last executing test programs:

4m43.726356559s ago: executing program 0 (id=92):
r0 = socket$netlink(0x10, 0x3, 0x10)
bind$netlink(r0, &(0x7f0000514ff4)={0x10, 0x0, 0x0, 0x2ffffffff}, 0xc)
setsockopt$sock_int(r0, 0x1, 0x8, &(0x7f0000000040), 0x4)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000000)={0x0}, 0x1, 0x0, 0x0, 0x4000000}, 0x0)
r1 = socket$netlink(0x10, 0x3, 0x0)
ioctl$ifreq_SIOCGIFINDEX_team(0xffffffffffffffff, 0x8933, &(0x7f00000002c0))
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000280)=ANY=[@ANYBLOB="4400000010000104a5270b7357000000925e4a44", @ANYRES32, @ANYBLOB="0dfa130016000000240012000c00010000000000000000000c0002f60800000001180000080001"], 0x44}}, 0x40010)
ioctl$F2FS_IOC_MOVE_RANGE(r1, 0xc020f509, &(0x7f0000000280)={r1, 0x7, 0x104, 0x7ff})
sendmsg$nl_route(r1, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000280)=ANY=[@ANYBLOB='H'], 0x48}, 0x1, 0x0, 0x0, 0x20004810}, 0x0)
sendmmsg(r1, &(0x7f00000002c0), 0x40000000000009f, 0x0)
setsockopt$netlink_NETLINK_BROADCAST_ERROR(r0, 0x10e, 0x4, &(0x7f0000000100)=0x1800, 0x4)

4m42.586885184s ago: executing program 0 (id=96):
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket(0x200000000000011, 0x2, 0x0)
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000000)={'bridge0\x00', <r2=>0x0})
r3 = socket$nl_route(0x10, 0x3, 0x0)
r4 = socket(0x10, 0x3, 0x0)
r5 = socket$nl_route(0x10, 0x3, 0x0)
r6 = socket$packet(0x11, 0x2, 0x300)
ioctl$sock_SIOCGIFINDEX(r6, 0x8933, &(0x7f0000000080)={'bridge_slave_0\x00', <r7=>0x0})
sendmsg$nl_route(r5, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000000c0)=@bridge_delvlan={0x24, 0x70, 0x1, 0x0, 0x0, {0x7, 0x0, 0x0, r7}, [@BRIDGE_VLANDB_ENTRY={0xc, 0x1, 0x0, 0x1, @BRIDGE_VLANDB_ENTRY_INFO={0x8, 0x1, {0x0, 0x4}}}]}, 0x24}}, 0x0)
ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000080)={'bridge0\x00', <r8=>0x0})
sendmsg$nl_route(r3, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000280)=@newlink={0x3c, 0x10, 0x44b, 0x0, 0x0, {0x7a, 0x0, 0x0, r8}, [@IFLA_LINKINFO={0x1c, 0x12, 0x0, 0x1, @bridge={{0xb}, {0xc, 0x2, 0x0, 0x1, [@IFLA_BR_VLAN_DEFAULT_PVID={0x6, 0x27, 0x4}]}}}]}, 0x3c}}, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)=@newlink={0x3c, 0x10, 0x403, 0x0, 0x0, {0x0, 0x0, 0x74, r2, 0x0, 0x11203}, [@IFLA_LINKINFO={0x1c, 0x12, 0x0, 0x1, @bridge={{0xb}, {0xc, 0x2, 0x0, 0x1, [@IFLA_BR_VLAN_DEFAULT_PVID={0x6, 0x27, 0x20}]}}}]}, 0x3c}, 0x1, 0x0, 0x0, 0x800}, 0x0)

4m42.42250103s ago: executing program 0 (id=100):
r0 = socket(0x10, 0x3, 0x0)
sendto$inet6(r0, &(0x7f0000000000)="7800000018002507b9409b14ffff00000202be04020506056403040c5c0009003f0020010a0000000d0085a168216b46d32345653600648d27000b000a00080049935ade4a460c89b6ec0cff3959547f509058ba86c902007a00004a32000402160020200800000000000000e218d1ddf66ed538f2523250", 0x78, 0x0, 0x0, 0x0)
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu/syz0\x00', 0x1ff)
openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0)
r1 = socket$inet6_sctp(0xa, 0x1, 0x84)
sendfile(r1, 0xffffffffffffffff, 0x0, 0x9c)
accept$alg(0xffffffffffffffff, 0x0, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000013c0)={0x11, 0x3, &(0x7f0000000080)=@framed, &(0x7f0000000300)='syzkaller\x00'}, 0x90)
r2 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_inet_SIOCSIFPFLAGS(0xffffffffffffffff, 0x8934, &(0x7f0000000040)={'wlan0\x00'})
ioctl(r2, 0x8b22, &(0x7f0000000040))

4m42.360133511s ago: executing program 0 (id=101):
syz_mount_image$exfat(&(0x7f0000000280), &(0x7f0000000580)='./file1\x00', 0x2208050, &(0x7f0000000080)=ANY=[], 0x1, 0x1520, &(0x7f0000011680)="$eJzs3Au4TtX2MPAx5pyLbefyJrmvMcfiTS6TJMklSS5JkoQj9yQJSZIkscktCUnIdSe5h9zTTtv9fsk9SY4kSUJCkvk9u/R3upyvc86/8znf2eP3POvZc6y15njH2mO/73rnu5+9v+wytFrD6pXrMTP8K/TPA/zpSxIAJADAAADIBgABAJTOXjp72vFMGpP+pQcR/yb1p1/pCsSVJP1P36T/6Zv0P32T/qdv0v/0Tfqfvkn/0zfpvxDp2sw8V8uWfjf5/P//c+p/M1nu//99EH+76++dK/3/b6P/qbOl/+lGht/bKf1PL37/FiD9T9+k/+lZcKULEFeYPP/TN+m/EOnan/6Z8vpzV/ozbdn+iU0IIYQQQgghhBBCCCGEEEIIIYQQQgghhBBCCCGEEEIIIYQQQgghhBBCCCGEEEIIIYQQQgghhBBCCCGEEEIIIYQQQgghhBBCCCGEEEIIIYQQQgghhBBCCCGEEEIIIYQQQgghhBBCCCGEEEIIIYQQQgghhBBCCCGEEEIIIYQQQgghhPh/4Jy/zADAz+MrXZcQQgghhBBCCCH+PP7tK12BEEIIIYQQQggh/v0QFGgwEEAGyAgJkAkS4SrIDFkgK2SDGFwN2eEayAHXQk7IBbkhD+SFfJAfQiCwwBBBASgIcbgOCsH1UBiKQFEoBg6KQwm4AUrCjVAKboLScDOUgVugLJSD8lABboWKcBtUgtuhMtwBVaAqVIPqcCfUgLugJtwNteAeqA33Qh24D+rC/VAP6kMD+As0hAegETSGJtAUmkFzaPEH85Oz/d78Z6E7PAc9oCckQS/oDc9DH+gL/aA/DIAXYCC8CIPgJRgMQ2AovAzD4BUYDq/CCBgJo+A1GA1jYCyMg/EwAZLhdZgIb8AkePOBLDAFpsI0mA4zYCa8BbNgNsyBt2EuzIP5kJxpISyCxfAOLIF3IQXeg6XwPqTCMlgOK2AlrILVsAbWwjpYDxtgI2yCzbAFtsIHsA22ww7YCbtgN+yBD2EvfAT74GPYj5/8k/PP/nI+dEVAQIUKDRrMgBkwARMwERMxM2bGrJgVYxjD7Jgdc2AOzIk5MTfmxryYF/NjfiQkZGQsgAUwjnEshIWwMBbGolgUHTosgSWwJN6IpbAUlsbSWAbLYFksh+WwAlbAilgRK2ElrIyVsQpWwWpYDe/EO/EurIk1sRbWwtpYG+tgHayLdbEe1sMG2AAbYkNshI2wCTbBZtgMW2ALbIktsRW2wtbYGttgG2yLbbE9tscO2AE7YkfshJ2wM3bGLtgFu+Iz+Aw+i8/ic/gc9sQqqhf2xt7YB/tgP+yP/fEFHIgv4ov4Eg7GITgUX8aX8RUcjmdwBI7EUTgKK6oxOBbHIasJmIzJmBEm4iSchJNxCk7BaTgdZ+BMnImzcDbOxrdxLs7DebgAF+AiXIyLcQm+iymYgkvxLKbiMlyOK3AlrsKVuAbX4hpcjxtwPW7CTbgFt+AH+AFux+24E3fibtyNH+KH+BF+hINxP+7HA3gAD+JBPISH8DAexiN4BI/iUTyGx/A4HscTeBJP4Uk8jafxDJ7FcwBwHs/jBbyAF/Fi2pNfpTHKqAwqg0pQCSpRJarMKrPKqrKqmIqp7Cq7yqFyqJwqp8qtcqu8Kq/Kr/IrUqRYRaqAKqDiKq4KqUKqsCqsiqqiyimnSqgSqqQqqUqpUqq0ulmVUbeosqqcethVUBVURdXaVVK3q8qqsqqiqqpqqrqqrmqoGqqmqqlqqVqqtqqt6qj7VF3VC/thfZXWmYZqCDZSQ7GJaqqaqebqFXxQtVTDsZV6WLVWj6iROALbqpauvXpMdVBjsaN6Qo3DJ1VnNQG7qKdVV/WM6qaeVd1VK9dD9VSTsZfqraZhH9VX9VP91SysqtI6Vk29pAarIWqoelktwlfUcPWqGqFGqlHqNTVajVFj1Tg1Xk1Qyep1NVG9oSapN9VkNUVNVdPUdDVDzVRvqVlqtpqj3lZz1Tw1Xy1QC9UitVi9o5aod1WKek8tVe+rVLVMLVcr1Eq1Sq1Wa9RatU6tVxvURrVJbVZb1Fb1gdqmtqsdaqfapXarPepDtVd9pPapj9V+9Yk6oP6qDqpP1SH1mTqsPldH1BfqqPpSHVNfqePqa3VCnVSn1DfqtPpWnVFn1Tn1nTqvvlcX1A/qovIKNGqltTY60Bl0Rp2gM+lEfZXOrLPorDqbjumrdXZ9jc6hr9U5dS6d2+TReXU+nV+HmrTVrCNdQBfUcX2dLqSv14V1EV1UF9NOF9cl9A26pL5Rl9I36dL6Zl1G36LL6nK6vAd9q66ob9OV9O26sr5DV9FVdTVdXd+pa+i7dE19t66l79G19b26jr5P19X363q6vm6gM1y6ZzXWTXRT3Uw31y30g7qlfki30g/r1voR3UY/Ckm6nW6vH9Md9OO6o35Cd9JP6s76Kd1FP6276md0N/2Dvqi97qF76iTdS/fWz+s+uq/up/vrAfoFPVC/qAfpl/RgPUQP1S/rYfoVPVy/qkfokXqUfk2P1mP0WD1Oj9cTdLJ+XU/Ub+hJ+k09WU/RU/U0PV3P0P0uZZrzD8x/43fmD/rx0bforfoDvU1v1zv0Tr1L79Z79B69V+/V+/Q+vV/v1wf0AX1QH9SH9CF9WB/WR/QRfVQf1cf0MX1cH9cn9En9nf5Gn9bf6jP6rD6rv9Pn9Xl94dL3AAwaZbQxJjAZTEaTYDKZRHOVyWyymKwmm4mZq012c43JYa41OU0uk9vkMXlNPpPfhIaMNWwiU8AUNHFznSlkrjeFTRFT1BQzzhQ3JcwN/+v5f1RfC9PCtDQtTSvTyrQ2rU0b08a0NW1Ne9PedDAdTEfT0XQynUxn09l0MV1MV9PVdDPdTHfT3fQwPUySSTK9zfOmj+lr+pn+ZoB5wQw0A80gM8gMNoPNUDPUDDPDzHAz3IwwI8woM8qMNqPNWDPWjDfjTbLPZiaaiWaSmWQmm8lm6oBsZrqZbmaamWaWmWXmmDlmrplr5pv5ZqFZaBabxWaJWWJSTIpZapaaVLPMLDMrzAqzyqwya8was86sMxvMBrPJbDKpZqvZaraZbWaH2WF2mV1mj9lj9pq9Zp/ZZ/ab/eaAOWAOmoPmkDlkDpvD5og5Yo6ao+aYOWaOm+PmhDlhTplT5rQ5bc6YM+acOWfOm/PmgrlgLpqLaW/7AhWowAQmyBBkCBKChCAxSAwyB5mDrEHWIBbEguxB9iBHcG2QM8gV5A7yBHmDfEH+IAwosAEHUVAgKBjEg+uCQsH1QeGgSFA0KBa4oHhQIrghKBncGJQKbgpKBzcHZYJbgrJBuaB8UCG4NagY3BZUCm4PKgd3BFWCqkG1oHpwZ1AjuCuoGdwd1AruCWoH9wZ1gvuCusH9Qb2gftAg+EvQMHggaBQ0DpoETYNmQfOgxZ+a3/szuR5yPcKeYVLYK+wdPh/2CfuG/cL+4YDwhXBg+GI4KHwpHBwOCYeGL4fDwlfC4eGr4YhwZDgqfC0cHY4Jx4bjwvHhhDA5fD2cGL4RTgrfDCeHU8KpwbRwejgjnBm+Fc4KZ4dzwrfDueG8cH64IFwYLgoRf3plSwnfC5eG74ep4bJwebgiXBmuCleHa8K14bpwfbgh3BhuKj3wp1PDbeH2cEe4M9wV7g73hB+Ge8OPwn3hx+H+8JPwQPjX8GD4aXgo/Cw8HH4eHgm/CI+GX4bHwq/C4+HX4YnwZCYIvwlPh9+GZ8Kz4bnwu/B8+H14IfwhvBj6tDf3abd3MmQoA2WgBEqgREqkzJSZslJWilGMslN2ykE5KCflpNyUm/JSXspP+SkNE1MBKkBxilMhKkSFqTAVpaLkyFEJKkElqSSVolJUmkpTGSpDZclSeSpPt9KtdBvdRrfT7XQH3UFVqSpVp+qEWINqUk2qRbWoNtWmOlSH6lJdqkf1qAE1oIbUkBpRI2pCTagZNaMW1IJaUktqRa2oNbWmNtSG2lJbak/tqQN1oI7UkTpRJ+pMnakLdaGu1JW6UTfqTt2pB/WgJEqi3tSb+lAf6kf9aAANoIE0kAbRIBpMg2koDaVhNIyG03AaQSNpFL1Go2kMjaVxNJ4mUDIl00SaSJNoEk2myTSVptJ0mk4zaSbNolk0h+bQXJpL82k+LaSFtJgW0xJaQimUQktpKaVSKi2n5bSSVtJqWk1raS2tp/W0kTbSZtpMW2krbaNttIN20C7aRXtoD+2lvbSP9tF+2k8H6AAdpIN0iA7RYTpMR+gIHaWjdIyO0XE6TifoBJ2iU3SaTtMZOkPn6Bydp+/pAv1AF8lTgs1kE+1VNrPNYrPabPbXcW6bx+a1+Wx+G9qcNtcvYrLWFrZFbFFbzDpb3JawN/wmLmvL2fK2gr3VVrS32Uq2rM0EfxvXsHfZmvZuW8veY6vbO38R17b32jr2AVvXNrb1bFPbwDa3De0DtpFtbJvYpraZbW7b2EdtW9vOtreP2Q728d/ES+y7dq1dZ9fbDXav/cies9/Zo/ZLe95+b3vYnnaAfcEOtC/aQfYlO9gO+WUMYEfZ1+xoO8aOtePseDvhN/FUO81OtzPA2LfsLDv759jOvBQvtu/YuTbFzrcL7EK76Mc4raYU+55dat+3qXaZXW5X2JV2lV1t1/xPrSvsJrvZbrF77Id2m91ud9iddpfd/WOcdh377Md2v/3EHrFf2IP2U3vIHrOH7ec/xmnXd8x+ZY/br+0Je9Kest/Y0/Zbe8ae/fH60679G/uDvWi9BUZWrNlwwBk4IydwJk7kqzgzZ+GsnI1jfDVn52s4B1/LOTkX5+Y8nJfzcX4Omdgyc8QFuCDH+TouxNdzYS7CRbkYOy7OJfgGLsk3cim+iUvzzVyGb+GyXI7LcwW+lSvybVyJb+fKfAdX4apcjavznVyD7+KafDfX4nu4Nt/Ldfg+rsv3cz2uzw34L9yQH+BG3JibcFNuxs0Z+EFuyQ9xK36YW/Mj3IYf5bbcjtvzY9yBH+eO/AR34ie5Mz/FXfhp7srPcDd+lrvzc9yDe3IS9+Le/Dz34b7cj/vzAH6BB/KLPIhf4sE8hIfyyzyMX+Hh/CqP4JE8il/j0TyGx/I4Hs8TOJlf54n8Bk/iN3kyT+GpPI2n8wyeyW/xLJ7Nc/htnsvzeD4v4IW8iBfzO7yE3+UUfo+X8vucyst4Oa/glbyKV/MaXsvreD1v4I28iTfzFt7KH/A23s47eCfv4t28hz/kvfwR7+OPeT9/wgf4r3yQP+VD/Bkf5s/5CH/BR/lLPsZf8XH+mk/wST7F3/Bp/pbP8Fk+x9/xef6eL/APfJE9Q4SRinRkoiDKEGWMEqJMUWJ0VZQ5yhJljbJFsejqKHt0TZQjujbKGeWKckd5orxRvih/FEYU2YijKCoQFYzi0XVRoej6qHBUJCoaFYtcVDwqEd0QlYxujEpFN0Wlo5ujMtEtUdmoXFQ+qhDdGlWMbosqRbdHlaM7oipR1ahaVD26M6oR3RXVjO6OakX3RKWie6M60X1R3ej+qF5UP2oQ/SVqGD0QNYoaR02iplGzqHnUInowahk9FCUAQOvokahN9GjUNmoXtY8eizpEj//P8VZFgp/upr86nhT1ivSl1cbdemF8UXxx/J34kvi78ZT4e/Gl8ffjqfFl8eXxFfGV8VXx1fE18bXxdfH18Q3xjfFN8c3xLXHvq2cEh2kLYTAucBlcRpfgMrlEd5XL7LK4rC6bi7mrXXZ3jcvhrnU5XS6X2+VxeV0+l9+FjtylyqCgi7vrXCF3vSvsiriirphzrrgr4Zq7Fq6Fa+kecq3cw661e8Q94h51j7p2rp17zHVwj7uO7gnXyT3pOrun3FPuadfVPeO6uWddd/ec6+F6uiSX5Hq73q6P6+P6uX5ugBvgBrqBbpAb5Aa7wW6oG+qGuWFuuBvuRrgRbpQb5Ua70W6sG+vGu/Eu2SW7iW6im+Qmucluspvqprrpbrqb6Wa6WW6Wm+PmuLlurpvv5ruFbqFb7Ba7JW6JS3Epbqlb6lJdqlvulruVbqVb7Va7tW6tW+/Wu41uo9vsNrutbqvb5ra5HW6H2+V2uT1uj9vr9rp9bp/b7/a7A+6AO+gOukPuM3fYfe6OuC/cUfelO+a+csfd1+6EO+lOuW/cafetO+POunPuO3fefe8uuB/cReddcuz12MTYG7FJsTdjk2NTYlNj02LTYzNiM2NvxWbFZsfmxN6OzY3Ni82PLYgtjC2KLY69E1sSezeWEnsvtjT2fiw1tiy2PLYitjK2KuZ9vm2RL+AL+ri/zhfy1/vCvogv6ot554v7Ev4GX9Lf6Ev5m3xpf7Mv42/xZX05X9439k18U9/MN/ct/IO+pX/It/IP+9b+Ed/GP+rb+na+vX/Md/CP+47+Cd/JP+k7+6d8F//0vEs/Hr67f8738D19ku/le/vnfR/f1/fz/f0A/4If6F/0g/xLfrAf4of6l/0w/4of7l/1I/xIP8q/5kf7MX6sH+fH+wk+2b/uJ/o3/CT/pp/sp/ipfpqf7mf4mf4tP8vP9nP8236un+fn+wV+oV/kF/t3/BL/rk/x7/ml/n2f6pf55X6FX+lX+dV+jV/r1/n1foPf6Df5zX6L3+ozwja/3e/wO/0uv9vv8R/6vf4jv89/7Pf7T/wB/1d/0H/qD/nP/GH/uT/iv/BH/Zf+mP/KH/df+xP+pD/lv/Gn/bf+jD/rz/nv/Hn/vb/gf/AX5W/WhBBCCCH+IfoPjvf6nX3q0mYAoDcAZNme5/Cvc27M+dO4r9rbIQYAj/XsUv/nrX79pKSkS+emGggKLgCA2OX5P/6W51K8DFrDo9AeHoaSv1tfX1Ue+Vf5g785nqohiN8MkAiQ6ed9aWvCRPh1/hv/Tv7G7/w6/y/qT8u/AKBwwctz0h7o5/hy/lJ/J//uNn+QP9OnyQCt/mZOZrgcX85fAh6Cx6H9L84UQgghhBBCCCF+0led7/pH69u09Xlec3lORrgc/9H6/A9U+jOuQQghhBBCCCGEEP93Tz7Trd2D7ds/3Om/cqAA4Jlu7TL+p9RzxQcIAP8BZcjgP39wpV+ZhBBCCCGEEH+2y2/6r3QlQgghhBBCCCGEEEIIIYQQQgghhBBCCCGEEEIIIYQQQgghhBBCCCFE+vWv/4cw9Q+ffKWvUQghhBBCCCGEEEIIIYQQQgghhBBCCCGEEEIIIYQQQgghhBBCCCGEEEIIIYQQQgghhLjS/k8AAAD//8zaSEs=")
r0 = syz_mount_image$ext4(&(0x7f0000000380)='ext4\x00', &(0x7f0000000000)='./file0\x00', 0x3000046, &(0x7f0000000280)={[{@noload}, {@nojournal_checksum}, {@debug}, {@dioread_lock}, {@nodioread_nolock}, {@resgid}, {@data_err_ignore}, {@orlov}, {@nouid32}, {@inlinecrypt}, {}, {@dioread_nolock}]}, 0x1, 0x55e, &(0x7f0000000840)="$eJzs3d9rW1UcAPDvTdv91nYwhopIYQ9O5tK188cEH+aj6HCg7zO0d2U0XUaTjrUO3B7ciy8yBBEH4ru++zj8B/wrBjoYMoo++FK56U2XtUmbddmSms8Hbjkn9ybnfnPv9/TcnBsSwMAaz/4UIl6OiG+SiNGISPJ1w5GvHF/bbuXh9elsSWJ19dO/kvp2Wb3xWo3nHcwrL0XEb19FnChsbre6tDxXKpfThbw+UZu/MlFdWj55ab40m86ml6dOnz7z9ump9959p2uxvnH+n+8/ufvhma+PrXz3y/3Dt5M4G4fydc1xPIUbzZXxGM/fk5E4u2HDyS401k+SXu8AOzKU5/lIZH3AaAzlWQ/8/30ZEavAgErkPwyoxjigcW3fpevgXePBB2sXQJvjH177bCT21a+NDqwkj10ZZde7Y11oP2vj1z/v3M6W6N7nEADbunEzIk4ND2/u/5K8/9u5Ux1ss7EN/R88P3ez8c+brcY/hfXxT7QY/xxskbs7sX3+F+53oZm2svHf+y3Hv+uTVmNDee2F+phvJLl4qZxmfduLEXE8RvZm9a3mc86s3Fttt655/JctWfuNsWC+H/eH9z7+nJlSrfQ0MTd7cDPilZbj32T9+Cctjn/2fpzvsI2j6Z3X2q3bPv5na/WniNdbHv9HM1rJ1vOTE/XzYaJxVmz2962jv7drv9fxZ8f/wNbxjyXN87XVJ2/jx33/pu3WPRZ/dH7+70k+q5f35I9dK9VqC5MRe5KPNz8+9ei5jXpj+yz+48e27v9anf/7I+LzDuO/deTnVzuKv0fHf+aJjv+TF+599MUP7drvrP97q146nj/SSf/X6Q4+zXsHAAAAAAAA/aYQEYciKRTXy4VCsbh2f8eROFAoV6q1Excri5dnov5d2bEYKTRmukeb7oeYzO+HbdSnNtSHIuLw/ohvh/bX68XpSnmm18EDAAAAAAAAAAAAAAAAAABAnzjY5vv/mT+Ger13wDPnJ79hcG3M/9GNG3Tjl56AvuT/Pwwu+Q+DS/7D4JL/MLjkPwwu+Q+DS/7D4JL/AAAAAAAAAAAAAAAAAAAAAAAAAAAA0FXnz53LltWVh9ens/rM1aXFucrVkzNpda44vzhdnK4sXCnOViqz5bQ4XZnf7vXKlcqVyalYvDZRS6u1ierS8oX5yuLl2oVL86XZ9EI68lyiAgAAAAAAAAAAAAAAAAAAgN2lurQ8VyqX0wUFhR0VhvtjN5oK2XndB7uxywu97pkAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA4JH/AgAA//8lJTX7")
creat(0x0, 0x182)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000180)='./file1\x00', 0x181242, 0xb2)
symlinkat(&(0x7f0000000080)='./file1\x00', r0, &(0x7f00000000c0)='./file0\x00')
mount(&(0x7f0000000ac0)=@loop={'/dev/loop', 0x0}, &(0x7f0000000b00)='./file1\x00', 0x0, 0x1000, 0x0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='./file1\x00', 0x4042, 0xf8)
writev(r2, &(0x7f0000000140)=[{&(0x7f0000001200)="10", 0x64000}], 0x1)
write$FUSE_STATFS(r1, &(0x7f0000000380)={0x60, 0x0, 0x0, {{0x4, 0x8, 0x8, 0x1, 0x7, 0x46, 0x9, 0x8}}}, 0x60)
r3 = open(&(0x7f0000000100)='./file1\x00', 0x147842, 0x88)
preadv2(r3, &(0x7f0000000040)=[{&(0x7f0000001200)=""/4096, 0xfffffdef}], 0x1, 0x0, 0x0, 0x7)

4m41.852924207s ago: executing program 0 (id=102):
mkdirat(0xffffffffffffff9c, 0x0, 0x190)
statx(0xffffffffffffff9c, 0x0, 0x1000, 0x100, 0x0)
fsetxattr$security_evm(0xffffffffffffffff, &(0x7f0000000140), &(0x7f0000000180)=@v2={0x3, 0x2, 0x12, 0xf3d4, 0x10, "db2f2c2c1609b99a871fa7a0c0514da6"}, 0x19, 0x1)
mkdirat(0xffffffffffffff9c, &(0x7f0000000080)='./file0/file1\x00', 0x86)
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000002c0), 0x101001, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
add_key$user(0x0, 0x0, 0x0, 0x0, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x5, 0x1, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f00000ce000/0x18000)=nil, &(0x7f0000000040)=[@text64={0x40, 0x0}], 0x1, 0x8, 0x0, 0x0)
ioctl$KVM_RUN(r2, 0xae80, 0x0)

4m41.224240227s ago: executing program 0 (id=105):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000080)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
syz_clone3(&(0x7f0000000740)={0x8180080, 0x0, 0x0, 0x0, {0x39}, 0x0, 0x0, 0x0, &(0x7f00000005c0)=[r0], 0x1}, 0x58)

4m40.441874351s ago: executing program 32 (id=105):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000080)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
syz_clone3(&(0x7f0000000740)={0x8180080, 0x0, 0x0, 0x0, {0x39}, 0x0, 0x0, 0x0, &(0x7f00000005c0)=[r0], 0x1}, 0x58)

3m8.303987512s ago: executing program 5 (id=481):
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101})
r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000400), 0x0, 0x0)
close(r1)
r2 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r3=>0x0})
sendmsg$nl_route_sched(r2, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000580)={&(0x7f0000000500)=@newqdisc={0x40, 0x24, 0x4ee4e6a52ff56541, 0x1, 0x25dfdbfd, {0x0, 0x0, 0x0, r3, {0x0, 0xb}, {0xffff, 0xffff}, {0xfff2}}, [@qdisc_kind_options=@q_fq={{0x7}, {0x14, 0x2, [@TCA_FQ_CE_THRESHOLD={0x8, 0xc, 0x5}, @TCA_FQ_FLOW_MAX_RATE={0x8}]}}]}, 0x40}, 0x1, 0x0, 0x0, 0x40088c1}, 0x0)
ioctl$SIOCSIFHWADDR(r1, 0x8914, &(0x7f0000002280)={'syzkaller0\x00', @multicast})
r4 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r5=>0x0})
r6 = socket$packet(0x11, 0x3, 0x300)
sendto$packet(r6, &(0x7f0000000240)="80", 0x1, 0x40, &(0x7f00000001c0)={0x11, 0x8100, r5, 0x1, 0xd8, 0x6, @broadcast}, 0x14)

