last executing test programs:

16m37.010053554s ago: executing program 32 (id=26):
bpf$PROG_LOAD(0x5, &(0x7f0000000a40)={0x6, 0x3, &(0x7f0000000000)=ANY=[], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback=0x26, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3}, 0x94)
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000080), 0x41, 0x0)
write$binfmt_aout(r0, &(0x7f00000001c0)=ANY=[], 0xff2e)
ioctl$TCSETS(r0, 0x40045431, &(0x7f0000000dc0)={0x0, 0x0, 0x0, 0x0, 0xfe, "003809630400"})
syz_open_pts(r0, 0x2000)
r1 = syz_open_pts(r0, 0x80500)
r2 = dup3(r1, r0, 0x80000)
read(r2, &(0x7f00000000c0)=""/226, 0xe2)

15m52.607760887s ago: executing program 4 (id=263):
r0 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000500)=ANY=[@ANYBLOB="12010000000000207d1e5a2d00000000000109022400010000000009040000010300000009210000000122080009058103"], 0x0)
syz_usb_control_io$hid(r0, 0x0, 0x0)
syz_usb_control_io$hid(r0, &(0x7f0000000940)={0x24, 0x0, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="002208000000a20100c3"], 0x0}, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
ioctl$KVM_RUN(0xffffffffffffffff, 0xae80, 0x0)
r1 = syz_open_dev$hiddev(&(0x7f00000002c0), 0x0, 0x0)
ioctl$HIDIOCSREPORT(r1, 0x400c4808, &(0x7f00000001c0)={0xffffffff, 0x3, 0x6})

15m50.618200063s ago: executing program 4 (id=276):
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket$netlink(0x10, 0x3, 0x0)
r2 = socket(0x10, 0x803, 0x0)
sendmsg$BATADV_CMD_GET_MESH(r2, &(0x7f00000004c0)={0x0, 0x0, &(0x7f0000000480)={0x0, 0x32}}, 0x0)
getsockname$packet(r2, &(0x7f0000000100)={0x11, 0x0, <r3=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
getsockname$packet(r2, &(0x7f0000000180)={0x11, 0x0, <r4=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000001c0)=0x14)
sendmsg$nl_route(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000540)=ANY=[@ANYBLOB="3800000010000507000000000004000000000000", @ANYRES32=r3, @ANYBLOB="0000000a010000001800120008000100736974000c0002000800030036"], 0x38}}, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000500)={&(0x7f0000000740)=@newlink={0x38, 0x10, 0x439, 0x70bd2a, 0x25dfdbfc, {0x0, 0x0, 0xe403, r4, 0x3, 0x610c3}, [@IFLA_LINKINFO={0x18, 0x12, 0x0, 0x1, @sit={{0x8}, {0xc, 0x2, 0x0, 0x1, [@IFLA_IPTUN_FWMARK={0x8, 0x14, 0xfffffffc}]}}}]}, 0x38}, 0x1, 0x0, 0x0, 0x8000}, 0x4008040)

15m50.442898273s ago: executing program 4 (id=278):
r0 = openat$kvm(0xffffff9c, &(0x7f00000000c0), 0x800, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000380)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
ioctl$KVM_SET_PIT(0xffffffffffffffff, 0x8048ae66, &(0x7f0000000100)={[{0x2000001, 0x7, 0xc4, 0x53, 0x3d, 0x2, 0x80, 0x41, 0x6b, 0x45, 0x6, 0x2, 0xa}, {0xb, 0xaff3, 0x8, 0x8, 0x33, 0xfd, 0x6, 0x4, 0xe, 0x7, 0x7, 0x6, 0x40000000000001}, {0x0, 0x407, 0xd, 0x14, 0x21, 0x10, 0x0, 0xbb, 0x4, 0x15, 0x0, 0x2, 0xfffffffffffffb97}], 0x9})
ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000200)={[0x8, 0x8a, 0x7fffffffffffe, 0x81, 0x20000000105, 0xfffffffffbfffffd, 0x4002004c4, 0x1003, 0x8, 0x8, 0x2010, 0x2, 0x2, 0x100000001, 0x4000000000000003, 0xfffffffffffffffe], 0x10000, 0x2100})
ioctl$KVM_RUN(r2, 0xae80, 0x0)
ioctl$KVM_RUN(r2, 0xae80, 0x0)

15m50.235760985s ago: executing program 4 (id=279):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x40042, 0x1)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000140)=[@text64={0x40, &(0x7f0000000080)="440f20c0350b000000440f22c0360f09c4217d700c9d0000000028b8010000000f01c166b82e000f00d80f20d835080000000f22d82e0f019885000000b9b1060000b86f8d0000ba0000000066b8b5008ec036363ef3420f51a600000000b9e30b0000b8f233278fba000000000f30", 0x6f}], 0x1, 0x13, 0x0, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000003c0)={[0x60000000004, 0x1000000000, 0x5, 0x41, 0x2000000, 0x0, 0x2004cc, 0x0, 0xa1b, 0x8, 0x5, 0x3, 0x3, 0x2], 0x10000, 0x202})
ioctl$KVM_RUN(r2, 0xae80, 0x0)

15m49.024227796s ago: executing program 4 (id=289):
mkdirat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x101)
mount$fuse(0x0, 0x0, 0x0, 0x2b38094, &(0x7f0000000400)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=0x0])
mount(0x0, &(0x7f00000001c0)='./file1\x00', &(0x7f0000000040)='autofs\x00', 0x0, &(0x7f0000000400))
chdir(&(0x7f0000000080)='./file1\x00')
mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x0)
mount$bind(&(0x7f00000002c0)='.\x00', &(0x7f0000000200)='./file0\x00', 0x0, 0x101091, 0x0)
r0 = openat$autofs(0xffffffffffffff9c, &(0x7f00000003c0), 0x0, 0x0)
ioctl$AUTOFS_DEV_IOCTL_ISMOUNTPOINT(r0, 0xc0189374, &(0x7f0000000240)={{0x1, 0x1, 0x5f, 0xffffffffffffffff, {0x29}}, './file0\x00'})

15m48.858980246s ago: executing program 4 (id=292):
r0 = socket$inet_udp(0x2, 0x2, 0x0)
r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000700)=ANY=[@ANYBLOB="0f000000040000000400000012"], 0x50)
r2 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000900)={0xe, 0x5, &(0x7f0000000080)=@framed={{0x18, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4a}, [@initr0={0x18, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x7}]}, &(0x7f0000000000)='GPL\x00'}, 0x94)
bpf$BPF_PROG_DETACH(0x8, &(0x7f0000000280)=ANY=[@ANYRES32=r1, @ANYRES32=r2, @ANYBLOB="05"], 0x10)
bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000440)={r1, &(0x7f0000000440), &(0x7f0000000040)=@udp=r0}, 0x20)
bind$inet(r0, &(0x7f0000000040)={0x2, 0x4e20, @empty}, 0x21)
syz_emit_ethernet(0x2a, &(0x7f00000005c0)={@local, @random, @void, {@ipv4={0x800, @udp={{0x5, 0x4, 0x0, 0x0, 0x1c, 0x0, 0x0, 0x0, 0x11, 0x0, @empty, @empty}, {0x4, 0x4e20, 0x8}}}}}, 0x0)
recvmmsg(r0, &(0x7f00000047c0)=[{{0x0, 0x0, &(0x7f0000000200)=[{&(0x7f0000000780)=""/232, 0xe8}], 0x1}, 0x1ff}], 0x1, 0x2, 0x0)

15m33.586707738s ago: executing program 33 (id=292):
r0 = socket$inet_udp(0x2, 0x2, 0x0)
r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000700)=ANY=[@ANYBLOB="0f000000040000000400000012"], 0x50)
r2 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000900)={0xe, 0x5, &(0x7f0000000080)=@framed={{0x18, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4a}, [@initr0={0x18, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x7}]}, &(0x7f0000000000)='GPL\x00'}, 0x94)
bpf$BPF_PROG_DETACH(0x8, &(0x7f0000000280)=ANY=[@ANYRES32=r1, @ANYRES32=r2, @ANYBLOB="05"], 0x10)
bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000440)={r1, &(0x7f0000000440), &(0x7f0000000040)=@udp=r0}, 0x20)
bind$inet(r0, &(0x7f0000000040)={0x2, 0x4e20, @empty}, 0x21)
syz_emit_ethernet(0x2a, &(0x7f00000005c0)={@local, @random, @void, {@ipv4={0x800, @udp={{0x5, 0x4, 0x0, 0x0, 0x1c, 0x0, 0x0, 0x0, 0x11, 0x0, @empty, @empty}, {0x4, 0x4e20, 0x8}}}}}, 0x0)
recvmmsg(r0, &(0x7f00000047c0)=[{{0x0, 0x0, &(0x7f0000000200)=[{&(0x7f0000000780)=""/232, 0xe8}], 0x1}, 0x1ff}], 0x1, 0x2, 0x0)

15m2.610229669s ago: executing program 5 (id=600):
r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f0000000100))
r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000180)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000080)={0x8, 0x0, &(0x7f0000000280)=[@increfs], 0x0, 0x0, 0x0})
r2 = dup3(r1, r0, 0x0)
r3 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000040)='./binderfs/binder0\x00', 0x0, 0x0)
mmap$binder(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x1, 0x11, r3, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r3, 0x4018620d, &(0x7f00000002c0)={0x73622a85, 0x10b})
ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f00000003c0)={0x8, 0x0, &(0x7f0000000e00)=[@acquire], 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000300)={0x4c, 0x0, &(0x7f0000000540)=[@transaction_sg={0x40486311, {0x1, 0x0, 0x0, 0x0, 0x11, 0x0, 0x0, 0xfc, 0x18, 0x0, &(0x7f0000000200)={0x30, 0x30, 0x30}}}], 0x0, 0x0, 0x0})

15m2.23958874s ago: executing program 5 (id=604):
r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f0000000100))
r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000180)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000080)={0x8, 0x0, &(0x7f0000000400)=[@increfs], 0x0, 0x0, 0x0})
r2 = dup3(r1, r0, 0x0)
r3 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000700)='./binderfs/binder0\x00', 0x402, 0x0)
mmap$binder(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x1, 0x11, r3, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r3, 0x4018620d, &(0x7f00000002c0)={0x73622a85, 0x10a})
ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f00000003c0)={0x8, 0x0, &(0x7f00000006c0)=[@acquire], 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f00000001c0)={0x4c, 0x0, &(0x7f0000000540)=[@transaction_sg={0x40486311, {0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x48, 0xfb8, &(0x7f00000004c0)={@fd={0x66642a85, 0x0, r0}, @fd={0x66642a85, 0x0, r3}, @fd={0x66642a85, 0x0, r0}}, &(0x7f0000000200)={0x0, 0x18, 0x30}}}], 0x0, 0x0, 0x0})

15m1.962584377s ago: executing program 5 (id=605):
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101})
r1 = socket(0x400000000010, 0x3, 0x0)
r2 = socket$unix(0x1, 0x1, 0x0)
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r3=>0x0})
sendmsg$nl_route_sched(r1, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000180)=@newqdisc={0x44, 0x24, 0x4ee4e6a52ff56541, 0x70bd29, 0xffffffff, {0x0, 0x0, 0x0, r3, {0x0, 0xfff1}, {0xffff, 0xffff}, {0xc, 0xf}}, [@qdisc_kind_options=@q_hfsc={{0x9}, {0x14, 0x2, @TCA_HFSC_RSC={0x10, 0x1, {0x0, 0xfffffffe, 0x4}}}}]}, 0x44}, 0x1, 0x0, 0x0, 0x8801}, 0x20008850)
r4 = socket(0x400000000010, 0x3, 0x0)
r5 = socket$unix(0x1, 0x5, 0x0)
ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r6=>0x0})
sendmsg$nl_route_sched(r4, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000380)={&(0x7f0000000400)=@newtfilter={0x48, 0x2c, 0xd3f, 0x870bd24, 0x25dfdbfc, {0x0, 0x0, 0x0, r6, {0x7, 0xffe0}, {}, {0x7, 0x2}}, [@filter_kind_options=@f_flower={{0xb}, {0x18, 0x2, [@TCA_FLOWER_KEY_IPV6_DST={0x14, 0x10, @ipv4={'\x00', '\xff\xff', @empty}}]}}]}, 0x48}, 0x1, 0x0, 0x0, 0x8848}, 0x20004804)

15m1.707758811s ago: executing program 5 (id=607):
r0 = syz_open_procfs(0x0, &(0x7f0000000140)='mounts\x00')
mkdir(&(0x7f0000000400)='./file0\x00', 0x2d)
r1 = epoll_create1(0x80000)
epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, r0, &(0x7f0000000240)={0x80000011})
mount$bind(&(0x7f00000002c0)='.\x00', &(0x7f0000000200)='./file0\x00', 0x0, 0x101091, 0x0)
mount$bind(0x0, &(0x7f00000005c0)='./file0\x00', 0x0, 0x100000, 0x0)
mount$bind(&(0x7f0000000340)='./file0/../file0\x00', &(0x7f0000000280)='./file0/file0\x00', 0x0, 0xb101e, 0x0)
mount$bind(&(0x7f0000000380)='./file0/file0\x00', &(0x7f00000000c0)='./file0/../file0\x00', 0x0, 0x2a05404, 0x0)
r2 = open_tree(0xffffffffffffff9c, &(0x7f0000000640)='\x00', 0x89901)
move_mount(r2, &(0x7f0000000140)='.\x00', 0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x0)

15m1.366005462s ago: executing program 5 (id=609):
prlimit64(0x0, 0xe, &(0x7f0000000040)={0x8, 0x8b}, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
syz_init_net_socket$nfc_llcp(0x27, 0x1, 0x1)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x1)
sched_setaffinity(0x0, 0x8, &(0x7f0000000200)=0x400000bce)
r0 = syz_open_dev$MSR(&(0x7f0000000340), 0x0, 0x0)
read$msr(r0, &(0x7f0000048040)=""/102392, 0x18ff8)
openat$nullb(0xffffffffffffff9c, 0x0, 0x4000000004402, 0x0)
r1 = socket$inet6_sctp(0xa, 0x1, 0x84)
setsockopt$inet_sctp6_SCTP_RECONFIG_SUPPORTED(r1, 0x84, 0x75, &(0x7f0000000000)={0x0, 0xcc}, 0x8)

15m0.955393735s ago: executing program 5 (id=613):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000006000/0x18000)=nil, &(0x7f0000000380)=[@text32={0x20, &(0x7f00000001c0)="b8050000000f01c10f46a78900000066ba2100b067ee66ba2000b000ee6d6c2f800000c00f3266bac0000f3066b808008ed0660f38806f008ee0", 0x3a}], 0x1, 0x0, 0x0, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x2)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000180)={0x2, 0x1, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
ioctl$KVM_SET_IRQCHIP(r1, 0x8208ae63, &(0x7f0000000600)={0x0, 0x0, @ioapic={0xc000, 0x40, 0x80000001, 0xf, 0x0, [{0x5, 0xe, 0x3, '\x00', 0xa}, {0xeb, 0x0, 0x0, '\x00', 0x1}, {0x6, 0x3, 0x5, '\x00', 0x4}, {0x1, 0x2, 0x6, '\x00', 0x7c}, {0x1, 0x8, 0x3, '\x00', 0x2}, {0x7, 0x8c, 0x8, '\x00', 0x80}, {0x3, 0xb, 0xff, '\x00', 0x5}, {0xcf, 0xb, 0x7, '\x00', 0x6d}, {0x81, 0xa8, 0xfb}, {0x9e, 0xe, 0x2}, {0x76, 0x0, 0x7, '\x00', 0xf8}, {0x1, 0x1, 0x40, '\x00', 0x17}, {0x7, 0x9a, 0xe, '\x00', 0x5}, {0x10, 0x8, 0x5, '\x00', 0x4}, {0xc, 0x9, 0x3, '\x00', 0x2}, {0xfa, 0x2, 0xb, '\x00', 0x5}, {0xc, 0x2, 0x2, '\x00', 0x1}, {0x5, 0x1, 0x6, '\x00', 0x10}, {0x3, 0x7, 0x9}, {0x8, 0xb, 0x3, '\x00', 0x7f}, {0x4, 0x7, 0x6, '\x00', 0x1}, {0x6, 0xe, 0xfd, '\x00', 0x80}, {0x7, 0xaa, 0x0, '\x00', 0x1}, {0x2, 0x1, 0x4, '\x00', 0x1}]}})
ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000000)={[0x6, 0x7, 0x5, 0x180, 0x0, 0x0, 0xf1, 0xa, 0x8, 0x5, 0x0, 0x5, 0x5, 0x8, 0xfffffffffffffffe, 0xbd9], 0x1, 0x196202})
ioctl$KVM_RUN(r2, 0xae80, 0x0)

15m0.423453267s ago: executing program 34 (id=613):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000006000/0x18000)=nil, &(0x7f0000000380)=[@text32={0x20, &(0x7f00000001c0)="b8050000000f01c10f46a78900000066ba2100b067ee66ba2000b000ee6d6c2f800000c00f3266bac0000f3066b808008ed0660f38806f008ee0", 0x3a}], 0x1, 0x0, 0x0, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x2)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000180)={0x2, 0x1, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
ioctl$KVM_SET_IRQCHIP(r1, 0x8208ae63, &(0x7f0000000600)={0x0, 0x0, @ioapic={0xc000, 0x40, 0x80000001, 0xf, 0x0, [{0x5, 0xe, 0x3, '\x00', 0xa}, {0xeb, 0x0, 0x0, '\x00', 0x1}, {0x6, 0x3, 0x5, '\x00', 0x4}, {0x1, 0x2, 0x6, '\x00', 0x7c}, {0x1, 0x8, 0x3, '\x00', 0x2}, {0x7, 0x8c, 0x8, '\x00', 0x80}, {0x3, 0xb, 0xff, '\x00', 0x5}, {0xcf, 0xb, 0x7, '\x00', 0x6d}, {0x81, 0xa8, 0xfb}, {0x9e, 0xe, 0x2}, {0x76, 0x0, 0x7, '\x00', 0xf8}, {0x1, 0x1, 0x40, '\x00', 0x17}, {0x7, 0x9a, 0xe, '\x00', 0x5}, {0x10, 0x8, 0x5, '\x00', 0x4}, {0xc, 0x9, 0x3, '\x00', 0x2}, {0xfa, 0x2, 0xb, '\x00', 0x5}, {0xc, 0x2, 0x2, '\x00', 0x1}, {0x5, 0x1, 0x6, '\x00', 0x10}, {0x3, 0x7, 0x9}, {0x8, 0xb, 0x3, '\x00', 0x7f}, {0x4, 0x7, 0x6, '\x00', 0x1}, {0x6, 0xe, 0xfd, '\x00', 0x80}, {0x7, 0xaa, 0x0, '\x00', 0x1}, {0x2, 0x1, 0x4, '\x00', 0x1}]}})
ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000000)={[0x6, 0x7, 0x5, 0x180, 0x0, 0x0, 0xf1, 0xa, 0x8, 0x5, 0x0, 0x5, 0x5, 0x8, 0xfffffffffffffffe, 0xbd9], 0x1, 0x196202})
ioctl$KVM_RUN(r2, 0xae80, 0x0)

14m21.841712351s ago: executing program 0 (id=807):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x7, 0x100}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x1, &(0x7f00000000c0)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0xd, 0x6, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x63, 0x11, 0xa4}, [@func={0x85, 0x0, 0x1, 0x0, 0x2}, @call={0x85, 0x0, 0x0, 0x8}, @exit={0x95, 0x0, 0x700}], {0x95, 0x0, 0x5a5}}, &(0x7f0000000080)='GPL\x00', 0x9, 0x29e, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @sock_ops, 0xffffffffffffffff, 0x6}, 0x70)
syz_mount_image$ext4(&(0x7f0000000440)='ext4\x00', &(0x7f0000000000)='./bus\x00', 0x2040d0, &(0x7f00000000c0)={[{@i_version}, {@quota}]}, 0xf3, 0x496, &(0x7f0000000480)="$eJzs3EtsG0UfAPD/Oo9+fSZfv35AS4FAQVQ8kjYt0AMHQELiUCQkOJSjSdKq1G1QEyRaRTSgqlyQaCXuCIkLEmcOnDgh4ITEhQPcUaUK9ULhZLT22qwdu3Uc51X/fpLrmfU4M//dnd3Zna4D6Ftj6T9JxI6I+DUiRiKi0FxgrPp26+bC1F83F6aSKJdf/yNJvxZ/3lyYqhVNsvft1cxg+la4nMQLLeqdu3DxTLFUmjmf5Sfmz74zMXfh4tOnzxZPzZyaOTd57NjRI4efe3bymZ7E+d+0rfven92/95U3r706deLaWz98leQanY+jN4ZiMbdOmj3W28rW3c5cOhls+Gh6pLFoYW1aRCe2RFQ66lBEDMdIDFzeVf9sJF7+cF0bB6yqcrlcnmz/8WIZuIslsd4tANZH7USfXv/WXms09NgQbrxYvQBK476VvaqfDNYvVIearm97aSEiTiz+/Vn6ilW5DwEA0OjbdPzzVKvxXyHuyZXblc0NjWZzKbsj4n8RsSci/h9RKXtvRNy3zPrHmvJLxz+F610F1qF0/Pd8NrfVOP6rT1OMDmS5nZX4h5KTp0szh7J1cjCGtqT5wy3/ehKVSaD4+ZN29Y/lxn/pK62/NhbM2nF9cEvjd6aL88UVB5658UHEvsFW8WcTeNkc1t6I2NdlHaef+HJ/45KBeurO8d/GYJcNyil/HvF4dfsvRlP8Ncnt5ycn/hOlmUMTtb1iqR9/uvJau/pXFH8PpNt/W8v9vx7/aJKfr51b8ieG71THld8+antN0+3+P5y80VD5e8X5+fOHI4aT40uX525wp/na3peWT+M/eKB1/98d/66J+yMi3YkfiIgHI+KhrO0PR8QjEXEg38CmGc7vX3r07e7jX11p/MeXtf2Xnxg489037ervbPsfraQOZks6Of512sCVrDsAAADYLAoRsSOSwng9XSiMj1f/D/+e2FYozc7NP3ly9t1z09VnBEZjqFC70zWS5SO7/zmauz86WZk1j7iU5Y9k940/HdhayY9PzZam1zt46HPb2/T/1O8D7b51aQ1bCKyqHsyjAZuU/g/9q/v+78gBm90derEfbIC7mLM49K9W/d8tfugPzv/Qv+r9/2oHhXOPezU/vAlsPs7/0L+66f9bV6EdwJpayXP9GyIRX0TcvkyyUZq6rMTH+SW1A/RGaFjxZHW3icLGWFENiYgk2pcpRG5JsVWZuLoRomiTGOz4Vy0ulC8VS6Vfvl5Jpet8YAIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAOiRfwIAAP//x6bdIg==")

14m20.795702753s ago: executing program 0 (id=811):
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x2})
r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000400), 0x0, 0x0)
close(r1)
socket$nl_generic(0x10, 0x3, 0x10)
ioctl$SIOCSIFHWADDR(r1, 0x8914, &(0x7f0000002280)={'syzkaller0\x00', @multicast})
r2 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r3=>0x0})
sendmsg$nl_route_sched(r2, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000580)={&(0x7f0000000340)=@newqdisc={0x4c, 0x24, 0x4ee4e6a52ff56541, 0x70bd25, 0x25dfdbfd, {0x0, 0x0, 0x0, r3, {0x0, 0xb}, {0xffff, 0xffff}, {0xfff2}}, [@qdisc_kind_options=@q_netem={{0xa}, {0x1c, 0x2, {{0x3, 0x3, 0x6361, 0x7, 0xffffffff, 0x3}}}}]}, 0x4c}}, 0x0)
sendmsg$nl_route_sched(r2, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000300)={&(0x7f00000005c0)=@newqdisc={0x3c, 0x24, 0x4ee4e6a52ff56541, 0x70b926, 0x25dfdbfc, {0x0, 0x0, 0x0, r3, {0x0, 0xd}, {0x6, 0xb}, {0xffff, 0xffe0}}, [@qdisc_kind_options=@q_cake={{0x9}, {0xc, 0x2, [@TCA_CAKE_TARGET={0x8}]}}]}, 0x3c}, 0x1, 0x0, 0x0, 0x240040e0}, 0x4890)
r4 = socket$packet(0x11, 0x3, 0x300)
sendto$packet(r4, &(0x7f0000000240)="800000800000210ee7decd7a0000000088a8", 0x36, 0x40, &(0x7f00000001c0)={0x11, 0x8100, r3, 0x1, 0xd8, 0x6, @broadcast}, 0x14)

14m19.118528031s ago: executing program 0 (id=816):
openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x0, 0x0)
syz_init_net_socket$bt_l2cap(0x1f, 0x2, 0x0)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x80200, 0x0)
syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
userfaultfd(0x80001)
r0 = openat$adsp1(0xffffffffffffff9c, &(0x7f0000000040), 0xa0301, 0x0)
ioctl$SNDCTL_DSP_SETFRAGMENT(r0, 0xc004500a, &(0x7f0000001340))
ioctl$SNDCTL_DSP_CHANNELS(r0, 0xc0045006, &(0x7f0000000180)=0x6f)
r1 = openat$dsp1(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
read$dsp(r1, &(0x7f00000002c0)=""/4096, 0x1000)
write$dsp(r0, &(0x7f00000012c0)="a52876830a602214f6b4e928d758f38a5a7cb4b31c4c09289e9ebb6286784ca3", 0x4000)
pselect6(0x40, &(0x7f0000000240)={0x0, 0x0, 0x1ff, 0x7d, 0x100000000000000, 0x8000, 0x4, 0x1}, 0x0, &(0x7f00000002c0)={0x3ff, 0x6, 0xffffffffffffffff, 0x9, 0x0, 0xf, 0x80000006}, 0x0, 0x0)

14m17.858192664s ago: executing program 0 (id=821):
mkdirat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x101)
mount$fuse(0x0, 0x0, 0x0, 0x2b38094, &(0x7f0000000400)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=0x0])
mount(0x0, &(0x7f00000001c0)='./file1\x00', &(0x7f0000000040)='autofs\x00', 0x0, &(0x7f0000000400))
chdir(&(0x7f0000000080)='./file1\x00')
connect$inet6(0xffffffffffffffff, &(0x7f0000000180)={0xa, 0x0, 0x0, @loopback}, 0x1c)
r0 = open(&(0x7f0000000000)='.\x00', 0x0, 0x0)
mkdir(&(0x7f0000000300)='./bus\x00', 0x0)
chdir(&(0x7f0000000140)='./bus\x00')
mkdirat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x101)
syz_mount_image$vfat(&(0x7f0000000280), &(0x7f0000000100)='./file0\x00', 0x2a00005, &(0x7f00000002c0)=ANY=[], 0x0, 0x2b7, &(0x7f0000000580)="$eJzs3c9Ka1cUB+Bf1JjoJEI7Kh0cKJSORH2DUCyUBgqWQO3IUJUWI0IEoR1UZ32XPk4foy9QC4Vcridq4s31D3o93vh9EM6Cvdc5aychOwl7JzufHx7sHh3vb3/yT5rNIgvJWf5LkrnMZ+QqSGpZzLizAAAfm62tXrvqGviwBoN2r56k8U5Lt15JQQAAAAAAAAAAADza1PX/58nK2Pr/2ug4Z/0/AMwE6/9n32DQ7i2P3r9N6v5VSUEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAASc6Hw9bwllvV9QEAT+8x8/+/w9LzVQsAPIXJ+b92lvj8DwCz7nxirq/F9/8AMPt+2P7pu3ans7lVFM3k8M+T7km3PJbt7f38mn72spZW/k+GV8r4m287m2vFhZXsHJ6O8k9PGqMLXOavp5WV6fnrZX4xkd+tZ3n8+htp5dPp+RtT8xfz1Rdj+atp5e+fc5R+dvM29zr/j/Wi+Pr7zo38xkU/AAAAAAAAAAAAAAAAAAAAeA6rxZXJ/fvd+bJ99X3tSeqjk9zv9wFu7K9fyGcLlQ4dAAAAAAAAAAAAAAAAAAAAXozj334/6PX7ewPB7cGXjXt0Xnrae/XyQap67A8Lmrmrz9JLKfVVBMNW+Sx6YHpFL0gAAAAAAAAAAAAAAAAAAPCKXW/6TRarLgYAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAKnL9//8PDn78pTzFnZ2rHiMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADwOrwJAAD//ypU4JE=")
chdir(&(0x7f0000000080)='./file1\x00')
ioctl$AUTOFS_IOC_PROTOSUBVER(r0, 0x40049366, &(0x7f0000000180))

14m17.445320198s ago: executing program 0 (id=825):
getdents64(0xffffffffffffffff, 0x0, 0x0)
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket$can_bcm(0x1d, 0x2, 0x2)
ioctl$ifreq_SIOCGIFINDEX_vcan(r1, 0x8933, &(0x7f0000000180)={'vxcan0\x00'})
r2 = socket$can_bcm(0x1d, 0x2, 0x2)
r3 = socket(0x1d, 0x2, 0x6)
ioctl$ifreq_SIOCGIFINDEX_vcan(r3, 0x8933, &(0x7f0000000000)={'vxcan0\x00'})
r4 = socket(0x1d, 0x2, 0x6)
ioctl$ifreq_SIOCGIFINDEX_vcan(r4, 0x8933, &(0x7f0000000000)={'vxcan0\x00', <r5=>0x0})
bind$can_j1939(r4, &(0x7f0000000380)={0x1d, r5, 0x1, {0x0, 0x0, 0x1}, 0xfd}, 0x18)
ioctl$ifreq_SIOCGIFINDEX_vcan(r2, 0x8933, &(0x7f0000000100)={'vxcan0\x00', <r6=>0x0})
sendmsg$nl_route_sched(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000240)=@getchain={0x24, 0x11, 0x1, 0x0, 0x25dfdbfb, {0x0, 0x0, 0x0, r6, {0x8}, {0x7, 0xf}, {0x0, 0xe}}}, 0x24}, 0x1, 0x0, 0x0, 0x44060}, 0x98)

14m17.056085791s ago: executing program 0 (id=826):
bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f0000000480)={0xffffffffffffffff, 0x0, 0x25, 0x2, @val=@uprobe_multi={0x0, 0x0, 0x0, 0x6, 0x0, 0x1}}, 0x40)
r0 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f00000015c0), 0x2, 0x0)
ioctl$VHOST_SET_VRING_BASE(r0, 0xaf01, 0x0)
r1 = eventfd(0xfffffff9)
ioctl$VHOST_SET_LOG_FD(r0, 0x4004af07, &(0x7f0000000240)=r1)
ioctl$VHOST_SET_VRING_KICK(r0, 0x4008af20, &(0x7f0000000040)={0x1, r1})
ioctl$VHOST_SET_VRING_ADDR(r0, 0x4028af11, &(0x7f0000000140)={0x0, 0x0, 0x0, &(0x7f0000000500)=""/67, 0x0})
ioctl$VHOST_SET_VRING_ADDR(r0, 0x4028af11, &(0x7f0000000280)={0x1, 0x1, &(0x7f0000000380)=""/231, &(0x7f00000000c0)=""/87, &(0x7f0000000480)=""/70, 0x100000})
ioctl$VHOST_SET_MEM_TABLE(r0, 0x4008af03, &(0x7f0000000680))
ioctl$VHOST_SET_VRING_ERR(r0, 0x4008af22, &(0x7f00000002c0)={0x1, r1})
ioctl$VHOST_VSOCK_SET_RUNNING(r0, 0x4004af61, &(0x7f0000000000)=0x1)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000300)={0x11, 0x0, 0x0, 0x0, 0x5, 0x0, 0x0, 0x0, 0x32, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffb2, 0x0, 0x0, 0x10, 0x5}, 0x94)

