last executing test programs:

9.597346254s ago: executing program 2 (id=1192):
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000006680))
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xf, 0x4008032, 0xffffffffffffffff, 0x0)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x15)
tee(0xffffffffffffffff, 0xffffffffffffffff, 0xa, 0x0)
r0 = socket(0x22, 0x2, 0x3)
getsockopt$packet_buf(r0, 0x107, 0x1, &(0x7f0000000240)=""/1, &(0x7f0000002180)=0x1)
syz_genetlink_get_family_id$smc(&(0x7f0000000040), 0xffffffffffffffff)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000000)={0x1, 0x8, &(0x7f0000000dc0)=ANY=[], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000080)={r1, 0x2800000002000000, 0xe, 0x55, &(0x7f0000000140)="a06ad876d56a0064d082778c3938", &(0x7f0000000380)=""/85, 0x0, 0x4000000}, 0x28)
r2 = socket$inet6(0xa, 0x3, 0xff)
connect$inet6(r2, &(0x7f0000000200)={0xa, 0x0, 0x0, @empty}, 0x1c)
setsockopt$SO_TIMESTAMPING(r2, 0x1, 0x41, &(0x7f0000000000)=0x655e, 0x4)
r3 = dup2(r2, r2)
setsockopt$inet6_int(r3, 0x29, 0x4a, &(0x7f0000000580)=0x7ff, 0x4)
write$tun(r3, &(0x7f0000000040)=ANY=[], 0x46)
recvmmsg(r3, &(0x7f00000049c0)=[{{0x0, 0x0, 0x0, 0x0, 0x0, 0x10}}], 0x1, 0x2000, 0x0)
r4 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000340), r3)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000080)={0xffffffffffffffff, <r5=>0xffffffffffffffff})
ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000000)={'lo\x00', <r6=>0x0})
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000002c0)={'wlan1\x00', <r7=>0x0})
sendmsg$NL80211_CMD_ABORT_SCAN(r3, &(0x7f0000000640)={&(0x7f0000000280)={0x10, 0x0, 0x0, 0x4000}, 0xc, &(0x7f0000000600)={&(0x7f00000005c0)={0x1c, 0x0, 0x100, 0x70bd2b, 0x25dfdbfb, {{}, {@val={0x8, 0x3, r7}, @void}}, ["", "", "", "", "", ""]}, 0x1c}, 0x1, 0x0, 0x0, 0x1}, 0x40000)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000500)={&(0x7f00000000c0)=ANY=[@ANYBLOB="440000001000390400"/20, @ANYRES32=r6, @ANYBLOB="00000000000000001c00168018000100001bdb00000000000000000000000004000000000800040000000000"], 0x44}}, 0x0)
getpeername$packet(r3, &(0x7f0000000380)={0x11, 0x0, <r8=>0x0, 0x1, 0x0, 0x6, @local}, &(0x7f00000003c0)=0x14)
sendmsg$ETHTOOL_MSG_EEE_SET(r3, &(0x7f0000000540)={&(0x7f0000000300)={0x10, 0x0, 0x0, 0x4}, 0xc, &(0x7f0000000500)={&(0x7f0000000400)={0x100, r4, 0x2, 0x70bd2c, 0x25dfdbfd, {}, [@ETHTOOL_A_EEE_ENABLED={0x5, 0x5, 0x1}, @ETHTOOL_A_EEE_HEADER={0x2c, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x3}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x7}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r6}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x3}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r8}]}, @ETHTOOL_A_EEE_TX_LPI_ENABLED={0x5}, @ETHTOOL_A_EEE_ENABLED={0x5}, @ETHTOOL_A_EEE_MODES_OURS={0x98, 0x2, 0x0, 0x1, [@ETHTOOL_A_BITSET_NOMASK={0x4}, @ETHTOOL_A_BITSET_MASK={0x86, 0x5, "e18c4427f0e317ea9ee1371e855b06e32dbd50a40ee1bcd87b4b3d01c7db97fa2af265ff50bdf7ef0334f16a52f774e355e3d34c1fa81c7922e65012d480c21d36b4cebb322369e2fefd13a404a26d2f50eb888ba5943aaa36703333963f2b70e6e2be70bb3a9382891a6d8587f38354c73ff01c256542b3eda2d7d36b52fcca6920"}, @ETHTOOL_A_BITSET_SIZE={0x8, 0x2, 0x6}]}, @ETHTOOL_A_EEE_TX_LPI_TIMER={0x8, 0x7, 0x1}, @ETHTOOL_A_EEE_TX_LPI_ENABLED={0x5}]}, 0x100}, 0x1, 0x0, 0x0, 0x1}, 0x0)
bpf$BPF_PROG_ATTACH(0x8, &(0x7f0000000180)={@ifindex=r8, r3, 0x22, 0x2020, r1, @void, @void, @value}, 0x20)
sendmsg$SMC_PNETID_GET(r3, &(0x7f0000000180)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x2}, 0xc, &(0x7f0000000140)={&(0x7f00000000c0)={0x44, 0x0, 0x8, 0x70bd29, 0x25dfdbfe, {}, [@SMC_PNETID_IBNAME={0x9, 0x3, 'syz0\x00'}, @SMC_PNETID_IBNAME={0x9, 0x3, 'syz2\x00'}, @SMC_PNETID_IBNAME={0x9, 0x3, 'syz1\x00'}, @SMC_PNETID_IBNAME={0x9, 0x3, 'syz0\x00'}]}, 0x44}, 0x1, 0x0, 0x0, 0x800}, 0xd1)
sendmsg$SMC_PNETID_ADD(r0, &(0x7f0000000200)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x2000000}, 0xc, &(0x7f00000001c0)={&(0x7f0000000080)={0x14, 0x0, 0x400, 0x70bd31, 0x25dfdbff}, 0x14}, 0x1, 0x0, 0x0, 0x4850}, 0x4000000)
bpf$PROG_LOAD(0x5, &(0x7f0000000700)={0x12, 0xc, &(0x7f0000000140)=ANY=[@ANYBLOB="1800000000000000000000000000000085000000bb000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000003900000095"], &(0x7f0000000100)='syzkaller\x00', 0x0, 0x0, 0x0, 0x40f00, 0x64, '\x00', 0x0, @cgroup_sock_addr=0x1e, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)

9.42250112s ago: executing program 3 (id=1269):
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000480)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000640)=@newlink={0x48, 0x10, 0x437, 0x3, 0x0, {0x0, 0x0, 0x0, 0x0, 0x4048b}, [@IFLA_LINKINFO={0x28, 0x12, 0x0, 0x1, @sit={{0x8}, {0x1c, 0x2, 0x0, 0x1, [@IFLA_IPTUN_REMOTE={0x8, 0x3, @broadcast}, @IFLA_IPTUN_PMTUDISC={0x5}, @IFLA_IPTUN_FLAGS={0x6, 0x8, 0x3}]}}}]}, 0x48}}, 0x0)
r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r1, 0x4018620d, &(0x7f0000000100))
r2 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000180)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f00000003c0)={0x8, 0x0, &(0x7f0000000340)=[@acquire], 0x0, 0x0, 0x0})
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000de0000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b70300000000000085000000720000"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
r3 = socket$netlink(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000200)={'geneve0\x00', <r4=>0x0})
sendmsg$nl_route(r3, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f00000005c0)=ANY=[@ANYBLOB="bc01000010000300"/20, @ANYRES32=r4, @ANYBLOB="0000000000000000140012800b00010067656e657665"], 0x1bc}, 0x1, 0x2}, 0x0)

8.746516782s ago: executing program 3 (id=1272):
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_int(r0, 0x29, 0xcb, &(0x7f0000000000), 0x4)
getsockopt$inet6_buf(r0, 0x29, 0x6, &(0x7f0000000440)=""/19, &(0x7f0000000240)=0x71)
r1 = userfaultfd(0x801)
syz_usb_connect$cdc_ecm(0x0, 0x4d, &(0x7f0000000000)={{0x12, 0x1, 0x250, 0x2, 0x0, 0x0, 0x10, 0x525, 0xa4a1, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x3b, 0x1, 0x1, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x0, 0x2, 0x6, 0x0, 0x0, {{0x5}, {0x5}, {0xd}}}}]}}]}}, &(0x7f00000005c0)={0x0, 0x0, 0x6b, &(0x7f0000000180)={0x5, 0xf, 0x6b, 0x2, [@ss_cap={0xa}, @generic={0x5c, 0x10, 0xa, "d433105171516f2b067de2648f447c1af66e5f7461e8ad5970db450efd34cb7502ab4f23e4fd23cc538862a087701ba96ffa99df16bfcb89b7306ba09d34a9be79765dd771f4a968731f98e10264a4eb770f20c8b60b556b5f"}]}})
ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000000100)={0xaa, 0x1})
ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000000580)={{&(0x7f0000ffc000/0x1000)=nil, 0x1000}, 0x2})
ioctl$UFFDIO_COPY(r1, 0xc028aa05, &(0x7f0000000380)={&(0x7f0000ffc000/0x4000)=nil, &(0x7f0000001000/0x3000)=nil, 0x4000, 0x3})
r2 = fspick(0xffffffffffffffff, &(0x7f0000000000)='./file0\x00', 0x0)
fcntl$setsig(r2, 0xa, 0x16)

6.744682493s ago: executing program 1 (id=1276):
r0 = socket$inet_udp(0x2, 0x2, 0x0)
syz_mount_image$ext4(&(0x7f0000000580)='ext2\x00', &(0x7f00000005c0)='./file0\x00', 0x1008002, &(0x7f0000000600)={[{@nombcache}, {@debug_want_extra_isize={'debug_want_extra_isize', 0x3d, 0x84}}, {@resuid}, {@max_batch_time={'max_batch_time', 0x3d, 0x3}}, {@lazytime}, {@jqfmt_vfsold}, {@usrquota}, {@data_err_abort}]}, 0x1, 0x5d8, &(0x7f0000000c00)="$eJzs3c9vFFUcAPDvbH/QUrSFGBUP0sQYSJSWFjDEeICrIQ3+iBcvVloQKdDQGi2aUBK8mBgvxph48iD+F0rkyklPHrx4MiREDUcT18x2pnTb2ZYubacyn0+y9M17O7w33X773r6+NxtAZQ2m/9Qi9kbEdBLRn8wvlnVGVji48Lx7f39yOn0kUa+/8WcSSZaXPz/JvvZlJ/dExM8/JbGnY2W9M3NXzo9PTU1ezo6HZy9MD8/MXTl47sL42cmzkxdHXxo9dvTI0WMjh9q6rqsFeSevv/9h/2djb3/3zT/JyPe/jSVxPF7Nnrj0OjbKYAw2vifJyqK+YxtdWUk6sp+TpS9x0llig1iX/PXrioinoj864v6L1x+fvlZq44BNVU8i6kBFJeIfKiofB+Tv7Ze/D66VMioBtsLdEwsTACvjv3NhbjB6GnMDO+8lsXRaJ4mI9mbmmu2KiNu3xq6fuTV2PTZpHg4oNn8tIp4uiv+kEf8D0RMDjfivNcV/Oi44lX1N819vs/7lU8XiH7bOQvz3rBr/0SL+31kS/++2Wf/g/eR7vU3x39vuJQEAAAAAAEBl3TwRES8W/f2/trj+JwrW//RFxPENqH9w2fHKv//X7mxANUCBuyciXilc/1vLV/8OdGSpxxrrAbqSM+emJg9FxOMRcSC6dqTHI6vUcfDzPV+3KhvM1v/lj7T+29lawKwddzp3NJ8zMT47/rDXDUTcvRbxTOH632Sx/08K+v/098H0A9ax5/kbp1qVrR3/wGapfxuxv7D/v3/XimT1+3MMN8YDw/moYKVnP/7ih1b1txv/bjEBDy/t/3euHv8DydL79cysv47Dc531VmXtjv+7kzcbt5zpzvI+Gp+dvTwS0Z2c7Ehzm/JH199meBTl8ZDHSxr/B55bff6vaPzfGxHzy/7v5K/mPcW5J//t+71Ve4z/oTxp/E+sq/9ff2L0xsCPrep/sP7/SKOvP5DlmP+DBV/lYdrdnF8Qjp1FRVvdXgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4FNQiYlcktaHFdK02NBTRFxFPxM7a1KWZ2RfOXPrg4kRa1vj8/1r+Sb/9C8dJ/vn/A0uOR5cdH46I3RHxZUdv43jo9KWpibIvHgAAAAAAAAAAAAAAAAAAALaJvhb7/1N/dJTdOmDTdZbdAKA0BfH/SxntALae/h+qS/xDdYl/qC7xD9Ul/qG6xD9Ul/iH6hL/AAAAAADwSNm97+avSUTMv9zbeKS6s7KuUlsGbLZa2Q0ASuMWP1Bdlv5AdXmPDyRrlPe0PGmtM1czffohTgYAAAAAAAAAAACAytm/1/5/qCr7/6G67P+H6sr3/+8ruR3A1vMeH4g1dvIX7v9f8ywAAAAAAAAAAAAAYCPNzF05Pz41NXlZ4q3t0YytTNTr9avpT8F2ac//PJEvhd8u7VmWyPf6PdhZ5f1OAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAmv0XAAD//xYSJMU=")
mount(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000040)='ramfs\x00', 0x0, 0x0)
chdir(&(0x7f00000000c0)='./file0\x00')
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000000)='memory.swap.events\x00', 0x275a, 0x0)
rseq(&(0x7f00000004c0), 0x20, 0x0, 0x0)
close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2)
r1 = timerfd_create(0x0, 0x0)
clock_gettime(0x0, &(0x7f0000000180)={<r2=>0x0, <r3=>0x0})
timerfd_settime(r1, 0x3, &(0x7f0000000440)={{}, {r2, r3+10000000}}, 0x0)
read(r1, &(0x7f0000000240)=""/123, 0x7b)
setsockopt$IPT_SO_SET_REPLACE(r0, 0x4000000000000, 0x40, &(0x7f0000000580)=@raw={'raw\x00', 0x4008, 0x3, 0x240, 0xd8, 0x500b, 0x148, 0xd8, 0x148, 0x1a8, 0x240, 0x240, 0x1a8, 0x240, 0x7fffffe, 0x0, {[{{@ip={@local, @local, 0x0, 0x0, 'ip6gretap0\x00', 'team_slave_0\x00', {}, {}, 0x2f}, 0x0, 0x70, 0xd8}, @unspec=@CT2={0x68, 'CT\x00', 0x2, {0x0, 0x0, 0x0, 0x0, '\x00', 'syz0\x00'}}}, {{@uncond, 0x0, 0x70, 0xd0}, @common=@CLUSTERIP={0x60}}], {{'\x00', 0x0, 0x70, 0x98}, {0x28}}}}, 0x2a0)
r4 = syz_genetlink_get_family_id$ipvs(&(0x7f0000000040), 0xffffffffffffffff)
r5 = socket$can_j1939(0x1d, 0x2, 0x7)
r6 = accept4$alg(r5, 0x0, 0x0, 0x0)
bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f00000001c0), 0x4)
bpf$MAP_LOOKUP_BATCH(0x18, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)="6f04c1e0d51f9853b04212fae74a9b8bec14d7858d136fe880996460d27f66be19e726400c2dab07d28073f196afc18fbc5d7833448238a40b8a2d611aca", 0x0, 0x3, r6}, 0x38)
bpf$PROG_LOAD_XDP(0x5, 0x0, 0x0)
ioctl$VIDIOC_ENUMSTD(0xffffffffffffffff, 0xc0485619, 0x0)
r7 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$IPVS_CMD_NEW_SERVICE(r7, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000240)=ANY=[@ANYBLOB='X\x00\x00\x00', @ANYRES16=r4, @ANYBLOB="010000000000000000000100000044000180060001000a00000008000500000000090c00070000000000000000000800090030002300090006006e6f6e6500000000080008000000000008000b"], 0x58}}, 0x0)
r8 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r8, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000003c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0)
sendmsg$NFT_BATCH(r8, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000b00)={&(0x7f0000001180)={{0x14}, [@NFT_MSG_NEWRULE={0x4c, 0x6, 0xa, 0x401, 0x0, 0x0, {0x2}, [@NFTA_RULE_EXPRESSIONS={0x20, 0x4, 0x0, 0x1, [{0x1c, 0x1, 0x0, 0x1, @bitwise={{0xc}, @val={0xc, 0x2, 0x0, 0x1, [@NFTA_BITWISE_LEN={0x8, 0x3, 0x1, 0x0, 0x2}]}}}]}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_RULE_CHAIN={0x9, 0x2, 'syz2\x00'}]}], {0x14}}, 0x74}}, 0x0)

6.017512568s ago: executing program 2 (id=1279):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
ioctl$KVM_SET_CLOCK(0xffffffffffffffff, 0x4030ae7b, &(0x7f0000000000)={0x4, 0x6, 0x3, 0x4, 0xd1})
r2 = bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0x1, 0x4, &(0x7f0000000100)=ANY=[@ANYBLOB="b40500000000000000008346000000000000009d699928c0b44ceb86367b56c1407ea4c543df957868908f24e12d6674f75cd90b6c33e0ae8e4575ec354d836630ec443a3a2942fa77f3106c2208857c29749f4a66cd4f6ee0ad1f5b3f461b12eb5f895d931ca04af63d91c8b89184a2e351f3be1f9dcafcd25822d2e2ff8b317fc8a3532287ae97baff21ac550665780d3654"], &(0x7f0000003ff6)='GPL\x00', 0x5, 0xc3, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f00000000c0)={0x0, 0x1}, 0x8, 0x10, &(0x7f0000000000), 0x10, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
r3 = socket(0x2, 0x3, 0x23)
setsockopt$MRT_ADD_VIF(r3, 0x0, 0x12, 0x0, 0x0)
ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(0xffffffffffffffff, 0x8933, &(0x7f0000000040)={'batadv0\x00', <r4=>0x0})
ioctl$sock_inet6_SIOCSIFADDR(r3, 0x8916, &(0x7f0000000080)={@private0={0xfc, 0x0, '\x00', 0x4}, 0x101b, r4})
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000240)={{0x1, <r5=>0xffffffffffffffff}, &(0x7f00000001c0), &(0x7f0000000200)=r2}, 0x20)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000300)={{0xffffffffffffffff, <r6=>0xffffffffffffffff}, &(0x7f0000000280), &(0x7f00000002c0)=r2}, 0x20)
r7 = open_tree(0xffffffffffffff9c, &(0x7f0000000380)='./file0\x00', 0x89901)
close_range(r7, 0xffffffffffffffff, 0x2)
fchdir(r7)
r8 = fsopen(&(0x7f0000002200)='ramfs\x00', 0x0)
r9 = fcntl$dupfd(r8, 0x0, r8)
syz_open_dev$vcsn(&(0x7f0000000340), 0x6, 0x80240)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000800)={0x11, 0x10, &(0x7f0000000500)=ANY=[@ANYBLOB="1812008f130223d94bba7a471db754d4c2a8cd6e817a48d8", @ANYRES32, @ANYBLOB="0000000000000000b703000000000000850000000c000000b70000000000000018110000", @ANYRES32, @ANYBLOB="000000001b000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b70400000000000085000000820000001800000003000070bc6dc5ac2589f200"], &(0x7f0000000a80)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', r4, 0x0, r9, 0x8, 0x0, 0x0, 0x10, &(0x7f0000000b00)={0x2, 0x9, 0x20, 0x7}, 0x10, 0x0, 0x0, 0x0, &(0x7f0000000b40)=[r5, r7, r9, r6, r7, r7], &(0x7f0000000380), 0x10, 0x4, @void, @value}, 0x94)
fsconfig$FSCONFIG_SET_STRING(r9, 0x1, &(0x7f0000000100)='mode\x00', &(0x7f0000000140)='\x00', 0x0)
read$FUSE(r9, &(0x7f0000004000)={0x2020}, 0xffffffffffffffce)
bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f00000006c0)=ANY=[@ANYBLOB="0200000004000000080000000100000080000000", @ANYRES32, @ANYBLOB="0000e1ffffffffffffff00000000000000000000ef3af1517964e95c484c0c9dd2054f52c3486d3257e52e1c8883030cc98fb6134ad36da2cc957b75303cda791628cb7a05a9b9a339eb78477bf71689c82237f05fef4711ca5122ababb18f4f34f1ddbba908d8637471296533921b831a8e94089b28c1650494b650c034ce8a9a2d4cac6802f4b616d303b9067e4aff2f8eadf3c5fe89ef034168a972c8d749b20b81698cb60d05e06c61f8b10dd34404b985804f5e655f0c423d0184f6b0ad5e882dcc5b1031fc21a18b906305c21d3213", @ANYRES32=0x0, @ANYRES32, @ANYBLOB="040000000400"/28], 0x48)
bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f0000000680)={0x1}, 0x4)
r10 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000040)='/sys/kernel/notes', 0x0, 0x0)
read$FUSE(r10, 0x0, 0x0)
ioctl$KVM_SET_PIT(0xffffffffffffffff, 0x8048ae66, &(0x7f0000000080)={[{0x5, 0x0, 0x1, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0xfffffffffffffffe}, {0x0, 0xce9, 0x0, 0xc, 0x5, 0xff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000000000009}, {0x1, 0x0, 0xff, 0x0, 0x0, 0x9, 0x9, 0x0, 0x1, 0xf, 0x0, 0x0, 0x5}], 0x5})
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil})
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_XCRS(0xffffffffffffffff, 0x4188aea7, &(0x7f0000000000)=ANY=[@ANYBLOB="000000f8c624a836"])

5.967424312s ago: executing program 3 (id=1280):
io_setup(0x3, &(0x7f0000000000))
timerfd_create(0x0, 0x0)
r0 = syz_mount_image$ext4(&(0x7f0000000240)='ext4\x00', &(0x7f0000000280)='./mnt\x00', 0x0, &(0x7f00000002c0), 0x0, 0x236, &(0x7f0000000300)="$eJzs3TFoM2UcBvDnLomf/b4gVRdBUEFEtFDqJrjURaEgpYgIKlREXJRWqC1urZOLg84qnVyKuFkdpUtxUQSnqh3qImhxsDjoELlcK9VGFFNz8t3vB5fcJe97//e4e95kOS5Aa00nmU/SSTKTpJekON/grnqZPt3cntpfTgaDx38shu3q7dpZv2tJtpI8mGSvLPJiN9nYffro54NH731jvXfPe7tPTU30IE8dHx0+dvLu4usfLjyw8fmX3y8WmU//D8d1+YoRn3WL5Jb/otj/RNFtegT8E0uvfvBVlftbk9w9zH8vZeqT9+baDXu93P/OX/V964cvbp/kWIHLNxj0qt/ArQHQOmWSfopyNkm9Xpazs/V/+K87V8uXVtdemXlhdX3l+aZnKuCy9JPDRz6+8tG1P+X/u06df+D6VeX/iaWdb6r1k07TowEmqcr/zLOb90X+oXXkH9pL/qG95B/aS/6hveQf2kv+ob3kH9pL/qG95B/a63z+AYB2GVxp+g5koClNzz8AAAAAAAAAAAAAAAAAAMBF21P7y2fLpGp++nZy/HCS7qj6neHziJMbh69XfyqqZr8r6m5jeebOMXcwpvcbvvv6pm+brf/ZHc3W31xJtl5LMtftXrz+itPr79+7+W++7z03ZoExPfRks/V/3Wm2/sJB8kk1/8yNmn/K3DZ8Hz3/9KvzN2b9l38ZcwcAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABMzG8BAAD//8n0bSk=")
r1 = openat(0xffffffffffffff9c, &(0x7f0000000540)='mnt\x00', 0x0, 0x0)
ioctl$FS_IOC_ADD_ENCRYPTION_KEY(r0, 0xc0506617, &(0x7f0000000580)={@id, 0x40, 0x0, '\x00', @a})
mkdirat(0xffffffffffffff9c, &(0x7f0000000640)='mnt/encrypted_dir\x00', 0x0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000680)='mnt/encrypted_dir\x00', 0x0, 0x0)
ioctl$FS_IOC_SET_ENCRYPTION_POLICY(r2, 0x800c6613, &(0x7f00000006c0)=@v2={0x2, @aes256, 0x0, '\x00', @a})
chdir(&(0x7f00000002c0)='mnt/encrypted_dir\x00')
syz_mount_image$fuse(0x0, &(0x7f0000000740)='mnt\x00', 0x10430a1, 0x0, 0x0, 0x0, 0x0)
ioctl$FS_IOC_REMOVE_ENCRYPTION_KEY_ALL_USERS(r1, 0xc0406619, &(0x7f0000000080)={@id={0x2, 0x0, @a}})
mprotect(&(0x7f0000000000/0x4000)=nil, 0x4000, 0x1)
mkdir(&(0x7f00000002c0)='./file0\x00', 0x0)
clock_adjtime(0x0, &(0x7f0000000000)={0x3fd, 0xa00, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x100})

5.813491625s ago: executing program 1 (id=1281):
mkdirat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0)
mount$tmpfs(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000280), 0x0, &(0x7f0000000040))
r0 = openat$ocfs2_control(0xffffffffffffff9c, &(0x7f0000000000), 0x102, 0x0)
read$FUSE(r0, &(0x7f0000002240)={0x2020}, 0x2020)
writev(r0, &(0x7f000001fc40), 0x0)

