last executing test programs:

2m28.066941612s ago: executing program 1 (id=41):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setaffinity(0x0, 0x0, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e)
keyctl$setperm(0x5, 0x0, 0x20000)
sendmmsg$unix(r1, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
getpriority(0x2, 0x0)

2m22.257934232s ago: executing program 1 (id=55):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000280)=0x8)
syz_emit_ethernet(0x2e7, &(0x7f0000000b00)={@link_local, @multicast, @void, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, "0300", 0x2b1, 0x3a, 0xff, @remote, @mcast2, {[], @ndisc_ra={0x86, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, [{0x0, 0xa, "a78ce54006598080a8030003004023493b87aafaffffffffffffff23732472eefa45ad96579269748e254c1e4a8a8b3f0ab0c430d3be27df3e34066d42ca0a5c15b37adac15084dbaf736b41e5af0502"}, {0x0, 0x1, "000007000000000000000400"}, {0x0, 0x18, "fe906d26efe39393fe08f73eabc5977b1190a3a6ad8338f1511cdd10c35d8f6de79fc7fd175f75649fa368a32c829af02d7f44d92324a7051e460a13ddde25a5b85b9d930914625d8a049b4cf0d129806a610ad8477a2499a9a0527f75b655a6653d0363a979acf93f88eea07d68423e90280409de1657275f716a2bf2915d1783e8eb477b0d1170f0ecbdef4c23e1b76e9ab3d2fbe4b34438d2a77577edd0ebed9682b851b380ae0cab282af9d7ebe668177704c5fd4698c934de4731f3f61effc978"}, {0x0, 0x1d, "06aa85616177c61bc943afcb84619755403946b0730a18d5c38cf7dcad830f2dc8674b87ba8b58f81ece27975cc39e595e9af90b4fe92a38d25551c2d9ebfc5dfc5a2a501b7e483de3f808895c5f4a1a2367bc591dd8b094822ff0dea07c9a1f643c822a18b79f7c5eba31fb68b2d734a6671e27182aee4df24a4a5cf390dab23b500b0c0272479611e4f7f4299ec4d926d443367b105185e6ecd9602ba95392343e9bbd047ef6bc1ba42399907ccd0a562db212baa39eb8164e240069f656d3a05fecf894222a141123f5ac010000000000000090aa235a670670ffc5dc49dfb58d000000000000"}, {0x0, 0xb, "17dcea46805d4809c20547406b18901b0aeff04c0300f3c75dc2d227a83b89483b1084743475671545e65eb2e9ac946a3f0e2bc4619f91394c02bcfbbb7d71138537d68e2d2c6393a9f3becd1a9f51a948b5b303f4f003"}, {0x19, 0x7, "b8a3e10000a3e1030000000900fec0ffff00000000600000ff0bc0fe000000000000000000000000d9a0274400"/55}]}}}}}}, 0x0)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
mmap(&(0x7f0000000000/0xa000)=nil, 0xa000, 0x2, 0x2172, 0xffffffffffffffff, 0x0)
sched_setscheduler(r0, 0x2, &(0x7f0000000180)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r3 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="1b00000000000000000000000080"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018120000", @ANYRES32=r3, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000f6000017850000004300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
r4 = bpf$PROG_LOAD(0x5, &(0x7f0000000980)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x3, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='sched_switch\x00', r4}, 0x10)
mkdirat(0xffffffffffffff9c, &(0x7f00000002c0)='./file0\x00', 0x0)
pipe2$9p(&(0x7f0000000240)={<r5=>0xffffffffffffffff, <r6=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r6, &(0x7f0000000080)=ANY=[@ANYBLOB="1500000065ffff097b00000800395032303030"], 0x15)
r7 = dup(r6)
write$FUSE_BMAP(r7, 0x0, 0x0)
r8 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
r9 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x7, &(0x7f0000000540)=ANY=[@ANYBLOB="18000000000000000000", @ANYRES32=r8], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000280)={&(0x7f0000000040)='kmem_cache_free\x00', r9}, 0x10)
write$FUSE_NOTIFY_RETRIEVE(r7, &(0x7f00000000c0)={0x14c}, 0x137)
mount$9p_fd(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f0000000b80), 0x0, &(0x7f0000000340)={'trans=fd,', {'rfdno', 0x3d, r5}, 0x2c, {'wfdno', 0x3d, r7}})
socket$pppl2tp(0x18, 0x1, 0x1)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x40, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
r10 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0xd, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000f40)={&(0x7f0000000f00)='kfree\x00', r10}, 0x10)

2m21.235926728s ago: executing program 1 (id=58):
r0 = socket$key(0xf, 0x3, 0x2)
gettid()
timer_create(0x0, 0x0, &(0x7f0000bbdffc)=<r1=>0x0)
pipe(&(0x7f0000000080)={0xffffffffffffffff, <r2=>0xffffffffffffffff})
splice(r0, 0x0, r2, 0x0, 0xf2a, 0x0)
timer_settime(r1, 0x1, &(0x7f0000000340)={{0x0, 0x989680}, {0x0, 0x3938700}}, 0x0)

2m17.656562313s ago: executing program 1 (id=68):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0xb, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="18000000000000000000000000000000181100", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, '\x00', 0x0, @fallback=0x16, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000001c0)={0x3, 0xc, &(0x7f00000003c0)=ANY=[@ANYBLOB="18020000000000000000000000000000850000002e000000180100002020692500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b70300000000000085000000d000000095"], &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
r2 = socket(0x10, 0x3, 0x0)
write(r2, &(0x7f0000000000), 0x0)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000540)={r1, 0x0, 0xe, 0x0, &(0x7f0000000000)="77844923fbde9d724bbda199f4d6", 0x0, 0x8000, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50)
r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
sendmsg$can_raw(0xffffffffffffffff, 0x0, 0x40000c0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f0000000000)='./bus\x00', 0x4006, &(0x7f00000001c0)={[{@i_version}, {@nombcache}, {@debug_want_extra_isize={'debug_want_extra_isize', 0x3d, 0x68}}, {@lazytime}, {@block_validity}, {@quota}]}, 0x1, 0x443, &(0x7f0000001040)="$eJzs28tvG8UfAPDvrpP019cvpiqPPoBAQVQ8kiYtpQcuIJA4gIQEh3IMSVqVug1qgkSrCgJC5YgqcUcckfgLOMEFASckrsAZVapQLi2cjNbebRzXdpNg1yH+fKRNZnbHmfl6duzZnWwAA2ss+5FE7IqIXyNitJ5dXWCs/uvm8uWZv5YvzyRRrb7xZ1Ird2P58kxRtHjdziIzFJF+ksSBFvUuXLx0drpSmbuQ5ycWz707sXDx0jNnzk2fnjs9d37qxIljRyefOz71bFfizOK6sf+D+YP7Xnnr6mszJ6++/ePXSRF/UxxdMtbp4OPVaper66/dDelkqI8NYV1K9WEaw7XxPxqlWOm80Xj54742DuiparVava/94aUqsIUl0e8WAP1RfNFn17/FdpemHpvC9RfqF0BZ3DfzrX5kKNK8zHDT9W03jUXEyaW/v8i2aL4Psb1HlQIAA+3bbP7zdKv5XxqN94X+n6+hlCPinojYExHHI2JvRNwbUSt7f0Q8sM76mxdJbp9/ptc2FNgaZfO/5/O1rdXzv2L2F+VSnttdi384OXWmMnckf08Ox/C2LD/ZoY7vXvrls3bHGud/2ZbVX8wF83ZcG9q2+jWz04vT/ybmRtc/itg/1Cr+5NZKQBIR+yJi/wbrOPPkVwfbHWsT/8ia/nAX1pmqX0Y8Ue//pWiKv5B0Xp+c+F9U5o5MFGfF7X76+crr7eq/c//3Vtb/O1qe/0X8v5eTxvXahfXXceW3T9teU270/B9J3ly17/3pxcULkxEjyau1fLlx/1RTuamV8ln8hw+1Hv97YuWdOBAR2Un8YEQ8FBEP521/JCIejYhDHeL/4cXH3tl4/L2VxT/bsf+jqf9XEiPRvKd1onT2+29WVVpeT/xZ/x+rpQ7ne9by+beWdm3sbAYAAID/njQidkWSjt9Kp+n4eP1/+PfGjrQyv7D41Kn5987P1p8RKMdwWtzpGm24HzqZX9YX+amm/NH8vvHnpe21/PjMfGW238HDgNvZZvxn/ij1u3VAz3leCwaX8Q+Dy/iHwWX8w+BqMf49egYDotX3/4d9aAdw9zWN/47LfiYGsLW4/ofBZfzD4DL+YSAtbI87PyS/NRJpRGyCZmyVRKSbohkSPUr0+5MJAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACgO/4JAAD//5025W8=")
open(&(0x7f0000000040)='.\x00', 0x0, 0x28)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={0x0, r3}, 0x18)
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)

2m16.782238347s ago: executing program 1 (id=72):
r0 = socket$inet(0x2, 0x3, 0x8)
setsockopt$inet_opts(r0, 0x0, 0x4, &(0x7f0000000080)="441f0803000000e8c94ef56491ee54be0e1c2074ed27", 0x16)

2m14.737451808s ago: executing program 1 (id=79):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000380)={0x11, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="1801000000000000000000000000ea04850000005000000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x80)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000140)={&(0x7f0000000040)='sched_switch\x00', r0}, 0x10)
r1 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
syz_mount_image$vfat(&(0x7f0000000280), &(0x7f0000000240)='./file0\x00', 0x18000, &(0x7f0000002f40)=ANY=[@ANYRES8=0x0, @ANYRES64, @ANYRES16=0x0, @ANYRESDEC, @ANYRES32, @ANYRES32], 0x1, 0x2ee, &(0x7f00000006c0)="$eJzs3M9PE1sUwPHTH5S2BMri5b28l7xwoxvdTKC6VhoDibGJBKnxR2IywFSbji2ZaTA1RnTl1vhHuCAs2ZEo/wAbd7px446NiQtZGMd0OkNpGUBKaRG+n4TMYe49nXtnBnLuhGHzzuvHxbyt5fWKhONKQiIiWyLDEhZfyNuG3TgmO72QiwPfPv5/6+69G5lsdmJaqcnMzKW0Umpo5N2TZwmv21q/bAw/2Pya/rLx98a/mz9nHhVsVbBVqVxRupotf67os6ah5gt2UVNqyjR021CFkm1Y9fZyvT1vlhcWqkovzQ8mFyzDtpVeqqqiUVWVsqpYVRV5qBdKStM0NZgUHCS3PD2tZ9pMnuvwYHBMLCujR0Qksaslt9yTAQEAgJ5qrf/DojpZ/6+cW68M3F4d8ur/tVhQ/X/5U/2zmur/uIgE1v/+8QPrf/1w9f/uiuhsOVL9j5NhJLZrV6gR1hqtjJ70fn5dL++vjLoB9T8AAAAAAAAAAAAAAAAAAAAAAH+CLcdJOY6T8rf+V7+IxEXE/z4gNSIiV3swZHTQEa4/ToHGi3vRIRHz1WJuMVffeh3WRcQUQ0YlJT/c+8FTi/03j1TNsLw3l7z8pcVcxG3J5KXg5o9Jqk9a8x1n8np2YkzVNef3SXJnflpS8ldwfjowPyYXzu/I1yQlH+akLKbMu+No5D8fU+razWxLfsLtBwAAAADAaaCpbYHrd03bq72ev72+bn0+EGmsr0cD1+dR+S/a27kDAAAAAHBW2NWnRd00DWufICEH92k/iB7TJ/sz/N0s/28Zjm+m+wT+wZua4t7Ojp+W0CFOyx5BWNrJGqnNRh11Fv5jo736yNR4965g0zD+efP2e+cOcWU1fsBM2w8i+98AfV37BQQAAACgaxpFv79nvLcDAgAAAAAAAAAAAAAAAAAAAAAAAAAAAADgDOrGv0nr9RwBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACAk+JXAAAA//+qDgR1")
prlimit64(0x0, 0xe, &(0x7f0000000240)={0x8, 0x248}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r2 = getpid()
sched_setaffinity(0x0, 0x1, &(0x7f00000002c0)=0x2)
sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0xffffe000)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000001c0)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f00000004c0)=@abs={0x0, 0x0, 0x4e21}, 0x6e)
accept4$unix(r4, &(0x7f0000000340)=@abs, 0x0, 0x0)
sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r3, &(0x7f00000000c0), 0x3fffffffffffeda, 0x2, 0x0)
r5 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x3, &(0x7f0000000540)=ANY=[@ANYBLOB="2478aaaa3e09595610fa7826dc19b99b1ac33546f6a16b27c92bb6c393c5d7bd9d5dd82ca5b03d3df5e640c9e4c3283e3551c29c1695f769ef22348c3d240c35ea887d250881f9d6eeed59ef12b3257e6fff0000000000000093bef106b37a88f3ff0871db3874cc06dc59c2e796d0fd88cb317615840859a9727f3877526e52e3b0c9be1f30a2000cb714f0e74b26ac92a8882ce6bc501d52a8445bdcab60d93a9362af36f196f5ecaa375d2bd7c085996b996d6c8d"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000080)='sched_switch\x00', r5}, 0x10)
syz_open_dev$usbfs(&(0x7f0000000080), 0x75, 0x109301)
syz_mount_image$fuse(0x0, &(0x7f0000002080)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0)
sendmsg$key(0xffffffffffffffff, 0x0, 0x40044)
setsockopt$inet6_IPV6_XFRM_POLICY(0xffffffffffffffff, 0x29, 0x23, &(0x7f0000000280)={{{@in6=@loopback, @in6=@private0, 0x0, 0x56, 0x0, 0x0, 0xa}, {0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffe, 0x2000000, 0x2}, {0x7, 0x0, 0x4}, 0x1, 0x0, 0x1}, {{@in6=@local, 0x0, 0x33}, 0x2, @in=@broadcast, 0x3507, 0x4, 0x0, 0x0, 0x0, 0x0, 0x4}}, 0xe8)
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000100)={'bridge0\x00', <r6=>0x0})
r7 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$nl_route(r7, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000001140)={&(0x7f00000009c0)=ANY=[@ANYBLOB="440000001000030500"/20, @ANYRES32=0x0, @ANYBLOB="15460100ef000000140012800b0001006d616373656300000400028008000500", @ANYBLOB="08400a0005f318ccf8c0d21c77c7e27dadc8fb8c943e577a988b1bc066fcf638498f9a32e3b3990a07b77835570b5fe60449a06a3883014c8851a90488bf2c5f499f7d4509b4", @ANYRES32=r6, @ANYBLOB], 0x44}}, 0x0)

2m14.658294689s ago: executing program 32 (id=79):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000380)={0x11, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="1801000000000000000000000000ea04850000005000000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x80)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000140)={&(0x7f0000000040)='sched_switch\x00', r0}, 0x10)
r1 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
syz_mount_image$vfat(&(0x7f0000000280), &(0x7f0000000240)='./file0\x00', 0x18000, &(0x7f0000002f40)=ANY=[@ANYRES8=0x0, @ANYRES64, @ANYRES16=0x0, @ANYRESDEC, @ANYRES32, @ANYRES32], 0x1, 0x2ee, &(0x7f00000006c0)="$eJzs3M9PE1sUwPHTH5S2BMri5b28l7xwoxvdTKC6VhoDibGJBKnxR2IywFSbji2ZaTA1RnTl1vhHuCAs2ZEo/wAbd7px446NiQtZGMd0OkNpGUBKaRG+n4TMYe49nXtnBnLuhGHzzuvHxbyt5fWKhONKQiIiWyLDEhZfyNuG3TgmO72QiwPfPv5/6+69G5lsdmJaqcnMzKW0Umpo5N2TZwmv21q/bAw/2Pya/rLx98a/mz9nHhVsVbBVqVxRupotf67os6ah5gt2UVNqyjR021CFkm1Y9fZyvT1vlhcWqkovzQ8mFyzDtpVeqqqiUVWVsqpYVRV5qBdKStM0NZgUHCS3PD2tZ9pMnuvwYHBMLCujR0Qksaslt9yTAQEAgJ5qrf/DojpZ/6+cW68M3F4d8ur/tVhQ/X/5U/2zmur/uIgE1v/+8QPrf/1w9f/uiuhsOVL9j5NhJLZrV6gR1hqtjJ70fn5dL++vjLoB9T8AAAAAAAAAAAAAAAAAAAAAAH+CLcdJOY6T8rf+V7+IxEXE/z4gNSIiV3swZHTQEa4/ToHGi3vRIRHz1WJuMVffeh3WRcQUQ0YlJT/c+8FTi/03j1TNsLw3l7z8pcVcxG3J5KXg5o9Jqk9a8x1n8np2YkzVNef3SXJnflpS8ldwfjowPyYXzu/I1yQlH+akLKbMu+No5D8fU+razWxLfsLtBwAAAADAaaCpbYHrd03bq72ev72+bn0+EGmsr0cD1+dR+S/a27kDAAAAAHBW2NWnRd00DWufICEH92k/iB7TJ/sz/N0s/28Zjm+m+wT+wZua4t7Ojp+W0CFOyx5BWNrJGqnNRh11Fv5jo736yNR4965g0zD+efP2e+cOcWU1fsBM2w8i+98AfV37BQQAAACgaxpFv79nvLcDAgAAAAAAAAAAAAAAAAAAAAAAAAAAAADgDOrGv0nr9RwBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACAk+JXAAAA//+qDgR1")
prlimit64(0x0, 0xe, &(0x7f0000000240)={0x8, 0x248}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r2 = getpid()
sched_setaffinity(0x0, 0x1, &(0x7f00000002c0)=0x2)
sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0xffffe000)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000001c0)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f00000004c0)=@abs={0x0, 0x0, 0x4e21}, 0x6e)
accept4$unix(r4, &(0x7f0000000340)=@abs, 0x0, 0x0)
sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r3, &(0x7f00000000c0), 0x3fffffffffffeda, 0x2, 0x0)
r5 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x3, &(0x7f0000000540)=ANY=[@ANYBLOB="2478aaaa3e09595610fa7826dc19b99b1ac33546f6a16b27c92bb6c393c5d7bd9d5dd82ca5b03d3df5e640c9e4c3283e3551c29c1695f769ef22348c3d240c35ea887d250881f9d6eeed59ef12b3257e6fff0000000000000093bef106b37a88f3ff0871db3874cc06dc59c2e796d0fd88cb317615840859a9727f3877526e52e3b0c9be1f30a2000cb714f0e74b26ac92a8882ce6bc501d52a8445bdcab60d93a9362af36f196f5ecaa375d2bd7c085996b996d6c8d"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000080)='sched_switch\x00', r5}, 0x10)
syz_open_dev$usbfs(&(0x7f0000000080), 0x75, 0x109301)
syz_mount_image$fuse(0x0, &(0x7f0000002080)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0)
sendmsg$key(0xffffffffffffffff, 0x0, 0x40044)
setsockopt$inet6_IPV6_XFRM_POLICY(0xffffffffffffffff, 0x29, 0x23, &(0x7f0000000280)={{{@in6=@loopback, @in6=@private0, 0x0, 0x56, 0x0, 0x0, 0xa}, {0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffe, 0x2000000, 0x2}, {0x7, 0x0, 0x4}, 0x1, 0x0, 0x1}, {{@in6=@local, 0x0, 0x33}, 0x2, @in=@broadcast, 0x3507, 0x4, 0x0, 0x0, 0x0, 0x0, 0x4}}, 0xe8)
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000100)={'bridge0\x00', <r6=>0x0})
r7 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$nl_route(r7, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000001140)={&(0x7f00000009c0)=ANY=[@ANYBLOB="440000001000030500"/20, @ANYRES32=0x0, @ANYBLOB="15460100ef000000140012800b0001006d616373656300000400028008000500", @ANYBLOB="08400a0005f318ccf8c0d21c77c7e27dadc8fb8c943e577a988b1bc066fcf638498f9a32e3b3990a07b77835570b5fe60449a06a3883014c8851a90488bf2c5f499f7d4509b4", @ANYRES32=r6, @ANYBLOB], 0x44}}, 0x0)

2m7.707387337s ago: executing program 0 (id=93):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0xa, 0x7, 0xfff, 0x7, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000005c0)={0x18, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000140)={&(0x7f0000000040)='mm_page_alloc\x00', r1}, 0x10)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f00000004c0)={{r0}, &(0x7f0000000380), &(0x7f0000000400)=r1}, 0x20)
r2 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000400)=ANY=[@ANYBLOB="12013f00000000407f04ffff000000000001090224000100000000090400001503000000092140000001220f00090581", @ANYRES8], 0x0)
syz_usb_control_io$hid(r2, 0x0, 0x0)
syz_usb_control_io(r2, &(0x7f0000000b00)={0x2c, &(0x7f0000000040)=ANY=[@ANYBLOB="00000f00000009003d140f3c369197d09647190890"], 0x0, 0x0, 0x0, 0x0}, 0x0)

2m4.735261452s ago: executing program 0 (id=98):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000100)=[@text64={0x40, &(0x7f0000000200)="f7790066baa00066b86b4266ef66ba420066b8e20066ef0f29902cbb0000c4e2b1ba8c88d9000000666666440f38826b410f7842280f07b8010000000f01d9c4033921820f47a753fd", 0x49}], 0x1, 0x43, 0x0, 0x0)
syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000340)=[@text64={0x40, 0x0}], 0x1, 0x0, 0x0, 0x0)
ioctl$KVM_RUN(r2, 0xae80, 0x0)
ioctl$KVM_SET_VCPU_EVENTS(r2, 0x4400ae8f, &(0x7f0000000140)=@x86={0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x9, 0x4, 0x0, 0x0, 0xfffffffc, 0x10, 0xff, 0xff})
timer_create(0x0, &(0x7f00000000c0)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f0000000100))
timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x3938700}, {0x0, 0x3938700}}, 0x0)
timer_create(0x0, &(0x7f0000000180)={0x0, 0x13, 0x0, @thr={0x0, 0x0}}, &(0x7f0000000240)=<r3=>0x0)
timer_settime(r3, 0x0, &(0x7f0000000340)={{0x0, 0x3938700}, {0x0, 0x989680}}, 0x0)
ioctl$KVM_RUN(r2, 0xae80, 0x0)

2m3.499481951s ago: executing program 0 (id=103):
mkdir(&(0x7f0000000580)='./file0\x00', 0x0)
mount(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000040)='ramfs\x00', 0x0, 0x0)
chdir(&(0x7f00000000c0)='./file0\x00')
mkdir(&(0x7f0000000040)='./bus\x00', 0xa)
mkdir(&(0x7f0000000040)='./file0\x00', 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x0)
mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f0000000340)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@upperdir={'upperdir', 0x3d, './file1'}}]})

