f000000fe80), 0x40800, 0x0)
r2 = creat(&(0x7f0000000140)='./file0\x00', 0x2d)
syz_usb_connect$uac1(0x0, 0xa4, &(0x7f0000001200)=ANY=[@ANYBLOB, @ANYRES8=r2, @ANYRES64=r1], 0x0)

2m33.963733916s ago: executing program 4 (id=103):
r0 = gettid()
prlimit64(r0, 0xe, &(0x7f0000000e80)={0x8, 0x8c}, 0x0)
openat$tun(0xffffffffffffff9c, &(0x7f0000000640), 0x80000, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0xa, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x7)
sched_setscheduler(0x0, 0x1, 0x0)
r1 = getpid()
getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x1000003, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r1, 0x8, &(0x7f0000000240)=0x2)
clock_adjtime(0x0, &(0x7f0000000000)={0x66b7, 0x0, 0xfffffffffffeffff, 0x7, 0x0, 0xfffffffffffffffd, 0x77, 0x0, 0x0, 0x0, 0x8, 0x248e, 0xfffffffffffffffe, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x2, 0x81, 0x6, 0x5, 0x7ff, 0xf439})
r4 = socket$inet(0xa, 0x1, 0x0)
setsockopt$IPT_SO_SET_REPLACE(r4, 0x0, 0x40, &(0x7f00000002c0)=@mangle={'mangle\x00', 0x44, 0x6, 0x410, 0x2d8, 0x98, 0x2d8, 0x98, 0x138, 0x378, 0x378, 0x378, 0x378, 0x378, 0x6, 0x0, {[{{@ip={@loopback, @multicast1=0xe0007600, 0x0, 0x0, 'gre0\x00', 'ip6gre0\x00', {}, {}, 0x0, 0x0, 0x11}, 0x7a00, 0x70, 0x98}, @inet=@DSCP={0x28}}, {{@ip={@multicast1, @local, 0x0, 0x0, 'wg1\x00', 'nicvf0\x00', {}, {}, 0x11}, 0x0, 0x70, 0xa0}, @TPROXY={0x30, 'TPROXY\x00', 0x0, {0x0, 0x0, @local}}}, {{@ip={@broadcast, @multicast2, 0x0, 0x0, 'vlan1\x00', 'nr0\x00'}, 0x0, 0xb8, 0x100, 0x0, {}, [@common=@unspec=@limit={{0x48}, {0x0, 0x28, 0x0, 0x0, 0x0, 0x1}}]}, @common=@inet=@TEE={0x48, 'TEE\x00', 0x1, {@ipv6=@private2, 'veth0_virt_wifi\x00', {0x7}}}}, {{@ip={@rand_addr, @private, 0xffffffff, 0xff, 'syzkaller0\x00', 'veth1_to_team\x00', {}, {0xff}}, 0x0, 0x70, 0xa0}, @TPROXY={0x30, 'TPROXY\x00', 0x0, {0x0, 0x0, @empty}}}, {{@ip={@empty, @empty, 0xff000000, 0x0, 'lo\x00', 'batadv_slave_1\x00'}, 0x0, 0x70, 0xa0}, @TPROXY={0x30, 'TPROXY\x00', 0x0, {0x1fb, 0x0, @loopback}}}], {{'\x00', 0x0, 0x70, 0x98}, {0x28}}}}, 0x470)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
r5 = getpid()
sched_setscheduler(r5, 0x1, &(0x7f0000000100)=0x5)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000001480))

2m33.640955439s ago: executing program 32 (id=103):
r0 = gettid()
prlimit64(r0, 0xe, &(0x7f0000000e80)={0x8, 0x8c}, 0x0)
openat$tun(0xffffffffffffff9c, &(0x7f0000000640), 0x80000, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0xa, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x7)
sched_setscheduler(0x0, 0x1, 0x0)
r1 = getpid()
getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x1000003, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r1, 0x8, &(0x7f0000000240)=0x2)
clock_adjtime(0x0, &(0x7f0000000000)={0x66b7, 0x0, 0xfffffffffffeffff, 0x7, 0x0, 0xfffffffffffffffd, 0x77, 0x0, 0x0, 0x0, 0x8, 0x248e, 0xfffffffffffffffe, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x2, 0x81, 0x6, 0x5, 0x7ff, 0xf439})
r4 = socket$inet(0xa, 0x1, 0x0)
setsockopt$IPT_SO_SET_REPLACE(r4, 0x0, 0x40, &(0x7f00000002c0)=@mangle={'mangle\x00', 0x44, 0x6, 0x410, 0x2d8, 0x98, 0x2d8, 0x98, 0x138, 0x378, 0x378, 0x378, 0x378, 0x378, 0x6, 0x0, {[{{@ip={@loopback, @multicast1=0xe0007600, 0x0, 0x0, 'gre0\x00', 'ip6gre0\x00', {}, {}, 0x0, 0x0, 0x11}, 0x7a00, 0x70, 0x98}, @inet=@DSCP={0x28}}, {{@ip={@multicast1, @local, 0x0, 0x0, 'wg1\x00', 'nicvf0\x00', {}, {}, 0x11}, 0x0, 0x70, 0xa0}, @TPROXY={0x30, 'TPROXY\x00', 0x0, {0x0, 0x0, @local}}}, {{@ip={@broadcast, @multicast2, 0x0, 0x0, 'vlan1\x00', 'nr0\x00'}, 0x0, 0xb8, 0x100, 0x0, {}, [@common=@unspec=@limit={{0x48}, {0x0, 0x28, 0x0, 0x0, 0x0, 0x1}}]}, @common=@inet=@TEE={0x48, 'TEE\x00', 0x1, {@ipv6=@private2, 'veth0_virt_wifi\x00', {0x7}}}}, {{@ip={@rand_addr, @private, 0xffffffff, 0xff, 'syzkaller0\x00', 'veth1_to_team\x00', {}, {0xff}}, 0x0, 0x70, 0xa0}, @TPROXY={0x30, 'TPROXY\x00', 0x0, {0x0, 0x0, @empty}}}, {{@ip={@empty, @empty, 0xff000000, 0x0, 'lo\x00', 'batadv_slave_1\x00'}, 0x0, 0x70, 0xa0}, @TPROXY={0x30, 'TPROXY\x00', 0x0, {0x1fb, 0x0, @loopback}}}], {{'\x00', 0x0, 0x70, 0x98}, {0x28}}}}, 0x470)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
r5 = getpid()
sched_setscheduler(r5, 0x1, &(0x7f0000000100)=0x5)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000001480))

2m33.400034842s ago: executing program 2 (id=106):
syz_init_net_socket$nfc_llcp(0x27, 0x1, 0x1)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r0, 0x1, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r3 = socket(0x840000000002, 0x3, 0xff)
connect$inet(r3, &(0x7f0000000540)={0x2, 0x4e60, @dev={0xac, 0x14, 0x14, 0x28}}, 0x10)
r4 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
ioctl$KVM_CAP_SPLIT_IRQCHIP(0xffffffffffffffff, 0x4068aea3, &(0x7f00000000c0)={0x79, 0x0, 0x1})
madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x19)
r5 = socket$inet_udp(0x2, 0x2, 0x0)
setsockopt$SO_TIMESTAMPING(r5, 0x1, 0x25, &(0x7f0000000080)=0x1f6, 0x4)
sendmmsg$inet(r5, &(0x7f0000003240)=[{{&(0x7f0000000100)={0x2, 0x4e24, @empty}, 0x10, &(0x7f00000016c0)=[{&(0x7f0000000000)="97", 0xfdef}], 0x1}}], 0x1, 0x4000800)
ioctl$TCSETAW(r4, 0x5407, &(0x7f0000000240)={0x4, 0x3, 0x2004, 0x8, 0xd, "03f37fe99f4da288"})
ioctl$TIOCMSET(r4, 0x5418, &(0x7f0000000000)=0x8001)
openat$ttyS3(0xffffffffffffff9c, &(0x7f00000000c0), 0x2000, 0x0)

2m26.966211081s ago: executing program 2 (id=116):
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(0x0, 0x2, &(0x7f0000000100)=0x5)
r0 = creat(&(0x7f00000003c0)='./file1\x00', 0x192)
openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x40100, 0x0)
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu/syz0\x00', 0x1ff)
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200), 0x28100, 0x0)
setsockopt$inet_mreqn(0xffffffffffffffff, 0x0, 0x0, &(0x7f0000000000)={@multicast1, @local}, 0xc)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000400)={0x0, 0x0, &(0x7f0000000380)={&(0x7f0000000740)=ANY=[], 0x14}, 0x1, 0x0, 0x0, 0x40}, 0x40801)
r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
ioctl$KVM_NMI(r3, 0xae9a)
ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f0000000440)={[0x0, 0x100000000, 0x0, 0x81, 0x100000, 0x0, 0x2004c8, 0x8000000, 0x0, 0x0, 0x7, 0x0, 0x5, 0x0, 0x2, 0xffffffffffffffff], 0x0, 0x200})
ioctl$KVM_RUN(r3, 0xae80, 0x0)
ioctl$KVM_SET_REGS(r3, 0x4090ae82, 0x0)
ioctl$KVM_RUN(r3, 0xae80, 0x0)

2m25.650848576s ago: executing program 2 (id=120):
prlimit64(0x0, 0xe, 0x0, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0)
recvmmsg(r1, &(0x7f0000000040), 0x80002c1, 0x2, 0x0)
prctl$PR_SET_SECUREBITS(0x1c, 0x25)
setresuid(0x0, 0xee01, 0x0)
r3 = open(&(0x7f00009e1000)='./file0\x00', 0x60840, 0x1d2)
fcntl$setlease(r3, 0x400, 0x0)
capset(&(0x7f0000000040)={0x20080522}, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000017c0)={0x1, 0xe, &(0x7f0000000c00)=ANY=[@ANYBLOB="b7000000ff000000bfa300000000000007030000f0ffffff620af0fff8ffffff71a4f0ff000000002d040200000000001d400200000000004604000001ed000062030000000000001d440000000000007a0a00fe00ffffffc3030000a1000000b5000000000000009500000000000000023bc065b58111c6dfa041b63af4a3912435f1a864a710e4d58db6a693002e7f3be361917adef6ee1c8a2a4f8ef1e50becb19bc461e91a7168c50000000190f32050e436fe275daf51efd601b6bf01c8e8b1b526375ec4dd6fcd82e4fee5bef7af9aa0d7d600c095199fe3ff3128e599b0eaebbdbd732c9cc00eec363e4a8f6456e2cc21557c0afc646cb7798b3e6440c2fbdb00c37dfca3e35208b0bb0d2cd829e654400e2438ec649dc74a28610643a98d9ec21ead2ed51b104d4d91af25b845d8a7925c3109b151b8b9f75dd08d123deda88c658d42ecbf28bf7076c15b463bebba2c598b4fc72f526d8e8afcb913466aaa7f6df70252e79166d858fcd0e06dd31af9612f2460d0b11008e59a5923906f88b53987ad1714e72ba7a54f0c33d39000d06a59ff616236fd9aa58f2477184b6a89adaf17b0a6041bdef728d236619074d6ebdfd1f5089048ddff6da40f9411fe722631cb467600ade70063e5291569b33d21dae356e1c51f03a801be8189679a16da18ec0ae564162a27afea62d84f3a10746443d6438e959532e0617d419c6bc6ea9f2bca4464f56e24e6d2105bd901204a1deeed4155617572652d950ad31928b0b0c3dc2869f478341d02d0f5ad94b081fcd507acb4b9c65fee9d5a17f48a7382f13d000000225d85ae49cee383dc5049076b989b40000000000000da60d2ae20cfb91d6a49964757cdf538f9ce2bdb1ab062cd54e67011d355d84ce97bb0c6b4a595e487efbb2d71cde2c140952f9a0f0bc6980fe78683ac5c0c31032599ddd71063be9261b2e1aab1675b34a22048ef8c126aeef5f510a8f1aded94a129e4aec6f8d9ab06faffc3a15d96c2ea3e2e04cfe031b2875353193f82ade69d0540059fe6c7fe7cd8697502c7596566d674e425da5e87e59602a9f6590521d31d3804b3e0a1053abdc31282dfb15eb6841bb64a1b304502dda787343ce3c953992e4a982f3c48153baae244e7bf37548c7f1a4cad2422ee965a38f7defbd2160242b104e20dc2d9b0c35608d402ccdd9069bd50b994fda7a9de44028d6112a0c2d21b2dc98816106dec28eaeb883418f562ae00003ea96d10f172c0374d6eed826416050000000bfe9b4a9c5a90ff59d54d1f92ecc4e95dd2d18383117c039862198899b212c55318294270a1ad10c80fef7c24d47afce829ba0f85da6d888f18ea40ab959f6074ab2a40d85d15017ab513cdc6c0e57fb1c1ca571380d7b4ead35a385e0b4a26b702396df7e0465f2f994114f244a9bf93f04bf072f0861f7580e69db384ac7eeedcf2ba1a9508f9d6aba582a896a9f1ffa968eacea75caf822a7a63ba34015ea5aacb1188883ad2a3b1832371fe5bc621426d1ed0a4a99702cc1b6912a1e717d29135753208165b9cdbae2ed9dc7358f0ebadde0b727f27feeb744ddcc536cbae315c7d1fe1399562ba6824840b08000000f6f2f9a6a8346962a350845ffa0d829e4f79adc287906943408e6df3c3bfd03aac93df8866fb010aec0e92bed1fe39af169d2a466f0db6f3d9436a7d55fc30511d00000000c95265b2bd83d64a532869d701723fedcbada1ee7baa5b6a686b50f0937f778af083e055f6138a757ebd0ed93517a6b244f9acf41ac5d73a008364e0606a594817031fc2f52c8785fe0721719b3d654026c6ea08b83b123145ab5703dad844ceb201ddeb6dc5f6a903792283c42efc54fa84323afc4c10eff462c8843187f1dd48ef3fa293774d582956ff0f40b10ca94f6feeb2893c17888e1cdba94a6ea80c33ead5722c3293a493f1479531dd88261458f40d31fe8df15efaaeea831555877f9538d6ee6ba65893ff1f908ba7554ba583fef3ec7932f5954f31a878e2fae6691d1aee1da02ba516467df3e7d1daac43738012e4fee18a22da19fcdb4c2890cda1f96b952511e3a69d694d625e0b2f808890205f3a6da2819d2f9e77c7c64affa54fec0136cbafa5f62e96753b639a924599c1f69219927ea5301fff0a6063d427f0688430754c02180d61542c25000000000000000005a7b57f03ca91a01ba2e30ca99e8ebc15ecb4d91675767999d146aef7799738b292fd640dfef6b04d086f737a159d7e0c6e4d81ad64a8bbca48568325b2969e2b15f36b788bce5ccdbaf75c94cb93499f6947a967a7bce14c6de4e7c0660d80010f5c653d22d49030a8c2a4ab595bf4238f18ca428dafc7ac96d404607a0000000051a2104f22e6db5a62b5089c1b45282d38864daa3ae81d6b0968d1d2867b91b7d120617d12d91db2633d6864da40b54783a17aaeb6737c323f9f98e354cc98dcfe23ad01bd1c61563e69ffe1c2c73e1661261173f359e93d2c5e424c17998809ec8f0232b3955e052a4cecd89008f70314a0bdd491ec86a4555d89fe0120f64c62e8e3ed8bcb45202c3d4bbec8d722824c0ebca8db1ea4a003d2fbdc1f9be78537756ab5bbe4fe9af5d785d0128171c90d9900ce2532b0f9d01c4b45294fbba468df3e1b393cb4e62e754598e47df6bd06431c94bc5d047899fd219f448bf9189c65c9d91eda6b52a373803a9efe44f86909bc90addb7b9aee813df534aac4b3093c91b8068cd849904568916694d461b76a58d88cf0f520310a1e9fdc18cde98d662eee077515d0a8811922929e085392ab3d1311b8243266d87047f601fa88a0da36b9f302e82623951743283070744f143fdec90ba5a82668d5fac114c13955ad6dca5db2231d8ba14c54c47ed04a4b4ace17e357e1d6432399f87a7a14245bbd796a09313b247b95d37ff40a404bdad74bd20000000000000000000099fef7cd7af3ce64a92f95d89d125b1e641240d7e5e27a3d1f7684448c3e3822d617e205061298b939a191be4b48e169bde2cae3accc5bd40a2968b59c93d35f8e42366fdef9a2abae1cf01ce68abff28861aac8302d268569dd42e194e330c7aaa54ebbcefd23f21ce8153b9926e12e925cb56119df72c7533a48d028ad0c74e2a9478fa3be18a1a2b65079cc1c7bc46dd12305a1ae9dd19e8d525206c0a728cfd42193abe8130b51d6c9b94c5513df2d85e8c01a2d69841f3d7799ac04bdc590bb1c89b9c695f163e57343c9bfb59909433c9001c5f8b23e38534a538fc933cac6c2a92d038df638a0f226df9fb857bd414c2cd69985e8053e3dfa41614d7c74d04d8c2471041d17c730fad28395f8d4688898cd58b9d600c851626529bb58aa364b55e73f053450665e7b94ad1012fd7a8139166fd5e59c84f4ab279b1b99c028db4cb9680c8035f967db18de738844da7e260a830c1ffa49f5af3c15423a0e315acb82a3e89218cb314e68fda4d94aa1d815babc13b9fd336d205c5913ef670000000000000000ba470bfe62fe2933082149d42e8a00a5b4f7e9ad0500000000000000"], &(0x7f00000001c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x0, 0x10, &(0x7f0000000000), 0xfffffffffffffd64}, 0x48)

2m9.412110861s ago: executing program 33 (id=120):
prlimit64(0x0, 0xe, 0x0, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0)
recvmmsg(r1, &(0x7f0000000040), 0x80002c1, 0x2, 0x0)
prctl$PR_SET_SECUREBITS(0x1c, 0x25)
setresuid(0x0, 0xee01, 0x0)
r3 = open(&(0x7f00009e1000)='./file0\x00', 0x60840, 0x1d2)
fcntl$setlease(r3, 0x400, 0x0)
capset(&(0x7f0000000040)={0x20080522}, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000017c0)={0x1, 0xe, &(0x7f0000000c00)=ANY=[@ANYBLOB="b7000000ff000000bfa300000000000007030000f0ffffff620af0fff8ffffff71a4f0ff000000002d040200000000001d400200000000004604000001ed000062030000000000001d440000000000007a0a00fe00ffffffc3030000a1000000b5000000000000009500000000000000023bc065b58111c6dfa041b63af4a3912435f1a864a710e4d58db6a693002e7f3be361917adef6ee1c8a2a4f8ef1e50becb19bc461e91a7168c50000000190f32050e436fe275daf51efd601b6bf01c8e8b1b526375ec4dd6fcd82e4fee5bef7af9aa0d7d600c095199fe3ff3128e599b0eaebbdbd732c9cc00eec363e4a8f6456e2cc21557c0afc646cb7798b3e6440c2fbdb00c37dfca3e35208b0bb0d2cd829e654400e2438ec649dc74a28610643a98d9ec21ead2ed51b104d4d91af25b845d8a7925c3109b151b8b9f75dd08d123deda88c658d42ecbf28bf7076c15b463bebba2c598b4fc72f526d8e8afcb913466aaa7f6df70252e79166d858fcd0e06dd31af9612f2460d0b11008e59a5923906f88b53987ad1714e72ba7a54f0c33d39000d06a59ff616236fd9aa58f2477184b6a89adaf17b0a6041bdef728d236619074d6ebdfd1f5089048ddff6da40f9411fe722631cb467600ade70063e5291569b33d21dae356e1c51f03a801be8189679a16da18ec0ae564162a27afea62d84f3a10746443d6438e959532e0617d419c6bc6ea9f2bca4464f56e24e6d2105bd901204a1deeed4155617572652d950ad31928b0b0c3dc2869f478341d02d0f5ad94b081fcd507acb4b9c65fee9d5a17f48a7382f13d000000225d85ae49cee383dc5049076b989b40000000000000da60d2ae20cfb91d6a49964757cdf538f9ce2bdb1ab062cd54e67011d355d84ce97bb0c6b4a595e487efbb2d71cde2c140952f9a0f0bc6980fe78683ac5c0c31032599ddd71063be9261b2e1aab1675b34a22048ef8c126aeef5f510a8f1aded94a129e4aec6f8d9ab06faffc3a15d96c2ea3e2e04cfe031b2875353193f82ade69d0540059fe6c7fe7cd8697502c7596566d674e425da5e87e59602a9f6590521d31d3804b3e0a1053abdc31282dfb15eb6841bb64a1b304502dda787343ce3c953992e4a982f3c48153baae244e7bf37548c7f1a4cad2422ee965a38f7defbd2160242b104e20dc2d9b0c35608d402ccdd9069bd50b994fda7a9de44028d6112a0c2d21b2dc98816106dec28eaeb883418f562ae00003ea96d10f172c0374d6eed826416050000000bfe9b4a9c5a90ff59d54d1f92ecc4e95dd2d18383117c039862198899b212c55318294270a1ad10c80fef7c24d47afce829ba0f85da6d888f18ea40ab959f6074ab2a40d85d15017ab513cdc6c0e57fb1c1ca571380d7b4ead35a385e0b4a26b702396df7e0465f2f994114f244a9bf93f04bf072f0861f7580e69db384ac7eeedcf2ba1a9508f9d6aba582a896a9f1ffa968eacea75caf822a7a63ba34015ea5aacb1188883ad2a3b1832371fe5bc621426d1ed0a4a99702cc1b6912a1e717d29135753208165b9cdbae2ed9dc7358f0ebadde0b727f27feeb744ddcc536cbae315c7d1fe1399562ba6824840b08000000f6f2f9a6a8346962a350845ffa0d829e4f79adc287906943408e6df3c3bfd03aac93df8866fb010aec0e92bed1fe39af169d2a466f0db6f3d9436a7d55fc30511d00000000c95265b2bd83d64a532869d701723fedcbada1ee7baa5b6a686b50f0937f778af083e055f6138a757ebd0ed93517a6b244f9acf41ac5d73a008364e0606a594817031fc2f52c8785fe0721719b3d654026c6ea08b83b123145ab5703dad844ceb201ddeb6dc5f6a903792283c42efc54fa84323afc4c10eff462c8843187f1dd48ef3fa293774d582956ff0f40b10ca94f6feeb2893c17888e1cdba94a6ea80c33ead5722c3293a493f1479531dd88261458f40d31fe8df15efaaeea831555877f9538d6ee6ba65893ff1f908ba7554ba583fef3ec7932f5954f31a878e2fae6691d1aee1da02ba516467df3e7d1daac43738012e4fee18a22da19fcdb4c2890cda1f96b952511e3a69d694d625e0b2f808890205f3a6da2819d2f9e77c7c64affa54fec0136cbafa5f62e96753b639a924599c1f69219927ea5301fff0a6063d427f0688430754c02180d61542c25000000000000000005a7b57f03ca91a01ba2e30ca99e8ebc15ecb4d91675767999d146aef7799738b292fd640dfef6b04d086f737a159d7e0c6e4d81ad64a8bbca48568325b2969e2b15f36b788bce5ccdbaf75c94cb93499f6947a967a7bce14c6de4e7c0660d80010f5c653d22d49030a8c2a4ab595bf4238f18ca428dafc7ac96d404607a0000000051a2104f22e6db5a62b5089c1b45282d38864daa3ae81d6b0968d1d2867b91b7d120617d12d91db2633d6864da40b54783a17aaeb6737c323f9f98e354cc98dcfe23ad01bd1c61563e69ffe1c2c73e1661261173f359e93d2c5e424c17998809ec8f0232b3955e052a4cecd89008f70314a0bdd491ec86a4555d89fe0120f64c62e8e3ed8bcb45202c3d4bbec8d722824c0ebca8db1ea4a003d2fbdc1f9be78537756ab5bbe4fe9af5d785d0128171c90d9900ce2532b0f9d01c4b45294fbba468df3e1b393cb4e62e754598e47df6bd06431c94bc5d047899fd219f448bf9189c65c9d91eda6b52a373803a9efe44f86909bc90addb7b9aee813df534aac4b3093c91b8068cd849904568916694d461b76a58d88cf0f520310a1e9fdc18cde98d662eee077515d0a8811922929e085392ab3d1311b8243266d87047f601fa88a0da36b9f302e82623951743283070744f143fdec90ba5a82668d5fac114c13955ad6dca5db2231d8ba14c54c47ed04a4b4ace17e357e1d6432399f87a7a14245bbd796a09313b247b95d37ff40a404bdad74bd20000000000000000000099fef7cd7af3ce64a92f95d89d125b1e641240d7e5e27a3d1f7684448c3e3822d617e205061298b939a191be4b48e169bde2cae3accc5bd40a2968b59c93d35f8e42366fdef9a2abae1cf01ce68abff28861aac8302d268569dd42e194e330c7aaa54ebbcefd23f21ce8153b9926e12e925cb56119df72c7533a48d028ad0c74e2a9478fa3be18a1a2b65079cc1c7bc46dd12305a1ae9dd19e8d525206c0a728cfd42193abe8130b51d6c9b94c5513df2d85e8c01a2d69841f3d7799ac04bdc590bb1c89b9c695f163e57343c9bfb59909433c9001c5f8b23e38534a538fc933cac6c2a92d038df638a0f226df9fb857bd414c2cd69985e8053e3dfa41614d7c74d04d8c2471041d17c730fad28395f8d4688898cd58b9d600c851626529bb58aa364b55e73f053450665e7b94ad1012fd7a8139166fd5e59c84f4ab279b1b99c028db4cb9680c8035f967db18de738844da7e260a830c1ffa49f5af3c15423a0e315acb82a3e89218cb314e68fda4d94aa1d815babc13b9fd336d205c5913ef670000000000000000ba470bfe62fe2933082149d42e8a00a5b4f7e9ad0500000000000000"], &(0x7f00000001c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x0, 0x10, &(0x7f0000000000), 0xfffffffffffffd64}, 0x48)

10.012667021s ago: executing program 3 (id=463):
syz_init_net_socket$nfc_llcp(0x27, 0x1, 0x1)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r0, 0x1, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r3 = socket(0x840000000002, 0x3, 0xff)
connect$inet(r3, &(0x7f0000000540)={0x2, 0x4e60, @dev={0xac, 0x14, 0x14, 0x28}}, 0x10)
r4 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
ioctl$KVM_CAP_SPLIT_IRQCHIP(0xffffffffffffffff, 0x4068aea3, &(0x7f00000000c0)={0x79, 0x0, 0x1})
madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x19)
r5 = socket$inet_udp(0x2, 0x2, 0x0)
setsockopt$SO_TIMESTAMPING(r5, 0x1, 0x25, &(0x7f0000000080)=0x1f6, 0x4)
sendmmsg$inet(r5, &(0x7f0000003240)=[{{&(0x7f0000000100)={0x2, 0x4e24, @empty}, 0x10, &(0x7f00000016c0)=[{&(0x7f0000000000)="97", 0xfdef}], 0x1}}], 0x1, 0x4000800)
ioctl$TCSETAW(r4, 0x5407, &(0x7f0000000240)={0x4, 0x3, 0x2004, 0x8, 0xd, "03f37fe99f4da288"})
ioctl$TIOCMSET(r4, 0x5418, &(0x7f0000000000)=0x8001)
openat$ttyS3(0xffffffffffffff9c, &(0x7f00000000c0), 0x2000, 0x0)

6.562004769s ago: executing program 0 (id=481):
r0 = socket$kcm(0x10, 0x2, 0x10)
sendmsg$kcm(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000300)=[{&(0x7f0000000000)="1400000010003507d25a806f8c6394f90324fc60", 0x14}], 0x1}, 0x0)
recvmsg$kcm(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f00000004c0)=""/4135, 0x1027}], 0x1}, 0x42)
socket$kcm(0x10, 0x3, 0x10)
bpf$PROG_LOAD(0x5, &(0x7f0000000780)={0x15, 0x2000000000000216, &(0x7f0000000440)=ANY=[@ANYBLOB="18000000000000000000000000000000850000000f00000018010000646c6c2400000000000000007b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b70300000000000085000000060000"], 0x0, 0xffffffff, 0x0, 0x0, 0x0, 0x1c, '\x00', 0x0, @fallback=0x28, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$PROG_LOAD(0x5, &(0x7f00000005c0)={0x7, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x2, '\x00', 0x0, @fallback=0x2, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
mkdir(&(0x7f0000000000)='./cgroup/../file0/file0\x00', 0x102)
r1 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0)
r2 = openat$cgroup_ro(r1, &(0x7f0000000040)='cgroup.freeze\x00', 0x275a, 0x0)
r3 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0)
r4 = openat$cgroup_ro(r3, &(0x7f0000000040)='cgroup.freeze\x00', 0x275a, 0x0)
write$cgroup_int(r4, &(0x7f00000000c0), 0x12)
write$cgroup_int(r4, &(0x7f0000000100)=0x1, 0x12)
write$cgroup_int(r2, &(0x7f00000000c0), 0x12)

