last executing test programs:

1m47.78201564s ago: executing program 1 (id=184):
r0 = socket$inet6(0xa, 0x3, 0x5)
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000c80)={'lo\x00'})
sendmmsg(r0, &(0x7f00000006c0)=[{{&(0x7f0000000180)=@l2tp6={0xa, 0x500, 0x80000, @remote, 0x0, 0x3}, 0x80, 0x0}, 0x5b4}, {{&(0x7f0000000040)=@l2tp6={0xa, 0x0, 0x7080000, @dev={0xfe, 0x80, '\x00', 0x37}, 0x7, 0x1}, 0x80, 0x0, 0x0, &(0x7f0000000c80)=ANY=[], 0x108}, 0x12000000}], 0x2, 0xc040)

1m47.72187133s ago: executing program 1 (id=187):
r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={0x0, r0}, 0x18)
r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=@base={0xb, 0x5, 0x10001, 0x9, 0x1}, 0x48)
fsetxattr(r1, &(0x7f0000000040)=@known='com.apple.FinderInfo\x00', 0x0, 0x0, 0x1)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r2 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x7)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f0000000300)=@abs={0x0, 0x0, 0xb}, 0x6e)
sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r5 = syz_open_dev$cec(&(0x7f00000004c0), 0xffffffffffffffff, 0x0)
ioctl$IOC_PR_PREEMPT(r5, 0x40046109, &(0x7f0000000040)={0xef})

1m47.309149377s ago: executing program 1 (id=192):
r0 = socket$inet6_sctp(0xa, 0x1, 0x84)
setsockopt(r0, 0x84, 0x81, &(0x7f0000000280)="1a00000002000000", 0x8)
setsockopt$inet_sctp6_SCTP_AUTH_CHUNK(r0, 0x84, 0x15, &(0x7f00000000c0)={0x8}, 0x1)
setsockopt$inet_sctp_SCTP_SOCKOPT_BINDX_ADD(r0, 0x84, 0x64, &(0x7f0000000000)=[@in6={0xa, 0x4e23, 0x401, @loopback}], 0x1c)
sendto$inet6(r0, &(0x7f0000000080)="b1", 0x1, 0x400c0d4, &(0x7f0000000140)={0xa, 0x4e23, 0x0, @loopback, 0xffffffff}, 0x1c)
shutdown(r0, 0x1)
openat$vimc2(0xffffffffffffff9c, &(0x7f00000006c0), 0x2, 0x0)
madvise(&(0x7f0000000000/0x800000)=nil, 0x800000, 0xe)
r1 = io_uring_setup(0x3458, &(0x7f0000000080)={0x0, 0xffffeffa, 0x18, 0x2, 0x1})
io_uring_register$IORING_REGISTER_BUFFERS(r1, 0x0, &(0x7f00000002c0)=[{&(0x7f0000001700)=""/4095, 0x440000}], 0x100000000000011a)
mremap(&(0x7f00003eb000/0x2000)=nil, 0x2000, 0x1000, 0x3, &(0x7f0000003000/0x1000)=nil)
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
getsockopt$inet6_IPV6_IPSEC_POLICY(r0, 0x29, 0x22, &(0x7f0000000180)={{{@in=@remote, @in6=@ipv4={""/10, ""/2, @multicast2}}}, {{@in6}, 0x0, @in6=@local}}, &(0x7f0000000040)=0xe8)

1m46.143853145s ago: executing program 1 (id=197):
bpf$PROG_LOAD(0x5, &(0x7f0000000140)={0x12, 0xc, &(0x7f0000000000)=ANY=[@ANYBLOB="18000000"], 0x0, 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @cgroup_sock_addr=0xa, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
syz_mount_image$ext4(&(0x7f0000000440)='ext4\x00', &(0x7f00000000c0)='./file1\x00', 0x200000, &(0x7f0000000200), 0x3, 0x570, &(0x7f0000000680)="$eJzs3V1rHFUYAOB3Nkm/tSmUoiIS6IWV2k2T+FFBsF6KFgt6X5dkGmo23ZLdlCYW2l7YG2+kCCIWxB/gvZfFP+CvKGihSAl64U1kNrPtNtnN52q2zvPAtOfMzObM2TPv2Xd2dtkACmsk+6cU8WLcjK+TiMNt2wYj3ziyst/So+uT2ZLE8vInfySR5Ota+yf5/wfzygsR8cuXESdLa9utLyzOVKrVdC6vjzZmr4zWFxZPXZqtTKfT6eXxiYkzb06Mv/P2Wz3r62vn//ru43sfnPnq+NK3Pz04cieJs3Eo39bejx242V4ZiZH8ORmKs6t2HOtBY/0k2e0DYFsG8jgfimwOOBwDedQD/383ImIZKKhE/ENBtfKA1rV9j66DnxkP31+5AFrb/8GV90ZiX/Pa6MBS8tSVUXa9O9yD9rM2fv797p1siQ3eh7jRg/YAWm7eiojTg4Nr578kn/+273TzzeP1rW6jaK8/sJvuZfnP653yn9Lj/Cc65D8HO8Tudmwc/6UHPWimqyz/e7dj/vt46hoeyGvPNXO+oeTipWp6OiKej4gTMbQ3q693P+fM0v3lbtva879sydpv5YL5cTwY3Pv0Y6YqjcpO+tzu4a2Il57kv0msmf/3NXPd1eOfPR/nN9nGsfTuK922bdz/dr3PgJd/jHi14/g/uaOVrH9/crR5Poy2zoq1/rx97Ndu7W+t/72Xjf+B9fs/nLTfr61vvY0f9v2ddtu23fN/T/Jps7wnX3et0mjMjUXsST5au378yWNb9db+Wf9PHF9//ut0/u+PiM822f/bR2933bUfxn9qS+O/9cL9D7/4vlv7mxv/N5qlE/mazcx/mz3AnTx3AAAAAAAA0G9KEXEoklL5cblUKpdXPt9xNA6UqrV64+TF2vzlqWh+V3Y4hkqtO92H2z4PMZZ/HrZVH19Vn4iIIxHxzcD+Zr08WatO7XbnAQAAAAAAAAAAAAAAAAAAoE8c7PL9/8xvA7t9dMC/zk9+Q3FtGP+9+KUnoC95/Yfi6hL/pgUoAIEOxSX+objEPxSX+IfiEv9QXOIfAAAAAAAAAAAAAAAAAAAAAAAAAAAAeur8uXPZsrz06PpkVp+6ujA/U7t6aiqtz5Rn5yfLk7W5K+XpWm26mpYna7Mb/b1qrXZlbDzmr4020npjtL6weGG2Nn+5ceHSbGU6vZAO/Se9AgAAAAAAAAAAAAAAAAAAgGdLfWFxplKtpnMKXQvvxW4fxucv7+ThSedRTto6uGJbTQz2yzAp9LSwyxMTAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAALT5JwAA//821zOC")
chdir(&(0x7f0000000400)='./file0\x00')
r0 = openat$dir(0xffffffffffffff9c, &(0x7f0000000500)='.\x00', 0x82400, 0x196)
lseek(r0, 0x8, 0x1)
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
getdents(r0, 0x0, 0x40)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
sendmmsg$unix(r1, &(0x7f0000000000), 0x400000000000041, 0x0)
sendmsg$sock(r1, &(0x7f0000000900)={&(0x7f0000000040)=@l2={0x1f, 0x7, @none, 0xd966}, 0x80, &(0x7f0000000880)=[{&(0x7f0000000200)="e110df06a084df0f6458657b27c8b2bcc95212c87fb0f9b76ae336b055581dbd138e194612e96a2a89deb42649cf2ca6e509a3a95e0f2f2ea43c77918dc9c35b470f84f69ecba545fe1db2e1dc76386cf48ae6c272b88f8c72f9ac225e20a17492d501552840a4f9ad676bb9e49959ab7c8e1213f4e0b3eba7e51947384641a5006767787e671320dd56ee22decd633c079ea5616aa20cbe85fa7ef9955953750bdf130192b550fee7d8fed8ee7d6960842455a13adef87fb499624c5cf4c463fb3bbb", 0xc3}, {&(0x7f0000000340)="f8c70616463df59234f0a4f67813cc42e09e137e17f736360e9d3291034ccdd4625700d8325a1d5d45c9ffb86ebded816186359990fda5d9736bb07b84efd8e5eb7bae3d91c7ae4897edb371edcea62791ef0e12bf938f73f2d9de8565f2a36e24f21263e770d6201726b8ec8fb7a6be23d65b207d4616b72158315baac0103329a39d0e2de81afff56e8822206d9595d601402caeb08e254ada66d912f430d073d1ef570feee309eca069a103372eef91e23f3eb3b4aacacd1c0e8db5626ea6ae2473a8609c833244f67da4e25b88a461ce57795e95bea8dbbb53c6608ddd6d4288356f42008d54a350754333b04c89031b60c65d58cbafe9e3b8250e", 0xfd}, {&(0x7f0000000440)="ac28d3efcf64bd24382aa862c7b07d7cdedfcb2a8965d7dd77773ddfad85c20e133aaa57e697afe9c52a7bdb7446b92e49af66653f5a721b292b73eee4a3dd6f45f84e19e42a9a2577141183c28ce92c2ef8", 0x52}, {&(0x7f00000004c0)="79ca439018e312071977c4aed77804a960f1a1e01eec1df3b20a99b01fa8c6437efb29bec99a784861ee7c7dcfd16d96dd2235c72845f178bc0b4f4f6c8df63b073f37c2d77f6729c0f174a53b5aa6a7d57941e2142d79a291a52987ddb42608654700c6ff2e82e7162099191bc0f365fd83d671b226b23614719ed55361ea39ee66478e8b06019b80272dea60ec0a5b3b0cf615cf453989d2456dfab582e192a1202ec9352677995cf0f182b183cb7f41f2245b", 0xb4}, {&(0x7f0000000580)="39020f6a3e540eec3608abffc939910fdb4618919cbc35ba4d68333a1a7e15e3411828cfcd983429517bf1035ed0098fdc06fc0a2d3088643d2dd7dc7bad4fc9901f82d5effa91b166411f5e88734fcdc0348ae1f4340ed882aa0cfe33340e5b25d45b5862c1558ffbdf97ff3f13afef69c1876df0b1f8da2161dc40f2be81083536e35003b369626a3cb695a178a4cae150a1f7cbfdaa1fbeea4fd62475496d36d0e88264b34e193937496b1ac199926b45ffc91c9a419c96de855f277eebbe3a8dd44370753c3d397bb4", 0xcb}, {&(0x7f0000000680)="0dd17247489a4272618fd354ed5cb617ae266f3016fd2f2b8c9abaea6156d17ba9572db9a3b83fea0c91d075ab0cce32d62aaec74c82d3c1ef377f290cbf416af2282da8a8be8fb1fc6f88ba3beff646de736b63ea7a5ff43694500b100ef56d4575701f866b5702087729dfd09454d4133d3f2990ff258df6e5bd08dcc1c034d35ef847712ffec2e960152466578831d5167e3eb069c1c05f983e598784757114bc", 0xa2}, {&(0x7f0000000780)="6e920c193c26abc95c2abbef243622efd01d56163735947c066b66ad65ab13a5294851cd4e8d04612ea9b2fc6656ca7dd0ef5e425e98882de0ef08885086ad94965adcb8f77a2ad92a8906df8c4575dfb0e9c460851b91074428c2f7331f280a521341e3d31b5bb17cce7493868d7e979707cf699c96128baf33357fd7e661a5bb3989d13470342b436afff54be8d2e32a96f41014f61776710bfdb5be40ce60669e94b4543403007d72681c293d9f467d11f09c365def01c97bfc4879f49291d5da4bfe91cf5c0225de3aa7ce48b68c8020d9e49a19490d9ac97a4bac9a301a13b0", 0xe2}], 0x7}, 0x4040)
r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000940)=ANY=[@ANYBLOB="0b0000008b000000050000000900000001000000", @ANYRES32=0x1, @ANYBLOB="000000000096cf0000000700"/22, @ANYRES32=0x0, @ANYRES32, @ANYBLOB='\x00'/28], 0x50)
bpf$MAP_GET_NEXT_KEY(0x2, &(0x7f0000000740)={r2, &(0x7f0000000000), &(0x7f00000000c0)=""/109}, 0x20)
bpf$MAP_LOOKUP_ELEM(0x1, &(0x7f0000000300)={r2, &(0x7f0000000140), 0x0}, 0x20)

1m45.097391711s ago: executing program 1 (id=200):
r0 = socket$kcm(0xa, 0x2, 0x73)
r1 = socket$nl_xfrm(0x10, 0x3, 0x6)
r2 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00'}, 0x10)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r3 = getpid()
sched_setscheduler(r3, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x0, 0x4010, r1, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, <r4=>0xffffffffffffffff})
sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0)
sendmsg$inet(r0, &(0x7f0000001180)={&(0x7f0000000000)={0xa, 0x0, @empty}, 0x10, 0x0, 0x0, &(0x7f00000011c0)=ANY=[], 0x6b}, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
close_range(0xffffffffffffffff, r2, 0x0)
openat$sysfs(0xffffffffffffff9c, 0x0, 0x149a82, 0x0)
r5 = open(&(0x7f0000000280)='.\x00', 0x0, 0x0)
fcntl$notify(r5, 0x402, 0x11)
r6 = openat(0xffffffffffffff9c, &(0x7f0000000500)='.\x00', 0x0, 0x0)
fsetxattr$system_posix_acl(r6, 0x0, &(0x7f0000000180)=ANY=[@ANYRESOCT=r6], 0x24, 0x3)
timer_create(0x3, 0x0, &(0x7f0000044000))
r7 = socket$inet6(0xa, 0x2, 0x0)
bind$inet6(r7, &(0x7f0000000380)={0xa, 0x14e24}, 0x1c)
connect$inet6(r7, &(0x7f00000002c0)={0xa, 0x4e24}, 0x1c)
sendmmsg(r4, &(0x7f00000092c0), 0x0, 0x81)
timer_settime(0x0, 0x236bd4336e4642df, &(0x7f0000000300)={{0x0, 0x1}, {0x0, 0xe4c}}, 0x0)

1m43.84372567s ago: executing program 1 (id=207):
syz_mount_image$erofs(&(0x7f0000000340), &(0x7f0000000580)='./file0\x00', 0x2000000, &(0x7f00000004c0)=ANY=[], 0x1, 0x222, &(0x7f00000005c0)="$eJzsmL9rFEEUx78zu7feiog2KWwsDBjR7GX3UNIcGkGwEiHxV6WHWUPMJieXFUxANNjYaGchpLHwH7BIkcrCzn9A0EIFwcIrLGxsRmZndm9yc3HDcla+TzF8Z9+befPezbziQBDEf8vXL78+Pzs/PXcKwAGMY5/+/t0BGFOaG/6fXt4/+aJ1YfPNx9fvVg4+3B7cTy4RYueH+l/iuwDezjhIi0jF6t9SjOvJHHihr4DjhNbXwBBofQscV7WOwXBD67uG7kj/ILizmMTB7U4yL8WUHEI5RHJoDp6vt8Ewr+dCCMEM++ra+lI7SeKuIVxtG2KqJIpgS2NW/Wrw0JvhaBnnk1W8/vTJhpzntZky6heCI9RJNMEwq79PYzOvjSqJkf8Rt7+/Y+U/JFumLwNQlmRdidbPkRTLFIcnqy2fkOmcs02HUOUY2Lmqhr5JVnK0KVtXJxNu+V08q3/QCrEuDWYhHg1/AM99AP8oU1NUyiIXY73t97bpmxJ81/ssWHkItvf7U9/rmfOHWL1iPmReI/8tgA9bqn+IVwzHjf7kGv2jkS7fa6yurU8uLrcX4oV4JYqaZxjw+HTUyBqRGq2+1+/Pftaf9hv713bx9biHB+007YZq9JgHH2najbJ5ZDyb2a3Oj5t6WYqLAI6piWxpXrGjY8VgnvLhma9UE7YTQRAEQRAEQRAEQRAEQRBEJY6CZf+ClhBdzrz/BAAA//9oglvV")
mount$overlay(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000180), 0x1204001, &(0x7f00000011c0)={[{@lowerdir={'lowerdir', 0x3d, '.'}, 0x3a}], [], 0x2f})
chdir(&(0x7f00000001c0)='./file0\x00')
syz_mount_image$fuse(0x0, &(0x7f0000001040)='./file1\x00', 0x8801, 0x0, 0x0, 0x0, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f00000000c0)={0x73622a85, 0x110b, 0x8000000000002})
r1 = socket$kcm(0x10, 0x0, 0x10)
sendmsg$ETHTOOL_MSG_COALESCE_SET(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000040)={0x20, 0x0, 0x300, 0x70bd25, 0x25dfdbfc, {0x10}, [@ETHTOOL_A_COALESCE_HEADER={0x4}, @ETHTOOL_A_COALESCE_RX_MAX_FRAMES_LOW={0x8, 0xf, 0x8}]}, 0x20}, 0x1, 0x0, 0x0, 0x20000801}, 0x0)
sendmsg$kcm(r1, &(0x7f0000000000)={0x0, 0xd18c9b25, &(0x7f0000000080)=[{&(0x7f0000000040)="e03f03003b000b05d25a806c8c6394f90224fc60100005000a000200053582c137153e37000c0180fc0b10000500", 0x33fe0}], 0x1}, 0x0)
ioctl$BINDER_GET_NODE_INFO_FOR_REF(r0, 0xc018620c, &(0x7f0000000280)={0x2})
r2 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0)
keyctl$KEYCTL_RESTRICT_KEYRING(0x1d, 0x0, 0x0, 0x0)
socket(0x10, 0x3, 0x0)
openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0)
r3 = syz_usb_connect$hid(0x3, 0x36, &(0x7f0000000240)={{0x12, 0x1, 0x0, 0x0, 0x0, 0x0, 0x40, 0x1e7d, 0x2d50, 0x0, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x5, 0x3, 0x0, 0x2, 0x0, {0x9, 0x21, 0x0, 0x33, 0x1, {0x22, 0x5}}, {{{0x9, 0x5, 0x81, 0x3, 0x0, 0xc, 0x0, 0x7}}}}}]}}]}}, 0x0)
syz_usb_control_io(r3, 0x0, 0x0)
syz_usb_control_io(r3, &(0x7f00000003c0)={0x2c, &(0x7f0000000100)=ANY=[@ANYBLOB="000457003b0e000000000000fd3bc518194b120c1e73d54cfc4ad2841ef4f6a3fd7c59ccb785025f2e7b3504ff87cbfd10f3c080b7330000000000000008f1000000000000ea7a288982d5337c364daf03bd400d66293b0a2b103dd93f"], 0x0, 0x0, 0x0, 0x0}, 0x0)
syz_usb_control_io(r3, 0x0, 0x0)
r4 = openat$vcs(0xffffffffffffff9c, &(0x7f0000000100), 0x680, 0x0)
syz_kvm_setup_cpu$x86(r2, r4, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000240)=[@text64={0x40, &(0x7f0000000200)="460fc76c8aa90f00d1480fc79a00f0ffffb9090b00000f3264f2f01944a6f066430f38819185e74025660f38804304670fc76a02440f060f01cf", 0x3a}], 0x1, 0x8, &(0x7f00000002c0), 0x0)
r5 = socket$packet(0x11, 0x3, 0x300)
ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000080)={'bridge0\x00', <r6=>0x0})
setsockopt$packet_int(r5, 0x107, 0xf, &(0x7f0000000000)=0x9, 0x4)
sendto$packet(r5, &(0x7f00000000c0)="3f03fe7f0300120006001e0089e9aaa911d7c2290f0086dd1327c9167c643c4a1b7880610cc96655b1b141ab059b24d0fbc50df71548a3f6c5609063382a0c1511fdf9435e3ffe46", 0xe90c, 0x0, &(0x7f0000000540)={0xc9, 0x0, r6, 0x1, 0x0, 0x6, @multicast}, 0x14)
bpf$BPF_BTF_GET_NEXT_ID(0x17, &(0x7f0000000540)={0xcfb, <r7=>0x0}, 0x8)
bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000000880)=@bpf_lsm={0x1d, 0x1e, &(0x7f00000003c0)=ANY=[@ANYBLOB="18000000250e000000000000ff03000000000000", @ANYRES32=r4, @ANYBLOB="0000000000000000b702000014000000b7030000000000008500000083000000bf090000000000005509010000000000950000000000000018110000", @ANYRES32=r4, @ANYBLOB="0000000000000000b70200000000000085000000860000001860000009000000000000000600000085000000b400000018010000786c6c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b7030000050000008500000006000000bf91000000000000b7020000000000008500000085000000b7000000000000009500000000000000"], &(0x7f0000000300)='GPL\x00', 0x80000001, 0x0, 0x0, 0x41000, 0x2a, '\x00', r6, 0x1b, r4, 0x8, &(0x7f00000004c0)={0x5, 0x2}, 0x8, 0x10, &(0x7f0000000500)={0x8, 0x0, 0x7, 0x4}, 0x10, r7, 0x0, 0x1, &(0x7f0000000800), &(0x7f0000000840)=[{0x1, 0x5, 0x3, 0x8}], 0x10, 0xff}, 0x94)
r8 = socket$inet6_udp(0xa, 0x2, 0x0)
ioctl$sock_SIOCGIFINDEX(r8, 0x8933, &(0x7f0000000c80)={'lo\x00', <r9=>0x0})
ioctl$sock_inet6_SIOCSIFADDR(r8, 0x8916, &(0x7f0000000000)={@loopback={0xfec0ffffffffffff}, 0x46, r9})

1m43.456061287s ago: executing program 32 (id=207):
syz_mount_image$erofs(&(0x7f0000000340), &(0x7f0000000580)='./file0\x00', 0x2000000, &(0x7f00000004c0)=ANY=[], 0x1, 0x222, &(0x7f00000005c0)="$eJzsmL9rFEEUx78zu7feiog2KWwsDBjR7GX3UNIcGkGwEiHxV6WHWUPMJieXFUxANNjYaGchpLHwH7BIkcrCzn9A0EIFwcIrLGxsRmZndm9yc3HDcla+TzF8Z9+befPezbziQBDEf8vXL78+Pzs/PXcKwAGMY5/+/t0BGFOaG/6fXt4/+aJ1YfPNx9fvVg4+3B7cTy4RYueH+l/iuwDezjhIi0jF6t9SjOvJHHihr4DjhNbXwBBofQscV7WOwXBD67uG7kj/ILizmMTB7U4yL8WUHEI5RHJoDp6vt8Ewr+dCCMEM++ra+lI7SeKuIVxtG2KqJIpgS2NW/Wrw0JvhaBnnk1W8/vTJhpzntZky6heCI9RJNMEwq79PYzOvjSqJkf8Rt7+/Y+U/JFumLwNQlmRdidbPkRTLFIcnqy2fkOmcs02HUOUY2Lmqhr5JVnK0KVtXJxNu+V08q3/QCrEuDWYhHg1/AM99AP8oU1NUyiIXY73t97bpmxJ81/ssWHkItvf7U9/rmfOHWL1iPmReI/8tgA9bqn+IVwzHjf7kGv2jkS7fa6yurU8uLrcX4oV4JYqaZxjw+HTUyBqRGq2+1+/Pftaf9hv713bx9biHB+007YZq9JgHH2najbJ5ZDyb2a3Oj5t6WYqLAI6piWxpXrGjY8VgnvLhma9UE7YTQRAEQRAEQRAEQRAEQRBEJY6CZf+ClhBdzrz/BAAA//9oglvV")
mount$overlay(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000180), 0x1204001, &(0x7f00000011c0)={[{@lowerdir={'lowerdir', 0x3d, '.'}, 0x3a}], [], 0x2f})
chdir(&(0x7f00000001c0)='./file0\x00')
syz_mount_image$fuse(0x0, &(0x7f0000001040)='./file1\x00', 0x8801, 0x0, 0x0, 0x0, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f00000000c0)={0x73622a85, 0x110b, 0x8000000000002})
r1 = socket$kcm(0x10, 0x0, 0x10)
sendmsg$ETHTOOL_MSG_COALESCE_SET(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000040)={0x20, 0x0, 0x300, 0x70bd25, 0x25dfdbfc, {0x10}, [@ETHTOOL_A_COALESCE_HEADER={0x4}, @ETHTOOL_A_COALESCE_RX_MAX_FRAMES_LOW={0x8, 0xf, 0x8}]}, 0x20}, 0x1, 0x0, 0x0, 0x20000801}, 0x0)
sendmsg$kcm(r1, &(0x7f0000000000)={0x0, 0xd18c9b25, &(0x7f0000000080)=[{&(0x7f0000000040)="e03f03003b000b05d25a806c8c6394f90224fc60100005000a000200053582c137153e37000c0180fc0b10000500", 0x33fe0}], 0x1}, 0x0)
ioctl$BINDER_GET_NODE_INFO_FOR_REF(r0, 0xc018620c, &(0x7f0000000280)={0x2})
r2 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0)
keyctl$KEYCTL_RESTRICT_KEYRING(0x1d, 0x0, 0x0, 0x0)
socket(0x10, 0x3, 0x0)
openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0)
r3 = syz_usb_connect$hid(0x3, 0x36, &(0x7f0000000240)={{0x12, 0x1, 0x0, 0x0, 0x0, 0x0, 0x40, 0x1e7d, 0x2d50, 0x0, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x5, 0x3, 0x0, 0x2, 0x0, {0x9, 0x21, 0x0, 0x33, 0x1, {0x22, 0x5}}, {{{0x9, 0x5, 0x81, 0x3, 0x0, 0xc, 0x0, 0x7}}}}}]}}]}}, 0x0)
syz_usb_control_io(r3, 0x0, 0x0)
syz_usb_control_io(r3, &(0x7f00000003c0)={0x2c, &(0x7f0000000100)=ANY=[@ANYBLOB="000457003b0e000000000000fd3bc518194b120c1e73d54cfc4ad2841ef4f6a3fd7c59ccb785025f2e7b3504ff87cbfd10f3c080b7330000000000000008f1000000000000ea7a288982d5337c364daf03bd400d66293b0a2b103dd93f"], 0x0, 0x0, 0x0, 0x0}, 0x0)
syz_usb_control_io(r3, 0x0, 0x0)
r4 = openat$vcs(0xffffffffffffff9c, &(0x7f0000000100), 0x680, 0x0)
syz_kvm_setup_cpu$x86(r2, r4, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000240)=[@text64={0x40, &(0x7f0000000200)="460fc76c8aa90f00d1480fc79a00f0ffffb9090b00000f3264f2f01944a6f066430f38819185e74025660f38804304670fc76a02440f060f01cf", 0x3a}], 0x1, 0x8, &(0x7f00000002c0), 0x0)
r5 = socket$packet(0x11, 0x3, 0x300)
ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000080)={'bridge0\x00', <r6=>0x0})
setsockopt$packet_int(r5, 0x107, 0xf, &(0x7f0000000000)=0x9, 0x4)
sendto$packet(r5, &(0x7f00000000c0)="3f03fe7f0300120006001e0089e9aaa911d7c2290f0086dd1327c9167c643c4a1b7880610cc96655b1b141ab059b24d0fbc50df71548a3f6c5609063382a0c1511fdf9435e3ffe46", 0xe90c, 0x0, &(0x7f0000000540)={0xc9, 0x0, r6, 0x1, 0x0, 0x6, @multicast}, 0x14)
bpf$BPF_BTF_GET_NEXT_ID(0x17, &(0x7f0000000540)={0xcfb, <r7=>0x0}, 0x8)
bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000000880)=@bpf_lsm={0x1d, 0x1e, &(0x7f00000003c0)=ANY=[@ANYBLOB="18000000250e000000000000ff03000000000000", @ANYRES32=r4, @ANYBLOB="0000000000000000b702000014000000b7030000000000008500000083000000bf090000000000005509010000000000950000000000000018110000", @ANYRES32=r4, @ANYBLOB="0000000000000000b70200000000000085000000860000001860000009000000000000000600000085000000b400000018010000786c6c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b7030000050000008500000006000000bf91000000000000b7020000000000008500000085000000b7000000000000009500000000000000"], &(0x7f0000000300)='GPL\x00', 0x80000001, 0x0, 0x0, 0x41000, 0x2a, '\x00', r6, 0x1b, r4, 0x8, &(0x7f00000004c0)={0x5, 0x2}, 0x8, 0x10, &(0x7f0000000500)={0x8, 0x0, 0x7, 0x4}, 0x10, r7, 0x0, 0x1, &(0x7f0000000800), &(0x7f0000000840)=[{0x1, 0x5, 0x3, 0x8}], 0x10, 0xff}, 0x94)
r8 = socket$inet6_udp(0xa, 0x2, 0x0)
ioctl$sock_SIOCGIFINDEX(r8, 0x8933, &(0x7f0000000c80)={'lo\x00', <r9=>0x0})
ioctl$sock_inet6_SIOCSIFADDR(r8, 0x8916, &(0x7f0000000000)={@loopback={0xfec0ffffffffffff}, 0x46, r9})