14m16.177923082s ago: executing program 35 (id=826):
bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f0000000480)={0xffffffffffffffff, 0x0, 0x25, 0x2, @val=@uprobe_multi={0x0, 0x0, 0x0, 0x6, 0x0, 0x1}}, 0x40)
r0 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f00000015c0), 0x2, 0x0)
ioctl$VHOST_SET_VRING_BASE(r0, 0xaf01, 0x0)
r1 = eventfd(0xfffffff9)
ioctl$VHOST_SET_LOG_FD(r0, 0x4004af07, &(0x7f0000000240)=r1)
ioctl$VHOST_SET_VRING_KICK(r0, 0x4008af20, &(0x7f0000000040)={0x1, r1})
ioctl$VHOST_SET_VRING_ADDR(r0, 0x4028af11, &(0x7f0000000140)={0x0, 0x0, 0x0, &(0x7f0000000500)=""/67, 0x0})
ioctl$VHOST_SET_VRING_ADDR(r0, 0x4028af11, &(0x7f0000000280)={0x1, 0x1, &(0x7f0000000380)=""/231, &(0x7f00000000c0)=""/87, &(0x7f0000000480)=""/70, 0x100000})
ioctl$VHOST_SET_MEM_TABLE(r0, 0x4008af03, &(0x7f0000000680))
ioctl$VHOST_SET_VRING_ERR(r0, 0x4008af22, &(0x7f00000002c0)={0x1, r1})
ioctl$VHOST_VSOCK_SET_RUNNING(r0, 0x4004af61, &(0x7f0000000000)=0x1)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000300)={0x11, 0x0, 0x0, 0x0, 0x5, 0x0, 0x0, 0x0, 0x32, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffb2, 0x0, 0x0, 0x10, 0x5}, 0x94)

12m19.214440318s ago: executing program 7 (id=1162):
r0 = inotify_init()
inotify_add_watch(r0, &(0x7f00000001c0)='.\x00', 0x4000423)
r1 = open(&(0x7f0000000040)='./file1\x00', 0x80242, 0x0)
write$FUSE_CREATE_OPEN(r1, &(0x7f0000000180)={0xa0, 0xfffffffffffffff5, 0x0, {{0x3, 0x1, 0x5, 0xa, 0x3, 0x1, {0x5, 0x17d, 0x8, 0x5, 0x100, 0x7cf4, 0x9, 0x7ffffffd, 0xfffffffe, 0x8000, 0x20000000, 0xee00, 0x0, 0x3ff, 0x1}}, {0x0, 0xa}}}, 0xa0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x7, 0x100}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r2 = getpid()
sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
sendfile(r1, r1, &(0x7f0000000080)=0x2, 0x7f03)

12m16.334527907s ago: executing program 7 (id=1166):
socket$packet(0x11, 0x2, 0x300)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, 0x0, &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x7, 0x100}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
io_setup(0x4, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
sendmmsg$unix(r4, &(0x7f000000a2c0)=[{{&(0x7f0000000180)=@file={0x1, './file0\x00'}, 0x6e, 0x0, 0x0, &(0x7f0000000400)=[@cred={{0x1c, 0x1, 0x2, {r0}}}, @rights={{0x18, 0x1, 0x1, [r1, r3]}}], 0x38, 0x4000000}}], 0x1, 0x0)

12m12.052970126s ago: executing program 7 (id=1171):
r0 = socket(0x1e, 0x4, 0x0)
r1 = socket$inet6_udp(0xa, 0x2, 0x0)
r2 = syz_genetlink_get_family_id$ieee802154(&(0x7f00000002c0), 0xffffffffffffffff)
r3 = socket$inet_icmp(0x2, 0x2, 0x1)
sendmmsg$inet(r3, &(0x7f0000000c40)=[{{0x0, 0x0, &(0x7f0000000840)=[{0x0}, {&(0x7f0000001480)="76bfec8a4de7a2b2", 0x8}], 0x2}}], 0x1, 0x20004804)
sendmsg$IEEE802154_LLSEC_LIST_KEY(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000240)={0x14, r2, 0x200, 0x70bd27, 0x25dfdbff}, 0x14}, 0x1, 0x0, 0x0, 0x10014}, 0x4008008)
r4 = fsopen(&(0x7f0000000280)='ceph\x00', 0x0)
fsconfig$FSCONFIG_SET_STRING(r4, 0x1, 0x0, 0x0, 0x0)
gettid()
fsconfig$FSCONFIG_CMD_CREATE(r4, 0x6, 0x0, 0x0, 0x0)
r5 = openat$comedi(0xffffffffffffff9c, &(0x7f0000000080)='/dev/comedi4\x00', 0x400, 0x0)
ioctl$COMEDI_DEVCONFIG(r5, 0x40946400, 0x0)
preadv(r5, 0x0, 0x0, 0x0, 0xa3)
close_range(r1, 0xffffffffffffffff, 0x0)
setsockopt$packet_tx_ring(r0, 0x10f, 0x87, 0x0, 0x0)

12m11.455432251s ago: executing program 7 (id=1173):
openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x802, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, 0x0, 0x0)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x82200, 0x0)
r0 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r0, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
r1 = socket$inet6_tcp(0xa, 0x1, 0x0)
socket$nl_xfrm(0x10, 0x3, 0x6)
openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x40241, 0x0)
setsockopt$inet6_tcp_int(r1, 0x6, 0x13, &(0x7f0000000000)=0x100000001, 0x4)
connect$inet6(r1, &(0x7f0000000200)={0xa, 0x0, 0x0, @ipv4={'\x00', '\xff\xff', @local}, 0x2000000}, 0x64)
setsockopt$inet6_tcp_TCP_ULP(r1, 0x6, 0x1f, &(0x7f00000000c0), 0x4)
fsopen(&(0x7f0000000000)='cgroup2\x00', 0x1)
setsockopt$inet6_tcp_TLS_TX(r1, 0x11a, 0x2, &(0x7f0000000180)=@gcm_256={{0x303}, "0587a06a93f2aad4", "9b84f987950ff3df25fa8f46983d34157e047d27ae4a66a6d15608a32cbaa5bc", '\x00', "be0ea450d5a50003"}, 0x38)
pselect6(0x40, &(0x7f00000001c0)={0x0, 0x2, 0x6, 0xfffffffffffffffd}, 0x0, &(0x7f0000000240)={0x3ff, 0x0, 0x1, 0x9, 0x0, 0x0, 0x7fffffff}, 0x0, 0x0)

12m9.868325464s ago: executing program 7 (id=1178):
r0 = socket$packet(0x11, 0x3, 0x300)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x80000100008b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x8)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x4)
setsockopt$packet_int(r0, 0x107, 0xc, 0x0, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
r2 = syz_clone(0x600, 0x0, 0x69, 0x0, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, r2, 0x0, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x400000bce)
r3 = syz_open_dev$MSR(&(0x7f0000000440), 0x0, 0x0)
read$msr(r3, &(0x7f0000032680)=""/102400, 0x19000)
r4 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f00000015c0), 0x2, 0x0)
ioctl$VHOST_SET_VRING_BASE(r4, 0xaf01, 0x0)
ioctl$VHOST_SET_MEM_TABLE(r4, 0x4008af03, &(0x7f0000000840))

12m8.40648306s ago: executing program 7 (id=1180):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8)
setsockopt$packet_int(0xffffffffffffffff, 0x107, 0x14, 0x0, 0x0)
r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000180), 0x482, 0x0)
write$binfmt_aout(r1, &(0x7f0000000400)=ANY=[], 0xff2e)
ioctl$TCSETS(r1, 0x40045431, &(0x7f0000000580)={0x0, 0x0, 0x3, 0x0, 0x1b, "00000000000000000000ffff00"})
ioctl$TCSETS(r1, 0x5402, &(0x7f0000000080)={0x21, 0xfffffffd, 0x0, 0x2006, 0x1, "e315bc1cc24ff7b7cdb242e1ff0aa6905446b3"})
r2 = syz_open_pts(r1, 0x0)
r3 = dup3(r2, r1, 0x0)
read$FUSE(r3, &(0x7f000000a380)={0x2020}, 0x2020)
recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f0000000600)=ANY=[@ANYBLOB="1b00"/13], 0x50)
getpid()

11m52.478523681s ago: executing program 36 (id=1180):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8)
setsockopt$packet_int(0xffffffffffffffff, 0x107, 0x14, 0x0, 0x0)
r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000180), 0x482, 0x0)
write$binfmt_aout(r1, &(0x7f0000000400)=ANY=[], 0xff2e)
ioctl$TCSETS(r1, 0x40045431, &(0x7f0000000580)={0x0, 0x0, 0x3, 0x0, 0x1b, "00000000000000000000ffff00"})
ioctl$TCSETS(r1, 0x5402, &(0x7f0000000080)={0x21, 0xfffffffd, 0x0, 0x2006, 0x1, "e315bc1cc24ff7b7cdb242e1ff0aa6905446b3"})
r2 = syz_open_pts(r1, 0x0)
r3 = dup3(r2, r1, 0x0)
read$FUSE(r3, &(0x7f000000a380)={0x2020}, 0x2020)
recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f0000000600)=ANY=[@ANYBLOB="1b00"/13], 0x50)
getpid()

5m38.850145007s ago: executing program 8 (id=2261):
r0 = openat$nci(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0)
syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000040)={{0x12, 0x1, 0x0, 0x0, 0x0, 0x0, 0x40, 0x56a, 0xec, 0x0, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x0, 0x0, 0x0, 0x3, [{{0x9, 0x4, 0x0, 0x0, 0x1, 0x3, 0x0, 0x0, 0x0, {0x9, 0x21, 0xaeb, 0x0, 0x1, {0x22, 0x5}}}}]}}]}}, 0x0)
ioctl$IOCTL_GET_NCIDEV_IDX(r0, 0x0, &(0x7f00000000c0)=<r1=>0x0)
r2 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r3 = syz_genetlink_get_family_id$nfc(&(0x7f0000000100), r2)
sendmsg$NFC_CMD_DEV_UP(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000000)={0x1c, r3, 0x1, 0x70bd28, 0x25dfdbfe, {}, [@NFC_ATTR_DEVICE_INDEX={0x8, 0x1, r1}]}, 0x1c}, 0x1, 0x0, 0x0, 0x40089}, 0x8004)
write$nci(r0, &(0x7f0000000140)=ANY=[@ANYBLOB="414601", @ANYRES32=r2], 0x4)

5m37.151923506s ago: executing program 8 (id=2267):
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
bind$inet(r0, &(0x7f0000000000)={0x2, 0x4e21, @broadcast}, 0x2f)
setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000340)='westwood', 0x8)
connect$inet(r0, &(0x7f0000000180)={0x2, 0x4e21, @dev={0xac, 0x14, 0x14, 0x1b}}, 0x10)
sendto$inet(r0, &(0x7f0000000000), 0xffffffffffffff94, 0x0, 0x0, 0x0)
recvfrom$inet(r0, &(0x7f0000000080)=""/8, 0xfffffffffffffd0b, 0x720, 0x0, 0xfffffffffffffd25)

5m36.017892002s ago: executing program 8 (id=2272):
syz_mount_image$ext4(&(0x7f0000000200)='ext4\x00', &(0x7f00000001c0)='./file0\x00', 0x2004000, &(0x7f00000022c0)={[{@jqfmt_vfsv1}, {@errors_remount}, {@abort}]}, 0x1, 0x563, &(0x7f00000007c0)="$eJzs3c9rHFUcAPDvbHbbpK02BSnoQQI9WKndtIk/KnioR9FiQe91SaahZNMt2U1pYsH2oBcvUgQRC+If4N1j8R/wryhooUgJevASmWQ22Ta7m1/bZHU/H5j2vZnZefPmzXv5vp1dNoCBNZb9U4h4OSK+SSKOt2wrRr5xbG2/5Se3p7IliZWVT/5MIsnXNfdP8v+PNjPFiF+/jDhT2FxufXFptlKtpvN5frwxd2O8vrh09tpcZSadSa9PTE5eeGty4t133u5ZXV+//Pf3Hz/44MLXp5a/+/nRiXtJXIxj+bbWeuzBndbMWIzl16QUF5/Z8XwPCusnyUGfALsylPfzUmRjwPEYyns98P/3RUSsAANpJBL9HwZUMw5ozu035sHDBxiV7J/H769NgDbXv7j23kgMr86NjiwnT82MsvnuaA/Kz8r45Y/797Ilevc+BMCW7tyNiHPF4ubxL8nHv907t419ni3D+Af750EW/7zRLv4prMc/0Sb+Odqm7+7G1v2/8KgHxXSUxX/vtY1/1x9ajQ7luRciRkajlFy9Vk2zse3FiDgdpcNZvtvznAvLD1c6bWuN/7IlK78ZC+bn8ah4+OnXTFcalb3UudXjuxGvtI1/k/X2T9q0f3Y9Lm+zjJPp/Vc7bdu6/s/Xyk8Rr7Vt/40nWkn355Pjq/fDePOu2Oyvr07+1qn8g65/1v5Hutd/NGl9XlvfeRk/Dv+Tdtq22/v/UPLpavpQvu5WpdGYPx9xKPlo8/qJjdc28839s/qfPtV9/Gt3/49ExGfbrH+3mXQ/tP/0jtp/54mHH37+Q6fy8/qXomv7v7maOp2v2c74t90T3Mu1AwAAAAAAgH5TiIhjkRTK6+lCoVxe+3zHS3GkUK3VG2eu1hauT8fqd2VHo1RoPuk+vpZPmp9/GG3JTzyTn4yIExHx7dDIar48VatOH3TlAQAAAAAAAAAAAAAAAAAAoE8c7fD9/8zvQwd9dsBz5ye/YXBt2f978UtPQF/a7d//+R6fB7D/xP8wuPR/GFz6Pwwu/R8Gl/4Pg0v/h8Gl/wMAAAAAAAAAAAAAAAAAAAAAAAAAAEBPXb50KVtWlp/cnsry0zcXF2ZrN89Op/XZ8tzCVHmqNn+jPFOrzVTT8lRtbqvjVWu1G+cnYuHWeCOtN8bri0tX5moL1xtXrs1VZtIraWlfagUAAAAAAAAAAAAAAAAAAAD/LfXFpdlKtZrOS/RzYvg5HfnO3o9T7IfrI7HjRBLd9znokQkAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAANvwbAAD//+f9MzI=")
r0 = openat(0xffffffffffffff9c, &(0x7f0000004280)='./file0\x00', 0x0, 0x1)
unlinkat(r0, &(0x7f0000000000)='./file1\x00', 0x0)
close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000040)='.\x00', 0x0, 0x0)
fdatasync(r1)
syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f0000000480)='./file0\x00', 0x0, &(0x7f0000000080)={[{@nombcache}, {@abort}, {@nomblk_io_submit}, {@noblock_validity}, {@nolazytime}, {@usrjquota}, {@jqfmt_vfsv0}, {@barrier_val={'barrier', 0x3d, 0xd95a}}, {@noblock_validity}]}, 0x84, 0x492, &(0x7f0000000940)="$eJzs3M9vFFUcAPDvTH8gP0oL4g8QZRWJjWhLCyoHLxpNuBiNetBjLZUgBQytiRAi1Rg8Gv8C9WjiX+BJL0Y9abzq3ZgQw0X0YNbMzgxs291l22VZYD+fZNr35td7b9573TfzdhpA36pkP5KILRHxW0SM5tHlO1TyX1cun5/95/L52SSq1df+Smr7/X35/Gy565bi9+binONpRPpxEksN0l04e+7EzPz83JkiPrl48t3JhbPnnjx+cubY3LG5U9OHDx86OPXM09NP3ZByjmR53fXB6d07j7z52UuzsfTWj19n+R8otteXIzfWcZqVqES1Wq2my9YO137u6/jst5aRunAy2MOMsCZZ+8+qa6jW/0djIK5V3mi8+FFPMwd0Vfb5tG3V2vxTMd2X1LYDdyp9HPpV+Ymf3f+Wy80dgfTWpefyG6Cs3FeKJd8yGNl9ezKW37EPdCn9LRHxxtK/n2dLNHwOAQBwY32bjX+eaDD+ezWNe+v221rMDY1FxP6I2B4Rd0fEjoi4J6K2730RcX/bKeczBpUVa1ePf37ZuP7SXV82/nu2mNtaPv67OmszNlDERmrlH0rePj4/d6C4JuMxtCGLT7VI47sXfv202bZK3fgvW7L0y7FgkY8/BzcsP+bozOJMJ2Wud+nDiF2DjcqfXJ0JSCJiZ0TsWsf5s2t2/PGvdmfhrZtXb29Z/pevc/IbMM9U/TLisbz+l2JF+UtJnlKz+cnJu2J+7sBk2SpW++nni6/Ux4fqwtev/+7K6n9Tw/ZflL/sBuV87cLa07j4+ydN72nW2/6Hk9dr4eFi3fszi4tnpiKGixXL1k9fO7aMl/tn5R/f27j/b4/474viuAciImvED0bEQxGxp8j7wxHxSETsbVH+H55/9J3WV2gN9Z+2PtNaZeU/2qT+ixYwltTP168jMHDi+2+apd9e/R+qhcaLNe38/Ws3g51dPQAAALg9pLU56CSduBpO04mJ/Dv8O2JTOn96YXF/Jd47dTSfqx6LobR80jVa9zx0qng2XManV8QPRsS22jeNNtbiE7On50d6XXjoc5ub9P/MH9360gtw61jTPFrSvXwAN5/3NaF/6f/Qv/R/6F9t9X/3/XBHatT/L0Rc6UFWgJvM+B/6l/4P/Uv/h/6l/0NfWv1KfPnvVtbzpv+1wPYjHR3eR4GBzg6fjIiGm6L+n3Z0IRBpDy9d9UK12sl50t7X+5mFPUVgQ0S0e9SFrtbpyvbTkrcDAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACA28L/AQAA//8cSuRn")

5m35.602852347s ago: executing program 8 (id=2276):
mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x1c0)
mount$bind(&(0x7f00000002c0)='.\x00', &(0x7f0000000200)='./file0\x00', 0x0, 0x101091, 0x0)
mount$bind(0x0, &(0x7f00000005c0)='./file0\x00', 0x0, 0x100000, 0x0)
mount$bind(&(0x7f0000000340)='./file0/file0\x00', &(0x7f0000000280)='./file0/file0\x00', 0x0, 0xb101e, 0x0)
mount$bind(0x0, &(0x7f00000003c0)='./file0/file0\x00', 0x0, 0x80000, 0x0)
mount$bind(&(0x7f0000000380)='./file0\x00', &(0x7f0000000300)='./file0/file0\x00', 0x0, 0x2125499, 0x0)
mount$9p_unix(&(0x7f0000000040)='./file0\x00', &(0x7f0000000080)='./file0\x00', 0x0, 0x3047c4a, 0x0)

5m34.546061098s ago: executing program 8 (id=2278):
r0 = socket$inet6_udp(0xa, 0x2, 0x0)
ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r0, 0x8933, &(0x7f0000000000)={'batadv_slave_1\x00'})
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000340), 0x0, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000400)={0x4, 0x1, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0)
ioctl$KVM_SET_SREGS(r3, 0x4138ae84, &(0x7f0000000100)={{0xeeee8000, 0xeeee0002, 0xc, 0x1, 0x81, 0x0, 0x0, 0x24}, {0x10000, 0x5000, 0xb, 0xfc, 0x8, 0x0, 0x0, 0x0, 0xe, 0x0, 0x5, 0xfc}, {0x3000, 0x8080000, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x3, 0x1, 0x4}, {0x80a0000, 0xffff1000, 0xf, 0x0, 0x0, 0x8, 0x0, 0x7}, {0xeeee0000, 0xffff1000, 0xf, 0x2, 0xfe, 0xf0, 0x3, 0x81, 0x58, 0x8, 0x4}, {0x4000, 0x1000, 0x0, 0x3, 0x0, 0xfd, 0xfc, 0x0, 0x0, 0x5, 0xc0, 0x10}, {0x3000, 0x4000, 0x10, 0x8, 0x7, 0xfb, 0xff, 0x7, 0x1a, 0x2, 0x0, 0x2}, {0x0, 0x3000, 0xe, 0x2, 0xff, 0x6e, 0x7, 0xfd, 0x0, 0x9, 0x7, 0x5}, {0x2000, 0xb}, {0x0, 0xfffd}, 0x9df9ffdf, 0x0, 0x2, 0xa8, 0x8, 0x8000, 0x2000, [0xdd41, 0x0, 0x2]})

5m33.181480108s ago: executing program 8 (id=2290):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000840)={0x1fe, 0x2, 0x3000, 0x2000, &(0x7f0000003000/0x2000)=nil})
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000040)=[@text64={0x40, &(0x7f0000000100)="f30f9a347cf30f09c4c3edcfdf910fc7ab008000000f20e035000020000f22e04780227bc461795becb8010000000f01d9b99c080000b8a0190000ba000000000f30660f38804ffc", 0x48}], 0x1, 0x11, 0x0, 0x0)
syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000200)=[@text64={0x40, 0x0}], 0x1, 0x50, 0x0, 0x0)
ioctl$KVM_RUN(r2, 0xae80, 0x0)

5m32.831402779s ago: executing program 37 (id=2290):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000840)={0x1fe, 0x2, 0x3000, 0x2000, &(0x7f0000003000/0x2000)=nil})
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000040)=[@text64={0x40, &(0x7f0000000100)="f30f9a347cf30f09c4c3edcfdf910fc7ab008000000f20e035000020000f22e04780227bc461795becb8010000000f01d9b99c080000b8a0190000ba000000000f30660f38804ffc", 0x48}], 0x1, 0x11, 0x0, 0x0)
syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000200)=[@text64={0x40, 0x0}], 0x1, 0x50, 0x0, 0x0)
ioctl$KVM_RUN(r2, 0xae80, 0x0)

4m46.457280529s ago: executing program 9 (id=2617):
r0 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f00000015c0), 0x2, 0x0)
ioctl$VHOST_SET_VRING_BASE(r0, 0xaf01, 0x0)
ioctl$SNDRV_CTL_IOCTL_ELEM_WRITE(0xffffffffffffffff, 0xc1105518, &(0x7f0000000040)={{0x0, 0x5, 0x0, 0x0, 'syz0\x00'}, 0x1, [0x0, 0x0, 0x0, 0x0, 0x0, 0x80, 0x0, 0xffffffffffffffff, 0x2, 0x2, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffff01, 0x3, 0xfffffffffffffffc, 0x2, 0x0, 0x0, 0x5, 0x0, 0x0, 0xfffffffe, 0x8000000000000000, 0x0, 0xfffffffffffffffe, 0x80000000008, 0x0, 0x4, 0xfffffffffffffffd, 0x0, 0xf3, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x6, 0x6, 0x0, 0x13, 0x0, 0x0, 0x7, 0x0, 0x0, 0x2, 0x0, 0x4000000, 0x4, 0x0, 0x0, 0x1000, 0x20000000, 0x0, 0xffffffffffffffff, 0x40000000000000, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x800, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7fffffff, 0x3, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0xfffffffffffffffd, 0x0, 0x80000000000003, 0x3486, 0xfffffffffffffffd, 0x2, 0x7, 0x0, 0xfffffffffffffffe, 0x0, 0x40000000000, 0x4, 0x7ffffd, 0x0, 0x101, 0x0, 0x2000000, 0x0, 0x4, 0x5, 0x0, 0x1, 0x0, 0x0, 0x0, 0xb3, 0x0, 0x79a2, 0x0, 0x3, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x4, 0x0, 0x0, 0x1, 0x4a44e74b]})
r1 = eventfd(0x0)
ioctl$VHOST_SET_VRING_BASE(r0, 0x4008af12, &(0x7f0000000080)={0x1, 0x7f})
ioctl$VHOST_SET_LOG_FD(r0, 0x4004af07, &(0x7f0000000300)=r1)
ioctl$VHOST_SET_VRING_KICK(r0, 0x4008af20, &(0x7f0000000040)={0x1, r1})
ioctl$VHOST_SET_VRING_ADDR(r0, 0x4028af11, &(0x7f0000000280)={0x0, 0x0, 0x0, &(0x7f0000000180)=""/53, 0x0})
ioctl$VHOST_SET_VRING_ADDR(r0, 0x4028af11, &(0x7f0000000100)={0x1, 0x1, &(0x7f0000000380)=""/247, &(0x7f0000000880)=""/99, &(0x7f0000000800)=""/90})
ioctl$VHOST_SET_MEM_TABLE(r0, 0x4008af03, &(0x7f0000000680)={0x1, 0x0, [{0x0, 0xfffffeac, &(0x7f00000001c0)=""/115}]})
ioctl$VHOST_VSOCK_SET_RUNNING(r0, 0x4004af61, &(0x7f0000000340)=0xfffffffe)

4m46.251579881s ago: executing program 9 (id=2619):
getuid()
sendmsg$nl_xfrm(0xffffffffffffffff, 0x0, 0x0)
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, 0x0)
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
connect$inet(r0, &(0x7f0000000000)={0x2, 0x4e20, @dev={0xac, 0x14, 0x14, 0x18}}, 0x10)
sendmsg$inet(r0, &(0x7f00000015c0)={0x0, 0x0, 0x0}, 0x0)
timer_create(0x0, &(0x7f0000000240)={0x0, 0x21, 0x2, @thr={0x0, 0x0}}, &(0x7f0000000300)=<r1=>0x0)
fcntl$lock(0xffffffffffffffff, 0x25, &(0x7f0000000040)={0x0, 0x0, 0xfd8b, 0x5})
mprotect(&(0x7f0000000000/0xf000)=nil, 0xf000, 0x1)
timer_settime(r1, 0x1, &(0x7f0000000040)={{}, {0x0, 0x989680}}, 0x0)
ioctl$sock_ipv4_tunnel_SIOCADDTUNNEL(0xffffffffffffffff, 0x89f1, &(0x7f0000000440)={'sit0\x00', &(0x7f0000000480)={'syztnl0\x00', 0x0, 0x7800, 0x8000, 0x1, 0x5, {{0x5, 0x4, 0x0, 0x0, 0x14, 0x3, 0x0, 0x1, 0x4, 0x0, @local, @loopback}}}})

4m46.08648481s ago: executing program 9 (id=2620):
prlimit64(0x0, 0xe, &(0x7f0000000040)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
getpid()
connect$unix(0xffffffffffffffff, 0x0, 0x0)
syz_mount_image$ext4(&(0x7f0000000200)='ext4\x00', &(0x7f0000000740)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x0, &(0x7f00000006c0), 0xfe, 0x246, &(0x7f0000000ac0)="$eJzs3T9oM2UcB/DvXRJf+75BXnURxD8gIloor5vg8rooFKQUEUGFioiL0gq1xa1xcnHQWaWTSxE3q6N0KS6K4FS1Q10ELQ4WBx0iybVS24ja1Jz0Ph+43l3vee73HLnvkyyXBGisq0muJ2klmU7SSVIcb3B3tVw93F2f2l5I+v0nfiqG7ar9ylG/K0l6SR5KslUWeamdrG4+s/fLzmP3vbnSuff9zaenJnqRh/b3dh8/eG/ujY9mH1z94qsf5opcT/dP13X+ihH/axfJLf9Fsf+Jol33CPgn5l/78OtB7m9Ncs8w/52UqV68t5Zv2OrkgXf/qu/bP355+yTHCpy/fr8zeA/s9YHGKZN0U5QzSartspyZqT7Df9O6XL68tPzq9ItLK4sv1D1TAeelm+w++smlj6+cyP/3rSr/wMU1yP+T8xvfDrYPWnWPBpiIO6rVIP/Tz63dH/mHxpF/aC75h+aSf2gu+Yfmkn9oLvmHC6xztNEbeVj+obnkH5pL/qG5jucfAGiW/qW6n0AG6lL3/AMAAAAAAAAAAAAAAAAAAJy2PrW9cLRMquZn7yT7jyRpj6rfGv4ecXLj8O/ln4tBsz8UVbexPHvXmCcY0wc1P31903f11v/8znrrry0mvdeTXGu3T99/xeH9d3Y3/83xzvNjFviXihP7Dz812fon/bZRb/3ZneTTwfxzbdT8U+a24Xr0/NM9/hXLZ/TKr2OeAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgIn5PQAA//8PK23M")
mkdir(&(0x7f0000000180)='./bus\x00', 0x0)
r0 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0)
ioctl$FS_IOC_SET_ENCRYPTION_POLICY(r0, 0x800c6613, &(0x7f0000000100)=@v1={0x0, @adiantum, 0x0, @desc1})
chdir(&(0x7f0000000300)='./bus\x00')
add_key$fscrypt_v1(&(0x7f0000000040), &(0x7f0000000140)={'fscrypt:', @desc1}, &(0x7f00000001c0)={0x0, "28d7b07d54891881fe02c1203fe49696b9f26f2da4149683f065714f8a61d1f32c99064bbd27b2aa77459cff33a3a98350f1af9d51ed5bef3d63520d260804d0"}, 0x48, 0xfffffffffffffffd)
bpf$OBJ_GET_MAP(0x7, &(0x7f0000000280)=@generic={&(0x7f0000000340)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00'}, 0x18)