6.3983288s ago: executing program 3 (id=483):
r0 = openat$nci(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0)
r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r2 = syz_genetlink_get_family_id$nfc(&(0x7f0000000300), r1)
ioctl$IOCTL_GET_NCIDEV_IDX(r0, 0x0, &(0x7f00000000c0)=<r3=>0x0)
sendmsg$NFC_CMD_DEV_UP(r1, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000d80)=ANY=[@ANYBLOB="1c000000", @ANYRES16=r2, @ANYBLOB="010426bd7000f8dbdf250200000008000100", @ANYRES32=r3], 0x1c}}, 0x4008054)
write$nci(r0, &(0x7f0000000340)=@NCI_OP_RF_INTF_ACTIVATED_NTF={0x1, 0x1, 0x3, 0x5, 0x1, @a={0x6, 0x1, 0x1, 0x0, 0x0, 0x37, 0x9, {0x4, 0x4, "1c6840e3", 0x0, 0x3}, 0x5, 0x8, 0xef, 0x7f}}, 0x17)
socket(0x3, 0x800, 0x6)

6.333109161s ago: executing program 0 (id=485):
r0 = socket(0x10, 0x803, 0x0)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000400)={'veth0_to_hsr\x00', <r1=>0x0})
sendmsg$nl_route_sched(r0, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000180)=@newqdisc={0x48, 0x24, 0x4ee4e6a52ff56541, 0x70bd25, 0x25dfdbfe, {0x0, 0x0, 0x0, r1, {0x0, 0xffe1}, {0xffff, 0xffff}, {0xffe0}}, [@qdisc_kind_options=@q_htb={{0x8}, {0x1c, 0x2, [@TCA_HTB_INIT={0x18, 0x2, {0x3, 0x4, 0x9}}]}}]}, 0x48}}, 0xc840)
sendmsg$nl_route_sched(r0, &(0x7f0000006040)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000800)=@newtfilter={0x54, 0x2c, 0xd2b, 0x70bd2b, 0x25dfdbfb, {0x0, 0x0, 0x0, r1, {0x6}, {}, {0x7, 0xfff1}}, [@filter_kind_options=@f_u32={{0x8}, {0x28, 0x2, [@TCA_U32_SEL={0x24, 0x5, {0xd, 0x7, 0x1, 0x3d3f, 0x0, 0xfff, 0xb709, 0x58f, [{0x0, 0x20008000, 0x4, 0x1}]}}]}}]}, 0x54}, 0x1, 0x0, 0x0, 0x4084}, 0x24040084)
recvmmsg$unix(r0, &(0x7f0000000580)=[{{0x0, 0x0, &(0x7f0000000040)=[{&(0x7f00000002c0)=""/219, 0xdb}], 0x1}}], 0x1, 0x60, 0x0)
r2 = socket(0x10, 0x803, 0x0)
r3 = syz_genetlink_get_family_id$gtp(0x0, 0xffffffffffffffff)
sendmsg$GTP_CMD_NEWPDP(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000300)=ANY=[@ANYBLOB='0\x00\x00', @ANYRES16=r3, @ANYBLOB="010003000000000000000000000008000100", @ANYBLOB="080003000000"], 0x30}}, 0x0)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={0x0}}, 0x0)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000002c0)=ANY=[], 0xc3}, 0x1, 0x100000000000000, 0x0, 0x2000}, 0x40400c0)
r4 = socket(0x10, 0x3, 0x0)
sendmmsg(r4, &(0x7f0000000000), 0x4000000000001f2, 0x0)

6.191521793s ago: executing program 0 (id=488):
socket$netlink(0x10, 0x3, 0x0)
socket$nl_xfrm(0x10, 0x3, 0x6)
openat$sndtimer(0xffffffffffffff9c, &(0x7f0000000000), 0x0)
socket$nl_route(0x10, 0x3, 0x0)
socket$xdp(0x2c, 0x3, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
socket$inet_tcp(0x2, 0x1, 0x0)
openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000380)='/sys/kernel/debug/binder/failed_transaction_log\x00', 0x0, 0x0)
openat(0xffffffffffffff9c, &(0x7f00000001c0)='./cgroup/cgroup.procs\x00', 0x2, 0x0)
syz_open_dev$usbmon(&(0x7f0000000900), 0x7, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
syz_mount_image$ext4(&(0x7f0000000b80)='ext4\x00', &(0x7f0000000bc0)='./file0\x00', 0x0, &(0x7f0000000c00), 0x1, 0xb87, &(0x7f00000017c0)="$eJzs3c9vFFUcAPDvzG5LKWgX40GMCTUeIDFsW0BB4gE8Gg8mkqAnXPuDNCxgaE0sIbHcTLyowZMnT2qiR6+GGPXkweiJ/8CQEFP4A2pmdras7W5LYcuQ9vNJZve9eSzvO02++9503nQC2LFGs5c0Yn9EfJ5EjBT704gYzEtDEYutf3dv6dpktiWxvPzOv0kkEXF36dpk+/9Kivc92Us1/2T89UvEM5W1/c4tXL3QaDanrxT1sfmLH47NLVw9PHuxcX76/PSlI6+OH5147diJV47d/9DQox3rwvH0sz/ffOO7G+e+/uPHEy98msSp2Fu0dR5Hv4zG6MrPpFM1It7rd2clqRTH0+04AQB48qQdc7j9MRKVvNQyEvXZUoMDAAAA+uKTiFgGAAAAtrnE+T8AAABsc+11AHeXrk22t3JXJACPy53TEVFr5X/7/v5WSzUW8/ehGIiI4XtJx51Brfu9a33ofzQifvjq+IFsiy26Dx/obvF6RDzXbfxP8vyvFX90Y3X+pxEx3of+R1fV5T88Pt3yv3VesHH+n+pD//IfAAAAAAAA+ufm6daF/LXX/9OV9T/R5fpfpcu1u4ex8fW/9HYfugG6uHM64vWOZ/vc68j/Qq1S1J7K1wMMJDOzzenxiHg6Ig7FwK6sPrFOH9/+dPLvXm2d6/+yLeu/vRawiON2ddf/PzPVmG88yjEDLXeuRzxf7Zb/ycr4n/RY//v2A/bx29mfZ3q1bZz/wFZZ/ibiYNfx//4T3ZL1n883ls8HxtqzgrXOvvjr9736l/9Qnmz8H14//2tJ5/M65zbfx/jw4fO92h52/j+YnMmfKjpY7Pu4MT9/ZSJiMHlr7f4jm48ZtqN2PrTzJcv/Qy91P/9fb/6fJdn7xbdEGhGN4j2rf7Cqz13nfv+iVzzGfyhPlv9Tmxr/N1/48t2lM736f7Dx/1g+ph8q9vj9H6zvQRO07DgBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADgSZJGxN5I0vpKOU3r9Yg9EfFsDKfNy3PzL89c/ujSVNYWUYuBdGa2OT0eESOtepLVJ/Ly/fqRVfWjEbEvIm6M7M7r9cnLzamyDx4AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIAVeyJibyRpPSLSvJym9Xqr7Z+RsqMDAAAA+qZWdgAAAADAlnP+DwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMAj2nfg5q0kIhZP7s63zGDRNlBqZMBWS8sOAChNpewAgNJUyw4AKI1zfCDZoH2oZ4sZBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMBOcnD/zVtJRCye3J1vmcGibaDUyICtlpYdAFCaStkBAKWplh0AUBrn+ECyQftQzxYzCAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAICdZG7h6oVGszl9RWHdQjUinoAwFBQeU6HsbyYAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAC2s/8CAAD//yT3/f8=")
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x723080, 0x0)
syz_usb_connect$uac1(0x5, 0xdc, &(0x7f0000000200)=ANY=[@ANYBLOB="12010000000000106b1d01014000010203010902ca0003010070000904000000010100000a24010800000201020d24060000030800000000000000240803960c03112d9cd2ce0c240208000103000000ff000924060506020100000924030003030005490c240206", @ANYRES8=r0, @ANYBLOB="075daedd"], 0x0)

3.424172432s ago: executing program 0 (id=499):
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101})
r1 = socket$packet(0x11, 0x3, 0x300)
r2 = openat$tun(0xffffffffffffff9c, &(0x7f0000000400), 0x0, 0x0)
close(r2)
r3 = socket$nl_route(0x10, 0x3, 0x0)
r4 = socket$unix(0x1, 0x1, 0x0)
ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r5=>0x0})
sendmsg$nl_route_sched(r3, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000140)=@newqdisc={0x2c, 0x24, 0x4ee4e6a52ff56541, 0x70bd2a, 0xfffffffd, {0x0, 0x0, 0x0, r5, {0x0, 0xfff1}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_drr={0x8}]}, 0x4f}, 0x1, 0x0, 0x0, 0x4000000}, 0x20040084)
r6 = socket(0x400000000010, 0x3, 0x0)
r7 = socket$unix(0x1, 0x1, 0x0)
ioctl$sock_SIOCGIFINDEX(r7, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r8=>0x0})
sendmsg$nl_route_sched(r6, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000300)={&(0x7f00000022c0)=@newtfilter={0x40, 0x2c, 0xd27, 0x30bd29, 0x25dfdc00, {0x0, 0x0, 0x0, r8, {0x0, 0xfff1}, {}, {0x8, 0xf}}, [@filter_kind_options=@f_matchall={{0xd}, {0xc, 0x2, [@TCA_MATCHALL_CLASSID={0x8, 0x1, {0x5, 0xfff1}}]}}]}, 0x40}, 0x1, 0x0, 0x0, 0xf7513c36066f8950}, 0x20000010)
sendmsg$nl_route_sched(r3, &(0x7f0000001200)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000001740)=@newqdisc={0x34, 0x28, 0x4ee4e6a52ff56541, 0x4001, 0xfffffdf8, {0x0, 0x0, 0x0, r5, {0x5}, {}, {0xa, 0x3}}, [@qdisc_kind_options=@q_gred={{0x9}, {0x4}}]}, 0x34}, 0x1, 0x0, 0x0, 0x40098}, 0x0)
ioctl$SIOCSIFHWADDR(r2, 0x8914, &(0x7f0000002280)={'syzkaller0\x00', @multicast})
setsockopt$packet_int(r1, 0x107, 0xf, &(0x7f0000000100)=0x207, 0x4)
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000040)={'syzkaller0\x00', <r9=>0x0})
sendto$packet(r1, &(0x7f00000002c0)="05031600d3fc141200004788031c09102c28", 0xfd1e, 0x4, &(0x7f0000000140)={0x11, 0x0, r9, 0x1, 0x0, 0x6, @multicast}, 0x14)

3.176698855s ago: executing program 0 (id=500):
r0 = socket$inet_mptcp(0x2, 0x1, 0x106)
r1 = socket$packet(0x11, 0x3, 0x300)
socket$kcm(0x10, 0x2, 0x0)
r2 = openat$tun(0xffffffffffffff9c, 0x0, 0x40241, 0x0)
ioctl$TUNSETIFF(r2, 0x400454ca, 0x0)
socket$kcm(0x2, 0xa, 0x2)
sendto$packet(r1, 0x0, 0x0, 0x40, &(0x7f00000001c0)={0x11, 0x8100, 0x0, 0x1, 0xd8, 0x6, @multicast}, 0x14)
r3 = socket$packet(0x11, 0x3, 0x300)
setsockopt$packet_int(r3, 0x107, 0xf, &(0x7f0000000100)=0x9, 0x4)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f00000000c0)={'batadv0\x00', <r4=>0x0})
sendto$packet(r3, &(0x7f0000000180)="0b0312002e0064000200475400f6a13bb1000000086086dd4803", 0x100a6, 0x88a8ffff, &(0x7f0000000140)={0x11, 0x88a8, r4}, 0x14)

3.138279646s ago: executing program 6 (id=501):
socket$inet_smc(0x2b, 0x1, 0x0)
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
close(r0)
r1 = socket$inet6_mptcp(0xa, 0x1, 0x106)
bind$inet6(r0, &(0x7f0000000040)={0xa, 0x4e22, 0x0, @empty}, 0x1c)
listen(r1, 0x0)
syz_emit_ethernet(0x36, &(0x7f0000000640)={@local, @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x1}, @void, {@ipv4={0x800, @tcp={{0x5, 0x4, 0x0, 0x0, 0x28, 0x65, 0x0, 0xf, 0x6, 0x0, @rand_addr=0x64010101, @local}, {{0x11, 0x4e22, 0x41424344, 0x41424344, 0x0, 0x6, 0x5, 0x2, 0xffff}}}}}}, 0x0)

3.125708595s ago: executing program 1 (id=502):
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f0000007940)={0x0, 0x0, &(0x7f0000007900)={&(0x7f0000000680)=@newtaction={0xac, 0x30, 0x216822a75a8bdd29, 0x0, 0x0, {}, [{0x98, 0x1, [@m_connmark={0x50, 0x2, 0x0, 0x0, {{0xd}, {0x20, 0x2, 0x0, 0x1, [@TCA_CONNMARK_PARMS={0x1c, 0x1, {{0x3, 0xd, 0x5, 0x0, 0x3}, 0x8}}]}, {0x4}, {0xc}, {0xc}}}, @m_ct={0x44, 0x1, 0x0, 0x0, {{0x7}, {0x1c, 0x2, 0x0, 0x1, [@TCA_CT_PARMS={0x18}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0xac}}, 0x0)
r1 = bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f0000000740)={0x3, 0x4, 0x4, 0xa, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48)
r2 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0xe, 0x4, 0x8, 0x7}, 0x48)
r3 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0xc, 0xd, &(0x7f0000000340)=ANY=[@ANYBLOB="1800000000000000000000000000000018150000", @ANYRES32=r2, @ANYBLOB="0000000000000000b7080000000000007b5af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000001e00000085000000a000000095"], &(0x7f0000000840)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x2f, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000580)={r3, 0x18000000000002a0, 0xe, 0x0, &(0x7f00000003c0)="12cdde26e7c496e99a9cf8625ec9", 0x0, 0x6, 0x60000000, 0x0, 0x0, 0x0, 0x0, 0x8}, 0x50)
bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x3, 0x10, &(0x7f0000000040)=ANY=[@ANYBLOB="1806000000000000000000000000000018120000", @ANYRES32=r1, @ANYRES16=r3], &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sched_cls, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)

3.005265907s ago: executing program 3 (id=503):
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
r1 = syz_open_dev$tty1(0xc, 0x4, 0x1)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x8)
r2 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
syz_open_dev$tty1(0xc, 0x4, 0x4)
syz_open_procfs(r2, 0x0)
ioctl$PPPIOCGL2TPSTATS(0xffffffffffffffff, 0x80487436, 0x0)
ioctl$KDSKBSENT(r1, 0x4b49, &(0x7f00000000c0)={0x6, "ca77f2089159a3bf476a7d1d2417cb2c31db31fe005d49c005987a6f8620d9b3de2f96f4bd48d37568ff1e6c9dc521b351e1ca13c830ebdc50af9bf58ca4f11fec8aad5194c0ad1ecaff060ab2f75ff688b87d473c8c97f7151843e91777e0f2e0c8d275a5e0a10943182a240034b6722aaaf4831faf84f907e8e2caabf748298f2748ca044681b0d1e2a856512afddcb4e040bb0a589656e9349be52c18d8ebe37cc62385feec76532b069901887652f31b1d535369afb5a6b5b2cd91d91a15e1ae2463903563514147763e9ee7a048939f496fa1f10fdfb15fe59efcda704204534b56ce0c80b4e7eda976fa35bad67a6826915895b75a2422e84c9a8b6a6c181ea8755216e58ebc7f896f2312c56592454636a6958be786cce206d873384713eb2cc341906330941e1290a11289936152b916aac5fb1df33007935e640d01a5e5f686555ef638dc18757c696c4a1b4a28385b86e7b59611f822fe4112be40a72849b02cb4d5594b2272e7ad6556e2523bf594fb1682b08c92fc95240851c59b517302aa9db09db70ea0ed79ec4b84aeef957cf34f0eb3e32ce040eead24292fcb3b8e2c65e66577b0f8c0c05025849c05c867ec62debe288297de27bd36d071583d68ffe6e3c8a794e0432a4efebbfcf5aba09395deac0f850e10a8c30682531ac068bba863ef3f4e01191012cc5c0bec44df959b39d05771308ebbbc1ec8"})
setsockopt$inet6_int(r0, 0x29, 0xb, &(0x7f0000000040)=0xfffffff9, 0x4)
getsockopt$inet6_buf(r0, 0x29, 0x6, 0xffffffffffffffff, &(0x7f0000000180)=0xa4)
read$FUSE(0xffffffffffffffff, &(0x7f00000027c0)={0x2020}, 0x2038)
syz_mount_image$ext4(&(0x7f0000000900)='ext4\x00', &(0x7f0000000000)='./file1\x00', 0x1000040, &(0x7f0000000240)={[{@nouid32}, {@nodioread_nolock}, {@noquota}, {@jqfmt_vfsv1}, {@journal_dev={'journal_dev', 0x3d, 0x9}}, {@commit}]}, 0x1, 0x5a3, &(0x7f00000002c0)="$eJzs3T1sG3UbAPDnznHTj7xv+krvK72gDhUgFamqk/QDClO7IipV6oDEApHjRlWcuIodaKJIpHuF6IAAdSkbDIwgBgbEwsjKwseMVNEIpKYDGDk+p2nqFCfEMcS/n3TJ/3939vP8fX7OvtOdHEDfOtr4k0Y8EREXk4jhdcsGIlt4tLneyvJi8f7yYjGJev3Sz0kkEXFvebHYWj/J/h+KiKWI+H9EfJWPOJ6uPeW+VqM6vzA1Xi6XZrP+SG366kh1fuHElenxydJkaebU8y+cOXv6zNjJsfXp3q+v7+W3NtYb3998+8Y3L92++fEnR5aK744ncS6GsmXrx7GTmq9JPs5tmH+6G8F6KOl1AmxLLqvzRin9L4Yjl1V9O/X1O4fBXUkP6KL6YER9zbom0AcSRQ99qvU9oHH825p28/vHnfPNA5BG3JXlxeJb0Yo/0Dw3EftXj00O/pI8dGTSON48vJuJsictXY+I0YGBR9//Sfb+277RnUiQrvryfHNDPbr907X9T7TZ/wy1zp3+Ra3930q2/1tpEz+3yf7vYocxfnv1xw82jX99MJ5sGz9Zi5+0iZ9GxOsdxr/1yudnN1tW/zDiWLSP35I8/vzwyOUr5dJo82/bGF8cO/Li5uOPOLhJ/OY52/2riawf/74sp7TD8X/29adPLT0m/rNPP377t3v9D0TEOx3G/8+9j17ebNmd68ndxreArW7/JPJxu8P4z507+l3WdNYQAAAAAAAAAAB2ULp6LVuSFtbaaVooNO/h/W8cTMuVau345crczETzmrfDkU9bV1oNN/tJoz+WXY/b6p/c0D+VywLmDqz2C8VKeaLHYwcAAAAAAAAAAAAAAAAAAIC/i0Mb7v//Nbd6///Gn6sG9qrNf/Ib2OvUP/Svh+s/6VkewO7z+Q99q67+oX+pf+hf6h/6l/qH/tW2/g/sfh7A7vP5D/1L/QMAAAAAAAAAAAAAAAAAAAAAAAAAQFdcvHChMdXvLy8WG/2Jgfm5qcobJyZK1anC9FyxUKzMXi1MViqT5VKhWJn+s+dLKpWrozEzd22kVqrWRqrzC69NV+ZmWr8pWsp3fUQAAAAAAAAAAAAAAAAAAADwzzO0OiVpISLf7KdpoRDxr4g4nERy+Uq5NBoR/46Ib3P5wUZ/rNdJAwAAAAAAAAAAAAAAAAAAwB5TnV+YGi+XS7PdawxkoTp71A+1ruYzsJWVI2JpZ9NoPOOWH5XPXsDubqY+aeQ6fB/2faOHOyUAAAAAAAAAAAAAAAAAAOhTD2767fQRv3c3IQAAAAAAAAAAAAAAAAAAAOhL6U9JRDSmY8PPDG1cui9Zya3+j4g3b11679p4rTY71ph/d21+7f1s/sle5A90qlWnaUQ06hgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4oDq/MDVeLpdmt9kY7GCdXo8RAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAYDv+CAAA//9bQM66")
r5 = openat(0xffffffffffffff9c, &(0x7f0000000000)='./file1\x00', 0x143042, 0x80)
bpf$MAP_GET_NEXT_KEY(0x4, &(0x7f0000000500)={0xffffffffffffffff, 0x0, 0x0}, 0x20)
pwritev2(r5, &(0x7f0000000100)=[{&(0x7f0000000080)="ff", 0xabfe}], 0x1, 0x5405, 0x0, 0x0)

3.000338897s ago: executing program 6 (id=504):
r0 = syz_open_dev$sg(&(0x7f00000001c0), 0x508d48d4, 0x40902)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, 0x0}, 0x0)
syz_open_dev$loop(&(0x7f0000000100), 0xf01c, 0x0)
sendmmsg$inet6(0xffffffffffffffff, &(0x7f0000000740)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000000880)=[@dstopts_2292={{0xb8, 0x29, 0x4, {0x4, 0x13, '\x00', [@calipso={0x7, 0x8, {0x1, 0x0, 0x9, 0x9f}}, @generic={0xfe, 0x64, "f4a4a3142ee1e12b9826287997a6b33d89f3d60da1641d9fe3896c3c1b6c130ef4f01be8f5836d417874540898619050b14420ab124b11de36afb16ef4fc1cf3f4e4fa0e647cd1b07b068d3894180b6aa7527a4a8252f6836a0d67a7782c675a838ea989"}, @generic={0x80, 0x12, "09e12e5f0b6bdcf72f2ec7008a15fa88b025"}, @calipso={0x7, 0x8, {0x1, 0x0, 0x7a, 0x8001}}, @pad1, @ra={0x5, 0x2, 0xbf4}, @generic={0x93, 0x6, "e80ee304ecb7"}]}}}, @hopopts_2292={{0x88, 0x29, 0x36, {0x3b, 0xd, '\x00', [@pad1, @enc_lim={0x4, 0x1, 0x7}, @padn={0x1, 0x3, [0x0, 0x0, 0x0]}, @hao={0xc9, 0x10, @rand_addr=' \x01\x00'}, @enc_lim={0x4, 0x1, 0x8}, @padn={0x1, 0x6, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}, @calipso={0x7, 0x38, {0x3, 0xc, 0x6c, 0x8, [0x2, 0xfffffffffffffff7, 0x6, 0x7fff, 0x6, 0x7]}}, @padn={0x1, 0x6, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}, @padn]}}}, @hopopts={{0x70, 0x29, 0x36, {0x5e, 0xa, '\x00', [@pad1, @padn, @calipso={0x7, 0x20, {0x3, 0x6, 0x0, 0xfff, [0x2, 0x966, 0x1]}}, @calipso={0x7, 0x10, {0x0, 0x2, 0xda, 0x6, [0x7fff]}}, @generic={0x8}, @calipso={0x7, 0x10, {0x3, 0x2, 0x3, 0x7, [0x8000]}}, @generic={0x1, 0x3, "2bdb86"}]}}}], 0x1b0}}], 0x1, 0x810)
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
r3 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r3, &(0x7f0000000380)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc-cast5-avx\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r3, 0x117, 0x1, &(0x7f00000004c0)="2c385a7af3be", 0x6)
r4 = openat$dma_heap(0xffffffffffffff9c, &(0x7f0000000280), 0x800, 0x0)
ioctl$DMA_HEAP_IOCTL_ALLOC(r4, 0xc0184800, &(0x7f00000002c0)={0x2, r0})
r5 = accept4(r3, 0x0, 0x0, 0x800)
sendmmsg$alg(r5, &(0x7f0000000040)=[{0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000080)="f78d9ca38fff48f3be52163448412ba8", 0xfffffe3f}, {&(0x7f0000000140)="ebe3a0e9796cfd1647e299f4e376fdba128280b372219d205e81f4a7f71c1926aae1efd7e0054a863f3d5cfe6cb55b5bb9fa6935849e6098ed884e7cb51726b360fbb37b4fe035bbb095873048", 0xff31}, {&(0x7f00000003c0)="e8700e444d50a969ff67347cff6127e6ef12ee3819271482a4975a52c1ab9b8b4db3945d1032005eabe97b4dc33a47d3a158da988456d30026b433186f53cdcdb93a4722bf306a10470d50f5cb1ece9ead3459bab1cf1538cd0b157653c5e892962c80f158c443e9c6ad7d2a8103ef2f4b93766b9a21501f94c1568b13756b66f74f46cf801704d2da8b96c34070b233af0afcc436712e58ed25e721193af05a045ad3fdc928f02f3dbad19d3e66eebda2e63f3f46ef4511cee26d7b48241847bf9e343ef4674c45e2a085060f11"}], 0x1, &(0x7f0000000380)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18}], 0x1, 0x40800)
recvmsg(r5, &(0x7f00000005c0)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f00000000c0)=""/81, 0x7ffff000}, {&(0x7f0000000200)=""/83, 0x20000253}], 0x2}, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000840)={0x1fe, 0x2, 0x3000, 0x2000, &(0x7f0000003000/0x2000)=nil})
r6 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x2)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r6, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000100)=[@text32={0x20, &(0x7f00000000c0)="650f340f3566b842000f00d8b805000000b9a00000000f01c13e0f070fde460b0f0130670f01c2f2360f217a0f07", 0x2e}], 0x1, 0x11, 0x0, 0x0)
syz_kvm_setup_cpu$x86(r2, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000180)=[@text64={0x40, 0x0}], 0x1, 0x18, 0x0, 0x0)
ioctl$KVM_RUN(r6, 0xae80, 0x0)

3.000006497s ago: executing program 5 (id=505):
socket$nl_xfrm(0x10, 0x3, 0x6)
r0 = socket(0x1e, 0x4, 0x0)
pipe(0x0)
tee(0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0x2)
setsockopt$packet_tx_ring(r0, 0x10f, 0x87, &(0x7f0000000140)=@req3={0x7813, 0x3, 0x2, 0x81, 0x1fd, 0x1, 0x1}, 0x1c)
r1 = socket(0x1e, 0x4, 0x0)
setsockopt$packet_tx_ring(r1, 0x10f, 0x87, &(0x7f0000000140)=@req3={0x7813, 0x3, 0x2, 0x81, 0x1fd, 0x1, 0x1}, 0x1c)
recvmsg$unix(r1, 0x0, 0x20)
sendmmsg(r1, &(0x7f00000030c0)=[{{0x0, 0xa9cc7003, &(0x7f0000000400)=[{&(0x7f00000000c0)="ee", 0x101d0}], 0x1}}], 0x400000000000181, 0x9200000000000000)
recvmsg$unix(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000080)=[{0x0}], 0x1}, 0x20)
sendmmsg(r0, &(0x7f00000030c0)=[{{0x0, 0x0, 0x0}}], 0x1, 0x9200000000000000)
ioctl$BTRFS_IOC_SET_RECEIVED_SUBVOL(r1, 0xc0c89425, &(0x7f0000000280)={"0aaff2ef7de662903084aa32ad0a75b3", 0x0, 0x0, {0xde, 0x100}, {0x101, 0x2}, 0x3, [0x3, 0x1, 0x7, 0xffff, 0x631d8259, 0x5, 0x5, 0x2, 0x1, 0x8000000000000001, 0x80000001, 0x7, 0x3, 0x8, 0xac72, 0x4]})
close(0x4)

2.990900867s ago: executing program 0 (id=506):
openat(0xffffffffffffff9c, 0x0, 0x4002, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, 0x0)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sendto$inet(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
keyctl$KEYCTL_RESTRICT_KEYRING(0x1d, 0x0, &(0x7f0000000640)='asymmetric\x00', &(0x7f0000000380)=@secondary)