5.627806037s ago: executing program 0 (id=1282):
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000480)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000640)=@newlink={0x48, 0x10, 0x437, 0x3, 0x0, {0x0, 0x0, 0x0, 0x0, 0x4048b}, [@IFLA_LINKINFO={0x28, 0x12, 0x0, 0x1, @sit={{0x8}, {0x1c, 0x2, 0x0, 0x1, [@IFLA_IPTUN_REMOTE={0x8, 0x3, @broadcast}, @IFLA_IPTUN_PMTUDISC={0x5}, @IFLA_IPTUN_FLAGS={0x6, 0x8, 0x3}]}}}]}, 0x48}}, 0x0)
r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r1, 0x4018620d, &(0x7f0000000100))
r2 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000180)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f00000003c0)={0x8, 0x0, &(0x7f0000000340)=[@acquire], 0x0, 0x0, 0x0})
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000de0000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b70300000000000085000000720000"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
r3 = socket$netlink(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000200)={'geneve0\x00', <r4=>0x0})
sendmsg$nl_route(r3, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f00000005c0)=ANY=[@ANYBLOB="bc01000010000300"/20, @ANYRES32=r4, @ANYBLOB="0000000000000000140012800b00010067656e657665"], 0x1bc}, 0x1, 0x2}, 0x0)

5.407601619s ago: executing program 4 (id=1283):
syz_open_dev$video(&(0x7f0000000080), 0x8, 0x0)
pipe2(&(0x7f00000000c0)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x2080)
read$FUSE(r0, &(0x7f00000021c0)={0x2020, 0x0, <r2=>0x0, 0x0, 0x0, <r3=>0x0}, 0x2020)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000000), 0xffffffffffffffff)
socket(0xa, 0x2, 0x0)
r4 = socket$kcm(0x10, 0x2, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x5, 0x0, &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
timer_create(0x0, &(0x7f00000003c0)={0x0, 0x17, 0x1, @tid=r3}, &(0x7f0000000400)=<r5=>0x0)
timer_settime(r5, 0x1, &(0x7f0000000440)={{}, {0x0, 0x989680}}, &(0x7f0000000480))
sendmsg$kcm(r4, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000240)=[{0x0}], 0x1}, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000280)=@newtaction={0x7c, 0x30, 0x9, 0x0, 0x0, {}, [{0x68, 0x1, [@m_mpls={0x64, 0x1, 0x0, 0x0, {{0x9}, {0x4}, {0x38, 0x4, "4c043d2f9d9726ad481c563f2923d96e24e66023a509f2bcf97ae4e5fd8b9d0ec6f8013d7f5a598edf62c5aa725173089f5acc93"}, {0xc, 0x7, {0x1}}, {0xc}}}]}]}, 0x7c}}, 0x0)
write$FUSE_INIT(r1, &(0x7f0000000600)={0x50, 0x0, r2, {0x7, 0x28, 0x5, 0x920001, 0x6, 0x6, 0x9, 0x80000000}}, 0x50)
socket$nl_netfilter(0x10, 0x3, 0xc)
r6 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r6, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000003c0)={{0x14}, [@NFT_MSG_NEWRULE={0x50, 0x6, 0xa, 0x40b, 0x0, 0x0, {0x1, 0x0, 0x1}, [@NFTA_RULE_EXPRESSIONS={0x24, 0x4, 0x0, 0x1, [{0x20, 0x1, 0x0, 0x1, @ct={{0x7}, @val={0x14, 0x2, 0x0, 0x1, [@NFTA_CT_KEY={0x8, 0x2, 0x1, 0x0, 0xf}, @NFTA_CT_DREG={0x8, 0x1, 0x1, 0x0, 0x2}]}}}]}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_RULE_CHAIN={0x9, 0x2, 'syz2\x00'}]}], {0x14}}, 0x78}}, 0x0)
syz_emit_ethernet(0x36, &(0x7f00000000c0)={@local, @link_local, @void, {@ipv4={0x800, @tcp={{0x5, 0x4, 0x0, 0x0, 0x14, 0x0, 0x0, 0x0, 0x6, 0x0, @remote, @local}, {{0x0, 0x4e22, 0x41424344, 0x41424344, 0x0, 0x6, 0x5, 0xc2}}}}}}, 0x0)
r7 = bpf$MAP_CREATE(0x0, &(0x7f0000000680)=@base={0xf, 0x4, 0x8, 0x80000001, 0x0, 0xffffffffffffffff, 0x8, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x50)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000023c0)={0x0, 0x4, &(0x7f0000000480)=ANY=[@ANYBLOB="1500000000"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x14, &(0x7f00000004c0)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYBLOB="752e2cee796279f840dfc8e4fd2e8a7e2329fa72e7197b4b03661e52b4413362d24a83a1860e65559ad6c087460d979b9f4dacda435eee27128a6b730110847f9357702a3f767c52a850e357e51148fb9436eb600fa3b82f6e794d5cc02d0cee02f88b090a39f44bb1d001c3aa4a35a3c6", @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000001"], 0x0, 0x0, 0x19, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
r8 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r8, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000180)=ANY=[@ANYBLOB="440000001000010400000000000000001a000000", @ANYRES32=0x0, @ANYBLOB="0380000000000000140012800b0001006970766c616e00000400028008000500", @ANYBLOB='\b\x00\n'], 0x44}}, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x14, &(0x7f0000000400)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r7], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x1c, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)

5.372549988s ago: executing program 1 (id=1284):
r0 = socket$inet6(0xa, 0x3, 0x7)
r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$nl802154(&(0x7f0000000040), 0xffffffffffffffff)
sendmsg$NL802154_CMD_GET_SEC_DEV(r1, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={0x0}}, 0x0)
setsockopt$inet6_int(r0, 0x29, 0x1000000000021, &(0x7f00000005c0)=0x7fff, 0x4)
r2 = syz_io_uring_setup(0x7e3, &(0x7f0000000100)={0x0, 0x7fa6, 0x400, 0x1, 0x28c}, &(0x7f0000000000), &(0x7f0000000180))
syz_io_uring_setup(0x3611, &(0x7f00000001c0)={0x0, 0xa23c, 0x1, 0x0, 0x35e, 0x0, r2}, &(0x7f0000000240), &(0x7f0000000280))
r3 = socket$nl_netfilter(0x10, 0x3, 0xc)
r4 = socket$inet6_sctp(0xa, 0x5, 0x84)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000880)={&(0x7f00000000c0)='sched_switch\x00'}, 0x10)
setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(r4, 0x84, 0x9, &(0x7f00000001c0)={0x0, @in={{0x2, 0x0, @empty}}, 0x0, 0x0, 0x0, 0x0, 0x90}, 0x9c)
setsockopt$inet_sctp6_SCTP_PEER_ADDR_THLDS(r4, 0x84, 0x85, &(0x7f0000000000)={0x0, @in={{0x2, 0x0, @empty}}, 0x0, 0x7ffe}, 0x90)
sendto$inet6(r4, &(0x7f0000000100)="82", 0x1, 0x0, &(0x7f0000000380)={0xa, 0x0, 0x0, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, 0x8}, 0x1c)
sendmsg$IPCTNL_MSG_CT_NEW(r3, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000240)={0x6c, 0x0, 0x1, 0x409, 0x0, 0x0, {0x2}, [@CTA_TUPLE_ORIG={0x24, 0x1, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @multicast2}, {0x8}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TUPLE_REPLY={0x24, 0x2, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @loopback}, {0x8, 0x2, @empty}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TIMEOUT={0x8}, @CTA_MARK={0x8, 0x8, 0x1, 0x0, 0x1}]}, 0x6c}}, 0x0)
sendmmsg$alg(r0, &(0x7f0000001840)=[{0x20000000, 0xff00, 0x0}], 0x1, 0x0)

5.138314598s ago: executing program 0 (id=1285):
r0 = socket$inet6_udp(0xa, 0x2, 0x0)
setsockopt$IP6T_SO_SET_REPLACE(r0, 0x29, 0x40, &(0x7f0000000800)=@mangle={'mangle\x00', 0x64, 0x6, 0x528, 0xd0, 0x1a0, 0xd0, 0x270, 0x340, 0x480, 0x480, 0x480, 0x480, 0x480, 0x6, 0x0, {[{{@ipv6={@private0, @private1, [0x0, 0xff000000, 0xffffff00], [], 'veth1\x00', 'veth1_vlan\x00', {}, {}, 0x2b}, 0x0, 0xa8, 0xd0, 0x0, {0x0, 0x3a010000}}, @HL={0x28}}, {{@ipv6={@private1, @loopback, [], [], 'tunl0\x00', 'bridge_slave_1\x00'}, 0x0, 0xa8, 0xd0}, @common=@unspec=@STANDARD={0x28, '\x00', 0x0, 0x1a0}}, {{@ipv6={@private0, @remote, [0x0, 0x0, 0x0, 0xff], [], 'veth0_to_team\x00', 'tunl0\x00', {}, {}, 0x11, 0x0, 0x3, 0x44}, 0x0, 0xa8, 0xd0}, @unspec=@CHECKSUM={0x28}}, {{@uncond, 0x0, 0xa8, 0xd0}, @common=@inet=@SYNPROXY={0x28}}, {{@ipv6={@loopback, @private2, [], [], 'syzkaller1\x00', 'veth0_to_batadv\x00'}, 0x0, 0xd0, 0x118, 0x0, {}, [@inet=@rpfilter={{0x28}, {0xc}}]}, @common=@inet=@TEE={0x48, 'TEE\x00', 0x1, {@ipv4=@initdev={0xac, 0x1e, 0x0, 0x0}, 'vlan0\x00'}}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x588)
sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0)
pipe(&(0x7f0000000140)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
r2 = socket$inet_udp(0x2, 0x2, 0x0)
close(r2)
ioctl$EVIOCSFF(0xffffffffffffffff, 0x40304580, 0x0)
sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0)
write$binfmt_misc(r1, &(0x7f0000000000), 0xfffffecc)
r3 = socket(0x10, 0x3, 0x0)
close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2)
tee(r3, r3, 0xb9, 0xa)
read$msr(0xffffffffffffffff, &(0x7f0000019680)=""/102392, 0x18ff8)
r4 = socket$nl_route(0x10, 0x3, 0x0)
r5 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r5, 0x8933, &(0x7f0000000040)={'batadv_slave_1\x00', <r6=>0x0})
sendmsg$nl_route(r4, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000000)=ANY=[@ANYBLOB="3000000014000905000000000000000002190000", @ANYRES32=r6, @ANYBLOB="08000200ac"], 0x30}}, 0x0)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000240)=ANY=[@ANYBLOB="1c00000020000f0000f901000000000002"], 0x1c}}, 0x0)

4.315297005s ago: executing program 2 (id=1286):
r0 = socket$inet6_udp(0xa, 0x2, 0x0)
setsockopt$IP6T_SO_SET_REPLACE(r0, 0x29, 0x40, &(0x7f0000000800)=@mangle={'mangle\x00', 0x64, 0x6, 0x528, 0xd0, 0x1a0, 0xd0, 0x270, 0x340, 0x480, 0x480, 0x480, 0x480, 0x480, 0x6, 0x0, {[{{@ipv6={@private0, @private1, [0x0, 0xff000000, 0xffffff00], [], 'veth1\x00', 'veth1_vlan\x00', {}, {}, 0x2b}, 0x0, 0xa8, 0xd0, 0x0, {0x0, 0x3a010000}}, @HL={0x28}}, {{@ipv6={@private1, @loopback, [], [], 'tunl0\x00', 'bridge_slave_1\x00'}, 0x0, 0xa8, 0xd0}, @common=@unspec=@STANDARD={0x28, '\x00', 0x0, 0x1a0}}, {{@ipv6={@private0, @remote, [0x0, 0x0, 0x0, 0xff], [], 'veth0_to_team\x00', 'tunl0\x00', {}, {}, 0x11, 0x0, 0x3, 0x44}, 0x0, 0xa8, 0xd0}, @unspec=@CHECKSUM={0x28}}, {{@uncond, 0x0, 0xa8, 0xd0}, @common=@inet=@SYNPROXY={0x28}}, {{@ipv6={@loopback, @private2, [], [], 'syzkaller1\x00', 'veth0_to_batadv\x00'}, 0x0, 0xd0, 0x118, 0x0, {}, [@inet=@rpfilter={{0x28}, {0xc}}]}, @common=@inet=@TEE={0x48, 'TEE\x00', 0x1, {@ipv4=@initdev={0xac, 0x1e, 0x0, 0x0}, 'vlan0\x00'}}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x588)
sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0)
pipe(&(0x7f0000000140)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
r2 = socket$inet_udp(0x2, 0x2, 0x0)
close(r2)
ioctl$EVIOCSFF(0xffffffffffffffff, 0x40304580, 0x0)
sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0)
write$binfmt_misc(r1, &(0x7f0000000000), 0xfffffecc)
r3 = socket(0x10, 0x3, 0x0)
close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2)
tee(r3, r3, 0xb9, 0xa)
read$msr(0xffffffffffffffff, &(0x7f0000019680)=""/102392, 0x18ff8)
r4 = socket$nl_route(0x10, 0x3, 0x0)
r5 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r5, 0x8933, &(0x7f0000000040)={'batadv_slave_1\x00', <r6=>0x0})
sendmsg$nl_route(r4, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000000)=ANY=[@ANYBLOB="3000000014000905000000000000000002190000", @ANYRES32=r6, @ANYBLOB="08000200ac1414aa"], 0x30}}, 0x0)
r7 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r7, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000240)=ANY=[@ANYBLOB="1c00000020000f0000f901000000000002"], 0x1c}}, 0x0)

4.282675057s ago: executing program 3 (id=1287):
r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0)
r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000180)='./binderfs/binder0\x00', 0x0, 0x0)
r2 = dup3(r1, r0, 0x0)
ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000540)={0x8, 0x200000000000000, &(0x7f0000000480)=[@decrefs], 0x0, 0x0, 0x0})

4.103478589s ago: executing program 4 (id=1288):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000023c0)={0x6, 0x4, &(0x7f0000002180)=ANY=[@ANYBLOB="180200000000000000000000cfffffff850000001700000095"], &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90)
r1 = socket$inet_icmp_raw(0x2, 0x3, 0x1)
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000100)={'veth0_to_bond\x00', <r2=>0x0})
bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f00000003c0)={r0, r2, 0x25, 0x0, @val=@uprobe_multi={0x0, 0x0}}, 0x40)
r3 = socket$inet6_udp(0xa, 0x2, 0x0)
ioctl$sock_SIOCETHTOOL(r3, 0x8946, &(0x7f00000002c0)={'bond_slave_0\x00', &(0x7f0000000280)=@ethtool_channels={0x3d, 0x0, 0x0, 0x0, 0x0, 0x1, 0x2}}) (async)
r4 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r4, &(0x7f0000000280)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb(cipher_null)\x00'}, 0x58)
socket$inet(0x2, 0x80002, 0xc3a) (async)
r5 = accept4(r4, 0x0, 0x0, 0x800)
ioctl$int_in(r5, 0x5452, &(0x7f0000000140)=0x9) (async)
recvmsg$qrtr(r5, &(0x7f0000006740)={0x0, 0x0, 0x0}, 0x38, 0x0)
ioctl$F2FS_IOC_DEFRAGMENT(r5, 0xc010f508, &(0x7f0000000000)={0x1, 0x4})

3.778990782s ago: executing program 0 (id=1289):
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000006680))
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xf, 0x4008032, 0xffffffffffffffff, 0x0)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x15)
tee(0xffffffffffffffff, 0xffffffffffffffff, 0xa, 0x0)
r0 = socket(0x22, 0x2, 0x3)
getsockopt$packet_buf(r0, 0x107, 0x1, &(0x7f0000000240)=""/1, &(0x7f0000002180)=0x1)
syz_genetlink_get_family_id$smc(&(0x7f0000000040), 0xffffffffffffffff)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000000)={0x1, 0x8, &(0x7f0000000dc0)=ANY=[], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000080)={r1, 0x2800000002000000, 0xe, 0x55, &(0x7f0000000140)="a06ad876d56a0064d082778c3938", &(0x7f0000000380)=""/85, 0x0, 0x4000000}, 0x28)
r2 = socket$inet6(0xa, 0x3, 0xff)
connect$inet6(r2, &(0x7f0000000200)={0xa, 0x0, 0x0, @empty}, 0x1c)
setsockopt$SO_TIMESTAMPING(r2, 0x1, 0x41, &(0x7f0000000000)=0x655e, 0x4)
r3 = dup2(r2, r2)
setsockopt$inet6_int(r3, 0x29, 0x4a, &(0x7f0000000580)=0x7ff, 0x4)
write$tun(r3, &(0x7f0000000040)=ANY=[], 0x46)
recvmmsg(r3, &(0x7f00000049c0)=[{{0x0, 0x0, 0x0, 0x0, 0x0, 0x10}}], 0x1, 0x2000, 0x0)
r4 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000340), r3)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000080)={0xffffffffffffffff, <r5=>0xffffffffffffffff})
ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000000)={'lo\x00', <r6=>0x0})
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000002c0)={'wlan1\x00', <r7=>0x0})
sendmsg$NL80211_CMD_ABORT_SCAN(r3, &(0x7f0000000640)={&(0x7f0000000280)={0x10, 0x0, 0x0, 0x4000}, 0xc, &(0x7f0000000600)={&(0x7f00000005c0)={0x1c, 0x0, 0x100, 0x70bd2b, 0x25dfdbfb, {{}, {@val={0x8, 0x3, r7}, @void}}, ["", "", "", "", "", ""]}, 0x1c}, 0x1, 0x0, 0x0, 0x1}, 0x40000)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000500)={&(0x7f00000000c0)=ANY=[@ANYBLOB="440000001000390400"/20, @ANYRES32=r6, @ANYBLOB="00000000000000001c00168018000100001bdb00000000000000000000000004000000000800040000000000"], 0x44}}, 0x0)
getpeername$packet(r3, &(0x7f0000000380)={0x11, 0x0, <r8=>0x0, 0x1, 0x0, 0x6, @local}, &(0x7f00000003c0)=0x14)
sendmsg$ETHTOOL_MSG_EEE_SET(r3, &(0x7f0000000540)={&(0x7f0000000300)={0x10, 0x0, 0x0, 0x4}, 0xc, &(0x7f0000000500)={&(0x7f0000000400)={0x100, r4, 0x2, 0x70bd2c, 0x25dfdbfd, {}, [@ETHTOOL_A_EEE_ENABLED={0x5, 0x5, 0x1}, @ETHTOOL_A_EEE_HEADER={0x2c, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x3}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x7}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r6}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x3}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r8}]}, @ETHTOOL_A_EEE_TX_LPI_ENABLED={0x5}, @ETHTOOL_A_EEE_ENABLED={0x5}, @ETHTOOL_A_EEE_MODES_OURS={0x98, 0x2, 0x0, 0x1, [@ETHTOOL_A_BITSET_NOMASK={0x4}, @ETHTOOL_A_BITSET_MASK={0x86, 0x5, "e18c4427f0e317ea9ee1371e855b06e32dbd50a40ee1bcd87b4b3d01c7db97fa2af265ff50bdf7ef0334f16a52f774e355e3d34c1fa81c7922e65012d480c21d36b4cebb322369e2fefd13a404a26d2f50eb888ba5943aaa36703333963f2b70e6e2be70bb3a9382891a6d8587f38354c73ff01c256542b3eda2d7d36b52fcca6920"}, @ETHTOOL_A_BITSET_SIZE={0x8, 0x2, 0x6}]}, @ETHTOOL_A_EEE_TX_LPI_TIMER={0x8, 0x7, 0x1}, @ETHTOOL_A_EEE_TX_LPI_ENABLED={0x5}]}, 0x100}, 0x1, 0x0, 0x0, 0x1}, 0x0)
bpf$BPF_PROG_ATTACH(0x8, &(0x7f0000000180)={@ifindex=r8, r3, 0x22, 0x2020, r1, @void, @void, @value}, 0x20)
sendmsg$SMC_PNETID_GET(r3, &(0x7f0000000180)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x2}, 0xc, &(0x7f0000000140)={&(0x7f00000000c0)={0x44, 0x0, 0x8, 0x70bd29, 0x25dfdbfe, {}, [@SMC_PNETID_IBNAME={0x9, 0x3, 'syz0\x00'}, @SMC_PNETID_IBNAME={0x9, 0x3, 'syz2\x00'}, @SMC_PNETID_IBNAME={0x9, 0x3, 'syz1\x00'}, @SMC_PNETID_IBNAME={0x9, 0x3, 'syz0\x00'}]}, 0x44}, 0x1, 0x0, 0x0, 0x800}, 0xd1)
sendmsg$SMC_PNETID_ADD(r0, &(0x7f0000000200)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x2000000}, 0xc, &(0x7f00000001c0)={&(0x7f0000000080)={0x14, 0x0, 0x400, 0x70bd31, 0x25dfdbff}, 0x14}, 0x1, 0x0, 0x0, 0x4850}, 0x4000000)
bpf$PROG_LOAD(0x5, &(0x7f0000000700)={0x12, 0xc, &(0x7f0000000140)=ANY=[@ANYBLOB="1800000000000000000000000000000085000000bb000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000003900000095"], &(0x7f0000000100)='syzkaller\x00', 0x0, 0x0, 0x0, 0x40f00, 0x64, '\x00', 0x0, @cgroup_sock_addr=0x1e, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)