4m45.869252293s ago: executing program 9 (id=2621):
pipe2$9p(&(0x7f0000000200)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r1, &(0x7f0000000000)=ANY=[@ANYBLOB="1500000065ffff"], 0x15)
syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f0000000000)='./bus\x00', 0x10e, &(0x7f00000002c0)={[{@nodiscard}, {@jqfmt_vfsv0}, {@data_err_ignore}, {@inode_readahead_blks={'inode_readahead_blks', 0x3d, 0x10000}}, {@resuid}, {@norecovery}]}, 0x1, 0x458, &(0x7f0000000680)="$eJzs27tvHEUYAPBv9+yEvLAJ4ZEHYAiIiIcdOwFS0IBAogAJiSaUxnaikEuMYiORKAIHoVCiSPSIEom/gAoaBFRItNCjSBFKQ6A6tL7d3CN359fZC9zvJ609szPrmc+zcze7exfAwBrLfiQRuyPi14gYqWdbK4zVf926eXnmr5uXZ5Ko1d76I1mu9+fNyzNF1eK4XXnmSBqRfpLEwQ7tLly8dHa6Wp27kOcnFs+9N7Fw8dKzZ85Nn547PXd+6sSJ48cmX3h+6rm+xHlP1tcDH84f2v/a29femDl57Z0fv06K+Nvi6JOxXoVP1Gp9bq5ce5rSyVCJHWFNKhGRDdfw8vwfiUo0Bm8kXv241M4Bm6qW61K8VAP+x5IouwdAOYo3+uz6t9i2bvVRvhsv1S+Asrhv5Vu9ZCjSvM5w2/VtP41FxMmlv7/ItljxPoQLawBg477N1j/PdFr/pXF/U72782dDo/mzlL0RcW9E7IuI+yKW6z4QEQ+usf22hyTbI6Jt/ZNeX19kq5Ot/17Mn221rv+K1V+MVvLcnuX4h5NTZ6pzR/P/yZEY3p7lJ3u08d0rv3zWrax5/ZdtWfvFWjDvx/Wh7a3HzE4vTm8k5mY3rkQcGOoUf3J7tZlExP6IOLDONs489dWhbmUrx99DH5bDtS8jnqyP/1K0xV9Iej+fnLgrqnNHJ4qz4k4//Xz1zW7tbyj+PsjGf2fH8/92/KNJ8/PahbW3cfW3T7te04yv6/xv7NiW//5genHxwmTEtuT1eqeb9081ji3yRf0s/iOHO8//vdH4TxyMiOwkfigiHo6IR/KxezQiHouIwz3i/+Hlx9/tVvZvGP/ZtvEfba3SNv6NxLZo39M5UTn7/Tetf7GRXN3r3/HaSNPhvV7/ivNhNf1a39kMAAAA/z1pROyOJB2/nU7T8fH6Z/j3xc60Or+w+PSp+ffPz9a/IzAaw2lxp2uk6X7oZH5ZX+Sn2vLH8vvGn1d2LOfHZ+ars2UHDwNuV6f5X6mX/V4pu3fApvOxMhhc5j8MLvMfBpf5D4Orw/zfUUY/gK3X6f3/oxL6AWy9tvnvsR8MENf/MLjMfxhczfM/KbEfwJZa2BErf0leQuKORKQ961zZeBPFOboF4SSbPAt2b0qf8yncWpQs1Xev5Q/WOhSV9IIEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADQZ/8EAAD//xL/3co=")
r2 = dup(r1)
mount$9p_fd(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f0000000240), 0x0, &(0x7f0000000440)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r2])
write$FUSE_BMAP(r2, &(0x7f0000000100)={0x18, 0x0, 0x0, {0x4}}, 0x18)
write$FUSE_DIRENTPLUS(r2, &(0x7f0000000280)=ANY=[@ANYBLOB="b0"], 0xb0)
write$FUSE_NOTIFY_RETRIEVE(r2, &(0x7f00000000c0)={0x14c}, 0x137)
mount$9p_fd(0x0, &(0x7f0000000400)='./file0\x00', &(0x7f0000000140), 0x0, &(0x7f0000000680)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r1])
chdir(&(0x7f0000000000)='./file0\x00')
mknodat$loop(0xffffffffffffff9c, &(0x7f00000000c0)='./file0\x00', 0x1004, 0x1)

4m45.426232399s ago: executing program 9 (id=2625):
r0 = socket$inet_udp(0x2, 0x2, 0x0)
close(0x3)
r1 = socket$xdp(0x2c, 0x3, 0x0)
setsockopt$XDP_UMEM_REG(r1, 0x11b, 0x4, &(0x7f00000000c0)={&(0x7f0000000000)=""/74, 0x328000, 0x1000}, 0x1c)
setsockopt$XDP_UMEM_COMPLETION_RING(r1, 0x11b, 0x6, &(0x7f0000000080)=0x1, 0x4)
r2 = socket$inet6_udplite(0xa, 0x2, 0x88)
setsockopt$XDP_RX_RING(r1, 0x11b, 0x2, &(0x7f0000001980)=0x100, 0x4)
ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r2, 0x8933, &(0x7f0000000180)={'batadv_slave_0\x00', <r3=>0x0})
setsockopt$XDP_UMEM_FILL_RING(r1, 0x11b, 0x5, &(0x7f0000000140)=0x1, 0x4)
bind$xdp(r1, &(0x7f0000000100)={0x2c, 0x0, r3}, 0x10)
recvmmsg(r0, &(0x7f0000000340)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f00000002c0)=""/33, 0x21}, 0x4}], 0x3d5, 0x45833af92e4b38ff, 0x0)

4m44.283543506s ago: executing program 9 (id=2630):
syz_open_procfs(0x0, &(0x7f0000000280)='oom_score_adj\x00')
r0 = getpid()
r1 = openat$fuse(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0)
syz_mount_image$fuse(&(0x7f0000000040), &(0x7f0000000000)='./file0\x00', 0x0, &(0x7f0000002280)={{'fd', 0x3d, r1}, 0x2c, {'rootmode', 0x3d, 0x4000}}, 0x0, 0x0, 0x0)
mount$fuse(0x0, &(0x7f0000000280)='./file0\x00', 0x0, 0x100000, 0x0)
r2 = open_tree(0xffffffffffffff9c, &(0x7f0000000640)='\x00', 0x89901)
move_mount(r2, &(0x7f0000000140)='.\x00', 0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x0)
syz_mount_image$ext4(&(0x7f00000000c0)='ext4\x00', &(0x7f0000000500)='./file0\x00', 0x2008002, &(0x7f0000000080), 0x1, 0x55c, &(0x7f00000006c0)="$eJzs3c1vG2kZAPBnJh92u91mC3uAFdCCFgqqajfubrXay7YXEFqthFhxQBy6IXGjqHZdamfZhEpk/4ZFAokT/AkckDgg7YkDN45IHBDSckAqEIEaJJCMZux8NHGIiR17E/9+0mQ+Xs88z9tkPK/fcecNYGJdiYiNiJiNiHciYq67PelOcbszZa97uvl4cWvz8WIS7fbbf0vy8mxbvkNh95jPdY9ZjIhvfi3iu8nBuM219fsLtVr1UXe93Ko/LDfX1q+v1BeWq8vVB5XKrflbN167+WplaHW9XP/Fk6+uvPmtX//qsx/9buMrP8jSutAt26nHkHWqPrMTJzMdEW+eRLAxmOrOZ8ecB8eTRsQnIuIL+fk/F1P5XycAcJa123PRntu7DgCcdWneB5akpYhI024joNTpw3sxzqe1RrN17V5j9cFSp6/shZhJ763UqjcuFf7wvfzFM0m2Pp+X5eX5emXf+s2IuBQRPyqcy9dLi43a0niaPAAw8Z7be/2PiH8W0rRU6mvXHnf1AIBTo3jsPX1ZAABOq+Nf/wGA02rf9f/cuPIAAEanj8//3Zv9GyeeCwAwGv9f///FE8sDABgd9/8BYPK4/gPARPnGW29lU3ur+/zrpXfXVu833r2+VG3eL9VXF0uLjUcPS8uNxnL+zJ76UcerNRoP51+J1ffKrWqzVW6urd+tN1YftO7mz/W+W50ZSa0AgP/l0uUPf59ExMbr5/Ip9ozl4FoNZ1s67gSAsZkaZGcNBDjVPMALJldfl/C8kfDbE88FGI+eD/Mu9lx81k86sw/6CeJ7RvCxcvXT/ff/G+MZzhb9/zC5jtf//8bQ8wBGT/8/TK52O9k/5v/sThEAcCYN8BW+9g+H1QgBxuqowbyPuv8PAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAk+jC7exnkpbyscDT7GdaKkU8HxEvxExyb6VWvRERF+NyRMwUsvX5cScNAAwo/UvSHf/r6tzLF/aXzib/KuTziPj+T9/+8XsLrdaj+Wz733e2F7aHD6vs7jfAuIIAwJDl1+9Kd77ng/zTzceL29Mo83lyJ/7THYp4cWvzcT51SqYj2xhRzNsS5/+RxHR3n2JEvBQRU0OIv/F+RHyqV/2TuJD3gXRGPt0bP7qxnx9p/PSZ+Gle1plnja9PDiEXmDQf3omI273OvzSu5PPe538xf4ca3JM7nYNtv/dt7Yk/3Y001SN+ds5f6TfGK7/5+oGN7blO2fsRL033ip/sxE8Oif9yn/H/+JnPffDGIWXtn0Vcjd7x98Yqt+oPy8219esr9YXl6nL1QaVya/7Wjdduvlop533U5e2e6oP++vq1i4flltX//CHxiz3rP7uz7xf7rP/P//3Odz6/u1rYH//L21v2/f5f7Bm/I7smfqnP+Avnf3no8N1Z/KVD6n/U7/9an/E/+vP6Up8vBQBGoLm2fn+hVqs+Gmgh+xQ6jOMcWMhS7O/F283FwYL+KU6iFsdcmDmpf9VjLxT7zGd6p6043DS+nR2xR1Ha5x/JcRbSoddioIWno4o1vvckYDR2T/pxZwIAAAAAAAAAAAAAABxmFP91adx1BAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA4Oz6bwAAAP//yxbH0Q==")
r3 = syz_pidfd_open(r0, 0x0)
setns(r3, 0x24020000)
mount_setattr(0xffffffffffffff9c, &(0x7f0000000100)='.\x00', 0x8100, &(0x7f0000000200)={0x87, 0x1, 0x80000}, 0x20)

4m44.017672201s ago: executing program 38 (id=2630):
syz_open_procfs(0x0, &(0x7f0000000280)='oom_score_adj\x00')
r0 = getpid()
r1 = openat$fuse(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0)
syz_mount_image$fuse(&(0x7f0000000040), &(0x7f0000000000)='./file0\x00', 0x0, &(0x7f0000002280)={{'fd', 0x3d, r1}, 0x2c, {'rootmode', 0x3d, 0x4000}}, 0x0, 0x0, 0x0)
mount$fuse(0x0, &(0x7f0000000280)='./file0\x00', 0x0, 0x100000, 0x0)
r2 = open_tree(0xffffffffffffff9c, &(0x7f0000000640)='\x00', 0x89901)
move_mount(r2, &(0x7f0000000140)='.\x00', 0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x0)
syz_mount_image$ext4(&(0x7f00000000c0)='ext4\x00', &(0x7f0000000500)='./file0\x00', 0x2008002, &(0x7f0000000080), 0x1, 0x55c, &(0x7f00000006c0)="$eJzs3c1vG2kZAPBnJh92u91mC3uAFdCCFgqqajfubrXay7YXEFqthFhxQBy6IXGjqHZdamfZhEpk/4ZFAokT/AkckDgg7YkDN45IHBDSckAqEIEaJJCMZux8NHGIiR17E/9+0mQ+Xs88z9tkPK/fcecNYGJdiYiNiJiNiHciYq67PelOcbszZa97uvl4cWvz8WIS7fbbf0vy8mxbvkNh95jPdY9ZjIhvfi3iu8nBuM219fsLtVr1UXe93Ko/LDfX1q+v1BeWq8vVB5XKrflbN167+WplaHW9XP/Fk6+uvPmtX//qsx/9buMrP8jSutAt26nHkHWqPrMTJzMdEW+eRLAxmOrOZ8ecB8eTRsQnIuIL+fk/F1P5XycAcJa123PRntu7DgCcdWneB5akpYhI024joNTpw3sxzqe1RrN17V5j9cFSp6/shZhJ763UqjcuFf7wvfzFM0m2Pp+X5eX5emXf+s2IuBQRPyqcy9dLi43a0niaPAAw8Z7be/2PiH8W0rRU6mvXHnf1AIBTo3jsPX1ZAABOq+Nf/wGA02rf9f/cuPIAAEanj8//3Zv9GyeeCwAwGv9f///FE8sDABgd9/8BYPK4/gPARPnGW29lU3ur+/zrpXfXVu833r2+VG3eL9VXF0uLjUcPS8uNxnL+zJ76UcerNRoP51+J1ffKrWqzVW6urd+tN1YftO7mz/W+W50ZSa0AgP/l0uUPf59ExMbr5/Ip9ozl4FoNZ1s67gSAsZkaZGcNBDjVPMALJldfl/C8kfDbE88FGI+eD/Mu9lx81k86sw/6CeJ7RvCxcvXT/ff/G+MZzhb9/zC5jtf//8bQ8wBGT/8/TK52O9k/5v/sThEAcCYN8BW+9g+H1QgBxuqowbyPuv8PAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAk+jC7exnkpbyscDT7GdaKkU8HxEvxExyb6VWvRERF+NyRMwUsvX5cScNAAwo/UvSHf/r6tzLF/aXzib/KuTziPj+T9/+8XsLrdaj+Wz733e2F7aHD6vs7jfAuIIAwJDl1+9Kd77ng/zTzceL29Mo83lyJ/7THYp4cWvzcT51SqYj2xhRzNsS5/+RxHR3n2JEvBQRU0OIv/F+RHyqV/2TuJD3gXRGPt0bP7qxnx9p/PSZ+Gle1plnja9PDiEXmDQf3omI273OvzSu5PPe538xf4ca3JM7nYNtv/dt7Yk/3Y001SN+ds5f6TfGK7/5+oGN7blO2fsRL033ip/sxE8Oif9yn/H/+JnPffDGIWXtn0Vcjd7x98Yqt+oPy8219esr9YXl6nL1QaVya/7Wjdduvlop533U5e2e6oP++vq1i4flltX//CHxiz3rP7uz7xf7rP/P//3Odz6/u1rYH//L21v2/f5f7Bm/I7smfqnP+Avnf3no8N1Z/KVD6n/U7/9an/E/+vP6Up8vBQBGoLm2fn+hVqs+Gmgh+xQ6jOMcWMhS7O/F283FwYL+KU6iFsdcmDmpf9VjLxT7zGd6p6043DS+nR2xR1Ha5x/JcRbSoddioIWno4o1vvckYDR2T/pxZwIAAAAAAAAAAAAAABxmFP91adx1BAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA4Oz6bwAAAP//yxbH0Q==")
r3 = syz_pidfd_open(r0, 0x0)
setns(r3, 0x24020000)
mount_setattr(0xffffffffffffff9c, &(0x7f0000000100)='.\x00', 0x8100, &(0x7f0000000200)={0x87, 0x1, 0x80000}, 0x20)

4.226646253s ago: executing program 2 (id=3259):
sendmsg$NFT_MSG_GETSETELEM(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x4000805}, 0x8000)
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$OSF_MSG_REMOVE(r0, &(0x7f00000000c0)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x18010000}, 0xc, &(0x7f0000000080)={&(0x7f0000001980)=ANY=[@ANYBLOB="081500000105010200000000000000000100000a540201000200000000000000820002000000090073797a310000000000000000000000000000000000000000000000000000000052e351b3de1f1f84c428a69f5fcf542e179f347b12b9e914033c85227cc1cc10e269c1ae7367146aefd10b191f7f72818c1ad1de56a15b797ef5c47913f5fa97050001000300000001000080b6980100000000000200000000002ad30300000000000000080009000100000006000000c4dd010002000000020000000100050000000000070000000200770001000000070000000100000000000000060000000300000000000000af9ead690800e37b0000000004000000090001010300000024000000faff0001000000000009000000000900010000000300000087bb01800000000005000000ff0301000100000001000000030009000000000008000000020008000100000001010000f9ff08000200000006000000ff01040000000000010000000700060000000000040000000500400003000000ff03000000000500020000000300000002000f000200000000f8ffff09000200020000000b0000000500a3f902000000060000000400060001000000fdffffff400009000000000001000000080008000000000000000000ac02fcff02000000910000004c02050003000000ff0300000600420d03000000070000000500fa0403000000ff0000000101060003000000010001000000080002000000000000000100050002000000090000000000040003000000050000000300020000000000ffffffff0900030002000000050000005c0101000300000003000000000806000200000006000000540201000100000005000000071e1f00ff00150073797a3100000000000000000000000000000000000000000000000000000000bbd0314836a69262c3400e1d822bf9f0413865bf9de801de858bd3eeee90ecdc9cb0b60cab4667ab401749a07d823ddd21813ea1175814d7064a60d5c29974db040005000000000006000000050009000200000001000000ff03070001000000060000000800b4540100000000000100f144a75102000000090000008100ff0700000000ae4f0000008009000100000065cd0000189105000300000074000000030000000300000027f200003200018001000000070000001d17020002000000000000000b000000030000007fc10000340d0700020000000300000001000a0001000000030000004000b07302000000090000000400010000000000f0aa28071c9b040000000000030000000700f2ff01000000d6650000010089010200000076000000cb0b09000000000005000000020000000000000004000000854c090003000000000800006c7724000100000008000000950d010003000000070000000700000003000000030000000900000003000000000000000500050003000000080000000700020001000000000000400300000801000000060000008000030002000000090000000600000003000000d681000000000300030000000700000000050000020000000000000000010e1e030000000400000002000500020000000000000040060400000000000500000001000030000000000300000004000500030000000100000002000200020000000a000000030026fa010000000900000054020100020000000a0000001709fbff0001000073797a3100000000000000000000000000000000000000000000000000000000b0ad85c6bf1d58f8100ee74bb496e06ec5b7c425c3a4cda636f386a3d3fe4ca6eef99f18793ba193e05d7fdba9bacea103ed06709cadab2b46bb2c59515e1b220300ab0003000000030000000500dd3500000000ffffffff09000200000000000c000000ff0008000100000001010000070002000200000000000000080003000100000006000000f7ff00100300000001000000020002000300000000100000ca600900030000000a000000020040ff020000000700000001000001000000000800000001007f0002000000030000000000000000000000030000000300070003000000040000000000050000000000010000000024070000000000a46f00000100000000000000060000000700020001000000e30800000180050001000000ff0f0000070007000100000080030000000706000100000000040000090005000000000007000000fcff000000000000ff7fffff0200d000000000009e0000000070490001000000050000000900b20b02000000c90000000500010003000000ff0300000a00020001000000b50700000800000000000000000000800800fdff02000000090000000300090002000000e1000000e90b0500020000000300000002008c1500000000d9000000ff00080001000000ff07000009000900030000000500000000000200010000000b0000001000000403000000570e0000000406000300000006000000690042f4020000000400000000081502020000000008000054020100020000005000000000e500004000030073797a31000000000000000000000000000000000000000000000000000000008211733dfdf31c3b1131ef6196b1e95e4152bb370900000000000000d4e8f54300800000001000007e1632ec81f8ffffffffffffff0090c41e8b2ef4e1ddb583030007000000000009000000090002000000000000feffff00100700020000000200000008005b0002000000040000000200008003000000da00000002001000000000000b00000000800400020000000500000000000a0002000000020000008100da0002000000070000000a000700000000000900000081007f00020000000100010087000080000000000800000002000a8a02000000080000000500010000000000001000000d006a0e01000000090000000600070003000000040000003501040001000000ffffffff02000a0002000000ffffffff2c0026f100000000060000000002030001000000b8030000010401000200000009000000ab6708000100000000100000ff0fff0f03000000080000000200090003000000d100000028000001030000000300000001007f0000000000000000006a360700010000001ae800000200010002000000dc0000000200010003000000db07000009007f00000000000f0000009400e0000200000007000000080003000300000003000000040040080100000009000000050002000300000081000000fd00090003000000000000000900040003000000040000000600ffff02000000070000000900050003000000fbffffff07000a000100000005e6000005000000010000005d0d0000540201000000000005000000100400000100140073797a3100000000000000000000000000000000000000000000000000000000cd38c1f0902a606faea0bac0cdd2e8b3f7437aa59f9edbaf7c4e725c9efaa460f3e6b8bc2521ab682e7d1e739cf6c1f68994fcd060eebeac8534d33d59422a70ff7f1000010000000000008004000c0002000000070000000700020001000000ff070000f8fff7080300000000020000040000c503000000070000000180020003000000020000002be6090003000000000080040400070002000000080000000300000001000000ea000000800100000000000008000005000600030000004f0f00000900739300000000e002000007000600000000000d67000004000400010000000400000002000800000000000600000004000300030000000300000007000180030000000000310205000500030000000c000000710e9000000000000c0000000002050000000000030000000800060003000000850000000600030000000000010400000500030003000000253d0000ff01600001000000080000000000050002000000b64800000e004e0c00000000070000007500030000000000050000000101e7f903000000000018000600060003000000040000000900060001000000ff0000002d19020000000000030000000014ce0000000000000400000700ffff03000000020000000300060003000000000100000800080002000000008000000700220500000000080000000800080002000000ff7f0000f9ff07000300000001000000400000000000000005000000f9ff0200030000008ad000005402010000000000ffffff7f0d0058060200000073797a3100000000000000000000000000000000000000000000000000000000335a776ef822923f49a327fb449e4923f3f803fe06aa51bb57bf7562ac5883b3bfda3dda991d1b4bc857cafce1d475d3c2fa3161331188f2906831b7f1f9b5310000010000000000030000003e47ff0f02000000020000000800f6c0030000000d00000010000a000300000001000080050004bd020000002e87983e0001050003000000090000000cf3ff07040000007a00000002000a00010000000000000001000300010000000180000001000400000000000700000056000400010000000000000005000800020000000600000010000b0003000000000000008f8d05000100000001ffffff0700020002000000ffffffff0800030001000000050000008000080000000000060000000080000002000000a0ff00000000050001000000810000000300010001000000020000000300020100000000090000000100032300000000ffffffff000004000200000006000000050004000300000001000000000074af3e32ad55000000000800010003000000020000008100ff7f00000000030000000080010000000000090000000000000102000000070000000700070002000000070000000900f9ffd1aabb991265516406000700020000000300000080ff070000000000ebf7ffff1000060000000000030000008100060002000000010000000400f9ff0000000005000000040002000200000002000000070006000000000007000000f8ff0600020000000900000000044000030000000e0000005402010003000000010000001e0300000400280073797a3100000000000000000000000000000000000000000000000000000000e1946441b2910693a31cf8e160702c81d84915677172c51c06177a68564961188903c948b44145fd7a38857f01b964528ac8861018593f87869391094967287e02000c0001000000ff0100000200158403000000fdffffff0000060000000000b90600000800ffff010000005dba00000600400003000000f9ffffff03000500000000000600000007003f0001000000070000000101fdff010000000900000067bd090000000000020000000800810001000000000200000200830402000000feffffff04750800000000000500000002000431020000000500000006004000000000000700000001000004000000000700000001f8080003000000050000000500090001000000030000000100090002000000020000000300ff0103000000070000000500ff0101000000ff0000000500ff000100000040000000060007000300000001feffff8801060002000000020000000300008002000000ffffff7f0600860001000000d40300000700020003000000ed000000950e06000200000001000000ff030e000200000006000000f8ff010101000000feffffffff7f0100000000007d00000081007b000100000000005471fcff0c00030000004000000005000b0001000000090000000c0095040300000006000000070002000000000003000000ce4501000300000002000000060006000000000047000000010d0600020000000400000009000800000000008a0000000100080003000000010400005402010002000000ff7f000004cceb0b0800170073797a3000000000000000000000000000000000000000000000000000000000c462a83bd952df5c888672af557d292cd8c2eb217b0a5689281f637c63ec62d71b5097d32653f0853132eb78b79a347f37d55be60dc130fe44db078ca00e310663f379b602000000000000000700b3a1010000000100000000001d00010000000400000005000f0a0200000001fcffff010103000200000009000000ff00660b000000000800000003002e810000000006000000fcff0400030000000200000001013c7102000000060000000c00c70003000000018000000008010001000000000100000900020000000000060000000800f8ff02000000d50600000700070000000000040000000300070000000000050000000080040003000000080000000e000400010000000d0000000000080000000000feffffff0500070002000000000800000b000900000000000900000075e9040000000000ff030000090005000300000009000000ff7f0100030000000200000075080500010000000200000007008000010000000800000004000300010000000a000000010000000200000001ffffffa307ff0001000000800000000100ffff030000000500000006000180000000000100010005000400020000000cbf00007500f7ff03000000b0df00000004020003000000010000005c007ffa03000000000000000100030003000000030000000400040001000000080000000700ff0f03000000e6c600000700050003000000deca000005000500020000005e000000090000fe01000000080000005402010002000000030000000902010000020d0073797a310000000000000000000000000000000000000000000000000000000053189780b7a267fbde90325991929bc1f4f03bd7de9c2d344876a9bc27d0580ce3ba3e36ea9ca48ee0048bcdea9f8309871df55b019d825a7e15c14a1257b817030003000000000042fffffffdff090001000000feffffff0500010000000000020000000000010001000000010000000800040000000000fdffffff709a0c000000000001000000000807000200000003000000030006000100000002000000080081000000000001000000853b030000000000000000010800080000000000fbffffff7a0cff0f03000000030000000500533602000000008000000900d06f00000000ff0f0000010458e6020000000800000001000300030000000001000003000001030000000200000004000101030000005a000000010406000100000005000000fcff48000300000007000000ff0f0e0001000000010000000600ff010100000001000080090005000100000009000000ffff040002000000010000000700060001000000c4a8ffff0a00820b0100000001000000f8ff0900000000000700000005000900000000000900000000000001000000000d000000070000000300000006000000050009000200000000100000000103000000000068caf6220300f90f01000000000000000800000002000000020000000300040002000000ff07000009"], 0x1508}, 0x1, 0x0, 0x0, 0x24000000}, 0x0)
writev(r0, &(0x7f0000000040), 0x2)
r1 = syz_init_net_socket$802154_raw(0x24, 0x3, 0x0)
r2 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_CREATE(r2, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000000)=ANY=[@ANYBLOB="5c0000000206030000000000008000000000000805000100070000000900020073797a30000000001400078008001240001500000500150000100000050005000000000005000400000000000d000300686173683a6d6163"], 0x5c}}, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
socket$inet_udplite(0x2, 0x2, 0x88)
r3 = socket(0x400000000010, 0x3, 0x0)
r4 = ioctl$KVM_GET_STATS_FD_cpu(r2, 0xaece)
ioctl$IOMMU_TEST_OP_CREATE_ACCESS(0xffffffffffffffff, 0x3ba0, &(0x7f0000000280)={0x48, 0x5, 0x0, 0x0, <r5=>0xffffffffffffffff, 0x1})
ioctl$IOMMU_TEST_OP_ACCESS_RW(r4, 0x3ba0, &(0x7f0000000480)={0x48, 0x8, r5, 0x0, 0x10000, 0x12, &(0x7f0000000440)="ed5615db42e3f3c9a951a52ff1aeda2edef7", 0x4})
ioctl$sock_SIOCETHTOOL(r3, 0x89f0, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
socket(0x11, 0x80a, 0x0)
r6 = socket$igmp6(0xa, 0x3, 0x3a)
setsockopt$MRT6_ASSERT(r6, 0x29, 0xcf, 0x0, 0x4)
r7 = syz_init_net_socket$802154_raw(0x24, 0x3, 0x0)
dup2(r1, r7)

2.322818864s ago: executing program 3 (id=3264):
r0 = openat$sndtimer(0xffffffffffffff9c, &(0x7f00000001c0), 0x0)
quotactl_fd$Q_SYNC(r0, 0x8dbd21d8df17c9e7, 0x0, 0x0)

2.305618536s ago: executing program 2 (id=3265):
r0 = syz_io_uring_setup(0x5b0c, &(0x7f0000000100)={0x0, 0x948a, 0x400, 0x3, 0x3c0}, &(0x7f0000000080), &(0x7f00000001c0))
io_uring_register$IORING_REGISTER_FILES_UPDATE2(r0, 0xe, &(0x7f0000002500)={0x9, 0x0, &(0x7f0000002440)=[{0x0}], 0x0, 0x1}, 0x20)

2.086566958s ago: executing program 1 (id=3268):
r0 = openat$userio(0xffffffffffffff9c, &(0x7f0000000080), 0x22242, 0x0)
write$USERIO_CMD_SEND_INTERRUPT(r0, &(0x7f0000000000)={0x2, 0x4}, 0x2)

2.086270698s ago: executing program 3 (id=3269):
r0 = socket$l2tp(0x2, 0x2, 0x73)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000340)={'veth1_to_team\x00'})

2.073688939s ago: executing program 1 (id=3271):
munmap(&(0x7f0000ffc000/0x4000)=nil, 0x4000)
prctl$PR_SET_MM(0x23, 0x1, &(0x7f0000ffc000/0x1000)=nil)

2.003049563s ago: executing program 2 (id=3272):
bpf$PROG_LOAD(0x5, &(0x7f00000006c0)={0x6, 0x19, &(0x7f0000000200)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @xdp, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
socket$netlink(0x10, 0x3, 0x0)
socket(0x10, 0x803, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000040)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
r3 = socket$inet_udplite(0x2, 0x2, 0x88)
setsockopt$IPT_SO_SET_REPLACE(r3, 0x4000000000000, 0x40, &(0x7f00000005c0)=@raw={'raw\x00', 0x41, 0x3, 0x200, 0x0, 0x0, 0x0, 0x120, 0x0, 0x1f0, 0x1f0, 0x1f0, 0x1f0, 0x1f0, 0x3, 0x0, {[{{@ip={@private, @remote, 0x0, 0x0, 'wlan1\x00', 'wg1\x00', {}, {}, 0x6}, 0x0, 0x70, 0x98, 0x0, {0x0, 0xffffffffa0028000}}, @common=@inet=@TCPMSS={0x28, 'TCPMSS\x00', 0x0, {0xffff}}}, {{@ip={@broadcast, @private, 0x0, 0x0, 'veth1_to_team\x00', 'sit0\x00'}, 0x0, 0x70, 0xd0}, @common=@SET={0x60}}], {{'\x00', 0x0, 0x70, 0x98}, {0x28, '\x00', 0x4}}}}, 0x260)
openat(0xffffffffffffff9c, &(0x7f0000000240)='./file0\x00', 0x2042, 0x19d)
r4 = openat$dir(0xffffffffffffff9c, &(0x7f0000000240)='./file0\x00', 0x0, 0x0)
r5 = fanotify_init(0xf00, 0x1000)
fanotify_mark(r5, 0x105, 0x10000839, r4, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000100)='./bus\x00', 0x42, 0x0)
renameat2(0xffffffffffffff9c, &(0x7f0000000480)='./bus\x00', 0xffffffffffffff9c, &(0x7f00000004c0)='./file0\x00', 0x2)
bind$inet6(0xffffffffffffffff, 0x0, 0x0)
listen(0xffffffffffffffff, 0x6)
r6 = socket$kcm(0x10, 0x2, 0x0)
sendmsg$kcm(r6, 0x0, 0x0)
syz_emit_ethernet(0x4a, 0x0, 0x0)
syz_emit_ethernet(0x4a, &(0x7f0000000040)={@local, @dev, @void, {@ipv6={0x86dd, @tcp={0x0, 0x6, '\x00', 0x14, 0x6, 0x1, @remote, @local, {[], {{0x0, 0x4e22, 0x41424344, 0x41424344, 0x0, 0x2, 0x5}}}}}}}, 0x0)
syz_emit_ethernet(0x4a, &(0x7f0000000000)=ANY=[@ANYBLOB], 0x0)
openat$tun(0xffffffffffffff9c, &(0x7f0000000100), 0x204800, 0x0)