2m3.223892986s ago: executing program 0 (id=104):
mkdir(0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000040)=0x8)
sched_setaffinity(0x0, 0x8, &(0x7f00000001c0)=0x5)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000001700)=0x4)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000300)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x3fffffffffffcb5, 0x2, 0x0)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b704000000000000850000005700000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x24, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
r3 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="19000000040000000800000008"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r3, @ANYBLOB="0000000000000000b7080000000000107b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b70400000000925e8500000001"], &(0x7f0000000340)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000740)={&(0x7f0000000300)='sched_switch\x00', r4}, 0x10)
madvise(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x15)
syz_mount_image$msdos(&(0x7f0000000200), &(0x7f0000000240)='./file1\x00', 0x80c406, &(0x7f0000000540)=ANY=[@ANYBLOB='dots,dots,dmask=000000000200000,nodots,discard,nfs=nostale_ro,gid=', @ANYRESHEX=0x0, @ANYBLOB="2c646f733178666c6f70707900000000000000003030ffffffff303030303031373737373737373756c0f39fdb37372c004c0f1208ec0c34b7df4ba1c1e6b76697434db8574db9bcaef6a61a12c3f260bebc7ac5b1b11361119b83f1cf9f686b715b8e58fd37cea6623dc422c2ddbcefe94e5c255b5e8c90613e6b598b3b7a2c05de53dab7"], 0x1, 0x291, &(0x7f0000000280)="$eJzs3M9r034YwPGn6dZ0+7Ifpy/oxQe96CXMelQPVTYQC0q3inoQMpZpaG1HErQVwZw97e8YHr0J4j+w/8LbEGSnnYyszbKs+4Wza2f7fkHJkzz5tE8SUp5PId16uv66uupbq3YgRl7FEAllR2RWXNmTiZe5dpxLtsvdgoRyY+7N9sfFZ88fFkul+bLqQnHpVkFVp698ffv+09VvwX9PPk+bpmzOvtj6Wfi++f/mpa1fS69cX11f641AbV1uNAJ7ueboiutXLdXHNcf2HXXrvuMdyK/WGmtrLbXrK1OTa57j+2rXW2pIS4OG5uOq6mpZlk5N7sZ5GSG5Px5R2SiX7eK5FIMLw/OKdlZEJg7dDZWNwVQEAAAG6fj+30j22ev/je7+X+SU/v9DvNf0l573/1lJ+v+q0+7/A6+l9kvbTff/ONHZ+n/jfIrB38iEqZV7B1KeV5w4ehD9PwAAAAAAAAAAAAAAAAAAAAAA/4KdKJqJomhmd2mISBSvmyKSTa0fMXSknq0fVunrH6VeZnyBT7j+GAKpB/fyIj/CZqVZybSXnfzCg9L8nLalHvzbbjYr2SR/s5PXg/lxmYzzhSPzObl+rZPfzd1/VErn15uVCVk5sfKwV6cAAAAAAIChZ2liNtmYl2R+b1lqSne+PX/vROH+7wNd8/sxuTzWv+MAAAAAAADH81vvqnat5nj9CbJ9/KwzByJnG347MntSRlZETtmnvCgy+BN1KDDlQpQxzMGdnr1hlBHpbBmPvwy67gIAAAAAw2V/PjDoSgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGF39+OuyQR8jAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAcFH8DgAA//8sg70h")
mount$9p_fd(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f0000000b80), 0x0, &(0x7f0000000580)=ANY=[])
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
r5 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
r6 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000180), 0x40000, 0x0)
ioctl$TIOCSETD(r6, 0x5423, 0x0)
readv(r6, &(0x7f0000000000)=[{&(0x7f0000001300)=""/244, 0x940}], 0x1)
ioctl$TIOCVHANGUP(r6, 0x5437, 0x0)
read$msr(r5, &(0x7f0000019680)=""/102392, 0x18ff8)
bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0xb, 0x8, 0xc, 0xffffffff, 0x1, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x50)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0xb, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)

2m1.443133803s ago: executing program 0 (id=105):
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000085000000070000001801000020756c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b70300000000a5df850000"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000640)={0x0, 0x26d, &(0x7f0000000480)=ANY=[], 0x0, 0x2b0e, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0xf, 0x4, 0x8, 0x7, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x50)
r0 = bpf$MAP_CREATE(0x0, 0x0, 0x0)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xf, &(0x7f0000000180)=@ringbuf={{}, {{0x18, 0x1, 0x1, 0x0, r0}}, {}, [], {{}, {}, {0x85, 0x0, 0x0, 0x84}}}, &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r2 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r5 = bpf$MAP_CREATE(0x0, &(0x7f0000000340)=@base={0xa, 0x4, 0xffd, 0x7, 0x0, 0xffffffffffffffff, 0xd, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x50)
r6 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB, @ANYRES32=r5, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000900)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000180)='sched_switch\x00', r6}, 0x10)
socketpair$tipc(0x1e, 0x2, 0x0, &(0x7f0000000080)={0xffffffffffffffff, <r7=>0xffffffffffffffff})
ioctl$SIOCGETNODEID(r7, 0x89e1, &(0x7f00000000c0))
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f00000002c0)={{r5}, &(0x7f0000000280), &(0x7f0000000080)=r6}, 0x20)
r8 = socket$unix(0x1, 0x2, 0x0)
bind$unix(r8, &(0x7f00000006c0)=@file={0x1, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0x6e)
mkdir(&(0x7f0000000300)='./bus\x00', 0x0)
connect$unix(r8, &(0x7f0000000080)=@file={0x1, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0x6e)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000bc0)={&(0x7f0000000040)='kmem_cache_free\x00', r1}, 0x10)
r9 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x100, 0x0)
r10 = ioctl$LOOP_CTL_GET_FREE(r9, 0x4c82)
ioctl$LOOP_CTL_REMOVE(r9, 0x4c81, r10)

2m0.31059079s ago: executing program 0 (id=106):
bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="19000000040000000400000008"], 0x48)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000001500000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b70400000000000085000000010000"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000080)='sched_switch\x00', r1}, 0x10)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000001c80)={{r0}, &(0x7f0000001c00), &(0x7f0000001c40)=r1}, 0x20)
pipe(&(0x7f0000000080)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000000)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
pipe(&(0x7f0000000100)={0xffffffffffffffff, <r6=>0xffffffffffffffff})
splice(r5, 0x0, r3, 0x0, 0xf3a, 0x0)
tee(r2, r6, 0xf3a, 0x0)
write$binfmt_elf64(r4, &(0x7f0000000380)=ANY=[], 0x18c6)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000080)='mm_page_alloc\x00'}, 0x10)
syz_clone(0x40104400, 0x0, 0x0, 0x0, 0x0, 0x0)
openat$snapshot(0xffffffffffffff9c, &(0x7f0000000040), 0x44000, 0x0)
r7 = openat$sndtimer(0xffffffffffffff9c, &(0x7f0000000080), 0x40800)
ioctl$SNDRV_TIMER_IOCTL_SELECT(r7, 0x40345410, &(0x7f00000083c0)={{0x1, 0x0, 0x4}})

1m44.775132621s ago: executing program 33 (id=106):
bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="19000000040000000400000008"], 0x48)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000001500000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b70400000000000085000000010000"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000080)='sched_switch\x00', r1}, 0x10)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000001c80)={{r0}, &(0x7f0000001c00), &(0x7f0000001c40)=r1}, 0x20)
pipe(&(0x7f0000000080)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000000)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
pipe(&(0x7f0000000100)={0xffffffffffffffff, <r6=>0xffffffffffffffff})
splice(r5, 0x0, r3, 0x0, 0xf3a, 0x0)
tee(r2, r6, 0xf3a, 0x0)
write$binfmt_elf64(r4, &(0x7f0000000380)=ANY=[], 0x18c6)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000080)='mm_page_alloc\x00'}, 0x10)
syz_clone(0x40104400, 0x0, 0x0, 0x0, 0x0, 0x0)
openat$snapshot(0xffffffffffffff9c, &(0x7f0000000040), 0x44000, 0x0)
r7 = openat$sndtimer(0xffffffffffffff9c, &(0x7f0000000080), 0x40800)
ioctl$SNDRV_TIMER_IOCTL_SELECT(r7, 0x40345410, &(0x7f00000083c0)={{0x1, 0x0, 0x4}})

16.071687462s ago: executing program 5 (id=522):
socket$inet(0x2, 0x1, 0x0)
r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000840)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000007100000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x12, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r1 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000000c0)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000080)='sched_switch\x00', r0}, 0x10)
setsockopt$IP6T_SO_SET_REPLACE(0xffffffffffffffff, 0x29, 0x40, 0x0, 0x0)
r4 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
write$bt_hci(r4, &(0x7f0000000580)=ANY=[@ANYBLOB="5200000002"], 0x8)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
sendmsg$NFT_BATCH(0xffffffffffffffff, 0x0, 0x20050800)
preadv(0xffffffffffffffff, &(0x7f00000002c0), 0x0, 0x57d, 0x7fff)
sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)

14.965225744s ago: executing program 5 (id=523):
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
write$cgroup_subtree(0xffffffffffffffff, 0x0, 0xfe33)
connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffff}, 0x0)
syz_usb_connect(0x0, 0x5f, &(0x7f0000000000)=ANY=[@ANYBLOB="12010000b1f203401e0903003bd7010203010902"], 0x0)
r2 = syz_open_procfs(0x0, 0x0)
r3 = openat$6lowpan_control(0xffffff9c, &(0x7f0000000000), 0x2, 0x0)
write$6lowpan_control(r3, &(0x7f0000000040)='connect aa:aa:aa:aa:aa:10 2', 0x1b)
ioctl$AUTOFS_DEV_IOCTL_VERSION(r2, 0xc0189371, &(0x7f0000000180)={{0x1, 0x1, 0x18}, './file0\x00'})
r4 = socket$inet(0x2, 0x4000000000000001, 0x0)
setsockopt$SO_TIMESTAMP(r4, 0x1, 0x3f, &(0x7f0000000080)=0x1, 0x4)
bind$inet(r4, &(0x7f0000000480)={0x2, 0x4e23, @multicast1}, 0x10)
bpf$PROG_LOAD(0x5, &(0x7f0000000000)={0x11, 0x19, &(0x7f0000000a00)=ANY=[@ANYBLOB="1800000000000000000000000000000018", @ANYRES32], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x26, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
sendto$inet(r4, 0x0, 0x0, 0x200007fd, &(0x7f0000000000)={0x2, 0x24e23, @loopback}, 0x10)
sendmsg$inet(r4, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f0000000180)='/', 0x1}], 0x1}, 0x0)
setsockopt$SO_TIMESTAMPING(r4, 0x1, 0x25, &(0x7f0000000040)=0x193a, 0x4)
recvmmsg(r4, &(0x7f00000005c0), 0x40000000000026c, 0x0, 0x0)
syz_usb_connect(0x0, 0x24, 0x0, 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)
lsetxattr$system_posix_acl(&(0x7f0000000000)='./file0\x00', &(0x7f0000000040)='system.posix_acl_default\x00', &(0x7f0000000280)={{}, {}, [], {}, [], {0x8}}, 0x24, 0x0)
memfd_create(&(0x7f00000000c0)='[\x00', 0x0)
memfd_create(&(0x7f0000000140)='/dev/ttyS3\x00', 0x3)
r5 = memfd_secret(0x80000)
fcntl$setlease(r5, 0x400, 0x0)
fsetxattr$system_posix_acl(r5, &(0x7f0000000000)='system.posix_acl_default\x00', 0x0, 0x0, 0x0)

5.329618625s ago: executing program 5 (id=551):
r0 = syz_open_dev$dri(&(0x7f0000000180), 0x1, 0x0)
r1 = syz_open_dev$dri(&(0x7f0000000180), 0x1, 0x0)
r2 = syz_open_dev$dri(&(0x7f0000000180), 0x1, 0x0)
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r2, 0xc02064b2, &(0x7f0000000340)={0xda2, 0x8169, 0x6, 0x0, <r3=>0x0})
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r1, 0xc02064b2, &(0x7f0000000440)={0xde, 0x1ff, 0xf})
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r0, 0xc02064b2, &(0x7f00000001c0)={0x15, 0x1, 0x3})
ioctl$DRM_IOCTL_MODE_DESTROY_DUMB(r1, 0xc00464b4, &(0x7f0000000400)={r3})
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r0, 0xc02064b2, &(0x7f0000000000)={0x5, 0x7, 0x8ee1})

4.213638907s ago: executing program 6 (id=557):
r0 = bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f0000000740)={0x3, 0x4, 0x4, 0xa, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x34)
r1 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0600000004000000fd0f000002"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000004000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f9ffffffb703000000080000b70400000000000085000000c300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x38, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x2, @void, @value}, 0x94)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000002c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000280)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kfree\x00', r2}, 0x10)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000001c0)={0x18, 0xc, &(0x7f0000000040)=@framed={{0x18, 0x8}, [@tail_call={{0x18, 0x2, 0x1, 0x0, r0}}, @func={0x85, 0x0, 0x1, 0x0, 0x3}, @initr0={0x18, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1}, @exit], {0x95, 0x0, 0xff85}}, &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)

4.212866997s ago: executing program 5 (id=558):
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x1b, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b70800000000e7057b8af8ff00000000bfa200000000000007020000f8"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x9, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe8c, @void, @value}, 0x94)
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000040), 0x1c1341, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f00000000c0)={'syzkaller0\x00', 0x84aebfbd6349b7f2})
r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
close(r1)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000029c0))
ioctl$SIOCSIFHWADDR(r1, 0x8914, &(0x7f0000002280)={'syzkaller0\x00', @link_local})
write$cgroup_subtree(r0, &(0x7f0000000440)=ANY=[@ANYBLOB="8fedcb5d07081175f37538e486dd6372ce22fdb911"], 0xfdef)

3.694737227s ago: executing program 6 (id=559):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CAP_DISABLE_QUIRKS(r1, 0x4068aea3, &(0x7f0000000140)={0x74, 0x0, 0x61})
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil})
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x7)
ioctl$KVM_RUN(r2, 0xae80, 0x0)

3.258227626s ago: executing program 4 (id=565):
bpf$PROG_LOAD(0x5, &(0x7f00000006c0)={0x8, 0xf, &(0x7f0000000040)=ANY=[@ANYBLOB="1808000000000000000000009c00000018000000", @ANYRES32, @ANYBLOB="0000000000000000b7"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @cgroup_skb=0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
r0 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x55779000)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x400000000000041, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r4 = socket$inet6_tcp(0xa, 0x1, 0x0)
close(r4)
r5 = socket$inet6_mptcp(0xa, 0x1, 0x106)
bind$inet6(r4, &(0x7f0000000040)={0xa, 0x4e22, 0x0, @empty, 0x1}, 0x1c)
socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$tipc2(&(0x7f00000005c0), 0xffffffffffffffff)
listen(r5, 0x0)
getsockopt$inet_IP_IPSEC_POLICY(r3, 0x0, 0x10, &(0x7f0000000380)={{{@in=@dev, @in=@dev}}, {{@in=@private}, 0x0, @in=@multicast2}}, 0x0)
r6 = socket$inet_mptcp(0x2, 0x1, 0x106)
setsockopt$sock_int(r6, 0x1, 0x8, &(0x7f0000000140), 0x4)
connect$inet(r6, &(0x7f0000000000)={0x2, 0x4e22, @empty}, 0x10)
r7 = accept(r4, 0x0, 0x0)
sendmsg$TEAM_CMD_OPTIONS_SET(r7, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000100)=ANY=[], 0xfffffdef}}, 0x1)
recvfrom(r6, &(0x7f0000000180)=""/60, 0xfffffffffffffecb, 0x4100, 0x0, 0x0)
mremap(&(0x7f0000000000/0x9000)=nil, 0x600600, 0x200000, 0x3, &(0x7f0000a00000/0x600000)=nil)
getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000000100), &(0x7f0000000140)=0xc)

3.239523757s ago: executing program 5 (id=566):
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000004000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb70300000e41621eb70400000000000085000000c300000095"], 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x1a, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x6, 0x4, 0x3, 0x5, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0], 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
close(0xffffffffffffffff)
close(0xffffffffffffffff)
r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
ioctl$TUNSETIFF(r1, 0x400454da, &(0x7f00000001c0)={'bond_slave_0\x00'})
ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000000)={'dvmrp1\x00', 0x1})
r2 = openat$tun(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
ioctl$TUNSETIFF(r2, 0x400454da, &(0x7f00000002c0)={'bond0\x00', 0x200})
r3 = bpf$PROG_LOAD(0x5, &(0x7f00000005c0)={0x18, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000140)='sched_switch\x00', r3}, 0x10)
ioctl$TUNSETIFF(r2, 0x400454ca, &(0x7f0000000100)={'nicvf0\x00', 0x1432})

3.0235028s ago: executing program 2 (id=569):
bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="18090000000000000000000000000000850000006d0000001801000020696c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000007000000095"], 0x0, 0x0, 0x0, 0x0, 0x100, 0x30, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
openat$tun(0xffffffffffffff9c, 0x0, 0x0, 0x0)
bpf$MAP_CREATE(0x2000000000000000, &(0x7f0000000a00)=ANY=[], 0x48)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
r0 = bpf$PROG_LOAD(0x5, &(0x7f00000005c0)={0x18, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0xa3500, 0x0, '\x00', 0x0, @fallback=0x7, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffc0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000140)={&(0x7f0000000040)='mm_page_alloc\x00', r0}, 0x10)
r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x11, 0x5, &(0x7f0000000280)=ANY=[@ANYBLOB="1801000021000000000000004bc311ec8500000075000000a70000000800000095"], &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f00000000c0)='percpu_alloc_percpu\x00', r1}, 0x10)
syz_clone(0x42000000, 0x0, 0x0, 0x0, 0x0, 0x0)

2.995127671s ago: executing program 6 (id=570):
bpf$PROG_LOAD_XDP(0x5, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0xa, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f0000000180)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
futex(0x0, 0x5, 0x0, 0x0, 0x0, 0xb4000003)
r3 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
setsockopt$inet6_int(r3, 0x29, 0x19, &(0x7f0000000040)=0x3, 0x4)
recvmmsg(r3, &(0x7f0000002780)=[{{0x0, 0xfffffffffffffde1, 0x0}}], 0x1, 0x2140, 0x0)
r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000840)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000007100000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
r5 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000040)='/sys/kernel/debug/binder/failed_transaction_log\x00', 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000080)='sched_switch\x00', r4}, 0x10)
pipe2$9p(0x0, 0x0)
r6 = getpid()
sched_setscheduler(r6, 0x2, &(0x7f0000000200)=0x6)
syz_open_procfs$namespace(r6, &(0x7f0000000000)='ns/user\x00')
bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f0000000240)={r5}, 0x4)
r7 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r7, &(0x7f00000035c0)={0x0, 0x0, &(0x7f0000003580)={&(0x7f0000004980)=ANY=[@ANYBLOB="44010000100001000000000000000000ac1e0101000000000000000000000000ff020000000000000000000000000001000000002000"/64, @ANYRES32=0x0, @ANYRES32, @ANYBLOB="fe8000000000000000000000000000bb000000006c000000ac14141c00000000000000000000000000000000000000000000000000000000000000000000000003000000f8ffffff00000000000000000000000000000000fdffffffffffff0f0000000000000000000000000000000004000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a00016b3a9c130000000000480003006465666c"], 0x144}, 0x1, 0x0, 0x0, 0x4004050}, 0x8000)

2.53175011s ago: executing program 5 (id=572):
socket$inet(0x2, 0x1, 0x0)
r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000840)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000007100000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x12, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r1 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000000c0)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000080)='sched_switch\x00', r0}, 0x10)
setsockopt$IP6T_SO_SET_REPLACE(0xffffffffffffffff, 0x29, 0x40, 0x0, 0x0)
bind$bt_hci(0xffffffffffffffff, &(0x7f0000000000)={0x1f, 0xffffffffffffffff, 0x3}, 0x6)
write$bt_hci(0xffffffffffffffff, &(0x7f0000000580)=ANY=[@ANYBLOB="5200000002"], 0x8)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
sendmsg$NFT_BATCH(0xffffffffffffffff, 0x0, 0x20050800)
preadv(0xffffffffffffffff, &(0x7f00000002c0), 0x0, 0x57d, 0x7fff)
sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)

1.898952833s ago: executing program 6 (id=573):
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101})
r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
close(r1)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000140))
ioctl$SIOCSIFHWADDR(r1, 0x8914, &(0x7f0000002280)={'syzkaller0\x00', @link_local})
r2 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
close(r2)
r3 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
close(r3)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000))
ioctl$SIOCSIFHWADDR(r3, 0x8943, &(0x7f0000000100)={'syzkaller0\x00'})
ioctl$SIOCSIFHWADDR(r2, 0x8943, &(0x7f0000002280)={'syzkaller0\x00', @random="001300"})

1.865444644s ago: executing program 4 (id=574):
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000440)={0x11, 0x4, &(0x7f0000000d00)=@framed={{0x18, 0x8}, [@func={0x85, 0x0, 0x1, 0x0, 0x6}]}, &(0x7f0000000cc0)='syzkaller\x00', 0x4, 0xee, &(0x7f0000000340)=""/238, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)