3.437120973s ago: executing program 4 (id=1290):
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='cpuacct.usage_percpu_sys\x00', 0x275a, 0x0)
write$binfmt_script(r0, &(0x7f0000000900)={'#! ', './file0', [{0x20, 'H9\xeba\x9e\xdb'}], 0xa, "e6709d6a1d1cc30f94601c55423aa55bb60d0232212bb4b8f2e877c1098ec6cca3c5c20322bf9945c77c60f710be3af12fe1"}, 0x44)
syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f0000000140)='./bus\x00', 0x400e, &(0x7f00000002c0)={[{@grpid}, {@nobh}, {@data_err_ignore}, {@nolazytime}, {@mb_optimize_scan={'mb_optimize_scan', 0x3d, 0x1}}, {@acl}]}, 0x1, 0x42f, &(0x7f0000000fc0)="$eJzs289rHFUcAPDvzCat/WViqT+aVo1WMfgjadJae/CiKHhQEPRQjzFJS+y2kSaCLUGjSD1Kwbt4FPwLPOlF1JPgVe9SKJJLq6eV2Z1Jdje7aZJustX9fGCS92be8t53Z97ue/N2AuhZw9mfJGJ/RPweEQO1bGOB4dq/W8uLU38vL04lUam89VdSLXdzeXGqKFq8bl+R6YtIP0viSIt65y9fOT9ZLs9cyvNjCxfeH5u/fOW52QuT52bOzVycOH365InxF05NPN+ROLO4bg59NHf08GvvXHtj6sy1d3/+Ninib4qjQ4bXO/hkpdLh6rrrQF066etiQ9iUUq2bRn+1/w9EKVZP3kC8+mlXGwdsq0qlUnmg/eGlCvA/lkS3WwB0R/FFn81/i22Hhh53hRsv1SZAWdy38q12pC/SvEx/0/y2k4Yj4szSP19lW2zPfQgAgAbfZ+OfZ1uN/9Kovy90b76GMhgR90XEwYg4FRGHIuL+iGrZByPioU3W37xIsnb8k17fUmAblI3/XszXthrHf8XoLwZLee5ANf7+5OxseeZ4/p6MRP/uLD++Th0/vPLbF+2O1Y//si2rvxgL5u243re78TXTkwuTdxJzvRufRAz1tYo/WVkJSCLicEQMbbGO2ae/Odru2O3jX0cH1pkqX0c8VTv/S9EUfyFZf31y7J4ozxwfK66KtX759eqb7eq/o/g7IDv/e1te/yvxDyb167Xzm6/j6h+ft53TbPX635W83bDvw8mFhUvjEbuS12uNrt8/0VRuYrV8Fv/Isdb9/2CsvhNHIiK7iB+OiEci4tG87Y9FxOMRcWyd+H96+Yn3th7/9srin97U+V9N7IrmPa0TpfM/ftdQ6eBm4s/O/8lqaiTfs5HPv420a2tXMwAAAPz3pBGxP5J0dCWdpqOjtd/wH4q9aXlufuGZs3MfXJyuPSMwGP1pcadroO5+6Hg+rS/yE035E/l94y9Le6r50am58nS3g4cet69N/8/8Wep264Bt53kt6F36P/Qu/R96l/4PvatF/9/TjXYAO6/V9//HXWgHsPOa+r9lP+gh5v/Qu/R/6F36P/Sk+T1x+4fkJSTWJCK9K5ohsU2Jbn8yAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAdMa/AQAA//9QOObV")
setrlimit(0x1, &(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff})
r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000340)={0x18, 0x3, &(0x7f0000000080)=ANY=[@ANYBLOB="1800000000000a0000000000000000009500000000000000"], &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x80)
r2 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000600)={&(0x7f00000001c0)='sched_process_wait\x00', r1}, 0x10)
r3 = bpf$ITER_CREATE(0xb, &(0x7f0000000100)={r2}, 0x8)
socket$nl_netfilter(0x10, 0x3, 0xc)
r4 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[], &(0x7f0000000100)='GPL\x00', 0x6, 0x0, 0x0, 0x0, 0x20, '\x00', 0x0, 0x2, r3, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000140)='contention_end\x00', r4}, 0x10)
r5 = syz_open_dev$cec(&(0x7f0000000000), 0xffffffffffffffff, 0x0)
ioctl$CEC_DQEVENT(r5, 0xc0506107, 0x0)
r6 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$net_dm(&(0x7f00000000c0), r6)
socket$qrtr(0x2a, 0x2, 0x0)
socket$can_bcm(0x1d, 0x2, 0x2)
pselect6(0x40, &(0x7f00000001c0), 0x0, &(0x7f0000000080)={0x3ff}, 0x0, 0x0)
ioctl$IOC_PR_PREEMPT(r5, 0x40046109, &(0x7f0000000040)={0xd0})
r7 = open(&(0x7f00000000c0)='./bus\x00', 0xca942, 0x0)
ftruncate(r7, 0x8002007ffb)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1, 0x10012, r0, 0x0)
r8 = socket$inet6_sctp(0xa, 0x1, 0x84)
setsockopt$inet_sctp_SCTP_SOCKOPT_BINDX_ADD(r8, 0x84, 0x64, &(0x7f0000000040)=[@in6={0xa, 0x4e23, 0x0, @loopback}], 0x1c)
sendmmsg$inet6(r8, &(0x7f00000001c0)=[{{&(0x7f0000000080)={0xa, 0x4e23, 0xfffffffc, @loopback}, 0x1c, &(0x7f0000000640)=[{&(0x7f0000000140)="03", 0x1}], 0x1}}, {{0x0, 0x0, &(0x7f0000000980)=[{&(0x7f0000000500)="c4", 0x1}], 0x1}}], 0x2, 0x0)
socket$xdp(0x2c, 0x3, 0x0)
write(0xffffffffffffffff, &(0x7f0000000300), 0x0)
readv(0xffffffffffffffff, 0x0, 0x0)
syz_mount_image$squashfs(&(0x7f0000000180), &(0x7f0000000000)='./file0\x00', 0x0, &(0x7f0000000b80)=ANY=[@ANYRES16=0x0, @ANYRESDEC, @ANYRESHEX, @ANYRESDEC, @ANYRES8=0x0, @ANYRES64, @ANYBLOB="01ce6671a3b30f673148672100038bbb4413ea284b892438cdddda3da4c78d940655fbd68a286059c5766f98f85fb413503eaf8c90a24dda1e09f68cd741168d69dae50652ca7b67c5b0a27ab80ff9afa5000443de8c748e1d5beabee7c1346b215f641ae190d56ea4ab81bacd909929deb5757040e8d5b2752ea779c30f600bd516a68d881e7fc7289826d49e35134a94e27f115c8195a0f152cbd840ffdb008356c72319cceb43ccb1280556efdf0fdf582fd3cfc830dff1787f000000b7400f5aef57b6dcbfde7af6012383adb085c40e4c295c2a3be750a42400e58523d24b8eecd75caabcee22347bdb78b72b400d080a044ebde5d39ad91ff0ef75aa244381cf00cd6fe9b9a92a9968104bf02481022af426853287e521a4e3cfe480f984efcea1359ff932ebd3bc75aefea41074799f3502a7472a6686b4011a41d7f0cfb25b3dc3077b4e8ded17cfff2b1d59bc12f637c36690f5ca91ee999ec138f6ce66522e652939a37435edb78f9ae18489f9d2b73c81609399f0d123f1721171bd72c012623f04d8965d3e5785d057c15798ab36af821c9b308731422ba3858b9895ace14068ea58f8cb6060c205caf209a73628eff5b9270a4a55c2d7fc59a4fe6e023bd424d8b010e2232d1b2e6ca603b466b2c82afff4a8cc469e8664d54769fc97df122b3ff8c34354dad46f900eaf6e72e538c0595caa056984ab8974af7cdae5bde6a12f412fe2a876aa191e78e91fbf780e2f4a20f57d41376b29f990ce63aa6edf622d2203fee37df269abf869d13b175852b775fff70491d1e5d1311b7eef954a101ddb98c5ba2b312528485ece7aff23cc6fee599daea0fca71a5970cf0fc82b49640cc3fabbc401dead4f83aa0c4072a9e98ab5afb790be17961fc073e2f8f800000000000000005089d6db5ad893ee9b22b9250d01980952d0a3e0076c877556fa43f90cb574fd6ad67398ac4d9f8ff4e3ef09f99220928602523adc2289b51328ac152bd7edc66d4e962cbc2d2b0c5f8e48384eff563a10787b0199642385e811504e7168804114842d51f42dd6937515fa64b2fd14ef427072c6556b99171bd00165a9aada7173f001679ac791ee67188c670f583f7b1f8df68b97f4dcb5652f2b13aa941b7ff56c48fb7162e91ef53c70938a92e4bf55d65319f74766a309722f767fc8f3db2a194a2f098336601be2edcbcc9b562f2fc64e2deff9a16e84f1e8bc5fb82c91f4d10e34f5a093fc4fcbdb89342274857c8e6aa8864b3214f51b9e515bf645235007cede80ff5931bff340780a3b43bc0466340c195a515f779d0333dd467bb665508d9c89e18e86d1975e273f937e3bd1", @ANYRESOCT=0x0, @ANYRES32=0x0], 0x1, 0x1e9, &(0x7f0000000980)="$eJzslc1qU0EUx39z76RpNIuuXRUsthttcwviG9gH8AEM6bUWb/zoDWhCweimGxfiSxR8CheC7l2ICG7qQkEXFVcVicydM+OEBGKlCoX5Qzgfcz5z55y5Wd4r68DPw90OC1RQNHmvFBpYVlZ3NGfpN6EjwSdt5Zbonwv9KLTsD948sezgVrso8p2yP4NRCmbZFCMsI+kZN9JTkjnLmaFfPx7XKKYaJ8Af9XMijMk2cdRLbUuTXk/HNPVpNuLLfyj+75nFY9wb26llvjfHr8Tnky6sxr/uHbzmR3P2Z3r3zH7OqTapuDcmJuW0McmxvEpkfZVXHyV8rYS3h7sdw1yXLWZ0m/bnRqKyMcLLwOachiGolJGPo6ttCcvAaq97d7XsDy5ud9tb+VZ+O8vWL6+9OisjOnoI20W+poIyzFDj9hJg5rQRnNeAD7/PhwRQQWkGZ0DJzvUh3XJeOR84NiAJfMMYNu4Ln78uupQu17jAPHB/qBYhw/5bS5homhumtQ0UqQgtHdQJRyTMVweXOneKzT0Uyrnto32M1gE1L2QimET5+hXf/p7QJaEbQveFHgh1b5d7k3QV4YtIK0OY40G719upHi/LeV3mddmCz5xIVvcaKldJnYiIiIiIiIiIU4JfAQAA//9E3UGM")
openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x0, 0x0)
syz_open_dev$sndpcmp(0x0, 0x0, 0x0)

3.329133418s ago: executing program 1 (id=1291):
r0 = socket$inet_udp(0x2, 0x2, 0x0)
syz_mount_image$ext4(&(0x7f0000000580)='ext2\x00', &(0x7f00000005c0)='./file0\x00', 0x1008002, &(0x7f0000000600)={[{@nombcache}, {@debug_want_extra_isize={'debug_want_extra_isize', 0x3d, 0x84}}, {@resuid}, {@max_batch_time={'max_batch_time', 0x3d, 0x3}}, {@lazytime}, {@jqfmt_vfsold}, {@usrquota}, {@data_err_abort}]}, 0x1, 0x5d8, &(0x7f0000000c00)="$eJzs3c9vFFUcAPDvbH/QUrSFGBUP0sQYSJSWFjDEeICrIQ3+iBcvVloQKdDQGi2aUBK8mBgvxph48iD+F0rkyklPHrx4MiREDUcT18x2pnTb2ZYubacyn0+y9M17O7w33X773r6+NxtAZQ2m/9Qi9kbEdBLRn8wvlnVGVji48Lx7f39yOn0kUa+/8WcSSZaXPz/JvvZlJ/dExM8/JbGnY2W9M3NXzo9PTU1ezo6HZy9MD8/MXTl47sL42cmzkxdHXxo9dvTI0WMjh9q6rqsFeSevv/9h/2djb3/3zT/JyPe/jSVxPF7Nnrj0OjbKYAw2vifJyqK+YxtdWUk6sp+TpS9x0llig1iX/PXrioinoj864v6L1x+fvlZq44BNVU8i6kBFJeIfKiofB+Tv7Ze/D66VMioBtsLdEwsTACvjv3NhbjB6GnMDO+8lsXRaJ4mI9mbmmu2KiNu3xq6fuTV2PTZpHg4oNn8tIp4uiv+kEf8D0RMDjfivNcV/Oi44lX1N819vs/7lU8XiH7bOQvz3rBr/0SL+31kS/++2Wf/g/eR7vU3x39vuJQEAAAAAAEBl3TwRES8W/f2/trj+JwrW//RFxPENqH9w2fHKv//X7mxANUCBuyciXilc/1vLV/8OdGSpxxrrAbqSM+emJg9FxOMRcSC6dqTHI6vUcfDzPV+3KhvM1v/lj7T+29lawKwddzp3NJ8zMT47/rDXDUTcvRbxTOH632Sx/08K+v/098H0A9ax5/kbp1qVrR3/wGapfxuxv7D/v3/XimT1+3MMN8YDw/moYKVnP/7ih1b1txv/bjEBDy/t/3euHv8DydL79cysv47Dc531VmXtjv+7kzcbt5zpzvI+Gp+dvTwS0Z2c7Ehzm/JH199meBTl8ZDHSxr/B55bff6vaPzfGxHzy/7v5K/mPcW5J//t+71Ve4z/oTxp/E+sq/9ff2L0xsCPrep/sP7/SKOvP5DlmP+DBV/lYdrdnF8Qjp1FRVvdXgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4FNQiYlcktaHFdK02NBTRFxFPxM7a1KWZ2RfOXPrg4kRa1vj8/1r+Sb/9C8dJ/vn/A0uOR5cdH46I3RHxZUdv43jo9KWpibIvHgAAAAAAAAAAAAAAAAAAALaJvhb7/1N/dJTdOmDTdZbdAKA0BfH/SxntALae/h+qS/xDdYl/qC7xD9Ul/qG6xD9Ul/iH6hL/AAAAAADwSNm97+avSUTMv9zbeKS6s7KuUlsGbLZa2Q0ASuMWP1Bdlv5AdXmPDyRrlPe0PGmtM1czffohTgYAAAAAAAAAAACAytm/1/5/qCr7/6G67P+H6sr3/+8ruR3A1vMeH4g1dvIX7v9f8ywAAAAAAAAAAAAAYCPNzF05Pz41NXlZ4q3t0YytTNTr9avpT8F2ac//PJEvhd8u7VmWyPf6PdhZ5f1OAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAmv0XAAD//xYSJMU=")
mount(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000040)='ramfs\x00', 0x0, 0x0)
chdir(&(0x7f00000000c0)='./file0\x00')
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000000)='memory.swap.events\x00', 0x275a, 0x0)
rseq(&(0x7f00000004c0), 0x20, 0x0, 0x0)
close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2)
r1 = timerfd_create(0x0, 0x0)
clock_gettime(0x0, &(0x7f0000000180)={<r2=>0x0, <r3=>0x0})
timerfd_settime(r1, 0x3, &(0x7f0000000440)={{}, {r2, r3+10000000}}, 0x0)
read(r1, &(0x7f0000000240)=""/123, 0x7b)
setsockopt$IPT_SO_SET_REPLACE(r0, 0x4000000000000, 0x40, &(0x7f0000000580)=@raw={'raw\x00', 0x4008, 0x3, 0x240, 0xd8, 0x500b, 0x148, 0xd8, 0x148, 0x1a8, 0x240, 0x240, 0x1a8, 0x240, 0x7fffffe, 0x0, {[{{@ip={@local, @local, 0x0, 0x0, 'ip6gretap0\x00', 'team_slave_0\x00', {}, {}, 0x2f}, 0x0, 0x70, 0xd8}, @unspec=@CT2={0x68, 'CT\x00', 0x2, {0x0, 0x0, 0x0, 0x0, '\x00', 'syz0\x00'}}}, {{@uncond, 0x0, 0x70, 0xd0}, @common=@CLUSTERIP={0x60}}], {{'\x00', 0x0, 0x70, 0x98}, {0x28}}}}, 0x2a0)
r4 = syz_genetlink_get_family_id$ipvs(&(0x7f0000000040), 0xffffffffffffffff)
r5 = socket$can_j1939(0x1d, 0x2, 0x7)
r6 = accept4$alg(r5, 0x0, 0x0, 0x0)
bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f00000001c0), 0x4)
bpf$MAP_LOOKUP_BATCH(0x18, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)="6f04c1e0d51f9853b04212fae74a9b8bec14d7858d136fe880996460d27f66be19e726400c2dab07d28073f196afc18fbc5d7833448238a40b8a2d611aca", 0x0, 0x3, r6}, 0x38)
bpf$PROG_LOAD_XDP(0x5, 0x0, 0x0)
ioctl$VIDIOC_ENUMSTD(0xffffffffffffffff, 0xc0485619, 0x0)
r7 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$IPVS_CMD_NEW_SERVICE(r7, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000240)=ANY=[@ANYBLOB='X\x00\x00\x00', @ANYRES16=r4, @ANYBLOB="010000000000000000000100000044000180060001000a00000008000500000000090c00070000000000000000000800090030002300090006006e6f6e6500000000080008000000000008000b"], 0x58}}, 0x0)
r8 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r8, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000003c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0)
sendmsg$NFT_BATCH(r8, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000b00)={&(0x7f0000001180)={{0x14}, [@NFT_MSG_NEWRULE={0x4c, 0x6, 0xa, 0x401, 0x0, 0x0, {0x2}, [@NFTA_RULE_EXPRESSIONS={0x20, 0x4, 0x0, 0x1, [{0x1c, 0x1, 0x0, 0x1, @bitwise={{0xc}, @val={0xc, 0x2, 0x0, 0x1, [@NFTA_BITWISE_LEN={0x8, 0x3, 0x1, 0x0, 0x2}]}}}]}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_RULE_CHAIN={0x9, 0x2, 'syz2\x00'}]}], {0x14}}, 0x74}}, 0x0)

3.023373115s ago: executing program 3 (id=1292):
r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1)
setsockopt$inet_int(r0, 0x0, 0xb, &(0x7f0000000180)=0x4, 0x4)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000140)={0x6, 0x3, &(0x7f0000000680)=ANY=[@ANYBLOB="1800000002000000000000000000000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90)
r1 = socket$packet(0x11, 0x3, 0x300)
setsockopt$packet_int(r1, 0x107, 0xf, &(0x7f00000010c0)=0x5, 0x4)
setsockopt$packet_rx_ring(r1, 0x107, 0x5, &(0x7f0000000000)=@req3={0x1000, 0x3a, 0x1000, 0x3a}, 0x1c)
setsockopt$packet_int(0xffffffffffffffff, 0x107, 0xf, &(0x7f0000000100)=0x9, 0x4)
r2 = socket$nl_rdma(0x10, 0x3, 0x14)
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000000)={'bridge0\x00', <r3=>0x0})
sendto$packet(0xffffffffffffffff, &(0x7f0000000180)="02030c65be4002000000ab5d71acedd7c9560385dcb1080084d7dc039806112405ce811c", 0x24, 0x0, &(0x7f0000000140)={0x11, 0x0, r3, 0x1, 0x0, 0x6, @broadcast}, 0x14)
r4 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000480)={0x6, 0x3, &(0x7f0000000680)=ANY=[], &(0x7f00000002c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90)
bpf$ITER_CREATE(0x21, 0x0, 0x0)
socket$packet(0x11, 0x2, 0x300)
r5 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000480)={0x6, 0x3, &(0x7f0000000680)=ANY=[@ANYBLOB="18000000020000000000000000"], &(0x7f00000002c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000600)={r5, 0x5, 0xb68, 0x560b0007, &(0x7f0000000000)="259a53f271a76d2610054c6588a8", 0x0, 0xd01, 0x2a0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x48)
syz_emit_ethernet(0x3e, &(0x7f0000000000)={@dev, @empty, @void, {@ipv4={0x800, @icmp={{0x5, 0x4, 0x0, 0x0, 0x30, 0x0, 0x0, 0x0, 0x1, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}, @local}, @time_exceeded={0x2b, 0x0, 0x0, 0x3, 0x0, 0x0, {0x5, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @rand_addr, @local}}}}}}, 0x0)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000600)={r4, 0x5, 0xb68, 0x6, &(0x7f0000000000)='%', 0x0, 0xd01, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x48)
syz_emit_ethernet(0x46, &(0x7f0000000000)={@link_local={0x3}, @multicast, @void, {@ipv4={0x800, @icmp={{0x5, 0x4, 0x0, 0x0, 0x38, 0x0, 0x0, 0x0, 0x1, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}, @local}, @time_exceeded={0x3, 0x4, 0x0, 0x12, 0x0, 0x3f18, {0x5, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, @loopback, @loopback}, "00186371ae9b1c03"}}}}}, 0x0)

2.714580133s ago: executing program 2 (id=1293):
r0 = socket$inet6_sctp(0xa, 0x1, 0x84)
setsockopt(r0, 0x84, 0x81, &(0x7f00000002c0)="1a00000002000000", 0x8)
getsockopt$inet_sctp6_SCTP_AUTH_ACTIVE_KEY(r0, 0x84, 0x18, 0x0, &(0x7f00000000c0))

2.149053845s ago: executing program 2 (id=1294):
syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f0000000200)='./file1\x00', 0x200000, &(0x7f0000000140), 0xfc, 0x560, &(0x7f00000008c0)="$eJzs3d9rW1UcAPDvTdut+6HtYAz1QQp7cDKXrq0/JvgwH0WHA33XkGRlNF1Gk461Dtwe3IsvMgQRB6Lvvvs4/Af8KwY6GDKKPuwlctObLluTNu3StVs+H7jtOffe9Jxv7v2enpubkAAG1kT6IxfxakR8l0SMtW0bjmzjxOp+Kw+uFdMliUbjs3+SSLJ1rf2T7PehrPJKRPzxTcTJ3Pp2a0vLc4VKpbyQ1Sfr85cna0vLpy7OF2bLs+VL0zMzZ96ZmX7/vXf7Fuub5//78dM7H5359vjKD7/dO3IribNxONvWHsdTuN5emYiJ7DkZibNP7DjVh8b2kmS3O8C2DGV5PhLpGDAWQ1nWd9QYe5ZdA3bY12laAwMqkf8woFrzgNa1fZ+ug58b9z9cvQBaH//w6msjMdq8Njq4kjx2ZZRe7473of20jd//vn0rXaJ/r0MAbOr6jYg4PTy8fvxLsvFv+073sM+TbRj/4Nm5k85/3uo0/8mtzX+iw/znUIfc3Y7N8z93rw/NdJXO/z7oOP9du2k1PpTVXmrO+UaSCxcr5XRsezkiTsTI/rS+wf2cL3MrdxvdNrbP/9Ilbb81F8z6cW94/+OPKRXqhacKus39GxGvdZz/JmvHP+lw/NPn43yPbRwr336927bN499ZjV8i3uh4/B/d0Uo2vj852TwfJltnxXr/3jz2Z7f2dzv+9Pgf3Dj+8aT9fm1t6238PPqw3G3bds//fcnnzfK+bN3VQr2+MBWxL/lk/frpR49t1Vv7p/GfOL7x+Nfp/D+QJnaP8d88erN919Gtxb+z0vhLWzr+Wy/c/firn7q139vxf7tZOpGt6WX867WDT/PcAQAAAAAAwF6Ti4jDkeTya+VcLp9ffX/H0TiYq1Rr9ZMXqouXStH8rOx4jORad7rH2t4PMZW9H7ZVn36iPhMRRyLi+6EDzXq+WK2Udjt4AAAAAAAAAAAAAAAAAAAA2CMORYx2+vx/6q+h3e4dsOM2+Mpv4AXXPf+zLf34pidgT/L/HwaX/IfBJf9hcMl/GFzyHwaX/IfBJf9hcG0l/389t4MdAQAAAAAAAAAAAAAAAAAAAAAAAAAAgBfD+XPn0qWx8uBaMa2XriwtzlWvnCqVa3P5+cVivlhduJyfrVZnK+V8sTq/2d+rVKuXp6Zj8epkvVyrT9aWlr+Yry5eethYVR55JlEBAAAAAAAAAAAAAAAAAADA86W2tDxXqFTKCwoK2yoM741uKPS5sNsjEwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA88n8AAAD//75iP7A=")
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='cgroup.controllers\x00', 0x275a, 0x0)
close(r0)

2.063172716s ago: executing program 4 (id=1295):
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000480)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000640)=@newlink={0x48, 0x10, 0x437, 0x3, 0x0, {0x0, 0x0, 0x0, 0x0, 0x4048b}, [@IFLA_LINKINFO={0x28, 0x12, 0x0, 0x1, @sit={{0x8}, {0x1c, 0x2, 0x0, 0x1, [@IFLA_IPTUN_REMOTE={0x8, 0x3, @broadcast}, @IFLA_IPTUN_PMTUDISC={0x5}, @IFLA_IPTUN_FLAGS={0x6, 0x8, 0x3}]}}}]}, 0x48}}, 0x0)
r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r1, 0x4018620d, &(0x7f0000000100))
r2 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000180)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f00000003c0)={0x8, 0x0, &(0x7f0000000340)=[@acquire], 0x0, 0x0, 0x0})
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000de0000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b70300000000000085000000720000"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
r3 = socket$netlink(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000200)={'geneve0\x00', <r4=>0x0})
sendmsg$nl_route(r3, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f00000005c0)=ANY=[@ANYBLOB="bc01000010000300"/20, @ANYRES32=r4, @ANYBLOB="0000000000000000140012800b00010067656e657665"], 0x1bc}, 0x1, 0x2}, 0x0)

1.876285324s ago: executing program 1 (id=1296):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000018c0)=@base={0xa, 0x15, 0x363d, 0x2, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000100), &(0x7f0000000180), 0x3, r0}, 0x38)
bpf$BPF_MAP_LOOKUP_AND_DELETE_ELEM(0x15, &(0x7f0000000380)={r0, &(0x7f0000001940), &(0x7f00000002c0)=""/187, 0x4000000000000000}, 0x20)

1.070557156s ago: executing program 0 (id=1297):
r0 = socket$inet6(0xa, 0x3, 0x7)
setsockopt$inet6_IPV6_FLOWLABEL_MGR(r0, 0x29, 0x20, &(0x7f0000000100)={@loopback, 0x800, 0x0, 0x2000000000903, 0x1}, 0x20)
setsockopt$inet6_int(r0, 0x29, 0x1000000000021, &(0x7f00000005c0)=0x7fff, 0x4)
connect$inet6(r0, &(0x7f0000000000)={0xa, 0x0, 0x380000, @dev, 0x9}, 0x1c)
sendmmsg$alg(r0, &(0x7f0000000240)=[{0x20000000, 0xff00, 0x0, 0x0, &(0x7f0000000600)=ANY=[@ANYBLOB="d80000000000020029"], 0xd8}], 0x1, 0x0)

1.017977662s ago: executing program 4 (id=1298):
syz_open_dev$video(&(0x7f0000000080), 0x8, 0x0)
pipe2(&(0x7f00000000c0)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x2080)
read$FUSE(r0, &(0x7f00000021c0)={0x2020, 0x0, <r2=>0x0, 0x0, 0x0, <r3=>0x0}, 0x2020)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000000), 0xffffffffffffffff)
socket(0xa, 0x2, 0x0)
r4 = socket$kcm(0x10, 0x2, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x5, 0x0, &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
timer_create(0x0, &(0x7f00000003c0)={0x0, 0x17, 0x1, @tid=r3}, &(0x7f0000000400)=<r5=>0x0)
timer_settime(r5, 0x1, &(0x7f0000000440)={{}, {0x0, 0x989680}}, &(0x7f0000000480))
sendmsg$kcm(r4, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000240)=[{0x0}], 0x1}, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000280)=@newtaction={0x98, 0x30, 0x9, 0x0, 0x0, {}, [{0x84, 0x1, [@m_mpls={0x80, 0x1, 0x0, 0x0, {{0x9}, {0x4}, {0x52, 0x4, "4c043d2f9d9726ad481c563f2923d96e24e66023a509f2bcf97ae4e5fd8b9d0ec6f8013d7f5a598edf62c5aa725173089f5acc93e3b4191fc35e2d70776773bfb295b7aa79c808c9eeaf6badd2ef"}, {0xc, 0x7, {0x1}}, {0xc}}}]}]}, 0x98}}, 0x0)
write$FUSE_INIT(r1, &(0x7f0000000600)={0x50, 0x0, r2, {0x7, 0x28, 0x5, 0x920001, 0x6, 0x6, 0x9, 0x80000000}}, 0x50)
socket$nl_netfilter(0x10, 0x3, 0xc)
r6 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r6, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000003c0)={{0x14}, [@NFT_MSG_NEWRULE={0x50, 0x6, 0xa, 0x40b, 0x0, 0x0, {0x1, 0x0, 0x1}, [@NFTA_RULE_EXPRESSIONS={0x24, 0x4, 0x0, 0x1, [{0x20, 0x1, 0x0, 0x1, @ct={{0x7}, @val={0x14, 0x2, 0x0, 0x1, [@NFTA_CT_KEY={0x8, 0x2, 0x1, 0x0, 0xf}, @NFTA_CT_DREG={0x8, 0x1, 0x1, 0x0, 0x2}]}}}]}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_RULE_CHAIN={0x9, 0x2, 'syz2\x00'}]}], {0x14}}, 0x78}}, 0x0)
syz_emit_ethernet(0x36, &(0x7f00000000c0)={@local, @link_local, @void, {@ipv4={0x800, @tcp={{0x5, 0x4, 0x0, 0x0, 0x14, 0x0, 0x0, 0x0, 0x6, 0x0, @remote, @local}, {{0x0, 0x4e22, 0x41424344, 0x41424344, 0x0, 0x6, 0x5, 0xc2}}}}}}, 0x0)
r7 = bpf$MAP_CREATE(0x0, &(0x7f0000000680)=@base={0xf, 0x4, 0x8, 0x80000001, 0x0, 0xffffffffffffffff, 0x8, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x50)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000023c0)={0x0, 0x4, &(0x7f0000000480)=ANY=[@ANYBLOB="1500000000"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x14, &(0x7f00000004c0)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYBLOB="752e2cee796279f840dfc8e4fd2e8a7e2329fa72e7197b4b03661e52b4413362d24a83a1860e65559ad6c087460d979b9f4dacda435eee27128a6b730110847f9357702a3f767c52a850e357e51148fb9436eb600fa3b82f6e794d5cc02d0cee02f88b090a39f44bb1d001c3aa4a35a3c6", @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000001"], 0x0, 0x0, 0x19, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
r8 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r8, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000180)=ANY=[@ANYBLOB="440000001000010400000000000000001a000000", @ANYRES32=0x0, @ANYBLOB="0380000000000000140012800b0001006970766c616e00000400028008000500", @ANYBLOB='\b\x00\n'], 0x44}}, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x14, &(0x7f0000000400)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r7], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x1c, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)