2.779584439s ago: executing program 1 (id=507):
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0x3, 0xe, &(0x7f0000000f40)=ANY=[@ANYBLOB="b702000014000000bfa30000000000000703000000feffff7a0af0ff0100000079a4f0ff00000000b7060000ffffffff2d6405000000000065040400010000000404000001007d60b7030000000000006a0a00fe00000000850000000d000000b70000000000000095000000000000005ecefab8f2e85c6c1ca711fcd0cdfa146ec561750379585e5a076d839240d29c03406910927c6b0b55b67dafe6c8dc3d5d78c07fa1f7e655ce34e4d5b3185fec0e07004e60c08dc8b8dbf11e6e94d75938321a3aa502cd2424a66e6d2ef831ab7ea0c34f17e3946ef3bb622003b538dfe79578e51bc53099e90f4580d760551b5b342f7cbdb9cd38bdb2209c676b2ac2deca8eeb9c15ab3a14817ac61e4dd11183a13477bf7e860e3670ef0e789f65f132020000002cbe7bc04b82d2789cb1b2b8667c2147661df28d9961b63e1a9cf6c2a660a1fe3c184b751c51160fb20b1c581e7be6ba0dc001c41146dfebd38608b3280080005d9a9500000000000000334d83239dd27080851dcac3c12233f9a1fb9c2aec61ce63a38d2fd50117b89a42b359b4eea0c6e95767d42b4e54861d0227dbfd2e6d7f715a7f3deadd7130856f756436303767d2e24f29e5dad9796edb697aeea0182babd18cac1bd4f4390af9a9ceafd0002cab154ad029a1090000002780c70014f51c3c975d5aec84222fff0d7216fdb0d3a0ec4be3e506d1387b63112f0b39501aafe234870072858dc06e7c337642d3e5a815232f5e16c1b30c3a6a71bc85018e5ff2c91018afc9ffc2cc788bee1b47683db01a469398685211dfbbae3e2ed0a50e7313bff5d4c391ddece08ac772dd6b4d4de2a41990f05ca3bdfc92c88c5b8dcd36e7487afa447e2ef0ae4f390a8337841cef386e22cc22ee17476d738952229682e24b92533ac2a9f5a699593f084419cae0b4532bcc97d3ae486aca54183fb01c73f979ca9857399537f5dc2a3f8b6e74ce23877a6b24db0e067345560942fa629fbef2461c96a088a22e8b15c3e233db7ab22e30d46a9d24d37cef099bdae7ed04935c2c90d3add8eebc8619d73415cda2130f5011e48455b5a8b90dfae158b94f50adeb988dd8e12baf5cc9398fff00404d5d99f82e20ee6a8c88e18c2977aab37d9ac4cfc1c7b400000000000007ffa3c39495c826b956ba859ac8e3c177b91bd7d5e41ff868f7ca1664fe4a3ced846891180604b6dd2499d16d7d9158ffffff069dc42749a89f854797f29d0000002d8c38a967c1bbe09315c29877a331bcc87dc3addb0814040000007874b2f663ddeef0005b3d96c7aabf4df517d90bdc01e73835d5a3e1a90800c66ee2b1ad76dff9f9000071414c99d4894ee7f8249dbae3428d2129ecfce1b85af6eb2eea0d0df414b315f651c8412392191fa83ee830548f11e1036a8debd64cbe359454a3f2239cfe35f81b7a490f167e6d5c1109000000000000000042b8ff8c21ad702ccacad5b39eef213d1ca296c6a298c8ce2a305c0c7d35cf4b22549a4bd92052188bd1f285f653b621491dc6aaee0200e2ff08644fb94c06006eff1be2f633c1d987591ec3db58a7bb3042ec3f771f050000000000000026049fe86e09623524f390bf79b441b75fc790c58e273cd905deb28c13c1ed1c0d9cae846b03008cce7b893e578af7dc7d5e87d44ff828de453f34c2b18660b080efc707e676e1fb4d5825c0ca177a4c7fbb4e62b445c00f576b2b5cc7f819abd0f885cc48f97496079654f5a2d38708194cd6f496e5dee734fe7da3770845cf442d488afdc0e17000000000000000000000000000000000000000000000000000005205000000dc1c56d59f35d367632952a93466ae595c6a8cda690d192a070886df42b27098773b45198b4a34ac977ebd4450e121d01342703f5bf030e935878a6d169c80aa4252d4ea6b8f6216ff202b5b5a182cb5e838b307632d03a7ca6f6d0339f9953c3093c3690d10ecb65dc5b4749c28eb5167e9936ed327fb237a56224e49d9ea956d1798571b3ccd35364600000000000000000000000000000000000000000000000000000000000026ded4dd6fe1518cc7802043ecf743f1213bf8179ecd9e5a225d67521dc728eac7d80a5656ac2cbde21d3ebfbf69ff861f4394836ddf128d6d19079e64336e7c676505c78ad67548f4b192be182724d95cf107753cb0a6a979d3db0c407081c6281e2d8429a863903ca75f4c7df3ea8fc2018d07af1491ef060cd0403a099f32468f1561f058960d12969bc982ff5d8e9b986c0c6c747d9a1cc500bb892c3a16ff10feea20bdac0000000000000000ca06f256c8028e0f9b656dc0e32384f037b21f3289f86a6826c69fa35ba5cbc3f2db1516ffc5c6e3fa618b24a6ce16d6c7010bbe3e8ef76f57a2d0e69115d33394e86e4b83c0f3c2a34635f3eee4746e92dea6c5d1d33d84d96b50fb000000ae07c65b71088dd7d5d1e1bab9000000000000000000000000b5ace293bec833c13e3229432ad71d646218b5229dd88137fc7c59aa242af3bb4efb82055a3b61227ad40f52c9f2500579aca11033ec14bb9cc16bd83a00840e31d828ec78e116ae46c4897e2795b6ff92e9a1e24b0b855c02f2b7add58ffb25f339297729a7a51810134d3dfbf71f6516737be55c06d9cd082027c641ec4355eb4acff90756d1a1ecf9f58afd3c19b5c4558ba9af6b7333c894a1fb29ade9ad75c9c022e8cc3fe28bc3586844f5fecb92aa771dbfe80745fe89ad349ffaad76ff9dd643796caffdf67af5dd476c37e7e9a84e2e5da2696e285a5906002fb0e16d8262c080c159ce40c14089c82759106f422582b42e3e8484ea5a6ad9aa52106eafe0e0caea1ad4cb23f3c2b8a0f455ba69ea284c268d54b43158a8b1d128ab794c9ac57a2a7332f4d8764c302ccd5aac114482b619fc575aa0dd2777e881e29a854380e2f1e49db5a1517ec40bb3fa44f9959bad67ccaba76408da35c9f1534c8bd48bbd61627a2e0afd9ae134400f70b5e6aefb7eee403502732df858a2ea033b6c91c673b6079e65d7295eed164ca63e4ea26dce0fb3ce0f6591d80ffb8f386bb79f5589829b6b0679b5d65a00000000000000e6ff00000000000000000000faff0000bab50bc8508a9644d3e7c328b0ff22035c8073f8c1f0e3da7339fc81d4ab3ef2857ef70a81d8a1628da28c942571880e22df7cabae56d5ff5e483c9c1f5a258b8f1f34cc300312f76a374a6e9b3f9dbd7f538a80b00f97e47895b3201c5126feca0888956a7d768198d9c2109ac508a47ebb99c539ef45af7d87b308117a9e321a3861bc42cf41942c31268a4020221d7b1622585094eddd83c7f4acdd7f5c23d8b730bf03118261edada8b8487a3b1b7548a4687a91f12bf70bb1df3bfe7d4b92ad6fcbf401efd6eb004cf20016ad8d1dad136dd856ffca238b39482811f9c8524bf182f1956a3d044423927df28880bbd11c06407220df8e1d1d483d947d990dc175803d765ca14a915a0040b641959ad3e776b4bb4852fea12983dc18b7404914a6137dc4a78f1e0d331c60a9019c21698cd18753491df962f496f2395563e9c3d7b1228d0e488cf7e50a29541aa757f2e2ee9ff4433d65db0de5a123d569e39dce481156cbec584c9a32a8e3b032fa003192c891d83119bc950abac9147b9fcb0acd9a207b5ceb7e8ed1d91c000000000000000000000000000000141258373281153fa27e586ea82650f070d8851ac9e7ac07b37a6479d4017b5b5af3ff4c91235df4f657d77e386a329aec4d766369c86b62b01ceb028c6fcf206883633cb143016b9f5351a45a8cb4ea110ba700000000000000883416b6eff6a793c71deb7d780c4f51d86ece127c0714144916f397d398ad2fe72b710b932c15c2369cb5d2d2f6ae420672c4a626195a891ac51825077fbc286aa3866bbf18a4a8b836ea8c90af0d5f0aff55b50bc18c27875ed2628b91224b7fa9fd10ccd7c1b1a92bac529df981a6d30100e68555553625c0e91a51000000000000000000fe030f85b294f3ea1fce314a9dcefbe3b64e83c35c5e95734786ca78315793cc0e6e776d2ec07c55cd89541ec25e074e840287011cab538d79e1569df321282071d49a4dc5fb2d7da1d05249d0e153fd04aca2", @ANYRES8], &(0x7f0000000340)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sched_cls, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x16, 0x0, 0xffffffffffffffff, 0xffffffffffffffc9}, 0x48)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000080)={r0, 0x18000000000002a0, 0x46, 0x0, &(0x7f0000000000)="378303076844268cb89e14f086dd4ee0fffe00febabec41177fbfbdd1402e000030c", 0x0, 0xfe, 0x60000000, 0x0, 0x0, 0x0, 0x0}, 0x50)

1.933275859s ago: executing program 5 (id=508):
r0 = socket$packet(0x11, 0x2, 0x300)
r1 = fsopen(&(0x7f0000000200)='configfs\x00', 0x0)
fsconfig$FSCONFIG_CMD_CREATE(r1, 0x6, 0x0, 0x0, 0x0)
r2 = fsmount(r1, 0x0, 0x0)
fchdir(r2)
r3 = openat(0xffffffffffffff9c, &(0x7f0000000040)='.\x00', 0x0, 0x0)
lseek(r3, 0x1, 0x1)
getdents64(r3, 0x0, 0x22)
ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r0, 0x8933, &(0x7f0000000180)={'batadv_slave_0\x00'})
close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2)
openat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x42, 0x0)
syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f0000000040)='./bus\x00', 0x2008042, &(0x7f00000000c0), 0x1, 0x571, &(0x7f0000000780)="$eJzs3c+PG1cdAPDvzP5yk7SbQA9QAQlQCCiKnXXaqOql5QJCVSVExQFxSJddZ7XEjkPsLd0lUrd/A0ggcYI/gQMSB6SeOHDjiMQBEOWAVCACJUgcBs3Yu+ts7MSNvXaz/nykybyZN+Pve/bOvOdnxy+AmXUuInYjYjEi3oyI5e7+pLvEq50lP+7undtr9+7cXksiy974Z1Lk5/ui55zcye5jliLim1+L+G7yYNzW9s711Xq9dqu7XWk3blZa2zsXNxurG7WN2o1q9crKlUsvXX6xOra6nm388oOvbr72rd/8+tPv/373yz/Mi3Wqm9dbj3HqVH1hP05uPiJeO4pgUzDXXS9OuRw8njQiPhYRnyuu/+WYK/46AYDjLMuWI1vu3QYAjru0GANL0nJEpGm3E1DujOE9GyfSerPVvnCtuXVjvTNWdjoW0mub9dqlM0t//H5x8EKSb68UeUV+sV09tH05Is5ExI+Xniq2y2vN+vp0ujwAMPNO9rb/EfGfpTQtl4c6tc+negDAE6M07QIAABOn/QeA2aP9B4DZM0T73/2wf/fIywIATIb3/wAwe7T/ADB7tP8AMFO+8frr+ZLd6/7+9fpb21vXm29dXK+1rpcbW2vlteatm+WNZnOj+M2exqMer95s3lx5IbberrRrrXaltb1ztdHcutG+Wvyu99XawkRqBQA8zJmz7/0hiYjdl58qluiZy0FbDcdbOsajgCfL3Cgn6yDAE81sXzC7hmrCi07C7468LMB09P0x71Lf5P1++iGC+J4RfKSc/+Tw4//meIbjxcg+zK7HG/9/ZezlACbvscf//zzecgCTl2XJ4Tn/F/ezAIBjaYSv8GXvjKsTAkzVoybzHsvn/wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHDMnIqI70WSlou5wNP837Rcjng6Ik7HQnJts167FBHPxNmIWFjKt1emXWgAYETp35Pu/F/nl58/dTh3MfnvUrGOiB/87I2fvL3abt9ayff/a3//0t70YdWD80aYVxAAGN5fhzmoaL+r3XXPG/m7d26v7S1HWMYHfPCV/clH1+7duV0snZz5yLIsiygVfYkT/05ivntOKSKei4i5McTffTciPtGv/kkxNnK6O/Npb/zoxn56ovHT++KnRV5nnT99Hx9DWWDWvJfff149fP3NFVfWueKI/td/qbhDja64/5Ui9u59B/e/veu9VJTmcPz8mj83bIwXfvv1B3Zmy528dyOem+8XP9mPnwyI//yQ8f/0qc/86JUBednPI85H//i9sSrtxs1Ka3vn4mZjdaO2UbtRrV5ZuXLppcsvVivFGHVlb6T6Qf94+cIzg8qW1//EgPidV/7kofov7p/7hSHr/4v/vfmdzx5sLh2O/6XP93/9ny3W/Z//vE384pDxV0/8auD03Xn89QH1f9Trf2HI+O//bWd9yEMBgAlobe9cX63Xa7dGSuTvQj/8WVmWvZOX4SHH5NnDPeBed3G06vwlisTB05JEEqM/P/cn8s7YMAcvjFyd+xJ7wyXjrk6fxPx+X3G8j/zth/+1DEosjhI0HXstHicRp7uJu5MKOpXbETBBBxf9tEsCAAAAAAAAAAAAAAAMMon/wzTtOgIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHB8/T8AAP//Z1e+LQ==")
r4 = openat(0xffffffffffffff9c, &(0x7f0000000040)='.\x00', 0x0, 0x8)
r5 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000002780)='/sys/kernel/debug/binder/transactions\x00', 0x0, 0x0)
read$FUSE(r5, 0x0, 0x0)
fchown(r4, 0x0, 0x0)
setsockopt$packet_add_memb(r0, 0x107, 0x1, 0x0, 0x0)
close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2)
r6 = openat(0xffffffffffffff9c, &(0x7f0000000000)='./file1\x00', 0x88040, 0x0)
recvmsg$unix(r6, 0x0, 0x102)

1.870635329s ago: executing program 3 (id=509):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000240)=0x8)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeeb, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r3 = fsopen(&(0x7f00000001c0)='bpf\x00', 0x0)
fsconfig$FSCONFIG_CMD_CREATE(r3, 0x6, 0x0, 0x0, 0x0)
r4 = bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000380)={&(0x7f0000000080)=ANY=[@ANYBLOB="9feb010018000000000000001c0000001c00000003000000010000000000000e0200000000000000000000000000000504000000002e"], 0x0, 0x37}, 0x20)
r5 = bpf$MAP_CREATE(0x0, &(0x7f0000004440)=ANY=[@ANYRES32, @ANYBLOB='\x00'/20, @ANYRES32=0x0, @ANYRES32=r4, @ANYBLOB="020000"], 0x48)
r6 = fsmount(r3, 0x1, 0x0)
bpf$OBJ_PIN_MAP(0x6, &(0x7f00000000c0)=@generic={&(0x7f0000000000)='./file0\x00', r5}, 0x18)
write$FUSE_WRITE(r6, 0x0, 0x0)
r7 = openat$procfs(0xffffffffffffff9c, 0x0, 0x0, 0x0)
ioctl$KVM_SET_MSRS(0xffffffffffffffff, 0x4008ae89, &(0x7f0000000100)={0x1, 0x0, [{0x140, 0x0, 0x1}]})
pread64(r7, &(0x7f00000003c0)=""/128, 0x80, 0x9)

1.83828235s ago: executing program 6 (id=510):
socket$inet_icmp_raw(0x2, 0x3, 0x1)
syz_init_net_socket$bt_hci(0x1f, 0x3, 0x5)
syz_open_procfs$namespace(0x0, 0x0)
unshare(0x6a040000)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
socket(0x10, 0x803, 0x0)
socket$inet_sctp(0x2, 0x1, 0x84)
socket$kcm(0xa, 0x2, 0x0)
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r0, 0x0, 0x0)
r1 = socket$inet_sctp(0x2, 0x5, 0x84)
setsockopt$IP_VS_SO_SET_ADDDEST(r1, 0x0, 0x487, &(0x7f0000000000)={{0x84, @private=0xa010102, 0x4e20, 0x3, 'lc\x00', 0x5, 0x8, 0x77}, {@loopback, 0x4e20, 0x10000, 0x2, 0x2}}, 0x44)
socket(0x10, 0x3, 0x0)

1.81508832s ago: executing program 5 (id=511):
pipe(&(0x7f0000000040)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
vmsplice(r1, &(0x7f00000000c0)=[{&(0x7f0000000180)="77690addcfbe1fbb66ec", 0xff3b}], 0x1, 0x1)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000080)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
splice(r2, 0x0, r1, 0x0, 0x10000008ebc, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b70800000d0000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
r4 = bpf$MAP_CREATE(0x0, &(0x7f0000000740)=ANY=[@ANYBLOB="0b00000005000000000400000900000001"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000580)={0xa, 0x4, &(0x7f0000000480)=ANY=[@ANYBLOB="18000000000000000000000000000000850000006d"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r5 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000d80)={0x18, 0x5, &(0x7f0000000480)=ANY=[@ANYBLOB="1801000021"], 0x0, 0x40, 0x0, 0x0, 0x0, 0xb4a02fe0ce239f93, '\x00', 0x0, 0x2}, 0x94)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0xe, 0x0, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000800000000000000000000018110000", @ANYRES32=r4], 0x0, 0x0, 0x0, 0x0, 0x41100, 0x59, '\x00', 0x0, @fallback=0x2a, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, r5, 0x0, 0x0, 0x0, 0x0}, 0x94)
r6 = bpf$PROG_LOAD(0x5, &(0x7f0000000300)={0x6, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback=0x4, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000180)={r6, 0x2000000, 0xe, 0x0, &(0x7f0000000040)="630b008646dc3f0adf33c9f7b986", 0x0, 0xcf25, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x80}, 0x50)
splice(r0, 0x0, r3, 0x0, 0x25a5, 0x0)

1.75009765s ago: executing program 1 (id=512):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000100)={'wlan0\x00', <r1=>0x0})
r2 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
sendmsg$NL80211_CMD_SET_TX_BITRATE_MASK(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000300)={0x2c, r2, 0x1, 0x72bd25, 0x0, {{}, {@val={0x8, 0x3, r1}, @void}}, [@NL80211_ATTR_TX_RATES={0x10, 0x5a, 0x0, 0x1, [@NL80211_BAND_2GHZ={0xc, 0x0, 0x0, 0x1, [@NL80211_TXRATE_HT={0x4}, @NL80211_TXRATE_LEGACY={0x4}]}]}]}, 0x2c}, 0x1, 0x0, 0x0, 0x40000}, 0x0)

1.537228533s ago: executing program 5 (id=513):
r0 = socket$inet6_sctp(0xa, 0x1, 0x84)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
r2 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000e00), 0xffffffffffffffff)
close(0x3)
ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f0000000e40)={'wlan0\x00', <r3=>0x0})
sendmsg$NL80211_CMD_GET_SCAN(r1, &(0x7f0000000f00)={0x0, 0x0, &(0x7f0000000ec0)={&(0x7f0000000580)=ANY=[@ANYBLOB="1c000000", @ANYRES16=r2, @ANYBLOB="210f00000000fedbdf252000000008000300", @ANYRES32=r3], 0x1c}, 0x1, 0x0, 0x0, 0x48010}, 0x0)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
sendto$inet6(r0, &(0x7f0000000580)="b1", 0xffe0, 0x4000, 0x0, 0x0)
syz_genetlink_get_family_id$tipc(&(0x7f0000000200), r4)

1.485908333s ago: executing program 1 (id=514):
bpf$PROG_LOAD(0x5, 0x0, 0x0)
r0 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000080)={'wlan1\x00', <r1=>0x0})
r2 = syz_genetlink_get_family_id$nl80211(&(0x7f00000001c0), 0xffffffffffffffff)
sendmsg$NL80211_CMD_SET_CQM(r0, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000340)={0x2c, r2, 0x1, 0x70bd25, 0x0, {{}, {@val={0x8, 0x3, r1}, @void}}, [@NL80211_ATTR_CQM={0x10, 0x5e, 0x0, 0x1, [@NL80211_ATTR_CQM_RSSI_THOLD={0x4}, @NL80211_ATTR_CQM_RSSI_HYST={0x8, 0x2, 0x8000}]}]}, 0x2c}, 0x1, 0x0, 0x0, 0xc01}, 0xc000)

611.667213ms ago: executing program 5 (id=515):
syz_genetlink_get_family_id$netlbl_mgmt(0x0, 0xffffffffffffffff)
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000002680)=ANY=[@ANYBLOB="4001000010000100feffffbf00010000ac1414aa000000000000000000000000ac1414aa000000000000000000000000000107944e230005000000003a000000", @ANYRES32=0x0, @ANYRES32=0xee00, @ANYBLOB="7f000001000000000000000000000000000004d46c00000000000000000000000000000000000000000000000000000009000000000000000600000000000000ffff0000000000001c2508000000000002000000000000006d7e00000000000000000000000000000300000000000000ff7f0000000000001f00000000000000ff0100000000000002000000fcffffff000000002abd700000000000020001fd2000000000000000480003006465666c617465"], 0x140}, 0x1, 0x0, 0x0, 0xc801}, 0x800)
r1 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
setsockopt$inet6_IPV6_XFRM_POLICY(r1, 0x29, 0x23, &(0x7f00000003c0)={{{@in=@broadcast, @in=@private=0xa010101, 0x0, 0x0, 0x0, 0x0, 0x2}, {0x0, 0x0, 0x8}, {}, 0x0, 0x0, 0x1}, {{@in=@initdev={0xac, 0x1e, 0x0, 0x0}, 0x0, 0x33}, 0x0, @in6=@mcast1, 0x0, 0x0, 0x0, 0x10}}, 0xe8)
connect$inet6(r1, &(0x7f0000000040)={0xa, 0x0, 0x0, @ipv4={'\x00', '\xff\xff', @loopback}}, 0x1c)

579.395593ms ago: executing program 3 (id=516):
getsockopt$IP_SET_OP_GET_BYINDEX(0xffffffffffffffff, 0x1, 0x53, 0x0, 0x0)
r0 = openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0)
r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r2 = syz_genetlink_get_family_id$nfc(&(0x7f0000000100), r1)
ioctl$IOCTL_GET_NCIDEV_IDX(r0, 0x0, &(0x7f00000000c0)=<r3=>0x0)
sendmsg$NFC_CMD_DEV_UP(r1, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000002c0)=ANY=[@ANYBLOB="1c000000", @ANYRES16=r2, @ANYBLOB="010026bd7000fcdbdf250200000008000100", @ANYRES32=r3], 0x1c}}, 0x840)
write$nci(r0, &(0x7f0000000500)=ANY=[@ANYBLOB="71050b020306020e3604001947b516a24df44bb364e5d790adc26e2748be1bef9f1e"], 0x2a)
openat$cgroup(0xffffffffffffffff, 0x0, 0x200002, 0x0)

501.427034ms ago: executing program 1 (id=517):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_GET(r0, &(0x7f0000000280)={&(0x7f00000001c0)={0x10, 0x0, 0x0, 0x8000}, 0xc, &(0x7f0000000240)={&(0x7f0000000200)={0x14, 0x1, 0x1, 0x101, 0x0, 0x0, {0x0, 0x0, 0xa}}, 0x14}, 0x1, 0x0, 0x0, 0x80}, 0x8804)

501.052864ms ago: executing program 6 (id=518):
r0 = socket$can_j1939(0x1d, 0x2, 0x7)
ioctl$ifreq_SIOCGIFINDEX_vcan(r0, 0x8933, &(0x7f00000000c0)={'vcan0\x00', <r1=>0x0})
bind$can_j1939(r0, &(0x7f0000000000)={0x1d, r1, 0x3, {0x2, 0xff, 0x2}, 0xfe}, 0x18)
r2 = socket$can_j1939(0x1d, 0x2, 0x7)
bind$can_j1939(r2, &(0x7f0000000140)={0x1d, r1, 0x3, {0x1, 0xff, 0x4}}, 0x18)

178.833837ms ago: executing program 5 (id=519):
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
r1 = syz_open_dev$tty1(0xc, 0x4, 0x1)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x8)
r2 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
syz_open_dev$tty1(0xc, 0x4, 0x4)
epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, 0x0)
ioctl$PPPIOCGL2TPSTATS(0xffffffffffffffff, 0x80487436, 0x0)
ioctl$KDSKBSENT(r1, 0x4b49, &(0x7f00000000c0)={0x6, "ca77f2089159a3bf476a7d1d2417cb2c31db31fe005d49c005987a6f8620d9b3de2f96f4bd48d37568ff1e6c9dc521b351e1ca13c830ebdc50af9bf58ca4f11fec8aad5194c0ad1ecaff060ab2f75ff688b87d473c8c97f7151843e91777e0f2e0c8d275a5e0a10943182a240034b6722aaaf4831faf84f907e8e2caabf748298f2748ca044681b0d1e2a856512afddcb4e040bb0a589656e9349be52c18d8ebe37cc62385feec76532b069901887652f31b1d535369afb5a6b5b2cd91d91a15e1ae2463903563514147763e9ee7a048939f496fa1f10fdfb15fe59efcda704204534b56ce0c80b4e7eda976fa35bad67a6826915895b75a2422e84c9a8b6a6c181ea8755216e58ebc7f896f2312c56592454636a6958be786cce206d873384713eb2cc341906330941e1290a11289936152b916aac5fb1df33007935e640d01a5e5f686555ef638dc18757c696c4a1b4a28385b86e7b59611f822fe4112be40a72849b02cb4d5594b2272e7ad6556e2523bf594fb1682b08c92fc95240851c59b517302aa9db09db70ea0ed79ec4b84aeef957cf34f0eb3e32ce040eead24292fcb3b8e2c65e66577b0f8c0c05025849c05c867ec62debe288297de27bd36d071583d68ffe6e3c8a794e0432a4efebbfcf5aba09395deac0f850e10a8c30682531ac068bba863ef3f4e01191012cc5c0bec44df959b39d05771308ebbbc1ec8"})
setsockopt$inet6_int(r0, 0x29, 0xb, &(0x7f0000000040)=0xfffffff9, 0x4)
getsockopt$inet6_buf(r0, 0x29, 0x6, 0xffffffffffffffff, &(0x7f0000000180)=0xa4)
read$FUSE(0xffffffffffffffff, &(0x7f00000027c0)={0x2020}, 0x2038)
syz_mount_image$ext4(&(0x7f0000000900)='ext4\x00', &(0x7f0000000000)='./file1\x00', 0x1000040, &(0x7f0000000240)={[{@nouid32}, {@nodioread_nolock}, {@noquota}, {@jqfmt_vfsv1}, {@journal_dev={'journal_dev', 0x3d, 0x9}}, {@commit}]}, 0x1, 0x5a3, &(0x7f00000002c0)="$eJzs3T1sG3UbAPDnznHTj7xv+krvK72gDhUgFamqk/QDClO7IipV6oDEApHjRlWcuIodaKJIpHuF6IAAdSkbDIwgBgbEwsjKwseMVNEIpKYDGDk+p2nqFCfEMcS/n3TJ/3939vP8fX7OvtOdHEDfOtr4k0Y8EREXk4jhdcsGIlt4tLneyvJi8f7yYjGJev3Sz0kkEXFvebHYWj/J/h+KiKWI+H9EfJWPOJ6uPeW+VqM6vzA1Xi6XZrP+SG366kh1fuHElenxydJkaebU8y+cOXv6zNjJsfXp3q+v7+W3NtYb3998+8Y3L92++fEnR5aK744ncS6GsmXrx7GTmq9JPs5tmH+6G8F6KOl1AmxLLqvzRin9L4Yjl1V9O/X1O4fBXUkP6KL6YER9zbom0AcSRQ99qvU9oHH825p28/vHnfPNA5BG3JXlxeJb0Yo/0Dw3EftXj00O/pI8dGTSON48vJuJsictXY+I0YGBR9//Sfb+277RnUiQrvryfHNDPbr907X9T7TZ/wy1zp3+Ra3930q2/1tpEz+3yf7vYocxfnv1xw82jX99MJ5sGz9Zi5+0iZ9GxOsdxr/1yudnN1tW/zDiWLSP35I8/vzwyOUr5dJo82/bGF8cO/Li5uOPOLhJ/OY52/2riawf/74sp7TD8X/29adPLT0m/rNPP377t3v9D0TEOx3G/8+9j17ebNmd68ndxreArW7/JPJxu8P4z507+l3WdNYQAAAAAAAAAAB2ULp6LVuSFtbaaVooNO/h/W8cTMuVau345crczETzmrfDkU9bV1oNN/tJoz+WXY/b6p/c0D+VywLmDqz2C8VKeaLHYwcAAAAAAAAAAAAAAAAAAIC/i0Mb7v//Nbd6///Gn6sG9qrNf/Ib2OvUP/Svh+s/6VkewO7z+Q99q67+oX+pf+hf6h/6l/qH/tW2/g/sfh7A7vP5D/1L/QMAAAAAAAAAAAAAAAAAAAAAAAAAQFdcvHChMdXvLy8WG/2Jgfm5qcobJyZK1anC9FyxUKzMXi1MViqT5VKhWJn+s+dLKpWrozEzd22kVqrWRqrzC69NV+ZmWr8pWsp3fUQAAAAAAAAAAAAAAAAAAADwzzO0OiVpISLf7KdpoRDxr4g4nERy+Uq5NBoR/46Ib3P5wUZ/rNdJAwAAAAAAAAAAAAAAAAAAwB5TnV+YGi+XS7PdawxkoTp71A+1ruYzsJWVI2JpZ9NoPOOWH5XPXsDubqY+aeQ6fB/2faOHOyUAAAAAAAAAAAAAAAAAAOhTD2767fQRv3c3IQAAAAAAAAAAAAAAAAAAAOhL6U9JRDSmY8PPDG1cui9Zya3+j4g3b11679p4rTY71ph/d21+7f1s/sle5A90qlWnaUQ06hgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4oDq/MDVeLpdmt9kY7GCdXo8RAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAYDv+CAAA//9bQM66")
r5 = openat(0xffffffffffffff9c, &(0x7f0000000000)='./file1\x00', 0x143042, 0x80)
bpf$MAP_GET_NEXT_KEY(0x4, &(0x7f0000000500)={0xffffffffffffffff, 0x0, 0x0}, 0x20)
pwritev2(r5, &(0x7f0000000100)=[{&(0x7f0000000080)="ff", 0xabfe}], 0x1, 0x5405, 0x0, 0x0)