3m7.283539094s ago: executing program 5 (id=483):
pipe2(&(0x7f0000000000)={0x0, <r0=>0x0}, 0x0)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_CREATE(r1, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000000)={0x4c, 0x2, 0x6, 0x801, 0xe4340000, 0x0, {}, [@IPSET_ATTR_PROTOCOL={0x5, 0x1, 0x6}, @IPSET_ATTR_REVISION={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_FAMILY={0x5, 0x5, 0xa}, @IPSET_ATTR_TYPENAME={0x12, 0x3, 'hash:net,port\x00'}]}, 0x4c}}, 0x2)
r2 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_ADD(r2, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000c80)={0x5c, 0x9, 0x6, 0x801, 0x0, 0x0, {0x7}, [@IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_DATA={0x34, 0x7, 0x0, 0x1, [@IPSET_ATTR_IP={0x18, 0x1, 0x0, 0x1, @IPSET_ATTR_IPADDR_IPV6={0x14, 0x2, 0x1, 0x0, @remote}}, @IPSET_ATTR_PORT={0x6, 0x4, 0x1, 0x0, 0xe1f}, @IPSET_ATTR_PROTO={0x5, 0x7, 0x88}, @IPSET_ATTR_PORT_TO={0x6, 0x5, 0x1, 0x0, 0x4e22}]}]}, 0x5c}, 0x1, 0x0, 0x0, 0x10000042}, 0x90)
sendmsg$IPSET_CMD_LIST(r1, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000000c0)={0x1c, 0x7, 0x6, 0x5, 0x0, 0x0, {0x1, 0x0, 0x2}, [@IPSET_ATTR_PROTOCOL={0x5}]}, 0x1c}, 0x1, 0x0, 0x0, 0x20004080}, 0x48810)
recvmsg(r1, &(0x7f000000c1c0)={0x0, 0x0, 0x0}, 0x20)
r3 = socket(0x840000000002, 0x3, 0x100)
connect$inet(r3, &(0x7f00000005c0)={0x2, 0x0, @local}, 0x10)
sendmmsg$inet(r3, &(0x7f0000005240)=[{{0x0, 0x0, 0x0}, 0xfffffdef}], 0x4000095, 0x0)
socket$inet6_sctp(0xa, 0x1, 0x84)
close_range(r0, 0xffffffffffffffff, 0x0)

3m4.963888957s ago: executing program 5 (id=493):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x7, 0x100}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r0 = getpid()
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000440)={0xffffffffffffffff, 0xfffff000, 0x2d, 0x0, &(0x7f0000000180)="8b3a21d8f2a2fc5fe0a1aff0dcc907eed9a0513246ca6ec13f8ddb9a79f474aec29a224b0e61c5e1e845578fff", 0x0, 0x5, 0x7000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe3}, 0x50)
sched_setscheduler(r0, 0x1, &(0x7f00000000c0)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000440)={0x11, 0x13, &(0x7f0000000080)=ANY=[@ANYBLOB="18080000000000000000000000000400851000000600000018020000", @ANYRES32, @ANYBLOB="00000000000000006600020000000000180000000000000000000000000000009500040000000000360a020000000000180100002020782500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b50a00000000000085000000060000009500000000000000"], &(0x7f0000000000)='GPL\x00', 0x2, 0xff5c, &(0x7f0000000340)=""/222}, 0x78)

3m3.484300303s ago: executing program 5 (id=497):
r0 = syz_open_procfs(0x0, &(0x7f0000000380)='mounts\x00')
r1 = epoll_create(0x7)
epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, r0, &(0x7f0000000000))
mkdir(&(0x7f00000020c0)='./file0\x00', 0x0)
r2 = openat$fuse(0xffffffffffffff9c, &(0x7f00000005c0), 0x42, 0x0)
mount$fuse(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000002100), 0x0, &(0x7f0000000080)=ANY=[@ANYBLOB='fd=', @ANYRESOCT=r2, @ANYBLOB=',rootmode=0000000000000000040000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0])
r3 = open_tree(0xffffffffffffff9c, &(0x7f0000000040)='.\x00', 0x89901)
move_mount(r3, &(0x7f0000000140)='.\x00', 0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x0)
chroot(&(0x7f0000000440)='./file0\x00')
r4 = open_tree(0xffffffffffffff9c, &(0x7f0000000640)='\x00', 0x89901)
move_mount(r4, &(0x7f0000000140)='.\x00', 0xffffffffffffff9c, &(0x7f0000000300)='./file0\x00', 0x0)
pivot_root(&(0x7f0000000340)='./file0/../file0/../file0/../file0\x00', &(0x7f00000000c0)='./file0/../file0/../file0/../file0\x00')

3m3.412071115s ago: executing program 5 (id=499):
r0 = socket$xdp(0x2c, 0x3, 0x0)
setsockopt$XDP_UMEM_REG(r0, 0x11b, 0x4, &(0x7f00000000c0)={&(0x7f0000000000)=""/5, 0x211000, 0x1000}, 0x20)
setsockopt$XDP_RX_RING(r0, 0x11b, 0x2, &(0x7f0000000040)=0x20, 0x4)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000440)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000300)={'ipvlan1\x00', <r2=>0x0})
setsockopt$XDP_UMEM_COMPLETION_RING(r0, 0x11b, 0x6, &(0x7f0000000180)=0x20, 0x4)
setsockopt$XDP_UMEM_FILL_RING(r0, 0x11b, 0x5, &(0x7f0000000140)=0x4000, 0x4)
ioctl$XFS_IOC_FD_TO_HANDLE(0xffffffffffffffff, 0xc038586a, 0x0)
bind$xdp(r0, &(0x7f0000000100)={0x2c, 0x0, r2}, 0x10)
socket(0x200000000000011, 0x2, 0xd)
r3 = socket$netlink(0x10, 0x3, 0x400000000000004)
writev(r3, &(0x7f0000019440)=[{&(0x7f0000000200)="480000001400190d7ebdeb75fd0d8c562c84d8c033ed7a80ffe0090f000060000000a2bc5603ca00000f7f89000000200000004a2471083ec6991778581acb6c0101ff0000000309", 0x48}], 0x1)

3m2.008201779s ago: executing program 5 (id=505):
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000240)=@delchain={0x24, 0x65, 0x400, 0x70bd29, 0x25dfdbfc, {0x0, 0x0, 0x0, 0x0, {0x509d884560ba1ba6, 0x3}, {}, {0x8, 0x10}}}, 0x24}}, 0x10)
sendmsg$TEAM_CMD_OPTIONS_SET(0xffffffffffffffff, &(0x7f0000004bc0)={0x0, 0x0, &(0x7f0000004b80)={&(0x7f0000000100)=ANY=[@ANYBLOB="60b80000", @ANYRES16, @ANYBLOB="050427bd7000fedbdf250100000008000100", @ANYRES32, @ANYBLOB="4400028040000100240001006d6f6465000000000000000000000000000000000000000000000000000000000500030005"], 0x60}, 0x1, 0x0, 0x0, 0x4000401}, 0x4040084)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000100)=@newqdisc={0x34, 0x24, 0x1, 0x80000000, 0x4, {0x0, 0x0, 0x0, 0x0, {0x8, 0x3}, {0xa, 0xffe0}, {0xfff1, 0x9}}, [@qdisc_kind_options=@q_fq_pie={{0xb}, {0x4, 0x8002}}]}, 0x34}}, 0x20004055)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000080)={0x0, 0x48}, 0x1, 0x0, 0x0, 0x10}, 0x0)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)=ANY=[@ANYBLOB="500000001000010425bbe5ad600027842cf52300", @ANYRES32=0x0, @ANYBLOB="0300000000000000280012800a00010076786c616e00"], 0x50}, 0x1, 0x0, 0x0, 0x13d33d22cca65c15}, 0x4008840)
r0 = socket$netlink(0x10, 0x3, 0x0)
sendmmsg(r0, &(0x7f00000002c0), 0x40000000000009f, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000100)=@newqdisc={0x3c, 0x24, 0x4, 0xc0000000, 0x0, {0x0, 0x0, 0x0, 0x0, {0x3, 0x3}, {0xa, 0xe}, {0x0, 0x9}}, [@qdisc_kind_options=@q_fq_pie={{0xb}, {0xc, 0x8002, [@TCA_FQ_PIE_FLOWS={0x8, 0x2, 0xe7e7}]}}]}, 0x3c}}, 0x20004015)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)=ANY=[@ANYBLOB="500000001000010425bbe5ad600027842cf52300", @ANYRES32=0x0, @ANYBLOB="0300000000000000280012800a00010076786c616e00"], 0x50}, 0x1, 0x0, 0x0, 0x13d33d22cca65c15}, 0x4008840)
syz_mount_image$ext4(&(0x7f0000000140)='ext4\x00', &(0x7f0000000000)='./file0\x00', 0x22004006, &(0x7f00000010c0)={[{@jqfmt_vfsold}, {@nouid32}, {@nobh}, {@stripe={'stripe', 0x3d, 0xffff}}, {@block_validity}, {@grpjquota, 0x22}], [], 0x2}, 0xc4, 0x46f, &(0x7f0000000940)="$eJzs3EtvG0UcAPD/rpv0RR6U8ugDaiiIiELSpAUqxAUEUi9ISHCAY0hDFZq2qAkSrSpaECpHxCcAjkh8Ak5wQcAJxBXuCKlCvVA4IKO1d4kT28Gx67qpfz9p45l9eOa/uxPP7ngdwMAqZ3+SiEpE/BIRY7Xs6hXKtZfr1y7O/XXt4lwSlcorfyTV9f68dnGuWLXYbmeemUgj0g+T2Nek3KXzF07NLi7On8vzU8un355aOn/hiYXTsyfnT86fmTl27OiR6aefmnnyhsQ5ktV173tn9+85/vonL81V4o3vv8zqe0e+vD6OmvGuyyxHefW+rBqu/n2k63e/tYzUpZMtfawIG1KKiOxwDVXb/1iUYuXgjcWLH/S1ckBPVSqVytaGuaUicbkC3MaS6HcNgP4oPuiz699iuondj767+lztAiiL+3o+1ZZsiTR72Va7Yh/pUfnliHjt8t+fZlM0vQ/R3LYe1QcAuP19nfV/Hm/W/xtN7qlbbzQfGxqPiEMRsSsi7oqI3RFxd0Rk694bEfdtsPzymnxj/+en7R0F1qas//dsPra1uv+XFquMl/LcSDX+oeTNhcX5w/k+mYihrVl+ep0yvnnh549bLavv/2VTVn7RF8zr8fuWNTfoTswuz3YTc71nFmqvjfGv3BdIImJPROzt4P2zfbbw2Bf7s/Tozsbl/x//Om7AOFPl84hHa/FfjjXxF5JaSa3GJ6e2xeL84anirGj0w49XXq7PD9Wlu4r/Brj6fsSOFse/qmgGxXjt0sbLuPLrRy2vaTo9/4eTV6vp4Xzeu7PLy+emI4bzGavmz6xsW+SL9bP4Jw42i3802RXxz2f5dvsiIjuJ74+IByLiQF73ByPioYg4uE783z3/8Fvr76H+Hv8T6x3/iPGkfry+g0Tp1LdftSq/veN/tJqayOe08/+v3Qp2s+8AAABgs0ir34FP0sn/0mk6OVn7Dv/u2JEunl1aPlSOd86cqH1XfjyG0uJO11jd/dDp/N5wkZ9Zkz8SEXdW7yhur+Yn584u9mpMHWjPzhbtP/Nbqd+1A3puQ+NojU+0AZuY5zVhcGn/MLi0fxhc2j8Mrmbt/1LE9T5UBbjJfP7D4NL+YXBp/zC4tH8YSI2PxBc/t9LJk/4riV3Hu9p8gBKlHr1z1P9oRw8SkfZ913WeSG+FahzIE1sjot2tLvX0mK49fwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADa/fwMAAP//GCvoLw==")
r1 = socket$netlink(0x10, 0x3, 0x0)
sendmmsg(r1, &(0x7f00000002c0), 0x40000000000009f, 0xe0)

3m1.084055168s ago: executing program 33 (id=505):
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000240)=@delchain={0x24, 0x65, 0x400, 0x70bd29, 0x25dfdbfc, {0x0, 0x0, 0x0, 0x0, {0x509d884560ba1ba6, 0x3}, {}, {0x8, 0x10}}}, 0x24}}, 0x10)
sendmsg$TEAM_CMD_OPTIONS_SET(0xffffffffffffffff, &(0x7f0000004bc0)={0x0, 0x0, &(0x7f0000004b80)={&(0x7f0000000100)=ANY=[@ANYBLOB="60b80000", @ANYRES16, @ANYBLOB="050427bd7000fedbdf250100000008000100", @ANYRES32, @ANYBLOB="4400028040000100240001006d6f6465000000000000000000000000000000000000000000000000000000000500030005"], 0x60}, 0x1, 0x0, 0x0, 0x4000401}, 0x4040084)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000100)=@newqdisc={0x34, 0x24, 0x1, 0x80000000, 0x4, {0x0, 0x0, 0x0, 0x0, {0x8, 0x3}, {0xa, 0xffe0}, {0xfff1, 0x9}}, [@qdisc_kind_options=@q_fq_pie={{0xb}, {0x4, 0x8002}}]}, 0x34}}, 0x20004055)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000080)={0x0, 0x48}, 0x1, 0x0, 0x0, 0x10}, 0x0)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)=ANY=[@ANYBLOB="500000001000010425bbe5ad600027842cf52300", @ANYRES32=0x0, @ANYBLOB="0300000000000000280012800a00010076786c616e00"], 0x50}, 0x1, 0x0, 0x0, 0x13d33d22cca65c15}, 0x4008840)
r0 = socket$netlink(0x10, 0x3, 0x0)
sendmmsg(r0, &(0x7f00000002c0), 0x40000000000009f, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000100)=@newqdisc={0x3c, 0x24, 0x4, 0xc0000000, 0x0, {0x0, 0x0, 0x0, 0x0, {0x3, 0x3}, {0xa, 0xe}, {0x0, 0x9}}, [@qdisc_kind_options=@q_fq_pie={{0xb}, {0xc, 0x8002, [@TCA_FQ_PIE_FLOWS={0x8, 0x2, 0xe7e7}]}}]}, 0x3c}}, 0x20004015)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)=ANY=[@ANYBLOB="500000001000010425bbe5ad600027842cf52300", @ANYRES32=0x0, @ANYBLOB="0300000000000000280012800a00010076786c616e00"], 0x50}, 0x1, 0x0, 0x0, 0x13d33d22cca65c15}, 0x4008840)
syz_mount_image$ext4(&(0x7f0000000140)='ext4\x00', &(0x7f0000000000)='./file0\x00', 0x22004006, &(0x7f00000010c0)={[{@jqfmt_vfsold}, {@nouid32}, {@nobh}, {@stripe={'stripe', 0x3d, 0xffff}}, {@block_validity}, {@grpjquota, 0x22}], [], 0x2}, 0xc4, 0x46f, &(0x7f0000000940)="$eJzs3EtvG0UcAPD/rpv0RR6U8ugDaiiIiELSpAUqxAUEUi9ISHCAY0hDFZq2qAkSrSpaECpHxCcAjkh8Ak5wQcAJxBXuCKlCvVA4IKO1d4kT28Gx67qpfz9p45l9eOa/uxPP7ngdwMAqZ3+SiEpE/BIRY7Xs6hXKtZfr1y7O/XXt4lwSlcorfyTV9f68dnGuWLXYbmeemUgj0g+T2Nek3KXzF07NLi7On8vzU8un355aOn/hiYXTsyfnT86fmTl27OiR6aefmnnyhsQ5ktV173tn9+85/vonL81V4o3vv8zqe0e+vD6OmvGuyyxHefW+rBqu/n2k63e/tYzUpZMtfawIG1KKiOxwDVXb/1iUYuXgjcWLH/S1ckBPVSqVytaGuaUicbkC3MaS6HcNgP4oPuiz699iuondj767+lztAiiL+3o+1ZZsiTR72Va7Yh/pUfnliHjt8t+fZlM0vQ/R3LYe1QcAuP19nfV/Hm/W/xtN7qlbbzQfGxqPiEMRsSsi7oqI3RFxd0Rk694bEfdtsPzymnxj/+en7R0F1qas//dsPra1uv+XFquMl/LcSDX+oeTNhcX5w/k+mYihrVl+ep0yvnnh549bLavv/2VTVn7RF8zr8fuWNTfoTswuz3YTc71nFmqvjfGv3BdIImJPROzt4P2zfbbw2Bf7s/Tozsbl/x//Om7AOFPl84hHa/FfjjXxF5JaSa3GJ6e2xeL84anirGj0w49XXq7PD9Wlu4r/Brj6fsSOFse/qmgGxXjt0sbLuPLrRy2vaTo9/4eTV6vp4Xzeu7PLy+emI4bzGavmz6xsW+SL9bP4Jw42i3802RXxz2f5dvsiIjuJ74+IByLiQF73ByPioYg4uE783z3/8Fvr76H+Hv8T6x3/iPGkfry+g0Tp1LdftSq/veN/tJqayOe08/+v3Qp2s+8AAABgs0ir34FP0sn/0mk6OVn7Dv/u2JEunl1aPlSOd86cqH1XfjyG0uJO11jd/dDp/N5wkZ9Zkz8SEXdW7yhur+Yn584u9mpMHWjPzhbtP/Nbqd+1A3puQ+NojU+0AZuY5zVhcGn/MLi0fxhc2j8Mrmbt/1LE9T5UBbjJfP7D4NL+YXBp/zC4tH8YSI2PxBc/t9LJk/4riV3Hu9p8gBKlHr1z1P9oRw8SkfZ913WeSG+FahzIE1sjot2tLvX0mK49fwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADa/fwMAAP//GCvoLw==")
r1 = socket$netlink(0x10, 0x3, 0x0)
sendmmsg(r1, &(0x7f00000002c0), 0x40000000000009f, 0xe0)

11.393616415s ago: executing program 1 (id=1136):
syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r0 = openat$vmci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0)
r1 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$inet_tcp_int(r1, 0x6, 0x210000000013, &(0x7f00000000c0)=0x100000001, 0x4)
setsockopt$inet_tcp_int(r1, 0x6, 0x18, &(0x7f0000000080)=0x80000049, 0x4)
r2 = add_key$user(&(0x7f00000000c0), &(0x7f0000002180)={'syz', 0x1}, &(0x7f0000000080)='\x00', 0x1, 0xfffffffffffffffe)
sendmsg$BATADV_CMD_GET_MCAST_FLAGS(0xffffffffffffffff, &(0x7f00000008c0)={&(0x7f0000000500)={0x10, 0x0, 0x0, 0x80000000}, 0xc, &(0x7f00000005c0)={&(0x7f0000000580)={0x14, 0x0, 0x2, 0x70bd26, 0x25dfdbfb}, 0x14}, 0x1, 0x0, 0x0, 0x4002}, 0x8004)
r3 = add_key$user(&(0x7f0000000040), &(0x7f0000002340)={'syz', 0x3}, &(0x7f0000000400)="370c099069effa43de3e1404db2316447c1b13403656c86711f6e750026f23029a50d44299c7bf5c78dc5efae2d041016160e8bef7b398aa9572540dd950307987eef2115e1bcb512bea3410ca5a9e9f827e4b13490dbbd45fc37bcd8c5527e7119bdb3043a34efc5a45e0738b959acafd2c12863045265bcbc2c1426ac3f614746b436fe86a72dc642dd67d970604a69b4f22cd00060000008056ab4bea4c825b69a7a7040000008684872b1bb9ebe0982c1bf5497091f038122d4aae27f84f", 0xc0, 0xffffffffffffffff)
keyctl$dh_compute(0x17, &(0x7f0000000200)={r3, r3, r2}, 0x0, 0x0, &(0x7f00000003c0)={&(0x7f0000000340)={'sha256\x00'}})
getsockopt$inet_tcp_int(r1, 0x6, 0x18, 0x0, &(0x7f0000000040))
ioctl$IOCTL_VMCI_VERSION2(r0, 0x7a7, &(0x7f0000000000)=0x10000)
ioctl$IOCTL_VMCI_INIT_CONTEXT(r0, 0x7a0, &(0x7f0000000100)={@local})
ioctl$IOCTL_VMCI_CTX_SET_CPT_STATE(r0, 0x7b2, &(0x7f0000001680)={0x0, 0x3, 0xff3e})

10.457765835s ago: executing program 1 (id=1140):
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x7, &(0x7f0000000240)={0x1, &(0x7f0000000000)=[{0x6, 0x85, 0x7, 0x7ffc0001}]})
rseq(0x0, 0x0, 0x0, 0x0)
madvise(&(0x7f0000000000/0x600000)=nil, 0xffffffffdfffffff, 0xb)
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
write$P9_RWSTAT(0xffffffffffffffff, &(0x7f0000000140)={0x7, 0x7f, 0x1}, 0x7)
prctl$PR_SET_MM_MAP(0x23, 0xe, 0x0, 0x0)
bind$inet(r0, &(0x7f0000000000)={0x2, 0x4e21, @broadcast}, 0x2f)
connect$inet(r0, &(0x7f0000000180)={0x2, 0x4e21, @dev={0xac, 0x14, 0x14, 0x1b}}, 0x10)
syz_open_dev$loop(0x0, 0x3, 0x40000)
syz_open_dev$loop(0x0, 0x3f, 0x200000)
sendto$inet(r0, &(0x7f0000000000), 0xffffffffffffff94, 0x0, 0x0, 0x0)
setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000380)='yeah', 0x4)
recvfrom$inet(r0, &(0x7f0000000080)=""/8, 0xfffffffffffffd0b, 0x720, 0x0, 0xfffffffffffffd25)

9.528056304s ago: executing program 1 (id=1144):
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
listen(r0, 0x0)
io_setup(0x5, &(0x7f0000000140)=<r1=>0x0)
r2 = eventfd2(0x0, 0x0)
io_submit(r1, 0x1, &(0x7f0000000280)=[&(0x7f0000000000)={0x1802, 0x0, 0x0, 0x5, 0x0, r0, 0x0, 0x0, 0x0, 0x0, 0x1, r2}])
r3 = socket$inet6_udp(0xa, 0x2, 0x0)
sendmmsg$inet6(r3, &(0x7f0000004580)=[{{&(0x7f0000000a00)={0xa, 0x4e20, 0x7992, @ipv4={'\x00', '\xff\xff', @multicast1}, 0x8}, 0x1c, 0x0, 0x0, &(0x7f0000000600)=ANY=[@ANYBLOB="2400000000000000290000003200000000000000000000000000ffff00000000", @ANYRES32=r3, @ANYBLOB='\x00\x00\x00\x00$'], 0x50}}], 0x1, 0x10)
ppoll(&(0x7f00000000c0)=[{r2, 0x75c1}, {r0, 0x6390}], 0x2, 0x0, 0x0, 0x0)
shutdown(r0, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000180)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
setsockopt$SO_ATTACH_FILTER(r5, 0x1, 0x1a, &(0x7f0000000000)={0x3, &(0x7f0000000100)=[{0x50, 0x24, 0x0, 0x47}, {0x20, 0x7f, 0x2, 0xfffff034}, {0x6, 0xfc, 0x3, 0xa9d}]}, 0x10)
write$binfmt_aout(0xffffffffffffffff, &(0x7f00000001c0)={{0xcc, 0x18, 0xd, 0x9f, 0xc, 0x2, 0x1a9, 0x1}, "7163e1b4f8a7739f80cd76f1662d1d5be33731d636d7dae300051fac13c525bbd06db45e53928df2eefbb5f8674b306de532df6cdcd12d2b36cfadc6be607237c6ee94312c81ea665735fda7e0386ca63b51c9a370e70231fd3e43aa4f2b3252353c325b3e3b13390ec38269885e76079de4935c18dcae64e35f05ff9b4fa03d825733ae00b7e1904d7a7892702efa42adf21a8cc099fef909eeef5afca0d63d6c4b22d5d7d61bfe9b90a683b5f4ae4f1856da794b0514794d00631226351e2246901097413383dcf453684a42c5dd2181ca75a7e79dadb30355b7e337f0f92af4c80b48ce4b781e84a384a49396d35ecedc"}, 0x112)
write$binfmt_aout(r4, &(0x7f0000000000)=ANY=[], 0xfdef)

8.750924228s ago: executing program 2 (id=1146):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x7, 0x100}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
r3 = socket$inet_sctp(0x2, 0x1, 0x84)
getsockopt$inet_sctp_SCTP_GET_PEER_ADDR_INFO(r3, 0x84, 0xf, &(0x7f0000000040)={<r4=>0x0, @in6={{0xa, 0x4e22, 0x9, @dev={0xfe, 0x80, '\x00', 0x42}, 0xfff}}, 0x3, 0xee, 0xb90e, 0x0, 0xff}, &(0x7f0000000100)=0x98)
setsockopt$inet_sctp_SCTP_MAXSEG(r3, 0x84, 0xd, &(0x7f0000000180)=@assoc_id=r4, 0x4)

8.544054174s ago: executing program 3 (id=1148):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x102}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs={0x0, 0x0, 0xfffffffe}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
r3 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r3, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000240)=ANY=[@ANYBLOB="14000000100001000000000000fffd000500000a28000000000a030000000000000000000a00000708000240000000020900010073797a31000000002c000000030a010100000000000000000a0000070900010073797a31000000000900030073797a320000000014000000110001"], 0x7c}, 0x1, 0x0, 0x0, 0x4000}, 0x0)
sendmsg$NFT_BATCH(r3, &(0x7f0000009b40)={0x0, 0x0, &(0x7f0000009b00)={&(0x7f00000003c0)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a3c000000090a010400000000000000000a0000040900010073797a310000000008000540000000020900020073797a310000000008000a40fffffffc980000000c0a010100000000000000000a0000060900020073797a31000000000900010073797a31000000006c0003806800008008000340000000025c000b802c0001800a0001006c696d69740000001c0002800c00024000000000000000030c00014000000000000100002c0001800a0001006c696d69740000001c0002800c00024000000000800000000c0001400000000000000008"], 0xfc}, 0x1, 0x0, 0x0, 0x4000850}, 0x844)

7.750122649s ago: executing program 4 (id=1150):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x7, 0x100}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x1, &(0x7f00000000c0)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
sendmsg$unix(r3, &(0x7f0000000d80)={0x0, 0x0, &(0x7f0000000380)=[{&(0x7f0000000080)="03", 0x1}], 0x1, &(0x7f0000000280)=ANY=[@ANYBLOB="14000000000000000100000001"], 0x18}, 0x0)
recvmmsg(r4, &(0x7f0000001140), 0x700, 0x2, 0x0)

7.742425129s ago: executing program 1 (id=1151):
r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f00000000c0)={0x73622a85, 0x110b, 0x8000000000002})
r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000200)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000080)={0x8, 0x0, &(0x7f0000000500)=[@increfs], 0x0, 0x0, 0x0})
r2 = dup3(r1, r0, 0x0)
r3 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000000)='./binderfs/binder0\x00', 0x800, 0x0)
mmap$binder(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x1, 0x11, r3, 0x10000000000)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r3, 0x4018620d, &(0x7f0000000040)={0x73622a85, 0x10a})
ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f00000003c0)={0x8, 0x0, &(0x7f0000000340)=[@acquire], 0x0, 0x0, 0x0})
mmap$fb(&(0x7f0000ff9000/0x4000)=nil, 0x4000, 0x0, 0x13, r2, 0xd8000)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f00000001c0)={0x4c, 0x0, &(0x7f0000000100)=[@transaction_sg={0x40486311, {0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x1000}], 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(r3, 0xc0306201, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x50, 0x0, &(0x7f0000000440)="97713b46fbaa2b1044f2d408ffca802db4d770eb9874f493e0ef367e4bde497c403b450c72ff2417d079bb892435a1e107fa5c0ecd207d9e6f2a209bf148e6bc56955cb53347d1499097488fcad724a1"})
ioctl$BINDER_WRITE_READ(r3, 0xc0306201, &(0x7f00000002c0)={0x44, 0x0, &(0x7f0000000600)=[@reply={0x40406301, {0x2, 0x0, 0x0, 0x0, 0x21, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0})

7.7357645s ago: executing program 2 (id=1152):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x1, &(0x7f0000000200)=0x7)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000340)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f0000000180)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
shmctl$IPC_RMID(0x0, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x5)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
r4 = syz_genetlink_get_family_id$gtp(&(0x7f0000002700), r3)
sendmsg$GTP_CMD_GETPDP(r3, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000002840)={&(0x7f00000027c0)={0x14, r4, 0x301, 0x70bd25, 0x25dfdbfe, {0x2, 0x0, 0xa6ff}}, 0x14}, 0x1, 0x0, 0x0, 0x20000000}, 0x24008040)