2.002874853s ago: executing program 3 (id=3273):
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000000)=@newlink={0x30, 0x10, 0x801, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x14080, 0x10000}, [@IFLA_OPERSTATE={0x5, 0x10, 0x5}, @IFLA_GROUP={0x8}]}, 0x30}, 0x1, 0x0, 0x0, 0x20000040}, 0x0)

1.950430426s ago: executing program 6 (id=3274):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x7, 0x100}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
r3 = socket(0x28, 0x5, 0x0)
bind$vsock_stream(r3, &(0x7f0000000040)={0x28, 0x0, 0x0, @local}, 0x10)
listen(r3, 0x0)
r4 = socket(0x28, 0x5, 0x0)
connect$vsock_stream(r4, &(0x7f0000000080)={0x28, 0x0, 0x0, @local}, 0x10)
write$binfmt_elf64(r4, &(0x7f0000000240)=ANY=[], 0x40000)
r5 = accept4$unix(r3, 0x0, 0x0, 0x0)
recvmmsg(r5, &(0x7f0000000c00)=[{{0x0, 0x0, &(0x7f0000000b00)=[{&(0x7f00000007c0)=""/240, 0xf0}], 0x1}, 0x1ff}], 0x1, 0x20022, 0x0)
recvfrom$unix(r5, 0x0, 0x0, 0x40, 0x0, 0x0)

1.941039997s ago: executing program 1 (id=3275):
r0 = openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000240), 0xc2882, 0x0)
pwritev(r0, &(0x7f0000000280)=[{&(0x7f00000000c0)="98672395b88085d8d1329c1fa586c5a7b28caf2a64cfaa40fe1ed33fcf2812fdffffffff", 0x24}], 0x1, 0x1003, 0x22000005)

1.823360124s ago: executing program 3 (id=3276):
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000300)=@newlink={0x44, 0x10, 0x401, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x24, 0x12, 0x0, 0x1, @ip6erspan={{0xe}, {0x10, 0x2, 0x0, 0x1, [@IFLA_GRE_COLLECT_METADATA={0x4}, @IFLA_GRE_ERSPAN_VER={0x5, 0x16, 0x42}]}}}]}, 0x44}}, 0x0)

1.766173277s ago: executing program 1 (id=3277):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r0, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
ioctl$sock_SIOCSIFVLAN_ADD_VLAN_CMD(r1, 0x8983, 0x0)
r3 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000040)={'tunl0\x00', <r4=>0x0})
sendmsg$nl_route_sched(r3, &(0x7f0000001200)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000500)=@newqdisc={0x24, 0x24, 0x4ee4e6a52ff56541, 0x0, 0x2, {0x0, 0x0, 0x0, r4, {0x0, 0xfff2}, {0xffff, 0xffff}, {0xffe0, 0x4}}}, 0x24}}, 0x4000010)
mkdir(&(0x7f0000000340)='./file0\x00', 0x0)
mount(0x0, &(0x7f0000000180)='./file0\x00', &(0x7f0000000080)='ramfs\x00', 0x2014800, 0x0)
chroot(&(0x7f0000000040)='./file0\x00')
umount2(&(0x7f00000000c0)='./file0\x00', 0x0)
read$FUSE(0xffffffffffffffff, 0x0, 0x0)
socket(0x10, 0x3, 0x0)
r5 = socket$igmp(0x2, 0x3, 0x2)
setsockopt$MRT_ADD_MFC_PROXY(r5, 0x0, 0xd2, &(0x7f0000000040)={@broadcast, @multicast1, 0x2, "4f6fb4d1af0f724e6118ecd4ac1100843af297baebb0efcdf5a284da144a011a", 0x0, 0x8000}, 0x3c)
setsockopt$MRT_DEL_MFC_PROXY(r5, 0x0, 0xd3, &(0x7f00000000c0)={@multicast2, @multicast1, 0x0, "c6c0e6ec8755b5dc4e305886d95f086707764f8d0e5a0358ea21274f844a69e9", 0x0, 0x200}, 0x3c)

922.701786ms ago: executing program 6 (id=3278):
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000480)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000600)=@ipv6_newrule={0x2c, 0x20, 0x2d2c6d60ea1da725, 0x70bd29, 0x25dfdbfd, {0xa, 0x0, 0x0, 0xcd, 0xff, 0x0, 0x0, 0x1, 0x10002}, [@FIB_RULE_POLICY=@FRA_PRIORITY={0x8}, @FIB_RULE_POLICY=@FRA_FWMASK={0x8, 0x10, 0x5}]}, 0x2c}, 0x1, 0x0, 0x0, 0x20000005}, 0x0)

871.686979ms ago: executing program 3 (id=3279):
syz_mount_image$vfat(&(0x7f0000000880), &(0x7f0000003200)='./file2\x00', 0x4204, &(0x7f0000003240)=ANY=[], 0x3, 0x33a, &(0x7f00000000c0)="$eJzs3M9LI2cYwPEnMcYkosmhtLRQfGkv7WXQtOdiKAqlgYqaUj0Io07akGkimWBJKVVPvZbeeyr0IB69Cbv+A172tnvZy95yWdjDyrLsLPPL/NaYVePq9wPLvHnf98m8b943yzODk/pPf/9azFtaXq9KOKYkJCJyKpKSsARC/jHslqPSbFe+HH/x+NOlldXvM9ns3KJS85nlr9JKqcmpB7/9Efe7HY3JSWqt/jz97OTDk4/rb5Z/KViqYKlSuap0tV5+WtXXTUNtFqyiptSCaeiWoQoly6h47bNee94sb23VlF7anEhsVQzLUnqppopGTVXLqlqpKf1nvVBSmqapiYTAMdG7yVnQRT0z4BtvDDoi3KxKJaOPiEi8oyW3P5QBAQCAoWrP/8NOSj9Q/i+Tbv7vdG7k/wefHVfHfzycPHJi1+pH0W75/9dPvPdqyf9jItLI/8t95///yiXy/86M6H7J7S8Onv/jdpiKdlSFWl45+X/C//669mIH026B/B8AAAAAAAAAAAAAAAAAAAAAgPfBqW0nbdtOBsfgX+MRAv817qRe6z8mIjFn9W3W/y5bWlmVmPvgnrPG5l/bue2cd/Q7HIuIKYZMS1Jeu/vB55SDJ4+UIyUPzR03/pVzHHFbMnkpuPEzkpRUe7xtz3+XnZtRHj/+7DGlRHN8WpLyQff4dGu8M/6d7VxUvvi8KV6TpDzakLKYsunu60b8nzNKfftDti0+7p0EAAAAAIA7QFMq5F8+p1qvf73rd01Tqnu79ysjmbx7m6jH/QHv+nq66/V5JPlJZNizBwAAAADgfrBqvxd10zQq5xTicnGfwQuR/jpH22pGz+s80jTDfscTdW9kiLzrvP7r81NtKQR/SNHSFPMrBxtPMP8rW6/d5pqw9BEVaR/8lFOhLnn2PX8iZzXBbaNoj89ZFjrfJ3zOThi9sv380T//v7y6L8g3h8EOuLjz3qDnirXvOrcwet3/7wAAAAC4eY2kP6iZbW4ODWVQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADcM9fyk35thWHPEQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAALgt3gYAAP//v/v5kg==")
truncate(&(0x7f0000000080)='./file2\x00', 0x3)

706.628979ms ago: executing program 2 (id=3280):
syz_mount_image$udf(&(0x7f0000000f00), &(0x7f0000000080)='./file0\x00', 0xa04804, &(0x7f0000000540)=ANY=[@ANYBLOB='umask=00000000000000000000000,lastblock=00000000000000000005,unhide,unhide,novrs,dmode=00000000000000000000003,uid=forget,iocharset=macromanian,longad,gid=forget,mode=00000000000000000000011,gid=forget,anchor=00000000000000002311,euid<', @ANYRESDEC, @ANYBLOB="2c6f626a5f747970753d262c00649136c50f84aa6f048dd68fa629cfe9b32da64e8be754b7994c2779bda60ed5d8679e010b58496bafb15dc7c9bccebd6a12ae7019a5759fb4031123e8c3d3ce6e56d9af29feea3fb1ab882a2ec010065c052ac0ae663403256a04455d83dd648fa3bb8412a9aeab924e5c5c56815ee59ed5c4f50e25352a9179cad682e1d21cd9ac6a1a2dc0b0365c7de6d44c0ebc04c6992468d03847ed29c49c36136be7388cdce5ed772c4e8544fd38a81e69cb92796adcf49e7fe4d40c47b32d8826fd0a28e194114db52ab78bc3f7147f8b71f56a0239fa5b5755444ecbfaacd6ff285cd469377381afc551cc6843c4c559d81f9b9a80"], 0x1, 0xc52, &(0x7f0000001a80)="$eJzs3U9sHNd9B/DfGy3FldJWTJwqThoHm7ZIZcZy9S+mYhXuqqbZBpBlIhRzC8CVSKkLUyRBUo1spAXTSw89BCiKHnIi0BoFUjQwmiLokWldILn4UOTUE9HCRlD0wBYBAhQIWMzsW3FJkbYs/hFlfz429Z2deW/mvZn1jCzozQsAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIOL3Xrp85mzaZsORR9AYAOBAXB376plz2z3/AYAPrWs7/f8/AAAAAAAAAAAAAABwWKQo4olIMXd1LU1UnzvqV9p9d+6OD49sX+1YqmoeqcqXP/Wz585f+NJzQxe7eaU98x7199pn4pWxa5cbL87enpufWliYmmyMz7RvzE5OPfAedlt/q8HqBDRuv3pn8ubNhca5Z89v2nx34N3+j50cuDT09OmnumXHh0dGxjaK1HvL1x66IR07jfA4GkWcjhTPfO+nqRURRez+XNQP9tpvdazqxGDVifHhkaoj0+3WzGK5cbR7IoqIRk+lZvccbX8totZ3oH3YWTNiqWx+2eDBsntjc6351vXpqcZoa36xvdienRlNndaW/WlEERdTxHJErPbfv7u+KKIWKb5zYi1dz2/9qM7DF6uBwTu3o9jHPj6Asp2Nvojl4jG4ZodYfxTxcqT42Vun4ka+z1T3mi9EvFzmDyLeKPOFiFR+MS5EvLPN94jHUy2K+PPy+l9aS5PV/aB7X7nytcZXZm7O9pTt3lc+4PPhvjvFI3o+HNuSB+OQ35vqUUSruuOvpYf/zQ4AAAAAAAAAAAAAAAAAe+1YFPHpSPHSv/1RNa44qnHpJy4N/f7AL/eOGX/yffZTln02IpaKBxuTezQPDBxNoyk94rHEH2X1KOKP8/i/bz3qxgAAAAAAAAAAAAAAAAAAAHykFfGTSPH826fScvTOKd6eudW41ro+3ZkVtjv3b3fO9PX19fVG6mQz50TOpZzLOVdyruaMItfP2cw5kXMp53LOlZyrOeNIrp+zmXMi51LO5ZwrOVdzRi3Xz9nMOZFzKedyzpWcqznjkMzdCwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADwYVJEEb+IFN/+xlqKFBHNiIno5Er/o24dAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAFDqT0V8P1I0/qB5b10tIlL1b8ep8pcL0Txa5ieiOVTmC9G8nLNVZa35rUfQfnanLxXx40jRX3/z3gXP17+v8+ne1yDe+ObGp8/UOnmku3Hg3f6PnTxxaWjkc0/utJy2a8DglfbMnbuN8eGRkbGe1bV89E/0rBvIxy32putExMJrr7/amp6emn/4hfIr8JDVu1dyF0c/yIVUe2yaamEvFqJ2KJrxaPq+Sf1R3JzYd+Xz/51I8dtv/3v3gd95/tfjlzqf7j3h4+d/svH8f37rjh7w+V/bWi8//8snwXbP/yd61j2ffzfSV4uoL96e6zsZUV947fXT7dutW1O3pmYunDnz5aGhL58/03c0on6zPT3Vs7QnpwsAAAAAAAAAAAAAAADg4KQifjdStH68lhoRcbcarzVwaejp008diSPVeKtN47ZfGbt2ufHi7O25+amFhanJxvhM+8bs5NSDHq5eDfcaHx7Zl868r2P73P5j9Rdn516bb9/6w8Vttx+vX76+sDjfurH95jgWRUSzd81g1eDx4ZGq0dPt1kxVdXTbwfQfXF8q4j8ixY0LjfT5vC6P/986wn/T+P+lrTvaw/H/nzu+Mf7v4z1Fy2OmVMTPI8Vv/cWT8fmqncfjvnOWy/1NpBi8+NlcLo6W5bpt6LxXoDMysCz7P5HiH36xuWx3POQTG2XPfqCT+xgor/+JSPH9P/tu/Hpet/n9D9tf/+Nbd7RP73/4ZM+645veV7DrrpOv/+lI8cITb8ZvVGv+7z3f/9F9Y8OpTuGN93Ps0/X/1Z51A/m4v7lXnQcAAAAAAAAAAHiM9aUi/jZS/HCklp7L6x7k7/9Nbt3RPv39r0/1rJvcm/mK3ndh1ycVAAAAAA6JvlTETyLFrcU3742h3jz+u2f85+9sjP8cTlu2Vn/O9yvVewP28s//eg3k407svtsAAAAAAAAAAAAAAAAAAABwqKRUxHN5PvWJajz/5I7zqa9Eipf+65lcLp0sy3XngR+ofq1fnZ05fXl6erYei63r01ONsbnWjamy7icjxdpffzbXLar51bvzzXfmeN+Yi30+Uoz8XbdsZy727tzknfnA6+vrEWfLsh+PFP/595vL5qmp89zR1X7PlWX/KlJ8/Z+2L3tyo+z5sux3I8WPvt7olj1elu2+H/VTG2WfvTFb7MNVAQAAAAAAAAAAAAAAAAAA4KOmLxXxp5Hiv28v3xvLn+f/7+v5WHnjmz3z/W9xt5rnf6Ca/3+n5YeZ/796r8DSTkcFAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIAPpxRFvB4p5q6upZX+8nNH/Up75s7d8eGR7asdS1XNI1X58qd+9tz5C196buhiN9+7/l77dLwydu1y48XZ23PzUwsLU5ON8Zn2jdnJqQfew27rbzVYnYDG7VfvTN68udA49+z5TZvvDrzb/7GTA5eGnj79VLfs+PDIyFhPmVrfQx/9PmmH9UejiL+MFM9876fph/0RRez+XLzPd2e/Has6MVh1Ynx4pOrIdLs1s1huHO2eiCKi0VOp2T1HB3AtdqUZsVQ2v2zwYNm9sbnWfOv69FRjtDW/2F5sz86Mpk5ry/40ooiLKWI5Ilb7799dXxTxaqT4zom19M/9EUe65+GLV8e+eubczu0o9rGPD6BsZ6MvYrl4DK7ZIdYfRfxjpPjZW6fiX/ojatH5iS9EvFzmDyLeiM71TuUX40LEO9t8j3g81aKI/y2v/6W19FZ/eT/o3leufK3xlZmbsz1lu/eVx/75cJAO+b2pHkX8qLrjr6V/9d81AAAAAAAAAAAAAAAAwCFSxK9FiuffPpWq8cH3xhS3Z241rrWuT3eG9XXH/nXHTK+vr683UiebOSdyLuVczrmSczVnFLl+zmaZ9fX1ifx5KedyzpWcqznjSK6fs5lzIudSzuWcKzlXc0Yt18/ZzDmRcynncs6VnKs545CM3QMAAAAAAAAAAAAAAAAAAD5ciuqfFN/+xlpa7+/MLz0RnVzZaT7QgYNtI/vn/wMAAP//9dD2HQ==")
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='cpu.stat\x00', 0x275a, 0x0)

352.999249ms ago: executing program 3 (id=3281):
r0 = dup(0xffffffffffffffff)
write(0xffffffffffffffff, 0x0, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000100)=0x6)
r4 = fsopen(&(0x7f0000000100)='ocfs2_dlmfs\x00', 0x0)
fsconfig$FSCONFIG_CMD_CREATE(r4, 0x6, 0x0, 0x0, 0x0)
r5 = fsmount(r4, 0x0, 0x0)
fchdir(r5)
mkdirat(0xffffffffffffff9c, &(0x7f0000000500)='./file0\x00', 0x804000000000000)
mprotect(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1)
pwritev2(r0, &(0x7f0000000500)=[{0x0}], 0x1, 0xd8c1, 0x0, 0x0)

346.2441ms ago: executing program 6 (id=3289):
r0 = syz_open_dev$tty1(0xc, 0x4, 0x1)
ioctl$TIOCL_SETSEL(r0, 0x541c, &(0x7f00000000c0)={0x2, {0x2, 0xfffc, 0x2fd, 0x1, 0x101}})

249.445606ms ago: executing program 1 (id=3282):
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000006c0)=@newsa={0x13c, 0x10, 0x713, 0x2, 0x0, {{@in=@multicast1, @in6=@ipv4={'\x00', '\xff\xff', @multicast1}, 0x0, 0x0, 0x40, 0x6, 0x0, 0xa0, 0x0, 0x0, 0x0, 0xffffffffffffffff}, {@in6=@rand_addr=' \x01\x00', 0x0, 0x33}, @in=@broadcast, {0x2, 0x0, 0x0, 0x0, 0x8, 0x0, 0x200000000000000}, {0x5, 0xfffffffffffffffd}, {0x0, 0x0, 0x4}, 0x70bd2b, 0x0, 0x2, 0x0, 0x7f, 0x6a}, [@algo_auth_trunc={0x4c, 0x14, {{'sha1\x00'}, 0x0, 0x100}}]}, 0x13c}}, 0x0)

210.663658ms ago: executing program 2 (id=3283):
r0 = socket$nl_audit(0x10, 0x3, 0x9)
sendmsg$AUDIT_SET(r0, &(0x7f0000001ec0)={0x0, 0x0, &(0x7f0000001e80)={&(0x7f0000001e40)={0x3c, 0x3e9, 0x200, 0x70bd25, 0x25dfdbfb, {0x2, 0x1, 0x1, 0x0, 0x7, 0x8001, 0x0, 0x3ff, 0x0, 0x8a37, 0x3}}, 0x3c}, 0x1, 0x0, 0x0, 0x40080c0}, 0x0)

210.074648ms ago: executing program 6 (id=3284):
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0x6, 0x4, &(0x7f0000000080)=@framed={{0x18, 0x2, 0x0, 0x0, 0xfffff000, 0x0, 0x0, 0x0, 0x3}, [@call={0x85, 0x0, 0x0, 0x5}]}, &(0x7f00000001c0)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @xdp, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x7ffffc}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000600)={r0, 0x0, 0x2107, 0x0, &(0x7f0000000100), 0x0, 0x1008, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9}, 0x50)

66.485296ms ago: executing program 6 (id=3285):
r0 = syz_open_procfs(0x0, &(0x7f0000000080)='net/wireless\x00')
lseek(r0, 0x1, 0x1)

66.154726ms ago: executing program 2 (id=3286):
r0 = fsopen(&(0x7f0000001140)='gadgetfs\x00', 0x1)
fsconfig$FSCONFIG_CMD_CREATE(r0, 0x6, 0x0, 0x0, 0x0)

65.865516ms ago: executing program 1 (id=3287):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFQNL_MSG_CONFIG(r0, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000680)={&(0x7f0000000780)={0x28, 0x2, 0x3, 0x401, 0x0, 0x0, {0x0, 0x0, 0xa}, [@NFQA_CFG_PARAMS={0x9, 0x2, {0xa8cca9d1}}, @NFQA_CFG_CMD={0x8, 0x1, {0x1, 0x0, 0x9}}]}, 0x28}, 0x1, 0x0, 0x0, 0x40c0}, 0x8000)

0s ago: executing program 6 (id=3288):
unshare(0x20000400)
fcntl$setownex(0xffffffffffffffff, 0xf, 0x0)

kernel console output (not intermixed with test programs):