5.178629529s ago: executing program 2 (id=729):
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket$inet6_udp(0xa, 0x2, 0x0)
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000c80)={'lo\x00', <r2=>0x0})
r3 = socket$inet6_mptcp(0xa, 0x1, 0x106)
connect$inet6(r3, &(0x7f0000000000)={0xa, 0x4001, 0x0, @loopback}, 0x1c)
r4 = socket$netlink(0x10, 0x3, 0x8000000004)
writev(r4, &(0x7f0000001440)=[{&(0x7f0000000080)="90d1a07ed121aae31dd2295a0ad54176e3d772dee6432633290618335b7c3d3d46594c52c7de96dfd70379bea56e8ce07f5824fc12d9f63140d051f069a9c9f010740b1bdce361599aff646138bf54521aecb24a8d5e30d767cd3408218e8c1e308ea720704cb5c2a2d35e6343c2f2903da088da28efe64a6e2a88380ad334437536aa891a1133dd5a84fcfe7f569defb349f99e269d87be6c2edcc1f4ad4eb943fac21cff9861e932e597a39934d648b4a4cb78f5ae", 0xb6}, {&(0x7f0000000180)="00ed6cc0e650653e448c21f4df503ab2ebc9743713ecb58b0b63ba39eda53fa644f0abac9d85e334b1ac5d99624a52b61f14628909d058abf54524ba1a30af1440e6c891a9b0e6140add27b8712bb6cfb1457c41de99dbd30159def9f4b295d508524aa18ef86b41af49c43d4afcf3ef4000", 0x72}, {&(0x7f0000000200)="1a85f7fc3588979f99c374a6745cf171d53bd6d8ae5db892090dd03159bd33400c36895283d6092ec0734a8cabf8988f3341016762", 0x35}, {&(0x7f0000000240)="665cf2d354901953183dccef3cc498cac63b826c10dcdb323f2c8a740168eef4494dbd7eb8c2101aa535ada4a6e03ae92b131c584ea3821fbdba25c8e4488bde3804e2f28ad66a949b940c771a027a108dd6a55821f3ea3087c8e1ea84fc02f8972a088e1c6151b8bd4b677fb8a26580af0791bc18fc86eeebba1ade020b7fee1044e3834f816e4869e205c2", 0x8c}, {&(0x7f0000000300)="340b0e6c6d4a891bee6a0749fb498e6e42872140b8e76a7137ab1c058771805fb9988c86bc11633aed50fc8d696a0465710fd8515f4474c1648fe70380e6fc40b2b86633785cb2e5eca6abfe186840179495515779c39a3046ab1924408f05e7f413578ce73a593f91058fc01c627a133a28228ad09b08f2e66ff342e37e3e2ce7665c8d33a4a68182fde12edc6448df75ad27941c6c753e14f1947fa561b3b27c537924244cedcb31a93154de334d01ab35e1d5be2bad06c5e1af4b63686c22b3ce1f4e511d130f7567d0d781aec48b9422c1b300dd1df2698625b895347d9a29951fe974bcf82246660b04aa797abe", 0xf0}, {&(0x7f0000000400)="f0c3a1af9f1f23c103ce82cd84749d0beb", 0x11}, {&(0x7f0000000440)="7caa7d23b53db8d0a466aa5ea9c103c689085b2bed996087d3fa647b0191f29a563bace32ff13cfd8cc274d27a2bfcb8a82a99fd99134cdeb512cea83a9cb2fa93e8c619f1d4d892f286d67296632770f3ccb43755ae7a4f55094206c442555b91d2508941dcb2bbbcb7a659d4cec5d33513935f6eb911140fe8437b6d2c5f941e8495b9b8802d7a321c274af6c64d299e7db88578ce7627bc86e90a1905f2a74b16c24f4d12ae6f83e3d511ad653183761db57f3b829fa7978d562e7965f16daf6d2745d566933ef98910c0f2a3e2366627b334c01345478e51d0a42dc4dcb94f32961199b9fd2272e476539ea237cd13c87b14b0aa8ab464ea7834693f6623cf5dda498ae8160eacbc787ffd76d0f9c6183e899bcf3f32e1323c50b7cab5edf611d13c157295637f6a256c0a1df2445213861362e893a17d3cca068f922782a693e5b3db9c1ecbcdc557b22c8a1e2043fdcaccdc9e97c8c7fe9442e0e1ed425f5ed4fe339e3de892dc2b83bfacacc6933cee5510b25d117555442c16e531ffc1861020c8d8be77861fc195dab1a120f9ae6c99399f7c6e2ceb825ac2527933154429b69ee00f8ebc52d74184dca023edf72fe790dd179663973b61f8e8bf71157cac769c9dfcb2e1c0b0e0fe156de4531e616a2853a5c0255fe69ef4964a63b96408e111245b25bc3c7964c19a391acd41c615b6fb6daf9fc55d9b77ea8f03ffbdfad0f3e3f78c5f9acc4ef395ec6de9b10d26acf25539c27adbc7d01b89df6e2ee9150b4994cbc704f3f05094e8a7577d368ad14aef308c148a0ee1c616158bb91f8bbedc625206964dbac93142c7a2ca55e9815e69a23f6ad043acbbbc9acbc0218009946e3c2e725c3e04e3a7764bbb89c297942610e2f6582c14b24602013f1f1e464db0ead4ea28be58129dd9295a83aa3315b6738a54c7fb318dab3508bfc85d6e12316ef4025e18beeac26cffc97c7e64182f6498fe589c83d93831f53e8170c44299d34e0af00f2fbdbcf485a8db1a30aeb20c9b253c1e0d5daa8c69e9d819ea56cdd7dd4da9dc6441c0e8e171e980af874c17aba547926ab441843190911427656af09274d70b00a96d0620b43d3552928b8f19b5c846b3e5029bdb11f6e28c40314ec3d23ace6bb351f0072162a9295090231d97a921b42d4d38d9ed8ed044ce6d6214026728b019942ade07cdd0354990c73d7ecbb7fa305511247d14dfd1976c155eb8e9ceba7cb483b30949bd4f49c7506e6bc21309b9d19e871cf79f342df7a57b0863624907f6991687538106daee2d279ef0b7507f95446d0f0d5e4652e08338e207f48550aeee32d38ca4fc05daf96c89453efaab2c22cbd3c7b01ca200c241c3821748309fcb6ee393922322540e29923706f461bd7d7a95c8a4f2ee26392b5cba17cfae7da33ad58312b867c4f9c35fa86c2ede75d52d0a288761be16086a82e7cb6f0bd72f7c607821f13ffcce87ced6cff3c01a8282cd2ad9d34e456c50ca96c75b20c956ba3c7b1f35310156ada9702f65b6160b550f0373ce84764d5f96fc6abbed471b7aa00345cbb17e0c27729edf12401c93e7d8d7c0b42dd5ef6109cdbe4de79d3ec231a3c1d226d12f8f3a80bae9445c23b19c1f5406e3148e54625b13a7f261281bbea6c9e9235d84ba05174529601c82523612115d692df5c47459bae89347380fc3f88ebdaff420ee0925b3b042ea79ae545495396b41096bc9c74922a12177de54955f4442b2e3b899ef96c98e33a00b8d01dadfd30c28f951518f19923be6d7fd3ffcb9a961b18ef358eba47be386630333f124ead5b8fc21786656f14b749fa9888ca09123ae07c31e6aa4a73dcd6dfdd13c638a134ad978dd058db0b49f2a5ee75b88865be1928ce8a32406ad3240935666760309dea45785d570259ef87d3e90b3fa1a9c21f2a628661ffd7279ab0bb42aaa36a21180fe7d9f8980463d48250e29533fbdefa42a4f80a350837850b9142f0103759401ca08ec6d3b346345134548a597063126fd831040f42a3b16aa8eea9756857287222ec85ebd8bfb891f06485bee306a748f2c54ea3ea46cb523a3c92629c553d9d8d7df2f64c59d83f811a3df01bbb0742edcd003f340a994d5f4ca8d3ce82eec1cfc399ec0274a285e0f07b4ce0133c7e908a20fafd6a8f6e45c854e9a2d999395e7dd3b5269165aefa72ff6fee34242415f7211831416486759a52ea153647189da679b4373abb0018ff45fb7993cdd107fd2674a2d2f35f303da49afc0863e4ca3b751a2aae707c4a50ecd3bfdcc3e4cc3b4b3e5facb02a5c6f272102206a4da729772f72defd9242ca66aa6052adf56ce715fa402c90a73ffe17899ac0db93af1aba16da73eb5ccd94a61035a223e71f96da384478a73498614cd1be466c822683ffd880fa5db19ef5a9c1663ade4250240087b5172d361e0ba7530dd9274414e793b887d679e58e476f0f859558d5a92c1238c88773aa24d1887f3900f12d04183c3651b5c673b9fdeeeebc1a33303612699bb437a803b6f6d71e1c3c5a821a4f13556e7e66cee73193543ba1ba2b848982026cb186bae85e19b38084e0c098b811433faf26bdec69ee8e1850cfe6120a4f5cee47f39b2dc6fc76be0928d2e9f9864a231052d74f0bc84aa604e799638473235290dea3bb5c9f8a3f4f9edb7b21aa5fe5a99758b32668395bf2ac9c245163fafc49becaa6090307df1dfa2bc5c5b2113432d28f2ce8768d37a3e9aa1de16b24e9fe7d10b324f4d6be1fe7ac3476a93417dc4c804fc812f693dd70df089873d7001bbb0904499913e27e3ac61c48bc04fb99998e18a33f9321f82bcc4c2f2c9be01cd20b288e67a668c5a20964700fd58f0ce8a7febf2af8e25b60c95e08178eda03206f6263734745d48c661cbc0e325b6cc9a8783cb5ba14c3755d5758e2fd9c39d090fb89943fb9694f37a9878fce5c44e117c5264e356e87c7de8da8f7555dd8fc85fa953dad10f7128fa9abe651d190ddd48ba913dc99fa77c96d0af483b4b27e989fa3e56b144f3e46174749a9c4b84fc926bacc8dce6363b4d2ac49db915a301cf316107d7f931b3a42ae05ab35b759c7c9fbf47c9baceef218ec3a64f4279202bcd1736285ab88b3e582fb95c36a6ab7619ff8b4a37204a3e77fa508e0d7f6a8ff66e925270e1b17f88fb7f6a5fdadfdd36ae409768063a7bd32330c318c40c97c303cca640d9bcae6f635f71fcb699f9fce9e9d488cacc1a04ea8545e263171194b80e93f5edd975d5de0988937b4bf550c24d9821416ec8a2d33c3597892d7a42f9fb3934c078a44fb017ac4061f5ee86a9929c5124ee863cbb05855cfef15e95d9587366fa4dbe6c9df491b145ca673d973e9b7443748a213479a8989a484db62b73008e48c9208705052f21b7155da3308211cde7ab2cf9949b65b5b632827406e4d02bf240c7cf3ff898ac8082c76d19428de3f892d34920af3f32942778eb672b285c47fc8fbaf366d75470ed10e851c29776d34fc3858b64e36920e1614012a37f4425d7fd581df9ab28830b9cf57a04517c3aa4f696c8ab44054c85406d662c31760bc397d6f53773f041b6da1e2bd747e4da7a9ac521b2fe58cec1cc494a55cbd3038e1385972c020aab671392c3224b6b02de62fd124e0a43430c8f8fe200747bcea332546322f5ce2f6bb8ae3c2c1bbbf1843a96196f187a61137ed4000f1ff771bb36873a14f553e77edc5145687e2a73902e3fe48b95c3b83bf09e720b9be43aa53f4b05592f753221cc1811cdbf37e41e3eafb7dfc9cc2ac7cef7e72b18a5c16243a5f67a60b4c63384e6575dcd4da8da1a574494d62774df2b1b48ea51fe0cf22d92af3dc84c10dde20a2930cbd0d8decd3e022eb1fe3efae84f3f03078a5b35c3382028b06766b34d0d08ef89b5807302c2f6d70f4e29523cfdfd51fd832fdeced6f07b06baa1c92400b530e6ff652c525a7d447aec116c84f2555431006f18d3ca7f7ee8a50444dbccd4958ceb1e41060ed5253982743a5d822515922c1c82675e7c7caee52321423ecf79697bb649765685273bbadac72ebc7be26df578a0f49ef68a6cce145a1068bdd498e9c48cbf200d7ff6586bf812945fd85d6c03e8660c496c1e100ead8cb3eb0a2ddd52034812873af1b9a2ac63c6144a0180b0886defc664202ac2194d7789847c3d94489effaa7cd75ea524c85e3ecbc3c89b6646b84bd6461bf2db1dc25ae45f95729614610b57d562955d930d7d29bf1499f866d344325069149b9d18d150d1ee36872e58d385dd669ae92853f2d91a7bf6474241ba8e838fd1f0c056408a35f6150328ee862fae9be2", 0xc00}], 0x7)
r5 = syz_init_net_socket$ax25(0x3, 0x5, 0xc4)
r6 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0xc, 0xe, &(0x7f0000000b40)=ANY=[@ANYBLOB="b702000009000000bfa30000000000000703000000feffff7a0af0fff8ffffff79a4f0ff00000000b7060000ffffffff2e6405000000000065060400010000000404000001007d60b7030000000000006a0a00fe00000000850000000d000000b70000000000000095000000000000002c3f2cc2b7956244cef7baf48e6d2885a09a87507ebfc75b5b0f4e4309ebcdac5f7a860c008cbdd3b4c3b7f28754860c9c781f6410457253e89ad528d985636a86ec0f68f59cd1159a2c2e85d726859a919cc9548a349980d1ccdce27f94bc074c27f81078545c146a0857153b7b8f00034debae58a4ab415b0d7ff0575cc272cd3d7e8d974927676468ff2d86e0ffac94792ed9cf6b40b3cf252a47c05ae8a70d57cc3e067d1867b54d24e20000000000000020009ebf84d3b042d6e432cd080e3b57239f0127473e6ba922aff649609d40b47ec331ccba3cf96f9483ff19a6471bf5abc742d9cbcfb964b11b31034694a6aad86cf08a6c7b2235dc99de9aa3e6b77c7a2877261ed32da90864987f30926c9013eec3b86836ae50447aa5a79f40c235000000453302712c3d8fc4e2b61adb0695e800000000d4f4e91f0000002c33df424d1bafe5725c8a404724f8a4f1cda7997b65954f74097560b91da309b887af2485c2d9ab09b523000000000000000bf7b2ff4602aec1eea200000064881c5630521a08e051374cf05c921a06fb7818000000009dc8d95e0e5b365d10e1004dae58b3b5b89709b0ff47b200000000004000cbef88811dc8c1b27ac7d9a6bb70f60eb9c01dd2fc79b85e4d961498f3a80131d21d856177a2189f45d011ef1da5c6d57bb8fd387ccea9c3899a914e47e82f040000009d81003f927355408f87264797d3fa970949793b94329d580500d1f91c0d22587e05a61e3d8576ca168e88d7a9af95b04a37c27bfffab9abbb31fa8c0080258cfa6d3f166e695f3c56490aeef464d9965d70a50f1282619344f223548e750339643adac1322c87ca253ff2fb1882760d6feab16bacdf83c11816dbe959ebc5ec479c8319f73e2249eab0486b110702a481d3b51976a52303056e800b4ae5acc2dfae60ab958e9f3ef9b4aaa4e8d6166f636a65eb1d672bf2000000cda8462cc9b16624998be65683321e970000000009b8e20762c1bf4a3eb6769f2b23e842bacd9c685edea0ffa3e975424f8ede49e61a4de808a38ba3512d64dc71867df4eee3f1ff791cf7c9862f98b45852e4b2f78721b978a2df2f2a29a387c6f0576b36038f819286eca99a6a434811cf2a117d775fe986a49fb82cf5f15972d5ab18f1045384501adabb20f7b0e15ff47f1744e2341b59034959a1289ba6e243668e6735305707e3de7652bfc5b60c76deff43a1d6fd6a4180ab723735abbeffe7f2ec3a0bb86f9eddfc0f3d1d503d7a54b49e1ae6c5aa620d27e91aa0aa0ed6fcacfc91fbb4c256409e54daefbb107c381fa729ff5f3907d93430da178d685d7730f5e129438a5214f722096d2986334c2576bef69145d3fbd78a9059e454474f92e65828b018174a9f4738b8c71fbdeac26ab95e02f9a847182766964976b1fccdb9f35721e43e33883cf16ed1343fb7429eb395123b0a4262b7023c22039b9002589a378ed4c6267965af78b861bd025312538cec97966b8973d4e299d9802264d06e40ae118e1d242d1128dcedeb44030df12ef68f78215d65f96eb55db8cbcb060008000d988374f85451a694ffe38a1d03916ff10dc82b31c98d42e1a1bda1290de1a499a5a385b31112a48ba3e6d6849914c1788a7aca37177cc341fff44fec5c5e0abae01c439a1b0311e074e81ae9993b5b3459553e4ece78d4c1501c70f5d81e0725d5b273755c0000000000000000aa4234ff82182952a76233d18e7d49638aeb04e7a9e9e7eafb7c255372795d2d192a0a33cab0f5bf2e93e0544fcdf2df2bc6ce96e5a11993d54f97a23754ac828674dbb93c0ad345715be4a13678b01edf76d8a923655800a2c88cce004505ab45d8f5f88aa887bbce5c18970428516f6099bdbb2cd7a2356397f1a0a23e662e2a6c4834400cbaa41c3c574e6e6aefb7a68da5ec1ae49f968bbe0e0bf9878516f553639f5b4828e92019b61f5874be1c7cdd9482df50bc24a8a1fa10d291390eb84e26a2e8dbeaa45604b05a116c1210a7540bf81005044273f5a8ffc538db289350eb248e483bd8920efcf30a798c2b636243e0a37262ca47dfeefa753ba528f7ba77e825051ce69b4475d7d714ba0c636e6ae9f710411d30ef424aeaabe057c7df6ff8f767bcd9012e1047c686f5ccb76ab3a5df53cbc22ba7ea8f6a8e220bb4d83de1e4dc19d6c1be841503850803bc2c2d5e0e34270a7f1cca0c6c53a8e5f891f7a793a70da62d6d88fbb90d220acc687931b42d6be83ab870da3c0a567f5e65ec0457f4ad2a4ec0b671b36388afd5520a8483a4b11f7d02a409315f0f9e59f47668d68a74838d6976e12fd45200014041dffacbf60892ec8bd7560686f137a806d3dfaba900b47cac62f828342fff009adb5b2251461a1b9d6ba625b8fe04e69a1a4be2696f0000000086e172932e03000000000000005942e1b9d6dc28ab8e19e1111dd893e801015642faf21eef40d6e7de3ef62c4bc5ff17e7aeb2841098f845d1cc9ec4eee79c298fb0ba939b13707044e2e9cc0d350438c1c8c6bb9a38c6ac5ca0d9cf1f3d6915f25cb26edfc28b3079b97df32601240e454db103fb0c4a143673a3f160d3a7b83ecd0509ce9eba0c7bf7843799b1b56a234f9eaab8a3f14f1472bb6aaeb8ac9ee4054605558ab31f339f6a4caf2ee2fd01f34dca3300000000000000000000000000000000f59f8e6e00000000c44130098d833a24000000000095e6f945ba9a941cef5e70b8c152321e24b5b29bcf374dcf5a29a35d76e6e2bf8df95462690a4fc9ec8129e92b6ebb4b40a992a75d3c595426ae40d0bfc87db24d856359079b29b3c374d081c300b2cfaa596d24e800ef8e2201f2fb7a9946f89f9f31f7cbd603fd7f8898c70b5c65f2e28f22e1a79a6af3a54861b07f124642e98389557affbdede09b5566a4a1ee73b20846810030a754acddcdafe3ceeeebc0b5f2fedfe7d198e3067f3dbac9441a9ab8409cbbb7e15b9ae3944097de34de2001c8533a3766e6e4c4c4702ccb932a27a3962814cd6aa8fc684beeaa3932efae3a9052be8eec1e95f6ad8d41dd34829503ba4b66e27154cb6e34aa13450522df1723130b6fe347c93f00e40e293c98d849a33f773c743728992f40faccd5c23130a1c6bfd6fc661bca1598137ddd1090ded672f5a48a40cab3f640c8241a364cbdd3f188eec7da7bccafbd5bf28a46f0eecc6b550471b0b0770c6a5a411c0e0b19e15a461e7c6833ba936e214b013f2819ec6572a43b5cd32b11d7e4f8dcf8f7820a17b7b2ee6178a03351dd25091e46bfd82a3979b9cad109fd6217cd52aa81bdabd50826a674bd16b8f7e6aed1"], &(0x7f0000000040)='syzkaller\x00'}, 0x94)
sendmsg$kcm(r6, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000600)=ANY=[@ANYBLOB="100000000700000004"], 0x10}, 0x331e5c6805043cda)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f00000000c0)={r6, 0x20e, 0xe40, 0xfd000004, &(0x7f00000004c0)="b9180bb76003070c009e40f086dd1fff310000003c0020010010ac14142ee0080001c699da153f0ae0e6e380f60115f683317585d7472ce0ab4439f0f570ff155bc5f73ba3f8bb99a6e8ded1ce485cf058105cd981b42493481cd659416a2e10c9119664f36eb00b333c20c9ec0c222d644bdcb178c1cc53d6960fbb842d6a33dfcde3a1e1848135214baf139753866cadcbe3ce52505e992818cc452bee339d9ab076f484020eaa348a21d7911e4c44905256ec2cc54cca47a198b00c10aff62a4bed43a2ebcad92743fb22c593f28fd4bb7c703cde9cae0569d4c8d9a823f2c12863f7a6c0cf88ed22aae4f6f084508833b61429a25773eedf63dd9f33d430f2a0a30a7761db16fe0f743b95ded898c28aac1256ce2751b3d738899b8b19d9052b7f13ff94", 0x0, 0x31, 0x6000000000000000, 0xfffffffffffffe7e, 0x1d4}, 0x28)
ioctl$SIOCAX25ADDFWD(r5, 0x89ea, &(0x7f0000000040)={@default, @default})
sendmsg$nl_route_sched(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000007c0)=@newqdisc={0x148, 0x24, 0x4ee4e6a52ff56541, 0x0, 0x0, {0x0, 0x0, 0x0, r2, {}, {0xffff, 0xffff}, {0x7}}, [@qdisc_kind_options=@q_red={{0x8}, {0x11c, 0x2, [@TCA_RED_STAB={0x104, 0x2, "1df872f69cd5ad2e80be65faf679fd0785e05c67e1d9d4b38a6a25ac4c873b68169bdfdedf99e8cafc45667421c8cc7b88b3378dd9a9465522abcb43b9248aeedfa4a311bb26e70ecfcc381a806b5e5f321c7367a5288f83f9623cd2f809dad054d3606ff723018bd84265e4c54b51670fa4fdb17b7882e7009f8635c9a2ec0a5e498e4b0c4ad7c501fc4872e7fd2876a42d852b0c542df1511fba83c1ff3faa9cc077c61649d4e9d9d4ccb7262b6137e0b65e06fa4a163546b5e3c79dce98e26d615e959d74e69bbfd74b775d0a5434291dd5f5a6c845099088d20c350472baf5cbe9fa6711cd6ce57afaae3534165ce0f4729ec1d36047dc650babf602cbff"}, @TCA_RED_PARMS={0x14, 0x1, {0x409, 0x0, 0x8001, 0x1c, 0x3, 0x19, 0x4}}]}}]}, 0x148}}, 0x0)

5.050813712s ago: executing program 2 (id=732):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000001700)=ANY=[@ANYBLOB="1800000024000103000000000000000001008c000400ae"], 0x18}, 0x1, 0x0, 0x0, 0x8001}, 0x4000)
recvmmsg(r0, &(0x7f0000000e40)=[{{0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000003780)=""/4097, 0x1001}, {&(0x7f00000001c0)=""/177, 0xb1}], 0x2}, 0x4}], 0x1, 0x40010000, 0x0)

4.932121183s ago: executing program 2 (id=737):
r0 = socket$inet6(0xa, 0x80002, 0x0)
connect$inet6(r0, &(0x7f0000000000)={0xa, 0x4e2a, 0xffffffff, @remote, 0x6}, 0x1c)
sendmmsg$inet6(r0, &(0x7f0000003cc0)=[{{0x0, 0x0, &(0x7f0000003980), 0x171}}], 0x400000000000172, 0x4001c00)

4.873367095s ago: executing program 2 (id=739):
socket$inet_icmp_raw(0x2, 0x3, 0x1)
syz_init_net_socket$bt_hci(0x1f, 0x3, 0x5)
close(0x4)
syz_open_procfs$namespace(0x0, &(0x7f0000000200)='ns/pid_for_children\x00')
unshare(0x6a040000)
r0 = socket(0x8, 0x3, 0x0)
ioctl$sock_netrom_SIOCADDRT(r0, 0x6180, 0x0)
syz_genetlink_get_family_id$batadv(0x0, 0xffffffffffffffff)
syz_init_net_socket$bt_hci(0x1f, 0x3, 0x5)
close(0x4)

4.412350102s ago: executing program 4 (id=748):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000280), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000002c0)={'wlan0\x00', <r2=>0x0})
sendmsg$NL80211_CMD_FRAME(r0, &(0x7f0000000c00)={0x0, 0x0, &(0x7f0000000640)={&(0x7f00000005c0)=ANY=[@ANYBLOB='H\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="010000000000000000003b00000008000300", @ANYRES32=r2, @ANYBLOB="0a003300d0000000000000"], 0x48}}, 0x0)

4.352825792s ago: executing program 4 (id=749):
socket$nl_route(0x10, 0x3, 0x0)
socket(0x22, 0x2, 0x2)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000140)=@newtaction={0x48, 0x30, 0x0, 0x870bd2d, 0x0, {0x9}, [{0x34, 0x1, [@m_sample={0x30, 0x0, 0x0, 0x0, {{0xb}, {0x4}, {0x4}, {0xc}, {0xc, 0x8, {0x4}}}}]}]}, 0x48}, 0x1, 0x0, 0x0, 0x4800}, 0x20048000)
r0 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r0, 0x8933, 0x0)
write$cgroup_subtree(0xffffffffffffffff, 0x0, 0x0)
sendmsg$NL80211_CMD_REMAIN_ON_CHANNEL(0xffffffffffffffff, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000100)={0x20, 0x0, 0x9c3fa077fa966179, 0xfffffffd, 0x0, {{0x7e}, {@void, @val={0xc, 0x99, {0x916d, 0x15}}}}}, 0x20}}, 0x4000054)
sendmsg$IPSET_CMD_RENAME(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000100)=ANY=[@ANYBLOB="200000000506010200000000000000000a000001"], 0x20}, 0x1, 0x0, 0x0, 0x20004000}, 0x800)
r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x48241, 0x0)
ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f00000000c0)={'syzkaller1\x00', 0x6bf1c2d5adba8c32})
r2 = socket$igmp6(0xa, 0x3, 0x2)
r3 = socket$kcm(0x2, 0xa, 0x2)
ioctl$SIOCSIFHWADDR(r3, 0x8914, &(0x7f0000000180)={'syzkaller1\x00', @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x1}})
ioctl$sock_SIOCSIFVLAN_ADD_VLAN_CMD(r2, 0x8983, &(0x7f0000000300)={0x0, 'syzkaller1\x00'})
write$tun(r1, &(0x7f0000000100)=ANY=[@ANYBLOB="06000000bbbbbbbbbbbbaaaaaaaaaabb88f5"], 0x72)

4.174209155s ago: executing program 4 (id=753):
r0 = socket$inet_smc(0x2b, 0x1, 0x0)
ioctl$sock_SIOCETHTOOL(r0, 0x8946, &(0x7f0000000100)={'netdevsim0\x00', &(0x7f0000000000)=@ethtool_ringparam={0x33, 0x0, 0x2e2e, 0x0, 0x0, 0x0, 0x0, 0x9, 0x401}})

4.018034118s ago: executing program 4 (id=755):
bpf$MAP_CREATE(0x0, &(0x7f0000000380)=ANY=[@ANYBLOB="0a00000007000000fc7f0000cc"], 0x50)

3.581084814s ago: executing program 4 (id=765):
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101})
r1 = socket(0x400000000010, 0x3, 0x0)
r2 = socket$unix(0x1, 0x5, 0x0)
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r3=>0x0})
sendmsg$nl_route_sched(r1, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000005c0)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x70bd2d, 0xffffffff, {0x0, 0x0, 0x0, r3, {0x0, 0xfff1}, {0xffff, 0xffff}, {0x1, 0x10}}, [@qdisc_kind_options=@q_multiq={{0xb}, {0x8, 0x2, {0x28}}}]}, 0x38}}, 0x0)
sendmsg$nl_route_sched(r1, &(0x7f0000006040)={0x0, 0x0, &(0x7f0000000440)={&(0x7f00000002c0)=@newtfilter={0x3c, 0x2c, 0xd27, 0x70bd27, 0x8000, {0x0, 0x0, 0x0, r3, {0x0, 0xfff3}, {}, {0xa}}, [@filter_kind_options=@f_flow={{0x9}, {0xc, 0x2, [@TCA_FLOW_KEYS={0x8, 0x1, 0x9200}]}}]}, 0x3c}, 0x1, 0x0, 0x0, 0x80}, 0x20000000)

3.506327766s ago: executing program 5 (id=766):
r0 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r0, &(0x7f0000000080)={0x26, 'skcipher\x00', 0x0, 0x0, 'xchacha20-generic\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000300)="c99b57381801238c09d0ff0f1d0dbd301e5a47b2f3caa73dcd2a6a370554375a", 0x20)
r1 = accept4(r0, 0x0, 0x0, 0x0)
sendmsg$nl_route_sched(r1, &(0x7f0000013a40)={0x0, 0x0, &(0x7f0000013a00)={0x0}}, 0x0)
recvmmsg(r1, &(0x7f0000000b00)=[{{0x0, 0x0, &(0x7f0000000500)=[{&(0x7f0000000100)=""/63, 0x3f}], 0x1}, 0x3}], 0x1, 0x120, 0x0)

3.382268388s ago: executing program 5 (id=769):
r0 = socket$inet6(0xa, 0x3, 0x3a)
setsockopt$inet6_int(r0, 0x29, 0x4e, &(0x7f0000000040)=0x9, 0x4)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
syz_init_net_socket$llc(0x1a, 0x1, 0x0)
ioctl$sock_bt_hidp_HIDPCONNADD(0xffffffffffffffff, 0x400448c8, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r1, 0x0, 0x0)
bind$inet6(r0, &(0x7f0000000180)={0xa, 0x0, 0x0, @loopback={0xfec0ffff00000000}}, 0x1c)
syz_emit_ethernet(0x46, &(0x7f00000003c0)={@multicast, @remote, @void, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, "122d92", 0x10, 0x3a, 0xff, @remote, @mcast2, {[], @ndisc_ra}}}}}, 0x0)

3.314874258s ago: executing program 5 (id=771):
r0 = socket(0x10, 0x3, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
r2 = socket(0x10, 0x803, 0x0)
syz_genetlink_get_family_id$mptcp(&(0x7f00000000c0), r2)
getsockname$packet(r2, &(0x7f0000000100)={0x11, 0x0, <r3=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
sendmsg$nl_route(r1, 0x0, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f0000005840)={0x0, 0x0, &(0x7f00000005c0)={&(0x7f0000001240)=@newqdisc={0x78, 0x24, 0x5820a61ca228651, 0x0, 0x0, {0x0, 0x0, 0x0, r3, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_sfq={{0x8}, {0x4c}}]}, 0x78}}, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000600)=@newtfilter={0x60, 0x2c, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r3, {0x0, 0x1}, {}, {0xd}}, [@filter_kind_options=@f_basic={{0xa}, {0x30, 0x2, [@TCA_BASIC_EMATCHES={0x2c, 0x2, 0x0, 0x1, [@TCA_EMATCH_TREE_HDR={0x8, 0x1, {0xffff}}, @TCA_EMATCH_TREE_LIST={0x20, 0x2, 0x0, 0x1, [@TCF_EM_NBYTE={0x10, 0x1, 0x0, 0x0, {{0x0, 0x2, 0x8}, {0x0, 0x0, 0x1}}}, @TCF_EM_META={0xc, 0x2}]}]}]}}]}, 0x60}}, 0x0)

3.096701612s ago: executing program 5 (id=774):
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
bind$inet6(r0, &(0x7f0000000100)={0xa, 0x4e22}, 0x1c)
listen(r0, 0x3)
setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, &(0x7f0000000040)='syz_tun\x00', 0x10)
syz_emit_ethernet(0x36, &(0x7f00000001c0)={@local, @empty, @void, {@ipv4={0x800, @tcp={{0x5, 0x4, 0x0, 0x0, 0x28, 0x0, 0x0, 0x0, 0x6, 0x0, @rand_addr=0x64010101, @local}, {{0x0, 0x4e22, 0x41424344, 0x41424344, 0x0, 0x6, 0x5, 0x2}}}}}}, 0x0)
syz_emit_ethernet(0x3a, &(0x7f0000000140)={@local, @link_local, @void, {@ipv4={0x800, @tcp={{0x5, 0x4, 0x0, 0x0, 0x2c, 0x0, 0x0, 0x0, 0x6, 0x0, @rand_addr=0x64010101, @local}, {{0x0, 0x4e22, 0x41424344, 0x41424344, 0x0, 0x6, 0x6, 0x8, 0x0, 0x0, 0x1000, {[@fastopen={0x22, 0x2}]}}}}}}}, 0x0)