7.652319772s ago: executing program 1 (id=1153):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0/file0\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
madvise(&(0x7f0000c00000/0x400000)=nil, 0x400000, 0xe)
mlock(&(0x7f0000c00000/0x400000)=nil, 0x400000)
mremap(&(0x7f0000ffc000/0x2000)=nil, 0x2000, 0x2000, 0x7, &(0x7f0000fff000/0x1000)=nil)
madvise(&(0x7f0000f0f000/0x2000)=nil, 0x2000, 0x15)

6.661447743s ago: executing program 3 (id=1154):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0xa, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r0 = getpid()
sched_setscheduler(r0, 0x1, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0xfec8d000)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f0000000400)=@abs={0x0, 0x0, 0x4e24}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r3 = socket$kcm(0x29, 0x2, 0x0)
r4 = memfd_create(&(0x7f00000003c0)='e\xf4b\x88-\x05', 0x0)
pwritev(r4, &(0x7f0000000180)=[{&(0x7f0000000700)="1a", 0x1}], 0x1, 0x1000000, 0x0)
sendfile(r3, r4, 0x0, 0x8000fb00)

6.552324486s ago: executing program 4 (id=1156):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x9, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000380)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r3 = socket(0x28, 0x801, 0x0)
connect$vsock_stream(r3, &(0x7f0000000880)={0x28, 0x0, 0x0, @local}, 0x10)
shutdown(r3, 0x1)
connect$inet(r3, 0x0, 0x0)

6.552163786s ago: executing program 2 (id=1164):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x7, 0x100}, 0x0)
r0 = getpid()
sched_setscheduler(r0, 0x1, &(0x7f0000000200)=0x7)
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000c80)={'lo\x00'})
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
mremap(&(0x7f00007ff000/0x4000)=nil, 0x4000, 0x4000, 0x3, &(0x7f0000580000/0x4000)=nil)
mremap(&(0x7f0000580000/0x4000)=nil, 0x4000, 0x2000, 0x3, &(0x7f00007ff000/0x2000)=nil)

5.691099213s ago: executing program 6 (id=1157):
syz_genetlink_get_family_id$ethtool(0x0, 0xffffffffffffffff)
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x8, 0x0)
socket$nl_netfilter(0x10, 0x3, 0xc)
socketpair$unix(0x1, 0x3, 0x0, 0x0)
connect$unix(0xffffffffffffffff, 0x0, 0x0)
sendmmsg$unix(0xffffffffffffffff, 0x0, 0x0, 0x0)
recvmmsg(0xffffffffffffffff, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setattr(0x0, 0x0, 0x0)
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
bind$netlink(r0, &(0x7f0000000000)={0x10, 0x0, 0x0, 0x80065c9}, 0xc)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r1, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000002c0)=ANY=[@ANYBLOB="140000001000010000000000000000000100000a20000000000a01040000000000000000010080030900010073797a30000000002c000000030a01010000000000000000010000000900010073797a30000000000900030073797a3201000000a4000000060a010400000000000000000100000008000b40000000007c000480340001800b000100657874686472000024000280080001400000000c080003400000000008000440000000220500020007000000440001800c0001006269747769736500340002800800034000000004080001400000001408000240000000120c0005800800010088634d580c000480080001006eee7e000900010073797a300000000014000000110001"], 0x118}}, 0x2)

3.648342217s ago: executing program 4 (id=1158):
bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x48)
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000180)={'syz_tun\x00', <r1=>0x0})
r2 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=ANY=[], 0x48)
bind$xdp(0xffffffffffffffff, &(0x7f00000001c0)={0x2c, 0x2, r1, 0x35}, 0x10)
r3 = bpf$MAP_CREATE(0x0, &(0x7f0000000b80)=ANY=[@ANYBLOB="19000000040000000800000008"], 0x50)
r4 = bpf$PROG_LOAD(0x5, &(0x7f00000018c0)={0x6, 0x10, &(0x7f0000000280)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b702000002000000850000008600000018110000", @ANYRES32=r3, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bca2000000000000a6020000f8ffffffb703000008000000b704000000000000850000003300000095"], &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @xdp, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r5 = socket$inet6_tcp(0xa, 0x1, 0x0)
ioctl$ifreq_SIOCGIFINDEX_team(r5, 0x8933, &(0x7f0000000000))
bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000140)={r3, &(0x7f0000000000), &(0x7f0000000080)=@tcp6=r5, 0x2}, 0x20)
bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f0000000300)={r4, r1, 0x25, 0x0, @val=@tcx={@void, @value=r4}}, 0x1c)
bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000340)={r3, &(0x7f00000001c0), &(0x7f0000000040)=@tcp=r0}, 0x20)
syz_emit_ethernet(0x2dc2d, &(0x7f0000000300)=ANY=[], 0x0)

3.647631887s ago: executing program 3 (id=1159):
r0 = fsopen(&(0x7f0000000180)='proc\x00', 0x1)
fsconfig$FSCONFIG_CMD_CREATE(r0, 0x6, 0x0, 0x0, 0x0)
r1 = fsmount(r0, 0x0, 0x1)
r2 = gettid()
timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r2}, &(0x7f0000bbdffc))
fcntl$lock(0xffffffffffffffff, 0x6, &(0x7f0000000040)={0x0, 0x0, 0x10005, 0x5, r2})
mprotect(&(0x7f0000000000/0xf000)=nil, 0xf000, 0x1)
timer_settime(0x0, 0x1, &(0x7f0000000040)={{}, {0x0, 0x989680}}, 0x0)
mmap(&(0x7f0000000000/0x200000)=nil, 0x200000, 0x300000b, 0x204031, 0xffffffffffffffff, 0xec776000)
fchdir(r1)
r3 = openat$dir(0xffffffffffffff9c, &(0x7f0000000580)='.\x00', 0x8880, 0x85)
lseek(r3, 0x100, 0x0)
getdents(r3, &(0x7f0000000080)=""/195, 0xc3)

3.616291468s ago: executing program 6 (id=1160):
prlimit64(0x0, 0xe, &(0x7f0000000240)={0x8, 0x248}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = socket$tipc(0x1e, 0x5, 0x0)
bind$tipc(r0, &(0x7f0000000200)=@nameseq={0x1e, 0x1, 0x3, {0x42}}, 0x10)
r1 = socket$tipc(0x1e, 0x5, 0x0)
bind$tipc(r0, &(0x7f0000000100)=@name={0x1e, 0x2, 0x3, {{0x42}, 0x4}}, 0x10)
bind$tipc(r1, &(0x7f0000000200)=@nameseq={0x1e, 0x1, 0x0, {0x42, 0x0, 0xfffffffd}}, 0x10)
bind$tipc(r1, &(0x7f0000000000)=@nameseq={0x1e, 0x1, 0x0, {0x42, 0x0, 0x2}}, 0x10)
r2 = socket$tipc(0x1e, 0x5, 0x0)
bind$tipc(r2, &(0x7f00000000c0)=@nameseq={0x1e, 0x1, 0x0, {0x42}}, 0x10)
setsockopt$TIPC_GROUP_JOIN(r0, 0x10f, 0x87, &(0x7f0000000140)={0x41, 0x1}, 0x10)
bind$tipc(r0, 0x0, 0x0)
close(r0)

3.484097192s ago: executing program 3 (id=1161):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
r3 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000240)={0x2, 0x4, 0x8, 0x1, 0x80, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48)
r4 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000180)=ANY=[@ANYBLOB="1b0000000000000000000000000004"], 0x2f)
bpf$PROG_LOAD(0x5, &(0x7f0000000840)={0x15, 0x1c, &(0x7f0000000000)=@ringbuf={{0x18, 0x8}, {{0x18, 0x1, 0x1, 0x0, r4}, {}, {0x7, 0x0, 0xb, 0x6, 0x0, 0x0, 0x5}, {0x85, 0x0, 0x0, 0x5}}, {{0x5, 0x0, 0x3}}, [@snprintf={{0x7, 0x0, 0xb, 0x2}, {0x3, 0x3, 0x3, 0xa, 0x9}, {0x5, 0x0, 0x6, 0x9}, {0x3, 0x3, 0x3, 0xa, 0xa}, {0x5, 0x1, 0xa, 0x9, 0x9}, {0x7, 0x0, 0x0, 0x8}, {}, {}, {0x7, 0x0, 0xc}, {0x18, 0x6, 0x2, 0x0, r3}, {}, {0x46, 0x8, 0xfff0, 0x76}}], {{0x7, 0x1, 0xb, 0x8}, {0x6, 0x0, 0x5, 0x8}, {0x85, 0x0, 0x0, 0x7}}}, &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sk_reuseport, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)

3.423408724s ago: executing program 6 (id=1162):
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
listen(r0, 0x0)
io_setup(0x5, &(0x7f0000000140)=<r1=>0x0)
r2 = eventfd2(0x0, 0x0)
io_submit(r1, 0x1, &(0x7f0000000280)=[&(0x7f0000000000)={0x1802, 0x0, 0x0, 0x5, 0x0, r0, 0x0, 0x0, 0x0, 0x0, 0x1, r2}])
r3 = socket$inet6_udp(0xa, 0x2, 0x0)
sendmmsg$inet6(r3, &(0x7f0000004580)=[{{&(0x7f0000000a00)={0xa, 0x4e20, 0x7992, @ipv4={'\x00', '\xff\xff', @multicast1}, 0x8}, 0x1c, 0x0, 0x0, &(0x7f0000000600)=ANY=[@ANYBLOB="2400000000000000290000003200000000000000000000000000ffff00000000", @ANYRES32=r3, @ANYBLOB='\x00\x00\x00\x00$'], 0x50}}], 0x1, 0x10)
ppoll(&(0x7f00000000c0)=[{r2, 0x75c1}, {r0, 0x6390}], 0x2, 0x0, 0x0, 0x0)
shutdown(r0, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000180)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
setsockopt$SO_ATTACH_FILTER(r5, 0x1, 0x1a, &(0x7f0000000000)={0x3, &(0x7f0000000100)=[{0x50, 0x24, 0x0, 0x47}, {0x20, 0x7f, 0x2, 0xfffff034}, {0x6, 0xfc, 0x3, 0xa9d}]}, 0x10)
write$binfmt_aout(0xffffffffffffffff, &(0x7f00000001c0)={{0xcc, 0x18, 0xd, 0x9f, 0xc, 0x2, 0x1a9, 0x1}, "7163e1b4f8a7739f80cd76f1662d1d5be33731d636d7dae300051fac13c525bbd06db45e53928df2eefbb5f8674b306de532df6cdcd12d2b36cfadc6be607237c6ee94312c81ea665735fda7e0386ca63b51c9a370e70231fd3e43aa4f2b3252353c325b3e3b13390ec38269885e76079de4935c18dcae64e35f05ff9b4fa03d825733ae00b7e1904d7a7892702efa42adf21a8cc099fef909eeef5afca0d63d6c4b22d5d7d61bfe9b90a683b5f4ae4f1856da794b0514794d00631226351e2246901097413383dcf453684a42c5dd2181ca75a7e79dadb30355b7e337f0f92af4c80b48ce4b781e84a384a49396d35ecedc"}, 0x112)
write$binfmt_aout(r4, &(0x7f0000000000)=ANY=[], 0xfdef)

3.353275686s ago: executing program 2 (id=1163):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x89}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x1, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
r3 = socket$kcm(0x10, 0x400000002, 0x0)
write$cgroup_subtree(r3, &(0x7f00000003c0)=ANY=[@ANYBLOB="0007000042009103"], 0xfe33)
recvmsg(r3, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000700)=[{&(0x7f0000004580)=""/4081, 0xff1}], 0x1}, 0x10100)

2.774752004s ago: executing program 4 (id=1165):
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={0x0}}, 0x0)
r0 = socket$netlink(0x10, 0x3, 0x8000000004)
writev(r0, &(0x7f0000001200)=[{&(0x7f0000000080)="580000001400add427323b472545b45602117fffffff81004e230e227f000001925aa80020007b00090080007f000001e809000000ff0000f03ac71002000000ffffffffffffffffffe7ee00000000000000000200000000", 0x58}], 0x1)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000100)=ANY=[@ANYRESHEX=0x0], 0xc3}, 0x1, 0x100000000000000, 0x0, 0x4014040}, 0x0)
r1 = socket(0x10, 0x3, 0x0)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000780)={&(0x7f00000008c0)=ANY=[@ANYBLOB="380000001800010000000000000000000200140000000009000c0000060015000400000014001680100008800c000380"], 0x38}}, 0x0)
r2 = socket$packet(0x11, 0x3, 0x300)
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000200)={'erspan0\x00'})
r3 = socket$inet_tcp(0x2, 0x1, 0x0)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCBRDELBR(r4, 0x89a2, &(0x7f0000000200)='bridge0\x00')
ioctl$sock_SIOCBRDELBR(r3, 0x89a3, &(0x7f0000000200)='bridge0\x00')
sendmmsg(r1, &(0x7f0000000000), 0x4000000000001f2, 0x0)

2.652691918s ago: executing program 6 (id=1166):
bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x1, 0x5, 0x0, 0x0}, 0x94)
sendmsg$inet(0xffffffffffffffff, &(0x7f0000000fc0)={&(0x7f0000000000)={0x2, 0x4001, @remote}, 0x10, 0x0}, 0x20000811)
r0 = socket$kcm(0x29, 0x2, 0x0)
socket$kcm(0x2, 0x1, 0x0)
sendmsg$NL80211_CMD_SET_WDS_PEER(0xffffffffffffffff, &(0x7f0000000740)={&(0x7f00000002c0)={0x10, 0x0, 0x0, 0x800}, 0xc, &(0x7f0000000640)={&(0x7f00000005c0)={0x20, 0x0, 0x20, 0x70bd2c, 0x25dfdbff, {{}, {@void, @void}}, [@NL80211_ATTR_MAC={0xa}]}, 0x20}, 0x1, 0x0, 0x0, 0x20060004}, 0x40080b4)
ioctl$sock_kcm_SIOCKCMUNATTACH(r0, 0x89e1, 0x0)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r1, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000000c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0)
sendmsg$NFT_BATCH(r1, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000880)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a3c000000120a09000000000000000000020000000900020073794f310000000008000440080000000900010073797a3000000000080003400000000114000000110001"], 0x64}, 0x1, 0x0, 0x0, 0x814}, 0x0)
r2 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r2, 0x0, 0x0)
sendmsg$NFT_BATCH(r2, &(0x7f00000001c0)={0x0, 0x0, &(0x7f00000004c0)={&(0x7f0000000540)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a5c000000180a0500000000000000000002000000300003802c00038004000100776732000000000000000000000000001400010076657468315f746f5f627269646765000900020073797a30000000000900010073797a30"], 0x84}, 0x1, 0x0, 0x0, 0x40000}, 0x20008000)
sendmsg$NFT_MSG_GETOBJ(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000400)=ANY=[@ANYBLOB="34000000150a03f50000000000000000020000000900020073797a31000000000800034000000001"], 0x34}, 0x1, 0x0, 0x0, 0x66df5cfbe53006f1}, 0x0)

2.479011793s ago: executing program 4 (id=1167):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
r0 = getpid()
sched_setscheduler(r0, 0x1, &(0x7f0000000100)=0x5)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000001480)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f00000004c0)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setparam(r0, &(0x7f00000006c0)=0x4)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
r3 = socket$inet(0x2, 0x4000000000000001, 0x0)
setsockopt$IPT_SO_SET_REPLACE(r3, 0x0, 0x40, &(0x7f0000000140)=@raw={'raw\x00', 0x8, 0x3, 0x498, 0x320, 0xa, 0x148, 0x368, 0x60, 0x400, 0x2a8, 0x2a8, 0x400, 0x2a8, 0x7fffffe, 0x0, {[{{@ip={@multicast2, @multicast2, 0x0, 0x0, 'bridge0\x00', 'rose0\x00'}, 0x0, 0x2f8, 0x368, 0x0, {0x200003ae, 0x7f00}, [@common=@inet=@hashlimit1={{0x58}, {'veth1_to_team\x00', {0x0, 0x0, 0x2, 0x0, 0x0, 0xffffffff, 0x7}}}, @common=@unspec=@bpf1={{0x230, 'bpf\x00', 0x0}, @pinned={0x1, 0x8601, 0x6, './file0\x00'}}]}, @common=@unspec=@NFLOG={0x70, 'NFLOG\x00', 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, "f2f7b9f28413d9d8ad470ad2b60c45cb4ea6e7bf902bdc2ff8a9304d9f655c746adc0bdc773506378bc2d27efd6abb05175089830cc46186074d7de46d5af300"}}}, {{@ip={@empty, @empty, 0x0, 0x0, 'syzkaller0\x00', 'veth0_to_team\x00'}, 0x0, 0x70, 0x98}, @common=@unspec=@MARK={0x28}}], {{'\x00', 0xc8, 0x70, 0x98}, {0x28}}}}, 0x4f8)

2.478710033s ago: executing program 6 (id=1168):
socket$nl_netfilter(0x10, 0x3, 0xc)
socket$inet6_sctp(0xa, 0x5, 0x84)
socket$inet_icmp_raw(0x2, 0x3, 0x1)
r0 = socket$inet(0x2, 0x4000000000000001, 0x0)
bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e23, @local}, 0x10)
setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f00000000c0)='dctcp', 0x5)
sendto$inet(r0, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10)
setsockopt$packet_tx_ring(0xffffffffffffffff, 0x10f, 0x87, &(0x7f0000000440)=@req={0x3fc}, 0x10)
setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000100)='bbr', 0x3)
r1 = socket$nl_route(0x10, 0x3, 0x0)
socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$nl_route(r1, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000001c0)=@newlink={0x28, 0x10, 0x801, 0xfffffffd, 0x8000000, {0x0, 0x0, 0x0, 0x0, 0x0, 0x404a3}, [@IFLA_GROUP={0x8}]}, 0x28}, 0x1, 0x0, 0x0, 0x4040000}, 0x5084)
sendto$inet(r0, &(0x7f0000000300)="8995b3c271bab84f6e841cd28301f2e02519276836b2ab14ba300f39a71758d74d011771db342aa6df71dc54faabe6ccc2dae1fdf17d4c74618af0933c8c800ec3ce49bd4af9b8cf0b15e8ad756f12238f66ee49d20487065dad7cffef082a59ee2b21eb73656d3dc03547888735a17218c20071551f0d51963eca94a593476b25dedb707e7b8ce8b652bc423029d796b484ee048820f540c45770a40a143a1596e1fbc57e45bd84e16556ffb7990bfd000073126510261a98fad73feacc4eb3c3fad519b362e5307e1e79c6b13c4527aa95f952e19f71b11aefb68882d9fa2fec0fbacebffab318cfdcf33eceab48459926966bd946f4fdaaac", 0xffffffffffffff67, 0x4044880, 0x0, 0x0)

2.470691444s ago: executing program 3 (id=1169):
sendmsg$key(0xffffffffffffffff, &(0x7f0000000040)={0x3, 0x0, &(0x7f0000000000)={&(0x7f0000000380)={0x2, 0x3, 0x0, 0x3, 0xc, 0x0, 0x4070bd2c, 0x25dfdbfc, [@sadb_key={0x2, 0x9, 0x43, 0x0, "1c"}, @sadb_address={0x3, 0x6, 0x0, 0x0, 0x0, @in={0x2, 0x4e1e, @initdev={0xac, 0x1e, 0x0, 0x0}}}, @sadb_sa={0x2, 0x1, 0x0, 0x0, 0x0, 0x7, 0xc, 0x80000000}, @sadb_address={0x3, 0x5, 0x0, 0x0, 0x0, @in={0x2, 0x4e22, @dev={0xac, 0x14, 0x14, 0xa}}}]}, 0x60}, 0x1, 0x7}, 0x0)
r0 = socket$kcm(0x2, 0x5, 0x84)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000000c0)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
close(r2)
recvmsg$unix(r1, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x0, &(0x7f00000003c0)=[@rights={{0x14, 0x1, 0x1, [<r3=>0xffffffffffffffff]}}], 0x18}, 0x0)
sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000003c0)={0x14, 0x2e, 0x9, 0x70bd27, 0x0, {0x4}}, 0x14}, 0x1, 0x0, 0x0, 0x42804}, 0x0)
setsockopt$sock_attach_bpf(r0, 0x84, 0x6e, &(0x7f0000000000)=r3, 0x10)
sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, 0x0}, 0x24044441)
r4 = socket$kcm(0x2, 0x5, 0x84)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040)={<r5=>0xffffffffffffffff, <r6=>0xffffffffffffffff})
close(r6)
recvmsg$unix(r5, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x0, &(0x7f00000003c0)=[@rights={{0x14, 0x1, 0x1, [<r7=>0xffffffffffffffff]}}], 0x18}, 0x0)
setsockopt$sock_attach_bpf(r4, 0x84, 0x83, &(0x7f0000000000)=r7, 0x8)

2.371030007s ago: executing program 2 (id=1170):
syz_mount_image$ext4(&(0x7f0000000180)='ext4\x00', &(0x7f0000000000)='./bus\x00', 0x0, &(0x7f0000000240), 0x1, 0x4ff, &(0x7f0000000ac0)="$eJzs3cFvG1kZAPDPTpw4aXaTXfYACHbL7kJBVZ3E3Y1We4DlhBBaCbFHkNqQuFEUO45ipzShh/TMFYlKnODIH8C5J+5cENy4lANSgQjUIHEwmvEkdVO7iZrEzsa/nzSa9+ZN/L3XdN6rvyZ+AQytqxGxGxFjEXE7Iqaz67nsiE/aR3Lf0737S/t795dy0Wp99s9c2p5ci46vSVzJXrMYET/6XsRPcy/GbWzvrC1Wq5XNrD7brG3MNrZ3bqzWFlcqK5X1cnlhfmHuo5sfls9srO/UxrLSVx//cfdbP0+6NZVd6RzHWWoPvXAYJzEaET84j2ADMJKNZ2zQHeGV5CPizYh4N33+p2Mk/W4CAJdZqzUdrenOOgBw2eXTHFguX8pyAVORz5dK7RzeWzGZr9Ybzet36lvry+1c2UwU8ndWq5W5LFc4E4VcUp9Py8/q5SP1mxHxRkT8cnwirZeW6tXlQf7DBwCG2JUj6/9/xtvrPwBwyRUH3QEAoO+s/wAwfKz/ADB8rP8AMHza6//EoLsBAPSR9/8AMHys/wAwVH746afJ0drPPv96+e721lr97o3lSmOtVNtaKi3VNzdKK/X6SvqZPbXjXq9ar2/MfxBb92a+vdFozja2d27V6lvrzVvp53rfqhTSu3b7MDIAoJc33nn0l1yyIn88kR7RsZdDYaA9A85bftAdAAZmZNAdAAbGbl8wvE7xHl96AD7vuuzN202x2y8ItVqt1jl0CeiPa1+S/4dh1ZH/91PAMGTk/2F4yf/D8Gq1cifd8z9OeiMAcLHJ8QM9fgzgzez8u+w/B36yfPSOh+fZKwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAALjYDvb/LWV7gU9FPl8qRbwWETNRyN1ZrVbmIuL1iPjzeGE8qc8PuM8AwGnl/57L9v+6Nv3+1HNNb185LI5FxM9+/dmv7i02m5t/ihjL/Wv84HrzYXa93P/eAwDHO1in03PHG/mne/eXDo5+9ufJdyOi2I6/vzcW+4fxR2M0PRejEBGT/85l9bZcR+7iNHYfRMQXu40/F1NpDqS98+nR+Ens1/oaP/9c/Hza1j4nfxZfOIO+wLB5lMw/n3R7/vJxNT13f/6L6Qx1etn8l7zU0n46Bz6LfzD/jfSY/66eNMYHf/h+uzSRffGz3Z6fPIj48mjEQez9jvnnIH6uR/z3Txj/r195+91eba3fRFyL7vE7Y802axuzje2dG6u1xZXKSmW9XF6YX5j76OaH5dk0Rz3bezX4x8fXX+/Vlox/skf84jHj//oJx//b/93+8ddeEv+b73WLn4+3XhI/WRO/ccL4i5O/L/ZqS+Iv9xj/cd//6yeM//hvOy9sGw4ADE5je2dtsVqtbCooXPxC8lf2AnSja+E7/Yo1Ft2bfvFe+5k+0tRqvVKsXjPGWWTdgIvg8KGPiP8OujMAAAAAAAAAAAAAAEBX/fiNpUGPEQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgMvr/wEAAP//M+fPJQ==")
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
r1 = userfaultfd(0x1)
fcntl$lock(0xffffffffffffffff, 0x6, &(0x7f0000000040)={0x0, 0x0, 0x60d3, 0x5})
timer_create(0x0, &(0x7f00000000c0)={0x0, 0x21, 0x2}, &(0x7f0000000300)=<r2=>0x0)
mprotect(&(0x7f0000000000/0xf000)=nil, 0xf000, 0x1)
timer_settime(r2, 0x1, &(0x7f0000000040)={{}, {0x0, 0x989680}}, 0x0)
mmap(&(0x7f0000000000/0x200000)=nil, 0x200000, 0x300000b, 0x204031, 0xffffffffffffffff, 0xec776000)
ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000000080)={0xaa, 0x79})
ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000000040)={{&(0x7f00000e2000/0xc00000)=nil, 0xc00000}, 0x1})
syz_kvm_setup_syzos_vm$x86(0xffffffffffffffff, &(0x7f0000c00000/0x400000)=nil)

43.716169ms ago: executing program 3 (id=1171):
r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f0000000380)={0x73622a85, 0x100b, 0xffeffffffffffffd})
r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000140)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000080)={0x8, 0x0, &(0x7f0000000400)=[@increfs], 0x0, 0x0, 0x0})
r2 = dup3(r1, r0, 0x0)
r3 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000040)='./binderfs/binder0\x00', 0x0, 0x0)
mmap$binder(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x1, 0x11, r3, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r3, 0x4018620d, &(0x7f0000004a80)={0x73622a85, 0x100, 0x1})
ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f00000004c0)={0x8, 0x0, &(0x7f0000000000)=[@acquire], 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f00000001c0)={0x4c, 0x0, &(0x7f0000000fc0)=[@transaction_sg={0x40486311, {0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0})
ioctl$BINDER_THREAD_EXIT(r1, 0x40046208, 0x0)
ioctl$BINDER_WRITE_READ(r3, 0xc0306201, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x50, 0x0, &(0x7f0000000580)="b3185d7bb56f70f003360fa8bf71ac3086aedebf6fff904f92849a7a07395ee7f0e4cb1d78001c08a0ab73ffcf5ad07693727980eea946e6cba1723e81bfa5c3688803c8a124dcb27df7938e7ddfdd52"})
ioctl$BINDER_THREAD_EXIT(r3, 0x40046208, 0x0)

41.971999ms ago: executing program 6 (id=1172):
bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f0000000480)={0xffffffffffffffff, 0x0, 0x25, 0x2, @void}, 0x10)
r0 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000000300), 0x2, 0x0)
ioctl$VHOST_SET_VRING_BASE(r0, 0xaf01, 0x0)
r1 = eventfd(0xffffffff)
ioctl$VHOST_SET_LOG_FD(r0, 0x4004af07, &(0x7f00000005c0)=r1)
ioctl$VHOST_SET_VRING_KICK(r0, 0x4008af20, &(0x7f0000000040)={0x1, r1})
ioctl$VHOST_SET_VRING_ADDR(r0, 0x4028af11, &(0x7f0000000140)={0x0, 0x0, 0x0, &(0x7f0000000500)=""/67, 0x0})
ioctl$VHOST_SET_VRING_ADDR(r0, 0x4028af11, &(0x7f0000000280)={0x1, 0x1, &(0x7f0000000380)=""/247, &(0x7f00000000c0)=""/87, &(0x7f0000000480)=""/74})
ioctl$VHOST_SET_MEM_TABLE(r0, 0x4008af03, &(0x7f0000000680))
ioctl$VHOST_VSOCK_SET_RUNNING(r0, 0x4004af61, &(0x7f0000000000)=0x1)
r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='memory.swap.current\x00', 0x275a, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x12, r2, 0x0)
mremap(&(0x7f00004f9000/0x1000)=nil, 0x1000, 0x1000, 0x7, &(0x7f00007f8000/0x1000)=nil)