1.267195795s ago: executing program 4 (id=575):
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xbff, @void, @value}, 0x94)
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0xe, 0x4, 0x8, 0x8, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000580)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0x6, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='consume_skb\x00', r1}, 0x10)
socketpair$tipc(0x1e, 0x2, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, <r2=>0xffffffffffffffff})
sendmsg$tipc(r2, &(0x7f0000004440)={&(0x7f0000000ec0)=@nameseq={0x1e, 0x1, 0x0, {0x1, 0x0, 0x2}}, 0x10, &(0x7f0000004340)=[{&(0x7f0000000f00)="34cbf9c55466da0eadc249236ab3cbf316717306be4c08c8c7da1f1ee04ab4b4eac14995ebdf620ff778a4e3452587e42a3c6aa1bd35dfd99f23b525893bc3b5f9f3bed1986bf8d0dddd7c5cdada611f9bf641e421ed71a842d84fa289a542f941d6e06b2b14e2a706ce30acf7d82f224f3e30cadd9d15f3dddbb29dbeb9f68fb68bedb91e0b1ef48832778fe36699c7ebf101659a8f476c4a065eac71d6d1e7fafc6f25ec2c9a8f431fe347a2d30e912c5b2397613ce784637ec71e37566eb0548b461f71028459c6f137c18737d58b56949d022bf1eaf486692bb76836a233c7879d740ad0beaf5159d3380442824f536a41bb22d08fe53952b9c6fed2605d53311c71b455655f96ea6a87e41e9211e90170b0a2b1a2098175ebcd33d517085d224122264cddadd82a3d11bc4a33ce66108b22b1abc6243d306d8f6b8a2ddb5373c190d8f859a3174a200936b079f85edcac7fc03fb993ec0ff8b83f1fd3f1b888d192d99c7ede5d381784d25410cccf1b0bf26a54f065e1e3ec59cc5704fb658fc980a0ac4287ef884ee82007554be3f1e163c81468d0c26c95e3e12393776e32800bb4f086f19080c4fca3d72e8569a5627ce98f2ae0bdb3ec42c23847d47e10b1c58da7e9cea990da842d96e3a51ed7d892f7b28a10486424a69a9109ebd4d7d5a3768400ac000a6d7556ca192e5cd45efb82001ac7b53e03036b6019a07ffb545cd3853e077f08a015f6232488c1139a9409c95ed005261e36b307406ba5714ef395129345866109341feb6c7c458ce08c147a983b46375ddb3621cee0312ba1a434bcd6081e1a8ae8b6d518988b9965faf9aff86df8173b93342cceaec357a100e59b4d66553633626b0b12e9622b8f8fdfe26545b87c57f8ce8609fb8e19b0f6d1cd64e8de85c7327f543b2f38cf3086b57f85e1aaa4add723e4bc4e3ea2c27acec1e545ae3fc870bd42422f6eaf17a1f82699c9cadf224ea1e5d1705b49118d91cc3731aeed60e41bf15a9613aeda8e63a29bc7a95b2d993d23269a310b91f69d16a71243c0f4080d3359f5ddd63c7032bef14ab25eb7df4b28b2132bcbf94a281c8f5de79885a6d679f145fca292b599bb09a1864726d86b65d4781408320b968e2224c23ce7a56d8892970043737ae47f071aaeb219716bc21e3304e301eb5cd32aea951a70621eb870214a72e6c474c3a20f5bd8e089ba16326cc9a80a1a4f5f0e8f58629e20b1c73eb8af330744b187a5cfdb410466378313700ca44eb6dcbc8f3d70f58e134202546f0b1a3b61a298f2a1184b1533bdad308fa2f960087e0f239d2ccbaee3889ddc1a2bea2183b98854d255a6f708909134fab83f42f13e7604f602e264f4a3b2b2a08c673c7ce2813218159b472d3b20ecbf26dd2f7b3ba5298a4ff7444ea0936e098c126f590b05e7697ed8a3d52ba1abc7285de2f160b9b081cb775a5ab77aad1bb98d47e3da53fc4c11d4db47de1e4e6f56ad671f5d8389b33260cc546e4f0bf34fec9b2abd209e6b89e6e381367774676ed6e6eaffe42b07241c276f3c84f17a0762de83eb769bdf28991ddbc23758f01c9ecfba4ab2ca2118fcedd7adde9ff47f643c13e3ad2f13b576985128f233e329fe269d5745cd2b30e5762452a4ff58fdec30623175f8d575ced1c43411e2869aadbe6f1e79a010bca334cb08d545bc2808f359b7777d1bb5675ee210574b9f72cdeb071e07eeaa0988086213a37a972647cf21d3a3bcbd7359da327bacad41b93c5e0e494669109dddcec781774f248f5663e4fac187d42ffccf68335de2adac4f8d3e1bf04b95a9464960186ed019773ffeda18f9827a61edc5fc4088eb0965cb1bd8af1185aa3972b8f73839b4611e303bcbc1f84a330f60fa0a7795ea3cffe0e338406533e12c7deef0b5906c513eab4619a8f02fdd65dcfb7297ef971c4601ad079f7ad38278ae3ff455b37d5492af546975535450693fd4593c8157b3fdb16fd3a106d2f1509d1c06dabb8933269d790a1c5e5f7bdd4a57e1e670d7043cfed88c365b5f8eefe530ef7da5322df981723332c088fce89c2ceee23b420f64332243b9c606d67d538810a94e0ffbd37a119d8fc4d6caec0def40e62613873c74feabde63e12cb2016c1d35cf1bb95bf59e01a63be8825cb3118b74b106f21eef5ee2f41e5fb39fdde058050f780d98ced247c66fc3a03ba04edaf14d698859ba303d511cf0845dc5e269aef2287770a247fd5ae1299b45819ff41725f9da3e4dab7770eb83992b53ae9a9de69e764f6e3aee3e27cfb1bacf531a91605894ae209da6d25872fb54bf36b2ed450b51aa8ee4875b9bc7e55753f61e12a323d301faceb2ecff0686b1359343a94774a6a098dc2df440725cd8331f527d4e22f8090d8879ef4765849705b99465d7ebdf661b81c303d13b87270dc1f227d5954fcbc93bbce6fde2a1f8d573d9cd8130c173a14706f1e9dabc4d16a5b003dd3239faf91769e25cf007b0623141e4e57f11746cd62f20d73956fa84c6a12e1756b6671a64bd7a474ba425907e1a61ba6d2ffa1149165a713a141bfec0f1af51afebdb84d5f14eb51acc284403627d6ce48fd028dc04e00ed963de37f85d155c33e2b4ceb09044c4f1c7791348216b674a8831a232a638f8bfb396fabbe1f880944bc5dcac55df8abc78f804306c88617acfd4adfbb5a055d3d3e91abb763ad84e701cc5679498e04600570f4b2e57c70542043dc590ab363215e6ab3f0bd89383748783d01c9227229edac723d4e2eaa061a44f2630691f25ca6093775183fdf432e01322203dd654b336670116a6a52a27ff2032b1103a4e4be0cc2fb05b24352d72e374e90cc3db2a5a691c7f6b8d1058d7730433c742d8ce52074318b1bce9bb104cf90c8b7f65293c2b74434661444f38d94d977e03433440517f6155a3cad2621c5502dd6148b867a40e6a40be4c8265ec2164b5257f06da1784e98991f42003ced4ba67c23b8c654b542d2d31168fd853cf56cc2c464d7a8a9fbcd2715968788f8527c597ab5f917753c1f1708d2c19972373c5a22af71847de22b9f1e9d38a04ea4dd291da3099cb836a696350bf1263c3c275c27b8b82f604625451a24490b0b5367c2fd05e699546ddf17709d2e2c2710f4361d9dd6e2de2b4353b7f4f8141f6f989dc1a798a974565978e4f9ec0c59a7dbc04bcab072c8513b9ca782c22cdd31fb116c10081740fd8f7d0cbd5c54f1069297f20b45d79bb9ace8e851a655fedf47b2dc76fd30b9ba9f09c9b50d6910ffcdec7078c36fe1e9b19dbb110197496349560a43c0ab42b4ce286643e73a92246ecb71e95ce0d54114772f8477c7d5604c1a52d2f680c5868cf08a2688dd9fef492a01836112cec824483e77da93d104a9e18d06bddf9a4007740a0537ac1a5e09900acc65d52680212a15b68b0ef887228e06f533c1ca95b8f9d81b9fc6608cb5bacf4b867922999c69d46048ec3f408866789f49fcb176fc99ed9d3e6c357ed2e3ce2665925773e5d86c2ceaf8f18519a00d9d2e19e9a6b16af0a53fd7df6974f5db00494460e7f3de6ff6b642859335e020513bb525adddabf0d7d6ae85e7e56e32ca8acc07fe86b7b445358966ba3914c1dfa7b814d9e846ff02a6a8c8f5713a0f727024b5d1ea7e4ce7c64f9b24dd3337a3df33714c5404403b0304b25a66fe3ac85083965877117b3d721e7922f0ac7e278feeb8dc09f58cbcfbb81b11d4699737f37ac240a24b9c4b2b587e68974f7ca5561856f32e389d32056f7d58e4de24c11bd5c5afaa441120370d0c48341e1b8146a6bbca8c15f23c155d2533e97a8e6496bc00533ec83be8488d020708d97385a03bcbf57cadc2c1e575e1ac134cdb5047f3f88eae0230751626cea1c85da9b74ddace668afebb2dc66d302ddf3c5f8f21ac0c0535d00839457e7cac9282a8e49d018b077e38ea512cf28eacff5d98e880abfb5af2e7c039d2e1f1edaad2642963ef29d715f754e2715caa6af046a298b285e3582d903be726b608619332e1a82be48b0f5adf6838f41ff776e5290de8269794bce8fb971267d036bd6bd30e42df918125d573ced78263251bcae2b7b40f1ba855b4f2472312ea8752c4a0e09468bd25615a6c00a9b44c484c5507b8400537f20890e9499ec94ed2b6aeff21e57c6e8a93d80097f85ac9316b03a5f768721bf7d041bb9a6a03eabd615e3c4d74f56c429d53b8fec4b5e86c5b311a6cd4a86f03e04dab25ad65b68a8b8d9053993fd2440ff2b81768213084c831d31a0f8c646aff9090b5463cbee452abd6318340ec41b50f1deba7ffb60b326751de3f6dbf9b17714299233d5c43071367ece2e53212e7f4e084fea60850d4d16908d9bbbb531fbf72143fdb62d1b40afde3d0b2ac2c94c32e456bbef62f8d677e332aec8ccc8eedbac61e7b89b32d57157a39ad5c456258d9c36db0edc82c2baead990ee78007ed89c8f450e92d5e209cc25f7c13f5909ca404fddbdbeff89cc42350c91e9f1fdf9753c6e95f71257f8cbb97838684461cd1244c938b9939a4e9c7727902b6f1a5434e0a06d3fc221771dd87572ae801c5ce6886122f0c91dae57440ffc7ace4e8e0041a1d245103aaadbfc2ecff622228daed2b0cd30f7f59b2617f6f0571ee4403d84e652d78b8e64d5450b6483ef70582dcda9351f2dddd3a4ac84f514f708d3af6242501bd041beae78e6b29b517b534148ea91ef85653fec824d6ddb0c0fa2555ab2564ba29227b1046b48a11ee0e6aafda9d0b80b0f05a8d057cbeb16264cb579aea3ba2b2000052d03c77844ab7c", 0xd4d}], 0x1}, 0x0)

1.266530205s ago: executing program 3 (id=576):
bpf$ENABLE_STATS(0x20, 0x0, 0x0)
r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000340)=ANY=[@ANYBLOB="02000000040000000800000001"], 0x48)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x6, 0x10, &(0x7f0000000000)=ANY=[@ANYBLOB="18000000000000000000000000000000b7080000300000007b8af8ff00000000b7080000000000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000800000018230000", @ANYRES32=r0, @ANYBLOB="0000000000000000b703000008000000850000006900000095"], &(0x7f0000000600)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x8, '\x00', 0x0, @xdp, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000640)={r1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x4}, 0x50)

1.217210836s ago: executing program 2 (id=577):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0xa, 0x4, 0x8, 0x5, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x50)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f00000006c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f00000008c0)='page_pool_state_hold\x00', r1}, 0x10)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000040)={0x6, 0x4, &(0x7f00000007c0)=ANY=[@ANYBLOB="18020000000000000000000000000000850000002c00000095"], &(0x7f0000000200)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @xdp, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f00000000c0)={r2, 0x27, 0x0, 0x0, 0x0, 0x0, 0x0, 0xf2ffffff, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x50)

1.100108399s ago: executing program 3 (id=578):
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000200)=ANY=[@ANYBLOB="0600000004000000080000000a"], 0x50)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000b2e900007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b70400000000000085000000c300000095"], 0x0, 0x0, 0x0, 0x0, 0x41100, 0x37e2f4aba9289b81, '\x00', 0x0, @fallback=0x17, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='sched_switch\x00', r1}, 0x10)
r2 = bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f0000000740)={0x3, 0x4, 0x4, 0xa, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x3, 0x8, &(0x7f0000000940)=@framed={{0x18, 0x9}, [@tail_call={{0x18, 0x2, 0x1, 0x0, r2}}]}, &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sched_cls, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f00000005c0)={{r2}, &(0x7f0000000540), &(0x7f0000000580)=r3}, 0x20)
bpf$MAP_DELETE_ELEM(0x3, &(0x7f00000007c0)={r2, &(0x7f0000000780)}, 0x20)

1.090388779s ago: executing program 4 (id=579):
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000002300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="02000000040000000600000005"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000001070000000000000000260018110000", @ANYRES32=r0], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000780)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000040)='task_newtask\x00', r1}, 0x10)
syz_clone(0x400, 0x0, 0x0, 0x0, 0x0, 0x0)

1.089625869s ago: executing program 2 (id=580):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CAP_DISABLE_QUIRKS(r1, 0x4068aea3, &(0x7f0000000140)={0x74, 0x0, 0x61})
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil})
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x7)
ioctl$KVM_RUN(r2, 0xae80, 0x0)

1.058286359s ago: executing program 3 (id=581):
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=ANY=[@ANYBLOB="0b00000007000000010001000900000001"], 0x48)
bpf$MAP_GET_NEXT_KEY(0x2, &(0x7f0000000080)={r0, &(0x7f0000000080), &(0x7f0000000200)=""/166}, 0x20)
bpf$MAP_GET_NEXT_KEY(0x4, &(0x7f0000000380)={r0, &(0x7f00000002c0)="e693f94a5f1e", &(0x7f0000000540)=""/235}, 0x20)

900.055472ms ago: executing program 4 (id=582):
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x1a, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000020000088500000082"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000005c0)={0x18, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x20880, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000140)={&(0x7f0000000040)='mm_page_alloc\x00', r1}, 0x10)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000340)={0x1f, 0x4, &(0x7f0000000000)=ANY=[@ANYBLOB="18000200000f000000000000000000008520"], &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x32, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)

899.784832ms ago: executing program 3 (id=583):
r0 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000180)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000008fd8850000000400000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000180)='kfree\x00', r1}, 0x18)
bpf$MAP_UPDATE_BATCH(0x1a, 0x0, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0xf, &(0x7f0000000340)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b702000014000000b7030000010100008500000083000000bf0900000000000055090100000000009500000000000000bf91000000000000b7020000000000008500000085000000b70000000000000095"], &(0x7f0000001dc0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)

889.740473ms ago: executing program 4 (id=584):
bpf$PROG_LOAD_XDP(0x5, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0xa, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f0000000180)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
futex(0x0, 0x5, 0x0, 0x0, 0x0, 0xb4000003)
r3 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
setsockopt$inet6_int(r3, 0x29, 0x19, &(0x7f0000000040)=0x3, 0x4)
recvmmsg(r3, &(0x7f0000002780)=[{{0x0, 0xfffffffffffffde1, 0x0}}], 0x1, 0x2140, 0x0)
r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000840)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000007100000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
r5 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000040)='/sys/kernel/debug/binder/failed_transaction_log\x00', 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000080)='sched_switch\x00', r4}, 0x10)
pipe2$9p(0x0, 0x0)
r6 = getpid()
sched_setscheduler(r6, 0x2, &(0x7f0000000200)=0x6)
syz_open_procfs$namespace(r6, &(0x7f0000000000)='ns/user\x00')
bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f0000000240)={r5}, 0x4)
r7 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r7, &(0x7f00000035c0)={0x0, 0x0, &(0x7f0000003580)={&(0x7f0000004980)=ANY=[@ANYBLOB="44010000100001000000000000000000ac1e0101000000000000000000000000ff020000000000000000000000000001000000002000"/64, @ANYRES32=0x0, @ANYRES32, @ANYBLOB="fe8000000000000000000000000000bb000000006c000000ac14141c00000000000000000000000000000000000000000000000000000000000000000000000003000000f8ffffff00000000000000000000000000000000fdffffffffffff0f0000000000000000000000000000000004000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a00016b3a9c130000000000480003006465666c"], 0x144}, 0x1, 0x0, 0x0, 0x4004050}, 0x8000)

791.936085ms ago: executing program 3 (id=585):
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b703000000000000850000000400000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x35, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000000)='task_newtask\x00', r0}, 0x18)
syz_clone(0x400, 0x0, 0x0, 0x0, 0x0, 0x0)

676.924347ms ago: executing program 2 (id=586):
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000300)=ANY=[@ANYBLOB="18010000120000000000000000000000850000006d000000180100002020642500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="020000000400000005000000820000000010"], 0x48)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000010007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='kfree\x00', r1}, 0x10)
close(0x3)

580.517609ms ago: executing program 3 (id=587):
bpf$MAP_CREATE(0x0, &(0x7f0000000200)=ANY=[@ANYBLOB="060000000400"], 0x50)
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000300)=@base={0xb, 0x100, 0xfd, 0x9, 0x1, 0x1, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x50)
bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000000), &(0x7f0000000000), 0xcff5, r0}, 0x38)

520.07538ms ago: executing program 2 (id=588):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f0000000280)=ANY=[@ANYBLOB="1800000000000000000000004b64ffec850000006d000000850000000e00000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x80)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000080)='sched_switch\x00', r0}, 0x10)
bpf$MAP_CREATE(0x0, 0x0, 0x0)
r1 = bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000000280)=@bpf_lsm={0x6, 0x3, &(0x7f00000003c0)=ANY=[@ANYBLOB="18000000003f000000000000000000f195"], &(0x7f0000000140)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x1b, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x80)
r2 = bpf$ITER_CREATE(0xb, &(0x7f00000004c0)={r1}, 0x8)
close(r2)
bpf$BPF_PROG_TEST_RUN(0x1c, &(0x7f0000000240)={r1, 0x8, 0x25, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x40)
syz_clone(0x40800000, 0x0, 0x0, 0x0, 0x0, 0x0)
bpf$BPF_GET_BTF_INFO(0xf, &(0x7f00000009c0)={r2, 0x0, 0x0}, 0x10)

288.506714ms ago: executing program 6 (id=589):
bpf$ENABLE_STATS(0x20, 0x0, 0x0)
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000001000)=ANY=[@ANYBLOB="19000000040000000800000008"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000107b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b70400000000925e850000000500000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x6, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @xdp, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000000)={r1, 0x2000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x50)

136.868438ms ago: executing program 6 (id=590):
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018120000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000002010000850000004300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="180000000000000000000000000000008500000022000000180100002020702500000000002020207b0af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b7030000000000008500000073"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="180000000000000000000000000000008500000007"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000780)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000040)='task_newtask\x00', r0}, 0x10)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000780)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0x35, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000040)='task_newtask\x00', r1}, 0x10)
syz_clone(0x400, 0x0, 0x0, 0x0, 0x0, 0x0)

0s ago: executing program 2 (id=591):
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="18000000000000000000000000000000850000000f00000018010000646c6c2500000000000000007b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000280)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000940)={&(0x7f0000000640)='console\x00', r0}, 0x10)
r1 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x1b, 0x0, 0x0, 0x8000, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x6, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000001600000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000082"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @xdp, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000940)={&(0x7f0000000640)='console\x00', r2}, 0x10)
r3 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x1, 0x4, 0xfff, 0x5, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1801000000002000000000000000000018190000", @ANYRES32=r3, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000024"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)

kernel console output (not intermixed with test programs):