2.994430963s ago: executing program 4 (id=776):
sendmsg$NFT_MSG_GETFLOWTABLE(0xffffffffffffffff, 0x0, 0x20044000)
unshare(0x6a040000)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x3, 0x8031, 0xffffffffffffffff, 0x0)
ioctl$ifreq_SIOCGIFINDEX_wireguard(0xffffffffffffffff, 0x8933, 0x0)
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000780)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a01040000000000000000010000000900010073797a3100000000e8010000030a01020000000000000000010000000900030073797a3200000000280004800800024000000000080001400000000514000300626174616476300000000000000000000900010073797a31000000000900010073797a3100000000340008800c00024000000000000080010c00024000000000000000040c00014000000000000000000c00014000000000000000014c000480080002404c82f47c080001400000000008000140000000010800014000000003080002404f32945f080001400000000308000140000000020800024019885f270800014000000003fd000c00a03ac330bf11a2145946e6d945deece8485ee69dbc29a8dd5dbce127f829a3adf5c4171b4bedbbc9b913a67b9ee679020f0200000064419faae0136b893d91d95b1174f115798a1abfdc06983fb83f2116a85a00dd35cdf9d8f81683e5e2ebcca132a712e0be44c12c02ac92fbbb86ed717ce0cbd6a0134f899e23ca6d2f063d26be86555cc0e9c7a25d77e6c0f4217794be96b5d797e3116d874c3adfb096e0567ec28bd1e4d8d6713109695f1f3a877d89d20e19304501aeb851d14c4f9b2d769d554fe5308810d19bb040c1977bce50b894f2c45a1f0e80c8256b6dcb072f9d91d94a67bba9f62eb2f192fa4b3786d9a774b99aa332dfbb000000080007006e6174"], 0x25c}}, 0x0)

2.893538445s ago: executing program 5 (id=778):
syz_emit_ethernet(0x36, &(0x7f0000000380)={@local, @link_local, @void, {@ipv4={0x800, @tcp={{0x5, 0x4, 0x0, 0x0, 0x28, 0x0, 0x0, 0x0, 0x6, 0x0, @rand_addr=0x64010101, @local}, {{0x0, 0x4e22, 0x41424344, 0x41424344, 0x0, 0x6, 0x5, 0x2, 0x0, 0x0, 0x1}}}}}}, 0x0)

2.745874327s ago: executing program 5 (id=780):
socket$inet_icmp_raw(0x2, 0x3, 0x1)
syz_init_net_socket$bt_hci(0x1f, 0x3, 0x5)
close(0x4)
syz_open_procfs$namespace(0x0, &(0x7f0000000080)='ns/ipc\x00')
unshare(0x6a040000)
r0 = socket(0x8, 0x3, 0x0)
ioctl$sock_kcm_SIOCKCMATTACH(r0, 0x618e, 0x0)

1.705675573s ago: executing program 3 (id=794):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r1, 0x0, 0x4000010)
sendmsg$IPSET_CMD_RENAME(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000040)={0x34, 0x5, 0x6, 0x101, 0x0, 0x0, {0x7, 0x0, 0x5}, [@IPSET_ATTR_SETNAME={0x9, 0x2, 'syz0\x00'}, @IPSET_ATTR_SETNAME2={0x9, 0x3, 'syz2\x00'}, @IPSET_ATTR_PROTOCOL={0x5}]}, 0x34}, 0x1, 0x0, 0x0, 0x10}, 0x800)

1.610280235s ago: executing program 3 (id=795):
socket(0x10, 0x3, 0x0)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000008c0)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000240)={0x0, 0xffffffffffffffff, 0x0, 0x7, &(0x7f0000000000)='cgroup\x00'}, 0x30)
recvmmsg(r0, &(0x7f00000003c0)=[{{&(0x7f00000000c0)=@pptp={0x18, 0x2, {0x0, @dev}}, 0x80, 0x0, 0x0, &(0x7f0000000380)}, 0x3}], 0x1, 0x12, 0x0)
openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0)
write$cgroup_subtree(0xffffffffffffffff, 0x0, 0x9)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000000)={'lo\x00', <r1=>0x0})
sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x20000080)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f0000000800)={0x3, 0x4, 0x4, 0xa, 0x0, 0x1, 0x77, '\x00', r1, 0xffffffffffffffff, 0x1, 0x3, 0x5}, 0x50)
bpf$PROG_LOAD_XDP(0x5, 0x0, 0x0)
r2 = socket$inet6_mptcp(0xa, 0x1, 0x106)
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000040)={'veth1_to_bridge\x00', <r3=>0x0})
r4 = socket$inet6_mptcp(0xa, 0x1, 0x106)
ioctl$sock_inet6_SIOCADDRT(r2, 0x890b, &(0x7f0000000540)={@rand_addr=' \x01\x00', @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02', @private1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4400046, r3})
ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000000)={'ip6gre0\x00', <r5=>0x0})
r6 = socket$inet6_mptcp(0xa, 0x1, 0x106)
ioctl$sock_inet6_SIOCADDRT(r6, 0x890b, &(0x7f0000000540)={@private2, @rand_addr=' \x01\x00', @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01', 0x0, 0x0, 0x0, 0x400, 0x0, 0x6, r5})

904.962226ms ago: executing program 0 (id=796):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r0, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f000000c280)={&(0x7f0000000380)={{0x14}, [@NFT_MSG_NEWCHAIN={0x34, 0x3, 0xa, 0x301, 0x0, 0x0, {0x5}, [@NFTA_CHAIN_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_CHAIN_NAME={0x9, 0x3, 'syz0\x00'}, @NFTA_CHAIN_POLICY={0x8, 0x5, 0x1, 0x0, 0xf5}]}], {0x14}}, 0x5c}}, 0x0)

809.784537ms ago: executing program 0 (id=797):
socket$nl_route(0x10, 0x3, 0x0)
r0 = socket$inet_mptcp(0x2, 0x1, 0x106)
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000000)={0x0, 0x10c}}, 0x0)
setsockopt$SO_TIMESTAMP(0xffffffffffffffff, 0x1, 0x1d, &(0x7f0000000300)=0x7, 0x4)
bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e24, @multicast2}, 0x10)
connect$inet(r0, &(0x7f0000000480)={0x2, 0x4e24, @loopback}, 0x10)
setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f00000002c0)='cdg\x00', 0x4)
sendmmsg$inet(r0, &(0x7f0000000b80)=[{{0x0, 0x0, &(0x7f0000000000)=[{&(0x7f00000004c0)="3912c1d03d9f66103940872256d8995b00c720af0cfa51b2b3b1448411fe107e64af467c85a200ebafdbee2c35b8ad1677fe7bb27ca22acbe83c449484972354b3baa1809633e690474a9154f95bd6874f20a0b290c590d44a9f5cd01414544ad719b82a550f2a7215e33e2dfdc1ce61a75637323b8828c5e5ef1f77b3d93114d46ceddb9d976eea7e20bb95e24e1e8b9974397bb8d73856a38618eac0ab333267fc833503b4df7838f5e522192252f4fd72ae45d21b55414a82ec84ff620a1ee2fe4691573a8afc79adaac5f0618cb457b14013f9e048cdec329a9e3343140213a41330b43e3290ef836c8839b303f0639a7561361247db2646977014051dcf3dc1246225f9aae3ca02943571bb39ecfdfa5b9ebc30a0476103c6133c7da6313848373c719a1f43ba5a765b8aa97caf7717fa063166951aa4e72d5616e6b42d6866fb308970430b2ff44c25b7dde2494389d1717c83f83ac7a632da0472bd6b0295b9f1fd1fc43099b1062bef744785158264f636cbf13926e7fcde7ebc1560a20961df3286df51b246ee7fe9474a8d51498bd90230bc89ea8dccb85035edd01aa93ed2f82297c3c3703990cb5201c7b92a04ea7abf9a36a488369142a9bfa42664d84860974fddbabed7eb509350917a3bbd427fe226bd1dd3420a7d71160b33a41a3578861d75e7e93c22ee94e9594258dc1883c2d749cad6e03b767555610c200efb5f104f91be7fb2513c97f3f279da2baedf7f91ed97ae33edef2ab348dded9df075b1ca5855866843aff902b6678075cb4a3d988ffd8ed61885400d1bcf6dc38c6be9b6428d4eba30711556510eb41b5c04590f11e393317a4fc938c0bdd7c344d58388b39ecdbe322344c5ec4ed178e1dd35182a00f3ac345bfeea9936b6a015151332962bd28c5e1dbcdd825d51c78ef6db73170d9cfd47f2ca210ce8c103d37be1c61427bd3cf1bb5bcf9888f6e1631f404e59b3c3c2a51f9cd8e0725459f9a531af19e2b533532f0b66fb5e9614d0895d35ccda358ac482a824fe67165bdaedcda5ddd86924c4fe5f22a043f92aed7a105fb54ec323273e660c6227fa74b76c2a020d42f167891cbaf960fc0288547f2d31dceff3787135659a65878e5df65ce0004104a665098be576ebaf3733b6ba57e40f40ac74aad7d8b41db0f55513389faa84b1ce0fafed7018bcc5a687118bfab115b7c4163fb22af534406206065acf06066a5fb65f0b928cd25838c0c1a7b06bc42e622f502e515b87426b2a184b593bf35a4d454dc56881bbda1b9350f956e086196447a5052288aa0556e638d292bfd1abad58ef5db98f92694b30c3eda5b25a44688b24eadf579616c034ef688fad705c3dc99aafda0f7bbb591fd20e0ff96e8941188b9676b833aa91ba5ab1cf7acbdf16f14c843dd3cfeedf8e7628051f361ba32849", 0x3fc}, {0x0}], 0x2}}, {{0x0, 0x0, &(0x7f0000000b00)=[{&(0x7f0000001c40)="0349", 0x2}], 0x1}}], 0x2, 0x8010)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x11, 0x5, 0x0, &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f0000000340)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x50)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x1f, 0xc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x12, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
shutdown(r0, 0x1)

719.010719ms ago: executing program 3 (id=798):
r0 = socket(0x1d, 0x2, 0x6)
ioctl$ifreq_SIOCGIFINDEX_vcan(r0, 0x8933, &(0x7f0000000000)={'vcan0\x00', <r1=>0x0})
bind$can_j1939(r0, &(0x7f0000000040)={0x1d, r1, 0x8000000000000003, {}, 0xfe}, 0x18)
sendmmsg(r0, &(0x7f0000004300)=[{{0x0, 0x0, &(0x7f0000003480)=[{&(0x7f00000001c0)="9d", 0x1}], 0x1}}], 0x1, 0x20040855)

602.362041ms ago: executing program 3 (id=799):
r0 = socket$inet6_udplite(0xa, 0x2, 0x88)
ioctl$sock_ipv6_tunnel_SIOCDELTUNNEL(r0, 0x89f2, &(0x7f0000000480)={'syztnl1\x00', &(0x7f0000000400)={'syztnl2\x00', 0x0, 0x4, 0x6, 0xcb, 0x18a, 0x29, @ipv4={'\x00', '\xff\xff', @rand_addr=0x64010101}, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02', 0x40, 0x7808, 0x80, 0x3}})
r1 = socket$inet_udp(0x2, 0x2, 0x0)
ioctl$sock_ipv4_tunnel_SIOCCHGTUNNEL(r1, 0x89f1, 0x0)

454.893343ms ago: executing program 0 (id=800):
r0 = socket(0x10, 0x3, 0x0)
setsockopt$netlink_NETLINK_TX_RING(r0, 0x10e, 0xc, &(0x7f0000000180)={0xffffff, 0x10000}, 0x10)
write(r0, &(0x7f0000000000)="240000001a00590214f9f407000904101f00000000000000000000000800040001000000", 0x24)
recvmsg$can_bcm(r0, &(0x7f0000000180)={0x0, 0x0, 0x0}, 0x8000)

366.957574ms ago: executing program 3 (id=801):
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
r2 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000280)={'wlan0\x00', <r3=>0x0})
sendmsg$NL80211_CMD_DEL_PMKSA(r1, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000400)={0x28, r2, 0x1, 0x70bd25, 0x25dfdbfc, {{}, {@val={0x8, 0x3, r3}, @void}}, [@NL80211_ATTR_MAC={0xa, 0x6, @random="bb6d98cc162b"}]}, 0x28}}, 0x50)

310.347285ms ago: executing program 0 (id=802):
syz_genetlink_get_family_id$ethtool(0x0, 0xffffffffffffffff)
ioctl$ifreq_SIOCGIFINDEX_wireguard(0xffffffffffffffff, 0x8933, 0x0)
socket(0x400000000010, 0x3, 0x0)
syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
socket$unix(0x1, 0x1, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000003c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x6)
sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000600)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a58000000160a03020000000000000000020000000900020073797a30000000000900010073797a30000000002c00038008000140000000000800024000000000180003801400010073797a5f74756e00000000000000000014000000110001"], 0x80}}, 0x0)
syz_emit_ethernet(0x3e, &(0x7f00000004c0)={@local, @empty, @val={@val={0x88a8, 0x7, 0x0, 0x4}, {0x8100, 0x1, 0x1, 0x4}}, {@ipv4={0x800, @tcp={{0x5, 0x4, 0x0, 0x0, 0x28, 0x0, 0x0, 0xfc, 0x6, 0x0, @rand_addr=0x64010101, @local}, {{0x0, 0x4e22, 0x41424344, 0x41424344, 0x0, 0x6, 0x5, 0x2}}}}}}, 0x0)

252.198576ms ago: executing program 3 (id=803):
r0 = creat(&(0x7f00000001c0)='./file0\x00', 0x0)
close(r0)
syz_open_dev$evdev(&(0x7f0000000000), 0x1ff, 0x0)
syz_fuse_handle_req(r0, &(0x7f0000002800)="d1f89c14e7f8640b43b1f1d1e00b2b0b3146d223d281c321953af4ade40d696d07f4b7d2ed1c1fd5691291056351901df48500519139568c88f49bb32801c2e3e2932895f1eb24b30efbab27313a3acab179fd6ce1f7150b0f0aae8cde4dd46b4f63cd60f647ea9bcf83f107e981a050f61f5d1bb5c7883f93269bba25e4122796c0f88ab27d913586d055f8c977ffcb05c85210f93cbad91499fedb2ab95e06bf009e54b422f66cef043560f4d77ae5c083cc67fcb0d3f10699aac8cceaf6d3b8f32e15555924edbc42b4ca3d2f4a92f5d30c18176c3abd17db4de2ef74472ffb637dd07460aeb7c882811c089217d88cbb5eec41d2be903e1c65cad2ad742f9ba8b512adab575f89d539492034ddfe4fd28205c8f27c52f0f631703d384634bfcad149ea9e842125062ac67006ca474be31f708b4f4f1e0c97a4eb2f26b671e172e251e8a6e9e1510bb74931aaf6b6ff84f8aefd63591f18f2ae8028985d78fcc5ed2d57bf595d3068e904387eeddd19bd359721a432bed0bff033cbca6acfddb6529fb11290bf1563b45034bd9b6c331091efef04303ca9942fcb64e56f3ff74d610e14c8f8a87e41582aebb272e5d6e945fdc7095bd181b93f13ddbdc18545f9cfc4db7f134c9ffa6add6727ab8755a06dca23d24a67658fda84321bb97fc475ace3b9912dad73f0ee6c8b2d6d58d7328ca63d1aeceb22a419fe4ec4c3b943051e9d276c559c33e6a45a97813bfcf80c7d79ebe04b1827878c4c8c2da2d598f9f3e444ae82f142716827dddcd94f8997d88a30be2a76432641125e28d5a0896b3e040a8b6805abc98da90844261468826b89f6cbac8d7b5eb6cd8a23f7c7ae9b99dfa6616f9dd10ac48e8c53a38ebfcee8c0ae1be1ee982515ce12a1ebf5d2d19022b4407a9bd062c453845ce75f54dd07e3d8079e19b3b116dc51f7a07d005ba682da13b73e3854bb60059fb021b8f4b9430629d408b32ccd3678bf1dc149a3493c44b2a52a5572c128957e0db8a4a214848b64bea6733bb48fc17a4e42474e2b1f47b507d038bb87a3fc32e7bf471685a61f736a414772cc1825e9342c58768640c83486dbf058050dd6c8a9843c106d1a4efa5e5b36deae71448e55f4ef2721d2d210ce075bdc52c97bd6c097a9a4120a507f6c99cd9054579c250cd5b207684deadf75f2f8c54349a57500625be7577fd6c81ca72111935f577c74c2bd1e9419344e2a3563b5a7d6026722469a30a061d123b45f93027a01c7d38863589118d25e333c07f5c3eb85d4dde937d8f1421b72035f8733754ef4793acdc8d1362ef08ac1e9f0246bfb478647ada002f809a3e63433d031e6d5e4f86218ace6a6221103608705719c3106b4659c377f7e3b6ae1777075ea45a68df2004deb6ef742c5971c23d409278be94c5de68153d93d1a2378f1b1656786ec896b72de0da8259a6f181be8829f9cb7cb98ce0b169e734e4a240508952f6ce3ca984eef7e0cd549996147fe56a0bb1598f015ab955df145a51d783397366084e53455840d5688cb9b7d2cdf8abbfcdf850a7de4073eada567d6ca989611c4910e692e44677a857eec2b654f8dc66b2be192786dce3b9780f9806652bdef013304a43dba3f8d15e5105414f6d1fb2a57dea02211fa311b489088a9802e36d649ada97d72a216f54ca6da090a51c01f5638a04f364a3cbf24bb374f644fda38856a7e0f5c3c9cd7b00555d105daf57561379cf1d77bce66d12de44f202a866a43a7a05a6e0910a1f0ab5b1341d8ae992ae9d95fa2c876db1bcd3635d7851f03dde1eddae6dcf95b182edab72a0521c88c8c3a8c2ad3c6ec2cc44321ce1550d51476e95a18ae5fdab801ef4f5a7a56580261d850f392929061ae5808ba390b2f7d8fe7325df9c07c39faadeeb0ee1ed95db7ccf49c9b93fca83e06be745156d422c8b936d65b8e7e76d9eeb2bbf19c1f9a59b8ee6b55d594d4794a869b2d3b37b0b936866894f00e6a90c788c22e0fb87d0ac53ce75e519765647deee2862552c77ceb75d419627e0627067ba24571807cbfae0bd959fa95cb14c2812a1ce41f76d2ad620c55df55f473e56cb219f7b13bed8cc4a98dddfda9d3b9b5650754f73c34bf00496993a1c4056aeb44e4160c3e2090d733604b2b13f40ae346b726a31365b7a230d8f66665dcb726594280678a258f8ddddfe69d424d62abe910db05c0efa5e773d0f6d8ef8c4c49926b46568a7a1321d996eacabb2f716539a020e34a02afc3bfead458287dd22c11e1c5f57cda7668853637dba0b2eb5e5318750b63c829ab0145c02d6bc05aef4113ee0ea0ba97c44d74cedcc89adff648eb5d7fe932a7a76c772b1e2e36c148dd3be951cfa0cfe11bc58635b38708fa1ff88f949eb15f4a4a3de71c33e2915c799d8204d7d1f9cf7c13c608e6ddf29e12b409028ee5edf37353df7982f67a120ff1871001094b1a3148ed5f4f75d9372aa21b2bb6e02b470336a2c20efee8af866032acd6dc56d1fa7a84dc314cafea1a7bba5fbae89e037a4a5597d2eefd153406d67ddbb3b4eeed6d981b229c2c1b76347b05d20835ecc979b697a2981f6785df853d3d5ce07c624136c805d4dc6c7419d68afe2ad4822aea38da761742b33de8394bcd2462518b35c6ef265eb2a9b130e5a3d669b55d457f92500a7b69156475e001989d55547fc831edf2afe2290591e902858914af73ad4e87ddb8ea3a719f435fe1c2839a39fe088ccc863e7c82e96b66e1b6d32ddbdc42bf2f6076b9e93ed2ec4b6ba6fce5dd3a8f5b3aa105aecf72a5cc9108d02a0b923de2d490ad90aed3a45c46d4594948e7b3f3cc7d153f4b2837ca378fb4af215657f016fd9c66395b98357c1d12a655ce07268beccb35acb3f928c1522bea5df98a0337c751308bfb361e68f3775c75e020ac9570283119264d4f8916c143ccc28d8e0709df356de6b6f35fccde79a677606b5b4d846fdad7c271fc5c2ae5f5e2fbcd6fbf21508a2615ab8f0208e276164bce80fb886b648b4cb085c7922a829c2bccdd850cec329870c866f7923c2c1cd59d6c2653263f7aa1f13d84c82575a021793ef875954ce8737c98abee465e780ab64f1d23da92828e62908543850e5730099eb34f5e47dee740581f596413b8e2711bbfc9d25e4a35b57416a741a60ba650b52ae2189cdd125f64565544f9e75bd8c2cbd898ed2dbdd704ee40d1746715eab4155a51289cf7d89a19ab7a355609dff8111c94f6cdf94a94c667508d7201eab7e86569b8b08bca2291cf3fb166df68f6d6da05398e8a1c0c5c66ca3cee621727a77f19b92927569ba44709302c1102683f338150989d971ea6d0151b69865e540ad4e5a186ad9fc8ce57a56ad114487c5ad99c0beae0fd49927c52380de839cc952f8e41e167006573b4ffc39ebec8f9f9fb4168386a78fe52c00cf3c3be6dbcd4ab32ac7cb8fdd1bae70a5c3da6f555aa6c8e6bd7e69e511bd5d87e39ee21f9035b0b14dd50b3c4e211794bfd7e8fbc48658044eab550f6b564d8f663c25ddb30233fb260e2d30bc9956f7293fd5532df2f74019f639c7313ca029280c513c2fc3c77dc4d0e7f5a9f273fda00349c28319743bc8f7eaeacc7f487bcf5866a55b2fa5b66e31964f090ac448a1ccd3b8cbc9735db5d7d1dd2f2bcdad1ee48b4f8a36688d8ddead1f166a5afb2efe12e943ce6ca41f1f45fe650536860881c28ff04a66ddce9cd19b4304c26e3238f114a1f4080999aaf6ff1f4b8b59ef5d54c10cd8a6598420949f1c0eff13259ba7da9f4c749b58f31f01627b780c2502cc6d1d82f68271e2bc945ddcb6784532e1aba414385096eeeb45afca0ddec570b16b476fbf7b4818275a05afe4beec9086e1c816ebf96608ed57a570c931577ca5b14c9359718b4b31b4789f291f5cb012f832e5763ba53521f58d3ee0a10930d3b4ea7747c5c751cfb476159287a9d371530e5d7cffa6ab09f049d2435960b0ad34f7890df22a3cfd6ce052b08409e67a1291f8459a59b988d7b97d2534f306d83656fd43313eebce1732837b6c22dc60a80d03c54b695b4efbf31381916c7da9644ef8e0f6739c98e7892ca89bf696715391c989c3bd53362e01b81d998e50e46fab088f9312465d200c034691b7e5dcb22ead3c3f3225f16a5588b2be09470e225290d8073dce5cd955d31e7acd452950505597f01c4b54a6f16f2e7d00ab182258f26e40bb70db783b2a10aae019f87708e1306e1957fcc081dac3659d603d4044c10b0a1fe61f4482e56d031d43fc355100a9dcf822db16d0895e554b439bd032e6103df725123da3fdd4a48b68863e6bb36e05343136e171d39d86168be30188bf1ebac4a1d748115167033149ac61bb4f8d4cad7f4c68c32de226b03fb42d24d5e37ba886fa357100644e64d869f6395e3d6d3768a30f53e2aca3688408807bd4818a2c5150f8ee770121a4a6402c7dc334a9ee5e876566d19867e45d4bdc73477ff7f543a23f38d5f0bf666219b0391e66457af4238c5bd9a05586333556f8972aca1def4507c4b073d1bc1c3051f0bf34f71673ccc1de9c69170c9fc5299ac733569cfde6a7bbb3cd60b601cfca16510bf7fbb26ffab3b674000844daf55fbf4ab48eade708cf70fdf901454acc8cc95c63fd2ee771bffaf19205e9a119b847931bcfb4c738e39701a3882cef4ff47b46b72ce26ac207a1ccaa253cd3ddae2b2eb61d5b9b3c8156928a169d7dbb2874b884c3b2097cb8ea92ce7fe70af90514c11887df33c4f7ec3d3ee6c327e7129b0188b0ca8c777451b17d8f489d547d711404bef72d1914f66a5676e9d716ede8c4282526419adb31d071d241db47a58bb55ee6ebcb67c82765a25e5e6fedc4c8d1d9b17e2b5bac5e0af3c63ea870ad8c5f9521390b660fc735d331e6eb326abde284256cdb381b4651d05f55807f4ad1b5b883bf6b55ee87285fad8de366f3248ae0b9c32bf85fc95d5bc19a716ac2a5f41e4e58d26bfdfa582be5d506f9929bfe7cea70184c81722ef7300f779d5d64c08a225a083d44ce75ced73f3a016f5047af67245bc8a81214024e905f383252cc0228085aa5fc184cbcb41db3eccede89480e0a1c1d1754cc3ffa53edc27c337ec86ae2f68c6225edb0027c1c5bf9aee1b94b62f6144e4631887272a36add32d908add308207559064cd61576f917db864845e5e89efcb27c80d259eb6fd5fca398da0c7e62fc423511bb8eb3969732c862de33448e95aa5e15d2028b84b3b8348a50abb39c5c10ac7fdc2034d1ceeae9870dc4486f48ac6aae573a775716ec380ed57665b9bf1c77f6869f720e428f8b94170b14c23786ff1cacf95a66ae631c70245bf264ce5078c3bddb4aaa7928eb6f1261d52e45ae5fde6f1b3bff90cd560c6c2f77ecfcf553db137051685c925be70def2be6c9bdd5825eac58d4c892a6d4ad5dcc078c6582ca140e5a75993e5ab7b487f31e5c601844f18f13039c099317f5e512eb9e054dcd8535106a9bd8977bf74254b68753b7f3a9b385d4a38ccaa17e029bd9ab4ff9b9b561b2a7e613ea05eb18a50fc231f32b79b9f32514469193a3d12269f58f3c932e501513e48e81774ad389275d9f00b4f8c677b8bb584b503201f83c7ad2e934e909f9ae1fc540f544dd2327fe1d8e3bb86984a252e2ffa88e2aed6d65a302d1883e51654fdb046d35270130fb9f8e4a4861d7278a07ee627fe272dcf99d294d7b1ce72f2f804cddfe4fa7aeb2c9543ef2665bf826c8ce0ca82dc7d4e57b7181b55a5d96ad83417b79376793235ed5a320a3ffac3a025aefa669450a6df20d830042034c0953836097c9461bc0d9c1446485692d1b9d5c991086f3f118a49bfe2a0888a5af8a868d880e31946dbd0c7ddcfcd27dcf5c62c9c5ff8fa9750d129f32e3c4f524eb3c31d5c9cb33fbcf52384a04a9f4faa216020e45be91181efeb7393d96b1f3ad8e9fadcffe49bec1bf36e70c2291475356ec5a416feb5d3b4f1331052271679d1186b338163682ac5b6bb79c64d6d0f8ddfec84d0d9870f45a64413f529c8dd93b358e66c9da2fd233e53b73ae2761f363ee69a38a0d7320a149c90c086e6a426abca5c461088747a2fb5006919ad7640aad79b1ec03cf6f49206f37382ad3105fcbd0e08d00815029d8cc3ca16472e58226f1def116bfab456c32a2a2323bb5a661eacb3b7c915d1eaa8c5aa8b1bf25c3a7bc9a2e047c499d8f2fbf2fe25606fc7f0ae5a539af68830b1955f82962f596e2ad0feb3e99b1982ffe3e553f102b4360b8e1d659575a8f713b8bb88d97dbcfd98f91c147a97e896646a47a43334569da8a01541b012063e0465c4122cb96b57484b0ab8c5f0c8f346c0766be69decf4e3ebef7f74f153ef8c6b6e9c5fe224e8f995f11c1867c5600cd7a345afacafec9076d4ccfca741fd41e445476d31f7cdf06b0d0cf596c755235408782a5e37abeb1f2dad79c83e59a1040c4b3b6a5a2acce9df0ebdb607c9c0549a4b16028595f7a9cd9da115dab0189f3d98b0dc2b8ddf6be4de2b38421a2071d91f14f8752c74df31fecb64de59dce09da2c3a1a2826446d982509baaa89b76379d8320bf3c1f76448e0ddc0889fe57ba756ab1403949cd2ca9ab520fa485576eca5acb471002a14a31e8d7f54c8c3edda8f416b0ae9d9fdfc445b54ed8fb34ed7c1d11b3c57a2c5ad92217ab2fdebafc195d09fee7a518e027ccf9d2e8de8cef1e0ad52144d82b65519495b8a5c314e85361adca8953dce587cf461a461dc9bbc0eb13a54144964930d80d8b4a015676f3efd10ccfd0ec5fe64deb93b5901b506581461bf2aaf04fa9f8118936c5e67e1cee60ccfc4f011ee2812eb9716af42b22c40d83c55d4e4c4838826cc34387a2085aa3e17219c78255ace7bb1fc30ec80676449084744c0887dc4e7696d25a544f3e4b365cc6ad800931d5787be99d678347ea4d6cdeab5662f6cbcb5fa80590e513c4ca96d73d378085026e0e7c71d968a670aefd48519e35beaeef9c67506db6f9b3edb62ef1b3b52b9c2db876b76101644e7dcf5a5056a8d916a0f69ea5bf096e7a4c2f8f1d0da29dbcef9d2ad1b82179ccd0ef95006b7a1d542a847e3e0f864d63434c15d6de4fecad18b788a867da5515e3d51871417bfd783d2dffd852953ea7113d3a61aac3c7c1a4efb449faa928456eb570e62d0ff9542a971b542d7c1fed9d633eb4a81499c105d0f73c5165badb54b0e83f8192d3d51d46ddd9908b04e9f57d5a4e6b65affee3799ae7cc51b4098f71e8ee947ffdeee4fd03095536376e1281ef8158fd1da4a39aebdad37fad75f6217bf45bfad16f2f1a80f5e8a3eea1141a56beb91319fe948bb44350a6e79959c140a5dad9955fb287aeba0a8a45d1fd8d692d30c96d01c9100e417082ae6edf62965fef7e190af60a99145925a307d1e11534d2a64484be3c6cd642432a2db66ba6d3ab1b7ea645edf4e54623d2ba0619bcc2a917cc2df8b0dbed096951947445ed5f08c626e1f9a5f566515bf106c48174f73587314b513962ed556fa7f16d8c6a953bcdda72f083a9b16357b3262c13cd500dfa09cc3d09240a7338514031768ea3053caa5166c8e4e090b3128464a88ccdc751d8ee1b3b1098997c9eaa2b3a13a47e43723a49e5d011dabb22c0d9605e48d5e26b90a47519536fd77c5260bc713e2b510fa6da698069f6c1df7a72462399d7dd288be19a0eab18adb072677268a306f19685c2d813564bab4ac90b7389c2fb87c0517e769577c081ced55572da71b40d18e4979b6b6290afcde4caa610166920549286dfa80197a10ff074b08d6b96c97110e36742fdbc5607f4c48ea9dd53301eecb5c25fce4eec9381b84e6b5af767c5bcca600149a3021c3f4aa237a0143363549a705c5768b5aa6ed51fd1ca9f0f9dd242f0df21f7c3eaf321fca97837d989ca101b5462d2dc248316c21339cb2b4e3451bb483390c09c958d474c6df2f2eac208ef704cbae5c9f6597c19ce48c4c9161c1b14622ed824b0e8669cbe6746051729fd2fcabb020190764a468c58ce369528bfca46cf8ec51ab69e711a53c4121476d2a5d2ceb19c332a5a86a52cabb246d2be739f361d97a6efc2c1d408b6f079ff5cbfdfa7ffb5da3af4611e42f876a44f8180ebadf8efe05645f3326fd1b1bb7f82753ee13e25c406469a6b103b9083ac06d590a48543240bca6e467eafc7069c97aa93a3a4ef61b6043383b6e990d174637d695893bd910f217c9c2465688eccd8a171cb5270fca2e002261f2e3e595f3484b67c0bbd7b50ea53a470e3935c0eafc6226521f0a15fc7cf5494b67fcfb705019a86a5972a9dd285bc50985947e42ca8519de25510db7ba6553419d4e368fe56c2a7acec8e77cd734f557a0f1b507e0869d2d5c9913c52fcd78b42b8f59ad3ae92226e292ea4439b5486629b739f4cca3d7f21cef79045427656fd1679dc5ab23686e13500dcb6284df60599ce81e2570d1cd5c7c2e0026640177bf1395fcf6e999acac08e3a993c3700ad891b1a68d5efc32a4b4f9cc8841e837e778c2500eb6cffc1b9970b2adf724839c7711ebbb2ee3e55f7aa97746d7538153589deafeef63eee6dfbd43fc72e0b763a0e4709da3deb26691303e99230a93c490029383b322099363ba3b2f76b4773c0c43907361b578cfb312cde55ea6de2f477c351ac82786d15b52f08a42385b2a3349116d34f8719264f79082d7c24165423a8e6764c53b922a0b3121cbb88976e6f53c455be77521bc1ad4997135ff24c520b2fa0002cbcc8eb8ee5cb33b1140dc811ee36816f47f23ff0b77d6680d597ec2fe77f5bfe1bb75c3eddb2356940c01e694da66d1c4fd78f7df5857111c01bb5e9954585e54086af287dc0ce861d921b378e9a2a9c9c5a37d9812595063643b1dae4afa57d884501ee0de2d7e39692ed5ecbd2ba1d9bf4e3f291cf0b1dfb809a2f915ae90bd5fbe76d5848752c298f34e69d8e95f6f3c8a8ef365d0927811b8a90c8f58836da07c058f71b01025af8c9829f761d71465d3d813e1e08a7d8f66dcb0f98daa19bb106fb9b25d49a35e8900e6de4502668cecbb9638c5b0d158317970e802be345ab3570f6a452e18da421fb4957429ec4b6c481b5393be9c7f1cea3d77ad1c935ce6cab01ed08f7f24e5b01d25105211d5e28b25d3a5fea30e3c4cd1289bc2606728f127574cdfed91d7c19d7381c3e532c92d7e532e74f3d24281cbf0f4e1908dd4f5cf145daeb21db6b34f2fe175aafd1c20224544c113f132cefe620bd99c5caff7b74d6acf8a1aae2fda5212ec64c80d647308439d5f90f6f481101599b539cd09a1bdfc510b6c9027c879f76bfd397dce9d3985ff01e62ee0455372960b68202412c6d5eb7b09c36f265b7b8b3822aa489dc169f8079e71dc96e0b75de2ade686761b067416e4915287dfdd6309946487a68115ee9d0bec73ffc63223e9463a30b819297d24824cb20724c6b524d58af1e03264e8e2b8dce59377c78dbd5ff5977782181aeaa8c2bd6d9f3d25ec566fa4a01eb5aeaeb6912acad55ca7336d28e305781bf128d6575dba16110d64c55ec9840f299e353fcc5628f248bd660f4dfa5f3a1bb7fbdac78ec727e87a134c98a98f405a4cd3773e79bd4f22bd3239a5fa8cd5806601e07241b25678f048b05bab6f8da56818f8dd9c97d001f4a7ea8beb3fa65ed7a951878bcef7e1da873e21ac6208cf0852c6cb297c10c84b74582bf59aaa11e7d8239997c9e7fd3c5bbee5b8466c17394fa61771aa10a3541f88419b16bb4fa36126745e99c292911d30ed0fa366dcd62c10879a6826609ab2b80b3a0c2de3d877805a564ce925916063c53d9698bb918eed2b49315fb83465a0db1a63a0528a887f5106dd054edbf381280989581c859a517573a6eb4946e0fcc61956fd5868fd37c788090fd7c3341028cf1bcb38ed595a4fd845ccd45558282c6e23d92d4268875f80ebad1c24f8d247595de2f8b83708b504f674447bc6fa1748b86fdfc971c9275baedda1348324c4dbde22d423744e2d537a4e28d95771b18302bc5d92f9e0ba6b1029a3e73761080a4e6e1b52a9ebe3538cb3e982586c23f0b0cfa78126198a0a496d96734880885e4aef7b35d90af287f9d5b18998fba69cf5a13b9153edc5f1c3cd0d181c1cecb4936a489f34682b056eaf5c57caea4a9ebd9fc7d842bc3850046f925dc430769863922ce5bea6709fa9bf7f21098097d7f47c74269b524c4194bceae0571fe968ebdda85a28fa5be7f794632189da179e248fdc237a3ba3fd53845e42db45747caa6cebf574e9abb75e3b33c1096e40e0e845385d6f961c56fd1c71f92ae31a0c9088b2100b457cf2f8b33ac984fe79ceeb65fde350f9c6229433aa20d226aeb7677e0e7e8002e3e220fb74d4a1bc07ca43fa23fcf9cbabe7799b5b8daeb63b35923c4a92d2c636d36d58e719e6855b57445a26072d716aba7b653dfcdee115b3310b0c8af8649337597c1ac8bcee8b0533cb458d165b4ca4ee72c60a49f4a7061aab09449a318a6dc1d5b1a4f2a7f82c5af241e1f0cbe3e9fd5079e385ec86bc978ca82aaf1de5b470dcbb06b5f0360142857a0519583e3a77a6fbdadfff48de440bb5c3dcb2c3e6624800fa7898ab00242b7109809d58e5aa8a25705266d9bb04f165f843f1c61c23b41f010ad67f80aa8e455385cf3ff89073dc9434ce9be78993d6c73a8adf4db6b540e7a9f60d8dbcf3133a8f5c5c59f8378f2e5aad07f31707fb9834c66d6d0ded8a8b2d984ff5b4bfe70bb6479aecf208beb8f4da7b23957ce77d574993e1a44de0b3a5cb245f0ebf8ea32a22472270798defec3deeb94a4d025d1fe276612ebfe0f4e6e639de1300d47e542fb032150ab0aded71ba693817feb9cb43beb6f3074c2d7bfb77b9b2783e0335449c9a9775ccf9060ab2468a6644ebddd41f70add6d2d24fb9dd377c4f0dce3439283f22075ff3973e4e70e0bdcb53001be03800392084d6768c3e8f7fad09b192a497a36f602d07655d3e6a7ccab561ab92c79506e1e06aad05975accc9b8b48c41da8bc611d331717ee312d77403f9f66ee9a81fa4e624cca690540dca722986dc740a919597f7836ee95b554d3c34db3443ee5b6908f8623b2c82f32b65c3e8c3c0e15c3065d09214ea6290b55bf5520ee92825d9c82745bb5368ddda47036390910e26470b96cfd7c4e7b0df89f897153fd5ab4302de65fcda1f48206346d6051a94d8e0c32b959d914c218f54813811d13d99ef6259f54c0e635c04f875772b38524e94fae3a73109f60d0b00c96c1809f37e8fb37e61620690b07d726d388e9ae5dbc3a1c3557d1e4288da0622d77081ab4cd00ce22243824c363ad1be5cb0ceaad6336a797d8ca6d988c4373b3c00667d651452d50f81a830ac6ebb71559590181eea67dce1599d13f2e778d69a40c2b736dcc7c36782c1788cdc8d5c3820d68093ea84d56daaeaac19c19724ed7d3ebc1b8c1e3092839314dc6eddd99dc0eede13dbcb7fd22d401df8eb7f679a04f785006d3b4c4012bf78b7e43b1b355a9f6d04ca0e86c32d44f73fa514d1e2b147464", 0x2000, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})