41.707039ms ago: executing program 4 (id=1173):
r0 = socket$kcm(0x11, 0x3, 0x0)
r1 = socket$unix(0x1, 0x5, 0x0)
r2 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
ioctl$TUNSETIFF(r2, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x2})
r3 = openat$tun(0xffffffffffffff9c, &(0x7f0000000400), 0x60000, 0x0)
close(r3)
r4 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r5=>0x0})
sendmsg$nl_route_sched(r4, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000001c0)=@newqdisc={0x44, 0x24, 0x4ee4e6a52ff56541, 0x1, 0x25dfdbfd, {0x0, 0x0, 0x0, r5, {0x0, 0xb}, {0xffff, 0xffff}, {0xfff2}}, [@qdisc_kind_options=@q_cake={{0x9}, {0x14, 0x2, [@TCA_CAKE_FLOW_MODE={0x8}, @TCA_CAKE_DIFFSERV_MODE={0x8, 0x3, 0x3}]}}]}, 0x44}, 0x1, 0x0, 0x0, 0x40088c1}, 0x0)
ioctl$SIOCSIFHWADDR(r3, 0x8914, &(0x7f0000002280)={'syzkaller0\x00', @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x1}})
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r6=>0x0})
setsockopt$sock_attach_bpf(r0, 0x107, 0xf, &(0x7f0000000600), 0x56)
sendmsg$kcm(r0, &(0x7f00000000c0)={&(0x7f0000000580)=@xdp={0x2c, 0x0, r6, 0x3e}, 0x80, &(0x7f0000000080)=[{&(0x7f0000000180)="27030028590214000600002fb96dbcf706e10500000086ddffff1144ee162fd4b8bf4a31accb", 0xfdef}], 0x1}, 0x0)

40.943439ms ago: executing program 2 (id=1174):
socket$kcm(0xa, 0x2, 0x73)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000001480))
fsopen(&(0x7f0000000180)='hugetlbfs\x00', 0x1)
socket$l2tp6(0xa, 0x2, 0x73)
socket$inet6_tcp(0xa, 0x1, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="19000000040000000800000008"], 0x48)
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[], 0x48)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x6, 0xc, &(0x7f00000001c0)=ANY=[@ANYBLOB="1800000010000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bc82000000000000a6020000f8ffffffb703000008000000ac03000000000000850000003300000095"], &(0x7f0000000780)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x28, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000300)={{r0}, &(0x7f0000000080), &(0x7f0000000280)=r1}, 0x20)
r2 = socket$inet_tcp(0x2, 0x1, 0x0)
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000180)={'syz_tun\x00', <r3=>0x0})
bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f00000002c0)={r1, r3}, 0x14)
syz_emit_ethernet(0xd81, &(0x7f0000001b40)={@empty, @broadcast, @void, {@ipv6={0x86dd, @tcp={0x7, 0x6, "acdaea", 0xd4b, 0x6, 0x0, @initdev={0xfe, 0x88, '\x00', 0x1, 0x0}, @private0={0xfc, 0x0, '\x00', 0x1}, {[@dstopts={0x3b, 0x19b, '\x00', [@ra={0x5, 0x2, 0x80}, @jumbo={0xc2, 0x4, 0x7}, @generic={0xfa, 0x29, "ebf9ea79413a0467db3deffcbdbb4ca4e53ce325600527602f611fcee3320ae84fcd83d8349c527adc"}, @padn={0x1, 0x3, [0x0, 0x0, 0x0]}, @generic={0x5, 0xc9d, "3336f67a83de64fb3d5777beef9f927f16799a0a41a408a734126eae55eeddea548151dd9c72b8377cabdb76ee09052f2c4763356cc316d1a0ad4e1b4d5827b90ed1dc3a09511ee2f284357286379cdce32cdc31a17bb742156f8f0c9d9016a4f6b0b3489a9e16924119867dddc3a93edef4832c406c39d1f8571a9134dc3e8e81e6c47e3a378d0aa6f6301ddd458a8e38a42bab4dc410ab60bcb2b4f081326784d1d656dcaa55a63f4c277ee305ed61606c838f3514d692981361d3f6d26410363adbfdc764f835bdbe8380627ffd687ea5371a36ef0f28f21adc0823d681467326496745192a07b29b4d07fd714f660fe789d0d236d9168f718d051db04ea547ac4da465b0115e91435690642a05027edc44a57611d40b5ba20bc08c9718dfce0d5452f8a78e1d9e91308d6d39491dd1369a99e161abe0fbd65318949505e82768ccc8037be79803aaa4a04b575310f8e3b3a897304150420d8b873b92a026b708551e5fd35baee32869b36a29570855e9d308e1399c5fd47eae40ddcc010f1737e76a24fcc467c2f37c8625d17b826df84e452b55e34733fa50703956db14b7dd1b3799326f42a486717aa097ffa20c4cc0700ab2a3e3ccf3873f25e9b13bec4e8b50707387c909df07e7c791f83fe354f89351a798bd29b4a698b4ef46be2a4770e4c94a0abe433d4669e6f73a5ec2f418f5412f0a6a5d70c8156b482148a36b44d03af854417ebe949b62501b08e223723a0594c045a9c5bea54d98ee0357f69efc3aa888793184ccf7ba77115a1ad3743090e7a34bd8ea3615c9515ea922f997c9fa01308e1206bea2e6176d398479e3a8a2f28c49996d682c2181408747ef5d3687fc2b7ea7bacc7b26cd11b7a0511297c3687a90c052d6bfa24713ab8aa7c76f7b9a70180ab0f49c49e3fb2d577b6d542d3acd6515110fc9df4c8b8953493257974938d5cb686cd6a7d533bf41940fbcb3517485b133920e0bb63cf653c0945a0e2045e5fc52706503cf279030707bccbda945802124703cc405207a25a8d333cbdfb23eb35ad284dd3e7d7e6355f3bda9d9f66b7bf5f236eb195fbe30984af59f97d649b685eeab1b58a982b527fa79e5118bec55df918a6dc6615243be203a9ffeca7d042d4620244a006da98e11d4eb49d17b930d8cf0ce3bbe8481633bba4abbef56e726f2338719b86e91acc96900d417c0ffa00bdc5334bcb5e6d21e4859b4511d8deffecd572783be638b94d4485c088721b37b58123fade0c4f4a40b3e51851822f0df44f9eb65e5e12440a9d1267a6cef5ec888314ecc2396244370cf15d3d10fbab15a21335c836d06f2ca87d8997be357efa86848fceac797b36f900eff57ad1be7fd3862bf91df26c87694ab7f1a63ab924e3104df3fc818da9fc9821107749dab960e3f878d7273edfe89af26e63804ca0bdab853355c7f8c8df0191b9af1ed6f92ceebbb6b0af00854a8437ba23c3ec51495cd9396d140786bed6ddb94cb5cc7581c660544a73c5271e237bcf432abc5fa106b092ab51973da1ff60814b9da7773e7089a80789a597dea54254cc6b03c5d7ca8625cdad57c04625416957e943b6d2c6f3d9fd8590c24dd19f9fbe34c944b65462adab50187cf7dd1d6390bedab35d02399c8b4382435f3e29d5e035805a996589588de79ee3baa01b58d72ad00afa09f88509c7acce6635b5f6c3f78e6d3db62baa472ca3d7ac7b3574135afd215757aff9c3cda2e76d70b9fbfa984db89444c0d4a39a796441105c48aca5847dc312d3236ba356c07da97e7261883678ae299c9dbd7a4cb8448c184f24ea5da72e10d7894ca6c3c3fde659ecdce84fb7a490ae10f2b9f4b1775ee2878f5ada3c8e3bc5dc4064c0d351532edfcb93c998b5d3ce02aec7a701d5195766f4e042fa2388eea6c7fa8d71cb41661830aab10628c46c6ca18c38ff914c09edcd1b55c57b5252b1783d44f6215ed406b750f1ea8348dc1815df893ab22a897fe28296db99566b3d469c7d673184e4c694698dd79718ea81a2beff26ff1e2388485f58c8dc24ec72734a7e2ee0fc1c1b52d7d8953e45c546e23bbc2269ab479ec5b3d453dfb5f211e2f079f85d7cf3b78f5b008e455235ac491e0e56cc75c24c1af89c9d575aa31ef6e7950676a8c71b3e893e0792afd50c95afea53b1cad68f6e0cadd89be3f1d36e2ca6f535ce13c68493e4d43bbddf73f2b7ddbcd4eddbc4ce8b68134dc099cc136f416e0c3f4088c2387fbd5cdc3fc25dce1ecd6b7263a619964d2a7cae5ca529eda78f9cc777bae73190f095b8cc447ec0c36c735cfb152707a3edf4d48b2d1bb2117383c8f63da1a96caf12549bcfc58fc403ccff0820cc83c683b0f39d268beb06a76e3de9cc9aaed247d259e9168eddca1f66921630643bd0bc5810b0e20b4856cddc3172fff34c152083524aaa1fcb1ac454226573f4969ebb6c221fb2dc72fdfa04094af5c39f088ab83263ad61fb6d61c57ad084665a0e6d808eeeb0ffcb616d84e64ba2719b5325f2e0a3210685cb4fb69201ae361e8428119b24eed4327e408977b1aa76fc79eb9eb78e38f001f453607b42372171b54c3bdbb7a331a5af4b3d8ed9d66d1c440c680ea53d568cc3827e5877fd3e46b642d0200fab75a49e8c66d9f4d53e401efb54193c1a1f7695ec0ba5169ca544e8bf116d4208eb3284b142cd39d7fd66cf588ea2e58dd7006398d2665075887be5faeae820dc3486531556fbded3b4861c7c677ef64bfe22ecebb0b594eeacdd9905c0c0f0b1111c4f8550ccaa46eb25420980b47d627e4447e819d61f300b59019072e613b2e764c13c1328291cd4f68121f4484a359265bdb0148d792d786a6a91e1137faa39df62aef6aa3174ede43195867b10917ffef2507bb87e9401da643f5aef53267b84b4bc4bd2ad54760eb3c26dd6e2171a8064e7ebc106875e5b40599180c9612979fa51c05422c18232000a9e7187f0c14ffc6bb0ffdae4def9a99b670b2d9c24fb934a3b4563a6766c5e48e2a53c954b500850574d6962d1ec28aadf55ecaa36c67bcbba2f7b9b208a29147cf0e144c0c8ff69af2e920863658a1d29287ef8ed286e6fc822ef12be083942c71aaa8eaa4353ce97baa1f87a01b0992ab424202995b289a338608c203dde2ece8d057f81d478b2e25bd1d15e8f0346de0be199148fc7cbb11003c0e977f823e50eb5d932bb689e3b2b58f5909b7a3215916ec620a90d1bfe0e4a03cc5aa23cfbda2a0e7803fed9310cea95b0cea089b6476d2be9c6ccce81fea861e016faf791959962e1864908dea146a1fb14ca1ff48d99be9a188a68f126c6da1666d6089c053e3b6c96dbcfcca0d8892b909f90998d2277cc22bd81420ca25c80222fac7c1a3c2411f04b49dc3ce399c50a946fd4179400c7c9a091c818e7d05f5bc7b7526d8eecbc2b19dc36fc669d1ce5d654e0249422ea60042ce888f50f14a771f21bce55c585b0aaecc830101d69644b0962c6b6202338dfca989c8fd04888fd04b266de33a6cf81be3ec9c515c108fcef9c0095f0b20695cb802c23df482dd791e9c389c89988289a2201958c4cdf62d30c15eaea6f95c0bf8a0a0f0d8bbd17d1b11bdd5cf91d84cdd182fcf6e16560730dfc9b4b2ab7995fa5eb53c5caf2c8214e33a9db6021aed6a4a12ea3caf1b77ddda55870c7a2c26c2107ce1b987c36be583ec33c2447d8aee66a543f447108c71c0baf680adf35d27a0e15c67d5d26261baa1e9266be733939c0a0a426e4517a8bcf30a7b8c6ac871c898169a878dd0246c62ebe912cb19c62dea0462bafa569481bdeb866b68cda2069cde8cf2ce064c678255572e6dbc52cc37dc3f8be42d8fd495a8ac118fad6222be69689b7bd3dbe9f6c01703b892707f1ff61bc6133dc6aaf0104fa129b4bedaa64f5afea2d69d08d5566b9a16044ea12248744c23af0ba58cc76e107f7e0bd11244394761239fdb694852db354686a2c02790f3c563295d54c06e2ab9737f6420f1d24cf942f00136c1d1fa37a7bab77bcb244ce49a63d2fccce6b27fd6ff6b862082bb3159c8c937e9b2c2040fd9779fd6eb702be4c4fc704e3d53163c6ad307e2099e6bdf491461a177c09a876df54a3c6951de6ec6d78c5f869338d0527d23280cb21ebe3101522122df1cf8b38632b7c7e6298c18fd084b8c71b95a2c329a8c6bd01a8416e76574b5f3276498b08e2e9796ecd89f1f8efe18820682dc1df1ffdf6285abee3397d7c7b0c62d70305c5aba11e17814542a033db20cd514fffd25ebd84288639f98bbd3013fed238444781eb764f1d9e74b03fd6bdde58cdef11393eb6b456cf102e42278be4b020cd3e8da7df7f7500a3d6c7cdfd8dfcf4fa0c4b020c4108996418e2c67459d5f1cb57d02621af203fa6041e23b56f0aa7df56f4d02c603379b6e8564683b21f718c44aee78e9621a2777dee20fcdfcb079687791bcee46f682d13fdf159ff35499a276f95fa69cbe12c8134df05594e52231a6ec95d3f25101754362a180a21b64685fd7272afc9986895f9c4e06df082f67eb3f8a520e1005"}]}], {{0x4e20, 0x4e20, 0x41424344, 0x41424344, 0x0, 0x0, 0x7, 0x8, 0x2, 0x0, 0x2, {[@exp_smc={0xfe, 0x6}]}}, {"ffaf37c94bd77d95f8a7484ed5752f3c6fb324fa40e0752e7aeed8dbcb9f5dec2fac17c637d154e0e3e643c5c4ad6e690f5d716d8f8bd53711e5c2afbc460074139a39173b2d24"}}}}}}}, 0x0)

0s ago: executing program 1 (id=1175):
r0 = syz_open_procfs(0x0, &(0x7f00000000c0)='mountstats\x00')
prlimit64(0x0, 0xe, &(0x7f0000000000)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x1)
lgetxattr(0x0, &(0x7f0000000240)=@known='system.posix_acl_access\x00', &(0x7f0000000340)=""/119, 0x77)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0xfffffffffffffffe)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0)
r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8)
connect$unix(0xffffffffffffffff, 0x0, 0x0)
r2 = socket(0x40000000015, 0x5, 0x0)
setsockopt$SO_RDS_TRANSPORT(r2, 0x114, 0x8, &(0x7f00000008c0), 0x4)
bind$inet6(r2, &(0x7f0000000f80)={0xa, 0x0, 0x0, @loopback, 0xa7a}, 0x1c)
read$FUSE(r0, &(0x7f0000003240)={0x2020}, 0x2020)

kernel console output (not intermixed with test programs):