1.721658][  T356] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[   61.730097][  T356] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[   61.741064][  T356] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[   61.750124][  T356] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready
[   61.758664][  T356] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[   61.768376][  T356] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[   61.776414][  T356] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[   61.784134][  T356] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[   61.792293][  T356] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[   61.805205][ T4176] device veth1_vlan entered promiscuous mode
[   61.817164][ T4178] device veth0_vlan entered promiscuous mode
[   61.824141][ T4166] device veth1_vlan entered promiscuous mode
[   61.856478][  T356] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready
[   61.864459][  T356] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[   61.872990][  T356] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[   61.884254][  T356] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[   61.893180][  T356] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[   61.912535][ T4172] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[   61.923810][ T4178] device veth1_vlan entered promiscuous mode
[   61.934802][  T356] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready
[   61.943885][  T356] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready
[   61.953850][  T356] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready
[   61.962609][  T356] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready
[   61.992687][ T4167] 8021q: adding VLAN 0 to HW filter on device batadv0
[   62.005886][  T356] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready
[   62.014038][  T356] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready
[   62.029661][  T356] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[   62.042661][ T4176] device veth0_macvtap entered promiscuous mode
[   62.067270][  T154] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready
[   62.076860][  T154] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready
[   62.085898][  T154] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[   62.108755][ T4176] device veth1_macvtap entered promiscuous mode
[   62.122937][ T4178] device veth0_macvtap entered promiscuous mode
[   62.144582][  T356] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready
[   62.154216][  T356] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready
[   62.164612][  T356] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready
[   62.174023][  T356] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[   62.192098][ T4166] device veth0_macvtap entered promiscuous mode
[   62.202790][ T4178] device veth1_macvtap entered promiscuous mode
[   62.221580][ T4166] device veth1_macvtap entered promiscuous mode
[   62.237930][ T4176] batman_adv: batadv0: Interface activated: batadv_slave_0
[   62.253534][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready
[   62.262257][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready
[   62.271462][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready
[   62.280066][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready
[   62.289635][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready
[   62.297685][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready
[   62.307019][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[   62.320772][ T4172] 8021q: adding VLAN 0 to HW filter on device batadv0
[   62.333730][ T4176] batman_adv: batadv0: Interface activated: batadv_slave_1
[   62.347524][ T4178] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[   62.358427][ T4178] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   62.370465][ T4178] batman_adv: batadv0: Interface activated: batadv_slave_0
[   62.381458][ T4178] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[   62.392712][ T4178] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   62.404489][ T4178] batman_adv: batadv0: Interface activated: batadv_slave_1
[   62.418631][  T154] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
[   62.428577][  T154] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[   62.444038][  T154] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready
[   62.452966][  T154] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[   62.461898][  T154] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
[   62.471335][  T154] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[   62.481439][ T4176] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   62.490609][ T4176] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   62.500297][ T4176] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   62.509227][ T4176] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   62.521604][ T4166] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[   62.532289][ T4166] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   62.542822][ T4166] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[   62.554319][ T4166] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   62.566427][ T4166] batman_adv: batadv0: Interface activated: batadv_slave_0
[   62.589588][ T4178] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   62.600260][ T4178] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   62.609732][ T4178] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   62.618646][ T4178] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   62.637698][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready
[   62.647170][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[   62.656987][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready
[   62.666133][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[   62.676684][ T4166] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[   62.687488][ T4166] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   62.697680][ T4166] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[   62.708819][ T4166] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   62.719728][ T4166] batman_adv: batadv0: Interface activated: batadv_slave_1
[   62.733030][ T4172] device veth0_vlan entered promiscuous mode
[   62.754909][  T154] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
[   62.764030][  T154] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[   62.774001][  T154] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready
[   62.783754][  T154] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[   62.793395][  T154] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[   62.801905][  T154] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[   62.813633][ T4166] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   62.822966][ T4166] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   62.831800][ T4166] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   62.840580][ T4166] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   62.905673][ T4172] device veth1_vlan entered promiscuous mode
[   62.942776][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready
[   62.953274][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready
[   62.962139][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready
[   62.971068][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[   63.031016][  T154] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready
[   63.039502][  T154] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[   63.048875][  T154] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready
[   63.057730][  T154] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[   63.068463][    T9] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   63.068597][ T4167] device veth0_vlan entered promiscuous mode
[   63.081708][    T9] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   63.091688][ T4172] device veth0_macvtap entered promiscuous mode
[   63.104947][  T154] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[   63.116371][  T154] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[   63.124495][  T154] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready
[   63.132829][  T154] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready
[   63.150433][ T4167] device veth1_vlan entered promiscuous mode
[   63.159317][ T4172] device veth1_macvtap entered promiscuous mode
[   63.212837][ T4167] device veth0_macvtap entered promiscuous mode
[   63.224980][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready
[   63.234116][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready
[   63.242799][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready
[   63.250799][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready
[   63.259510][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[   63.269814][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready
[   63.283814][ T4172] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[   63.295056][ T4172] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   63.305149][ T4172] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[   63.315783][ T4172] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   63.326625][ T4172] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[   63.337831][ T4172] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   63.349572][ T4172] batman_adv: batadv0: Interface activated: batadv_slave_0
[   63.368095][ T4167] device veth1_macvtap entered promiscuous mode
[   63.381944][ T4222] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready
[   63.391922][ T4222] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready
[   63.400685][ T4222] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[   63.411440][    T9] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   63.411513][ T4172] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[   63.426353][    T9] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   63.438567][ T4172] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   63.448562][ T4172] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[   63.460225][ T4172] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   63.470221][ T4172] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[   63.480870][ T4172] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   63.492080][ T4172] batman_adv: batadv0: Interface activated: batadv_slave_1
[   63.504025][  T144] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   63.513971][ T4167] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[   63.526398][  T144] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   63.531803][    T7] Bluetooth: hci2: command 0x040f tx timeout
[   63.535227][ T4167] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   63.542102][    T7] Bluetooth: hci3: command 0x040f tx timeout
[   63.556003][    T7] Bluetooth: hci0: command 0x040f tx timeout
[   63.557191][ T4167] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[   63.562673][    T7] Bluetooth: hci1: command 0x040f tx timeout
[   63.580695][ T4167] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   63.591811][ T4167] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[   63.596636][    T7] Bluetooth: hci4: command 0x040f tx timeout
[   63.602808][ T4167] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   63.619790][ T4167] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[   63.630452][ T4167] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   63.642604][ T4167] batman_adv: batadv0: Interface activated: batadv_slave_0
[   63.651414][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready
[   63.659475][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready
[   63.668505][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
[   63.679047][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[   63.688080][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready
[   63.697816][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[   63.715759][  T144] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   63.722239][ T4172] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   63.723735][  T144] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   63.742488][ T4172] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   63.752670][ T4172] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   63.762293][ T4172] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   63.784717][ T4167] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[   63.795566][ T4167] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   63.805832][ T4167] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[   63.816318][ T4167] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   63.828429][ T4167] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[   63.839196][ T4167] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   63.849419][ T4167] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[   63.860079][ T4167] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   63.872433][ T4167] batman_adv: batadv0: Interface activated: batadv_slave_1
[   63.893716][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready
[   63.902758][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
[   63.921606][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[   63.949414][ T4222] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   63.950715][ T4167] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   63.960798][ T4222] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   63.973193][ T4167] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   63.982731][ T4167] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   63.993478][ T4167] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   64.013704][ T4222] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready
[   64.022810][  T154] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   64.032340][  T154] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   64.092323][ T4222] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready
[   64.248207][ T4222] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   64.249139][  T154] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   64.266780][ T4222] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   64.300003][  T144] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready
[   64.310421][  T154] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   64.320387][ T4248] L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/l1tf.html for details.
[   64.339732][  T144] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready
[   64.395311][ T4248] pit: kvm: requested 4190 ns i8254 timer period limited to 200000 ns
[   64.482052][ T4248] kvm: pic: non byte read
[   64.493466][ T4248] kvm: pic: level sensitive irq not supported
[   64.493612][ T4248] kvm: pic: non byte read
[   64.521119][ T4248] kvm: pic: level sensitive irq not supported
[   64.521181][ T4248] kvm: pic: non byte read
[   65.287075][ T4222] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   65.311135][ T4222] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   66.193552][  T154] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready
[   66.556142][ T4260] loop3: detected capacity change from 0 to 16
[   67.872303][ T4243] Bluetooth: hci1: command 0x0419 tx timeout
[   67.879776][ T4243] Bluetooth: hci0: command 0x0419 tx timeout
[   67.885950][ T4243] Bluetooth: hci3: command 0x0419 tx timeout
[   67.892134][ T4243] Bluetooth: hci2: command 0x0419 tx timeout
[   67.898472][ T4243] Bluetooth: hci4: command 0x0419 tx timeout
[   67.960812][ T4222] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   68.013020][ T4260] erofs: (device loop3): mounted with root inode @ nid 36.
[   68.074844][ T4222] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   68.131644][  T356] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready
[   68.268823][ T4272] serio: Serial port ptm0
[   71.200373][ T1428] ieee802154 phy0 wpan0: encryption failed: -22
[   71.258903][ T4289] sched: RT throttling activated
[   71.273934][ T1428] ieee802154 phy1 wpan1: encryption failed: -22
[   71.282535][ T4241] usb 5-1: new full-speed USB device number 2 using dummy_hcd
[   72.194694][ T4304] fuse: Unknown parameter '0x0000000000000003'
[   72.440926][ T4241] usb 5-1: device descriptor read/all, error -71
[   74.560845][ T4325] loop1: detected capacity change from 0 to 256
[   75.229259][ T4325] exFAT-fs (loop1): failed to load upcase table (idx : 0x0000fd4f, chksum : 0x3963664b, utbl_chksum : 0xe619d30d)
[   76.200124][ T4352] fuse: Unknown parameter '0x0000000000000003'
[   76.410980][ T4355] loop1: detected capacity change from 0 to 512
[   76.657538][ T4359] loop2: detected capacity change from 0 to 128
[   78.156008][ T4368] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[   78.287180][ T4359] FAT-fs (loop2): Unrecognized mount option "ÿ0xffffffffffffffffÿÿÿÿÿÿÿÿ" or missing value
[   78.811365][ T4355] EXT4-fs (loop1): feature flags set on rev 0 fs, running e2fsck is recommended
[   78.867670][ T4355] EXT4-fs (loop1): orphan cleanup on readonly fs
[   78.909195][ T4355] EXT4-fs error (device loop1): ext4_quota_enable:6384: comm syz.1.29: Bad quota inum: 64, type: 0
[   78.952534][ T4355] EXT4-fs warning (device loop1): ext4_enable_quotas:6432: Failed to enable quota tracking (type=0, err=-117, ino=64). Please run e2fsck to fix.
[   79.037954][ T4355] EXT4-fs (loop1): Cannot turn on quotas: error -117
[   79.054967][ T4355] EXT4-fs (loop1): mounted filesystem without journal. Opts: max_dir_size_kb=0x0000000000000005,noblock_validity,usrquota,resgid=0x0000000000000000,nogrpid,nouid32,noinit_itable,dioread_lock,journal_dev=0x00000000000000042,errors=continue. Quota mode: writeback.
[   79.086969][ T4372] netlink: 'syz.0.33': attribute type 16 has an invalid length.
[   79.166217][ T4372] netlink: 'syz.0.33': attribute type 17 has an invalid length.
[   79.670966][ T4372] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready
[   79.746722][ T4372] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready
[   79.867952][ T4372] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.
[   80.967088][ T4387] loop1: detected capacity change from 0 to 256
[   81.358443][ T1108] cfg80211: failed to load regulatory.db
[   81.669014][ T4392] fuse: Unknown parameter 'fd0x0000000000000003'
[   85.260576][ T4415] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[   87.295858][ T4431] fuse: Unknown parameter 'fd0x0000000000000003'
[   88.126575][ T4441] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[   90.098651][ T4458] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[   90.916529][ T4465] loop3: detected capacity change from 0 to 1024
[   90.967078][ T4465] =======================================================
[   90.967078][ T4465] WARNING: The mand mount option has been deprecated and
[   90.967078][ T4465]          and is ignored by this kernel. Remove the mand
[   90.967078][ T4465]          option from the mount to silence this warning.
[   90.967078][ T4465] =======================================================
[   91.009754][ T4468] 9pnet: Insufficient options for proto=fd
[   91.040351][ T4465] EXT4-fs (loop3): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none.
[   93.060968][ T4484] fuse: Unknown parameter 'fd0x0000000000000003'
[   93.597738][ T4157] usb 5-1: new high-speed USB device number 4 using dummy_hcd
[   93.883544][ T4501] Zero length message leads to an empty skb
[   93.944107][ T4501] loop1: detected capacity change from 0 to 512
[   93.966433][ T4157] usb 5-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[   94.022693][ T4157] usb 5-1: config 1 has 1 interface, different from the descriptor's value: 3
[   94.040500][ T4501] EXT4-fs: Warning: mounting with data=journal disables delayed allocation, dioread_nolock, O_DIRECT and fast_commit support!
[   94.115750][ T4501] EXT4-fs (loop1): encrypted files will use data=ordered instead of data journaling mode
[   94.155634][ T4157] usb 5-1: New USB device found, idVendor=08b7, idProduct=0000, bcdDevice= 0.00
[   94.209139][ T4157] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3
[   94.227520][ T4157] usb 5-1: SerialNumber: syz
[   94.256470][ T4501] EXT4-fs warning (device loop1): ext4_expand_extra_isize_ea:2816: Unable to expand inode 15. Delete some EAs or run e2fsck.
[   94.311217][ T4501] EXT4-fs (loop1): 1 truncate cleaned up
[   94.337451][ T4501] EXT4-fs (loop1): mounted filesystem without journal. Opts: i_version,nombcache,debug_want_extra_isize=0x0000000000000068,lazytime,block_validity,quota,,errors=continue. Quota mode: writeback.
[   94.592517][ T4166] EXT4-fs error (device loop1): ext4_readdir:260: inode #11: block 54: comm syz-executor: path /11/bus/lost+found: bad entry in directory: rec_len is smaller than minimal - offset=0, inode=0, rec_len=0, size=1024 fake=0
[   94.688167][ T4166] EXT4-fs error (device loop1): ext4_empty_dir:3177: inode #11: block 54: comm syz-executor: bad entry in directory: rec_len is smaller than minimal - offset=5120, inode=0, rec_len=0, size=1024 fake=0
[   94.805869][ T4166] EXT4-fs error (device loop1): ext4_readdir:260: inode #11: block 54: comm syz-executor: path /11/bus/lost+found: bad entry in directory: rec_len is smaller than minimal - offset=0, inode=0, rec_len=0, size=1024 fake=0
[   94.905921][ T4507] overlayfs: missing 'lowerdir'
[   94.914102][ T4166] EXT4-fs error (device loop1): ext4_empty_dir:3177: inode #11: block 54: comm syz-executor: bad entry in directory: rec_len is smaller than minimal - offset=5120, inode=0, rec_len=0, size=1024 fake=0
[   94.917562][ T4157] usb 5-1: 0:2 : does not exist
[   94.985903][ T4166] EXT4-fs error (device loop1): ext4_readdir:260: inode #11: block 54: comm syz-executor: path /11/bus/lost+found: bad entry in directory: rec_len is smaller than minimal - offset=0, inode=0, rec_len=0, size=1024 fake=0
[   95.050632][ T4166] EXT4-fs error (device loop1): ext4_empty_dir:3177: inode #11: block 54: comm syz-executor: bad entry in directory: rec_len is smaller than minimal - offset=5120, inode=0, rec_len=0, size=1024 fake=0
[   95.083488][ T4166] EXT4-fs error (device loop1): ext4_readdir:260: inode #11: block 54: comm syz-executor: path /11/bus/lost+found: bad entry in directory: rec_len is smaller than minimal - offset=0, inode=0, rec_len=0, size=1024 fake=0
[   95.104861][    C1] vkms_vblank_simulate: vblank timer overrun
[   95.157441][ T4166] EXT4-fs error (device loop1): ext4_empty_dir:3177: inode #11: block 54: comm syz-executor: bad entry in directory: rec_len is smaller than minimal - offset=5120, inode=0, rec_len=0, size=1024 fake=0
[   95.245687][ T4166] EXT4-fs error (device loop1): ext4_readdir:260: inode #11: block 54: comm syz-executor: path /11/bus/lost+found: bad entry in directory: rec_len is smaller than minimal - offset=0, inode=0, rec_len=0, size=1024 fake=0
[   95.268817][ T4521] 9pnet: Insufficient options for proto=fd
[   95.284953][ T4157] usb 5-1: 5:0: cannot get min/max values for control 4 (id 5)
[   95.337464][ T4166] EXT4-fs error (device loop1): ext4_empty_dir:3177: inode #11: block 54: comm syz-executor: bad entry in directory: rec_len is smaller than minimal - offset=5120, inode=0, rec_len=0, size=1024 fake=0
[   96.187409][ T4157] usb 5-1: USB disconnect, device number 4
[   96.537039][ T4535] loop3: detected capacity change from 0 to 512
[   96.660121][ T4535] EXT4-fs (loop3): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback.
[   96.709880][ T4535] ext4 filesystem being mounted at /15/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[   96.861254][ T4222] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   97.059461][ T4222] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   97.386915][ T4222] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   97.493556][ T4554] netlink: 'syz.3.81': attribute type 13 has an invalid length.
[   98.752184][ T4554] bridge0: port 2(bridge_slave_1) entered disabled state
[   98.760838][ T4554] bridge0: port 1(bridge_slave_0) entered disabled state
[   98.909986][ T4557] loop4: detected capacity change from 0 to 40427
[   98.957844][ T4557] F2FS-fs (loop4): Invalid log_blocksize (268), supports only 12
[   98.983886][ T4557] F2FS-fs (loop4): Can't find valid F2FS filesystem in 1th superblock
[   99.013099][ T4557] F2FS-fs (loop4): Found nat_bits in checkpoint
[   99.080921][ T4557] F2FS-fs (loop4): Try to recover 1th superblock, ret: 0
[   99.088405][ T4557] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e5
[   99.402393][ T4241] Bluetooth: hci0: command 0x0409 tx timeout
[  100.785542][ T4554] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  100.842004][ T4554] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  101.039198][ T4572] 9pnet: Insufficient options for proto=fd
[  101.442621][   T13] Bluetooth: hci0: command 0x041b tx timeout
[  101.660872][ T4554] netdevsim netdevsim3 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0
[  101.670038][ T4554] netdevsim netdevsim3 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0
[  101.679072][ T4554] netdevsim netdevsim3 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0
[  101.687954][ T4554] netdevsim netdevsim3 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0
[  102.093213][ T4222] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  102.151911][ T4581] serio: Serial port ptm0
[  102.802625][ T4588] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  103.505612][ T1111] Bluetooth: hci0: command 0x040f tx timeout
[  103.786331][ T4598] loop3: detected capacity change from 0 to 1024
[  103.823259][ T1111] usb 3-1: new full-speed USB device number 2 using dummy_hcd
[  103.843903][ T4548] chnl_net:caif_netlink_parms(): no params data found