141.203768ms ago: executing program 6 (id=520):
r0 = socket$inet(0x2, 0x4000000000000001, 0x0)
setsockopt$inet_tcp_int(r0, 0x6, 0x80000000000002, &(0x7f00000004c0)=0x79, 0x4)
bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e23, @multicast1}, 0x10)
setsockopt$SO_ATTACH_FILTER(r0, 0x1, 0x1a, &(0x7f0000000000)={0x1, &(0x7f0000000280)=[{0x6, 0xfa, 0x0, 0xe4}]}, 0x10)
sendto$inet(r0, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10)
setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000100)='bbr', 0x3)
sendmmsg$inet(r0, &(0x7f0000001000)=[{{0x0, 0x0, &(0x7f0000000e80)=[{&(0x7f0000002300)="27cb1547d73d51c2b9eb909bbb859214eabfa995b909a5faccc33d38140dc15d080af6eaf18b2031f0c88867e93763c3466f13a7e1c71f9b7ed9652a901d80e85e1ba265a9837970a9a20940b0208fa916a034be9eb50defe37271f579ecbb2f7e6157f8bac11e6657ddcd368291be85f6fbe3696d907770e9214e33190c4f9d0a048b2442a7dde887cf7c3f2e7fca619e0f1717850a65d661e72c55a293a7e4332309066fc4e40951535235d7a51b3c1bdfc5996f817e817caf5d035e24b79089ab10bf1a15448774f85810bb5276a5", 0xd0}], 0x1}}, {{0x0, 0x0, &(0x7f00000007c0)=[{&(0x7f0000000140)="91790da0bd1c560e30633259f42abd712cb00cd5f83f5f8fd4be4ff744c36a3b11e84fb8d6e6ca9d8831796fb98a386d3ad837a9e92affe1ba18adfbe1ea97dfdc3e665f3d20948ea7a1f32fc8b737b8dbbad63cfea88639ec022f58243597a6a8f892a5bc1680da9111e2eefeaaa73f48fd9cb40256f609234533d1860d9694bdef8fb9152b0d6387dbbf25b8dbc5daf811a32c6dabce201eecc67cc65a2b6a95c7d696bb6087d6b2f347adf0a15f0d61cc543e33b70bd51768ef036cc9fe1513dfdf4e2668bc05d99df6e75a76a3cb006d987aca0b729f670084", 0xdb}], 0x1}}], 0x2, 0x0)
setsockopt$sock_int(r0, 0x1, 0x8, &(0x7f0000000600)=0xdfa, 0x4)
sendto$inet(r0, &(0x7f0000000580)="17", 0x59a, 0x10008095, 0x0, 0x0)

140.871668ms ago: executing program 3 (id=521):
r0 = socket$packet(0x11, 0x2, 0x300)
r1 = fsopen(&(0x7f0000000200)='configfs\x00', 0x0)
fsconfig$FSCONFIG_CMD_CREATE(r1, 0x6, 0x0, 0x0, 0x0)
r2 = fsmount(r1, 0x0, 0x0)
fchdir(r2)
r3 = openat(0xffffffffffffff9c, &(0x7f0000000040)='.\x00', 0x0, 0x0)
lseek(r3, 0x1, 0x1)
getdents64(r3, 0x0, 0x22)
ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r0, 0x8933, &(0x7f0000000180)={'batadv_slave_0\x00'})
close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2)
openat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x42, 0x0)
syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f0000000040)='./bus\x00', 0x2008042, &(0x7f00000000c0), 0x1, 0x571, &(0x7f0000000780)="$eJzs3c+PG1cdAPDvzP5yk7SbQA9QAQlQCCiKnXXaqOql5QJCVSVExQFxSJddZ7XEjkPsLd0lUrd/A0ggcYI/gQMSB6SeOHDjiMQBEOWAVCACJUgcBs3Yu+ts7MSNvXaz/nykybyZN+Pve/bOvOdnxy+AmXUuInYjYjEi3oyI5e7+pLvEq50lP+7undtr9+7cXksiy974Z1Lk5/ui55zcye5jliLim1+L+G7yYNzW9s711Xq9dqu7XWk3blZa2zsXNxurG7WN2o1q9crKlUsvXX6xOra6nm388oOvbr72rd/8+tPv/373yz/Mi3Wqm9dbj3HqVH1hP05uPiJeO4pgUzDXXS9OuRw8njQiPhYRnyuu/+WYK/46AYDjLMuWI1vu3QYAjru0GANL0nJEpGm3E1DujOE9GyfSerPVvnCtuXVjvTNWdjoW0mub9dqlM0t//H5x8EKSb68UeUV+sV09tH05Is5ExI+Xniq2y2vN+vp0ujwAMPNO9rb/EfGfpTQtl4c6tc+negDAE6M07QIAABOn/QeA2aP9B4DZM0T73/2wf/fIywIATIb3/wAwe7T/ADB7tP8AMFO+8frr+ZLd6/7+9fpb21vXm29dXK+1rpcbW2vlteatm+WNZnOj+M2exqMer95s3lx5IbberrRrrXaltb1ztdHcutG+Wvyu99XawkRqBQA8zJmz7/0hiYjdl58qluiZy0FbDcdbOsajgCfL3Cgn6yDAE81sXzC7hmrCi07C7468LMB09P0x71Lf5P1++iGC+J4RfKSc/+Tw4//meIbjxcg+zK7HG/9/ZezlACbvscf//zzecgCTl2XJ4Tn/F/ezAIBjaYSv8GXvjKsTAkzVoybzHsvn/wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHDMnIqI70WSlou5wNP837Rcjng6Ik7HQnJts167FBHPxNmIWFjKt1emXWgAYETp35Pu/F/nl58/dTh3MfnvUrGOiB/87I2fvL3abt9ayff/a3//0t70YdWD80aYVxAAGN5fhzmoaL+r3XXPG/m7d26v7S1HWMYHfPCV/clH1+7duV0snZz5yLIsiygVfYkT/05ivntOKSKei4i5McTffTciPtGv/kkxNnK6O/Npb/zoxn56ovHT++KnRV5nnT99Hx9DWWDWvJfff149fP3NFVfWueKI/td/qbhDja64/5Ui9u59B/e/veu9VJTmcPz8mj83bIwXfvv1B3Zmy528dyOem+8XP9mPnwyI//yQ8f/0qc/86JUBednPI85H//i9sSrtxs1Ka3vn4mZjdaO2UbtRrV5ZuXLppcsvVivFGHVlb6T6Qf94+cIzg8qW1//EgPidV/7kofov7p/7hSHr/4v/vfmdzx5sLh2O/6XP93/9ny3W/Z//vE384pDxV0/8auD03Xn89QH1f9Trf2HI+O//bWd9yEMBgAlobe9cX63Xa7dGSuTvQj/8WVmWvZOX4SHH5NnDPeBed3G06vwlisTB05JEEqM/P/cn8s7YMAcvjFyd+xJ7wyXjrk6fxPx+X3G8j/zth/+1DEosjhI0HXstHicRp7uJu5MKOpXbETBBBxf9tEsCAAAAAAAAAAAAAAAMMon/wzTtOgIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHB8/T8AAP//Z1e+LQ==")
r4 = openat(0xffffffffffffff9c, &(0x7f0000000040)='.\x00', 0x0, 0x8)
r5 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000002780)='/sys/kernel/debug/binder/transactions\x00', 0x0, 0x0)
read$FUSE(r5, 0x0, 0x0)
fchown(r4, 0x0, 0x0)
setsockopt$packet_add_memb(r0, 0x107, 0x1, 0x0, 0x0)
close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2)
r6 = openat(0xffffffffffffff9c, &(0x7f0000000000)='./file1\x00', 0x88040, 0x0)
recvmsg$unix(r6, 0x0, 0x102)

33.268979ms ago: executing program 1 (id=522):
r0 = openat$binderfs(0xffffffffffffff9c, 0x0, 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f0000003280)={0x73622a85, 0xa, 0x4})
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r1 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000001c0)=0x82002)
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000180))
io_setup(0x205, &(0x7f0000002500)=<r2=>0x0)
io_submit(r2, 0x0, 0x0)
io_pgetevents(r2, 0x0, 0x0, 0x0, 0x0, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r5 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r5, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000040)=ANY=[@ANYBLOB="300000006800090328bd7000fddbdf250a00030000000000"], 0x30}, 0x1, 0x0, 0x0, 0x2404e404}, 0x0)
r6 = socket(0x10, 0x2, 0x0)
ioctl$sock_ipv6_tunnel_SIOCADDTUNNEL(r6, 0x89f1, &(0x7f0000000780)={'ip6_vti0\x00', &(0x7f00000002c0)={'syztnl1\x00', 0x0, 0x29, 0x3, 0xc, 0x0, 0x0, @private2, @private1={0xfc, 0x1, '\x00', 0x1}, 0x20, 0x1, 0xfffffffb, 0xdc66}})
ioctl$sock_ipv6_tunnel_SIOCCHGTUNNEL(r6, 0x89f3, &(0x7f0000000080)={'syztnl1\x00', 0x0})
ioctl$int_in(0xffffffffffffffff, 0x5452, &(0x7f0000000000))
openat$binderfs(0xffffffffffffff9c, &(0x7f0000000200)='./binderfs/binder0\x00', 0x0, 0x0)
keyctl$invalidate(0x15, 0x0)
syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f0000000480)='./file1\x00', 0x0, &(0x7f0000000d80)={[{@min_batch_time={'min_batch_time', 0x3d, 0x573}}, {@max_dir_size_kb={'max_dir_size_kb', 0x3d, 0x1}}, {@nobarrier}, {@nojournal_checksum}, {@stripe}, {@usrjquota}], [{@obj_user={'obj_user', 0x3d, '%$\a\x00=!\x00\tN\xb9*\xc5rY\x93<\xd5\x91\xeb\x1e\xe2\xd8\xedz\xcc]\xcf{\x13\x14D\x8d\xe0\xc4\xd5\x16``&Y\xfeU\xf4<\xef\xc9\xf2N_r\x12\xe8F\xd1\x11\xa6\x8f<;\v\x86B\xa8\x16 C\x06\xad\xe2\xa41\xc1S\x06)w\xe4\xf1EZ\x9c,\xc2\x9cT.%\xadx\xdf\x1f\xda\xb5\v\x83\xd5\xf9*\x7f\xf0\x9d\xe2\xd6\xc4\xce\xd9+\xf4\x1c\xbe*\xe5\x9a\x87\xc2)\xad{RKH\xff,L\xea\"\x10\xfe\xd89\x95\x88\x0f\x17\x8eV\x1b{~,\a\x18\xf4\xc6\x9e\xed\x7f\xa9\x9f\xfe\xb0=\x16\x1c\x1e\n\x13{]\xca\xc6\x16\x7f\xc2\x8e\xa9q\xca:\f\xff\xe9\xca\xf7\x8e\xf4$\x92\x1c\xa2;*\xf8`\xe6i\x82A\xfb\x98\xeb;\x0e8YVT\x02\x00\x00\x00>\xc6\x92\xbb\x04(z\xc9zL\xa6\xdb\x02(\x93aTp\x9c^H\xfe\xf1\xd3\xa9\xe7<?\xaf\xce\xa0p\xfa]\xdaH*\xdf\x8cgB\xe9\xee\xcd'}}]}, 0xff, 0x44d, &(0x7f0000000900)="$eJzs3MtvG8UfAPDvrp30/Ut+UB4tLQQKouKRNOnzwKUIJA4gIcGhiFNI0qrUbaAJEq0qKBzKEVXijjgi8RdwggsCTkhc4Y4qVaiXFiQko13vpsa107hx6rb+fKRNZrzjzHx3d+zZGTsBDKyx7EcSsTkifouIkUb2vwXGGr+uXTk389eVczNJ1Otv/Jnk5a5eOTdTFi2ft6mRqdeL/Lo29V54O2K6Vps7XeQnFk++N7Fw5uzzx09OH5s7Nndq6tChfXt3Dh+Y2t+TOLO4rm7/aH7HtlfeuvjazJGL7/z0TdbezcX+5jh6ZaxxdNt6qteV9dmWpnRS7WND6EolIrLTNZT3/5GoxIalfSPx8qd9bRywpur1er3d+3PhfB24hyXR7xYA/VG+0Wf3v+V2m4Yed4TLhyPeP9iI/1qxNfZUIy3KDLXc3/bSWEQcOf/3l9kWazQPAQDQ7LvDEfFcu/FfGg82lftfsYYyGhH/j4j7IuL+iNgaEQ9E5GUfioiHu6y/dYXkxvFPeumWAluhbPz3QrG2tTT++6eex18YrRS5LXn8Q8nR47W5PcUx2R1D67L85DJ1fP/Sr5932tc8/su2rP5yLNiQXqq2TNDNTi9OrzLsJZc/idhebYk/l0S5jJNExLaI2N7VX75+h3H8ma93dCp18/iX0YN1pvpXEU83zv/5aIm/lHRcn5w8eGBq/8T6qM3tmSivihv9/MuF1zvVv6r4eyA7/xtbr//cUvyjyfqIhTNnT+TrtQvd13Hh98863tPc6vU/nLyZp4eLxz6cXlw8PRkxnLx64+NT159b5svyWfy7d7WLP81f48oj8UhEZBfxzoh4NCIeK9r+eEQ8ERG7lon/xxeffLf7+JeZle+hLP7Zm53/aD7/3ScqJ374tvv4S9n535endhePrOT1b6UNXM2xAwAAgLtFmn8GPknHl9JpOj7e+Az/1tiY1uYXFp89Ov/BqdnGZ+VHYygtZ7pGmuZDJ4u54TI/1ZLfW8wbf1HZkOfHZ+Zrs/0OHgbcpg79P/NHpd+tA9ac72vB4NL/YXDp/zC49H8YXPo/DK52/f/jPrQDuP28/8Pg0v9hcOn/MLj0fxhIHb8bn67qK/8S93wi0u6fVY07pPF3U6K64n9mcYuJdW139fuVCQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAoDf+DQAA//9X4u4v")

0s ago: executing program 6 (id=523):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000001800)=ANY=[@ANYBLOB="180000002500010324bd7002ffdbdf25010000000400ae"], 0x18}, 0x1, 0x0, 0x0, 0x4008}, 0x0)
recvmmsg(r0, &(0x7f0000006040)=[{{0x0, 0x0, &(0x7f0000000200)=[{&(0x7f0000000280)=""/106, 0x6a}, {&(0x7f0000000f00)=""/231, 0xe7}, {&(0x7f0000000300)=""/136, 0x88}, {&(0x7f00000072c0)=""/4108, 0x100c}, {&(0x7f00000001c0)=""/61, 0x3d}, {&(0x7f0000000000)=""/88, 0x58}, {&(0x7f0000000080)=""/125, 0x7d}], 0x7}, 0x70004}, {{0x0, 0x0, 0x0}, 0x9}, {{0x0, 0x0, 0x0}, 0x5}], 0x3, 0x100, 0x0)

kernel console output (not intermixed with test programs):