883.297493ms ago: executing program 3 (id=1299):
r0 = socket$inet6_udp(0xa, 0x2, 0x0)
setsockopt$IP6T_SO_SET_REPLACE(r0, 0x29, 0x40, &(0x7f0000000800)=@mangle={'mangle\x00', 0x64, 0x6, 0x528, 0xd0, 0x1a0, 0xd0, 0x270, 0x340, 0x480, 0x480, 0x480, 0x480, 0x480, 0x6, 0x0, {[{{@ipv6={@private0, @private1, [0x0, 0xff000000, 0xffffff00], [], 'veth1\x00', 'veth1_vlan\x00', {}, {}, 0x2b}, 0x0, 0xa8, 0xd0, 0x0, {0x0, 0x3a010000}}, @HL={0x28}}, {{@ipv6={@private1, @loopback, [], [], 'tunl0\x00', 'bridge_slave_1\x00'}, 0x0, 0xa8, 0xd0}, @common=@unspec=@STANDARD={0x28, '\x00', 0x0, 0x1a0}}, {{@ipv6={@private0, @remote, [0x0, 0x0, 0x0, 0xff], [], 'veth0_to_team\x00', 'tunl0\x00', {}, {}, 0x11, 0x0, 0x3, 0x44}, 0x0, 0xa8, 0xd0}, @unspec=@CHECKSUM={0x28}}, {{@uncond, 0x0, 0xa8, 0xd0}, @common=@inet=@SYNPROXY={0x28}}, {{@ipv6={@loopback, @private2, [], [], 'syzkaller1\x00', 'veth0_to_batadv\x00'}, 0x0, 0xd0, 0x118, 0x0, {}, [@inet=@rpfilter={{0x28}, {0xc}}]}, @common=@inet=@TEE={0x48, 'TEE\x00', 0x1, {@ipv4=@initdev={0xac, 0x1e, 0x0, 0x0}, 'vlan0\x00'}}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x588)
sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0)
pipe(&(0x7f0000000140)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
r2 = socket$inet_udp(0x2, 0x2, 0x0)
close(r2)
ioctl$EVIOCSFF(0xffffffffffffffff, 0x40304580, 0x0)
sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0)
write$binfmt_misc(r1, &(0x7f0000000000), 0xfffffecc)
r3 = socket(0x10, 0x3, 0x0)
close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2)
tee(r3, r3, 0xb9, 0xa)
read$msr(0xffffffffffffffff, &(0x7f0000019680)=""/102392, 0x18ff8)
socket$nl_route(0x10, 0x3, 0x0)
r4 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r4, 0x8933, &(0x7f0000000040)={'batadv_slave_1\x00'})
r5 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r5, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000240)=ANY=[@ANYBLOB="1c00000020000f0000f901000000000002"], 0x1c}}, 0x0)

691.163082ms ago: executing program 0 (id=1300):
r0 = socket$nl_route(0x10, 0x3, 0x0) (async)
r1 = socket$packet(0x11, 0x2, 0x300)
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000140)={'syz_tun\x00', <r2=>0x0}) (async)
r3 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
setsockopt$inet6_IPV6_XFRM_POLICY(r3, 0x29, 0x23, &(0x7f00000003c0)={{{@in=@broadcast, @in=@multicast2, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, r2}, {}, {}, 0x0, 0x0, 0x1}, {{@in=@initdev={0xac, 0x1e, 0x0, 0x0}, 0x0, 0x2b}, 0x0, @in6=@private1}}, 0xe8) (async)
getsockopt$PNPIPE_IFINDEX(0xffffffffffffffff, 0x113, 0x2, &(0x7f0000000040)=<r4=>0x0, &(0x7f00000000c0)=0x4)
sendmsg$nl_route(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000200)=@bridge_dellink={0x34, 0x11, 0x634, 0x70bd28, 0x25dfdbfd, {0x7, 0x0, 0x0, r4, 0x4, 0x200}, [@IFLA_PHYS_SWITCH_ID={0x11, 0x24, "5c9b51149908acfd0e23e096eb"}]}, 0x34}, 0x1, 0xd, 0x0, 0x48000}, 0x0)

686.426628ms ago: executing program 1 (id=1301):
r0 = socket$inet6(0xa, 0x3, 0x7)
r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$nl802154(&(0x7f0000000040), 0xffffffffffffffff)
sendmsg$NL802154_CMD_GET_SEC_DEV(r1, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={0x0}}, 0x0)
setsockopt$inet6_int(r0, 0x29, 0x1000000000021, &(0x7f00000005c0)=0x7fff, 0x4)
r2 = syz_io_uring_setup(0x7e3, &(0x7f0000000100)={0x0, 0x7fa6, 0x400, 0x1, 0x28c}, &(0x7f0000000000), &(0x7f0000000180))
syz_io_uring_setup(0x3611, &(0x7f00000001c0)={0x0, 0xa23c, 0x1, 0x0, 0x35e, 0x0, r2}, &(0x7f0000000240), &(0x7f0000000280))
r3 = socket$nl_netfilter(0x10, 0x3, 0xc)
r4 = socket$inet6_sctp(0xa, 0x5, 0x84)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000880)={&(0x7f00000000c0)='sched_switch\x00'}, 0x10)
setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(r4, 0x84, 0x9, &(0x7f00000001c0)={0x0, @in={{0x2, 0x0, @empty}}, 0x0, 0x0, 0x0, 0x0, 0x90}, 0x9c)
setsockopt$inet_sctp6_SCTP_PEER_ADDR_THLDS(r4, 0x84, 0x85, &(0x7f0000000000)={0x0, @in={{0x2, 0x0, @empty}}, 0x0, 0x7ffe}, 0x90)
sendto$inet6(r4, &(0x7f0000000100)="82", 0x1, 0x0, &(0x7f0000000380)={0xa, 0x0, 0x0, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, 0x8}, 0x1c)
sendmsg$IPCTNL_MSG_CT_NEW(r3, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000240)={0x6c, 0x0, 0x1, 0x409, 0x0, 0x0, {0x2}, [@CTA_TUPLE_ORIG={0x24, 0x1, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @multicast2}, {0x8}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TUPLE_REPLY={0x24, 0x2, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @loopback}, {0x8, 0x2, @empty}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TIMEOUT={0x8}, @CTA_MARK={0x8, 0x8, 0x1, 0x0, 0x1}]}, 0x6c}}, 0x0)
sendmmsg$alg(r0, &(0x7f0000001840)=[{0x20000000, 0xff00, 0x0}], 0x1, 0x0)

323.590629ms ago: executing program 0 (id=1302):
r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl802154(&(0x7f0000000040), r0)
r2 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX_802154(r0, 0x8933, &(0x7f00000003c0)={'wpan0\x00', <r3=>0x0})
sendmsg$NL802154_CMD_SET_SEC_PARAMS(r2, &(0x7f0000000540)={0x0, 0x0, &(0x7f0000000500)={&(0x7f0000000280)=ANY=[@ANYBLOB='T\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="01002cbd7000fcdbdf25150000000c00060003000000000000002c002b802000038006000100030000000c0004000201aaaaaaaaaaaa06000100ffff0000080001000000000008000300", @ANYRES32=r3], 0x54}}, 0x48000)
r4 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r4, &(0x7f0000000180)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb(cipher_null)\x00'}, 0x58)
r5 = accept4$alg(r4, 0x0, 0x0, 0x0)
syz_mount_image$hfs(&(0x7f0000000140), &(0x7f0000000040)='./file1\x00', 0x2810880, &(0x7f0000000000)=ANY=[], 0x8b, 0x2a7, &(0x7f0000000180)="$eJzs3U9P1EAYx/HftMuyCGIVjInxYFCiJwN4MV5IDPE1eNGo7JoQNxAVE/Ui8Wx8Ad69+AJ8EZ6MiWc9efIFcKuZ2Vl2yrZbWEIr8ftJFsp2/jzTdtt5miwVgP/WnbWfn27+ti8jxYol3ZYiu+qyGpLO60Lr5eb2xna30x7VUCy15F5GcjXNUJn1zU5eVVvP1fAS+1dDM+F7OB5pmqa/6g4CdWr533Heykia9J/OOCx8ku3E0k7dQdTM7GpXrzRbdxwAgHqZ3vU98tf5GT9/jyJp0V/2w+v/j9M1x3s017Rbdwg1C67/LstKjd2/Z9yqQb7nUji7PupniYftx04em+odWZkJpslmlcPJooslmnqy0e3cWN/qtiO906oXFJuXtKq2z1m9kmgXcrrLaurgrY0w7cYwYcewUhD/XF6n4/dYznw138wDk+ij2nvzv0ZqbPcugmRvT92dGMS/VNTc1rP7rlavVMEoz7pOLmY37MhRxkUZifyWSmNlbxAk2TibubWa2lerN7rlop58O3O5tVZKas3bWp+DWoOjubjmcTMfzD2zoD/6orVg/h/Zrb2o4U9mfiOupD8y+uPJzQ0brmQSvrVzKbfNaLzxYCzv9Vi3NPvi9Zunj7rdzvOqF2wMlXfKQm+hfxD8K/GMt2DPsftXNarpvXnkTdfSoQoPjzRc6J86D9Bg/yRd2mktZyVUbLDTi8u8rTIgVM2ePEwv/wvylSWXItkfyYh5elo2bQtaXM7JDSb3Cp4KWjL+/nxxBjRdnMEdNOe6cl26GrxZknMlOidNjRzrSWLW9F0Puf8PAAAAAAAAAAAAAAAAAABw0lTxbY2gO/6jDwAAAAAAAAAAAAAAAAAAAAAAYyh+/m9Lx/j838z3AHj+L1CPvwEAAP//pAVz+Q==")
sync()
rename(&(0x7f00000003c0)='./file0\x00', &(0x7f0000000f40)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00')
r6 = syz_io_uring_setup(0x24f9, &(0x7f0000000080)={0x0, 0x0, 0x10100}, &(0x7f0000000100)=<r7=>0x0, &(0x7f0000000140)=<r8=>0x0)
r9 = creat(&(0x7f00000002c0)='./bus\x00', 0xc1)
pwritev2(r9, 0x0, 0x1b, 0x6, 0x0, 0x0)
getsockopt$netrom_NETROM_T1(r9, 0x103, 0x1, &(0x7f0000000000), &(0x7f0000000440)=0x4)
syz_io_uring_submit(r7, r8, &(0x7f00000001c0)=@IORING_OP_POLL_ADD={0x6, 0x0, 0x0, @fd=r5, 0x0, 0x0, 0x0, {0x1312}, 0x1})
io_uring_enter(r6, 0xa3d, 0x0, 0x0, 0x0, 0x0)

274.940309ms ago: executing program 4 (id=1303):
r0 = socket$inet6_udp(0xa, 0x2, 0x0)
setsockopt$IP6T_SO_SET_REPLACE(r0, 0x29, 0x40, &(0x7f0000000800)=@mangle={'mangle\x00', 0x64, 0x6, 0x528, 0xd0, 0x1a0, 0xd0, 0x270, 0x340, 0x480, 0x480, 0x480, 0x480, 0x480, 0x6, 0x0, {[{{@ipv6={@private0, @private1, [0x0, 0xff000000, 0xffffff00], [], 'veth1\x00', 'veth1_vlan\x00', {}, {}, 0x2b}, 0x0, 0xa8, 0xd0, 0x0, {0x0, 0x3a010000}}, @HL={0x28}}, {{@ipv6={@private1, @loopback, [], [], 'tunl0\x00', 'bridge_slave_1\x00'}, 0x0, 0xa8, 0xd0}, @common=@unspec=@STANDARD={0x28, '\x00', 0x0, 0x1a0}}, {{@ipv6={@private0, @remote, [0x0, 0x0, 0x0, 0xff], [], 'veth0_to_team\x00', 'tunl0\x00', {}, {}, 0x11, 0x0, 0x3, 0x44}, 0x0, 0xa8, 0xd0}, @unspec=@CHECKSUM={0x28}}, {{@uncond, 0x0, 0xa8, 0xd0}, @common=@inet=@SYNPROXY={0x28}}, {{@ipv6={@loopback, @private2, [], [], 'syzkaller1\x00', 'veth0_to_batadv\x00'}, 0x0, 0xd0, 0x118, 0x0, {}, [@inet=@rpfilter={{0x28}, {0xc}}]}, @common=@inet=@TEE={0x48, 'TEE\x00', 0x1, {@ipv4=@initdev={0xac, 0x1e, 0x0, 0x0}, 'vlan0\x00'}}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x588)
sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0)
pipe(&(0x7f0000000140)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
r2 = socket$inet_udp(0x2, 0x2, 0x0)
close(r2)
ioctl$EVIOCSFF(0xffffffffffffffff, 0x40304580, 0x0)
sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0)
write$binfmt_misc(r1, &(0x7f0000000000), 0xfffffecc)
r3 = socket(0x10, 0x3, 0x0)
close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2)
tee(r3, r3, 0xb9, 0xa)
read$msr(0xffffffffffffffff, &(0x7f0000019680)=""/102392, 0x18ff8)
r4 = socket$nl_route(0x10, 0x3, 0x0)
r5 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r5, 0x8933, &(0x7f0000000040)={'batadv_slave_1\x00'})
sendmsg$nl_route(r4, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000000)=ANY=[@ANYBLOB="3000000014000905000000000000000002190000", @ANYBLOB="08000200ac1414aa08"], 0x30}}, 0x0)
r6 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r6, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000240)=ANY=[@ANYBLOB="1c00000020000f0000f901000000000002"], 0x1c}}, 0x0)

0s ago: executing program 2 (id=1304):
r0 = socket$inet6_sctp(0xa, 0x1, 0x84)
setsockopt(r0, 0x84, 0x81, &(0x7f00000002c0)="1a00000002000000", 0x8)
getsockopt$inet_sctp6_SCTP_AUTH_ACTIVE_KEY(r0, 0x84, 0x18, 0x0, &(0x7f00000000c0))

kernel console output (not intermixed with test programs):