 4
[  492.329167][T11729] tmpfs: Unknown parameter 'sòàƒòÖ<–«ÞíA%'
[  493.148561][ T5776] Bluetooth: hci3: unexpected Set CIG Parameters response data
[  493.161173][ T5776] Bluetooth: hci3: unexpected event for opcode 0x2062
[  496.667915][ T5776] Bluetooth: hci3: unexpected event 0x2f length: 509 > 260
[  497.215952][ T5776] Bluetooth: hci3: Controller not accepting commands anymore: ncmd = 0
[  497.233473][ T5776] Bluetooth: hci3: Injecting HCI hardware error event
[  497.246123][ T5776] Bluetooth: hci3: hardware error 0x00
[  499.365027][ T5776] Bluetooth: hci3: Opcode 0x0c03 failed: -110
[  500.615337][ T9277] usb 7-1: new high-speed USB device number 7 using dummy_hcd
[  500.817418][ T9277] usb 7-1: unable to get BOS descriptor or descriptor too short
[  500.836757][ T9277] usb 7-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  500.872573][ T9277] usb 7-1: config 1 has 0 interfaces, different from the descriptor's value: 2
[  500.902727][ T9277] usb 7-1: New USB device found, idVendor=2040, idProduct=b990, bcdDevice=f6.75
[  500.914606][ T9277] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  500.927217][ T9277] usb 7-1: Product: syz
[  500.931514][ T9277] usb 7-1: Manufacturer: syz
[  500.945389][ T9277] usb 7-1: SerialNumber: syz
[  502.015210][ T1280] ieee802154 phy0 wpan0: encryption failed: -22
[  502.021683][ T1280] ieee802154 phy1 wpan1: encryption failed: -22
[  502.131169][T11797] netlink: 12 bytes leftover after parsing attributes in process `syz.6.1423'.
[  502.147273][T11797] netlink: 'syz.6.1423': attribute type 13 has an invalid length.
[  502.170920][T11797] gretap0: refused to change device tx_queue_len
[  502.177634][T11797] A link change request failed with some changes committed already. Interface gretap0 may have been left with an inconsistent configuration, please check.
[  503.386853][ T9548] usb 7-1: USB disconnect, device number 7
[  504.923896][T11852] loop6: detected capacity change from 0 to 512
[  505.035308][T11852] EXT4-fs (loop6): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  505.112546][T11852] ext4 filesystem being mounted at /163/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  506.333201][T11867] loop8: detected capacity change from 0 to 2048
[  506.701482][T11867] NILFS (loop8): invalid segment: Checksum error in segment payload
[  506.709615][T11867] NILFS (loop8): trying rollback from an earlier position
[  506.717745][T11867] NILFS (loop8): invalid segment: Checksum error in segment payload
[  506.725782][T11867] NILFS (loop8): error -22 while searching super root
[  506.859176][T11324] I/O error, dev loop8, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2
[  506.948052][ T8175] EXT4-fs (loop6): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  507.589251][T11880] trusted_key: syz.3.1439 sent an empty control message without MSG_MORE.
[  512.890042][T11920] netlink: 32 bytes leftover after parsing attributes in process `syz.8.1446'.
[  512.905742][T11920] netlink: 32 bytes leftover after parsing attributes in process `syz.8.1446'.
[  514.266577][T11926] loop8: detected capacity change from 0 to 32768
[  515.272051][T11926] ocfs2: Slot 0 on device (7,8) was already allocated to this node!
[  515.347596][T11926] ocfs2: Mounting device (7,8) on (node local, slot 0) with ordered data mode.
[  515.495910][T11937] loop6: detected capacity change from 0 to 8
[  516.804736][T10540] ocfs2: Unmounting device (7,8) on (node local)
[  517.876615][T11958] loop8: detected capacity change from 0 to 128
[  517.918199][T11958] UDF-fs: error (device loop8): udf_read_tagged: read failed, block=256, location=256
[  517.987326][ T5814] usb 7-1: new full-speed USB device number 8 using dummy_hcd
[  518.222876][ T5814] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 10
[  518.305117][ T5814] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  519.352246][ T5814] usb 7-1: New USB device found, idVendor=1e7d, idProduct=319c, bcdDevice= 0.00
[  519.363138][ T5814] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  519.392003][ T5814] usb 7-1: config 0 descriptor??
[  519.434453][T11973] loop8: detected capacity change from 0 to 1024
[  520.553168][T11981] 8021q: adding VLAN 0 to HW filter on device macvlan2
[  521.251930][ T3005] hfsplus: b-tree write err: -5, ino 4
[  521.536045][T11986] loop8: detected capacity change from 0 to 256
[  521.706536][T11986] loop8: detected capacity change from 0 to 4096
[  521.737495][T11986] ext4: Unknown parameter 'seclabel'
[  522.015943][T11994] overlayfs: failed to clone lowerpath
[  522.738144][T11996] netlink: 20 bytes leftover after parsing attributes in process `syz.8.1457'.
[  522.748539][T11996] netlink: 64 bytes leftover after parsing attributes in process `syz.8.1457'.
[  522.775108][ T5814] usbhid 7-1:0.0: can't add hid device: -71
[  522.781182][ T5814] usbhid: probe of 7-1:0.0 failed with error -71
[  522.821896][ T5814] usb 7-1: USB disconnect, device number 8
[  527.302325][T12051] loop6: detected capacity change from 0 to 128
[  528.399635][T12064] IPVS: length: 528 != 183903660728
[  529.308085][T12069] 8021q: adding VLAN 0 to HW filter on device macvlan3
[  532.425359][T12091] loop6: detected capacity change from 0 to 128
[  532.455512][T12091] UDF-fs: error (device loop6): udf_read_tagged: read failed, block=256, location=256
[  532.474748][T12091] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000)
[  533.994630][T12107] loop6: detected capacity change from 0 to 164
[  534.107733][T12104] netlink: 24 bytes leftover after parsing attributes in process `syz.6.1477'.
[  537.696148][T12139] netlink: 44 bytes leftover after parsing attributes in process `syz.1.1483'.
[  539.085063][T12151] 8021q: adding VLAN 0 to HW filter on device macvlan2
[  540.706038][T12178] loop8: detected capacity change from 0 to 8
[  544.085799][T12207] loop8: detected capacity change from 0 to 128
[  544.143877][T12207] UDF-fs: error (device loop8): udf_read_tagged: read failed, block=256, location=256
[  546.283462][T12225] 9pnet_fd: Insufficient options for proto=fd
[  546.378001][T12231] 8021q: adding VLAN 0 to HW filter on device bond2
[  546.557863][T12236] (null): rxe_set_mtu: Set mtu to 1024
[  546.616121][T12231] 8021q: adding VLAN 0 to HW filter on device macvlan2
[  546.642093][T12231] bond2: (slave macvlan2): Enslaving as an active interface with a down link
[  548.360575][T12236] __ib_cache_gid_add: unable to add gid fe80:0000:0000:0000:c8a5:d2ff:fec9:1b0c error=-28
[  549.558565][T12236] infiniband syz0: set down
[  549.581601][T12236] infiniband syz0: added bond0
[  549.593707][T12236] syz0: rxe_create_cq: returned err = -12
[  549.607169][T12236] infiniband syz0: Couldn't create ib_mad CQ
[  549.622160][T12236] infiniband syz0: Couldn't open port 1
[  549.732547][T12236] RDS/IB: syz0: added
[  549.754810][T12236] smc: adding ib device syz0 with port count 1
[  549.798835][T12236] smc:    ib device syz0 port 1 has pnetid 
[  551.547290][T12282] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1506'.
[  554.606454][T12301] netlink: 'syz.1.1510': attribute type 25 has an invalid length.
[  554.632348][   T28] audit: type=1326 audit(1770307246.216:129): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12298 comm="syz.8.1509" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f879c19aeb9 code=0x7fc00000
[  554.996237][T12307] mmap: syz.3.1511 (12307) uses deprecated remap_file_pages() syscall. See Documentation/mm/remap_file_pages.rst.
[  555.535718][T12315] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1512'.
[  555.595087][   T28] audit: type=1326 audit(1770307247.166:130): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12298 comm="syz.8.1509" exe="/root/syz-executor" sig=0 arch=c000003e syscall=39 compat=0 ip=0x7f879c19aeb9 code=0x7fc00000
[  555.862315][T12319] xt_socket: unknown flags 0xc
[  557.177490][T12338] netlink: 32 bytes leftover after parsing attributes in process `syz.3.1517'.
[  557.187387][T12338] netlink: 32 bytes leftover after parsing attributes in process `syz.3.1517'.
[  559.433718][T12327] loop8: detected capacity change from 0 to 32768
[  560.116529][T12327] workqueue: Failed to create a rescuer kthread for wq "xfs-reclaim/loop8": -EINTR
[  563.441366][ T1280] ieee802154 phy0 wpan0: encryption failed: -22
[  563.483684][ T1280] ieee802154 phy1 wpan1: encryption failed: -22
[  563.520361][T12382] netlink: 2124 bytes leftover after parsing attributes in process `syz.3.1526'.
[  563.624598][T12382] netlink: 44 bytes leftover after parsing attributes in process `syz.3.1526'.
[  564.021555][T12392] netlink: 32 bytes leftover after parsing attributes in process `syz.1.1527'.
[  564.031674][T12392] netlink: 32 bytes leftover after parsing attributes in process `syz.1.1527'.
[  565.422715][T12397] x_tables: ip6_tables: TCPMSS target: only valid for protocol 6
[  566.920542][T12418] netlink: 'syz.8.1531': attribute type 1 has an invalid length.
[  566.929375][T12418] netlink: 'syz.8.1531': attribute type 2 has an invalid length.
[  567.740831][T12422] gfs2: path_lookup on c::;ø�N€�…L‰´¶;o$: returned error -2
[  569.029740][T12436] iommufd_mock iommufd_mock1: Adding to iommu group 0
[  570.451253][T12454] netlink: 24 bytes leftover after parsing attributes in process `syz.3.1538'.
[  572.946164][T12470] bridge0: entered allmulticast mode
[  577.977064][T12521] netlink: 64 bytes leftover after parsing attributes in process `syz.6.1549'.
[  579.048185][T12534] vivid-007: disconnect
[  579.652203][T12526] vivid-007: reconnect
[  579.930471][T12544] siw: device registration error -23
[  581.562031][ T5089] Bluetooth: hci4: command 0x0406 tx timeout
[  583.712680][T12563] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1557'.
[  586.501210][T12586] autofs4:pid:12586:autofs_fill_super: called with bogus options
[  588.319803][T12588] batadv_slave_1: entered promiscuous mode
[  589.108592][T12618] loop6: detected capacity change from 0 to 1024
[  589.127795][T12618] EXT4-fs: Ignoring removed mblk_io_submit option
[  589.134394][T12618] EXT4-fs: Ignoring removed orlov option
[  589.650166][T12618] EXT4-fs (loop6): Test dummy encryption mode enabled
[  589.666431][T12618] EXT4-fs (loop6): ext4_check_descriptors: Inode bitmap for group 0 overlaps block group descriptors
[  589.677618][T12618] EXT4-fs (loop6): ext4_check_descriptors: Checksum for group 0 failed (12914!=20869)
[  589.687487][T12618] EXT4-fs (loop6): can't mount with data=, fs mounted w/o journal
[  593.778905][T12638] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1572'.
[  594.223754][T12648] xt_socket: unknown flags 0xc
[  595.000737][T12669] netlink: 'syz.1.1575': attribute type 1 has an invalid length.
[  595.151511][T12675] bond5: (slave vxcan1): The slave device specified does not support setting the MAC address
[  595.163513][T12675] bond5: (slave vxcan1): Error -95 calling set_mac_address
[  596.362320][T12675] bond5: (slave gretap2): making interface the new active one
[  596.376162][T12675] bond5: (slave gretap2): Enslaving as an active interface with an up link
[  596.507132][T12669] macvlan3: entered promiscuous mode
[  596.522815][T12669] macvlan3: entered allmulticast mode
[  597.084004][T12669] bond5: entered promiscuous mode
[  597.119669][T12669] gretap2: entered promiscuous mode
[  597.142857][T12669] 8021q: adding VLAN 0 to HW filter on device macvlan3
[  597.164064][T12669] bond5: (slave macvlan3): the slave hw address is in use by the bond; giving it the hw address of gretap2
[  597.214533][T12669] bond5: left promiscuous mode
[  597.253052][T12669] gretap2: left promiscuous mode
[  597.802547][T12712] netlink: 2124 bytes leftover after parsing attributes in process `syz.8.1580'.
[  598.823721][T12719] loop8: detected capacity change from 0 to 1024
[  600.115919][T12734] loop6: detected capacity change from 0 to 512
[  600.127390][T12734] EXT4-fs: Ignoring removed i_version option
[  600.437770][T12735] xt_CT: No such helper "pptp"
[  602.703224][T12734] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled
[  603.364304][T12742] x_tables: ip6_tables: TPROXY target: used from hooks FORWARD, but only usable from PREROUTING
[  603.520330][T12742] bridge0: left allmulticast mode
[  603.568123][T12742] 8021q: adding VLAN 0 to HW filter on device bond0
[  603.598601][T12742] 8021q: adding VLAN 0 to HW filter on device team0
[  604.470806][T12734] EXT4-fs warning (device loop6): ext4_multi_mount_protect:398: Unable to create kmmpd thread for loop6.
[  604.543330][T12742] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.
[  604.696887][ T5850] ip6_tunnel: ip6gretap0 xmit: Local address not yet configured!
[  605.097165][T12756] loop8: detected capacity change from 0 to 512
[  605.797238][ T5814] ip6_tunnel: ip6gretap0 xmit: Local address not yet configured!
[  606.131974][T12756] EXT4-fs (loop8): 1 truncate cleaned up
[  606.138460][T12756] EXT4-fs (loop8): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  606.558150][ T1141] ip6_tunnel: ip6gretap0 xmit: Local address not yet configured!
[  606.578086][T12766] netlink: 2124 bytes leftover after parsing attributes in process `syz.1.1589'.
[  606.607211][T12757] netlink: 32 bytes leftover after parsing attributes in process `syz.3.1588'.
[  606.633883][T10540] EXT4-fs (loop8): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  606.823237][T12763] netlink: 32 bytes leftover after parsing attributes in process `syz.3.1588'.
[  609.735142][T12785] x_tables: duplicate underflow at hook 1
[  610.333808][ T1141] ip6_tunnel: ip6gretap0 xmit: Local address not yet configured!
[  610.381551][ T8602] IPVS: starting estimator thread 0...
[  610.406702][ T1141] ip6_tunnel: ip6gretap0 xmit: Local address not yet configured!
[  610.505077][T12789] IPVS: using max 19 ests per chain, 45600 per kthread
[  612.249406][T12800] netlink: 'syz.1.1594': attribute type 4 has an invalid length.
[  612.257355][T12800] netlink: 1601 bytes leftover after parsing attributes in process `syz.1.1594'.
[  612.540848][ T5850] ip6_tunnel: ip6gretap0 xmit: Local address not yet configured!
[  613.327328][ T5814] usb 9-1: new high-speed USB device number 3 using dummy_hcd
[  613.795066][ T5814] usb 9-1: Using ep0 maxpacket: 32
[  613.827134][ T5814] usb 9-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  613.998773][ T5814] usb 9-1: config 1 has 2 interfaces, different from the descriptor's value: 3
[  614.034902][ T5814] usb 9-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[  614.063192][ T5814] usb 9-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  614.475018][    C0] ip6_tunnel: ip6gretap0 xmit: Local address not yet configured!
[  614.982287][ T5814] usb 9-1: Product: syz
[  614.986593][ T5814] usb 9-1: Manufacturer: syz
[  614.991233][ T5814] usb 9-1: SerialNumber: syz
[  615.271416][ T5814] usb 9-1: Audio class v2/v3 interfaces need an interface association
[  615.296168][ T5814] snd-usb-audio: probe of 9-1:1.0 failed with error -22
[  615.315686][ T5814] usb 9-1: USB disconnect, device number 3
[  615.335769][T12837] netlink: 200 bytes leftover after parsing attributes in process `syz.1.1603'.
[  616.143827][T12805] udevd[12805]: error opening ATTR{/sys/devices/platform/dummy_hcd.8/usb9/9-1/9-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  616.972311][ T5851] usb 7-1: new high-speed USB device number 9 using dummy_hcd
[  617.449049][ T5851] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  617.468167][ T5851] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  617.489855][ T5851] usb 7-1: New USB device found, idVendor=18ec, idProduct=3288, bcdDevice=69.cf
[  617.781566][ T5851] usb 7-1: New USB device strings: Mfr=1, Product=0, SerialNumber=0
[  617.803907][ T5851] usb 7-1: Manufacturer: syz
[  617.828850][ T5851] usb 7-1: config 0 descriptor??
[  617.842255][ T5851] usb 7-1: Found UVC 0.00 device <unnamed> (18ec:3288)
[  617.854479][ T5851] usb 7-1: No valid video chain found.
[  617.865766][T12857] loop8: detected capacity change from 0 to 8
[  617.918391][T12857] squashfs image failed sanity check
[  618.084001][ T5850] usb 7-1: USB disconnect, device number 9
[  619.575146][ T5776] Bluetooth: hci2: Unexpected cc 0x0000 with no status
[  622.315066][    C0] ip6_tunnel: ip6gretap0 xmit: Local address not yet configured!
[  624.814497][T12914] autofs4:pid:12914:autofs_fill_super: called with bogus options
[  624.883749][ T1280] ieee802154 phy0 wpan0: encryption failed: -22
[  624.890320][ T1280] ieee802154 phy1 wpan1: encryption failed: -22
[  625.092025][T12925] loop6: detected capacity change from 0 to 128
[  625.403058][ T8602] usb 9-1: new high-speed USB device number 4 using dummy_hcd
[  626.177734][ T8602] usb 9-1: config 0 has an invalid interface number: 156 but max is 0
[  626.189374][ T8602] usb 9-1: config 0 has an invalid descriptor of length 255, skipping remainder of the config
[  626.207232][ T8602] usb 9-1: config 0 has no interface number 0
[  626.216301][ T8602] usb 9-1: config 0 interface 156 altsetting 0 endpoint 0x3 has an invalid bInterval 0, changing to 7
[  626.235477][ T8602] usb 9-1: config 0 interface 156 altsetting 0 endpoint 0x3 has invalid wMaxPacketSize 0
[  626.246572][ T8602] usb 9-1: config 0 interface 156 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[  626.255007][ T5814] usb 7-1: new high-speed USB device number 10 using dummy_hcd
[  626.264204][ T8602] usb 9-1: New USB device found, idVendor=abcd, idProduct=cdee, bcdDevice= 5.b9
[  626.276497][ T8602] usb 9-1: New USB device strings: Mfr=0, Product=0, SerialNumber=2
[  626.287946][ T8602] usb 9-1: SerialNumber: syz
[  626.297862][ T8602] usb 9-1: config 0 descriptor??
[  626.456469][ T8602] gspca_main: spca561-2.14.0 probing abcd:cdee
[  627.255019][ T5814] usb 7-1: Using ep0 maxpacket: 8
[  627.781724][ T8602] spca561: probe of 9-1:0.156 failed with error -22
[  627.806279][ T8602] usb 9-1: Quirk or no altest; falling back to MIDI 1.0
[  627.816419][ T8602] usb 9-1: MIDIStreaming interface descriptor not found
[  627.843419][ T5814] usb 7-1: config 2 has an invalid interface number: 226 but max is 0
[  627.914104][ T8602] usb 9-1: USB disconnect, device number 4
[  627.941196][ T5814] usb 7-1: config 2 has no interface number 0
[  627.972038][ T5814] usb 7-1: config 2 interface 226 altsetting 91 endpoint 0xD has invalid maxpacket 512, setting to 64
[  628.026719][ T5814] usb 7-1: config 2 interface 226 altsetting 91 endpoint 0xE has invalid maxpacket 1023, setting to 64
[  628.058866][ T5814] usb 7-1: config 2 interface 226 altsetting 91 endpoint 0xA has invalid maxpacket 512, setting to 64
[  628.104907][ T5814] usb 7-1: config 2 interface 226 has no altsetting 0
[  628.117603][ T5814] usb 7-1: New USB device found, idVendor=05c8, idProduct=0403, bcdDevice=d4.d4
[  628.134957][ T5814] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  628.148879][ T5814] usb 7-1: Product: syz
[  628.153343][ T5814] usb 7-1: Manufacturer: syz
[  628.227652][T12954] x_tables: ip6_tables: TPROXY target: used from hooks FORWARD, but only usable from PREROUTING
[  628.477869][T12954] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.
[  628.922477][ T5814] usb 7-1: SerialNumber: syz
[  629.109935][ T5814] usb 7-1: can't set config #2, error -71
[  629.134653][ T5814] usb 7-1: USB disconnect, device number 10
[  630.331436][T12972] netlink: 'syz.1.1643': attribute type 30 has an invalid length.
[  630.345253][T12972] netdevsim netdevsim1 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0
[  630.354624][T12972] netdevsim netdevsim1 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0
[  630.363510][T12972] netdevsim netdevsim1 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0
[  630.372335][T12972] netdevsim netdevsim1 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0
[  630.384399][T12972] netdevsim netdevsim1 netdevsim0: unset [0, 0] type 1 family 0 port 8472 - 0
[  630.393584][T12972] netdevsim netdevsim1 netdevsim1: unset [0, 0] type 1 family 0 port 8472 - 0
[  630.402926][T12972] netdevsim netdevsim1 netdevsim2: unset [0, 0] type 1 family 0 port 8472 - 0
[  630.411946][T12972] netdevsim netdevsim1 netdevsim3: unset [0, 0] type 1 family 0 port 8472 - 0
[  630.451262][T12980] 9pnet_virtio: no channels available for device syz
[  630.494131][T12978] netlink: 'syz.1.1643': attribute type 30 has an invalid length.
[  630.573384][T12978] netdevsim netdevsim1 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0
[  630.582236][T12978] netdevsim netdevsim1 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0
[  630.591375][T12978] netdevsim netdevsim1 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0
[  630.600238][T12978] netdevsim netdevsim1 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0
[  630.928422][T12986] iommufd_mock iommufd_mock1: Adding to iommu group 0
[  630.954501][T12988] autofs4:pid:12988:autofs_fill_super: called with bogus options
[  631.056630][T12978] netdevsim netdevsim1 netdevsim0: unset [0, 0] type 1 family 0 port 8472 - 0
[  631.065865][T12978] netdevsim netdevsim1 netdevsim1: unset [0, 0] type 1 family 0 port 8472 - 0
[  631.074995][T12978] netdevsim netdevsim1 netdevsim2: unset [0, 0] type 1 family 0 port 8472 - 0
[  631.084025][T12978] netdevsim netdevsim1 netdevsim3: unset [0, 0] type 1 family 0 port 8472 - 0
[  631.465044][ T9275] usb 7-1: new high-speed USB device number 11 using dummy_hcd
[  631.640744][T12993] ecryptfs_parse_options: You must supply at least one valid auth tok signature as a mount parameter; see the eCryptfs README
[  631.656960][T12993] Error parsing options; rc = [-22]
[  635.328089][ T9275] usb 7-1: device descriptor read/all, error -71
[  635.680249][T13005] x_tables: ip6_tables: TPROXY target: used from hooks FORWARD, but only usable from PREROUTING
[  636.041011][T13005] 8021q: adding VLAN 0 to HW filter on device bond0
[  636.051431][T13005] infiniband syz0: set active
[  636.062767][T13005] infiniband syz0: set down
[  636.074640][T13005] infiniband syz0: set down
[  636.094630][T13005] 8021q: adding VLAN 0 to HW filter on device team0
[  637.487953][T13007] loop8: detected capacity change from 0 to 1024
[  637.504526][T13007] EXT4-fs: Ignoring removed mblk_io_submit option
[  637.511288][T13007] EXT4-fs: Ignoring removed orlov option
[  638.059302][T13007] EXT4-fs (loop8): Test dummy encryption mode enabled
[  638.066586][T13007] EXT4-fs (loop8): ext4_check_descriptors: Inode bitmap for group 0 overlaps block group descriptors
[  638.077509][T13007] EXT4-fs (loop8): ext4_check_descriptors: Checksum for group 0 failed (12914!=20869)
[  638.087263][T13007] EXT4-fs (loop8): can't mount with data=, fs mounted w/o journal
[  638.134738][T13005] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.
[  638.315005][    C0] ip6_tunnel: ip6gretap0 xmit: Local address not yet configured!
[  639.400622][T13026] ecryptfs_parse_options: You must supply at least one valid auth tok signature as a mount parameter; see the eCryptfs README
[  639.415397][T13026] Error parsing options; rc = [-22]
[  643.345756][T13048] loop6: detected capacity change from 0 to 256
[  643.415685][T13048] FAT-fs (loop6): Directory bread(block 64) failed
[  643.422354][T13048] FAT-fs (loop6): Directory bread(block 65) failed
[  643.453236][T13048] FAT-fs (loop6): Directory bread(block 66) failed
[  643.484108][T13048] FAT-fs (loop6): Directory bread(block 67) failed
[  643.526148][T13048] FAT-fs (loop6): Directory bread(block 68) failed
[  643.532833][T13048] FAT-fs (loop6): Directory bread(block 69) failed
[  643.573346][T13048] FAT-fs (loop6): Directory bread(block 70) failed
[  643.591129][T13048] FAT-fs (loop6): Directory bread(block 71) failed
[  643.659876][T13048] FAT-fs (loop6): Directory bread(block 72) failed
[  643.674401][T13048] FAT-fs (loop6): Directory bread(block 73) failed
[  644.551225][T13074] ecryptfs_parse_options: You must supply at least one valid auth tok signature as a mount parameter; see the eCryptfs README
[  644.564883][T13074] Error parsing options; rc = [-22]
[  648.446909][T13076] loop6: detected capacity change from 0 to 1024
[  649.097153][T13089] usb usb8: usbfs: process 13089 (syz.6.1678) did not claim interface 0 before use
[  649.479668][T13103] usb usb8: usbfs: process 13103 (syz.6.1684) did not claim interface 0 before use
[  649.811124][T13109] loop6: detected capacity change from 0 to 64
[  649.826498][ T5776] Bluetooth: hci2: unexpected cc 0x080d length: 7 > 3
[  649.833435][ T5776] Bluetooth: hci2: unexpected event for opcode 0x080d
[  650.332838][T13120] Cannot find del_set index 4 as target
[  650.537900][T13128] netlink: 'syz.6.1696': attribute type 10 has an invalid length.
[  650.571447][ T5776] Bluetooth: hci2: unexpected event for opcode 0x0c0d
[  650.897196][T13146] loop6: detected capacity change from 0 to 64
[  651.082951][T13146] Trying to free block not in datazone
[  651.103035][T13146] Trying to free block not in datazone
[  651.128331][T13146] Trying to free block not in datazone
[  651.498768][T13161] netlink: 16 bytes leftover after parsing attributes in process `syz.1.1711'.
[  651.850732][T13152] loop8: detected capacity change from 0 to 32768
[  651.906315][T13152] XFS (loop8): Mounting V5 Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb
[  652.064177][T13152] XFS (loop8): Ending clean mount
[  652.100120][T13152] XFS (loop8): Quotacheck needed: Please wait.
[  652.255263][T13152] XFS (loop8): Quotacheck: Done.
[  652.384612][T10540] XFS (loop8): Unmounting Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb
[  652.397640][T13162] loop6: detected capacity change from 0 to 32768
[  652.542770][T13162] add_index: next_index = 0.  Resetting!
[  652.551796][T13162] find_entry called with index >= next_index
[  652.559681][T13162] find_entry called with index >= next_index
[  652.575157][T13162] find_entry called with index >= next_index
[  652.591643][T13162] find_entry called with index >= next_index
[  652.832158][T13188] netlink: 2124 bytes leftover after parsing attributes in process `syz.3.1730'.
[  652.875681][T13188] netlink: 44 bytes leftover after parsing attributes in process `syz.3.1730'.
[  654.636975][ T5776] Bluetooth: hci2: Controller not accepting commands anymore: ncmd = 0
[  654.646184][ T5776] Bluetooth: hci2: Injecting HCI hardware error event
[  654.699586][ T5776] Bluetooth: hci2: hardware error 0x00
[  655.539803][T13210] loop6: detected capacity change from 0 to 32768
[  655.620989][T13210] ocfs2: Slot 0 on device (7,6) was already allocated to this node!
[  655.681030][T13210] ocfs2: Mounting device (7,6) on (node local, slot 0) with ordered data mode.
[  655.738722][ T1141] (kworker/u4:7,1141,0):ocfs2_check_dir_entry:325 ERROR: bad entry in directory #72: rec_len % 4 != 0 - offset=312, inode=13845347915746889, rec_len=25793, name_len=214
[  656.131670][ T8175] ocfs2: Unmounting device (7,6) on (node local)
[  656.465046][ T5814] usb 9-1: new high-speed USB device number 5 using dummy_hcd
[  656.664958][ T5814] usb 9-1: Using ep0 maxpacket: 16
[  656.671745][ T5814] usb 9-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  656.682929][ T5814] usb 9-1: New USB device found, idVendor=2006, idProduct=0118, bcdDevice= 0.00
[  656.692071][ T5814] usb 9-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  656.703207][ T5814] usb 9-1: config 0 descriptor??
[  656.725019][ T8602] usb 7-1: new full-speed USB device number 13 using dummy_hcd
[  656.794932][ T5776] Bluetooth: hci2: Opcode 0x0c03 failed: -110
[  656.914234][ T8602] usb 7-1: config 0 has an invalid interface number: 1 but max is 0
[  656.923232][ T8602] usb 7-1: config 0 has no interface number 0
[  656.929767][ T8602] usb 7-1: config 0 interface 1 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 10
[  656.940863][ T8602] usb 7-1: config 0 interface 1 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  656.951028][ T8602] usb 7-1: New USB device found, idVendor=5543, idProduct=0522, bcdDevice= 0.00
[  656.960406][ T8602] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  656.971353][ T8602] usb 7-1: config 0 descriptor??
[  657.133618][ T5814] hkems 0003:2006:0118.0005: hidraw0: USB HID v10.00 Device [HID 2006:0118] on usb-dummy_hcd.8-1/input0
[  657.145299][ T5814] hkems 0003:2006:0118.0005: no inputs found
[  657.151413][ T5814] hkems 0003:2006:0118.0005: force feedback init failed
[  657.321891][ T5814] usb 9-1: USB disconnect, device number 5
[  657.387030][ T8602] hid (null): global environment stack underflow
[  657.398869][ T8602] uclogic 0003:5543:0522.0006: global environment stack underflow
[  657.407019][ T8602] uclogic 0003:5543:0522.0006: item 0 4 1 11 parsing failed
[  657.414972][ T8602] uclogic 0003:5543:0522.0006: parse failed
[  657.421078][ T8602] uclogic: probe of 0003:5543:0522.0006 failed with error -22
[  657.601440][ T5814] usb 7-1: USB disconnect, device number 13
[  659.454029][T13312] netlink: 2124 bytes leftover after parsing attributes in process `syz.6.1761'.
[  659.464099][T13312] netlink: 44 bytes leftover after parsing attributes in process `syz.6.1761'.
[  661.594940][ T8602] usb 7-1: new high-speed USB device number 14 using dummy_hcd
[  661.666173][T13345] netlink: 2124 bytes leftover after parsing attributes in process `syz.1.1773'.
[  661.679525][T13345] netlink: 44 bytes leftover after parsing attributes in process `syz.1.1773'.
[  661.805119][ T8602] usb 7-1: Using ep0 maxpacket: 8
[  661.827472][ T8602] usb 7-1: New USB device found, idVendor=10c4, idProduct=8244, bcdDevice=dc.00
[  661.858411][ T8602] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  661.874730][ T8602] usb 7-1: Product: syz
[  661.892772][ T8602] usb 7-1: Manufacturer: syz
[  661.897907][ T8602] usb 7-1: SerialNumber: syz
[  661.915624][ T8602] usb 7-1: config 0 descriptor??
[  661.924178][ T8602] radio-usb-si4713 7-1:0.0: Si4713 development board discovered: (10C4:8244)
[  662.022995][T13357] overlayfs: failed to clone upperpath
[  662.154091][T13363] loop8: detected capacity change from 0 to 1024
[  662.179134][T13365] vlan3: entered promiscuous mode
[  662.184259][T13365] macvlan0: entered promiscuous mode
[  662.598146][ T8602] radio-usb-si4713: probe of 7-1:0.0 failed with error -71
[  662.611848][T13376] netlink: 2124 bytes leftover after parsing attributes in process `syz.1.1786'.
[  662.623794][ T8602] usbhid 7-1:0.0: couldn't find an input interrupt endpoint
[  662.625446][T13376] netlink: 44 bytes leftover after parsing attributes in process `syz.1.1786'.
[  662.652757][ T8602] usb 7-1: USB disconnect, device number 14
[  663.797953][T13401] sp0: Synchronizing with TNC
[  663.815607][T13400] [U] è`
[  665.124956][ T5852] usb 9-1: new high-speed USB device number 6 using dummy_hcd
[  665.315013][ T5852] usb 9-1: Using ep0 maxpacket: 32
[  665.324301][ T5852] usb 9-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  665.346927][ T5852] usb 9-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  665.378020][ T5852] usb 9-1: New USB device found, idVendor=046d, idProduct=c31c, bcdDevice= 0.40
[  665.404923][ T5852] usb 9-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  665.430837][ T5852] usb 9-1: config 0 descriptor??
[  665.454112][ T5852] hub 9-1:0.0: USB hub found
[  665.684952][ T5852] hub 9-1:0.0: 26 ports detected
[  665.705163][ T5852] hub 9-1:0.0: insufficient power available to use all downstream ports
[  666.123056][ T5852] usb 9-1: USB disconnect, device number 6
[  666.714703][T13461] loop6: detected capacity change from 0 to 32768
[  666.752260][T13461] 
[  666.752260][T13461]  ... Log Wrap ... Log Wrap ... Log Wrap ...
[  666.752260][T13461] 
[  666.871181][T13461] find_entry called with index = 0
[  666.897269][T13461] read_mapping_page failed!
[  666.901900][T13461] ERROR: (device loop6): txCommit: 
[  666.901900][T13461] 
[  667.136357][T11543] ERROR: (device loop6): diWrite: ixpxd invalid
[  667.136357][T11543] 
[  667.158028][T11543] ERROR: (device loop6): txCommit: 
[  667.158028][T11543] 
[  667.170394][T11543] jfs_write_inode: jfs_commit_inode failed!
[  667.176958][ T8175] 