157.011417ms ago: executing program 0 (id=804):
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x48241, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f00000000c0)={'syzkaller1\x00', 0x6bf1c2d5adba8c32})
write$tun(r0, &(0x7f0000000100)=ANY=[@ANYBLOB="06000000bbbbbbbbbbbbaaaaaaaaaabb88f5"], 0x72)

50.221029ms ago: executing program 2 (id=805):
r0 = socket(0x11, 0x3, 0x0)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
sendto$inet6(r0, &(0x7f00000002c0)="8d079e610fbe244a038d49059170a53e9784e2e160093cd007d1903099d512ef21e2508d", 0x24, 0xc014, 0x0, 0x0)
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f00000005c0)={'gre0\x00', <r2=>0x0})
bind$packet(r0, &(0x7f0000000180)={0x11, 0x0, r2, 0x1, 0x0, 0x6, @dev}, 0x14)
setsockopt$packet_int(r0, 0x107, 0xf, &(0x7f0000000240)=0xe9, 0x4)
sendmsg$netlink(r0, &(0x7f0000002ac0)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000280)=ANY=[@ANYBLOB="02011400012918000e3580009f0001140000002f0600ac141430e0000003808a8972bd0b72e41082b1a3d206"], 0xdd12}], 0x1, 0x0, 0x0, 0x84}, 0x10)

46.591869ms ago: executing program 0 (id=806):
ioctl$BTRFS_IOC_DEV_INFO(0xffffffffffffffff, 0xd000941e, &(0x7f0000001880)={0x0, "275149094f22e6fe328e07700666d266"})
ioctl$ASHMEM_SET_SIZE(0xffffffffffffffff, 0x40087703, 0xffffffc1)
r0 = openat$udambuf(0xffffffffffffff9c, &(0x7f0000000100), 0x2)
r1 = memfd_create(&(0x7f0000000340)='y\x105\xfb\xf7u\x83%:r\xc2\xb9x\xa4q\xc1\xea_\x8cZ7\xe7a\xdenJ\xeb\x87\x9b\x11x\x0e\xa1\xcf\x1a\x98S7\xc9\x00\x00\x00\x00\x00\x00\a\x00\x00\x00\x00\x00\x00\x04\x879\xa24\xa9am\xde\xb2\xd3\xcbZJoa\xc4\x1acB\xaa\xc1\xfb Q\xd4\xf4\x01\xa52\xe2DG\xd4\xbd{\x9f\xa9\x97\x9b@\xdb\x00b\xe1br\xb6\x008\xe3\x10\xff\xc2\x9d\r2\x9e\x8e\x04sW\x1b\xb7\xb3\xa2\xc9&@\xca\xda\xdc\xe2/\x97X\xac\b\xb0\xc2<\x80E\x1a\xbc\xc7W\xda9VsA\xaf\xc6\xcf\xe1\xa1\xb5M\xa2\x85\xa6y\xc4J\xf1\xf7\xfcD\x95\xe3\xeb\xc7\xbc\x91\xb0\xa8\x9eo\xebF(\x9dL\x01vRk\xaacB\x14OD\\\xe8R\xe4\xcd\xec\xcc\xd1\x0fre\xe86\xcd\xeb\xc4$\x98\x06J\xd6dD\x8d_U`ji{\xab\x97\xaf;l\x1f\xaf\xb38\x14\xcb\xfa\xb3j\x92\f\xe0\x81\xa0\xa2-g\b\x99\x0e\x8d\x8d\x16\xd9w\\\xf0\xce\xb0j\x9d\'\x93\xef\x1d\xa0H\xd9\xbd\xd9\xaf\x12\x00\x00\x00\x00\x00\x00\x00\x00\x00', 0x2)
ftruncate(r1, 0xffff)
fcntl$addseals(r1, 0x409, 0x7)
ioctl$ASHMEM_GET_PIN_STATUS(0xffffffffffffffff, 0x7709, 0x0)
r2 = ioctl$UDMABUF_CREATE(r0, 0x40187542, &(0x7f0000000140)={r1, 0x1, 0x0, 0x4000})
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x2000001, 0x13, r2, 0x0)
openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x8, 0x0, 0x0)
ioctl$KVM_SET_REGS(0xffffffffffffffff, 0x4090ae82, &(0x7f0000000040)={[0x10, 0x7, 0x6, 0x5, 0x2, 0x3, 0x66047b47, 0x8, 0x2, 0x3, 0x2, 0x5, 0x7fffffff, 0xb, 0x2800000000000000], 0xdddd0000})

0s ago: executing program 2 (id=807):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = syz_genetlink_get_family_id$wireguard(0x0, 0xffffffffffffffff)
ioctl$PPPIOCNEWUNIT(0xffffffffffffffff, 0xc004743e, 0x0)
sendmsg$WG_CMD_SET_DEVICE(0xffffffffffffffff, &(0x7f0000000d00)={0x0, 0x0, &(0x7f0000000cc0)={&(0x7f0000000140)=ANY=[@ANYBLOB="1c020000", @ANYRES16=r2, @ANYBLOB="01000000000000000000010000001400020077673100000000000000000000000000f40108807000008048000980280000f8060001000a00000014000200fe8000000000000000000000000000aa05000300000000001c000080060001000200000908000200e0000001050003000000000024000100000000000000000000000000000000000000000000000000000000000000000080010080200004000a004e2000000005200100000000000000000000000000000800000006000500b01f00000800030006000000060005"], 0x21c}, 0x1, 0x0, 0x0, 0x20040010}, 0x4008804)
r3 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_MSRS(r3, 0x4008ae89, &(0x7f0000000200)=ANY=[@ANYBLOB="0100000000000000034d564b0000000001"])
ioctl$KVM_RUN(r3, 0xae80, 0x0)

kernel console output (not intermixed with test programs):