e
[  644.925817][ T4263] veth0_vlan: left promiscuous mode
[  645.254151][ T5193] Bluetooth: hci3: command tx timeout
[  645.572389][ T4263] team0 (unregistering): Port device team_slave_1 removed
[  645.574868][ T5193] Bluetooth: hci7: command tx timeout
[  645.622465][ T4263] team0 (unregistering): Port device team_slave_0 removed
[  645.739982][ T5193] Bluetooth: hci5: command tx timeout
[  645.941999][ T8820] chnl_net:caif_netlink_parms(): no params data found
[  646.311051][ T5193] Bluetooth: hci6: command tx timeout
[  646.854287][ T8819] bridge0: port 1(bridge_slave_0) entered blocking state
[  646.862095][ T8819] bridge0: port 1(bridge_slave_0) entered disabled state
[  646.870295][ T8819] bridge_slave_0: entered allmulticast mode
[  646.880242][ T8819] bridge_slave_0: entered promiscuous mode
[  646.917760][ T8819] bridge0: port 2(bridge_slave_1) entered blocking state
[  646.925767][ T8819] bridge0: port 2(bridge_slave_1) entered disabled state
[  646.933868][ T8819] bridge_slave_1: entered allmulticast mode
[  646.945735][ T8819] bridge_slave_1: entered promiscuous mode
[  647.010565][ T8824] bridge0: port 1(bridge_slave_0) entered blocking state
[  647.025315][ T8824] bridge0: port 1(bridge_slave_0) entered disabled state
[  647.033340][ T8824] bridge_slave_0: entered allmulticast mode
[  647.050148][ T8824] bridge_slave_0: entered promiscuous mode
[  647.214706][ T8824] bridge0: port 2(bridge_slave_1) entered blocking state
[  647.222514][ T8824] bridge0: port 2(bridge_slave_1) entered disabled state
[  647.231541][ T8824] bridge_slave_1: entered allmulticast mode
[  647.241172][ T8824] bridge_slave_1: entered promiscuous mode
[  647.349730][ T5193] Bluetooth: hci3: command tx timeout
[  647.534139][ T8819] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  647.551526][ T4263] netdevsim netdevsim2 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  647.580250][ T8824] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  647.655579][ T5193] Bluetooth: hci7: command tx timeout
[  647.709038][ T8819] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  647.736675][ T4263] netdevsim netdevsim2 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  647.760703][ T8824] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  647.813282][ T8826] bridge0: port 1(bridge_slave_0) entered blocking state
[  647.820933][ T5193] Bluetooth: hci5: command tx timeout
[  647.821456][ T8826] bridge0: port 1(bridge_slave_0) entered disabled state
[  647.834879][ T8826] bridge_slave_0: entered allmulticast mode
[  647.846313][ T8826] bridge_slave_0: entered promiscuous mode
[  647.866038][ T8820] bridge0: port 1(bridge_slave_0) entered blocking state
[  647.874088][ T8820] bridge0: port 1(bridge_slave_0) entered disabled state
[  647.882030][ T8820] bridge_slave_0: entered allmulticast mode
[  647.893430][ T8820] bridge_slave_0: entered promiscuous mode
[  647.997752][ T4263] netdevsim netdevsim2 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  648.053413][ T8826] bridge0: port 2(bridge_slave_1) entered blocking state
[  648.061610][ T8826] bridge0: port 2(bridge_slave_1) entered disabled state
[  648.071835][ T8826] bridge_slave_1: entered allmulticast mode
[  648.081558][ T8826] bridge_slave_1: entered promiscuous mode
[  648.092148][ T8820] bridge0: port 2(bridge_slave_1) entered blocking state
[  648.104196][ T8820] bridge0: port 2(bridge_slave_1) entered disabled state
[  648.116142][ T8820] bridge_slave_1: entered allmulticast mode
[  648.129027][ T8820] bridge_slave_1: entered promiscuous mode
[  648.148520][ T4263] netdevsim netdevsim2 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  648.183327][ T8819] team0: Port device team_slave_0 added
[  648.201685][ T8824] team0: Port device team_slave_0 added
[  648.374270][ T5193] Bluetooth: hci6: command tx timeout
[  648.411625][ T8819] team0: Port device team_slave_1 added
[  648.430455][ T8824] team0: Port device team_slave_1 added
[  648.493007][ T8826] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  648.565861][ T8824] batman_adv: batadv0: Adding interface: batadv_slave_0
[  648.573097][ T8824] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  648.600034][ T8824] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  648.657966][ T8820] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  648.719748][ T8826] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  648.773263][ T8824] batman_adv: batadv0: Adding interface: batadv_slave_1
[  648.780755][ T8824] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  648.807328][ T8824] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  648.911553][ T8820] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  648.969760][ T8819] batman_adv: batadv0: Adding interface: batadv_slave_0
[  648.977382][ T8819] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  649.005570][ T8819] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  649.357538][ T8826] team0: Port device team_slave_0 added
[  649.368627][ T8819] batman_adv: batadv0: Adding interface: batadv_slave_1
[  649.376090][ T8819] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  649.404558][ T8819] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  649.416261][ T5193] Bluetooth: hci3: command tx timeout
[  649.457186][ T4263] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  649.471487][ T8762] netdevsim netdevsim0 netdevsim0: renamed from eth0
[  649.510590][ T8824] hsr_slave_0: entered promiscuous mode
[  649.525826][ T8824] hsr_slave_1: entered promiscuous mode
[  649.535904][ T8824] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  649.545066][ T8824] Cannot create hsr debugfs directory
[  649.596933][ T8826] team0: Port device team_slave_1 added
[  649.659889][ T8762] netdevsim netdevsim0 netdevsim1: renamed from eth1
[  649.706931][ T4263] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  649.730478][ T8820] team0: Port device team_slave_0 added
[  649.833250][ T8762] netdevsim netdevsim0 netdevsim2: renamed from eth2
[  649.863524][ T8762] netdevsim netdevsim0 netdevsim3: renamed from eth3
[  649.893450][ T8820] team0: Port device team_slave_1 added
[  649.936974][ T4263] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  650.008611][ T8826] batman_adv: batadv0: Adding interface: batadv_slave_0
[  650.018774][ T8826] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  650.046279][ T8826] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  650.214744][ T8826] batman_adv: batadv0: Adding interface: batadv_slave_1
[  650.224131][ T8826] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  650.250621][ T8826] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  650.281026][ T4263] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  650.313218][ T8819] hsr_slave_0: entered promiscuous mode
[  650.338951][ T8819] hsr_slave_1: entered promiscuous mode
[  650.349828][ T8819] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  650.357912][ T8819] Cannot create hsr debugfs directory
[  650.450446][ T8820] batman_adv: batadv0: Adding interface: batadv_slave_0
[  650.457938][ T8820] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  650.486652][ T8820] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  650.691098][ T8820] batman_adv: batadv0: Adding interface: batadv_slave_1
[  650.699484][ T8820] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  650.727061][ T8820] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  650.908006][ T8826] hsr_slave_0: entered promiscuous mode
[  650.921552][ T8826] hsr_slave_1: entered promiscuous mode
[  650.931530][ T8826] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  650.939628][ T8826] Cannot create hsr debugfs directory
[  651.397071][ T8820] hsr_slave_0: entered promiscuous mode
[  651.419220][ T8820] hsr_slave_1: entered promiscuous mode
[  651.429244][ T8820] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  651.437816][ T8820] Cannot create hsr debugfs directory
[  651.545544][ T4263] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  651.781292][ T4263] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  652.005549][ T4263] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  652.190315][ T4263] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  652.854585][ T4263] bridge_slave_1: left allmulticast mode
[  652.860648][ T4263] bridge_slave_1: left promiscuous mode
[  652.867701][ T4263] bridge0: port 2(bridge_slave_1) entered disabled state
[  652.889475][ T4263] bridge_slave_1: left allmulticast mode
[  652.895809][ T4263] bridge_slave_1: left promiscuous mode
[  652.902532][ T4263] bridge0: port 2(bridge_slave_1) entered disabled state
[  652.919812][ T4263] bridge_slave_0: left allmulticast mode
[  652.927745][ T4263] bridge_slave_0: left promiscuous mode
[  652.934800][ T4263] bridge0: port 1(bridge_slave_0) entered disabled state
[  652.959881][ T4263] bridge_slave_1: left allmulticast mode
[  652.966895][ T4263] bridge_slave_1: left promiscuous mode
[  652.973321][ T4263] bridge0: port 2(bridge_slave_1) entered disabled state
[  653.550910][ T4263] ip6gretap0 (unregistering): left promiscuous mode
[  654.449421][ T4263] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  654.477428][ T4263] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  654.496764][ T4263] bond0 (unregistering): Released all slaves
[  654.526226][ T4263] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  654.548979][ T4263] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  654.580305][ T4263] bond0 (unregistering): Released all slaves
[  654.606242][ T4263] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  654.631939][ T4263] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  654.660054][ T4263] bond0 (unregistering): Released all slaves
[  655.192598][ T8762] 8021q: adding VLAN 0 to HW filter on device bond0
[  655.410265][ T8762] 8021q: adding VLAN 0 to HW filter on device team0
[  655.472270][ T3410] bridge0: port 1(bridge_slave_0) entered blocking state
[  655.480120][ T3410] bridge0: port 1(bridge_slave_0) entered forwarding state
[  655.567629][ T3410] bridge0: port 2(bridge_slave_1) entered blocking state
[  655.575501][ T3410] bridge0: port 2(bridge_slave_1) entered forwarding state
[  656.185622][ T8826] netdevsim netdevsim4 netdevsim0: renamed from eth0
[  656.277292][ T8826] netdevsim netdevsim4 netdevsim1: renamed from eth1
[  656.408792][ T8826] netdevsim netdevsim4 netdevsim2: renamed from eth2
[  656.554772][ T8826] netdevsim netdevsim4 netdevsim3: renamed from eth3
[  656.674010][ T4263] batadv_slave_0: left promiscuous mode
[  656.766097][ T4263] hsr_slave_0: left promiscuous mode
[  656.806954][ T4263] hsr_slave_1: left promiscuous mode
[  656.826441][ T4263] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  656.836545][ T4263] batman_adv: batadv0: Removing interface: batadv_slave_0
[  656.855144][ T4263] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  656.863023][ T4263] batman_adv: batadv0: Removing interface: batadv_slave_1
[  656.907651][ T4263] hsr_slave_0: left promiscuous mode
[  656.926147][ T4263] hsr_slave_1: left promiscuous mode
[  656.968768][ T4263] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  656.976977][ T4263] batman_adv: batadv0: Removing interface: batadv_slave_0
[  656.990164][ T4263] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  656.998272][ T4263] batman_adv: batadv0: Removing interface: batadv_slave_1
[  657.023545][ T4263] hsr_slave_0: left promiscuous mode
[  657.032029][ T4263] hsr_slave_1: left promiscuous mode
[  657.049129][ T4263] batman_adv: batadv0: Removing interface: batadv_slave_0
[  657.065848][ T4263] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  657.074302][ T4263] batman_adv: batadv0: Removing interface: batadv_slave_1
[  657.113068][ T4263] veth1_macvtap: left promiscuous mode
[  657.118998][ T4263] veth0_macvtap: left promiscuous mode
[  657.126431][ T4263] veth1_vlan: left promiscuous mode
[  657.132091][ T4263] veth0_vlan: left promiscuous mode
[  657.140562][ T4263] veth1_macvtap: left promiscuous mode
[  657.146486][ T4263] veth0_macvtap: left promiscuous mode
[  657.152332][ T4263] veth1_vlan: left promiscuous mode
[  657.158116][ T4263] veth0_vlan: left promiscuous mode
[  657.166775][ T4263] veth1_macvtap: left promiscuous mode
[  657.172551][ T4263] veth0_macvtap: left promiscuous mode
[  657.178740][ T4263] veth1_vlan: left promiscuous mode
[  657.185795][ T4263] veth0_vlan: left promiscuous mode
[  658.502060][ T4263] team0 (unregistering): Port device team_slave_1 removed
[  658.530885][ T4263] team0 (unregistering): Port device team_slave_0 removed
[  659.174174][ T4263] team0 (unregistering): Port device team_slave_1 removed
[  659.199967][ T4263] team0 (unregistering): Port device team_slave_0 removed
[  659.437283][ T1243] ieee802154 phy0 wpan0: encryption failed: -22
[  659.444321][ T1243] ieee802154 phy1 wpan1: encryption failed: -22
[  659.918807][ T4263] team0 (unregistering): Port device team_slave_1 removed
[  660.097670][ T4263] team0 (unregistering): Port device team_slave_0 removed
[  660.634451][ T8820] netdevsim netdevsim1 netdevsim0: renamed from eth0
[  660.751818][ T8820] netdevsim netdevsim1 netdevsim1: renamed from eth1
[  660.914528][ T8820] netdevsim netdevsim1 netdevsim2: renamed from eth2
[  660.939842][ T8819] netdevsim netdevsim2 netdevsim0: renamed from eth0
[  661.064800][ T8819] netdevsim netdevsim2 netdevsim1: renamed from eth1
[  661.250449][ T8820] netdevsim netdevsim1 netdevsim3: renamed from eth3
[  661.280909][ T8824] netdevsim netdevsim3 netdevsim0: renamed from eth0
[  661.304565][ T8819] netdevsim netdevsim2 netdevsim2: renamed from eth2
[  661.335108][ T8819] netdevsim netdevsim2 netdevsim3: renamed from eth3
[  661.371826][ T8762] 8021q: adding VLAN 0 to HW filter on device batadv0
[  661.394343][ T8824] netdevsim netdevsim3 netdevsim1: renamed from eth1
[  661.586787][ T8824] netdevsim netdevsim3 netdevsim2: renamed from eth2
[  661.645895][ T8824] netdevsim netdevsim3 netdevsim3: renamed from eth3
[  662.212895][ T8762] veth0_vlan: entered promiscuous mode
[  662.381024][ T8826] 8021q: adding VLAN 0 to HW filter on device bond0
[  662.422750][ T8762] veth1_vlan: entered promiscuous mode
[  662.724391][ T8826] 8021q: adding VLAN 0 to HW filter on device team0
[  662.804879][ T3087] bridge0: port 1(bridge_slave_0) entered blocking state
[  662.812713][ T3087] bridge0: port 1(bridge_slave_0) entered forwarding state
[  662.896281][ T3087] bridge0: port 2(bridge_slave_1) entered blocking state
[  662.904140][ T3087] bridge0: port 2(bridge_slave_1) entered forwarding state
[  662.953535][ T8762] veth0_macvtap: entered promiscuous mode
[  663.039626][ T8820] 8021q: adding VLAN 0 to HW filter on device bond0
[  663.087234][ T8762] veth1_macvtap: entered promiscuous mode
[  663.271503][ T8820] 8021q: adding VLAN 0 to HW filter on device team0
[  663.310229][ T8819] 8021q: adding VLAN 0 to HW filter on device bond0
[  663.398079][ T3087] bridge0: port 1(bridge_slave_0) entered blocking state
[  663.405962][ T3087] bridge0: port 1(bridge_slave_0) entered forwarding state
[  663.463094][ T8762] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  663.475198][ T8762] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  663.494317][ T8762] batman_adv: batadv0: Interface activated: batadv_slave_0
[  663.593824][ T3087] bridge0: port 2(bridge_slave_1) entered blocking state
[  663.601591][ T3087] bridge0: port 2(bridge_slave_1) entered forwarding state
[  663.662767][ T8819] 8021q: adding VLAN 0 to HW filter on device team0
[  663.693019][ T8762] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  663.703900][ T8762] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  663.720366][ T8762] batman_adv: batadv0: Interface activated: batadv_slave_1
[  663.841196][ T3087] bridge0: port 1(bridge_slave_0) entered blocking state
[  663.849071][ T3087] bridge0: port 1(bridge_slave_0) entered forwarding state
[  663.865817][ T3087] bridge0: port 2(bridge_slave_1) entered blocking state
[  663.873755][ T3087] bridge0: port 2(bridge_slave_1) entered forwarding state
[  663.999170][ T8824] 8021q: adding VLAN 0 to HW filter on device bond0
[  664.015081][ T8762] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  664.027600][ T8762] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  664.036848][ T8762] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  664.047287][ T8762] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  664.340374][ T8820] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[  664.423492][ T8824] 8021q: adding VLAN 0 to HW filter on device team0
[  664.641122][ T3087] bridge0: port 1(bridge_slave_0) entered blocking state
[  664.649023][ T3087] bridge0: port 1(bridge_slave_0) entered forwarding state
[  664.669116][ T3087] bridge0: port 2(bridge_slave_1) entered blocking state
[  664.677011][ T3087] bridge0: port 2(bridge_slave_1) entered forwarding state
[  665.784832][ T4263] wlan1: No active IBSS STAs - trying to scan for other IBSS networks with same SSID (merge)
[  665.986658][ T8826] 8021q: adding VLAN 0 to HW filter on device batadv0
[  666.826079][ T8820] 8021q: adding VLAN 0 to HW filter on device batadv0
[  666.878621][ T8819] 8021q: adding VLAN 0 to HW filter on device batadv0
[  667.452471][ T8820] veth0_vlan: entered promiscuous mode
[  667.521104][ T8824] 8021q: adding VLAN 0 to HW filter on device batadv0
[  667.651676][ T8820] veth1_vlan: entered promiscuous mode
[  667.683735][ T8819] veth0_vlan: entered promiscuous mode
[  667.858043][ T8819] veth1_vlan: entered promiscuous mode
[  668.122922][ T8820] veth0_macvtap: entered promiscuous mode
[  668.231671][ T8820] veth1_macvtap: entered promiscuous mode
[  668.250570][ T8824] veth0_vlan: entered promiscuous mode
[  668.403839][ T8819] veth0_macvtap: entered promiscuous mode
[  668.418405][ T8824] veth1_vlan: entered promiscuous mode
[  668.525876][ T8819] veth1_macvtap: entered promiscuous mode
[  668.574158][ T8820] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  668.585073][ T8820] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  668.595398][ T8820] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  668.606236][ T8820] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  668.621933][ T8820] batman_adv: batadv0: Interface activated: batadv_slave_0
[  668.776272][ T8820] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  668.787189][ T8820] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  668.799985][ T8820] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  668.813188][ T8820] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  668.829117][ T8820] batman_adv: batadv0: Interface activated: batadv_slave_1
[  668.933378][ T8824] veth0_macvtap: entered promiscuous mode
[  668.986780][ T8819] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  668.997809][ T8819] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  669.008098][ T8819] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  669.022964][ T8819] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  669.035294][ T8819] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  669.046331][ T8819] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  669.063354][ T8819] batman_adv: batadv0: Interface activated: batadv_slave_0
[  669.163462][ T8820] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  669.175258][ T8820] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  669.185123][ T8820] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  669.194416][ T8820] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  669.220940][ T8824] veth1_macvtap: entered promiscuous mode
[  669.377669][ T8819] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  669.390053][ T8819] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  669.400350][ T8819] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  669.411199][ T8819] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  669.423110][ T8819] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  669.436887][ T8819] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  669.452931][ T8819] batman_adv: batadv0: Interface activated: batadv_slave_1
[  669.579994][ T8824] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  669.593098][ T8824] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  669.603507][ T8824] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  669.615609][ T8824] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  669.626435][ T8824] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  669.637395][ T8824] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  669.647633][ T8824] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  669.661784][ T8824] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  669.678236][ T8824] batman_adv: batadv0: Interface activated: batadv_slave_0
[  669.691593][ T8819] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  669.700902][ T8819] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  669.710206][ T8819] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  669.719516][ T8819] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  669.836641][ T8826] veth0_vlan: entered promiscuous mode
[  669.944306][ T8824] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  669.956507][ T8824] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  669.966831][ T8824] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  669.980066][ T8824] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  669.991925][ T8824] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  670.002989][ T8824] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  670.013335][ T8824] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  670.026273][ T8824] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  670.042377][ T8824] batman_adv: batadv0: Interface activated: batadv_slave_1
[  670.158562][ T8826] veth1_vlan: entered promiscuous mode
[  670.408649][ T8824] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  670.418890][ T8824] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  670.428262][ T8824] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  670.438706][ T8824] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  670.848402][ T8826] veth0_macvtap: entered promiscuous mode
[  670.989461][ T8826] veth1_macvtap: entered promiscuous mode
[  671.290124][ T8826] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  671.301534][ T8826] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  671.312011][ T8826] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  671.322953][ T8826] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  671.333311][ T8826] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  671.344367][ T8826] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  671.354667][ T8826] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  671.366689][ T8826] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  671.377262][ T8826] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  671.388608][ T8826] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  671.404559][ T8826] batman_adv: batadv0: Interface activated: batadv_slave_0
[  671.701459][ T8826] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  671.712470][ T8826] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  671.723923][ T8826] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  671.736044][ T8826] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  671.746919][ T8826] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  671.757895][ T8826] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  671.768160][ T8826] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  671.779065][ T8826] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  671.790198][ T8826] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  671.801066][ T8826] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  671.822173][ T8826] batman_adv: batadv0: Interface activated: batadv_slave_1
[  672.004496][ T8826] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  672.014085][ T8826] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  672.023236][ T8826] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  672.033849][ T8826] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  672.955460][ T4551] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  672.963832][ T4551] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  673.238745][ T3410] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  673.248124][ T3410] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  673.961696][ T8939] IPv6: sit1: Disabled Multicast RS
[  674.077129][ T8941] netlink: 392 bytes leftover after parsing attributes in process `syz.0.922'.
[  674.086756][ T8941] netlink: 4 bytes leftover after parsing attributes in process `syz.0.922'.
[  677.215923][ T4551] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  677.225884][ T4551] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  677.385045][   T29] audit: type=1800 audit(1728973975.056:92): pid=8982 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.0.947" name="SYSV00000000" dev="hugetlbfs" ino=1 res=0 errno=0
[  677.497269][ T2568] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  677.506058][ T2568] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  677.869406][ T4263] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  677.878094][ T4263] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  678.244335][ T2568] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  678.252557][ T2568] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  678.435958][ T2568] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  678.444526][ T2568] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  678.677699][ T3513] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  678.686938][ T3513] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  679.182338][   T29] audit: type=1326 audit(1728973976.916:93): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8993 comm="syz.0.948" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4e6c77dff9 code=0x7ffc0000
[  679.294194][   T29] audit: type=1326 audit(1728973976.946:94): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8993 comm="syz.0.948" exe="/root/syz-executor" sig=0 arch=c000003e syscall=31 compat=0 ip=0x7f4e6c77dff9 code=0x7ffc0000
[  679.318181][   T29] audit: type=1326 audit(1728973976.946:95): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8993 comm="syz.0.948" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4e6c77dff9 code=0x7ffc0000
[  679.343420][   T29] audit: type=1326 audit(1728973976.956:96): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8993 comm="syz.0.948" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7f4e6c77dff9 code=0x7ffc0000
[  679.371909][   T29] audit: type=1326 audit(1728973976.956:97): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8993 comm="syz.0.948" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4e6c77dff9 code=0x7ffc0000
[  679.394861][   T29] audit: type=1326 audit(1728973977.026:98): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8993 comm="syz.0.948" exe="/root/syz-executor" sig=0 arch=c000003e syscall=157 compat=0 ip=0x7f4e6c77dff9 code=0x7ffc0000
[  679.417607][   T29] audit: type=1326 audit(1728973977.026:99): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8993 comm="syz.0.948" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4e6c77dff9 code=0x7ffc0000
[  679.440349][   T29] audit: type=1326 audit(1728973977.026:100): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8993 comm="syz.0.948" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4e6c77dff9 code=0x7ffc0000
[  679.939308][ T2568] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  679.948297][ T2568] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  679.995967][ T8999] loop2: detected capacity change from 0 to 2048
[  680.118916][ T9008] FAULT_INJECTION: forcing a failure.
[  680.118916][ T9008] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  680.132733][ T9008] CPU: 0 UID: 0 PID: 9008 Comm: syz.1.950 Tainted: G        W          6.12.0-rc3-syzkaller-00013-geca631b8fe80 #0
[  680.145221][ T9008] Tainted: [W]=WARN
[  680.149321][ T9008] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
[  680.159689][ T9008] Call Trace:
[  680.163220][ T9008]  <TASK>
[  680.166391][ T9008]  dump_stack_lvl+0x216/0x2d0
[  680.171466][ T9008]  dump_stack+0x1e/0x30
[  680.175992][ T9008]  should_fail_ex+0x748/0x7f0
[  680.181056][ T9008]  should_fail+0x2a/0x40
[  680.185676][ T9008]  should_fail_usercopy+0x2e/0x40
[  680.191097][ T9008]  _copy_from_user+0x33/0x160
[  680.196322][ T9008]  ____sys_sendmsg+0x4b7/0xb60
[  680.201488][ T9008]  ___sys_sendmsg+0x28d/0x3c0
[  680.206521][ T9008]  ? kmsan_get_metadata+0x13e/0x1c0
[  680.212138][ T9008]  ? __rcu_read_unlock+0x7b/0xe0
[  680.217471][ T9008]  ? __fget_files+0x4f5/0x5c0
[  680.222555][ T9008]  ? kmsan_get_metadata+0x13e/0x1c0
[  680.228111][ T9008]  ? kmsan_get_shadow_origin_ptr+0x4d/0xb0
[  680.234326][ T9008]  __x64_sys_sendmsg+0x300/0x4a0
[  680.239735][ T9008]  ? perf_mmap+0x1101/0x28d0