[  104.154385][ T4598] EXT4-fs (loop3): Test dummy encryption mode enabled
[  104.165651][ T4598] EXT4-fs (loop3): inline encryption not supported
[  104.208018][ T4548] bridge0: port 1(bridge_slave_0) entered blocking state
[  104.230931][ T4598] EXT4-fs (loop3): mounted filesystem without journal. Opts: test_dummy_encryption,i_version,stripe=0x0000000000000007,commit=0x0000000000000005,inlinecrypt,data_err=ignore,max_batch_time=0x0000000000000000,noblock_validity,,errors=continue. Quota mode: writeback.
[  104.267337][ T4548] bridge0: port 1(bridge_slave_0) entered disabled state
[  104.292223][ T4548] device bridge_slave_0 entered promiscuous mode
[  104.345251][ T4548] bridge0: port 2(bridge_slave_1) entered blocking state
[  104.365888][ T4548] bridge0: port 2(bridge_slave_1) entered disabled state
[  104.384199][ T4548] device bridge_slave_1 entered promiscuous mode
[  104.405404][ T4243] usb 1-1: new high-speed USB device number 2 using dummy_hcd
[  104.464323][ T4548] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  104.477801][ T4548] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  104.518864][ T4548] team0: Port device team_slave_0 added
[  104.527807][ T4548] team0: Port device team_slave_1 added
[  104.551569][ T4548] batman_adv: batadv0: Adding interface: batadv_slave_0
[  104.559811][ T4548] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  104.592281][ T4548] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  104.617802][ T4548] batman_adv: batadv0: Adding interface: batadv_slave_1
[  104.626327][ T1111] usb 3-1: config 0 interface 0 altsetting 5 endpoint 0x81 has invalid maxpacket 512, setting to 64
[  104.631766][ T4548] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  104.645384][ T1111] usb 3-1: config 0 interface 0 has no altsetting 0
[  104.663894][ T4548] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  104.684433][ T1111] usb 3-1: New USB device found, idVendor=1e7d, idProduct=2dbe, bcdDevice= 0.00
[  104.697020][ T1111] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  104.713606][ T1111] usb 3-1: config 0 descriptor??
[  104.757028][ T4590] raw-gadget.0 gadget: fail, usb_ep_enable returned -22
[  104.866734][ T4243] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  104.884508][ T4243] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  104.897088][ T4243] usb 1-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21
[  104.915892][ T4243] usb 1-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[  104.925136][ T4243] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  104.963173][ T4243] usb 1-1: config 0 descriptor??
[  105.000279][ T4548] device hsr_slave_0 entered promiscuous mode
[  105.085542][ T4548] device hsr_slave_1 entered promiscuous mode
[  105.202157][ T4548] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  105.298155][ T4548] Cannot create hsr debugfs directory
[  105.789088][ T4241] Bluetooth: hci0: command 0x0419 tx timeout
[  105.849069][ T1111] konepure 0003:1E7D:2DBE.0001: unknown main item tag 0x0
[  105.865419][ T1111] konepure 0003:1E7D:2DBE.0001: unknown main item tag 0x0
[  105.879463][ T1111] konepure 0003:1E7D:2DBE.0001: hidraw0: USB HID v80.00 Device [HID 1e7d:2dbe] on usb-dummy_hcd.2-1/input0
[  105.898130][ T4243] plantronics 0003:047F:FFFF.0002: unknown main item tag 0xd
[  105.907987][ T4243] plantronics 0003:047F:FFFF.0002: No inputs registered, leaving
[  105.917778][ T4647] 9pnet: Insufficient options for proto=fd
[  105.928043][ T4243] plantronics 0003:047F:FFFF.0002: hiddev0,hidraw1: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.0-1/input0
[  106.058311][ T4222] device hsr_slave_0 left promiscuous mode
[  106.068357][ T4222] device hsr_slave_1 left promiscuous mode
[  106.079727][ T4222] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  106.087529][ T4222] batman_adv: batadv0: Removing interface: batadv_slave_0
[  106.095924][ T4222] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  106.103348][ T4222] batman_adv: batadv0: Removing interface: batadv_slave_1
[  106.105615][ T4157] usb 1-1: USB disconnect, device number 2
[  106.119647][ T1111] usb 3-1: USB disconnect, device number 2
[  106.130534][ T4222] device bridge_slave_1 left promiscuous mode
[  106.141188][ T4222] bridge0: port 2(bridge_slave_1) entered disabled state
[  106.157305][ T4222] device bridge_slave_0 left promiscuous mode
[  106.164257][ T4222] bridge0: port 1(bridge_slave_0) entered disabled state
[  106.191024][ T4222] device veth1_macvtap left promiscuous mode
[  106.197420][ T4222] device veth0_macvtap left promiscuous mode
[  106.203467][ T4222] device veth1_vlan left promiscuous mode
[  106.210010][ T4222] device veth0_vlan left promiscuous mode
[  106.390908][ T4222] team0 (unregistering): Port device team_slave_1 removed
[  106.409033][ T4222] team0 (unregistering): Port device team_slave_0 removed
[  106.424425][ T4222] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  106.440539][ T4222] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  106.511567][ T4222] bond0 (unregistering): Released all slaves
[  106.624143][ T4548] netdevsim netdevsim5 netdevsim0: renamed from eth0
[  106.683228][ T4548] netdevsim netdevsim5 netdevsim1: renamed from eth1
[  106.711040][ T4548] netdevsim netdevsim5 netdevsim2: renamed from eth2
[  106.748563][ T4548] netdevsim netdevsim5 netdevsim3: renamed from eth3
[  106.964651][ T4548] 8021q: adding VLAN 0 to HW filter on device bond0
[  106.983410][  T154] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[  107.016033][  T154] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[  107.238493][ T4548] 8021q: adding VLAN 0 to HW filter on device team0
[  107.450511][ T4668] netlink: 'syz.2.99': attribute type 13 has an invalid length.
[  107.912187][ T4674] serio: Serial port ptm0
[  107.917545][ T4678] overlayfs: upper fs does not support RENAME_WHITEOUT.
[  107.925298][ T4678] overlayfs: failed to set xattr on upper
[  107.945469][ T4678] overlayfs: ...falling back to index=off,metacopy=off.
[  111.180049][ T4668] bridge0: port 2(bridge_slave_1) entered disabled state
[  111.187614][ T4668] bridge0: port 1(bridge_slave_0) entered disabled state
[  111.761274][ T4668] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  111.771122][ T4702] loop4: detected capacity change from 0 to 16
[  111.818963][ T4702] erofs: (device loop4): mounted with root inode @ nid 36.
[  111.826128][ T4668] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  114.113460][ T4668] netdevsim netdevsim2 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0
[  114.122564][ T4668] netdevsim netdevsim2 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0
[  114.131587][ T4668] netdevsim netdevsim2 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0
[  114.140521][ T4668] netdevsim netdevsim2 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0
[  114.164172][ T4711] 9pnet: Insufficient options for proto=fd
[  114.403826][ T4214] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[  114.416735][ T4214] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[  114.425239][ T4214] bridge0: port 1(bridge_slave_0) entered blocking state
[  114.432388][ T4214] bridge0: port 1(bridge_slave_0) entered forwarding state
[  114.440800][ T4214] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[  114.457487][ T4214] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[  114.466569][ T4214] bridge0: port 2(bridge_slave_1) entered blocking state
[  114.473688][ T4214] bridge0: port 2(bridge_slave_1) entered forwarding state
[  114.513077][ T4214] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[  114.521209][ T4214] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[  114.530664][ T4214] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[  114.552155][ T4214] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[  114.571331][ T4214] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[  114.594826][ T4214] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[  114.674498][ T4548] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network
[  114.693957][ T4548] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[  114.754955][  T356] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[  114.778034][  T356] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[  114.794154][  T356] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[  114.812959][  T356] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[  114.894465][ T4723] netlink: 12 bytes leftover after parsing attributes in process `syz.2.112'.
[  114.931152][  T356] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[  115.074880][  T356] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[  115.291271][  T356] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[  115.584498][ T4728] loop4: detected capacity change from 0 to 512
[  115.692683][ T4728] EXT4-fs (loop4): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback.
[  115.764187][ T4728] ext4 filesystem being mounted at /26/bus supports timestamps until 2038-01-19 (0x7fffffff)
[  117.288259][ T4278] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready
[  117.356528][ T4278] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready
[  117.613860][ T4548] 8021q: adding VLAN 0 to HW filter on device batadv0
[  117.888439][ T4757] loop2: detected capacity change from 0 to 2048
[  118.035115][ T4763] loop4: detected capacity change from 0 to 512
[  118.278319][ T4763] EXT4-fs (loop4): encrypted files will use data=ordered instead of data journaling mode
[  118.684446][ T4763] EXT4-fs error (device loop4): ext4_xattr_inode_iget:404: comm syz.4.118: inode #255: comm syz.4.118: iget: illegal inode #
[  118.700218][ T4763] EXT4-fs error (device loop4): ext4_xattr_inode_iget:409: comm syz.4.118: error while reading EA inode 255 err=-117
[  118.713904][ T4763] EXT4-fs (loop4): 1 orphan inode deleted
[  118.719716][ T4763] EXT4-fs (loop4): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none.
[  119.556592][ T4214] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready
[  119.597238][ T4214] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[  119.657677][ T4288] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready
[  119.680461][ T4288] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[  119.728906][ T4548] device veth0_vlan entered promiscuous mode
[  119.746045][ T4288] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[  119.754011][ T4288] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[  119.799645][ T4548] device veth1_vlan entered promiscuous mode
[  119.923706][ T4214] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready
[  119.934205][ T4214] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready
[  119.998915][ T4214] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready
[  120.046185][ T4214] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[  120.097190][ T4548] device veth0_macvtap entered promiscuous mode
[  120.127319][ T4548] device veth1_macvtap entered promiscuous mode
[  120.232270][ T4548] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  120.284904][ T4548] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  120.319706][ T4548] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  120.360672][ T4548] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  120.372467][ T4548] batman_adv: batadv0: Interface activated: batadv_slave_0
[  120.474656][ T4288] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready
[  120.497707][ T4288] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready
[  120.506601][ T4757] EXT4-fs warning (device loop2): ext4_multi_mount_protect:403: Unable to create kmmpd thread for loop2.
[  120.580137][ T4288] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready
[  120.638377][ T4288] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[  120.649450][ T4548] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  120.685333][ T4548] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  120.829908][ T4548] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  120.886618][ T4548] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  120.950743][ T4548] batman_adv: batadv0: Interface activated: batadv_slave_1
[  120.951738][ T4793] loop3: detected capacity change from 0 to 40427
[  120.989083][ T4796] loop2: detected capacity change from 0 to 128
[  121.007106][ T4214] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
[  121.029131][ T4793] F2FS-fs (loop3): Invalid log_blocksize (268), supports only 12
[  121.030283][ T4214] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[  121.037436][ T4793] F2FS-fs (loop3): Can't find valid F2FS filesystem in 1th superblock
[  121.138142][ T4548] netdevsim netdevsim5 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  121.171032][ T4548] netdevsim netdevsim5 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  121.177462][ T4793] F2FS-fs (loop3): Found nat_bits in checkpoint
[  121.213424][ T4548] netdevsim netdevsim5 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  121.233392][ T4793] F2FS-fs (loop3): Try to recover 1th superblock, ret: 0
[  121.236837][ T4548] netdevsim netdevsim5 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  121.240481][ T4793] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e5
[  121.505033][ T4793] attempt to access beyond end of device
[  121.505033][ T4793] loop3: rw=2049, want=81920, limit=40427
[  121.520267][ T4806] 9pnet: Insufficient options for proto=fd
[  121.563999][ T4793] attempt to access beyond end of device
[  121.563999][ T4793] loop3: rw=2049, want=52784, limit=40427
[  121.586547][ T4214] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  121.610204][ T4214] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  121.650192][ T4278] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  121.673255][ T4394] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready
[  121.686425][ T4278] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  121.707423][ T4394] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready
[  122.529776][ T4824] device wireguard0 entered promiscuous mode
[  123.939948][ T4841] serio: Serial port ptm0
[  124.073736][ T4845] loop5: detected capacity change from 0 to 256
[  126.582030][ T4856] loop4: detected capacity change from 0 to 2048
[  126.737453][ T4856] EXT4-fs (loop4): mounted filesystem without journal. Opts: discard,,errors=continue. Quota mode: none.
[  127.032005][ T4856] device dummy0 entered promiscuous mode
[  127.040599][ T4856] batman_adv: batadv0: Adding interface: dummy0
[  127.046974][ T4856] batman_adv: batadv0: The MTU of interface dummy0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  127.072675][ T4856] batman_adv: batadv0: Interface activated: dummy0
[  127.085581][ T4856] batadv0: mtu less than device minimum
[  127.090738][ T4875] 9pnet: Insufficient options for proto=fd
[  127.093585][ T4856] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320)
[  127.109801][ T4856] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320)
[  127.122095][ T4856] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320)
[  127.134549][ T4856] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320)
[  127.146863][ T4856] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320)
[  127.159133][ T4856] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320)
[  127.171534][ T4856] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320)
[  127.184085][ T4856] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320)
[  127.196504][ T4856] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320)
[  127.559904][   T26] audit: type=1326 audit(1742534267.488:2): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4884 comm="syz.4.138" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1135fc0169 code=0x7fc00000
[  127.680513][ T4222] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  128.017915][ T4222] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  128.182431][ T4222] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  128.267709][ T4222] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  128.289926][   T26] audit: type=1326 audit(1742534268.218:3): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4884 comm="syz.4.138" exe="/root/syz-executor" sig=0 arch=c000003e syscall=39 compat=0 ip=0x7f1135fb7127 code=0x7fc00000
[  128.563714][   T26] audit: type=1326 audit(1742534268.238:4): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4884 comm="syz.4.138" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f1135f5c359 code=0x7fc00000
[  128.680406][ T4919] loop3: detected capacity change from 0 to 256
[  129.345767][    T0] NOHZ tick-stop error: Non-RCU local softirq work is pending, handler #08!!!
[  129.354726][    T0] NOHZ tick-stop error: Non-RCU local softirq work is pending, handler #08!!!
[  129.363617][    T0] NOHZ tick-stop error: Non-RCU local softirq work is pending, handler #08!!!
[  129.372564][    T0] NOHZ tick-stop error: Non-RCU local softirq work is pending, handler #08!!!
[  129.382687][    T0] NOHZ tick-stop error: Non-RCU local softirq work is pending, handler #88!!!
[  129.407771][ T4891] chnl_net:caif_netlink_parms(): no params data found
[  129.524552][   T26] audit: type=1326 audit(1742534268.238:5): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4884 comm="syz.4.138" exe="/root/syz-executor" sig=0 arch=c000003e syscall=13 compat=0 ip=0x7f1135f5c41f code=0x7fc00000
[  129.580614][ T4891] bridge0: port 1(bridge_slave_0) entered blocking state
[  129.588636][ T4243] Bluetooth: hci3: command 0x0409 tx timeout
[  129.594775][ T4891] bridge0: port 1(bridge_slave_0) entered disabled state
[  129.603290][ T4891] device bridge_slave_0 entered promiscuous mode
[  129.612039][ T4891] bridge0: port 2(bridge_slave_1) entered blocking state
[  129.693267][ T4891] bridge0: port 2(bridge_slave_1) entered disabled state
[  129.701772][ T4891] device bridge_slave_1 entered promiscuous mode
[  129.750511][   T26] audit: type=1326 audit(1742534268.238:6): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4884 comm="syz.4.138" exe="/root/syz-executor" sig=0 arch=c000003e syscall=231 compat=0 ip=0x7f1135fc0169 code=0x7fc00000
[  129.918248][ T4932] loop2: detected capacity change from 0 to 1024
[  130.321496][ T4932] EXT4-fs (loop2): Ignoring removed mblk_io_submit option
[  132.257068][ T4241] Bluetooth: hci3: command 0x041b tx timeout
[  132.269483][ T4932] [EXT4 FS bs=1024, gc=1, bpg=131072, ipg=32, mo=f000c0ac, mo2=0002]
[  132.277977][ T4932] System zones: 0-1, 3-36
[  132.549462][ T1428] ieee802154 phy0 wpan0: encryption failed: -22
[  132.555802][ T1428] ieee802154 phy1 wpan1: encryption failed: -22
[  132.564361][    T0] NOHZ tick-stop error: Non-RCU local softirq work is pending, handler #0a!!!
[  132.583091][ T4932] EXT4-fs (loop2): mounted filesystem without journal. Opts: discard,bsdgroups,resuid=0x0000000000000000,resgid=0x0000000000000000,minixdf,errors=remount-ro,journal_ioprio=0x0000000000000004,data_err=abort,max_dir_size_kb=0x0000000000001000,mblk_io_submit,debug,journal_dev=0x000000000. Quota mode: writeback.
[  132.612184][    C1] vkms_vblank_simulate: vblank timer overrun
[  132.681772][    T0] NOHZ tick-stop error: Non-RCU local softirq work is pending, handler #40!!!
[  132.695337][    T0] NOHZ tick-stop error: Non-RCU local softirq work is pending, handler #80!!!
[  132.698591][    T0] NOHZ tick-stop error: Non-RCU local softirq work is pending, handler #38a!!!
[  132.713196][    T0] NOHZ tick-stop error: Non-RCU local softirq work is pending, handler #38a!!!
[  132.826672][ T4891] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  132.874383][ T4891] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  132.999153][ T4953] 9pnet: Insufficient options for proto=fd
[  133.077961][ T4891] team0: Port device team_slave_0 added
[  133.114378][ T4891] team0: Port device team_slave_1 added
[  133.309343][ T4891] batman_adv: batadv0: Adding interface: batadv_slave_0
[  133.321152][ T4891] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  133.421358][ T4891] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  133.466373][ T4891] batman_adv: batadv0: Adding interface: batadv_slave_1
[  133.482562][ T4891] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  133.601898][ T4891] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  133.931456][ T4891] device hsr_slave_0 entered promiscuous mode
[  133.979611][ T4891] device hsr_slave_1 entered promiscuous mode
[  134.020929][ T4222] device hsr_slave_0 left promiscuous mode
[  134.021523][ T4222] device hsr_slave_1 left promiscuous mode
[  134.022086][ T4222] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  134.022124][ T4222] batman_adv: batadv0: Removing interface: batadv_slave_0
[  134.022883][ T4222] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  134.022912][ T4222] batman_adv: batadv0: Removing interface: batadv_slave_1
[  134.023510][ T4222] device bridge_slave_1 left promiscuous mode
[  134.023644][ T4222] bridge0: port 2(bridge_slave_1) entered disabled state
[  134.029199][ T4222] device bridge_slave_0 left promiscuous mode
[  134.029329][ T4222] bridge0: port 1(bridge_slave_0) entered disabled state
[  134.063827][ T4222] device veth1_macvtap left promiscuous mode
[  134.063916][ T4222] device veth0_macvtap left promiscuous mode
[  134.064014][ T4222] device veth1_vlan left promiscuous mode
[  134.064087][ T4222] device veth0_vlan left promiscuous mode
[  134.191653][ T4956] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  134.635748][ T4243] Bluetooth: hci3: command 0x040f tx timeout
[  136.033292][ T4222] team0 (unregistering): Port device team_slave_1 removed
[  136.140393][ T4222] team0 (unregistering): Port device team_slave_0 removed
[  136.210029][ T4222] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  136.241289][ T4222] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  136.471652][ T5004] serio: Serial port ptm0
[  136.988668][ T4222] bond0 (unregistering): Released all slaves
[  136.995416][ T4243] Bluetooth: hci3: command 0x0419 tx timeout
[  137.696934][ T5023] 9pnet: Insufficient options for proto=fd
[  139.664138][ T2358] usb 4-1: new high-speed USB device number 2 using dummy_hcd
[  139.798480][ T4891] netdevsim netdevsim6 netdevsim0: renamed from eth0
[  139.894695][ T4891] netdevsim netdevsim6 netdevsim1: renamed from eth1
[  140.437420][ T4891] netdevsim netdevsim6 netdevsim2: renamed from eth2
[  141.045659][ T2358] usb 4-1: Using ep0 maxpacket: 32
[  141.062932][ T5048] netlink: 8 bytes leftover after parsing attributes in process `syz.4.168'.
[  141.122729][ T4891] netdevsim netdevsim6 netdevsim3: renamed from eth3
[  141.185762][ T2358] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  141.363523][ T2358] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  141.374658][ T2358] usb 4-1: New USB device found, idVendor=046d, idProduct=c31c, bcdDevice= 0.40
[  141.384061][ T2358] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  141.416928][ T2358] usb 4-1: config 0 descriptor??
[  141.466837][ T2358] hub 4-1:0.0: USB hub found
[  141.647207][ T4891] 8021q: adding VLAN 0 to HW filter on device bond0
[  141.675569][ T2358] hub 4-1:0.0: 1 port detected
[  141.729761][ T4891] 8021q: adding VLAN 0 to HW filter on device team0
[  141.762688][ T4278] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[  141.777771][ T4278] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[  141.836033][ T4278] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[  141.852896][ T4278] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[  141.885572][ T2358] hub 4-1:0.0: hub_hub_status failed (err = -71)
[  141.895769][ T4278] bridge0: port 1(bridge_slave_0) entered blocking state
[  141.902891][ T4278] bridge0: port 1(bridge_slave_0) entered forwarding state
[  141.912722][ T2358] hub 4-1:0.0: config failed, can't get hub status (err -71)
[  141.949261][ T4278] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[  141.976613][ T4278] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[  142.005770][ T4278] bridge0: port 2(bridge_slave_1) entered blocking state
[  142.012841][ T4278] bridge0: port 2(bridge_slave_1) entered forwarding state
[  142.035531][ T2358] usbhid 4-1:0.0: can't add hid device: -71
[  142.041685][ T2358] usbhid: probe of 4-1:0.0 failed with error -71
[  142.074271][ T4278] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[  142.100987][ T4278] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[  142.110655][ T2358] usb 4-1: USB disconnect, device number 2
[  142.155535][ T4278] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[  142.173939][ T4278] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[  142.200121][ T4278] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[  142.220016][ T4278] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[  142.240275][ T4278] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[  142.260502][ T4278] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[  142.280314][ T4278] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[  142.315246][ T4891] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[  142.344986][ T4891] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[  142.356355][ T4278] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[  142.374255][ T4278] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[  142.430265][ T4278] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[  142.458727][ T5084] process 'syz.3.173' launched './file0' with NULL argv: empty string added
[  142.725512][ T4243] usb 3-1: new high-speed USB device number 3 using dummy_hcd
[  142.763839][ T4394] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready
[  142.779862][ T4394] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready
[  142.814554][ T4891] 8021q: adding VLAN 0 to HW filter on device batadv0