[   66.462274][ T4188] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[   66.473748][ T4188] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   66.485646][ T4188] batman_adv: batadv0: Interface activated: batadv_slave_0
[   66.500460][ T4188] batman_adv: batadv0: Interface activated: batadv_slave_1
[   66.509343][  T360] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[   66.517612][  T360] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[   66.525319][  T360] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready
[   66.533397][  T360] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready
[   66.541322][  T360] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready
[   66.550947][  T360] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[   66.560496][  T360] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready
[   66.570504][  T360] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[   66.579919][  T360] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
[   66.588881][  T360] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[   66.601954][ T4189] 8021q: adding VLAN 0 to HW filter on device batadv0
[   66.610495][ T4201] device veth0_vlan entered promiscuous mode
[   66.618540][ T4190] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[   66.630400][ T4190] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   66.642465][ T4190] batman_adv: batadv0: Interface activated: batadv_slave_1
[   66.660886][ T4187] device veth0_macvtap entered promiscuous mode
[   66.670062][  T360] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
[   66.679185][  T360] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[   66.690753][  T360] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready
[   66.699674][  T360] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[   66.709215][  T360] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready
[   66.721279][ T4188] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   66.730450][ T4188] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   66.739549][ T4188] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   66.750962][ T4188] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   66.769403][ T4190] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   66.779892][ T4190] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   66.789210][ T4190] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   66.799547][ T4190] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   66.813258][ T4201] device veth1_vlan entered promiscuous mode
[   66.827587][ T4187] device veth1_macvtap entered promiscuous mode
[   66.906459][  T360] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready
[   66.926942][  T360] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[   66.974548][ T4187] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[   66.988465][ T4187] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   66.999955][ T4187] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[   67.011359][ T4187] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   67.023563][ T4187] batman_adv: batadv0: Interface activated: batadv_slave_0
[   67.037670][  T360] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready
[   67.050140][  T360] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[   67.058923][  T360] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready
[   67.067730][  T360] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[   67.082209][ T4189] device veth0_vlan entered promiscuous mode
[   67.091145][ T4201] device veth0_macvtap entered promiscuous mode
[   67.099809][ T4187] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[   67.111668][ T4187] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   67.121743][ T4187] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[   67.132498][ T4187] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   67.143756][ T4187] batman_adv: batadv0: Interface activated: batadv_slave_1
[   67.161445][  T360] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready
[   67.170994][  T360] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready
[   67.179410][  T360] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[   67.189068][  T360] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
[   67.198136][  T360] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[   67.207424][  T360] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[   67.215269][  T360] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[   67.238991][ T4201] device veth1_macvtap entered promiscuous mode
[   67.248905][ T4187] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   67.259082][ T4187] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   67.269004][ T4187] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   67.278202][ T4187] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   67.300251][ T4189] device veth1_vlan entered promiscuous mode
[   67.334952][    T9] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   67.354219][    T9] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   67.368788][ T4230] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready
[   67.379956][ T4230] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready
[   67.388568][ T4230] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready
[   67.397465][ T4230] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready
[   67.427269][   T21] Bluetooth: hci4: command 0x040f tx timeout
[   67.435072][ T4201] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[   67.454345][ T4201] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   67.464572][   T21] Bluetooth: hci1: command 0x040f tx timeout
[   67.464901][ T4201] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[   67.471067][   T21] Bluetooth: hci2: command 0x040f tx timeout
[   67.487560][ T4201] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   67.488028][   T21] Bluetooth: hci0: command 0x040f tx timeout
[   67.497673][ T4201] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[   67.508088][   T21] Bluetooth: hci3: command 0x040f tx timeout
[   67.516809][ T4201] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   67.534132][ T4201] batman_adv: batadv0: Interface activated: batadv_slave_0
[   67.557836][ T4189] device veth0_macvtap entered promiscuous mode
[   67.570465][ T4230] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready
[   67.580288][ T4230] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[   67.592041][ T4230] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready
[   67.601003][ T4230] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[   67.610801][ T4230] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready
[   67.621276][ T4201] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[   67.633805][  T144] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   67.635995][ T4201] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   67.642233][  T144] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   67.657346][ T4201] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[   67.670781][ T4201] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   67.680990][ T4201] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[   67.691469][ T4201] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   67.702850][ T4201] batman_adv: batadv0: Interface activated: batadv_slave_1
[   67.727157][ T4189] device veth1_macvtap entered promiscuous mode
[   67.739258][  T154] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   67.747653][  T144] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready
[   67.756238][  T144] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready
[   67.763787][  T154] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   67.772676][  T144] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
[   67.783023][  T144] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[   67.792575][  T144] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready
[   67.818363][ T4189] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[   67.841318][ T4189] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   67.851592][ T4189] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[   67.862140][ T4189] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   67.872042][ T4189] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[   67.882922][ T4189] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   67.894455][ T4189] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[   67.905344][ T4189] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   67.925969][ T4189] batman_adv: batadv0: Interface activated: batadv_slave_0
[   67.943585][    T9] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   67.951250][ T4201] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   67.960920][    T9] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   67.977392][ T4201] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   67.986163][ T4201] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   67.995460][ T4201] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   68.007693][  T154] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready
[   68.015605][  T154] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready
[   68.024930][  T154] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[   68.041723][ T4189] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[   68.053130][ T4189] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   68.063508][ T4189] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[   68.075023][ T4189] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   68.085162][ T4189] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[   68.095904][ T4189] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   68.106111][ T4189] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[   68.117022][ T4189] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   68.128940][ T4189] batman_adv: batadv0: Interface activated: batadv_slave_1
[   68.189913][  T154] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
[   68.199654][  T154] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[   68.321603][ T4189] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   68.333550][ T4189] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   68.342519][ T4189] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   68.352423][ T4189] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   68.364692][  T154] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   68.383246][  T154] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   68.562330][ T4234] hid-generic 0006:0004:0009.0001: unknown main item tag 0x0
[   68.570626][ T4234] hid-generic 0006:0004:0009.0001: unknown main item tag 0x0
[   68.581538][ T4234] hid-generic 0006:0004:0009.0001: unknown main item tag 0x0
[   68.693014][ T4234] hid-generic 0006:0004:0009.0001: unknown main item tag 0x0
[   68.817334][  T154] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   68.827298][ T4234] hid-generic 0006:0004:0009.0001: unexpected long global item
[   68.882849][  T154] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   68.930861][ T4234] hid-generic: probe of 0006:0004:0009.0001 failed with error -22
[   69.272571][ T4271] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready
[   69.292596][ T4271] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready
[   69.329174][ T4244] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   69.380033][ T4244] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   69.396005][ T4276] loop0: detected capacity change from 0 to 128
[   69.426891][  T154] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready
[   69.491713][  T154] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   69.506181][ T4278] L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/l1tf.html for details.
[   69.507781][  T154] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   69.523420][ T4234] Bluetooth: hci0: command 0x0419 tx timeout
[   69.539760][  T144] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   69.568227][ T4234] Bluetooth: hci2: command 0x0419 tx timeout
[   69.568692][  T144] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   69.585840][ T4234] Bluetooth: hci1: command 0x0419 tx timeout
[   69.599333][ T4276] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none.
[   69.610520][ T4234] Bluetooth: hci4: command 0x0419 tx timeout
[   69.617117][ T4268] Bluetooth: hci3: command 0x0419 tx timeout
[   69.627259][ T4276] ext4 filesystem being mounted at /2/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[   69.646588][  T144] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready
[   69.664859][  T144] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready
[   69.678525][  T144] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   69.701977][  T144] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   69.798510][  T144] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready
[   70.256546][ T4288] No source specified
[   71.999056][ T1430] ieee802154 phy0 wpan0: encryption failed: -22
[   72.005685][ T1430] ieee802154 phy1 wpan1: encryption failed: -22
[   72.136281][    C0] sched: RT throttling activated
[   72.173882][ T4299] loop2: detected capacity change from 0 to 128
[   72.223227][ T4299] EXT4-fs (loop2): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none.
[   72.278501][ T4299] ext4 filesystem being mounted at /1/mnt supports timestamps until 2038-01-19 (0x7fffffff)
[   72.857222][ T4304] fscrypt (loop2, inode 12): Unsupported encryption flags (0x08)
[   73.598621][    T7] usb 2-1: new high-speed USB device number 2 using dummy_hcd
[   74.005360][ T2238] usb 4-1: new high-speed USB device number 2 using dummy_hcd
[   74.816342][ T2238] usb 4-1: Using ep0 maxpacket: 16
[   75.575180][ T4329] loop1: detected capacity change from 0 to 1024
[   75.619265][ T2238] usb 4-1: unable to read config index 0 descriptor/start: -71
[   76.106423][ T2238] usb 4-1: can't read configurations, error -71
[   76.203810][ T4332] netlink: 28 bytes leftover after parsing attributes in process `syz.0.15'.
[   76.214701][ T4332] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready
[   76.873081][ T4331] loop2: detected capacity change from 0 to 1024
[   77.147708][ T4329] =======================================================
[   77.147708][ T4329] WARNING: The mand mount option has been deprecated and
[   77.147708][ T4329]          and is ignored by this kernel. Remove the mand
[   77.147708][ T4329]          option from the mount to silence this warning.
[   77.147708][ T4329] =======================================================
[   77.213633][ T4331] EXT4-fs (loop2): inline encryption not supported
[   77.395047][ T4338] loop3: detected capacity change from 0 to 256
[   77.443787][ T4338] exfat: Bad value for 'umask'
[   78.181908][ T4331] EXT4-fs warning (device loop2): ext4_multi_mount_protect:403: Unable to create kmmpd thread for loop2.
[   78.510990][  T144] tipc: Subscription rejected, illegal request
[   79.182285][ T4344] loop3: detected capacity change from 0 to 512
[   79.239981][ T4329] EXT4-fs warning (device loop1): ext4_multi_mount_protect:403: Unable to create kmmpd thread for loop1.
[   80.612504][ T4344] EXT4-fs: error -4 creating inode table initialization thread
[   80.621616][ T4344] EXT4-fs (loop3): mount failed
[   81.106321][ T4362] loop4: detected capacity change from 0 to 2048
[   81.715914][ T4369] 9pnet: Insufficient options for proto=fd
[   81.830987][ T4374] device syzkaller0 entered promiscuous mode
[   82.326431][ T4181]  loop4: p1 < > p3 p4 < >
[   82.367227][ T4181] loop4: p3 start 4284289 is beyond EOD, truncated
[   82.442477][ T4377] loop2: detected capacity change from 0 to 128
[   82.938389][ T4381] xt_TPROXY: Can be used only with -p tcp or -p udp
[   83.175946][ T4362]  loop4: p1 < > p3 p4 < >
[   83.182008][ T4362] loop4: p3 start 4284289 is beyond EOD, truncated
[   83.798253][ T4377] EXT4-fs (loop2): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none.
[   83.865954][ T4377] ext4 filesystem being mounted at /4/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa supports timestamps until 2038-01-19 (0x7fffffff)
[   84.016239][ T4180] udevd[4180]: inotify_add_watch(7, /dev/loop4p4, 10) failed: No such file or directory
[   84.029240][ T4177] udevd[4177]: inotify_add_watch(7, /dev/loop4p1, 10) failed: No such file or directory
[   84.840016][ T4397] loop4: detected capacity change from 0 to 512
[   85.012832][ T4397] EXT4-fs (loop4): Mount option "journal_checksum" incompatible with ext3
[   85.094152][ T4177] udevd[4177]: inotify_add_watch(7, /dev/loop4p1, 10) failed: No such file or directory
[   85.107688][ T4180] udevd[4180]: inotify_add_watch(7, /dev/loop4p4, 10) failed: No such file or directory
[   87.378248][   T13] cfg80211: failed to load regulatory.db
[   87.386429][ T4410] loop3: detected capacity change from 0 to 512
[   88.459778][ T4410] EXT4-fs (loop3): Ignoring removed mblk_io_submit option
[   88.509104][ T4412] loop4: detected capacity change from 0 to 512
[   88.544581][ T4410] EXT4-fs (loop3): Ignoring removed mblk_io_submit option
[   88.766546][ T4412] EXT4-fs (loop4): 1 truncate cleaned up
[   88.772568][ T4412] EXT4-fs (loop4): mounted filesystem without journal. Opts: noload,stripe=0x000000000000030c,jqfmt=vfsv1,nojournal_checksum,jqfmt=vfsv1,usrjquota=,,errors=continue. Quota mode: none.
[   89.502130][ T4410] EXT4-fs (loop3): Test dummy encryption mode enabled
[   89.508976][ T4410] EXT4-fs (loop3): Ignoring removed oldalloc option
[   89.673247][ T4410] EXT4-fs (loop3): Ignoring removed mblk_io_submit option
[   89.680446][ T4410] EXT4-fs: Warning: mounting with data=journal disables delayed allocation, dioread_nolock, O_DIRECT and fast_commit support!
[   89.707252][ T4422] A link change request failed with some changes committed already. Interface veth0_vlan may have been left with an inconsistent configuration, please check.
[   89.743114][ T4201] EXT4-fs error (device loop4): ext4_free_branches:1030: inode #13: comm syz-executor: invalid indirect mapped block 4294901760 (level 0)
[   89.806975][ T4422] syz.1.37 (4422) used greatest stack depth: 21104 bytes left
[   89.813761][ T4201] EXT4-fs error (device loop4): ext4_free_branches:1030: inode #13: comm syz-executor: invalid indirect mapped block 4294967295 (level 1)
[   89.865276][ T4410] EXT4-fs (loop3): encrypted files will use data=ordered instead of data journaling mode
[   89.897524][ T4410] EXT4-fs: failed to create workqueue
[   89.907781][ T4410] EXT4-fs (loop3): mount failed
[   89.925549][ T4201] EXT4-fs error (device loop4): ext4_free_branches:1030: inode #13: comm syz-executor: invalid indirect mapped block 65535 (level 2)
[   90.015929][ T4431] device syzkaller0 entered promiscuous mode
[   90.055374][ T4431] tipc: Started in network mode
[   90.060692][ T4431] tipc: Node identity 4eae5d6c06b7, cluster identity 4711
[   90.118631][ T4431] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[   90.261152][ T4433] xt_TPROXY: Can be used only with -p tcp or -p udp
[   90.349890][ T4430] tipc: Resetting bearer <eth:syzkaller0>
[   91.216501][ T4430] tipc: Disabling bearer <eth:syzkaller0>
[   91.751043][ T4445] loop4: detected capacity change from 0 to 2048
[   91.827686][ T4445] EXT4-fs (loop4): mb_optimize_scan should be set to 0 or 1.
[   92.092936][ T4447] loop3: detected capacity change from 0 to 4096
[   92.111168][ T4268] tipc: Node number set to 1209621868
[   92.259978][ T4447] EXT4-fs (loop3): mounted filesystem without journal. Opts: grpid,mb_optimize_scan=0x0000000000000001,,errors=continue. Quota mode: writeback.
[   92.305346][ T4458] loop0: detected capacity change from 0 to 128
[   92.455380][ T4460] loop2: detected capacity change from 0 to 1024
[   92.461968][ T4264] usb 2-1: new high-speed USB device number 3 using dummy_hcd
[   92.533091][ T4460] EXT4-fs (loop2): inline encryption not supported
[   92.592353][ T4463] process 'syz.0.50' launched '/dev/fd/3' with NULL argv: empty string added
[   92.609231][ T4460] EXT4-fs (loop2): mounted filesystem without journal. Opts: jqfmt=vfsv1,stripe=0x0000000000000006,norecovery,noauto_da_alloc,debug_want_extra_isize=0x0000000000000080,jqfmt=vfsv1,inlinecrypt,acl,norecovery,,errors=continue. Quota mode: none.
[   92.633294][ T4268] usb 5-1: new high-speed USB device number 2 using dummy_hcd
[   93.135092][ T4471] xt_CONNSECMARK: invalid mode: 66
[   93.275594][ T4473] xt_TPROXY: Can be used only with -p tcp or -p udp
[   93.306140][ T4264] usb 2-1: unable to get BOS descriptor or descriptor too short
[   93.327535][ T4268] usb 5-1: too many endpoints for config 0 interface 0 altsetting 0: 253, using maximum allowed: 30
[   93.340626][ T4268] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[   93.387844][ T4268] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[   93.402061][ T4264] usb 2-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[   93.414159][ T4264] usb 2-1: config 1 has 2 interfaces, different from the descriptor's value: 3
[   93.475968][ T4268] usb 5-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 253
[   93.499351][ T4264] usb 2-1: too many endpoints for config 1 interface 1 altsetting 76: 188, using maximum allowed: 30
[   93.515039][ T4264] usb 2-1: config 1 interface 1 altsetting 76 has 0 endpoint descriptors, different from the interface descriptor's value: 188
[   93.532114][ T4264] usb 2-1: config 1 interface 1 altsetting 1 endpoint 0x1 has an invalid bInterval 0, changing to 7
[   93.603256][ T4264] usb 2-1: config 1 interface 1 has no altsetting 0
[   93.627021][ T4268] usb 5-1: New USB device found, idVendor=05ac, idProduct=8243, bcdDevice=8b.40
[   93.651598][ T4268] usb 5-1: New USB device strings: Mfr=11, Product=0, SerialNumber=0
[   93.709925][ T4268] usb 5-1: Manufacturer: syz
[   94.026163][ T4268] usb 5-1: config 0 descriptor??
[   94.225794][ T4447] bridge0: port 2(bridge_slave_1) entered disabled state
[   94.234787][ T4447] bridge0: port 1(bridge_slave_0) entered disabled state
[   94.321345][ T4264] usb 2-1: string descriptor 0 read error: -22
[   94.351183][ T4264] usb 2-1: New USB device found, idVendor=21b4, idProduct=0081, bcdDevice= 0.40
[   94.477956][ T4264] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[   94.805840][ T4268] appleir 0003:05AC:8243.0002: unknown main item tag 0x0
[   95.016769][ T4268] appleir 0003:05AC:8243.0002: No inputs registered, leaving
[   95.069795][ T4264] usb 2-1: cannot get ctl value: req = 0x83, wValue = 0x201, wIndex = 0x200, type = 4
[   95.080816][ T4268] appleir 0003:05AC:8243.0002: hiddev0,hidraw0: USB HID v0.00 Device [syz] on usb-dummy_hcd.4-1/input0
[   95.111730][ T4264] usb 2-1: 2:0: cannot get min/max values for control 2 (id 2)
[   95.170132][ T4268] usb 5-1: USB disconnect, device number 2
[   95.229412][ T4264] usb 2-1: cannot get ctl value: req = 0x83, wValue = 0x201, wIndex = 0x200, type = 4
[   95.251230][ T4264] usb 2-1: 2:0: cannot get min/max values for control 2 (id 2)
[   95.282966][ T4264] usb 2-1: cannot get ctl value: req = 0x83, wValue = 0x201, wIndex = 0x200, type = 4
[   95.464489][ T4264] usb 2-1: 2:0: cannot get min/max values for control 2 (id 2)
[   95.498098][ T4481] fido_id[4481]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.4/usb5/report_descriptor': No such file or directory
[   95.505339][ T4264] usb 2-1: USB disconnect, device number 3
[   95.639986][ T4485] loop2: detected capacity change from 0 to 512
[   95.768562][ T4485] EXT4-fs (loop2): Ignoring removed mblk_io_submit option
[   95.776018][ T4485] EXT4-fs (loop2): Ignoring removed mblk_io_submit option
[   95.784185][ T4485] EXT4-fs (loop2): Test dummy encryption mode enabled
[   95.791341][ T4485] EXT4-fs (loop2): Ignoring removed oldalloc option
[   95.798252][ T4485] EXT4-fs (loop2): Ignoring removed mblk_io_submit option
[   95.805470][ T4485] EXT4-fs (loop2): encrypted files will use data=ordered instead of data journaling mode
[   95.945916][ T4485] EXT4-fs (loop2): 1 truncate cleaned up
[   95.951863][ T4485] EXT4-fs (loop2): mounted filesystem without journal. Opts: errors=remount-ro,mblk_io_submit,mblk_io_submit,test_dummy_encryption=v1,oldalloc,mblk_io_submit,nogrpid,. Quota mode: none.
[   97.564620][ T4447] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[   97.667363][ T4447] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[   97.926524][ T4495] netlink: 216 bytes leftover after parsing attributes in process `syz.4.59'.
[   97.943834][ T4495] netlink: 8 bytes leftover after parsing attributes in process `syz.4.59'.
[   98.131122][ T4498] loop2: detected capacity change from 0 to 40427
[   98.175384][ T4498] F2FS-fs (loop2): Unrecognized mount option "age_extent_cache" or missing value
[   98.380695][ T4501] loop2: detected capacity change from 0 to 1024
[   98.389524][ T4447] netdevsim netdevsim3 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0
[   98.401824][ T4447] netdevsim netdevsim3 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0
[   98.423215][ T4447] netdevsim netdevsim3 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0
[   98.433134][ T4447] netdevsim netdevsim3 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0
[   98.459524][ T4501] EXT4-fs (loop2): inline encryption not supported
[   98.499973][ T4501] EXT4-fs (loop2): mounted filesystem without journal. Opts: jqfmt=vfsv1,stripe=0x0000000000000006,norecovery,noauto_da_alloc,debug_want_extra_isize=0x0000000000000080,jqfmt=vfsv1,inlinecrypt,acl,norecovery,,errors=continue. Quota mode: none.
[   98.670073][ T4191] usb 5-1: new high-speed USB device number 3 using dummy_hcd
[   98.753883][ T4447] syz.3.44 (4447) used greatest stack depth: 19696 bytes left
[   99.056028][ T4191] usb 5-1: config 220 has an invalid interface number: 76 but max is 2
[   99.099065][ T4191] usb 5-1: config 220 has an invalid descriptor of length 0, skipping remainder of the config
[   99.146153][ T4191] usb 5-1: config 220 has no interface number 2
[   99.178159][ T4191] usb 5-1: config 220 interface 1 altsetting 5 has 0 endpoint descriptors, different from the interface descriptor's value: 12
[   99.834886][ T4518] loop2: detected capacity change from 0 to 4096
[  100.274662][ T4191] usb 5-1: config 220 interface 0 has no altsetting 0
[  100.281972][ T4191] usb 5-1: config 220 interface 76 has no altsetting 0
[  100.293136][ T4191] usb 5-1: config 220 interface 1 has no altsetting 0
[  100.315640][ T4518] EXT4-fs (loop2): Ignoring removed bh option
[  100.415490][ T4518] EXT4-fs (loop2): mounted filesystem without journal. Opts: errors=remount-ro,bh,grpquota,stripe=0x0000000000000001,. Quota mode: writeback.
[  102.286956][ T4529] netlink: 16 bytes leftover after parsing attributes in process `syz.1.69'.
[  102.353929][ T4531] loop3: detected capacity change from 0 to 1024
[  102.381825][ T4531] EXT4-fs (loop3): inline encryption not supported
[  102.412691][ T4533] device syzkaller0 entered promiscuous mode
[  102.421111][ T4191] usb 5-1: New USB device found, idVendor=8086, idProduct=0b07, bcdDevice=6c.b9
[  102.431713][ T4191] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  102.439880][ T4191] usb 5-1: Product: syz
[  102.655181][ T4531] EXT4-fs error (device loop3): ext4_map_blocks:631: inode #3: block 2: comm syz.3.70: lblock 2 mapped to illegal pblock 2 (length 1)
[  102.838568][ T4531] EXT4-fs (loop3): Remounting filesystem read-only
[  102.877442][ T4531] Quota error (device loop3): qtree_write_dquot: dquota write failed
[  102.918326][ T4531] EXT4-fs error (device loop3): ext4_map_blocks:631: inode #3: block 48: comm syz.3.70: lblock 0 mapped to illegal pblock 48 (length 1)
[  103.037724][ T4531] EXT4-fs (loop3): Remounting filesystem read-only
[  103.061220][ T4541] loop0: detected capacity change from 0 to 1024
[  103.090313][ T4531] Quota error (device loop3): v2_write_file_info: Can't write info structure
[  103.122560][ T4531] EXT4-fs error (device loop3): ext4_acquire_dquot:6236: comm syz.3.70: Failed to acquire dquot type 0
[  103.156158][ T4541] EXT4-fs (loop0): inline encryption not supported
[  103.248856][ T4531] EXT4-fs (loop3): Remounting filesystem read-only
[  103.266136][ T4531] EXT4-fs error (device loop3) in ext4_reserve_inode_write:5873: Corrupt filesystem
[  103.294437][ T4541] EXT4-fs (loop0): mounted filesystem without journal. Opts: jqfmt=vfsv1,stripe=0x0000000000000006,norecovery,noauto_da_alloc,debug_want_extra_isize=0x0000000000000080,jqfmt=vfsv1,inlinecrypt,acl,norecovery,,errors=continue. Quota mode: none.
[  103.405350][ T4191] usb 5-1: Manufacturer: syz
[  103.433461][ T4531] EXT4-fs (loop3): Remounting filesystem read-only
[  103.474428][ T4191] usb 5-1: can't set config #220, error -71
[  103.492559][ T4531] EXT4-fs error (device loop3): ext4_evict_inode:284: inode #11: comm syz.3.70: mark_inode_dirty error
[  103.549975][ T4531] EXT4-fs (loop3): Remounting filesystem read-only
[  104.087600][ T4548] xt_TPROXY: Can be used only with -p tcp or -p udp
[  104.372713][ T4531] EXT4-fs warning (device loop3): ext4_evict_inode:287: couldn't mark inode dirty (err -117)
[  104.449157][ T4531] EXT4-fs (loop3): 1 orphan inode deleted
[  104.473384][ T4230] EXT4-fs error (device loop3): ext4_map_blocks:631: inode #3: block 1: comm kworker/u4:4: lblock 1 mapped to illegal pblock 1 (length 1)
[  104.473618][ T4191] usb 5-1: USB disconnect, device number 3
[  104.494215][ T4531] EXT4-fs (loop3): mounted filesystem without journal. Opts: abort,noblock_validity,grpquota,errors=remount-ro,auto_da_alloc,inlinecrypt,. Quota mode: writeback.
[  104.509253][ T4230] EXT4-fs (loop3): Remounting filesystem read-only
[  104.530028][ T4230] Quota error (device loop3): remove_tree: Can't read quota data block 1
[  104.530073][ T4230] EXT4-fs error (device loop3): ext4_release_dquot:6272: comm kworker/u4:4: Failed to release dquot type 0
[  104.533298][ T4230] EXT4-fs (loop3): Remounting filesystem read-only
[  104.543211][ T4189] EXT4-fs error (device loop3): __ext4_get_inode_loc:4334: comm syz-executor: Invalid inode table block 1 in block_group 0
[  104.544905][ T4189] EXT4-fs (loop3): Remounting filesystem read-only
[  104.544925][ T4189] EXT4-fs error (device loop3) in ext4_reserve_inode_write:5873: Corrupt filesystem
[  104.545133][ T4189] EXT4-fs (loop3): Remounting filesystem read-only
[  104.545147][ T4189] EXT4-fs error (device loop3): ext4_quota_off:6542: inode #3: comm syz-executor: mark_inode_dirty error
[  104.545348][ T4189] EXT4-fs (loop3): Remounting filesystem read-only
[  104.723808][ T4556] loop1: detected capacity change from 0 to 512
[  104.964451][ T4556] EXT4-fs (loop1): encrypted files will use data=ordered instead of data journaling mode
[  105.061551][ T4556] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=a002c028, mo2=0002]
[  105.062043][ T4556] System zones: 1-12
[  105.070838][ T4556] EXT4-fs (loop1): 1 truncate cleaned up
[  105.070863][ T4556] EXT4-fs (loop1): mounted filesystem without journal. Opts: max_batch_time=0x0000000000000004,max_batch_time=0x0000000000000002,debug,block_validity,errors=remount-ro,debug,. Quota mode: none.
[  105.526041][ T4568] netlink: 8 bytes leftover after parsing attributes in process `syz.0.76'.
[  105.526078][ T4568] netlink: 12 bytes leftover after parsing attributes in process `syz.0.76'.
[  105.526155][ T4568] netlink: 16 bytes leftover after parsing attributes in process `syz.0.76'.
[  105.526170][ T4568] netlink: 16 bytes leftover after parsing attributes in process `syz.0.76'.