[  667.176958][ T8175]  ... Log Wrap ... Log Wrap ... Log Wrap ...
[  667.176958][ T8175] 
[  667.195636][ T8175] 
[  667.195636][ T8175]  ... Log Wrap ... Log Wrap ... Log Wrap ...
[  667.195636][ T8175] 
[  667.401343][T13473] loop8: detected capacity change from 0 to 2048
[  667.458995][T13473]  loop8: p1 < > p3
[  667.474958][T13473] loop8: p3 size 134217728 extends beyond EOD, truncated
[  668.395124][    C0] ip6_tunnel: ip6gretap0 xmit: Local address not yet configured!
[  668.698762][T13078] udevd[13078]: inotify_add_watch(7, /dev/loop8p1, 10) failed: No such file or directory
[  668.730977][T13250] udevd[13250]: inotify_add_watch(7, /dev/loop8p3, 10) failed: No such file or directory
[  669.130251][T13490] loop6: detected capacity change from 0 to 2048
[  669.167762][T13490] EXT4-fs (loop6): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  669.185286][T13490] ext4 filesystem being mounted at /251/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  669.281898][T13490] overlayfs: missing 'lowerdir'
[  669.510955][ T8175] EXT4-fs (loop6): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  674.119694][T13520] loop8: detected capacity change from 0 to 4096
[  674.197027][T13520] ntfs: (device loop8): ntfs_read_locked_inode(): $DATA attribute is missing.
[  674.228369][T13520] ntfs: (device loop8): ntfs_read_locked_inode(): Failed with error code -2.  Marking corrupt inode 0xa as bad.  Run chkdsk.
[  674.241607][T13520] ntfs: (device loop8): load_and_init_upcase(): Failed to load $UpCase from the volume. Using default.
[  674.266994][T13520] ntfs: volume version 3.1.
[  674.380908][T13523] loop6: detected capacity change from 0 to 128
[  674.453404][T13523] VFS: Found a Xenix FS (block size = 512) on device loop6
[  674.588238][ T8175] sysv_free_block: trying to free block not in datazone
[  674.602546][T10540] ntfs: (device loop8): ntfs_put_super(): Volume has errors.  Leaving volume marked dirty.  Run chkdsk.
[  674.621513][ T8175] sysv_free_inode: inode 0,1,2 or nonexistent inode
[  677.409067][T13572] loop6: detected capacity change from 0 to 128
[  677.496383][T13572] syz.6.1857: attempt to access beyond end of device
[  677.496383][T13572] loop6: rw=2051, sector=104, nr_sectors = 25 limit=128
[  677.588125][T13575] loop8: detected capacity change from 0 to 64
[  677.681438][T13575] Trying to free block not in datazone
[  677.706000][T13575] Trying to free block not in datazone
[  677.711618][T13575] Trying to free block not in datazone
[  677.741830][T13575] Trying to free block not in datazone
[  677.752630][T13575] minix_free_block (loop8:6): bit already cleared
[  677.761468][T13575] Trying to free block not in datazone
[  677.771743][T13575] Trying to free block not in datazone
[  678.759302][T13588] loop8: detected capacity change from 0 to 256
[  679.566284][T13598] loop8: detected capacity change from 0 to 512
[  679.595412][T13598] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE
[  679.666178][T13598] EXT4-fs error (device loop8): ext4_xattr_inode_iget:437: comm syz.8.1866: Parent and EA inode have the same ino 15
[  679.746564][T13598] EXT4-fs error (device loop8): ext4_xattr_inode_iget:437: comm syz.8.1866: Parent and EA inode have the same ino 15
[  679.768736][T13598] EXT4-fs (loop8): 1 orphan inode deleted
[  679.778901][T13598] EXT4-fs (loop8): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  679.990151][T10540] EXT4-fs (loop8): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  681.591106][T13626] loop6: detected capacity change from 0 to 512
[  681.656647][T13626] EXT4-fs: Ignoring removed mblk_io_submit option
[  681.746258][T13626] EXT4-fs (loop6): ext4_check_descriptors: Checksum for group 0 failed (17031!=33349)
[  681.798244][T13626] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=a802e02c, mo2=0002]
[  681.822750][T13626] System zones: 1-12
[  681.861486][T13626] EXT4-fs (loop6): orphan cleanup on readonly fs
[  681.904046][T13626] EXT4-fs error (device loop6): ext4_validate_block_bitmap:439: comm syz.6.1877: bg 0: block 361: padding at end of block bitmap is not set
[  681.951642][T13626] EXT4-fs (loop6): Remounting filesystem read-only
[  681.983670][T13626] EXT4-fs (loop6): 1 truncate cleaned up
[  682.001624][T13626] EXT4-fs (loop6): mounted filesystem 00000000-0000-0000-0000-000000000007 ro without journal. Quota mode: none.
[  682.140023][T13626] EXT4-fs warning (device loop6): dx_probe:823: inode #2: lblock 0: comm syz.6.1877: error -117 reading directory block
[  682.214624][T13626] EXT4-fs warning (device loop6): dx_probe:823: inode #2: lblock 0: comm syz.6.1877: error -117 reading directory block
[  682.330765][ T8175] EXT4-fs (loop6): unmounting filesystem 00000000-0000-0000-0000-000000000007.
[  682.675282][ T9546] usb 9-1: new high-speed USB device number 7 using dummy_hcd
[  682.866789][ T9546] usb 9-1: Using ep0 maxpacket: 32
[  682.875889][ T9546] usb 9-1: config 0 has 1 interface, different from the descriptor's value: 2
[  682.889979][ T9546] usb 9-1: too many endpoints for config 0 interface 0 altsetting 5: 69, using maximum allowed: 30
[  682.903004][ T9546] usb 9-1: config 0 interface 0 altsetting 5 has 0 endpoint descriptors, different from the interface descriptor's value: 69
[  682.916384][ T9275] usb 7-1: new high-speed USB device number 15 using dummy_hcd
[  682.929265][ T9546] usb 9-1: config 0 interface 0 has no altsetting 1
[  682.938293][ T9546] usb 9-1: New USB device found, idVendor=152d, idProduct=0539, bcdDevice= 0.00
[  682.954978][ T9546] usb 9-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3
[  682.963942][ T9546] usb 9-1: SerialNumber: syz
[  682.978326][ T9546] usb 9-1: config 0 descriptor??
[  682.990232][ T9546] usb-storage 9-1:0.0: USB Mass Storage device detected
[  683.023558][ T9546] usb-storage 9-1:0.0: Quirks match for vid 152d pid 0539: 4000000
[  683.124890][ T9275] usb 7-1: Using ep0 maxpacket: 16
[  683.134278][ T9275] usb 7-1: config 0 has an invalid interface number: 41 but max is 0
[  683.153224][ T9275] usb 7-1: config 0 has no interface number 0
[  683.160244][ T9275] usb 7-1: config 0 interface 41 altsetting 2 bulk endpoint 0x4 has invalid maxpacket 16
[  683.179023][ T9275] usb 7-1: config 0 interface 41 altsetting 2 bulk endpoint 0x82 has invalid maxpacket 64
[  683.202678][ T9546] usb 9-1: USB disconnect, device number 7
[  683.209708][ T9275] usb 7-1: config 0 interface 41 has no altsetting 0
[  683.229519][ T9275] usb 7-1: New USB device found, idVendor=0fe6, idProduct=9700, bcdDevice=d1.9a
[  683.248333][ T9275] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  683.262746][ T9275] usb 7-1: Product: syz
[  683.267877][ T9275] usb 7-1: Manufacturer: syz
[  683.272758][ T9275] usb 7-1: SerialNumber: syz
[  683.284832][ T9275] usb 7-1: config 0 descriptor??
[  683.293919][T13655] raw-gadget.1 gadget.6: fail, usb_ep_enable returned -22
[  683.302584][T13655] raw-gadget.1 gadget.6: fail, usb_ep_enable returned -22
[  683.531665][T13655] raw-gadget.1 gadget.6: fail, usb_ep_enable returned -22
[  683.539626][T13655] raw-gadget.1 gadget.6: fail, usb_ep_enable returned -22
[  683.764332][ T9275] sr9700 7-1:0.41 (unnamed net_device) (uninitialized): Error reading MAC address
[  683.787039][ T9275] usb 7-1: USB disconnect, device number 15
[  686.325854][ T1280] ieee802154 phy0 wpan0: encryption failed: -22
[  686.332218][ T1280] ieee802154 phy1 wpan1: encryption failed: -22
[  686.997303][ T5852] usb 9-1: new high-speed USB device number 8 using dummy_hcd
[  687.194959][ T5852] usb 9-1: Using ep0 maxpacket: 16
[  687.287974][ T5852] usb 9-1: config 0 interface 0 altsetting 0 endpoint 0x84 has invalid wMaxPacketSize 0
[  687.525804][ T5852] usb 9-1: New USB device found, idVendor=2040, idProduct=0264, bcdDevice=4e.d1
[  687.704953][ T5852] usb 9-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  687.713012][ T5852] usb 9-1: Product: syz
[  687.733836][ T5852] usb 9-1: Manufacturer: syz
[  687.753461][ T5852] usb 9-1: SerialNumber: syz
[  687.782762][ T5852] usb 9-1: config 0 descriptor??
[  687.830982][ T5852] em28xx 9-1:0.0: New device syz syz @ 480 Mbps (2040:0264, interface 0, class 0)
[  687.860425][ T5852] em28xx 9-1:0.0: DVB interface 0 found: bulk
[  688.462532][ T5852] em28xx 9-1:0.0: unknown em28xx chip ID (209)
[  688.763814][ T5852] em28xx 9-1:0.0: reading from i2c device at 0xa0 failed (error=-5)
[  688.782511][ T5852] em28xx 9-1:0.0: board has no eeprom
[  688.874911][ T5852] em28xx 9-1:0.0: Identified as PCTV tripleStick (292e) (card=94)
[  688.893202][ T5852] em28xx 9-1:0.0: dvb set to bulk mode.
[  688.903703][ T8602] em28xx 9-1:0.0: Binding DVB extension
[  688.935587][ T5852] usb 9-1: USB disconnect, device number 8
[  688.959339][ T5852] em28xx 9-1:0.0: Disconnecting em28xx
[  689.085942][ T8602] em28xx 9-1:0.0: Registering input extension
[  689.095334][ T5852] em28xx 9-1:0.0: Closing input extension
[  689.172985][ T5852] em28xx 9-1:0.0: Freeing device
[  690.765081][ T5852] usb 7-1: new high-speed USB device number 16 using dummy_hcd
[  690.878922][T13787] netlink: 32 bytes leftover after parsing attributes in process `syz.3.1934'.
[  691.174205][ T5852] usb 7-1: Using ep0 maxpacket: 8
[  691.276326][ T5852] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7
[  691.921954][ T5852] usb 7-1: New USB device found, idVendor=07c0, idProduct=1512, bcdDevice=30.22
[  691.942718][ T5852] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  691.978971][ T5852] usb 7-1: config 0 descriptor??
[  692.235654][ T5852] iowarrior 7-1:0.0: IOWarrior product=0x1512, serial= interface=0 now attached to iowarrior0
[  692.466865][ T5852] usb 7-1: USB disconnect, device number 16
[  693.859425][T13817] loop8: detected capacity change from 0 to 40427
[  693.886445][T13817] F2FS-fs (loop8): Invalid SB checksum offset: 0
[  693.892842][T13817] F2FS-fs (loop8): Can't find valid F2FS filesystem in 2th superblock
[  693.926567][T13817] F2FS-fs (loop8): invalid crc value
[  694.135635][T13840] loop6: detected capacity change from 0 to 128
[  694.189188][T13817] F2FS-fs (loop8): Try to recover 2th superblock, ret: 0
[  694.208537][T13817] F2FS-fs (loop8): Mounted with checkpoint version = 48b305e5
[  694.923332][T10540] syz-executor: attempt to access beyond end of device
[  694.923332][T10540] loop8: rw=2049, sector=45096, nr_sectors = 8 limit=40427
[  694.957292][T10540] F2FS-fs (loop8): Stopped filesystem due to reason: 3
[  695.267811][T13858] netlink: 24 bytes leftover after parsing attributes in process `syz.1.1962'.
[  696.034889][ T5814] usb 9-1: new high-speed USB device number 9 using dummy_hcd
[  696.225041][ T5814] usb 9-1: Using ep0 maxpacket: 32
[  696.254969][ T5814] usb 9-1: New USB device found, idVendor=0fd9, idProduct=0025, bcdDevice=29.40
[  696.264565][ T5814] usb 9-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  696.297213][ T5814] usb 9-1: config 0 descriptor??
[  696.510084][ T5814] dvb-usb: found a 'Elgato EyeTV Sat' in warm state.
[  696.541433][ T5814] dvb-usb: will pass the complete MPEG2 transport stream to the software demuxer.
[  696.575730][ T5814] dvbdev: DVB: registering new adapter (Elgato EyeTV Sat)
[  696.583644][ T5814] usb 9-1: media controller created
[  696.669531][ T5814] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered.
[  696.790839][ T5814] az6027: usb out operation failed. (-71)
[  696.820878][ T5814] az6027: usb out operation failed. (-71)
[  696.835887][ T5814] stb0899_attach: Driver disabled by Kconfig
[  696.841930][ T5814] az6027: no front-end attached
[  696.841930][ T5814] 
[  696.882332][ T5814] az6027: usb out operation failed. (-71)
[  696.894832][ T5814] dvb-usb: no frontend was attached by 'Elgato EyeTV Sat'
[  696.907071][ T5814] input: IR-receiver inside an USB DVB receiver as /devices/platform/dummy_hcd.8/usb9/9-1/input/input12
[  696.945350][ T5814] dvb-usb: schedule remote query interval to 400 msecs.
[  696.952367][ T5814] dvb-usb: Elgato EyeTV Sat successfully initialized and connected.
[  697.039254][ T5814] usb 9-1: USB disconnect, device number 9
[  697.206769][ T5814] dvb-usb: Elgato EyeTV Sat successfully deinitialized and disconnected.
[  697.874885][ T5814] usb 9-1: new high-speed USB device number 10 using dummy_hcd
[  698.084912][ T5814] usb 9-1: Using ep0 maxpacket: 8
[  698.093080][ T5814] usb 9-1: unable to get BOS descriptor or descriptor too short
[  698.102881][ T5814] usb 9-1: config 4 interface 0 has no altsetting 0
[  698.114117][ T5814] usb 9-1: string descriptor 0 read error: -22
[  698.121473][ T5814] usb 9-1: New USB device found, idVendor=058f, idProduct=6610, bcdDevice=48.05
[  698.145016][ T5814] usb 9-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  698.170444][ T5814] usb 9-1: dvb_usb_v2: found a 'Sigmatek DVB-110' in warm state
[  698.189664][ T5814] usb 9-1: dvb_usb_v2: will pass the complete MPEG2 transport stream to the software demuxer
[  698.233181][ T5814] dvbdev: DVB: registering new adapter (Sigmatek DVB-110)
[  698.251429][ T5814] usb 9-1: media controller created
[  698.304044][ T5814] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered.
[  698.424704][T13903] usb 9-1: dvb_usb_au6610: wlen=0, aborting
[  698.627842][ T5814] zl10353_read_register: readreg error (reg=127, ret==0)
[  698.719062][ T5814] usb 9-1: USB disconnect, device number 10
[  698.804524][T13905] loop6: detected capacity change from 0 to 32768
[  698.863711][T13905] ocfs2: Mounting device (7,6) on (node local, slot 0) with ordered data mode.
[  698.960831][ T8175] ocfs2: Unmounting device (7,6) on (node local)
[  699.029441][T13923] netlink: 8 bytes leftover after parsing attributes in process `syz.6.1991'.
[  699.039014][T13923] netlink: 4 bytes leftover after parsing attributes in process `syz.6.1991'.
[  699.201070][T13926] loop6: detected capacity change from 0 to 8
[  699.251151][T13926] SQUASHFS error: Unable to read directory block [629:fe]
[  699.965140][ T9546] usb 9-1: new low-speed USB device number 11 using dummy_hcd
[  700.158451][ T9546] usb 9-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  700.186222][ T9546] usb 9-1: config 1 has 1 interface, different from the descriptor's value: 2
[  700.205491][ T9546] usb 9-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 26984, setting to 8
[  700.218000][ T9546] usb 9-1: New USB device found, idVendor=0225, idProduct=0000, bcdDevice= 0.00
[  700.230057][ T9546] usb 9-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  700.252384][T13944] raw-gadget.0 gadget.8: fail, usb_ep_enable returned -22
[  700.280935][ T9546] hub 9-1:1.0: bad descriptor, ignoring hub
[  700.300862][ T9546] hub: probe of 9-1:1.0 failed with error -5
[  700.318497][ T9546] cdc_wdm 9-1:1.0: skipping garbage
[  700.325767][ T9546] cdc_wdm 9-1:1.0: skipping garbage
[  700.349074][ T9546] cdc_wdm 9-1:1.0: cdc-wdm0: USB WDM device
[  700.365449][ T9546] cdc_wdm 9-1:1.0: Unknown control protocol
[  700.671680][T13959] loop6: detected capacity change from 0 to 512
[  700.732977][T13959] EXT4-fs (loop6): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  700.735793][    C1] cdc_wdm 9-1:1.0: nonzero urb status received: -71
[  700.752994][    C1] cdc_wdm 9-1:1.0: wdm_int_callback - 0 bytes
[  700.770684][T13959] ext4 filesystem being mounted at /281/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  700.852594][T13959] EXT4-fs (loop6): re-mounted 00000000-0000-0000-0000-000000000000 ro.
[  700.901717][ T8175] EXT4-fs (loop6): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  700.913199][    C1] cdc_wdm 9-1:1.0: nonzero urb status received: -71
[  700.919848][    C1] cdc_wdm 9-1:1.0: wdm_int_callback - 0 bytes
[  700.943518][    C1] cdc_wdm 9-1:1.0: nonzero urb status received: -71
[  700.950390][    C1] cdc_wdm 9-1:1.0: wdm_int_callback - 0 bytes
[  700.957467][    C1] cdc_wdm 9-1:1.0: nonzero urb status received: -71
[  700.964120][    C1] cdc_wdm 9-1:1.0: wdm_int_callback - 0 bytes
[  700.972182][    C1] cdc_wdm 9-1:1.0: nonzero urb status received: -71
[  700.978916][    C1] cdc_wdm 9-1:1.0: wdm_int_callback - 0 bytes
[  700.992174][    C1] cdc_wdm 9-1:1.0: nonzero urb status received: -71
[  700.998829][    C1] cdc_wdm 9-1:1.0: wdm_int_callback - 0 bytes
[  701.005001][    C1] cdc_wdm 9-1:1.0: wdm_int_callback - usb_submit_urb failed with result -1
[  701.167971][ T9548] usb 9-1: USB disconnect, device number 11
[  701.264886][ T9546] usb 7-1: new high-speed USB device number 17 using dummy_hcd
[  701.458771][ T9546] usb 7-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  701.484872][ T9546] usb 7-1: New USB device found, idVendor=0471, idProduct=0304, bcdDevice=e4.df
[  701.493971][ T9546] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  701.520046][ T9546] usb 7-1: config 0 descriptor??
[  701.538142][ T9546] pwc: Askey VC010 type 2 USB webcam detected.
[  701.881018][T13974] af_packet: tpacket_rcv: packet too big, clamped from 108 to 4294967272. macoff=96
[  702.081271][T13976] loop8: detected capacity change from 0 to 4096
[  702.092771][T13976] ntfs: (device loop8): parse_options(): Option utf8 is no longer supported, using option nls=utf8. Please use option nls=utf8 in the future and make sure utf8 is compiled either as a module or into the kernel.
[  702.138590][T13976] ntfs: (device loop8): ntfs_mapping_pairs_decompress(): Corrupt mapping pairs array in non-resident attribute.
[  702.176481][T13976] ntfs: (device loop8): ntfs_read_block(): Failed to read from inode 0x1, attribute type 0x80, vcn 0x0, offset 0x0 because its location on disk could not be determined even after retrying (error code -5).
[  702.212640][T13976] ntfs: (device loop8): ntfs_mapping_pairs_decompress(): Corrupt mapping pairs array in non-resident attribute.
[  702.244834][T13976] ntfs: (device loop8): ntfs_read_block(): Failed to read from inode 0x1, attribute type 0x80, vcn 0x0, offset 0x800 because its location on disk could not be determined even after retrying (error code -5).
[  702.286871][T13976] ntfs: (device loop8): check_mft_mirror(): Failed to read $MFTMirr.
[  702.301514][T13976] ntfs: (device loop8): load_system_files(): $MFTMirr does not match $MFT.  Mounting read-only.  Run ntfsfix and/or chkdsk.
[  702.322469][T13976] ntfs: (device loop8): ntfs_read_locked_inode(): First extent of $DATA attribute has non zero lowest_vcn.
[  702.335356][T13976] ntfs: (device loop8): ntfs_read_locked_inode(): Failed with error code -5.  Marking corrupt inode 0xa as bad.  Run chkdsk.
[  702.352525][T13976] ntfs: (device loop8): load_and_init_upcase(): Failed to load $UpCase from the volume. Using default.
[  702.367512][ T9546] pwc: recv_control_msg error -71 req 02 val 2c00
[  702.385331][ T9546] pwc: recv_control_msg error -71 req 04 val 1000
[  702.404967][ T9546] pwc: recv_control_msg error -71 req 04 val 1300
[  702.416571][ T9546] pwc: recv_control_msg error -71 req 04 val 1400
[  702.427898][T13976] ntfs: volume version 3.1.
[  702.435736][ T9546] pwc: recv_control_msg error -71 req 02 val 2000
[  702.455582][ T9546] pwc: recv_control_msg error -71 req 02 val 2100
[  702.462528][ T9546] pwc: recv_control_msg error -71 req 04 val 1500
[  702.476542][ T9546] pwc: recv_control_msg error -71 req 02 val 2500
[  702.495188][ T9546] pwc: recv_control_msg error -71 req 02 val 2400
[  702.502247][ T9546] pwc: recv_control_msg error -71 req 02 val 2600
[  702.509169][ T9546] pwc: recv_control_msg error -71 req 02 val 2900
[  702.525263][ T9546] pwc: recv_control_msg error -71 req 02 val 2800
[  702.532401][ T9546] pwc: recv_control_msg error -71 req 04 val 1100
[  702.544961][ T9546] pwc: recv_control_msg error -71 req 04 val 1200
[  702.553281][ T9546] pwc: Registered as video103.
[  702.569338][ T9546] input: PWC snapshot button as /devices/platform/dummy_hcd.6/usb7/7-1/input/input13
[  702.609974][ T9546] usb 7-1: USB disconnect, device number 17
[  703.157968][ T9546] hid-generic 0000:0000:0000.0007: unknown main item tag 0x0
[  703.210863][ T9546] hid-generic 0000:0000:0000.0007: hidraw0: <UNKNOWN> HID v0.00 Device [syz1] on syz0
[  703.439759][T13969] Can't find ip_set type has
[  703.583886][T13994] netlink: 8 bytes leftover after parsing attributes in process `syz.3.2016'.
[  703.603679][T13994] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2016'.
[  704.866695][T14023] netlink: 2124 bytes leftover after parsing attributes in process `syz.6.2027'.
[  704.894280][T14023] netlink: 44 bytes leftover after parsing attributes in process `syz.6.2027'.
[  706.584950][ T9548] usb 7-1: new full-speed USB device number 18 using dummy_hcd
[  706.608862][T14051] netlink: 1 bytes leftover after parsing attributes in process `syz.1.2039'.
[  706.789571][ T9548] usb 7-1: config index 0 descriptor too short (expected 19492, got 36)
[  706.809354][ T9548] usb 7-1: config 0 has too many interfaces: 36, using maximum allowed: 32
[  706.829469][ T9548] usb 7-1: config 0 has 1 interface, different from the descriptor's value: 36
[  706.855018][ T9548] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 10
[  706.884318][ T9548] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  706.926350][ T9548] usb 7-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[  706.954261][ T9548] usb 7-1: New USB device found, idVendor=046d, idProduct=c225, bcdDevice= 0.00
[  707.454427][ T9548] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  707.466184][ T9548] usb 7-1: config 0 descriptor??
[  708.482932][ T9548] lg-g15 0003:046D:C225.0008: unknown main item tag 0x0
[  708.490954][ T9548] lg-g15 0003:046D:C225.0008: unknown main item tag 0x0
[  708.515357][ T9548] lg-g15 0003:046D:C225.0008: hidraw0: USB HID v1.01 Device [HID 046d:c225] on usb-dummy_hcd.6-1/input0
[  708.705973][ T5852] usb 7-1: USB disconnect, device number 18
[  710.476733][T14090] loop6: detected capacity change from 0 to 40427
[  710.509948][T14090] F2FS-fs (loop6): Invalid log blocks per segment (83886089)
[  710.564937][T14090] F2FS-fs (loop6): Can't find valid F2FS filesystem in 2th superblock
[  710.606627][T14090] F2FS-fs (loop6): invalid crc value
[  710.644063][T14090] F2FS-fs (loop6): Found nat_bits in checkpoint
[  710.775786][T14090] F2FS-fs (loop6): Start checkpoint disabled!
[  710.821904][T14090] F2FS-fs (loop6): Try to recover 2th superblock, ret: 0
[  710.842975][T14090] F2FS-fs (loop6): Mounted with checkpoint version = 48b305e6
[  710.874115][T14087] loop8: detected capacity change from 0 to 40427
[  711.055103][T14087] F2FS-fs (loop8): build fault injection attr: rate: 771, type: 0x7ffff
[  711.477204][T14087] F2FS-fs (loop8): invalid crc value
[  711.925485][T14087] F2FS-fs (loop8): Found nat_bits in checkpoint
[  712.199152][ T2960] kworker/u4:13: attempt to access beyond end of device
[  712.199152][ T2960] loop6: rw=2049, sector=40960, nr_sectors = 16 limit=40427
[  712.202464][T14087] F2FS-fs (loop8): Mounted with checkpoint version = 48b305e5
[  712.221996][ T2960] F2FS-fs (loop6): Stopped filesystem due to reason: 3
[  712.239365][ T2960] F2FS-fs (loop6): Stopped filesystem due to reason: 3
[  712.650032][T10540] syz-executor: attempt to access beyond end of device
[  712.650032][T10540] loop8: rw=2049, sector=45096, nr_sectors = 8 limit=40427
[  712.724410][T10540] F2FS-fs (loop8): Stopped filesystem due to reason: 3
[  713.216078][T14146] netlink: 2124 bytes leftover after parsing attributes in process `syz.6.2065'.
[  713.475308][T14147] netlink: 44 bytes leftover after parsing attributes in process `syz.6.2065'.
[  714.856568][T14163] kvm: kvm [14162]: vcpu1, guest rIP: 0xfff0 Unhandled WRMSR(0xc0010001) = 0xbffffffffffffffd
[  715.280164][T14183] netlink: 2124 bytes leftover after parsing attributes in process `syz.6.2084'.
[  715.294177][T14183] netlink: 44 bytes leftover after parsing attributes in process `syz.6.2084'.
[  716.020691][T14209] loop8: detected capacity change from 0 to 512
[  716.104071][T14209] EXT4-fs (loop8): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  716.125567][T14209] ext4 filesystem being mounted at /177/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  716.253733][T14209] EXT4-fs error (device loop8): ext4_mb_generate_buddy:1231: group 0, block bitmap and bg descriptor inconsistent: 96 vs 65376 free clusters
[  716.332235][T10540] EXT4-fs (loop8): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  716.347347][T14223] netlink: 2124 bytes leftover after parsing attributes in process `syz.6.2097'.
[  716.374702][T14223] netlink: 44 bytes leftover after parsing attributes in process `syz.6.2097'.
[  717.283800][ T9546] usb 9-1: new high-speed USB device number 12 using dummy_hcd
[  717.475210][ T9546] usb 9-1: Using ep0 maxpacket: 16
[  717.489622][ T9546] usb 9-1: New USB device found, idVendor=05d1, idProduct=2001, bcdDevice= 9.00
[  717.511520][ T9546] usb 9-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  717.530193][ T9546] usb 9-1: Product: syz
[  717.536141][ T9546] usb 9-1: Manufacturer: syz
[  717.541105][ T9546] usb 9-1: SerialNumber: syz
[  717.556702][ T9546] usb 9-1: config 0 descriptor??
[  717.571189][ T9546] ftdi_sio 9-1:0.0: FTDI USB Serial Device converter detected
[  717.587628][ T9546] usb 9-1: Detected FT232H
[  717.797849][ T9546] ftdi_sio ttyUSB0: Unable to read latency timer: -32
[  717.950965][T14280] netlink: 8 bytes leftover after parsing attributes in process `syz.6.2119'.
[  717.971788][T14280] netlink: 8 bytes leftover after parsing attributes in process `syz.6.2119'.
[  718.268122][ T9546] usb 9-1: FTDI USB Serial Device converter now attached to ttyUSB0
[  718.311386][T14291] kvm: user requested TSC rate below hardware speed
[  718.326822][T14291] kvm: vcpu 2: requested lapic timer restore with starting count register 0x390=4049079360 (8098158720 ns) > initial count (4986859780 ns). Using initial count to start timer.
[  718.495090][ T8606] usb 9-1: USB disconnect, device number 12
[  718.519538][ T8606] ftdi_sio ttyUSB0: FTDI USB Serial Device converter now disconnected from ttyUSB0
[  718.530151][ T8606] ftdi_sio 9-1:0.0: device disconnected
[  720.836667][T14352] netlink: 56 bytes leftover after parsing attributes in process `syz.1.2147'.
[  721.460060][   T28] kauditd_printk_skb: 10 callbacks suppressed
[  721.460077][   T28] audit: type=1326 audit(1770307413.036:131): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14365 comm="syz.8.2151" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f879c19aeb9 code=0x0
[  722.985127][ T5852] usb 9-1: new high-speed USB device number 13 using dummy_hcd
[  723.255045][ T5852] usb 9-1: Using ep0 maxpacket: 8
[  723.397882][ T5852] usb 9-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid maxpacket 56832, setting to 1024
[  723.465254][ T5852] usb 9-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 1024
[  723.525446][ T5852] usb 9-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32
[  723.557003][ T5852] usb 9-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  723.608987][ T5852] usb 9-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23
[  723.666159][ T5852] usb 9-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  724.000880][T14426] netlink: 12 bytes leftover after parsing attributes in process `syz.6.2170'.
[  724.109213][ T5852] usb 9-1: usb_control_msg returned -32
[  724.123728][ T5852] usbtmc 9-1:16.0: can't read capabilities
[  724.600868][    C1] usbtmc 9-1:16.0: usbtmc_write_bulk_cb - nonzero write bulk status received: -71
[  725.702638][ T9548] usb 9-1: USB disconnect, device number 13
[  726.942401][T14486] loop6: detected capacity change from 0 to 164
[  727.004601][T13250] I/O error, dev loop6, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2
[  727.179959][T14495] loop6: detected capacity change from 0 to 256
[  727.197082][T14495] FAT-fs (loop6): Volume was not properly unmounted. Some data may be corrupt. Please run fsck.
[  727.382862][T14502] netlink: 'syz.6.2196': attribute type 1 has an invalid length.
[  727.442989][T14506] netdevsim netdevsim6 netdevsim0: set [1, 1] type 2 family 0 port 20004 - 0
[  727.452958][T14506] netdevsim netdevsim6 netdevsim1: set [1, 1] type 2 family 0 port 20004 - 0
[  727.462846][T14506] netdevsim netdevsim6 netdevsim2: set [1, 1] type 2 family 0 port 20004 - 0
[  727.475106][T14506] netdevsim netdevsim6 netdevsim3: set [1, 1] type 2 family 0 port 20004 - 0
[  727.503521][T14506] bond3: (slave geneve3): making interface the new active one
[  727.514240][T14506] bond3: (slave geneve3): Enslaving as an active interface with an up link
[  727.524473][T14508] overlayfs: failed to clone lowerpath
[  728.100688][T14529] overlayfs: failed to clone upperpath
[  728.721786][T14552] netlink: 2124 bytes leftover after parsing attributes in process `syz.3.2214'.
[  728.758689][T14552] netlink: 44 bytes leftover after parsing attributes in process `syz.3.2214'.
[  729.925693][ T9548] usb 9-1: new high-speed USB device number 14 using dummy_hcd
[  730.105670][ T9548] usb 9-1: Using ep0 maxpacket: 32
[  730.131151][ T9548] usb 9-1: config 0 interface 0 has no altsetting 0
[  730.145318][ T9548] usb 9-1: New USB device found, idVendor=1b1c, idProduct=0c10, bcdDevice= 0.00
[  730.164795][ T9548] usb 9-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  730.185414][ T9548] usb 9-1: config 0 descriptor??
[  730.639650][ T9548] corsair-cpro 0003:1B1C:0C10.0009: hidraw0: USB HID v4.06 Device [HID 1b1c:0c10] on usb-dummy_hcd.8-1/input0
[  730.707647][T14590] netlink: 2124 bytes leftover after parsing attributes in process `syz.1.2227'.
[  730.733135][T14590] netlink: 44 bytes leftover after parsing attributes in process `syz.1.2227'.
[  731.221381][ T9548] corsair-cpro: probe of 0003:1B1C:0C10.0009 failed with error -71
[  731.264539][ T9548] usb 9-1: USB disconnect, device number 14
[  732.394921][    C0] ip6_tunnel: ip6gretap0 xmit: Local address not yet configured!
[  732.419224][T14632] overlayfs: failed to clone upperpath
[  732.755999][   T28] audit: type=1326 audit(1770307424.346:132): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14638 comm="syz.3.2247" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f8b06b9aeb9 code=0x0
[  735.244877][ T9548] usb 9-1: new high-speed USB device number 15 using dummy_hcd
[  735.465122][ T9548] usb 9-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  735.484778][ T9548] usb 9-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  735.504868][ T9548] usb 9-1: New USB device found, idVendor=056a, idProduct=00ec, bcdDevice= 0.00
[  735.514000][ T9548] usb 9-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  735.543621][ T9548] usb 9-1: config 0 descriptor??
[  735.857259][ T9548] usbhid 9-1:0.0: can't add hid device: -71
[  735.863314][ T9548] usbhid: probe of 9-1:0.0 failed with error -71
[  735.916990][ T9548] usb 9-1: USB disconnect, device number 15
[  736.330932][T14686] ptrace attach of "./syz-executor exec"[5770] was attempted by "./syz-executor exec"[14686]
[  736.471878][T14689] loop6: detected capacity change from 0 to 512
[  736.499028][T14689] EXT4-fs warning (device loop6): dx_probe:878: Directory (ino: 2) htree depth 0x0002 exceedsupported value
[  736.511869][T14689] EXT4-fs warning (device loop6): dx_probe:881: Enable large directory feature to access it
[  736.522519][T14689] EXT4-fs warning (device loop6): dx_probe:966: inode #2: comm syz.6.2266: Corrupt directory, running e2fsck is recommended
[  736.543085][T14689] EXT4-fs (loop6): Cannot turn on journaled quota: type 1: error -117
[  736.552477][T14689] EXT4-fs error (device loop6): ext4_iget_extra_inode:4732: inode #15: comm syz.6.2266: corrupted in-inode xattr: e_name out of bounds
[  736.575124][T14689] EXT4-fs error (device loop6): ext4_orphan_get:1403: comm syz.6.2266: couldn't read orphan inode 15 (err -117)
[  736.604570][T14689] EXT4-fs (loop6): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  736.642163][T14689] EXT4-fs warning (device loop6): dx_probe:878: Directory (ino: 2) htree depth 0x0002 exceedsupported value
[  736.655250][T14689] EXT4-fs warning (device loop6): dx_probe:881: Enable large directory feature to access it