[  680.244716][ T9008]  x64_sys_call+0x2da0/0x3ba0
[  680.249780][ T9008]  do_syscall_64+0xcd/0x1e0
[  680.254666][ T9008]  ? clear_bhb_loop+0x25/0x80
[  680.259700][ T9008]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  680.266024][ T9008] RIP: 0033:0x7f98d2f7dff9
[  680.270748][ T9008] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  680.290738][ T9008] RSP: 002b:00007f98d3e61038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  680.299553][ T9008] RAX: ffffffffffffffda RBX: 00007f98d3135f80 RCX: 00007f98d2f7dff9
[  680.307854][ T9008] RDX: 0000000000000000 RSI: 0000000020001b00 RDI: 0000000000000004
[  680.316139][ T9008] RBP: 00007f98d3e61090 R08: 0000000000000000 R09: 0000000000000000
[  680.324459][ T9008] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  680.332836][ T9008] R13: 0000000000000000 R14: 00007f98d3135f80 R15: 00007ffe0c897008
[  680.341143][ T9008]  </TASK>
[  680.442439][ T2568] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  680.450765][ T2568] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  680.627077][ T8999] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  680.940138][ T9013] loop3: detected capacity change from 0 to 512
[  681.166763][ T9013] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  681.186120][ T9013] ext4 filesystem being mounted at /1/bus supports timestamps until 2038-01-19 (0x7fffffff)
[  681.322587][ T8819] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  681.475365][    T8] usb 2-1: new high-speed USB device number 19 using dummy_hcd
[  681.663094][ T9021] netlink: 44 bytes leftover after parsing attributes in process `syz.4.945'.
[  681.696508][    T8] usb 2-1: config 0 has an invalid interface number: 186 but max is 0
[  681.709813][    T8] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  681.721993][    T8] usb 2-1: config 0 has no interface number 0
[  681.728618][    T8] usb 2-1: config 0 interface 186 altsetting 0 has an invalid descriptor for endpoint zero, skipping
[  681.740087][    T8] usb 2-1: config 0 interface 186 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[  681.929593][    T8] usb 2-1: New USB device found, idVendor=05ac, idProduct=8600, bcdDevice=d0.28
[  681.939309][    T8] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  681.947905][    T8] usb 2-1: Product: syz
[  681.952371][    T8] usb 2-1: Manufacturer: syz
[  681.957628][    T8] usb 2-1: SerialNumber: syz
[  681.977782][    T8] usb 2-1: config 0 descriptor??
[  682.783058][    T8] usb 2-1: Found UVC 0.00 device syz (05ac:8600)
[  682.789990][    T8] usb 2-1: No valid video chain found.
[  682.878724][    T8] usb 2-1: USB disconnect, device number 19
[  682.914670][ T8824] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  683.731555][ T9044] IPv6: sit1: Disabled Multicast RS
[  683.796285][ T9044] netlink: 392 bytes leftover after parsing attributes in process `syz.4.961'.
[  683.807411][ T9044] netlink: 4 bytes leftover after parsing attributes in process `syz.4.961'.
[  683.945194][ T9045] loop0: detected capacity change from 0 to 1024
[  683.979356][ T9042] loop2: detected capacity change from 0 to 256
[  684.040219][ T9045] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  684.058862][ T9045] ext4 filesystem being mounted at /6/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  684.178603][ T9042] exFAT-fs (loop2): failed to load upcase table (idx : 0x0000fd4f, chksum : 0x3963664b, utbl_chksum : 0xe619d30d)
[  684.526244][ T5588] usb 1-1: new high-speed USB device number 21 using dummy_hcd
[  684.603356][ T9054] netlink: 44 bytes leftover after parsing attributes in process `syz.4.963'.
[  685.361827][ T5588] usb 1-1: New USB device found, idVendor=0cf3, idProduct=9271, bcdDevice= 1.08
[  685.371495][ T5588] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  685.380168][ T5588] usb 1-1: Product: syz
[  685.389460][ T5588] usb 1-1: Manufacturer: syz
[  685.395861][ T5588] usb 1-1: SerialNumber: syz
[  685.581843][ T5588] usb 1-1: ath9k_htc: Firmware ath9k_htc/htc_9271-1.4.0.fw requested
[  685.609264][ T9062] loop2: detected capacity change from 0 to 1024
[  685.756260][ T9062] [EXT4 FS bs=1024, gc=1, bpg=131072, ipg=32, mo=a040c118, mo2=0002]
[  685.900087][ T9062] System zones: 0-1, 3-12
[  686.043401][ T9062] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  686.561417][    T8] usb 1-1: ath9k_htc: Transferred FW: ath9k_htc/htc_9271-1.4.0.fw, size: 51008
[  686.681651][ T8819] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  687.978917][ T9081] netlink: 392 bytes leftover after parsing attributes in process `syz.4.973'.
[  687.980583][    T8] ath9k_htc 1-1:1.0: ath9k_htc: Target is unresponsive
[  687.988659][ T9081] netlink: 4 bytes leftover after parsing attributes in process `syz.4.973'.
[  688.036027][    T8] ath9k_htc: Failed to initialize the device
[  688.042506][ T5588] usb 1-1: USB disconnect, device number 21
[  688.055782][   T44] usb 2-1: new high-speed USB device number 20 using dummy_hcd
[  688.140587][ T8762] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  688.514740][ T5588] usb 1-1: ath9k_htc: USB layer deinitialized
[  689.241228][ T9083] loop3: detected capacity change from 0 to 256
[  689.489259][ T9090] netlink: 44 bytes leftover after parsing attributes in process `syz.2.977'.
[  689.670833][ T9083] exFAT-fs (loop3): failed to load upcase table (idx : 0x0000fd4f, chksum : 0x3963664b, utbl_chksum : 0xe619d30d)
[  691.895198][ T9100] loop4: detected capacity change from 0 to 1024
[  692.200777][ T9100] [EXT4 FS bs=1024, gc=1, bpg=131072, ipg=32, mo=a040c118, mo2=0002]
[  692.397481][ T9100] System zones: 0-1, 3-12
[  692.466304][ T9100] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  693.553381][ T9110] loop2: detected capacity change from 0 to 1024
[  693.569425][ T8826] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  693.849211][ T9116] IPv6: sit1: Disabled Multicast RS
[  693.907049][ T9110] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  693.920097][ T9110] ext4 filesystem being mounted at /9/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  694.111698][ T9116] netlink: 392 bytes leftover after parsing attributes in process `syz.1.986'.
[  694.121423][ T9116] netlink: 4 bytes leftover after parsing attributes in process `syz.1.986'.
[  694.814105][ T8863] usb 3-1: new high-speed USB device number 23 using dummy_hcd
[  695.185849][ T8863] usb 3-1: New USB device found, idVendor=0cf3, idProduct=9271, bcdDevice= 1.08
[  695.195752][ T8863] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  695.204376][ T8863] usb 3-1: Product: syz
[  695.208931][ T8863] usb 3-1: Manufacturer: syz
[  695.218528][ T8863] usb 3-1: SerialNumber: syz
[  695.249140][ T9123] netlink: 44 bytes leftover after parsing attributes in process `syz.1.989'.
[  695.375467][ T8863] usb 3-1: ath9k_htc: Firmware ath9k_htc/htc_9271-1.4.0.fw requested
[  695.517831][ T8863] usb 3-1: ath9k_htc: Transferred FW: ath9k_htc/htc_9271-1.4.0.fw, size: 51008
[  696.129952][ T9126] bridge_slave_0: left allmulticast mode
[  696.147477][ T9126] bridge_slave_0: left promiscuous mode
[  696.154646][ T9126] bridge0: port 1(bridge_slave_0) entered disabled state
[  696.317388][ T9130] netlink: 'syz.0.974': attribute type 11 has an invalid length.
[  696.325757][ T9130] netlink: 131388 bytes leftover after parsing attributes in process `syz.0.974'.
[  696.425382][ T9125] loop4: detected capacity change from 0 to 256
[  696.616315][ T8863] ath9k_htc 3-1:1.0: ath9k_htc: Target is unresponsive
[  696.627164][ T8863] ath9k_htc: Failed to initialize the device
[  696.732895][ T9125] exFAT-fs (loop4): failed to load upcase table (idx : 0x0000fd4f, chksum : 0x3963664b, utbl_chksum : 0xe619d30d)
[  696.778237][ T9133] loop0: detected capacity change from 0 to 512
[  696.811202][ T3410] wlan1: No active IBSS STAs - trying to scan for other IBSS networks with same SSID (merge)
[  697.204986][ T9135] bridge0: port 2(bridge_slave_1) entered disabled state
[  697.236488][ T8863] usb 3-1: ath9k_htc: USB layer deinitialized
[  697.448113][ T9133] EXT4-fs error (device loop0): ext4_xattr_ibody_find:2240: inode #15: comm syz.0.974: corrupted in-inode xattr: invalid ea_ino
[  697.466086][ T9133] EXT4-fs error (device loop0): ext4_orphan_get:1393: comm syz.0.974: couldn't read orphan inode 15 (err -117)
[  697.491897][ T9133] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  697.524085][ T9130] netlink: 40 bytes leftover after parsing attributes in process `syz.0.974'.
[  697.633916][ T1611] usb 5-1: new high-speed USB device number 23 using dummy_hcd
[  697.840108][ T1611] usb 5-1: config 0 has an invalid interface number: 186 but max is 0
[  697.849172][ T1611] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  697.859885][ T1611] usb 5-1: config 0 has no interface number 0
[  697.866426][ T1611] usb 5-1: config 0 interface 186 altsetting 0 has an invalid descriptor for endpoint zero, skipping
[  697.882969][ T1611] usb 5-1: config 0 interface 186 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[  698.098053][ T8762] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  698.216493][ T1611] usb 5-1: New USB device found, idVendor=05ac, idProduct=8600, bcdDevice=d0.28
[  698.226160][ T1611] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  698.245596][ T1611] usb 5-1: Product: syz
[  698.250101][ T1611] usb 5-1: Manufacturer: syz
[  698.255543][ T1611] usb 5-1: SerialNumber: syz
[  698.316842][ T1611] usb 5-1: config 0 descriptor??
[  698.845483][   T44] usb 3-1: USB disconnect, device number 23
[  698.881592][ T9149] loop1: detected capacity change from 0 to 1024
[  698.978217][ T8819] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  699.048826][ T9149] [EXT4 FS bs=1024, gc=1, bpg=131072, ipg=32, mo=a040c118, mo2=0002]
[  699.087537][ T9149] System zones: 0-1, 3-12
[  699.095397][ T9149] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  699.536111][ T1611] usb 5-1: Found UVC 0.00 device syz (05ac:8600)
[  699.542896][ T1611] usb 5-1: No valid video chain found.
[  699.554151][ T1611] usb 5-1: USB disconnect, device number 23
[  699.596367][ T5189] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1
[  699.606435][ T5189] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9
[  699.616347][ T5189] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9
[  699.638407][ T5189] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4
[  699.650297][ T5189] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3
[  699.660153][ T5189] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2
[  700.824945][ T8875] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  700.996947][ T8820] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  701.018639][ T8875] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  701.216087][ T9167] IPv6: sit1: Disabled Multicast RS
[  701.245822][ T9170] netlink: 392 bytes leftover after parsing attributes in process `syz.2.999'.
[  701.256297][ T9170] netlink: 4 bytes leftover after parsing attributes in process `syz.2.999'.
[  701.356567][ T9172] netlink: 44 bytes leftover after parsing attributes in process `syz.1.1002'.
[  701.381217][ T8875] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  701.547675][ T8875] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  701.735950][ T5189] Bluetooth: hci1: command tx timeout
[  701.830897][ T9179] netlink: 'syz.1.1005': attribute type 11 has an invalid length.
[  701.839278][ T9179] netlink: 131388 bytes leftover after parsing attributes in process `syz.1.1005'.
[  701.959526][ T9179] loop1: detected capacity change from 0 to 512
[  702.154057][ T9179] EXT4-fs error (device loop1): ext4_xattr_ibody_find:2240: inode #15: comm syz.1.1005: corrupted in-inode xattr: invalid ea_ino
[  702.211926][ T9156] chnl_net:caif_netlink_parms(): no params data found
[  702.254856][ T8875] bridge_slave_1: left allmulticast mode
[  702.261022][ T8875] bridge_slave_1: left promiscuous mode
[  702.267895][ T8875] bridge0: port 2(bridge_slave_1) entered disabled state
[  702.275035][ T9179] EXT4-fs error (device loop1): ext4_orphan_get:1393: comm syz.1.1005: couldn't read orphan inode 15 (err -117)
[  702.316489][ T9179] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  702.397983][ T9176] loop3: detected capacity change from 0 to 256
[  702.454671][ T8875] bridge_slave_0: left allmulticast mode
[  702.460636][ T8875] bridge_slave_0: left promiscuous mode
[  702.467680][ T8875] bridge0: port 1(bridge_slave_0) entered disabled state
[  702.564608][ T9176] exFAT-fs (loop3): failed to load upcase table (idx : 0x0000fd4f, chksum : 0x3963664b, utbl_chksum : 0xe619d30d)
[  703.673774][ T8875] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  703.728457][ T9191] loop2: detected capacity change from 0 to 1024
[  703.746344][ T8875] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  703.791647][ T8875] bond0 (unregistering): Released all slaves
[  703.815017][ T5189] Bluetooth: hci1: command tx timeout
[  703.900753][ T9186] netlink: 40 bytes leftover after parsing attributes in process `syz.1.1005'.
[  703.973988][ T9191] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  703.987558][ T9191] ext4 filesystem being mounted at /13/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  704.414277][ T8820] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  704.874839][ T5588] usb 3-1: new high-speed USB device number 24 using dummy_hcd
[  705.277481][ T9207] loop4: detected capacity change from 0 to 1024
[  705.314037][ T1611] usb 2-1: new high-speed USB device number 21 using dummy_hcd
[  705.324993][ T5588] usb 3-1: New USB device found, idVendor=0cf3, idProduct=9271, bcdDevice= 1.08
[  705.334824][ T5588] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  705.343155][ T5588] usb 3-1: Product: syz
[  705.347895][ T5588] usb 3-1: Manufacturer: syz
[  705.354873][ T5588] usb 3-1: SerialNumber: syz
[  705.427052][ T5588] usb 3-1: ath9k_htc: Firmware ath9k_htc/htc_9271-1.4.0.fw requested
[  705.430830][ T9207] [EXT4 FS bs=1024, gc=1, bpg=131072, ipg=32, mo=a040c118, mo2=0002]
[  705.494422][ T9207] System zones: 0-1, 3-12
[  705.514699][ T1611] usb 2-1: config 0 has an invalid interface number: 186 but max is 0
[  705.522336][ T9207] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  705.523866][ T1611] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  705.546198][ T1611] usb 2-1: config 0 has no interface number 0
[  705.552599][ T1611] usb 2-1: config 0 interface 186 altsetting 0 has an invalid descriptor for endpoint zero, skipping
[  705.569852][ T1611] usb 2-1: config 0 interface 186 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[  705.618237][ T1611] usb 2-1: New USB device found, idVendor=05ac, idProduct=8600, bcdDevice=d0.28
[  705.628423][ T1611] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  705.636940][ T1611] usb 2-1: Product: syz
[  705.641397][ T1611] usb 2-1: Manufacturer: syz
[  705.646446][ T1611] usb 2-1: SerialNumber: syz
[  705.826148][ T1611] usb 2-1: config 0 descriptor??
[  705.896078][ T5189] Bluetooth: hci1: command tx timeout
[  706.092598][ T5588] usb 3-1: ath9k_htc: Transferred FW: ath9k_htc/htc_9271-1.4.0.fw, size: 51008
[  706.208076][ T8875] hsr_slave_0: left promiscuous mode
[  706.326617][ T8875] hsr_slave_1: left promiscuous mode
[  706.392644][ T8875] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  706.401394][ T8875] batman_adv: batadv0: Removing interface: batadv_slave_0
[  706.434397][ T8875] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  706.442793][ T8875] batman_adv: batadv0: Removing interface: batadv_slave_1
[  706.569767][ T5239] usb 3-1: USB disconnect, device number 24
[  706.659678][ T8875] veth1_macvtap: left promiscuous mode
[  706.668283][ T8875] veth0_macvtap: left promiscuous mode
[  706.674916][ T8875] veth1_vlan: left promiscuous mode
[  706.680686][ T8875] veth0_vlan: left promiscuous mode
[  706.701331][ T8819] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  707.174545][ T5588] ath9k_htc 3-1:1.0: ath9k_htc: Target is unresponsive
[  707.182509][ T5588] ath9k_htc: Failed to initialize the device
[  707.267352][ T5239] usb 3-1: ath9k_htc: USB layer deinitialized
[  707.408038][ T9220] netlink: 44 bytes leftover after parsing attributes in process `syz.2.1014'.
[  707.664798][ T8875] team0 (unregistering): Port device team_slave_1 removed
[  707.784566][ T8875] team0 (unregistering): Port device team_slave_0 removed
[  707.990274][ T5189] Bluetooth: hci1: command tx timeout
[  708.252997][ T9156] bridge0: port 1(bridge_slave_0) entered blocking state
[  708.261549][ T9156] bridge0: port 1(bridge_slave_0) entered disabled state
[  708.270244][ T9156] bridge_slave_0: entered allmulticast mode
[  708.282795][ T9156] bridge_slave_0: entered promiscuous mode
[  708.392857][ T9156] bridge0: port 2(bridge_slave_1) entered blocking state
[  708.400838][ T9156] bridge0: port 2(bridge_slave_1) entered disabled state
[  708.409028][ T9156] bridge_slave_1: entered allmulticast mode
[  708.418681][ T9156] bridge_slave_1: entered promiscuous mode
[  708.437611][ T9222] netlink: 392 bytes leftover after parsing attributes in process `syz.2.1015'.
[  708.447143][ T9222] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1015'.
[  708.718235][ T8826] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  708.907394][ T1611] usb 2-1: Found UVC 0.00 device syz (05ac:8600)
[  708.914345][ T1611] usb 2-1: No valid video chain found.
[  709.028421][ T9156] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  709.106638][ T1611] usb 2-1: USB disconnect, device number 21
[  709.128555][ T9156] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  709.285512][ T9226] netlink: 'syz.3.1019': attribute type 11 has an invalid length.
[  709.293821][ T9226] netlink: 131388 bytes leftover after parsing attributes in process `syz.3.1019'.
[  709.601466][ T9226] loop3: detected capacity change from 0 to 512
[  709.632373][ T9156] team0: Port device team_slave_0 added
[  709.744248][ T9226] EXT4-fs error (device loop3): ext4_xattr_ibody_find:2240: inode #15: comm syz.3.1019: corrupted in-inode xattr: invalid ea_ino
[  709.783378][ T9156] team0: Port device team_slave_1 added
[  709.842734][ T9226] EXT4-fs error (device loop3): ext4_orphan_get:1393: comm syz.3.1019: couldn't read orphan inode 15 (err -117)
[  709.889637][ T9232] loop4: detected capacity change from 0 to 256
[  709.951603][ T9226] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  710.039403][ T9234] loop2: detected capacity change from 0 to 512
[  710.124427][ T9232] exFAT-fs (loop4): failed to load upcase table (idx : 0x0000fd4f, chksum : 0x3963664b, utbl_chksum : 0xe619d30d)
[  710.215648][ T9234] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  710.229963][ T9234] ext4 filesystem being mounted at /16/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  710.284652][ T9156] batman_adv: batadv0: Adding interface: batadv_slave_0
[  710.291897][ T9156] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  710.294058][ T9234] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  710.319220][ T9156] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  710.501805][ T9229] netlink: 40 bytes leftover after parsing attributes in process `syz.3.1019'.
[  710.604653][ T9156] batman_adv: batadv0: Adding interface: batadv_slave_1
[  710.611926][ T9156] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  710.641516][ T9156] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  710.957298][ T8824] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  711.081068][ T9156] hsr_slave_0: entered promiscuous mode
[  711.178632][ T9156] hsr_slave_1: entered promiscuous mode
[  711.246294][ T9156] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  711.256072][ T9156] Cannot create hsr debugfs directory
[  711.650505][ T9250] netlink: 44 bytes leftover after parsing attributes in process `syz.2.1024'.
[  711.723140][ T9249] loop3: detected capacity change from 0 to 1024
[  711.965574][ T9255] loop1: detected capacity change from 0 to 1024
[  712.096931][ T9249] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  712.178651][ T9249] ext4 filesystem being mounted at /19/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  712.283253][ T9255] [EXT4 FS bs=1024, gc=1, bpg=131072, ipg=32, mo=a040c118, mo2=0002]
[  712.293454][ T9255] System zones: 0-1, 3-12
[  712.494862][ T1611] usb 5-1: new high-speed USB device number 24 using dummy_hcd
[  712.605057][ T9255] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  712.707760][ T1611] usb 5-1: config 0 has an invalid interface number: 186 but max is 0
[  712.716786][ T1611] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  712.735942][ T1611] usb 5-1: config 0 has no interface number 0
[  712.742401][ T1611] usb 5-1: config 0 interface 186 altsetting 0 has an invalid descriptor for endpoint zero, skipping
[  712.753976][ T1611] usb 5-1: config 0 interface 186 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[  712.807851][ T1611] usb 5-1: New USB device found, idVendor=05ac, idProduct=8600, bcdDevice=d0.28
[  712.814234][ T8863] usb 4-1: new high-speed USB device number 26 using dummy_hcd
[  712.817540][ T1611] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  712.839627][ T1611] usb 5-1: Product: syz
[  712.846408][ T1611] usb 5-1: Manufacturer: syz
[  712.851320][ T1611] usb 5-1: SerialNumber: syz
[  712.861244][ T9266] netlink: 392 bytes leftover after parsing attributes in process `syz.2.1029'.
[  712.871760][ T9266] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1029'.
[  712.909975][ T1611] usb 5-1: config 0 descriptor??
[  713.074685][ T8863] usb 4-1: New USB device found, idVendor=0cf3, idProduct=9271, bcdDevice= 1.08
[  713.084675][ T8863] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  713.093002][ T8863] usb 4-1: Product: syz
[  713.099496][ T8863] usb 4-1: Manufacturer: syz
[  713.104862][ T8863] usb 4-1: SerialNumber: syz
[  713.223408][ T8863] usb 4-1: ath9k_htc: Firmware ath9k_htc/htc_9271-1.4.0.fw requested
[  713.448178][ T8820] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  713.805668][ T9156] netdevsim netdevsim0 netdevsim0: renamed from eth0
[  713.915615][ T9156] netdevsim netdevsim0 netdevsim1: renamed from eth1
[  713.992966][ T9272] netlink: 'syz.2.1032': attribute type 11 has an invalid length.
[  713.993859][ T5588] usb 4-1: ath9k_htc: Transferred FW: ath9k_htc/htc_9271-1.4.0.fw, size: 51008
[  714.001243][ T9272] netlink: 131388 bytes leftover after parsing attributes in process `syz.2.1032'.
[  714.194448][ T9156] netdevsim netdevsim0 netdevsim2: renamed from eth2
[  714.206401][ T1611] usb 5-1: Found UVC 0.00 device syz (05ac:8600)
[  714.213136][ T1611] usb 5-1: No valid video chain found.
[  714.537647][ T9156] netdevsim netdevsim0 netdevsim3: renamed from eth3
[  714.602956][ T1611] usb 5-1: USB disconnect, device number 24
[  714.866310][ T9274] loop2: detected capacity change from 0 to 512
[  714.959922][ T9264] bridge_slave_0: left allmulticast mode
[  714.966170][ T9264] bridge_slave_0: left promiscuous mode
[  714.972983][ T9264] bridge0: port 1(bridge_slave_0) entered disabled state
[  715.136267][ T5588] ath9k_htc 4-1:1.0: ath9k_htc: Target is unresponsive
[  715.147078][ T5588] ath9k_htc: Failed to initialize the device
[  715.332304][ T5588] usb 4-1: ath9k_htc: USB layer deinitialized
[  715.774917][ T9274] EXT4-fs error (device loop2): ext4_xattr_ibody_find:2240: inode #15: comm syz.2.1032: corrupted in-inode xattr: invalid ea_ino
[  715.921710][ T9282] loop1: detected capacity change from 0 to 256
[  716.034150][ T9274] EXT4-fs error (device loop2): ext4_orphan_get:1393: comm syz.2.1032: couldn't read orphan inode 15 (err -117)
[  716.050470][ T9279] bridge0: port 2(bridge_slave_1) entered disabled state
[  716.123502][ T9274] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  716.275972][ T9282] exFAT-fs (loop1): failed to load upcase table (idx : 0x0000fd4f, chksum : 0x3963664b, utbl_chksum : 0xe619d30d)
[  716.355022][ T9272] netlink: 40 bytes leftover after parsing attributes in process `syz.2.1032'.
[  716.614567][ T9156] 8021q: adding VLAN 0 to HW filter on device bond0
[  716.705070][ T9156] 8021q: adding VLAN 0 to HW filter on device team0
[  716.934283][ T3513] bridge0: port 1(bridge_slave_0) entered blocking state
[  716.942080][ T3513] bridge0: port 1(bridge_slave_0) entered forwarding state
[  716.962228][ T3513] bridge0: port 2(bridge_slave_1) entered blocking state
[  716.970158][ T3513] bridge0: port 2(bridge_slave_1) entered forwarding state
[  717.286716][ T9288] loop4: detected capacity change from 0 to 1024
[  717.330435][ T9288] EXT4-fs: Mount option(s) incompatible with ext2
[  717.457776][ T1611] usb 4-1: USB disconnect, device number 26
[  717.599682][ T8819] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  717.614732][ T9288] No such timeout policy "syz0"
[  717.804716][ T8824] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  718.509906][ T9301] netlink: 44 bytes leftover after parsing attributes in process `syz.3.1037'.
[  718.608899][ T9303] netlink: 392 bytes leftover after parsing attributes in process `syz.4.1039'.
[  718.618958][ T9303] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1039'.
[  719.069775][ T9156] 8021q: adding VLAN 0 to HW filter on device batadv0
[  719.303307][ T9305] loop2: detected capacity change from 0 to 1024
[  719.355002][ T9156] veth0_vlan: entered promiscuous mode
[  719.417939][ T9156] veth1_vlan: entered promiscuous mode
[  719.535489][    T8] usb 4-1: new high-speed USB device number 27 using dummy_hcd
[  719.705782][ T9156] veth0_macvtap: entered promiscuous mode
[  719.729234][ T9156] veth1_macvtap: entered promiscuous mode
[  719.770279][ T9305] [EXT4 FS bs=1024, gc=1, bpg=131072, ipg=32, mo=a040c118, mo2=0002]
[  719.779690][ T9305] System zones: 0-1, 3-12
[  719.786558][ T9156] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  719.806616][ T9156] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  719.819371][ T9156] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  719.830370][ T9156] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  719.840576][ T9156] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  719.852515][ T9156] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  719.861947][    T8] usb 4-1: config 0 has an invalid interface number: 186 but max is 0
[  719.863368][ T9156] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  719.870909][    T8] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  719.881421][ T9156] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  719.881501][ T9156] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  719.881599][ T9156] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  719.891830][    T8] usb 4-1: config 0 has no interface number 0
[  719.891981][    T8] usb 4-1: config 0 interface 186 altsetting 0 has an invalid descriptor for endpoint zero, skipping
[  719.917627][ T9156] batman_adv: batadv0: Interface activated: batadv_slave_0
[  719.924060][    T8] usb 4-1: config 0 interface 186 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[  719.942432][ T9156] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  719.977943][ T9156] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  719.984881][ T9305] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  719.988095][ T9156] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  720.020365][ T9156] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  720.030548][ T9156] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  720.041390][ T9156] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  720.045119][    T8] usb 4-1: New USB device found, idVendor=05ac, idProduct=8600, bcdDevice=d0.28
[  720.051515][ T9156] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  720.061224][    T8] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  720.061379][    T8] usb 4-1: Product: syz
[  720.061500][    T8] usb 4-1: Manufacturer: syz
[  720.061629][    T8] usb 4-1: SerialNumber: syz
[  720.095347][ T9156] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  720.112736][ T9156] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  720.125699][ T9156] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  720.143448][ T9156] batman_adv: batadv0: Interface activated: batadv_slave_1
[  720.221638][    T8] usb 4-1: config 0 descriptor??
[  720.258143][ T9156] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  720.268762][ T9156] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  720.278449][ T9156] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  720.287692][ T9156] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  720.871841][ T1243] ieee802154 phy0 wpan0: encryption failed: -22
[  720.879785][ T1243] ieee802154 phy1 wpan1: encryption failed: -22
[  721.103243][ T9317] loop1: detected capacity change from 0 to 256
[  721.184374][    T8] usb 4-1: Found UVC 0.00 device syz (05ac:8600)
[  721.191284][    T8] usb 4-1: No valid video chain found.
[  721.254595][ T9327] netlink: 'syz.4.1045': attribute type 11 has an invalid length.
[  721.263015][ T9327] netlink: 131388 bytes leftover after parsing attributes in process `syz.4.1045'.