[  105.754277][ T4576] loop3: detected capacity change from 0 to 16
[  105.947972][ T4576] erofs: (device loop3): mounted with root inode @ nid 36.
[  106.342950][ T4268] usb 2-1: new high-speed USB device number 4 using dummy_hcd
[  106.637260][ T4268] usb 2-1: device descriptor read/64, error -71
[  106.944265][ T4268] usb 2-1: new high-speed USB device number 5 using dummy_hcd
[  107.155530][ T4268] usb 2-1: device descriptor read/64, error -71
[  107.294663][ T4268] usb usb2-port1: attempt power cycle
[  107.764450][ T4268] usb 2-1: new high-speed USB device number 6 using dummy_hcd
[  107.860750][ T4268] usb 2-1: device descriptor read/8, error -71
[  108.159646][ T4268] usb 2-1: new high-speed USB device number 7 using dummy_hcd
[  108.300664][ T4598] capability: warning: `syz.3.88' uses deprecated v2 capabilities in a way that may be insecure
[  108.302434][ T4598] overlayfs: failed to create directory ./bus/work (errno: 13); mounting read-only
[  108.303233][ T4598] overlayfs: failed to resolve './file0': -2
[  108.319901][ T4268] usb 2-1: device descriptor read/8, error -71
[  108.431145][ T4601] tipc: Started in network mode
[  108.431309][ T4601] tipc: Node identity aaaaaaaaaa32, cluster identity 4711
[  108.444087][ T4601] tipc: Enabled bearer <eth:vlan0>, priority 16
[  108.445356][ T4601] netlink: 48 bytes leftover after parsing attributes in process `syz.3.89'.
[  108.465862][ T4268] usb usb2-port1: unable to enumerate USB device
[  108.842713][ T4605] xt_TPROXY: Can be used only with -p tcp or -p udp
[  109.545709][ T2301] tipc: Node number set to 10005162
[  109.692615][ T4607] capability: warning: `syz.0.91' uses 32-bit capabilities (legacy support in use)
[  110.690601][ T4619] loop4: detected capacity change from 0 to 16
[  110.760316][ T4618] loop0: detected capacity change from 0 to 512
[  110.793015][ T4619] erofs: (device loop4): mounted with root inode @ nid 36.
[  110.911096][ T4618] EXT4-fs (loop0): Ignoring removed mblk_io_submit option
[  110.918419][ T4618] EXT4-fs (loop0): Ignoring removed mblk_io_submit option
[  110.925618][ T4618] EXT4-fs (loop0): Test dummy encryption mode enabled
[  110.926870][ T2301] usb 4-1: new high-speed USB device number 4 using dummy_hcd
[  110.989355][ T4618] EXT4-fs (loop0): Ignoring removed oldalloc option
[  110.996494][ T4618] EXT4-fs (loop0): Ignoring removed mblk_io_submit option
[  111.003754][ T4618] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode
[  111.044224][ T4236] usb 2-1: new full-speed USB device number 8 using dummy_hcd
[  111.160758][ T4618] EXT4-fs (loop0): 1 truncate cleaned up
[  111.166686][ T4618] EXT4-fs (loop0): mounted filesystem without journal. Opts: errors=remount-ro,mblk_io_submit,mblk_io_submit,test_dummy_encryption=v1,oldalloc,mblk_io_submit,nogrpid,. Quota mode: none.
[  111.439950][ T4236] usb 2-1: config 0 has an invalid interface number: 41 but max is 0
[  111.455102][ T4236] usb 2-1: config 0 has no interface number 0
[  111.463512][ T4236] usb 2-1: config 0 interface 41 has no altsetting 0
[  111.528362][ T4625] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=64 (128 ns) > initial count (4 ns). Using initial count to start timer.
[  111.557722][ T2301] usb 4-1: config 1 interface 0 altsetting 0 endpoint 0x1 has invalid wMaxPacketSize 0
[  111.577587][ T2301] usb 4-1: config 1 interface 0 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 0
[  111.588124][ T2301] usb 4-1: config 1 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[  111.859800][ T2301] usb 4-1: New USB device found, idVendor=0525, idProduct=a4a8, bcdDevice= 0.41
[  111.924210][ T2301] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=11
[  111.953360][ T4635] loop4: detected capacity change from 0 to 512
[  112.011053][ T4635] EXT4-fs (loop4): encrypted files will use data=ordered instead of data journaling mode
[  112.066518][ T4635] EXT4-fs (loop4): 1 truncate cleaned up
[  112.072704][ T4236] usb 2-1: New USB device found, idVendor=0fe6, idProduct=9800, bcdDevice=d1.9a
[  112.091325][ T4236] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  112.105403][ T4635] EXT4-fs (loop4): mounted filesystem without journal. Opts: dioread_lock,resgid=0x0000000000000000,,errors=continue. Quota mode: none.
[  112.136447][ T4236] usb 2-1: Product: syz
[  112.150806][ T4236] usb 2-1: Manufacturer: syz
[  112.166949][ T4236] usb 2-1: SerialNumber: syz
[  112.212419][ T4236] usb 2-1: config 0 descriptor??
[  112.338775][ T2301] usb 4-1: Product: syz
[  112.346960][ T2301] usb 4-1: Manufacturer: syz
[  112.351220][ T4638] nf_conntrack: default automatic helper assignment has been turned off for security reasons and CT-based firewall rule not found. Use the iptables CT target to attach helpers instead.
[  112.351950][ T2301] usb 4-1: SerialNumber: syz
[  112.413798][ T4635] loop_set_status: loop4 () has still dirty pages (nrpages=1)
[  112.427935][ T4640] loop2: detected capacity change from 0 to 4096
[  112.453297][ T4201] EXT4-fs error (device loop4): htree_dirblock_to_tree:1112: inode #2: block 13: comm syz-executor: bad entry in directory: rec_len is smaller than minimal - offset=24, inode=11, rec_len=8, size=1024 fake=0
[  112.652638][ T4640] EXT4-fs (loop2): Test dummy encryption mode enabled
[  112.698898][ T4640] EXT4-fs (loop2): mounted filesystem without journal. Opts: test_dummy_encryption,grpquota,,errors=continue. Quota mode: writeback.
[  112.720467][ T2301] usblp 4-1:1.0: usblp0: USB Unidirectional printer dev 4 if 0 alt 0 proto 1 vid 0x0525 pid 0xA4A8
[  112.808653][ T4640] EXT4-fs error (device loop2): ext4_do_update_inode:5229: inode #15: comm syz.2.101: corrupted inode contents
[  112.942632][ T4640] EXT4-fs error (device loop2): ext4_dirty_inode:6077: inode #15: comm syz.2.101: mark_inode_dirty error
[  113.020795][ T4640] EXT4-fs error (device loop2): ext4_do_update_inode:5229: inode #15: comm syz.2.101: corrupted inode contents
[  113.029647][ T4272] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  113.073536][ T4640] EXT4-fs error (device loop2): __ext4_ext_dirty:183: inode #15: comm syz.2.101: mark_inode_dirty error
[  113.112615][ T4640] EXT4-fs error (device loop2): ext4_do_update_inode:5229: inode #15: comm syz.2.101: corrupted inode contents
[  113.127875][ T4264] usb 4-1: USB disconnect, device number 4
[  113.148477][ T4640] EXT4-fs error (device loop2): __ext4_ext_dirty:183: inode #15: comm syz.2.101: mark_inode_dirty error
[  113.168029][ T4648] fscrypt: AES-256-XTS using implementation "xts-aes-aesni"
[  113.170192][ T4264] usblp0: removed
[  113.182227][ T4236] CoreChips 2-1:0.41 (unnamed net_device) (uninitialized): sr_get_phy_addr : Error reading PHYID register:ffffffe0
[  113.223806][ T4640] EXT4-fs error (device loop2): ext4_do_update_inode:5229: inode #15: comm syz.2.101: corrupted inode contents
[  113.253979][ T4272] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  113.318947][ T4640] EXT4-fs error (device loop2): ext4_truncate:4286: inode #15: comm syz.2.101: mark_inode_dirty error
[  113.370573][ T4640] EXT4-fs error (device loop2) in ext4_setattr:5645: Corrupt filesystem
[  113.396341][ T4647] EXT4-fs error (device loop2): ext4_do_update_inode:5229: inode #15: comm syz.2.101: corrupted inode contents
[  113.484320][ T4272] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  113.731137][ T4659] loop0: detected capacity change from 0 to 4096
[  113.960328][ T4659] EXT4-fs (loop0): Ignoring removed bh option
[  114.084488][ T4659] EXT4-fs (loop0): mounted filesystem without journal. Opts: errors=remount-ro,bh,grpquota,stripe=0x0000000000000001,. Quota mode: writeback.
[  114.351031][ T4272] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  114.687788][ T4663] loop3: detected capacity change from 0 to 512
[  114.784218][ T4663] EXT4-fs (loop3): mounted filesystem without journal. Opts: nodioread_nolock,sb=0x0000000000000001,,errors=continue. Quota mode: writeback.
[  114.862862][ T4663] ext4 filesystem being mounted at /19/file2 supports timestamps until 2038-01-19 (0x7fffffff)
[  115.222732][ T4236] CoreChips 2-1:0.41 (unnamed net_device) (uninitialized): Failed to send software reset:ffffffb9
[  115.243678][ T4236] CoreChips 2-1:0.41 (unnamed net_device) (uninitialized): Failed to reset PHY: -71
[  115.965162][ T4236] CoreChips: probe of 2-1:0.41 failed with error -71
[  116.034968][ T4268] Bluetooth: hci4: command 0x0409 tx timeout
[  116.039447][ T4236] usb 2-1: USB disconnect, device number 8
[  116.050848][ T4657] chnl_net:caif_netlink_parms(): no params data found
[  117.382096][ T4657] bridge0: port 1(bridge_slave_0) entered blocking state
[  117.402824][ T4657] bridge0: port 1(bridge_slave_0) entered disabled state
[  117.425200][ T4657] device bridge_slave_0 entered promiscuous mode
[  117.454185][ T4657] bridge0: port 2(bridge_slave_1) entered blocking state
[  117.466909][ T4657] bridge0: port 2(bridge_slave_1) entered disabled state
[  117.486146][ T4657] device bridge_slave_1 entered promiscuous mode
[  117.498806][ T4236] usb 1-1: new high-speed USB device number 2 using dummy_hcd
[  117.524088][ T4657] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  117.547072][ T4657] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  117.573923][ T4191] usb 4-1: new high-speed USB device number 5 using dummy_hcd
[  117.663372][ T4657] team0: Port device team_slave_0 added
[  117.717743][ T4657] team0: Port device team_slave_1 added
[  117.765945][ T4236] usb 1-1: Using ep0 maxpacket: 32
[  117.798173][ T4191] usb 4-1: device descriptor read/64, error -71
[  117.844193][ T4657] batman_adv: batadv0: Adding interface: batadv_slave_0
[  117.865221][ T4657] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  117.905067][ T4236] usb 1-1: config 0 has an invalid interface number: 67 but max is 0
[  117.913205][ T4236] usb 1-1: config 0 has no interface number 0
[  117.938427][ T4657] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  117.960506][ T4657] batman_adv: batadv0: Adding interface: batadv_slave_1
[  117.967498][ T4657] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  118.051565][ T4657] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  118.095144][ T4693] loop1: detected capacity change from 0 to 40427
[  118.103599][ T4191] usb 4-1: new high-speed USB device number 6 using dummy_hcd
[  118.122285][ T4236] usb 1-1: New USB device found, idVendor=0424, idProduct=9901, bcdDevice=c2.57
[  118.148843][ T4236] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  118.164628][ T4236] usb 1-1: Product: syz
[  118.169860][ T4236] usb 1-1: Manufacturer: syz
[  118.176288][ T4236] usb 1-1: SerialNumber: syz
[  118.184804][ T4236] usb 1-1: config 0 descriptor??
[  118.185125][ T4657] device hsr_slave_0 entered promiscuous mode
[  118.203665][ T4657] device hsr_slave_1 entered promiscuous mode
[  118.211627][ T4657] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  118.223152][ T4657] Cannot create hsr debugfs directory
[  118.230301][ T4236] smsc95xx v2.0.0
[  118.247109][ T4693] F2FS-fs (loop1): Unrecognized mount option "age_extent_cache" or missing value
[  118.268914][ T2301] Bluetooth: hci4: command 0x041b tx timeout
[  118.310962][ T4191] usb 4-1: device descriptor read/64, error -71
[  118.439393][ T4191] usb usb4-port1: attempt power cycle
[  119.022604][ T4657] netdevsim netdevsim5 netdevsim0: renamed from eth0
[  119.149473][ T4657] netdevsim netdevsim5 netdevsim1: renamed from eth1
[  119.176977][ T4657] netdevsim netdevsim5 netdevsim2: renamed from eth2
[  119.297234][ T4272] device hsr_slave_0 left promiscuous mode
[  119.349913][ T4272] device hsr_slave_1 left promiscuous mode
[  119.407580][ T4272] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  119.444399][ T4272] batman_adv: batadv0: Removing interface: batadv_slave_0
[  119.510377][ T4272] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  119.551253][ T4272] batman_adv: batadv0: Removing interface: batadv_slave_1
[  119.587762][ T4272] device bridge_slave_1 left promiscuous mode
[  119.630514][ T4272] bridge0: port 2(bridge_slave_1) entered disabled state
[  119.694480][ T4272] device bridge_slave_0 left promiscuous mode
[  119.738554][ T4272] bridge0: port 1(bridge_slave_0) entered disabled state
[  119.850186][ T4272] device veth1_macvtap left promiscuous mode
[  119.857351][ T4272] device veth0_macvtap left promiscuous mode
[  119.965906][ T4272] device veth1_vlan left promiscuous mode
[  119.983348][ T4272] device veth0_vlan left promiscuous mode
[  120.491070][ T4236] smsc95xx 1-1:0.67 (unnamed net_device) (uninitialized): Failed to read reg index 0x00000030: -32
[  120.491090][   T21] Bluetooth: hci4: command 0x040f tx timeout
[  120.521961][ T4236] smsc95xx 1-1:0.67 (unnamed net_device) (uninitialized): Error reading E2P_CMD
[  120.544392][ T4236] smsc95xx 1-1:0.67 (unnamed net_device) (uninitialized): Failed to write reg index 0x00000014: -71
[  120.555727][ T4236] smsc95xx: probe of 1-1:0.67 failed with error -71
[  120.575447][ T4236] usb 1-1: USB disconnect, device number 2
[  120.581966][ T4191] usb 4-1: new high-speed USB device number 7 using dummy_hcd
[  120.861777][ T4272] team0 (unregistering): Port device team_slave_1 removed
[  120.877828][ T4191] usb 4-1: device not accepting address 7, error -71
[  120.892391][ T4272] team0 (unregistering): Port device team_slave_0 removed
[  120.912696][ T4272] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  120.932785][ T4272] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  120.973221][ T4734] loop0: detected capacity change from 0 to 40427
[  121.016390][ T4272] bond0 (unregistering): Released all slaves
[  121.046533][ T4734] F2FS-fs (loop0): invalid crc value
[  121.075300][ T4734] F2FS-fs (loop0): Found nat_bits in checkpoint
[  121.136328][ T4657] netdevsim netdevsim5 netdevsim3: renamed from eth3
[  121.261270][ T4734] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e5
[  121.349809][ T4743] loop3: detected capacity change from 0 to 512
[  121.422021][ T4657] 8021q: adding VLAN 0 to HW filter on device bond0
[  121.462607][ T4244] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[  121.477372][ T4244] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[  121.510555][ T4657] 8021q: adding VLAN 0 to HW filter on device team0
[  121.534045][ T4244] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[  121.556320][ T4743] EXT4-fs (loop3): mounted filesystem without journal. Opts: nodioread_nolock,sb=0x0000000000000001,,errors=continue. Quota mode: writeback.
[  121.576005][ T4244] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[  121.585873][ T4743] ext4 filesystem being mounted at /22/file2 supports timestamps until 2038-01-19 (0x7fffffff)
[  121.617639][ T4244] bridge0: port 1(bridge_slave_0) entered blocking state
[  121.624838][ T4244] bridge0: port 1(bridge_slave_0) entered forwarding state
[  121.632773][ T4244] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[  121.665226][  T144] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[  121.747080][  T144] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[  121.820511][  T144] bridge0: port 2(bridge_slave_1) entered blocking state
[  121.828006][  T144] bridge0: port 2(bridge_slave_1) entered forwarding state
[  121.835942][  T144] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[  121.858267][  T144] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[  122.269825][ T4657] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network
[  122.367657][ T4657] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[  122.508658][ T4271] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[  122.556267][ T4271] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[  122.630995][ T4271] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[  122.640070][ T4271] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[  122.657709][ T4271] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[  122.669441][ T4271] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[  122.681559][ T4271] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[  122.692497][ T4271] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[  122.704060][ T4271] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[  122.714761][ T4264] Bluetooth: hci4: command 0x0419 tx timeout
[  122.840087][ T4271] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[  124.759767][ T4792] loop3: detected capacity change from 0 to 4096
[  124.779141][ T4657] 8021q: adding VLAN 0 to HW filter on device batadv0
[  124.822047][ T4271] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready
[  124.843307][ T4271] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready
[  124.852635][ T4792] EXT4-fs (loop3): Test dummy encryption mode enabled
[  124.859571][ T4792] EXT4-fs (loop3): Ignoring removed orlov option
[  124.950734][ T4792] [EXT4 FS bs=4096, gc=1, bpg=524288, ipg=32, mo=a856c018, mo2=0003]
[  124.969681][ T4792] System zones: 0-5
[  125.000124][ T4792] EXT4-fs (loop3): mounted filesystem without journal. Opts: debug,delalloc,inode_readahead_blks=0x0000000000000000,test_dummy_encryption,errors=continue,orlov,grpquota,barrier,,errors=continue. Quota mode: writeback.
[  125.140074][ T4268] usb 1-1: new high-speed USB device number 3 using dummy_hcd
[  125.367402][ T4268] usb 1-1: device descriptor read/64, error -71
[  125.673722][ T4268] usb 1-1: new high-speed USB device number 4 using dummy_hcd
[  125.724611][  T144] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready
[  125.762832][  T144] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[  125.896443][ T4244] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready
[  125.904558][ T4268] usb 1-1: device descriptor read/64, error -71
[  125.916966][ T4244] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[  125.953361][ T4244] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[  125.985141][ T4244] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[  126.021280][ T4657] device veth0_vlan entered promiscuous mode
[  126.047135][ T4268] usb usb1-port1: attempt power cycle
[  126.083240][ T4657] device veth1_vlan entered promiscuous mode
[  126.194354][ T4244] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready
[  126.219197][ T4244] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[  126.243609][ T4657] device veth0_macvtap entered promiscuous mode
[  126.271702][ T4657] device veth1_macvtap entered promiscuous mode
[  126.326674][ T4657] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  126.350144][ T4657] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  126.371630][ T4657] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  126.406555][ T4657] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  126.428295][ T4657] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  126.451878][ T4657] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  126.480442][ T4657] batman_adv: batadv0: Interface activated: batadv_slave_0
[  126.503304][  T144] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready
[  126.517880][ T4268] usb 1-1: new high-speed USB device number 5 using dummy_hcd
[  126.527408][  T144] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready
[  126.567390][  T144] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready
[  126.609060][  T144] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[  126.624960][ T4268] usb 1-1: device descriptor read/8, error -71
[  126.643603][ T4657] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  126.672761][ T4657] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  126.704466][ T4657] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  126.739847][ T4657] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  126.777974][ T4657] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  126.813884][ T4657] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  126.854959][ T4657] batman_adv: batadv0: Interface activated: batadv_slave_1
[  126.885917][  T144] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
[  126.906669][  T144] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[  126.934546][ T4268] usb 1-1: new high-speed USB device number 6 using dummy_hcd
[  126.946181][ T4657] netdevsim netdevsim5 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  126.986207][ T4657] netdevsim netdevsim5 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  127.020078][ T4657] netdevsim netdevsim5 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  127.061315][ T4657] netdevsim netdevsim5 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  127.070981][ T4268] usb 1-1: device descriptor read/8, error -71
[  127.223565][ T4268] usb usb1-port1: unable to enumerate USB device
[  127.287261][  T144] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  127.304161][  T144] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  127.374109][ T4271] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready
[  127.408868][ T4271] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  127.466541][ T4271] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  127.501615][ T4271] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready
[  127.527195][ T4845] loop1: detected capacity change from 0 to 512
[  127.572038][ T4845] EXT4-fs (loop1): Unrecognized mount option "func=KEXEC_KERNEL_CHECK" or missing value
[  127.944834][ T4853] nf_conntrack: default automatic helper assignment has been turned off for security reasons and CT-based firewall rule not found. Use the iptables CT target to attach helpers instead.
[  131.975077][ T4868] loop5: detected capacity change from 0 to 256
[  133.037970][ T4870] usb usb7: usbfs: process 4870 (syz.5.135) did not claim interface 0 before use
[  133.577598][ T4880] loop0: detected capacity change from 0 to 4096
[  134.118260][ T4880] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback.
[  134.950358][ T4872] hid-generic 0006:0004:0009.0003: unknown main item tag 0x0
[  135.165467][ T4872] hid-generic 0006:0004:0009.0003: unknown main item tag 0x0
[  135.386432][ T4872] hid-generic 0006:0004:0009.0003: unknown main item tag 0x0
[  135.641627][ T4236] usb 1-1: new high-speed USB device number 7 using dummy_hcd
[  135.679537][ T4872] hid-generic 0006:0004:0009.0003: unknown main item tag 0x0
[  135.701162][ T4872] hid-generic 0006:0004:0009.0003: unexpected long global item
[  135.718761][ T4872] hid-generic: probe of 0006:0004:0009.0003 failed with error -22
[  135.921677][ T4236] usb 1-1: Using ep0 maxpacket: 16
[  136.054816][ T4236] usb 1-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  136.086739][ T4236] usb 1-1: config 1 has 1 interface, different from the descriptor's value: 3
[  136.297028][ T4236] usb 1-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[  136.299097][ T1430] ieee802154 phy0 wpan0: encryption failed: -22
[  136.314355][ T1430] ieee802154 phy1 wpan1: encryption failed: -22
[  137.228109][ T4236] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  137.236609][ T4236] usb 1-1: Product: syz
[  137.240817][ T4236] usb 1-1: Manufacturer: syz
[  137.245437][ T4236] usb 1-1: SerialNumber: syz
[  137.365536][ T4236] usb 1-1: can't set config #1, error -71
[  137.407246][ T4236] usb 1-1: USB disconnect, device number 7
[  139.182962][ T4935] loop0: detected capacity change from 0 to 512
[  139.927862][ T4935] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback.
[  140.273453][ T4935] ext4 filesystem being mounted at /30/bus supports timestamps until 2038-01-19 (0x7fffffff)
[  140.370422][ T4946] loop3: detected capacity change from 0 to 512
[  140.482397][ T4935] device batadv_slave_0 entered promiscuous mode
[  140.538587][ T4935] EXT4-fs error (device loop0): ext4_do_update_inode:5229: inode #2: comm syz.0.147: corrupted inode contents
[  140.649580][ T4946] EXT4-fs (loop3): ext4_check_descriptors: Checksum for group 0 failed (57259!=33349)
[  140.660812][ T4935] EXT4-fs error (device loop0): ext4_dirty_inode:6077: inode #2: comm syz.0.147: mark_inode_dirty error
[  140.741099][ T4342] Bluetooth: hci5: command 0x0409 tx timeout
[  140.763169][ T4946] EXT4-fs (loop3): orphan cleanup on readonly fs
[  140.813290][ T4935] EXT4-fs error (device loop0): ext4_do_update_inode:5229: inode #2: comm syz.0.147: corrupted inode contents
[  140.858245][ T4946] EXT4-fs error (device loop3): ext4_read_block_bitmap_nowait:510: comm syz.3.149: Block bitmap for bg 0 marked uninitialized
[  140.923242][ T4935] EXT4-fs error (device loop0): __ext4_ext_dirty:183: inode #2: comm syz.0.147: mark_inode_dirty error
[  140.987669][ T4930] chnl_net:caif_netlink_parms(): no params data found
[  141.037242][ T4946] EXT4-fs error (device loop3) in ext4_mb_clear_bb:6191: Corrupt filesystem
[  141.090155][ T4946] EXT4-fs (loop3): 1 orphan inode deleted
[  141.143335][ T4935] device batadv_slave_0 left promiscuous mode
[  141.158055][ T4946] EXT4-fs (loop3): mounted filesystem without journal. Opts: noinit_itable,jqfmt=vfsv1,lazytime,nodiscard,nobarrier,,errors=continue. Quota mode: none.
[  141.400364][ T4946] EXT4-fs (loop3): warning: mounting fs with errors, running e2fsck is recommended
[  141.454535][ T4946] EXT4-fs (loop3): re-mounted. Opts: . Quota mode: none.
[  141.471181][   T26] audit: type=1800 audit(1777948583.882:2): pid=4946 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.3.149" name="file1" dev="loop3" ino=15 res=0 errno=0
[  141.473026][ T4930] bridge0: port 1(bridge_slave_0) entered blocking state
[  141.494456][ T4946] EXT4-fs error (device loop3): ext4_read_block_bitmap_nowait:510: comm syz.3.149: Block bitmap for bg 0 marked uninitialized
[  141.587199][ T4930] bridge0: port 1(bridge_slave_0) entered disabled state
[  141.606245][ T4930] device bridge_slave_0 entered promiscuous mode
[  141.825787][ T4946] EXT4-fs error (device loop3) in ext4_setattr:5645: Corrupt filesystem
[  142.509533][ T4930] bridge0: port 2(bridge_slave_1) entered blocking state
[  142.522376][ T4930] bridge0: port 2(bridge_slave_1) entered disabled state
[  142.531865][ T4930] device bridge_slave_1 entered promiscuous mode
[  142.576699][ T4930] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  142.819802][ T4930] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  142.885588][ T4930] team0: Port device team_slave_0 added
[  142.904389][   T21] hid-generic 0006:0004:0009.0004: unknown main item tag 0x0
[  142.912015][   T21] hid-generic 0006:0004:0009.0004: unknown main item tag 0x0
[  142.919438][   T21] hid-generic 0006:0004:0009.0004: unknown main item tag 0x0
[  142.927124][   T21] hid-generic 0006:0004:0009.0004: unknown main item tag 0x0
[  142.934582][   T21] hid-generic 0006:0004:0009.0004: unexpected long global item
[  142.947675][   T21] hid-generic: probe of 0006:0004:0009.0004 failed with error -22
[  143.222100][ T4872] Bluetooth: hci5: command 0x041b tx timeout
[  143.304993][ T4930] team0: Port device team_slave_1 added
[  143.519686][   T26] audit: type=1326 audit(1777948585.688:3): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4969 comm="syz.0.154" exe="/root/ci2-linux-5-15-kasan/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3179825dd9 code=0x7ffc0000
[  143.898481][   T26] audit: type=1326 audit(1777948585.688:4): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4969 comm="syz.0.154" exe="/root/ci2-linux-5-15-kasan/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3179825dd9 code=0x7ffc0000
[  144.109013][ T4345] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  144.132133][   T26] audit: type=1326 audit(1777948585.725:5): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4969 comm="syz.0.154" exe="/root/ci2-linux-5-15-kasan/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3179825dd9 code=0x7ffc0000
[  144.192656][ T4872] usb 4-1: new high-speed USB device number 9 using dummy_hcd
[  144.217481][ T4988] loop1: detected capacity change from 0 to 4096
[  144.254332][ T4930] batman_adv: batadv0: Adding interface: batadv_slave_0
[  144.300373][ T4930] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  144.359337][ T4988] EXT4-fs (loop1): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback.
[  144.376877][   T26] audit: type=1326 audit(1777948585.735:6): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4969 comm="syz.0.154" exe="/root/ci2-linux-5-15-kasan/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3179825dd9 code=0x7ffc0000
[  144.513935][ T4930] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  144.546584][   T26] audit: type=1326 audit(1777948585.735:7): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4969 comm="syz.0.154" exe="/root/ci2-linux-5-15-kasan/syz-executor" sig=0 arch=c000003e syscall=258 compat=0 ip=0x7f3179825dd9 code=0x7ffc0000
[  144.642480][ T4345] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  144.650821][   T26] audit: type=1326 audit(1777948585.735:8): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4969 comm="syz.0.154" exe="/root/ci2-linux-5-15-kasan/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3179825dd9 code=0x7ffc0000
[  144.678443][   T26] audit: type=1326 audit(1777948585.735:9): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4969 comm="syz.0.154" exe="/root/ci2-linux-5-15-kasan/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3179825dd9 code=0x7ffc0000
[  144.687150][ T4872] usb 4-1: unable to get BOS descriptor or descriptor too short
[  144.703259][   T26] audit: type=1326 audit(1777948585.735:10): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4969 comm="syz.0.154" exe="/root/ci2-linux-5-15-kasan/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3179825dd9 code=0x7ffc0000
[  144.703305][   T26] audit: type=1326 audit(1777948585.735:11): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4969 comm="syz.0.154" exe="/root/ci2-linux-5-15-kasan/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3179825dd9 code=0x7ffc0000
[  144.761479][ T4930] batman_adv: batadv0: Adding interface: batadv_slave_1
[  144.768460][ T4930] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  144.834041][   T23] usb 2-1: new high-speed USB device number 9 using dummy_hcd
[  144.863418][ T4930] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  144.998939][ T4345] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  145.058622][ T4872] usb 4-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  145.101646][ T4872] usb 4-1: config 1 has 2 interfaces, different from the descriptor's value: 3
[  145.110684][ T4872] usb 4-1: config 1 interface 1 altsetting 1 endpoint 0x1 has an invalid bInterval 0, changing to 7
[  145.122651][   T23] usb 2-1: Using ep0 maxpacket: 16
[  145.207650][ T4872] usb 4-1: config 1 interface 1 altsetting 1 endpoint 0x1 has invalid wMaxPacketSize 0
[  145.249049][ T4345] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  145.261460][   T23] usb 2-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  145.278077][   T23] usb 2-1: config 1 has 1 interface, different from the descriptor's value: 3
[  145.287030][ T4991] loop5: detected capacity change from 0 to 40427
[  145.309175][ T4930] device hsr_slave_0 entered promiscuous mode
[  145.326932][ T4930] device hsr_slave_1 entered promiscuous mode
[  145.333677][ T4930] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  145.350556][ T4930] Cannot create hsr debugfs directory
[  145.379874][ T4991] F2FS-fs (loop5): Invalid log_blocksize (268), supports only 12
[  145.398610][ T4991] F2FS-fs (loop5): Can't find valid F2FS filesystem in 1th superblock
[  145.433192][ T4991] F2FS-fs (loop5): invalid crc value
[  145.444441][ T4342] Bluetooth: hci5: command 0x040f tx timeout
[  145.450649][ T4872] usb 4-1: New USB device found, idVendor=2b53, idProduct=0024, bcdDevice= 0.40