miscuous mode
[   54.285793][ T4188] device veth1_macvtap entered promiscuous mode
[   54.303465][ T1252] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready
[   54.322263][ T1252] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready
[   54.330191][ T1252] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready
[   54.338238][ T1252] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready
[   54.349032][ T1252] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready
[   54.357679][ T4191] device veth1_macvtap entered promiscuous mode
[   54.378340][ T4200] 8021q: adding VLAN 0 to HW filter on device batadv0
[   54.404646][ T4191] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[   54.415810][ T4191] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   54.429864][ T4191] batman_adv: batadv0: Interface activated: batadv_slave_0
[   54.447345][ T4188] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[   54.460160][ T4188] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   54.470834][ T4188] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[   54.482310][ T4188] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   54.493555][ T4188] batman_adv: batadv0: Interface activated: batadv_slave_0
[   54.502349][  T310] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready
[   54.510397][  T310] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready
[   54.519230][  T310] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[   54.528028][  T310] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready
[   54.536970][  T310] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[   54.545787][  T310] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready
[   54.555360][  T310] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[   54.566237][ T4191] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[   54.577009][ T4191] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   54.588463][ T4191] batman_adv: batadv0: Interface activated: batadv_slave_1
[   54.605458][  T154] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   54.608151][ T4188] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[   54.626749][  T154] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   54.629377][ T4188] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   54.654429][ T4188] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[   54.668226][ T4188] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   54.679408][ T4188] batman_adv: batadv0: Interface activated: batadv_slave_1
[   54.693963][ T1252] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
[   54.703036][ T1252] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[   54.712834][ T1252] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready
[   54.721021][ T1252] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
[   54.729477][ T1252] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[   54.740795][ T4191] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   54.749493][ T4191] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   54.758766][ T4191] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   54.767787][ T4191] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   54.788838][ T4188] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   54.798724][ T4188] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   54.807560][ T4188] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   54.818769][ T4188] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   54.835202][ T4192] device veth0_vlan entered promiscuous mode
[   54.860735][  T310] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready
[   54.868833][  T310] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[   54.878943][  T310] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[   54.887478][  T310] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[   54.922229][  T154] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready
[   54.935020][  T154] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[   54.948859][ T4192] device veth1_vlan entered promiscuous mode
[   54.955787][  T154] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   54.966377][  T154] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   55.001863][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready
[   55.009706][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready
[   55.024674][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[   55.041912][ T4200] device veth0_vlan entered promiscuous mode
[   55.072181][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[   55.087987][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[   55.107581][ T4192] device veth0_macvtap entered promiscuous mode
[   55.123248][ T4200] device veth1_vlan entered promiscuous mode
[   55.170249][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready
[   55.186049][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready
[   55.196586][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[   55.234209][ T4192] device veth1_macvtap entered promiscuous mode
[   55.243123][  T154] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   55.258242][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready
[   55.286007][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready
[   55.294012][  T154] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   55.308570][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready
[   55.316686][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready
[   55.368264][  T154] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   55.374568][ T4192] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[   55.391419][  T154] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   55.398961][ T4192] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   55.409628][ T4192] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[   55.420387][ T4192] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   55.430651][ T4192] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[   55.442915][ T4192] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   55.455690][ T4192] batman_adv: batadv0: Interface activated: batadv_slave_0
[   55.466012][ T4216] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   55.477892][ T4216] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   55.491597][  T154] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready
[   55.506819][  T154] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready
[   55.516054][  T154] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[   55.531099][  T154] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready
[   55.566735][ T4192] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[   55.594930][ T4192] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   55.607170][ T4192] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[   55.621444][ T4192] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   55.636005][ T4192] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[   55.647576][ T4192] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   55.664345][ T4192] batman_adv: batadv0: Interface activated: batadv_slave_1
[   55.681714][ T4200] device veth0_macvtap entered promiscuous mode
[   55.693057][ T1252] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
[   55.733500][ T1252] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[   55.742524][ T1252] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready
[   55.750198][ T4272] L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/l1tf.html for details.
[   55.751538][ T1252] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[   55.774941][   T13] Bluetooth: hci1: command 0x040f tx timeout
[   55.784274][   T13] Bluetooth: hci2: command 0x040f tx timeout
[   55.790300][   T13] Bluetooth: hci0: command 0x040f tx timeout
[   55.801697][ T4192] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   55.810407][ T4192] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   55.825630][ T4192] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   55.831562][   T26] Bluetooth: hci3: command 0x040f tx timeout
[   55.836318][ T4192] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   55.857316][  T310] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   55.860934][   T26] Bluetooth: hci4: command 0x040f tx timeout
[   55.872764][ T4200] device veth1_macvtap entered promiscuous mode
[   55.880875][ T1252] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready
[   55.888835][ T1252] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready
[   55.894462][ T4272] xt_NFQUEUE: number of queues (8) out of range (got 65537)
[   55.904014][  T310] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   55.948039][ T1252] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready
[   56.022884][ T4200] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[   56.045660][ T4200] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   56.063952][ T4200] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[   56.080411][ T4200] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   56.090574][ T4200] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[   56.101852][ T4200] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   56.118036][ T4200] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[   56.128691][ T4200] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   56.147574][ T4200] batman_adv: batadv0: Interface activated: batadv_slave_0
[   56.164261][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready
[   56.173438][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[   56.278650][ T4200] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[   56.429399][ T4200] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   56.568900][ T4200] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[   56.813989][ T4200] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   56.837618][ T4200] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[   56.862123][ T4200] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   56.875087][ T4200] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[   56.885687][ T4200] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   56.896968][ T4200] batman_adv: batadv0: Interface activated: batadv_slave_1
[   57.065715][ T1252] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
[   58.324530][ T4238] Bluetooth: hci0: command 0x0419 tx timeout
[   58.348104][ T1252] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[   58.376773][ T4238] Bluetooth: hci2: command 0x0419 tx timeout
[   58.393609][ T4303] loop0: detected capacity change from 0 to 128
[   58.402016][ T4238] Bluetooth: hci1: command 0x0419 tx timeout
[   58.419321][ T4303] =======================================================
[   58.419321][ T4303] WARNING: The mand mount option has been deprecated and
[   58.419321][ T4303]          and is ignored by this kernel. Remove the mand
[   58.419321][ T4303]          option from the mount to silence this warning.
[   58.419321][ T4303] =======================================================
[   58.485200][ T4238] Bluetooth: hci4: command 0x0419 tx timeout
[   58.515004][   T25] audit: type=1804 audit(1778867598.434:2): pid=4303 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz.0.11" name="/newroot/1/file0/bus" dev="loop0" ino=1048586 res=1 errno=0
[   58.515536][ T4238] Bluetooth: hci3: command 0x0419 tx timeout
[   58.540292][   T25] audit: type=1804 audit(1778867598.464:3): pid=4303 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.0.11" name="/newroot/1/file0/bus" dev="loop0" ino=1048586 res=1 errno=0
[   58.573199][ T4200] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   58.576351][   T25] audit: type=1804 audit(1778867598.464:4): pid=4303 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz.0.11" name="/newroot/1/file0/bus" dev="loop0" ino=1048586 res=1 errno=0
[   58.601814][ T4200] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   58.613004][ T4200] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   58.622045][ T4200] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   58.740899][  T154] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   58.740932][  T154] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   58.759089][  T144] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready
[   58.832170][  T154] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   58.841749][  T154] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   58.860484][  T154] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready
[   58.875621][  T310] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   58.906879][  T310] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   58.926082][ T4232] usb 2-1: new high-speed USB device number 2 using dummy_hcd
[   58.961049][ T1252] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready
[   58.995713][  T310] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   59.014101][  T310] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   59.038260][ T1252] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready
[   59.174276][ T4318] loop2: detected capacity change from 0 to 512
[   59.191230][ T4232] usb 2-1: Using ep0 maxpacket: 32
[   59.224432][ T4318] EXT4-fs (loop2): Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE
[   59.310742][ T4232] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[   59.345961][ T4318] EXT4-fs (loop2): mounted filesystem without journal. Opts: nouid32,errors=remount-ro,user_xattr,nodiscard,dioread_nolock,. Quota mode: writeback.
[   59.367970][ T4318] ext4 filesystem being mounted at /5/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[   59.369186][ T4232] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[   59.397226][ T4232] usb 2-1: New USB device found, idVendor=046d, idProduct=c31c, bcdDevice= 0.40
[   59.406647][ T4232] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[   59.473419][ T4232] usb 2-1: config 0 descriptor??
[   59.534396][ T4232] hub 2-1:0.0: USB hub found
[   59.721058][ T4232] hub 2-1:0.0: 1 port detected
[   60.550530][    T0] NOHZ tick-stop error: Non-RCU local softirq work is pending, handler #8a!!!
[   60.580531][    T0] NOHZ tick-stop error: Non-RCU local softirq work is pending, handler #18a!!!
[   60.868736][ T4340] loop3: detected capacity change from 0 to 64
[   60.972383][ T4340] BFS-fs: bfs_fill_super(): loop3 is unclean, continuing
[   61.057101][ T4346] IPv6: ADDRCONF(NETDEV_CHANGE): syzkaller0: link becomes ready
[   61.150683][ T4232] hub 2-1:0.0: activate --> -90
[   62.888514][ T4347] loop0: detected capacity change from 0 to 32768
[   62.910626][ T4232] usb 2-1-port1: config error
[   62.941761][ T4347] xfs: Unknown parameter 'smackfstransmute'
[   62.949956][ T4236] usb 2-1: USB disconnect, device number 2
[   63.022848][ T4347] syz.0.23 sent an empty control message without MSG_MORE.
[   63.667342][ T4401] capability: warning: `syz.2.34' uses deprecated v2 capabilities in a way that may be insecure
[   63.682629][ T4401] loop2: detected capacity change from 0 to 256
[   65.112499][ T4406] loop3: detected capacity change from 0 to 4096
[   65.803524][ T4406] ntfs3: loop3: ntfs_set_state r=3 failed, -22.
[   66.810530][    T0] NOHZ tick-stop error: Non-RCU local softirq work is pending, handler #182!!!
[   66.870530][    T0] NOHZ tick-stop error: Non-RCU local softirq work is pending, handler #182!!!
[   66.880529][    T0] NOHZ tick-stop error: Non-RCU local softirq work is pending, handler #182!!!
[   67.915162][ T4415] ntfs3: loop3: ntfs3_write_inode r=3 failed, -22.
[   67.935758][ T4437] loop0: detected capacity change from 0 to 256
[   67.946342][ T4192] ntfs3: loop3: ntfs_set_state r=3 failed, -22.
[   67.960229][ T4192] ntfs3: loop3: Mark volume as dirty due to NTFS errors
[   67.968366][ T4192] ntfs3: loop3: ntfs_set_state r=3 failed, -22.
[   67.985576][ T4415] ntfs3: loop3: ntfs3_write_inode r=3 failed, -22.
[   68.006992][ T4192] ntfs3: loop3: ntfs_evict_inode r=3 failed, -22.
[   68.150732][ T4292] usb 3-1: new high-speed USB device number 2 using dummy_hcd
[   68.180313][ T4443] sch_tbf: burst 32855 is lower than device lo mtu (65550) !
[   68.196068][ T4443] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[   68.561044][ T4292] usb 3-1: Using ep0 maxpacket: 16
[   68.733227][ T4292] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[   69.120767][ T4456] nf_conntrack: default automatic helper assignment has been turned off for security reasons and CT-based firewall rule not found. Use the iptables CT target to attach helpers instead.
[   69.204036][ T4292] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[   69.216286][ T4292] usb 3-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 17
[   69.229644][ T4292] usb 3-1: New USB device found, idVendor=05ac, idProduct=8241, bcdDevice= 0.00
[   69.238716][ T4292] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[   69.249489][ T4292] usb 3-1: config 0 descriptor??
[   69.317339][ T4460] loop3: detected capacity change from 0 to 256
[   69.439329][ T4460] FAT-fs (loop3): error, clusters badly computed (1 != 129)
[   69.484842][ T4460] FAT-fs (loop3): Filesystem has been set read-only
[   70.370627][ T4472] netlink: 'syz.1.55': attribute type 4 has an invalid length.
[   70.410136][ T4292] input: HID 05ac:8241 as /devices/platform/dummy_hcd.2/usb3/3-1/3-1:0.0/0003:05AC:8241.0001/input/input5
[   70.512200][ T4472] syz.1.55 (4472) used greatest stack depth: 21136 bytes left
[   71.298872][ T1422] ieee802154 phy0 wpan0: encryption failed: -22
[   71.650574][ T1422] ieee802154 phy1 wpan1: encryption failed: -22
[   71.809270][ T4292] appleir 0003:05AC:8241.0001: input,hiddev0,hidraw0: USB HID v0.00 Device [HID 05ac:8241] on usb-dummy_hcd.2-1/input0
[   71.832801][ T4292] usb 3-1: USB disconnect, device number 2
[   71.941893][ T4489] loop1: detected capacity change from 0 to 512
[   71.964488][ T4489] EXT4-fs (loop1): Ignoring removed nobh option
[   71.970124][ T4484] ceph: No mds server is up or the cluster is laggy
[   71.986189][   T21] libceph: connect (1)[c::]:6789 error -101
[   72.031218][   T21] libceph: mon0 (1)[c::]:6789 connect error
[   72.090471][ T4494] fido_id[4494]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.2/usb3/report_descriptor': No such file or directory
[   72.266197][ T4489] EXT4-fs error (device loop1): ext4_iget_extra_inode:4573: inode #15: comm syz.1.64: corrupted in-inode xattr
[   72.351475][ T4489] EXT4-fs error (device loop1): ext4_orphan_get:1411: comm syz.1.64: couldn't read orphan inode 15 (err -117)
[   72.431072][ T4489] EXT4-fs (loop1): mounted filesystem without journal. Opts: nobh,nombcache,resuid=0x0000000000000000,usrjquota=,barrier,acl,init_itable=0x0000000000008d55,,errors=continue. Quota mode: none.
[   73.113917][ T4489] tipc: Started in network mode
[   73.119014][ T4489] tipc: Node identity ac14142f, cluster identity 4711
[   73.251241][ T4489] tipc: New replicast peer: 0.0.0.0
[   73.256967][ T4489] tipc: Enabled bearer <udp:syz2>, priority 10
[   73.299314][ T4460] FAT-fs (loop3): error, fat_get_cluster: detected the cluster chain loop (i_pos 196)
[   73.791762][ T4509] tipc: New replicast peer: 0000:0000:0000:0000:0000:0000:0000:0000
[   73.950998][    C1] nf_conntrack: default automatic helper assignment has been turned off for security reasons and CT-based firewall rule not found. Use the iptables CT target to attach helpers instead.
[   74.280308][ T4513] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready
[   74.318741][ T4513] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready
[   74.364086][ T4519] netlink: 8 bytes leftover after parsing attributes in process `syz.2.73'.
[   74.384223][ T4513] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.
[   74.425299][ T4238] tipc: Node number set to 2886997039
[   74.548780][   T25] audit: type=1326 audit(1778867614.464:5): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4525 comm="syz.4.74" exe="/root/ci2-linux-5-15-kasan/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f058ea13e59 code=0x0
[   75.524474][ T4548] loop3: detected capacity change from 0 to 16
[   75.553820][ T4541] loop1: detected capacity change from 0 to 4096
[   75.599815][ T4548] erofs: (device loop3): mounted with root inode @ nid 36.
[   75.637138][ T4548] netlink: 3 bytes leftover after parsing attributes in process `syz.3.82'.
[   75.646781][ T4548] 0ªX¹¦À: renamed from caif0
[   75.654427][ T4548] A link change request failed with some changes committed already. Interface 
60ªX¹¦À may have been left with an inconsistent configuration, please check.
[   75.737477][ T4541] EXT4-fs (loop1): inline encryption not supported
[   75.747181][ T4547] xt_hashlimit: size too large, truncated to 1048576
[   75.758467][ T4541] EXT4-fs (loop1): Test dummy encryption mode enabled
[   75.760868][ T4547] xt_hashlimit: invalid rate
[   76.326640][ T1108] cfg80211: failed to load regulatory.db
[   76.481610][ T4541] [EXT4 FS bs=4096, gc=1, bpg=524288, ipg=32, mo=a856e01c, mo2=0003]
[   76.501624][ T4541] System zones: 0-5
[   76.565902][ T4541] EXT4-fs (loop1): mounted filesystem without journal. Opts: debug,grpid,inlinecrypt,dioread_nolock,test_dummy_encryption=v1,errors=continue,delalloc,nouid32,grpquota,,errors=continue. Quota mode: writeback.
[   76.859452][ T4541] fscrypt (loop1): Missing crypto API support for AES-256-XTS (API name: "xts(aes)")
[   77.556484][ T1108] usb 5-1: new high-speed USB device number 2 using dummy_hcd
[   77.785704][ T4594] loop3: detected capacity change from 0 to 64
[   77.807337][ T4594] BFS-fs: bfs_fill_super(): loop3 is unclean, continuing
[   77.826563][ T4592] ceph: No mds server is up or the cluster is laggy
[   77.837020][   T21] libceph: connect (1)[c::]:6789 error -101
[   77.855133][ T4598] netlink: 4 bytes leftover after parsing attributes in process `syz.0.92'.
[   77.864331][   T21] libceph: mon0 (1)[c::]:6789 connect error
[   77.890740][ T1108] usb 5-1: Using ep0 maxpacket: 16
[   77.932730][ T4598] device team1 entered promiscuous mode
[   77.995001][ T4598] 8021q: adding VLAN 0 to HW filter on device team1
[   78.028445][ T4600] netlink: 4 bytes leftover after parsing attributes in process `syz.0.92'.
[   78.066287][ T4600] team2 (uninitialized): Failed to send options change via netlink (err -105)
[   78.117128][ T4600] device team2 entered promiscuous mode
[   78.123113][ T4600] 8021q: adding VLAN 0 to HW filter on device team2
[   78.150829][ T1108] usb 5-1: config 0 has an invalid descriptor of length 255, skipping remainder of the config
[   78.155194][ T4600] Zero length message leads to an empty skb
[   78.165960][ T1108] usb 5-1: config 0 interface 0 altsetting 0 has an invalid endpoint with address 0xA1, skipping
[   78.281143][ T4607] 8021q: adding VLAN 0 to HW filter on device batadv1
[   78.471012][ T1108] usb 5-1: New USB device found, idVendor=05ac, idProduct=9226, bcdDevice=b2.89
[   78.537239][ T1108] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[   78.670748][ T1108] usb 5-1: Product: syz
[   78.767997][ T1108] usb 5-1: Manufacturer: syz
[   78.941089][ T1108] usb 5-1: SerialNumber: syz
[   78.955812][ T1108] usb 5-1: config 0 descriptor??
[   78.984732][ T4612] bridge0: port 2(bridge_slave_1) entered disabled state
[   78.993030][ T4612] bridge0: port 1(bridge_slave_0) entered disabled state
[   78.997807][ T4566] raw-gadget.0 gadget: fail, usb_ep_enable returned -22
[   79.022228][ T1108] appledisplay 5-1:0.0: Could not find int-in endpoint
[   79.049128][ T1108] usbhid 5-1:0.0: couldn't find an input interrupt endpoint
[   79.197202][ T4626] loop0: detected capacity change from 0 to 256
[   79.290963][ T4626] exFAT-fs (loop0): failed to load upcase table (idx : 0x0000fd4f, chksum : 0x46ae1815, utbl_chksum : 0xe619d30d)
[   79.321583][ T4626] exFAT-fs (loop0): bogus allocation bitmap size(need : 2, cur : 17179869186)
[   79.439648][ T4626] attempt to access beyond end of device
[   79.439648][ T4626] loop0: rw=524288, want=408, limit=256
[   79.452992][ T4626] attempt to access beyond end of device
[   79.452992][ T4626] loop0: rw=524288, want=664, limit=256
[   79.469204][ T4626] attempt to access beyond end of device
[   79.469204][ T4626] loop0: rw=0, want=288, limit=256
[   79.490189][   T25] audit: type=1800 audit(1778867619.404:6): pid=4626 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.0.101" name="file1" dev="loop0" ino=1048594 res=0 errno=0
[   79.579165][ T4626] exFAT-fs (loop0): error, failed to bmap (inode : ffff888073ee87e0 iblock : 0, err : -5)
[   79.591758][ T4628] udc-core: couldn't find an available UDC or it's busy
[   79.599432][ T4628] misc raw-gadget: fail, usb_gadget_probe_driver returned -16
[   79.608674][ T4626] exFAT-fs (loop0): Filesystem has been set read-only
[   79.617969][ T4628] udc-core: couldn't find an available UDC or it's busy
[   79.629884][ T4628] misc raw-gadget: fail, usb_gadget_probe_driver returned -16
[   80.072466][ T4633] netlink: 'syz.2.104': attribute type 1 has an invalid length.
[   80.163846][ T4634] netlink: 399 bytes leftover after parsing attributes in process `syz.3.103'.
[   80.741147][ T4292] usb 5-1: USB disconnect, device number 2
[   80.847379][ T4423] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   80.982149][ T4423] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   81.120094][ T4423] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   81.176072][ T4644] loop1: detected capacity change from 0 to 512
[   81.741608][ T4644] EXT4-fs (loop1): 1 truncate cleaned up
[   81.749350][ T4423] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   81.782892][ T4644] EXT4-fs (loop1): mounted filesystem without journal. Opts: bsddf,,errors=continue. Quota mode: none.
[   82.006397][ T4654] netlink: 4 bytes leftover after parsing attributes in process `syz.2.112'.
[   83.390584][    T0] NOHZ tick-stop error: Non-RCU local softirq work is pending, handler #82!!!
[   83.410543][    T0] NOHZ tick-stop error: Non-RCU local softirq work is pending, handler #182!!!
[   83.420542][    T0] NOHZ tick-stop error: Non-RCU local softirq work is pending, handler #182!!!
[   83.430541][    T0] NOHZ tick-stop error: Non-RCU local softirq work is pending, handler #182!!!
[   83.440542][    T0] NOHZ tick-stop error: Non-RCU local softirq work is pending, handler #182!!!
[   83.647676][ T4690] loop2: detected capacity change from 0 to 512
[   83.738688][ T4690] EXT4-fs (loop2): Ignoring removed oldalloc option
[   83.790113][ T4690] EXT4-fs (loop2): Ignoring removed orlov option
[   83.865385][ T4690] EXT4-fs error (device loop2): ext4_xattr_inode_iget:401: comm syz.2.121: inode #15947535: comm syz.2.121: iget: illegal inode #
[   83.909017][ T4657] chnl_net:caif_netlink_parms(): no params data found
[   83.942055][ T4690] EXT4-fs (loop2): Remounting filesystem read-only
[   83.948912][ T4690] EXT4-fs error (device loop2): ext4_xattr_inode_iget:406: comm syz.2.121: error while reading EA inode 15947535 err=-117
[   83.965868][ T4690] EXT4-fs (loop2): Remounting filesystem read-only
[   83.972541][ T4690] EXT4-fs error (device loop2): ext4_xattr_inode_iget:401: comm syz.2.121: inode #261888: comm syz.2.121: iget: illegal inode #
[   83.996393][ T4690] EXT4-fs (loop2): Remounting filesystem read-only
[   84.005706][ T4690] EXT4-fs error (device loop2): ext4_xattr_inode_iget:406: comm syz.2.121: error while reading EA inode 261888 err=-117
[   84.061540][ T4690] EXT4-fs (loop2): Remounting filesystem read-only
[   84.068461][ T4690] EXT4-fs (loop2): 1 orphan inode deleted
[   84.130607][ T4690] EXT4-fs (loop2): mounted filesystem without journal. Opts: errors=remount-ro,bsdgroups,debug_want_extra_isize=0x0000000000000022,noauto_da_alloc,jqfmt=vfsv1,oldalloc,orlov,. Quota mode: none.
[   84.310634][   T21] Bluetooth: hci0: command 0x0409 tx timeout
[   85.220953][ T4657] bridge0: port 1(bridge_slave_0) entered blocking state
[   85.320865][ T4657] bridge0: port 1(bridge_slave_0) entered disabled state
[   85.329215][ T4657] device bridge_slave_0 entered promiscuous mode
[   85.469730][ T4657] bridge0: port 2(bridge_slave_1) entered blocking state
[   85.477684][ T4657] bridge0: port 2(bridge_slave_1) entered disabled state
[   85.517394][ T4657] device bridge_slave_1 entered promiscuous mode
[   85.987208][ T4657] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   86.039539][ T4657] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   86.244357][ T4657] team0: Port device team_slave_0 added
[   86.273075][ T4657] team0: Port device team_slave_1 added
[   86.363997][ T4423] device hsr_slave_0 left promiscuous mode
[   86.390915][ T4232] Bluetooth: hci0: command 0x041b tx timeout
[   86.398892][ T4423] device hsr_slave_1 left promiscuous mode
[   86.428783][ T4423] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[   86.456414][ T4423] batman_adv: batadv0: Removing interface: batadv_slave_0
[   86.490364][ T4423] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[   86.513363][ T4423] batman_adv: batadv0: Removing interface: batadv_slave_1
[   86.534453][ T4423] device bridge_slave_1 left promiscuous mode
[   86.542366][ T4423] bridge0: port 2(bridge_slave_1) entered disabled state
[   86.558776][ T4423] device bridge_slave_0 left promiscuous mode
[   86.567806][ T4423] bridge0: port 1(bridge_slave_0) entered disabled state
[   86.708909][ T4423] device veth1_macvtap left promiscuous mode
[   86.784962][ T4423] device veth0_macvtap left promiscuous mode
[   86.886789][ T4423] device veth1_vlan left promiscuous mode
[   86.981780][ T4423] device veth0_vlan left promiscuous mode
[   87.451732][ T4767] syz.2.137 uses obsolete (PF_INET,SOCK_PACKET)
[   88.470815][ T4232] Bluetooth: hci0: command 0x040f tx timeout
[   88.576970][ T4793] loop1: detected capacity change from 0 to 128
[   88.728716][ T4423] team0 (unregistering): Port device team_slave_1 removed
[   88.764819][ T4423] team0 (unregistering): Port device team_slave_0 removed
[   88.790440][ T4423] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[   88.806266][ T4423] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[   88.893863][ T4793] ODEBUG: Out of memory. ODEBUG disabled
[   88.944831][ T4423] bond0 (unregistering): Released all slaves
[   89.394588][ T4657] batman_adv: batadv0: Adding interface: batadv_slave_0
[   89.430623][ T4657] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   89.495327][ T4657] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   89.887732][ T4657] batman_adv: batadv0: Adding interface: batadv_slave_1
[   89.909606][ T4657] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   89.976532][ T4793] Set syz1 is full, maxelem 65536 reached
[   89.976759][ T4657] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   90.123650][ T4657] device hsr_slave_0 entered promiscuous mode
[   90.140785][ T4657] device hsr_slave_1 entered promiscuous mode
[   90.396365][ T4657] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[   90.408015][ T4657] Cannot create hsr debugfs directory
[   90.550620][ T4232] Bluetooth: hci0: command 0x0419 tx timeout
[   90.650574][ T4238] usb 2-1: new full-speed USB device number 3 using dummy_hcd
[   90.828478][ T4657] netdevsim netdevsim5 netdevsim0: renamed from eth0
[   90.860986][ T4657] netdevsim netdevsim5 netdevsim1: renamed from eth1
[   90.876708][ T4657] netdevsim netdevsim5 netdevsim2: renamed from eth2
[   90.927615][ T4657] netdevsim netdevsim5 netdevsim3: renamed from eth3
[   91.030912][ T4238] usb 2-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[   91.070772][ T4238] usb 2-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[   91.171065][ T4238] usb 2-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23
[   91.218035][ T4238] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[   91.275877][ T4657] 8021q: adding VLAN 0 to HW filter on device bond0
[   91.348701][ T4657] 8021q: adding VLAN 0 to HW filter on device team0
[   91.399670][ T4337] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[   91.436983][ T4337] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[   91.450416][ T4337] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[   91.483729][ T4337] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[   91.501223][ T4238] usb 2-1: usb_control_msg returned -32
[   91.509823][ T4337] bridge0: port 1(bridge_slave_0) entered blocking state
[   91.510208][ T4238] usbtmc 2-1:16.0: can't read capabilities
[   91.516935][ T4337] bridge0: port 1(bridge_slave_0) entered forwarding state
[   91.559183][ T4337] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[   91.579679][ T4337] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[   91.611759][ T4337] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[   91.668275][ T4337] bridge0: port 2(bridge_slave_1) entered blocking state
[   91.675392][ T4337] bridge0: port 2(bridge_slave_1) entered forwarding state