[  721.290243][ T8819] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  721.329005][    T8] usb 4-1: USB disconnect, device number 27
[  721.457535][ T9317] exFAT-fs (loop1): failed to load upcase table (idx : 0x0000fd4f, chksum : 0x3963664b, utbl_chksum : 0xe619d30d)
[  721.817299][ T9327] loop4: detected capacity change from 0 to 512
[  722.130409][ T9327] EXT4-fs error (device loop4): ext4_xattr_ibody_find:2240: inode #15: comm syz.4.1045: corrupted in-inode xattr: invalid ea_ino
[  722.232324][ T9337] loop2: detected capacity change from 0 to 1024
[  722.262018][ T9327] EXT4-fs error (device loop4): ext4_orphan_get:1393: comm syz.4.1045: couldn't read orphan inode 15 (err -117)
[  722.326153][ T9337] EXT4-fs: Mount option(s) incompatible with ext2
[  722.349263][ T9327] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  722.496974][ T9327] netlink: 40 bytes leftover after parsing attributes in process `syz.4.1045'.
[  722.654854][ T9337] No such timeout policy "syz0"
[  723.196700][ T8826] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  723.657142][ T9348] netlink: 392 bytes leftover after parsing attributes in process `syz.1.1052'.
[  723.666832][ T9348] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1052'.
[  723.772499][ T9354] netlink: 44 bytes leftover after parsing attributes in process `syz.4.1051'.
[  724.541242][ T9362] loop1: detected capacity change from 0 to 1024
[  724.740394][ T9362] [EXT4 FS bs=1024, gc=1, bpg=131072, ipg=32, mo=a040c118, mo2=0002]
[  724.796991][ T9362] System zones: 0-1, 3-12
[  724.839487][ T9362] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  725.255855][ T9370] loop2: detected capacity change from 0 to 256
[  725.313382][ T9370] exFAT-fs (loop2): failed to load upcase table (idx : 0x0000fd4f, chksum : 0x3963664b, utbl_chksum : 0xe619d30d)
[  725.404122][    T8] usb 5-1: new high-speed USB device number 25 using dummy_hcd
[  725.432843][ T8820] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  725.625356][    T8] usb 5-1: config 0 has an invalid interface number: 186 but max is 0
[  725.636518][    T8] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  725.647933][    T8] usb 5-1: config 0 has no interface number 0
[  725.654522][    T8] usb 5-1: config 0 interface 186 altsetting 0 has an invalid descriptor for endpoint zero, skipping
[  725.665899][    T8] usb 5-1: config 0 interface 186 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[  725.895548][ T4263] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  725.903893][ T4263] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  726.057046][    T8] usb 5-1: New USB device found, idVendor=05ac, idProduct=8600, bcdDevice=d0.28
[  726.066639][    T8] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  726.075235][    T8] usb 5-1: Product: syz
[  726.079730][    T8] usb 5-1: Manufacturer: syz
[  726.084778][    T8] usb 5-1: SerialNumber: syz
[  726.205831][ T9382] netlink: 'syz.1.1060': attribute type 11 has an invalid length.
[  726.214722][ T9382] netlink: 131388 bytes leftover after parsing attributes in process `syz.1.1060'.
[  726.220003][ T9384] loop2: detected capacity change from 0 to 1024
[  726.258202][ T4425] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  726.266512][ T4425] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  726.310592][    T8] usb 5-1: config 0 descriptor??
[  726.369968][ T9384] EXT4-fs: Mount option(s) incompatible with ext2
[  726.611205][ T9382] loop1: detected capacity change from 0 to 512
[  726.627083][ T9387] No such timeout policy "syz0"
[  726.888142][ T9382] EXT4-fs error (device loop1): ext4_xattr_ibody_find:2240: inode #15: comm syz.1.1060: corrupted in-inode xattr: invalid ea_ino
[  726.957546][ T9382] EXT4-fs error (device loop1): ext4_orphan_get:1393: comm syz.1.1060: couldn't read orphan inode 15 (err -117)
[  727.011767][ T9382] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  727.504561][    T8] usb 5-1: Found UVC 0.00 device syz (05ac:8600)
[  727.511354][    T8] usb 5-1: No valid video chain found.
[  727.587250][    T8] usb 5-1: USB disconnect, device number 25
[  727.812748][ T9400] netlink: 392 bytes leftover after parsing attributes in process `syz.2.1064'.
[  727.822629][ T9400] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1064'.
[  727.834717][ T9382] netlink: 40 bytes leftover after parsing attributes in process `syz.1.1060'.
[  728.060280][ T4263] wlan1: No active IBSS STAs - trying to scan for other IBSS networks with same SSID (merge)
[  728.455253][ T8820] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  729.490897][ T9409] netlink: 44 bytes leftover after parsing attributes in process `syz.4.1065'.
[  729.662488][ T9413] loop0: detected capacity change from 0 to 1024
[  730.199464][ T9415] loop2: detected capacity change from 0 to 256
[  730.281351][ T9413] [EXT4 FS bs=1024, gc=1, bpg=131072, ipg=32, mo=a040c118, mo2=0002]
[  730.313053][ T9413] System zones: 0-1, 3-12
[  730.488450][ T9427] loop4: detected capacity change from 0 to 1024
[  730.521401][ T9415] exFAT-fs (loop2): failed to load upcase table (idx : 0x0000fd4f, chksum : 0x3963664b, utbl_chksum : 0xe619d30d)
[  730.522144][ T9427] EXT4-fs: Mount option(s) incompatible with ext2
[  730.538065][ T9413] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  730.783983][ T9427] No such timeout policy "syz0"
[  731.215671][ T9156] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  731.708625][ T9436] netlink: 'syz.1.1078': attribute type 11 has an invalid length.
[  731.717069][ T9436] netlink: 131388 bytes leftover after parsing attributes in process `syz.1.1078'.
[  731.859998][ T9436] loop1: detected capacity change from 0 to 512
[  732.064546][ T9436] EXT4-fs error (device loop1): ext4_xattr_ibody_find:2240: inode #15: comm syz.1.1078: corrupted in-inode xattr: invalid ea_ino
[  732.186191][ T9436] EXT4-fs error (device loop1): ext4_orphan_get:1393: comm syz.1.1078: couldn't read orphan inode 15 (err -117)
[  732.226126][ T9436] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  732.423265][ T8820] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  732.450825][ T9432] loop3: detected capacity change from 0 to 2048
[  732.484424][    T8] usb 3-1: new high-speed USB device number 25 using dummy_hcd
[  732.628673][ T9432] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  733.976148][   T29] audit: type=1800 audit(1728974030.716:101): pid=9450 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.3.1076" name="bus" dev="loop3" ino=18 res=0 errno=0
[  734.916980][ T8824] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  735.230264][ T9449] loop1: detected capacity change from 0 to 32768
[  735.639616][    T8] usb 3-1: device descriptor read/all, error -71
[  736.581457][ T9470] loop4: detected capacity change from 0 to 1024
[  736.622546][ T9470] EXT4-fs: Mount option(s) incompatible with ext2
[  736.703053][ T9462] loop2: detected capacity change from 0 to 256
[  736.774597][ T9470] No such timeout policy "syz0"
[  737.354081][ T9462] exFAT-fs (loop2): failed to load upcase table (idx : 0x0000fd4f, chksum : 0x3963664b, utbl_chksum : 0xe619d30d)
[  737.566701][ T9479] netlink: 'syz.0.1091': attribute type 11 has an invalid length.
[  737.577025][ T9479] netlink: 131388 bytes leftover after parsing attributes in process `syz.0.1091'.
[  737.822283][ T9481] loop0: detected capacity change from 0 to 512
[  738.265085][ T9489] loop1: detected capacity change from 0 to 1024
[  738.510860][ T9481] EXT4-fs error (device loop0): ext4_xattr_ibody_find:2240: inode #15: comm syz.0.1091: corrupted in-inode xattr: invalid ea_ino
[  738.619463][ T9481] EXT4-fs error (device loop0): ext4_orphan_get:1393: comm syz.0.1091: couldn't read orphan inode 15 (err -117)
[  738.761522][ T9481] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  738.804325][ T9489] [EXT4 FS bs=1024, gc=1, bpg=131072, ipg=32, mo=a040c118, mo2=0002]
[  738.847661][ T9489] System zones: 0-1, 3-12
[  738.855539][ T9489] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  739.384653][   T44] usb 3-1: new high-speed USB device number 27 using dummy_hcd
[  739.407432][ T8820] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  739.476647][ T9156] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  739.595535][   T44] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  739.607167][   T44] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  739.618466][   T44] usb 3-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21
[  739.632458][   T44] usb 3-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[  739.642036][   T44] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  739.679579][   T44] usb 3-1: config 0 descriptor??
[  740.125785][   T44] plantronics 0003:047F:FFFF.0011: ignoring exceeding usage max
[  740.240921][   T44] plantronics 0003:047F:FFFF.0011: No inputs registered, leaving
[  740.320502][   T44] plantronics 0003:047F:FFFF.0011: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.2-1/input0
[  740.694977][ T9514] netlink: 392 bytes leftover after parsing attributes in process `syz.1.1101'.
[  740.704544][ T9514] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1101'.
[  741.002980][ T9515] loop3: detected capacity change from 0 to 1024
[  741.138456][ T9515] EXT4-fs: Mount option(s) incompatible with ext2
[  741.358012][    T8] usb 3-1: USB disconnect, device number 27
[  741.433462][ T3410] bridge_slave_1: left allmulticast mode
[  741.439688][ T3410] bridge_slave_1: left promiscuous mode
[  741.446713][ T3410] bridge0: port 2(bridge_slave_1) entered disabled state
[  741.541067][ T3410] bridge_slave_0: left allmulticast mode
[  741.549441][ T3410] bridge_slave_0: left promiscuous mode
[  741.557720][ T3410] bridge0: port 1(bridge_slave_0) entered disabled state
[  741.733465][ T9513] No such timeout policy "syz0"
[  742.308217][ T9525] loop0: detected capacity change from 0 to 256
[  742.537199][ T3410] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  742.549199][ T9525] exFAT-fs (loop0): failed to load upcase table (idx : 0x0000fd4f, chksum : 0x3963664b, utbl_chksum : 0xe619d30d)
[  742.639873][ T3410] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  742.702267][ T3410] bond0 (unregistering): Released all slaves
[  742.864999][ T9522] netlink: 24 bytes leftover after parsing attributes in process `syz.1.1103'.
[  743.005844][ T9501] netlink: 20 bytes leftover after parsing attributes in process `syz.4.1095'.
[  743.015291][ T9501] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check.
[  743.544406][ T3410] tipc: Left network mode
[  744.121077][ T9537] netlink: 'syz.2.1109': attribute type 11 has an invalid length.
[  744.129455][ T9537] netlink: 131388 bytes leftover after parsing attributes in process `syz.2.1109'.
[  744.316703][ T9542] loop2: detected capacity change from 0 to 512
[  744.762304][ T9545] loop1: detected capacity change from 0 to 1024
[  744.827148][ T9542] EXT4-fs error (device loop2): ext4_xattr_ibody_find:2240: inode #15: comm syz.2.1109: corrupted in-inode xattr: invalid ea_ino
[  745.024761][ T9542] EXT4-fs error (device loop2): ext4_orphan_get:1393: comm syz.2.1109: couldn't read orphan inode 15 (err -117)
[  745.228329][ T9545] [EXT4 FS bs=1024, gc=1, bpg=131072, ipg=32, mo=a040c118, mo2=0002]
[  745.257656][ T9542] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  745.274970][ T9545] System zones: 0-1, 3-12
[  745.283234][ T9545] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  745.402113][ T3410] hsr_slave_0: left promiscuous mode
[  745.456099][ T3410] hsr_slave_1: left promiscuous mode
[  745.481686][ T3410] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  745.489931][ T3410] batman_adv: batadv0: Removing interface: batadv_slave_0
[  745.593967][ T3410] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  745.607081][ T3410] batman_adv: batadv0: Removing interface: batadv_slave_1
[  745.714877][ T3410] veth1_macvtap: left promiscuous mode
[  745.720794][ T3410] veth1_vlan: left promiscuous mode
[  745.726673][ T3410] veth0_vlan: left promiscuous mode
[  746.804936][ T3410] team0 (unregistering): Port device team_slave_1 removed
[  746.835344][ T9552] loop3: detected capacity change from 0 to 4096
[  746.850223][ T3410] team0 (unregistering): Port device team_slave_0 removed
[  747.148410][ T8863] usb 1-1: new high-speed USB device number 22 using dummy_hcd
[  747.256132][ T9558] netlink: 392 bytes leftover after parsing attributes in process `syz.4.1113'.
[  747.265961][ T9558] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1113'.
[  747.392070][ T8863] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  747.404052][ T8863] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  747.414639][ T8863] usb 1-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21
[  747.428152][ T8863] usb 1-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[  747.442141][ T8863] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  747.491468][ T8820] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  747.680011][ T8863] usb 1-1: config 0 descriptor??
[  747.721622][ T8819] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  747.731887][   T29] audit: type=1800 audit(1728974045.456:102): pid=9562 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.3.1112" name="bus" dev="loop3" ino=34 res=0 errno=0
[  747.819190][ T9564] loop1: detected capacity change from 0 to 1024
[  747.990658][ T9564] EXT4-fs: Mount option(s) incompatible with ext2
[  748.228911][ T9566] loop4: detected capacity change from 0 to 256
[  748.249016][ T9564] No such timeout policy "syz0"
[  748.280787][ T9552] loop3: detected capacity change from 4096 to 4095
[  748.330485][ T9566] exFAT-fs (loop4): failed to load upcase table (idx : 0x0000fd4f, chksum : 0x3963664b, utbl_chksum : 0xe619d30d)
[  748.500955][ T8863] plantronics 0003:047F:FFFF.0012: ignoring exceeding usage max
[  748.676471][ T8863] plantronics 0003:047F:FFFF.0012: No inputs registered, leaving
[  748.786491][ T8863] plantronics 0003:047F:FFFF.0012: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.0-1/input0
[  748.841278][ T9571] netlink: 24 bytes leftover after parsing attributes in process `syz.2.1118'.
[  749.481154][   T44] usb 1-1: USB disconnect, device number 22
[  749.745217][ T5236] usb 5-1: new high-speed USB device number 26 using dummy_hcd
[  749.955644][ T4263] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  749.991887][ T5236] usb 5-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  750.006217][ T5236] usb 5-1: config 1 has 1 interface, different from the descriptor's value: 3
[  750.078472][ T5236] usb 5-1: New USB device found, idVendor=08b7, idProduct=0000, bcdDevice= 0.00
[  750.088259][ T5236] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3
[  750.097421][ T5236] usb 5-1: SerialNumber: syz
[  750.139942][ T4263] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  750.281124][ T4263] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  750.392449][ T5236] usb 5-1: 0:2 : does not exist
[  750.397977][ T5236] usb 5-1: unit 255 not found!
[  750.493057][ T4263] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  750.553317][ T5236] usb 5-1: 5:0: cannot get min/max values for control 3 (id 5)
[  750.757381][ T5236] usb 5-1: USB disconnect, device number 26
[  751.004723][ T4263] bridge_slave_1: left allmulticast mode
[  751.010689][ T4263] bridge_slave_1: left promiscuous mode
[  751.020592][ T4263] bridge0: port 2(bridge_slave_1) entered disabled state
[  751.324453][ T8989] udevd[8989]: error opening ATTR{/sys/devices/platform/dummy_hcd.4/usb5/5-1/5-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  751.387679][ T5272] usb 2-1: new high-speed USB device number 22 using dummy_hcd
[  751.884300][ T5272] usb 2-1: Using ep0 maxpacket: 8
[  751.991828][ T4263] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  752.035523][ T5272] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  752.056997][ T5272] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  752.085148][ T5272] usb 2-1: New USB device found, idVendor=172f, idProduct=0034, bcdDevice= 0.00
[  752.095425][ T5272] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  752.176548][ T5272] usb 2-1: config 0 descriptor??
[  752.225281][ T4263] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  752.435719][ T9593] loop0: detected capacity change from 0 to 1024
[  752.490774][ T4263] bond0 (unregistering): Released all slaves
[  752.571591][ T9597] dccp_invalid_packet: P.Data Offset(0) too small
[  752.628436][ T5193] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[  752.642053][ T5193] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[  752.655232][ T5193] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[  752.681884][ T5193] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[  752.723228][ T9593] [EXT4 FS bs=1024, gc=1, bpg=131072, ipg=32, mo=a040c118, mo2=0002]
[  752.723730][ T5193] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3
[  752.732530][ T9593] System zones: 0-1, 3-12
[  752.754801][ T5193] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[  752.790025][ T5272] waltop 0003:172F:0034.0013: collection stack underflow
[  752.797791][ T5272] waltop 0003:172F:0034.0013: item 0 0 0 12 parsing failed
[  752.810790][ T5272] waltop 0003:172F:0034.0013: probe with driver waltop failed with error -22
[  752.898396][ T9593] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  753.075163][ T9592] netlink: 392 bytes leftover after parsing attributes in process `syz.2.1127'.
[  753.085640][ T9592] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1127'.
[  753.099021][ T5272] usb 2-1: USB disconnect, device number 22
[  753.263909][ T9603] loop4: detected capacity change from 0 to 2048
[  753.428781][ T9605] loop2: detected capacity change from 0 to 256
[  753.547048][ T9605] exFAT-fs (loop2): failed to load upcase table (idx : 0x0000fd4f, chksum : 0x3963664b, utbl_chksum : 0xe619d30d)
[  753.940791][ T9603] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  753.948454][ T9611] loop2: detected capacity change from 0 to 1024
[  754.014889][ T9156] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  754.056703][ T9611] EXT4-fs: Mount option(s) incompatible with ext2
[  754.636709][ T8826] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  754.760606][ T9611] No such timeout policy "syz0"
[  754.960290][ T4263] hsr_slave_0: left promiscuous mode
[  754.995429][ T4263] hsr_slave_1: left promiscuous mode
[  755.027115][ T5193] Bluetooth: hci0: command tx timeout
[  755.052553][ T4263] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  755.060642][ T4263] batman_adv: batadv0: Removing interface: batadv_slave_0
[  755.163162][ T4263] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  755.172015][ T4263] batman_adv: batadv0: Removing interface: batadv_slave_1
[  755.287548][ T4263] veth1_macvtap: left promiscuous mode
[  755.293398][ T4263] veth0_macvtap: left promiscuous mode
[  755.300254][ T4263] veth1_vlan: left promiscuous mode
[  755.306067][ T4263] veth0_vlan: left promiscuous mode
[  755.677068][ T5588] usb 2-1: new high-speed USB device number 23 using dummy_hcd
[  755.983351][ T5588] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  755.999640][ T5588] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  756.010124][ T5588] usb 2-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21
[  756.023717][ T5588] usb 2-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[  756.033127][ T5588] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  756.091489][ T5588] usb 2-1: config 0 descriptor??
[  756.225603][ T9630] loop2: detected capacity change from 0 to 128
[  756.292476][ T9630] EXT4-fs: Ignoring removed orlov option
[  756.389950][ T9630] EXT4-fs: Mount option(s) incompatible with ext3
[  756.624092][ T5588] plantronics 0003:047F:FFFF.0014: ignoring exceeding usage max
[  756.667995][ T5588] plantronics 0003:047F:FFFF.0014: No inputs registered, leaving
[  756.737407][ T4263] team0 (unregistering): Port device team_slave_1 removed
[  756.837471][ T5588] plantronics 0003:047F:FFFF.0014: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.1-1/input0
[  756.921194][ T4263] team0 (unregistering): Port device team_slave_0 removed
[  757.139227][ T5193] Bluetooth: hci0: command tx timeout
[  757.624999][ T9624] netlink: 24 bytes leftover after parsing attributes in process `syz.4.1134'.
[  757.664684][ T5272] usb 2-1: USB disconnect, device number 23
[  757.953075][ T9645] IPv6: sit1: Disabled Multicast RS
[  758.014680][ T9594] chnl_net:caif_netlink_parms(): no params data found
[  758.358089][ T9650] loop2: detected capacity change from 0 to 1024
[  758.486127][ T9650] [EXT4 FS bs=1024, gc=1, bpg=131072, ipg=32, mo=a040c118, mo2=0002]
[  758.544634][ T9650] System zones: 0-1, 3-12
[  758.660690][ T9651] loop4: detected capacity change from 0 to 256
[  758.746547][ T9650] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  758.813365][ T9659] loop0: detected capacity change from 0 to 128
[  759.159172][ T9651] exFAT-fs (loop4): failed to load upcase table (idx : 0x0000fd4f, chksum : 0x3963664b, utbl_chksum : 0xe619d30d)
[  759.204213][ T5193] Bluetooth: hci0: command tx timeout
[  759.377553][ T8819] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  759.392795][ T9662] loop1: detected capacity change from 0 to 2048
[  759.431532][ T9594] bridge0: port 1(bridge_slave_0) entered blocking state
[  759.442492][ T9594] bridge0: port 1(bridge_slave_0) entered disabled state
[  759.450630][ T9594] bridge_slave_0: entered allmulticast mode
[  759.460149][ T9594] bridge_slave_0: entered promiscuous mode
[  759.604690][ T9668] loop0: detected capacity change from 0 to 1024
[  759.621119][ T9662] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  759.621455][ T9668] EXT4-fs: Mount option(s) incompatible with ext2
[  759.708908][ T9594] bridge0: port 2(bridge_slave_1) entered blocking state
[  759.717568][ T9594] bridge0: port 2(bridge_slave_1) entered disabled state
[  759.741450][ T9594] bridge_slave_1: entered allmulticast mode
[  759.752657][ T9594] bridge_slave_1: entered promiscuous mode
[  760.093012][ T9594] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  760.199604][ T9594] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  760.254484][ T9668] No such timeout policy "syz0"
[  760.438419][ T8820] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  760.635853][ T9594] team0: Port device team_slave_0 added
[  760.759633][ T9594] team0: Port device team_slave_1 added
[  761.026347][ T9683] FAULT_INJECTION: forcing a failure.
[  761.026347][ T9683] name failslab, interval 1, probability 0, space 0, times 0
[  761.040250][ T9683] CPU: 1 UID: 0 PID: 9683 Comm: syz.2.1150 Tainted: G        W          6.12.0-rc3-syzkaller-00013-geca631b8fe80 #0
[  761.052849][ T9683] Tainted: [W]=WARN
[  761.056931][ T9683] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
[  761.067372][ T9683] Call Trace:
[  761.070886][ T9683]  <TASK>
[  761.074057][ T9683]  dump_stack_lvl+0x216/0x2d0
[  761.079109][ T9683]  dump_stack+0x1e/0x30
[  761.083605][ T9683]  should_fail_ex+0x748/0x7f0
[  761.088664][ T9683]  should_failslab+0x17f/0x210
[  761.093769][ T9683]  kmem_cache_alloc_lru_noprof+0xec/0xb30
[  761.099949][ T9683]  ? kmsan_internal_poison_memory+0x49/0x90
[  761.106235][ T9683]  ? shmem_alloc_inode+0x5a/0xd0
[  761.111575][ T9683]  ? kmsan_get_shadow_origin_ptr+0x4d/0xb0
[  761.117723][ T9683]  shmem_alloc_inode+0x5a/0xd0
[  761.122868][ T9683]  ? __pfx_shmem_alloc_inode+0x10/0x10
[  761.128734][ T9683]  alloc_inode+0x86/0x460
[  761.133438][ T9683]  new_inode+0x38/0x480
[  761.137958][ T9683]  ? kmsan_get_metadata+0x13e/0x1c0
[  761.143517][ T9683]  ? kmsan_get_shadow_origin_ptr+0x4d/0xb0
[  761.149684][ T9683]  shmem_get_inode+0x6f2/0x1940
[  761.154939][ T9683]  __shmem_file_setup+0x249/0x4d0
[  761.160330][ T9683]  shmem_file_setup+0x61/0x80
[  761.165376][ T9683]  __se_sys_memfd_create+0x8a3/0x1260
[  761.171106][ T9683]  ? ksys_write+0x416/0x4c0
[  761.175972][ T9683]  ? kmsan_get_metadata+0x13e/0x1c0
[  761.181506][ T9683]  __x64_sys_memfd_create+0x6c/0xa0
[  761.187023][ T9683]  x64_sys_call+0x31cf/0x3ba0
[  761.192038][ T9683]  do_syscall_64+0xcd/0x1e0
[  761.196870][ T9683]  ? clear_bhb_loop+0x25/0x80
[  761.201861][ T9683]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  761.208119][ T9683] RIP: 0033:0x7f668437dff9
[  761.212792][ T9683] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  761.232920][ T9683] RSP: 002b:00007f66851a6e18 EFLAGS: 00000202 ORIG_RAX: 000000000000013f
[  761.241698][ T9683] RAX: ffffffffffffffda RBX: 000000000001f720 RCX: 00007f668437dff9
[  761.249959][ T9683] RDX: 00007f66851a6ef0 RSI: 0000000000000000 RDI: 00007f66843f0b02
[  761.258187][ T9683] RBP: 000000002003f200 R08: 00007f66851a6bb7 R09: 00007f66851a6e40
[  761.266426][ T9683] R10: 000000000000000a R11: 0000000000000202 R12: 0000000020000100
[  761.274660][ T9683] R13: 00007f66851a6ef0 R14: 00007f66851a6eb0 R15: 0000000020000140
[  761.283086][ T9683]  </TASK>
[  761.368687][ T5193] Bluetooth: hci0: command tx timeout
[  761.423268][ T9594] batman_adv: batadv0: Adding interface: batadv_slave_0
[  761.431630][ T9594] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  761.458272][ T9594] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  761.483960][ T9682] netlink: 24 bytes leftover after parsing attributes in process `syz.0.1149'.
[  761.507184][ T9594] batman_adv: batadv0: Adding interface: batadv_slave_1
[  761.514640][ T9594] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  761.541204][ T9594] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  761.869645][ T9692] netlink: 'syz.2.1152': attribute type 53 has an invalid length.
[  762.208699][ T9594] hsr_slave_0: entered promiscuous mode
[  762.259294][ T9698] loop0: detected capacity change from 0 to 1024
[  762.276441][ T9594] hsr_slave_1: entered promiscuous mode
[  762.331567][ T9696] netlink: 392 bytes leftover after parsing attributes in process `syz.4.1151'.
[  762.341252][ T9696] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1151'.
[  762.471024][ T9698] [EXT4 FS bs=1024, gc=1, bpg=131072, ipg=32, mo=a040c118, mo2=0002]
[  762.499999][ T9698] System zones: 0-1, 3-12
[  762.570934][ T9698] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  763.132624][ T9705] loop4: detected capacity change from 0 to 256
[  763.284499][ T9705] exFAT-fs (loop4): failed to load upcase table (idx : 0x0000fd4f, chksum : 0x3963664b, utbl_chksum : 0xe619d30d)
[  763.352353][ T9156] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  763.788085][ T9712] loop1: detected capacity change from 0 to 1024
[  763.835869][ T9712] EXT4-fs: Mount option(s) incompatible with ext2
[  763.979071][ T5193] Bluetooth: hci5: command 0x0406 tx timeout
[  763.979244][ T5189] Bluetooth: hci6: command 0x0406 tx timeout
[  763.985437][ T5192] Bluetooth: hci3: command 0x0406 tx timeout
[  764.094490][ T9712] No such timeout policy "syz0"
[  764.285016][ T9714] loop0: detected capacity change from 0 to 2048
[  764.495563][ T9714] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  764.737599][ T9725] loop4: detected capacity change from 0 to 64
[  764.739234][ T9594] netdevsim netdevsim3 netdevsim0: renamed from eth0
[  765.229237][ T9730] netlink: 24 bytes leftover after parsing attributes in process `syz.1.1162'.
[  765.239334][ T9594] netdevsim netdevsim3 netdevsim1: renamed from eth1
[  765.376143][ T9594] netdevsim netdevsim3 netdevsim2: renamed from eth2
[  765.516450][ T9594] netdevsim netdevsim3 netdevsim3: renamed from eth3
[  765.647789][ T9156] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  765.817850][ T9736] loop4: detected capacity change from 0 to 8
[  766.338159][ T9594] 8021q: adding VLAN 0 to HW filter on device bond0
[  766.397409][ T9594] 8021q: adding VLAN 0 to HW filter on device team0
[  766.490630][ T3087] bridge0: port 1(bridge_slave_0) entered blocking state
[  766.498506][ T3087] bridge0: port 1(bridge_slave_0) entered forwarding state
[  766.515319][ T3087] bridge0: port 2(bridge_slave_1) entered blocking state
[  766.523087][ T3087] bridge0: port 2(bridge_slave_1) entered forwarding state
[  766.603120][ T9742] loop2: detected capacity change from 0 to 1024
[  766.671122][ T9738] loop1: detected capacity change from 0 to 512
[  766.746447][ T9742] [EXT4 FS bs=1024, gc=1, bpg=131072, ipg=32, mo=a040c118, mo2=0002]
[  766.833028][ T9738] EXT4-fs (loop1): encrypted files will use data=ordered instead of data journaling mode
[  766.836840][ T9742] System zones: 0-1, 3-12
[  766.857994][ T9745] netlink: 392 bytes leftover after parsing attributes in process `syz.0.1164'.
[  766.888069][ T9742] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  767.014084][ T9738] EXT4-fs (loop1): 1 truncate cleaned up
[  767.021952][ T9738] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  767.788813][ T9756] loop0: detected capacity change from 0 to 256
[  768.014699][ T9756] exFAT-fs (loop0): failed to load upcase table (idx : 0x0000fd4f, chksum : 0x3963664b, utbl_chksum : 0xe619d30d)