[  142.955486][   T23] usb 4-1: new full-speed USB device number 3 using dummy_hcd
[  143.135697][ T4243] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  143.146955][ T4243] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  143.183818][ T4243] usb 3-1: New USB device found, idVendor=10c4, idProduct=ea90, bcdDevice= 0.00
[  143.239339][ T4243] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  143.284011][ T4243] usb 3-1: config 0 descriptor??
[  143.289342][ T4394] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready
[  143.320141][ T4394] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[  143.331647][   T23] usb 4-1: config 2 has an invalid descriptor of length 0, skipping remainder of the config
[  143.383193][ T4394] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready
[  143.398559][ T4394] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[  143.432584][ T4891] device veth0_vlan entered promiscuous mode
[  143.443769][ T4394] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[  143.463567][ T4394] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[  143.494963][ T4891] device veth1_vlan entered promiscuous mode
[  143.525709][   T23] usb 4-1: New USB device found, idVendor=7a69, idProduct=0001, bcdDevice=a8.6b
[  143.561426][   T23] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  143.593447][   T23] usb 4-1: Product: syz
[  143.596534][  T356] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready
[  143.602992][   T23] usb 4-1: Manufacturer: syz
[  143.621424][  T356] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready
[  143.630701][   T23] usb 4-1: SerialNumber: syz
[  143.648407][  T356] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready
[  143.672113][  T356] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[  143.687223][   T23] usb 4-1: dvb_usb_v2: found a '774 Friio White ISDB-T USB2.0' in warm state
[  143.705764][ T4891] device veth0_macvtap entered promiscuous mode
[  143.718638][ T4891] device veth1_macvtap entered promiscuous mode
[  143.773632][ T4891] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  143.794625][ T4891] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  143.820754][ T4891] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  143.861552][ T4891] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  143.883244][ T4891] batman_adv: batadv0: Interface activated: batadv_slave_0
[  143.902885][  T356] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready
[  143.914736][  T356] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready
[  143.939964][ T4243] cp2112 0003:10C4:EA90.0003: unknown main item tag 0x0
[  143.949051][  T356] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready
[  143.965341][ T4243] cp2112 0003:10C4:EA90.0003: unknown main item tag 0x0
[  143.973145][  T356] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[  143.978095][ T4211] usb 6-1: new high-speed USB device number 2 using dummy_hcd
[  143.990718][ T4243] cp2112 0003:10C4:EA90.0003: unknown main item tag 0x0
[  144.001348][ T4891] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  144.012102][ T4243] cp2112 0003:10C4:EA90.0003: unknown main item tag 0x0
[  144.046727][ T4891] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  144.057445][ T4243] cp2112 0003:10C4:EA90.0003: unknown main item tag 0x0
[  144.064401][ T4243] cp2112 0003:10C4:EA90.0003: unknown main item tag 0x0
[  144.072933][ T4891] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  144.083961][ T4243] cp2112 0003:10C4:EA90.0003: unknown main item tag 0x0
[  144.091160][ T4891] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  144.108110][ T4243] cp2112 0003:10C4:EA90.0003: hidraw0: USB HID v0.00 Device [HID 10c4:ea90] on usb-dummy_hcd.2-1/input0
[  144.120639][ T4891] batman_adv: batadv0: Interface activated: batadv_slave_1
[  144.127874][   T23] usb 4-1: dvb_usb_v2: this USB2.0 device cannot be run on a USB1.1 port (it lacks a hardware PID filter)
[  144.152927][ T5131] 9pnet: Insufficient options for proto=fd
[  144.159063][ T4292] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
[  144.172123][ T4292] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[  144.194670][ T4891] netdevsim netdevsim6 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  144.219072][ T4891] netdevsim netdevsim6 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  144.233537][ T4243] cp2112 0003:10C4:EA90.0003: error requesting version
[  144.240618][ T4891] netdevsim netdevsim6 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  144.256520][ T4243] cp2112: probe of 0003:10C4:EA90.0003 failed with error -71
[  144.264464][ T4891] netdevsim netdevsim6 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  144.291747][ T4243] usb 3-1: USB disconnect, device number 3
[  144.365802][ T4211] usb 6-1: New USB device found, idVendor=28bd, idProduct=0055, bcdDevice= 0.00
[  144.382872][ T4211] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  144.389802][ T4394] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  144.414325][ T4211] usb 6-1: config 0 descriptor??
[  144.424410][ T4394] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  144.450633][ T4269] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready
[  144.482024][ T4269] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  144.507731][ T4269] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  144.522055][ T4394] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready
[  144.860705][ T5149] nf_conntrack: default automatic helper assignment has been turned off for security reasons and CT-based firewall rule not found. Use the iptables CT target to attach helpers instead.
[  145.000168][ T5151] netlink: 12 bytes leftover after parsing attributes in process `syz.6.132'.
[  145.400334][ T4211] uclogic 0003:28BD:0055.0004: No inputs registered, leaving
[  145.758559][ T4241] usb 4-1: USB disconnect, device number 3
[  145.779147][ T4211] uclogic 0003:28BD:0055.0004: hidraw0: USB HID v1.01 Device [HID 28bd:0055] on usb-dummy_hcd.5-1/input0
[  145.794509][ T4211] usb 6-1: USB disconnect, device number 2
[  146.313975][ T5182] netlink: 64 bytes leftover after parsing attributes in process `syz.3.187'.
[  146.494711][ T5186] netlink: 12 bytes leftover after parsing attributes in process `syz.4.184'.
[  147.288461][ T5195] syz.3.191 uses obsolete (PF_INET,SOCK_PACKET)
[  147.384881][ T5204] netlink: 332 bytes leftover after parsing attributes in process `syz.5.192'.
[  147.435876][   T23] usb 7-1: new full-speed USB device number 2 using dummy_hcd
[  147.785453][ T4241] usb 5-1: new high-speed USB device number 5 using dummy_hcd
[  147.795612][   T23] usb 7-1: New USB device found, idVendor=0bed, idProduct=1100, bcdDevice=ec.c3
[  147.807984][   T23] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  147.826892][ T4157] usb 4-1: new high-speed USB device number 4 using dummy_hcd
[  147.849504][   T23] usb 7-1: config 0 descriptor??
[  147.887388][   T23] cp210x 7-1:0.0: cp210x converter detected
[  148.065370][ T4157] usb 4-1: Using ep0 maxpacket: 8
[  148.227438][ T4241] usb 5-1: config 220 has an invalid descriptor of length 0, skipping remainder of the config
[  148.237839][ T2358] usb 6-1: new high-speed USB device number 3 using dummy_hcd
[  148.260867][ T4241] usb 5-1: config 220 has 1 interface, different from the descriptor's value: 3
[  148.277537][ T4241] usb 5-1: config 220 interface 0 has no altsetting 0
[  148.315459][   T23] cp210x 7-1:0.0: failed to get vendor val 0x0010 size 3: -32
[  148.350581][ T4157] usb 4-1: New USB device found, idVendor=10c4, idProduct=8244, bcdDevice=dc.00
[  148.360112][   T23] cp210x 7-1:0.0: GPIO initialisation failed: -524
[  148.372019][ T4157] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  148.388820][   T23] usb 7-1: cp210x converter now attached to ttyUSB0
[  148.400684][ T4157] usb 4-1: Product: syz
[  148.404878][ T4157] usb 4-1: Manufacturer: syz
[  148.429443][ T4157] usb 4-1: SerialNumber: syz
[  148.465665][ T4241] usb 5-1: New USB device found, idVendor=8086, idProduct=0b07, bcdDevice=6c.b9
[  148.470417][ T4157] usb 4-1: config 0 descriptor??
[  148.495130][ T4241] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  148.509693][ T4241] usb 5-1: Product: syz
[  148.515701][ T4241] usb 5-1: Manufacturer: syz
[  148.520307][ T4241] usb 5-1: SerialNumber: syz
[  148.539354][ T4157] radio-usb-si4713 4-1:0.0: Si4713 development board discovered: (10C4:8244)
[  148.572792][   T23] usb 7-1: USB disconnect, device number 2
[  148.598458][   T23] cp210x ttyUSB0: cp210x converter now disconnected from ttyUSB0
[  148.619399][   T23] cp210x 7-1:0.0: device disconnected
[  148.665237][ T2358] usb 6-1: config 1 has 1 interface, different from the descriptor's value: 2
[  148.676709][ T2358] usb 6-1: config 1 has no interface number 0
[  148.682809][ T2358] usb 6-1: config 1 interface 1 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  148.704248][ T2358] usb 6-1: Duplicate descriptor for config 1 interface 1 altsetting 0, skipping
[  148.713914][ T2358] usb 6-1: config 1 interface 1 altsetting 1 bulk endpoint 0x3 has invalid maxpacket 123
[  148.788152][ T5202] device syzkaller1 entered promiscuous mode
[  148.895726][ T2358] usb 6-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[  148.922512][ T2358] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  148.931064][ T2358] usb 6-1: Product: syz
[  148.939054][ T2358] usb 6-1: Manufacturer: syz
[  148.943868][ T2358] usb 6-1: SerialNumber: syz
[  149.044267][ T5262] netlink: 12 bytes leftover after parsing attributes in process `syz.2.200'.
[  149.705817][ T5229] raw-gadget.3 gadget: fail, usb_ep_enable returned -22
[  149.836519][ T4241] usb 5-1: Found UVC 0.00 device syz (8086:0b07)
[  149.842899][ T4241] usb 5-1: No valid video chain found.
[  149.856966][ T4241] usb 5-1: USB disconnect, device number 5
[  150.255596][ T4157] radio-usb-si4713: probe of 4-1:0.0 failed with error -71
[  150.270030][ T4157] usbhid 4-1:0.0: couldn't find an input interrupt endpoint
[  150.278154][ T5229] raw-gadget.3 gadget: fail, usb_ep_enable returned -22
[  150.307774][ T2358] cdc_ncm 6-1:1.1: bind() failure
[  150.322909][ T4157] usb 4-1: USB disconnect, device number 4
[  150.508532][ T4211] usb 6-1: USB disconnect, device number 3
[  150.835471][ T5263] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  151.005269][ T5299] netlink: 'syz.3.208': attribute type 10 has an invalid length.
[  151.083592][ T5299] team0: Device ipvlan1 failed to register rx_handler
[  153.943122][ T5341] netlink: 12 bytes leftover after parsing attributes in process `syz.3.214'.
[  155.112469][ T5358] loop4: detected capacity change from 0 to 512
[  155.363097][ T5358] EXT4-fs (loop4): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback.
[  155.385584][ T5358] ext4 filesystem being mounted at /51/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  157.360648][ T2358] usb 4-1: new high-speed USB device number 5 using dummy_hcd
[  157.558651][ T4209] usb 5-1: new high-speed USB device number 6 using dummy_hcd
[  157.805403][ T4209] usb 5-1: Using ep0 maxpacket: 8
[  157.925603][ T4209] usb 5-1: config 1 contains an unexpected descriptor of type 0x1, skipping
[  157.940970][ T4209] usb 5-1: config 1 has an invalid descriptor of length 1, skipping remainder of the config
[  157.977082][ T4209] usb 5-1: config 1 has 1 interface, different from the descriptor's value: 3
[  157.995618][ T2358] usb 4-1: New USB device found, idVendor=1a86, idProduct=7522, bcdDevice=35.36
[  158.035612][ T2358] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  158.060718][ T2358] usb 4-1: Product: syz
[  158.068925][ T2358] usb 4-1: Manufacturer: syz
[  158.073541][ T2358] usb 4-1: SerialNumber: syz
[  158.100818][ T2358] usb 4-1: config 0 descriptor??
[  158.155625][ T4209] usb 5-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[  158.157645][ T2358] ch341 4-1:0.0: ch341-uart converter detected
[  158.179282][ T4209] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  158.200989][ T4209] usb 5-1: Product: syz
[  158.239410][ T4209] usb 5-1: Manufacturer: syz
[  158.260324][ T4209] usb 5-1: SerialNumber: syz
[  158.365426][ T4241] usb 7-1: new high-speed USB device number 3 using dummy_hcd
[  158.645538][ T4241] usb 7-1: Using ep0 maxpacket: 16
[  158.678512][   T26] audit: type=1326 audit(1742534298.608:7): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5426 comm="syz.2.241" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fd07792f169 code=0x0
[  159.005834][ T4241] usb 7-1: New USB device found, idVendor=2137, idProduct=0001, bcdDevice=2a.35
[  159.019765][ T4241] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  159.038697][ T4241] usb 7-1: Product: syz
[  159.042880][ T4241] usb 7-1: Manufacturer: syz
[  159.045567][ T4209] usb 5-1: 0:2 : does not exist
[  159.058813][ T4241] usb 7-1: SerialNumber: syz
[  159.073926][ T4241] usb 7-1: config 0 descriptor??
[  159.140842][ T4209] usb 5-1: USB disconnect, device number 6
[  159.168524][ T4241] as10x_usb: device has been detected
[  159.187898][ T4241] dvbdev: DVB: registering new adapter (Sky IT Digital Key (green led))
[  159.225970][ T4241] usb 7-1: DVB: registering adapter 1 frontend 0 (Sky IT Digital Key (green led))...
[  159.237425][ T2358] usb 4-1: ch341-uart converter now attached to ttyUSB0
[  159.350825][ T4241] as10x_usb: error during firmware upload part1
[  159.367873][ T4241] Registered device Sky IT Digital Key (green led)
[  159.386046][ T5268] udevd[5268]: error opening ATTR{/sys/devices/platform/dummy_hcd.4/usb5/5-1/5-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  159.440575][ T4241] usb 4-1: USB disconnect, device number 5
[  159.460018][ T4241] ch341-uart ttyUSB0: ch341-uart converter now disconnected from ttyUSB0
[  159.479660][ T4241] ch341 4-1:0.0: device disconnected
[  160.196720][ T4209] usb 7-1: USB disconnect, device number 3
[  160.302200][ T4209] Unregistered device Sky IT Digital Key (green led)
[  160.307458][ T4209] as10x_usb: device has been disconnected
[  161.584642][   T26] audit: type=1326 audit(1742534301.498:8): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5490 comm="syz.2.257" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fd07792f169 code=0x0
[  161.615355][ T4241] usb 5-1: new full-speed USB device number 7 using dummy_hcd
[  161.753218][ T5503] loop3: detected capacity change from 0 to 512
[  161.919329][ T5503] EXT4-fs (loop3): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback.
[  161.939956][ T5503] ext4 filesystem being mounted at /64/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  162.045574][ T4241] usb 5-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  162.084946][ T4241] usb 5-1: config 1 has 1 interface, different from the descriptor's value: 3
[  162.351518][ T4241] usb 5-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[  162.384396][ T4241] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  162.413525][ T4241] usb 5-1: Product: syz
[  162.432137][ T4241] usb 5-1: Manufacturer: syz
[  162.449755][ T4241] usb 5-1: SerialNumber: syz
[  162.507125][ T4241] usb 5-1: can't set config #1, error -71
[  162.520985][ T4241] usb 5-1: USB disconnect, device number 7
[  164.100232][ T4243] usb 6-1: new high-speed USB device number 4 using dummy_hcd
[  164.168313][ T5547] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  165.265695][ T4243] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  165.309699][ T4243] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  165.350085][ T4243] usb 6-1: New USB device found, idVendor=054c, idProduct=0df2, bcdDevice=d6.af
[  165.375441][ T2358] usb 3-1: new high-speed USB device number 4 using dummy_hcd
[  165.426188][ T4243] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  165.448592][ T4243] usb 6-1: config 0 descriptor??
[  165.715411][ T4243] usbhid 6-1:0.0: can't add hid device: -71
[  165.721475][ T4243] usbhid: probe of 6-1:0.0 failed with error -71
[  165.735847][ T4243] usb 6-1: USB disconnect, device number 4
[  165.777871][ T2358] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  165.810780][ T2358] usb 3-1: New USB device found, idVendor=0cf3, idProduct=9374, bcdDevice=bc.3b
[  165.833815][ T2358] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  165.894646][ T2358] usb 3-1: config 0 descriptor??
[  166.365387][ T4210] usb 7-1: new full-speed USB device number 4 using dummy_hcd
[  166.845639][ T4210] usb 7-1: config index 0 descriptor too short (expected 31, got 27)
[  166.863004][ T4210] usb 7-1: config 1 interface 0 altsetting 253 endpoint 0x1 has invalid wMaxPacketSize 0
[  166.892977][ T4210] usb 7-1: config 1 interface 0 has no altsetting 0
[  166.904351][   T23] usb 4-1: new full-speed USB device number 6 using dummy_hcd
[  167.076195][ T4210] usb 7-1: New USB device found, idVendor=0525, idProduct=a4a8, bcdDevice= b.72
[  167.105026][ T4210] usb 7-1: New USB device strings: Mfr=28, Product=37, SerialNumber=3
[  167.152214][ T4210] usb 7-1: Product: syz
[  167.185701][ T4210] usb 7-1: Manufacturer: syz
[  167.216172][ T4210] usb 7-1: SerialNumber: syz
[  167.285603][   T23] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 1023, setting to 64
[  167.335549][   T23] usb 4-1: New USB device found, idVendor=04f3, idProduct=0755, bcdDevice= 0.00
[  167.377668][   T23] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  167.457264][   T23] usb 4-1: config 0 descriptor??
[  167.475657][ T5593] raw-gadget.1 gadget: fail, usb_ep_enable returned -22
[  167.516254][ T5609] netlink: 4 bytes leftover after parsing attributes in process `syz.2.290'.
[  167.564530][ T5609] device bridge_slave_1 left promiscuous mode
[  167.624925][ T5609] bridge0: port 2(bridge_slave_1) entered disabled state
[  167.705403][ T2358] ath6kl: Failed to read usb control message: -71
[  167.711879][ T2358] ath6kl: Unable to read the bmi data from the device: -71
[  167.719197][ T2358] ath6kl: Unable to recv target info: -71
[  167.832380][ T5620] netlink: 'syz.4.292': attribute type 4 has an invalid length.
[  167.946409][   T23] elan 0003:04F3:0755.0005: hidraw0: USB HID v1.01 Device [HID 04f3:0755] on usb-dummy_hcd.3-1/input0
[  167.961468][ T4210] usblp 7-1:1.0: usblp0: USB Unidirectional printer dev 4 if 0 alt 253 proto 1 vid 0x0525 pid 0xA4A8
[  167.963818][ T2358] ath6kl: Failed to init ath6kl core: -71
[  168.136646][ T2358] ath6kl_usb: probe of 3-1:0.0 failed with error -71
[  168.147716][ T2358] usb 3-1: USB disconnect, device number 4
[  168.180091][ T4210] usb 7-1: USB disconnect, device number 4
[  168.210231][ T4210] usblp0: removed
[  168.625482][ T4157] usb 6-1: new high-speed USB device number 5 using dummy_hcd
[  168.696919][   T23] usb 3-1: new high-speed USB device number 5 using dummy_hcd
[  168.865567][ T4157] usb 6-1: Using ep0 maxpacket: 16
[  168.965657][   T23] usb 3-1: Using ep0 maxpacket: 16
[  169.125836][   T23] usb 3-1: unable to get BOS descriptor or descriptor too short
[  169.145858][ T4157] usb 6-1: New USB device found, idVendor=09c0, idProduct=0201, bcdDevice= a.a4
[  169.154916][ T4157] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  169.184495][ T4157] usb 6-1: Product: syz
[  169.191682][ T4157] usb 6-1: Manufacturer: syz
[  169.196924][ T4157] usb 6-1: SerialNumber: syz
[  169.213983][ T4157] usb 6-1: config 0 descriptor??
[  169.219272][   T23] usb 3-1: config 4 has an invalid interface number: 111 but max is 0
[  169.234403][   T23] usb 3-1: config 4 has no interface number 0
[  169.242085][   T23] usb 3-1: config 4 interface 111 has no altsetting 0
[  169.377608][ T4157] dvb-usb: found a 'Genpix 8PSK-to-USB2 Rev.1 DVB-S receiver' in warm state.
[  170.419647][   T23] usb 3-1: New USB device found, idVendor=0ccd, idProduct=0039, bcdDevice=44.99
[  170.550951][ T5640] udc-core: couldn't find an available UDC or it's busy
[  170.622200][   T23] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  170.632843][ T5640] misc raw-gadget: fail, usb_gadget_probe_driver returned -16
[  170.636948][ T4210] usb 4-1: USB disconnect, device number 6
[  170.665469][ T4157] gp8psk: usb in 128 operation failed.
[  170.702867][   T23] usb 3-1: Product: syz
[  170.707592][ T4157] gp8psk: usb in 137 operation failed.
[  170.713188][ T4157] dvb-usb: will pass the complete MPEG2 transport stream to the software demuxer.
[  170.728094][   T23] usb 3-1: Manufacturer: syz
[  170.748610][   T23] usb 3-1: SerialNumber: syz
[  170.765950][ T4157] dvbdev: DVB: registering new adapter (Genpix 8PSK-to-USB2 Rev.1 DVB-S receiver)
[  170.804458][ T4157] usb 6-1: media controller created
[  170.840714][ T4157] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered.
[  170.923877][ T4157] gp8psk_fe: Frontend revision 1 attached
[  170.952495][ T4157] usb 6-1: DVB: registering adapter 1 frontend 0 (Genpix DVB-S)...
[  171.003322][ T4157] dvbdev: dvb_create_media_entity: media entity 'Genpix DVB-S' registered.
[  171.117826][   T23] pvrusb2: Hardware description: Terratec Grabster AV400
[  171.132913][   T23] pvrusb2: **********
[  171.167220][   T23] pvrusb2: ***WARNING*** Support for this device (Terratec Grabster AV400) is experimental.
[  171.193128][   T23] pvrusb2: Important functionality might not be entirely working.
[  171.210221][   T23] pvrusb2: Please consider contacting the driver author to help with further stabilization of the driver.
[  171.225597][ T4157] gp8psk: usb in 138 operation failed.
[  171.231171][ T4157] dvb-usb: Genpix 8PSK-to-USB2 Rev.1 DVB-S receiver successfully initialized and connected.
[  171.251508][   T23] pvrusb2: **********
[  171.265496][ T4157] gp8psk: found Genpix USB device pID = 201 (hex)
[  171.272737][   T23] usb 3-1: selecting invalid altsetting 0
[  171.288926][ T2420] pvrusb2: Invalid write control endpoint
[  171.307052][ T4157] usb 6-1: USB disconnect, device number 5
[  171.330843][   T23] usb 3-1: USB disconnect, device number 5
[  171.477829][ T2420] pvrusb2: Invalid write control endpoint
[  171.483776][ T2420] pvrusb2: ***WARNING*** Detected a wedged cx25840 chip; the device will not work.
[  171.519577][ T4157] dvb-usb: Genpix 8PSK-to-USB2 Rev.1 DVB-S receive successfully deinitialized and disconnected.
[  171.554693][ T2420] pvrusb2: ***WARNING*** Try power cycling the pvrusb2 device.
[  171.600402][ T2420] pvrusb2: ***WARNING*** Disabling further access to the device to prevent other foul-ups.
[  171.651057][ T2420] pvrusb2: Device being rendered inoperable
[  171.687075][ T2420] cx25840 1-0044: Unable to detect h/w, assuming cx23887
[  171.705178][ T2420] cx25840 1-0044: cx23887 A/V decoder found @ 0x88 (pvrusb2_a)
[  171.723558][ T2420] pvrusb2: Attached sub-driver cx25840
[  171.729391][ T2420] pvrusb2: ***WARNING*** pvrusb2 device hardware appears to be jammed and I can't clear it.
[  171.755348][ T2420] pvrusb2: You might need to power cycle the pvrusb2 device in order to recover.
[  171.801504][ T5730] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  172.465433][ T5754] netlink: 'syz.4.315': attribute type 1 has an invalid length.
[  172.530474][ T5760] bond1: (slave ip6gretap1): Enslaving as a backup interface with an up link
[  172.555522][ T1111] usb 6-1: new full-speed USB device number 6 using dummy_hcd
[  172.965597][ T1111] usb 6-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  172.992575][ T1111] usb 6-1: config 1 has 1 interface, different from the descriptor's value: 3
[  173.205726][ T1111] usb 6-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[  173.214927][ T1111] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  173.248798][ T1111] usb 6-1: Product: syz
[  173.297552][ T1111] usb 6-1: Manufacturer: syz
[  173.302192][ T1111] usb 6-1: SerialNumber: syz
[  174.465209][ T1111] usb 6-1: 0:2 : does not exist
[  174.509983][ T1111] usb 6-1: USB disconnect, device number 6
[  174.602838][ T5791] loop2: detected capacity change from 0 to 512
[  174.614659][   T26] audit: type=1326 audit(1742534314.528:9): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5792 comm="syz.3.322" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f638a34f169 code=0x7ffc0000
[  174.705402][   T26] audit: type=1326 audit(1742534314.528:10): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5792 comm="syz.3.322" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f638a34f169 code=0x7ffc0000
[  174.798699][ T5791] Quota error (device loop2): dq_insert_tree: Quota tree root isn't allocated!
[  174.808513][ T5791] Quota error (device loop2): qtree_write_dquot: Error -5 occurred while creating quota
[  174.818432][ T5791] EXT4-fs error (device loop2): ext4_acquire_dquot:6197: comm syz.2.321: Failed to acquire dquot type 0
[  174.836595][ T5791] EXT4-fs error (device loop2): ext4_validate_block_bitmap:438: comm syz.2.321: bg 0: block 64: padding at end of block bitmap is not set
[  174.853773][ T5791] EXT4-fs error (device loop2) in ext4_mb_clear_bb:6183: Corrupt filesystem
[  174.865426][ T5791] EXT4-fs (loop2): 1 truncate cleaned up
[  174.866969][ T4696] udevd[4696]: error opening ATTR{/sys/devices/platform/dummy_hcd.5/usb6/6-1/6-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  174.871467][ T5791] EXT4-fs (loop2): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback.
[  174.898296][ T5791] ext4 filesystem being mounted at /60/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  174.911015][   T26] audit: type=1326 audit(1742534314.568:11): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5792 comm="syz.3.322" exe="/root/syz-executor" sig=0 arch=c000003e syscall=141 compat=0 ip=0x7f638a34f169 code=0x7ffc0000
[  174.934290][ T5791] Quota error (device loop2): dq_insert_tree: Quota tree root isn't allocated!
[  174.943621][ T5791] Quota error (device loop2): qtree_write_dquot: Error -5 occurred while creating quota
[  174.953592][ T5791] EXT4-fs error (device loop2): ext4_acquire_dquot:6197: comm syz.2.321: Failed to acquire dquot type 0