[   91.715685][ T4337] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[   91.735468][ T4337] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[   91.751395][ T4337] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[   91.792893][ T4337] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[   91.816971][ T4337] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[   91.838718][ T4856] udc-core: couldn't find an available UDC or it's busy
[   91.856860][ T4856] misc raw-gadget: fail, usb_gadget_probe_driver returned -16
[   91.857864][ T4337] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[   91.928059][ T4337] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[   91.951966][ T4337] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[   91.981346][ T4337] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[   92.010116][ T4337] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[   92.027193][ T4337] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[   92.068632][ T4657] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[   92.200836][ T4856] usbtmc 2-1:16.0: INDICATOR_PULSE returned 0
[   92.404155][ T4237] usb 2-1: USB disconnect, device number 3
[   92.459601][  T154] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready
[   92.468601][  T154] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready
[   92.523083][ T4657] 8021q: adding VLAN 0 to HW filter on device batadv0
[   92.554570][ T4890] loop3: detected capacity change from 0 to 512
[   92.586338][ T4890] EXT4-fs (loop3): Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE
[   92.638144][ T4890] EXT4-fs (loop3): orphan cleanup on readonly fs
[   92.662569][ T4890] EXT4-fs error (device loop3): ext4_xattr_inode_iget:401: inode #11: comm syz.3.158: iget: bad extra_isize 90 (inode size 256)
[   92.690863][ T4890] EXT4-fs error (device loop3): ext4_xattr_inode_iget:406: comm syz.3.158: error while reading EA inode 11 err=-117
[   92.710295][ T4890] EXT4-fs warning (device loop3): ext4_expand_extra_isize_ea:2807: Unable to expand inode 15. Delete some EAs or run e2fsck.
[   92.731990][ T4890] EXT4-fs error (device loop3): ext4_xattr_inode_iget:401: inode #11: comm syz.3.158: iget: bad extra_isize 90 (inode size 256)
[   92.765612][ T4890] EXT4-fs error (device loop3): ext4_xattr_inode_iget:406: comm syz.3.158: error while reading EA inode 11 err=-117
[   92.825801][ T4890] EXT4-fs error (device loop3): ext4_xattr_inode_iget:401: inode #18: comm syz.3.158: iget: bad extra_isize 90 (inode size 256)
[   92.864064][ T4890] EXT4-fs error (device loop3): ext4_xattr_inode_iget:406: comm syz.3.158: error while reading EA inode 18 err=-117
[   92.883771][ T4890] EXT4-fs error (device loop3): ext4_xattr_inode_iget:401: inode #18: comm syz.3.158: iget: bad extra_isize 90 (inode size 256)
[   92.941298][ T4890] EXT4-fs error (device loop3): ext4_xattr_inode_iget:406: comm syz.3.158: error while reading EA inode 18 err=-117
[   92.990313][ T4416] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready
[   93.001137][ T4416] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[   93.031613][ T4890] EXT4-fs (loop3): 1 orphan inode deleted
[   93.037372][ T4890] EXT4-fs (loop3): mounted filesystem without journal. Opts: data_err=ignore,dioread_nolock,debug_want_extra_isize=0x000000000000005a,noquota,max_dir_size_kb=0x0000000000200004,errors=continue,min_batch_time=0x0000000000000003,jqfmt=vfsold,,errors=continue. Quota mode: none.
[   93.058024][ T4657] device veth0_vlan entered promiscuous mode
[   93.089320][ T4416] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready
[   93.107929][ T4416] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[   93.122185][ T4416] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[   93.151090][ T4416] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[   93.178979][ T4657] device veth1_vlan entered promiscuous mode
[   93.254088][ T4657] device veth0_macvtap entered promiscuous mode
[   93.289143][ T4337] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready
[   93.297799][ T4337] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready
[   93.325794][ T4337] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready
[   93.336411][ T4337] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[   93.377876][ T4337] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready
[   93.406861][ T4657] device veth1_macvtap entered promiscuous mode
[   93.458689][ T4908] device syzkaller0 entered promiscuous mode
[   93.488443][ T4657] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[   93.526665][ T4657] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   93.549353][ T4657] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[   93.561450][ T4657] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   93.582196][ T4657] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[   93.599532][ T4657] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   93.613440][ T4657] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[   93.624247][ T4657] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   93.636766][ T4657] batman_adv: batadv0: Interface activated: batadv_slave_0
[   93.709999][ T4415] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready
[   93.727462][ T4415] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready
[   93.728091][ T4923] binder: 4922:4923 ioctl c0306201 200000000380 returned -14
[   93.738521][ T4415] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[   93.767771][ T4657] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[   93.779208][ T4657] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   93.789134][ T4657] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[   93.834533][ T4657] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   93.846011][ T4657] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[   93.856781][ T4657] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   93.867037][ T4657] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[   93.877907][ T4657] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   93.889382][ T4657] batman_adv: batadv0: Interface activated: batadv_slave_1
[   93.909070][ T4415] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
[   93.931472][ T4415] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[   93.948876][ T4657] netdevsim netdevsim5 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   93.967288][ T4657] netdevsim netdevsim5 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   93.977523][ T4657] netdevsim netdevsim5 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   93.999698][ T4657] netdevsim netdevsim5 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   94.009327][ T4930] process 'syz.1.162' launched './file0' with NULL argv: empty string added
[   94.140308][ T4337] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   94.157003][ T4337] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   94.180690][ T4415] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready
[   94.213377][ T4337] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   94.229284][ T4337] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   94.240314][ T4421] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready
[   94.386320][ T4266] usb 4-1: new full-speed USB device number 2 using dummy_hcd
[   94.621113][ T4266] usb 4-1: device descriptor read/64, error -71
[   94.900680][ T4266] usb 4-1: new full-speed USB device number 3 using dummy_hcd
[   94.914930][ T4961] loop1: detected capacity change from 0 to 32768
[   94.967915][ T4961] BTRFS: device fsid 14d642db-7b15-43e4-81e6-4b8fac6a25f8 devid 1 transid 8 /dev/loop1 scanned by syz.1.166 (4961)
[   95.068295][ T4961] BTRFS info (device loop1): using blake2b (blake2b-256-generic) checksum algorithm
[   95.119310][ T4961] BTRFS info (device loop1): setting incompat feature flag for COMPRESS_ZSTD (0x10)
[   95.122756][ T4266] usb 4-1: device descriptor read/64, error -71
[   95.160838][ T4961] BTRFS info (device loop1): use zstd compression, level 3
[   95.200725][ T4961] BTRFS info (device loop1): using free space tree
[   95.243930][ T4983] kvm: vcpu 2: requested lapic timer restore with starting count register 0x390=3897524436 (7795048872 ns) > initial count (2759807172 ns). Using initial count to start timer.
[   95.265307][ T4961] BTRFS info (device loop1): has skinny extents
[   95.284925][ T4983] kvm: vcpu 2: requested lapic timer restore with starting count register 0x390=3996681224 (15986724896 ns) > initial count (3709615788 ns). Using initial count to start timer.
[   95.311075][ T4266] usb usb4-port1: attempt power cycle
[   95.650709][ T4961] BTRFS info (device loop1): enabling ssd optimizations
[   95.752270][ T4266] usb 4-1: new full-speed USB device number 4 using dummy_hcd
[   95.870754][ T4266] usb 4-1: device descriptor read/8, error -71
[   96.160623][ T4266] usb 4-1: new full-speed USB device number 5 using dummy_hcd
[   96.270876][ T4266] usb 4-1: device descriptor read/8, error -71
[   96.399339][ T4266] usb usb4-port1: unable to enumerate USB device
[   97.690691][ T5079] netlink: 'syz.1.180': attribute type 4 has an invalid length.
[   97.752055][ T5079] netlink: 'syz.1.180': attribute type 4 has an invalid length.
[   97.834299][ T5086] netlink: 24 bytes leftover after parsing attributes in process `syz.5.182'.
[   97.954855][ T5095] netlink: 4 bytes leftover after parsing attributes in process `syz.1.183'.
[   99.630523][    C0] sched: RT throttling activated
[   99.794313][ T5123] netlink: 8 bytes leftover after parsing attributes in process `syz.1.189'.
[  100.343019][ T5141] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready
[  100.352732][ T5141] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready
[  100.360166][ T5141] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready
[  100.504013][ T5147] ptrace attach of "ci2-linux-5-15-kasan/syz-executor exec"[4189] was attempted by "$x`vO¤xŒH`³ã•ÕCBnÜ€º·yòü>
bêwìæx\x1bL5? CÝ­8`d…ªþ»‘Jgø39TÃÝ&¨tWCmË<º¨\x1bRbyÑ VqÔ/‰�\x5cDw,XT,µWû[esôÿ—‘Ô\x0d1‘\x07þ^òÐÖ|À;dˆg8 Î꥛~åu²}GÇõg6W]ìMìòþlxMð=æMäh\x09¶5²$ªZ†å¹EOÞ1Jc�Å&µOÌPÒ5y9\x0dNiï£IÌ<òâ5ÞÐŽñÒd\x22ÐT*ÙɢsÌx)›�
«Ê¯\x22v:¤øÕ|M\x0aµ
…´Ïõ)\x0bøê‹»wRIð˜ åð‘¤ê‹×â;øH¶P?LtœM[w̲SØ7—&åQ瑃ƒ½¡�Y‘=NÞÝ�˜\x22“Í߆FSÜB¨Ò˜”Rxë‹9ʼnR_4¦~}�eà�¢}xçböH\x0d ã%Ç„Þ‘RÀ]€c“Éx‚8‡m‘5'y¨úZ«xÀú^M¢šïy=:å:ÄUVvÒ¼b�8‹¡s\x0d0ácŠ£äAßL˜Û=ýø×;¹Òk«�[i½†qK”gú´@©8ÊZ\x22&€iy?± m9�Ÿ•d©ŠÐ<5ð]ìp2w­Óø´A³¯1ëȦ4qLctG�9NÆï_f2so pÜ)™^�ÔFISn08¢a¯µS²*Ä’½rXùé\x1b/\x22`¬W×rwr\x22ß!7³ëX˜~ñ ¬öÓ°¯é€DÖEp­÷7ÖeÝh¦NkÃ2I£s
„û,>r_<º-œ!à}�ÛjnW8-‡lñeÍÚðQÝßî–Å’6Dg�fr·ZÒ!ÀV\x0bÛ¡¶ßá*À¡ö>óØýåħk?p>n¯U�±³`I‡±ù¶æWŽí ×ô™ú\x1bØßD´ˆ6Öùòó…÷›Ãþ\x5cjì¼óÕÉv†ç(‚ª¯=ª}tŒxôp:ñÔ�ç§ÞŽØ_Æõç´ÕÕ½ü<‹('ôµ�(tc©(ÏÖ®¿#2®o¢Ú�0xæåÄY4W .vôÅoD´Sâ\x0cXæ¿©šV‚,¤5a#zkP—däÀó 0a.
[  102.018979][   T25] audit: type=1326 audit(1778867641.934:7): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5153 comm="syz.5.199" exe="/root/ci2-linux-5-15-kasan/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f5c46f85e59 code=0x0
[  102.301816][   T25] audit: type=1326 audit(1778867642.104:8): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5153 comm="syz.5.199" exe="/root/ci2-linux-5-15-kasan/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5c46f85e59 code=0x7ffc0000
[  102.321661][ T5179] x_tables: duplicate underflow at hook 2
[  102.354188][   T25] audit: type=1326 audit(1778867642.104:9): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5153 comm="syz.5.199" exe="/root/ci2-linux-5-15-kasan/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5c46f85e59 code=0x7ffc0000
[  102.409646][   T25] audit: type=1326 audit(1778867642.104:10): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5153 comm="syz.5.199" exe="/root/ci2-linux-5-15-kasan/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5c46f85e59 code=0x7ffc0000
[  102.438513][   T25] audit: type=1326 audit(1778867642.104:11): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5153 comm="syz.5.199" exe="/root/ci2-linux-5-15-kasan/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5c46f85e59 code=0x7ffc0000
[  102.478596][   T25] audit: type=1326 audit(1778867642.104:12): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5153 comm="syz.5.199" exe="/root/ci2-linux-5-15-kasan/syz-executor" sig=0 arch=c000003e syscall=157 compat=0 ip=0x7f5c46f85e59 code=0x7ffc0000
[  103.319533][   T25] audit: type=1326 audit(1778867642.104:13): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5153 comm="syz.5.199" exe="/root/ci2-linux-5-15-kasan/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5c46f85e59 code=0x7ffc0000
[  103.390664][   T25] audit: type=1326 audit(1778867642.104:14): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5153 comm="syz.5.199" exe="/root/ci2-linux-5-15-kasan/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5c46f85e59 code=0x7ffc0000
[  103.444337][   T25] audit: type=1326 audit(1778867642.104:15): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5153 comm="syz.5.199" exe="/root/ci2-linux-5-15-kasan/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5c46f85e59 code=0x7ffc0000
[  103.557407][   T25] audit: type=1326 audit(1778867642.104:16): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5153 comm="syz.5.199" exe="/root/ci2-linux-5-15-kasan/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5c46f85e59 code=0x7ffc0000
[  103.652944][ T5204] netlink: 4 bytes leftover after parsing attributes in process `syz.3.212'.
[  104.704577][ T5228] netlink: 28 bytes leftover after parsing attributes in process `syz.4.215'.
[  104.796429][ T5221] team0 (unregistering): Port device team_slave_0 removed
[  104.824739][ T5221] team0 (unregistering): Failed to send options change via netlink (err -105)
[  104.834356][ T5221] team0 (unregistering): Failed to send port change of device team_slave_1 via netlink (err -105)
[  104.890236][ T5221] team0 (unregistering): Port device team_slave_1 removed
[  107.179267][ T5258] netlink: 4 bytes leftover after parsing attributes in process `syz.5.224'.
[  107.972993][ T5054] hid-generic 0000:0000:0000.0002: unknown main item tag 0x0
[  108.047556][ T5054] hid-generic 0000:0000:0000.0002: hidraw0: <UNKNOWN> HID v0.00 Device [syz1] on syz0
[  109.061790][ T5296] netlink: 12 bytes leftover after parsing attributes in process `syz.2.234'.
[  109.167354][ T5300] bond1: (slave gretap1): Enslaving as an active interface with an up link
[  109.287722][ T5301] netlink: 28 bytes leftover after parsing attributes in process `syz.2.234'.
[  109.297033][ T5301] device bond1 entered promiscuous mode
[  109.302788][ T5301] device gretap1 entered promiscuous mode
[  109.309601][ T5301] 8021q: adding VLAN 0 to HW filter on device bond1
[  110.571416][ T5340] netlink: 4 bytes leftover after parsing attributes in process `syz.5.242'.
[  110.749601][ T5340] team0: Failed to send port change of device team_slave_0 via netlink (err -105)
[  110.763901][ T5340] team0: Port device team_slave_0 removed
[  110.775317][ T5347] bridge0: port 3(syz_tun) entered blocking state
[  110.788457][ T5347] bridge0: port 3(syz_tun) entered disabled state
[  110.815522][ T5347] device syz_tun entered promiscuous mode
[  110.847873][ T5347] bridge0: port 3(syz_tun) entered blocking state
[  110.854862][ T5347] bridge0: port 3(syz_tun) entered forwarding state
[  110.886285][ T5350] netlink: 'syz.2.243': attribute type 8 has an invalid length.
[  111.271438][ T5367] netlink: 232 bytes leftover after parsing attributes in process `syz.4.246'.
[  112.922715][ T5377] nf_conntrack: default automatic helper assignment has been turned off for security reasons and CT-based firewall rule not found. Use the iptables CT target to attach helpers instead.
[  113.015035][ T5377] sch_tbf: burst 19872 is lower than device lo mtu (65550) !
[  114.100557][ T5408] netlink: 798 bytes leftover after parsing attributes in process `syz.3.255'.
[  114.509250][ T5418] 9pnet: p9_errstr2errno: server reported unknown error aaaaaaaaa
[  114.770230][ T5426] binder: 5423:5426 ioctl 40286608 200000000000 returned -22
[  114.854546][ T5436] netlink: 4 bytes leftover after parsing attributes in process `syz.3.263'.
[  114.875427][ T5436] (unnamed net_device) (uninitialized): Invalid ad_actor_system MAC address.
[  114.886140][ T5436] (unnamed net_device) (uninitialized): option ad_actor_system: invalid value (68719607821)
[  114.955082][ T5441] netlink: 'syz.5.265': attribute type 2 has an invalid length.
[  115.630975][ T5426] orangefs_mount: mount request failed with -4
[  116.312676][ T5469] netlink: 'syz.3.272': attribute type 39 has an invalid length.
[  116.400686][ T5054] usb 5-1: new full-speed USB device number 3 using dummy_hcd
[  117.004121][ T5054] usb 5-1: config 0 has an invalid interface number: 41 but max is 0
[  117.039135][ T5054] usb 5-1: config 0 has no interface number 0
[  117.157189][ T5054] usb 5-1: config 0 interface 41 has no altsetting 0
[  117.501375][ T5054] usb 5-1: New USB device found, idVendor=0fe6, idProduct=9800, bcdDevice=d1.9a
[  117.730613][ T5054] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  117.738645][ T5054] usb 5-1: Product: syz
[  117.743224][ T5054] usb 5-1: Manufacturer: syz
[  117.748286][ T5054] usb 5-1: SerialNumber: syz
[  117.756627][ T5054] usb 5-1: config 0 descriptor??
[  117.904287][ T5493] device ipip0 entered promiscuous mode
[  117.924879][ T5495] tipc: Started in network mode
[  117.929804][ T5495] tipc: Node identity 7f000001, cluster identity 4711
[  117.967825][ T5495] tipc: Enabled bearer <udp:syz1>, priority 10
[  117.994124][ T5499] tipc: Enabled bearer <eth:team0>, priority 0
[  118.057601][ T5495] tipc: New replicast peer: 100.1.1.1
[  118.073940][ T5495] tipc: Enabled bearer <udp:syz2>, priority 10
[  118.189596][ T5495] tipc: Bearer <udp:syz0>: already 2 bearers with priority 10
[  118.231357][ T5495] tipc: Bearer <udp:syz0>: trying with adjusted priority
[  118.270845][ T5495] tipc: Enabling of bearer <udp:syz0> rejected, max 3 bearers permitted
[  119.000745][ T5054] CoreChips 5-1:0.41 (unnamed net_device) (uninitialized): sr_get_phy_addr : Error reading PHYID register:ffffffe0
[  119.891735][ T4239] tipc: Node number set to 2130706433
[  120.041364][ T5054] CoreChips 5-1:0.41 (unnamed net_device) (uninitialized): Failed to send software reset:ffffffb9
[  120.097105][ T5054] CoreChips 5-1:0.41 (unnamed net_device) (uninitialized): Failed to reset PHY: -71
[  120.141731][ T5054] CoreChips: probe of 5-1:0.41 failed with error -71
[  120.168871][ T5054] usb 5-1: USB disconnect, device number 3
[  120.240104][ T5527] netlink: 24 bytes leftover after parsing attributes in process `syz.4.283'.
[  121.513306][ T4232] hid (null): unknown global tag 0xd
[  121.519968][ T4232] hid (null): unknown global tag 0xda
[  121.551989][   T25] kauditd_printk_skb: 59 callbacks suppressed
[  121.552003][   T25] audit: type=1326 audit(1778867661.474:76): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5533 comm="syz.1.286" exe="/root/ci2-linux-5-15-kasan/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa903ba9e59 code=0x7ffc0000
[  121.596962][   T25] audit: type=1326 audit(1778867661.474:77): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5533 comm="syz.1.286" exe="/root/ci2-linux-5-15-kasan/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa903ba9e59 code=0x7ffc0000
[  122.004921][   T25] audit: type=1326 audit(1778867661.474:78): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5533 comm="syz.1.286" exe="/root/ci2-linux-5-15-kasan/syz-executor" sig=0 arch=c000003e syscall=1 compat=0 ip=0x7fa903ba9e59 code=0x7ffc0000
[  122.272974][ T4232] hid-generic 0005:0001:0002.0003: collection stack underflow
[  122.296841][ T4232] hid-generic 0005:0001:0002.0003: item 0 1 0 12 parsing failed
[  122.350815][ T4232] hid-generic: probe of 0005:0001:0002.0003 failed with error -22
[  122.366778][   T25] audit: type=1326 audit(1778867661.474:79): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5533 comm="syz.1.286" exe="/root/ci2-linux-5-15-kasan/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa903ba9e59 code=0x7ffc0000
[  122.396331][   T25] audit: type=1326 audit(1778867661.474:80): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5533 comm="syz.1.286" exe="/root/ci2-linux-5-15-kasan/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa903ba9e59 code=0x7ffc0000
[  122.439936][ T5570] device syzkaller0 entered promiscuous mode
[  124.131674][ T5590] overlayfs: "xino" feature enabled using 3 upper inode bits.
[  125.261249][ T5601] binder: 5600:5601 ioctl 40286608 200000000000 returned -22
[  125.414728][ T4234] usb 2-1: new high-speed USB device number 4 using dummy_hcd
[  126.039075][ T5601] orangefs_mount: mount request failed with -4
[  126.560826][ T4234] usb 2-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  126.640862][ T4234] usb 2-1: config 1 has 1 interface, different from the descriptor's value: 2
[  126.768659][ T4234] usb 2-1: config 1 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1
[  126.940957][ T4234] usb 2-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[  126.964657][ T4234] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  127.030453][ T5630] netlink: 140 bytes leftover after parsing attributes in process `syz.5.308'.
[  127.068448][ T5630] netlink: 28 bytes leftover after parsing attributes in process `syz.5.308'.
[  127.133352][ T4234] usb 2-1: Product: syz
[  127.137944][ T4234] usb 2-1: Manufacturer: syz
[  127.142679][ T4234] usb 2-1: SerialNumber: syz
[  127.194803][ T4234] cdc_mbim 2-1:1.0: skipping garbage
[  127.200153][ T4234] usb 2-1: selecting invalid altsetting 1
[  128.535142][ T4234] cdc_mbim 2-1:1.0: bind() failure
[  128.543399][ T5648] loop1: detected capacity change from 0 to 128
[  128.567371][ T4234] usb 2-1: USB disconnect, device number 4
[  128.696012][ T5649] netlink: 14 bytes leftover after parsing attributes in process `syz.2.314'.
[  128.799200][ T5649] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  129.467207][ T5656] loop3: detected capacity change from 0 to 128
[  129.558989][ T5659] loop5: detected capacity change from 0 to 128
[  129.565707][ T5649] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  129.626131][ T5649] bond0 (unregistering): Released all slaves
[  129.682119][ T5656] attempt to access beyond end of device
[  129.682119][ T5656] loop3: rw=2049, want=1041, limit=128
[  129.692188][ T5659] EXT4-fs (loop5): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none.
[  129.705651][ T5648] netlink: 'syz.1.313': attribute type 1 has an invalid length.
[  129.752745][ T5648] 8021q: adding VLAN 0 to HW filter on device bond1
[  129.766859][ T5660] bond1: (slave gretap1): Enslaving as an active interface with an up link
[  129.784332][ T5659] ext4 filesystem being mounted at /33/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa supports timestamps until 2038-01-19 (0x7fffffff)
[  129.819030][  T154] IPv6: ADDRCONF(NETDEV_CHANGE): bond1: link becomes ready
[  129.839749][ T5661] attempt to access beyond end of device
[  129.839749][ T5661] loop3: rw=524288, want=369, limit=128
[  129.885105][ T5665] 9pnet_virtio: no channels available for device 127.0.0.1
[  130.030453][ T5661] attempt to access beyond end of device
[  130.030453][ T5661] loop3: rw=0, want=153, limit=128
[  130.105737][ T5661] attempt to access beyond end of device
[  130.105737][ T5661] loop3: rw=0, want=153, limit=128
[  130.116986][ T5661] attempt to access beyond end of device
[  130.116986][ T5661] loop3: rw=0, want=153, limit=128
[  130.128010][ T5661] attempt to access beyond end of device
[  130.128010][ T5661] loop3: rw=0, want=153, limit=128
[  130.139076][ T5661] attempt to access beyond end of device
[  130.139076][ T5661] loop3: rw=0, want=153, limit=128
[  130.833401][ T5681] loop5: detected capacity change from 0 to 256
[  131.218002][ T5685] lo speed is unknown, defaulting to 1000
[  131.224258][ T5685] lo speed is unknown, defaulting to 1000
[  131.232482][ T5685] lo speed is unknown, defaulting to 1000
[  131.242332][ T5685] iwpm_register_pid: Unable to send a nlmsg (client = 2)
[  131.255788][ T5685] infiniband syz2: RDMA CMA: cma_listen_on_dev, error -98
[  131.287222][ T5685] lo speed is unknown, defaulting to 1000
[  131.294169][ T5685] lo speed is unknown, defaulting to 1000
[  131.300862][ T5685] lo speed is unknown, defaulting to 1000
[  131.307438][ T5685] lo speed is unknown, defaulting to 1000
[  131.314088][ T5685] lo speed is unknown, defaulting to 1000
[  132.632951][ T1422] ieee802154 phy0 wpan0: encryption failed: -22
[  132.639274][ T1422] ieee802154 phy1 wpan1: encryption failed: -22
[  132.677699][ T5711] netlink: 12 bytes leftover after parsing attributes in process `syz.3.326'.
[  132.777492][ T5711] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready
[  132.841874][ T5711] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready
[  132.877285][ T5711] A link change request failed with some changes committed already. Interface 
60ªX¹¦À may have been left with an inconsistent configuration, please check.
[  134.151480][ T5750] netlink: 'syz.2.333': attribute type 1 has an invalid length.
[  136.337081][ T5760] fuse: Bad value for 'fd'
[  138.755338][ T5804] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready
[  138.790881][ T4233] usb 6-1: new high-speed USB device number 2 using dummy_hcd
[  138.978982][ T5804] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready
[  139.189754][ T5804] device bridge_slave_0 left promiscuous mode
[  139.196948][ T4233] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  139.267439][ T4233] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  139.354111][ T5804] bridge0: port 1(bridge_slave_0) entered disabled state
[  139.402030][ T4233] usb 6-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21
[  139.415308][ T4233] usb 6-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[  139.424579][ T4233] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  139.492121][ T4233] usb 6-1: config 0 descriptor??
[  139.579724][ T5804] device bridge_slave_1 left promiscuous mode
[  139.599232][ T5804] bridge0: port 2(bridge_slave_1) entered disabled state
[  139.667534][ T5804] bond0: (slave bond_slave_0): Releasing backup interface
[  140.255526][ T5804] bond0: (slave bond_slave_1): Releasing backup interface
[  140.386366][ T5804] team0: Port device team_slave_0 removed
[  140.405941][ T5804] team0: Port device team_slave_1 removed
[  140.423848][ T5804] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  140.436752][ T5804] batman_adv: batadv0: Removing interface: batadv_slave_0
[  140.466051][ T5804] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  140.475774][ T4233] plantronics 0003:047F:FFFF.0004: unknown main item tag 0x0
[  140.489608][ T4233] plantronics 0003:047F:FFFF.0004: unknown main item tag 0x0
[  140.501941][ T5804] batman_adv: batadv0: Removing interface: batadv_slave_1
[  140.512533][ T4233] plantronics 0003:047F:FFFF.0004: unknown main item tag 0x5
[  140.522112][ T4233] plantronics 0003:047F:FFFF.0004: unknown main item tag 0x2
[  140.529528][ T4233] plantronics 0003:047F:FFFF.0004: unexpected long global item
[  140.538158][ T5804] bond1: (slave gretap1): Releasing backup interface
[  140.545462][ T4233] plantronics 0003:047F:FFFF.0004: parse failed
[  140.552089][ T4233] plantronics: probe of 0003:047F:FFFF.0004 failed with error -22
[  140.603013][ T5809] team0: Port device ip6gre1 added
[  140.666387][ T5804] syz.1.347 (5804) used greatest stack depth: 20080 bytes left
[  140.678626][ T4233] usb 6-1: USB disconnect, device number 2
[  140.758726][ T5839] netlink: 'syz.1.353': attribute type 10 has an invalid length.
[  141.103476][ T5859] bridge0: port 1(vxlan0) entered blocking state
[  141.128703][ T5859] bridge0: port 1(vxlan0) entered disabled state
[  141.157619][ T5859] device vxlan0 entered promiscuous mode
[  141.868321][ T5871] loop5: detected capacity change from 0 to 512
[  142.110826][ T5871] EXT4-fs (loop5): Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE
[  142.306678][ T5871] EXT4-fs (loop5): orphan cleanup on readonly fs
[  142.332451][ T5871] EXT4-fs error (device loop5): ext4_xattr_inode_iget:401: inode #11: comm syz.5.358: iget: bad extra_isize 90 (inode size 256)
[  142.722272][ T5871] EXT4-fs error (device loop5): ext4_xattr_inode_iget:406: comm syz.5.358: error while reading EA inode 11 err=-117
[  142.947575][ T5871] EXT4-fs error (device loop5): ext4_xattr_inode_iget:401: inode #11: comm syz.5.358: iget: bad extra_isize 90 (inode size 256)
[  143.023824][ T5871] EXT4-fs error (device loop5): ext4_xattr_inode_iget:406: comm syz.5.358: error while reading EA inode 11 err=-117
[  143.090622][ T5871] EXT4-fs error (device loop5): ext4_xattr_inode_iget:401: inode #18: comm syz.5.358: iget: bad extra_isize 90 (inode size 256)
[  143.234172][ T5871] EXT4-fs error (device loop5): ext4_xattr_inode_iget:406: comm syz.5.358: error while reading EA inode 18 err=-117
[  143.337301][ T5871] EXT4-fs error (device loop5): ext4_xattr_inode_iget:401: inode #18: comm syz.5.358: iget: bad extra_isize 90 (inode size 256)
[  143.381039][ T5871] EXT4-fs error (device loop5): ext4_xattr_inode_iget:406: comm syz.5.358: error while reading EA inode 18 err=-117
[  143.401381][ T5871] EXT4-fs (loop5): 1 orphan inode deleted
[  143.407138][ T5871] EXT4-fs (loop5): mounted filesystem without journal. Opts: data_err=ignore,dioread_nolock,debug_want_extra_isize=0x000000000000005a,noquota,max_dir_size_kb=0x0000000000200004,errors=continue,min_batch_time=0x0000000000000003,jqfmt=vfsold,,errors=continue. Quota mode: none.
[  145.288016][ T5910] loop4: detected capacity change from 0 to 512
[  145.321949][ T5912] netlink: 63 bytes leftover after parsing attributes in process `syz.1.372'.
[  145.493555][ T5918] netlink: 'syz.2.373': attribute type 12 has an invalid length.
[  147.671296][ T5939] binder_alloc: 5938: binder_alloc_buf, no vma
[  150.513109][ T5977] netlink: 'syz.3.389': attribute type 3 has an invalid length.
[  150.527078][ T5977] netlink: 24 bytes leftover after parsing attributes in process `syz.3.389'.
[  150.772946][ T4232] usb 2-1: new high-speed USB device number 5 using dummy_hcd
[  151.140711][ T4232] usb 2-1: config 0 has an invalid interface number: 127 but max is 1
[  151.149238][ T4232] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  151.159565][ T4232] usb 2-1: config 0 has no interface number 1
[  151.165846][ T4232] usb 2-1: config 0 interface 127 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 2
[  151.179161][ T4232] usb 2-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 29
[  151.350706][ T4232] usb 2-1: New USB device found, idVendor=1908, idProduct=1315, bcdDevice= 0.00
[  151.360118][ T4232] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  151.372792][ T4232] usb 2-1: Product: syz
[  151.377317][ T4232] usb 2-1: Manufacturer: syz
[  151.384194][ T4232] usb 2-1: SerialNumber: syz
[  151.429589][ T4232] usb 2-1: config 0 descriptor??
[  151.557266][ T4232] usb-storage 2-1:0.127: USB Mass Storage device detected
[  152.233511][ T5973] netlink: 100 bytes leftover after parsing attributes in process `syz.1.388'.
[  152.290904][ T4232] usb-storage 2-1:0.127: Quirks match for vid 1908 pid 1315: 20000
[  152.397380][ T4232] usb-storage 2-1:0.0: USB Mass Storage device detected
[  153.857695][ T4232] usb-storage 2-1:0.0: Quirks match for vid 1908 pid 1315: 20000
[  154.134548][ T4232] usb 2-1: USB disconnect, device number 5
[  155.881204][ T4202] Bluetooth: hci5: Entering manufacturer mode failed (-110)
[  158.388511][ T6065] netlink: 4 bytes leftover after parsing attributes in process `syz.2.416'.
[  158.436372][ T6065] bridge0: port 3(syz_tun) entered disabled state
[  158.468593][ T6065] device syz_tun left promiscuous mode
[  158.474730][ T6065] bridge0: port 3(syz_tun) entered disabled state
[  158.568168][ T6073] netlink: 8 bytes leftover after parsing attributes in process `syz.4.419'.
[  158.578702][ T6073] netlink: 8 bytes leftover after parsing attributes in process `syz.4.419'.
[  158.587876][ T6073] netlink: 8 bytes leftover after parsing attributes in process `syz.4.419'.
[  158.597475][ T6073] netlink: 8 bytes leftover after parsing attributes in process `syz.4.419'.
[  158.606485][ T6073] netlink: 8 bytes leftover after parsing attributes in process `syz.4.419'.
[  158.658029][ T4233] usb 6-1: new high-speed USB device number 3 using dummy_hcd
[  159.050797][ T4233] usb 6-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  159.074452][ T4233] usb 6-1: config 1 has 1 interface, different from the descriptor's value: 2
[  159.086547][ T4233] usb 6-1: config 1 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1
[  159.343860][ T4233] usb 6-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[  159.353039][ T4233] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  159.361150][ T6078] device syzkaller0 entered promiscuous mode
[  159.370390][ T4233] usb 6-1: Product: syz
[  159.374982][ T4233] usb 6-1: Manufacturer: syz
[  159.382410][ T4233] usb 6-1: SerialNumber: syz
[  163.060772][ T4233] usb 6-1: can't set config #1, error -71
[  163.076554][ T4233] usb 6-1: USB disconnect, device number 3
[  163.124375][ T6100] netlink: 4 bytes leftover after parsing attributes in process `syz.5.426'.