[  736.665979][T14689] EXT4-fs warning (device loop6): dx_probe:966: inode #2: comm syz.6.2266: Corrupt directory, running e2fsck is recommended
[  736.703830][T14689] EXT4-fs warning (device loop6): dx_probe:878: Directory (ino: 2) htree depth 0x0002 exceedsupported value
[  736.728432][T14689] EXT4-fs warning (device loop6): dx_probe:881: Enable large directory feature to access it
[  736.742297][T14689] EXT4-fs warning (device loop6): dx_probe:966: inode #2: comm syz.6.2266: Corrupt directory, running e2fsck is recommended
[  736.765738][T14696] EXT4-fs warning (device loop6): dx_probe:878: Directory (ino: 2) htree depth 0x0002 exceedsupported value
[  736.793096][T14696] EXT4-fs warning (device loop6): dx_probe:881: Enable large directory feature to access it
[  736.834338][T14696] EXT4-fs warning (device loop6): dx_probe:966: inode #2: comm syz.6.2266: Corrupt directory, running e2fsck is recommended
[  736.859993][T14689] EXT4-fs warning (device loop6): dx_probe:878: Directory (ino: 2) htree depth 0x0002 exceedsupported value
[  736.922491][T14689] EXT4-fs error (device loop6): ext4_readdir:263: inode #2: block 3: comm syz.6.2266: path /332/file0: bad entry in directory: rec_len % 4 != 0 - offset=0, inode=4294967295, rec_len=17, size=1024 fake=0
[  736.997423][T14689] EXT4-fs error (device loop6): ext4_readdir:263: inode #2: block 22: comm syz.6.2266: path /332/file0: bad entry in directory: rec_len % 4 != 0 - offset=0, inode=0, rec_len=65535, size=1024 fake=0
[  737.045220][T14689] EXT4-fs error (device loop6): ext4_readdir:263: inode #2: block 8: comm syz.6.2266: path /332/file0: bad entry in directory: inode out of bounds - offset=0, inode=16810477, rec_len=1024, size=1024 fake=0
[  737.151225][ T8175] EXT4-fs (loop6): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  737.415338][T14699] loop6: detected capacity change from 0 to 8192
[  737.442228][T14699] REISERFS warning:  read_super_block: reiserfs filesystem is deprecated and scheduled to be removed from the kernel in 2025
[  737.517711][T14699] REISERFS (device loop6): found reiserfs format "3.5" with non-standard journal
[  737.565174][T14699] REISERFS (device loop6): using ordered data mode
[  737.572537][T14699] reiserfs: using flush barriers
[  737.639642][T14699] REISERFS (device loop6): journal params: device loop6, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30
[  737.698654][T14699] REISERFS (device loop6): checking transaction log (loop6)
[  737.752123][T14699] REISERFS (device loop6): Using r5 hash to sort names
[  737.781559][T14699] REISERFS (device loop6): Created .reiserfs_priv - reserved for xattr storage.
[  737.790110][T14709] loop8: detected capacity change from 0 to 1024
[  737.867754][T14709] EXT4-fs (loop8): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  737.902433][T14709] EXT4-fs error (device loop8): ext4_generic_delete_entry:2729: inode #12: block 7: comm syz.8.2272: bad entry in directory: inode out of bounds - offset=0, inode=150994957, rec_len=16, size=56 fake=0
[  737.921652][T14699] REISERFS warning: reiserfs-5093 is_leaf: item entry count seems wrong *3.5*[2 3 0(1) DIR], item_len 35, item_location 3257, free_space(entry_count) 2
[  737.945267][T14709] EXT4-fs (loop8): Remounting filesystem read-only
[  737.995795][T14699] REISERFS error (device loop6): vs-5150 search_by_key: invalid format found in block 540. Fsck?
[  738.025270][T14699] REISERFS (device loop6): Remounting filesystem read-only
[  738.055373][T14699] REISERFS error (device loop6): vs-13050 reiserfs_update_sd_size: i/o failure occurred trying to update [2 3 0x0 SD] stat data
[  738.130410][T10540] EXT4-fs (loop8): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  738.430065][T14726] loop6: detected capacity change from 0 to 64
[  740.051160][T14739] netlink: 32 bytes leftover after parsing attributes in process `syz.6.2283'.
[  740.064443][T14739] netlink: 32 bytes leftover after parsing attributes in process `syz.6.2283'.
[  740.412564][T14748] overlayfs: failed to clone upperpath
[  740.455598][ T8606] usb 7-1: new high-speed USB device number 19 using dummy_hcd
[  740.632807][   T49] netdevsim netdevsim8 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  740.654950][ T8606] usb 7-1: Using ep0 maxpacket: 8
[  740.667769][ T8606] usb 7-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  740.711811][ T8606] usb 7-1: New USB device found, idVendor=06cb, idProduct=0003, bcdDevice= 0.00
[  740.722757][ T8606] usb 7-1: New USB device strings: Mfr=0, Product=234, SerialNumber=34
[  740.731721][ T8606] usb 7-1: Product: syz
[  740.737441][ T8606] usb 7-1: SerialNumber: syz
[  740.761793][ T8606] usb 7-1: config 0 descriptor??
[  740.784622][ T8606] usb 7-1: selecting invalid altsetting 1
[  740.797755][ T8606] usb 7-1: Can not set alternate setting to 1, error: -22
[  740.837114][ T8606] synaptics_usb: probe of 7-1:0.0 failed with error -22
[  740.878894][   T49] netdevsim netdevsim8 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  741.120092][   T49] netdevsim netdevsim8 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  741.288591][   T49] netdevsim netdevsim8 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  741.430642][ T5774] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[  741.445773][ T5774] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[  741.458203][ T5774] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[  741.479129][ T5774] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[  741.489740][ T5774] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3
[  741.501555][ T5774] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[  741.557393][ T9548] usb 7-1: USB disconnect, device number 19
[  741.746510][T14787] netlink: 2124 bytes leftover after parsing attributes in process `syz.3.2302'.
[  741.767893][T14787] netlink: 44 bytes leftover after parsing attributes in process `syz.3.2302'.
[  742.014918][ T9548] usb 7-1: new high-speed USB device number 20 using dummy_hcd
[  742.199544][T14797] overlayfs: failed to clone upperpath
[  742.212703][T14776] chnl_net:caif_netlink_parms(): no params data found
[  742.225367][ T9548] usb 7-1: Using ep0 maxpacket: 32
[  742.234633][ T9548] usb 7-1: New USB device found, idVendor=05a9, idProduct=1550, bcdDevice=e4.bb
[  742.252073][ T9548] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  742.274772][ T9548] usb 7-1: Product: syz
[  742.280826][ T9548] usb 7-1: Manufacturer: syz
[  742.295010][ T9548] usb 7-1: SerialNumber: syz
[  742.310236][ T9548] usb 7-1: config 0 descriptor??
[  742.328079][ T9548] gspca_main: ov534_9-2.14.0 probing 05a9:1550
[  742.362485][T14802] overlayfs: failed to clone upperpath
[  742.478923][T14776] bridge0: port 1(bridge_slave_0) entered blocking state
[  742.487185][T14776] bridge0: port 1(bridge_slave_0) entered disabled state
[  742.494639][T14776] bridge_slave_0: entered allmulticast mode
[  742.503051][T14776] bridge_slave_0: entered promiscuous mode
[  742.520802][T14776] bridge0: port 2(bridge_slave_1) entered blocking state
[  742.528566][T14776] bridge0: port 2(bridge_slave_1) entered disabled state
[  742.543982][T14776] bridge_slave_1: entered allmulticast mode
[  742.552570][T14776] bridge_slave_1: entered promiscuous mode
[  742.781439][T14817] netlink: 2124 bytes leftover after parsing attributes in process `syz.3.2312'.
[  742.789059][T14776] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  742.797574][T14817] netlink: 44 bytes leftover after parsing attributes in process `syz.3.2312'.
[  742.806858][T14776] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  742.878848][T14776] team0: Port device team_slave_0 added
[  742.890298][T14776] team0: Port device team_slave_1 added
[  742.928635][T14776] batman_adv: batadv0: Adding interface: batadv_slave_0
[  742.935728][T14776] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  742.967534][T14776] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  742.982064][T14776] batman_adv: batadv0: Adding interface: batadv_slave_1
[  742.994642][T14776] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  743.027971][T14776] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  743.120143][T14776] hsr_slave_0: entered promiscuous mode
[  743.128472][T14776] hsr_slave_1: entered promiscuous mode
[  743.137899][T14776] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  743.145695][T14776] Cannot create hsr debugfs directory
[  743.258894][T14822] overlayfs: failed to clone upperpath
[  743.600685][T14776] netdevsim netdevsim9 netdevsim0: renamed from eth0
[  743.619929][T14776] netdevsim netdevsim9 netdevsim1: renamed from eth1
[  743.640186][T14776] netdevsim netdevsim9 netdevsim2: renamed from eth2
[  743.669768][T14776] netdevsim netdevsim9 netdevsim3: renamed from eth3
[  743.677495][ T5776] Bluetooth: hci0: command tx timeout
[  743.721917][T14828] netlink: 88 bytes leftover after parsing attributes in process `syz.3.2318'.
[  743.773943][ T9548] gspca_ov534_9: reg_r err -71
[  743.862526][T14776] 8021q: adding VLAN 0 to HW filter on device bond0
[  743.897418][T14776] 8021q: adding VLAN 0 to HW filter on device team0
[  743.914090][ T1141] bridge0: port 1(bridge_slave_0) entered blocking state
[  743.922156][ T1141] bridge0: port 1(bridge_slave_0) entered forwarding state
[  743.947757][  T133] bridge0: port 2(bridge_slave_1) entered blocking state
[  743.954981][  T133] bridge0: port 2(bridge_slave_1) entered forwarding state
[  743.959814][T14841] 9pnet_fd: Insufficient options for proto=fd
[  744.134923][ T9548] gspca_ov534_9: Unknown sensor 0000
[  744.135013][ T9548] ov534_9: probe of 7-1:0.0 failed with error -22
[  744.164411][ T9548] usb 7-1: USB disconnect, device number 20
[  744.261925][T14776] 8021q: adding VLAN 0 to HW filter on device batadv0
[  744.721949][T14862] loop6: detected capacity change from 0 to 1024
[  744.736138][T14862] EXT4-fs: inline encryption not supported
[  744.748455][T14862] EXT4-fs (loop6): ext4_check_descriptors: Inode table for group 0 overlaps block group descriptors
[  744.759683][T14862] EXT4-fs (loop6): ext4_check_descriptors: Checksum for group 0 failed (6416!=35945)
[  744.769835][T14862] EXT4-fs (loop6): stripe (65535) is not aligned with cluster size (4096), stripe is disabled
[  744.803199][T14862] EXT4-fs (loop6): can't mount with journal_async_commit, fs mounted w/o journal
[  745.027510][   T49] tipc: Left network mode
[  745.047095][T14776] veth0_vlan: entered promiscuous mode
[  745.078942][T14776] veth1_vlan: entered promiscuous mode
[  745.755143][ T5776] Bluetooth: hci0: command tx timeout
[  746.737429][T14776] veth0_macvtap: entered promiscuous mode
[  746.908300][T14776] veth1_macvtap: entered promiscuous mode
[  746.933894][T14906] mac80211_hwsim hwsim14 wlan0: entered allmulticast mode
[  746.976584][T14906] bond2: (slave wlan0): dev_set_mac_address on slave failed! ALB mode requires that the base driver support setting the hw address also when the network device's interface is open
[  747.338636][T14776] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  747.369362][T14776] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  747.396704][T14776] batman_adv: batadv0: Interface activated: batadv_slave_0
[  747.590054][T14776] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  747.622751][T14776] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  747.647273][T14776] batman_adv: batadv0: Interface activated: batadv_slave_1
[  747.767647][ T1280] ieee802154 phy0 wpan0: encryption failed: -22
[  747.774024][ T1280] ieee802154 phy1 wpan1: encryption failed: -22
[  747.796336][T14776] netdevsim netdevsim9 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  747.806058][T14776] netdevsim netdevsim9 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  747.815662][T14776] netdevsim netdevsim9 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  747.824408][T14776] netdevsim netdevsim9 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  747.836740][ T5776] Bluetooth: hci0: command tx timeout
[  747.948428][T14923] netlink: 12 bytes leftover after parsing attributes in process `syz.6.2342'.
[  748.167706][T14927] loop6: detected capacity change from 0 to 256
[  748.175808][T14927] exfat: Deprecated parameter 'namecase'
[  748.189432][T14927] exfat: Deprecated parameter 'namecase'
[  748.320547][T14927] exFAT-fs (loop6): failed to load upcase table (idx : 0x00010000, chksum : 0xbc8dc3cd, utbl_chksum : 0xe619d30d)
[  748.412795][T14927] syz.6.2343: attempt to access beyond end of device
[  748.412795][T14927] loop6: rw=524288, sector=34225520824, nr_sectors = 1 limit=256
[  748.442360][T14927] syz.6.2343: attempt to access beyond end of device
[  748.442360][T14927] loop6: rw=0, sector=34225520824, nr_sectors = 1 limit=256
[  748.481469][   T28] audit: type=1800 audit(1770307440.066:133): pid=14927 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.6.2343" name="file1" dev="loop6" ino=1048633 res=0 errno=0
[  748.590579][T14927] syz.6.2343: attempt to access beyond end of device
[  748.590579][T14927] loop6: rw=0, sector=34225520824, nr_sectors = 1 limit=256
[  748.873969][   T12] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  748.892462][   T12] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  749.075987][ T1301] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  749.110744][ T1301] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  749.272388][   T49] hsr_slave_0: left promiscuous mode
[  749.297388][   T49] hsr_slave_1: left promiscuous mode
[  749.359008][   T49] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  749.379000][   T49] batman_adv: batadv0: Removing interface: batadv_slave_0
[  749.425693][   T49] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  749.448480][   T49] batman_adv: batadv0: Removing interface: batadv_slave_1
[  749.478033][   T49] bridge_slave_1: left allmulticast mode
[  749.483908][   T49] bridge_slave_1: left promiscuous mode
[  749.504303][   T49] bridge0: port 2(bridge_slave_1) entered disabled state
[  749.523223][   T49] bridge_slave_0: left allmulticast mode
[  749.534026][   T49] bridge_slave_0: left promiscuous mode
[  749.549202][   T49] bridge0: port 1(bridge_slave_0) entered disabled state
[  749.655355][   T49] batadv_slave_1: left promiscuous mode
[  749.662208][   T49] veth1_macvtap: left promiscuous mode
[  749.670420][   T49] veth0_macvtap: left promiscuous mode
[  749.685549][   T49] veth1_vlan: left promiscuous mode
[  749.691027][   T49] veth0_vlan: left promiscuous mode
[  749.915941][ T5776] Bluetooth: hci0: command tx timeout
[  751.315856][   T49] team0 (unregistering): Port device team_slave_1 removed
[  751.438901][   T49] team0 (unregistering): Port device team_slave_0 removed
[  751.549496][   T49] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  751.678963][   T49] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  752.306545][   T49] bond0 (unregistering): Released all slaves
[  752.609453][T14994] loop9: detected capacity change from 0 to 256
[  752.742800][T14994] exFAT-fs (loop9): failed to load upcase table (idx : 0x0000fd4f, chksum : 0x3963664b, utbl_chksum : 0xe619d30d)
[  754.133379][   T49] IPVS: stop unused estimator thread 0...
[  755.457166][T15084] kvm: vcpu 2: requested lapic timer restore with starting count register 0x390=198462431 (396924862 ns) > initial count (148514 ns). Using initial count to start timer.
[  756.336056][T15107] netlink: 2124 bytes leftover after parsing attributes in process `syz.1.2387'.
[  756.355640][T15107] netlink: 44 bytes leftover after parsing attributes in process `syz.1.2387'.
[  757.059936][T15132] overlayfs: failed to resolve './cgroup': -2
[  758.709923][T15174] netlink: 2124 bytes leftover after parsing attributes in process `syz.6.2404'.
[  758.743846][T15174] netlink: 44 bytes leftover after parsing attributes in process `syz.6.2404'.
[  759.907524][   T28] audit: type=1326 audit(1770307451.496:134): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15193 comm="syz.9.2409" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc9af59aeb9 code=0x7ffc0000
[  759.995098][   T28] audit: type=1326 audit(1770307451.496:135): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15193 comm="syz.9.2409" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc9af59aeb9 code=0x7ffc0000
[  760.034793][   T28] audit: type=1326 audit(1770307451.496:136): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15193 comm="syz.9.2409" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc9af59aeb9 code=0x7ffc0000
[  760.142451][   T28] audit: type=1326 audit(1770307451.496:137): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15193 comm="syz.9.2409" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc9af59aeb9 code=0x7ffc0000
[  760.501930][   T28] audit: type=1326 audit(1770307451.526:138): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15193 comm="syz.9.2409" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc9af59aeb9 code=0x7ffc0000
[  760.907712][   T28] audit: type=1326 audit(1770307451.526:139): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15193 comm="syz.9.2409" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7fc9af59aeb9 code=0x7ffc0000
[  760.981083][   T28] audit: type=1326 audit(1770307451.526:140): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15193 comm="syz.9.2409" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc9af59aeb9 code=0x7ffc0000
[  761.065761][   T28] audit: type=1326 audit(1770307451.526:141): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15193 comm="syz.9.2409" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc9af59aeb9 code=0x7ffc0000
[  761.146429][   T28] audit: type=1326 audit(1770307451.526:142): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15193 comm="syz.9.2409" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc9af59aeb9 code=0x7ffc0000
[  761.246875][   T28] audit: type=1326 audit(1770307451.526:143): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15193 comm="syz.9.2409" exe="/root/syz-executor" sig=0 arch=c000003e syscall=9 compat=0 ip=0x7fc9af59aeb9 code=0x7ffc0000
[  761.440166][T15218] overlayfs: failed to clone upperpath
[  761.666305][T15223] netlink: 2124 bytes leftover after parsing attributes in process `syz.3.2416'.
[  761.693435][T15223] netlink: 44 bytes leftover after parsing attributes in process `syz.3.2416'.
[  762.374357][T15216] loop6: detected capacity change from 0 to 32768
[  762.467260][T15216] XFS (loop6): Mounting V5 Filesystem 986211a9-7d00-4ebf-a576-e3de63fa2cbd
[  762.623010][T15216] XFS (loop6): Ending clean mount
[  763.291329][T15272] syzkaller1: entered promiscuous mode
[  763.317470][T15272] syzkaller1: entered allmulticast mode
[  763.709551][ T8175] XFS (loop6): Unmounting Filesystem 986211a9-7d00-4ebf-a576-e3de63fa2cbd
[  763.745859][T15284] loop9: detected capacity change from 0 to 512
[  763.998810][T15293] lo: entered allmulticast mode
[  764.030613][T15291] lo: left allmulticast mode
[  764.529746][T15307] bridge0: port 3(syz_tun) entered blocking state
[  764.543538][T15307] bridge0: port 3(syz_tun) entered disabled state
[  764.559057][T15307] syz_tun: entered allmulticast mode
[  764.579491][T15307] syz_tun: left allmulticast mode
[  764.612920][T15305] bond1: (slave ip6gretap1): Enslaving as an active interface with an up link
[  765.844019][T15338] netlink: 7 bytes leftover after parsing attributes in process `syz.3.2446'.
[  766.258689][T15354] netlink: 'syz.6.2452': attribute type 4 has an invalid length.
[  766.472847][T15361] md2: using deprecated bitmap file support
[  766.496765][T15361] md2: error: bitmap file must be a regular file
[  766.833267][T15376] overlayfs: failed to clone upperpath
[  766.848770][T15376] overlayfs: failed to clone upperpath
[  767.331716][T15392] syzkaller0: entered promiscuous mode
[  769.658213][T15463] loop6: detected capacity change from 0 to 128
[  769.700694][T15463] EXT4-fs (loop6): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none.
[  769.728894][T15463] ext4 filesystem being mounted at /385/mnt supports timestamps until 2038-01-19 (0x7fffffff)
[  770.019836][T15463] fscrypt: Adiantum using implementation "adiantum(xchacha12-simd,aes-aesni,nhpoly1305-avx2)"
[  770.100464][ T8175] EXT4-fs (loop6): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09.
[  771.916954][T15518] loop9: detected capacity change from 0 to 2048
[  772.023325][T15518] EXT4-fs (loop9): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  772.171006][T15518] EXT4-fs error (device loop9): ext4_mb_generate_buddy:1231: group 0, block bitmap and bg descriptor inconsistent: 0 vs 150994969 free clusters
[  772.204583][T15518] EXT4-fs (loop9): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 80 with error 28
[  772.238244][T15518] EXT4-fs (loop9): This should not happen!! Data will be lost
[  772.238244][T15518] 
[  772.261471][T15518] EXT4-fs (loop9): Total free blocks count 0
[  772.268044][T15518] EXT4-fs (loop9): Free/Dirty block details
[  772.274494][T15518] EXT4-fs (loop9): free_blocks=2415919504
[  772.281597][T15518] EXT4-fs (loop9): dirty_blocks=96
[  772.287887][T15518] EXT4-fs (loop9): Block reservation details
[  772.295224][T15518] EXT4-fs (loop9): i_reserved_data_blocks=6
[  772.435632][T11543] EXT4-fs (loop9): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 2 with error 28
[  772.599973][T15531] netlink: 8 bytes leftover after parsing attributes in process `syz.3.2509'.
[  772.672348][T15536] netlink: 16 bytes leftover after parsing attributes in process `syz.3.2509'.
[  772.987848][T15542] kernel profiling enabled (shift: 63)
[  773.004892][T15542] profiling shift: 63 too large
[  773.764957][   T27] usb 7-1: new high-speed USB device number 21 using dummy_hcd
[  773.974773][   T27] usb 7-1: Using ep0 maxpacket: 16
[  773.989867][   T27] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x84 has invalid wMaxPacketSize 0
[  774.018066][   T27] usb 7-1: New USB device found, idVendor=2040, idProduct=0264, bcdDevice=4e.d1
[  774.033930][   T27] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  774.058423][   T27] usb 7-1: Product: syz
[  774.071219][   T27] usb 7-1: Manufacturer: syz
[  774.087298][   T27] usb 7-1: SerialNumber: syz
[  774.105946][   T27] usb 7-1: config 0 descriptor??
[  774.126603][   T27] em28xx 7-1:0.0: New device syz syz @ 480 Mbps (2040:0264, interface 0, class 0)
[  774.152718][   T27] em28xx 7-1:0.0: DVB interface 0 found: bulk
[  774.471340][T15568] bond1: entered promiscuous mode
[  774.511270][T15572] macvlan2: entered promiscuous mode
[  774.569234][T15572] macvlan2: entered allmulticast mode
[  774.592421][T15572] bond1: (slave macvlan2): Opening slave failed
[  774.735736][   T27] em28xx 7-1:0.0: unknown em28xx chip ID (0)
[  775.197760][   T27] em28xx 7-1:0.0: reading from i2c device at 0xa0 failed (error=-5)
[  775.225005][   T27] em28xx 7-1:0.0: board has no eeprom
[  775.525361][   T27] em28xx 7-1:0.0: Identified as PCTV tripleStick (292e) (card=94)
[  775.533341][   T27] em28xx 7-1:0.0: dvb set to bulk mode.
[  775.562374][ T8603] em28xx 7-1:0.0: Binding DVB extension
[  775.585075][   T27] usb 7-1: USB disconnect, device number 21
[  775.592486][   T27] em28xx 7-1:0.0: Disconnecting em28xx
[  775.684813][ T8603] em28xx 7-1:0.0: Registering input extension
[  775.698377][   T27] em28xx 7-1:0.0: Closing input extension
[  775.728700][   T27] em28xx 7-1:0.0: Freeing device
[  776.102980][T15624] binder: 15623:15624 ioctl c0306201 0 returned -14
[  777.619075][T15682] overlayfs: failed to clone upperpath
[  778.317692][T15704] netlink: 2124 bytes leftover after parsing attributes in process `syz.3.2545'.
[  778.700763][T15719] loop6: detected capacity change from 0 to 128
[  778.822608][ T5852] Process accounting resumed
[  778.832761][ T5852] FAT-fs (loop6): error, corrupted file size (i_pos 548, 512)
[  778.842955][ T5852] FAT-fs (loop6): Filesystem has been set read-only
[  779.776124][T15755] netlink: 2124 bytes leftover after parsing attributes in process `syz.1.2558'.
[  781.928878][T15837] overlayfs: failed to clone upperpath
[  782.167846][T15850] block device autoloading is deprecated and will be removed.
[  782.375545][T15845] md: could not open device unknown-block(0,0).
[  782.383393][T15845] md: md_import_device returned -6
[  782.389735][T15850] md: superblock version 12389 not known
[  782.398638][T15850] md: couldn't set array info. -22
[  783.780083][T15878] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state.
[  783.900225][T15890] overlayfs: failed to clone upperpath
[  785.292537][T15927] netlink: 4 bytes leftover after parsing attributes in process `syz.6.2606'.
[  787.155815][T15952] netlink: 'syz.1.2612': attribute type 1 has an invalid length.
[  787.202505][T15952] bond6: entered promiscuous mode
[  787.213198][T15952] 8021q: adding VLAN 0 to HW filter on device bond6
[  787.292726][T15963] 8021q: adding VLAN 0 to HW filter on device bond6
[  787.320795][T15963] bond6: (slave ip6gre1): The slave device specified does not support setting the MAC address
[  787.332440][T15963] bond6: (slave ip6gre1): Setting fail_over_mac to active for active-backup mode
[  787.346171][T15963] bond6: (slave ip6gre1): making interface the new active one
[  787.354622][T15963] ip6gre1: entered promiscuous mode
[  787.362235][T15963] bond6: (slave ip6gre1): Enslaving as an active interface with an up link
[  787.457170][T15952] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2612'.
[  787.646674][T15975] loop9: detected capacity change from 0 to 128
[  787.707339][T15975] EXT4-fs (loop9): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none.
[  787.730479][T15975] ext4 filesystem being mounted at /50/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa supports timestamps until 2038-01-19 (0x7fffffff)
[  787.773660][T15975] syz.9.2620 (pid 15975) is setting deprecated v1 encryption policy; recommend upgrading to v2.
[  787.801558][T15975] fscrypt: key with description 'fscrypt:0000111122223333' has invalid payload
[  787.880970][T14776] EXT4-fs (loop9): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09.
[  788.023289][T15979] loop9: detected capacity change from 0 to 512
[  788.042472][T15979] EXT4-fs (loop9): encrypted files will use data=ordered instead of data journaling mode
[  788.058546][T15952] bond6 (unregistering): (slave ip6gre1): Releasing backup interface
[  788.068152][T15952] ip6gre1: left promiscuous mode
[  788.084372][T15952] bond6 (unregistering): Released all slaves
[  788.090705][T15979] EXT4-fs error (device loop9): ext4_iget_extra_inode:4732: inode #17: comm syz.9.2621: corrupted in-inode xattr: invalid size in ea xattr
[  788.118372][T15979] EXT4-fs error (device loop9): ext4_orphan_get:1403: comm syz.9.2621: couldn't read orphan inode 17 (err -117)
[  788.133452][T15979] EXT4-fs (loop9): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  788.264142][T14776] VFS: Lookup of '.' in ext4 loop9 would have caused loop
[  788.364953][T14776] VFS: Lookup of '.' in ext4 loop9 would have caused loop
[  789.354478][T14776] EXT4-fs (loop9): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  789.957776][ T5774] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[  789.975407][ T5774] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[  789.991646][ T5774] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[  790.001370][ T5774] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[  790.010011][ T5774] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3
[  790.019116][ T5774] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[  790.460932][T16018] chnl_net:caif_netlink_parms(): no params data found
[  790.528032][T16018] bridge0: port 1(bridge_slave_0) entered blocking state
[  790.537471][T16018] bridge0: port 1(bridge_slave_0) entered disabled state
[  790.545356][T16018] bridge_slave_0: entered allmulticast mode
[  790.553430][T16018] bridge_slave_0: entered promiscuous mode
[  790.566722][T16018] bridge0: port 2(bridge_slave_1) entered blocking state
[  790.574166][T16018] bridge0: port 2(bridge_slave_1) entered disabled state
[  790.582567][T16018] bridge_slave_1: entered allmulticast mode
[  790.590246][T16018] bridge_slave_1: entered promiscuous mode
[  790.635964][T16018] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  790.649963][T16018] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  790.693929][T16018] team0: Port device team_slave_0 added
[  790.703435][T16018] team0: Port device team_slave_1 added
[  790.740890][T16018] batman_adv: batadv0: Adding interface: batadv_slave_0
[  790.748105][T16018] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  790.776013][T16018] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  790.789796][T16018] batman_adv: batadv0: Adding interface: batadv_slave_1
[  790.805394][T16018] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  790.849272][T16018] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  790.937590][T16018] hsr_slave_0: entered promiscuous mode
[  790.955239][T16018] hsr_slave_1: entered promiscuous mode
[  790.961705][T16018] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  790.972094][T16018] Cannot create hsr debugfs directory
[  791.361320][T16052] infiniband syz0: set down
[  791.443153][T16052] mac80211_hwsim hwsim14 wlan0: left allmulticast mode
[  791.455607][T16052] netdevsim netdevsim6 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0
[  791.467007][T16052] netdevsim netdevsim6 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0
[  791.480636][T16052] netdevsim netdevsim6 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0
[  791.492726][T16052] netdevsim netdevsim6 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0
[  791.530211][T16052] geneve2: left promiscuous mode
[  791.554006][T16052] macvtap1: left promiscuous mode
[  791.562618][T16052] macvtap1: left allmulticast mode
[  792.077452][ T5774] Bluetooth: hci0: command tx timeout
[  792.320283][T16052] netdevsim netdevsim6 netdevsim0: unset [1, 1] type 2 family 0 port 20004 - 0
[  792.337600][T16052] netdevsim netdevsim6 netdevsim1: unset [1, 1] type 2 family 0 port 20004 - 0
[  792.347140][T16052] netdevsim netdevsim6 netdevsim2: unset [1, 1] type 2 family 0 port 20004 - 0
[  792.359072][T16052] netdevsim netdevsim6 netdevsim3: unset [1, 1] type 2 family 0 port 20004 - 0
[  793.960022][T16018] netdevsim netdevsim2 netdevsim0: renamed from eth0
[  793.992611][T16018] netdevsim netdevsim2 netdevsim1: renamed from eth1
[  794.013796][T16018] netdevsim netdevsim2 netdevsim2: renamed from eth2
[  794.056820][T16018] netdevsim netdevsim2 netdevsim3: renamed from eth3
[  794.208027][ T5774] Bluetooth: hci0: command tx timeout
[  794.672942][T16018] 8021q: adding VLAN 0 to HW filter on device bond0
[  795.249267][T16018] 8021q: adding VLAN 0 to HW filter on device team0
[  795.307462][ T1301] bridge0: port 1(bridge_slave_0) entered blocking state
[  795.314614][ T1301] bridge0: port 1(bridge_slave_0) entered forwarding state
[  795.346917][ T1301] bridge0: port 2(bridge_slave_1) entered blocking state
[  795.354127][ T1301] bridge0: port 2(bridge_slave_1) entered forwarding state
[  796.038265][T16018] 8021q: adding VLAN 0 to HW filter on device batadv0
[  796.223023][T16018] veth0_vlan: entered promiscuous mode
[  796.235022][ T5774] Bluetooth: hci0: command tx timeout
[  796.318701][T16018] veth1_vlan: entered promiscuous mode
[  796.508090][T16018] veth0_macvtap: entered promiscuous mode
[  796.600312][T16018] veth1_macvtap: entered promiscuous mode
[  796.688089][T16018] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  796.716841][T16018] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  796.734040][T16018] batman_adv: batadv0: Interface activated: batadv_slave_0
[  796.759314][T16018] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  796.788019][T16018] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  796.822043][T16018] batman_adv: batadv0: Interface activated: batadv_slave_1