13][ T4720] REISERFS (device loop3): Created .reiserfs_priv - reserved for xattr storage.
[   91.294459][ T4229] cdc_ncm 1-1:1.0 usb0: unregister 'cdc_ncm' usb-dummy_hcd.0-1, CDC NCM
[   91.363232][ T4750] F2FS-fs (loop4): Invalid log_blocksize (268), supports only 12
[   91.371119][ T4750] F2FS-fs (loop4): Can't find valid F2FS filesystem in 1th superblock
[   91.385950][ T4750] F2FS-fs (loop4): invalid crc value
[   91.536666][ T4750] F2FS-fs (loop4): Found nat_bits in checkpoint
[   91.606471][ T4184] Bluetooth: hci3: Unknown advertising packet type: 0x4b00
[   91.773607][ T4750] F2FS-fs (loop4): Try to recover 1th superblock, ret: 0
[   91.787961][ T4750] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e5
[   92.074231][ T4303] usb 2-1: new high-speed USB device number 4 using dummy_hcd
[   92.124940][   T26] audit: type=1804 audit(1751812102.454:4): pid=4750 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz.4.124" name="/newroot/18/bus/bus" dev="loop4" ino=455 res=1 errno=0
[   92.132651][ T4766] nbd: must specify a device to reconfigure
[   92.206596][ T4766] bond0: (slave macvlan2): Error -98 calling set_mac_address
[   92.343632][ T4303] usb 2-1: Using ep0 maxpacket: 32
[   92.430040][ T4452] F2FS-fs (loop4): f2fs_check_nid_range: out-of-range nid=1, run fsck to fix.
[   92.464451][ T4303] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[   92.484162][ T4452] F2FS-fs (loop4): f2fs_check_nid_range: out-of-range nid=2, run fsck to fix.
[   92.655349][ T4303] usb 2-1: New USB device found, idVendor=22b8, idProduct=6027, bcdDevice=c2.80
[   92.673241][ T4303] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[   92.688810][ T4303] usb 2-1: Product: syz
[   92.693175][ T4303] usb 2-1: Manufacturer: syz
[   92.698607][ T4303] usb 2-1: SerialNumber: syz
[   92.712049][ T4303] usb 2-1: config 0 descriptor??
[   92.764676][ T4303] usb 2-1: bad CDC descriptors
[   92.770617][ T4303] usb 2-1: unsupported MDLM descriptors
[   92.890761][ T4775] loop0: detected capacity change from 0 to 40427
[   92.956603][ T4775] F2FS-fs (loop0): build fault injection attr: rate: 0, type: 0x1ffff
[   92.982990][ T4775] F2FS-fs (loop0): invalid crc value
[   93.018813][   T21] usb 2-1: USB disconnect, device number 4
[   93.048818][ T4775] F2FS-fs (loop0): Found nat_bits in checkpoint
[   93.131473][ T4775] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e5
[   93.273652][ T4303] usb 5-1: new high-speed USB device number 3 using dummy_hcd
[   93.328056][ T4792] rdma_op ffff88807ae799f0 conn xmit_rdma 0000000000000000
[   93.523784][ T4303] usb 5-1: Using ep0 maxpacket: 32
[   93.644906][ T4303] usb 5-1: New USB device found, idVendor=041e, idProduct=400b, bcdDevice=3e.e7
[   93.687438][ T4303] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[   93.898541][ T4303] usb 5-1: config 0 descriptor??
[   94.108448][ T4303] gspca_main: sunplus-2.14.0 probing 041e:400b
[   94.969941][ T4808] device lo entered promiscuous mode
[   94.974504][ T4810] loop3: detected capacity change from 0 to 1024
[   95.037582][ T4808] device tunl0 entered promiscuous mode
[   95.065217][ T4810] EXT4-fs (loop3): revision level too high, forcing read-only mode
[   95.084331][ T4810] EXT4-fs (loop3): orphan cleanup on readonly fs
[   95.100730][ T4808] device gre0 entered promiscuous mode
[   95.109650][ T4810] EXT4-fs error (device loop3): ext4_free_blocks:6223: comm syz.3.140: Freeing blocks not in datazone - block = 0, count = 4096
[   95.148001][ T4810] EXT4-fs (loop3): 1 orphan inode deleted
[   95.237210][ T4808] device gretap0 entered promiscuous mode
[   95.241107][ T4810] EXT4-fs (loop3): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback.
[   95.260292][ T4808] device erspan0 entered promiscuous mode
[   95.326421][ T4808] device ip_vti0 entered promiscuous mode
[   95.351852][ T4808] device ip6_vti0 entered promiscuous mode
[   95.385072][ T4822] udc-core: couldn't find an available UDC or it's busy
[   95.401342][ T4822] misc raw-gadget: fail, usb_gadget_probe_driver returned -16
[   95.428699][ T4808] device sit0 entered promiscuous mode
[   95.469662][ T4808] device ip6tnl0 entered promiscuous mode
[   95.493620][   T21] usb 2-1: new high-speed USB device number 5 using dummy_hcd
[   95.503050][ T4808] device ip6gre0 entered promiscuous mode
[   95.529113][ T4808] device syz_tun entered promiscuous mode
[   95.554129][ T4808] device ip6gretap0 entered promiscuous mode
[   95.580690][ T4808] bridge0: port 2(bridge_slave_1) entered disabled state
[   95.589478][ T4808] bridge0: port 1(bridge_slave_0) entered disabled state
[   95.603355][ T4808] device bridge0 entered promiscuous mode
[   95.628987][ T4808] device vcan0 entered promiscuous mode
[   95.635011][ T4303] gspca_sunplus: reg_r err -110
[   95.640076][ T4303] sunplus: probe of 5-1:0.0 failed with error -110
[   95.669605][ T4819] loop0: detected capacity change from 0 to 32768
[   95.678848][ T4808] device bond0 entered promiscuous mode
[   95.685011][ T4808] device bond_slave_0 entered promiscuous mode
[   95.691456][ T4808] device bond_slave_1 entered promiscuous mode
[   95.714636][ T4808] device team0 entered promiscuous mode
[   95.720597][ T4808] device team_slave_0 entered promiscuous mode
[   95.727071][ T4808] device team_slave_1 entered promiscuous mode
[   95.750817][ T4808] device dummy0 entered promiscuous mode
[   95.776630][ T4819] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop0 scanned by syz.0.143 (4819)
[   95.806998][ T4808] device nlmon0 entered promiscuous mode
[   95.819803][ T4808] device caif0 entered promiscuous mode
[   95.833389][ T4808] device batadv0 entered promiscuous mode
[   95.864134][ T4819] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm
[   95.875166][ T4343] udevd[4343]: incorrect btrfs checksum on /dev/loop0
[   95.886606][ T4808] device vxcan0 entered promiscuous mode
[   95.893877][   T21] usb 2-1: unable to get BOS descriptor or descriptor too short
[   95.903059][ T4808] device vxcan1 entered promiscuous mode
[   95.912471][ T4819] BTRFS error (device loop0): superblock checksum mismatch
[   95.928153][ T4808] device veth0 entered promiscuous mode
[   95.938890][ T4819] BTRFS error (device loop0): open_ctree failed: -22
[   95.959399][ T4808] device veth1 entered promiscuous mode
[   95.973862][   T21] usb 2-1: config 9 has an invalid interface number: 73 but max is 0
[   95.987173][   T21] usb 2-1: config 9 has no interface number 0
[   95.994145][   T21] usb 2-1: config 9 interface 73 has no altsetting 0
[   96.016731][ T4808] device wg0 entered promiscuous mode
[   96.028506][ T4343] udevd[4343]: incorrect btrfs checksum on /dev/loop0
[   96.046939][ T4808] device wg1 entered promiscuous mode
[   96.050403][ T4824] rdma_op ffff88805fe0f9f0 conn xmit_rdma 0000000000000000
[   96.072752][ T4808] device wg2 entered promiscuous mode
[   96.087780][ T4808] device veth0_to_bridge entered promiscuous mode
[   96.174398][ T4808] bridge0: port 1(bridge_slave_0) entered disabled state
[   96.219201][ T4808] device veth1_to_bridge entered promiscuous mode
[   96.234130][   T21] usb 2-1: string descriptor 0 read error: -22
[   96.247142][   T21] usb 2-1: New USB device found, idVendor=17a1, idProduct=0128, bcdDevice=6b.f1
[   96.257573][ T4808] bridge0: port 2(bridge_slave_1) entered disabled state
[   96.272336][   T21] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[   96.274970][ T4808] device veth0_to_bond entered promiscuous mode
[   96.330770][ T4808] bond0: (slave bond_slave_0): Releasing backup interface
[   96.340705][   T21] gspca_main: t613-2.14.0 probing 17a1:0128
[   96.349336][ T4808] device veth1_to_bond entered promiscuous mode
[   96.376810][ T4808] bond0: (slave bond_slave_1): Releasing backup interface
[   96.387714][ T4808] device veth0_to_team entered promiscuous mode
[   96.421441][ T4808] team0: Port device team_slave_0 removed
[   96.429991][ T4808] device veth1_to_team entered promiscuous mode
[   96.466138][ T4808] team0: Port device team_slave_1 removed
[   96.472440][ T4808] device veth0_to_batadv entered promiscuous mode
[   96.492263][ T4808] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[   96.506640][ T4808] device batadv_slave_0 entered promiscuous mode
[   96.524020][ T4808] batman_adv: batadv0: Removing interface: batadv_slave_0
[   96.536405][ T4808] device veth1_to_batadv entered promiscuous mode
[   96.554448][ T4808] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[   96.562221][ T4808] device batadv_slave_1 entered promiscuous mode
[   96.580220][ T4808] batman_adv: batadv0: Removing interface: batadv_slave_1
[   96.588625][   T21] gspca_t613: unknown sensor 0000
[   96.593785][   T21] t613: probe of 2-1:9.73 failed with error -22
[   96.601942][   T21] usb 2-1: USB disconnect, device number 5
[   96.616954][ T4808] device xfrm0 entered promiscuous mode
[   96.642384][ T4808] device veth0_to_hsr entered promiscuous mode
[   96.675726][ T4808] device veth1_to_hsr entered promiscuous mode
[   96.706887][ T4808] device hsr0 entered promiscuous mode
[   96.727251][ T4808] device veth1_virt_wifi entered promiscuous mode
[   96.752423][ T4808] device veth0_virt_wifi entered promiscuous mode
[   96.761075][ T4808] device virt_wifi0 entered promiscuous mode
[   96.810492][ T4808] device vlan0 entered promiscuous mode
[   96.823777][ T4808] device vlan1 entered promiscuous mode
[   96.847831][ T4808] device macvlan0 entered promiscuous mode
[   96.869632][ T4808] device macvlan1 entered promiscuous mode
[   96.878607][ T4808] device ipvlan0 entered promiscuous mode
[   96.893745][ T4808] device ipvlan1 entered promiscuous mode
[   96.927859][ T4808] device macvtap0 entered promiscuous mode
[   96.949072][ T4808] device macsec0 entered promiscuous mode
[   96.979452][ T4808] device geneve0 entered promiscuous mode
[   96.999580][ T4808] netdevsim netdevsim2 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0
[   97.009111][ T4808] netdevsim netdevsim2 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0
[   97.019001][ T4808] netdevsim netdevsim2 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0
[   97.028869][ T4808] netdevsim netdevsim2 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0
[   97.038406][ T4808] device geneve1 entered promiscuous mode
[   97.059468][ T4808] device netdevsim0 entered promiscuous mode
[   97.081064][ T4808] device netdevsim1 entered promiscuous mode
[   97.104785][ T4808] device netdevsim2 entered promiscuous mode
[   97.129388][ T4808] device netdevsim3 entered promiscuous mode
[   97.150398][ T4808] device wlan0 entered promiscuous mode
[   97.169063][ T4808] device wlan1 entered promiscuous mode
[   97.190719][ T4830] xfrm0 speed is unknown, defaulting to 1000
[   97.211358][   T23] usb 5-1: USB disconnect, device number 3
[   97.227838][ T4830] xfrm0 speed is unknown, defaulting to 1000
[   97.289913][ T4808] syz.2.138 (4808) used greatest stack depth: 19840 bytes left
[   97.299232][ T4830] xfrm0 speed is unknown, defaulting to 1000
[   97.472894][ T4843] affs: No valid root block on device nbd2
[   97.540660][ T4833] device syzkaller1 entered promiscuous mode
[   97.674361][ T4184] Bluetooth: hci1: Unknown advertising packet type: 0x4b00
[   98.276378][ T3520] xfrm0 speed is unknown, defaulting to 1000
[   98.292632][ T4830] infiniband syz1: set active
[   98.299445][ T4830] infiniband syz1: added xfrm0
[   98.343883][ T4830] infiniband syz1: Couldn't open port 1
[   98.422548][ T4830] RDS/IB: syz1: added
[   98.437597][ T4830] smc: adding ib device syz1 with port count 1
[   98.477210][ T4830] smc:    ib device syz1 port 1 has pnetid 
[   98.498331][ T4830] xfrm0 speed is unknown, defaulting to 1000
[   98.537584][ T3520] xfrm0 speed is unknown, defaulting to 1000
[   98.702017][ T4830] xfrm0 speed is unknown, defaulting to 1000
[   98.758426][ T4865] loop4: detected capacity change from 0 to 4096
[   98.900788][ T4871] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready
[   98.908986][ T4871] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready
[   98.991142][ T4871] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.
[   99.220062][ T4830] xfrm0 speed is unknown, defaulting to 1000
[   99.326814][ T4873] NILFS (loop4): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
[   99.912354][ T4830] xfrm0 speed is unknown, defaulting to 1000
[  100.037432][ T4886] mmap: syz.2.164 (4886): VmData 37728256 exceed data ulimit 10. Update limits or use boot option ignore_rlimit_data.
[  100.097805][ T4830] xfrm0 speed is unknown, defaulting to 1000
[  100.123628][   T23] usb 2-1: new full-speed USB device number 6 using dummy_hcd
[  100.388910][ T4891] loop2: detected capacity change from 0 to 4096
[  100.546942][ T4891] ntfs3: loop2: Mark volume as dirty due to NTFS errors
[  100.563915][ T4891] ntfs3: loop2: Failed to load $Extend.
[  100.660010][ T4885] loop4: detected capacity change from 0 to 40427
[  100.674369][   T23] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0xD has invalid wMaxPacketSize 0
[  100.695229][   T23] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0xA has invalid wMaxPacketSize 0
[  100.743219][ T4885] F2FS-fs (loop4): build fault injection attr: rate: 771, type: 0x1ffff
[  100.772334][ T4885] F2FS-fs (loop4): invalid crc value
[  100.813980][   T23] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0xD has invalid wMaxPacketSize 0
[  100.842853][   T23] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0xA has invalid wMaxPacketSize 0
[  100.860009][ T4885] F2FS-fs (loop4): Found nat_bits in checkpoint
[  100.960882][ T4885] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e5
[  100.973861][   T23] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0xD has invalid wMaxPacketSize 0
[  101.003774][   T23] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0xA has invalid wMaxPacketSize 0
[  101.025644][ T4904] loop0: detected capacity change from 0 to 4096
[  101.058226][ T4885] netlink: 'syz.4.162': attribute type 1 has an invalid length.
[  101.098798][ T4904] ntfs: (device loop0): check_mft_mirror(): $MFT and $MFTMirr (record 1) do not match.  Run ntfsfix or chkdsk.
[  101.144262][ T4904] ntfs: (device loop0): load_system_files(): $MFTMirr does not match $MFT.  Mounting read-only.  Run ntfsfix and/or chkdsk.
[  101.158719][ T4193] attempt to access beyond end of device
[  101.158719][ T4193] loop4: rw=2049, want=45104, limit=40427
[  101.189789][ T4904] ntfs: (device loop0): ntfs_read_locked_inode(): First extent of $DATA attribute has non zero lowest_vcn.
[  101.232058][ T4904] ntfs: (device loop0): ntfs_read_locked_inode(): Failed with error code -5.  Marking corrupt inode 0xa as bad.  Run chkdsk.
[  101.260463][   T23] usb 2-1: New USB device found, idVendor=0451, idProduct=5152, bcdDevice=c0.b9
[  101.271284][ T4904] ntfs: (device loop0): load_and_init_upcase(): Failed to load $UpCase from the volume. Using default.
[  101.280177][   T23] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  101.306040][ T4904] ntfs: volume version 3.1.
[  101.308239][   T23] usb 2-1: Product: syz
[  101.325564][ T4904] ntfs: (device loop0): ntfs_check_logfile(): Did not find any restart pages in $LogFile and it was not empty.
[  101.348775][   T23] usb 2-1: Manufacturer: syz
[  101.354185][   T23] usb 2-1: SerialNumber: syz
[  101.360443][ T4904] ntfs: (device loop0): load_system_files(): Failed to load $LogFile.  Will not be able to remount read-write.  Mount in Windows.
[  101.372587][   T23] usb 2-1: config 0 descriptor??
[  101.404685][ T4904] ntfs: (device loop0): ntfs_lookup_inode_by_name(): Index entry out of bounds in directory inode 0x5.
[  101.426191][ T4904] ntfs: (device loop0): check_windows_hibernation_status(): Failed to find inode number for hiberfil.sys.
[  101.429050][   T23] ti_usb_3410_5052 2-1:0.0: TI USB 5052 2 port adapter converter detected
[  101.458294][ T4904] ntfs: (device loop0): load_system_files(): Failed to determine if Windows is hibernated.  Will not be able to remount read-write.  Run chkdsk.
[  101.461578][   T23] ti_usb_3410_5052 2-1:0.0: missing endpoints
[  101.640875][ T4906] loop3: detected capacity change from 0 to 32768
[  101.671278][ T4881] netlink: 8 bytes leftover after parsing attributes in process `syz.1.161'.
[  101.738717][ T4881] netlink: 188 bytes leftover after parsing attributes in process `syz.1.161'.
[  101.814339][ T4906] XFS (loop3): Mounting V5 Filesystem
[  102.690416][ T4906] XFS (loop3): Ending clean mount
[  102.785668][ T4906] XFS (loop3): Quotacheck needed: Please wait.
[  102.958042][   T23] usb 2-1: USB disconnect, device number 6
[  103.438072][ T4949] loop4: detected capacity change from 0 to 4096
[  103.490795][ T4906] XFS (loop3): Quotacheck: Done.
[  103.539962][ T4949] ntfs3: loop4: Mark volume as dirty due to NTFS errors
[  103.559462][ T4949] ntfs3: loop4: Failed to load $Extend.
[  103.952608][ T4960] mmap: syz.2.183 (4960) uses deprecated remap_file_pages() syscall. See Documentation/vm/remap_file_pages.rst.
[  104.400992][ T4185] XFS (loop3): Unmounting Filesystem
[  104.917129][ T4986] netlink: 104 bytes leftover after parsing attributes in process `syz.2.193'.
[  105.303614][ T3520] usb 3-1: new high-speed USB device number 4 using dummy_hcd
[  105.443838][ T4995] FAULT_INJECTION: forcing a failure.
[  105.443838][ T4995] name failslab, interval 1, probability 0, space 0, times 1
[  105.456619][ T4995] CPU: 0 PID: 4995 Comm: syz.4.194 Not tainted 5.15.186-syzkaller #0
[  105.464718][ T4995] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  105.474793][ T4995] Call Trace:
[  105.478340][ T4995]  <TASK>
[  105.481282][ T4995]  dump_stack_lvl+0x168/0x230
[  105.485983][ T4995]  ? show_regs_print_info+0x20/0x20
[  105.491384][ T4995]  ? load_image+0x3b0/0x3b0
[  105.496024][ T4995]  ? __might_sleep+0xf0/0xf0
[  105.500630][ T4995]  ? __lock_acquire+0x7c60/0x7c60
[  105.505665][ T4995]  should_fail+0x38c/0x4c0
[  105.510106][ T4995]  should_failslab+0x5/0x20
[  105.514614][ T4995]  slab_pre_alloc_hook+0x51/0xc0
[  105.519733][ T4995]  __kmalloc+0x6b/0x330
[  105.523901][ T4995]  ? tomoyo_realpath_from_path+0x118/0x610
[  105.529900][ T4995]  tomoyo_realpath_from_path+0x118/0x610
[  105.535552][ T4995]  ? finish_task_switch+0x12f/0x640
[  105.541063][ T4995]  tomoyo_path_number_perm+0x1d5/0x5d0
[  105.546995][ T4995]  ? tomoyo_check_path_acl+0x1c0/0x1c0
[  105.552515][ T4995]  security_file_ioctl+0x6c/0xa0
[  105.557475][ T4995]  __se_sys_ioctl+0x48/0x170
[  105.562244][ T4995]  do_syscall_64+0x4c/0xa0
[  105.566771][ T4995]  ? clear_bhb_loop+0x30/0x80
[  105.571469][ T4995]  ? clear_bhb_loop+0x30/0x80
[  105.576680][ T4995]  entry_SYSCALL_64_after_hwframe+0x66/0xd0
[  105.582584][ T4995] RIP: 0033:0x7f14d4819929
[  105.587011][ T4995] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  105.606697][ T4995] RSP: 002b:00007f14d263f038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  105.615127][ T4995] RAX: ffffffffffffffda RBX: 00007f14d4a41160 RCX: 00007f14d4819929
[  105.623101][ T4995] RDX: 0000200000000600 RSI: 00000000c06864ce RDI: 0000000000000003
[  105.631246][ T4995] RBP: 00007f14d263f090 R08: 0000000000000000 R09: 0000000000000000
[  105.639396][ T4995] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  105.647410][ T4995] R13: 0000000000000000 R14: 00007f14d4a41160 R15: 00007ffd19906678
[  105.655481][ T4995]  </TASK>
[  105.658513][    C0] vkms_vblank_simulate: vblank timer overrun
[  105.666575][ T4995] ERROR: Out of memory at tomoyo_realpath_from_path.
[  105.949384][ T4244] usb 4-1: new low-speed USB device number 2 using dummy_hcd
[  105.990888][ T5004] loop1: detected capacity change from 0 to 1024
[  106.319363][ T5005] loop4: detected capacity change from 0 to 4096
[  106.581097][ T3520] usb 3-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  106.592750][ T3520] usb 3-1: config 1 has 1 interface, different from the descriptor's value: 3
[  106.674039][ T3520] usb 3-1: New USB device found, idVendor=08b7, idProduct=0000, bcdDevice= 0.00
[  106.718833][ T3520] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3
[  106.743917][ T4244] usb 4-1: too many configurations: 166, using maximum allowed: 8
[  106.752199][ T3520] usb 3-1: SerialNumber: syz
[  106.760508][ T5004] EXT4-fs (loop1): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none.
[  106.773306][ T5005] ntfs3: loop4: Mark volume as dirty due to NTFS errors
[  106.809002][ T5005] ntfs3: loop4: Failed to load $Extend.
[  106.823729][ T4244] usb 4-1: config index 0 descriptor too short (expected 1033, got 27)
[  106.833787][ T4244] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  106.845286][ T4244] usb 4-1: config 0 has 0 interfaces, different from the descriptor's value: 1
[  106.933720][ T4244] usb 4-1: config index 1 descriptor too short (expected 1033, got 27)
[  106.953242][ T4244] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  106.984491][ T4244] usb 4-1: config 0 has 0 interfaces, different from the descriptor's value: 1
[  107.079292][ T4244] usb 4-1: config index 2 descriptor too short (expected 1033, got 27)
[  107.123052][ T4244] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  107.163147][ T4244] usb 4-1: config 0 has 0 interfaces, different from the descriptor's value: 1
[  107.174025][ T5016] FAULT_INJECTION: forcing a failure.
[  107.174025][ T5016] name failslab, interval 1, probability 0, space 0, times 0
[  107.241742][ T5016] CPU: 1 PID: 5016 Comm: syz.4.199 Not tainted 5.15.186-syzkaller #0
[  107.250054][ T5016] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  107.253808][ T4244] usb 4-1: config index 3 descriptor too short (expected 1033, got 27)
[  107.260229][ T5016] Call Trace:
[  107.260254][ T5016]  <TASK>
[  107.260261][ T5016]  dump_stack_lvl+0x168/0x230
[  107.260292][ T5016]  ? show_regs_print_info+0x20/0x20
[  107.274881][ T4244] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  107.275389][ T5016]  ? load_image+0x3b0/0x3b0
[  107.282626][ T4244] usb 4-1: config 0 has 0 interfaces, different from the descriptor's value: 1
[  107.285686][ T5016]  ? __might_sleep+0xf0/0xf0
[  107.285712][ T5016]  ? __lock_acquire+0x7c60/0x7c60
[  107.285735][ T5016]  should_fail+0x38c/0x4c0
[  107.285760][ T5016]  should_failslab+0x5/0x20
[  107.285775][ T5016]  slab_pre_alloc_hook+0x51/0xc0
[  107.285793][ T5016]  __kmalloc+0x6b/0x330
[  107.285807][ T5016]  ? tomoyo_encode+0x27e/0x540
[  107.285829][ T5016]  tomoyo_encode+0x27e/0x540
[  107.285848][ T5016]  tomoyo_realpath_from_path+0x5cd/0x610
[  107.355043][ T5016]  tomoyo_path_number_perm+0x1d5/0x5d0
[  107.360722][ T5016]  ? verify_lock_unused+0x140/0x140
[  107.366552][ T5016]  ? tomoyo_check_path_acl+0x1c0/0x1c0
[  107.372126][ T5016]  ? ksys_write+0x1c7/0x250
[  107.376890][ T5016]  security_file_ioctl+0x6c/0xa0
[  107.382062][ T5016]  __se_sys_ioctl+0x48/0x170
[  107.383806][ T4244] usb 4-1: config index 4 descriptor too short (expected 1033, got 27)
[  107.386775][ T5016]  do_syscall_64+0x4c/0xa0
[  107.386802][ T5016]  ? clear_bhb_loop+0x30/0x80
[  107.398743][ T4244] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  107.399853][ T5016]  ? clear_bhb_loop+0x30/0x80
[  107.399884][ T5016]  entry_SYSCALL_64_after_hwframe+0x66/0xd0
[  107.409401][ T4244] usb 4-1: config 0 has 0 interfaces, different from the descriptor's value: 1
[  107.415139][ T5016] RIP: 0033:0x7f14d4819929
[  107.415168][ T5016] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  107.415180][ T5016] RSP: 002b:00007f14d2681038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  107.415198][ T5016] RAX: ffffffffffffffda RBX: 00007f14d4a40fa0 RCX: 00007f14d4819929
[  107.415209][ T5016] RDX: 00002000000004c0 RSI: 00000000000089f1 RDI: 0000000000000003
[  107.415219][ T5016] RBP: 00007f14d2681090 R08: 0000000000000000 R09: 0000000000000000
[  107.415227][ T5016] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  107.415237][ T5016] R13: 0000000000000000 R14: 00007f14d4a40fa0 R15: 00007ffd19906678
[  107.415259][ T5016]  </TASK>
[  107.418189][ T5016] ERROR: Out of memory at tomoyo_realpath_from_path.
[  107.508003][ T4244] usb 4-1: config index 5 descriptor too short (expected 1033, got 27)
[  107.561009][ T4244] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  107.597436][ T4244] usb 4-1: config 0 has 0 interfaces, different from the descriptor's value: 1
[  107.693954][ T4244] usb 4-1: config index 6 descriptor too short (expected 1033, got 27)
[  107.715791][ T4244] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  107.754048][ T4244] usb 4-1: config 0 has 0 interfaces, different from the descriptor's value: 1
[  107.853938][ T4244] usb 4-1: config index 7 descriptor too short (expected 1033, got 27)
[  107.874152][ T4244] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  107.902416][ T4244] usb 4-1: config 0 has 0 interfaces, different from the descriptor's value: 1
[  107.928678][ T4244] usb 4-1: New USB device found, idVendor=07c0, idProduct=9512, bcdDevice=30.22
[  107.953273][ T4244] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  108.028793][ T4244] usb 4-1: config 0 descriptor??
[  108.123627][ T4236] usb 5-1: new high-speed USB device number 4 using dummy_hcd
[  108.163007][ T5029] loop0: detected capacity change from 0 to 1024
[  108.237861][ T3520] usb 3-1: 0:2 : does not exist
[  108.332557][ T5029] EXT4-fs (loop0): mounted filesystem without journal. Opts: errors=remount-ro,min_batch_time=0x0000000000000005,user_xattr,. Quota mode: none.
[  108.347471][ T4244] usb 4-1: string descriptor 0 read error: -71
[  108.363798][ T5029] ext4 filesystem being mounted at /43/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  108.366765][ T4244] usb 4-1: USB disconnect, device number 2
[  108.385919][ T3520] usb 3-1: USB disconnect, device number 4
[  108.510366][ T5029] netlink: 12 bytes leftover after parsing attributes in process `syz.0.205'.
[  108.523881][ T4236] usb 5-1: config 0 interface 0 altsetting 253 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  108.563575][ T4236] usb 5-1: config 0 interface 0 altsetting 253 endpoint 0x81 has invalid wMaxPacketSize 0
[  108.593609][ T4236] usb 5-1: config 0 interface 0 has no altsetting 0
[  108.617295][ T4474] udevd[4474]: error opening ATTR{/sys/devices/platform/dummy_hcd.2/usb3/3-1/3-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  108.656925][ T5036] nbd: must specify a device to reconfigure
[  108.700222][ T5036] bond0: (slave macvlan2): Error -98 calling set_mac_address
[  108.723898][ T4236] usb 5-1: New USB device found, idVendor=056a, idProduct=002a, bcdDevice= 0.00
[  108.732968][ T4236] usb 5-1: New USB device strings: Mfr=0, Product=172, SerialNumber=181
[  108.754580][ T4236] usb 5-1: Product: syz
[  108.758864][ T4236] usb 5-1: SerialNumber: syz
[  108.821010][ T4236] usb 5-1: config 0 descriptor??
[  108.980629][ T5044] loop0: detected capacity change from 0 to 4096
[  109.004161][ T5046] loop2: detected capacity change from 0 to 2048
[  109.058632][ T5049] xfrm0 speed is unknown, defaulting to 1000
[  109.131745][ T5044] ntfs3: loop0: Mark volume as dirty due to NTFS errors
[  109.158143][ T5044] ntfs3: loop0: Failed to load $Extend.
[  109.232785][ T5058] netlink: 209836 bytes leftover after parsing attributes in process `syz.2.213'.
[  109.248312][ T5058] openvswitch: netlink: ufid size 3064 bytes exceeds the range (1, 16)
[  109.262177][ T5058] openvswitch: netlink: Message has 1 unknown bytes.
[  109.353696][ T4244] usb 4-1: new high-speed USB device number 3 using dummy_hcd
[  109.444754][ T4236] usbhid 5-1:0.0: can't add hid device: -71
[  109.451762][ T4236] usbhid: probe of 5-1:0.0 failed with error -71
[  109.462063][ T4236] usb 5-1: USB disconnect, device number 4
[  109.823822][ T4244] usb 4-1: config 1 has an invalid descriptor of length 118, skipping remainder of the config
[  109.843596][ T4244] usb 4-1: config 1 has 1 interface, different from the descriptor's value: 3
[  109.861497][ T5058] loop2: detected capacity change from 0 to 40427
[  109.914831][ T5049] chnl_net:caif_netlink_parms(): no params data found
[  109.924077][ T4244] usb 4-1: New USB device found, idVendor=08b7, idProduct=0000, bcdDevice= 0.00
[  109.933163][ T4244] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3
[  109.963833][ T4244] usb 4-1: SerialNumber: syz
[  110.119635][ T5049] bridge0: port 1(bridge_slave_0) entered blocking state
[  110.199833][ T5049] bridge0: port 1(bridge_slave_0) entered disabled state
[  110.214854][ T5049] device bridge_slave_0 entered promiscuous mode
[  110.271200][ T5049] bridge0: port 2(bridge_slave_1) entered blocking state
[  110.381102][ T5074] loop3: detected capacity change from 0 to 512
[  110.696095][ T5049] bridge0: port 2(bridge_slave_1) entered disabled state
[  110.838696][ T5049] device bridge_slave_1 entered promiscuous mode
[  111.021092][ T5074] EXT4-fs (loop3): failed to open journal device unknown-block(0,0) -6
[  111.060455][ T5049] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  111.091900][ T5065] loop0: detected capacity change from 0 to 32768
[  111.103996][   T21] Bluetooth: hci2: command 0x0409 tx timeout
[  111.154840][ T5049] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  111.362976][ T5074] loop3: detected capacity change from 0 to 1024
[  111.436752][ T5049] team0: Port device team_slave_0 added
[  111.446199][ T5049] team0: Port device team_slave_1 added
[  111.446727][ T4244] usb 4-1: 0:2 : does not exist
[  111.515207][ T5065] ocfs2: Mounting device (7,0) on (node local, slot 0) with ordered data mode.
[  111.538039][ T5049] batman_adv: batadv0: Adding interface: batadv_slave_0
[  111.593766][ T4244] usb 4-1: USB disconnect, device number 3
[  111.623585][ T5049] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  111.649581][    C0] vkms_vblank_simulate: vblank timer overrun
[  111.688722][ T5049] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  111.722316][ T5049] batman_adv: batadv0: Adding interface: batadv_slave_1
[  111.722333][ T5049] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  111.722354][ T5049] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  111.839022][ T5049] device hsr_slave_0 entered promiscuous mode
[  111.848251][ T5049] device hsr_slave_1 entered promiscuous mode
[  111.856741][ T5049] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  111.865790][ T5049] Cannot create hsr debugfs directory
[  111.900059][ T5087] netdevsim netdevsim0: loading /lib/firmware/. failed with error -22
[  111.920260][ T5087] netdevsim netdevsim0: Direct firmware load for . failed with error -22
[  111.931296][ T4474] udevd[4474]: error opening ATTR{/sys/devices/platform/dummy_hcd.3/usb4/4-1/4-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  111.954780][ T5087] netdevsim netdevsim0: Falling back to sysfs fallback for: .
[  112.006590][ T5065] (syz.0.215,5065,0):ocfs2_parse_options:1447 ERROR: Unrecognized mount option "commit=00000000@" or missing value
[  112.393725][ T4236] usb 5-1: new high-speed USB device number 5 using dummy_hcd
[  112.813854][ T4236] usb 5-1: New USB device found, idVendor=0bed, idProduct=1100, bcdDevice=ec.c3
[  112.830555][ T4236] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  112.841056][ T4236] usb 5-1: config 0 descriptor??
[  112.885443][ T4236] cp210x 5-1:0.0: cp210x converter detected
[  112.967130][ T4181] ocfs2: Unmounting device (7,0) on (node local)
[  112.975274][ T5049] netdevsim netdevsim5 netdevsim0: renamed from eth0
[  113.011039][ T5049] netdevsim netdevsim5 netdevsim1: renamed from eth1
[  113.093217][ T5049] netdevsim netdevsim5 netdevsim2: renamed from eth2
[  113.141198][ T5049] netdevsim netdevsim5 netdevsim3: renamed from eth3
[  113.199903][ T1107] Bluetooth: hci2: command 0x041b tx timeout
[  113.443939][ T4236] cp210x 5-1:0.0: failed to get vendor val 0x000e size 3: -32
[  113.489629][ T5123] sit0 speed is unknown, defaulting to 1000
[  113.499288][ T5123] sit0 speed is unknown, defaulting to 1000
[  113.506099][ T5123] sit0 speed is unknown, defaulting to 1000
[  113.558899][ T4236] usb 5-1: cp210x converter now attached to ttyUSB0
[  113.765452][ T5126] capability: warning: `syz.3.230' uses deprecated v2 capabilities in a way that may be insecure
[  114.226615][ T5128] netlink: 40 bytes leftover after parsing attributes in process `syz.4.224'.
[  114.245815][ T5049] 8021q: adding VLAN 0 to HW filter on device bond0
[  114.303388][ T5130] xt_addrtype: ipv6 does not support BROADCAST matching
[  114.355623][   T13] sit0 speed is unknown, defaulting to 1000