[  174.969935][   T26] audit: type=1326 audit(1742534314.568:12): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5792 comm="syz.3.322" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f638a34f169 code=0x7ffc0000
[  175.100579][   T26] audit: type=1326 audit(1742534314.568:13): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5792 comm="syz.3.322" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f638a34f169 code=0x7ffc0000
[  175.615498][ T2358] usb 6-1: new high-speed USB device number 7 using dummy_hcd
[  175.645776][ T4157] usb 7-1: new high-speed USB device number 5 using dummy_hcd
[  176.006832][ T4157] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  176.122852][ T4157] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  176.322237][ T4157] usb 7-1: New USB device found, idVendor=04f3, idProduct=0755, bcdDevice= 0.00
[  176.351296][ T4157] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  176.389729][ T4157] usb 7-1: config 0 descriptor??
[  176.468299][ T5846] serio: Serial port ptm0
[  176.529184][ T2358] usb 6-1: Using ep0 maxpacket: 16
[  176.715942][ T2358] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x84 has invalid wMaxPacketSize 0
[  176.917305][ T2358] usb 6-1: New USB device found, idVendor=2040, idProduct=0264, bcdDevice=4e.d1
[  176.939559][ T2358] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  176.974812][ T2358] usb 6-1: Product: syz
[  176.991578][ T5869] loop4: detected capacity change from 0 to 2048
[  177.007116][ T2358] usb 6-1: Manufacturer: syz
[  177.009065][ T5873] loop3: detected capacity change from 0 to 512
[  177.030976][ T2358] usb 6-1: SerialNumber: syz
[  177.056609][ T4157] usbhid 7-1:0.0: can't add hid device: -71
[  177.063964][ T4157] usbhid: probe of 7-1:0.0 failed with error -71
[  177.091054][ T4157] usb 7-1: USB disconnect, device number 5
[  177.091193][ T2358] usb 6-1: config 0 descriptor??
[  177.143391][ T5873] Quota error (device loop3): dq_insert_tree: Quota tree root isn't allocated!
[  177.152922][ T5873] EXT4-fs error (device loop3): ext4_acquire_dquot:6197: comm syz.3.338: Failed to acquire dquot type 0
[  177.170599][ T5869] EXT4-fs (loop4): mounted filesystem without journal. Opts: discard,,errors=continue. Quota mode: none.
[  177.183267][ T5873] EXT4-fs error (device loop3): ext4_validate_block_bitmap:438: comm syz.3.338: bg 0: block 64: padding at end of block bitmap is not set
[  177.197887][ T5873] EXT4-fs error (device loop3) in ext4_mb_clear_bb:6183: Corrupt filesystem
[  177.209300][ T2358] em28xx 6-1:0.0: New device syz syz @ 480 Mbps (2040:0264, interface 0, class 0)
[  177.226555][ T5873] EXT4-fs (loop3): 1 truncate cleaned up
[  177.232373][ T5873] EXT4-fs (loop3): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback.
[  177.243731][ T5873] ext4 filesystem being mounted at /76/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  177.265162][ T2358] em28xx 6-1:0.0: DVB interface 0 found: bulk
[  177.401212][ T5864] EXT4-fs error (device loop3): ext4_acquire_dquot:6197: comm syz.3.338: Failed to acquire dquot type 0
[  178.083693][ T1111] usb 3-1: new high-speed USB device number 6 using dummy_hcd
[  179.085476][ T2358] em28xx 6-1:0.0: unknown em28xx chip ID (0)
[  179.091624][ T1111] usb 3-1: Using ep0 maxpacket: 32
[  179.231168][ T5905] serio: Serial port ptm0
[  179.250815][ T1111] usb 3-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  179.271073][ T1111] usb 3-1: config 1 interface 1 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 0
[  179.485141][ T1111] usb 3-1: config 1 interface 2 altsetting 1 endpoint 0x82 has an invalid bInterval 0, changing to 7
[  179.695651][ T1111] usb 3-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[  179.717900][ T1111] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  179.746290][ T1111] usb 3-1: Product: syz
[  179.759223][ T1111] usb 3-1: Manufacturer: syz
[  179.771211][ T1111] usb 3-1: SerialNumber: syz
[  179.776164][ T2358] em28xx 6-1:0.0: failed to get i2c transfer status from bridge register (error=-5)
[  179.811011][ T2358] em28xx 6-1:0.0: board has no eeprom
[  179.898591][ T5937] loop4: detected capacity change from 0 to 512
[  180.020168][ T2358] em28xx 6-1:0.0: Identified as PCTV tripleStick (292e) (card=94)
[  180.035427][ T2358] em28xx 6-1:0.0: dvb set to bulk mode.
[  180.042512][ T4243] em28xx 6-1:0.0: Binding DVB extension
[  180.165162][ T2358] usb 6-1: USB disconnect, device number 7
[  180.310850][ T2358] em28xx 6-1:0.0: Disconnecting em28xx
[  180.348125][ T4243] em28xx 6-1:0.0: Registering input extension
[  180.354839][ T2358] em28xx 6-1:0.0: Closing input extension
[  180.576836][ T1111] usb 3-1: 2:1 : no or invalid class specific endpoint descriptor
[  180.598917][ T5937] __quota_error: 3 callbacks suppressed
[  180.598927][ T5937] Quota error (device loop4): dq_insert_tree: Quota tree root isn't allocated!
[  180.614094][ T5937] Quota error (device loop4): qtree_write_dquot: Error -5 occurred while creating quota
[  180.623856][ T5937] EXT4-fs error (device loop4): ext4_acquire_dquot:6197: comm syz.4.352: Failed to acquire dquot type 0
[  180.637705][ T5937] EXT4-fs error (device loop4): ext4_validate_block_bitmap:438: comm syz.4.352: bg 0: block 64: padding at end of block bitmap is not set
[  180.652325][ T5937] EXT4-fs error (device loop4) in ext4_mb_clear_bb:6183: Corrupt filesystem
[  180.663012][ T5937] EXT4-fs (loop4): 1 truncate cleaned up
[  180.668783][ T5937] EXT4-fs (loop4): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback.
[  180.679838][ T5937] ext4 filesystem being mounted at /75/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  180.694106][ T5937] Quota error (device loop4): dq_insert_tree: Quota tree root isn't allocated!
[  180.703112][ T5937] Quota error (device loop4): qtree_write_dquot: Error -5 occurred while creating quota
[  180.713308][ T5937] EXT4-fs error (device loop4): ext4_acquire_dquot:6197: comm syz.4.352: Failed to acquire dquot type 0
[  180.724639][ T4209] Bluetooth: hci1: command 0x0406 tx timeout
[  180.734496][ T4209] Bluetooth: hci2: command 0x0406 tx timeout
[  180.740992][ T4209] Bluetooth: hci4: command 0x0406 tx timeout
[  180.887279][ T2358] em28xx 6-1:0.0: Freeing device
[  180.944821][ T1111] usb 3-1: USB disconnect, device number 6
[  181.142896][ T5965] serio: Serial port ptm0
[  181.345569][ T2358] usb 6-1: new high-speed USB device number 8 using dummy_hcd
[  181.366267][ T5268] udevd[5268]: error opening ATTR{/sys/devices/platform/dummy_hcd.2/usb3/3-1/3-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  181.725231][ T2358] usb 6-1: Using ep0 maxpacket: 8
[  182.230256][ T5996] loop3: detected capacity change from 0 to 512
[  182.314889][ T5996] Quota error (device loop3): dq_insert_tree: Quota tree root isn't allocated!
[  182.324492][ T5996] Quota error (device loop3): qtree_write_dquot: Error -5 occurred while creating quota
[  182.334386][ T5996] EXT4-fs error (device loop3): ext4_acquire_dquot:6197: comm syz.3.364: Failed to acquire dquot type 0
[  182.359049][ T5996] EXT4-fs error (device loop3): ext4_validate_block_bitmap:438: comm syz.3.364: bg 0: block 64: padding at end of block bitmap is not set
[  182.375217][ T5996] EXT4-fs error (device loop3) in ext4_mb_clear_bb:6183: Corrupt filesystem
[  182.386802][ T5996] EXT4-fs (loop3): 1 truncate cleaned up
[  182.392455][ T5996] EXT4-fs (loop3): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback.
[  182.403600][ T5996] ext4 filesystem being mounted at /86/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  182.417696][ T5996] Quota error (device loop3): dq_insert_tree: Quota tree root isn't allocated!
[  182.426699][ T5996] Quota error (device loop3): qtree_write_dquot: Error -5 occurred while creating quota
[  182.436509][ T5996] EXT4-fs error (device loop3): ext4_acquire_dquot:6197: comm syz.3.364: Failed to acquire dquot type 0
[  182.473535][ T2358] usb 6-1: New USB device found, idVendor=0ccd, idProduct=10a3, bcdDevice=23.a2
[  182.499098][ T2358] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  182.515998][ T2358] usb 6-1: Product: syz
[  182.520385][ T2358] usb 6-1: Manufacturer: syz
[  182.524973][ T2358] usb 6-1: SerialNumber: syz
[  182.570794][ T2358] usb 6-1: config 0 descriptor??
[  182.867254][ T2358] usb 6-1: dvb_usb_v2: found a 'Terratec H7' in warm state
[  183.652484][ T6028] serio: Serial port ptm0
[  183.701862][   T26] audit: type=1326 audit(1742534323.628:14): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6018 comm="syz.3.367" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f638a34f169 code=0x0
[  183.895712][   T13] usb 5-1: new high-speed USB device number 8 using dummy_hcd
[  184.175407][   T13] usb 5-1: Using ep0 maxpacket: 16
[  184.295481][ T1111] usb 4-1: new high-speed USB device number 7 using dummy_hcd
[  184.478422][   T13] usb 5-1: New USB device found, idVendor=17ef, idProduct=721e, bcdDevice=de.06
[  184.487789][   T13] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  184.496531][   T13] usb 5-1: Product: syz
[  184.500935][   T13] usb 5-1: Manufacturer: syz
[  184.506849][   T13] usb 5-1: SerialNumber: syz
[  184.529951][   T13] r8152-cfgselector 5-1: config 0 descriptor??
[  184.865819][ T1111] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  185.242877][ T1111] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  185.258423][ T1111] usb 4-1: New USB device found, idVendor=1e7d, idProduct=2cf6, bcdDevice= 0.00
[  185.276120][ T1111] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  185.286709][ T2358] usb write operation failed. (-71)
[  185.305835][ T2358] usb 6-1: dvb_usb_v2: will pass the complete MPEG2 transport stream to the software demuxer
[  185.326585][ T1111] usb 4-1: config 0 descriptor??
[  185.334421][ T2358] dvbdev: DVB: registering new adapter (Terratec H7)
[  185.355379][ T2358] usb 6-1: media controller created
[  185.375488][ T2358] usb read operation failed. (-71)
[  185.395423][ T2358] usb write operation failed. (-71)
[  185.413746][ T2358] dvb_usb_az6007: probe of 6-1:0.0 failed with error -5
[  185.484813][ T2358] usb 6-1: USB disconnect, device number 8
[  185.614425][ T6058] PF_CAN: dropped non conform CAN FD skbuff: dev type 65534, len 4080
[  185.789813][ T1111] pyra 0003:1E7D:2CF6.0006: hidraw0: USB HID v0.00 Device [HID 1e7d:2cf6] on usb-dummy_hcd.3-1/input0
[  186.445759][ T1111] pyra 0003:1E7D:2CF6.0006: couldn't init struct pyra_device
[  186.456861][ T1111] pyra 0003:1E7D:2CF6.0006: couldn't install mouse
[  186.464655][ T1111] pyra: probe of 0003:1E7D:2CF6.0006 failed with error -71
[  186.466698][ T1111] usb 4-1: USB disconnect, device number 7
[  186.475586][   T13] r8152-cfgselector 5-1: Unknown version 0x0000
[  186.475718][   T13] r8152-cfgselector 5-1: bad CDC descriptors
[  186.505485][   T13] r8152-cfgselector 5-1: Unknown version 0x0000
[  186.507011][   T13] r8152-cfgselector 5-1: USB disconnect, device number 8
[  186.721150][ T6077] serio: Serial port ptm0
[  186.915651][ T4211] usb 7-1: new high-speed USB device number 6 using dummy_hcd
[  187.020066][ T4209] usb 6-1: new high-speed USB device number 9 using dummy_hcd
[  187.575375][ T4211] usb 7-1: Using ep0 maxpacket: 8
[  187.650632][ T4209] usb 6-1: Using ep0 maxpacket: 8
[  187.695551][ T4211] usb 7-1: config index 0 descriptor too short (expected 5924, got 36)
[  187.709882][ T4211] usb 7-1: config 250 has an invalid interface number: 228 but max is -1
[  187.719174][ T4211] usb 7-1: config 250 has 1 interface, different from the descriptor's value: 0
[  187.734017][ T4211] usb 7-1: config 250 has no interface number 0
[  187.742992][ T4211] usb 7-1: config 250 interface 228 altsetting 255 endpoint 0x1 has invalid maxpacket 65280, setting to 1024
[  187.760595][ T4211] usb 7-1: config 250 interface 228 altsetting 255 bulk endpoint 0x1 has invalid maxpacket 1024
[  187.771496][ T4211] usb 7-1: config 250 interface 228 altsetting 255 endpoint 0x82 has invalid wMaxPacketSize 0
[  187.790990][ T4211] usb 7-1: config 250 interface 228 altsetting 255 bulk endpoint 0x82 has invalid maxpacket 0
[  187.801935][ T4211] usb 7-1: config 250 interface 228 altsetting 255 has 2 endpoint descriptors, different from the interface descriptor's value: 17
[  187.815913][ T4211] usb 7-1: config 250 interface 228 has no altsetting 0
[  188.088455][ T4211] usb 7-1: New USB device found, idVendor=0525, idProduct=d292, bcdDevice= 0.07
[  188.097955][ T4209] usb 6-1: New USB device found, idVendor=2770, idProduct=9120, bcdDevice=6c.77
[  188.111758][ T4209] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  188.120063][ T4211] usb 7-1: New USB device strings: Mfr=0, Product=106, SerialNumber=59
[  188.133893][ T4209] usb 6-1: Product: syz
[  188.138295][ T4211] usb 7-1: Product: syz
[  188.142460][ T4211] usb 7-1: SerialNumber: syz
[  188.152566][ T4209] usb 6-1: Manufacturer: syz
[  188.160713][ T4209] usb 6-1: SerialNumber: syz
[  188.195910][ T4209] usb 6-1: config 0 descriptor??
[  188.216592][ T4211] hub 7-1:250.228: bad descriptor, ignoring hub
[  188.222863][ T4211] hub: probe of 7-1:250.228 failed with error -5
[  188.250676][ T4209] gspca_main: sq905-2.14.0 probing 2770:9120
[  188.440655][ T4211] usblp 7-1:250.228: usblp0: USB Bidirectional printer dev 6 if 228 alt 255 proto 3 vid 0x0525 pid 0xD292
[  188.803216][ T6123] serio: Serial port ptm0
[  188.975663][ T4209] gspca_sq905: sq905_command: usb_control_msg failed (-71)
[  189.052048][ T4209] sq905: probe of 6-1:0.0 failed with error -71
[  189.159086][ T4209] usb 6-1: USB disconnect, device number 9
[  189.789778][ T6132] loop6: detected capacity change from 0 to 524287999
[  190.304951][   T26] audit: type=1326 audit(1742534330.228:15): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6154 comm="syz.5.409" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2fb0f86169 code=0x7ffc0000
[  190.368700][   T26] audit: type=1326 audit(1742534330.258:16): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6154 comm="syz.5.409" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2fb0f86169 code=0x7ffc0000
[  190.392615][ T6157] netlink: 'syz.3.410': attribute type 16 has an invalid length.
[  190.496920][   T26] audit: type=1326 audit(1742534330.278:17): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6154 comm="syz.5.409" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7f2fb0f84ad0 code=0x7ffc0000
[  190.537069][ T6157] device vlan0 entered promiscuous mode
[  190.824245][   T26] audit: type=1326 audit(1742534330.288:18): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6154 comm="syz.5.409" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2fb0f86169 code=0x7ffc0000
[  190.895582][   T26] audit: type=1326 audit(1742534330.288:19): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6154 comm="syz.5.409" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2fb0f86169 code=0x7ffc0000
[  191.733825][   T26] audit: type=1326 audit(1742534330.298:20): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6154 comm="syz.5.409" exe="/root/syz-executor" sig=0 arch=c000003e syscall=20 compat=0 ip=0x7f2fb0f86169 code=0x7ffc0000
[  191.803570][   T26] audit: type=1326 audit(1742534330.298:21): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6154 comm="syz.5.409" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2fb0f86169 code=0x7ffc0000
[  191.930298][   T26] audit: type=1326 audit(1742534330.298:22): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6154 comm="syz.5.409" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2fb0f86169 code=0x7ffc0000
[  192.242130][ T2358] usb 6-1: new full-speed USB device number 10 using dummy_hcd
[  192.750382][ T6196] loop3: detected capacity change from 0 to 512
[  192.861882][ T6198] loop4: detected capacity change from 0 to 512
[  193.099950][ T6196] EXT4-fs (loop3): encrypted files will use data=ordered instead of data journaling mode
[  193.412818][ T6196] EXT4-fs error (device loop3): ext4_xattr_inode_iget:404: comm syz.3.422: inode #255: comm syz.3.422: iget: illegal inode #
[  193.430562][ T6196] EXT4-fs error (device loop3): ext4_xattr_inode_iget:409: comm syz.3.422: error while reading EA inode 255 err=-117
[  193.461121][ T6196] EXT4-fs (loop3): 1 orphan inode deleted
[  193.461519][ T6198] Quota error (device loop4): dq_insert_tree: Quota tree root isn't allocated!
[  193.466975][ T6196] EXT4-fs (loop3): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none.
[  193.477341][ T2358] usb 6-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  193.494167][ T6198] Quota error (device loop4): qtree_write_dquot: Error -5 occurred while creating quota
[  193.508251][ T6198] EXT4-fs error (device loop4): ext4_acquire_dquot:6197: comm syz.4.424: Failed to acquire dquot type 0
[  193.538232][ T6198] EXT4-fs error (device loop4): ext4_validate_block_bitmap:438: comm syz.4.424: bg 0: block 64: padding at end of block bitmap is not set
[  193.540950][ T2358] usb 6-1: config 0 interface 0 altsetting 0 has an invalid endpoint with address 0xBE, skipping
[  193.564123][ T6198] EXT4-fs error (device loop4) in ext4_mb_clear_bb:6183: Corrupt filesystem
[  193.575142][ T2358] usb 6-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 3
[  193.576748][ T6198] EXT4-fs (loop4): 1 truncate cleaned up
[  193.593927][ T6198] EXT4-fs (loop4): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback.
[  193.606162][ T6198] ext4 filesystem being mounted at /93/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  193.659799][ T6198] EXT4-fs error (device loop4): ext4_acquire_dquot:6197: comm syz.4.424: Failed to acquire dquot type 0
[  193.762989][ T2358] usb 6-1: New USB device found, idVendor=10c5, idProduct=819a, bcdDevice=e4.46
[  193.805489][ T2358] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=35
[  193.823963][ T2358] usb 6-1: Product: syz
[  193.833606][ T2358] usb 6-1: Manufacturer: syz
[  193.846447][ T2358] usb 6-1: SerialNumber: syz
[  193.888101][ T2358] usb 6-1: config 0 descriptor??
[  193.940551][ T2358] radio-si470x 6-1:0.0: could not find interrupt in endpoint
[  193.965755][ T2358] radio-si470x: probe of 6-1:0.0 failed with error -5
[  193.993263][ T2358] usbhid 6-1:0.0: couldn't find an input interrupt endpoint
[  194.018857][ T1428] ieee802154 phy0 wpan0: encryption failed: -22
[  194.028795][ T1428] ieee802154 phy1 wpan1: encryption failed: -22
[  194.594378][ T6221] netlink: 12 bytes leftover after parsing attributes in process `syz.2.432'.
[  194.621670][ T6221] device vlan2 entered promiscuous mode
[  194.632778][ T6221] device batadv0 entered promiscuous mode
[  194.671817][ T6221] device batadv0 left promiscuous mode
[  195.122059][ T6229] netlink: 12 bytes leftover after parsing attributes in process `syz.2.434'.
[  195.387618][ T2358] usb 6-1: USB disconnect, device number 10
[  196.025381][ T6238] loop4: detected capacity change from 0 to 512
[  196.696521][ T6239] loop5: detected capacity change from 0 to 512
[  196.719839][ T6238] EXT4-fs (loop4): encrypted files will use data=ordered instead of data journaling mode
[  196.737394][ T6241] netlink: 12 bytes leftover after parsing attributes in process `syz.2.438'.
[  196.776819][ T6238] EXT4-fs error (device loop4): ext4_xattr_inode_iget:404: comm syz.4.436: inode #255: comm syz.4.436: iget: illegal inode #
[  196.791257][ T6238] EXT4-fs error (device loop4): ext4_xattr_inode_iget:409: comm syz.4.436: error while reading EA inode 255 err=-117
[  196.804139][ T6238] EXT4-fs (loop4): 1 orphan inode deleted
[  196.810025][ T6238] EXT4-fs (loop4): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none.
[  196.812118][ T6239] __quota_error: 2 callbacks suppressed
[  196.812131][ T6239] Quota error (device loop5): dq_insert_tree: Quota tree root isn't allocated!
[  196.856581][ T6239] Quota error (device loop5): qtree_write_dquot: Error -5 occurred while creating quota
[  196.896707][ T6241] 8021q: adding VLAN 0 to HW filter on device bond1
[  196.906277][ T6239] EXT4-fs error (device loop5): ext4_acquire_dquot:6197: comm syz.5.437: Failed to acquire dquot type 0
[  196.926794][ T6239] EXT4-fs error (device loop5): ext4_validate_block_bitmap:438: comm syz.5.437: bg 0: block 64: padding at end of block bitmap is not set
[  196.948308][ T6239] EXT4-fs error (device loop5) in ext4_mb_clear_bb:6183: Corrupt filesystem
[  197.057766][ T6247] bond1: (slave gretap1): Enslaving as an active interface with an up link
[  197.067295][ T6239] EXT4-fs (loop5): 1 truncate cleaned up
[  197.072962][ T6239] EXT4-fs (loop5): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback.
[  197.090414][ T6239] ext4 filesystem being mounted at /57/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  197.096530][ T4288] IPv6: ADDRCONF(NETDEV_CHANGE): bond1: link becomes ready
[  197.112904][ T4211] usb 7-1: USB disconnect, device number 6
[  197.162313][ T4211] usblp0: removed
[  197.177657][ T6239] Quota error (device loop5): dq_insert_tree: Quota tree root isn't allocated!
[  197.200831][ T6239] Quota error (device loop5): qtree_write_dquot: Error -5 occurred while creating quota
[  197.238649][ T6239] EXT4-fs error (device loop5): ext4_acquire_dquot:6197: comm syz.5.437: Failed to acquire dquot type 0
[  197.337873][ T6253] kvm: MWAIT instruction emulated as NOP!
[  197.812233][ T6272] netlink: 12 bytes leftover after parsing attributes in process `syz.5.444'.
[  197.985650][ T4211] usb 7-1: new high-speed USB device number 7 using dummy_hcd
[  198.235720][ T4211] usb 7-1: Using ep0 maxpacket: 32
[  198.475573][ T4211] usb 7-1: config 4 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  198.527260][ T4211] usb 7-1: config 4 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  198.581534][ T6275] netlink: 20 bytes leftover after parsing attributes in process `syz.5.447'.
[  198.685581][ T4211] usb 7-1: New USB device found, idVendor=046d, idProduct=c314, bcdDevice= 0.40
[  198.701854][ T4211] usb 7-1: New USB device strings: Mfr=255, Product=255, SerialNumber=0
[  198.725354][ T4211] usb 7-1: Product: syz
[  198.730530][ T4211] usb 7-1: Manufacturer: syz
[  198.788421][ T4211] hub 7-1:4.0: USB hub found
[  199.428940][ T4211] hub 7-1:4.0: 6 ports detected
[  199.455419][ T4211] hub 7-1:4.0: config failed, can't get hub status (err -5)
[  199.886413][ T4211] usb 7-1: USB disconnect, device number 7
[  200.024851][ T6294] loop2: detected capacity change from 0 to 2048
[  200.142005][ T6294] EXT4-fs (loop2): mounted filesystem without journal. Opts: discard,,errors=continue. Quota mode: none.
[  200.159825][ T6301] loop4: detected capacity change from 0 to 512
[  200.671792][ T6301] Quota error (device loop4): dq_insert_tree: Quota tree root isn't allocated!
[  200.701696][ T6301] Quota error (device loop4): qtree_write_dquot: Error -5 occurred while creating quota
[  200.753727][ T6301] EXT4-fs error (device loop4): ext4_acquire_dquot:6197: comm syz.4.454: Failed to acquire dquot type 0
[  200.792772][ T6301] EXT4-fs error (device loop4): ext4_validate_block_bitmap:438: comm syz.4.454: bg 0: block 64: padding at end of block bitmap is not set
[  200.868606][ T6301] EXT4-fs error (device loop4) in ext4_mb_clear_bb:6183: Corrupt filesystem
[  200.906579][ T6301] EXT4-fs (loop4): 1 truncate cleaned up
[  200.924071][ T6301] EXT4-fs (loop4): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback.
[  200.974411][ T6301] ext4 filesystem being mounted at /105/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  201.028336][ T6301] Quota error (device loop4): dq_insert_tree: Quota tree root isn't allocated!
[  201.043766][ T6301] Quota error (device loop4): qtree_write_dquot: Error -5 occurred while creating quota
[  201.054314][ T6301] EXT4-fs error (device loop4): ext4_acquire_dquot:6197: comm syz.4.454: Failed to acquire dquot type 0
[  201.070125][ T6307] device dummy0 entered promiscuous mode
[  201.075424][   T13] usb 7-1: new full-speed USB device number 8 using dummy_hcd
[  201.077740][ T6307] batman_adv: batadv0: Adding interface: dummy0
[  201.089918][ T6307] batman_adv: batadv0: The MTU of interface dummy0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  201.115326][ T6307] batman_adv: batadv0: Interface activated: dummy0
[  201.487686][   T13] usb 7-1: New USB device found, idVendor=0bed, idProduct=1100, bcdDevice=ec.c3
[  201.510023][   T13] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  201.544407][   T13] usb 7-1: config 0 descriptor??
[  201.565681][ T4170] usb 6-1: new high-speed USB device number 11 using dummy_hcd
[  201.686614][   T13] cp210x 7-1:0.0: cp210x converter detected
[  201.887909][ T6333] loop3: detected capacity change from 0 to 512
[  201.935148][ T6333] EXT4-fs (loop3): encrypted files will use data=ordered instead of data journaling mode
[  202.509349][ T6333] EXT4-fs error (device loop3): ext4_xattr_inode_iget:404: comm syz.3.463: inode #255: comm syz.3.463: iget: illegal inode #
[  202.532762][ T6333] EXT4-fs error (device loop3): ext4_xattr_inode_iget:409: comm syz.3.463: error while reading EA inode 255 err=-117
[  202.549460][ T6333] EXT4-fs (loop3): 1 orphan inode deleted
[  202.555437][ T6333] EXT4-fs (loop3): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none.
[  202.567078][ T4170] usb 6-1: New USB device found, idVendor=0cf3, idProduct=9374, bcdDevice=bc.3b
[  202.592875][   T13] usb 7-1: cp210x converter now attached to ttyUSB0
[  202.604963][ T4170] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  202.616596][   T13] usb 7-1: USB disconnect, device number 8
[  202.634054][ T4170] usb 6-1: config 0 descriptor??
[  202.646016][   T13] cp210x ttyUSB0: cp210x converter now disconnected from ttyUSB0
[  202.672238][   T13] cp210x 7-1:0.0: device disconnected
[  202.887587][ T4170] ath6kl: Failed to submit usb control message: -71
[  202.900148][ T4170] ath6kl: unable to send the bmi data to the device: -71
[  202.921541][ T4170] ath6kl: Unable to send get target info: -71
[  202.943753][ T4170] ath6kl: Failed to init ath6kl core: -71