[  796.846617][T16018] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  796.871077][T16018] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  796.896361][T16018] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  796.913844][T16018] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  797.288305][   T49] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  797.324810][   T49] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  797.551318][ T2960] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  797.594732][ T2960] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  798.315357][ T5774] Bluetooth: hci0: command tx timeout
[  798.807736][T16221] vxcan1: left promiscuous mode
[  798.845250][T16221] veth0_to_team: left promiscuous mode
[  798.853028][T16221] veth0_vlan: left allmulticast mode
[  799.046037][T16221] bridge2: left allmulticast mode
[  799.124965][T16221] netdevsim netdevsim3 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0
[  799.174863][T16221] netdevsim netdevsim3 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0
[  799.183896][T16221] netdevsim netdevsim3 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0
[  799.204768][T16221] netdevsim netdevsim3 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0
[  799.221562][T16221] geneve2: left promiscuous mode
[  799.266300][T16221] tipc: Resetting bearer <eth:syzkaller0>
[  799.329032][T16221] macvtap1: left promiscuous mode
[  799.334175][T16221] macvtap1: left allmulticast mode
[  800.085862][T16267] 9pnet_fd: Insufficient options for proto=fd
[  804.419973][T16347] netlink: 12 bytes leftover after parsing attributes in process `syz.2.2706'.
[  808.105345][T16392] netlink: 260 bytes leftover after parsing attributes in process `syz.2.2713'.
[  808.114436][T16392] netlink: 104 bytes leftover after parsing attributes in process `syz.2.2713'.
[  808.123930][T16392] netlink: 16 bytes leftover after parsing attributes in process `syz.2.2713'.
[  808.255024][T16404] netlink: 12 bytes leftover after parsing attributes in process `syz.1.2716'.
[  808.291079][T16404] gre2: entered allmulticast mode
[  808.328411][T16402] netlink: 44 bytes leftover after parsing attributes in process `syz.6.2715'.
[  809.200776][ T1280] ieee802154 phy0 wpan0: encryption failed: -22
[  809.217291][ T1280] ieee802154 phy1 wpan1: encryption failed: -22
[  810.810852][T16446] netlink: 52 bytes leftover after parsing attributes in process `syz.3.2727'.
[  811.398840][T16462] netlink: 'syz.3.2732': attribute type 4 has an invalid length.
[  811.465714][T16466] netlink: 'syz.3.2732': attribute type 4 has an invalid length.
[  815.242533][T16526] netlink: 'syz.6.2743': attribute type 4 has an invalid length.
[  815.283648][T16526] netlink: 'syz.6.2743': attribute type 4 has an invalid length.
[  816.915027][T16547] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2748'.
[  817.237339][T16547] batman_adv: batadv0: Removing interface: batadv_slave_1
[  822.560837][T16625] loop2: detected capacity change from 0 to 1024
[  822.606820][T16625] EXT4-fs (loop2): ext4_check_descriptors: Checksum for group 0 failed (32298!=35945)
[  822.675320][T16625] EXT4-fs (loop2): stripe (65535) is not aligned with cluster size (4096), stripe is disabled
[  822.707968][T16625] EXT4-fs (loop2): revision level too high, forcing read-only mode
[  822.719567][T16625] EXT4-fs (loop2): orphan cleanup on readonly fs
[  822.730511][T16625] EXT4-fs error (device loop2): ext4_read_inode_bitmap:168: comm syz.2.2762: Inode bitmap for bg 0 marked uninitialized
[  822.754775][T16625] EXT4-fs (loop2): Remounting filesystem read-only
[  822.781660][T16625] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback.
[  823.301756][T16018] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  825.593468][T16687] virtio-fs: tag </dev/md0> not found
[  826.446721][T16694] syzkaller0: entered promiscuous mode
[  826.464860][T16694] syzkaller0: entered allmulticast mode
[  829.962152][T16739] netlink: 20 bytes leftover after parsing attributes in process `syz.3.2789'.
[  834.991278][T16793] mac80211_hwsim hwsim2 wlan0: entered promiscuous mode
[  834.998410][T16793] mac80211_hwsim hwsim2 wlan0: entered allmulticast mode
[  838.518543][T16830] netlink: 'syz.6.2811': attribute type 10 has an invalid length.
[  838.567010][T16830] bond0: (slave wlan1): Enslaving as an active interface with an up link
[  841.835384][T16868] loop2: detected capacity change from 0 to 512
[  841.949349][T16868] EXT4-fs error (device loop2): ext4_iget_extra_inode:4732: inode #15: comm syz.2.2809: corrupted in-inode xattr: invalid ea_ino
[  842.010834][T16873] overlayfs: failed to clone upperpath
[  842.027875][T16868] EXT4-fs error (device loop2): ext4_orphan_get:1403: comm syz.2.2809: couldn't read orphan inode 15 (err -117)
[  842.072497][T16868] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  843.517686][   T28] kauditd_printk_skb: 38 callbacks suppressed
[  843.517703][   T28] audit: type=1326 audit(1770307542.100:182): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16896 comm="syz.6.2817" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9aaf19aeb9 code=0x7ffc0000
[  843.547405][   T28] audit: type=1326 audit(1770307542.100:183): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16896 comm="syz.6.2817" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9aaf19aeb9 code=0x7ffc0000
[  843.570537][   T28] audit: type=1326 audit(1770307542.100:184): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16896 comm="syz.6.2817" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7f9aaf19aeb9 code=0x7ffc0000
[  843.613934][   T28] audit: type=1326 audit(1770307542.100:185): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16896 comm="syz.6.2817" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9aaf19aeb9 code=0x7ffc0000
[  843.650680][   T28] audit: type=1326 audit(1770307542.100:186): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16896 comm="syz.6.2817" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7f9aaf19aeb9 code=0x7ffc0000
[  843.751610][T16018] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  843.767982][   T28] audit: type=1326 audit(1770307542.100:187): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16896 comm="syz.6.2817" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9aaf19aeb9 code=0x7ffc0000
[  843.848429][   T28] audit: type=1326 audit(1770307542.100:188): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16896 comm="syz.6.2817" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7f9aaf19aeb9 code=0x7ffc0000
[  843.971135][   T28] audit: type=1326 audit(1770307542.100:189): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16896 comm="syz.6.2817" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9aaf19aeb9 code=0x7ffc0000
[  844.444325][   T28] audit: type=1326 audit(1770307542.100:190): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16896 comm="syz.6.2817" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7f9aaf19aeb9 code=0x7ffc0000
[  844.620869][   T28] audit: type=1326 audit(1770307542.100:191): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16896 comm="syz.6.2817" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9aaf19aeb9 code=0x7ffc0000
[  851.053935][T16944] overlayfs: failed to clone upperpath
[  851.405800][T16959] sch_tbf: burst 0 is lower than device ip6gre0 mtu (1448) !
[  852.568653][T16974] netlink: 8 bytes leftover after parsing attributes in process `syz.3.2844'.
[  856.359870][T17003] netlink: 2384 bytes leftover after parsing attributes in process `syz.1.2847'.
[  857.203029][T17010] syzkaller0: entered promiscuous mode
[  857.237335][T17010] syzkaller0: entered allmulticast mode
[  861.232090][T17064] netlink: 2384 bytes leftover after parsing attributes in process `syz.1.2864'.
[  864.446853][T17093] xt_hashlimit: size too large, truncated to 1048576
[  865.235226][T17111] vlan2: entered promiscuous mode
[  865.240428][T17111] syz_tun: entered promiscuous mode
[  865.779899][T17129] netlink: 4768 bytes leftover after parsing attributes in process `syz.1.2874'.
[  865.984220][T17133] netlink: 12 bytes leftover after parsing attributes in process `syz.1.2875'.
[  866.031487][T17133] vlan3: entered promiscuous mode
[  866.043111][T17133] bridge0: entered promiscuous mode
[  866.173456][T17135] ptrace attach of "./syz-executor exec"[8175] was attempted by ""[17135]
[  871.199167][ T1280] ieee802154 phy0 wpan0: encryption failed: -22
[  871.206160][ T1280] ieee802154 phy1 wpan1: encryption failed: -22
[  871.729016][T17179] overlayfs: workdir and upperdir must reside under the same mount
[  871.799612][T17179] overlayfs: workdir and upperdir must reside under the same mount
[  872.583862][T17191] 8021q: adding VLAN 0 to HW filter on device macvlan3
[  874.796118][T17206] tipc: Enabling of bearer <eth:syzkaller0> rejected, failed to enable media
[  887.399684][T17281] tipc: Started in network mode
[  887.435148][T17281] tipc: Node identity 56e76812a8aa, cluster identity 4711
[  887.442468][T17281] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  887.651694][T17281] tipc: Resetting bearer <eth:syzkaller0>
[  889.396262][T17275] tipc: Disabling bearer <eth:syzkaller0>
[  889.463994][ T5851] tipc: Node number set to 4266485778
[  889.842703][T17304] syzkaller0: entered promiscuous mode
[  889.864949][T17304] syzkaller0: entered allmulticast mode
[  890.313758][T17313] loop2: detected capacity change from 0 to 512
[  890.364423][T17313] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  890.404019][T17317] sch_tbf: burst 19872 is lower than device lo mtu (11337746) !
[  891.368630][   T28] kauditd_printk_skb: 1 callbacks suppressed
[  891.368646][   T28] audit: type=1800 audit(1770307589.850:193): pid=17320 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.2.2922" name="file1" dev="loop2" ino=15 res=0 errno=0
[  891.454193][T16018] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  897.770770][T17372] tipc: Enabling of bearer <eth:syzkaller0> rejected, already enabled
[  900.042485][T17382] loop2: detected capacity change from 0 to 8192
[  900.125045][T17382] REISERFS warning:  read_super_block: reiserfs filesystem is deprecated and scheduled to be removed from the kernel in 2025
[  900.260468][T17382] REISERFS (device loop2): found reiserfs format "3.5" with non-standard journal
[  900.308535][T17382] REISERFS (device loop2): using ordered data mode
[  900.351886][T17382] reiserfs: using flush barriers
[  900.405640][T17382] REISERFS (device loop2): journal params: device loop2, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30
[  900.465319][T17382] REISERFS (device loop2): checking transaction log (loop2)
[  900.518254][T17382] REISERFS (device loop2): Using r5 hash to sort names
[  900.537415][T17382] REISERFS (device loop2): Created .reiserfs_priv - reserved for xattr storage.
[  900.783175][T17397] tipc: Enabling of bearer <eth:syzkaller0> rejected, already enabled
[  900.945396][T17397] netem: change failed
[  903.930172][T17440] batman_adv: batadv0: Adding interface: dummy0
[  903.971255][T17440] batman_adv: batadv0: The MTU of interface dummy0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  904.073295][T17440] batman_adv: batadv0: Interface activated: dummy0
[  904.139365][T17442] batadv0: mtu less than device minimum
[  904.268054][T17442] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320)
[  904.281794][T17442] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320)
[  904.294687][T17442] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320)
[  904.306151][T17442] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320)
[  904.317552][T17442] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320)
[  904.329313][T17442] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320)
[  904.341113][T17442] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320)
[  904.352593][T17442] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320)
[  904.364199][T17442] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320)
[  908.046142][T17465] x_tables: ip6_tables: rpfilter match: used from hooks INPUT, but only valid from PREROUTING
[  914.095600][T17512] netlink: 64 bytes leftover after parsing attributes in process `syz.6.2968'.
[  914.475049][ T5774] Bluetooth: hci0: command 0x0406 tx timeout
[  914.979246][T17519] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2966'.
[  916.020703][T17519] macvtap2: entered promiscuous mode
[  916.083328][T17519] bond0: entered promiscuous mode
[  916.127664][T17519] bond_slave_0: entered promiscuous mode
[  916.161225][T17519] bond_slave_1: entered promiscuous mode
[  916.168270][T17519] mac80211_hwsim hwsim9 wlan1: entered promiscuous mode
[  916.195808][T17519] macvtap2: entered allmulticast mode
[  916.399214][T17519] bond0: entered allmulticast mode
[  916.404393][T17519] bond_slave_0: entered allmulticast mode
[  916.741774][T17519] bond_slave_1: entered allmulticast mode
[  917.179464][T17519] mac80211_hwsim hwsim9 wlan1: entered allmulticast mode
[  917.297951][T17519] 8021q: adding VLAN 0 to HW filter on device macvtap2
[  917.365872][T17528] bond0: left allmulticast mode
[  917.384048][T17528] bond_slave_0: left allmulticast mode
[  917.395775][T17528] bond_slave_1: left allmulticast mode
[  917.401318][T17528] mac80211_hwsim hwsim9 wlan1: left allmulticast mode
[  917.410077][T17528] bond0: left promiscuous mode
[  917.415533][T17528] bond_slave_0: left promiscuous mode
[  917.421248][T17528] bond_slave_1: left promiscuous mode
[  917.430493][T17528] mac80211_hwsim hwsim9 wlan1: left promiscuous mode
[  917.455484][T17542] platform regulatory.0: loading /lib/firmware/regulatory.db failed with error -12
[  917.464978][T17542] platform regulatory.0: Direct firmware load for regulatory.db failed with error -12
[  917.474983][T17542] platform regulatory.0: Falling back to sysfs fallback for: regulatory.db
[  921.773879][T17612] 8021q: adding VLAN 0 to HW filter on device bond1
[  925.364144][T17654] netlink: 28 bytes leftover after parsing attributes in process `syz.2.2995'.
[  925.373556][T17654] netlink: 28 bytes leftover after parsing attributes in process `syz.2.2995'.
[  932.080937][ T1280] ieee802154 phy0 wpan0: encryption failed: -22
[  932.087823][ T1280] ieee802154 phy1 wpan1: encryption failed: -22
[  936.973149][T14782] libceph: connect (1)[b::]:6789 error -97
[  936.985897][T17729] ceph: No mds server is up or the cluster is laggy
[  936.996476][T14782] libceph: mon0 (1)[b::]:6789 connect error
[  937.215479][   T28] audit: type=1326 audit(1770307635.810:194): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17739 comm="syz.1.3017" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f916839aeb9 code=0x7ffc0000
[  937.404943][   T28] audit: type=1326 audit(1770307635.830:195): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17739 comm="syz.1.3017" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f916839aeb9 code=0x7ffc0000
[  937.804844][   T28] audit: type=1326 audit(1770307635.830:196): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17739 comm="syz.1.3017" exe="/root/syz-executor" sig=0 arch=c000003e syscall=85 compat=0 ip=0x7f916839aeb9 code=0x7ffc0000
[  937.982917][   T28] audit: type=1326 audit(1770307635.830:197): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17739 comm="syz.1.3017" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f916839aeb9 code=0x7ffc0000
[  939.085514][   T28] audit: type=1326 audit(1770307635.830:198): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17739 comm="syz.1.3017" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f916839aeb9 code=0x7ffc0000
[  939.150687][   T28] audit: type=1326 audit(1770307635.830:199): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17739 comm="syz.1.3017" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7f916839aeb9 code=0x7ffc0000
[  939.251252][   T28] audit: type=1326 audit(1770307635.830:200): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17739 comm="syz.1.3017" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f916839aeb9 code=0x7ffc0000
[  939.293015][   T28] audit: type=1326 audit(1770307635.830:201): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17739 comm="syz.1.3017" exe="/root/syz-executor" sig=0 arch=c000003e syscall=46 compat=0 ip=0x7f916839aeb9 code=0x7ffc0000
[  940.690195][   T28] audit: type=1326 audit(1770307635.840:202): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17739 comm="syz.1.3017" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f916839aeb9 code=0x7ffc0000
[  940.750603][   T28] audit: type=1326 audit(1770307635.840:203): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17739 comm="syz.1.3017" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f916839aeb9 code=0x7ffc0000
[  941.018430][T17756] tipc: Enabling of bearer <eth:syzkaller0> rejected, failed to enable media
[  944.060331][T17787] netlink: 'syz.3.3026': attribute type 10 has an invalid length.
[  946.683100][T17817] o2cb: This node has not been configured.
[  946.751103][T17817] o2cb: Cluster check failed. Fix errors before retrying.
[  946.764588][T17817] (syz.6.3028,17817,0):user_dlm_register:674 ERROR: status = -22
[  947.085595][T17817] (syz.6.3028,17817,0):dlmfs_mkdir:438 ERROR: Error -22 could not register domain "file0"
[  951.565578][T17850] x_tables: ip_tables: rpfilter match: used from hooks OUTPUT, but only valid from PREROUTING
[  952.511195][T17855] overlayfs: failed to clone lowerpath
[  952.520330][T17856] bridge0: port 1(bridge_slave_0) entered blocking state
[  952.527494][T17856] bridge0: port 1(bridge_slave_0) entered forwarding state
[  952.820031][T17863] netlink: 2124 bytes leftover after parsing attributes in process `syz.2.3048'.
[  956.747814][T17881] overlayfs: missing 'lowerdir'
[  966.363392][T17948] netlink: 'syz.3.3068': attribute type 10 has an invalid length.
[  966.401399][ T3005] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  966.414853][ T3005] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  966.511636][   T28] kauditd_printk_skb: 27 callbacks suppressed
[  966.511650][   T28] audit: type=1326 audit(1770307665.100:231): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17949 comm="syz.2.3077" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f27d259aeb9 code=0x7ffc0000
[  966.686933][   T28] audit: type=1326 audit(1770307665.100:232): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17949 comm="syz.2.3077" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f27d259aeb9 code=0x7ffc0000
[  968.660786][   T28] audit: type=1326 audit(1770307665.110:233): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17949 comm="syz.2.3077" exe="/root/syz-executor" sig=0 arch=c000003e syscall=85 compat=0 ip=0x7f27d259aeb9 code=0x7ffc0000
[  969.902311][   T28] audit: type=1326 audit(1770307665.110:234): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17949 comm="syz.2.3077" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f27d259aeb9 code=0x7ffc0000
[  969.971113][   T28] audit: type=1326 audit(1770307665.110:235): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17949 comm="syz.2.3077" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7f27d259aeb9 code=0x7ffc0000
[  969.996207][   T28] audit: type=1326 audit(1770307665.110:236): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17949 comm="syz.2.3077" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f27d259aeb9 code=0x7ffc0000
[  970.038809][   T28] audit: type=1326 audit(1770307665.110:237): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17949 comm="syz.2.3077" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f27d259aeb9 code=0x7ffc0000
[  970.061644][   T28] audit: type=1326 audit(1770307665.110:238): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17949 comm="syz.2.3077" exe="/root/syz-executor" sig=0 arch=c000003e syscall=46 compat=0 ip=0x7f27d259aeb9 code=0x7ffc0000
[  970.148051][   T28] audit: type=1326 audit(1770307665.110:239): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17949 comm="syz.2.3077" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f27d259aeb9 code=0x7ffc0000
[  973.662363][   T28] audit: type=1326 audit(1770307665.110:240): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17949 comm="syz.2.3077" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f27d259aeb9 code=0x7ffc0000
[  973.693354][   T28] audit: type=1326 audit(1770307665.110:241): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17949 comm="syz.2.3077" exe="/root/syz-executor" sig=0 arch=c000003e syscall=302 compat=0 ip=0x7f27d259aeb9 code=0x7ffc0000
[  973.717828][   T28] audit: type=1326 audit(1770307665.110:242): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17949 comm="syz.2.3077" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f27d259aeb9 code=0x7ffc0000
[  973.750047][   T28] audit: type=1326 audit(1770307665.110:243): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17949 comm="syz.2.3077" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f27d259aeb9 code=0x7ffc0000
[  973.910690][   T28] audit: type=1326 audit(1770307665.110:244): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17949 comm="syz.2.3077" exe="/root/syz-executor" sig=0 arch=c000003e syscall=144 compat=0 ip=0x7f27d259aeb9 code=0x7ffc0000
[  974.536590][   T28] audit: type=1326 audit(1770307665.110:245): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17949 comm="syz.2.3077" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f27d259aeb9 code=0x7ffc0000
[  974.658475][   T28] audit: type=1326 audit(1770307665.110:246): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17949 comm="syz.2.3077" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f27d259aeb9 code=0x7ffc0000
[  974.959021][   T28] audit: type=1326 audit(1770307665.110:247): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17949 comm="syz.2.3077" exe="/root/syz-executor" sig=0 arch=c000003e syscall=39 compat=0 ip=0x7f27d259aeb9 code=0x7ffc0000
[  975.108094][   T28] audit: type=1326 audit(1770307665.110:248): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17949 comm="syz.2.3077" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f27d259aeb9 code=0x7ffc0000
[  975.146077][   T28] audit: type=1326 audit(1770307665.110:249): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17949 comm="syz.2.3077" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f27d259aeb9 code=0x7ffc0000
[  976.732791][T17997] fuse: Bad value for 'fd'
[  978.881815][T18007] overlayfs: missing 'lowerdir'
[  984.818056][T18071] netlink: 'syz.1.3103': attribute type 10 has an invalid length.
[  984.847080][T18071] mac80211_hwsim hwsim3 wlan1: entered promiscuous mode
[  984.855836][T18071] bond0: (slave wlan1): Enslaving as an active interface with an up link
[  984.876452][  T133] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  984.891435][  T133] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  995.075230][ T1280] ieee802154 phy0 wpan0: encryption failed: -22
[  995.081586][ T1280] ieee802154 phy1 wpan1: encryption failed: -22
[  995.388862][T18116] netlink: 'syz.2.3110': attribute type 10 has an invalid length.
[  995.464090][T18116] bond0: (slave wlan1): Enslaving as an active interface with an up link
[  996.807629][ T1141] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  996.834018][ T1141] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 1006.392532][T18168] fuse: Unknown parameter 'fd0000000000000000000000000000000000000000'
[ 1011.225956][T18192] netlink: 300 bytes leftover after parsing attributes in process `syz.6.3123'.
[ 1011.826603][T18190] netlink: 44 bytes leftover after parsing attributes in process `syz.3.3121'.
[ 1011.982808][T18197] netlink: 'syz.2.3127': attribute type 25 has an invalid length.
[ 1011.998838][T18198] netlink: 4 bytes leftover after parsing attributes in process `syz.6.3126'.
[ 1012.703673][T18209] tipc: Can't bind to reserved service type 0
[ 1017.994909][T18251] RDS: rds_bind could not find a transport for ::ffff:172.30.0.7, load rds_tcp or rds_rdma?
[ 1028.611906][T18323] overlayfs: failed to clone lowerpath
[ 1034.983064][T18354] batman_adv: batadv0: Adding interface: dummy0
[ 1034.997187][T18354] batman_adv: batadv0: The MTU of interface dummy0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 1035.025777][T18343] orangefs_mount: mount request failed with -4
[ 1035.044800][T18354] batman_adv: batadv0: Not using interface dummy0 (retrying later): interface not active
[ 1040.024523][T18390] netlink: 16 bytes leftover after parsing attributes in process `syz.2.3171'.
[ 1040.039036][T18390] netlink: 8 bytes leftover after parsing attributes in process `syz.2.3171'.
[ 1040.704794][T18397] netlink: 2124 bytes leftover after parsing attributes in process `syz.2.3174'.
[ 1042.172847][T18405] netdevsim netdevsim3 netdevsim0: entered allmulticast mode
[ 1042.201124][T18405] net_ratelimit: 10 callbacks suppressed
[ 1042.201135][T18405] A link change request failed with some changes committed already. Interface netdevsim0 may have been left with an inconsistent configuration, please check.
[ 1046.287237][T18473] netlink: 68 bytes leftover after parsing attributes in process `syz.3.3185'.
[ 1046.658408][T18480] xt_cgroup: path and classid specified
[ 1047.749897][   T28] kauditd_printk_skb: 15 callbacks suppressed
[ 1047.749915][   T28] audit: type=1326 audit(1770307746.330:265): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18474 comm="syz.6.3176" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f9aaf19aeb9 code=0x0
[ 1055.251062][ T1280] ieee802154 phy0 wpan0: encryption failed: -22
[ 1055.258214][ T1280] ieee802154 phy1 wpan1: encryption failed: -22
[ 1058.884711][T18557] syz.1.3207 calls setitimer() with new_value NULL pointer. Misfeature support will be removed
[ 1060.095761][T18557] ptrace attach of "./syz-executor exec"[5770] was attempted by "                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              
[ 1060.709077][T18564] netlink: 20 bytes leftover after parsing attributes in process `syz.1.3210'.
[ 1060.833373][T18564] netlink: 'syz.1.3210': attribute type 3 has an invalid length.
[ 1063.373395][T18592] netlink: 64 bytes leftover after parsing attributes in process `syz.3.3216'.
[ 1064.784853][T18616] netlink: 2124 bytes leftover after parsing attributes in process `syz.6.3226'.
[ 1067.156145][T18645] netlink: 2124 bytes leftover after parsing attributes in process `syz.2.3236'.
[ 1068.943211][T18672] netlink: 56 bytes leftover after parsing attributes in process `syz.6.3246'.
[ 1069.586628][T18700] netlink: 2124 bytes leftover after parsing attributes in process `syz.2.3259'.
[ 1073.715260][T11543] ------------[ cut here ]------------
[ 1073.722857][T11543] WARNING: CPU: 1 PID: 11543 at io_uring/io_uring.c:3214 io_ring_exit_work+0x3a7/0x820
[ 1073.733024][T11543] Modules linked in:
[ 1073.737590][T11543] CPU: 1 PID: 11543 Comm: kworker/u4:0 Not tainted syzkaller #0
[ 1073.745494][T11543] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[ 1073.756086][T11543] Workqueue: iou_exit io_ring_exit_work
[ 1073.762154][T11543] RIP: 0010:io_ring_exit_work+0x3a7/0x820
[ 1073.768081][T11543] Code: 78 23 e8 fc 5a 0b f7 48 8b 7c 24 30 48 8b 74 24 08 e8 ed ec 10 00 48 85 c0 75 1d e8 e3 5a 0b f7 e9 b9 fd ff ff e8 d9 5a 0b f7 <0f> 0b b8 70 17 00 00 48 89 44 24 08 eb cf c7 84 24 90 00 00 00 00
[ 1073.788867][T11543] RSP: 0018:ffffc9000369fa40 EFLAGS: 00010293
[ 1073.795306][T11543] RAX: ffffffff8a7bb9d7 RBX: ffff888028ad0000 RCX: ffff88802bdf9e00
[ 1073.803404][T11543] RDX: 0000000000000000 RSI: fffffffffffffffa RDI: 0000000000000000
[ 1073.812743][T11543] RBP: ffffc9000369fbb0 R08: ffffc9000369f9c7 R09: 1ffff920006d3f38
[ 1073.821338][T11543] R10: dffffc0000000000 R11: fffff520006d3f39 R12: dffffc0000000000
[ 1073.830506][T11543] R13: ffff888028ad0288 R14: 0000000100012d4e R15: 0000000100012d54
[ 1073.839239][T11543] FS:  0000000000000000(0000) GS:ffff8880b8f00000(0000) knlGS:0000000000000000
[ 1073.848579][T11543] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 1073.855559][T11543] CR2: 00007f27d3345690 CR3: 000000008f1b8000 CR4: 00000000003506e0
[ 1073.863674][T11543] Call Trace:
[ 1073.867540][T11543]  <TASK>
[ 1073.870628][T11543]  ? io_ring_ctx_wait_and_kill+0x2b0/0x2b0
[ 1073.876610][T11543]  ? _raw_spin_unlock_irq+0x23/0x50
[ 1073.882577][T11543]  ? process_scheduled_works+0x96f/0x15d0
[ 1073.888577][T11543]  ? process_scheduled_works+0x96f/0x15d0
[ 1073.894431][T11543]  process_scheduled_works+0xa5d/0x15d0
[ 1073.900141][T11543]  ? assign_work+0x430/0x430
[ 1073.904840][T11543]  ? assign_work+0x3d0/0x430
[ 1073.909649][T11543]  worker_thread+0xa55/0xfc0
[ 1073.914271][T11543]  ? _raw_spin_unlock_irqrestore+0xc5/0x120
[ 1073.920458][T11543]  ? _raw_spin_unlock+0x40/0x40
[ 1073.925448][T11543]  kthread+0x2fa/0x390
[ 1073.929565][T11543]  ? pr_cont_work+0x560/0x560
[ 1073.934376][T11543]  ? kthread_blkcg+0xd0/0xd0
[ 1073.939181][T11543]  ret_from_fork+0x48/0x80
[ 1073.943630][T11543]  ? kthread_blkcg+0xd0/0xd0
[ 1073.948534][T11543]  ret_from_fork_asm+0x11/0x20
[ 1073.953357][T11543]  </TASK>
[ 1073.956661][T11543] Kernel panic - not syncing: kernel: panic_on_warn set ...
[ 1073.963962][T11543] CPU: 1 PID: 11543 Comm: kworker/u4:0 Not tainted syzkaller #0
[ 1073.971792][T11543] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[ 1073.982215][T11543] Workqueue: iou_exit io_ring_exit_work
[ 1073.987892][T11543] Call Trace:
[ 1073.991202][T11543]  <TASK>
[ 1073.994324][T11543]  dump_stack_lvl+0x18c/0x250
[ 1073.999078][T11543]  ? show_regs_print_info+0x20/0x20
[ 1074.004308][T11543]  ? load_image+0x400/0x400
[ 1074.008908][T11543]  panic+0x2dc/0x730
[ 1074.012838][T11543]  ? bpf_jit_dump+0xd0/0xd0
[ 1074.017470][T11543]  ? ret_from_fork_asm+0x11/0x20
[ 1074.022441][T11543]  __warn+0x2e0/0x470
[ 1074.026435][T11543]  ? io_ring_exit_work+0x3a7/0x820
[ 1074.031993][T11543]  ? io_ring_exit_work+0x3a7/0x820
[ 1074.037216][T11543]  report_bug+0x2be/0x4f0
[ 1074.041844][T11543]  ? io_ring_exit_work+0x3a7/0x820
[ 1074.047656][T11543]  ? io_ring_exit_work+0x3a7/0x820
[ 1074.052854][T11543]  ? io_ring_exit_work+0x3a9/0x820
[ 1074.057964][T11543]  handle_bug+0xcf/0x120
[ 1074.062205][T11543]  exc_invalid_op+0x1a/0x50
[ 1074.066706][T11543]  asm_exc_invalid_op+0x1a/0x20
[ 1074.071646][T11543] RIP: 0010:io_ring_exit_work+0x3a7/0x820
[ 1074.077378][T11543] Code: 78 23 e8 fc 5a 0b f7 48 8b 7c 24 30 48 8b 74 24 08 e8 ed ec 10 00 48 85 c0 75 1d e8 e3 5a 0b f7 e9 b9 fd ff ff e8 d9 5a 0b f7 <0f> 0b b8 70 17 00 00 48 89 44 24 08 eb cf c7 84 24 90 00 00 00 00
[ 1074.097344][T11543] RSP: 0018:ffffc9000369fa40 EFLAGS: 00010293
[ 1074.103672][T11543] RAX: ffffffff8a7bb9d7 RBX: ffff888028ad0000 RCX: ffff88802bdf9e00
[ 1074.113344][T11543] RDX: 0000000000000000 RSI: fffffffffffffffa RDI: 0000000000000000
[ 1074.121522][T11543] RBP: ffffc9000369fbb0 R08: ffffc9000369f9c7 R09: 1ffff920006d3f38
[ 1074.129502][T11543] R10: dffffc0000000000 R11: fffff520006d3f39 R12: dffffc0000000000
[ 1074.137473][T11543] R13: ffff888028ad0288 R14: 0000000100012d4e R15: 0000000100012d54
[ 1074.145513][T11543]  ? io_ring_exit_work+0x3a7/0x820
[ 1074.150672][T11543]  ? io_ring_ctx_wait_and_kill+0x2b0/0x2b0
[ 1074.156593][T11543]  ? _raw_spin_unlock_irq+0x23/0x50
[ 1074.161802][T11543]  ? process_scheduled_works+0x96f/0x15d0
[ 1074.167525][T11543]  ? process_scheduled_works+0x96f/0x15d0
[ 1074.173327][T11543]  process_scheduled_works+0xa5d/0x15d0
[ 1074.178902][T11543]  ? assign_work+0x430/0x430
[ 1074.183581][T11543]  ? assign_work+0x3d0/0x430
[ 1074.188173][T11543]  worker_thread+0xa55/0xfc0
[ 1074.192759][T11543]  ? _raw_spin_unlock_irqrestore+0xc5/0x120
[ 1074.198647][T11543]  ? _raw_spin_unlock+0x40/0x40
[ 1074.203501][T11543]  kthread+0x2fa/0x390
[ 1074.207600][T11543]  ? pr_cont_work+0x560/0x560
[ 1074.212367][T11543]  ? kthread_blkcg+0xd0/0xd0
[ 1074.216985][T11543]  ret_from_fork+0x48/0x80
[ 1074.221396][T11543]  ? kthread_blkcg+0xd0/0xd0
[ 1074.225979][T11543]  ret_from_fork_asm+0x11/0x20
[ 1074.230834][T11543]  </TASK>
[ 1074.234219][T11543] Kernel Offset: disabled
[ 1074.238915][T11543] Rebooting in 86400 seconds..