[  145.493312][ T4991] F2FS-fs (loop5): Found nat_bits in checkpoint
[  145.497195][ T4872] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  145.508147][   T23] usb 2-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[  145.517229][   T23] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  145.580169][ T4872] usb 4-1: Product: syz
[  145.591519][   T23] usb 2-1: Product: syz
[  145.603446][ T4872] usb 4-1: Manufacturer: syz
[  145.608162][   T23] usb 2-1: Manufacturer: syz
[  145.612989][ T4872] usb 4-1: SerialNumber: syz
[  145.623760][   T23] usb 2-1: SerialNumber: syz
[  145.714096][ T4991] F2FS-fs (loop5): Try to recover 1th superblock, ret: 0
[  145.725933][ T4991] F2FS-fs (loop5): Mounted with checkpoint version = 48b305e5
[  145.818735][ T4930] netdevsim netdevsim6 netdevsim0: renamed from eth0
[  145.830722][ T4930] netdevsim netdevsim6 netdevsim1: renamed from eth1
[  145.876179][ T4930] netdevsim netdevsim6 netdevsim2: renamed from eth2
[  145.905534][ T4930] netdevsim netdevsim6 netdevsim3: renamed from eth3
[  146.009322][   T23] usb 2-1: 0:2 : does not exist
[  146.116915][   T23] usb 2-1: USB disconnect, device number 9
[  146.205868][ T4179] udevd[4179]: error opening ATTR{/sys/devices/platform/dummy_hcd.1/usb2/2-1/2-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  146.208346][ T4872] usb 4-1: USB disconnect, device number 9
[  146.429491][ T4930] 8021q: adding VLAN 0 to HW filter on device bond0
[  146.494784][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[  146.507861][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[  146.566642][ T4930] 8021q: adding VLAN 0 to HW filter on device team0
[  146.683405][  T144] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[  146.728049][  T144] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[  146.757727][  T144] bridge0: port 1(bridge_slave_0) entered blocking state
[  146.764910][  T144] bridge0: port 1(bridge_slave_0) entered forwarding state
[  146.783737][ T5025] loop1: detected capacity change from 0 to 512
[  146.805852][  T144] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[  146.842900][  T144] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[  146.873990][  T144] bridge0: port 2(bridge_slave_1) entered blocking state
[  146.881165][  T144] bridge0: port 2(bridge_slave_1) entered forwarding state
[  146.901555][ T5025] EXT4-fs (loop1): revision level too high, forcing read-only mode
[  146.956844][ T5025] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=8800c01d, mo2=0102]
[  146.969106][  T144] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[  146.980537][  T144] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[  146.990828][  T144] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[  147.003508][  T144] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[  147.012474][  T144] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[  147.021106][  T144] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[  147.058273][  T144] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[  147.078792][  T144] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[  147.087612][ T5025] EXT4-fs (loop1): couldn't mount RDWR because of unsupported optional features (80)
[  147.106249][ T5025] EXT4-fs (loop1): Skipping orphan cleanup due to unknown ROCOMPAT features
[  147.152211][ T4272] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[  147.185179][ T5025] EXT4-fs (loop1): mounted filesystem without journal. Opts: nombcache,abort,noquota,noblock_validity,nolazytime,noblock_validity,resgid=0x0000000000000000,nobarrier,jqfmt=vfsold,,errors=continue. Quota mode: none.
[  147.185696][ T4272] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[  147.665904][ T4342] Bluetooth: hci5: command 0x0419 tx timeout
[  147.767377][ T5038] EXT4-fs warning (device loop1): dx_probe:893: inode #2: comm syz.1.159: dx entry: limit 65535 != root limit 120
[  147.779941][ T5038] EXT4-fs warning (device loop1): dx_probe:966: inode #2: comm syz.1.159: Corrupt directory, running e2fsck is recommended
[  148.453628][ T4930] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[  148.719416][ T5046] device syzkaller0 entered promiscuous mode
[  148.731405][ T5046] netlink: 8 bytes leftover after parsing attributes in process `syz.5.160'.
[  148.855465][  T144] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[  148.884041][  T144] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[  150.433741][ T5059] dccp_invalid_packet: invalid packet type
[  150.589788][ T4345] device hsr_slave_0 left promiscuous mode
[  150.613435][ T4345] device hsr_slave_1 left promiscuous mode
[  151.871358][ T4345] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  152.097343][ T4345] batman_adv: batadv0: Removing interface: batadv_slave_0
[  152.147724][ T5078] loop3: detected capacity change from 0 to 16
[  152.575761][ T5072] loop5: detected capacity change from 0 to 4096
[  152.583113][ T4345] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  152.590545][ T4345] batman_adv: batadv0: Removing interface: batadv_slave_1
[  152.644138][ T4345] device bridge_slave_1 left promiscuous mode
[  153.631005][ T4345] bridge0: port 2(bridge_slave_1) entered disabled state
[  153.671368][ T5078] erofs: (device loop3): mounted with root inode @ nid 36.
[  153.686011][ T5072] EXT4-fs (loop5): inline encryption not supported
[  153.699060][ T4345] device bridge_slave_0 left promiscuous mode
[  153.712694][ T4345] bridge0: port 1(bridge_slave_0) entered disabled state
[  153.721078][ T5078] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off.
[  153.722687][ T5072] EXT4-fs (loop5): Test dummy encryption mode enabled
[  153.765893][ T5082] loop1: detected capacity change from 0 to 16
[  153.861752][ T5082] erofs: (device loop1): mounted with root inode @ nid 36.
[  153.947987][ T5072] EXT4-fs: failed to create workqueue
[  154.137470][ T4345] device veth1_macvtap left promiscuous mode
[  154.156796][ T5072] EXT4-fs (loop5): mount failed
[  154.177820][ T4345] device veth0_macvtap left promiscuous mode
[  154.229519][ T4345] device veth1_vlan left promiscuous mode
[  154.235488][ T4345] device veth0_vlan left promiscuous mode
[  154.350240][ T5085] loop1: detected capacity change from 0 to 512
[  154.370886][ T5085] EXT4-fs (loop1): Unrecognized mount option "func=KEXEC_KERNEL_CHECK" or missing value
[  156.137846][ T4345] team0 (unregistering): Port device team_slave_1 removed
[  156.154368][ T4345] team0 (unregistering): Port device team_slave_0 removed
[  156.167973][ T4345] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  156.186393][ T4345] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  156.261038][ T4345] bond0 (unregistering): Released all slaves
[  156.420366][ T5109] device bridge_slave_0 left promiscuous mode
[  156.432752][ T5109] bridge0: port 1(bridge_slave_0) entered disabled state
[  156.437979][ T5111] loop0: detected capacity change from 0 to 256
[  156.483738][ T5109] device bridge_slave_1 left promiscuous mode
[  156.490899][ T5109] bridge0: port 2(bridge_slave_1) entered disabled state
[  156.535413][ T5109] bond0: (slave bond_slave_0): Releasing backup interface
[  156.557398][ T5111] exfat: Deprecated parameter 'namecase'
[  156.563317][ T5111] exfat: Deprecated parameter 'namecase'
[  156.576325][ T5111] exfat: Deprecated parameter 'namecase'
[  156.587339][ T5109] bond0: (slave bond_slave_1): Releasing backup interface
[  156.609522][ T5111] exFAT-fs (loop0): failed to load upcase table (idx : 0x0001fe89, chksum : 0x5174a95f, utbl_chksum : 0xe619d30d)
[  156.666924][ T5109] team0: Port device team_slave_0 removed
[  156.695699][ T5109] team0: Port device team_slave_1 removed
[  156.703316][ T5109] batman_adv: batadv0: Removing interface: batadv_slave_0
[  156.744313][ T5109] batman_adv: batadv0: Removing interface: batadv_slave_1
[  156.806063][ T4887] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready
[  156.824542][ T4887] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready
[  156.896850][ T4930] 8021q: adding VLAN 0 to HW filter on device batadv0
[  160.233781][ T4872] hid-generic 0006:0004:0009.0005: unknown main item tag 0x0
[  160.253634][ T4872] hid-generic 0006:0004:0009.0005: unknown main item tag 0x0
[  160.261098][ T4872] hid-generic 0006:0004:0009.0005: unknown main item tag 0x0
[  160.275441][ T4872] hid-generic 0006:0004:0009.0005: unknown main item tag 0x0
[  160.296378][ T4872] hid-generic 0006:0004:0009.0005: unexpected long global item
[  160.307658][ T4872] hid-generic: probe of 0006:0004:0009.0005 failed with error -22
[  161.383405][ T5147] loop3: detected capacity change from 0 to 512
[  161.465216][ T5144] loop0: detected capacity change from 0 to 4096
[  161.536852][ T5147] EXT4-fs (loop3): Unrecognized mount option "func=KEXEC_KERNEL_CHECK" or missing value
[  161.693505][ T4383] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready
[  161.713575][ T4383] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[  161.850943][ T5155] nf_conntrack: default automatic helper assignment has been turned off for security reasons and CT-based firewall rule not found. Use the iptables CT target to attach helpers instead.
[  162.080283][ T5144] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback.
[  162.475061][ T4230] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready
[  162.519974][ T4230] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[  162.614635][ T4930] device veth0_vlan entered promiscuous mode
[  162.634700][ T4230] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[  162.893908][ T4230] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[  163.859766][ T5169] 9pnet: Insufficient options for proto=fd
[  163.882836][ T4930] device veth1_vlan entered promiscuous mode
[  164.132348][ T4268] usb 1-1: new high-speed USB device number 8 using dummy_hcd
[  164.443574][ T4230] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready
[  164.464797][ T4230] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[  164.487906][ T4930] device veth0_macvtap entered promiscuous mode
[  164.882361][ T4930] device veth1_macvtap entered promiscuous mode
[  165.017170][ T4930] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  165.074825][ T4930] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  165.126309][ T4930] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  165.189887][ T4930] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  165.244377][ T4930] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  165.306357][ T4930] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  165.368414][ T4930] batman_adv: batadv0: Interface activated: batadv_slave_0
[  165.435796][ T4930] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  165.475946][ T4930] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  165.511831][ T4930] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  165.539795][ T4930] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  165.570786][ T4930] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  165.609747][ T4930] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  165.683211][ T4930] batman_adv: batadv0: Interface activated: batadv_slave_1
[  166.469183][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready
[  166.482008][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready
[  166.491440][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[  166.518801][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
[  166.546018][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[  168.649682][ T4930] netdevsim netdevsim6 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  168.701661][ T4930] netdevsim netdevsim6 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  168.734842][ T5201] loop5: detected capacity change from 0 to 512
[  168.787714][ T4930] netdevsim netdevsim6 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  168.832088][ T5201] EXT4-fs (loop5): Unrecognized mount option "func=KEXEC_KERNEL_CHECK" or missing value
[  168.866886][ T4930] netdevsim netdevsim6 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  169.199233][ T5210] nf_conntrack: default automatic helper assignment has been turned off for security reasons and CT-based firewall rule not found. Use the iptables CT target to attach helpers instead.
[  169.997714][ T5225] loop5: detected capacity change from 0 to 4096
[  170.134580][ T5225] EXT4-fs (loop5): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback.
[  170.237223][ T5213] loop1: detected capacity change from 0 to 40427
[  170.271976][ T4271] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  170.272741][ T5213] F2FS-fs (loop1): Invalid log_blocksize (268), supports only 12
[  170.287825][ T4271] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  170.315851][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready
[  170.342417][ T4230] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  170.352246][ T4230] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  170.370515][ T5213] F2FS-fs (loop1): Can't find valid F2FS filesystem in 1th superblock
[  170.389908][ T4230] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready
[  170.469546][ T4191] usb 6-1: new high-speed USB device number 2 using dummy_hcd
[  170.990714][ T5213] F2FS-fs (loop1): Found nat_bits in checkpoint
[  171.686982][ T5213] F2FS-fs (loop1): Try to recover 1th superblock, ret: 0
[  171.730946][ T5213] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e5
[  171.837372][ T4191] usb 6-1: Using ep0 maxpacket: 16
[  171.992590][ T5213] attempt to access beyond end of device
[  171.992590][ T5213] loop1: rw=2049, want=45104, limit=40427
[  172.874102][ T4191] usb 6-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  172.884278][ T4191] usb 6-1: config 1 has 1 interface, different from the descriptor's value: 3
[  173.377361][ T5262] tipc: Enabling of bearer <udp:s> rejected, failed to enable media
[  174.636549][ T5244] loop6: detected capacity change from 0 to 40427
[  175.043410][ T4191] usb 6-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[  175.082644][ T4191] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  175.911195][ T4191] usb 6-1: Product: syz
[  176.849245][ T4191] usb 6-1: can't set config #1, error -71
[  177.100689][ T5291] loop0: detected capacity change from 0 to 512
[  177.148562][ T4191] usb 6-1: USB disconnect, device number 2
[  177.345023][ T5291] EXT4-fs (loop0): Unrecognized mount option "func=KEXEC_KERNEL_CHECK" or missing value
[  177.466498][ T5299] loop5: detected capacity change from 0 to 1024
[  177.629956][ T5299] EXT4-fs (loop5): Ignoring removed nomblk_io_submit option
[  177.659866][ T5299] EXT4-fs (loop5): Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE
[  177.723116][ T5299] [EXT4 FS bs=1024, gc=1, bpg=131072, ipg=32, mo=e855c01c, mo2=0003]
[  177.750441][ T5299] System zones: 0-1, 3-36
[  177.794953][ T5299] EXT4-fs (loop5): mounted filesystem without journal. Opts: grpquota,delalloc,resuid=0x0000000000000000,debug,dioread_nolock,bsddf,nomblk_io_submit,noauto_da_alloc,,errors=continue. Quota mode: writeback.
[  179.186749][ T5333] netlink: 24 bytes leftover after parsing attributes in process `syz.5.214'.
[  180.265575][ T5341] loop5: detected capacity change from 0 to 512
[  180.501892][ T5341] EXT4-fs (loop5): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback.
[  180.548963][ T5341] ext4 filesystem being mounted at /21/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  181.708009][ T5358] loop3: detected capacity change from 0 to 512
[  181.786368][ T4191] usb 1-1: new high-speed USB device number 9 using dummy_hcd
[  181.851225][ T5358] EXT4-fs (loop3): mounted filesystem without journal. Opts: nodioread_nolock,sb=0x0000000000000001,,errors=continue. Quota mode: writeback.
[  181.889777][ T5358] ext4 filesystem being mounted at /54/file2 supports timestamps until 2038-01-19 (0x7fffffff)
[  182.213709][ T4191] usb 1-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  182.245599][ T4191] usb 1-1: config 1 has 1 interface, different from the descriptor's value: 3
[  182.352664][ T4191] usb 1-1: New USB device found, idVendor=08b7, idProduct=0000, bcdDevice= 0.00
[  182.372728][ T4191] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3
[  182.402971][ T4191] usb 1-1: SerialNumber: syz
[  182.718574][ T4191] usb 1-1: 0:2 : does not exist
[  182.780944][ T4191] usb 1-1: USB disconnect, device number 9
[  183.060447][ T5016] udevd[5016]: error opening ATTR{/sys/devices/platform/dummy_hcd.0/usb1/1-1/1-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  184.559929][ T5408] loop0: detected capacity change from 0 to 4096
[  184.656279][ T5408] EXT4-fs (loop0): inline encryption not supported
[  184.927207][ T5408] EXT4-fs (loop0): Test dummy encryption mode enabled
[  185.516606][ T5408] [EXT4 FS bs=4096, gc=1, bpg=524288, ipg=32, mo=a842c018, mo2=0003]
[  185.555024][ T5408] System zones: 0-5
[  185.698381][ T5408] EXT4-fs (loop0): mounted filesystem without journal. Opts: debug,delalloc,inlinecrypt,test_dummy_encryption,errors=continue,errors=continue,delalloc,barrier,,errors=continue. Quota mode: writeback.
[  185.763088][ T5426] loop6: detected capacity change from 0 to 256
[  185.927655][ T5426] FAT-fs (loop6): Directory bread(block 64) failed
[  185.978259][ T5426] FAT-fs (loop6): Directory bread(block 65) failed
[  185.989027][ T5426] FAT-fs (loop6): Directory bread(block 66) failed
[  185.995633][ T5426] FAT-fs (loop6): Directory bread(block 67) failed
[  186.058387][ T5426] FAT-fs (loop6): Directory bread(block 68) failed
[  186.088232][ T5426] FAT-fs (loop6): Directory bread(block 69) failed
[  186.099947][ T5426] FAT-fs (loop6): Directory bread(block 70) failed
[  186.107774][ T5408] fscrypt (loop0): Error allocating 'cts(cbc(aes))' transform: -4
[  186.108783][ T5426] FAT-fs (loop6): Directory bread(block 71) failed
[  186.125992][ T5426] FAT-fs (loop6): Directory bread(block 72) failed
[  186.133025][ T5426] FAT-fs (loop6): Directory bread(block 73) failed
[  186.158278][ T5430] fscrypt: AES-256-CTS-CBC using implementation "cts-cbc-aes-aesni"
[  187.457531][ T5452] KVM: KVM_SET_CPUID{,2} after KVM_RUN may cause guest instability
[  187.517980][ T5452] KVM: KVM_SET_CPUID{,2} will fail after KVM_RUN starting with Linux 5.16
[  187.691180][ T5466] netlink: 12 bytes leftover after parsing attributes in process `syz.6.232'.
[  188.991179][ T5476] loop0: detected capacity change from 0 to 4096
[  189.920315][ T5476] EXT4-fs (loop0): Quota format mount options ignored when QUOTA feature is enabled
[  189.930377][ T5476] EXT4-fs (loop0): inline encryption not supported
[  189.937090][ T5476] EXT4-fs (loop0): Test dummy encryption mode enabled
[  190.060498][ T5476] [EXT4 FS bs=4096, gc=1, bpg=524288, ipg=32, mo=a85ec028, mo2=0003]
[  190.112980][ T5476] System zones: 0-5
[  190.135352][ T5476] EXT4-fs (loop0): mounted filesystem without journal. Opts: debug,jqfmt=vfsv0,inlinecrypt,errors=remount-ro,test_dummy_encryption=v1,usrquota,delalloc,nogrpid,grpquota,. Quota mode: writeback.
[  190.158786][ T5457] loop1: detected capacity change from 0 to 40427
[  190.236527][ T5457] F2FS-fs (loop1): Invalid log_blocksize (268), supports only 12
[  190.274598][ T5457] F2FS-fs (loop1): Can't find valid F2FS filesystem in 1th superblock
[  190.350213][ T5493] loop3: detected capacity change from 0 to 512
[  190.362948][ T5457] F2FS-fs (loop1): invalid crc value
[  190.459578][ T5457] F2FS-fs (loop1): Found nat_bits in checkpoint
[  190.546868][ T5491] overlayfs: failed to resolve './bus': -2
[  190.554389][ T5493] EXT4-fs (loop3): mounted filesystem without journal. Opts: nodioread_nolock,sb=0x0000000000000001,,errors=continue. Quota mode: writeback.
[  190.642515][ T5493] ext4 filesystem being mounted at /58/file2 supports timestamps until 2038-01-19 (0x7fffffff)
[  192.429434][ T5524] netlink: 24 bytes leftover after parsing attributes in process `syz.1.245'.
[  192.924675][ T5524] loop1: detected capacity change from 0 to 512
[  193.231383][ T4191] Bluetooth: hci2: command 0x0406 tx timeout
[  193.237490][ T4191] Bluetooth: hci1: command 0x0406 tx timeout
[  193.245447][ T4300] Bluetooth: hci0: command 0x0406 tx timeout
[  193.490471][ T5524] EXT4-fs (loop1): Unrecognized mount option "obj_user=%$" or missing value
[  193.948799][ T5534] binder: 5531:5534 ioctl c0306201 2000000003c0 returned -14
[  195.090555][ T2301] usb 1-1: new high-speed USB device number 10 using dummy_hcd
[  195.377289][ T5556] loop5: detected capacity change from 0 to 256
[  195.475073][ T2301] usb 1-1: Using ep0 maxpacket: 16
[  195.685911][ T5559] loop6: detected capacity change from 0 to 512
[  195.720483][ T5556] FAT-fs (loop5): Directory bread(block 64) failed
[  195.735061][ T5559] EXT4-fs (loop6): Ignoring removed mblk_io_submit option
[  195.742591][ T5559] EXT4-fs (loop6): Ignoring removed mblk_io_submit option
[  195.749951][ T5559] EXT4-fs (loop6): Test dummy encryption mode enabled
[  195.756896][ T5559] EXT4-fs (loop6): Ignoring removed oldalloc option
[  195.763677][ T5559] EXT4-fs (loop6): Ignoring removed mblk_io_submit option
[  195.770833][ T5559] EXT4-fs (loop6): encrypted files will use data=ordered instead of data journaling mode
[  195.781195][ T5556] FAT-fs (loop5): Directory bread(block 65) failed
[  195.788770][ T2301] usb 1-1: config index 0 descriptor too short (expected 51443, got 18)
[  195.798366][ T5556] FAT-fs (loop5): Directory bread(block 66) failed
[  195.864664][ T5556] FAT-fs (loop5): Directory bread(block 67) failed
[  195.943872][ T5556] FAT-fs (loop5): Directory bread(block 68) failed
[  196.019967][ T5556] FAT-fs (loop5): Directory bread(block 69) failed
[  196.026711][ T5556] FAT-fs (loop5): Directory bread(block 70) failed
[  196.042766][ T5559] EXT4-fs (loop6): 1 truncate cleaned up
[  196.048489][ T5559] EXT4-fs (loop6): mounted filesystem without journal. Opts: errors=remount-ro,mblk_io_submit,mblk_io_submit,test_dummy_encryption=v1,oldalloc,mblk_io_submit,nogrpid,. Quota mode: none.
[  196.052176][ T5556] FAT-fs (loop5): Directory bread(block 71) failed
[  196.504542][   T26] kauditd_printk_skb: 45 callbacks suppressed
[  196.504564][   T26] audit: type=1326 audit(1777948635.079:57): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5562 comm="syz.1.255" exe="/root/ci2-linux-5-15-kasan/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fbedbd01dd9 code=0x0
[  196.613082][ T5556] FAT-fs (loop5): Directory bread(block 72) failed
[  196.620419][ T2301] usb 1-1: New USB device found, idVendor=17ef, idProduct=721e, bcdDevice=de.06
[  196.654711][ T2301] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  196.682426][ T5556] FAT-fs (loop5): Directory bread(block 73) failed
[  196.714571][ T2301] usb 1-1: Product: syz
[  196.718804][ T2301] usb 1-1: Manufacturer: syz
[  196.785817][ T2301] usb 1-1: SerialNumber: syz
[  196.844452][ T2301] r8152-cfgselector 1-1: config 0 descriptor??
[  197.400157][ T2301] r8152-cfgselector 1-1: Unknown version 0x0000
[  197.446601][ T2301] r8152-cfgselector 1-1: USB disconnect, device number 10
[  197.621447][ T5586] loop3: detected capacity change from 0 to 128
[  197.678272][ T5586] FAT-fs (loop3): Invalid FSINFO signature: 0x41615200, 0x61417272 (sector = 1)
[  198.090233][ T5589] loop5: detected capacity change from 0 to 16
[  198.333641][ T5589] erofs: (device loop5): mounted with root inode @ nid 36.
[  198.550624][ T5592] loop1: detected capacity change from 0 to 512
[  198.659053][ T5596] loop0: detected capacity change from 0 to 4096
[  198.777259][ T5596] EXT4-fs (loop0): Quota format mount options ignored when QUOTA feature is enabled
[  198.811281][ T5596] EXT4-fs (loop0): inline encryption not supported
[  198.826138][ T5592] EXT4-fs (loop1): mounted filesystem without journal. Opts: nodioread_nolock,sb=0x0000000000000001,,errors=continue. Quota mode: writeback.
[  198.857186][ T5592] ext4 filesystem being mounted at /58/file2 supports timestamps until 2038-01-19 (0x7fffffff)
[  198.858731][ T4345] FAT-fs (loop3): Invalid FSINFO signature: 0x41615200, 0x61417272 (sector = 1)
[  198.884588][ T5596] [EXT4 FS bs=4096, gc=1, bpg=524288, ipg=32, mo=8856c019, mo2=0003]
[  198.903142][ T4345] attempt to access beyond end of device
[  198.903142][ T4345] loop3: rw=1, want=897, limit=128
[  198.915291][ T5596] EXT4-fs (loop0): mounted filesystem without journal. Opts: debug,jqfmt=vfsv0,inlinecrypt,dioread_nolock,barrier=0x0000000000010004,errors=continue,delalloc,nombcache,grpquota,noblock_validity,,errors=continue. Quota mode: writeback.
[  200.123419][ T5629] loop6: detected capacity change from 0 to 256
[  200.281638][ T5629] FAT-fs (loop6): Directory bread(block 64) failed
[  200.294355][ T5629] FAT-fs (loop6): Directory bread(block 65) failed
[  200.326650][ T5629] FAT-fs (loop6): Directory bread(block 66) failed
[  200.347070][ T5629] FAT-fs (loop6): Directory bread(block 67) failed
[  200.390769][ T5629] FAT-fs (loop6): Directory bread(block 68) failed
[  200.397376][ T5629] FAT-fs (loop6): Directory bread(block 69) failed
[  200.433328][ T5629] FAT-fs (loop6): Directory bread(block 70) failed
[  200.461635][ T5629] FAT-fs (loop6): Directory bread(block 71) failed
[  200.483316][ T5629] FAT-fs (loop6): Directory bread(block 72) failed
[  200.497863][ T5629] FAT-fs (loop6): Directory bread(block 73) failed
[  201.994356][ T1430] ieee802154 phy0 wpan0: encryption failed: -22
[  202.006275][ T1430] ieee802154 phy1 wpan1: encryption failed: -22
[  202.567422][ T5662] loop6: detected capacity change from 0 to 16
[  202.840911][ T5662] erofs: (device loop6): mounted with root inode @ nid 36.
[  203.769899][ T5673] netlink: 87 bytes leftover after parsing attributes in process `syz.6.274'.
[  204.784191][ T5678] loop0: detected capacity change from 0 to 1024
[  206.007433][ T5678] EXT4-fs (loop0): bad geometry: bigalloc file system with non-zero first_data_block
[  206.007433][ T5678] 
[  206.247607][ T4342] usb 2-1: new high-speed USB device number 10 using dummy_hcd
[  206.392485][ T5694] netlink: 67 bytes leftover after parsing attributes in process `syz.0.279'.
[  206.802337][ T4230] Bluetooth: hci3: Frame reassembly failed (-84)
[  206.813962][ T4345] Bluetooth: hci3: Frame reassembly failed (-84)
[  206.827123][ T4345] Bluetooth: hci3: Frame reassembly failed (-84)
[  206.866343][ T4872] usb 1-1: new high-speed USB device number 11 using dummy_hcd
[  207.027112][ T4342] usb 2-1: unable to get BOS descriptor or descriptor too short
[  207.156173][ T4342] usb 2-1: config 1 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 18
[  207.326138][ T4872] usb 1-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  207.538358][ T4342] usb 2-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[  207.560086][ T4872] usb 1-1: config 1 has 1 interface, different from the descriptor's value: 3
[  207.575801][ T4342] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=1
[  207.590905][ T4342] usb 2-1: SerialNumber: syz
[  207.700189][ T4872] usb 1-1: New USB device found, idVendor=08b7, idProduct=0000, bcdDevice= 0.00
[  207.722589][ T4872] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3
[  207.731169][ T4872] usb 1-1: SerialNumber: syz
[  207.834744][ T5714] loop6: detected capacity change from 0 to 16
[  207.881740][ T5714] erofs: (device loop6): mounted with root inode @ nid 36.
[  208.067301][ T4872] usb 1-1: 0:2 : does not exist
[  208.584063][ T4872] usb 1-1: USB disconnect, device number 11
[  208.650954][ T4342] cdc_ether: probe of 2-1:1.0 failed with error -71
[  208.706531][ T4342] usb 2-1: USB disconnect, device number 10
[  208.961352][   T21] Bluetooth: hci5: command 0x0405 tx timeout
[  208.969899][   T21] Bluetooth: hci3: command 0x1003 tx timeout
[  209.151770][ T4200] Bluetooth: hci3: sending frame failed (-49)
[  209.207462][ T5016] udevd[5016]: error opening ATTR{/sys/devices/platform/dummy_hcd.0/usb1/1-1/1-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  210.627125][ T5720] loop1: detected capacity change from 0 to 40427
[  210.731340][ T5720] F2FS-fs (loop1): Invalid log_blocksize (268), supports only 12
[  210.771468][ T5720] F2FS-fs (loop1): Can't find valid F2FS filesystem in 1th superblock
[  210.830937][ T5756] loop6: detected capacity change from 0 to 512
[  210.848907][ T5720] F2FS-fs (loop1): invalid crc value
[  210.879813][ T5720] F2FS-fs (loop1): Found nat_bits in checkpoint
[  210.910410][ T5756] EXT4-fs (loop6): Ignoring removed nobh option
[  210.944722][ T5756] EXT4-fs (loop6): Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE
[  211.010945][ T5756] EXT4-fs warning (device loop6): ext4_xattr_inode_get:492: inode #11: comm syz.6.295: ea_inode file size=0 entry size=6
[  211.173305][ T5756] EXT4-fs warning (device loop6): ext4_expand_extra_isize_ea:2807: Unable to expand inode 15. Delete some EAs or run e2fsck.
[  211.238906][ T5756] EXT4-fs error (device loop6): ext4_xattr_inode_iget:401: inode #11: comm syz.6.295: iget: bad extra_isize 90 (inode size 256)
[  211.253747][ T5720] F2FS-fs (loop1): Try to recover 1th superblock, ret: 0
[  211.272321][ T5720] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e5
[  211.334856][ T5756] EXT4-fs error (device loop6): ext4_xattr_inode_iget:406: comm syz.6.295: error while reading EA inode 11 err=-117
[  211.373790][ T4342] Bluetooth: hci3: command 0x1001 tx timeout
[  211.380802][ T4200] Bluetooth: hci3: sending frame failed (-49)
[  211.421958][ T5756] EXT4-fs (loop6): 1 orphan inode deleted
[  211.427766][ T5756] EXT4-fs (loop6): mounted filesystem without journal. Opts: data_err=ignore,dioread_nolock,debug_want_extra_isize=0x000000000000005a,grpquota,nombcache,nolazytime,nobh,,errors=continue. Quota mode: writeback.
[  211.547192][ T4345] F2FS-fs (loop1): f2fs_check_nid_range: out-of-range nid=1, run fsck to fix.
[  211.568389][ T4345] F2FS-fs (loop1): f2fs_check_nid_range: out-of-range nid=2, run fsck to fix.
[  212.417229][ T5791] loop1: detected capacity change from 0 to 16
[  212.595751][ T5791] erofs: (device loop1): mounted with root inode @ nid 36.
[  213.429662][ T5794] loop1: detected capacity change from 0 to 512
[  213.532756][ T5794] EXT4-fs (loop1): Ignoring removed nobh option
[  213.545163][ T5794] EXT4-fs (loop1): Ignoring removed orlov option
[  213.581307][ T5794] EXT4-fs error (device loop1): __ext4_iget:4919: inode #11: block 1: comm syz.1.298: invalid block
[  213.592550][ T4872] Bluetooth: hci3: command 0x1009 tx timeout
[  213.675281][ T5794] EXT4-fs error (device loop1): ext4_orphan_get:1411: comm syz.1.298: couldn't read orphan inode 11 (err -117)
[  213.725557][ T5794] EXT4-fs (loop1): mounted filesystem without journal. Opts: nouid32,nobh,max_dir_size_kb=0x0000000000000008,debug_want_extra_isize=0x0000000000000080,nogrpid,sysvgroups,orlov,grpquota,noauto_da_alloc,,errors=continue. Quota mode: writeback.
[  213.808041][ T5794] EXT4-fs error (device loop1): ext4_mb_generate_buddy:1176: group 0, block bitmap and bg descriptor inconsistent: 216 vs 220 free clusters
[  213.995853][ T5778] loop6: detected capacity change from 0 to 40427
[  214.060393][ T5778] F2FS-fs (loop6): Invalid log_blocksize (268), supports only 12
[  214.098352][ T5778] F2FS-fs (loop6): Can't find valid F2FS filesystem in 1th superblock
[  214.176479][ T5778] F2FS-fs (loop6): invalid crc value
[  214.187700][ T5816] loop3: detected capacity change from 0 to 256
[  214.327361][ T5778] F2FS-fs (loop6): Found nat_bits in checkpoint
[  215.226520][ T5816] exFAT-fs (loop3): failed to load upcase table (idx : 0x00010000, chksum : 0x246f1341, utbl_chksum : 0xe619d30d)
[  215.802295][ T5840] loop3: detected capacity change from 0 to 4096