[  163.229368][ T6100] netlink: 4 bytes leftover after parsing attributes in process `syz.5.426'.
[  163.301790][ T6106] : renamed from virt_wifi0
[  163.449476][ T6113] overlayfs: failed to clone upperpath
[  163.503628][ T6114] overlayfs: failed to clone upperpath
[  164.533266][ T6130] fuse: Invalid rootmode
[  164.717139][ T6142] loop1: detected capacity change from 0 to 512
[  164.791621][ T4233] usb 6-1: new high-speed USB device number 4 using dummy_hcd
[  164.812876][ T6142] EXT4-fs (loop1): Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE
[  164.883572][ T6142] EXT4-fs (loop1): ext4_check_descriptors: Checksum for group 0 failed (17031!=33349)
[  164.970813][ T6142] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=a84ee02c, mo2=0002]
[  165.092560][ T6142] System zones: 1-12
[  165.287033][ T6142] EXT4-fs (loop1): orphan cleanup on readonly fs
[  165.302490][ T6142] EXT4-fs error (device loop1): ext4_free_branches:1030: inode #11: comm syz.1.442: invalid indirect mapped block 2 (level 2)
[  165.374919][ T6142] EXT4-fs (loop1): Remounting filesystem read-only
[  165.383438][ T6142] EXT4-fs (loop1): 1 truncate cleaned up
[  165.401776][ T6142] EXT4-fs (loop1): mounted filesystem without journal. Opts: dioread_nolock,max_batch_time=0x0000000000000006,usrquota,errors=remount-ro,i_version. Quota mode: writeback.
[  165.421954][ T4233] usb 6-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  165.592493][ T4233] usb 6-1: New USB device found, idVendor=04d8, idProduct=0083, bcdDevice=83.9c
[  165.609096][ T4233] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  165.629384][ T4233] usb 6-1: Product: syz
[  165.638571][ T4233] usb 6-1: Manufacturer: syz
[  165.651107][ T4233] usb 6-1: SerialNumber: syz
[  165.720270][ T4233] usb 6-1: config 0 descriptor??
[  165.762555][ T4233] ims_pcu 6-1:0.0: Missing CDC union descriptor
[  165.781327][ T4233] ims_pcu: probe of 6-1:0.0 failed with error -22
[  166.644002][ T6169] udc-core: couldn't find an available UDC or it's busy
[  166.670665][ T6169] misc raw-gadget: fail, usb_gadget_probe_driver returned -16
[  166.754843][ T4429] usb 6-1: USB disconnect, device number 4
[  166.904714][ T4232] usb 2-1: new high-speed USB device number 6 using dummy_hcd
[  167.034145][ T6183] loop3: detected capacity change from 0 to 256
[  168.733259][  T144] bridge0: port 2(bridge_slave_1) entered disabled state
[  168.772407][ T6195] 9pnet: p9_errstr2errno: server reported unknown error �0x0000000000000009
[  169.100696][ T4232] usb 2-1: device descriptor read/all, error -71
[  169.583091][ T6202] netlink: 8 bytes leftover after parsing attributes in process `syz.1.459'.
[  169.713028][ T6203] loop3: detected capacity change from 0 to 2048
[  169.835217][ T6210] NILFS (loop3): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
[  169.993791][ T6213] netlink: 'syz.1.463': attribute type 1 has an invalid length.
[  170.013857][ T6213] device bond2 entered promiscuous mode
[  170.319303][ T6213] 8021q: adding VLAN 0 to HW filter on device bond2
[  172.312161][ T6260] set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state.
[  173.497533][ T6270] device syzkaller0 entered promiscuous mode
[  174.358579][ T6267] loop1: detected capacity change from 0 to 32768
[  174.923038][ T6289] device wg1 entered promiscuous mode
[  175.187477][ T6267] ocfs2: Mounting device (7,1) on (node local, slot 0) with ordered data mode.
[  175.708398][ T4232] Bluetooth: hci2: command 0x0406 tx timeout
[  175.715834][ T4232] Bluetooth: hci3: command 0x0406 tx timeout
[  175.727471][ T4232] Bluetooth: hci4: command 0x0406 tx timeout
[  175.791456][ T4232] Bluetooth: hci1: command 0x0406 tx timeout
[  176.967531][ T6320] netlink: 'syz.2.492': attribute type 1 has an invalid length.
[  177.087607][ T4189] ocfs2: Unmounting device (7,1) on (node local)
[  177.125733][ T6320] 8021q: adding VLAN 0 to HW filter on device bond0
[  177.169118][ T6325] netlink: 8 bytes leftover after parsing attributes in process `syz.4.495'.
[  177.796426][ T6320] bond0: (slave vlan2): Opening slave failed
[  178.007151][ T6334] device syzkaller0 entered promiscuous mode
[  178.203374][ T6340] device bridge3 entered promiscuous mode
[  178.885541][ T6346] loop1: detected capacity change from 0 to 512
[  178.949134][ T6346] EXT4-fs (loop1): Ignoring removed nomblk_io_submit option
[  178.957090][ T6346] EXT4-fs (loop1): mounting ext3 file system using the ext4 subsystem
[  178.986402][ T6351] loop4: detected capacity change from 0 to 128
[  179.708635][ T6346] EXT4-fs (loop1): 1 truncate cleaned up
[  179.734314][ T6346] EXT4-fs (loop1): mounted filesystem without journal. Opts: noload,stripe=0x00000000000000dc,nomblk_io_submit,noload,abort,auto_da_alloc,,errors=continue. Quota mode: none.
[  182.710886][ T4238] Bluetooth: hci0: command 0x0409 tx timeout
[  182.921596][ T6367] chnl_net:caif_netlink_parms(): no params data found
[  182.935651][ T6399] netlink: 4 bytes leftover after parsing attributes in process `syz.1.518'.
[  182.989106][ T6399] netlink: 121 bytes leftover after parsing attributes in process `syz.1.518'.
[  183.084801][ T6367] bridge0: port 1(bridge_slave_0) entered blocking state
[  183.092270][ T6367] bridge0: port 1(bridge_slave_0) entered disabled state
[  183.100285][ T6367] device bridge_slave_0 entered promiscuous mode
[  183.109641][ T6367] bridge0: port 2(bridge_slave_1) entered blocking state
[  183.117356][ T6367] bridge0: port 2(bridge_slave_1) entered disabled state
[  183.125630][ T6367] device bridge_slave_1 entered promiscuous mode
[  183.148915][ T6367] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  183.162493][ T6367] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  183.283424][ T6367] team0: Port device team_slave_0 added
[  184.611967][ T6367] team0: Port device team_slave_1 added
[  184.691753][ T6367] batman_adv: batadv0: Adding interface: batadv_slave_0
[  184.698734][ T6367] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  184.816342][ T6367] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  184.857828][ T6367] batman_adv: batadv0: Adding interface: batadv_slave_1
[  184.877831][ T6367] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  184.916787][ T6367] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  185.011969][ T6367] device hsr_slave_0 entered promiscuous mode
[  185.018789][ T6367] device hsr_slave_1 entered promiscuous mode
[  185.033434][ T6367] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  185.045510][ T6367] Cannot create hsr debugfs directory
[  185.201712][ T6367] netdevsim netdevsim6 netdevsim0: renamed from eth0
[  185.219272][ T6367] netdevsim netdevsim6 netdevsim1: renamed from eth1
[  185.228676][ T6367] netdevsim netdevsim6 netdevsim2: renamed from eth2
[  185.246562][ T6367] netdevsim netdevsim6 netdevsim3: renamed from eth3
[  185.278452][ T6367] bridge0: port 2(bridge_slave_1) entered blocking state
[  185.285563][ T6367] bridge0: port 2(bridge_slave_1) entered forwarding state
[  185.293711][ T6367] bridge0: port 1(bridge_slave_0) entered blocking state
[  185.300802][ T6367] bridge0: port 1(bridge_slave_0) entered forwarding state
[  185.364821][ T6367] 8021q: adding VLAN 0 to HW filter on device bond0
[  185.388602][ T4337] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[  185.405181][ T4337] bridge0: port 1(bridge_slave_0) entered disabled state
[  185.416672][ T4337] bridge0: port 2(bridge_slave_1) entered disabled state
[  185.435109][ T4337] IPv6: ADDRCONF(NETDEV_CHANGE): bond0: link becomes ready
[  185.453821][ T6367] 8021q: adding VLAN 0 to HW filter on device team0
[  185.472778][ T4337] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[  185.491862][ T4337] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[  185.500481][ T4337] bridge0: port 1(bridge_slave_0) entered blocking state
[  185.507580][ T4337] bridge0: port 1(bridge_slave_0) entered forwarding state
[  185.535934][ T4337] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[  185.548476][ T4337] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[  185.562479][ T4337] bridge0: port 2(bridge_slave_1) entered blocking state
[  185.569543][ T4337] bridge0: port 2(bridge_slave_1) entered forwarding state
[  185.584862][ T4337] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[  185.609322][ T4337] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[  185.625500][ T4337] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[  185.639513][ T4429] Bluetooth: hci0: command 0x041b tx timeout
[  185.664823][ T4337] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[  185.674372][ T4337] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[  185.676181][ T6419] nf_conntrack: default automatic helper assignment has been turned off for security reasons and CT-based firewall rule not found. Use the iptables CT target to attach helpers instead.
[  185.712672][ T4337] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[  185.728549][ T6421] loop3: detected capacity change from 0 to 1024
[  185.753191][ T6367] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network
[  185.799167][ T6367] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[  185.827346][ T4337] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[  185.832921][ T6421] hfsplus: unable to parse mount options
[  185.868846][ T4337] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[  185.895750][ T4337] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[  185.909932][ T4337] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[  185.952174][ T4337] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[  185.961276][ T4337] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[  186.517884][ T6434] uffd: Set unprivileged_userfaultfd sysctl knob to 1 if kernel faults must be handled without obtaining CAP_SYS_PTRACE capability
[  187.763810][ T6449] xt_addrtype: both incoming and outgoing interface limitation cannot be selected
[  187.778374][ T4429] Bluetooth: hci0: command 0x040f tx timeout
[  188.561132][ T6455] orangefs_mount: mount request failed with -4
[  188.870800][ T4216] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready
[  188.879336][ T4216] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready
[  188.892072][ T6367] 8021q: adding VLAN 0 to HW filter on device batadv0
[  189.747498][ T6480] netlink: 16 bytes leftover after parsing attributes in process `syz.3.541'.
[  190.534571][ T4234] Bluetooth: hci0: command 0x0419 tx timeout
[  191.163650][ T6500] loop4: detected capacity change from 0 to 1024
[  191.185187][ T6499] MPTCP: addr_signal error, rm_addr=1
[  191.347987][ T6489] netlink: 148 bytes leftover after parsing attributes in process `syz.4.542'.
[  191.389621][  T310] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready
[  191.405112][  T310] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[  191.440159][  T310] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready
[  191.448500][  T310] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[  191.471914][  T310] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[  191.496447][  T310] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[  191.506322][ T6367] device veth0_vlan entered promiscuous mode
[  191.518844][ T6367] device veth1_vlan entered promiscuous mode
[  191.592020][  T310] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready
[  191.609355][  T310] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready
[  191.618626][  T310] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready
[  191.637000][  T310] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[  191.652639][ T6367] device veth0_macvtap entered promiscuous mode
[  191.675456][ T6367] device veth1_macvtap entered promiscuous mode
[  191.718485][ T6367] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  191.729789][ T6367] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  191.740705][ T6367] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  191.752060][ T6367] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  191.769272][ T6367] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  192.710933][ T6367] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  192.736754][ T6367] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  193.540447][ T6367] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  193.576741][ T6367] batman_adv: batadv0: Interface activated: batadv_slave_0
[  193.585132][ T4414] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready
[  193.613676][ T6529] netlink: 16 bytes leftover after parsing attributes in process `syz.4.554'.
[  193.614719][ T4414] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready
[  193.637611][ T4414] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready
[  193.653264][ T4414] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[  193.674322][ T6367] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  193.725457][ T5054] libceph: connect (1)[c::]:6789 error -101
[  193.731481][ T5054] libceph: mon0 (1)[c::]:6789 connect error
[  193.740897][ T6533] ceph: No mds server is up or the cluster is laggy
[  193.751985][ T6367] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  193.770369][ T6367] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  193.781919][ T6367] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  193.791941][ T6367] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  193.802752][ T6367] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  193.817502][ T6367] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  193.829178][ T6367] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  193.865510][ T6367] batman_adv: batadv0: Interface activated: batadv_slave_1
[  193.873272][  T310] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
[  193.890058][  T310] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[  193.902351][ T6367] netdevsim netdevsim6 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  193.934621][ T6367] netdevsim netdevsim6 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  193.970677][ T6367] netdevsim netdevsim6 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  193.989391][ T6367] netdevsim netdevsim6 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  194.075719][ T1422] ieee802154 phy0 wpan0: encryption failed: -22
[  194.082068][ T1422] ieee802154 phy1 wpan1: encryption failed: -22
[  194.179201][ T4414] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  194.195519][ T4414] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  194.260501][ T4414] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready
[  194.284824][ T4414] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  194.319986][ T4414] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  194.481165][ T4416] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready
[  194.846546][ T6558] nf_conntrack: default automatic helper assignment has been turned off for security reasons and CT-based firewall rule not found. Use the iptables CT target to attach helpers instead.
[  195.848240][ T6567] netlink: 40 bytes leftover after parsing attributes in process `syz.2.565'.
[  195.864905][ T6567] netlink: 40 bytes leftover after parsing attributes in process `syz.2.565'.
[  195.876520][ T6567] netlink: 40 bytes leftover after parsing attributes in process `syz.2.565'.
[  195.891433][ T6567] A link change request failed with some changes committed already. Interface ip6tnl0 may have been left with an inconsistent configuration, please check.
[  196.538526][ T6569] MPTCP: addr_signal error, rm_addr=1
[  196.562574][ T6573] netlink: 'syz.3.568': attribute type 4 has an invalid length.
[  196.730267][ T4232] usb 5-1: new high-speed USB device number 4 using dummy_hcd
[  197.065585][ T6573] netlink: 'syz.3.568': attribute type 4 has an invalid length.
[  197.304115][ T4232] usb 5-1: Using ep0 maxpacket: 16
[  197.460824][ T4232] usb 5-1: unable to get BOS descriptor or descriptor too short
[  197.550790][ T4232] usb 5-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  197.588265][ T4232] usb 5-1: config 1 has 1 interface, different from the descriptor's value: 3
[  198.030948][ T4232] usb 5-1: New USB device found, idVendor=1235, idProduct=9012, bcdDevice= 0.40
[  198.071401][ T6597] device wg1 entered promiscuous mode
[  198.144671][ T4232] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  198.298394][ T4232] usb 5-1: Product: syz
[  198.365774][ T4232] usb 5-1: Manufacturer: syz
[  198.737778][ T6599] netlink: 4 bytes leftover after parsing attributes in process `syz.4.575'.
[  198.750608][ T4232] usb 5-1: can't set config #1, error -71
[  198.768825][ T4232] usb 5-1: USB disconnect, device number 4
[  199.108999][ T6606] netlink: 'syz.3.577': attribute type 10 has an invalid length.
[  199.678458][ T6606] bond0: (slave wlan1): Enslaving as an active interface with an up link
[  199.684221][ T6610] loop1: detected capacity change from 0 to 256
[  202.861162][ T6653] device wg1 entered promiscuous mode
[  203.272190][ T6649] netlink: 24 bytes leftover after parsing attributes in process `syz.1.590'.
[  206.321199][ T6675] No such timeout policy "syz1"
[  207.180672][ T4232] usb 2-1: new high-speed USB device number 8 using dummy_hcd
[  207.459435][ T4292] usb 7-1: new high-speed USB device number 2 using dummy_hcd
[  207.740714][ T4232] usb 2-1: Using ep0 maxpacket: 8
[  207.871133][ T4232] usb 2-1: config 0 has an invalid interface number: 55 but max is 0
[  207.888527][ T4232] usb 2-1: config 0 has no interface number 0
[  207.921292][ T4232] usb 2-1: config 0 interface 55 altsetting 0 has an invalid endpoint with address 0x80, skipping
[  207.975793][ T4232] usb 2-1: config 0 interface 55 altsetting 0 has an invalid endpoint with address 0xAB, skipping
[  208.411492][ T4232] usb 2-1: config 0 interface 55 altsetting 0 has 3 endpoint descriptors, different from the interface descriptor's value: 2
[  208.424888][ T4232] usb 2-1: New USB device found, idVendor=0f11, idProduct=1080, bcdDevice=fc.6a
[  208.433995][ T4232] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  208.500789][ T4292] usb 7-1: Using ep0 maxpacket: 32
[  208.501077][ T4232] usb 2-1: config 0 descriptor??
[  208.582671][ T4232] ldusb 2-1:0.55: Interrupt in endpoint not found
[  208.620813][ T4292] usb 7-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  208.650141][ T4292] usb 7-1: config 0 has 0 interfaces, different from the descriptor's value: 1
[  208.706695][ T6706] netlink: 10 bytes leftover after parsing attributes in process `syz.4.609'.
[  208.814764][ T4232] usb 2-1: USB disconnect, device number 8
[  208.820810][ T4292] usb 7-1: New USB device found, idVendor=0424, idProduct=9901, bcdDevice=c2.57
[  208.841565][ T4292] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  209.046596][ T4292] usb 7-1: Product: syz
[  209.051362][ T4292] usb 7-1: Manufacturer: syz
[  209.055979][ T4292] usb 7-1: SerialNumber: syz
[  209.110603][ T4292] usb 7-1: config 0 descriptor??
[  210.761362][ T6718] orangefs_mount: mount request failed with -4
[  210.850796][ T4292] usb 7-1: can't set config #0, error -71
[  210.875169][ T4292] usb 7-1: USB disconnect, device number 2
[  212.614472][ T6735] netlink: 'syz.1.616': attribute type 4 has an invalid length.
[  213.052307][ T6749] netlink: 20 bytes leftover after parsing attributes in process `syz.4.621'.
[  214.704891][ T6755] loop6: detected capacity change from 0 to 736
[  214.816036][ T6765] loop3: detected capacity change from 0 to 512
[  214.889469][ T6765] EXT4-fs error (device loop3): ext4_orphan_get:1406: inode #15: comm syz.3.626: inode has both inline data and extents flags
[  214.990822][ T6765] EXT4-fs error (device loop3): ext4_orphan_get:1411: comm syz.3.626: couldn't read orphan inode 15 (err -117)
[  215.031017][ T6765] EXT4-fs (loop3): mounted filesystem without journal. Opts: noblock_validity,resgid=0x000000000000ee00,acl,noload,journal_dev=0x0000000000000003,nodiscard,,errors=continue. Quota mode: none.
[  216.161037][ T6768] EXT4-fs error (device loop3): ext4_validate_block_bitmap:429: comm ext4lazyinit: bg 0: block 13: invalid block bitmap
[  217.252796][ T6802] loop3: detected capacity change from 0 to 32768
[  217.821534][ T6802] BTRFS: device fsid ed167579-eb65-4e76-9a50-61ac97e9b59d devid 1 transid 8 /dev/loop3 scanned by syz.3.633 (6802)
[  217.866394][ T6802] BTRFS info (device loop3): using sha256 (sha256-avx2) checksum algorithm
[  217.875167][ T6802] BTRFS info (device loop3): setting nodatacow, compression disabled
[  217.883344][ T6802] BTRFS info (device loop3): force clearing of disk cache
[  217.890472][ T6802] BTRFS info (device loop3): enabling ssd optimizations
[  217.897536][ T6802] BTRFS info (device loop3): using spread ssd allocation scheme
[  217.905237][ T6802] BTRFS info (device loop3): turning off barriers
[  217.911792][ T6802] BTRFS info (device loop3): disabling free space tree
[  217.918824][ T6802] BTRFS info (device loop3): not using ssd optimizations
[  217.925903][ T6802] BTRFS info (device loop3): not using spread ssd allocation scheme
[  217.933934][ T6802] BTRFS info (device loop3): has skinny extents
[  218.033141][ T6811] device syzkaller0 entered promiscuous mode
[  218.277804][ T6802] BTRFS info (device loop3): clearing free space tree
[  218.285340][ T6802] BTRFS info (device loop3): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1)
[  218.295501][ T6802] BTRFS info (device loop3): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2)
[  219.288375][   T25] audit: type=1800 audit(1778867759.204:81): pid=6802 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.3.633" name="file1" dev="overlay" ino=261 res=0 errno=0
[  219.353638][ T6843] x_tables: unsorted underflow at hook 4
[  220.943302][ T6888] ªªªªª: renamed from virt_wifi0
[  221.352863][ T6896] netlink: 'syz.6.658': attribute type 1 has an invalid length.
[  221.769766][ T6897] bond1 (unregistering): Released all slaves
[  222.130657][ T4232] usb 5-1: new high-speed USB device number 5 using dummy_hcd
[  222.355227][ T6920] netlink: 'syz.3.664': attribute type 12 has an invalid length.
[  222.380685][ T4232] usb 5-1: Using ep0 maxpacket: 32
[  222.530767][ T4232] usb 5-1: config 129 has an invalid interface number: 120 but max is 0
[  222.542642][ T4232] usb 5-1: config 129 has an invalid descriptor of length 123, skipping remainder of the config
[  222.568239][ T4232] usb 5-1: config 129 has no interface number 0
[  222.606303][ T4232] usb 5-1: config 129 interface 120 altsetting 7 has 0 endpoint descriptors, different from the interface descriptor's value: 1
[  222.706260][ T4232] usb 5-1: config 129 interface 120 has no altsetting 0
[  222.901485][ T4232] usb 5-1: New USB device found, idVendor=0499, idProduct=c455, bcdDevice=81.ab
[  222.924688][ T4232] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  223.084861][ T4232] usb 5-1: Product: syz
[  223.142031][ T4232] usb 5-1: Manufacturer: syz
[  223.226481][ T4232] usb 5-1: SerialNumber: syz
[  224.569369][ T4232] usb 5-1: USB disconnect, device number 5
[  224.584106][ T6092] udevd[6092]: error opening ATTR{/sys/devices/platform/dummy_hcd.4/usb5/5-1/5-1:129.120/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  224.632388][   T25] audit: type=1800 audit(1778867764.544:82): pid=6959 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.1.678" name="SYSV00000000" dev="hugetlbfs" ino=0 res=0 errno=0
[  224.680619][ T4292] usb 4-1: new high-speed USB device number 6 using dummy_hcd
[  224.940744][ T4292] usb 4-1: Using ep0 maxpacket: 32
[  225.061294][ T4292] usb 4-1: config 0 interface 0 altsetting 16 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  225.122022][ T4292] usb 4-1: config 0 interface 0 altsetting 16 endpoint 0x81 has invalid wMaxPacketSize 0
[  225.220326][ T4292] usb 4-1: config 0 interface 0 has no altsetting 0
[  225.272675][ T4292] usb 4-1: New USB device found, idVendor=05ac, idProduct=0290, bcdDevice= 0.00
[  225.342207][ T4292] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  225.457327][ T4292] usb 4-1: config 0 descriptor??
[  225.941558][ T6980] RDS: rds_bind could not find a transport for fe80::bb, load rds_tcp or rds_rdma?
[  226.620665][ T4292] usb 4-1: string descriptor 0 read error: -71
[  226.750658][ T4292] usbhid 4-1:0.0: can't add hid device: -71
[  226.757294][ T4292] usbhid: probe of 4-1:0.0 failed with error -71
[  226.810234][ T4292] usb 4-1: USB disconnect, device number 6
[  227.643000][ T7001] IPVS: sync thread started: state = BACKUP, mcast_ifn = bridge0, syncid = 1, id = 0
[  227.670050][ T7003] netlink: 4 bytes leftover after parsing attributes in process `syz.6.691'.
[  227.761206][ T7003] team0: Failed to send options change via netlink (err -105)
[  227.789688][ T7003] team0: Failed to send port change of device team_slave_0 via netlink (err -105)
[  227.808595][ T7003] team0: Port device team_slave_0 removed
[  227.832809][ T6998] device macvtap1 entered promiscuous mode
[  227.852720][ T7005] device macvtap2 entered promiscuous mode
[  227.900301][ T6996] device wg1 entered promiscuous mode
[  228.046866][ T7010] loop3: detected capacity change from 0 to 128
[  228.124921][ T7010] EXT4-fs (loop3): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none.
[  228.158741][ T7010] ext4 filesystem being mounted at /144/bus supports timestamps until 2038-01-19 (0x7fffffff)
[  228.484512][ T7018] xt_socket: unknown flags 0x4c
[  235.468585][ T7089] capability: warning: `syz.1.716' uses 32-bit capabilities (legacy support in use)
[  237.494590][ T4232] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  237.508091][ T5051] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  237.565612][ T7123] loop4: detected capacity change from 0 to 256
[  237.985556][ T7141] netlink: 20 bytes leftover after parsing attributes in process `syz.6.728'.
[  238.461149][    C0] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  238.997528][ T6880] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  239.571659][    C0] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  240.126784][ T4233] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  240.226490][   T25] audit: type=1326 audit(1778867779.961:83): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7179 comm="syz.2.745" exe="/root/ci2-linux-5-15-kasan/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3f269f9e59 code=0x7ffc0000
[  240.290277][ T7180] vcan0: tx drop: invalid da for name 0x00000000000000c7
[  240.308854][   T25] audit: type=1326 audit(1778867780.008:84): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7179 comm="syz.2.745" exe="/root/ci2-linux-5-15-kasan/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3f269f9e59 code=0x7ffc0000
[  240.334587][ T7184] loop1: detected capacity change from 0 to 256
[  240.370063][ T7184] exFAT-fs (loop1): Volume was not properly unmounted. Some data may be corrupt. Please run fsck.
[  240.387738][   T25] audit: type=1326 audit(1778867780.008:85): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7179 comm="syz.2.745" exe="/root/ci2-linux-5-15-kasan/syz-executor" sig=0 arch=c000003e syscall=56 compat=0 ip=0x7f3f269f9e59 code=0x7ffc0000
[  240.399008][ T7184] exFAT-fs (loop1): Medium has reported failures. Some data may be lost.
[  240.434957][   T25] audit: type=1326 audit(1778867780.008:86): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7179 comm="syz.2.745" exe="/root/ci2-linux-5-15-kasan/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3f269f9e59 code=0x7ffc0000
[  240.440053][ T7184] exFAT-fs (loop1): failed to load upcase table (idx : 0x00010000, chksum : 0xe62de5da, utbl_chksum : 0xe619d30d)
[  240.466701][   T25] audit: type=1326 audit(1778867780.008:87): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7182 comm="syz.2.745" exe="/root/ci2-linux-5-15-kasan/syz-executor" sig=0 arch=c000003e syscall=230 compat=0 ip=0x7f3f269ba68e code=0x7ffc0000
[  240.504125][   T25] audit: type=1326 audit(1778867780.027:88): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7179 comm="syz.2.745" exe="/root/ci2-linux-5-15-kasan/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3f269f9e59 code=0x7ffc0000
[  240.529301][   T25] audit: type=1326 audit(1778867780.027:89): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7179 comm="syz.2.745" exe="/root/ci2-linux-5-15-kasan/syz-executor" sig=0 arch=c000003e syscall=46 compat=0 ip=0x7f3f269f9e59 code=0x7ffc0000
[  240.561144][   T25] audit: type=1326 audit(1778867780.064:90): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7179 comm="syz.2.745" exe="/root/ci2-linux-5-15-kasan/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3f269f9e59 code=0x7ffc0000
[  240.625989][ T7169] bridge0: port 2(bridge_slave_1) entered disabled state
[  240.633256][   T25] audit: type=1326 audit(1778867780.186:91): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7182 comm="syz.2.745" exe="/root/ci2-linux-5-15-kasan/syz-executor" sig=0 arch=c000003e syscall=60 compat=0 ip=0x7f3f269f9e59 code=0x7ffc0000
[  240.633475][ T7169] bridge0: port 1(bridge_slave_0) entered disabled state
[  240.683795][    C0] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  240.769926][ T4292] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  241.298356][ T4233] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  241.795417][    C0] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  242.090582][ T7169] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  242.155960][ T7169] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  242.473096][ T7169] netdevsim netdevsim6 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0
[  242.482365][ T7169] netdevsim netdevsim6 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0
[  242.491331][ T7169] netdevsim netdevsim6 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0
[  242.500211][ T7169] netdevsim netdevsim6 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0
[  242.612771][ T7169] syz.6.741 (7169) used greatest stack depth: 19792 bytes left
[  242.830202][ T7227] netlink: 11834 bytes leftover after parsing attributes in process `syz.6.759'.
[  242.858845][ T7227] netlink: 'syz.6.759': attribute type 16 has an invalid length.
[  242.864080][ T7230] loop3: detected capacity change from 0 to 64
[  242.916841][    C0] net_ratelimit: 1 callbacks suppressed
[  242.916859][    C0] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  242.923832][ T7227] netlink: 'syz.6.759': attribute type 21 has an invalid length.
[  242.923894][ T7227] netlink: 'syz.6.759': attribute type 25 has an invalid length.
[  242.923929][ T7227] netlink: 'syz.6.759': attribute type 27 has an invalid length.
[  242.923962][ T7227] netlink: 'syz.6.759': attribute type 28 has an invalid length.
[  242.923995][ T7227] netlink: 'syz.6.759': attribute type 29 has an invalid length.
[  242.924029][ T7227] netlink: 'syz.6.759': attribute type 30 has an invalid length.
[  243.580066][ T6881] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  245.034298][    C0] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  245.040626][ T4239] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  245.793391][ T4232] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  247.181413][ T6881] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  247.211434][ T4414] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  247.289520][ T7279] device syzkaller0 left promiscuous mode
[  248.295189][    C1] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  248.789900][ T4232] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  248.840603][ T5051] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  249.407194][    C1] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  250.476223][ T4232] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  250.529672][    C1] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  251.630920][    C1] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  252.143903][   T25] audit: type=1326 audit(1778867791.102:92): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7334 comm="syz.4.791" exe="/root/ci2-linux-5-15-kasan/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f058ea13e59 code=0x7fc00000
[  252.214083][ T4232] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  252.214171][   T25] audit: type=1326 audit(1778867791.102:93): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7334 comm="syz.4.791" exe="/root/ci2-linux-5-15-kasan/syz-executor" sig=0 arch=c000003e syscall=231 compat=0 ip=0x7f058ea13e59 code=0x7fc00000
[  252.246463][ T5052] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  252.323354][ T7341] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  252.427270][ T7347] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  252.453405][ T7341] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  252.753177][    C1] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  252.913402][ T7358] loop1: detected capacity change from 0 to 256
[  252.976642][ T7358] exfat: Deprecated parameter 'utf8'