[  114.357154][ T5049] 8021q: adding VLAN 0 to HW filter on device team0
[  114.352922][ T5123] infiniband syz2: set active
[  114.378034][  T145] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[  114.379981][ T5123] infiniband syz2: added sit0
[  114.393251][   T13] usb 5-1: USB disconnect, device number 5
[  114.403243][  T145] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[  114.430166][  T145] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[  114.442171][   T13] cp210x ttyUSB0: cp210x converter now disconnected from ttyUSB0
[  114.449557][  T145] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[  114.465377][ T5123] infiniband syz2: Couldn't open port 1
[  114.465467][  T145] bridge0: port 1(bridge_slave_0) entered blocking state
[  114.478125][  T145] bridge0: port 1(bridge_slave_0) entered forwarding state
[  114.493052][   T13] cp210x 5-1:0.0: device disconnected
[  114.500670][  T145] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[  114.517315][  T145] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[  114.549049][ T5123] RDS/IB: syz2: added
[  114.551585][  T145] bridge0: port 2(bridge_slave_1) entered blocking state
[  114.553100][ T5123] smc: adding ib device syz2 with port count 1
[  114.560164][  T145] bridge0: port 2(bridge_slave_1) entered forwarding state
[  114.574127][ T5123] smc:    ib device syz2 port 1 has pnetid 
[  114.962963][ T5136] bridge0: port 2(bridge_slave_1) entered disabled state
[  114.970580][ T5136] bridge0: port 1(bridge_slave_0) entered disabled state
[  115.060650][ T5144] binder: BINDER_SET_CONTEXT_MGR already set
[  115.097107][ T5144] binder: 5143:5144 ioctl 4018620d 200000000040 returned -16
[  115.108787][ T5144] binder: 5143:5144 ioctl c0306201 2000000003c0 returned -14
[  115.298944][   T21] Bluetooth: hci2: command 0x040f tx timeout
[  115.350984][ T5136] device bridge_slave_0 left promiscuous mode
[  115.359407][ T5136] bridge0: port 1(bridge_slave_0) entered disabled state
[  115.418028][ T4187] Bluetooth: hci4: Unknown advertising packet type: 0x4b00
[  115.721289][ T5136] device bridge_slave_1 left promiscuous mode
[  115.780186][ T5136] bridge0: port 2(bridge_slave_1) entered disabled state
[  115.988763][ T5136] bond0: (slave bond_slave_0): Releasing backup interface
[  116.010538][ T5136] bond0: (slave bond_slave_1): Releasing backup interface
[  116.048511][ T5136] team0: Port device team_slave_0 removed
[  116.081601][ T5136] team0: Port device team_slave_1 removed
[  116.095789][ T5136] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  116.116665][ T5136] batman_adv: batadv0: Removing interface: batadv_slave_0
[  116.138783][ T5136] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  116.162173][ T5136] batman_adv: batadv0: Removing interface: batadv_slave_1
[  116.182117][ T5136] rdma_rxe: ignoring netdev event = 10 for xfrm0
[  116.190161][ T5136] infiniband syz1: set down
[  116.459926][ T5136] netdevsim netdevsim0 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0
[  116.469704][ T5136] netdevsim netdevsim0 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0
[  116.479089][ T5136] netdevsim netdevsim0 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0
[  116.489309][ T5136] netdevsim netdevsim0 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0
[  116.590083][ T4244] sit0 speed is unknown, defaulting to 1000
[  116.594521][  T145] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[  116.610236][  T145] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[  116.631080][  T145] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[  116.661399][  T145] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[  116.681444][  T145] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[  116.697098][  T145] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[  116.709279][ T5145] tap0: tun_chr_ioctl cmd 2147767519
[  116.717168][   T23] xfrm0 speed is unknown, defaulting to 1000
[  116.726568][ T5123] sit0 speed is unknown, defaulting to 1000
[  116.736613][ T4609] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[  116.754587][ T4609] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[  116.764700][ T4609] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[  116.781378][ T4609] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[  116.790325][ T4609] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[  116.805633][ T4609] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[  116.816113][   T23] xfrm0 speed is unknown, defaulting to 1000
[  116.818720][ T5049] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[  116.994777][ T5123] sit0 speed is unknown, defaulting to 1000
[  117.162823][ T5123] sit0 speed is unknown, defaulting to 1000
[  117.209357][  T145] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready
[  117.222510][  T145] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready
[  117.246232][ T5049] 8021q: adding VLAN 0 to HW filter on device batadv0
[  117.343815][ T4236] Bluetooth: hci2: command 0x0419 tx timeout
[  117.376077][ T5154] loop0: detected capacity change from 0 to 32768
[  117.390774][ T5123] sit0 speed is unknown, defaulting to 1000
[  117.491170][ T4205] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready
[  117.501754][ T5154] ocfs2: Slot 0 on device (7,0) was already allocated to this node!
[  117.507108][ T4205] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[  117.533944][ T4205] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready
[  117.561400][ T5154] ocfs2: Mounting device (7,0) on (node local, slot 0) with ordered data mode.
[  117.574535][ T4205] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[  117.601749][ T4205] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[  117.614454][ T4205] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[  117.626056][ T5123] sit0 speed is unknown, defaulting to 1000
[  117.627314][ T5049] device veth0_vlan entered promiscuous mode
[  117.654543][ T5049] device veth1_vlan entered promiscuous mode
[  117.688680][ T4609] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready
[  117.709726][ T4609] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[  117.741433][ T5049] device veth0_macvtap entered promiscuous mode
[  117.775595][ T5049] device veth1_macvtap entered promiscuous mode
[  117.829051][ T5049] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  117.892137][ T5049] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  117.921387][ T5049] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  117.943481][ T5049] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  117.962142][ T5049] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  117.972283][ T5171] loop2: detected capacity change from 0 to 8192
[  117.982138][ T5049] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  118.007582][ T5049] batman_adv: batadv0: Interface activated: batadv_slave_0
[  118.025870][ T5123] sit0 speed is unknown, defaulting to 1000
[  118.032163][ T4205] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready
[  118.046756][ T4205] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready
[  118.079474][ T4205] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready
[  118.109667][ T4205] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[  118.143038][ T5049] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  118.188883][ T5049] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  118.222805][ T5049] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  118.284115][ T5174] nbd: must specify a device to reconfigure
[  118.313857][ T5049] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  118.344107][ T5049] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  118.381499][ T5049] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  118.408525][ T5049] batman_adv: batadv0: Interface activated: batadv_slave_1
[  118.430010][ T5174] bond0: (slave macvlan2): Error -98 calling set_mac_address
[  118.516483][ T4609] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
[  118.545755][ T4609] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[  118.565386][ T5049] netdevsim netdevsim5 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  118.584335][ T5049] netdevsim netdevsim5 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  118.625751][ T5049] netdevsim netdevsim5 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  118.657035][ T5049] netdevsim netdevsim5 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  118.869152][ T4181] ocfs2: Unmounting device (7,0) on (node local)
[  118.925657][ T4330] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  118.937315][ T4330] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  119.036147][ T4330] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready
[  119.090091][ T4330] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  119.140995][ T4330] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  119.221132][ T4330] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready
[  119.695579][ T5191] loop5: detected capacity change from 0 to 1024
[  119.784465][ T5191] EXT4-fs (loop5): ext4_check_descriptors: Inode bitmap for group 0 overlaps block group descriptors
[  119.831433][ T5191] EXT4-fs (loop5): ext4_check_descriptors: Checksum for group 0 failed (51554!=20869)
[  119.912356][ T5191] JBD2: no valid journal superblock found
[  119.952970][ T5191] EXT4-fs (loop5): error loading journal
[  120.122960][ T5191] loop5: detected capacity change from 0 to 1024
[  120.161735][ T5191] hfsplus: unable to parse mount options
[  120.292328][ T4187] Bluetooth: hci0: Unknown advertising packet type: 0x4b00
[  120.640890][ T4236] usb 5-1: new high-speed USB device number 6 using dummy_hcd
[  120.943925][ T4236] usb 5-1: Using ep0 maxpacket: 16
[  121.063764][ T4236] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  121.081510][ T4236] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  121.096486][ T4236] usb 5-1: New USB device found, idVendor=05ac, idProduct=8241, bcdDevice= 0.00
[  121.110733][ T4236] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  121.129686][ T4236] usb 5-1: config 0 descriptor??
[  121.139853][ T4191] FAT-fs (loop2): error, invalid access to FAT (entry 0x0000e1b1)
[  121.151682][ T5207] loop5: detected capacity change from 0 to 2048
[  121.184985][ T4191] FAT-fs (loop2): Filesystem has been set read-only
[  121.217242][ T5207] UDF-fs: error (device loop5): udf_read_tagged: read failed, block=3932051, location=3932051
[  121.277933][ T5207] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000)
[  121.445654][ T5214] loop3: detected capacity change from 0 to 512
[  121.459501][   T26] kauditd_printk_skb: 4 callbacks suppressed
[  121.459515][   T26] audit: type=1800 audit(1751812132.782:5): pid=5207 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.5.251" name="file1" dev="loop5" ino=1346 res=0 errno=0
[  121.520014][ T5214] EXT4-fs (loop3): ext4_check_descriptors: Checksum for group 0 failed (3675!=33349)
[  121.531156][ T5214] EXT4-fs (loop3): group descriptors corrupted!
[  121.663712][ T4236] usbhid 5-1:0.0: can't add hid device: -71
[  121.669990][ T4236] usbhid: probe of 5-1:0.0 failed with error -71
[  121.754442][ T4236] usb 5-1: USB disconnect, device number 6
[  122.016581][ T5223] loop5: detected capacity change from 0 to 1024
[  122.231761][ T5229] loop3: detected capacity change from 0 to 1024
[  122.234218][ T5223] hfsplus: unable to parse mount options
[  122.267686][ T5219] netlink: 4 bytes leftover after parsing attributes in process `syz.5.255'.
[  123.198241][ T5235] netlink: 48 bytes leftover after parsing attributes in process `syz.4.261'.
[  123.459676][ T5229] loop3: detected capacity change from 0 to 32768
[  124.353533][    C1] sched: RT throttling activated
[  124.384559][ T5229] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop3 scanned by syz.3.258 (5229)
[  124.563307][ T5229] BTRFS info (device loop3): using xxhash64 (xxhash64-generic) checksum algorithm
[  124.572741][ T5229] BTRFS info (device loop3): force zlib compression, level 3
[  124.580264][ T5229] BTRFS info (device loop3): force clearing of disk cache
[  124.587471][ T5229] BTRFS info (device loop3): setting nodatasum
[  124.593675][ T5229] BTRFS info (device loop3): allowing degraded mounts
[  124.600452][ T5229] BTRFS info (device loop3): enabling disk space caching
[  124.607850][ T5229] BTRFS info (device loop3): disk space caching is enabled
[  124.615110][ T5229] BTRFS info (device loop3): has skinny extents
[  125.249752][ T5229] BTRFS error (device loop3): open_ctree failed: -12
[  125.487743][ T5269] loop4: detected capacity change from 0 to 512
[  125.762154][ T4343] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop3 scanned by udevd (4343)
[  126.182553][ T5281] loop0: detected capacity change from 0 to 2048
[  126.248549][ T5281] UDF-fs: error (device loop0): udf_read_tagged: read failed, block=3932051, location=3932051
[  126.353713][ T5281] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000)
[  126.433855][ T5297] loop5: detected capacity change from 0 to 2048
[  126.598770][ T5300] rdma_op ffff888022b3a1f0 conn xmit_rdma 0000000000000000
[  126.643948][   T26] audit: type=1800 audit(1751812137.972:6): pid=5281 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.0.270" name="file1" dev="loop0" ino=1346 res=0 errno=0
[  126.897928][ T5304] loop5: detected capacity change from 0 to 4096
[  127.187021][ T5304] ntfs3: loop5: Mark volume as dirty due to NTFS errors
[  127.211646][ T5304] ntfs3: loop5: Failed to load $Extend.
[  128.032814][ T5290] loop2: detected capacity change from 0 to 40427
[  128.233748][ T5316] loop5: detected capacity change from 0 to 1024
[  128.671657][ T5316] EXT4-fs (loop5): mounted filesystem without journal. Opts: errors=remount-ro,min_batch_time=0x0000000000000005,user_xattr,. Quota mode: none.
[  128.787363][ T5316] ext4 filesystem being mounted at /7/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  128.888713][ T5290] F2FS-fs (loop2): Found nat_bits in checkpoint
[  129.868475][ T5316] netlink: 12 bytes leftover after parsing attributes in process `syz.5.276'.
[  129.969495][ T5348] loop3: detected capacity change from 0 to 4096
[  130.222130][ T5355] xt_connbytes: Forcing CT accounting to be enabled
[  130.251070][ T5348] ntfs3: loop3: Mark volume as dirty due to NTFS errors
[  130.284577][ T5348] ntfs3: loop3: Failed to load $Extend.
[  130.564974][ T5359] rdma_op ffff88807d04a9f0 conn xmit_rdma 0000000000000000
[  130.768931][ T5353] loop0: detected capacity change from 0 to 8192
[  131.628371][ T5353] REISERFS (device loop0): found reiserfs format "3.5" with non-standard journal
[  131.690262][ T5353] REISERFS (device loop0): using ordered data mode
[  131.740261][ T5353] reiserfs: using flush barriers
[  131.834068][ T5353] REISERFS (device loop0): journal params: device loop0, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30
[  131.867092][ T5353] REISERFS (device loop0): checking transaction log (loop0)
[  131.924955][ T5353] REISERFS (device loop0): Using rupasov hash to sort names
[  131.951736][ T5353] REISERFS (device loop0): using 3.5.x disk format
[  132.123350][ T5353] REISERFS warning: green-16003 errcatch_is_left_mergeable: Invalid item type observed, run fsck ASAP
[  132.166926][ T5353] REISERFS warning: green-16003 errcatch_is_left_mergeable: Invalid item type observed, run fsck ASAP
[  132.189472][ T5381] loop3: detected capacity change from 0 to 8192
[  132.387569][ T5391] xt_CT: No such helper "snmp"
[  132.583998][ T5353] REISERFS warning: green-16003 errcatch_is_left_mergeable: Invalid item type observed, run fsck ASAP
[  132.740599][ T5397] loop2: detected capacity change from 0 to 4096
[  132.747877][ T5353] REISERFS warning (device loop0): vs-13060 reiserfs_update_sd_size: stat data of object [1 2 0x0 UNKNOWN] (nlink == 1) not found (pos 2)
[  132.791929][ T5353] REISERFS (device loop0): Created .reiserfs_priv - reserved for xattr storage.
[  132.803371][ T1421] ieee802154 phy0 wpan0: encryption failed: -22
[  132.803454][ T1421] ieee802154 phy1 wpan1: encryption failed: -22
[  132.855161][ T5397] ntfs3: loop2: Mark volume as dirty due to NTFS errors
[  132.870505][ T5397] ntfs3: loop2: Failed to load $Extend.
[  133.771013][ T5412] rdma_op ffff88802515a9f0 conn xmit_rdma 0000000000000000
[  134.531502][ T5432] loop4: detected capacity change from 0 to 1024
[  134.692183][ T5432] EXT4-fs (loop4): mounted filesystem without journal. Opts: errors=remount-ro,min_batch_time=0x0000000000000005,user_xattr,. Quota mode: none.
[  135.122908][ T5432] ext4 filesystem being mounted at /55/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  135.375299][ T5432] netlink: 12 bytes leftover after parsing attributes in process `syz.4.311'.
[  135.477154][ T5446] loop2: detected capacity change from 0 to 64
[  136.126724][ T4185] FAT-fs (loop3): error, invalid access to FAT (entry 0x0000e1b1)
[  136.179332][ T4185] FAT-fs (loop3): Filesystem has been set read-only
[  136.545249][ T5470] loop4: detected capacity change from 0 to 65
[  136.620953][ T5470] BFS-fs: bfs_fill_super(): NOTE: filesystem loop4 was created with 512 inodes, the real maximum is 511, mounting anyway
[  136.644279][ T5472] rdma_op ffff88802708b1f0 conn xmit_rdma 0000000000000000
[  136.721557][ T5477] "syz.5.322" (5477) uses obsolete ecb(arc4) skcipher
[  137.046208][ T5482] nci: __nci_request: wait_for_completion_interruptible_timeout failed -512
[  137.231172][ T5286] usb 4-1: new high-speed USB device number 4 using dummy_hcd
[  137.239382][ T5284] usb 6-1: new full-speed USB device number 2 using dummy_hcd
[  137.350960][ T4187] Bluetooth: hci3: Unknown advertising packet type: 0x4b00
[  137.831522][ T5497] loop0: detected capacity change from 0 to 64
[  137.884858][ T5286] usb 4-1: New USB device found, idVendor=0bed, idProduct=1100, bcdDevice=ec.c3
[  137.898059][ T5286] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  137.928233][ T5286] usb 4-1: config 0 descriptor??
[  137.984905][ T5286] cp210x 4-1:0.0: cp210x converter detected
[  138.048924][ T5500] loop0: detected capacity change from 0 to 1024
[  138.101694][ T5500] EXT4-fs (loop0): filesystem is read-only
[  138.183711][ T5284] usb 6-1: config 0 has an invalid interface number: 126 but max is 0
[  138.193572][ T5284] usb 6-1: config 0 has an invalid descriptor of length 116, skipping remainder of the config
[  138.204219][ T5286] cp210x 4-1:0.0: failed to get vendor val 0x370b size 1: 0
[  138.211591][ T5284] usb 6-1: config 0 has no interface number 0
[  138.217815][ T5286] cp210x 4-1:0.0: querying part number failed
[  138.224509][ T5284] usb 6-1: config 0 interface 126 altsetting 0 has an invalid endpoint with address 0xB7, skipping
[  138.236837][ T5284] usb 6-1: config 0 interface 126 altsetting 0 endpoint 0xA has invalid maxpacket 512, setting to 64
[  138.239880][ T5499] netlink: 48 bytes leftover after parsing attributes in process `syz.0.327'.
[  138.248131][ T5286] usb 4-1: cp210x converter now attached to ttyUSB0
[  138.265333][ T5284] usb 6-1: config 0 interface 126 altsetting 0 endpoint 0x4 has an invalid bInterval 151, changing to 4
[  138.279218][ T5284] usb 6-1: config 0 interface 126 altsetting 0 endpoint 0x4 has invalid maxpacket 35799, setting to 1023
[  138.290579][ T5284] usb 6-1: config 0 interface 126 altsetting 0 has 3 endpoint descriptors, different from the interface descriptor's value: 4
[  138.303833][ T5284] usb 6-1: New USB device found, idVendor=0763, idProduct=1015, bcdDevice=56.88
[  138.312995][ T5284] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  138.330691][ T5284] usb 6-1: config 0 descriptor??
[  138.364461][ T5486] raw-gadget.1 gadget: fail, usb_ep_enable returned -22
[  138.475400][ T5284] snd-usb-audio: probe of 6-1:0.126 failed with error -2
[  138.528641][ T4173] udevd[4173]: error opening ATTR{/sys/devices/platform/dummy_hcd.5/usb6/6-1/6-1:0.126/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  138.686656][ T5507] netlink: 'syz.0.329': attribute type 4 has an invalid length.
[  138.699722][ T5507] netlink: 209852 bytes leftover after parsing attributes in process `syz.0.329'.
[  138.711519][ T5486] udc-core: couldn't find an available UDC or it's busy
[  138.718720][ T5486] misc raw-gadget: fail, usb_gadget_probe_driver returned -16
[  138.993748][ T4303] usb 1-1: new high-speed USB device number 3 using dummy_hcd
[  139.152464][ T5509] overlayfs: failed to get inode (-116)
[  139.160140][ T5509] overlayfs: failed to get inode (-116)
[  139.193651][ T4303] usb 1-1: device descriptor read/64, error -71
[  139.483860][ T4303] usb 1-1: new high-speed USB device number 4 using dummy_hcd
[  139.699708][ T4303] usb 1-1: device descriptor read/64, error -71
[  139.753645][ T4236] usb 6-1: USB disconnect, device number 2
[  139.809141][ T5511] loop4: detected capacity change from 0 to 32768
[  139.984148][ T5513] loop5: detected capacity change from 0 to 40427
[  139.995037][ T5511] (syz.4.330,5511,0):ocfs2_parse_options:1459 ERROR: Invalid heartbeat mount options
[  140.000391][ T4303] usb usb1-port1: attempt power cycle
[  140.018263][ T5513] F2FS-fs (loop5): Invalid log_blocksize (268), supports only 12
[  140.026496][ T5513] F2FS-fs (loop5): Can't find valid F2FS filesystem in 1th superblock
[  140.040164][ T5513] F2FS-fs (loop5): invalid crc value
[  140.046131][ T5511] (syz.4.330,5511,1):ocfs2_fill_super:1177 ERROR: status = -22
[  140.088718][ T5513] F2FS-fs (loop5): Found nat_bits in checkpoint
[  140.204880][ T4236] usb 4-1: USB disconnect, device number 4
[  140.220428][ T5513] F2FS-fs (loop5): Try to recover 1th superblock, ret: 0
[  140.227894][ T5513] F2FS-fs (loop5): Mounted with checkpoint version = 48b305e5
[  140.344609][ T4236] cp210x ttyUSB0: cp210x converter now disconnected from ttyUSB0
[  140.419776][ T5526] 9pnet: Insufficient options for proto=fd
[  140.442037][ T4236] cp210x 4-1:0.0: device disconnected
[  140.447828][ T4303] usb 1-1: new high-speed USB device number 5 using dummy_hcd
[  140.539593][ T5529] FAULT_INJECTION: forcing a failure.
[  140.539593][ T5529] name fail_usercopy, interval 1, probability 0, space 0, times 1
[  140.563678][ T4303] usb 1-1: device descriptor read/8, error -71
[  140.602201][ T5529] CPU: 1 PID: 5529 Comm: syz.3.334 Not tainted 5.15.186-syzkaller #0
[  140.610783][ T5529] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  140.621090][ T5529] Call Trace:
[  140.624548][ T5529]  <TASK>
[  140.627562][ T5529]  dump_stack_lvl+0x168/0x230
[  140.632259][ T5529]  ? show_regs_print_info+0x20/0x20
[  140.637484][ T5529]  ? load_image+0x3b0/0x3b0
[  140.642117][ T5529]  ? __lock_acquire+0x7c60/0x7c60
[  140.647311][ T5529]  should_fail+0x38c/0x4c0
[  140.651764][ T5529]  _copy_from_user+0x2e/0x170
[  140.657521][ T5529]  ip6_tnl_siocdevprivate+0x353/0xaa0
[  140.663282][ T5529]  ? ip6_tnl_start_xmit+0x1230/0x1230
[  140.668864][ T5529]  ? __mutex_trylock_common+0x14f/0x250
[  140.674945][ T5529]  ? __mutex_lock_common+0x431/0x2390
[  140.681385][ T5529]  ? full_name_hash+0x8e/0xe0
[  140.687454][ T5529]  dev_ifsioc+0xaf5/0xe70
[  140.692173][ T5529]  ? dev_ioctl+0xe50/0xe50
[  140.696997][ T5529]  ? full_name_hash+0x8e/0xe0
[  140.702750][ T5529]  dev_ioctl+0x5f9/0xe50
[  140.707017][ T5529]  ? get_user_ifreq+0xc7/0x170
[  140.711915][ T5529]  sock_ioctl+0x67b/0x6e0
[  140.716710][ T5529]  ? sock_poll+0x3f0/0x3f0
[  140.721852][ T5529]  ? bpf_lsm_file_ioctl+0x5/0x10
[  140.726885][ T5529]  ? security_file_ioctl+0x7c/0xa0
[  140.732015][ T5529]  ? sock_poll+0x3f0/0x3f0
[  140.736433][ T5529]  __se_sys_ioctl+0xfa/0x170
[  140.741036][ T5529]  do_syscall_64+0x4c/0xa0
[  140.745452][ T5529]  ? clear_bhb_loop+0x30/0x80
[  140.750421][ T5529]  ? clear_bhb_loop+0x30/0x80
[  140.755207][ T5529]  entry_SYSCALL_64_after_hwframe+0x66/0xd0
[  140.761112][ T5529] RIP: 0033:0x7fc0b3085929
[  140.766135][ T5529] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  140.786003][ T5529] RSP: 002b:00007fc0b0eed038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  140.794564][ T5529] RAX: ffffffffffffffda RBX: 00007fc0b32acfa0 RCX: 00007fc0b3085929
[  140.802661][ T5529] RDX: 00002000000004c0 RSI: 00000000000089f1 RDI: 0000000000000003
[  140.810664][ T5529] RBP: 00007fc0b0eed090 R08: 0000000000000000 R09: 0000000000000000
[  140.818912][ T5529] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  140.826896][ T5529] R13: 0000000000000000 R14: 00007fc0b32acfa0 R15: 00007ffeb9e93588
[  140.835021][ T5529]  </TASK>
[  140.838183][    C1] vkms_vblank_simulate: vblank timer overrun
[  140.892696][ T5533] device lo left promiscuous mode
[  140.917067][ T5533] device tunl0 left promiscuous mode
[  140.922538][ T5533] device gre0 left promiscuous mode
[  140.964027][ T5533] device gretap0 left promiscuous mode
[  140.986868][ T5533] device erspan0 left promiscuous mode
[  141.033689][ T4303] usb 1-1: new high-speed USB device number 6 using dummy_hcd
[  141.033733][ T1107] usb 6-1: new high-speed USB device number 3 using dummy_hcd
[  141.081452][ T5533] device ip_vti0 left promiscuous mode
[  141.134101][ T4303] usb 1-1: device descriptor read/8, error -71
[  141.159671][ T5533] device ip6_vti0 left promiscuous mode
[  141.218652][ T5533] device sit0 left promiscuous mode
[  141.257534][ T5533] device ip6tnl0 left promiscuous mode
[  141.264244][ T4303] usb usb1-port1: unable to enumerate USB device
[  141.310171][ T5533] device ip6gre0 left promiscuous mode
[  141.345742][ T5533] device syz_tun left promiscuous mode
[  141.370927][ T5533] device ip6gretap0 left promiscuous mode
[  141.413958][ T1107] usb 6-1: Using ep0 maxpacket: 16
[  141.426839][ T5533] device bridge0 left promiscuous mode
[  141.437480][ T5539] loop4: detected capacity change from 0 to 256
[  141.463098][ T5533] device vcan0 left promiscuous mode
[  141.534366][ T1107] usb 6-1: config 0 has no interfaces?
[  141.540155][ T1107] usb 6-1: New USB device found, idVendor=1778, idProduct=ff00, bcdDevice= 0.00
[  141.561267][ T5533] device bond0 left promiscuous mode
[  141.622905][ T5533] device team0 left promiscuous mode
[  141.643047][ T1107] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  141.685460][ T5533] device dummy0 left promiscuous mode
[  141.830084][ T1107] usb 6-1: config 0 descriptor??
[  141.877770][ T5539] FAT-fs (loop4): Directory bread(block 64) failed
[  141.910256][ T5533] device nlmon0 left promiscuous mode
[  141.986702][ T5539] FAT-fs (loop4): Directory bread(block 65) failed
[  142.089050][ T5539] FAT-fs (loop4): Directory bread(block 66) failed
[  142.104316][ T5533] device caif0 left promiscuous mode
[  142.279645][ T5539] FAT-fs (loop4): Directory bread(block 67) failed
[  142.417071][ T5539] FAT-fs (loop4): Directory bread(block 68) failed
[  142.452178][ T5533] device batadv0 left promiscuous mode
[  142.488579][ T5539] FAT-fs (loop4): Directory bread(block 69) failed
[  142.538217][ T5533] device vxcan0 left promiscuous mode
[  142.555929][ T5539] FAT-fs (loop4): Directory bread(block 70) failed
[  142.583137][ T5533] device vxcan1 left promiscuous mode
[  142.629793][ T5539] FAT-fs (loop4): Directory bread(block 71) failed
[  142.653308][ T5533] device veth0 left promiscuous mode
[  142.659731][ T1107] usb 1-1: new high-speed USB device number 7 using dummy_hcd
[  142.695789][ T5539] FAT-fs (loop4): Directory bread(block 72) failed
[  142.707299][ T5533] device veth1 left promiscuous mode
[  142.731463][ T5539] FAT-fs (loop4): Directory bread(block 73) failed
[  142.742242][ T5533] device wg0 left promiscuous mode
[  142.764868][ T5533] device wg1 left promiscuous mode
[  142.805473][ T5533] device wg2 left promiscuous mode
[  142.841854][ T5533] device veth0_to_bridge left promiscuous mode
[  142.873199][   T26] audit: type=1804 audit(1751812154.192:7): pid=5528 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz.5.331" name="/newroot/18/bus/bus" dev="loop5" ino=456 res=1 errno=0
[  142.923819][ T1107] usb 1-1: Using ep0 maxpacket: 16
[  142.948065][ T5533] device bridge_slave_0 left promiscuous mode
[  143.040328][ T5533] device veth1_to_bridge left promiscuous mode
[  143.054292][ T1107] usb 1-1: config 0 has no interfaces?
[  143.125663][ T5533] device bridge_slave_1 left promiscuous mode
[  143.214431][ T1107] usb 1-1: New USB device found, idVendor=17ef, idProduct=721e, bcdDevice=de.06
[  143.259671][ T5533] device veth0_to_bond left promiscuous mode
[  143.318771][ T1107] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  143.367746][ T5533] device bond_slave_0 left promiscuous mode
[  143.459695][ T1107] usb 1-1: Product: syz
[  143.480768][ T5533] device veth1_to_bond left promiscuous mode
[  143.529692][ T1107] usb 1-1: Manufacturer: syz
[  143.581843][ T5533] device bond_slave_1 left promiscuous mode
[  143.597486][ T1107] usb 1-1: SerialNumber: syz
[  143.672313][ T5533] device veth0_to_team left promiscuous mode
[  143.720181][ T1107] r8152-cfgselector 1-1: config 0 descriptor??
[  143.789672][ T5533] device team_slave_0 left promiscuous mode
[  143.902607][ T5533] device veth1_to_team left promiscuous mode
[  143.988509][ T5533] device team_slave_1 left promiscuous mode
[  144.057119][ T5533] device veth0_to_batadv left promiscuous mode
[  144.147826][ T5533] device batadv_slave_0 left promiscuous mode
[  144.196419][ T1107] usbip-host 1-1: 1-1 is not in match_busid table... skip!
[  144.219751][ T5533] device veth1_to_batadv left promiscuous mode
[  144.289859][ T5533] device batadv_slave_1 left promiscuous mode
[  144.340090][ T5533] device xfrm0 left promiscuous mode
[  144.381557][ T5533] device veth0_to_hsr left promiscuous mode
[  144.388777][ T5533] device veth1_to_hsr left promiscuous mode
[  144.396238][ T5533] device hsr0 left promiscuous mode
[  144.401584][ T5533] device veth1_virt_wifi left promiscuous mode
[  144.408197][ T5533] device veth0_virt_wifi left promiscuous mode
[  144.414843][ T5533] device virt_wifi0 left promiscuous mode
[  144.421533][ T5533] device vlan0 left promiscuous mode
[  144.427266][ T5533] device vlan1 left promiscuous mode
[  144.432889][ T5533] device macvlan0 left promiscuous mode
[  144.438653][ T5533] device macvlan1 left promiscuous mode
[  144.445147][ T5533] device ipvlan0 left promiscuous mode
[  144.450765][ T5533] device ipvlan1 left promiscuous mode
[  144.457932][ T5533] device macvtap0 left promiscuous mode
[  144.464309][ T5533] device macsec0 left promiscuous mode
[  144.477770][ T5533] device geneve0 left promiscuous mode
[  144.488813][ T5533] device geneve1 left promiscuous mode
[  144.497631][ T5533] device netdevsim0 left promiscuous mode
[  144.504576][ T5533] device netdevsim1 left promiscuous mode
[  144.510858][ T5533] device netdevsim2 left promiscuous mode
[  144.530163][ T5533] device netdevsim3 left promiscuous mode
[  144.537517][ T5533] device wlan0 left promiscuous mode
[  144.543131][ T5533] device wlan1 left promiscuous mode
[  144.549344][ T5538] A link change request failed with some changes committed already. Interface bridge0 may have been left with an inconsistent configuration, please check.
[  144.582777][ T5547] syz.2.340 (5547): attempted to duplicate a private mapping with mremap.  This is not supported.
[  144.845126][ T1107] usb 6-1: USB disconnect, device number 3
[  145.581467][ T4452] F2FS-fs (loop5): f2fs_check_nid_range: out-of-range nid=1, run fsck to fix.
[  145.623895][   T23] usb 1-1: USB disconnect, device number 7
[  145.656512][ T4452] F2FS-fs (loop5): f2fs_check_nid_range: out-of-range nid=2, run fsck to fix.
[  145.877186][ T5560] loop2: detected capacity change from 0 to 512
[  145.968935][ T5560] UDF-fs: error (device loop2): udf_read_tagged: read failed, block=256, location=256
[  146.079065][   T26] audit: type=1800 audit(1751812157.402:8): pid=5568 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.3.348" name="SYSV00000000" dev="hugetlbfs" ino=0 res=0 errno=0
[  146.190162][   T26] audit: type=1800 audit(1751812157.452:9): pid=5560 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.2.346" name="file1" dev="loop2" ino=26 res=0 errno=0
[  146.667431][ T5563] loop0: detected capacity change from 0 to 32768
[  146.825726][ T5563] gfs2: fsid=_: Trying to join cluster "lock_nolock", "_"
[  146.827340][ T5584] loop2: detected capacity change from 0 to 8
[  146.850973][ T5563] gfs2: fsid=_: Now mounting FS (format 1801)...
[  147.123892][ T4187] Bluetooth: hci2: Unknown advertising packet type: 0x4b00