[  203.002737][ T4170] ath6kl_usb: probe of 6-1:0.0 failed with error -71
[  203.034989][ T4170] usb 6-1: USB disconnect, device number 11
[  203.243263][ T6347] loop6: detected capacity change from 0 to 2048
[  203.243471][ T6349] loop2: detected capacity change from 0 to 512
[  203.388762][ T6349] Quota error (device loop2): dq_insert_tree: Quota tree root isn't allocated!
[  203.401940][ T6347] EXT4-fs (loop6): mounted filesystem without journal. Opts: discard,,errors=continue. Quota mode: none.
[  203.465713][ T6349] Quota error (device loop2): qtree_write_dquot: Error -5 occurred while creating quota
[  203.565583][ T6349] EXT4-fs error (device loop2): ext4_acquire_dquot:6197: comm syz.2.469: Failed to acquire dquot type 0
[  203.628369][ T6349] EXT4-fs error (device loop2): ext4_validate_block_bitmap:438: comm syz.2.469: bg 0: block 64: padding at end of block bitmap is not set
[  203.767231][ T6360] device dummy0 entered promiscuous mode
[  203.779273][ T6360] batman_adv: batadv0: Adding interface: dummy0
[  203.785626][ T6360] batman_adv: batadv0: The MTU of interface dummy0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  203.810961][ T6360] batman_adv: batadv0: Interface activated: dummy0
[  203.859193][ T6360] net_ratelimit: 10 callbacks suppressed
[  203.859233][ T6360] batadv0: mtu less than device minimum
[  203.872719][ T6360] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320)
[  203.885430][ T6360] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320)
[  203.897798][ T6360] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320)
[  203.910119][ T6360] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320)
[  203.922526][ T6360] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320)
[  203.934983][ T6360] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320)
[  203.947280][ T6360] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320)
[  203.959572][ T6360] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320)
[  203.971881][ T6360] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320)
[  204.260268][ T6349] EXT4-fs error (device loop2) in ext4_mb_clear_bb:6183: Corrupt filesystem
[  204.353342][ T6349] EXT4-fs (loop2): 1 truncate cleaned up
[  204.372049][ T6349] EXT4-fs (loop2): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback.
[  204.395632][ T6349] ext4 filesystem being mounted at /92/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  204.849884][ T6374] loop6: detected capacity change from 0 to 512
[  205.182152][ T6375] netlink: 'syz.3.478': attribute type 4 has an invalid length.
[  205.203657][ T6374] EXT4-fs (loop6): encrypted files will use data=ordered instead of data journaling mode
[  205.652783][ T6374] EXT4-fs error (device loop6): ext4_xattr_inode_iget:404: comm syz.6.476: inode #255: comm syz.6.476: iget: illegal inode #
[  205.666982][ T6374] EXT4-fs error (device loop6): ext4_xattr_inode_iget:409: comm syz.6.476: error while reading EA inode 255 err=-117
[  205.681581][ T6374] EXT4-fs (loop6): 1 orphan inode deleted
[  205.687387][ T6374] EXT4-fs (loop6): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none.
[  206.055406][ T1108] usb 3-1: new high-speed USB device number 7 using dummy_hcd
[  206.201152][ T6396] loop4: detected capacity change from 0 to 256
[  207.020130][ T6404] loop3: detected capacity change from 0 to 512
[  207.173714][ T6404] Quota error (device loop3): dq_insert_tree: Quota tree root isn't allocated!
[  207.221673][ T6404] Quota error (device loop3): qtree_write_dquot: Error -5 occurred while creating quota
[  207.262381][ T6404] EXT4-fs error (device loop3): ext4_acquire_dquot:6197: comm syz.3.487: Failed to acquire dquot type 0
[  207.342630][ T6404] EXT4-fs error (device loop3): ext4_validate_block_bitmap:438: comm syz.3.487: bg 0: block 64: padding at end of block bitmap is not set
[  207.411512][ T6404] EXT4-fs error (device loop3) in ext4_mb_clear_bb:6183: Corrupt filesystem
[  207.476095][ T6404] EXT4-fs (loop3): 1 truncate cleaned up
[  207.481765][ T6404] EXT4-fs (loop3): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback.
[  207.554176][ T6404] ext4 filesystem being mounted at /120/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  207.951390][ T1108] usb 3-1: config 220 has an invalid interface number: 76 but max is 2
[  207.981906][ T1108] usb 3-1: config 220 contains an unexpected descriptor of type 0x2, skipping
[  208.015117][ T1108] usb 3-1: config 220 has an invalid descriptor of length 0, skipping remainder of the config
[  208.041975][ T1108] usb 3-1: config 220 has no interface number 2
[  208.201433][ T1108] usb 3-1: config 220 interface 1 altsetting 5 has 0 endpoint descriptors, different from the interface descriptor's value: 12
[  208.222527][ T1108] usb 3-1: config 220 interface 0 has no altsetting 0
[  208.256371][ T1108] usb 3-1: config 220 interface 76 has no altsetting 0
[  208.370392][ T6427] loop3: detected capacity change from 0 to 512
[  208.397881][ T1108] usb 3-1: config 220 interface 1 has no altsetting 0
[  208.646247][ T1108] usb 3-1: New USB device found, idVendor=8086, idProduct=0b07, bcdDevice=6c.b9
[  208.660014][ T6427] EXT4-fs (loop3): encrypted files will use data=ordered instead of data journaling mode
[  208.814314][ T6427] EXT4-fs error (device loop3): ext4_xattr_inode_iget:404: comm syz.3.492: inode #255: comm syz.3.492: iget: illegal inode #
[  208.829623][ T6427] EXT4-fs error (device loop3): ext4_xattr_inode_iget:409: comm syz.3.492: error while reading EA inode 255 err=-117
[  208.847457][ T6427] EXT4-fs (loop3): 1 orphan inode deleted
[  208.853237][ T6427] EXT4-fs (loop3): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none.
[  208.937443][ T1108] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  208.946069][ T1108] usb 3-1: Product: syz
[  208.950306][ T1108] usb 3-1: Manufacturer: syz
[  208.954957][ T1108] usb 3-1: SerialNumber: syz
[  208.985512][ T1108] usb 3-1: can't set config #220, error -71
[  208.995459][   T13] usb 6-1: new high-speed USB device number 12 using dummy_hcd
[  209.001195][ T1108] usb 3-1: USB disconnect, device number 7
[  209.286767][ T6440] loop6: detected capacity change from 0 to 512
[  209.396912][   T13] usb 6-1: Using ep0 maxpacket: 32
[  209.431860][ T6440] Quota error (device loop6): dq_insert_tree: Quota tree root isn't allocated!
[  209.509047][ T6440] Quota error (device loop6): qtree_write_dquot: Error -5 occurred while creating quota
[  209.555529][   T13] usb 6-1: config 4 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  209.576724][   T13] usb 6-1: config 4 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  209.587157][ T6440] EXT4-fs error (device loop6): ext4_acquire_dquot:6197: comm syz.6.499: Failed to acquire dquot type 0
[  209.665906][ T6440] EXT4-fs error (device loop6): ext4_validate_block_bitmap:438: comm syz.6.499: bg 0: block 64: padding at end of block bitmap is not set
[  209.699759][ T6440] EXT4-fs error (device loop6) in ext4_mb_clear_bb:6183: Corrupt filesystem
[  209.716128][ T6440] EXT4-fs (loop6): 1 truncate cleaned up
[  209.732171][ T6440] EXT4-fs (loop6): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback.
[  209.745617][   T13] usb 6-1: New USB device found, idVendor=046d, idProduct=c314, bcdDevice= 0.40
[  209.780688][   T13] usb 6-1: New USB device strings: Mfr=255, Product=255, SerialNumber=0
[  209.790135][ T6440] ext4 filesystem being mounted at /54/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  209.800663][   T13] usb 6-1: Product: syz
[  209.804878][   T13] usb 6-1: Manufacturer: syz
[  209.961833][   T13] hub 6-1:4.0: USB hub found
[  210.198986][   T13] hub 6-1:4.0: 6 ports detected
[  210.475838][   T13] hub 6-1:4.0: config failed, can't get hub status (err -5)
[  210.566094][   T13] usb 6-1: USB disconnect, device number 12
[  211.472142][ T6479] loop5: detected capacity change from 0 to 512
[  212.036424][ T6479] EXT4-fs (loop5): encrypted files will use data=ordered instead of data journaling mode
[  212.086493][ T6479] EXT4-fs error (device loop5): ext4_xattr_inode_iget:404: comm syz.5.508: inode #255: comm syz.5.508: iget: illegal inode #
[  212.102437][ T6479] EXT4-fs error (device loop5): ext4_xattr_inode_iget:409: comm syz.5.508: error while reading EA inode 255 err=-117
[  212.116404][ T6479] EXT4-fs (loop5): 1 orphan inode deleted
[  212.122122][ T6479] EXT4-fs (loop5): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none.
[  212.642471][ T4211] usb 3-1: new high-speed USB device number 8 using dummy_hcd
[  213.451333][ T6507] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  214.392985][ T6512] netlink: 12 bytes leftover after parsing attributes in process `syz.4.518'.
[  214.415538][ T4211] usb 3-1: config 1 interface 0 altsetting 0 endpoint 0x1 has invalid wMaxPacketSize 0
[  214.466018][ T4211] usb 3-1: config 1 interface 0 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 0
[  215.045354][   T13] usb 7-1: new high-speed USB device number 9 using dummy_hcd
[  215.120086][ T4211] usb 3-1: config 1 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[  215.315467][   T13] usb 7-1: Using ep0 maxpacket: 32
[  215.335403][ T4211] usb 3-1: New USB device found, idVendor=0525, idProduct=a4a8, bcdDevice= 0.40
[  215.344568][ T4211] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  215.371984][ T4211] usb 3-1: Product: syz
[  215.595613][   T13] usb 7-1: config 4 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  215.635509][ T4211] usb 3-1: can't set config #1, error -71
[  215.644794][ T4211] usb 3-1: USB disconnect, device number 8
[  216.386077][   T13] usb 7-1: config 4 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  216.465429][   T13] usb 7-1: string descriptor 0 read error: -71
[  216.471664][   T13] usb 7-1: New USB device found, idVendor=046d, idProduct=c314, bcdDevice= 0.40
[  216.527712][   T13] usb 7-1: New USB device strings: Mfr=255, Product=255, SerialNumber=0
[  216.625441][   T13] usb 7-1: can't set config #4, error -71
[  216.655446][   T13] usb 7-1: USB disconnect, device number 9
[  217.120152][   T23] usb 6-1: new high-speed USB device number 13 using dummy_hcd
[  217.501273][ T6545] netlink: 16402 bytes leftover after parsing attributes in process `syz.4.527'.
[  217.520688][ T6544] loop3: detected capacity change from 0 to 2048
[  217.562220][ T6543] netlink: 16402 bytes leftover after parsing attributes in process `syz.4.527'.
[  217.684773][ T6544] EXT4-fs (loop3): mounted filesystem without journal. Opts: discard,,errors=continue. Quota mode: none.
[  217.775379][   T13] usb 7-1: new high-speed USB device number 10 using dummy_hcd
[  217.885606][   T23] usb 6-1: config 0 has no interfaces?
[  217.956778][ T6551] device dummy0 entered promiscuous mode
[  217.971512][ T6551] batman_adv: batadv0: Adding interface: dummy0
[  217.977866][ T6551] batman_adv: batadv0: The MTU of interface dummy0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  218.003571][ T6551] batman_adv: batadv0: Interface activated: dummy0
[  218.047639][ T6551] net_ratelimit: 11 callbacks suppressed
[  218.047677][ T6551] batadv0: mtu less than device minimum
[  218.061099][ T6551] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320)
[  218.073782][ T6551] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320)
[  218.086350][ T6551] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320)
[  218.098655][ T6551] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320)
[  218.111212][ T6551] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320)
[  218.123920][ T6551] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320)
[  218.136470][ T6551] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320)
[  218.148760][ T6551] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320)
[  218.161196][ T6551] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320)
[  218.776710][ T6556] netlink: 12 bytes leftover after parsing attributes in process `syz.4.529'.
[  219.585912][   T13] usb 7-1: config 1 interface 0 altsetting 0 endpoint 0x1 has invalid wMaxPacketSize 0
[  219.641803][   T13] usb 7-1: config 1 interface 0 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 0
[  219.748928][   T13] usb 7-1: config 1 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[  220.649428][   T13] usb 7-1: string descriptor 0 read error: -71
[  220.665974][   T13] usb 7-1: New USB device found, idVendor=0525, idProduct=a4a8, bcdDevice= 0.40
[  220.805538][   T13] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  220.873420][ T6570] pit: kvm: requested 4190 ns i8254 timer period limited to 200000 ns
[  220.882229][   T13] usb 7-1: can't set config #1, error -71
[  220.928050][   T13] usb 7-1: USB disconnect, device number 10
[  221.244959][ T6580] loop3: detected capacity change from 0 to 512
[  221.946086][ T5722] Bluetooth: hci0: command 0x0406 tx timeout
[  222.476037][ T6580] EXT4-fs (loop3): encrypted files will use data=ordered instead of data journaling mode
[  222.539233][ T6580] EXT4-fs error (device loop3): ext4_xattr_inode_iget:404: comm syz.3.536: inode #255: comm syz.3.536: iget: illegal inode #
[  222.552721][ T6580] EXT4-fs error (device loop3): ext4_xattr_inode_iget:409: comm syz.3.536: error while reading EA inode 255 err=-117
[  222.566969][ T6580] EXT4-fs (loop3): 1 orphan inode deleted
[  222.572692][ T6580] EXT4-fs (loop3): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none.
[  222.887338][ T6602] netlink: 12 bytes leftover after parsing attributes in process `syz.6.541'.
[  224.755343][ T1108] usb 3-1: new high-speed USB device number 9 using dummy_hcd
[  224.923858][   T23] usb 6-1: New USB device found, idVendor=091e, idProduct=0003, bcdDevice=d7.3b
[  224.933630][   T23] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  224.945633][   T23] usb 6-1: Product: syz
[  224.956261][   T23] usb 6-1: Manufacturer: syz
[  224.964126][   T23] usb 6-1: config 0 descriptor??
[  224.985446][   T23] usb 6-1: can't set config #0, error -32
[  225.115430][ T1108] usb 3-1: Using ep0 maxpacket: 32
[  225.256629][ T1108] usb 3-1: config 4 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  225.717068][ T1108] usb 3-1: config 4 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  225.885422][ T1108] usb 3-1: New USB device found, idVendor=046d, idProduct=c314, bcdDevice= 0.40
[  225.894570][ T1108] usb 3-1: New USB device strings: Mfr=255, Product=255, SerialNumber=0
[  225.947836][ T6632] netlink: 'syz.3.549': attribute type 10 has an invalid length.
[  225.984778][ T6632] bond0: (slave wlan1): Enslaving as an active interface with an up link
[  225.995621][ T1108] usb 3-1: can't set config #4, error -71
[  226.019239][   T13] usb 6-1: USB disconnect, device number 13
[  226.019256][ T1108] usb 3-1: USB disconnect, device number 9
[  226.052257][ T6630] device veth1_macvtap left promiscuous mode
[  226.073708][ T6630] device macsec0 entered promiscuous mode
[  226.365115][ T6642] device bridge_slave_1 left promiscuous mode
[  226.373858][ T6642] bridge0: port 2(bridge_slave_1) entered disabled state
[  226.388477][ T6642] device bridge_slave_0 left promiscuous mode
[  226.394767][ T6642] bridge0: port 1(bridge_slave_0) entered disabled state
[  226.589362][ T6647] netlink: 12 bytes leftover after parsing attributes in process `syz.2.554'.
[  228.833838][ T6692] netlink: 12 bytes leftover after parsing attributes in process `syz.6.570'.
[  230.712156][ T6734] netlink: 12 bytes leftover after parsing attributes in process `syz.4.584'.
[  231.332673][ T6740] ODEBUG: Out of memory. ODEBUG disabled
[  231.332726][ T6740] 
[  231.332731][ T6740] ======================================================
[  231.332738][ T6740] WARNING: possible circular locking dependency detected
[  231.332745][ T6740] 5.15.179-syzkaller #0 Not tainted
[  231.332757][ T6740] ------------------------------------------------------
[  231.332763][ T6740] syz.3.587/6740 is trying to acquire lock:
[  231.332774][ T6740] ffffffff8c9fbd38 ((console_sem).lock){-...}-{2:2}, at: down_trylock+0x1c/0xa0
[  231.332831][ T6740] 
[  231.332831][ T6740] but task is already holding lock:
[  231.332837][ T6740] ffff88805e8c05b8 (&trie->lock){..-.}-{2:2}, at: trie_update_elem+0xcf/0xca0
[  231.332886][ T6740] 
[  231.332886][ T6740] which lock already depends on the new lock.
[  231.332886][ T6740] 
[  231.332892][ T6740] 
[  231.332892][ T6740] the existing dependency chain (in reverse order) is:
[  231.332899][ T6740] 
[  231.332899][ T6740] -> #3 (&trie->lock){..-.}-{2:2}:
[  231.332923][ T6740]        lock_acquire+0x1db/0x4f0
[  231.332943][ T6740]        _raw_spin_lock_irqsave+0xd1/0x120
[  231.332963][ T6740]        trie_delete_elem+0x90/0x690
[  231.332984][ T6740]        0xffffffffa00286c9
[  231.332998][ T6740]        bpf_trace_run3+0x1d1/0x380
[  231.333018][ T6740]        __traceiter_sched_switch+0x7d/0xb0
[  231.333039][ T6740]        __schedule+0x1e8d/0x45b0
[  231.333059][ T6740]        preempt_schedule_common+0x83/0xd0
[  231.333080][ T6740]        preempt_schedule+0xd9/0xe0
[  231.333100][ T6740]        preempt_schedule_thunk+0x16/0x18
[  231.333122][ T6740]        try_to_wake_up+0x8a8/0x12c0
[  231.333144][ T6740]        wake_up_q+0x8b/0xd0
[  231.333164][ T6740]        futex_wake+0x607/0x750
[  231.333187][ T6740]        do_futex+0x1394/0x1810
[  231.333207][ T6740]        __se_sys_futex+0x407/0x490
[  231.333229][ T6740]        do_syscall_64+0x3b/0xb0
[  231.333249][ T6740]        entry_SYSCALL_64_after_hwframe+0x66/0xd0
[  231.333269][ T6740] 
[  231.333269][ T6740] -> #2 (&rq->__lock){-.-.}-{2:2}:
[  231.333295][ T6740]        lock_acquire+0x1db/0x4f0
[  231.333312][ T6740]        _raw_spin_lock_nested+0x2d/0x40
[  231.333331][ T6740]        raw_spin_rq_lock_nested+0x26/0x140
[  231.333353][ T6740]        task_fork_fair+0x5d/0x350
[  231.333371][ T6740]        sched_cgroup_fork+0x2d3/0x330
[  231.333392][ T6740]        copy_process+0x224a/0x3ef0
[  231.333410][ T6740]        kernel_clone+0x210/0x960
[  231.333427][ T6740]        kernel_thread+0x12e/0x1a0
[  231.333445][ T6740]        rest_init+0x21/0x330
[  231.333461][ T6740]        start_kernel+0x48c/0x540
[  231.333493][ T6740]        secondary_startup_64_no_verify+0xb1/0xbb
[  231.333512][ T6740] 
[  231.333512][ T6740] -> #1 (&p->pi_lock){-.-.}-{2:2}:
[  231.333536][ T6740]        lock_acquire+0x1db/0x4f0
[  231.333560][ T6740]        _raw_spin_lock_irqsave+0xd1/0x120
[  231.333576][ T6740]        try_to_wake_up+0xae/0x12c0
[  231.333595][ T6740]        up+0x6e/0x90
[  231.333611][ T6740]        __up_console_sem+0x11a/0x1e0
[  231.333628][ T6740]        console_unlock+0x1145/0x12b0
[  231.333644][ T6740]        do_fb_ioctl+0x797/0x890
[  231.333661][ T6740]        __se_sys_ioctl+0xf1/0x160
[  231.333679][ T6740]        do_syscall_64+0x3b/0xb0
[  231.333697][ T6740]        entry_SYSCALL_64_after_hwframe+0x66/0xd0
[  231.333714][ T6740] 
[  231.333714][ T6740] -> #0 ((console_sem).lock){-...}-{2:2}:
[  231.333738][ T6740]        validate_chain+0x1649/0x5930
[  231.333755][ T6740]        __lock_acquire+0x1295/0x1ff0
[  231.333770][ T6740]        lock_acquire+0x1db/0x4f0
[  231.333786][ T6740]        _raw_spin_lock_irqsave+0xd1/0x120
[  231.333802][ T6740]        down_trylock+0x1c/0xa0
[  231.333819][ T6740]        __down_trylock_console_sem+0x105/0x250
[  231.333838][ T6740]        console_trylock_spinning+0x8a/0x3f0
[  231.333855][ T6740]        vprintk_emit+0xa6/0x150
[  231.333871][ T6740]        _printk+0xd1/0x120
[  231.333885][ T6740]        debug_objects_oom+0xb4/0x370
[  231.333905][ T6740]        debug_object_activate+0x42d/0x4e0
[  231.333924][ T6740]        kvfree_call_rcu+0xb6/0x8a0
[  231.333941][ T6740]        trie_update_elem+0x8ad/0xca0
[  231.333960][ T6740]        bpf_map_update_value+0x5d7/0x6c0
[  231.333979][ T6740]        generic_map_update_batch+0x54d/0x8b0
[  231.333999][ T6740]        bpf_map_do_batch+0x4d0/0x620
[  231.334015][ T6740]        __sys_bpf+0x55c/0x670
[  231.334029][ T6740]        __x64_sys_bpf+0x78/0x90
[  231.334048][ T6740]        do_syscall_64+0x3b/0xb0
[  231.334064][ T6740]        entry_SYSCALL_64_after_hwframe+0x66/0xd0
[  231.334101][ T6740] 
[  231.334101][ T6740] other info that might help us debug this:
[  231.334101][ T6740] 
[  231.334107][ T6740] Chain exists of:
[  231.334107][ T6740]   (console_sem).lock --> &rq->__lock --> &trie->lock
[  231.334107][ T6740] 
[  231.334136][ T6740]  Possible unsafe locking scenario:
[  231.334136][ T6740] 
[  231.334154][ T6740]        CPU0                    CPU1
[  231.334158][ T6740]        ----                    ----
[  231.334162][ T6740]   lock(&trie->lock);
[  231.334173][ T6740]                                lock(&rq->__lock);
[  231.334195][ T6740]                                lock(&trie->lock);
[  231.334205][ T6740]   lock((console_sem).lock);
[  231.334215][ T6740] 
[  231.334215][ T6740]  *** DEADLOCK ***
[  231.334215][ T6740] 
[  231.334218][ T6740] 2 locks held by syz.3.587/6740:
[  231.334228][ T6740]  #0: ffffffff8cb1f4e0 (rcu_read_lock){....}-{1:2}, at: rcu_lock_acquire+0x5/0x30
[  231.334270][ T6740]  #1: ffff88805e8c05b8 (&trie->lock){..-.}-{2:2}, at: trie_update_elem+0xcf/0xca0
[  231.334311][ T6740] 
[  231.334311][ T6740] stack backtrace:
[  231.334329][ T6740] CPU: 0 PID: 6740 Comm: syz.3.587 Not tainted 5.15.179-syzkaller #0
[  231.334347][ T6740] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
[  231.334360][ T6740] Call Trace:
[  231.334366][ T6740]  <TASK>
[  231.334372][ T6740]  dump_stack_lvl+0x1e3/0x2d0
[  231.334392][ T6740]  ? io_uring_drop_tctx_refs+0x1a0/0x1a0
[  231.334416][ T6740]  ? print_circular_bug+0x12b/0x1a0
[  231.334436][ T6740]  check_noncircular+0x2f8/0x3b0
[  231.334454][ T6740]  ? reacquire_held_locks+0x660/0x660
[  231.334477][ T6740]  ? add_chain_block+0x850/0x850
[  231.334495][ T6740]  ? lockdep_lock+0x11f/0x2a0
[  231.334515][ T6740]  ? mark_lock+0x98/0x340
[  231.334533][ T6740]  validate_chain+0x1649/0x5930
[  231.334566][ T6740]  ? reacquire_held_locks+0x660/0x660
[  231.334584][ T6740]  ? data_push_tail+0x693/0x700
[  231.334606][ T6740]  ? desc_read+0x3d0/0x3d0
[  231.334625][ T6740]  ? unwind_next_frame+0x1437/0x1fa0
[  231.334646][ T6740]  ? reacquire_held_locks+0x660/0x660
[  231.334668][ T6740]  ? mark_lock+0x98/0x340
[  231.334686][ T6740]  __lock_acquire+0x1295/0x1ff0
[  231.334711][ T6740]  lock_acquire+0x1db/0x4f0
[  231.334726][ T6740]  ? down_trylock+0x1c/0xa0
[  231.334746][ T6740]  ? vsnprintf+0x1c70/0x1c70
[  231.334768][ T6740]  ? read_lock_is_recursive+0x10/0x10
[  231.334785][ T6740]  ? memcpy+0x3c/0x60
[  231.334802][ T6740]  ? vsnprintf+0x1b93/0x1c70
[  231.334823][ T6740]  ? _prb_commit+0x30a/0x3e0
[  231.334842][ T6740]  ? prb_reserve+0x1240/0x1240
[  231.334861][ T6740]  _raw_spin_lock_irqsave+0xd1/0x120
[  231.334878][ T6740]  ? down_trylock+0x1c/0xa0
[  231.334897][ T6740]  ? _raw_spin_lock+0x40/0x40
[  231.334914][ T6740]  ? vprintk_store+0xf1b/0x1300
[  231.334933][ T6740]  down_trylock+0x1c/0xa0
[  231.334953][ T6740]  __down_trylock_console_sem+0x105/0x250
[  231.334973][ T6740]  ? printk_parse_prefix+0x2c0/0x2c0
[  231.334990][ T6740]  ? vprintk_emit+0xa6/0x150
[  231.335006][ T6740]  ? console_trylock+0x70/0x70
[  231.335026][ T6740]  ? is_bpf_text_address+0x24f/0x260
[  231.335046][ T6740]  ? vprintk_emit+0xa6/0x150
[  231.335063][ T6740]  console_trylock_spinning+0x8a/0x3f0
[  231.335082][ T6740]  ? vprintk_emit+0x150/0x150
[  231.335099][ T6740]  ? __lock_acquire+0x1295/0x1ff0
[  231.335122][ T6740]  vprintk_emit+0xa6/0x150
[  231.335140][ T6740]  _printk+0xd1/0x120
[  231.335158][ T6740]  ? panic+0x860/0x860
[  231.335174][ T6740]  ? do_raw_spin_lock+0x14a/0x370
[  231.335192][ T6740]  ? __lock_acquire+0x1ff0/0x1ff0
[  231.335212][ T6740]  debug_objects_oom+0xb4/0x370
[  231.335234][ T6740]  ? _raw_spin_unlock_irqrestore+0xd9/0x130
[  231.335253][ T6740]  ? debug_object_activate+0x4e0/0x4e0
[  231.335276][ T6740]  debug_object_activate+0x42d/0x4e0
[  231.335300][ T6740]  kvfree_call_rcu+0xb6/0x8a0
[  231.335319][ T6740]  ? call_rcu+0xa70/0xa70
[  231.335335][ T6740]  ? __kmalloc_node+0x199/0x390
[  231.335353][ T6740]  ? bpf_map_kmalloc_node+0xdb/0x160
[  231.335372][ T6740]  ? _raw_spin_lock+0x40/0x40
[  231.335388][ T6740]  ? longest_prefix_match+0x2db/0x640
[  231.335412][ T6740]  trie_update_elem+0x8ad/0xca0
[  231.335442][ T6740]  bpf_map_update_value+0x5d7/0x6c0
[  231.335465][ T6740]  generic_map_update_batch+0x54d/0x8b0
[  231.335493][ T6740]  ? rcu_read_unlock+0x90/0x90
[  231.335513][ T6740]  ? __fdget+0x191/0x220
[  231.335531][ T6740]  ? rcu_read_unlock+0x90/0x90
[  231.335556][ T6740]  bpf_map_do_batch+0x4d0/0x620
[  231.335575][ T6740]  __sys_bpf+0x55c/0x670
[  231.335591][ T6740]  ? bpf_link_show_fdinfo+0x300/0x300
[  231.335615][ T6740]  ? syscall_enter_from_user_mode+0x2e/0x240
[  231.335633][ T6740]  ? lockdep_hardirqs_on+0x94/0x130
[  231.335655][ T6740]  __x64_sys_bpf+0x78/0x90
[  231.335675][ T6740]  do_syscall_64+0x3b/0xb0
[  231.335692][ T6740]  ? clear_bhb_loop+0x15/0x70
[  231.335711][ T6740]  entry_SYSCALL_64_after_hwframe+0x66/0xd0
[  231.335730][ T6740] RIP: 0033:0x7f638a34f169
[  231.335744][ T6740] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  231.335761][ T6740] RSP: 002b:00007f63881b8038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
[  231.335779][ T6740] RAX: ffffffffffffffda RBX: 00007f638a567fa0 RCX: 00007f638a34f169
[  231.335793][ T6740] RDX: 0000000000000038 RSI: 0000200000000000 RDI: 000000000000001a
[  231.335804][ T6740] RBP: 00007f638a3d02a0 R08: 0000000000000000 R09: 0000000000000000
[  231.335816][ T6740] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  231.335827][ T6740] R13: 0000000000000000 R14: 00007f638a567fa0 R15: 00007ffdec0b1388
[  231.335846][ T6740]  </TASK>
[  232.396534][ T6754] syz.2.591[6754] is installing a program with bpf_probe_write_user helper that may corrupt user memory!