[  768.336087][ T8819] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  768.342294][ T8820] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  768.793162][ T9594] 8021q: adding VLAN 0 to HW filter on device batadv0
[  769.099257][ T9765] loop2: detected capacity change from 0 to 1024
[  769.190099][ T9765] EXT4-fs: Mount option(s) incompatible with ext2
[  769.243184][ T9772] netlink: 24 bytes leftover after parsing attributes in process `syz.4.1174'.
[  769.613016][ T9594] veth0_vlan: entered promiscuous mode
[  769.650375][ T9594] veth1_vlan: entered promiscuous mode
[  769.739845][ T9768] loop0: detected capacity change from 0 to 2048
[  769.794211][ T9594] veth0_macvtap: entered promiscuous mode
[  769.819559][ T9594] veth1_macvtap: entered promiscuous mode
[  769.886356][ T9594] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  769.893016][ T9765] No such timeout policy "syz0"
[  769.897115][ T9594] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  769.897188][ T9594] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  769.923168][ T9594] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  769.933371][ T9594] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  769.944285][ T9594] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  769.954537][ T9594] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  769.965503][ T9594] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  769.985938][ T9594] batman_adv: batadv0: Interface activated: batadv_slave_0
[  770.009269][ T9594] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  770.021409][ T9594] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  770.032559][ T9594] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  770.044139][ T9594] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  770.055426][ T9594] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  770.067391][ T9594] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  770.081421][ T9594] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  770.093401][ T9594] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  770.108865][ T9594] batman_adv: batadv0: Interface activated: batadv_slave_1
[  770.208338][ T9594] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  770.217646][ T9594] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  770.226943][ T9594] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  770.237058][ T9594] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  770.242077][ T9768] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  771.147259][ T9789] netlink: 392 bytes leftover after parsing attributes in process `syz.2.1177'.
[  771.156985][ T9789] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1177'.
[  771.258409][ T9156] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  771.745851][ T9794] loop4: detected capacity change from 0 to 1024
[  771.865909][ T9794] [EXT4 FS bs=1024, gc=1, bpg=131072, ipg=32, mo=a040c118, mo2=0002]
[  772.006229][ T9794] System zones: 0-1, 3-12
[  772.090082][ T9794] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  772.108933][ T9801] loop2: detected capacity change from 0 to 128
[  772.200113][ T9801] EXT4-fs (loop2): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none.
[  772.305619][ T9801] ext4 filesystem being mounted at /58/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa supports timestamps until 2038-01-19 (0x7fffffff)
[  772.804187][ T9801] loop2: detected capacity change from 128 to 105
[  772.823310][ T9806] EXT4-fs warning (device loop2): ext4_dirblock_csum_verify:406: inode #2: comm syz.2.1181: No space for directory leaf checksum. Please run e2fsck -D.
[  772.844308][ T9806] EXT4-fs error (device loop2): __ext4_find_entry:1652: inode #2: comm syz.2.1181: checksumming directory block 0
[  772.942803][ T8826] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  772.994373][ T9791] loop1: detected capacity change from 0 to 4096
[  773.064153][ T9791] ntfs3(loop1): Different NTFS sector size (2048) and media sector size (512).
[  773.110425][ T9810] loop0: detected capacity change from 0 to 256
[  773.225117][ T9791] ntfs3(loop1): Mark volume as dirty due to NTFS errors
[  773.247738][ T9791] ntfs3(loop1): Failed to load $MFT.
[  773.607213][ T9810] exFAT-fs (loop0): failed to load upcase table (idx : 0x0000fd4f, chksum : 0x3963664b, utbl_chksum : 0xe619d30d)
[  773.991643][ T8819] EXT4-fs warning (device loop2): ext4_dirblock_csum_verify:406: inode #2: comm syz-executor: No space for directory leaf checksum. Please run e2fsck -D.
[  774.009101][ T8819] EXT4-fs error (device loop2): htree_dirblock_to_tree:1083: inode #2: comm syz-executor: Directory block failed checksum
[  774.525271][ T9823] loop4: detected capacity change from 0 to 2048
[  774.603728][ T9824] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1185'.
[  774.608000][ T9823] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  774.613014][ T9824] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  774.812076][ T9824] batman_adv: batadv0: Removing interface: batadv_slave_1
[  775.185874][ T8826] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  775.218934][ T9419] EXT4-fs (loop2): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09.
[  776.003068][ T4263] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  776.260992][ T4263] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  776.399356][ T4263] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  776.472330][ T9838] netlink: 392 bytes leftover after parsing attributes in process `syz.1.1190'.
[  776.483402][ T9838] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1190'.
[  776.608811][ T4263] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  777.301588][ T5189] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1
[  777.311055][ T4263] bridge_slave_1: left allmulticast mode
[  777.317257][ T4263] bridge_slave_1: left promiscuous mode
[  777.324079][ T4263] bridge0: port 2(bridge_slave_1) entered disabled state
[  777.334719][ T5189] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9
[  777.383428][ T5189] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9
[  777.409386][ T5189] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4
[  777.573068][ T5189] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3
[  777.602200][ T9850] 9pnet_fd: Insufficient options for proto=fd
[  777.699878][ T5189] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2
[  778.181695][ T4263] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  778.285452][ T4263] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  778.350086][ T4263] bond0 (unregistering): Released all slaves
[  778.431353][ T9852] loop0: detected capacity change from 0 to 256
[  778.692173][ T9852] exFAT-fs (loop0): failed to load upcase table (idx : 0x0000fd4f, chksum : 0x3963664b, utbl_chksum : 0xe619d30d)
[  778.956934][ T9856] loop4: detected capacity change from 0 to 2048
[  779.229894][ T9856] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  779.278652][ T4425] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  779.289687][ T4425] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  779.524477][ T9868] loop0: detected capacity change from 0 to 1024
[  779.587542][ T9868] EXT4-fs: Mount option(s) incompatible with ext2
[  779.937317][ T9869] No such timeout policy "syz0"
[  779.969723][ T8826] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  780.187396][ T2568] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  780.195983][ T2568] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  780.247296][ T5188] Bluetooth: hci2: command tx timeout
[  780.478665][ T4263] hsr_slave_0: left promiscuous mode
[  780.554290][ T4263] hsr_slave_1: left promiscuous mode
[  780.578201][ T4263] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  780.586096][ T4263] batman_adv: batadv0: Removing interface: batadv_slave_0
[  780.697279][ T4263] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  780.705209][ T4263] batman_adv: batadv0: Removing interface: batadv_slave_1
[  780.808297][ T4263] veth1_macvtap: left promiscuous mode
[  780.814442][ T4263] veth0_macvtap: left promiscuous mode
[  780.825034][ T4263] veth1_vlan: left promiscuous mode
[  780.830682][ T4263] veth0_vlan: left promiscuous mode
[  781.600960][ T9885] loop0: detected capacity change from 0 to 64
[  781.719391][ T9885] netlink: 20 bytes leftover after parsing attributes in process `syz.0.1204'.
[  782.216152][ T4263] team0 (unregistering): Port device team_slave_1 removed
[  782.270900][ T4263] team0 (unregistering): Port device team_slave_0 removed
[  782.320969][ T5188] Bluetooth: hci2: command tx timeout
[  782.365359][ T1243] ieee802154 phy0 wpan0: encryption failed: -22
[  782.372438][ T1243] ieee802154 phy1 wpan1: encryption failed: -22
[  782.422998][ T9889] loop1: detected capacity change from 0 to 1024
[  782.706082][ T9889] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  782.952578][ T9878] netlink: 392 bytes leftover after parsing attributes in process `syz.4.1202'.
[  782.962938][ T9878] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1202'.
[  782.983703][ T9883] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1125'.
[  783.066606][ T9844] chnl_net:caif_netlink_parms(): no params data found
[  783.536291][ T8820] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  783.752247][ T9902] loop0: detected capacity change from 0 to 1024
[  783.780274][ T9902] EXT4-fs: Mount option(s) incompatible with ext2
[  783.801308][ T9903] loop4: detected capacity change from 0 to 2048
[  784.106675][ T9905] netlink: 16 bytes leftover after parsing attributes in process `syz.3.1209'.
[  784.162143][ T9903] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  784.227630][ T9902] No such timeout policy "syz0"
[  784.374690][ T5188] Bluetooth: hci2: command tx timeout
[  784.633462][ T9914] loop1: detected capacity change from 0 to 256
[  784.790634][ T9914] exFAT-fs (loop1): failed to load upcase table (idx : 0x0000fd4f, chksum : 0x3963664b, utbl_chksum : 0xe619d30d)
[  784.883999][ T9844] bridge0: port 1(bridge_slave_0) entered blocking state
[  784.891786][ T9844] bridge0: port 1(bridge_slave_0) entered disabled state
[  784.900177][ T9844] bridge_slave_0: entered allmulticast mode
[  784.909667][ T9844] bridge_slave_0: entered promiscuous mode
[  785.011118][ T8826] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  785.027888][ T9844] bridge0: port 2(bridge_slave_1) entered blocking state
[  785.035805][ T9844] bridge0: port 2(bridge_slave_1) entered disabled state
[  785.043998][ T9844] bridge_slave_1: entered allmulticast mode
[  785.053395][ T9844] bridge_slave_1: entered promiscuous mode
[  785.220571][ T9844] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  785.244232][ T5242] usb 4-1: new high-speed USB device number 28 using dummy_hcd
[  785.267560][ T9844] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  785.444149][ T5242] usb 4-1: Using ep0 maxpacket: 32
[  785.514250][ T5242] usb 4-1: New USB device found, idVendor=1a0a, idProduct=0108, bcdDevice=4d.52
[  785.523897][ T5242] usb 4-1: New USB device strings: Mfr=1, Product=0, SerialNumber=3
[  785.536210][ T5242] usb 4-1: Manufacturer: syz
[  785.544993][ T5242] usb 4-1: SerialNumber: syz
[  785.576201][ T5242] usb 4-1: config 0 descriptor??
[  785.581988][ T9844] team0: Port device team_slave_0 added
[  785.664363][ T9844] team0: Port device team_slave_1 added
[  785.818201][ T5242] usb_ehset_test 4-1:0.0: probe with driver usb_ehset_test failed with error -32
[  785.855000][ T5242] usb 4-1: USB disconnect, device number 28
[  786.152095][ T9923] loop1: detected capacity change from 0 to 256
[  786.242838][ T9844] batman_adv: batadv0: Adding interface: batadv_slave_0
[  786.254651][ T9844] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  786.282418][ T9844] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  786.459351][ T9844] batman_adv: batadv0: Adding interface: batadv_slave_1
[  786.466846][ T9844] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  786.493283][ T9844] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  786.501890][ T5188] Bluetooth: hci2: command tx timeout
[  786.933255][ T9844] hsr_slave_0: entered promiscuous mode
[  786.974918][ T9844] hsr_slave_1: entered promiscuous mode
[  787.004172][ T9844] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  787.012149][ T9844] Cannot create hsr debugfs directory
[  787.052512][ T9934] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1218'.
[  787.227168][ T9937] IPv6: sit1: Disabled Multicast RS
[  787.486818][ T9937] netlink: 392 bytes leftover after parsing attributes in process `syz.3.1219'.
[  787.498818][ T9937] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1219'.
[  788.008625][ T9944] loop0: detected capacity change from 0 to 1024
[  788.060286][ T9944] EXT4-fs: Mount option(s) incompatible with ext2
[  788.208004][ T9949] netlink: 16 bytes leftover after parsing attributes in process `syz.3.1224'.
[  788.422428][ T9944] No such timeout policy "syz0"
[  788.493307][ T9946] loop1: detected capacity change from 0 to 2048
[  788.600116][ T9946] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  788.816642][   T29] audit: type=1800 audit(1728974086.536:103): pid=9957 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.1.1223" name="bus" dev="loop1" ino=18 res=0 errno=0
[  789.051774][ T9844] netdevsim netdevsim2 netdevsim0: renamed from eth0
[  789.127951][ T9844] netdevsim netdevsim2 netdevsim1: renamed from eth1
[  789.226213][ T9844] netdevsim netdevsim2 netdevsim2: renamed from eth2
[  789.349105][ T9844] netdevsim netdevsim2 netdevsim3: renamed from eth3
[  789.436236][ T8820] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  790.198880][ T9844] 8021q: adding VLAN 0 to HW filter on device bond0
[  790.259483][ T9844] 8021q: adding VLAN 0 to HW filter on device team0
[  790.284149][ T5236] usb 2-1: new high-speed USB device number 24 using dummy_hcd
[  790.388968][ T3624] bridge0: port 1(bridge_slave_0) entered blocking state
[  790.397230][ T3624] bridge0: port 1(bridge_slave_0) entered forwarding state
[  790.537613][ T5236] usb 2-1: Using ep0 maxpacket: 32
[  790.619713][ T5236] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  790.631762][ T5236] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  790.642135][ T5236] usb 2-1: New USB device found, idVendor=1e7d, idProduct=2ced, bcdDevice= 0.00
[  790.655507][ T5236] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  790.706162][ T3624] bridge0: port 2(bridge_slave_1) entered blocking state
[  790.714092][ T3624] bridge0: port 2(bridge_slave_1) entered forwarding state
[  790.918327][ T9844] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network
[  790.929211][ T9844] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[  791.188544][ T5236] usb 2-1: config 0 descriptor??
[  791.657780][ T9974] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1231'.
[  791.783185][ T9980] netlink: 392 bytes leftover after parsing attributes in process `syz.0.1233'.
[  791.792892][ T9980] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1233'.
[  792.426268][ T5236] kone 0003:1E7D:2CED.0015: hidraw0: USB HID v0.00 Device [HID 1e7d:2ced] on usb-dummy_hcd.1-1/input0
[  792.472084][ T5236] kone 0003:1E7D:2CED.0015: couldn't init struct kone_device
[  792.480153][ T5236] kone 0003:1E7D:2CED.0015: couldn't install mouse
[  792.581080][ T5236] kone 0003:1E7D:2CED.0015: probe with driver kone failed with error -5
[  792.678135][ T9985] loop0: detected capacity change from 0 to 1024
[  792.722089][ T5236] usb 2-1: USB disconnect, device number 24
[  792.730708][ T9985] EXT4-fs: Mount option(s) incompatible with ext2
[  793.027654][ T9990] netlink: 16 bytes leftover after parsing attributes in process `syz.4.1236'.
[  793.291606][ T9985] No such timeout policy "syz0"
[  793.295568][ T9844] 8021q: adding VLAN 0 to HW filter on device batadv0
[  793.755473][ T9844] veth0_vlan: entered promiscuous mode
[  793.779996][ T9993] loop3: detected capacity change from 0 to 2048
[  793.816507][ T9844] veth1_vlan: entered promiscuous mode
[  794.084065][ T9844] veth0_macvtap: entered promiscuous mode
[  794.148030][ T9844] veth1_macvtap: entered promiscuous mode
[  794.261271][ T9844] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  794.272211][ T9844] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  794.282817][ T9844] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  794.293838][ T9844] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  794.304213][ T9844] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  794.315085][ T9844] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  794.325319][ T9844] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  794.337246][ T9844] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  794.359511][ T9844] batman_adv: batadv0: Interface activated: batadv_slave_0
[  794.405710][ T9993] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  794.594701][ T9844] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  794.605893][ T9844] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  794.616266][ T9844] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  794.627093][ T9844] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  794.637418][ T9844] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  794.652630][ T9844] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  794.669582][ T9844] batman_adv: batadv0: Interface activated: batadv_slave_1
[  794.695419][T10006] netlink: 36 bytes leftover after parsing attributes in process `syz.1.1241'.
[  794.755334][ T9844] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  794.764620][ T9844] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  794.773856][ T9844] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  794.782946][ T9844] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  794.870501][T10005] 9p: Unknown access argument 18446744073709551615: -34
[  795.467650][ T9594] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  796.245497][T10020] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1245'.
[  796.367645][T10022] netlink: 392 bytes leftover after parsing attributes in process `syz.3.1243'.
[  796.379811][T10022] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1243'.
[  796.440270][T10013] loop4: detected capacity change from 0 to 4096
[  796.733782][T10013] ntfs3(loop4): Mark volume as dirty due to NTFS errors
[  796.765755][T10013] ntfs3(loop4): mft corrupted
[  796.770959][T10013] ntfs3(loop4): Failed to load $MFT.
[  797.906946][T10041] loop3: detected capacity change from 0 to 1024
[  797.980126][T10041] EXT4-fs: Mount option(s) incompatible with ext2
[  798.194610][T10041] No such timeout policy "syz0"
[  798.411833][T10046] loop1: detected capacity change from 0 to 1024
[  798.484451][T10047] loop4: detected capacity change from 0 to 2048
[  798.580869][T10047] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  798.662038][T10046] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  799.400963][ T8826] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  799.507552][ T8820] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  799.845089][T10067] netlink: 16 bytes leftover after parsing attributes in process `syz.4.1255'.
[  800.121528][T10066] netlink: 392 bytes leftover after parsing attributes in process `syz.3.1258'.
[  800.131125][T10066] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1258'.
[  800.430951][T10070] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1256'.
[  800.616613][T10079] netlink: 16 bytes leftover after parsing attributes in process `syz.3.1260'.
[  801.672962][T10088] loop0: detected capacity change from 0 to 1024
[  801.796088][T10088] EXT4-fs: Mount option(s) incompatible with ext2
[  802.212155][T10088] No such timeout policy "syz0"
[  802.390928][T10093] loop3: detected capacity change from 0 to 2048
[  802.451888][T10096] loop4: detected capacity change from 0 to 1024
[  802.461080][ T3087] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  802.470833][ T3087] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  802.666681][T10093] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  802.676672][ T3410] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  802.682043][T10096] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  802.687264][ T3410] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  803.378485][ T9594] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  803.390578][ T8826] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  803.878127][T10113] netlink: 392 bytes leftover after parsing attributes in process `syz.3.1269'.
[  803.887861][T10113] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1269'.
[  804.162353][T10111] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1271'.
[  804.551077][T10122] netlink: 16 bytes leftover after parsing attributes in process `syz.0.1270'.
[  804.631328][ T5242] usb 4-1: new high-speed USB device number 29 using dummy_hcd
[  804.900663][ T5242] usb 4-1: Using ep0 maxpacket: 16
[  805.024165][ T5242] usb 4-1: config 1 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 0
[  805.124458][ T5242] usb 4-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[  805.134148][ T5242] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  805.142483][ T5242] usb 4-1: Product: syz
[  805.147390][ T5242] usb 4-1: Manufacturer: syz
[  805.152310][ T5242] usb 4-1: SerialNumber: syz
[  805.264427][ T5242] cdc_ether 4-1:1.0: probe with driver cdc_ether failed with error -22
[  805.364748][T10131] loop4: detected capacity change from 0 to 736
[  805.747568][ T5242] usb 4-1: USB disconnect, device number 29
[  806.379434][T10142] loop4: detected capacity change from 0 to 1024
[  806.472233][T10138] loop1: detected capacity change from 0 to 1024
[  806.560473][T10138] EXT4-fs: Mount option(s) incompatible with ext2
[  806.693356][T10138] No such timeout policy "syz0"
[  806.897767][T10142] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  807.031363][T10148] loop3: detected capacity change from 0 to 128
[  807.306810][T10148] EXT4-fs (loop3): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none.
[  807.328096][T10148] ext4 filesystem being mounted at /17/mnt supports timestamps until 2038-01-19 (0x7fffffff)
[  807.496526][T10159] netlink: 392 bytes leftover after parsing attributes in process `syz.0.1282'.
[  807.507152][T10159] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1282'.
[  807.713356][ T8826] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  807.966885][T10148] fscrypt: Error allocating hmac(sha512): -2
[  808.016842][T10169] netlink: 16 bytes leftover after parsing attributes in process `syz.0.1285'.
[  808.520203][ T9594] EXT4-fs (loop3): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09.
[  808.540223][T10173] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1283'.
[  809.108515][T10183] netlink: 16 bytes leftover after parsing attributes in process `syz.2.1286'.
[  809.824966][T10190] loop4: detected capacity change from 0 to 512
[  809.835102][T10190] EXT4-fs: Ignoring removed nobh option
[  809.878622][T10190] EXT4-fs (loop4): encrypted files will use data=ordered instead of data journaling mode
[  809.942930][T10193] loop1: detected capacity change from 0 to 1024
[  809.958640][T10193] EXT4-fs: Mount option(s) incompatible with ext2
[  809.970906][T10190] EXT4-fs (loop4): 1 truncate cleaned up
[  809.979221][T10190] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  810.436913][T10192] No such timeout policy "syz0"
[  810.774825][ T8826] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  811.294775][T10206] netlink: 392 bytes leftover after parsing attributes in process `syz.4.1295'.
[  811.304599][T10206] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1295'.
[  811.389530][T10204] loop2: detected capacity change from 0 to 1024
[  812.151861][T10214] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1298'.
[  812.180414][T10204] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  812.678906][T10231] netlink: 24 bytes leftover after parsing attributes in process `syz.4.1303'.
[  812.735041][T10230] loop0: detected capacity change from 0 to 64
[  812.820874][ T9844] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  812.859041][T10233] hfs: keylen 94 too large
[  812.864298][T10233] hfs: request for non-existent node 1818584064 in B*Tree
[  812.878165][T10233] hfs: request for non-existent node 1818584064 in B*Tree
[  812.914304][T10233] hfs: keylen 94 too large
[  812.918992][T10233] =====================================================
[  812.926573][T10233] BUG: KMSAN: uninit-value in hfs_brec_find+0x65e/0x980
[  812.933973][T10233]  hfs_brec_find+0x65e/0x980
[  812.938786][T10233]  hfs_cat_create+0x444/0xbc0
[  812.944413][T10233]  hfs_create+0xcf/0x250
[  812.948889][T10233]  path_openat+0x2e9e/0x6200
[  812.953892][T10233]  do_filp_open+0x20e/0x590
[  812.958648][T10233]  do_sys_openat2+0x1bf/0x2f0
[  812.963768][T10233]  __x64_sys_creat+0xe6/0x140
[  812.969086][T10233]  x64_sys_call+0x3a6c/0x3ba0
[  812.979686][T10233]  do_syscall_64+0xcd/0x1e0
[  812.986109][T10233]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  812.992402][T10233] 
[  812.995075][T10233] Local variable fd created at:
[  813.000068][T10233]  hfs_cat_create+0x4b/0xbc0
[  813.005405][T10233]  hfs_create+0xcf/0x250
[  813.009892][T10233] 
SYZFAIL: failed to recv rpc
fd=3 want=4 recv=0 n=0 (errno 9: Bad file descriptor)
[  813.012371][T10233] CPU: 1 UID: 0 PID: 10233 Comm: syz.0.1302 Tainted: G        W          6.12.0-rc3-syzkaller-00013-geca631b8fe80 #0
[  813.029026][T10233] Tainted: [W]=WARN
[  813.032995][T10233] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
[  813.045836][T10233] =====================================================
[  813.052972][T10233] Disabling lock debugging due to kernel taint
[  813.059650][T10233] Kernel panic - not syncing: kmsan.panic set ...
[  813.066244][T10233] CPU: 1 UID: 0 PID: 10233 Comm: syz.0.1302 Tainted: G    B   W          6.12.0-rc3-syzkaller-00013-geca631b8fe80 #0
[  813.078783][T10233] Tainted: [B]=BAD_PAGE, [W]=WARN
[  813.083957][T10233] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
[  813.094193][T10233] Call Trace:
[  813.097616][T10233]  <TASK>
[  813.100687][T10233]  dump_stack_lvl+0x216/0x2d0
[  813.105625][T10233]  ? kmsan_get_shadow_origin_ptr+0x4d/0xb0
[  813.111656][T10233]  dump_stack+0x1e/0x30
[  813.116103][T10233]  panic+0x4e2/0xcf0
[  813.120234][T10233]  ? kmsan_get_metadata+0xe1/0x1c0
[  813.125643][T10233]  kmsan_report+0x2c7/0x2d0
[  813.130406][T10233]  ? vprintk_default+0x3e/0x50
[  813.135395][T10233]  ? __msan_warning+0x95/0x120
[  813.140425][T10233]  ? hfs_brec_find+0x65e/0x980
[  813.145383][T10233]  ? hfs_cat_create+0x444/0xbc0
[  813.150452][T10233]  ? hfs_create+0xcf/0x250
[  813.155104][T10233]  ? path_openat+0x2e9e/0x6200
[  813.160095][T10233]  ? do_filp_open+0x20e/0x590
[  813.164982][T10233]  ? do_sys_openat2+0x1bf/0x2f0
[  813.170032][T10233]  ? __x64_sys_creat+0xe6/0x140
[  813.175106][T10233]  ? x64_sys_call+0x3a6c/0x3ba0
[  813.180223][T10233]  ? do_syscall_64+0xcd/0x1e0
[  813.185144][T10233]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  813.191544][T10233]  ? kmsan_get_metadata+0x13e/0x1c0
[  813.196983][T10233]  ? hfs_brec_keylen+0x398/0x610
[  813.202160][T10233]  ? hfs_brec_keylen+0x58f/0x610
[  813.207310][T10233]  ? __hfs_brec_find+0x426/0x830
[  813.212438][T10233]  ? __pfx_hfs_cat_keycmp+0x10/0x10
[  813.217846][T10233]  ? kmsan_get_metadata+0x13e/0x1c0
[  813.223236][T10233]  ? kmsan_get_shadow_origin_ptr+0x4d/0xb0
[  813.229236][T10233]  __msan_warning+0x95/0x120
[  813.234059][T10233]  hfs_brec_find+0x65e/0x980
[  813.238867][T10233]  hfs_cat_create+0x444/0xbc0
[  813.243751][T10233]  ? hfs_mark_mdb_dirty+0x135/0x2a0
[  813.249215][T10233]  hfs_create+0xcf/0x250
[  813.253666][T10233]  ? __pfx_hfs_create+0x10/0x10
[  813.258816][T10233]  path_openat+0x2e9e/0x6200
[  813.263678][T10233]  do_filp_open+0x20e/0x590
[  813.268441][T10233]  do_sys_openat2+0x1bf/0x2f0
[  813.273315][T10233]  __x64_sys_creat+0xe6/0x140
[  813.278205][T10233]  x64_sys_call+0x3a6c/0x3ba0
[  813.283120][T10233]  do_syscall_64+0xcd/0x1e0
[  813.287885][T10233]  ? clear_bhb_loop+0x25/0x80
[  813.292791][T10233]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  813.298954][T10233] RIP: 0033:0x7ff55617dff9
[  813.303525][T10233] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  813.323386][T10233] RSP: 002b:00007ff55702d038 EFLAGS: 00000246 ORIG_RAX: 0000000000000055
[  813.332036][T10233] RAX: ffffffffffffffda RBX: 00007ff556336058 RCX: 00007ff55617dff9
[  813.340199][T10233] RDX: 0000000000000000 RSI: 00000000000000c1 RDI: 00000000200002c0
[  813.348332][T10233] RBP: 00007ff5561f0296 R08: 0000000000000000 R09: 0000000000000000
[  813.356473][T10233] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  813.364607][T10233] R13: 0000000000000000 R14: 00007ff556336058 R15: 00007ffe18aa1018
[  813.372782][T10233]  </TASK>
[  813.376267][T10233] Kernel Offset: disabled
[  813.380687][T10233] Rebooting in 86400 seconds..