[  147.171880][ T5563] gfs2: fsid=_.0: journal 0 mapped with 16 extents in 32ms
[  147.638760][ T5287] gfs2: fsid=_.0: jid=0, already locked for use
[  147.650682][ T5576] loop3: detected capacity change from 0 to 40427
[  147.672124][ T5287] gfs2: fsid=_.0: jid=0: Looking at journal...
[  147.679254][ T5584] cifs: Unknown parameter '¥?éÊŠÄFýÔoŒÀÀâkcXIç©äઇÊN·:"]!­’Ž
´i�œbZÙ+'
[  148.174367][ T5576] F2FS-fs (loop3): Found nat_bits in checkpoint
[  148.496646][ T5287] gfs2: fsid=_.0: jid=0: Journal head lookup took 824ms
[  148.507219][ T5287] gfs2: fsid=_.0: jid=0: Done
[  148.516738][ T5563] gfs2: fsid=_.0: first mount done, others may mount
[  148.529329][ T5576] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e5
[  148.704740][ T4185] attempt to access beyond end of device
[  148.704740][ T4185] loop3: rw=2049, want=45112, limit=40427
[  148.845246][ T5605] loop4: detected capacity change from 0 to 1024
[  149.308551][ T5619] loop0: detected capacity change from 0 to 512
[  149.337993][ T5619] EXT4-fs (loop0): Quota format mount options ignored when QUOTA feature is enabled
[  149.400089][ T5619] [EXT4 FS bs=4096, gc=1, bpg=32768, ipg=32, mo=a843c018, mo2=0002]
[  149.424430][ T5619] System zones: 0-2, 18-18, 34-34
[  149.569965][ T5619] EXT4-fs (loop0): mounted filesystem without journal. Opts: noquota,debug,jqfmt=vfsv0,noauto_da_alloc,resgid=0x0000000000000000,,errors=continue. Quota mode: writeback.
[  149.692265][ T5619] ext4 filesystem being mounted at /74/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  150.686634][ T5630] loop4: detected capacity change from 0 to 128
[  150.835063][ T5629] fuse: Bad value for 'fd'
[  150.902949][ T5632] loop2: detected capacity change from 0 to 16
[  151.105469][ T5629] netlink: 4 bytes leftover after parsing attributes in process `syz.5.364'.
[  151.324765][ T5635] loop2: detected capacity change from 0 to 16
[  152.530178][ T5641] netlink: 'syz.5.367': attribute type 4 has an invalid length.
[  152.674115][ T5648] loop5: detected capacity change from 0 to 64
[  152.718999][ T5650] loop4: detected capacity change from 0 to 64
[  152.929805][ T5639] loop2: detected capacity change from 0 to 32768
[  152.960070][ T5639] BTRFS: device fsid ed167579-eb65-4e76-9a50-61ac97e9b59d devid 1 transid 8 /dev/loop2 scanned by syz.2.368 (5639)
[  153.121193][ T5639] BTRFS info (device loop2): using sha256 (sha256-avx2) checksum algorithm
[  153.213861][ T4187] Bluetooth: hci0: Unknown advertising packet type: 0x4b00
[  153.314021][ T5639] BTRFS info (device loop2): setting nodatacow, compression disabled
[  153.723099][ T5639] BTRFS info (device loop2): force zlib compression, level 3
[  153.767764][ T5639] BTRFS info (device loop2): turning off barriers
[  153.774341][ T5639] BTRFS info (device loop2): max_inline at 6
[  153.782381][ T5639] BTRFS info (device loop2): enabling disk space caching
[  153.789861][ T5639] BTRFS info (device loop2): enabling ssd optimizations
[  153.796907][ T5639] BTRFS info (device loop2): using spread ssd allocation scheme
[  153.804689][ T5639] BTRFS info (device loop2): setting nodatacow
[  153.823789][ T5639] BTRFS error (device loop2): cannot disable free space tree
[  153.879404][ T5639] BTRFS error (device loop2): open_ctree failed: -22
[  153.957695][ T5663] loop3: detected capacity change from 0 to 1024
[  154.165170][ T5663] EXT4-fs (loop3): mounted filesystem without journal. Opts: errors=remount-ro,min_batch_time=0x0000000000000005,user_xattr,. Quota mode: none.
[  154.196498][ T5639] tipc: Started in network mode
[  154.201719][ T5639] tipc: Node identity , cluster identity 4711
[  154.218442][ T5639] loop2: detected capacity change from 0 to 1024
[  154.225528][ T5663] ext4 filesystem being mounted at /66/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  154.258421][ T5663] netlink: 12 bytes leftover after parsing attributes in process `syz.3.375'.
[  154.280055][ T5639] hfsplus: type requires a 4 character value
[  154.292200][ T5639] hfsplus: unable to parse mount options
[  154.654831][ T4236] usb 4-1: new high-speed USB device number 5 using dummy_hcd
[  154.755863][ T5679] netlink: 24 bytes leftover after parsing attributes in process `syz.2.379'.
[  154.831836][ T5681] loop2: detected capacity change from 0 to 512
[  155.044659][ T4236] usb 4-1: New USB device found, idVendor=0bed, idProduct=1100, bcdDevice=ec.c3
[  155.073108][ T4236] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  155.110075][ T4236] usb 4-1: config 0 descriptor??
[  155.183388][ T5690] netlink: 16 bytes leftover after parsing attributes in process `syz.5.385'.
[  155.195045][ T4236] cp210x 4-1:0.0: cp210x converter detected
[  155.275539][ T5692] loop4: detected capacity change from 0 to 2048
[  155.345734][ T5692] UDF-fs: error (device loop4): udf_read_tagged: read failed, block=3932051, location=3932051
[  155.388498][ T5692] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000)
[  155.455555][ T5700] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready
[  155.463423][ T5700] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready
[  155.476505][ T5700] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready
[  155.486309][ T5700] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready
[  155.498225][ T5700] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready
[  155.506861][ T5700] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready
[  155.532782][   T26] audit: type=1800 audit(1751812166.852:10): pid=5692 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.4.384" name="file1" dev="loop4" ino=1346 res=0 errno=0
[  155.605912][ T5685] loop2: detected capacity change from 0 to 32768
[  155.614514][ T4236] cp210x 4-1:0.0: failed to get vendor val 0x000e size 3: -32
[  155.663861][ T4236] cp210x 4-1:0.0: failed to get vendor val 0x370c size 73: 0
[  155.688338][ T4236] cp210x 4-1:0.0: GPIO initialisation failed: -5
[  155.698514][ T4236] usb 4-1: cp210x converter now attached to ttyUSB0
[  155.778360][ T5685] XFS (loop2): DAX enabled. Warning: EXPERIMENTAL, use at your own risk
[  155.808848][ T5685] XFS (loop2): DAX unsupported by block device. Turning off DAX.
[  155.824815][ T5685] XFS (loop2): Mounting V5 Filesystem
[  155.871149][ T5711] loop5: detected capacity change from 0 to 8192
[  155.890706][ T5673] netlink: 199836 bytes leftover after parsing attributes in process `syz.3.377'.
[  155.957192][ T4236] usb 4-1: USB disconnect, device number 5
[  156.013266][ T4236] cp210x ttyUSB0: cp210x converter now disconnected from ttyUSB0
[  156.051029][ T5685] XFS (loop2): Ending clean mount
[  156.072817][ T4236] cp210x 4-1:0.0: device disconnected
[  156.079375][ T5685] XFS (loop2): Quotacheck needed: Please wait.
[  156.153811][ T5719] netlink: 4 bytes leftover after parsing attributes in process `syz.0.390'.
[  156.307564][ T5685] XFS (loop2): Quotacheck: Done.
[  156.401339][ T5049] FAT-fs (loop5): error, invalid access to FAT (entry 0x0000e1b1)
[  156.415162][ T5049] FAT-fs (loop5): Filesystem has been set read-only
[  156.737056][ T4191] XFS (loop2): Unmounting Filesystem
[  156.819125][ T5744] netlink: 48 bytes leftover after parsing attributes in process `syz.4.399'.
[  158.690698][ T5777] loop5: detected capacity change from 0 to 256
[  158.931545][ T5773] loop3: detected capacity change from 0 to 8192
[  159.042393][ T5777] FAT-fs (loop5): Invalid FSINFO signature: 0x00fffff8, 0x00000000 (sector = 1)
[  159.181657][ T5781] loop2: detected capacity change from 0 to 2048
[  159.273400][ T5781] UDF-fs: error (device loop2): udf_read_tagged: read failed, block=3932051, location=3932051
[  159.362214][ T5764] loop4: detected capacity change from 0 to 40427
[  159.369687][ T5781] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000)
[  159.418259][ T5764] F2FS-fs (loop4): build fault injection attr: rate: 5, type: 0x1ffff
[  159.523883][   T26] audit: type=1800 audit(1751812170.852:11): pid=5781 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.2.398" name="file1" dev="loop2" ino=1346 res=0 errno=0
[  159.663201][ T5786] rdma_op ffff88801f2549f0 conn xmit_rdma 0000000000000000
[  159.742653][ T4185] FAT-fs (loop3): error, invalid access to FAT (entry 0x0000e1b1)
[  159.833870][ T4185] FAT-fs (loop3): Filesystem has been set read-only
[  159.850453][ T5790] xt_connbytes: Forcing CT accounting to be enabled
[  159.970698][ T5791] loop0: detected capacity change from 0 to 16
[  160.038900][ T4343] udevd[4343]: incorrect erofs checksum on /dev/loop0
[  160.065199][ T5791] erofs: (device loop0): erofs_superblock_csum_verify: invalid checksum 0x04a6c240, 0xc6d5fae7 expected
[  160.331219][ T5796] loop4: detected capacity change from 0 to 2048
[  160.340523][ T5798] netlink: 12 bytes leftover after parsing attributes in process `syz.0.413'.
[  160.371553][ T5796] UDF-fs: error (device loop4): udf_read_tagged: read failed, block=3932051, location=3932051
[  160.445536][ T5796] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000)
[  160.517876][ T5784] loop5: detected capacity change from 0 to 32768
[  161.153916][ T5285] usb 4-1: new high-speed USB device number 6 using dummy_hcd
[  161.236177][   T26] audit: type=1800 audit(1751812172.562:12): pid=5796 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.4.412" name="file1" dev="loop4" ino=1346 res=0 errno=0
[  161.344028][ T5817] loop2: detected capacity change from 0 to 1024
[  161.381373][ T5817] EXT4-fs (loop2): Ignoring removed mblk_io_submit option
[  161.405476][ T5817] EXT4-fs (loop2): ext4_check_descriptors: Block bitmap for group 0 overlaps block group descriptors
[  161.442476][ T5817] EXT4-fs (loop2): ext4_check_descriptors: Checksum for group 0 failed (22856!=20869)
[  161.477973][ T5817] EXT4-fs (loop2): filesystem has both journal inode and journal device!
[  161.579644][ T5285] usb 4-1: config 0 has an invalid descriptor of length 78, skipping remainder of the config
[  161.610434][ T5285] usb 4-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1
[  161.610481][ T5285] usb 4-1: New USB device found, idVendor=0009, idProduct=0006, bcdDevice= 0.00
[  161.610506][ T5285] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  161.630954][ T5285] usb 4-1: config 0 descriptor??
[  161.658408][ T5822] uffd: Set unprivileged_userfaultfd sysctl knob to 1 if kernel faults must be handled without obtaining CAP_SYS_PTRACE capability
[  161.712420][ T5285] usbhid 4-1:0.0: couldn't find an input interrupt endpoint
[  161.917586][ T5826] rdma_op ffff88807c99d9f0 conn xmit_rdma 0000000000000000
[  162.233068][ T5830] loop0: detected capacity change from 0 to 2048
[  162.250907][ T5823] loop5: detected capacity change from 0 to 4096
[  162.289444][ T5830] UDF-fs: error (device loop0): udf_read_tagged: read failed, block=3932051, location=3932051
[  162.334281][ T5823] ntfs3: loop5: Different NTFS' sector size (4096) and media sector size (512)
[  162.347937][ T5830] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000)
[  162.403752][ T1107] usb 3-1: new high-speed USB device number 5 using dummy_hcd
[  162.416295][ T5823] ntfs3: loop5: Mark volume as dirty due to NTFS errors
[  162.441622][ T5823] ntfs3: loop5: mft corrupted
[  162.446576][ T5823] ntfs3: loop5: Failed to load $Extend.
[  162.601907][   T26] audit: type=1800 audit(1751812173.922:13): pid=5830 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.0.421" name="file1" dev="loop0" ino=1346 res=0 errno=0
[  162.783993][ T1107] usb 3-1: config 0 has an invalid interface number: 112 but max is 0
[  162.823440][ T1107] usb 3-1: config 0 has no interface number 0
[  162.829833][   T26] audit: type=1804 audit(1751812174.142:14): pid=5823 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz.5.417" name="/newroot/34/file1/bus" dev="loop5" ino=33 res=1 errno=0
[  162.850548][    C1] vkms_vblank_simulate: vblank timer overrun
[  162.878113][ T1107] usb 3-1: New USB device found, idVendor=3154, idProduct=721e, bcdDevice= 9.c6
[  162.922058][ T1107] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  163.097877][ T1107] usb 3-1: config 0 descriptor??
[  163.136283][ T1107] usb-storage 3-1:0.112: USB Mass Storage device detected
[  163.140852][ T5832] loop4: detected capacity change from 0 to 40427
[  163.168926][ T5832] F2FS-fs (loop4): Insane cp_payload (553648128 >= 504)
[  163.176779][ T5832] F2FS-fs (loop4): Can't find valid F2FS filesystem in 1th superblock
[  163.437219][ T5828] udc-core: couldn't find an available UDC or it's busy
[  163.473422][ T5828] misc raw-gadget: fail, usb_gadget_probe_driver returned -16
[  163.846177][ T1107] usb 3-1: USB disconnect, device number 5
[  163.982608][ T5846] loop0: detected capacity change from 0 to 512
[  163.991723][ T4236] usb 4-1: USB disconnect, device number 6
[  164.147046][ T5846] EXT4-fs (loop0): mounted filesystem without journal. Opts: errors=remount-ro,bsddf,. Quota mode: writeback.
[  164.222903][ T5846] ext4 filesystem being mounted at /87/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  164.611652][ T5870] rdma_op ffff88807ec589f0 conn xmit_rdma 0000000000000000
[  165.193710][ T5286] usb 1-1: new high-speed USB device number 8 using dummy_hcd
[  165.397199][ T5882] loop5: detected capacity change from 0 to 512
[  165.862572][ T5882] EXT4-fs (loop5): mounted filesystem without journal. Opts: grpid,grpquota,,errors=continue. Quota mode: writeback.
[  166.123781][ T5882] ext4 filesystem being mounted at /38/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  166.213261][ T5286] usb 1-1: Using ep0 maxpacket: 16
[  166.316151][ T5892] RDS: rds_bind could not find a transport for fc02::1, load rds_tcp or rds_rdma?
[  166.405386][ T5286] usb 1-1: config 0 has an invalid interface number: 105 but max is 0
[  166.413651][ T5286] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  166.427853][ T5286] usb 1-1: config 0 has no interface number 0
[  166.571456][ T5900] rdma_op ffff88805e6009f0 conn xmit_rdma 0000000000000000
[  166.766247][ T5887] loop3: detected capacity change from 0 to 40427
[  166.800881][ T5887] F2FS-fs (loop3): Invalid log_blocksize (268), supports only 12
[  166.827949][ T5887] F2FS-fs (loop3): Can't find valid F2FS filesystem in 1th superblock
[  166.893059][ T5887] F2FS-fs (loop3): invalid crc value
[  166.987276][ T5887] F2FS-fs (loop3): Found nat_bits in checkpoint
[  167.016209][ T5286] usb 1-1: New USB device found, idVendor=046d, idProduct=08f3, bcdDevice= b.28
[  167.025756][ T5286] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  167.034379][ T5286] usb 1-1: Product: syz
[  167.041857][ T5286] usb 1-1: config 0 descriptor??
[  167.043708][ T4303] usb 6-1: new high-speed USB device number 4 using dummy_hcd
[  167.063853][ T5286] usb 1-1: can't set config #0, error -71
[  167.230270][ T5286] usb 1-1: USB disconnect, device number 8
[  167.305968][ T5887] F2FS-fs (loop3): Try to recover 1th superblock, ret: 0
[  167.315425][ T5913] FAULT_INJECTION: forcing a failure.
[  167.315425][ T5913] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  167.325104][ T5887] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e5
[  167.341580][ T5913] CPU: 0 PID: 5913 Comm: syz.4.447 Not tainted 5.15.186-syzkaller #0
[  167.349998][ T5913] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  167.362353][ T5913] Call Trace:
[  167.365746][ T5913]  <TASK>
[  167.368696][ T5913]  dump_stack_lvl+0x168/0x230
[  167.374985][ T5913]  ? show_regs_print_info+0x20/0x20
[  167.380208][ T5913]  ? load_image+0x3b0/0x3b0
[  167.384845][ T5913]  ? __lock_acquire+0x7c60/0x7c60
[  167.389902][ T5913]  should_fail+0x38c/0x4c0
[  167.394349][ T5913]  _copy_to_user+0x2e/0x130
[  167.399043][ T5913]  simple_read_from_buffer+0xe3/0x150
[  167.404703][ T5913]  proc_fail_nth_read+0x19a/0x210
[  167.409945][ T5913]  ? proc_fault_inject_write+0x2f0/0x2f0
[  167.415605][ T5913]  ? fsnotify_perm+0x254/0x560
[  167.420387][ T5913]  ? proc_fault_inject_write+0x2f0/0x2f0
[  167.426039][ T5913]  vfs_read+0x2f6/0xcf0
[  167.430216][ T5913]  ? kernel_read+0x1e0/0x1e0
[  167.434839][ T5913]  ? __fget_files+0x40f/0x480
[  167.439554][ T5913]  ? mutex_lock_nested+0x17/0x20
[  167.444609][ T5913]  ? __fdget_pos+0x2bf/0x370
[  167.449298][ T5913]  ? ksys_read+0x71/0x250
[  167.453644][ T5913]  ksys_read+0x14d/0x250
[  167.457905][ T5913]  ? vfs_write+0xd00/0xd00
[  167.462331][ T5913]  ? lockdep_hardirqs_on+0x94/0x140
[  167.467545][ T5913]  do_syscall_64+0x4c/0xa0
[  167.471970][ T5913]  ? clear_bhb_loop+0x30/0x80
[  167.476655][ T5913]  ? clear_bhb_loop+0x30/0x80
[  167.481347][ T5913]  entry_SYSCALL_64_after_hwframe+0x66/0xd0
[  167.487247][ T5913] RIP: 0033:0x7f14d481833c
[  167.491674][ T5913] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48
[  167.511377][ T5913] RSP: 002b:00007f14d2681030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[  167.519813][ T5913] RAX: ffffffffffffffda RBX: 00007f14d4a40fa0 RCX: 00007f14d481833c
[  167.527882][ T5913] RDX: 000000000000000f RSI: 00007f14d26810a0 RDI: 0000000000000005
[  167.535874][ T5913] RBP: 00007f14d2681090 R08: 0000000000000000 R09: 0000000000000000
[  167.543860][ T5913] R10: 0000000000000011 R11: 0000000000000246 R12: 0000000000000001
[  167.552124][ T5913] R13: 0000000000000000 R14: 00007f14d4a40fa0 R15: 00007ffd19906678
[  167.560300][ T5913]  </TASK>
[  167.575502][  T145] F2FS-fs (loop3): f2fs_check_nid_range: out-of-range nid=1, run fsck to fix.
[  167.583817][ T4303] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  167.589106][  T145] F2FS-fs (loop3): f2fs_check_nid_range: out-of-range nid=2, run fsck to fix.
[  167.640759][ T4303] usb 6-1: New USB device found, idVendor=258a, idProduct=0036, bcdDevice= 0.00
[  167.667291][ T5917] loop4: detected capacity change from 0 to 1024
[  167.683922][ T4303] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  167.724428][ T4303] usb 6-1: config 0 descriptor??
[  167.770637][ T5917] EXT4-fs (loop4): mounted filesystem without journal. Opts: errors=remount-ro,min_batch_time=0x0000000000000005,user_xattr,. Quota mode: none.
[  167.810824][ T5917] ext4 filesystem being mounted at /93/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  167.849944][ T5917] netlink: 12 bytes leftover after parsing attributes in process `syz.4.449'.
[  168.463872][ T4303] usbhid 6-1:0.0: can't add hid device: -71
[  169.170602][ T4303] usbhid: probe of 6-1:0.0 failed with error -71
[  169.194806][ T4303] usb 6-1: USB disconnect, device number 4
[  169.410032][ T5941] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready
[  169.469082][ T5941] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready
[  169.543807][ T5941] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready
[  169.675087][ T5927] loop3: detected capacity change from 0 to 40427
[  169.763674][ T1107] usb 5-1: new high-speed USB device number 7 using dummy_hcd
[  169.871299][ T5927] F2FS-fs (loop3): build fault injection attr: rate: 690, type: 0x1ffff
[  169.900280][ T5927] F2FS-fs (loop3): invalid crc value
[  170.000575][ T5927] F2FS-fs (loop3): Found nat_bits in checkpoint
[  170.061989][ T5927] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e5
[  170.131175][ T5927] F2FS-fs (loop3) : inject dquot initialize in f2fs_dquot_initialize of f2fs_unlink+0x204/0xba0
[  170.173904][ T5927] overlayfs: cleanup of 'work/#3' failed (-3)
[  170.190370][ T5927] overlayfs: failed to resolve './file0': -2
[  170.233828][ T1107] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0xF has invalid wMaxPacketSize 0
[  170.249761][ T1107] usb 5-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 8
[  170.253602][ T5284] usb 6-1: new high-speed USB device number 5 using dummy_hcd
[  170.271357][ T4185] attempt to access beyond end of device
[  170.271357][ T4185] loop3: rw=2049, want=45112, limit=40427
[  170.361454][ T5958] loop0: detected capacity change from 0 to 16
[  170.386551][ T5958] erofs: (device loop0): mounted with root inode @ nid 36.
[  170.423893][ T1107] usb 5-1: New USB device found, idVendor=0499, idProduct=103e, bcdDevice=4e.18
[  170.436505][ T1107] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  170.445395][ T1107] usb 5-1: Product: syz
[  170.449764][ T1107] usb 5-1: Manufacturer: syz
[  170.463782][ T1107] usb 5-1: SerialNumber: syz
[  170.476961][ T1107] usb 5-1: config 0 descriptor??
[  170.869136][ T5284] usb 6-1: unable to get BOS descriptor or descriptor too short
[  171.395576][ T1107] snd-usb-audio: probe of 5-1:0.0 failed with error -2
[  171.434937][ T1107] usb 5-1: USB disconnect, device number 7
[  171.480850][ T5284] usb 6-1: config 7 has an invalid interface number: 181 but max is 0
[  171.498102][ T5284] usb 6-1: config 7 has no interface number 0
[  171.513388][ T5966] loop2: detected capacity change from 0 to 1024
[  171.520038][ T5284] usb 6-1: config 7 interface 181 altsetting 3 bulk endpoint 0x1 has invalid maxpacket 32
[  171.534317][ T5284] usb 6-1: config 7 interface 181 altsetting 3 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[  171.548256][ T5284] usb 6-1: config 7 interface 181 has no altsetting 0
[  171.565291][ T4343] udevd[4343]: error opening ATTR{/sys/devices/platform/dummy_hcd.4/usb5/5-1/5-1:0.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  171.650357][ T5972] loop0: detected capacity change from 0 to 64
[  171.726124][ T5284] usb 6-1: New USB device found, idVendor=054c, idProduct=06c3, bcdDevice=2a.3d
[  171.749156][ T5284] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  171.782429][ T5978] loop4: detected capacity change from 0 to 1024
[  171.791684][ T5284] usb 6-1: Product: syz
[  171.797010][ T5284] usb 6-1: Manufacturer: syz
[  171.801812][ T5284] usb 6-1: SerialNumber: syz
[  171.888518][ T5950] raw-gadget.1 gadget: fail, usb_ep_enable returned -22
[  171.967423][ T5978] EXT4-fs (loop4): mounted filesystem without journal. Opts: errors=remount-ro,min_batch_time=0x0000000000000005,user_xattr,. Quota mode: none.
[  171.983109][ T5978] ext4 filesystem being mounted at /99/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  171.999514][ T5978] netlink: 12 bytes leftover after parsing attributes in process `syz.4.470'.
[  172.096729][ T5963] loop3: detected capacity change from 0 to 32768
[  172.140909][ T5949] loop5: detected capacity change from 0 to 256
[  172.230327][ T5963] XFS (loop3): DAX enabled. Warning: EXPERIMENTAL, use at your own risk
[  172.247461][ T5963] XFS (loop3): DAX unsupported by block device. Turning off DAX.
[  172.375873][ T5949] exFAT-fs (loop5): failed to load upcase table (idx : 0x00011bf5, chksum : 0xcea91b8a, utbl_chksum : 0xe619d30d)
[  172.411950][ T5963] XFS (loop3): Mounting V5 Filesystem
[  172.467884][ T5949] exFAT-fs (loop5): bogus allocation bitmap size(need : 2, cur : 17179869186)
[  172.681746][ T6001] binder: BINDER_SET_CONTEXT_MGR already set
[  172.688207][ T6001] binder: 5998:6001 ioctl 4018620d 200000000040 returned -16
[  174.394221][ T5284] port100 6-1:7.181: NFC: Could not find bulk-in or bulk-out endpoint
[  174.439655][ T5284] usb 6-1: USB disconnect, device number 5
[  174.453796][ T4236] usb 5-1: new high-speed USB device number 8 using dummy_hcd
[  174.533891][ T5963] XFS (loop3): Ending clean mount
[  174.604896][ T6003] loop0: detected capacity change from 0 to 2048
[  174.615428][ T5963] XFS (loop3): Quotacheck needed: Please wait.
[  174.674857][ T6003] UDF-fs: error (device loop0): udf_read_tagged: read failed, block=3932051, location=3932051
[  174.697429][ T5963] XFS (loop3): Quotacheck: Done.
[  174.713995][ T4236] usb 5-1: Using ep0 maxpacket: 8
[  174.737517][ T6003] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000)
[  174.756566][ T6005] loop5: detected capacity change from 0 to 2048
[  174.768980][ T4185] XFS (loop3): Unmounting Filesystem
[  174.838722][ T4236] usb 5-1: config 0 interface 0 altsetting 5 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[  174.859506][ T4236] usb 5-1: config 0 interface 0 has no altsetting 0
[  174.873692][ T4236] usb 5-1: New USB device found, idVendor=5543, idProduct=0042, bcdDevice= 0.00
[  174.889151][ T4236] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  174.942990][ T4236] usb 5-1: config 0 descriptor??
[  175.278238][ T6000] x_tables: ip6_tables: TCPOPTSTRIP target: only valid for protocol 6
[  175.381023][   T26] audit: type=1800 audit(1751812186.702:15): pid=6003 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.0.475" name="file1" dev="loop0" ino=1346 res=0 errno=0
[  175.496769][ T6011] loop2: detected capacity change from 0 to 2048
[  175.510395][ T4236] uclogic 0003:5543:0042.0001: unbalanced delimiter at end of report description
[  175.551039][ T4236] uclogic 0003:5543:0042.0001: parse failed
[  175.572687][ T4236] uclogic: probe of 0003:5543:0042.0001 failed with error -22
[  175.582875][ T6011] UDF-fs: error (device loop2): udf_read_tagged: read failed, block=3932051, location=3932051
[  175.617659][ T6011] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000)
[  175.695316][ T6017] FAULT_INJECTION: forcing a failure.
[  175.695316][ T6017] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  175.733470][   T13] usb 5-1: USB disconnect, device number 8
[  175.756142][ T6017] CPU: 1 PID: 6017 Comm: syz.0.479 Not tainted 5.15.186-syzkaller #0
[  175.764243][ T6017] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  175.774307][ T6017] Call Trace:
[  175.777682][ T6017]  <TASK>
[  175.780620][ T6017]  dump_stack_lvl+0x168/0x230
[  175.785431][ T6017]  ? show_regs_print_info+0x20/0x20
[  175.790648][ T6017]  ? load_image+0x3b0/0x3b0
[  175.795174][ T6017]  ? __lock_acquire+0x7c60/0x7c60
[  175.800217][ T6017]  should_fail+0x38c/0x4c0
[  175.804654][ T6017]  _copy_to_user+0x2e/0x130
[  175.809172][ T6017]  simple_read_from_buffer+0xe3/0x150
[  175.814647][ T6017]  proc_fail_nth_read+0x19a/0x210
[  175.819781][ T6017]  ? proc_fault_inject_write+0x2f0/0x2f0
[  175.825554][ T6017]  ? fsnotify_perm+0x254/0x560
[  175.830487][ T6017]  ? proc_fault_inject_write+0x2f0/0x2f0
[  175.836252][ T6017]  vfs_read+0x2f6/0xcf0
[  175.840435][ T6017]  ? kernel_read+0x1e0/0x1e0
[  175.845237][ T6017]  ? __fget_files+0x40f/0x480
[  175.849976][ T6017]  ? mutex_lock_nested+0x17/0x20
[  175.855106][ T6017]  ? __fdget_pos+0x2bf/0x370
[  175.859710][ T6017]  ? ksys_read+0x71/0x250
[  175.863926][ T5284] Bluetooth: hci1: command 0x0406 tx timeout
[  175.864046][ T6017]  ksys_read+0x14d/0x250
[  175.874241][ T6017]  ? vfs_write+0xd00/0xd00
[  175.878763][ T6017]  ? lockdep_hardirqs_on+0x94/0x140
[  175.883977][ T6017]  do_syscall_64+0x4c/0xa0
[  175.888405][ T6017]  ? clear_bhb_loop+0x30/0x80
[  175.888690][ T6009] loop5: detected capacity change from 0 to 32768
[  175.893086][ T6017]  ? clear_bhb_loop+0x30/0x80
[  175.893108][ T6017]  entry_SYSCALL_64_after_hwframe+0x66/0xd0
[  175.893127][ T6017] RIP: 0033:0x7ffa3433733c
[  175.914670][ T6017] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48
[  175.922975][   T26] audit: type=1800 audit(1751812187.242:16): pid=6011 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.2.478" name="file1" dev="loop2" ino=1346 res=0 errno=0
[  175.934272][ T6017] RSP: 002b:00007ffa3217f030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[  175.934295][ T6017] RAX: ffffffffffffffda RBX: 00007ffa34560080 RCX: 00007ffa3433733c
[  175.934307][ T6017] RDX: 000000000000000f RSI: 00007ffa3217f0a0 RDI: 0000000000000009
[  175.934317][ T6017] RBP: 00007ffa3217f090 R08: 0000000000000000 R09: 0000000000000000
[  175.934327][ T6017] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  175.934337][ T6017] R13: 0000000000000000 R14: 00007ffa34560080 R15: 00007ffe2d81fd08
[  175.976627][ T6009] XFS: ikeep mount option is deprecated.
[  175.978964][ T6017]  </TASK>
[  175.979042][    C1] vkms_vblank_simulate: vblank timer overrun
[  176.017899][    C1] vkms_vblank_simulate: vblank timer overrun
[  176.024721][ T4236] Bluetooth: hci0: command 0x0406 tx timeout
[  176.030885][ T4236] Bluetooth: hci4: command 0x0406 tx timeout
[  176.042060][ T4236] Bluetooth: hci3: command 0x0406 tx timeout
[  176.147329][ T6009] XFS (loop5): Mounting V5 Filesystem
[  176.243955][ T6030] loop2: detected capacity change from 0 to 1024
[  176.259769][ T6009] XFS (loop5): Ending clean mount
[  176.269842][ T6009] XFS (loop5): Quotacheck needed: Please wait.
[  176.357338][ T6032] loop0: detected capacity change from 0 to 4096
[  176.364474][ T6009] XFS (loop5): Quotacheck: Done.
[  176.481519][ T6036] device bridge_slave_1 left promiscuous mode
[  176.488508][ T6036] bridge0: port 2(bridge_slave_1) entered disabled state
[  176.517453][ T6035] loop2: detected capacity change from 0 to 1024
[  176.517618][ T6036] A link change request failed with some changes committed already. Interface bridge_slave_1 may have been left with an inconsistent configuration, please check.
[  176.542613][ T6009] netlink: 20 bytes leftover after parsing attributes in process `syz.5.477'.
[  176.565265][ T6032] ntfs3: loop0: Different NTFS' sector size (4096) and media sector size (512)
[  176.612527][ T6032] ntfs3: loop0: Mark volume as dirty due to NTFS errors
[  176.629404][ T6032] ntfs3: loop0: Failed to load $LogFile.
[  176.681704][ T6046] "syz.4.487" (6046) uses obsolete ecb(arc4) skcipher
[  176.711004][ T6035] EXT4-fs (loop2): mounted filesystem without journal. Opts: errors=remount-ro,min_batch_time=0x0000000000000005,user_xattr,. Quota mode: none.
[  176.769603][ T6035] ext4 filesystem being mounted at /116/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  176.859102][ T6035] netlink: 12 bytes leftover after parsing attributes in process `syz.2.482'.
[  176.939543][ T5049] XFS (loop5): Unmounting Filesystem
[  176.990912][ T6055] loop0: detected capacity change from 0 to 2048
[  177.015814][    C1] vkms_vblank_simulate: vblank timer overrun
[  177.045275][ T6055] UDF-fs: error (device loop0): udf_read_tagged: read failed, block=3932051, location=3932051
[  177.148573][ T6055] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000)
[  177.303816][   T26] audit: type=1800 audit(1751812188.632:17): pid=6055 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.0.490" name="file1" dev="loop0" ino=1346 res=0 errno=0
[  177.713919][  T147] Bluetooth: hci3: Unknown advertising packet type: 0x4b00
[  179.131184][ T6077] nbd: must specify a device to reconfigure
[  179.217924][ T6077] bond0: (slave macvlan2): Error -98 calling set_mac_address
[  179.470692][ T6092] "syz.5.499" (6092) uses obsolete ecb(arc4) skcipher
[  179.739563][ T6098] trusted_key: encrypted_key: insufficient parameters specified
[  180.070546][    C0] hrtimer: interrupt took 60515 ns
[  180.688113][ T6108] netlink: 'syz.3.503': attribute type 16 has an invalid length.
[  180.696142][ T6108] netlink: 'syz.3.503': attribute type 17 has an invalid length.
[  180.707374][ T6108] infiniband syz2: set active
[  180.712466][ T6108] infiniband syz2: set active
[  180.730693][ T6108] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready
[  180.740928][ T6108] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready
[  180.777577][ T6108] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready
[  180.788284][ T6108] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready
[  181.400636][ T6106] loop2: detected capacity change from 0 to 40427
[  181.408492][ T4244] sit0 speed is unknown, defaulting to 1000
[  181.424277][ T4244] sit0 speed is unknown, defaulting to 1000
[  181.599753][ T6108] kAFS: unable to lookup cell ''
[  181.731627][ T6106] F2FS-fs (loop2): Found nat_bits in checkpoint
[  181.823478][ T6106] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e5
[  181.879666][ T6117] loop3: detected capacity change from 0 to 4096
[  182.245653][ T4609] attempt to access beyond end of device
[  182.245653][ T4609] loop2: rw=1048577, want=79880, limit=40427
[  182.333715][ T5284] usb 3-1: new high-speed USB device number 6 using dummy_hcd
[  182.348276][ T4609] attempt to access beyond end of device
[  182.348276][ T4609] loop2: rw=1048577, want=81920, limit=40427
[  182.442692][ T4609] attempt to access beyond end of device
[  182.442692][ T4609] loop2: rw=1048577, want=52744, limit=40427
[  182.492949][ T4609] attempt to access beyond end of device
[  182.492949][ T4609] loop2: rw=1048577, want=53248, limit=40427
[  182.559099][ T4609] attempt to access beyond end of device
[  182.559099][ T4609] loop2: rw=1048577, want=57528, limit=40427
[  182.581157][ T5284] usb 3-1: Using ep0 maxpacket: 8
[  182.587331][ T6112] loop4: detected capacity change from 0 to 40427