[  215.890297][ T5840] EXT4-fs (loop3): inline encryption not supported
[  215.931149][ T5840] EXT4-fs (loop3): Test dummy encryption mode enabled
[  215.976358][ T5840] [EXT4 FS bs=4096, gc=1, bpg=524288, ipg=32, mo=a842c018, mo2=0003]
[  215.999224][ T5840] System zones: 0-5
[  216.052060][ T5840] EXT4-fs (loop3): mounted filesystem without journal. Opts: debug,delalloc,inlinecrypt,test_dummy_encryption,errors=continue,errors=continue,delalloc,barrier,,errors=continue. Quota mode: writeback.
[  216.710925][ T5877] overlayfs: missing 'workdir'
[  217.771699][ T5886] loop6: detected capacity change from 0 to 16
[  217.805658][ T5888] xt_hashlimit: size too large, truncated to 1048576
[  218.031216][ T5886] erofs: (device loop6): mounted with root inode @ nid 36.
[  218.296980][ T5886] attempt to access beyond end of device
[  218.296980][ T5886] loop6: rw=524288, want=1342177304, limit=16
[  218.432567][ T5886] attempt to access beyond end of device
[  218.432567][ T5886] loop6: rw=0, want=1342177280, limit=16
[  218.504074][   T26] audit: type=1800 audit(1777948655.976:58): pid=5886 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.6.317" name="file1" dev="loop6" ino=86 res=0 errno=0
[  218.855149][ T5906] loop5: detected capacity change from 0 to 128
[  218.861953][ T4300] usb 2-1: new high-speed USB device number 11 using dummy_hcd
[  219.016993][ T5906] EXT4-fs (loop5): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none.
[  219.086796][ T5906] ext4 filesystem being mounted at /33/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  219.166295][ T4300] usb 2-1: Using ep0 maxpacket: 32
[  219.229965][   T26] audit: type=1800 audit(1777948656.640:59): pid=5906 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.5.322" name="file1" dev="loop5" ino=12 res=0 errno=0
[  220.064293][    T7] hid-generic 0006:0004:0009.0006: unknown main item tag 0x0
[  220.098787][    T7] hid-generic 0006:0004:0009.0006: unknown main item tag 0x0
[  220.141113][    T7] hid-generic 0006:0004:0009.0006: unknown main item tag 0x0
[  220.182319][    T7] hid-generic 0006:0004:0009.0006: unknown main item tag 0x0
[  220.221127][    T7] hid-generic 0006:0004:0009.0006: unexpected long global item
[  220.269932][    T7] hid-generic: probe of 0006:0004:0009.0006 failed with error -22
[  221.410716][ T5939] loop0: detected capacity change from 0 to 512
[  221.442312][ T4300] usb 2-1: config 0 has an invalid interface number: 196 but max is 0
[  221.500583][ T4300] usb 2-1: config 0 has no interface number 0
[  221.509356][ T5939] EXT4-fs (loop0): Unrecognized mount option "func=KEXEC_KERNEL_CHECK" or missing value
[  221.558883][ T4300] usb 2-1: config 0 interface 196 altsetting 1 bulk endpoint 0x2 has invalid maxpacket 528
[  221.642744][ T4300] usb 2-1: config 0 interface 196 altsetting 1 endpoint 0x82 has invalid wMaxPacketSize 0
[  221.702501][ T4300] usb 2-1: config 0 interface 196 altsetting 1 bulk endpoint 0x82 has invalid maxpacket 0
[  221.736515][ T4300] usb 2-1: config 0 interface 196 has no altsetting 0
[  221.795054][ T4300] usb 2-1: string descriptor 0 read error: -71
[  221.804833][ T4300] usb 2-1: New USB device found, idVendor=05ac, idProduct=7700, bcdDevice=eb.3a
[  221.822181][ T4300] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  221.852974][ T4300] usb 2-1: config 0 descriptor??
[  221.876703][ T5951] loop1: detected capacity change from 0 to 128
[  221.891374][ T4300] usb 2-1: can't set config #0, error -71
[  221.922110][ T4300] usb 2-1: USB disconnect, device number 11
[  222.124847][ T5953] loop5: detected capacity change from 0 to 512
[  223.130318][    T0] NOHZ tick-stop error: Non-RCU local softirq work is pending, handler #82!!!
[  223.151688][    T0] NOHZ tick-stop error: Non-RCU local softirq work is pending, handler #182!!!
[  223.162377][    T0] NOHZ tick-stop error: Non-RCU local softirq work is pending, handler #182!!!
[  223.173058][    T0] NOHZ tick-stop error: Non-RCU local softirq work is pending, handler #182!!!
[  223.183748][    T0] NOHZ tick-stop error: Non-RCU local softirq work is pending, handler #182!!!
[  223.194439][    T0] NOHZ tick-stop error: Non-RCU local softirq work is pending, handler #182!!!
[  223.205120][    T0] NOHZ tick-stop error: Non-RCU local softirq work is pending, handler #182!!!
[  223.215804][    T0] NOHZ tick-stop error: Non-RCU local softirq work is pending, handler #182!!!
[  223.226481][    T0] NOHZ tick-stop error: Non-RCU local softirq work is pending, handler #182!!!
[  223.457796][ T5953] EXT4-fs error (device loop5): ext4_validate_block_bitmap:438: comm syz.5.328: bg 0: block 473: padding at end of block bitmap is not set
[  223.563829][ T5953] EXT4-fs error (device loop5) in ext4_mb_clear_bb:6191: Corrupt filesystem
[  223.624922][ T5953] EXT4-fs (loop5): 1 orphan inode deleted
[  223.668732][ T5953] EXT4-fs (loop5): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback.
[  223.806524][ T5968] xt_CONNSECMARK: invalid mode: 66
[  223.855530][ T5953] ext4 filesystem being mounted at /35/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  229.203755][ T6033] loop3: detected capacity change from 0 to 7
[  229.270424][    C1] blk_update_request: I/O error, dev loop3, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[  229.281880][    C1] Buffer I/O error on dev loop3, logical block 0, async page read
[  229.347112][    C1] blk_update_request: I/O error, dev loop3, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[  229.358122][    C1] Buffer I/O error on dev loop3, logical block 0, async page read
[  229.462887][    C1] blk_update_request: I/O error, dev loop3, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[  229.473979][    C1] Buffer I/O error on dev loop3, logical block 0, async page read
[  229.554105][    C1] blk_update_request: I/O error, dev loop3, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[  229.565099][    C1] Buffer I/O error on dev loop3, logical block 0, async page read
[  229.627606][    C1] blk_update_request: I/O error, dev loop3, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[  229.638602][    C1] Buffer I/O error on dev loop3, logical block 0, async page read
[  229.711095][    C1] blk_update_request: I/O error, dev loop3, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[  229.722285][    C1] Buffer I/O error on dev loop3, logical block 0, async page read
[  229.815782][    C1] blk_update_request: I/O error, dev loop3, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[  229.827133][    C1] Buffer I/O error on dev loop3, logical block 0, async page read
[  229.841547][ T5016] ldm_validate_partition_table(): Disk read failed.
[  229.921867][ T6042] loop6: detected capacity change from 0 to 16
[  229.940547][    C1] blk_update_request: I/O error, dev loop3, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[  229.951811][    C1] Buffer I/O error on dev loop3, logical block 0, async page read
[  229.979942][    C0] blk_update_request: I/O error, dev loop3, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[  229.991235][    C0] Buffer I/O error on dev loop3, logical block 0, async page read
[  230.000560][    C1] blk_update_request: I/O error, dev loop3, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[  230.011518][    C1] Buffer I/O error on dev loop3, logical block 0, async page read
[  230.039225][ T5016] Dev loop3: unable to read RDB block 0
[  230.049533][ T5016]  loop3: unable to read partition table
[  230.065843][ T5016] loop3: partition table beyond EOD, truncated
[  230.079194][ T6033] ldm_validate_partition_table(): Disk read failed.
[  230.087950][ T6042] erofs: (device loop6): mounted with root inode @ nid 36.
[  230.114941][ T6033] Dev loop3: unable to read RDB block 0
[  230.130826][ T6033]  loop3: unable to read partition table
[  230.136676][ T6033] loop3: partition table beyond EOD, truncated
[  230.173209][ T6033] loop_reread_partitions: partition scan of loop3 (úùƒå¡™‰ü�¾CêjÌ–ã¢P=ý?ã}X‹ºÐ	œëÜ%õÖ�˜Èµ4FLQkÝŠ5) failed (rc=-5)
[  230.182800][ T6036] ldm_validate_partition_table(): Disk read failed.
[  230.257213][ T6036] Dev loop3: unable to read RDB block 0
[  230.531005][ T6036]  loop3: unable to read partition table
[  231.314722][   T26] audit: type=1326 audit(1777948667.346:60): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6055 comm="syz.5.345" exe="/root/ci2-linux-5-15-kasan/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1230527dd9 code=0x7ffc0000
[  231.537441][ T6036] loop3: partition table beyond EOD, 
[  231.627660][   T26] audit: type=1326 audit(1777948667.346:61): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6055 comm="syz.5.345" exe="/root/ci2-linux-5-15-kasan/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1230527dd9 code=0x7ffc0000
[  231.732626][ T6036] truncated
[  231.873853][ T6036] loop_reread_partitions: partition scan of loop3 (úùƒå¡™‰ü�¾CêjÌ–ã¢P=ý?ã}X‹ºÐ	œëÜ%õÖ�˜Èµ4FLQkÝŠ5) failed (rc=-5)
[  231.891324][   T26] audit: type=1326 audit(1777948667.364:62): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6055 comm="syz.5.345" exe="/root/ci2-linux-5-15-kasan/syz-executor" sig=0 arch=c000003e syscall=276 compat=0 ip=0x7f1230527dd9 code=0x7ffc0000
[  231.919958][ T3560] ldm_validate_partition_table(): Disk read failed.
[  231.960168][ T3560] Dev loop3: unable to read RDB block 0
[  231.972666][   T26] audit: type=1326 audit(1777948667.364:63): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6055 comm="syz.5.345" exe="/root/ci2-linux-5-15-kasan/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1230527dd9 code=0x7ffc0000
[  231.984738][ T3560]  loop3: unable to read partition table
[  232.053903][ T3560] loop3: partition table beyond EOD, truncated
[  232.113529][   T26] audit: type=1326 audit(1777948667.364:64): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6055 comm="syz.5.345" exe="/root/ci2-linux-5-15-kasan/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1230527dd9 code=0x7ffc0000
[  232.166065][ T6077] loop0: detected capacity change from 0 to 128
[  232.304990][   T26] audit: type=1326 audit(1777948667.364:65): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6055 comm="syz.5.345" exe="/root/ci2-linux-5-15-kasan/syz-executor" sig=0 arch=c000003e syscall=436 compat=0 ip=0x7f1230527dd9 code=0x7ffc0000
[  232.341191][ T6083] netlink: 'syz.1.350': attribute type 3 has an invalid length.
[  232.523509][   T26] audit: type=1326 audit(1777948667.364:66): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6055 comm="syz.5.345" exe="/root/ci2-linux-5-15-kasan/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1230527dd9 code=0x7ffc0000
[  232.600962][ T6077] EXT4-fs (loop0): Test dummy encryption mode enabled
[  232.638076][   T26] audit: type=1326 audit(1777948667.364:67): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6055 comm="syz.5.345" exe="/root/ci2-linux-5-15-kasan/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1230527dd9 code=0x7ffc0000
[  232.662449][ T6077] EXT4-fs (loop0): Test dummy encryption mode enabled
[  232.737937][ T6077] EXT4-fs (loop0): mounted filesystem without journal. Opts: test_dummy_encryption=v1,test_dummy_encryption=v1,,errors=continue. Quota mode: none.
[  232.869913][ T6077] ext4 filesystem being mounted at /68/mnt supports timestamps until 2038-01-19 (0x7fffffff)
[  232.923821][ T6093] loop1: detected capacity change from 0 to 1024
[  233.032802][   T26] audit: type=1800 audit(1777948669.564:68): pid=6077 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.348" name="file2" dev="loop0" ino=13 res=0 errno=0
[  233.084057][ T6093] EXT4-fs (loop1): inline encryption not supported
[  233.152618][ T6093] EXT4-fs (loop1): mounted filesystem without journal. Opts: jqfmt=vfsv1,stripe=0x0000000000000006,norecovery,noauto_da_alloc,debug_want_extra_isize=0x0000000000000080,jqfmt=vfsv1,inlinecrypt,acl,norecovery,,errors=continue. Quota mode: none.
[  233.262412][   T26] audit: type=1804 audit(1777948669.769:69): pid=6093 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz.1.353" name="/newroot/79/file1/bus" dev="loop1" ino=18 res=1 errno=0
[  233.917261][ T6118] loop0: detected capacity change from 0 to 128
[  234.271300][ T6118] EXT4-fs (loop0): mounted filesystem without journal. Opts: stripe=0x00000000000000da,,errors=continue. Quota mode: none.
[  234.436525][ T6118] ext4 filesystem being mounted at /70/mnt supports timestamps until 2038-01-19 (0x7fffffff)
[  234.667057][ T6138] i2c i2c-0: dtv_property_process_set: SET cmd 0x00000000 undefined
[  235.295692][ T6156] syz.5.366 uses obsolete (PF_INET,SOCK_PACKET)
[  235.429570][ T6164] loop3: detected capacity change from 0 to 1024
[  235.498887][ T6164] EXT4-fs (loop3): Ignoring removed mblk_io_submit option
[  235.575790][ T6164] EXT4-fs (loop3): mounted filesystem without journal. Opts: mblk_io_submit,errors=continue,noquota,delalloc,journal_dev=0x0000000000000008,grpjquota=,,errors=continue. Quota mode: none.
[  235.632414][ T6164] ext4 filesystem being mounted at /84/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  236.692088][ T4887] EXT4-fs error (device loop3): ext4_map_blocks:741: inode #15: block 3: comm kworker/u4:14: lblock 3 mapped to illegal pblock 3 (length 3)
[  236.776499][ T4887] EXT4-fs (loop3): Delayed block allocation failed for inode 15 at logical offset 3 with max blocks 3 with error 117
[  236.789049][ T4887] EXT4-fs (loop3): This should not happen!! Data will be lost
[  236.789049][ T4887] 
[  236.829511][ T4887] EXT4-fs error (device loop3): ext4_map_blocks:741: inode #15: block 8: comm kworker/u4:14: lblock 8 mapped to illegal pblock 8 (length 5)
[  236.873431][ T4887] EXT4-fs (loop3): Delayed block allocation failed for inode 15 at logical offset 8 with max blocks 5 with error 117
[  236.907878][ T4887] EXT4-fs (loop3): This should not happen!! Data will be lost
[  236.907878][ T4887] 
[  237.153166][ T6202] loop3: detected capacity change from 0 to 256
[  237.195989][ T4199] Bluetooth: hci4: Received unexpected HCI Event 00000000
[  237.205404][ T6199] KVM: KVM_SET_CPUID{,2} after KVM_RUN may cause guest instability
[  237.268243][ T6199] KVM: KVM_SET_CPUID{,2} will fail after KVM_RUN starting with Linux 5.16
[  237.340642][ T6202] FAT-fs (loop3): Directory bread(block 64) failed
[  237.409933][ T6202] FAT-fs (loop3): Directory bread(block 65) failed
[  237.497782][ T6202] FAT-fs (loop3): Directory bread(block 66) failed
[  237.508447][ T6202] FAT-fs (loop3): Directory bread(block 67) failed
[  237.537885][ T6202] FAT-fs (loop3): Directory bread(block 68) failed
[  237.544491][ T6202] FAT-fs (loop3): Directory bread(block 69) failed
[  237.621078][ T6202] FAT-fs (loop3): Directory bread(block 70) failed
[  237.640493][ T6202] FAT-fs (loop3): Directory bread(block 71) failed
[  237.651375][ T6202] FAT-fs (loop3): Directory bread(block 72) failed
[  237.676498][ T6202] FAT-fs (loop3): Directory bread(block 73) failed
[  237.723349][ T6211] loop0: detected capacity change from 0 to 4096
[  237.960460][ T6211] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback.
[  238.123195][ T6229] netlink: 8 bytes leftover after parsing attributes in process `syz.3.383'.
[  238.321545][ T6239] netlink: 'syz.6.389': attribute type 3 has an invalid length.
[  238.464851][ T4231] usb 1-1: new high-speed USB device number 12 using dummy_hcd
[  238.541571][ T6244] overlayfs: failed to clone upperpath
[  238.957829][ T4231] usb 1-1: Using ep0 maxpacket: 16
[  239.149136][ T4231] usb 1-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  239.315710][ T4231] usb 1-1: config 1 has 1 interface, different from the descriptor's value: 3
[  239.566107][ T4231] usb 1-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[  239.588944][ T4231] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  239.624032][ T4231] usb 1-1: Product: syz
[  239.658926][ T4231] usb 1-1: Manufacturer: syz
[  239.667635][ T4231] usb 1-1: SerialNumber: syz
[  239.876035][ T6271] xt_hashlimit: size too large, truncated to 1048576
[  240.229489][ T4231] usb 1-1: 0:2 : does not exist
[  240.657825][ T4231] usb 1-1: USB disconnect, device number 12
[  240.979486][ T5016] udevd[5016]: error opening ATTR{/sys/devices/platform/dummy_hcd.0/usb1/1-1/1-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  241.898030][ T6301] 9pnet_virtio: no channels available for device syz
[  241.938055][   T23] usb 1-1: new high-speed USB device number 13 using dummy_hcd
[  242.160275][ T6306] netlink: 4 bytes leftover after parsing attributes in process `syz.6.412'.
[  242.328779][   T23] usb 1-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  242.354542][   T23] usb 1-1: config 1 has 1 interface, different from the descriptor's value: 3
[  242.479379][   T23] usb 1-1: New USB device found, idVendor=08b7, idProduct=0000, bcdDevice= 0.00
[  242.499060][   T23] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3
[  242.522017][   T23] usb 1-1: SerialNumber: syz
[  242.849111][   T23] usb 1-1: 0:2 : does not exist
[  242.887354][   T23] usb 1-1: USB disconnect, device number 13
[  242.969402][ T5016] udevd[5016]: error opening ATTR{/sys/devices/platform/dummy_hcd.0/usb1/1-1/1-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  244.279850][ T6318] netlink: 'syz.6.414': attribute type 3 has an invalid length.
[  246.661300][   T23] Bluetooth: hci5: command 0x0406 tx timeout
[  247.832041][ T4872] usb 4-1: new high-speed USB device number 10 using dummy_hcd
[  248.029074][ T4300] Bluetooth: hci4: command 0x0406 tx timeout
[  248.256012][ T4872] usb 4-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  248.287990][ T4872] usb 4-1: config 1 has 1 interface, different from the descriptor's value: 3
[  248.385382][ T4872] usb 4-1: New USB device found, idVendor=08b7, idProduct=0000, bcdDevice= 0.00
[  248.426825][ T4872] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3
[  248.465427][ T4872] usb 4-1: SerialNumber: syz
[  248.790360][ T4872] usb 4-1: 0:2 : does not exist
[  249.006229][ T4872] usb 4-1: USB disconnect, device number 10
[  250.547260][ T6382] loop1: detected capacity change from 0 to 4096
[  251.578580][ T6382] EXT4-fs (loop1): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback.
[  251.948806][ T6404] netlink: 'syz.0.439': attribute type 3 has an invalid length.
[  252.040101][ T4300] usb 2-1: new high-speed USB device number 12 using dummy_hcd
[  252.086567][ T6406] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready
[  252.099855][ T6406] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.
[  252.124620][ T4872] usb 4-1: new high-speed USB device number 11 using dummy_hcd
[  252.335104][ T4300] usb 2-1: Using ep0 maxpacket: 16
[  252.415851][ T4872] usb 4-1: Using ep0 maxpacket: 8
[  252.480161][ T4300] usb 2-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  252.502158][ T4300] usb 2-1: config 1 has 1 interface, different from the descriptor's value: 3
[  252.549495][ T4872] usb 4-1: config 179 has an invalid interface number: 65 but max is 0
[  252.567617][ T4872] usb 4-1: config 179 has no interface number 0
[  252.591140][ T4872] usb 4-1: config 179 interface 65 altsetting 0 endpoint 0xF has an invalid bInterval 0, changing to 7
[  252.642887][ T4872] usb 4-1: config 179 interface 65 altsetting 0 endpoint 0xF has invalid maxpacket 1025, setting to 1024
[  252.663759][ T4872] usb 4-1: config 179 interface 65 altsetting 0 endpoint 0x83 has invalid maxpacket 41728, setting to 1024
[  252.709621][ T4872] usb 4-1: config 179 interface 65 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 23
[  252.728636][ T4300] usb 2-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[  252.762472][ T4872] usb 4-1: New USB device found, idVendor=12ab, idProduct=90a3, bcdDevice=1e.eb
[  252.772231][ T4300] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  252.786897][ T4300] usb 2-1: Product: syz
[  252.791171][ T4872] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  252.804076][ T4300] usb 2-1: Manufacturer: syz
[  252.819053][ T4300] usb 2-1: SerialNumber: syz
[  252.944842][ T6400] raw-gadget.1 gadget: fail, usb_ep_enable returned -22
[  253.060184][ T6411] vcan0: tx drop: invalid sa for name 0x0000000000000002
[  253.255167][ T4300] usb 2-1: 0:2 : does not exist
[  253.271805][ T4872] usb 4-1: USB disconnect, device number 11
[  253.286381][    C1] xpad 4-1:179.65: xpad_irq_in - usb_submit_urb failed with result -19
[  253.295347][    C1] xpad 4-1:179.65: xpad_irq_out - usb_submit_urb failed with result -19
[  253.789614][ T4300] usb 2-1: USB disconnect, device number 12
[  254.042106][ T6425] netlink: 252 bytes leftover after parsing attributes in process `syz.1.448'.
[  254.057336][ T5016] udevd[5016]: error opening ATTR{/sys/devices/platform/dummy_hcd.1/usb2/2-1/2-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  254.453488][ T6440] netlink: 'syz.0.454': attribute type 29 has an invalid length.
[  254.504171][ T6440] netlink: 'syz.0.454': attribute type 29 has an invalid length.
[  254.541546][ T6441] netlink: 'syz.0.454': attribute type 29 has an invalid length.
[  254.678640][ T6446] netlink: 24 bytes leftover after parsing attributes in process `syz.1.455'.
[  254.729973][ T6446] loop1: detected capacity change from 0 to 512
[  254.906497][ T6446] EXT4-fs (loop1): Unrecognized mount option "obj_user=%$" or missing value
[  256.915871][ T6467] netlink: 209852 bytes leftover after parsing attributes in process `syz.0.464'.
[  256.941166][ T6467] openvswitch: netlink: ufid size 3064 bytes exceeds the range (1, 16)
[  256.949563][ T6467] openvswitch: netlink: Flow get message rejected, Key attribute missing.
[  257.141572][ T6403] ODEBUG: Out of memory. ODEBUG disabled
[  257.324454][ T6480] loop0: detected capacity change from 0 to 16
[  257.541231][ T6477] loop1: detected capacity change from 0 to 512
[  258.208403][ T6480] erofs: (device loop0): mounted with root inode @ nid 36.
[  258.541368][ T6486] netlink: 24 bytes leftover after parsing attributes in process `syz.6.469'.
[  258.948812][ T6477] EXT4-fs (loop1): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback.
[  259.206826][ T6477] ext4 filesystem being mounted at /95/bus supports timestamps until 2038-01-19 (0x7fffffff)
[  259.230786][ T6491] netlink: 121460 bytes leftover after parsing attributes in process `syz.0.470'.
[  259.260151][ T6491] netlink: 22828 bytes leftover after parsing attributes in process `syz.0.470'.
[  259.294771][ T6477] device batadv_slave_0 entered promiscuous mode
[  259.309900][ T6477] EXT4-fs error (device loop1): ext4_do_update_inode:5229: inode #2: comm syz.1.468: corrupted inode contents
[  259.323144][ T6477] EXT4-fs error (device loop1): ext4_dirty_inode:6077: inode #2: comm syz.1.468: mark_inode_dirty error
[  259.342522][ T6477] EXT4-fs error (device loop1): ext4_do_update_inode:5229: inode #2: comm syz.1.468: corrupted inode contents
[  259.362585][ T6477] EXT4-fs error (device loop1): __ext4_ext_dirty:183: inode #2: comm syz.1.468: mark_inode_dirty error
[  259.460576][ T6477] device batadv_slave_0 left promiscuous mode
[  259.748355][ T6403] Set syz1 is full, maxelem 65536 reached
[  260.183384][ T6511] netlink: 'syz.1.476': attribute type 1 has an invalid length.
[  260.256443][ T6511] 8021q: adding VLAN 0 to HW filter on device bond1
[  260.389825][ T6520] bond1: (slave ip6erspan0): making interface the new active one
[  260.441450][ T6520] bond1: (slave ip6erspan0): Enslaving as an active interface with an up link
[  260.454321][  T154] IPv6: ADDRCONF(NETDEV_CHANGE): bond1: link becomes ready
[  260.593574][ T6536] netlink: 44 bytes leftover after parsing attributes in process `syz.0.485'.
[  260.609289][ T6536] Zero length message leads to an empty skb
[  260.622395][ T6533] device batadv_slave_0 entered promiscuous mode
[  260.651351][ T6533] device batadv_slave_0 left promiscuous mode
[  261.605116][ T6544] loop0: detected capacity change from 0 to 4096
[  261.662763][ T6544] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback.
[  261.984876][ T4300] usb 1-1: new high-speed USB device number 14 using dummy_hcd
[  262.241384][ T4300] usb 1-1: Using ep0 maxpacket: 16
[  262.369789][ T4300] usb 1-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  262.390955][ T4300] usb 1-1: config 1 has 1 interface, different from the descriptor's value: 3
[  262.562800][ T4300] usb 1-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[  262.571925][ T4300] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  262.601652][ T4300] usb 1-1: Product: syz
[  262.605942][ T4300] usb 1-1: Manufacturer: syz
[  262.610552][ T4300] usb 1-1: SerialNumber: syz
[  262.968132][ T4300] usb 1-1: 0:2 : does not exist
[  263.005067][ T4300] usb 1-1: USB disconnect, device number 14
[  263.549151][ T6576] device syzkaller0 entered promiscuous mode
[  263.658723][ T6528] nci: __nci_request: wait_for_completion_interruptible_timeout failed -512
[  264.246855][ T6599] loop3: detected capacity change from 0 to 1024
[  264.592612][ T6599] EXT4-fs (loop3): mounted filesystem without journal. Opts: nouid32,nodioread_nolock,noquota,jqfmt=vfsv1,journal_dev=0x0000000000000009,commit=0x0000000000000000,,errors=continue. Quota mode: none.
[  264.612729][ T6599] ext4 filesystem being mounted at /106/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  264.706220][ T6599] EXT4-fs error (device loop3): ext4_validate_block_bitmap:438: comm syz.3.503: bg 0: block 112: padding at end of block bitmap is not set
[  264.727361][ T6599] EXT4-fs (loop3): Delayed block allocation failed for inode 15 at logical offset 21 with max blocks 44 with error 28
[  264.740739][ T6599] EXT4-fs (loop3): This should not happen!! Data will be lost
[  264.740739][ T6599] 
[  264.750704][ T6599] EXT4-fs (loop3): Total free blocks count 0
[  264.756786][ T6599] EXT4-fs (loop3): Free/Dirty block details
[  264.762834][ T6599] EXT4-fs (loop3): free_blocks=0
[  264.767965][ T6599] EXT4-fs (loop3): dirty_blocks=64
[  264.773196][ T6599] EXT4-fs (loop3): Block reservation details
[  264.779250][ T6599] EXT4-fs (loop3): i_reserved_data_blocks=4
[  265.542951][ T6620] netlink: 149 bytes leftover after parsing attributes in process `syz.5.513'.
[  266.322294][ T6628] netlink: 8 bytes leftover after parsing attributes in process `syz.5.515'.
[  266.914340][ T6648] loop3: detected capacity change from 0 to 512
[  267.211535][ T6645] netlink: 24 bytes leftover after parsing attributes in process `syz.1.522'.
[  267.233658][ T6645] loop1: detected capacity change from 0 to 512
[  267.354137][ T6645] EXT4-fs (loop1): Unrecognized mount option "obj_user=%$" or missing value
[  267.628813][ T4200] ------------[ cut here ]------------
[  267.635182][ T1430] ieee802154 phy0 wpan0: encryption failed: -22
[  267.670246][ T1430] ieee802154 phy1 wpan1: encryption failed: -22
[  267.701900][ T4200] WARNING: CPU: 0 PID: 4200 at net/bluetooth/hci_conn.c:443 hci_conn_timeout+0x24f/0x450
[  267.711959][ T4200] Modules linked in:
[  267.715993][ T4200] CPU: 0 PID: 4200 Comm: kworker/u5:5 Not tainted syzkaller #0
[  267.732678][ T4200] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026
[  267.743716][ T4200] Workqueue: hci5 hci_conn_timeout
[  267.753480][ T4200] RIP: 0010:hci_conn_timeout+0x24f/0x450
[  267.759341][ T4200] Code: 89 8d e8 a4 61 e2 f8 48 8b 35 95 fe ad 04 bf 08 00 00 00 48 89 da 5b 41 5c 41 5d 41 5e 41 5f 5d e9 d6 0a 72 f8 e8 b1 42 9d f8 <0f> 0b e9 35 fe ff ff 44 89 f9 80 e1 07 80 c1 03 38 c1 0f 8c dd fd
[  267.779840][ T4200] RSP: 0000:ffffc90002f5fc08 EFLAGS: 00010293
[  267.786009][ T4200] RAX: ffffffff88dbf1df RBX: ffff8880776dc138 RCX: ffff888075ab5940
[  267.794263][ T4200] RDX: 0000000000000000 RSI: 00000000ffffffff RDI: 0000000000000000
[  267.802406][ T4200] RBP: 00000000ffffffff R08: ffff8880776dc013 R09: 1ffff1100eedb802
[  267.810606][ T4200] R10: dffffc0000000000 R11: ffffed100eedb803 R12: dffffc0000000000
[  267.818623][ T4200] R13: dffffc0000000000 R14: ffff8880776dc000 R15: ffff8880776dc010
[  267.826863][ T4200] FS:  0000000000000000(0000) GS:ffff8880b9000000(0000) knlGS:0000000000000000
[  267.835876][ T4200] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  267.842640][ T4200] CR2: 00007f12307752f8 CR3: 0000000062ec4000 CR4: 00000000003506f0
[  267.850649][ T4200] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[  267.858798][ T4200] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[  267.867052][ T4200] Call Trace:
[  267.870389][ T4200]  <TASK>
[  267.873443][ T4200]  process_one_work+0x85f/0x1010
[  267.878433][ T4200]  ? worker_detach_from_pool+0x240/0x240
[  267.884153][ T4200]  ? lockdep_hardirqs_off+0x70/0x100
[  267.889512][ T4200]  ? _raw_spin_lock_irq+0xb7/0xf0
[  267.897418][ T4200]  ? _raw_spin_lock_irqsave+0x100/0x100
[  267.903123][ T4200]  ? wq_worker_running+0x97/0x170
[  267.908265][ T4200]  worker_thread+0xaa6/0x1290
[  267.913021][ T4200]  kthread+0x436/0x520
[  267.919745][ T4200]  ? rcu_lock_release+0x20/0x20
[  267.924635][ T4200]  ? kthread_blkcg+0xd0/0xd0
[  267.929371][ T4200]  ret_from_fork+0x1f/0x30
[  267.934126][ T4200]  </TASK>
[  267.937243][ T4200] Kernel panic - not syncing: kernel: panic_on_warn set ...
[  267.944575][ T4200] CPU: 0 PID: 4200 Comm: kworker/u5:5 Not tainted syzkaller #0
[  267.952159][ T4200] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026
[  267.962255][ T4200] Workqueue: hci5 hci_conn_timeout
[  267.967502][ T4200] Call Trace:
[  267.970812][ T4200]  <TASK>
[  267.973771][ T4200]  dump_stack_lvl+0x188/0x250
[  267.978482][ T4200]  ? show_regs_print_info+0x20/0x20
[  267.983802][ T4200]  ? load_image+0x400/0x400
[  267.988353][ T4200]  panic+0x2e5/0x810
[  267.992296][ T4200]  ? bpf_jit_dump+0xd0/0xd0
[  267.996844][ T4200]  ? ret_from_fork+0x1f/0x30
[  268.001468][ T4200]  ? hci_conn_timeout+0x24f/0x450
[  268.006525][ T4200]  __warn+0x248/0x2b0
[  268.010532][ T4200]  ? hci_conn_timeout+0x24f/0x450
[  268.015588][ T4200]  report_bug+0x1b7/0x2e0
[  268.019959][ T4200]  handle_bug+0x3a/0x70
[  268.024143][ T4200]  exc_invalid_op+0x16/0x40
[  268.028682][ T4200]  asm_exc_invalid_op+0x16/0x20
[  268.033561][ T4200] RIP: 0010:hci_conn_timeout+0x24f/0x450
[  268.039228][ T4200] Code: 89 8d e8 a4 61 e2 f8 48 8b 35 95 fe ad 04 bf 08 00 00 00 48 89 da 5b 41 5c 41 5d 41 5e 41 5f 5d e9 d6 0a 72 f8 e8 b1 42 9d f8 <0f> 0b e9 35 fe ff ff 44 89 f9 80 e1 07 80 c1 03 38 c1 0f 8c dd fd
[  268.058876][ T4200] RSP: 0000:ffffc90002f5fc08 EFLAGS: 00010293
[  268.065030][ T4200] RAX: ffffffff88dbf1df RBX: ffff8880776dc138 RCX: ffff888075ab5940
[  268.073136][ T4200] RDX: 0000000000000000 RSI: 00000000ffffffff RDI: 0000000000000000
[  268.081141][ T4200] RBP: 00000000ffffffff R08: ffff8880776dc013 R09: 1ffff1100eedb802
[  268.089226][ T4200] R10: dffffc0000000000 R11: ffffed100eedb803 R12: dffffc0000000000
[  268.097217][ T4200] R13: dffffc0000000000 R14: ffff8880776dc000 R15: ffff8880776dc010
[  268.105214][ T4200]  ? hci_conn_timeout+0x24f/0x450
[  268.110267][ T4200]  ? hci_conn_timeout+0x24f/0x450
[  268.115315][ T4200]  process_one_work+0x85f/0x1010
[  268.120349][ T4200]  ? worker_detach_from_pool+0x240/0x240
[  268.125992][ T4200]  ? lockdep_hardirqs_off+0x70/0x100
[  268.131369][ T4200]  ? _raw_spin_lock_irq+0xb7/0xf0
[  268.136387][ T4200]  ? _raw_spin_lock_irqsave+0x100/0x100
[  268.142130][ T4200]  ? wq_worker_running+0x97/0x170
[  268.147242][ T4200]  worker_thread+0xaa6/0x1290
[  268.151962][ T4200]  kthread+0x436/0x520
[  268.156037][ T4200]  ? rcu_lock_release+0x20/0x20
[  268.160896][ T4200]  ? kthread_blkcg+0xd0/0xd0
[  268.165492][ T4200]  ret_from_fork+0x1f/0x30
[  268.169935][ T4200]  </TASK>
[  268.173051][ T4200] Kernel Offset: disabled
[  268.177620][ T4200] Rebooting in 86400 seconds..