[  254.883956][ T4415] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  254.942416][ T7358] exFAT-fs (loop1): failed to load upcase table (idx : 0x0001fe89, chksum : 0xbf24f927, utbl_chksum : 0xe619d30d)
[  255.056285][ T7365] device syzkaller0 entered promiscuous mode
[  255.992507][    C0] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  256.246877][ T4233] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  256.257224][ T4239] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  256.295320][ T7373] loop4: detected capacity change from 0 to 1024
[  256.775753][ T1422] ieee802154 phy0 wpan0: encryption failed: -22
[  256.782901][ T1422] ieee802154 phy1 wpan1: encryption failed: -22
[  257.065237][ T7373] EXT4-fs (loop4): mounted filesystem without journal. Opts: usrquota,data_err=ignore,,errors=continue. Quota mode: writeback.
[  257.104251][    C0] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  257.166711][ T7382] syz.2.802 (7382) used greatest stack depth: 18512 bytes left
[  257.412470][ T4233] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  257.917873][ T7432] sch_tbf: burst 185 is lower than device syzkaller0 mtu (1514) !
[  258.216219][    C0] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  258.697382][ T4234] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  258.937508][ T7448] device syzkaller0 entered promiscuous mode
[  259.327913][    C0] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  259.685348][ T5051] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  260.439719][    C0] net_ratelimit: 1 callbacks suppressed
[  260.439737][    C0] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  260.966933][ T7479] device syzkaller0 entered promiscuous mode
[  261.580791][    C0] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  261.760392][ T4232] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  261.871768][ T7486] netlink: 'syz.3.836': attribute type 13 has an invalid length.
[  262.351079][ T7486] bridge0: port 2(bridge_slave_1) entered disabled state
[  262.359246][ T7486] bridge0: port 1(bridge_slave_0) entered disabled state
[  263.802051][ T7486] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  263.867750][ T7486] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  264.412596][ T7486] netdevsim netdevsim3 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0
[  264.421903][ T7486] netdevsim netdevsim3 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0
[  264.431203][ T7486] netdevsim netdevsim3 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0
[  264.440248][ T7486] netdevsim netdevsim3 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0
[  264.580286][ T7494] netlink: 'syz.2.838': attribute type 1 has an invalid length.
[  272.709218][ T7568] 9pnet: p9_errstr2errno: server reported unknown error 0x000000000000
[  273.653077][ T7586] cgroup2: Unexpected value for 'memory_localevents'
[  273.732870][ T7586] loop4: detected capacity change from 0 to 256
[  273.792469][ T7586] exFAT-fs (loop4): failed to load upcase table (idx : 0x00010000, chksum : 0x389acbd6, utbl_chksum : 0xe619d30d)
[  273.896504][   T25] audit: type=1804 audit(2000000005.163:94): pid=7586 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz.4.865" name="/newroot/166/file0/bus" dev="loop4" ino=1048605 res=1 errno=0
[  273.997878][ T7561] bridge0: port 1(bridge_slave_0) entered disabled state
[  274.031524][ T7561] tipc: Resetting bearer <eth:team0>
[  274.059599][ T5052] usb 4-1: new full-speed USB device number 7 using dummy_hcd
[  274.563101][ T7561] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  274.637218][ T7561] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  274.872222][ T5052] usb 4-1: unable to get BOS descriptor or descriptor too short
[  275.011139][ T5052] usb 4-1: unable to read config index 0 descriptor/start: -71
[  275.022019][ T5052] usb 4-1: can't read configurations, error -71
[  275.245881][ T7561] netdevsim netdevsim2 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0
[  275.257070][ T7561] netdevsim netdevsim2 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0
[  275.266480][ T7561] netdevsim netdevsim2 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0
[  275.277059][ T7561] netdevsim netdevsim2 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0
[  275.538861][ T7573] 8021q: adding VLAN 0 to HW filter on device ipvlan2
[  275.563022][ T7603] netlink: 'syz.4.871': attribute type 13 has an invalid length.
[  277.848227][ T7603] bridge0: port 2(bridge_slave_1) entered disabled state
[  277.855645][ T7603] bridge0: port 1(bridge_slave_0) entered disabled state
[  278.101521][ T7603] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  278.133211][ T7603] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  278.387795][ T7603] netdevsim netdevsim4 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0
[  278.397054][ T7603] netdevsim netdevsim4 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0
[  278.406259][ T7603] netdevsim netdevsim4 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0
[  278.417418][ T7603] netdevsim netdevsim4 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0
[  279.408741][ T7647] netlink: 'syz.2.881': attribute type 4 has an invalid length.
[  279.901776][ T4234] usb 5-1: new full-speed USB device number 6 using dummy_hcd
[  280.854239][ T7668] device syzkaller0 entered promiscuous mode
[  284.750465][ T4234] usb 5-1: unable to get BOS descriptor or descriptor too short
[  285.442560][ T4234] usb 5-1: unable to read config index 0 descriptor/start: -71
[  285.581570][ T4234] usb 5-1: can't read configurations, error -71
[  287.542191][ T7721] netlink: 'syz.4.903': attribute type 4 has an invalid length.
[  293.301537][ T7763] IPVS: sync thread started: state = BACKUP, mcast_ifn = bridge0, syncid = 1, id = 0
[  293.441519][ T7762] device macvtap1 entered promiscuous mode
[  294.086116][ T7773] loop3: detected capacity change from 0 to 256
[  294.093817][ T7762] device macvtap2 entered promiscuous mode
[  295.618291][ T7773] exFAT-fs (loop3): failed to load upcase table (idx : 0x0000fd4f, chksum : 0x3963664b, utbl_chksum : 0xe619d30d)
[  295.689298][ T7789] netlink: 'syz.4.924': attribute type 12 has an invalid length.
[  300.069155][ T7808] netlink: 'syz.2.930': attribute type 1 has an invalid length.
[  300.164344][ T7808] device bond2 entered promiscuous mode
[  300.203289][ T7808] 8021q: adding VLAN 0 to HW filter on device bond2
[  300.237984][ T7823] netlink: 32 bytes leftover after parsing attributes in process `syz.4.933'.
[  300.383317][ T7815] 8021q: adding VLAN 0 to HW filter on device bond2
[  300.408458][ T7815] bond2: (slave ip6gre1): The slave device specified does not support setting the MAC address
[  300.451807][ T7815] bond2: (slave ip6gre1): Setting fail_over_mac to active for active-backup mode
[  300.548561][ T7815] bond2: (slave ip6gre1): making interface the new active one
[  300.581976][ T7815] device ip6gre1 entered promiscuous mode
[  300.589292][ T7815] bond2: (slave ip6gre1): Enslaving as an active interface with an up link
[  300.615194][ T4216] IPv6: ADDRCONF(NETDEV_CHANGE): bond2: link becomes ready
[  300.647791][ T7818] netlink: 4 bytes leftover after parsing attributes in process `syz.4.933'.
[  301.519384][ T7836] xt_connbytes: Forcing CT accounting to be enabled
[  301.559917][ T7808] bond2 (unregistering): (slave ip6gre1): Releasing backup interface
[  301.587977][ T7808] device ip6gre1 left promiscuous mode
[  301.610400][ T7808] bond2 (unregistering): Released all slaves
[  301.741160][ T7836] xt_CT: No such helper "netbios-ns"
[  301.880339][ T7847] netlink: 'syz.2.938': attribute type 12 has an invalid length.
[  304.721105][ T7876] netlink: 14 bytes leftover after parsing attributes in process `syz.2.946'.
[  304.992177][ T7887] PKCS7: Unknown OID: [4] 0.0
[  304.997468][ T7887] PKCS7: Only support pkcs7_signedData type
[  306.706925][ T7901] sch_tbf: burst 255 is lower than device syzkaller0 mtu (1500) !
[  306.741794][ T7905] netlink: 24 bytes leftover after parsing attributes in process `syz.2.955'.
[  307.453748][ T7915] netlink: 8 bytes leftover after parsing attributes in process `syz.1.958'.
[  308.563533][ T4232] Bluetooth: hci0: command 0x0406 tx timeout
[  308.608360][ T7923] sch_tbf: burst 1023 is lower than device lo mtu (11337746) !
[  308.704764][ T7935] netlink: 'syz.2.965': attribute type 4 has an invalid length.
[  308.735572][ T7935] netlink: 'syz.2.965': attribute type 4 has an invalid length.
[  308.861643][ T7935] netlink: 'syz.2.965': attribute type 4 has an invalid length.
[  310.572480][ T7962] xt_CHECKSUM: unsupported CHECKSUM operation 68
[  310.953707][ T4232] usb 2-1: new high-speed USB device number 9 using dummy_hcd
[  311.231453][ T7966] device syzkaller0 entered promiscuous mode
[  311.237943][ T4232] usb 2-1: device descriptor read/64, error -71
[  311.530269][ T4232] usb 2-1: new high-speed USB device number 10 using dummy_hcd
[  311.734428][ T4232] usb 2-1: device descriptor read/64, error -71
[  312.523741][ T4232] usb usb2-port1: attempt power cycle
[  314.100407][ T4232] usb 2-1: new high-speed USB device number 11 using dummy_hcd
[  314.631786][ T4232] usb 2-1: device not accepting address 11, error -71
[  318.922632][ T8077] semctl(GETNCNT/GETZCNT) is since 3.16 Single Unix Specification compliant.
[  318.922632][ T8077] The task syz.2.1010 (8077) triggered the difference, watch for misbehavior.
[  320.259454][ T8089] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1014'.
[  321.325170][   T25] audit: type=1800 audit(2000000049.538:95): pid=8082 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.1.1005" name="bus" dev="ramfs" ino=45841 res=0 errno=0
[  322.572269][ T1422] ieee802154 phy0 wpan0: encryption failed: -22
[  322.578621][ T1422] ieee802154 phy1 wpan1: encryption failed: -22
[  322.868427][ T8116] loop1: detected capacity change from 0 to 128
[  323.006409][ T5052] usb 5-1: new low-speed USB device number 8 using dummy_hcd
[  323.039829][   T25] audit: type=1800 audit(2000000051.138:96): pid=8115 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.6.1025" name="SYSV00000000" dev="hugetlbfs" ino=0 res=0 errno=0
[  323.044302][ T8116] UDF-fs: error (device loop1): udf_read_tagged: read failed, block=256, location=256
[  323.116068][ T8120] PKCS7: Unknown OID: [4] 0.0
[  323.121174][ T8120] PKCS7: Only support pkcs7_signedData type
[  323.429344][ T5052] usb 5-1: config 8 has an invalid interface number: 137 but max is 0
[  323.474760][ T5052] usb 5-1: config 8 has no interface number 0
[  323.952852][ T5052] usb 5-1: string descriptor 0 read error: -22
[  323.959126][ T5052] usb 5-1: New USB device found, idVendor=0b48, idProduct=1008, bcdDevice=14.6e
[  324.070819][ T5052] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  324.619820][ T5052] ttusb_dec_send_command: command bulk message failed: error -22
[  324.713449][ T5052] ttusb-dec: probe of 5-1:8.137 failed with error -22
[  325.019416][ T8108] netlink: 'syz.4.1020': attribute type 1 has an invalid length.
[  325.756523][ T8108] 8021q: adding VLAN 0 to HW filter on device bond1
[  325.780394][ T8146] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  325.870606][ T8146] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  325.918115][ T8146] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  325.994623][ T8146] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  326.019108][ T8146] bond1: (slave geneve2): making interface the new active one
[  326.051406][ T8146] bond1: (slave geneve2): Enslaving as an active interface with an up link
[  326.091076][  T144] IPv6: ADDRCONF(NETDEV_CHANGE): bond1: link becomes ready
[  326.105217][ T5052] usb 5-1: USB disconnect, device number 8
[  326.150691][ T8156] fuse: Bad value for 'fd'
[  328.328537][ T8183] overlayfs: failed to clone upperpath
[  328.446463][ T8185] loop1: detected capacity change from 0 to 4096
[  329.917485][ T8185] loop1: detected capacity change from 0 to 32768
[  330.046340][ T8185] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop1 scanned by syz.1.1040 (8185)
[  330.084268][ T8185] BTRFS info (device loop1): using crc32c (crc32c-intel) checksum algorithm
[  330.100211][ T8185] BTRFS info (device loop1): turning off barriers
[  330.206859][ T8185] BTRFS info (device loop1): setting nodatasum
[  330.213073][ T8185] BTRFS info (device loop1): setting incompat feature flag for COMPRESS_ZSTD (0x10)
[  330.300512][ T8185] BTRFS info (device loop1): use zstd compression, level 3
[  330.947781][ T8185] BTRFS info (device loop1): using free space tree
[  331.294860][ T8185] BTRFS info (device loop1): has skinny extents
[  332.283139][ T8185] BTRFS error (device loop1): open_ctree failed: -12
[  332.460296][ T7734] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop1 scanned by udevd (7734)
[  332.698149][ T8262] device syzkaller0 entered promiscuous mode
[  334.375486][ T8276] netlink: 'syz.2.1066': attribute type 10 has an invalid length.
[  334.522120][   T25] audit: type=1326 audit(2000000061.876:97): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8279 comm="syz.6.1067" exe="/root/ci2-linux-5-15-kasan/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3c814c4e59 code=0x7fc00000
[  334.603990][   T25] audit: type=1326 audit(2000000061.876:98): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8279 comm="syz.6.1067" exe="/root/ci2-linux-5-15-kasan/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7f3c8148568e code=0x7fc00000
[  334.663897][   T25] audit: type=1326 audit(2000000061.876:99): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8279 comm="syz.6.1067" exe="/root/ci2-linux-5-15-kasan/syz-executor" sig=0 arch=c000003e syscall=308 compat=0 ip=0x7f3c814c6157 code=0x7fc00000
[  334.753977][   T25] audit: type=1326 audit(2000000061.876:100): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8279 comm="syz.6.1067" exe="/root/ci2-linux-5-15-kasan/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3c814c4e59 code=0x7fc00000
[  334.941829][   T25] audit: type=1326 audit(2000000061.876:101): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8279 comm="syz.6.1067" exe="/root/ci2-linux-5-15-kasan/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3c814c4e59 code=0x7fc00000
[  334.985700][   T25] audit: type=1326 audit(2000000061.876:102): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8279 comm="syz.6.1067" exe="/root/ci2-linux-5-15-kasan/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3c814c4e59 code=0x7fc00000
[  335.021803][   T25] audit: type=1326 audit(2000000061.876:103): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8279 comm="syz.6.1067" exe="/root/ci2-linux-5-15-kasan/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3c814c4e59 code=0x7fc00000
[  335.048839][   T25] audit: type=1326 audit(2000000061.876:104): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8279 comm="syz.6.1067" exe="/root/ci2-linux-5-15-kasan/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3c814c4e59 code=0x7fc00000
[  335.083592][   T25] audit: type=1326 audit(2000000061.876:105): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8279 comm="syz.6.1067" exe="/root/ci2-linux-5-15-kasan/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3c814c4e59 code=0x7fc00000
[  335.116589][   T25] audit: type=1326 audit(2000000061.876:106): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8279 comm="syz.6.1067" exe="/root/ci2-linux-5-15-kasan/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3c814c4e59 code=0x7fc00000
[  337.306834][ T8343] autofs4:pid:8343:autofs_fill_super: called with bogus options
[  338.067222][ T8349] netlink: 8 bytes leftover after parsing attributes in process `syz.6.1090'.
[  339.530732][ T8377] syz.3.1100[8377] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  339.530925][ T8377] syz.3.1100[8377] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  340.509320][ T8391] loop1: detected capacity change from 0 to 128
[  341.308918][ T8391] EXT4-fs (loop1): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none.
[  341.340996][ T8391] ext4 filesystem being mounted at /195/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa supports timestamps until 2038-01-19 (0x7fffffff)
[  341.471002][   T25] kauditd_printk_skb: 57 callbacks suppressed
[  341.471016][   T25] audit: type=1800 audit(2000000068.377:164): pid=8391 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.1.1106" name="bus" dev="loop1" ino=12 res=0 errno=0
[  341.720076][ T8408] netlink: 'syz.3.1110': attribute type 2 has an invalid length.
[  341.771977][ T8408] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1110'.
[  343.398501][ T8431] fuse: Bad value for 'fd'
[  344.591076][ T8449] SET target dimension over the limit!
[  350.022352][  T154] netdevsim netdevsim5 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  350.180268][  T154] netdevsim netdevsim5 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  351.569034][  T154] netdevsim netdevsim5 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  351.601413][   T25] audit: type=1326 audit(2000000077.853:165): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8504 comm="syz.1.1140" exe="/root/ci2-linux-5-15-kasan/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa903ba9e59 code=0x7ffc0000
[  351.828187][   T25] audit: type=1326 audit(2000000077.853:166): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8504 comm="syz.1.1140" exe="/root/ci2-linux-5-15-kasan/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa903ba9e59 code=0x7ffc0000
[  351.853100][   T25] audit: type=1326 audit(2000000078.068:167): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8504 comm="syz.1.1140" exe="/root/ci2-linux-5-15-kasan/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa903ba9e59 code=0x7ffc0000
[  351.879972][   T25] audit: type=1326 audit(2000000078.068:168): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8504 comm="syz.1.1140" exe="/root/ci2-linux-5-15-kasan/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa903ba9e59 code=0x7ffc0000
[  351.904924][   T25] audit: type=1326 audit(2000000078.096:169): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8504 comm="syz.1.1140" exe="/root/ci2-linux-5-15-kasan/syz-executor" sig=0 arch=c000003e syscall=334 compat=0 ip=0x7fa903ba9e59 code=0x7ffc0000
[  351.939461][   T25] audit: type=1326 audit(2000000078.096:170): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8504 comm="syz.1.1140" exe="/root/ci2-linux-5-15-kasan/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa903ba9e59 code=0x7ffc0000
[  352.688403][  T154] netdevsim netdevsim5 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  352.881091][   T25] audit: type=1326 audit(2000000078.096:171): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8504 comm="syz.1.1140" exe="/root/ci2-linux-5-15-kasan/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa903ba9e59 code=0x7ffc0000
[  352.941600][   T25] audit: type=1326 audit(2000000078.096:172): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8504 comm="syz.1.1140" exe="/root/ci2-linux-5-15-kasan/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa903ba9e59 code=0x7ffc0000
[  352.979673][   T25] audit: type=1326 audit(2000000078.096:173): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8504 comm="syz.1.1140" exe="/root/ci2-linux-5-15-kasan/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa903ba9e59 code=0x7ffc0000
[  353.004500][   T25] audit: type=1326 audit(2000000078.096:174): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8504 comm="syz.1.1140" exe="/root/ci2-linux-5-15-kasan/syz-executor" sig=0 arch=c000003e syscall=28 compat=0 ip=0x7fa903ba9e59 code=0x7ffc0000
[  353.188683][ T8529] sctp: [Deprecated]: syz.2.1146 (pid 8529) Use of int in maxseg socket option.
[  353.188683][ T8529] Use struct sctp_assoc_value instead
[  357.977083][ T8589] tipc: Failed to remove unknown binding: 66,0,0/0:2051377841/2051377843
[  357.986232][ T8589] tipc: Failed to remove unknown binding: 66,0,0/0:2051377841/2051377842
[  357.997228][ T8589] tipc: Failed to remove unknown binding: 66,0,0/0:2051377841/2051377843
[  358.006350][ T8589] tipc: Failed to remove unknown binding: 66,0,0/0:2051377841/2051377842
[  358.800764][ T8611] bridge0: port 3(erspan0) entered blocking state
[  358.808647][ T8611] bridge0: port 3(erspan0) entered disabled state
[  358.816200][ T8611] device erspan0 entered promiscuous mode
[  358.841440][ T8611] device erspan0 left promiscuous mode
[  358.865334][ T8611] bridge0: port 3(erspan0) entered disabled state
[  358.903046][ T8614] netlink: 4 bytes leftover after parsing attributes in process `syz.6.1166'.
[  358.933842][ T8614] netlink: 12 bytes leftover after parsing attributes in process `syz.6.1166'.
[  361.528014][ T8637] ==================================================================
[  361.536851][ T8637] BUG: KASAN: slab-out-of-bounds in ieee80211_monitor_select_queue+0x23a/0x240
[  361.545824][ T8637] Read of size 2 at addr ffff88805fd26dfb by task syz.4.1173/8637
[  361.553626][ T8637] 
[  361.555960][ T8637] CPU: 1 PID: 8637 Comm: syz.4.1173 Not tainted syzkaller #0
[  361.563319][ T8637] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026
[  361.573387][ T8637] Call Trace:
[  361.576662][ T8637]  <TASK>
[  361.579583][ T8637]  dump_stack_lvl+0x188/0x250
[  361.584255][ T8637]  ? show_regs_print_info+0x20/0x20
[  361.589442][ T8637]  ? load_image+0x400/0x400
[  361.593934][ T8637]  ? _raw_spin_lock_irqsave+0xbc/0x100
[  361.599386][ T8637]  ? ieee80211_tx+0x460/0x460
[  361.604076][ T8637]  print_address_description+0x60/0x2d0
[  361.609741][ T8637]  ? ieee80211_monitor_select_queue+0x23a/0x240
[  361.615996][ T8637]  kasan_report+0xdf/0x130
[  361.620411][ T8637]  ? ieee80211_monitor_select_queue+0x23a/0x240
[  361.626653][ T8637]  ieee80211_monitor_select_queue+0x23a/0x240
[  361.632722][ T8637]  ? ieee80211_recalc_smps_work+0x20/0x20
[  361.638432][ T8637]  netdev_core_pick_tx+0x118/0x2e0
[  361.643542][ T8637]  __dev_queue_xmit+0x756/0x2f80
[  361.648481][ T8637]  ? __might_fault+0xb7/0x110
[  361.653176][ T8637]  ? dev_queue_xmit+0x20/0x20
[  361.657846][ T8637]  ? virtio_net_hdr_to_skb+0xa6b/0x11f0
[  361.663407][ T8637]  ? packet_cached_dev_get+0x270/0x270
[  361.668861][ T8637]  ? skb_copy_datagram_from_iter+0x5e3/0x6a0
[  361.674842][ T8637]  packet_sendmsg+0x3dba/0x5060
[  361.679719][ T8637]  ? __might_sleep+0xf0/0xf0
[  361.684319][ T8637]  ? aa_sk_perm+0x7dc/0x910
[  361.688814][ T8637]  ? packet_getsockopt+0x9a0/0x9a0
[  361.693922][ T8637]  ? aa_sock_msg_perm+0x94/0x150
[  361.698855][ T8637]  ? bpf_lsm_socket_sendmsg+0x5/0x10
[  361.704237][ T8637]  ? security_socket_sendmsg+0x7c/0xa0
[  361.709691][ T8637]  ? packet_getsockopt+0x9a0/0x9a0
[  361.714796][ T8637]  ____sys_sendmsg+0x5b7/0x8f0
[  361.719559][ T8637]  ? __sys_sendmsg_sock+0x30/0x30
[  361.724582][ T8637]  ? import_iovec+0x6f/0xa0
[  361.729089][ T8637]  ___sys_sendmsg+0x236/0x2e0
[  361.733764][ T8637]  ? __sys_sendmsg+0x2a0/0x2a0
[  361.738545][ T8637]  __se_sys_sendmsg+0x1af/0x290
[  361.743389][ T8637]  ? __x64_sys_sendmsg+0x80/0x80
[  361.748314][ T8637]  ? lockdep_hardirqs_on_prepare+0x409/0x770
[  361.754296][ T8637]  ? lockdep_hardirqs_on+0x94/0x140
[  361.759486][ T8637]  do_syscall_64+0x4c/0xa0
[  361.763975][ T8637]  ? clear_bhb_loop+0x30/0x80
[  361.768639][ T8637]  ? clear_bhb_loop+0x30/0x80
[  361.773303][ T8637]  entry_SYSCALL_64_after_hwframe+0x66/0xd0
[  361.779194][ T8637] RIP: 0033:0x7f058ea13e59
[  361.783601][ T8637] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  361.803201][ T8637] RSP: 002b:00007f058cc6d028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  361.811610][ T8637] RAX: ffffffffffffffda RBX: 00007f058ec8cfa0 RCX: 00007f058ea13e59
[  361.819572][ T8637] RDX: 0000000000000000 RSI: 00002000000000c0 RDI: 0000000000000003
[  361.827535][ T8637] RBP: 00007f058eaa9d6f R08: 0000000000000000 R09: 0000000000000000
[  361.835495][ T8637] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  361.843456][ T8637] R13: 00007f058ec8d038 R14: 00007f058ec8cfa0 R15: 00007ffc97069fa8
[  361.851432][ T8637]  </TASK>
[  361.854439][ T8637] 
[  361.856748][ T8637] Allocated by task 4657:
[  361.861062][ T8637]  __kasan_kmalloc+0xb5/0xf0
[  361.865643][ T8637]  __register_sysctl_table+0xa1f/0x1230
[  361.871176][ T8637]  neigh_sysctl_register+0x9b0/0xa90
[  361.876448][ T8637]  addrconf_sysctl_register+0xac/0x1b0
[  361.881894][ T8637]  ipv6_add_dev+0xbf3/0x1190
[  361.886467][ T8637]  addrconf_notify+0x66f/0xf00
[  361.891395][ T8637]  raw_notifier_call_chain+0xcb/0x160
[  361.896759][ T8637]  register_netdevice+0x12a6/0x1710
[  361.901949][ T8637]  veth_newlink+0x6bc/0xe30
[  361.906447][ T8637]  rtnl_newlink+0x1359/0x1a50
[  361.911112][ T8637]  rtnetlink_rcv_msg+0x844/0xf30
[  361.916037][ T8637]  netlink_rcv_skb+0x1f5/0x440
[  361.920786][ T8637]  netlink_unicast+0x774/0x920
[  361.925533][ T8637]  netlink_sendmsg+0x8ba/0xbe0
[  361.930280][ T8637]  __sys_sendto+0x46d/0x620
[  361.934769][ T8637]  __x64_sys_sendto+0xda/0xf0
[  361.939431][ T8637]  do_syscall_64+0x4c/0xa0
[  361.943924][ T8637]  entry_SYSCALL_64_after_hwframe+0x66/0xd0
[  361.949825][ T8637] 
[  361.952141][ T8637] Last potentially related work creation:
[  361.957834][ T8637]  kasan_save_stack+0x35/0x60
[  361.962503][ T8637]  kasan_record_aux_stack+0xb8/0x100
[  361.967776][ T8637]  call_rcu+0x189/0x950
[  361.971926][ T8637]  ip6_route_info_create+0x9c5/0x1210
[  361.977286][ T8637]  ip6_route_add+0x24/0x130
[  361.981772][ T8637]  addrconf_prefix_route+0x249/0x320
[  361.987046][ T8637]  inet6_addr_add+0x4ff/0x9c0
[  361.991708][ T8637]  inet6_rtm_newaddr+0x64c/0x8f0
[  361.996722][ T8637]  rtnetlink_rcv_msg+0x844/0xf30
[  362.001742][ T8637]  netlink_rcv_skb+0x1f5/0x440
[  362.006494][ T8637]  netlink_unicast+0x774/0x920
[  362.011243][ T8637]  netlink_sendmsg+0x8ba/0xbe0
[  362.015993][ T8637]  __sys_sendto+0x46d/0x620
[  362.020482][ T8637]  __x64_sys_sendto+0xda/0xf0
[  362.025151][ T8637]  do_syscall_64+0x4c/0xa0
[  362.029559][ T8637]  entry_SYSCALL_64_after_hwframe+0x66/0xd0
[  362.035436][ T8637] 
[  362.037743][ T8637] The buggy address belongs to the object at ffff88805fd26c00
[  362.037743][ T8637]  which belongs to the cache kmalloc-512 of size 512
[  362.051964][ T8637] The buggy address is located 507 bytes inside of
[  362.051964][ T8637]  512-byte region [ffff88805fd26c00, ffff88805fd26e00)
[  362.065224][ T8637] The buggy address belongs to the page:
[  362.070854][ T8637] page:ffffea00017f4900 refcount:1 mapcount:0 mapping:0000000000000000 index:0xffff88805fd26800 pfn:0x5fd24
[  362.082336][ T8637] head:ffffea00017f4900 order:2 compound_mapcount:0 compound_pincount:0
[  362.090837][ T8637] flags: 0xfff00000010200(slab|head|node=0|zone=1|lastcpupid=0x7ff)
[  362.098902][ T8637] raw: 00fff00000010200 ffffea000093e708 ffffea000181ef08 ffff888016c41c80
[  362.107480][ T8637] raw: ffff88805fd26800 0000000000100006 00000001ffffffff 0000000000000000
[  362.116042][ T8637] page dumped because: kasan: bad access detected
[  362.122455][ T8637] page_owner tracks the page as allocated
[  362.128328][ T8637] page last allocated via order 2, migratetype Unmovable, gfp_mask 0x52a20(GFP_ATOMIC|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP), pid 4189, ts 52400381421, free_ts 11509557135
[  362.145339][ T8637]  get_page_from_freelist+0x1bbd/0x1ca0
[  362.150880][ T8637]  __alloc_pages+0x1ee/0x480
[  362.155473][ T8637]  new_slab+0xc0/0x4b0
[  362.159643][ T8637]  ___slab_alloc+0x80a/0xdd0
[  362.164226][ T8637]  __kmalloc+0x1cd/0x330
[  362.168461][ T8637]  fib6_info_alloc+0x2e/0xe0
[  362.173040][ T8637]  ip6_route_info_create+0x44f/0x1210
[  362.178660][ T8637]  ip6_route_add+0x24/0x130
[  362.183269][ T8637]  addrconf_permanent_addr+0x686/0x9e0
[  362.188731][ T8637]  addrconf_notify+0x827/0xf00
[  362.194002][ T8637]  raw_notifier_call_chain+0xcb/0x160
[  362.199363][ T8637]  __dev_notify_flags+0x194/0x300
[  362.204375][ T8637]  dev_change_flags+0xe3/0x1a0
[  362.209123][ T8637]  do_setlink+0xcdb/0x3d60
[  362.213529][ T8637]  rtnl_newlink+0x1658/0x1a50
[  362.218188][ T8637]  rtnetlink_rcv_msg+0x844/0xf30
[  362.223113][ T8637] page last free stack trace:
[  362.227763][ T8637]  free_unref_page_prepare+0x637/0x6c0
[  362.233209][ T8637]  free_unref_page+0x8f/0x2a0
[  362.237869][ T8637]  free_contig_range+0x96/0xf0
[  362.242617][ T8637]  destroy_args+0xf0/0xa00
[  362.247021][ T8637]  debug_vm_pgtable+0x321/0x380
[  362.251856][ T8637]  do_one_initcall+0x272/0x730
[  362.256609][ T8637]  do_initcall_level+0x137/0x1f0
[  362.261532][ T8637]  do_initcalls+0x4b/0x90
[  362.265855][ T8637]  kernel_init_freeable+0x3e9/0x570
[  362.271037][ T8637]  kernel_init+0x19/0x1b0
[  362.275356][ T8637]  ret_from_fork+0x1f/0x30
[  362.279760][ T8637] 
[  362.282067][ T8637] Memory state around the buggy address:
[  362.287678][ T8637]  ffff88805fd26c80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[  362.295721][ T8637]  ffff88805fd26d00: 06 fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[  362.304036][ T8637] >ffff88805fd26d80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[  362.312077][ T8637]                                                                 ^
[  362.320033][ T8637]  ffff88805fd26e00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[  362.328076][ T8637]  ffff88805fd26e80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[  362.336130][ T8637] ==================================================================
[  362.344168][ T8637] Disabling lock debugging due to kernel taint
[  362.350427][ T8637] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[  362.357614][ T8637] CPU: 1 PID: 8637 Comm: syz.4.1173 Tainted: G    B             syzkaller #0
[  362.366384][ T8637] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026
[  362.376440][ T8637] Call Trace:
[  362.379708][ T8637]  <TASK>
[  362.382632][ T8637]  dump_stack_lvl+0x188/0x250
[  362.387298][ T8637]  ? show_regs_print_info+0x20/0x20
[  362.392477][ T8637]  ? load_image+0x400/0x400
[  362.396963][ T8637]  panic+0x2e5/0x810
[  362.400848][ T8637]  ? bpf_jit_dump+0xd0/0xd0
[  362.405338][ T8637]  ? _raw_spin_unlock_irqrestore+0xbc/0x120
[  362.411213][ T8637]  ? _raw_spin_unlock_irqrestore+0xc1/0x120
[  362.417095][ T8637]  ? _raw_spin_unlock+0x40/0x40
[  362.421930][ T8637]  ? ieee80211_monitor_select_queue+0x23a/0x240
[  362.428159][ T8637]  check_panic_on_warn+0x80/0xa0
[  362.433082][ T8637]  ? ieee80211_monitor_select_queue+0x23a/0x240
[  362.439310][ T8637]  end_report+0x6d/0xf0
[  362.443455][ T8637]  kasan_report+0x102/0x130
[  362.447945][ T8637]  ? ieee80211_monitor_select_queue+0x23a/0x240
[  362.454173][ T8637]  ieee80211_monitor_select_queue+0x23a/0x240
[  362.460229][ T8637]  ? ieee80211_recalc_smps_work+0x20/0x20
[  362.465933][ T8637]  netdev_core_pick_tx+0x118/0x2e0
[  362.471034][ T8637]  __dev_queue_xmit+0x756/0x2f80
[  362.475957][ T8637]  ? __might_fault+0xb7/0x110
[  362.480632][ T8637]  ? dev_queue_xmit+0x20/0x20
[  362.485289][ T8637]  ? virtio_net_hdr_to_skb+0xa6b/0x11f0
[  362.490827][ T8637]  ? packet_cached_dev_get+0x270/0x270
[  362.496277][ T8637]  ? skb_copy_datagram_from_iter+0x5e3/0x6a0
[  362.502247][ T8637]  packet_sendmsg+0x3dba/0x5060
[  362.507099][ T8637]  ? __might_sleep+0xf0/0xf0
[  362.511677][ T8637]  ? aa_sk_perm+0x7dc/0x910
[  362.516162][ T8637]  ? packet_getsockopt+0x9a0/0x9a0
[  362.521259][ T8637]  ? aa_sock_msg_perm+0x94/0x150
[  362.526354][ T8637]  ? bpf_lsm_socket_sendmsg+0x5/0x10
[  362.531622][ T8637]  ? security_socket_sendmsg+0x7c/0xa0
[  362.537063][ T8637]  ? packet_getsockopt+0x9a0/0x9a0
[  362.542161][ T8637]  ____sys_sendmsg+0x5b7/0x8f0
[  362.546913][ T8637]  ? __sys_sendmsg_sock+0x30/0x30
[  362.551931][ T8637]  ? import_iovec+0x6f/0xa0
[  362.556421][ T8637]  ___sys_sendmsg+0x236/0x2e0
[  362.561113][ T8637]  ? __sys_sendmsg+0x2a0/0x2a0
[  362.565875][ T8637]  __se_sys_sendmsg+0x1af/0x290
[  362.570715][ T8637]  ? __x64_sys_sendmsg+0x80/0x80
[  362.575637][ T8637]  ? lockdep_hardirqs_on_prepare+0x409/0x770
[  362.581641][ T8637]  ? lockdep_hardirqs_on+0x94/0x140
[  362.586827][ T8637]  do_syscall_64+0x4c/0xa0
[  362.591224][ T8637]  ? clear_bhb_loop+0x30/0x80
[  362.595886][ T8637]  ? clear_bhb_loop+0x30/0x80
[  362.600546][ T8637]  entry_SYSCALL_64_after_hwframe+0x66/0xd0
[  362.606611][ T8637] RIP: 0033:0x7f058ea13e59
[  362.611024][ T8637] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  362.630626][ T8637] RSP: 002b:00007f058cc6d028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  362.639033][ T8637] RAX: ffffffffffffffda RBX: 00007f058ec8cfa0 RCX: 00007f058ea13e59
[  362.646990][ T8637] RDX: 0000000000000000 RSI: 00002000000000c0 RDI: 0000000000000003
[  362.654951][ T8637] RBP: 00007f058eaa9d6f R08: 0000000000000000 R09: 0000000000000000
[  362.662905][ T8637] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  362.670859][ T8637] R13: 00007f058ec8d038 R14: 00007f058ec8cfa0 R15: 00007ffc97069fa8
[  362.678924][ T8637]  </TASK>
[  362.682231][ T8637] Kernel Offset: disabled
[  362.686549][ T8637] Rebooting in 86400 seconds..