[  182.715449][ T6132] loop5: detected capacity change from 0 to 4096
[  182.783365][ T6112] F2FS-fs (loop4): Invalid log_blocksize (268), supports only 12
[  182.818921][ T6112] F2FS-fs (loop4): Can't find valid F2FS filesystem in 1th superblock
[  182.921705][ T6112] F2FS-fs (loop4): invalid crc value
[  182.958145][ T6132] ntfs3: loop5: Mark volume as dirty due to NTFS errors
[  182.975044][ T6132] ntfs3: loop5: Failed to load $Extend.
[  182.980778][ T6131] loop3: detected capacity change from 0 to 8192
[  183.000981][ T6112] F2FS-fs (loop4): Found nat_bits in checkpoint
[  183.046976][ T5284] usb 3-1: too many endpoints for config 0 interface 0 altsetting 3: 64, using maximum allowed: 30
[  183.079976][ T5284] usb 3-1: config 0 interface 0 altsetting 3 has 0 endpoint descriptors, different from the interface descriptor's value: 64
[  183.133581][ T5284] usb 3-1: config 0 interface 0 has no altsetting 0
[  183.185793][ T6137] netlink: 7986 bytes leftover after parsing attributes in process `syz.0.511'.
[  183.202639][ T6112] F2FS-fs (loop4): Try to recover 1th superblock, ret: 0
[  183.214296][ T6112] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e5
[  183.243493][ T6137] netlink: 6 bytes leftover after parsing attributes in process `syz.0.511'.
[  183.298300][ T6137] A link change request failed with some changes committed already. Interface team0 may have been left with an inconsistent configuration, please check.
[  183.371698][ T5284] usb 3-1: New USB device found, idVendor=13d8, idProduct=0001, bcdDevice=1b.62
[  183.401883][ T5284] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  183.415498][ T4185] FAT-fs (loop3): error, invalid access to FAT (entry 0x0000e1b1)
[  183.428421][ T5284] usb 3-1: Product: syz
[  183.432621][ T5284] usb 3-1: Manufacturer: syz
[  183.438174][ T5284] usb 3-1: SerialNumber: syz
[  183.444762][ T5284] usb 3-1: config 0 descriptor??
[  183.455479][ T4185] FAT-fs (loop3): Filesystem has been set read-only
[  183.462155][   T26] audit: type=1804 audit(1751812194.782:18): pid=6112 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz.4.506" name="/newroot/108/bus/bus" dev="loop4" ino=455 res=1 errno=0
[  183.483072][    C1] vkms_vblank_simulate: vblank timer overrun
[  183.609936][ T4191] attempt to access beyond end of device
[  183.609936][ T4191] loop2: rw=2049, want=45104, limit=40427
[  183.629403][ T6145] loop5: detected capacity change from 0 to 1024
[  183.773724][ T5284] comedi comedi5: could not set alternate setting 3 in high speed
[  183.788030][ T5284] usbdux 3-1:0.0: driver 'usbdux' failed to auto-configure device.
[  183.818430][ T5284] usbdux: probe of 3-1:0.0 failed with error -71
[  183.836259][ T5284] usb 3-1: USB disconnect, device number 6
[  184.738117][    T9] F2FS-fs (loop4): f2fs_check_nid_range: out-of-range nid=1, run fsck to fix.
[  184.749050][ T6152] loop5: detected capacity change from 0 to 4096
[  184.794815][ T6158] nbd: must specify a device to reconfigure
[  184.796926][    T9] F2FS-fs (loop4): f2fs_check_nid_range: out-of-range nid=2, run fsck to fix.
[  184.813362][ T6158] bond0: (slave macvlan2): Error -98 calling set_mac_address
[  184.932980][ T6152] ntfs: volume version 3.1.
[  185.092730][ T6166] netlink: 12 bytes leftover after parsing attributes in process `syz.2.515'.
[  185.303425][ T6169] netlink: 12 bytes leftover after parsing attributes in process `syz.2.515'.
[  185.388252][ T6171] loop5: detected capacity change from 0 to 2048
[  185.405541][ T6171] UDF-fs: error (device loop5): udf_read_tagged: read failed, block=3932051, location=3932051
[  185.468741][ T6171] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000)
[  185.678337][ T6178] loop3: detected capacity change from 0 to 4096
[  185.768684][ T6178] ntfs3: loop3: Mark volume as dirty due to NTFS errors
[  185.786959][ T6178] ntfs3: loop3: Failed to load $Extend.
[  186.154644][ T6191] netlink: 'syz.2.527': attribute type 10 has an invalid length.
[  186.181567][ T6191] 8021q: adding VLAN 0 to HW filter on device team0
[  186.199178][ T6191] bond0: (slave team0): Enslaving as an active interface with an up link
[  186.247579][   T26] audit: type=1800 audit(1751812197.572:19): pid=6171 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.5.521" name="file1" dev="loop5" ino=1346 res=0 errno=0
[  186.267156][    C1] vkms_vblank_simulate: vblank timer overrun
[  186.410813][ T6196] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready
[  186.587055][ T6200] netlink: 52 bytes leftover after parsing attributes in process `syz.3.530'.
[  186.643776][ T5284] usb 3-1: new full-speed USB device number 7 using dummy_hcd
[  186.763926][ T6196] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.
[  186.775382][ T6206] loop5: detected capacity change from 0 to 1024
[  187.914330][ T5284] usb 3-1: config 0 interface 0 altsetting 4 endpoint 0x81 has invalid maxpacket 1024, setting to 64
[  187.935346][  T147] Bluetooth: hci0: Unknown advertising packet type: 0x4b00
[  187.936611][ T5284] usb 3-1: config 0 interface 0 altsetting 4 has 2 endpoint descriptors, different from the interface descriptor's value: 7
[  187.957928][ T5284] usb 3-1: config 0 interface 0 has no altsetting 0
[  187.965066][ T5284] usb 3-1: New USB device found, idVendor=047f, idProduct=c055, bcdDevice= 0.00
[  187.971976][ T6212] Invalid ELF header magic: != ELF
[  187.974539][ T5284] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  187.991215][ T5284] usb 3-1: config 0 descriptor??
[  188.023914][ T6191] raw-gadget.0 gadget: fail, usb_ep_enable returned -22
[  188.248066][ T6223] netlink: 12 bytes leftover after parsing attributes in process `syz.5.538'.
[  188.964626][ T6191] udc-core: couldn't find an available UDC or it's busy
[  188.985571][ T6191] misc raw-gadget: fail, usb_gadget_probe_driver returned -16
[  189.155031][ T5284] usbhid 3-1:0.0: can't add hid device: -71
[  189.168192][ T5284] usbhid: probe of 3-1:0.0 failed with error -71
[  189.242851][ T5284] usb 3-1: USB disconnect, device number 7
[  189.293968][ T6220] loop3: detected capacity change from 0 to 32768
[  189.337965][ T6220] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop3 scanned by syz.3.537 (6220)
[  189.377361][ T6220] BTRFS info (device loop3): using sha256 (sha256-avx2) checksum algorithm
[  189.378115][ T6230] loop5: detected capacity change from 0 to 2048
[  189.405202][ T6230] UDF-fs: error (device loop5): udf_read_tagged: read failed, block=3932051, location=3932051
[  189.416330][ T6220] BTRFS info (device loop3): using free space tree
[  189.422860][ T6220] BTRFS info (device loop3): has skinny extents
[  189.433375][ T6230] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000)
[  189.648408][ T6220] BTRFS info (device loop3): enabling ssd optimizations
[  189.675009][ T5284] usb 3-1: new high-speed USB device number 8 using dummy_hcd
[  189.693332][  T145] BTRFS warning (device loop3): checksum verify failed on 5308416 wanted 0x77808b7ecca445f549ae3d233ea0eb27adb628f92d0be59092c566b0ee5e6744 found 0x302a3b924add460fed240ae73b9d10843c477edf9ba9d53510d70674944a70a8 level 0
[  189.715509][    C1] vkms_vblank_simulate: vblank timer overrun
[  189.946282][ T6261] loop0: detected capacity change from 0 to 4096
[  190.015079][ T5284] usb 3-1: Using ep0 maxpacket: 32
[  190.163774][ T5284] usb 3-1: config 0 interface 0 altsetting 4 endpoint 0x2 has an invalid bInterval 129, changing to 11
[  190.189173][ T5284] usb 3-1: config 0 interface 0 altsetting 4 has 2 endpoint descriptors, different from the interface descriptor's value: 7
[  190.195819][ T6269] loop4: detected capacity change from 0 to 7
[  190.235448][ T4343] Dev loop4: unable to read RDB block 7
[  190.241992][ T5284] usb 3-1: config 0 interface 0 has no altsetting 0
[  190.243715][ T4343]  loop4: unable to read partition table
[  190.248815][ T5284] usb 3-1: New USB device found, idVendor=047f, idProduct=c055, bcdDevice= 0.00
[  190.273052][ T4343] loop4: partition table beyond EOD, truncated
[  190.279965][ T6270] netlink: 8 bytes leftover after parsing attributes in process `syz.4.547'.
[  190.325129][ T5284] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  190.372833][ T5284] usb 3-1: config 0 descriptor??
[  190.405485][ T5284] usb 3-1: can't set config #0, error -71
[  190.408223][ T5284] usb 3-1: USB disconnect, device number 8
[  190.708336][ T6269] Dev loop4: unable to read RDB block 7
[  190.718653][ T6269]  loop4: unable to read partition table
[  190.733855][ T6269] loop4: partition table beyond EOD, truncated
[  190.737003][ T6267] loop0: detected capacity change from 0 to 32768
[  190.745090][   T26] audit: type=1800 audit(1751812203.077:20): pid=6230 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.5.540" name="file1" dev="loop5" ino=1346 res=0 errno=0
[  190.785558][ T6269] loop_reread_partitions: partition scan of loop4 (þ被xü—ŸÑà– ) failed (rc=-5)
[  190.789965][ T6267] BTRFS: device fsid 14d642db-7b15-43e4-81e6-4b8fac6a25f8 devid 1 transid 8 /dev/loop0 scanned by syz.0.548 (6267)
[  190.965495][ T6267] BTRFS info (device loop0): using blake2b (blake2b-256-generic) checksum algorithm
[  191.004509][ T6267] BTRFS info (device loop0): setting incompat feature flag for COMPRESS_ZSTD (0x10)
[  191.031301][ T6267] BTRFS info (device loop0): use zstd compression, level 3
[  191.069534][ T6267] BTRFS info (device loop0): using free space tree
[  191.089832][ T6267] BTRFS info (device loop0): has skinny extents
[  191.254860][ T5283] usb 3-1: new high-speed USB device number 9 using dummy_hcd
[  191.978446][ T6307] nbd: must specify a device to reconfigure
[  192.026303][ T6307] bond0: (slave macvlan2): Error -98 calling set_mac_address
[  192.105998][ T6310] loop3: detected capacity change from 0 to 8192
[  192.125111][ T6267] BTRFS info (device loop0): enabling ssd optimizations
[  192.162630][ T6319] xt_l2tp: v2 sid > 0xffff: 262144
[  192.203871][ T5283] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  192.205780][   T26] audit: type=1800 audit(1751812204.537:21): pid=6310 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.3.556" name="bus" dev="loop3" ino=1048660 res=0 errno=0
[  192.257879][ T5283] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  192.313643][ T5283] usb 3-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21
[  192.390789][ T5283] usb 3-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[  192.406742][ T5283] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  192.441997][ T5283] usb 3-1: config 0 descriptor??
[  192.443830][ T4303] usb 5-1: new high-speed USB device number 9 using dummy_hcd
[  192.484026][ T6323] loop5: detected capacity change from 0 to 16
[  192.560926][ T6326] mac80211_hwsim hwsim9 wlan0: (WE) : Wireless Event (cmd=0x8B1A) too big (33)
[  192.584388][ T6323] cramfs: Unknown parameter 'ÿÿÿÿ'
[  192.824677][ T4303] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  192.837644][ T4303] usb 5-1: config 0 has 1 interface, different from the descriptor's value: 2
[  192.861592][ T4303] usb 5-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 2
[  193.044736][ T4303] usb 5-1: New USB device found, idVendor=8086, idProduct=0b5b, bcdDevice=e1.c5
[  193.065456][ T4303] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  193.101831][ T4303] usb 5-1: Product: syz
[  193.121210][ T4303] usb 5-1: Manufacturer: syz
[  193.138491][ T5283] plantronics 0003:047F:FFFF.0002: No inputs registered, leaving
[  193.145779][ T4303] usb 5-1: SerialNumber: syz
[  193.177667][ T4303] usb 5-1: config 0 descriptor??
[  193.189264][ T5283] plantronics 0003:047F:FFFF.0002: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.2-1/input0
[  193.255389][ T4303] usb 5-1: Found UVC 34.00 device syz (8086:0b5b)
[  193.269333][ T4303] usb 5-1: No valid video chain found.
[  193.515531][ T6340] udc-core: couldn't find an available UDC or it's busy
[  193.550709][ T6340] misc raw-gadget: fail, usb_gadget_probe_driver returned -16
[  193.629505][ T6274] netlink: 8 bytes leftover after parsing attributes in process `syz.2.550'.
[  193.656937][ T1107] usb 3-1: USB disconnect, device number 9
[  193.713970][ T6342] loop5: detected capacity change from 0 to 512
[  193.776328][ T6342] EXT4-fs (loop5): ext4_check_descriptors: Checksum for group 0 failed (3832!=33349)
[  193.807642][ T6342] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=a802e02c, mo2=0002]
[  193.818991][ T6342] System zones: 1-12
[  193.825077][ T6342] EXT4-fs (loop5): orphan cleanup on readonly fs
[  193.831640][ T6342] EXT4-fs error (device loop5): ext4_read_inode_bitmap:168: comm syz.5.566: Inode bitmap for bg 0 marked uninitialized
[  193.847065][ T6342] EXT4-fs (loop5): Remounting filesystem read-only
[  193.855304][ T6342] EXT4-fs (loop5): mounted filesystem without journal. Opts: errors=remount-ro,. Quota mode: none.
[  194.225635][ T1421] ieee802154 phy0 wpan0: encryption failed: -22
[  194.236292][ T1421] ieee802154 phy1 wpan1: encryption failed: -22
[  194.935540][ T6364] netlink: 12 bytes leftover after parsing attributes in process `syz.0.571'.
[  195.082352][ T6358] loop3: detected capacity change from 0 to 8192
[  196.160301][   T13] usb 5-1: USB disconnect, device number 9
[  196.173628][   T26] audit: type=1800 audit(1751812208.447:22): pid=6358 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.3.569" name="bus" dev="loop3" ino=1048661 res=0 errno=0
[  197.153777][ T6382] loop4: detected capacity change from 0 to 32768
[  197.206932][ T6388] loop0: detected capacity change from 0 to 32768
[  197.990936][ T6402] loop3: detected capacity change from 0 to 1024
[  198.073212][ T6388] XFS (loop0): DAX enabled. Warning: EXPERIMENTAL, use at your own risk
[  198.086408][ T6388] XFS (loop0): DAX unsupported by block device. Turning off DAX.
[  198.113350][ T6388] XFS (loop0): Mounting V5 Filesystem
[  198.154296][ T6414] netlink: 6 bytes leftover after parsing attributes in process `syz.5.585'.
[  198.163242][ T6414] A link change request failed with some changes committed already. Interface team0 may have been left with an inconsistent configuration, please check.
[  198.410463][ T6388] XFS (loop0): Ending clean mount
[  198.422523][ T6388] XFS (loop0): Quotacheck needed: Please wait.
[  198.506192][ T4279] hfsplus: found bad thread record in catalog
[  198.526136][ T6388] XFS (loop0): Quotacheck: Done.
[  198.547602][ T6388] netlink: 8 bytes leftover after parsing attributes in process `syz.0.580'.
[  198.552887][ T6423] IPv6: ADDRCONF(NETDEV_CHANGE): bpq0: link becomes ready
[  198.570195][ T6423] 9pnet: Insufficient options for proto=fd
[  198.682642][ T4181] XFS (loop0): Unmounting Filesystem
[  199.458828][ T6435] nbd: must specify a device to reconfigure
[  199.524347][ T6439] tipc: Started in network mode
[  199.539190][ T4303] hid-generic 0005:0C45:1012.0003: item fetching failed at offset 0/1
[  199.618473][ T6439] tipc: Node identity 5, cluster identity 4
[  199.642974][ T4303] hid-generic: probe of 0005:0C45:1012.0003 failed with error -22
[  199.658321][ T6439] tipc: Node number set to 5
[  199.726344][ T6435] bond0: (slave macvlan2): Error -98 calling set_mac_address
[  199.967329][ T6457] device bond0 entered promiscuous mode
[  199.983473][ T6457] device bond_slave_0 entered promiscuous mode
[  199.994055][ T6457] device bond_slave_1 entered promiscuous mode
[  200.013485][ T6457] device bond0 left promiscuous mode
[  200.022250][ T6457] device bond_slave_0 left promiscuous mode
[  200.036915][ T6457] device bond_slave_1 left promiscuous mode
[  200.326864][ T6473] tipc: Started in network mode
[  200.348329][ T6473] tipc: Node identity daa3b3d480e8, cluster identity 4711
[  200.384843][ T6473] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  200.486601][ T6479] device syzkaller0 entered promiscuous mode
[  200.520932][ T6472] tipc: Resetting bearer <eth:syzkaller0>
[  200.620342][ T6472] tipc: Disabling bearer <eth:syzkaller0>
[  200.668953][ T6489] netlink: 152 bytes leftover after parsing attributes in process `syz.0.590'.
[  200.743030][ T6499] nf_conntrack: default automatic helper assignment has been turned off for security reasons and CT-based firewall rule not found. Use the iptables CT target to attach helpers instead.
[  200.890541][ T6504] xfrm0 speed is unknown, defaulting to 1000
[  201.266162][ T6504] sit0 speed is unknown, defaulting to 1000
[  201.870930][ T6566] netlink: 232 bytes leftover after parsing attributes in process `syz.5.632'.
[  201.912475][ T6569] netlink: 'syz.3.634': attribute type 10 has an invalid length.
[  201.946622][ T6569] netlink: 32 bytes leftover after parsing attributes in process `syz.3.634'.
[  202.009768][ T6574] netlink: 4 bytes leftover after parsing attributes in process `syz.2.635'.
[  202.606988][  T147] Bluetooth: hci2: link tx timeout
[  202.612604][  T147] Bluetooth: hci2: killing stalled connection 11:aa:aa:aa:aa:aa
[  202.822565][  T147] Bluetooth: hci2: link tx timeout
[  202.827879][  T147] Bluetooth: hci2: killing stalled connection 11:aa:aa:aa:aa:aa
[  202.876202][  T147] Bluetooth: hci2: link tx timeout
[  202.881432][  T147] Bluetooth: hci2: killing stalled connection 11:aa:aa:aa:aa:aa
[  203.023122][ T6621] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  203.206402][  T147] Bluetooth: hci2: link tx timeout
[  203.211622][  T147] Bluetooth: hci2: killing stalled connection 11:aa:aa:aa:aa:aa
[  203.231147][ T6631] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  203.283119][ T6634] netlink: 20 bytes leftover after parsing attributes in process `syz.0.656'.
[  203.334506][ T6631] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  203.390756][ T6631] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  203.436110][ T6631] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  203.463275][ T6631] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  203.484131][ T6631] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  203.497046][ T6631] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  203.523169][ T6631] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  203.547952][ T6631] batman_adv: batadv0: Adding interface: ipvlan2
[  203.562650][ T6631] batman_adv: batadv0: The MTU of interface ipvlan2 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  203.642532][ T6631] batman_adv: batadv0: Interface activated: ipvlan2
[  203.680287][ T6653] netlink: 44 bytes leftover after parsing attributes in process `syz.0.658'.
[  203.750184][  T147] Bluetooth: hci2: link tx timeout
[  203.755386][  T147] Bluetooth: hci2: killing stalled connection 11:aa:aa:aa:aa:aa
[  204.078442][  T147] Bluetooth: hci2: link tx timeout
[  204.083724][  T147] Bluetooth: hci2: killing stalled connection 11:aa:aa:aa:aa:aa
[  204.093209][ T6680] device syzkaller0 entered promiscuous mode
[  204.123845][ T6686] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  204.161926][ T6683] device syzkaller0 entered promiscuous mode
[  204.172563][ T6678] tipc: Resetting bearer <eth:syzkaller0>
[  204.209192][ T6678] tipc: Disabling bearer <eth:syzkaller0>
[  204.232875][  T147] Bluetooth: hci2: link tx timeout
[  204.238079][  T147] Bluetooth: hci2: killing stalled connection 11:aa:aa:aa:aa:aa
[  204.357943][  T147] Bluetooth: hci2: link tx timeout
[  204.363136][  T147] Bluetooth: hci2: killing stalled connection 11:aa:aa:aa:aa:aa
[  204.585925][ T6701] netlink: 8 bytes leftover after parsing attributes in process `syz.0.673'.
[  204.703708][ T1107] Bluetooth: hci2: command 0x0406 tx timeout
[  204.753351][ T6709] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  204.771196][ T6709] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  204.790505][ T6709] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  204.820069][ T6709] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  204.830443][ T6709] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  204.851838][ T6709] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  204.871341][ T6709] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  204.882912][ T6709] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  204.903903][  T147] Bluetooth: hci2: link tx timeout
[  204.909149][  T147] Bluetooth: hci2: killing stalled connection 11:aa:aa:aa:aa:aa
[  204.918474][ T6709] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  204.930562][ T6709] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  204.941421][ T6709] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  204.952136][ T6709] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  204.962096][ T6709] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  204.972964][ T6709] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  204.983245][ T6709] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: ipvlan2
[  204.993284][ T6709] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  205.004000][ T6709] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  205.043699][ T6711] netlink: 8 bytes leftover after parsing attributes in process `syz.0.678'.
[  205.063718][ T6711] netlink: 12 bytes leftover after parsing attributes in process `syz.0.678'.
[  205.103503][ T6711] netdevsim netdevsim0 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0
[  205.113647][ T6711] netdevsim netdevsim0 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0
[  205.122601][ T6711] netdevsim netdevsim0 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0
[  205.131610][ T6711] netdevsim netdevsim0 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0
[  205.848066][ T6759] netlink: 20 bytes leftover after parsing attributes in process `syz.5.697'.
[  205.874409][ T6761] netlink: 72 bytes leftover after parsing attributes in process `syz.3.695'.
[  206.411680][ T6793] netlink: 8 bytes leftover after parsing attributes in process `syz.0.711'.
[  206.423214][ T6796] team0: Mode changed to "broadcast"
[  206.808924][ T6817] device netdevsim0 entered promiscuous mode
[  206.915000][ T6828] tipc: Started in network mode
[  206.936584][ T6828] tipc: Node identity 080211000001, cluster identity 4711
[  206.949707][ T6828] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  206.959676][ T6828] device syzkaller0 entered promiscuous mode
[  206.981779][ T6828] tipc: Resetting bearer <eth:syzkaller0>
[  207.286071][    T9] tipc: Resetting bearer <eth:syzkaller0>
[  207.387341][ T6850] xfrm0 speed is unknown, defaulting to 1000
[  207.446552][ T6858] netlink: 8 bytes leftover after parsing attributes in process `syz.0.742'.
[  207.680747][  T147] Bluetooth: hci2: link tx timeout
[  207.687848][  T147] Bluetooth: hci2: killing stalled connection 11:aa:aa:aa:aa:aa
[  207.713268][ T6874] netlink: 32 bytes leftover after parsing attributes in process `syz.4.748'.
[  207.755468][ T6850] sit0 speed is unknown, defaulting to 1000
[  208.006958][   T13] tipc: Node number set to 134418688
[  208.014405][ T6889] netdevsim netdevsim4: Firmware load for '..' refused, path contains '..' component
[  208.531224][ T6915] netlink: 12 bytes leftover after parsing attributes in process `syz.0.764'.
[  208.725411][ T6922] device syzkaller0 entered promiscuous mode
[  208.748135][ T6922] tipc: Started in network mode
[  208.753302][ T6922] tipc: Node identity 2ea10154fd53, cluster identity 4711
[  208.761800][ T6922] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  208.771650][ T6920] tipc: Resetting bearer <eth:syzkaller0>
[  208.792814][ T6920] tipc: Disabling bearer <eth:syzkaller0>
[  208.864429][ T6932] netlink: 4 bytes leftover after parsing attributes in process `syz.5.771'.
[  208.902892][  T147] Bluetooth: hci2: link tx timeout
[  208.911346][  T147] Bluetooth: hci2: killing stalled connection 11:aa:aa:aa:aa:aa
[  209.129078][  T147] Bluetooth: hci2: link tx timeout
[  209.134892][  T147] Bluetooth: hci2: killing stalled connection 11:aa:aa:aa:aa:aa
[  209.198557][ T6947] xfrm0 speed is unknown, defaulting to 1000
[  209.864338][ T6954] xfrm0 speed is unknown, defaulting to 1000
[  209.912302][ T6947] sit0 speed is unknown, defaulting to 1000
[  210.335152][ T6954] sit0 speed is unknown, defaulting to 1000
[  210.738675][  T147] Bluetooth: hci2: link tx timeout
[  210.744045][  T147] Bluetooth: hci2: killing stalled connection 11:aa:aa:aa:aa:aa
[  211.791105][  T147] Bluetooth: hci2: link tx timeout
[  211.796392][  T147] Bluetooth: hci2: killing stalled connection 11:aa:aa:aa:aa:aa
[  212.117447][ T7019] page:ffffea000155acc0 refcount:4 mapcount:1 mapping:ffff88801b760350 index:0x0 pfn:0x556b3
[  212.128931][ T7019] memcg:ffff88807b13c000
[  212.133965][ T7019] aops:shmem_aops ino:4a0
[  212.138321][ T7019] flags: 0xfff00000080015(locked|uptodate|lru|swapbacked|node=0|zone=1|lastcpupid=0x7ff)
[  212.148251][ T7019] raw: 00fff00000080015 ffffea00015f7e08 ffffea000173c708 ffff88801b760350
[  212.156848][ T7019] raw: 0000000000000000 0000000000000000 0000000400000000 ffff88807b13c000
[  212.165418][ T7019] page dumped because: VM_BUG_ON_PAGE(page_mapped(page))
[  212.172420][ T7019] page_owner tracks the page as allocated
[  212.178816][ T7019] page last allocated via order 0, migratetype Movable, gfp_mask 0x1100cca(GFP_HIGHUSER_MOVABLE), pid 7020, ts 212107677242, free_ts 211993373604
[  212.194259][ T7019]  get_page_from_freelist+0x1b77/0x1c60
[  212.199989][ T7019]  __alloc_pages+0x1e1/0x470
[  212.204953][ T7019]  alloc_pages_vma+0x393/0x7c0
[  212.209704][ T7019]  shmem_alloc_and_acct_page+0x427/0xb70
[  212.215339][ T7019]  shmem_getpage_gfp+0x14f4/0x2d40
[  212.220464][ T7019]  shmem_read_mapping_page_gfp+0x96/0x100
[  212.226188][ T7019]  udmabuf_create+0x878/0x1540
[  212.230941][ T7019]  udmabuf_ioctl+0x1d1/0x2c0
[  212.235607][ T7019]  __se_sys_ioctl+0xfa/0x170
[  212.240189][ T7019]  do_syscall_64+0x4c/0xa0
[  212.245064][ T7019]  entry_SYSCALL_64_after_hwframe+0x66/0xd0
[  212.250949][ T7019] page last free stack trace:
[  212.255607][ T7019]  free_unref_page_prepare+0x637/0x6c0
[  212.261240][ T7019]  free_unref_page_list+0x122/0x7e0
[  212.266520][ T7019]  release_pages+0x184b/0x1bb0
[  212.271268][ T7019]  tlb_finish_mmu+0x164/0x2e0
[  212.275925][ T7019]  exit_mmap+0x3a6/0x5f0
[  212.280157][ T7019]  __mmput+0x115/0x3b0
[  212.284298][ T7019]  exit_mm+0x567/0x6c0
[  212.288394][ T7019]  do_exit+0x5a1/0x20a0
[  212.292567][ T7019]  do_group_exit+0x12e/0x300
[  212.297180][ T7019]  get_signal+0x6ca/0x12c0
[  212.301781][ T7019]  arch_do_signal_or_restart+0xc1/0x1300
[  212.307670][ T7019]  exit_to_user_mode_loop+0x9e/0x130
[  212.313140][ T7019]  exit_to_user_mode_prepare+0xb1/0x140
[  212.318863][ T7019]  syscall_exit_to_user_mode+0x16/0x40
[  212.324320][ T7019]  do_syscall_64+0x58/0xa0
[  212.328819][ T7019]  entry_SYSCALL_64_after_hwframe+0x66/0xd0
[  212.334786][ T7019] ------------[ cut here ]------------
[  212.340241][ T7019] kernel BUG at mm/filemap.c:166!
[  212.345271][ T7019] invalid opcode: 0000 [#1] PREEMPT SMP KASAN
[  212.351577][ T7019] CPU: 1 PID: 7019 Comm: syz.0.806 Not tainted 5.15.186-syzkaller #0
[  212.359663][ T7019] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  212.369796][ T7019] RIP: 0010:unaccount_page_cache_page+0x75c/0x870
[  212.376295][ T7019] Code: e8 29 5b da ff 4c 89 f7 48 c7 c6 40 fd 12 8a e8 aa db 0d 00 0f 0b e8 13 5b da ff 4c 89 f7 48 c7 c6 80 fd 12 8a e8 94 db 0d 00 <0f> 0b 48 85 ed 75 59 e8 f8 5a da ff eb 5d e8 f1 5a da ff 4c 89 f7
[  212.395978][ T7019] RSP: 0018:ffffc9000350f688 EFLAGS: 00010046
[  212.402037][ T7019] RAX: bc9e526baf044300 RBX: 0000000000000000 RCX: ffff88807cad3b80
[  212.409998][ T7019] RDX: 0000000000000000 RSI: 000000000000ffff RDI: 000000000000ffff
[  212.418832][ T7019] RBP: 1ffffd40002ab599 R08: dffffc0000000000 R09: ffffed1017224f24
[  212.426977][ T7019] R10: ffffed1017224f24 R11: 1ffff11017224f23 R12: ffffea000155acc0
[  212.435036][ T7019] R13: dffffc0000000000 R14: ffffea000155acc0 R15: ffffea000155acc8
[  212.443153][ T7019] FS:  000055558ade5500(0000) GS:ffff8880b9100000(0000) knlGS:0000000000000000
[  212.452082][ T7019] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  212.458675][ T7019] CR2: 00002000000000c8 CR3: 000000004f727000 CR4: 00000000003506e0
[  212.466642][ T7019] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[  212.474614][ T7019] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[  212.482672][ T7019] Call Trace:
[  212.485938][ T7019]  <TASK>
[  212.488858][ T7019]  __delete_from_page_cache+0xbf/0x6b0
[  212.494311][ T7019]  ? _raw_spin_lock_irq+0x7a/0xe0
[  212.499332][ T7019]  ? __bpf_trace_file_check_and_advance_wb_err+0x30/0x30
[  212.506342][ T7019]  ? _raw_spin_lock_irq+0xab/0xe0
[  212.511438][ T7019]  ? _raw_spin_lock_irqsave+0xf0/0xf0
[  212.516798][ T7019]  ? unmap_mapping_page+0x26b/0x320
[  212.521978][ T7019]  ? page_mapping+0x30e/0x440
[  212.526638][ T7019]  delete_from_page_cache+0x121/0x190
[  212.532015][ T7019]  truncate_inode_page+0x8d/0xb0
[  212.536941][ T7019]  shmem_undo_range+0x49b/0x1840
[  212.541869][ T7019]  ? __lock_acquire+0x13ad/0x7c60
[  212.546885][ T7019]  ? shmem_truncate_range+0xa0/0xa0
[  212.552108][ T7019]  ? do_raw_spin_lock+0x11d/0x280
[  212.557123][ T7019]  ? __rwlock_init+0x140/0x140
[  212.561890][ T7019]  shmem_evict_inode+0x20d/0xa00
[  212.566902][ T7019]  ? _raw_spin_unlock+0x24/0x40
[  212.571925][ T7019]  ? inode_wait_for_writeback+0x1b0/0x200
[  212.577634][ T7019]  ? shmem_free_in_core_inode+0xb0/0xb0
[  212.583193][ T7019]  ? do_raw_spin_lock+0x11d/0x280
[  212.588728][ T7019]  ? bit_waitqueue+0x30/0x30
[  212.593439][ T7019]  ? do_raw_spin_unlock+0x11d/0x230
[  212.598633][ T7019]  ? shmem_free_in_core_inode+0xb0/0xb0
[  212.604178][ T7019]  evict+0x485/0x870
[  212.608071][ T7019]  ? proc_nr_inodes+0x320/0x320
[  212.612921][ T7019]  ? do_raw_spin_unlock+0x11d/0x230
[  212.618102][ T7019]  ? _raw_spin_unlock+0x24/0x40
[  212.623114][ T7019]  __dentry_kill+0x431/0x650
[  212.627709][ T7019]  dentry_kill+0xb8/0x290
[  212.632029][ T7019]  dput+0xd8/0x1a0
[  212.636013][ T7019]  __fput+0x5ee/0x930
[  212.640593][ T7019]  task_work_run+0x125/0x1a0
[  212.646045][ T7019]  exit_to_user_mode_loop+0x10f/0x130
[  212.651435][ T7019]  exit_to_user_mode_prepare+0xb1/0x140
[  212.657381][ T7019]  syscall_exit_to_user_mode+0x16/0x40
[  212.663187][ T7019]  do_syscall_64+0x58/0xa0
[  212.667736][ T7019]  ? clear_bhb_loop+0x30/0x80
[  212.672425][ T7019]  ? clear_bhb_loop+0x30/0x80
[  212.677092][ T7019]  entry_SYSCALL_64_after_hwframe+0x66/0xd0
[  212.682978][ T7019] RIP: 0033:0x7ffa34338929
[  212.687383][ T7019] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  212.706982][ T7019] RSP: 002b:00007ffe2d81fe68 EFLAGS: 00000246 ORIG_RAX: 00000000000001b4
[  212.715393][ T7019] RAX: 0000000000000000 RBX: 0000000000033c5b RCX: 00007ffa34338929
[  212.723648][ T7019] RDX: 0000000000000000 RSI: 000000000000001e RDI: 0000000000000003
[  212.731789][ T7019] RBP: 00007ffa34561ba0 R08: 0000000000000001 R09: 0000000c2d82015f
[  212.739761][ T7019] R10: 00007ffa341aa000 R11: 0000000000000246 R12: 00007ffa3455ffac
[  212.748178][ T7019] R13: 00007ffa3455ffa0 R14: ffffffffffffffff R15: 00007ffe2d81ff80
[  212.756263][ T7019]  </TASK>
[  212.759297][ T7019] Modules linked in:
[  212.763297][ T7019] ---[ end trace d4089e20a5919f3f ]---
[  212.768742][ T7019] RIP: 0010:unaccount_page_cache_page+0x75c/0x870
[  212.775149][ T7019] Code: e8 29 5b da ff 4c 89 f7 48 c7 c6 40 fd 12 8a e8 aa db 0d 00 0f 0b e8 13 5b da ff 4c 89 f7 48 c7 c6 80 fd 12 8a e8 94 db 0d 00 <0f> 0b 48 85 ed 75 59 e8 f8 5a da ff eb 5d e8 f1 5a da ff 4c 89 f7
[  212.794865][ T7019] RSP: 0018:ffffc9000350f688 EFLAGS: 00010046
[  212.801014][ T7019] RAX: bc9e526baf044300 RBX: 0000000000000000 RCX: ffff88807cad3b80
[  212.809661][ T7019] RDX: 0000000000000000 RSI: 000000000000ffff RDI: 000000000000ffff
[  212.817986][ T7019] RBP: 1ffffd40002ab599 R08: dffffc0000000000 R09: ffffed1017224f24
[  212.826164][ T7019] R10: ffffed1017224f24 R11: 1ffff11017224f23 R12: ffffea000155acc0
[  212.834669][ T7019] R13: dffffc0000000000 R14: ffffea000155acc0 R15: ffffea000155acc8
[  212.842726][ T7019] FS:  000055558ade5500(0000) GS:ffff8880b9100000(0000) knlGS:0000000000000000
[  212.851650][ T7019] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  212.858233][ T7019] CR2: 00002000000000c8 CR3: 000000004f727000 CR4: 00000000003506e0
[  212.866279][ T7019] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[  212.874241][ T7019] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[  212.882571][ T7019] Kernel panic - not syncing: Fatal exception
[  212.888854][ T7019] Kernel Offset: disabled
[  212.893173][ T7019] Rebooting in 86400 seconds..